Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.8.2/
Date: Wed, 06 Mar 2013 12:29:58
Message-Id: 1362572950.40b9f3d9591cf0d15f06b79fd94b43f062293a0d.blueness@gentoo
1 commit: 40b9f3d9591cf0d15f06b79fd94b43f062293a0d
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Mar 6 12:29:10 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 6 12:29:10 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=40b9f3d9
7
8 Correct 3.8.2, add bump from 3.8.1
9
10 ---
11 3.8.2/0000_README | 6 +-
12 3.8.2/1001_linux-3.8.2.patch | 3093 ++++++++++++++++++++
13 ...4420_grsecurity-2.9.1-3.8.2-201303041742.patch} | 704 ++---
14 3 files changed, 3412 insertions(+), 391 deletions(-)
15
16 diff --git a/3.8.2/0000_README b/3.8.2/0000_README
17 index 517c0e6..4525042 100644
18 --- a/3.8.2/0000_README
19 +++ b/3.8.2/0000_README
20 @@ -2,7 +2,11 @@ README
21 -----------------------------------------------------------------------------
22 Individual Patch Descriptions:
23 -----------------------------------------------------------------------------
24 -Patch: 4420_grsecurity-2.9.1-3.8.1-201303012255.patch
25 +Patch: 1001_linux-3.8.1.patch
26 +From: http://www.kernel.org
27 +Desc: Linux 3.8.1
28 +
29 +Patch: 4420_grsecurity-2.9.1-3.8.2-201303041742.patch
30 From: http://www.grsecurity.net
31 Desc: hardened-sources base patch from upstream grsecurity
32
33
34 diff --git a/3.8.2/1001_linux-3.8.2.patch b/3.8.2/1001_linux-3.8.2.patch
35 new file mode 100644
36 index 0000000..0952288
37 --- /dev/null
38 +++ b/3.8.2/1001_linux-3.8.2.patch
39 @@ -0,0 +1,3093 @@
40 +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
41 +index 6c72381..986614d 100644
42 +--- a/Documentation/kernel-parameters.txt
43 ++++ b/Documentation/kernel-parameters.txt
44 +@@ -564,6 +564,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
45 + UART at the specified I/O port or MMIO address,
46 + switching to the matching ttyS device later. The
47 + options are the same as for ttyS, above.
48 ++ hvc<n> Use the hypervisor console device <n>. This is for
49 ++ both Xen and PowerPC hypervisors.
50 +
51 + If the device connected to the port is not a TTY but a braille
52 + device, prepend "brl," before the device type, for instance
53 +@@ -754,6 +756,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
54 +
55 + earlyprintk= [X86,SH,BLACKFIN]
56 + earlyprintk=vga
57 ++ earlyprintk=xen
58 + earlyprintk=serial[,ttySn[,baudrate]]
59 + earlyprintk=ttySn[,baudrate]
60 + earlyprintk=dbgp[debugController#]
61 +@@ -771,6 +774,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
62 + The VGA output is eventually overwritten by the real
63 + console.
64 +
65 ++ The xen output can only be used by Xen PV guests.
66 ++
67 + ekgdboc= [X86,KGDB] Allow early kernel console debugging
68 + ekgdboc=kbd
69 +
70 +diff --git a/Makefile b/Makefile
71 +index 746c856..20d5318 100644
72 +--- a/Makefile
73 ++++ b/Makefile
74 +@@ -1,6 +1,6 @@
75 + VERSION = 3
76 + PATCHLEVEL = 8
77 +-SUBLEVEL = 1
78 ++SUBLEVEL = 2
79 + EXTRAVERSION =
80 + NAME = Unicycling Gorilla
81 +
82 +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
83 +index f8fa411..c205035 100644
84 +--- a/arch/x86/boot/compressed/eboot.c
85 ++++ b/arch/x86/boot/compressed/eboot.c
86 +@@ -19,23 +19,28 @@
87 +
88 + static efi_system_table_t *sys_table;
89 +
90 ++static void efi_char16_printk(efi_char16_t *str)
91 ++{
92 ++ struct efi_simple_text_output_protocol *out;
93 ++
94 ++ out = (struct efi_simple_text_output_protocol *)sys_table->con_out;
95 ++ efi_call_phys2(out->output_string, out, str);
96 ++}
97 ++
98 + static void efi_printk(char *str)
99 + {
100 + char *s8;
101 +
102 + for (s8 = str; *s8; s8++) {
103 +- struct efi_simple_text_output_protocol *out;
104 + efi_char16_t ch[2] = { 0 };
105 +
106 + ch[0] = *s8;
107 +- out = (struct efi_simple_text_output_protocol *)sys_table->con_out;
108 +-
109 + if (*s8 == '\n') {
110 + efi_char16_t nl[2] = { '\r', 0 };
111 +- efi_call_phys2(out->output_string, out, nl);
112 ++ efi_char16_printk(nl);
113 + }
114 +
115 +- efi_call_phys2(out->output_string, out, ch);
116 ++ efi_char16_printk(ch);
117 + }
118 + }
119 +
120 +@@ -709,7 +714,12 @@ static efi_status_t handle_ramdisks(efi_loaded_image_t *image,
121 + if ((u8 *)p >= (u8 *)filename_16 + sizeof(filename_16))
122 + break;
123 +
124 +- *p++ = *str++;
125 ++ if (*str == '/') {
126 ++ *p++ = '\\';
127 ++ *str++;
128 ++ } else {
129 ++ *p++ = *str++;
130 ++ }
131 + }
132 +
133 + *p = '\0';
134 +@@ -737,7 +747,9 @@ static efi_status_t handle_ramdisks(efi_loaded_image_t *image,
135 + status = efi_call_phys5(fh->open, fh, &h, filename_16,
136 + EFI_FILE_MODE_READ, (u64)0);
137 + if (status != EFI_SUCCESS) {
138 +- efi_printk("Failed to open initrd file\n");
139 ++ efi_printk("Failed to open initrd file: ");
140 ++ efi_char16_printk(filename_16);
141 ++ efi_printk("\n");
142 + goto close_handles;
143 + }
144 +
145 +diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
146 +index b994cc8..cbf5121 100644
147 +--- a/arch/x86/kernel/apic/apic.c
148 ++++ b/arch/x86/kernel/apic/apic.c
149 +@@ -131,7 +131,7 @@ static int __init parse_lapic(char *arg)
150 + {
151 + if (config_enabled(CONFIG_X86_32) && !arg)
152 + force_enable_local_apic = 1;
153 +- else if (!strncmp(arg, "notscdeadline", 13))
154 ++ else if (arg && !strncmp(arg, "notscdeadline", 13))
155 + setup_clear_cpu_cap(X86_FEATURE_TSC_DEADLINE_TIMER);
156 + return 0;
157 + }
158 +diff --git a/arch/x86/kernel/head.c b/arch/x86/kernel/head.c
159 +index 48d9d4e..992f442 100644
160 +--- a/arch/x86/kernel/head.c
161 ++++ b/arch/x86/kernel/head.c
162 +@@ -5,8 +5,6 @@
163 + #include <asm/setup.h>
164 + #include <asm/bios_ebda.h>
165 +
166 +-#define BIOS_LOWMEM_KILOBYTES 0x413
167 +-
168 + /*
169 + * The BIOS places the EBDA/XBDA at the top of conventional
170 + * memory, and usually decreases the reported amount of
171 +@@ -16,17 +14,30 @@
172 + * chipset: reserve a page before VGA to prevent PCI prefetch
173 + * into it (errata #56). Usually the page is reserved anyways,
174 + * unless you have no PS/2 mouse plugged in.
175 ++ *
176 ++ * This functions is deliberately very conservative. Losing
177 ++ * memory in the bottom megabyte is rarely a problem, as long
178 ++ * as we have enough memory to install the trampoline. Using
179 ++ * memory that is in use by the BIOS or by some DMA device
180 ++ * the BIOS didn't shut down *is* a big problem.
181 + */
182 ++
183 ++#define BIOS_LOWMEM_KILOBYTES 0x413
184 ++#define LOWMEM_CAP 0x9f000U /* Absolute maximum */
185 ++#define INSANE_CUTOFF 0x20000U /* Less than this = insane */
186 ++
187 + void __init reserve_ebda_region(void)
188 + {
189 + unsigned int lowmem, ebda_addr;
190 +
191 +- /* To determine the position of the EBDA and the */
192 +- /* end of conventional memory, we need to look at */
193 +- /* the BIOS data area. In a paravirtual environment */
194 +- /* that area is absent. We'll just have to assume */
195 +- /* that the paravirt case can handle memory setup */
196 +- /* correctly, without our help. */
197 ++ /*
198 ++ * To determine the position of the EBDA and the
199 ++ * end of conventional memory, we need to look at
200 ++ * the BIOS data area. In a paravirtual environment
201 ++ * that area is absent. We'll just have to assume
202 ++ * that the paravirt case can handle memory setup
203 ++ * correctly, without our help.
204 ++ */
205 + if (paravirt_enabled())
206 + return;
207 +
208 +@@ -37,19 +48,23 @@ void __init reserve_ebda_region(void)
209 + /* start of EBDA area */
210 + ebda_addr = get_bios_ebda();
211 +
212 +- /* Fixup: bios puts an EBDA in the top 64K segment */
213 +- /* of conventional memory, but does not adjust lowmem. */
214 +- if ((lowmem - ebda_addr) <= 0x10000)
215 +- lowmem = ebda_addr;
216 ++ /*
217 ++ * Note: some old Dells seem to need 4k EBDA without
218 ++ * reporting so, so just consider the memory above 0x9f000
219 ++ * to be off limits (bugzilla 2990).
220 ++ */
221 ++
222 ++ /* If the EBDA address is below 128K, assume it is bogus */
223 ++ if (ebda_addr < INSANE_CUTOFF)
224 ++ ebda_addr = LOWMEM_CAP;
225 +
226 +- /* Fixup: bios does not report an EBDA at all. */
227 +- /* Some old Dells seem to need 4k anyhow (bugzilla 2990) */
228 +- if ((ebda_addr == 0) && (lowmem >= 0x9f000))
229 +- lowmem = 0x9f000;
230 ++ /* If lowmem is less than 128K, assume it is bogus */
231 ++ if (lowmem < INSANE_CUTOFF)
232 ++ lowmem = LOWMEM_CAP;
233 +
234 +- /* Paranoia: should never happen, but... */
235 +- if ((lowmem == 0) || (lowmem >= 0x100000))
236 +- lowmem = 0x9f000;
237 ++ /* Use the lower of the lowmem and EBDA markers as the cutoff */
238 ++ lowmem = min(lowmem, ebda_addr);
239 ++ lowmem = min(lowmem, LOWMEM_CAP); /* Absolute cap */
240 +
241 + /* reserve all memory between lowmem and the 1MB mark */
242 + memblock_reserve(lowmem, 0x100000 - lowmem);
243 +diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
244 +index 928bf83..e2cd38f 100644
245 +--- a/arch/x86/platform/efi/efi.c
246 ++++ b/arch/x86/platform/efi/efi.c
247 +@@ -85,9 +85,10 @@ int efi_enabled(int facility)
248 + }
249 + EXPORT_SYMBOL(efi_enabled);
250 +
251 ++static bool disable_runtime = false;
252 + static int __init setup_noefi(char *arg)
253 + {
254 +- clear_bit(EFI_RUNTIME_SERVICES, &x86_efi_facility);
255 ++ disable_runtime = true;
256 + return 0;
257 + }
258 + early_param("noefi", setup_noefi);
259 +@@ -734,7 +735,7 @@ void __init efi_init(void)
260 + if (!efi_is_native())
261 + pr_info("No EFI runtime due to 32/64-bit mismatch with kernel\n");
262 + else {
263 +- if (efi_runtime_init())
264 ++ if (disable_runtime || efi_runtime_init())
265 + return;
266 + set_bit(EFI_RUNTIME_SERVICES, &x86_efi_facility);
267 + }
268 +diff --git a/block/genhd.c b/block/genhd.c
269 +index 3993ebf..7dcfdd8 100644
270 +--- a/block/genhd.c
271 ++++ b/block/genhd.c
272 +@@ -25,7 +25,7 @@ static DEFINE_MUTEX(block_class_lock);
273 + struct kobject *block_depr;
274 +
275 + /* for extended dynamic devt allocation, currently only one major is used */
276 +-#define MAX_EXT_DEVT (1 << MINORBITS)
277 ++#define NR_EXT_DEVT (1 << MINORBITS)
278 +
279 + /* For extended devt allocation. ext_devt_mutex prevents look up
280 + * results from going away underneath its user.
281 +@@ -422,17 +422,18 @@ int blk_alloc_devt(struct hd_struct *part, dev_t *devt)
282 + do {
283 + if (!idr_pre_get(&ext_devt_idr, GFP_KERNEL))
284 + return -ENOMEM;
285 ++ mutex_lock(&ext_devt_mutex);
286 + rc = idr_get_new(&ext_devt_idr, part, &idx);
287 ++ if (!rc && idx >= NR_EXT_DEVT) {
288 ++ idr_remove(&ext_devt_idr, idx);
289 ++ rc = -EBUSY;
290 ++ }
291 ++ mutex_unlock(&ext_devt_mutex);
292 + } while (rc == -EAGAIN);
293 +
294 + if (rc)
295 + return rc;
296 +
297 +- if (idx > MAX_EXT_DEVT) {
298 +- idr_remove(&ext_devt_idr, idx);
299 +- return -EBUSY;
300 +- }
301 +-
302 + *devt = MKDEV(BLOCK_EXT_MAJOR, blk_mangle_minor(idx));
303 + return 0;
304 + }
305 +@@ -646,7 +647,6 @@ void del_gendisk(struct gendisk *disk)
306 + disk_part_iter_exit(&piter);
307 +
308 + invalidate_partition(disk, 0);
309 +- blk_free_devt(disk_to_dev(disk)->devt);
310 + set_capacity(disk, 0);
311 + disk->flags &= ~GENHD_FL_UP;
312 +
313 +@@ -664,6 +664,7 @@ void del_gendisk(struct gendisk *disk)
314 + if (!sysfs_deprecated)
315 + sysfs_remove_link(block_depr, dev_name(disk_to_dev(disk)));
316 + device_del(disk_to_dev(disk));
317 ++ blk_free_devt(disk_to_dev(disk)->devt);
318 + }
319 + EXPORT_SYMBOL(del_gendisk);
320 +
321 +diff --git a/block/partition-generic.c b/block/partition-generic.c
322 +index f1d1451..1cb4dec 100644
323 +--- a/block/partition-generic.c
324 ++++ b/block/partition-generic.c
325 +@@ -249,11 +249,11 @@ void delete_partition(struct gendisk *disk, int partno)
326 + if (!part)
327 + return;
328 +
329 +- blk_free_devt(part_devt(part));
330 + rcu_assign_pointer(ptbl->part[partno], NULL);
331 + rcu_assign_pointer(ptbl->last_lookup, NULL);
332 + kobject_put(part->holder_dir);
333 + device_del(part_to_dev(part));
334 ++ blk_free_devt(part_devt(part));
335 +
336 + hd_struct_put(part);
337 + }
338 +diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig
339 +index 38c5078..f5ae996 100644
340 +--- a/drivers/acpi/Kconfig
341 ++++ b/drivers/acpi/Kconfig
342 +@@ -268,7 +268,8 @@ config ACPI_CUSTOM_DSDT
343 + default ACPI_CUSTOM_DSDT_FILE != ""
344 +
345 + config ACPI_INITRD_TABLE_OVERRIDE
346 +- bool "ACPI tables can be passed via uncompressed cpio in initrd"
347 ++ bool "ACPI tables override via initrd"
348 ++ depends on BLK_DEV_INITRD && X86
349 + default n
350 + help
351 + This option provides functionality to override arbitrary ACPI tables
352 +diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
353 +index 2fcc67d..df85051 100644
354 +--- a/drivers/acpi/sleep.c
355 ++++ b/drivers/acpi/sleep.c
356 +@@ -177,6 +177,14 @@ static struct dmi_system_id __initdata acpisleep_dmi_table[] = {
357 + },
358 + {
359 + .callback = init_nvs_nosave,
360 ++ .ident = "Sony Vaio VGN-FW41E_H",
361 ++ .matches = {
362 ++ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"),
363 ++ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-FW41E_H"),
364 ++ },
365 ++ },
366 ++ {
367 ++ .callback = init_nvs_nosave,
368 + .ident = "Sony Vaio VGN-FW21E",
369 + .matches = {
370 + DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"),
371 +diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
372 +index 4979127..72e3e12 100644
373 +--- a/drivers/ata/ahci.c
374 ++++ b/drivers/ata/ahci.c
375 +@@ -265,6 +265,30 @@ static const struct pci_device_id ahci_pci_tbl[] = {
376 + { PCI_VDEVICE(INTEL, 0x9c07), board_ahci }, /* Lynx Point-LP RAID */
377 + { PCI_VDEVICE(INTEL, 0x9c0e), board_ahci }, /* Lynx Point-LP RAID */
378 + { PCI_VDEVICE(INTEL, 0x9c0f), board_ahci }, /* Lynx Point-LP RAID */
379 ++ { PCI_VDEVICE(INTEL, 0x1f22), board_ahci }, /* Avoton AHCI */
380 ++ { PCI_VDEVICE(INTEL, 0x1f23), board_ahci }, /* Avoton AHCI */
381 ++ { PCI_VDEVICE(INTEL, 0x1f24), board_ahci }, /* Avoton RAID */
382 ++ { PCI_VDEVICE(INTEL, 0x1f25), board_ahci }, /* Avoton RAID */
383 ++ { PCI_VDEVICE(INTEL, 0x1f26), board_ahci }, /* Avoton RAID */
384 ++ { PCI_VDEVICE(INTEL, 0x1f27), board_ahci }, /* Avoton RAID */
385 ++ { PCI_VDEVICE(INTEL, 0x1f2e), board_ahci }, /* Avoton RAID */
386 ++ { PCI_VDEVICE(INTEL, 0x1f2f), board_ahci }, /* Avoton RAID */
387 ++ { PCI_VDEVICE(INTEL, 0x1f32), board_ahci }, /* Avoton AHCI */
388 ++ { PCI_VDEVICE(INTEL, 0x1f33), board_ahci }, /* Avoton AHCI */
389 ++ { PCI_VDEVICE(INTEL, 0x1f34), board_ahci }, /* Avoton RAID */
390 ++ { PCI_VDEVICE(INTEL, 0x1f35), board_ahci }, /* Avoton RAID */
391 ++ { PCI_VDEVICE(INTEL, 0x1f36), board_ahci }, /* Avoton RAID */
392 ++ { PCI_VDEVICE(INTEL, 0x1f37), board_ahci }, /* Avoton RAID */
393 ++ { PCI_VDEVICE(INTEL, 0x1f3e), board_ahci }, /* Avoton RAID */
394 ++ { PCI_VDEVICE(INTEL, 0x1f3f), board_ahci }, /* Avoton RAID */
395 ++ { PCI_VDEVICE(INTEL, 0x8d02), board_ahci }, /* Wellsburg AHCI */
396 ++ { PCI_VDEVICE(INTEL, 0x8d04), board_ahci }, /* Wellsburg RAID */
397 ++ { PCI_VDEVICE(INTEL, 0x8d06), board_ahci }, /* Wellsburg RAID */
398 ++ { PCI_VDEVICE(INTEL, 0x8d0e), board_ahci }, /* Wellsburg RAID */
399 ++ { PCI_VDEVICE(INTEL, 0x8d62), board_ahci }, /* Wellsburg AHCI */
400 ++ { PCI_VDEVICE(INTEL, 0x8d64), board_ahci }, /* Wellsburg RAID */
401 ++ { PCI_VDEVICE(INTEL, 0x8d66), board_ahci }, /* Wellsburg RAID */
402 ++ { PCI_VDEVICE(INTEL, 0x8d6e), board_ahci }, /* Wellsburg RAID */
403 +
404 + /* JMicron 360/1/3/5/6, match class to avoid IDE function */
405 + { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
406 +diff --git a/drivers/ata/ata_piix.c b/drivers/ata/ata_piix.c
407 +index 174eca6..d2ba439 100644
408 +--- a/drivers/ata/ata_piix.c
409 ++++ b/drivers/ata/ata_piix.c
410 +@@ -317,6 +317,23 @@ static const struct pci_device_id piix_pci_tbl[] = {
411 + { 0x8086, 0x9c09, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
412 + /* SATA Controller IDE (DH89xxCC) */
413 + { 0x8086, 0x2326, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
414 ++ /* SATA Controller IDE (Avoton) */
415 ++ { 0x8086, 0x1f20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb },
416 ++ /* SATA Controller IDE (Avoton) */
417 ++ { 0x8086, 0x1f21, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb },
418 ++ /* SATA Controller IDE (Avoton) */
419 ++ { 0x8086, 0x1f30, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
420 ++ /* SATA Controller IDE (Avoton) */
421 ++ { 0x8086, 0x1f31, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
422 ++ /* SATA Controller IDE (Wellsburg) */
423 ++ { 0x8086, 0x8d00, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb },
424 ++ /* SATA Controller IDE (Wellsburg) */
425 ++ { 0x8086, 0x8d08, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
426 ++ /* SATA Controller IDE (Wellsburg) */
427 ++ { 0x8086, 0x8d60, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb },
428 ++ /* SATA Controller IDE (Wellsburg) */
429 ++ { 0x8086, 0x8d68, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
430 ++
431 + { } /* terminate list */
432 + };
433 +
434 +diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
435 +index 043ddcc..eb591fb 100644
436 +--- a/drivers/block/nbd.c
437 ++++ b/drivers/block/nbd.c
438 +@@ -595,12 +595,20 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
439 + struct request sreq;
440 +
441 + dev_info(disk_to_dev(nbd->disk), "NBD_DISCONNECT\n");
442 ++ if (!nbd->sock)
443 ++ return -EINVAL;
444 +
445 ++ mutex_unlock(&nbd->tx_lock);
446 ++ fsync_bdev(bdev);
447 ++ mutex_lock(&nbd->tx_lock);
448 + blk_rq_init(NULL, &sreq);
449 + sreq.cmd_type = REQ_TYPE_SPECIAL;
450 + nbd_cmd(&sreq) = NBD_CMD_DISC;
451 ++
452 ++ /* Check again after getting mutex back. */
453 + if (!nbd->sock)
454 + return -EINVAL;
455 ++
456 + nbd_send_req(nbd, &sreq);
457 + return 0;
458 + }
459 +@@ -614,6 +622,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
460 + nbd_clear_que(nbd);
461 + BUG_ON(!list_empty(&nbd->queue_head));
462 + BUG_ON(!list_empty(&nbd->waiting_queue));
463 ++ kill_bdev(bdev);
464 + if (file)
465 + fput(file);
466 + return 0;
467 +@@ -702,6 +711,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
468 + nbd->file = NULL;
469 + nbd_clear_que(nbd);
470 + dev_warn(disk_to_dev(nbd->disk), "queue cleared\n");
471 ++ kill_bdev(bdev);
472 + queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, nbd->disk->queue);
473 + if (file)
474 + fput(file);
475 +diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
476 +index 5ac841f..de1f319 100644
477 +--- a/drivers/block/xen-blkback/blkback.c
478 ++++ b/drivers/block/xen-blkback/blkback.c
479 +@@ -46,6 +46,7 @@
480 + #include <xen/xen.h>
481 + #include <asm/xen/hypervisor.h>
482 + #include <asm/xen/hypercall.h>
483 ++#include <xen/balloon.h>
484 + #include "common.h"
485 +
486 + /*
487 +@@ -239,6 +240,7 @@ static void free_persistent_gnts(struct rb_root *root, unsigned int num)
488 + ret = gnttab_unmap_refs(unmap, NULL, pages,
489 + segs_to_unmap);
490 + BUG_ON(ret);
491 ++ free_xenballooned_pages(segs_to_unmap, pages);
492 + segs_to_unmap = 0;
493 + }
494 +
495 +@@ -527,8 +529,8 @@ static int xen_blkbk_map(struct blkif_request *req,
496 + GFP_KERNEL);
497 + if (!persistent_gnt)
498 + return -ENOMEM;
499 +- persistent_gnt->page = alloc_page(GFP_KERNEL);
500 +- if (!persistent_gnt->page) {
501 ++ if (alloc_xenballooned_pages(1, &persistent_gnt->page,
502 ++ false)) {
503 + kfree(persistent_gnt);
504 + return -ENOMEM;
505 + }
506 +@@ -879,7 +881,6 @@ static int dispatch_rw_block_io(struct xen_blkif *blkif,
507 + goto fail_response;
508 + }
509 +
510 +- preq.dev = req->u.rw.handle;
511 + preq.sector_number = req->u.rw.sector_number;
512 + preq.nr_sects = 0;
513 +
514 +diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
515 +index 6398072..5e237f6 100644
516 +--- a/drivers/block/xen-blkback/xenbus.c
517 ++++ b/drivers/block/xen-blkback/xenbus.c
518 +@@ -367,6 +367,7 @@ static int xen_blkbk_remove(struct xenbus_device *dev)
519 + be->blkif = NULL;
520 + }
521 +
522 ++ kfree(be->mode);
523 + kfree(be);
524 + dev_set_drvdata(&dev->dev, NULL);
525 + return 0;
526 +@@ -502,6 +503,7 @@ static void backend_changed(struct xenbus_watch *watch,
527 + = container_of(watch, struct backend_info, backend_watch);
528 + struct xenbus_device *dev = be->dev;
529 + int cdrom = 0;
530 ++ unsigned long handle;
531 + char *device_type;
532 +
533 + DPRINTK("");
534 +@@ -521,10 +523,10 @@ static void backend_changed(struct xenbus_watch *watch,
535 + return;
536 + }
537 +
538 +- if ((be->major || be->minor) &&
539 +- ((be->major != major) || (be->minor != minor))) {
540 +- pr_warn(DRV_PFX "changing physical device (from %x:%x to %x:%x) not supported.\n",
541 +- be->major, be->minor, major, minor);
542 ++ if (be->major | be->minor) {
543 ++ if (be->major != major || be->minor != minor)
544 ++ pr_warn(DRV_PFX "changing physical device (from %x:%x to %x:%x) not supported.\n",
545 ++ be->major, be->minor, major, minor);
546 + return;
547 + }
548 +
549 +@@ -542,36 +544,33 @@ static void backend_changed(struct xenbus_watch *watch,
550 + kfree(device_type);
551 + }
552 +
553 +- if (be->major == 0 && be->minor == 0) {
554 +- /* Front end dir is a number, which is used as the handle. */
555 +-
556 +- char *p = strrchr(dev->otherend, '/') + 1;
557 +- long handle;
558 +- err = strict_strtoul(p, 0, &handle);
559 +- if (err)
560 +- return;
561 ++ /* Front end dir is a number, which is used as the handle. */
562 ++ err = strict_strtoul(strrchr(dev->otherend, '/') + 1, 0, &handle);
563 ++ if (err)
564 ++ return;
565 +
566 +- be->major = major;
567 +- be->minor = minor;
568 ++ be->major = major;
569 ++ be->minor = minor;
570 +
571 +- err = xen_vbd_create(be->blkif, handle, major, minor,
572 +- (NULL == strchr(be->mode, 'w')), cdrom);
573 +- if (err) {
574 +- be->major = 0;
575 +- be->minor = 0;
576 +- xenbus_dev_fatal(dev, err, "creating vbd structure");
577 +- return;
578 +- }
579 ++ err = xen_vbd_create(be->blkif, handle, major, minor,
580 ++ !strchr(be->mode, 'w'), cdrom);
581 +
582 ++ if (err)
583 ++ xenbus_dev_fatal(dev, err, "creating vbd structure");
584 ++ else {
585 + err = xenvbd_sysfs_addif(dev);
586 + if (err) {
587 + xen_vbd_free(&be->blkif->vbd);
588 +- be->major = 0;
589 +- be->minor = 0;
590 + xenbus_dev_fatal(dev, err, "creating sysfs entries");
591 +- return;
592 + }
593 ++ }
594 +
595 ++ if (err) {
596 ++ kfree(be->mode);
597 ++ be->mode = NULL;
598 ++ be->major = 0;
599 ++ be->minor = 0;
600 ++ } else {
601 + /* We're potentially connected now */
602 + xen_update_blkif_status(be->blkif);
603 + }
604 +diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
605 +index 11043c1..c3dae2e 100644
606 +--- a/drivers/block/xen-blkfront.c
607 ++++ b/drivers/block/xen-blkfront.c
608 +@@ -791,7 +791,7 @@ static void blkif_restart_queue(struct work_struct *work)
609 + static void blkif_free(struct blkfront_info *info, int suspend)
610 + {
611 + struct llist_node *all_gnts;
612 +- struct grant *persistent_gnt;
613 ++ struct grant *persistent_gnt, *tmp;
614 + struct llist_node *n;
615 +
616 + /* Prevent new requests being issued until we fix things up. */
617 +@@ -805,10 +805,17 @@ static void blkif_free(struct blkfront_info *info, int suspend)
618 + /* Remove all persistent grants */
619 + if (info->persistent_gnts_c) {
620 + all_gnts = llist_del_all(&info->persistent_gnts);
621 +- llist_for_each_entry_safe(persistent_gnt, n, all_gnts, node) {
622 ++ persistent_gnt = llist_entry(all_gnts, typeof(*(persistent_gnt)), node);
623 ++ while (persistent_gnt) {
624 + gnttab_end_foreign_access(persistent_gnt->gref, 0, 0UL);
625 + __free_page(pfn_to_page(persistent_gnt->pfn));
626 +- kfree(persistent_gnt);
627 ++ tmp = persistent_gnt;
628 ++ n = persistent_gnt->node.next;
629 ++ if (n)
630 ++ persistent_gnt = llist_entry(n, typeof(*(persistent_gnt)), node);
631 ++ else
632 ++ persistent_gnt = NULL;
633 ++ kfree(tmp);
634 + }
635 + info->persistent_gnts_c = 0;
636 + }
637 +diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
638 +index 3873d53..af3e8aa 100644
639 +--- a/drivers/firewire/core-device.c
640 ++++ b/drivers/firewire/core-device.c
641 +@@ -1020,6 +1020,10 @@ static void fw_device_init(struct work_struct *work)
642 + ret = idr_pre_get(&fw_device_idr, GFP_KERNEL) ?
643 + idr_get_new(&fw_device_idr, device, &minor) :
644 + -ENOMEM;
645 ++ if (minor >= 1 << MINORBITS) {
646 ++ idr_remove(&fw_device_idr, minor);
647 ++ minor = -ENOSPC;
648 ++ }
649 + up_write(&fw_device_rwsem);
650 +
651 + if (ret < 0)
652 +diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
653 +index f5596db..bcb201c 100644
654 +--- a/drivers/firmware/efivars.c
655 ++++ b/drivers/firmware/efivars.c
656 +@@ -79,6 +79,7 @@
657 + #include <linux/device.h>
658 + #include <linux/slab.h>
659 + #include <linux/pstore.h>
660 ++#include <linux/ctype.h>
661 +
662 + #include <linux/fs.h>
663 + #include <linux/ramfs.h>
664 +@@ -900,6 +901,48 @@ static struct inode *efivarfs_get_inode(struct super_block *sb,
665 + return inode;
666 + }
667 +
668 ++/*
669 ++ * Return true if 'str' is a valid efivarfs filename of the form,
670 ++ *
671 ++ * VariableName-12345678-1234-1234-1234-1234567891bc
672 ++ */
673 ++static bool efivarfs_valid_name(const char *str, int len)
674 ++{
675 ++ static const char dashes[GUID_LEN] = {
676 ++ [8] = 1, [13] = 1, [18] = 1, [23] = 1
677 ++ };
678 ++ const char *s = str + len - GUID_LEN;
679 ++ int i;
680 ++
681 ++ /*
682 ++ * We need a GUID, plus at least one letter for the variable name,
683 ++ * plus the '-' separator
684 ++ */
685 ++ if (len < GUID_LEN + 2)
686 ++ return false;
687 ++
688 ++ /* GUID should be right after the first '-' */
689 ++ if (s - 1 != strchr(str, '-'))
690 ++ return false;
691 ++
692 ++ /*
693 ++ * Validate that 's' is of the correct format, e.g.
694 ++ *
695 ++ * 12345678-1234-1234-1234-123456789abc
696 ++ */
697 ++ for (i = 0; i < GUID_LEN; i++) {
698 ++ if (dashes[i]) {
699 ++ if (*s++ != '-')
700 ++ return false;
701 ++ } else {
702 ++ if (!isxdigit(*s++))
703 ++ return false;
704 ++ }
705 ++ }
706 ++
707 ++ return true;
708 ++}
709 ++
710 + static void efivarfs_hex_to_guid(const char *str, efi_guid_t *guid)
711 + {
712 + guid->b[0] = hex_to_bin(str[6]) << 4 | hex_to_bin(str[7]);
713 +@@ -928,11 +971,7 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
714 + struct efivar_entry *var;
715 + int namelen, i = 0, err = 0;
716 +
717 +- /*
718 +- * We need a GUID, plus at least one letter for the variable name,
719 +- * plus the '-' separator
720 +- */
721 +- if (dentry->d_name.len < GUID_LEN + 2)
722 ++ if (!efivarfs_valid_name(dentry->d_name.name, dentry->d_name.len))
723 + return -EINVAL;
724 +
725 + inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0);
726 +@@ -1004,6 +1043,84 @@ static int efivarfs_unlink(struct inode *dir, struct dentry *dentry)
727 + return -EINVAL;
728 + };
729 +
730 ++/*
731 ++ * Compare two efivarfs file names.
732 ++ *
733 ++ * An efivarfs filename is composed of two parts,
734 ++ *
735 ++ * 1. A case-sensitive variable name
736 ++ * 2. A case-insensitive GUID
737 ++ *
738 ++ * So we need to perform a case-sensitive match on part 1 and a
739 ++ * case-insensitive match on part 2.
740 ++ */
741 ++static int efivarfs_d_compare(const struct dentry *parent, const struct inode *pinode,
742 ++ const struct dentry *dentry, const struct inode *inode,
743 ++ unsigned int len, const char *str,
744 ++ const struct qstr *name)
745 ++{
746 ++ int guid = len - GUID_LEN;
747 ++
748 ++ if (name->len != len)
749 ++ return 1;
750 ++
751 ++ /* Case-sensitive compare for the variable name */
752 ++ if (memcmp(str, name->name, guid))
753 ++ return 1;
754 ++
755 ++ /* Case-insensitive compare for the GUID */
756 ++ return strncasecmp(name->name + guid, str + guid, GUID_LEN);
757 ++}
758 ++
759 ++static int efivarfs_d_hash(const struct dentry *dentry,
760 ++ const struct inode *inode, struct qstr *qstr)
761 ++{
762 ++ unsigned long hash = init_name_hash();
763 ++ const unsigned char *s = qstr->name;
764 ++ unsigned int len = qstr->len;
765 ++
766 ++ if (!efivarfs_valid_name(s, len))
767 ++ return -EINVAL;
768 ++
769 ++ while (len-- > GUID_LEN)
770 ++ hash = partial_name_hash(*s++, hash);
771 ++
772 ++ /* GUID is case-insensitive. */
773 ++ while (len--)
774 ++ hash = partial_name_hash(tolower(*s++), hash);
775 ++
776 ++ qstr->hash = end_name_hash(hash);
777 ++ return 0;
778 ++}
779 ++
780 ++/*
781 ++ * Retaining negative dentries for an in-memory filesystem just wastes
782 ++ * memory and lookup time: arrange for them to be deleted immediately.
783 ++ */
784 ++static int efivarfs_delete_dentry(const struct dentry *dentry)
785 ++{
786 ++ return 1;
787 ++}
788 ++
789 ++static struct dentry_operations efivarfs_d_ops = {
790 ++ .d_compare = efivarfs_d_compare,
791 ++ .d_hash = efivarfs_d_hash,
792 ++ .d_delete = efivarfs_delete_dentry,
793 ++};
794 ++
795 ++static struct dentry *efivarfs_alloc_dentry(struct dentry *parent, char *name)
796 ++{
797 ++ struct qstr q;
798 ++
799 ++ q.name = name;
800 ++ q.len = strlen(name);
801 ++
802 ++ if (efivarfs_d_hash(NULL, NULL, &q))
803 ++ return NULL;
804 ++
805 ++ return d_alloc(parent, &q);
806 ++}
807 ++
808 + static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
809 + {
810 + struct inode *inode = NULL;
811 +@@ -1019,6 +1136,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
812 + sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
813 + sb->s_magic = EFIVARFS_MAGIC;
814 + sb->s_op = &efivarfs_ops;
815 ++ sb->s_d_op = &efivarfs_d_ops;
816 + sb->s_time_gran = 1;
817 +
818 + inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0);
819 +@@ -1059,7 +1177,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
820 + if (!inode)
821 + goto fail_name;
822 +
823 +- dentry = d_alloc_name(root, name);
824 ++ dentry = efivarfs_alloc_dentry(root, name);
825 + if (!dentry)
826 + goto fail_inode;
827 +
828 +@@ -1109,8 +1227,20 @@ static struct file_system_type efivarfs_type = {
829 + .kill_sb = efivarfs_kill_sb,
830 + };
831 +
832 ++/*
833 ++ * Handle negative dentry.
834 ++ */
835 ++static struct dentry *efivarfs_lookup(struct inode *dir, struct dentry *dentry,
836 ++ unsigned int flags)
837 ++{
838 ++ if (dentry->d_name.len > NAME_MAX)
839 ++ return ERR_PTR(-ENAMETOOLONG);
840 ++ d_add(dentry, NULL);
841 ++ return NULL;
842 ++}
843 ++
844 + static const struct inode_operations efivarfs_dir_inode_operations = {
845 +- .lookup = simple_lookup,
846 ++ .lookup = efivarfs_lookup,
847 + .unlink = efivarfs_unlink,
848 + .create = efivarfs_create,
849 + };
850 +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
851 +index eb2ee11..ceb3040 100644
852 +--- a/drivers/hid/hid-core.c
853 ++++ b/drivers/hid/hid-core.c
854 +@@ -1697,6 +1697,7 @@ static const struct hid_device_id hid_have_special_driver[] = {
855 + { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_NAVIGATION_CONTROLLER) },
856 + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS3_CONTROLLER) },
857 + { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE) },
858 ++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE) },
859 + { HID_USB_DEVICE(USB_VENDOR_ID_SUNPLUS, USB_DEVICE_ID_SUNPLUS_WDESKTOP) },
860 + { HID_USB_DEVICE(USB_VENDOR_ID_THRUSTMASTER, 0xb300) },
861 + { HID_USB_DEVICE(USB_VENDOR_ID_THRUSTMASTER, 0xb304) },
862 +@@ -2070,6 +2071,7 @@ static const struct hid_device_id hid_ignore_list[] = {
863 + { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_HYBRID) },
864 + { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_HEATCONTROL) },
865 + { HID_USB_DEVICE(USB_VENDOR_ID_MADCATZ, USB_DEVICE_ID_MADCATZ_BEATPAD) },
866 ++ { HID_USB_DEVICE(USB_VENDOR_ID_MASTERKIT, USB_DEVICE_ID_MASTERKIT_MA901RADIO) },
867 + { HID_USB_DEVICE(USB_VENDOR_ID_MCC, USB_DEVICE_ID_MCC_PMD1024LS) },
868 + { HID_USB_DEVICE(USB_VENDOR_ID_MCC, USB_DEVICE_ID_MCC_PMD1208LS) },
869 + { HID_USB_DEVICE(USB_VENDOR_ID_MICROCHIP, USB_DEVICE_ID_PICKIT1) },
870 +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
871 +index 34e2547..266e2ae 100644
872 +--- a/drivers/hid/hid-ids.h
873 ++++ b/drivers/hid/hid-ids.h
874 +@@ -554,6 +554,9 @@
875 + #define USB_VENDOR_ID_MADCATZ 0x0738
876 + #define USB_DEVICE_ID_MADCATZ_BEATPAD 0x4540
877 +
878 ++#define USB_VENDOR_ID_MASTERKIT 0x16c0
879 ++#define USB_DEVICE_ID_MASTERKIT_MA901RADIO 0x05df
880 ++
881 + #define USB_VENDOR_ID_MCC 0x09db
882 + #define USB_DEVICE_ID_MCC_PMD1024LS 0x0076
883 + #define USB_DEVICE_ID_MCC_PMD1208LS 0x007a
884 +@@ -709,6 +712,7 @@
885 +
886 + #define USB_VENDOR_ID_SONY 0x054c
887 + #define USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE 0x024b
888 ++#define USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE 0x0374
889 + #define USB_DEVICE_ID_SONY_PS3_BDREMOTE 0x0306
890 + #define USB_DEVICE_ID_SONY_PS3_CONTROLLER 0x0268
891 + #define USB_DEVICE_ID_SONY_NAVIGATION_CONTROLLER 0x042f
892 +diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c
893 +index 7f33ebf..126d6ae 100644
894 +--- a/drivers/hid/hid-sony.c
895 ++++ b/drivers/hid/hid-sony.c
896 +@@ -43,9 +43,19 @@ static __u8 *sony_report_fixup(struct hid_device *hdev, __u8 *rdesc,
897 + {
898 + struct sony_sc *sc = hid_get_drvdata(hdev);
899 +
900 +- if ((sc->quirks & VAIO_RDESC_CONSTANT) &&
901 +- *rsize >= 56 && rdesc[54] == 0x81 && rdesc[55] == 0x07) {
902 +- hid_info(hdev, "Fixing up Sony Vaio VGX report descriptor\n");
903 ++ /*
904 ++ * Some Sony RF receivers wrongly declare the mouse pointer as a
905 ++ * a constant non-data variable.
906 ++ */
907 ++ if ((sc->quirks & VAIO_RDESC_CONSTANT) && *rsize >= 56 &&
908 ++ /* usage page: generic desktop controls */
909 ++ /* rdesc[0] == 0x05 && rdesc[1] == 0x01 && */
910 ++ /* usage: mouse */
911 ++ rdesc[2] == 0x09 && rdesc[3] == 0x02 &&
912 ++ /* input (usage page for x,y axes): constant, variable, relative */
913 ++ rdesc[54] == 0x81 && rdesc[55] == 0x07) {
914 ++ hid_info(hdev, "Fixing up Sony RF Receiver report descriptor\n");
915 ++ /* input: data, variable, relative */
916 + rdesc[55] = 0x06;
917 + }
918 +
919 +@@ -217,6 +227,8 @@ static const struct hid_device_id sony_devices[] = {
920 + .driver_data = SIXAXIS_CONTROLLER_BT },
921 + { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE),
922 + .driver_data = VAIO_RDESC_CONSTANT },
923 ++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE),
924 ++ .driver_data = VAIO_RDESC_CONSTANT },
925 + { }
926 + };
927 + MODULE_DEVICE_TABLE(hid, sony_devices);
928 +diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
929 +index d5088ce..7ccf328 100644
930 +--- a/drivers/infiniband/ulp/srp/ib_srp.c
931 ++++ b/drivers/infiniband/ulp/srp/ib_srp.c
932 +@@ -700,23 +700,24 @@ static int srp_reconnect_target(struct srp_target_port *target)
933 + struct Scsi_Host *shost = target->scsi_host;
934 + int i, ret;
935 +
936 +- if (target->state != SRP_TARGET_LIVE)
937 +- return -EAGAIN;
938 +-
939 + scsi_target_block(&shost->shost_gendev);
940 +
941 + srp_disconnect_target(target);
942 + /*
943 +- * Now get a new local CM ID so that we avoid confusing the
944 +- * target in case things are really fouled up.
945 ++ * Now get a new local CM ID so that we avoid confusing the target in
946 ++ * case things are really fouled up. Doing so also ensures that all CM
947 ++ * callbacks will have finished before a new QP is allocated.
948 + */
949 + ret = srp_new_cm_id(target);
950 +- if (ret)
951 +- goto unblock;
952 +-
953 +- ret = srp_create_target_ib(target);
954 +- if (ret)
955 +- goto unblock;
956 ++ /*
957 ++ * Whether or not creating a new CM ID succeeded, create a new
958 ++ * QP. This guarantees that all completion callback function
959 ++ * invocations have finished before request resetting starts.
960 ++ */
961 ++ if (ret == 0)
962 ++ ret = srp_create_target_ib(target);
963 ++ else
964 ++ srp_create_target_ib(target);
965 +
966 + for (i = 0; i < SRP_CMD_SQ_SIZE; ++i) {
967 + struct srp_request *req = &target->req_ring[i];
968 +@@ -728,11 +729,12 @@ static int srp_reconnect_target(struct srp_target_port *target)
969 + for (i = 0; i < SRP_SQ_SIZE; ++i)
970 + list_add(&target->tx_ring[i]->list, &target->free_tx);
971 +
972 +- ret = srp_connect_target(target);
973 ++ if (ret == 0)
974 ++ ret = srp_connect_target(target);
975 +
976 +-unblock:
977 + scsi_target_unblock(&shost->shost_gendev, ret == 0 ? SDEV_RUNNING :
978 + SDEV_TRANSPORT_OFFLINE);
979 ++ target->transport_offline = !!ret;
980 +
981 + if (ret)
982 + goto err;
983 +@@ -1352,6 +1354,12 @@ static int srp_queuecommand(struct Scsi_Host *shost, struct scsi_cmnd *scmnd)
984 + unsigned long flags;
985 + int len;
986 +
987 ++ if (unlikely(target->transport_offline)) {
988 ++ scmnd->result = DID_NO_CONNECT << 16;
989 ++ scmnd->scsi_done(scmnd);
990 ++ return 0;
991 ++ }
992 ++
993 + spin_lock_irqsave(&target->lock, flags);
994 + iu = __srp_get_tx_iu(target, SRP_IU_CMD);
995 + if (!iu)
996 +@@ -1695,6 +1703,9 @@ static int srp_send_tsk_mgmt(struct srp_target_port *target,
997 + struct srp_iu *iu;
998 + struct srp_tsk_mgmt *tsk_mgmt;
999 +
1000 ++ if (!target->connected || target->qp_in_error)
1001 ++ return -1;
1002 ++
1003 + init_completion(&target->tsk_mgmt_done);
1004 +
1005 + spin_lock_irq(&target->lock);
1006 +@@ -1736,7 +1747,7 @@ static int srp_abort(struct scsi_cmnd *scmnd)
1007 +
1008 + shost_printk(KERN_ERR, target->scsi_host, "SRP abort called\n");
1009 +
1010 +- if (!req || target->qp_in_error || !srp_claim_req(target, req, scmnd))
1011 ++ if (!req || !srp_claim_req(target, req, scmnd))
1012 + return FAILED;
1013 + srp_send_tsk_mgmt(target, req->index, scmnd->device->lun,
1014 + SRP_TSK_ABORT_TASK);
1015 +@@ -1754,8 +1765,6 @@ static int srp_reset_device(struct scsi_cmnd *scmnd)
1016 +
1017 + shost_printk(KERN_ERR, target->scsi_host, "SRP reset_device called\n");
1018 +
1019 +- if (target->qp_in_error)
1020 +- return FAILED;
1021 + if (srp_send_tsk_mgmt(target, SRP_TAG_NO_REQ, scmnd->device->lun,
1022 + SRP_TSK_LUN_RESET))
1023 + return FAILED;
1024 +@@ -1972,7 +1981,6 @@ static int srp_add_target(struct srp_host *host, struct srp_target_port *target)
1025 + spin_unlock(&host->target_lock);
1026 +
1027 + target->state = SRP_TARGET_LIVE;
1028 +- target->connected = false;
1029 +
1030 + scsi_scan_target(&target->scsi_host->shost_gendev,
1031 + 0, target->scsi_id, SCAN_WILD_CARD, 0);
1032 +diff --git a/drivers/infiniband/ulp/srp/ib_srp.h b/drivers/infiniband/ulp/srp/ib_srp.h
1033 +index de2d0b3..66fbedd 100644
1034 +--- a/drivers/infiniband/ulp/srp/ib_srp.h
1035 ++++ b/drivers/infiniband/ulp/srp/ib_srp.h
1036 +@@ -140,6 +140,7 @@ struct srp_target_port {
1037 + unsigned int cmd_sg_cnt;
1038 + unsigned int indirect_size;
1039 + bool allow_ext_sg;
1040 ++ bool transport_offline;
1041 +
1042 + /* Everything above this point is used in the hot path of
1043 + * command processing. Try to keep them packed into cachelines.
1044 +diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
1045 +index faf10ba..b6ecddb 100644
1046 +--- a/drivers/iommu/amd_iommu_init.c
1047 ++++ b/drivers/iommu/amd_iommu_init.c
1048 +@@ -1876,11 +1876,6 @@ static int amd_iommu_init_dma(void)
1049 + struct amd_iommu *iommu;
1050 + int ret;
1051 +
1052 +- init_device_table_dma();
1053 +-
1054 +- for_each_iommu(iommu)
1055 +- iommu_flush_all_caches(iommu);
1056 +-
1057 + if (iommu_pass_through)
1058 + ret = amd_iommu_init_passthrough();
1059 + else
1060 +@@ -1889,6 +1884,11 @@ static int amd_iommu_init_dma(void)
1061 + if (ret)
1062 + return ret;
1063 +
1064 ++ init_device_table_dma();
1065 ++
1066 ++ for_each_iommu(iommu)
1067 ++ iommu_flush_all_caches(iommu);
1068 ++
1069 + amd_iommu_init_api();
1070 +
1071 + amd_iommu_init_notifier();
1072 +diff --git a/drivers/media/pci/cx18/cx18-alsa-main.c b/drivers/media/pci/cx18/cx18-alsa-main.c
1073 +index 8e971ff..b2c8c34 100644
1074 +--- a/drivers/media/pci/cx18/cx18-alsa-main.c
1075 ++++ b/drivers/media/pci/cx18/cx18-alsa-main.c
1076 +@@ -197,7 +197,7 @@ err_exit:
1077 + return ret;
1078 + }
1079 +
1080 +-static int __init cx18_alsa_load(struct cx18 *cx)
1081 ++static int cx18_alsa_load(struct cx18 *cx)
1082 + {
1083 + struct v4l2_device *v4l2_dev = &cx->v4l2_dev;
1084 + struct cx18_stream *s;
1085 +diff --git a/drivers/media/pci/cx18/cx18-alsa-pcm.h b/drivers/media/pci/cx18/cx18-alsa-pcm.h
1086 +index d26e51f..e2b2c5b 100644
1087 +--- a/drivers/media/pci/cx18/cx18-alsa-pcm.h
1088 ++++ b/drivers/media/pci/cx18/cx18-alsa-pcm.h
1089 +@@ -20,7 +20,7 @@
1090 + * 02111-1307 USA
1091 + */
1092 +
1093 +-int __init snd_cx18_pcm_create(struct snd_cx18_card *cxsc);
1094 ++int snd_cx18_pcm_create(struct snd_cx18_card *cxsc);
1095 +
1096 + /* Used by cx18-mailbox to announce the PCM data to the module */
1097 + void cx18_alsa_announce_pcm_data(struct snd_cx18_card *card, u8 *pcm_data,
1098 +diff --git a/drivers/media/pci/ivtv/ivtv-alsa-main.c b/drivers/media/pci/ivtv/ivtv-alsa-main.c
1099 +index 4a221c6..e970cfa 100644
1100 +--- a/drivers/media/pci/ivtv/ivtv-alsa-main.c
1101 ++++ b/drivers/media/pci/ivtv/ivtv-alsa-main.c
1102 +@@ -205,7 +205,7 @@ err_exit:
1103 + return ret;
1104 + }
1105 +
1106 +-static int __init ivtv_alsa_load(struct ivtv *itv)
1107 ++static int ivtv_alsa_load(struct ivtv *itv)
1108 + {
1109 + struct v4l2_device *v4l2_dev = &itv->v4l2_dev;
1110 + struct ivtv_stream *s;
1111 +diff --git a/drivers/media/pci/ivtv/ivtv-alsa-pcm.h b/drivers/media/pci/ivtv/ivtv-alsa-pcm.h
1112 +index 23dfe0d..186814e 100644
1113 +--- a/drivers/media/pci/ivtv/ivtv-alsa-pcm.h
1114 ++++ b/drivers/media/pci/ivtv/ivtv-alsa-pcm.h
1115 +@@ -20,4 +20,4 @@
1116 + * 02111-1307 USA
1117 + */
1118 +
1119 +-int __init snd_ivtv_pcm_create(struct snd_ivtv_card *itvsc);
1120 ++int snd_ivtv_pcm_create(struct snd_ivtv_card *itvsc);
1121 +diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c
1122 +index 35cc526..8e9a668 100644
1123 +--- a/drivers/media/platform/omap/omap_vout.c
1124 ++++ b/drivers/media/platform/omap/omap_vout.c
1125 +@@ -205,19 +205,21 @@ static u32 omap_vout_uservirt_to_phys(u32 virtp)
1126 + struct vm_area_struct *vma;
1127 + struct mm_struct *mm = current->mm;
1128 +
1129 +- vma = find_vma(mm, virtp);
1130 + /* For kernel direct-mapped memory, take the easy way */
1131 +- if (virtp >= PAGE_OFFSET) {
1132 +- physp = virt_to_phys((void *) virtp);
1133 +- } else if (vma && (vma->vm_flags & VM_IO) && vma->vm_pgoff) {
1134 ++ if (virtp >= PAGE_OFFSET)
1135 ++ return virt_to_phys((void *) virtp);
1136 ++
1137 ++ down_read(&current->mm->mmap_sem);
1138 ++ vma = find_vma(mm, virtp);
1139 ++ if (vma && (vma->vm_flags & VM_IO) && vma->vm_pgoff) {
1140 + /* this will catch, kernel-allocated, mmaped-to-usermode
1141 + addresses */
1142 + physp = (vma->vm_pgoff << PAGE_SHIFT) + (virtp - vma->vm_start);
1143 ++ up_read(&current->mm->mmap_sem);
1144 + } else {
1145 + /* otherwise, use get_user_pages() for general userland pages */
1146 + int res, nr_pages = 1;
1147 + struct page *pages;
1148 +- down_read(&current->mm->mmap_sem);
1149 +
1150 + res = get_user_pages(current, current->mm, virtp, nr_pages, 1,
1151 + 0, &pages, NULL);
1152 +diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
1153 +index 601d1ac1..d593bc6 100644
1154 +--- a/drivers/media/rc/rc-main.c
1155 ++++ b/drivers/media/rc/rc-main.c
1156 +@@ -789,8 +789,10 @@ static ssize_t show_protocols(struct device *device,
1157 + } else if (dev->raw) {
1158 + enabled = dev->raw->enabled_protocols;
1159 + allowed = ir_raw_get_allowed_protocols();
1160 +- } else
1161 ++ } else {
1162 ++ mutex_unlock(&dev->lock);
1163 + return -ENODEV;
1164 ++ }
1165 +
1166 + IR_dprintk(1, "allowed - 0x%llx, enabled - 0x%llx\n",
1167 + (long long)allowed,
1168 +diff --git a/drivers/media/v4l2-core/v4l2-device.c b/drivers/media/v4l2-core/v4l2-device.c
1169 +index 513969f..98a7f5e 100644
1170 +--- a/drivers/media/v4l2-core/v4l2-device.c
1171 ++++ b/drivers/media/v4l2-core/v4l2-device.c
1172 +@@ -159,31 +159,21 @@ int v4l2_device_register_subdev(struct v4l2_device *v4l2_dev,
1173 + sd->v4l2_dev = v4l2_dev;
1174 + if (sd->internal_ops && sd->internal_ops->registered) {
1175 + err = sd->internal_ops->registered(sd);
1176 +- if (err) {
1177 +- module_put(sd->owner);
1178 +- return err;
1179 +- }
1180 ++ if (err)
1181 ++ goto error_module;
1182 + }
1183 +
1184 + /* This just returns 0 if either of the two args is NULL */
1185 + err = v4l2_ctrl_add_handler(v4l2_dev->ctrl_handler, sd->ctrl_handler, NULL);
1186 +- if (err) {
1187 +- if (sd->internal_ops && sd->internal_ops->unregistered)
1188 +- sd->internal_ops->unregistered(sd);
1189 +- module_put(sd->owner);
1190 +- return err;
1191 +- }
1192 ++ if (err)
1193 ++ goto error_unregister;
1194 +
1195 + #if defined(CONFIG_MEDIA_CONTROLLER)
1196 + /* Register the entity. */
1197 + if (v4l2_dev->mdev) {
1198 + err = media_device_register_entity(v4l2_dev->mdev, entity);
1199 +- if (err < 0) {
1200 +- if (sd->internal_ops && sd->internal_ops->unregistered)
1201 +- sd->internal_ops->unregistered(sd);
1202 +- module_put(sd->owner);
1203 +- return err;
1204 +- }
1205 ++ if (err < 0)
1206 ++ goto error_unregister;
1207 + }
1208 + #endif
1209 +
1210 +@@ -192,6 +182,14 @@ int v4l2_device_register_subdev(struct v4l2_device *v4l2_dev,
1211 + spin_unlock(&v4l2_dev->lock);
1212 +
1213 + return 0;
1214 ++
1215 ++error_unregister:
1216 ++ if (sd->internal_ops && sd->internal_ops->unregistered)
1217 ++ sd->internal_ops->unregistered(sd);
1218 ++error_module:
1219 ++ module_put(sd->owner);
1220 ++ sd->v4l2_dev = NULL;
1221 ++ return err;
1222 + }
1223 + EXPORT_SYMBOL_GPL(v4l2_device_register_subdev);
1224 +
1225 +diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
1226 +index 806e34c..0568273 100644
1227 +--- a/drivers/net/wireless/b43/main.c
1228 ++++ b/drivers/net/wireless/b43/main.c
1229 +@@ -4214,7 +4214,6 @@ redo:
1230 + mutex_unlock(&wl->mutex);
1231 + cancel_delayed_work_sync(&dev->periodic_work);
1232 + cancel_work_sync(&wl->tx_work);
1233 +- cancel_work_sync(&wl->firmware_load);
1234 + mutex_lock(&wl->mutex);
1235 + dev = wl->current_dev;
1236 + if (!dev || b43_status(dev) < B43_STAT_STARTED) {
1237 +@@ -5434,6 +5433,7 @@ static void b43_bcma_remove(struct bcma_device *core)
1238 + /* We must cancel any work here before unregistering from ieee80211,
1239 + * as the ieee80211 unreg will destroy the workqueue. */
1240 + cancel_work_sync(&wldev->restart_work);
1241 ++ cancel_work_sync(&wl->firmware_load);
1242 +
1243 + B43_WARN_ON(!wl);
1244 + if (!wldev->fw.ucode.data)
1245 +@@ -5510,6 +5510,7 @@ static void b43_ssb_remove(struct ssb_device *sdev)
1246 + /* We must cancel any work here before unregistering from ieee80211,
1247 + * as the ieee80211 unreg will destroy the workqueue. */
1248 + cancel_work_sync(&wldev->restart_work);
1249 ++ cancel_work_sync(&wl->firmware_load);
1250 +
1251 + B43_WARN_ON(!wl);
1252 + if (!wldev->fw.ucode.data)
1253 +diff --git a/drivers/power/ab8500_btemp.c b/drivers/power/ab8500_btemp.c
1254 +index 20e2a7d..056222e 100644
1255 +--- a/drivers/power/ab8500_btemp.c
1256 ++++ b/drivers/power/ab8500_btemp.c
1257 +@@ -1123,7 +1123,7 @@ static void __exit ab8500_btemp_exit(void)
1258 + platform_driver_unregister(&ab8500_btemp_driver);
1259 + }
1260 +
1261 +-subsys_initcall_sync(ab8500_btemp_init);
1262 ++device_initcall(ab8500_btemp_init);
1263 + module_exit(ab8500_btemp_exit);
1264 +
1265 + MODULE_LICENSE("GPL v2");
1266 +diff --git a/drivers/power/abx500_chargalg.c b/drivers/power/abx500_chargalg.c
1267 +index 2970891..eb7b4a6 100644
1268 +--- a/drivers/power/abx500_chargalg.c
1269 ++++ b/drivers/power/abx500_chargalg.c
1270 +@@ -1698,7 +1698,7 @@ static ssize_t abx500_chargalg_sysfs_charger(struct kobject *kobj,
1271 + static struct attribute abx500_chargalg_en_charger = \
1272 + {
1273 + .name = "chargalg",
1274 +- .mode = S_IWUGO,
1275 ++ .mode = S_IWUSR,
1276 + };
1277 +
1278 + static struct attribute *abx500_chargalg_chg[] = {
1279 +diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c
1280 +index 36b34ef..7087d0d 100644
1281 +--- a/drivers/power/bq27x00_battery.c
1282 ++++ b/drivers/power/bq27x00_battery.c
1283 +@@ -448,7 +448,6 @@ static void bq27x00_update(struct bq27x00_device_info *di)
1284 + cache.temperature = bq27x00_battery_read_temperature(di);
1285 + if (!is_bq27425)
1286 + cache.cycle_count = bq27x00_battery_read_cyct(di);
1287 +- cache.cycle_count = bq27x00_battery_read_cyct(di);
1288 + cache.power_avg =
1289 + bq27x00_battery_read_pwr_avg(di, BQ27x00_POWER_AVG);
1290 +
1291 +@@ -696,7 +695,6 @@ static int bq27x00_powersupply_init(struct bq27x00_device_info *di)
1292 + int ret;
1293 +
1294 + di->bat.type = POWER_SUPPLY_TYPE_BATTERY;
1295 +- di->chip = BQ27425;
1296 + if (di->chip == BQ27425) {
1297 + di->bat.properties = bq27425_battery_props;
1298 + di->bat.num_properties = ARRAY_SIZE(bq27425_battery_props);
1299 +diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
1300 +index 8f14c42..6894b3e 100644
1301 +--- a/drivers/staging/comedi/comedi_fops.c
1302 ++++ b/drivers/staging/comedi/comedi_fops.c
1303 +@@ -1779,7 +1779,7 @@ static unsigned int comedi_poll(struct file *file, poll_table *wait)
1304 +
1305 + mask = 0;
1306 + read_subdev = comedi_get_read_subdevice(dev_file_info);
1307 +- if (read_subdev) {
1308 ++ if (read_subdev && read_subdev->async) {
1309 + poll_wait(file, &read_subdev->async->wait_head, wait);
1310 + if (!read_subdev->busy
1311 + || comedi_buf_read_n_available(read_subdev->async) > 0
1312 +@@ -1789,7 +1789,7 @@ static unsigned int comedi_poll(struct file *file, poll_table *wait)
1313 + }
1314 + }
1315 + write_subdev = comedi_get_write_subdevice(dev_file_info);
1316 +- if (write_subdev) {
1317 ++ if (write_subdev && write_subdev->async) {
1318 + poll_wait(file, &write_subdev->async->wait_head, wait);
1319 + comedi_buf_write_alloc(write_subdev->async,
1320 + write_subdev->async->prealloc_bufsz);
1321 +@@ -1831,7 +1831,7 @@ static ssize_t comedi_write(struct file *file, const char __user *buf,
1322 + }
1323 +
1324 + s = comedi_get_write_subdevice(dev_file_info);
1325 +- if (s == NULL) {
1326 ++ if (s == NULL || s->async == NULL) {
1327 + retval = -EIO;
1328 + goto done;
1329 + }
1330 +@@ -1942,7 +1942,7 @@ static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes,
1331 + }
1332 +
1333 + s = comedi_get_read_subdevice(dev_file_info);
1334 +- if (s == NULL) {
1335 ++ if (s == NULL || s->async == NULL) {
1336 + retval = -EIO;
1337 + goto done;
1338 + }
1339 +diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
1340 +index f2aa754..96f4981 100644
1341 +--- a/drivers/target/target_core_device.c
1342 ++++ b/drivers/target/target_core_device.c
1343 +@@ -1182,24 +1182,18 @@ static struct se_lun *core_dev_get_lun(struct se_portal_group *tpg, u32 unpacked
1344 +
1345 + struct se_lun_acl *core_dev_init_initiator_node_lun_acl(
1346 + struct se_portal_group *tpg,
1347 ++ struct se_node_acl *nacl,
1348 + u32 mapped_lun,
1349 +- char *initiatorname,
1350 + int *ret)
1351 + {
1352 + struct se_lun_acl *lacl;
1353 +- struct se_node_acl *nacl;
1354 +
1355 +- if (strlen(initiatorname) >= TRANSPORT_IQN_LEN) {
1356 ++ if (strlen(nacl->initiatorname) >= TRANSPORT_IQN_LEN) {
1357 + pr_err("%s InitiatorName exceeds maximum size.\n",
1358 + tpg->se_tpg_tfo->get_fabric_name());
1359 + *ret = -EOVERFLOW;
1360 + return NULL;
1361 + }
1362 +- nacl = core_tpg_get_initiator_node_acl(tpg, initiatorname);
1363 +- if (!nacl) {
1364 +- *ret = -EINVAL;
1365 +- return NULL;
1366 +- }
1367 + lacl = kzalloc(sizeof(struct se_lun_acl), GFP_KERNEL);
1368 + if (!lacl) {
1369 + pr_err("Unable to allocate memory for struct se_lun_acl.\n");
1370 +@@ -1210,7 +1204,8 @@ struct se_lun_acl *core_dev_init_initiator_node_lun_acl(
1371 + INIT_LIST_HEAD(&lacl->lacl_list);
1372 + lacl->mapped_lun = mapped_lun;
1373 + lacl->se_lun_nacl = nacl;
1374 +- snprintf(lacl->initiatorname, TRANSPORT_IQN_LEN, "%s", initiatorname);
1375 ++ snprintf(lacl->initiatorname, TRANSPORT_IQN_LEN, "%s",
1376 ++ nacl->initiatorname);
1377 +
1378 + return lacl;
1379 + }
1380 +diff --git a/drivers/target/target_core_fabric_configfs.c b/drivers/target/target_core_fabric_configfs.c
1381 +index c57bbbc..04c775c 100644
1382 +--- a/drivers/target/target_core_fabric_configfs.c
1383 ++++ b/drivers/target/target_core_fabric_configfs.c
1384 +@@ -354,9 +354,17 @@ static struct config_group *target_fabric_make_mappedlun(
1385 + ret = -EINVAL;
1386 + goto out;
1387 + }
1388 ++ if (mapped_lun > (TRANSPORT_MAX_LUNS_PER_TPG-1)) {
1389 ++ pr_err("Mapped LUN: %lu exceeds TRANSPORT_MAX_LUNS_PER_TPG"
1390 ++ "-1: %u for Target Portal Group: %u\n", mapped_lun,
1391 ++ TRANSPORT_MAX_LUNS_PER_TPG-1,
1392 ++ se_tpg->se_tpg_tfo->tpg_get_tag(se_tpg));
1393 ++ ret = -EINVAL;
1394 ++ goto out;
1395 ++ }
1396 +
1397 +- lacl = core_dev_init_initiator_node_lun_acl(se_tpg, mapped_lun,
1398 +- config_item_name(acl_ci), &ret);
1399 ++ lacl = core_dev_init_initiator_node_lun_acl(se_tpg, se_nacl,
1400 ++ mapped_lun, &ret);
1401 + if (!lacl) {
1402 + ret = -EINVAL;
1403 + goto out;
1404 +diff --git a/drivers/target/target_core_internal.h b/drivers/target/target_core_internal.h
1405 +index 93e9c1f..396e1eb 100644
1406 +--- a/drivers/target/target_core_internal.h
1407 ++++ b/drivers/target/target_core_internal.h
1408 +@@ -45,7 +45,7 @@ struct se_lun *core_dev_add_lun(struct se_portal_group *, struct se_device *, u3
1409 + int core_dev_del_lun(struct se_portal_group *, u32);
1410 + struct se_lun *core_get_lun_from_tpg(struct se_portal_group *, u32);
1411 + struct se_lun_acl *core_dev_init_initiator_node_lun_acl(struct se_portal_group *,
1412 +- u32, char *, int *);
1413 ++ struct se_node_acl *, u32, int *);
1414 + int core_dev_add_initiator_node_lun_acl(struct se_portal_group *,
1415 + struct se_lun_acl *, u32, u32);
1416 + int core_dev_del_initiator_node_lun_acl(struct se_portal_group *,
1417 +diff --git a/drivers/target/target_core_tpg.c b/drivers/target/target_core_tpg.c
1418 +index 5192ac0..9169d6a 100644
1419 +--- a/drivers/target/target_core_tpg.c
1420 ++++ b/drivers/target/target_core_tpg.c
1421 +@@ -111,16 +111,10 @@ struct se_node_acl *core_tpg_get_initiator_node_acl(
1422 + struct se_node_acl *acl;
1423 +
1424 + spin_lock_irq(&tpg->acl_node_lock);
1425 +- list_for_each_entry(acl, &tpg->acl_node_list, acl_list) {
1426 +- if (!strcmp(acl->initiatorname, initiatorname) &&
1427 +- !acl->dynamic_node_acl) {
1428 +- spin_unlock_irq(&tpg->acl_node_lock);
1429 +- return acl;
1430 +- }
1431 +- }
1432 ++ acl = __core_tpg_get_initiator_node_acl(tpg, initiatorname);
1433 + spin_unlock_irq(&tpg->acl_node_lock);
1434 +
1435 +- return NULL;
1436 ++ return acl;
1437 + }
1438 +
1439 + /* core_tpg_add_node_to_devs():
1440 +diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
1441 +index 4999563..1dae91d 100644
1442 +--- a/drivers/usb/dwc3/core.h
1443 ++++ b/drivers/usb/dwc3/core.h
1444 +@@ -405,7 +405,6 @@ struct dwc3_event_buffer {
1445 + * @number: endpoint number (1 - 15)
1446 + * @type: set to bmAttributes & USB_ENDPOINT_XFERTYPE_MASK
1447 + * @resource_index: Resource transfer index
1448 +- * @current_uf: Current uf received through last event parameter
1449 + * @interval: the intervall on which the ISOC transfer is started
1450 + * @name: a human readable name e.g. ep1out-bulk
1451 + * @direction: true for TX, false for RX
1452 +@@ -439,7 +438,6 @@ struct dwc3_ep {
1453 + u8 number;
1454 + u8 type;
1455 + u8 resource_index;
1456 +- u16 current_uf;
1457 + u32 interval;
1458 +
1459 + char name[20];
1460 +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
1461 +index 2fdd767..09835b6 100644
1462 +--- a/drivers/usb/dwc3/gadget.c
1463 ++++ b/drivers/usb/dwc3/gadget.c
1464 +@@ -754,21 +754,18 @@ static void dwc3_prepare_one_trb(struct dwc3_ep *dep,
1465 + struct dwc3 *dwc = dep->dwc;
1466 + struct dwc3_trb *trb;
1467 +
1468 +- unsigned int cur_slot;
1469 +-
1470 + dev_vdbg(dwc->dev, "%s: req %p dma %08llx length %d%s%s\n",
1471 + dep->name, req, (unsigned long long) dma,
1472 + length, last ? " last" : "",
1473 + chain ? " chain" : "");
1474 +
1475 +- trb = &dep->trb_pool[dep->free_slot & DWC3_TRB_MASK];
1476 +- cur_slot = dep->free_slot;
1477 +- dep->free_slot++;
1478 +-
1479 + /* Skip the LINK-TRB on ISOC */
1480 +- if (((cur_slot & DWC3_TRB_MASK) == DWC3_TRB_NUM - 1) &&
1481 ++ if (((dep->free_slot & DWC3_TRB_MASK) == DWC3_TRB_NUM - 1) &&
1482 + usb_endpoint_xfer_isoc(dep->endpoint.desc))
1483 +- return;
1484 ++ dep->free_slot++;
1485 ++
1486 ++ trb = &dep->trb_pool[dep->free_slot & DWC3_TRB_MASK];
1487 ++ dep->free_slot++;
1488 +
1489 + if (!req->trb) {
1490 + dwc3_gadget_move_request_queued(req);
1491 +@@ -1091,7 +1088,10 @@ static int __dwc3_gadget_ep_queue(struct dwc3_ep *dep, struct dwc3_request *req)
1492 + * notion of current microframe.
1493 + */
1494 + if (usb_endpoint_xfer_isoc(dep->endpoint.desc)) {
1495 +- dwc3_stop_active_transfer(dwc, dep->number);
1496 ++ if (list_empty(&dep->req_queued)) {
1497 ++ dwc3_stop_active_transfer(dwc, dep->number);
1498 ++ dep->flags = DWC3_EP_ENABLED;
1499 ++ }
1500 + return 0;
1501 + }
1502 +
1503 +@@ -1117,16 +1117,6 @@ static int __dwc3_gadget_ep_queue(struct dwc3_ep *dep, struct dwc3_request *req)
1504 + dep->name);
1505 + }
1506 +
1507 +- /*
1508 +- * 3. Missed ISOC Handling. We need to start isoc transfer on the saved
1509 +- * uframe number.
1510 +- */
1511 +- if (usb_endpoint_xfer_isoc(dep->endpoint.desc) &&
1512 +- (dep->flags & DWC3_EP_MISSED_ISOC)) {
1513 +- __dwc3_gadget_start_isoc(dwc, dep, dep->current_uf);
1514 +- dep->flags &= ~DWC3_EP_MISSED_ISOC;
1515 +- }
1516 +-
1517 + return 0;
1518 + }
1519 +
1520 +@@ -1689,14 +1679,29 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep,
1521 + if (trb_status == DWC3_TRBSTS_MISSED_ISOC) {
1522 + dev_dbg(dwc->dev, "incomplete IN transfer %s\n",
1523 + dep->name);
1524 +- dep->current_uf = event->parameters &
1525 +- ~(dep->interval - 1);
1526 ++ /*
1527 ++ * If missed isoc occurred and there is
1528 ++ * no request queued then issue END
1529 ++ * TRANSFER, so that core generates
1530 ++ * next xfernotready and we will issue
1531 ++ * a fresh START TRANSFER.
1532 ++ * If there are still queued request
1533 ++ * then wait, do not issue either END
1534 ++ * or UPDATE TRANSFER, just attach next
1535 ++ * request in request_list during
1536 ++ * giveback.If any future queued request
1537 ++ * is successfully transferred then we
1538 ++ * will issue UPDATE TRANSFER for all
1539 ++ * request in the request_list.
1540 ++ */
1541 + dep->flags |= DWC3_EP_MISSED_ISOC;
1542 + } else {
1543 + dev_err(dwc->dev, "incomplete IN transfer %s\n",
1544 + dep->name);
1545 + status = -ECONNRESET;
1546 + }
1547 ++ } else {
1548 ++ dep->flags &= ~DWC3_EP_MISSED_ISOC;
1549 + }
1550 + } else {
1551 + if (count && (event->status & DEPEVT_STATUS_SHORT))
1552 +@@ -1723,6 +1728,23 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep,
1553 + break;
1554 + } while (1);
1555 +
1556 ++ if (usb_endpoint_xfer_isoc(dep->endpoint.desc) &&
1557 ++ list_empty(&dep->req_queued)) {
1558 ++ if (list_empty(&dep->request_list)) {
1559 ++ /*
1560 ++ * If there is no entry in request list then do
1561 ++ * not issue END TRANSFER now. Just set PENDING
1562 ++ * flag, so that END TRANSFER is issued when an
1563 ++ * entry is added into request list.
1564 ++ */
1565 ++ dep->flags = DWC3_EP_PENDING_REQUEST;
1566 ++ } else {
1567 ++ dwc3_stop_active_transfer(dwc, dep->number);
1568 ++ dep->flags = DWC3_EP_ENABLED;
1569 ++ }
1570 ++ return 1;
1571 ++ }
1572 ++
1573 + if ((event->status & DEPEVT_STATUS_IOC) &&
1574 + (trb->ctrl & DWC3_TRB_CTRL_IOC))
1575 + return 0;
1576 +@@ -2157,6 +2179,26 @@ static void dwc3_gadget_conndone_interrupt(struct dwc3 *dwc)
1577 + break;
1578 + }
1579 +
1580 ++ /* Enable USB2 LPM Capability */
1581 ++
1582 ++ if ((dwc->revision > DWC3_REVISION_194A)
1583 ++ && (speed != DWC3_DCFG_SUPERSPEED)) {
1584 ++ reg = dwc3_readl(dwc->regs, DWC3_DCFG);
1585 ++ reg |= DWC3_DCFG_LPM_CAP;
1586 ++ dwc3_writel(dwc->regs, DWC3_DCFG, reg);
1587 ++
1588 ++ reg = dwc3_readl(dwc->regs, DWC3_DCTL);
1589 ++ reg &= ~(DWC3_DCTL_HIRD_THRES_MASK | DWC3_DCTL_L1_HIBER_EN);
1590 ++
1591 ++ /*
1592 ++ * TODO: This should be configurable. For now using
1593 ++ * maximum allowed HIRD threshold value of 0b1100
1594 ++ */
1595 ++ reg |= DWC3_DCTL_HIRD_THRES(12);
1596 ++
1597 ++ dwc3_writel(dwc->regs, DWC3_DCTL, reg);
1598 ++ }
1599 ++
1600 + /* Recent versions support automatic phy suspend and don't need this */
1601 + if (dwc->revision < DWC3_REVISION_194A) {
1602 + /* Suspend unneeded PHY */
1603 +@@ -2463,20 +2505,8 @@ int dwc3_gadget_init(struct dwc3 *dwc)
1604 + DWC3_DEVTEN_DISCONNEVTEN);
1605 + dwc3_writel(dwc->regs, DWC3_DEVTEN, reg);
1606 +
1607 +- /* Enable USB2 LPM and automatic phy suspend only on recent versions */
1608 ++ /* automatic phy suspend only on recent versions */
1609 + if (dwc->revision >= DWC3_REVISION_194A) {
1610 +- reg = dwc3_readl(dwc->regs, DWC3_DCFG);
1611 +- reg |= DWC3_DCFG_LPM_CAP;
1612 +- dwc3_writel(dwc->regs, DWC3_DCFG, reg);
1613 +-
1614 +- reg = dwc3_readl(dwc->regs, DWC3_DCTL);
1615 +- reg &= ~(DWC3_DCTL_HIRD_THRES_MASK | DWC3_DCTL_L1_HIBER_EN);
1616 +-
1617 +- /* TODO: This should be configurable */
1618 +- reg |= DWC3_DCTL_HIRD_THRES(28);
1619 +-
1620 +- dwc3_writel(dwc->regs, DWC3_DCTL, reg);
1621 +-
1622 + dwc3_gadget_usb2_phy_suspend(dwc, false);
1623 + dwc3_gadget_usb3_phy_suspend(dwc, false);
1624 + }
1625 +diff --git a/fs/direct-io.c b/fs/direct-io.c
1626 +index cf5b44b..f853263 100644
1627 +--- a/fs/direct-io.c
1628 ++++ b/fs/direct-io.c
1629 +@@ -261,9 +261,9 @@ static ssize_t dio_complete(struct dio *dio, loff_t offset, ssize_t ret, bool is
1630 + dio->end_io(dio->iocb, offset, transferred,
1631 + dio->private, ret, is_async);
1632 + } else {
1633 ++ inode_dio_done(dio->inode);
1634 + if (is_async)
1635 + aio_complete(dio->iocb, ret, 0);
1636 +- inode_dio_done(dio->inode);
1637 + }
1638 +
1639 + return ret;
1640 +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
1641 +index cf18217..2f2e0da 100644
1642 +--- a/fs/ext4/balloc.c
1643 ++++ b/fs/ext4/balloc.c
1644 +@@ -358,7 +358,7 @@ void ext4_validate_block_bitmap(struct super_block *sb,
1645 + }
1646 +
1647 + /**
1648 +- * ext4_read_block_bitmap()
1649 ++ * ext4_read_block_bitmap_nowait()
1650 + * @sb: super block
1651 + * @block_group: given block group
1652 + *
1653 +@@ -457,6 +457,8 @@ ext4_read_block_bitmap(struct super_block *sb, ext4_group_t block_group)
1654 + struct buffer_head *bh;
1655 +
1656 + bh = ext4_read_block_bitmap_nowait(sb, block_group);
1657 ++ if (!bh)
1658 ++ return NULL;
1659 + if (ext4_wait_block_bitmap(sb, block_group, bh)) {
1660 + put_bh(bh);
1661 + return NULL;
1662 +@@ -482,11 +484,16 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
1663 +
1664 + free_clusters = percpu_counter_read_positive(fcc);
1665 + dirty_clusters = percpu_counter_read_positive(dcc);
1666 +- root_clusters = EXT4_B2C(sbi, ext4_r_blocks_count(sbi->s_es));
1667 ++
1668 ++ /*
1669 ++ * r_blocks_count should always be multiple of the cluster ratio so
1670 ++ * we are safe to do a plane bit shift only.
1671 ++ */
1672 ++ root_clusters = ext4_r_blocks_count(sbi->s_es) >> sbi->s_cluster_bits;
1673 +
1674 + if (free_clusters - (nclusters + root_clusters + dirty_clusters) <
1675 + EXT4_FREECLUSTERS_WATERMARK) {
1676 +- free_clusters = EXT4_C2B(sbi, percpu_counter_sum_positive(fcc));
1677 ++ free_clusters = percpu_counter_sum_positive(fcc);
1678 + dirty_clusters = percpu_counter_sum_positive(dcc);
1679 + }
1680 + /* Check whether we have space after accounting for current
1681 +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
1682 +index 5ae1674..d42a8c4 100644
1683 +--- a/fs/ext4/extents.c
1684 ++++ b/fs/ext4/extents.c
1685 +@@ -725,6 +725,7 @@ ext4_ext_find_extent(struct inode *inode, ext4_lblk_t block,
1686 + struct ext4_extent_header *eh;
1687 + struct buffer_head *bh;
1688 + short int depth, i, ppos = 0, alloc = 0;
1689 ++ int ret;
1690 +
1691 + eh = ext_inode_hdr(inode);
1692 + depth = ext_depth(inode);
1693 +@@ -752,12 +753,15 @@ ext4_ext_find_extent(struct inode *inode, ext4_lblk_t block,
1694 + path[ppos].p_ext = NULL;
1695 +
1696 + bh = sb_getblk(inode->i_sb, path[ppos].p_block);
1697 +- if (unlikely(!bh))
1698 ++ if (unlikely(!bh)) {
1699 ++ ret = -ENOMEM;
1700 + goto err;
1701 ++ }
1702 + if (!bh_uptodate_or_lock(bh)) {
1703 + trace_ext4_ext_load_extent(inode, block,
1704 + path[ppos].p_block);
1705 +- if (bh_submit_read(bh) < 0) {
1706 ++ ret = bh_submit_read(bh);
1707 ++ if (ret < 0) {
1708 + put_bh(bh);
1709 + goto err;
1710 + }
1711 +@@ -768,13 +772,15 @@ ext4_ext_find_extent(struct inode *inode, ext4_lblk_t block,
1712 + put_bh(bh);
1713 + EXT4_ERROR_INODE(inode,
1714 + "ppos %d > depth %d", ppos, depth);
1715 ++ ret = -EIO;
1716 + goto err;
1717 + }
1718 + path[ppos].p_bh = bh;
1719 + path[ppos].p_hdr = eh;
1720 + i--;
1721 +
1722 +- if (ext4_ext_check_block(inode, eh, i, bh))
1723 ++ ret = ext4_ext_check_block(inode, eh, i, bh);
1724 ++ if (ret < 0)
1725 + goto err;
1726 + }
1727 +
1728 +@@ -796,7 +802,7 @@ err:
1729 + ext4_ext_drop_refs(path);
1730 + if (alloc)
1731 + kfree(path);
1732 +- return ERR_PTR(-EIO);
1733 ++ return ERR_PTR(ret);
1734 + }
1735 +
1736 + /*
1737 +@@ -951,7 +957,7 @@ static int ext4_ext_split(handle_t *handle, struct inode *inode,
1738 + }
1739 + bh = sb_getblk(inode->i_sb, newblock);
1740 + if (!bh) {
1741 +- err = -EIO;
1742 ++ err = -ENOMEM;
1743 + goto cleanup;
1744 + }
1745 + lock_buffer(bh);
1746 +@@ -1024,7 +1030,7 @@ static int ext4_ext_split(handle_t *handle, struct inode *inode,
1747 + newblock = ablocks[--a];
1748 + bh = sb_getblk(inode->i_sb, newblock);
1749 + if (!bh) {
1750 +- err = -EIO;
1751 ++ err = -ENOMEM;
1752 + goto cleanup;
1753 + }
1754 + lock_buffer(bh);
1755 +@@ -1136,11 +1142,8 @@ static int ext4_ext_grow_indepth(handle_t *handle, struct inode *inode,
1756 + return err;
1757 +
1758 + bh = sb_getblk(inode->i_sb, newblock);
1759 +- if (!bh) {
1760 +- err = -EIO;
1761 +- ext4_std_error(inode->i_sb, err);
1762 +- return err;
1763 +- }
1764 ++ if (!bh)
1765 ++ return -ENOMEM;
1766 + lock_buffer(bh);
1767 +
1768 + err = ext4_journal_get_create_access(handle, bh);
1769 +diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c
1770 +index 20862f9..8d83d1e 100644
1771 +--- a/fs/ext4/indirect.c
1772 ++++ b/fs/ext4/indirect.c
1773 +@@ -146,6 +146,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth,
1774 + struct super_block *sb = inode->i_sb;
1775 + Indirect *p = chain;
1776 + struct buffer_head *bh;
1777 ++ int ret = -EIO;
1778 +
1779 + *err = 0;
1780 + /* i_data is not going away, no lock needed */
1781 +@@ -154,8 +155,10 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth,
1782 + goto no_block;
1783 + while (--depth) {
1784 + bh = sb_getblk(sb, le32_to_cpu(p->key));
1785 +- if (unlikely(!bh))
1786 ++ if (unlikely(!bh)) {
1787 ++ ret = -ENOMEM;
1788 + goto failure;
1789 ++ }
1790 +
1791 + if (!bh_uptodate_or_lock(bh)) {
1792 + if (bh_submit_read(bh) < 0) {
1793 +@@ -177,7 +180,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth,
1794 + return NULL;
1795 +
1796 + failure:
1797 +- *err = -EIO;
1798 ++ *err = ret;
1799 + no_block:
1800 + return p;
1801 + }
1802 +@@ -471,7 +474,7 @@ static int ext4_alloc_branch(handle_t *handle, struct inode *inode,
1803 + */
1804 + bh = sb_getblk(inode->i_sb, new_blocks[n-1]);
1805 + if (unlikely(!bh)) {
1806 +- err = -EIO;
1807 ++ err = -ENOMEM;
1808 + goto failed;
1809 + }
1810 +
1811 +diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
1812 +index 387c47c..93a3408 100644
1813 +--- a/fs/ext4/inline.c
1814 ++++ b/fs/ext4/inline.c
1815 +@@ -1188,7 +1188,7 @@ static int ext4_convert_inline_data_nolock(handle_t *handle,
1816 +
1817 + data_bh = sb_getblk(inode->i_sb, map.m_pblk);
1818 + if (!data_bh) {
1819 +- error = -EIO;
1820 ++ error = -ENOMEM;
1821 + goto out_restore;
1822 + }
1823 +
1824 +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
1825 +index cbfe13b..39f1fa7 100644
1826 +--- a/fs/ext4/inode.c
1827 ++++ b/fs/ext4/inode.c
1828 +@@ -714,7 +714,7 @@ struct buffer_head *ext4_getblk(handle_t *handle, struct inode *inode,
1829 +
1830 + bh = sb_getblk(inode->i_sb, map.m_pblk);
1831 + if (!bh) {
1832 +- *errp = -EIO;
1833 ++ *errp = -ENOMEM;
1834 + return NULL;
1835 + }
1836 + if (map.m_flags & EXT4_MAP_NEW) {
1837 +@@ -2977,9 +2977,9 @@ static void ext4_end_io_dio(struct kiocb *iocb, loff_t offset,
1838 + if (!(io_end->flag & EXT4_IO_END_UNWRITTEN)) {
1839 + ext4_free_io_end(io_end);
1840 + out:
1841 ++ inode_dio_done(inode);
1842 + if (is_async)
1843 + aio_complete(iocb, ret, 0);
1844 +- inode_dio_done(inode);
1845 + return;
1846 + }
1847 +
1848 +@@ -3660,11 +3660,8 @@ static int __ext4_get_inode_loc(struct inode *inode,
1849 + iloc->offset = (inode_offset % inodes_per_block) * EXT4_INODE_SIZE(sb);
1850 +
1851 + bh = sb_getblk(sb, block);
1852 +- if (!bh) {
1853 +- EXT4_ERROR_INODE_BLOCK(inode, block,
1854 +- "unable to read itable block");
1855 +- return -EIO;
1856 +- }
1857 ++ if (!bh)
1858 ++ return -ENOMEM;
1859 + if (!buffer_uptodate(bh)) {
1860 + lock_buffer(bh);
1861 +
1862 +diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
1863 +index 1bf6fe7..061727a 100644
1864 +--- a/fs/ext4/mballoc.c
1865 ++++ b/fs/ext4/mballoc.c
1866 +@@ -4136,7 +4136,7 @@ static void ext4_mb_add_n_trim(struct ext4_allocation_context *ac)
1867 + /* The max size of hash table is PREALLOC_TB_SIZE */
1868 + order = PREALLOC_TB_SIZE - 1;
1869 + /* Add the prealloc space to lg */
1870 +- rcu_read_lock();
1871 ++ spin_lock(&lg->lg_prealloc_lock);
1872 + list_for_each_entry_rcu(tmp_pa, &lg->lg_prealloc_list[order],
1873 + pa_inode_list) {
1874 + spin_lock(&tmp_pa->pa_lock);
1875 +@@ -4160,12 +4160,12 @@ static void ext4_mb_add_n_trim(struct ext4_allocation_context *ac)
1876 + if (!added)
1877 + list_add_tail_rcu(&pa->pa_inode_list,
1878 + &lg->lg_prealloc_list[order]);
1879 +- rcu_read_unlock();
1880 ++ spin_unlock(&lg->lg_prealloc_lock);
1881 +
1882 + /* Now trim the list to be not more than 8 elements */
1883 + if (lg_prealloc_count > 8) {
1884 + ext4_mb_discard_lg_preallocations(sb, lg,
1885 +- order, lg_prealloc_count);
1886 ++ order, lg_prealloc_count);
1887 + return;
1888 + }
1889 + return ;
1890 +diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
1891 +index fe7c63f..44734f1 100644
1892 +--- a/fs/ext4/mmp.c
1893 ++++ b/fs/ext4/mmp.c
1894 +@@ -80,6 +80,8 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
1895 + * is not blocked in the elevator. */
1896 + if (!*bh)
1897 + *bh = sb_getblk(sb, mmp_block);
1898 ++ if (!*bh)
1899 ++ return -ENOMEM;
1900 + if (*bh) {
1901 + get_bh(*bh);
1902 + lock_buffer(*bh);
1903 +diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
1904 +index 0016fbc..b42d04f 100644
1905 +--- a/fs/ext4/page-io.c
1906 ++++ b/fs/ext4/page-io.c
1907 +@@ -103,14 +103,13 @@ static int ext4_end_io(ext4_io_end_t *io)
1908 + "(inode %lu, offset %llu, size %zd, error %d)",
1909 + inode->i_ino, offset, size, ret);
1910 + }
1911 +- if (io->iocb)
1912 +- aio_complete(io->iocb, io->result, 0);
1913 +-
1914 +- if (io->flag & EXT4_IO_END_DIRECT)
1915 +- inode_dio_done(inode);
1916 + /* Wake up anyone waiting on unwritten extent conversion */
1917 + if (atomic_dec_and_test(&EXT4_I(inode)->i_unwritten))
1918 + wake_up_all(ext4_ioend_wq(inode));
1919 ++ if (io->flag & EXT4_IO_END_DIRECT)
1920 ++ inode_dio_done(inode);
1921 ++ if (io->iocb)
1922 ++ aio_complete(io->iocb, io->result, 0);
1923 + return ret;
1924 + }
1925 +
1926 +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
1927 +index d99387b..02824dc 100644
1928 +--- a/fs/ext4/resize.c
1929 ++++ b/fs/ext4/resize.c
1930 +@@ -334,7 +334,7 @@ static struct buffer_head *bclean(handle_t *handle, struct super_block *sb,
1931 +
1932 + bh = sb_getblk(sb, blk);
1933 + if (!bh)
1934 +- return ERR_PTR(-EIO);
1935 ++ return ERR_PTR(-ENOMEM);
1936 + if ((err = ext4_journal_get_write_access(handle, bh))) {
1937 + brelse(bh);
1938 + bh = ERR_PTR(err);
1939 +@@ -411,7 +411,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
1940 +
1941 + bh = sb_getblk(sb, flex_gd->groups[group].block_bitmap);
1942 + if (!bh)
1943 +- return -EIO;
1944 ++ return -ENOMEM;
1945 +
1946 + err = ext4_journal_get_write_access(handle, bh);
1947 + if (err)
1948 +@@ -501,7 +501,7 @@ static int setup_new_flex_group_blocks(struct super_block *sb,
1949 +
1950 + gdb = sb_getblk(sb, block);
1951 + if (!gdb) {
1952 +- err = -EIO;
1953 ++ err = -ENOMEM;
1954 + goto out;
1955 + }
1956 +
1957 +@@ -1065,7 +1065,7 @@ static void update_backups(struct super_block *sb, int blk_off, char *data,
1958 +
1959 + bh = sb_getblk(sb, backup_block);
1960 + if (!bh) {
1961 +- err = -EIO;
1962 ++ err = -ENOMEM;
1963 + break;
1964 + }
1965 + ext4_debug("update metadata backup %llu(+%llu)\n",
1966 +diff --git a/fs/ext4/super.c b/fs/ext4/super.c
1967 +index 3d4fb81..0465f36 100644
1968 +--- a/fs/ext4/super.c
1969 ++++ b/fs/ext4/super.c
1970 +@@ -4008,7 +4008,7 @@ no_journal:
1971 + !(sb->s_flags & MS_RDONLY)) {
1972 + err = ext4_enable_quotas(sb);
1973 + if (err)
1974 +- goto failed_mount7;
1975 ++ goto failed_mount8;
1976 + }
1977 + #endif /* CONFIG_QUOTA */
1978 +
1979 +@@ -4035,6 +4035,10 @@ cantfind_ext4:
1980 + ext4_msg(sb, KERN_ERR, "VFS: Can't find ext4 filesystem");
1981 + goto failed_mount;
1982 +
1983 ++#ifdef CONFIG_QUOTA
1984 ++failed_mount8:
1985 ++ kobject_del(&sbi->s_kobj);
1986 ++#endif
1987 + failed_mount7:
1988 + ext4_unregister_li_request(sb);
1989 + failed_mount6:
1990 +@@ -5005,9 +5009,9 @@ static int ext4_enable_quotas(struct super_block *sb)
1991 + DQUOT_USAGE_ENABLED);
1992 + if (err) {
1993 + ext4_warning(sb,
1994 +- "Failed to enable quota (type=%d) "
1995 +- "tracking. Please run e2fsck to fix.",
1996 +- type);
1997 ++ "Failed to enable quota tracking "
1998 ++ "(type=%d, err=%d). Please run "
1999 ++ "e2fsck to fix.", type, err);
2000 + return err;
2001 + }
2002 + }
2003 +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
2004 +index 3a91ebc..b93846b 100644
2005 +--- a/fs/ext4/xattr.c
2006 ++++ b/fs/ext4/xattr.c
2007 +@@ -549,7 +549,7 @@ ext4_xattr_release_block(handle_t *handle, struct inode *inode,
2008 + error = ext4_handle_dirty_xattr_block(handle, inode, bh);
2009 + if (IS_SYNC(inode))
2010 + ext4_handle_sync(handle);
2011 +- dquot_free_block(inode, 1);
2012 ++ dquot_free_block(inode, EXT4_C2B(EXT4_SB(inode->i_sb), 1));
2013 + ea_bdebug(bh, "refcount now=%d; releasing",
2014 + le32_to_cpu(BHDR(bh)->h_refcount));
2015 + }
2016 +@@ -832,7 +832,8 @@ inserted:
2017 + else {
2018 + /* The old block is released after updating
2019 + the inode. */
2020 +- error = dquot_alloc_block(inode, 1);
2021 ++ error = dquot_alloc_block(inode,
2022 ++ EXT4_C2B(EXT4_SB(sb), 1));
2023 + if (error)
2024 + goto cleanup;
2025 + error = ext4_journal_get_write_access(handle,
2026 +@@ -887,16 +888,17 @@ inserted:
2027 +
2028 + new_bh = sb_getblk(sb, block);
2029 + if (!new_bh) {
2030 ++ error = -ENOMEM;
2031 + getblk_failed:
2032 + ext4_free_blocks(handle, inode, NULL, block, 1,
2033 + EXT4_FREE_BLOCKS_METADATA);
2034 +- error = -EIO;
2035 + goto cleanup;
2036 + }
2037 + lock_buffer(new_bh);
2038 + error = ext4_journal_get_create_access(handle, new_bh);
2039 + if (error) {
2040 + unlock_buffer(new_bh);
2041 ++ error = -EIO;
2042 + goto getblk_failed;
2043 + }
2044 + memcpy(new_bh->b_data, s->base, new_bh->b_size);
2045 +@@ -928,7 +930,7 @@ cleanup:
2046 + return error;
2047 +
2048 + cleanup_dquot:
2049 +- dquot_free_block(inode, 1);
2050 ++ dquot_free_block(inode, EXT4_C2B(EXT4_SB(sb), 1));
2051 + goto cleanup;
2052 +
2053 + bad_block:
2054 +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
2055 +index b7c09f9..315e1f8 100644
2056 +--- a/fs/fuse/dir.c
2057 ++++ b/fs/fuse/dir.c
2058 +@@ -682,7 +682,14 @@ static int fuse_unlink(struct inode *dir, struct dentry *entry)
2059 +
2060 + spin_lock(&fc->lock);
2061 + fi->attr_version = ++fc->attr_version;
2062 +- drop_nlink(inode);
2063 ++ /*
2064 ++ * If i_nlink == 0 then unlink doesn't make sense, yet this can
2065 ++ * happen if userspace filesystem is careless. It would be
2066 ++ * difficult to enforce correct nlink usage so just ignore this
2067 ++ * condition here
2068 ++ */
2069 ++ if (inode->i_nlink > 0)
2070 ++ drop_nlink(inode);
2071 + spin_unlock(&fc->lock);
2072 + fuse_invalidate_attr(inode);
2073 + fuse_invalidate_attr(dir);
2074 +diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
2075 +index ac8ed96c..a8309c6 100644
2076 +--- a/fs/nfsd/nfs4state.c
2077 ++++ b/fs/nfsd/nfs4state.c
2078 +@@ -1060,6 +1060,8 @@ free_client(struct nfs4_client *clp)
2079 + }
2080 + free_svc_cred(&clp->cl_cred);
2081 + kfree(clp->cl_name.data);
2082 ++ idr_remove_all(&clp->cl_stateids);
2083 ++ idr_destroy(&clp->cl_stateids);
2084 + kfree(clp);
2085 + }
2086 +
2087 +diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
2088 +index 6577432..340bd02 100644
2089 +--- a/fs/ocfs2/aops.c
2090 ++++ b/fs/ocfs2/aops.c
2091 +@@ -593,9 +593,9 @@ static void ocfs2_dio_end_io(struct kiocb *iocb,
2092 + level = ocfs2_iocb_rw_locked_level(iocb);
2093 + ocfs2_rw_unlock(inode, level);
2094 +
2095 ++ inode_dio_done(inode);
2096 + if (is_async)
2097 + aio_complete(iocb, ret, 0);
2098 +- inode_dio_done(inode);
2099 + }
2100 +
2101 + /*
2102 +diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
2103 +index f169da4..b7e74b5 100644
2104 +--- a/fs/ocfs2/suballoc.c
2105 ++++ b/fs/ocfs2/suballoc.c
2106 +@@ -642,7 +642,7 @@ ocfs2_block_group_alloc_discontig(handle_t *handle,
2107 + * cluster groups will be staying in cache for the duration of
2108 + * this operation.
2109 + */
2110 +- ac->ac_allow_chain_relink = 0;
2111 ++ ac->ac_disable_chain_relink = 1;
2112 +
2113 + /* Claim the first region */
2114 + status = ocfs2_block_group_claim_bits(osb, handle, ac, min_bits,
2115 +@@ -1823,7 +1823,7 @@ static int ocfs2_search_chain(struct ocfs2_alloc_context *ac,
2116 + * Do this *after* figuring out how many bits we're taking out
2117 + * of our target group.
2118 + */
2119 +- if (ac->ac_allow_chain_relink &&
2120 ++ if (!ac->ac_disable_chain_relink &&
2121 + (prev_group_bh) &&
2122 + (ocfs2_block_group_reasonably_empty(bg, res->sr_bits))) {
2123 + status = ocfs2_relink_block_group(handle, alloc_inode,
2124 +@@ -1928,7 +1928,6 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac,
2125 +
2126 + victim = ocfs2_find_victim_chain(cl);
2127 + ac->ac_chain = victim;
2128 +- ac->ac_allow_chain_relink = 1;
2129 +
2130 + status = ocfs2_search_chain(ac, handle, bits_wanted, min_bits,
2131 + res, &bits_left);
2132 +@@ -1947,7 +1946,7 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac,
2133 + * searching each chain in order. Don't allow chain relinking
2134 + * because we only calculate enough journal credits for one
2135 + * relink per alloc. */
2136 +- ac->ac_allow_chain_relink = 0;
2137 ++ ac->ac_disable_chain_relink = 1;
2138 + for (i = 0; i < le16_to_cpu(cl->cl_next_free_rec); i ++) {
2139 + if (i == victim)
2140 + continue;
2141 +diff --git a/fs/ocfs2/suballoc.h b/fs/ocfs2/suballoc.h
2142 +index b8afabf..a36d0aa 100644
2143 +--- a/fs/ocfs2/suballoc.h
2144 ++++ b/fs/ocfs2/suballoc.h
2145 +@@ -49,7 +49,7 @@ struct ocfs2_alloc_context {
2146 +
2147 + /* these are used by the chain search */
2148 + u16 ac_chain;
2149 +- int ac_allow_chain_relink;
2150 ++ int ac_disable_chain_relink;
2151 + group_search_t *ac_group_search;
2152 +
2153 + u64 ac_last_group;
2154 +diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
2155 +index 0ba9ea1..2e3ea30 100644
2156 +--- a/fs/ocfs2/xattr.c
2157 ++++ b/fs/ocfs2/xattr.c
2158 +@@ -7189,7 +7189,7 @@ int ocfs2_init_security_and_acl(struct inode *dir,
2159 + struct buffer_head *dir_bh = NULL;
2160 +
2161 + ret = ocfs2_init_security_get(inode, dir, qstr, NULL);
2162 +- if (!ret) {
2163 ++ if (ret) {
2164 + mlog_errno(ret);
2165 + goto leave;
2166 + }
2167 +diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
2168 +index 5ea2e77..86d1038 100644
2169 +--- a/fs/pstore/platform.c
2170 ++++ b/fs/pstore/platform.c
2171 +@@ -96,6 +96,27 @@ static const char *get_reason_str(enum kmsg_dump_reason reason)
2172 + }
2173 + }
2174 +
2175 ++bool pstore_cannot_block_path(enum kmsg_dump_reason reason)
2176 ++{
2177 ++ /*
2178 ++ * In case of NMI path, pstore shouldn't be blocked
2179 ++ * regardless of reason.
2180 ++ */
2181 ++ if (in_nmi())
2182 ++ return true;
2183 ++
2184 ++ switch (reason) {
2185 ++ /* In panic case, other cpus are stopped by smp_send_stop(). */
2186 ++ case KMSG_DUMP_PANIC:
2187 ++ /* Emergency restart shouldn't be blocked by spin lock. */
2188 ++ case KMSG_DUMP_EMERG:
2189 ++ return true;
2190 ++ default:
2191 ++ return false;
2192 ++ }
2193 ++}
2194 ++EXPORT_SYMBOL_GPL(pstore_cannot_block_path);
2195 ++
2196 + /*
2197 + * callback from kmsg_dump. (s2,l2) has the most recently
2198 + * written bytes, older bytes are in (s1,l1). Save as much
2199 +@@ -114,10 +135,12 @@ static void pstore_dump(struct kmsg_dumper *dumper,
2200 +
2201 + why = get_reason_str(reason);
2202 +
2203 +- if (in_nmi()) {
2204 +- is_locked = spin_trylock(&psinfo->buf_lock);
2205 +- if (!is_locked)
2206 +- pr_err("pstore dump routine blocked in NMI, may corrupt error record\n");
2207 ++ if (pstore_cannot_block_path(reason)) {
2208 ++ is_locked = spin_trylock_irqsave(&psinfo->buf_lock, flags);
2209 ++ if (!is_locked) {
2210 ++ pr_err("pstore dump routine blocked in %s path, may corrupt error record\n"
2211 ++ , in_nmi() ? "NMI" : why);
2212 ++ }
2213 + } else
2214 + spin_lock_irqsave(&psinfo->buf_lock, flags);
2215 + oopscount++;
2216 +@@ -143,9 +166,9 @@ static void pstore_dump(struct kmsg_dumper *dumper,
2217 + total += hsize + len;
2218 + part++;
2219 + }
2220 +- if (in_nmi()) {
2221 ++ if (pstore_cannot_block_path(reason)) {
2222 + if (is_locked)
2223 +- spin_unlock(&psinfo->buf_lock);
2224 ++ spin_unlock_irqrestore(&psinfo->buf_lock, flags);
2225 + } else
2226 + spin_unlock_irqrestore(&psinfo->buf_lock, flags);
2227 + }
2228 +diff --git a/fs/ubifs/orphan.c b/fs/ubifs/orphan.c
2229 +index 769701c..ba32da3 100644
2230 +--- a/fs/ubifs/orphan.c
2231 ++++ b/fs/ubifs/orphan.c
2232 +@@ -126,13 +126,14 @@ void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum)
2233 + else if (inum > o->inum)
2234 + p = p->rb_right;
2235 + else {
2236 +- if (o->dnext) {
2237 ++ if (o->del) {
2238 + spin_unlock(&c->orphan_lock);
2239 + dbg_gen("deleted twice ino %lu",
2240 + (unsigned long)inum);
2241 + return;
2242 + }
2243 +- if (o->cnext) {
2244 ++ if (o->cmt) {
2245 ++ o->del = 1;
2246 + o->dnext = c->orph_dnext;
2247 + c->orph_dnext = o;
2248 + spin_unlock(&c->orphan_lock);
2249 +@@ -172,7 +173,9 @@ int ubifs_orphan_start_commit(struct ubifs_info *c)
2250 + last = &c->orph_cnext;
2251 + list_for_each_entry(orphan, &c->orph_new, new_list) {
2252 + ubifs_assert(orphan->new);
2253 ++ ubifs_assert(!orphan->cmt);
2254 + orphan->new = 0;
2255 ++ orphan->cmt = 1;
2256 + *last = orphan;
2257 + last = &orphan->cnext;
2258 + }
2259 +@@ -299,7 +302,9 @@ static int write_orph_node(struct ubifs_info *c, int atomic)
2260 + cnext = c->orph_cnext;
2261 + for (i = 0; i < cnt; i++) {
2262 + orphan = cnext;
2263 ++ ubifs_assert(orphan->cmt);
2264 + orph->inos[i] = cpu_to_le64(orphan->inum);
2265 ++ orphan->cmt = 0;
2266 + cnext = orphan->cnext;
2267 + orphan->cnext = NULL;
2268 + }
2269 +@@ -378,6 +383,7 @@ static int consolidate(struct ubifs_info *c)
2270 + list_for_each_entry(orphan, &c->orph_list, list) {
2271 + if (orphan->new)
2272 + continue;
2273 ++ orphan->cmt = 1;
2274 + *last = orphan;
2275 + last = &orphan->cnext;
2276 + cnt += 1;
2277 +@@ -442,6 +448,7 @@ static void erase_deleted(struct ubifs_info *c)
2278 + orphan = dnext;
2279 + dnext = orphan->dnext;
2280 + ubifs_assert(!orphan->new);
2281 ++ ubifs_assert(orphan->del);
2282 + rb_erase(&orphan->rb, &c->orph_tree);
2283 + list_del(&orphan->list);
2284 + c->tot_orphans -= 1;
2285 +@@ -531,6 +538,7 @@ static int insert_dead_orphan(struct ubifs_info *c, ino_t inum)
2286 + rb_link_node(&orphan->rb, parent, p);
2287 + rb_insert_color(&orphan->rb, &c->orph_tree);
2288 + list_add_tail(&orphan->list, &c->orph_list);
2289 ++ orphan->del = 1;
2290 + orphan->dnext = c->orph_dnext;
2291 + c->orph_dnext = orphan;
2292 + dbg_mnt("ino %lu, new %d, tot %d", (unsigned long)inum,
2293 +diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h
2294 +index d133c27..b2babce 100644
2295 +--- a/fs/ubifs/ubifs.h
2296 ++++ b/fs/ubifs/ubifs.h
2297 +@@ -904,6 +904,8 @@ struct ubifs_budget_req {
2298 + * @dnext: next orphan to delete
2299 + * @inum: inode number
2300 + * @new: %1 => added since the last commit, otherwise %0
2301 ++ * @cmt: %1 => commit pending, otherwise %0
2302 ++ * @del: %1 => delete pending, otherwise %0
2303 + */
2304 + struct ubifs_orphan {
2305 + struct rb_node rb;
2306 +@@ -912,7 +914,9 @@ struct ubifs_orphan {
2307 + struct ubifs_orphan *cnext;
2308 + struct ubifs_orphan *dnext;
2309 + ino_t inum;
2310 +- int new;
2311 ++ unsigned new:1;
2312 ++ unsigned cmt:1;
2313 ++ unsigned del:1;
2314 + };
2315 +
2316 + /**
2317 +diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
2318 +index cdb2d33..572a858 100644
2319 +--- a/fs/xfs/xfs_bmap.c
2320 ++++ b/fs/xfs/xfs_bmap.c
2321 +@@ -147,7 +147,10 @@ xfs_bmap_local_to_extents(
2322 + xfs_fsblock_t *firstblock, /* first block allocated in xaction */
2323 + xfs_extlen_t total, /* total blocks needed by transaction */
2324 + int *logflagsp, /* inode logging flags */
2325 +- int whichfork); /* data or attr fork */
2326 ++ int whichfork, /* data or attr fork */
2327 ++ void (*init_fn)(struct xfs_buf *bp,
2328 ++ struct xfs_inode *ip,
2329 ++ struct xfs_ifork *ifp));
2330 +
2331 + /*
2332 + * Search the extents list for the inode, for the extent containing bno.
2333 +@@ -357,7 +360,42 @@ xfs_bmap_add_attrfork_extents(
2334 + }
2335 +
2336 + /*
2337 +- * Called from xfs_bmap_add_attrfork to handle local format files.
2338 ++ * Block initialisation functions for local to extent format conversion.
2339 ++ * As these get more complex, they will be moved to the relevant files,
2340 ++ * but for now they are too simple to worry about.
2341 ++ */
2342 ++STATIC void
2343 ++xfs_bmap_local_to_extents_init_fn(
2344 ++ struct xfs_buf *bp,
2345 ++ struct xfs_inode *ip,
2346 ++ struct xfs_ifork *ifp)
2347 ++{
2348 ++ bp->b_ops = &xfs_bmbt_buf_ops;
2349 ++ memcpy(bp->b_addr, ifp->if_u1.if_data, ifp->if_bytes);
2350 ++}
2351 ++
2352 ++STATIC void
2353 ++xfs_symlink_local_to_remote(
2354 ++ struct xfs_buf *bp,
2355 ++ struct xfs_inode *ip,
2356 ++ struct xfs_ifork *ifp)
2357 ++{
2358 ++ /* remote symlink blocks are not verifiable until CRCs come along */
2359 ++ bp->b_ops = NULL;
2360 ++ memcpy(bp->b_addr, ifp->if_u1.if_data, ifp->if_bytes);
2361 ++}
2362 ++
2363 ++/*
2364 ++ * Called from xfs_bmap_add_attrfork to handle local format files. Each
2365 ++ * different data fork content type needs a different callout to do the
2366 ++ * conversion. Some are basic and only require special block initialisation
2367 ++ * callouts for the data formating, others (directories) are so specialised they
2368 ++ * handle everything themselves.
2369 ++ *
2370 ++ * XXX (dgc): investigate whether directory conversion can use the generic
2371 ++ * formatting callout. It should be possible - it's just a very complex
2372 ++ * formatter. it would also require passing the transaction through to the init
2373 ++ * function.
2374 + */
2375 + STATIC int /* error */
2376 + xfs_bmap_add_attrfork_local(
2377 +@@ -368,25 +406,29 @@ xfs_bmap_add_attrfork_local(
2378 + int *flags) /* inode logging flags */
2379 + {
2380 + xfs_da_args_t dargs; /* args for dir/attr code */
2381 +- int error; /* error return value */
2382 +- xfs_mount_t *mp; /* mount structure pointer */
2383 +
2384 + if (ip->i_df.if_bytes <= XFS_IFORK_DSIZE(ip))
2385 + return 0;
2386 ++
2387 + if (S_ISDIR(ip->i_d.di_mode)) {
2388 +- mp = ip->i_mount;
2389 + memset(&dargs, 0, sizeof(dargs));
2390 + dargs.dp = ip;
2391 + dargs.firstblock = firstblock;
2392 + dargs.flist = flist;
2393 +- dargs.total = mp->m_dirblkfsbs;
2394 ++ dargs.total = ip->i_mount->m_dirblkfsbs;
2395 + dargs.whichfork = XFS_DATA_FORK;
2396 + dargs.trans = tp;
2397 +- error = xfs_dir2_sf_to_block(&dargs);
2398 +- } else
2399 +- error = xfs_bmap_local_to_extents(tp, ip, firstblock, 1, flags,
2400 +- XFS_DATA_FORK);
2401 +- return error;
2402 ++ return xfs_dir2_sf_to_block(&dargs);
2403 ++ }
2404 ++
2405 ++ if (S_ISLNK(ip->i_d.di_mode))
2406 ++ return xfs_bmap_local_to_extents(tp, ip, firstblock, 1,
2407 ++ flags, XFS_DATA_FORK,
2408 ++ xfs_symlink_local_to_remote);
2409 ++
2410 ++ return xfs_bmap_local_to_extents(tp, ip, firstblock, 1, flags,
2411 ++ XFS_DATA_FORK,
2412 ++ xfs_bmap_local_to_extents_init_fn);
2413 + }
2414 +
2415 + /*
2416 +@@ -3221,7 +3263,10 @@ xfs_bmap_local_to_extents(
2417 + xfs_fsblock_t *firstblock, /* first block allocated in xaction */
2418 + xfs_extlen_t total, /* total blocks needed by transaction */
2419 + int *logflagsp, /* inode logging flags */
2420 +- int whichfork) /* data or attr fork */
2421 ++ int whichfork,
2422 ++ void (*init_fn)(struct xfs_buf *bp,
2423 ++ struct xfs_inode *ip,
2424 ++ struct xfs_ifork *ifp))
2425 + {
2426 + int error; /* error return value */
2427 + int flags; /* logging flags returned */
2428 +@@ -3241,12 +3286,12 @@ xfs_bmap_local_to_extents(
2429 + xfs_buf_t *bp; /* buffer for extent block */
2430 + xfs_bmbt_rec_host_t *ep;/* extent record pointer */
2431 +
2432 ++ ASSERT((ifp->if_flags &
2433 ++ (XFS_IFINLINE|XFS_IFEXTENTS|XFS_IFEXTIREC)) == XFS_IFINLINE);
2434 + memset(&args, 0, sizeof(args));
2435 + args.tp = tp;
2436 + args.mp = ip->i_mount;
2437 + args.firstblock = *firstblock;
2438 +- ASSERT((ifp->if_flags &
2439 +- (XFS_IFINLINE|XFS_IFEXTENTS|XFS_IFEXTIREC)) == XFS_IFINLINE);
2440 + /*
2441 + * Allocate a block. We know we need only one, since the
2442 + * file currently fits in an inode.
2443 +@@ -3262,17 +3307,20 @@ xfs_bmap_local_to_extents(
2444 + args.mod = args.minleft = args.alignment = args.wasdel =
2445 + args.isfl = args.minalignslop = 0;
2446 + args.minlen = args.maxlen = args.prod = 1;
2447 +- if ((error = xfs_alloc_vextent(&args)))
2448 ++ error = xfs_alloc_vextent(&args);
2449 ++ if (error)
2450 + goto done;
2451 +- /*
2452 +- * Can't fail, the space was reserved.
2453 +- */
2454 ++
2455 ++ /* Can't fail, the space was reserved. */
2456 + ASSERT(args.fsbno != NULLFSBLOCK);
2457 + ASSERT(args.len == 1);
2458 + *firstblock = args.fsbno;
2459 + bp = xfs_btree_get_bufl(args.mp, tp, args.fsbno, 0);
2460 +- bp->b_ops = &xfs_bmbt_buf_ops;
2461 +- memcpy(bp->b_addr, ifp->if_u1.if_data, ifp->if_bytes);
2462 ++
2463 ++ /* initialise the block and copy the data */
2464 ++ init_fn(bp, ip, ifp);
2465 ++
2466 ++ /* account for the change in fork size and log everything */
2467 + xfs_trans_log_buf(tp, bp, 0, ifp->if_bytes - 1);
2468 + xfs_bmap_forkoff_reset(args.mp, ip, whichfork);
2469 + xfs_idata_realloc(ip, -ifp->if_bytes, whichfork);
2470 +@@ -4919,8 +4967,32 @@ xfs_bmapi_write(
2471 + XFS_STATS_INC(xs_blk_mapw);
2472 +
2473 + if (XFS_IFORK_FORMAT(ip, whichfork) == XFS_DINODE_FMT_LOCAL) {
2474 ++ /*
2475 ++ * XXX (dgc): This assumes we are only called for inodes that
2476 ++ * contain content neutral data in local format. Anything that
2477 ++ * contains caller-specific data in local format that needs
2478 ++ * transformation to move to a block format needs to do the
2479 ++ * conversion to extent format itself.
2480 ++ *
2481 ++ * Directory data forks and attribute forks handle this
2482 ++ * themselves, but with the addition of metadata verifiers every
2483 ++ * data fork in local format now contains caller specific data
2484 ++ * and as such conversion through this function is likely to be
2485 ++ * broken.
2486 ++ *
2487 ++ * The only likely user of this branch is for remote symlinks,
2488 ++ * but we cannot overwrite the data fork contents of the symlink
2489 ++ * (EEXIST occurs higher up the stack) and so it will never go
2490 ++ * from local format to extent format here. Hence I don't think
2491 ++ * this branch is ever executed intentionally and we should
2492 ++ * consider removing it and asserting that xfs_bmapi_write()
2493 ++ * cannot be called directly on local format forks. i.e. callers
2494 ++ * are completely responsible for local to extent format
2495 ++ * conversion, not xfs_bmapi_write().
2496 ++ */
2497 + error = xfs_bmap_local_to_extents(tp, ip, firstblock, total,
2498 +- &bma.logflags, whichfork);
2499 ++ &bma.logflags, whichfork,
2500 ++ xfs_bmap_local_to_extents_init_fn);
2501 + if (error)
2502 + goto error0;
2503 + }
2504 +diff --git a/include/linux/llist.h b/include/linux/llist.h
2505 +index d0ab98f..a5199f6 100644
2506 +--- a/include/linux/llist.h
2507 ++++ b/include/linux/llist.h
2508 +@@ -125,31 +125,6 @@ static inline void init_llist_head(struct llist_head *list)
2509 + (pos) = llist_entry((pos)->member.next, typeof(*(pos)), member))
2510 +
2511 + /**
2512 +- * llist_for_each_entry_safe - iterate safely against remove over some entries
2513 +- * of lock-less list of given type.
2514 +- * @pos: the type * to use as a loop cursor.
2515 +- * @n: another type * to use as a temporary storage.
2516 +- * @node: the fist entry of deleted list entries.
2517 +- * @member: the name of the llist_node with the struct.
2518 +- *
2519 +- * In general, some entries of the lock-less list can be traversed
2520 +- * safely only after being removed from list, so start with an entry
2521 +- * instead of list head. This variant allows removal of entries
2522 +- * as we iterate.
2523 +- *
2524 +- * If being used on entries deleted from lock-less list directly, the
2525 +- * traverse order is from the newest to the oldest added entry. If
2526 +- * you want to traverse from the oldest to the newest, you must
2527 +- * reverse the order by yourself before traversing.
2528 +- */
2529 +-#define llist_for_each_entry_safe(pos, n, node, member) \
2530 +- for ((pos) = llist_entry((node), typeof(*(pos)), member), \
2531 +- (n) = (pos)->member.next; \
2532 +- &(pos)->member != NULL; \
2533 +- (pos) = llist_entry(n, typeof(*(pos)), member), \
2534 +- (n) = (&(pos)->member != NULL) ? (pos)->member.next : NULL)
2535 +-
2536 +-/**
2537 + * llist_empty - tests whether a lock-less list is empty
2538 + * @head: the list to test
2539 + *
2540 +diff --git a/include/linux/pstore.h b/include/linux/pstore.h
2541 +index 1788909..75d0176 100644
2542 +--- a/include/linux/pstore.h
2543 ++++ b/include/linux/pstore.h
2544 +@@ -68,12 +68,18 @@ struct pstore_info {
2545 +
2546 + #ifdef CONFIG_PSTORE
2547 + extern int pstore_register(struct pstore_info *);
2548 ++extern bool pstore_cannot_block_path(enum kmsg_dump_reason reason);
2549 + #else
2550 + static inline int
2551 + pstore_register(struct pstore_info *psi)
2552 + {
2553 + return -ENODEV;
2554 + }
2555 ++static inline bool
2556 ++pstore_cannot_block_path(enum kmsg_dump_reason reason)
2557 ++{
2558 ++ return false;
2559 ++}
2560 + #endif
2561 +
2562 + #endif /*_LINUX_PSTORE_H*/
2563 +diff --git a/include/linux/quota.h b/include/linux/quota.h
2564 +index 58fdef12..d133711 100644
2565 +--- a/include/linux/quota.h
2566 ++++ b/include/linux/quota.h
2567 +@@ -405,6 +405,7 @@ struct quota_module_name {
2568 + #define INIT_QUOTA_MODULE_NAMES {\
2569 + {QFMT_VFS_OLD, "quota_v1"},\
2570 + {QFMT_VFS_V0, "quota_v2"},\
2571 ++ {QFMT_VFS_V1, "quota_v2"},\
2572 + {0, NULL}}
2573 +
2574 + #endif /* _QUOTA_ */
2575 +diff --git a/kernel/cgroup.c b/kernel/cgroup.c
2576 +index 4855892..1e23664 100644
2577 +--- a/kernel/cgroup.c
2578 ++++ b/kernel/cgroup.c
2579 +@@ -426,12 +426,20 @@ static void __put_css_set(struct css_set *cg, int taskexit)
2580 + struct cgroup *cgrp = link->cgrp;
2581 + list_del(&link->cg_link_list);
2582 + list_del(&link->cgrp_link_list);
2583 ++
2584 ++ /*
2585 ++ * We may not be holding cgroup_mutex, and if cgrp->count is
2586 ++ * dropped to 0 the cgroup can be destroyed at any time, hence
2587 ++ * rcu_read_lock is used to keep it alive.
2588 ++ */
2589 ++ rcu_read_lock();
2590 + if (atomic_dec_and_test(&cgrp->count) &&
2591 + notify_on_release(cgrp)) {
2592 + if (taskexit)
2593 + set_bit(CGRP_RELEASABLE, &cgrp->flags);
2594 + check_for_release(cgrp);
2595 + }
2596 ++ rcu_read_unlock();
2597 +
2598 + kfree(link);
2599 + }
2600 +diff --git a/kernel/cpuset.c b/kernel/cpuset.c
2601 +index 7bb63ee..5bb9bf1 100644
2602 +--- a/kernel/cpuset.c
2603 ++++ b/kernel/cpuset.c
2604 +@@ -2511,8 +2511,16 @@ void cpuset_print_task_mems_allowed(struct task_struct *tsk)
2605 +
2606 + dentry = task_cs(tsk)->css.cgroup->dentry;
2607 + spin_lock(&cpuset_buffer_lock);
2608 +- snprintf(cpuset_name, CPUSET_NAME_LEN,
2609 +- dentry ? (const char *)dentry->d_name.name : "/");
2610 ++
2611 ++ if (!dentry) {
2612 ++ strcpy(cpuset_name, "/");
2613 ++ } else {
2614 ++ spin_lock(&dentry->d_lock);
2615 ++ strlcpy(cpuset_name, (const char *)dentry->d_name.name,
2616 ++ CPUSET_NAME_LEN);
2617 ++ spin_unlock(&dentry->d_lock);
2618 ++ }
2619 ++
2620 + nodelist_scnprintf(cpuset_nodelist, CPUSET_NODELIST_LEN,
2621 + tsk->mems_allowed);
2622 + printk(KERN_INFO "%s cpuset=%s mems_allowed=%s\n",
2623 +diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
2624 +index 69185ae..e885be1 100644
2625 +--- a/kernel/posix-timers.c
2626 ++++ b/kernel/posix-timers.c
2627 +@@ -639,6 +639,13 @@ static struct k_itimer *__lock_timer(timer_t timer_id, unsigned long *flags)
2628 + {
2629 + struct k_itimer *timr;
2630 +
2631 ++ /*
2632 ++ * timer_t could be any type >= int and we want to make sure any
2633 ++ * @timer_id outside positive int range fails lookup.
2634 ++ */
2635 ++ if ((unsigned long long)timer_id > INT_MAX)
2636 ++ return NULL;
2637 ++
2638 + rcu_read_lock();
2639 + timr = idr_find(&posix_timers_id, (int)timer_id);
2640 + if (timr) {
2641 +diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
2642 +index 5a63844..0ddf3a0 100644
2643 +--- a/kernel/sysctl_binary.c
2644 ++++ b/kernel/sysctl_binary.c
2645 +@@ -1194,9 +1194,10 @@ static ssize_t bin_dn_node_address(struct file *file,
2646 +
2647 + /* Convert the decnet address to binary */
2648 + result = -EIO;
2649 +- nodep = strchr(buf, '.') + 1;
2650 ++ nodep = strchr(buf, '.');
2651 + if (!nodep)
2652 + goto out;
2653 ++ ++nodep;
2654 +
2655 + area = simple_strtoul(buf, NULL, 10);
2656 + node = simple_strtoul(nodep, NULL, 10);
2657 +diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
2658 +index 41473b4..43defd1 100644
2659 +--- a/kernel/trace/ftrace.c
2660 ++++ b/kernel/trace/ftrace.c
2661 +@@ -3970,37 +3970,51 @@ static void ftrace_init_module(struct module *mod,
2662 + ftrace_process_locs(mod, start, end);
2663 + }
2664 +
2665 +-static int ftrace_module_notify(struct notifier_block *self,
2666 +- unsigned long val, void *data)
2667 ++static int ftrace_module_notify_enter(struct notifier_block *self,
2668 ++ unsigned long val, void *data)
2669 + {
2670 + struct module *mod = data;
2671 +
2672 +- switch (val) {
2673 +- case MODULE_STATE_COMING:
2674 ++ if (val == MODULE_STATE_COMING)
2675 + ftrace_init_module(mod, mod->ftrace_callsites,
2676 + mod->ftrace_callsites +
2677 + mod->num_ftrace_callsites);
2678 +- break;
2679 +- case MODULE_STATE_GOING:
2680 ++ return 0;
2681 ++}
2682 ++
2683 ++static int ftrace_module_notify_exit(struct notifier_block *self,
2684 ++ unsigned long val, void *data)
2685 ++{
2686 ++ struct module *mod = data;
2687 ++
2688 ++ if (val == MODULE_STATE_GOING)
2689 + ftrace_release_mod(mod);
2690 +- break;
2691 +- }
2692 +
2693 + return 0;
2694 + }
2695 + #else
2696 +-static int ftrace_module_notify(struct notifier_block *self,
2697 +- unsigned long val, void *data)
2698 ++static int ftrace_module_notify_enter(struct notifier_block *self,
2699 ++ unsigned long val, void *data)
2700 ++{
2701 ++ return 0;
2702 ++}
2703 ++static int ftrace_module_notify_exit(struct notifier_block *self,
2704 ++ unsigned long val, void *data)
2705 + {
2706 + return 0;
2707 + }
2708 + #endif /* CONFIG_MODULES */
2709 +
2710 +-struct notifier_block ftrace_module_nb = {
2711 +- .notifier_call = ftrace_module_notify,
2712 ++struct notifier_block ftrace_module_enter_nb = {
2713 ++ .notifier_call = ftrace_module_notify_enter,
2714 + .priority = INT_MAX, /* Run before anything that can use kprobes */
2715 + };
2716 +
2717 ++struct notifier_block ftrace_module_exit_nb = {
2718 ++ .notifier_call = ftrace_module_notify_exit,
2719 ++ .priority = INT_MIN, /* Run after anything that can remove kprobes */
2720 ++};
2721 ++
2722 + extern unsigned long __start_mcount_loc[];
2723 + extern unsigned long __stop_mcount_loc[];
2724 +
2725 +@@ -4032,9 +4046,13 @@ void __init ftrace_init(void)
2726 + __start_mcount_loc,
2727 + __stop_mcount_loc);
2728 +
2729 +- ret = register_module_notifier(&ftrace_module_nb);
2730 ++ ret = register_module_notifier(&ftrace_module_enter_nb);
2731 ++ if (ret)
2732 ++ pr_warning("Failed to register trace ftrace module enter notifier\n");
2733 ++
2734 ++ ret = register_module_notifier(&ftrace_module_exit_nb);
2735 + if (ret)
2736 +- pr_warning("Failed to register trace ftrace module notifier\n");
2737 ++ pr_warning("Failed to register trace ftrace module exit notifier\n");
2738 +
2739 + set_ftrace_early_filters();
2740 +
2741 +diff --git a/kernel/workqueue.c b/kernel/workqueue.c
2742 +index 033ad5b..3a3a98f 100644
2743 +--- a/kernel/workqueue.c
2744 ++++ b/kernel/workqueue.c
2745 +@@ -138,6 +138,7 @@ struct worker {
2746 + };
2747 +
2748 + struct work_struct *current_work; /* L: work being processed */
2749 ++ work_func_t current_func; /* L: current_work's fn */
2750 + struct cpu_workqueue_struct *current_cwq; /* L: current_work's cwq */
2751 + struct list_head scheduled; /* L: scheduled works */
2752 + struct task_struct *task; /* I: worker task */
2753 +@@ -910,7 +911,8 @@ static struct worker *__find_worker_executing_work(struct global_cwq *gcwq,
2754 + struct hlist_node *tmp;
2755 +
2756 + hlist_for_each_entry(worker, tmp, bwh, hentry)
2757 +- if (worker->current_work == work)
2758 ++ if (worker->current_work == work &&
2759 ++ worker->current_func == work->func)
2760 + return worker;
2761 + return NULL;
2762 + }
2763 +@@ -920,9 +922,27 @@ static struct worker *__find_worker_executing_work(struct global_cwq *gcwq,
2764 + * @gcwq: gcwq of interest
2765 + * @work: work to find worker for
2766 + *
2767 +- * Find a worker which is executing @work on @gcwq. This function is
2768 +- * identical to __find_worker_executing_work() except that this
2769 +- * function calculates @bwh itself.
2770 ++ * Find a worker which is executing @work on @gcwq by searching
2771 ++ * @gcwq->busy_hash which is keyed by the address of @work. For a worker
2772 ++ * to match, its current execution should match the address of @work and
2773 ++ * its work function. This is to avoid unwanted dependency between
2774 ++ * unrelated work executions through a work item being recycled while still
2775 ++ * being executed.
2776 ++ *
2777 ++ * This is a bit tricky. A work item may be freed once its execution
2778 ++ * starts and nothing prevents the freed area from being recycled for
2779 ++ * another work item. If the same work item address ends up being reused
2780 ++ * before the original execution finishes, workqueue will identify the
2781 ++ * recycled work item as currently executing and make it wait until the
2782 ++ * current execution finishes, introducing an unwanted dependency.
2783 ++ *
2784 ++ * This function checks the work item address, work function and workqueue
2785 ++ * to avoid false positives. Note that this isn't complete as one may
2786 ++ * construct a work function which can introduce dependency onto itself
2787 ++ * through a recycled work item. Well, if somebody wants to shoot oneself
2788 ++ * in the foot that badly, there's only so much we can do, and if such
2789 ++ * deadlock actually occurs, it should be easy to locate the culprit work
2790 ++ * function.
2791 + *
2792 + * CONTEXT:
2793 + * spin_lock_irq(gcwq->lock).
2794 +@@ -2168,7 +2188,6 @@ __acquires(&gcwq->lock)
2795 + struct global_cwq *gcwq = pool->gcwq;
2796 + struct hlist_head *bwh = busy_worker_head(gcwq, work);
2797 + bool cpu_intensive = cwq->wq->flags & WQ_CPU_INTENSIVE;
2798 +- work_func_t f = work->func;
2799 + int work_color;
2800 + struct worker *collision;
2801 + #ifdef CONFIG_LOCKDEP
2802 +@@ -2208,6 +2227,7 @@ __acquires(&gcwq->lock)
2803 + debug_work_deactivate(work);
2804 + hlist_add_head(&worker->hentry, bwh);
2805 + worker->current_work = work;
2806 ++ worker->current_func = work->func;
2807 + worker->current_cwq = cwq;
2808 + work_color = get_work_color(work);
2809 +
2810 +@@ -2240,7 +2260,7 @@ __acquires(&gcwq->lock)
2811 + lock_map_acquire_read(&cwq->wq->lockdep_map);
2812 + lock_map_acquire(&lockdep_map);
2813 + trace_workqueue_execute_start(work);
2814 +- f(work);
2815 ++ worker->current_func(work);
2816 + /*
2817 + * While we must be careful to not use "work" after this, the trace
2818 + * point will only record its address.
2819 +@@ -2252,7 +2272,8 @@ __acquires(&gcwq->lock)
2820 + if (unlikely(in_atomic() || lockdep_depth(current) > 0)) {
2821 + pr_err("BUG: workqueue leaked lock or atomic: %s/0x%08x/%d\n"
2822 + " last function: %pf\n",
2823 +- current->comm, preempt_count(), task_pid_nr(current), f);
2824 ++ current->comm, preempt_count(), task_pid_nr(current),
2825 ++ worker->current_func);
2826 + debug_show_held_locks(current);
2827 + dump_stack();
2828 + }
2829 +@@ -2266,6 +2287,7 @@ __acquires(&gcwq->lock)
2830 + /* we're done with it, release */
2831 + hlist_del_init(&worker->hentry);
2832 + worker->current_work = NULL;
2833 ++ worker->current_func = NULL;
2834 + worker->current_cwq = NULL;
2835 + cwq_dec_nr_in_flight(cwq, work_color);
2836 + }
2837 +diff --git a/lib/idr.c b/lib/idr.c
2838 +index 6482390..ca5aa00 100644
2839 +--- a/lib/idr.c
2840 ++++ b/lib/idr.c
2841 +@@ -625,7 +625,14 @@ void *idr_get_next(struct idr *idp, int *nextidp)
2842 + return p;
2843 + }
2844 +
2845 +- id += 1 << n;
2846 ++ /*
2847 ++ * Proceed to the next layer at the current level. Unlike
2848 ++ * idr_for_each(), @id isn't guaranteed to be aligned to
2849 ++ * layer boundary at this point and adding 1 << n may
2850 ++ * incorrectly skip IDs. Make sure we jump to the
2851 ++ * beginning of the next layer using round_up().
2852 ++ */
2853 ++ id = round_up(id + 1, 1 << n);
2854 + while (n < fls(id)) {
2855 + n += IDR_BITS;
2856 + p = *--paa;
2857 +diff --git a/mm/mmap.c b/mm/mmap.c
2858 +index d1e4124..8832b87 100644
2859 +--- a/mm/mmap.c
2860 ++++ b/mm/mmap.c
2861 +@@ -2169,9 +2169,28 @@ int expand_downwards(struct vm_area_struct *vma,
2862 + return error;
2863 + }
2864 +
2865 ++/*
2866 ++ * Note how expand_stack() refuses to expand the stack all the way to
2867 ++ * abut the next virtual mapping, *unless* that mapping itself is also
2868 ++ * a stack mapping. We want to leave room for a guard page, after all
2869 ++ * (the guard page itself is not added here, that is done by the
2870 ++ * actual page faulting logic)
2871 ++ *
2872 ++ * This matches the behavior of the guard page logic (see mm/memory.c:
2873 ++ * check_stack_guard_page()), which only allows the guard page to be
2874 ++ * removed under these circumstances.
2875 ++ */
2876 + #ifdef CONFIG_STACK_GROWSUP
2877 + int expand_stack(struct vm_area_struct *vma, unsigned long address)
2878 + {
2879 ++ struct vm_area_struct *next;
2880 ++
2881 ++ address &= PAGE_MASK;
2882 ++ next = vma->vm_next;
2883 ++ if (next && next->vm_start == address + PAGE_SIZE) {
2884 ++ if (!(next->vm_flags & VM_GROWSUP))
2885 ++ return -ENOMEM;
2886 ++ }
2887 + return expand_upwards(vma, address);
2888 + }
2889 +
2890 +@@ -2194,6 +2213,14 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr)
2891 + #else
2892 + int expand_stack(struct vm_area_struct *vma, unsigned long address)
2893 + {
2894 ++ struct vm_area_struct *prev;
2895 ++
2896 ++ address &= PAGE_MASK;
2897 ++ prev = vma->vm_prev;
2898 ++ if (prev && prev->vm_end == address) {
2899 ++ if (!(prev->vm_flags & VM_GROWSDOWN))
2900 ++ return -ENOMEM;
2901 ++ }
2902 + return expand_downwards(vma, address);
2903 + }
2904 +
2905 +diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
2906 +index dbf12ac..2d34b6b 100644
2907 +--- a/net/sunrpc/svc.c
2908 ++++ b/net/sunrpc/svc.c
2909 +@@ -515,15 +515,6 @@ EXPORT_SYMBOL_GPL(svc_create_pooled);
2910 +
2911 + void svc_shutdown_net(struct svc_serv *serv, struct net *net)
2912 + {
2913 +- /*
2914 +- * The set of xprts (contained in the sv_tempsocks and
2915 +- * sv_permsocks lists) is now constant, since it is modified
2916 +- * only by accepting new sockets (done by service threads in
2917 +- * svc_recv) or aging old ones (done by sv_temptimer), or
2918 +- * configuration changes (excluded by whatever locking the
2919 +- * caller is using--nfsd_mutex in the case of nfsd). So it's
2920 +- * safe to traverse those lists and shut everything down:
2921 +- */
2922 + svc_close_net(serv, net);
2923 +
2924 + if (serv->sv_shutdown)
2925 +diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
2926 +index b8e47fa..ca71056 100644
2927 +--- a/net/sunrpc/svc_xprt.c
2928 ++++ b/net/sunrpc/svc_xprt.c
2929 +@@ -856,7 +856,6 @@ static void svc_age_temp_xprts(unsigned long closure)
2930 + struct svc_serv *serv = (struct svc_serv *)closure;
2931 + struct svc_xprt *xprt;
2932 + struct list_head *le, *next;
2933 +- LIST_HEAD(to_be_aged);
2934 +
2935 + dprintk("svc_age_temp_xprts\n");
2936 +
2937 +@@ -877,25 +876,15 @@ static void svc_age_temp_xprts(unsigned long closure)
2938 + if (atomic_read(&xprt->xpt_ref.refcount) > 1 ||
2939 + test_bit(XPT_BUSY, &xprt->xpt_flags))
2940 + continue;
2941 +- svc_xprt_get(xprt);
2942 +- list_move(le, &to_be_aged);
2943 ++ list_del_init(le);
2944 + set_bit(XPT_CLOSE, &xprt->xpt_flags);
2945 + set_bit(XPT_DETACHED, &xprt->xpt_flags);
2946 +- }
2947 +- spin_unlock_bh(&serv->sv_lock);
2948 +-
2949 +- while (!list_empty(&to_be_aged)) {
2950 +- le = to_be_aged.next;
2951 +- /* fiddling the xpt_list node is safe 'cos we're XPT_DETACHED */
2952 +- list_del_init(le);
2953 +- xprt = list_entry(le, struct svc_xprt, xpt_list);
2954 +-
2955 + dprintk("queuing xprt %p for closing\n", xprt);
2956 +
2957 + /* a thread will dequeue and close it soon */
2958 + svc_xprt_enqueue(xprt);
2959 +- svc_xprt_put(xprt);
2960 + }
2961 ++ spin_unlock_bh(&serv->sv_lock);
2962 +
2963 + mod_timer(&serv->sv_temptimer, jiffies + svc_conn_age_period * HZ);
2964 + }
2965 +@@ -959,21 +948,24 @@ void svc_close_xprt(struct svc_xprt *xprt)
2966 + }
2967 + EXPORT_SYMBOL_GPL(svc_close_xprt);
2968 +
2969 +-static void svc_close_list(struct svc_serv *serv, struct list_head *xprt_list, struct net *net)
2970 ++static int svc_close_list(struct svc_serv *serv, struct list_head *xprt_list, struct net *net)
2971 + {
2972 + struct svc_xprt *xprt;
2973 ++ int ret = 0;
2974 +
2975 + spin_lock(&serv->sv_lock);
2976 + list_for_each_entry(xprt, xprt_list, xpt_list) {
2977 + if (xprt->xpt_net != net)
2978 + continue;
2979 ++ ret++;
2980 + set_bit(XPT_CLOSE, &xprt->xpt_flags);
2981 +- set_bit(XPT_BUSY, &xprt->xpt_flags);
2982 ++ svc_xprt_enqueue(xprt);
2983 + }
2984 + spin_unlock(&serv->sv_lock);
2985 ++ return ret;
2986 + }
2987 +
2988 +-static void svc_clear_pools(struct svc_serv *serv, struct net *net)
2989 ++static struct svc_xprt *svc_dequeue_net(struct svc_serv *serv, struct net *net)
2990 + {
2991 + struct svc_pool *pool;
2992 + struct svc_xprt *xprt;
2993 +@@ -988,42 +980,46 @@ static void svc_clear_pools(struct svc_serv *serv, struct net *net)
2994 + if (xprt->xpt_net != net)
2995 + continue;
2996 + list_del_init(&xprt->xpt_ready);
2997 ++ spin_unlock_bh(&pool->sp_lock);
2998 ++ return xprt;
2999 + }
3000 + spin_unlock_bh(&pool->sp_lock);
3001 + }
3002 ++ return NULL;
3003 + }
3004 +
3005 +-static void svc_clear_list(struct svc_serv *serv, struct list_head *xprt_list, struct net *net)
3006 ++static void svc_clean_up_xprts(struct svc_serv *serv, struct net *net)
3007 + {
3008 + struct svc_xprt *xprt;
3009 +- struct svc_xprt *tmp;
3010 +- LIST_HEAD(victims);
3011 +-
3012 +- spin_lock(&serv->sv_lock);
3013 +- list_for_each_entry_safe(xprt, tmp, xprt_list, xpt_list) {
3014 +- if (xprt->xpt_net != net)
3015 +- continue;
3016 +- list_move(&xprt->xpt_list, &victims);
3017 +- }
3018 +- spin_unlock(&serv->sv_lock);
3019 +
3020 +- list_for_each_entry_safe(xprt, tmp, &victims, xpt_list)
3021 ++ while ((xprt = svc_dequeue_net(serv, net))) {
3022 ++ set_bit(XPT_CLOSE, &xprt->xpt_flags);
3023 + svc_delete_xprt(xprt);
3024 ++ }
3025 + }
3026 +
3027 ++/*
3028 ++ * Server threads may still be running (especially in the case where the
3029 ++ * service is still running in other network namespaces).
3030 ++ *
3031 ++ * So we shut down sockets the same way we would on a running server, by
3032 ++ * setting XPT_CLOSE, enqueuing, and letting a thread pick it up to do
3033 ++ * the close. In the case there are no such other threads,
3034 ++ * threads running, svc_clean_up_xprts() does a simple version of a
3035 ++ * server's main event loop, and in the case where there are other
3036 ++ * threads, we may need to wait a little while and then check again to
3037 ++ * see if they're done.
3038 ++ */
3039 + void svc_close_net(struct svc_serv *serv, struct net *net)
3040 + {
3041 +- svc_close_list(serv, &serv->sv_tempsocks, net);
3042 +- svc_close_list(serv, &serv->sv_permsocks, net);
3043 ++ int delay = 0;
3044 +
3045 +- svc_clear_pools(serv, net);
3046 +- /*
3047 +- * At this point the sp_sockets lists will stay empty, since
3048 +- * svc_xprt_enqueue will not add new entries without taking the
3049 +- * sp_lock and checking XPT_BUSY.
3050 +- */
3051 +- svc_clear_list(serv, &serv->sv_tempsocks, net);
3052 +- svc_clear_list(serv, &serv->sv_permsocks, net);
3053 ++ while (svc_close_list(serv, &serv->sv_permsocks, net) +
3054 ++ svc_close_list(serv, &serv->sv_tempsocks, net)) {
3055 ++
3056 ++ svc_clean_up_xprts(serv, net);
3057 ++ msleep(delay++);
3058 ++ }
3059 + }
3060 +
3061 + /*
3062 +diff --git a/sound/pci/bt87x.c b/sound/pci/bt87x.c
3063 +index cdd100d..9febe55 100644
3064 +--- a/sound/pci/bt87x.c
3065 ++++ b/sound/pci/bt87x.c
3066 +@@ -836,6 +836,8 @@ static struct {
3067 + {0x7063, 0x2000}, /* pcHDTV HD-2000 TV */
3068 + };
3069 +
3070 ++static struct pci_driver driver;
3071 ++
3072 + /* return the id of the card, or a negative value if it's blacklisted */
3073 + static int snd_bt87x_detect_card(struct pci_dev *pci)
3074 + {
3075 +@@ -962,11 +964,24 @@ static DEFINE_PCI_DEVICE_TABLE(snd_bt87x_default_ids) = {
3076 + { }
3077 + };
3078 +
3079 +-static struct pci_driver bt87x_driver = {
3080 ++static struct pci_driver driver = {
3081 + .name = KBUILD_MODNAME,
3082 + .id_table = snd_bt87x_ids,
3083 + .probe = snd_bt87x_probe,
3084 + .remove = snd_bt87x_remove,
3085 + };
3086 +
3087 +-module_pci_driver(bt87x_driver);
3088 ++static int __init alsa_card_bt87x_init(void)
3089 ++{
3090 ++ if (load_all)
3091 ++ driver.id_table = snd_bt87x_default_ids;
3092 ++ return pci_register_driver(&driver);
3093 ++}
3094 ++
3095 ++static void __exit alsa_card_bt87x_exit(void)
3096 ++{
3097 ++ pci_unregister_driver(&driver);
3098 ++}
3099 ++
3100 ++module_init(alsa_card_bt87x_init)
3101 ++module_exit(alsa_card_bt87x_exit)
3102 +diff --git a/sound/pci/emu10k1/emu10k1_main.c b/sound/pci/emu10k1/emu10k1_main.c
3103 +index a7c296a..e6b0166 100644
3104 +--- a/sound/pci/emu10k1/emu10k1_main.c
3105 ++++ b/sound/pci/emu10k1/emu10k1_main.c
3106 +@@ -862,6 +862,12 @@ static int snd_emu10k1_emu1010_init(struct snd_emu10k1 *emu)
3107 + filename, emu->firmware->size);
3108 + }
3109 +
3110 ++ err = snd_emu1010_load_firmware(emu);
3111 ++ if (err != 0) {
3112 ++ snd_printk(KERN_INFO "emu1010: Loading Firmware failed\n");
3113 ++ return err;
3114 ++ }
3115 ++
3116 + /* ID, should read & 0x7f = 0x55 when FPGA programmed. */
3117 + snd_emu1010_fpga_read(emu, EMU_HANA_ID, &reg);
3118 + if ((reg & 0x3f) != 0x15) {
3119 +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
3120 +index b14813d..c690b2a 100644
3121 +--- a/sound/pci/hda/patch_hdmi.c
3122 ++++ b/sound/pci/hda/patch_hdmi.c
3123 +@@ -1573,6 +1573,9 @@ static int generic_hdmi_build_jack(struct hda_codec *codec, int pin_idx)
3124 +
3125 + if (pcmdev > 0)
3126 + sprintf(hdmi_str + strlen(hdmi_str), ",pcm=%d", pcmdev);
3127 ++ if (!is_jack_detectable(codec, per_pin->pin_nid))
3128 ++ strncat(hdmi_str, " Phantom",
3129 ++ sizeof(hdmi_str) - strlen(hdmi_str) - 1);
3130 +
3131 + return snd_hda_jack_add_kctl(codec, per_pin->pin_nid, hdmi_str, 0);
3132 + }
3133
3134 diff --git a/3.8.2/4420_grsecurity-2.9.1-3.8.1-201303012255.patch b/3.8.2/4420_grsecurity-2.9.1-3.8.2-201303041742.patch
3135 similarity index 99%
3136 rename from 3.8.2/4420_grsecurity-2.9.1-3.8.1-201303012255.patch
3137 rename to 3.8.2/4420_grsecurity-2.9.1-3.8.2-201303041742.patch
3138 index b69296b..c57c85d 100644
3139 --- a/3.8.2/4420_grsecurity-2.9.1-3.8.1-201303012255.patch
3140 +++ b/3.8.2/4420_grsecurity-2.9.1-3.8.2-201303041742.patch
3141 @@ -223,10 +223,10 @@ index b89a739..dba90c5 100644
3142 +zconf.lex.c
3143 zoffset.h
3144 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
3145 -index 6c72381..2fe9ae4 100644
3146 +index 986614d..0afd461 100644
3147 --- a/Documentation/kernel-parameters.txt
3148 +++ b/Documentation/kernel-parameters.txt
3149 -@@ -917,6 +917,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
3150 +@@ -922,6 +922,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
3151 Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0.
3152 Default: 1024
3153
3154 @@ -237,7 +237,7 @@ index 6c72381..2fe9ae4 100644
3155 hashdist= [KNL,NUMA] Large hashes allocated during boot
3156 are distributed across NUMA nodes. Defaults on
3157 for 64-bit NUMA, off otherwise.
3158 -@@ -2116,6 +2120,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
3159 +@@ -2121,6 +2125,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
3160 the specified number of seconds. This is to be used if
3161 your oopses keep scrolling off the screen.
3162
3163 @@ -252,7 +252,7 @@ index 6c72381..2fe9ae4 100644
3164
3165 pcd. [PARIDE]
3166 diff --git a/Makefile b/Makefile
3167 -index 746c856..c014cfa 100644
3168 +index 20d5318..19c7540 100644
3169 --- a/Makefile
3170 +++ b/Makefile
3171 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
3172 @@ -2307,20 +2307,22 @@ index 96ee092..37f1844 100644
3173 #define PSR_ENDIAN_MASK 0x00000200 /* Endianness state mask */
3174
3175 diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c
3176 -index 60d3b73..9168db0 100644
3177 +index 60d3b73..d27ee09 100644
3178 --- a/arch/arm/kernel/armksyms.c
3179 +++ b/arch/arm/kernel/armksyms.c
3180 -@@ -89,8 +89,8 @@ EXPORT_SYMBOL(__memzero);
3181 +@@ -89,9 +89,9 @@ EXPORT_SYMBOL(__memzero);
3182 #ifdef CONFIG_MMU
3183 EXPORT_SYMBOL(copy_page);
3184
3185 -EXPORT_SYMBOL(__copy_from_user);
3186 -EXPORT_SYMBOL(__copy_to_user);
3187 +-EXPORT_SYMBOL(__clear_user);
3188 +EXPORT_SYMBOL(___copy_from_user);
3189 +EXPORT_SYMBOL(___copy_to_user);
3190 - EXPORT_SYMBOL(__clear_user);
3191 ++EXPORT_SYMBOL(___clear_user);
3192
3193 EXPORT_SYMBOL(__get_user_1);
3194 + EXPORT_SYMBOL(__get_user_2);
3195 diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
3196 index 0f82098..3dbd3ee 100644
3197 --- a/arch/arm/kernel/entry-armv.S
3198 @@ -3267,6 +3269,30 @@ index 4653efb..8c60bf7 100644
3199
3200 /* omap_hwmod_list contains all registered struct omap_hwmods */
3201 static LIST_HEAD(omap_hwmod_list);
3202 +diff --git a/arch/arm/mach-omap2/wd_timer.c b/arch/arm/mach-omap2/wd_timer.c
3203 +index 7c2b4ed..b2ea51f 100644
3204 +--- a/arch/arm/mach-omap2/wd_timer.c
3205 ++++ b/arch/arm/mach-omap2/wd_timer.c
3206 +@@ -110,7 +110,9 @@ static int __init omap_init_wdt(void)
3207 + struct omap_hwmod *oh;
3208 + char *oh_name = "wd_timer2";
3209 + char *dev_name = "omap_wdt";
3210 +- struct omap_wd_timer_platform_data pdata;
3211 ++ static struct omap_wd_timer_platform_data pdata = {
3212 ++ .read_reset_sources = prm_read_reset_sources
3213 ++ };
3214 +
3215 + if (!cpu_class_is_omap2() || of_have_populated_dt())
3216 + return 0;
3217 +@@ -121,8 +123,6 @@ static int __init omap_init_wdt(void)
3218 + return -EINVAL;
3219 + }
3220 +
3221 +- pdata.read_reset_sources = prm_read_reset_sources;
3222 +-
3223 + pdev = omap_device_build(dev_name, id, oh, &pdata,
3224 + sizeof(struct omap_wd_timer_platform_data),
3225 + NULL, 0, 0);
3226 diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h
3227 index 6be4c4d..32ac32a 100644
3228 --- a/arch/arm/mach-ux500/include/mach/setup.h
3229 @@ -10070,10 +10096,10 @@ index 8a84501..b2d165f 100644
3230 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
3231 GCOV_PROFILE := n
3232 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
3233 -index f8fa411..c570c53 100644
3234 +index c205035..5853587 100644
3235 --- a/arch/x86/boot/compressed/eboot.c
3236 +++ b/arch/x86/boot/compressed/eboot.c
3237 -@@ -145,7 +145,6 @@ again:
3238 +@@ -150,7 +150,6 @@ again:
3239 *addr = max_addr;
3240 }
3241
3242 @@ -10081,7 +10107,7 @@ index f8fa411..c570c53 100644
3243 efi_call_phys1(sys_table->boottime->free_pool, map);
3244
3245 fail:
3246 -@@ -209,7 +208,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align,
3247 +@@ -214,7 +213,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align,
3248 if (i == map_size / desc_size)
3249 status = EFI_NOT_FOUND;
3250
3251 @@ -16204,18 +16230,9 @@ index ef5ccca..bd83949 100644
3252 }
3253
3254 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
3255 -index b994cc8..812b537 100644
3256 +index cbf5121..812b537 100644
3257 --- a/arch/x86/kernel/apic/apic.c
3258 +++ b/arch/x86/kernel/apic/apic.c
3259 -@@ -131,7 +131,7 @@ static int __init parse_lapic(char *arg)
3260 - {
3261 - if (config_enabled(CONFIG_X86_32) && !arg)
3262 - force_enable_local_apic = 1;
3263 -- else if (!strncmp(arg, "notscdeadline", 13))
3264 -+ else if (arg && !strncmp(arg, "notscdeadline", 13))
3265 - setup_clear_cpu_cap(X86_FEATURE_TSC_DEADLINE_TIMER);
3266 - return 0;
3267 - }
3268 @@ -189,7 +189,7 @@ int first_system_vector = 0xfe;
3269 /*
3270 * Debug level, exported for io_apic.c
3271 @@ -19375,91 +19392,6 @@ index 1d41402..af9a46a 100644
3272 if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
3273 return -EFAULT;
3274
3275 -diff --git a/arch/x86/kernel/head.c b/arch/x86/kernel/head.c
3276 -index 48d9d4e..992f442 100644
3277 ---- a/arch/x86/kernel/head.c
3278 -+++ b/arch/x86/kernel/head.c
3279 -@@ -5,8 +5,6 @@
3280 - #include <asm/setup.h>
3281 - #include <asm/bios_ebda.h>
3282 -
3283 --#define BIOS_LOWMEM_KILOBYTES 0x413
3284 --
3285 - /*
3286 - * The BIOS places the EBDA/XBDA at the top of conventional
3287 - * memory, and usually decreases the reported amount of
3288 -@@ -16,17 +14,30 @@
3289 - * chipset: reserve a page before VGA to prevent PCI prefetch
3290 - * into it (errata #56). Usually the page is reserved anyways,
3291 - * unless you have no PS/2 mouse plugged in.
3292 -+ *
3293 -+ * This functions is deliberately very conservative. Losing
3294 -+ * memory in the bottom megabyte is rarely a problem, as long
3295 -+ * as we have enough memory to install the trampoline. Using
3296 -+ * memory that is in use by the BIOS or by some DMA device
3297 -+ * the BIOS didn't shut down *is* a big problem.
3298 - */
3299 -+
3300 -+#define BIOS_LOWMEM_KILOBYTES 0x413
3301 -+#define LOWMEM_CAP 0x9f000U /* Absolute maximum */
3302 -+#define INSANE_CUTOFF 0x20000U /* Less than this = insane */
3303 -+
3304 - void __init reserve_ebda_region(void)
3305 - {
3306 - unsigned int lowmem, ebda_addr;
3307 -
3308 -- /* To determine the position of the EBDA and the */
3309 -- /* end of conventional memory, we need to look at */
3310 -- /* the BIOS data area. In a paravirtual environment */
3311 -- /* that area is absent. We'll just have to assume */
3312 -- /* that the paravirt case can handle memory setup */
3313 -- /* correctly, without our help. */
3314 -+ /*
3315 -+ * To determine the position of the EBDA and the
3316 -+ * end of conventional memory, we need to look at
3317 -+ * the BIOS data area. In a paravirtual environment
3318 -+ * that area is absent. We'll just have to assume
3319 -+ * that the paravirt case can handle memory setup
3320 -+ * correctly, without our help.
3321 -+ */
3322 - if (paravirt_enabled())
3323 - return;
3324 -
3325 -@@ -37,19 +48,23 @@ void __init reserve_ebda_region(void)
3326 - /* start of EBDA area */
3327 - ebda_addr = get_bios_ebda();
3328 -
3329 -- /* Fixup: bios puts an EBDA in the top 64K segment */
3330 -- /* of conventional memory, but does not adjust lowmem. */
3331 -- if ((lowmem - ebda_addr) <= 0x10000)
3332 -- lowmem = ebda_addr;
3333 -+ /*
3334 -+ * Note: some old Dells seem to need 4k EBDA without
3335 -+ * reporting so, so just consider the memory above 0x9f000
3336 -+ * to be off limits (bugzilla 2990).
3337 -+ */
3338 -
3339 -- /* Fixup: bios does not report an EBDA at all. */
3340 -- /* Some old Dells seem to need 4k anyhow (bugzilla 2990) */
3341 -- if ((ebda_addr == 0) && (lowmem >= 0x9f000))
3342 -- lowmem = 0x9f000;
3343 -+ /* If the EBDA address is below 128K, assume it is bogus */
3344 -+ if (ebda_addr < INSANE_CUTOFF)
3345 -+ ebda_addr = LOWMEM_CAP;
3346 -
3347 -- /* Paranoia: should never happen, but... */
3348 -- if ((lowmem == 0) || (lowmem >= 0x100000))
3349 -- lowmem = 0x9f000;
3350 -+ /* If lowmem is less than 128K, assume it is bogus */
3351 -+ if (lowmem < INSANE_CUTOFF)
3352 -+ lowmem = LOWMEM_CAP;
3353 -+
3354 -+ /* Use the lower of the lowmem and EBDA markers as the cutoff */
3355 -+ lowmem = min(lowmem, ebda_addr);
3356 -+ lowmem = min(lowmem, LOWMEM_CAP); /* Absolute cap */
3357 -
3358 - /* reserve all memory between lowmem and the 1MB mark */
3359 - memblock_reserve(lowmem, 0x100000 - lowmem);
3360 diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c
3361 index c18f59d..9c0c9f6 100644
3362 --- a/arch/x86/kernel/head32.c
3363 @@ -33418,10 +33350,10 @@ index 982f1f5..d21e5da 100644
3364 iounmap(buf);
3365 return 0;
3366 diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
3367 -index f5596db..9355ce6 100644
3368 +index bcb201c..f9782e5 100644
3369 --- a/drivers/firmware/efivars.c
3370 +++ b/drivers/firmware/efivars.c
3371 -@@ -132,7 +132,7 @@ struct efivar_attribute {
3372 +@@ -133,7 +133,7 @@ struct efivar_attribute {
3373 };
3374
3375 static struct efivars __efivars;
3376 @@ -34535,10 +34467,10 @@ index 8a8725c..afed796 100644
3377 marker = list_first_entry(&queue->head,
3378 struct vmw_marker, head);
3379 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
3380 -index eb2ee11..6cc50ab 100644
3381 +index ceb3040..6160c5c 100644
3382 --- a/drivers/hid/hid-core.c
3383 +++ b/drivers/hid/hid-core.c
3384 -@@ -2240,7 +2240,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
3385 +@@ -2242,7 +2242,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
3386
3387 int hid_add_device(struct hid_device *hdev)
3388 {
3389 @@ -34547,7 +34479,7 @@ index eb2ee11..6cc50ab 100644
3390 int ret;
3391
3392 if (WARN_ON(hdev->status & HID_STAT_ADDED))
3393 -@@ -2274,7 +2274,7 @@ int hid_add_device(struct hid_device *hdev)
3394 +@@ -2276,7 +2276,7 @@ int hid_add_device(struct hid_device *hdev)
3395 /* XXX hack, any other cleaner solution after the driver core
3396 * is converted to allow more than 20 bytes as the device name? */
3397 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
3398 @@ -36416,7 +36348,7 @@ index 404f63a..4796533 100644
3399 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE))
3400 extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
3401 diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c
3402 -index 35cc526..9d90d83 100644
3403 +index 8e9a668..78d6310 100644
3404 --- a/drivers/media/platform/omap/omap_vout.c
3405 +++ b/drivers/media/platform/omap/omap_vout.c
3406 @@ -63,7 +63,6 @@ enum omap_vout_channels {
3407 @@ -36427,7 +36359,7 @@ index 35cc526..9d90d83 100644
3408 /* Variables configurable through module params*/
3409 static u32 video1_numbuffers = 3;
3410 static u32 video2_numbuffers = 3;
3411 -@@ -1010,6 +1009,12 @@ static int omap_vout_open(struct file *file)
3412 +@@ -1012,6 +1011,12 @@ static int omap_vout_open(struct file *file)
3413 {
3414 struct videobuf_queue *q;
3415 struct omap_vout_device *vout = NULL;
3416 @@ -36440,7 +36372,7 @@ index 35cc526..9d90d83 100644
3417
3418 vout = video_drvdata(file);
3419 v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
3420 -@@ -1027,10 +1032,6 @@ static int omap_vout_open(struct file *file)
3421 +@@ -1029,10 +1034,6 @@ static int omap_vout_open(struct file *file)
3422 vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
3423
3424 q = &vout->vbq;
3425 @@ -40439,10 +40371,10 @@ index 0d4aa82..f7832d4 100644
3426
3427 /* core tmem accessor functions */
3428 diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
3429 -index f2aa754..11337b1 100644
3430 +index 96f4981..4daaa7e 100644
3431 --- a/drivers/target/target_core_device.c
3432 +++ b/drivers/target/target_core_device.c
3433 -@@ -1375,7 +1375,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
3434 +@@ -1370,7 +1370,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
3435 spin_lock_init(&dev->se_port_lock);
3436 spin_lock_init(&dev->se_tmr_lock);
3437 spin_lock_init(&dev->qf_cmd_lock);
3438 @@ -47537,7 +47469,7 @@ index b2a34a1..162fa69 100644
3439 return rc;
3440 }
3441 diff --git a/fs/exec.c b/fs/exec.c
3442 -index 20df02c..1dff97d 100644
3443 +index 20df02c..5af5d91 100644
3444 --- a/fs/exec.c
3445 +++ b/fs/exec.c
3446 @@ -55,6 +55,17 @@
3447 @@ -47606,8 +47538,8 @@ index 20df02c..1dff97d 100644
3448 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
3449 + // only allow 512KB for argv+env on suid/sgid binaries
3450 + // to prevent easy ASLR exhaustion
3451 -+ if (((bprm->cred->euid != current_euid()) ||
3452 -+ (bprm->cred->egid != current_egid())) &&
3453 ++ if (((!uid_eq(bprm->cred->euid, current_euid())) ||
3454 ++ (!gid_eq(bprm->cred->egid, current_egid()))) &&
3455 + (size > (512 * 1024))) {
3456 + put_page(page);
3457 + return NULL;
3458 @@ -47930,7 +47862,7 @@ index 20df02c..1dff97d 100644
3459 + /* limit suid stack to 8MB
3460 + * we saved the old limits above and will restore them if this exec fails
3461 + */
3462 -+ if (((bprm->cred->euid != current_euid()) || (bprm->cred->egid != current_egid())) &&
3463 ++ if (((!uid_eq(bprm->cred->euid, current_euid())) || (!gid_eq(bprm->cred->egid, current_egid()))) &&
3464 + (old_rlim[RLIMIT_STACK].rlim_cur > (8 * 1024 * 1024)))
3465 + current->signal->rlim[RLIMIT_STACK].rlim_cur = 8 * 1024 * 1024;
3466 +#endif
3467 @@ -48289,10 +48221,10 @@ index 22548f5..41521d8 100644
3468 }
3469 return 1;
3470 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
3471 -index cf18217..8f6b9c3 100644
3472 +index 2f2e0da..89b113a 100644
3473 --- a/fs/ext4/balloc.c
3474 +++ b/fs/ext4/balloc.c
3475 -@@ -498,8 +498,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
3476 +@@ -505,8 +505,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
3477 /* Hm, nope. Are (enough) root reserved clusters available? */
3478 if (uid_eq(sbi->s_resuid, current_fsuid()) ||
3479 (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
3480 @@ -48338,7 +48270,7 @@ index 8462eb3..4a71af6 100644
3481
3482 /* locality groups */
3483 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
3484 -index 1bf6fe7..1a5bdef 100644
3485 +index 061727a..7622abf 100644
3486 --- a/fs/ext4/mballoc.c
3487 +++ b/fs/ext4/mballoc.c
3488 @@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
3489 @@ -50125,10 +50057,10 @@ index e83351a..41e3c9c 100644
3490 if (!ret)
3491 ret = -EPIPE;
3492 diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
3493 -index b7c09f9..3eff736 100644
3494 +index 315e1f8..91f890c 100644
3495 --- a/fs/fuse/dir.c
3496 +++ b/fs/fuse/dir.c
3497 -@@ -1226,7 +1226,7 @@ static char *read_link(struct dentry *dentry)
3498 +@@ -1233,7 +1233,7 @@ static char *read_link(struct dentry *dentry)
3499 return link;
3500 }
3501
3502 @@ -51152,7 +51084,7 @@ index d355e6e..578d905 100644
3503
3504 enum ocfs2_local_alloc_state
3505 diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
3506 -index f169da4..9112253 100644
3507 +index b7e74b5..19c6536 100644
3508 --- a/fs/ocfs2/suballoc.c
3509 +++ b/fs/ocfs2/suballoc.c
3510 @@ -872,7 +872,7 @@ static int ocfs2_reserve_suballoc_bits(struct ocfs2_super *osb,
3511 @@ -51164,7 +51096,7 @@ index f169da4..9112253 100644
3512
3513 /* You should never ask for this much metadata */
3514 BUG_ON(bits_wanted >
3515 -@@ -2008,7 +2008,7 @@ int ocfs2_claim_metadata(handle_t *handle,
3516 +@@ -2007,7 +2007,7 @@ int ocfs2_claim_metadata(handle_t *handle,
3517 mlog_errno(status);
3518 goto bail;
3519 }
3520 @@ -51173,7 +51105,7 @@ index f169da4..9112253 100644
3521
3522 *suballoc_loc = res.sr_bg_blkno;
3523 *suballoc_bit_start = res.sr_bit_offset;
3524 -@@ -2172,7 +2172,7 @@ int ocfs2_claim_new_inode_at_loc(handle_t *handle,
3525 +@@ -2171,7 +2171,7 @@ int ocfs2_claim_new_inode_at_loc(handle_t *handle,
3526 trace_ocfs2_claim_new_inode_at_loc((unsigned long long)di_blkno,
3527 res->sr_bits);
3528
3529 @@ -51182,7 +51114,7 @@ index f169da4..9112253 100644
3530
3531 BUG_ON(res->sr_bits != 1);
3532
3533 -@@ -2214,7 +2214,7 @@ int ocfs2_claim_new_inode(handle_t *handle,
3534 +@@ -2213,7 +2213,7 @@ int ocfs2_claim_new_inode(handle_t *handle,
3535 mlog_errno(status);
3536 goto bail;
3537 }
3538 @@ -51191,7 +51123,7 @@ index f169da4..9112253 100644
3539
3540 BUG_ON(res.sr_bits != 1);
3541
3542 -@@ -2318,7 +2318,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
3543 +@@ -2317,7 +2317,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
3544 cluster_start,
3545 num_clusters);
3546 if (!status)
3547 @@ -51200,7 +51132,7 @@ index f169da4..9112253 100644
3548 } else {
3549 if (min_clusters > (osb->bitmap_cpg - 1)) {
3550 /* The only paths asking for contiguousness
3551 -@@ -2344,7 +2344,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
3552 +@@ -2343,7 +2343,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
3553 ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode,
3554 res.sr_bg_blkno,
3555 res.sr_bit_offset);
3556 @@ -51672,7 +51604,7 @@ index 6a91e6f..e54dbc14 100644
3557 static struct pid *
3558 get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
3559 diff --git a/fs/proc/base.c b/fs/proc/base.c
3560 -index 9b43ff77..3d6a99f 100644
3561 +index 9b43ff77..ba3e990 100644
3562 --- a/fs/proc/base.c
3563 +++ b/fs/proc/base.c
3564 @@ -111,6 +111,14 @@ struct pid_entry {
3565 @@ -51790,7 +51722,7 @@ index 9b43ff77..3d6a99f 100644
3566 + const struct cred *tmpcred = current_cred();
3567 + const struct cred *cred = __task_cred(task);
3568 +
3569 -+ if (!tmpcred->uid || (tmpcred->uid == cred->uid)
3570 ++ if (uid_eq(tmpcred->uid, GLOBAL_ROOT_UID) || uid_eq(tmpcred->uid, cred->uid)
3571 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
3572 + || in_group_p(grsec_proc_gid)
3573 +#endif
3574 @@ -52294,7 +52226,7 @@ index b1822dd..df622cb 100644
3575
3576 seq_putc(m, '\n');
3577 diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
3578 -index fe72cd0..cb9b67d 100644
3579 +index fe72cd0..21b52ff 100644
3580 --- a/fs/proc/proc_net.c
3581 +++ b/fs/proc/proc_net.c
3582 @@ -23,6 +23,7 @@
3583 @@ -52314,10 +52246,10 @@ index fe72cd0..cb9b67d 100644
3584 +#endif
3585 +
3586 +#ifdef CONFIG_GRKERNSEC_PROC_USER
3587 -+ if (cred->fsuid)
3588 ++ if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID))
3589 + return net;
3590 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
3591 -+ if (cred->fsuid && !in_group_p(grsec_proc_gid))
3592 ++ if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID) && !in_group_p(grsec_proc_gid))
3593 + return net;
3594 +#endif
3595
3596 @@ -53336,10 +53268,10 @@ index 9fbea87..6b19972 100644
3597 struct posix_acl *acl;
3598 struct posix_acl_entry *acl_e;
3599 diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
3600 -index cdb2d33..704ce7f 100644
3601 +index 572a858..12a9b0d 100644
3602 --- a/fs/xfs/xfs_bmap.c
3603 +++ b/fs/xfs/xfs_bmap.c
3604 -@@ -189,7 +189,7 @@ xfs_bmap_validate_ret(
3605 +@@ -192,7 +192,7 @@ xfs_bmap_validate_ret(
3606 int nmap,
3607 int ret_nmap);
3608 #else
3609 @@ -54468,10 +54400,10 @@ index 0000000..1b9afa9
3610 +endif
3611 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
3612 new file mode 100644
3613 -index 0000000..69e1320
3614 +index 0000000..6b7b8f7
3615 --- /dev/null
3616 +++ b/grsecurity/gracl.c
3617 -@@ -0,0 +1,4019 @@
3618 +@@ -0,0 +1,4067 @@
3619 +#include <linux/kernel.h>
3620 +#include <linux/module.h>
3621 +#include <linux/sched.h>
3622 @@ -56513,7 +56445,7 @@ index 0000000..69e1320
3623 + const struct cred *cred = current_cred();
3624 +
3625 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
3626 -+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
3627 ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
3628 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
3629 + 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip);
3630 +
3631 @@ -56521,16 +56453,29 @@ index 0000000..69e1320
3632 +}
3633 +
3634 +static void
3635 -+gr_log_learn_id_change(const char type, const unsigned int real,
3636 -+ const unsigned int effective, const unsigned int fs)
3637 ++gr_log_learn_uid_change(const kuid_t real, const kuid_t effective, const kuid_t fs)
3638 +{
3639 + struct task_struct *task = current;
3640 + const struct cred *cred = current_cred();
3641 +
3642 + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
3643 -+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
3644 ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
3645 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
3646 -+ type, real, effective, fs, &task->signal->saved_ip);
3647 ++ 'u', GR_GLOBAL_UID(real), GR_GLOBAL_UID(effective), GR_GLOBAL_UID(fs), &task->signal->saved_ip);
3648 ++
3649 ++ return;
3650 ++}
3651 ++
3652 ++static void
3653 ++gr_log_learn_gid_change(const kgid_t real, const kgid_t effective, const kgid_t fs)
3654 ++{
3655 ++ struct task_struct *task = current;
3656 ++ const struct cred *cred = current_cred();
3657 ++
3658 ++ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
3659 ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
3660 ++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
3661 ++ 'g', GR_GLOBAL_GID(real), GR_GLOBAL_GID(effective), GR_GLOBAL_GID(fs), &task->signal->saved_ip);
3662 +
3663 + return;
3664 +}
3665 @@ -56803,23 +56748,28 @@ index 0000000..69e1320
3666 +extern int __gr_process_user_ban(struct user_struct *user);
3667 +
3668 +int
3669 -+gr_check_user_change(int real, int effective, int fs)
3670 ++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
3671 +{
3672 + unsigned int i;
3673 + __u16 num;
3674 + uid_t *uidlist;
3675 -+ int curuid;
3676 ++ uid_t curuid;
3677 + int realok = 0;
3678 + int effectiveok = 0;
3679 + int fsok = 0;
3680 ++ uid_t globalreal, globaleffective, globalfs;
3681 +
3682 +#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE)
3683 + struct user_struct *user;
3684 +
3685 -+ if (real == -1)
3686 ++ if (!uid_valid(real))
3687 + goto skipit;
3688 +
3689 -+ user = find_user(real);
3690 ++ /* find user based on global namespace */
3691 ++
3692 ++ globalreal = GR_GLOBAL_UID(real);
3693 ++
3694 ++ user = find_user(make_kuid(&init_user_ns, globalreal));
3695 + if (user == NULL)
3696 + goto skipit;
3697 +
3698 @@ -56839,7 +56789,7 @@ index 0000000..69e1320
3699 + return 0;
3700 +
3701 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
3702 -+ gr_log_learn_id_change('u', real, effective, fs);
3703 ++ gr_log_learn_uid_change(real, effective, fs);
3704 +
3705 + num = current->acl->user_trans_num;
3706 + uidlist = current->acl->user_transitions;
3707 @@ -56847,31 +56797,43 @@ index 0000000..69e1320
3708 + if (uidlist == NULL)
3709 + return 0;
3710 +
3711 -+ if (real == -1)
3712 ++ if (!uid_valid(real)) {
3713 + realok = 1;
3714 -+ if (effective == -1)
3715 ++ globalreal = (uid_t)-1;
3716 ++ } else {
3717 ++ globalreal = GR_GLOBAL_UID(real);
3718 ++ }
3719 ++ if (!uid_valid(effective)) {
3720 + effectiveok = 1;
3721 -+ if (fs == -1)
3722 ++ globaleffective = (uid_t)-1;
3723 ++ } else {
3724 ++ globaleffective = GR_GLOBAL_UID(effective);
3725 ++ }
3726 ++ if (!uid_valid(fs)) {
3727 + fsok = 1;
3728 ++ globalfs = (uid_t)-1;
3729 ++ } else {
3730 ++ globalfs = GR_GLOBAL_UID(fs);
3731 ++ }
3732 +
3733 + if (current->acl->user_trans_type & GR_ID_ALLOW) {
3734 + for (i = 0; i < num; i++) {
3735 -+ curuid = (int)uidlist[i];
3736 -+ if (real == curuid)
3737 ++ curuid = uidlist[i];
3738 ++ if (globalreal == curuid)
3739 + realok = 1;
3740 -+ if (effective == curuid)
3741 ++ if (globaleffective == curuid)
3742 + effectiveok = 1;
3743 -+ if (fs == curuid)
3744 ++ if (globalfs == curuid)
3745 + fsok = 1;
3746 + }
3747 + } else if (current->acl->user_trans_type & GR_ID_DENY) {
3748 + for (i = 0; i < num; i++) {
3749 -+ curuid = (int)uidlist[i];
3750 -+ if (real == curuid)
3751 ++ curuid = uidlist[i];
3752 ++ if (globalreal == curuid)
3753 + break;
3754 -+ if (effective == curuid)
3755 ++ if (globaleffective == curuid)
3756 + break;
3757 -+ if (fs == curuid)
3758 ++ if (globalfs == curuid)
3759 + break;
3760 + }
3761 + /* not in deny list */
3762 @@ -56885,27 +56847,28 @@ index 0000000..69e1320
3763 + if (realok && effectiveok && fsok)
3764 + return 0;
3765 + else {
3766 -+ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
3767 ++ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
3768 + return 1;
3769 + }
3770 +}
3771 +
3772 +int
3773 -+gr_check_group_change(int real, int effective, int fs)
3774 ++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs)
3775 +{
3776 + unsigned int i;
3777 + __u16 num;
3778 + gid_t *gidlist;
3779 -+ int curgid;
3780 ++ gid_t curgid;
3781 + int realok = 0;
3782 + int effectiveok = 0;
3783 + int fsok = 0;
3784 ++ gid_t globalreal, globaleffective, globalfs;
3785 +
3786 + if (unlikely(!(gr_status & GR_READY)))
3787 + return 0;
3788 +
3789 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
3790 -+ gr_log_learn_id_change('g', real, effective, fs);
3791 ++ gr_log_learn_gid_change(real, effective, fs);
3792 +
3793 + num = current->acl->group_trans_num;
3794 + gidlist = current->acl->group_transitions;
3795 @@ -56913,31 +56876,43 @@ index 0000000..69e1320
3796 + if (gidlist == NULL)
3797 + return 0;
3798 +
3799 -+ if (real == -1)
3800 ++ if (!gid_valid(real)) {
3801 + realok = 1;
3802 -+ if (effective == -1)
3803 ++ globalreal = (gid_t)-1;
3804 ++ } else {
3805 ++ globalreal = GR_GLOBAL_GID(real);
3806 ++ }
3807 ++ if (!gid_valid(effective)) {
3808 + effectiveok = 1;
3809 -+ if (fs == -1)
3810 ++ globaleffective = (gid_t)-1;
3811 ++ } else {
3812 ++ globaleffective = GR_GLOBAL_GID(effective);
3813 ++ }
3814 ++ if (!gid_valid(fs)) {
3815 + fsok = 1;
3816 ++ globalfs = (gid_t)-1;
3817 ++ } else {
3818 ++ globalfs = GR_GLOBAL_GID(fs);
3819 ++ }
3820 +
3821 + if (current->acl->group_trans_type & GR_ID_ALLOW) {
3822 + for (i = 0; i < num; i++) {
3823 -+ curgid = (int)gidlist[i];
3824 -+ if (real == curgid)
3825 ++ curgid = gidlist[i];
3826 ++ if (globalreal == curgid)
3827 + realok = 1;
3828 -+ if (effective == curgid)
3829 ++ if (globaleffective == curgid)
3830 + effectiveok = 1;
3831 -+ if (fs == curgid)
3832 ++ if (globalfs == curgid)
3833 + fsok = 1;
3834 + }
3835 + } else if (current->acl->group_trans_type & GR_ID_DENY) {
3836 + for (i = 0; i < num; i++) {
3837 -+ curgid = (int)gidlist[i];
3838 -+ if (real == curgid)
3839 ++ curgid = gidlist[i];
3840 ++ if (globalreal == curgid)
3841 + break;
3842 -+ if (effective == curgid)
3843 ++ if (globaleffective == curgid)
3844 + break;
3845 -+ if (fs == curgid)
3846 ++ if (globalfs == curgid)
3847 + break;
3848 + }
3849 + /* not in deny list */
3850 @@ -56951,7 +56926,7 @@ index 0000000..69e1320
3851 + if (realok && effectiveok && fsok)
3852 + return 0;
3853 + else {
3854 -+ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
3855 ++ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
3856 + return 1;
3857 + }
3858 +}
3859 @@ -56959,16 +56934,21 @@ index 0000000..69e1320
3860 +extern int gr_acl_is_capable(const int cap);
3861 +
3862 +void
3863 -+gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
3864 ++gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid)
3865 +{
3866 + struct acl_role_label *role = task->role;
3867 + struct acl_subject_label *subj = NULL;
3868 + struct acl_object_label *obj;
3869 + struct file *filp;
3870 ++ uid_t uid;
3871 ++ gid_t gid;
3872 +
3873 + if (unlikely(!(gr_status & GR_READY)))
3874 + return;
3875 +
3876 ++ uid = GR_GLOBAL_UID(kuid);
3877 ++ gid = GR_GLOBAL_GID(kgid);
3878 ++
3879 + filp = task->exec_file;
3880 +
3881 + /* kernel process, we'll give them the kernel role */
3882 @@ -57922,7 +57902,7 @@ index 0000000..69e1320
3883 +
3884 + if (task->exec_file) {
3885 + cred = __task_cred(task);
3886 -+ task->role = lookup_acl_role_label(task, cred->uid, cred->gid);
3887 ++ task->role = lookup_acl_role_label(task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
3888 + ret = gr_apply_subject_to_task(task);
3889 + if (ret) {
3890 + read_unlock(&grsec_exec_file_lock);
3891 @@ -58005,7 +57985,7 @@ index 0000000..69e1320
3892 + rcu_read_lock();
3893 + cred = __task_cred(task);
3894 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
3895 -+ task->role->roletype, cred->uid, cred->gid, acl->filename,
3896 ++ task->role->roletype, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), acl->filename,
3897 + acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
3898 + "", (unsigned long) res, &task->signal->saved_ip);
3899 + rcu_read_unlock();
3900 @@ -58604,7 +58584,7 @@ index 0000000..34fefda
3901 +}
3902 diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
3903 new file mode 100644
3904 -index 0000000..6d21049
3905 +index 0000000..bdd51ea
3906 --- /dev/null
3907 +++ b/grsecurity/gracl_cap.c
3908 @@ -0,0 +1,110 @@
3909 @@ -58659,8 +58639,8 @@ index 0000000..6d21049
3910 + if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
3911 + && cap_raised(cred->cap_effective, cap)) {
3912 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
3913 -+ task->role->roletype, cred->uid,
3914 -+ cred->gid, task->exec_file ?
3915 ++ task->role->roletype, GR_GLOBAL_UID(cred->uid),
3916 ++ GR_GLOBAL_GID(cred->gid), task->exec_file ?
3917 + gr_to_filename(task->exec_file->f_path.dentry,
3918 + task->exec_file->f_path.mnt) : curracl->filename,
3919 + curracl->filename, 0UL,
3920 @@ -59157,7 +59137,7 @@ index 0000000..a340c17
3921 +}
3922 diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
3923 new file mode 100644
3924 -index 0000000..58800a7
3925 +index 0000000..4699807
3926 --- /dev/null
3927 +++ b/grsecurity/gracl_ip.c
3928 @@ -0,0 +1,384 @@
3929 @@ -59277,8 +59257,8 @@ index 0000000..58800a7
3930 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
3931 + __u32 fakeip = 0;
3932 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
3933 -+ current->role->roletype, cred->uid,
3934 -+ cred->gid, current->exec_file ?
3935 ++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
3936 ++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
3937 + gr_to_filename(current->exec_file->f_path.dentry,
3938 + current->exec_file->f_path.mnt) :
3939 + curr->filename, curr->filename,
3940 @@ -59305,8 +59285,8 @@ index 0000000..58800a7
3941 + if (type == SOCK_RAW || type == SOCK_PACKET) {
3942 + __u32 fakeip = 0;
3943 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
3944 -+ current->role->roletype, cred->uid,
3945 -+ cred->gid, current->exec_file ?
3946 ++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
3947 ++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
3948 + gr_to_filename(current->exec_file->f_path.dentry,
3949 + current->exec_file->f_path.mnt) :
3950 + curr->filename, curr->filename,
3951 @@ -59315,8 +59295,8 @@ index 0000000..58800a7
3952 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
3953 + __u32 fakeip = 0;
3954 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
3955 -+ current->role->roletype, cred->uid,
3956 -+ cred->gid, current->exec_file ?
3957 ++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
3958 ++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
3959 + gr_to_filename(current->exec_file->f_path.dentry,
3960 + current->exec_file->f_path.mnt) :
3961 + curr->filename, curr->filename,
3962 @@ -59412,8 +59392,8 @@ index 0000000..58800a7
3963 +
3964 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
3965 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
3966 -+ current->role->roletype, cred->uid,
3967 -+ cred->gid, current->exec_file ?
3968 ++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
3969 ++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
3970 + gr_to_filename(current->exec_file->f_path.dentry,
3971 + current->exec_file->f_path.mnt) :
3972 + curr->filename, curr->filename,
3973 @@ -59834,10 +59814,10 @@ index 0000000..39645c9
3974 +}
3975 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
3976 new file mode 100644
3977 -index 0000000..25197e9
3978 +index 0000000..10398db
3979 --- /dev/null
3980 +++ b/grsecurity/gracl_segv.c
3981 -@@ -0,0 +1,299 @@
3982 +@@ -0,0 +1,303 @@
3983 +#include <linux/kernel.h>
3984 +#include <linux/mm.h>
3985 +#include <asm/uaccess.h>
3986 @@ -59939,9 +59919,10 @@ index 0000000..25197e9
3987 +}
3988 +
3989 +static __inline__ void
3990 -+gr_insert_uid(const uid_t uid, const unsigned long expires)
3991 ++gr_insert_uid(const kuid_t kuid, const unsigned long expires)
3992 +{
3993 + int loc;
3994 ++ uid_t uid = GR_GLOBAL_UID(kuid);
3995 +
3996 + if (uid_used == GR_UIDTABLE_MAX)
3997 + return;
3998 @@ -59976,14 +59957,17 @@ index 0000000..25197e9
3999 +}
4000 +
4001 +int
4002 -+gr_check_crash_uid(const uid_t uid)
4003 ++gr_check_crash_uid(const kuid_t kuid)
4004 +{
4005 + int loc;
4006 + int ret = 0;
4007 ++ uid_t uid;
4008 +
4009 + if (unlikely(!gr_acl_is_enabled()))
4010 + return 0;
4011 +
4012 ++ uid = GR_GLOBAL_UID(kuid);
4013 ++
4014 + spin_lock(&gr_uid_lock);
4015 + loc = gr_find_uid(uid);
4016 +
4017 @@ -60006,8 +59990,8 @@ index 0000000..25197e9
4018 + if (!uid_eq(cred->uid, cred->euid) || !uid_eq(cred->uid, cred->suid) ||
4019 + !uid_eq(cred->uid, cred->fsuid))
4020 + return 1;
4021 -+ if (!uid_eq(cred->gid, cred->egid) || !uid_eq(cred->gid, cred->sgid) ||
4022 -+ !uid_eq(cred->gid, cred->fsgid))
4023 ++ if (!gid_eq(cred->gid, cred->egid) || !gid_eq(cred->gid, cred->sgid) ||
4024 ++ !gid_eq(cred->gid, cred->fsgid))
4025 + return 1;
4026 +
4027 + return 0;
4028 @@ -60139,7 +60123,7 @@ index 0000000..25197e9
4029 +}
4030 diff --git a/grsecurity/gracl_shm.c b/grsecurity/gracl_shm.c
4031 new file mode 100644
4032 -index 0000000..9d83a69
4033 +index 0000000..120978a
4034 --- /dev/null
4035 +++ b/grsecurity/gracl_shm.c
4036 @@ -0,0 +1,40 @@
4037 @@ -60154,7 +60138,7 @@ index 0000000..9d83a69
4038 +
4039 +int
4040 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
4041 -+ const time_t shm_createtime, const uid_t cuid, const int shmid)
4042 ++ const time_t shm_createtime, const kuid_t cuid, const int shmid)
4043 +{
4044 + struct task_struct *task;
4045 +
4046 @@ -60175,7 +60159,7 @@ index 0000000..9d83a69
4047 + (task->acl != current->acl))) {
4048 + read_unlock(&tasklist_lock);
4049 + rcu_read_unlock();
4050 -+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
4051 ++ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, GR_GLOBAL_UID(cuid), shm_cprid, shmid);
4052 + return 0;
4053 + }
4054 + read_unlock(&tasklist_lock);
4055 @@ -60573,7 +60557,7 @@ index 0000000..70fe0ae
4056 +}
4057 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
4058 new file mode 100644
4059 -index 0000000..e6796b3
4060 +index 0000000..207d409
4061 --- /dev/null
4062 +++ b/grsecurity/grsec_disabled.c
4063 @@ -0,0 +1,434 @@
4064 @@ -60716,7 +60700,7 @@ index 0000000..e6796b3
4065 +}
4066 +
4067 +int
4068 -+gr_check_crash_uid(const uid_t uid)
4069 ++gr_check_crash_uid(const kuid_t uid)
4070 +{
4071 + return 0;
4072 +}
4073 @@ -60893,7 +60877,7 @@ index 0000000..e6796b3
4074 +
4075 +int
4076 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
4077 -+ const time_t shm_createtime, const uid_t cuid, const int shmid)
4078 ++ const time_t shm_createtime, const kuid_t cuid, const int shmid)
4079 +{
4080 + return 1;
4081 +}
4082 @@ -60950,7 +60934,7 @@ index 0000000..e6796b3
4083 +}
4084 +
4085 +void
4086 -+gr_set_role_label(const uid_t uid, const gid_t gid)
4087 ++gr_set_role_label(const kuid_t uid, const kgid_t gid)
4088 +{
4089 + return;
4090 +}
4091 @@ -60980,13 +60964,13 @@ index 0000000..e6796b3
4092 +}
4093 +
4094 +int
4095 -+gr_check_user_change(int real, int effective, int fs)
4096 ++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
4097 +{
4098 + return 0;
4099 +}
4100 +
4101 +int
4102 -+gr_check_group_change(int real, int effective, int fs)
4103 ++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs)
4104 +{
4105 + return 0;
4106 +}
4107 @@ -61193,7 +61177,7 @@ index 0000000..abfa971
4108 +EXPORT_SYMBOL(gr_task_is_capable_nolog);
4109 diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c
4110 new file mode 100644
4111 -index 0000000..d3ee748
4112 +index 0000000..06cc6ea
4113 --- /dev/null
4114 +++ b/grsecurity/grsec_fifo.c
4115 @@ -0,0 +1,24 @@
4116 @@ -61212,10 +61196,10 @@ index 0000000..d3ee748
4117 +
4118 + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
4119 + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
4120 -+ (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
4121 -+ (cred->fsuid != dentry->d_inode->i_uid)) {
4122 ++ !uid_eq(dentry->d_inode->i_uid, dir->d_inode->i_uid) &&
4123 ++ !uid_eq(cred->fsuid, dentry->d_inode->i_uid)) {
4124 + if (!inode_permission(dentry->d_inode, acc_mode))
4125 -+ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
4126 ++ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, GR_GLOBAL_UID(dentry->d_inode->i_uid), GR_GLOBAL_GID(dentry->d_inode->i_gid));
4127 + return -EACCES;
4128 + }
4129 +#endif
4130 @@ -61252,7 +61236,7 @@ index 0000000..8ca18bf
4131 +}
4132 diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
4133 new file mode 100644
4134 -index 0000000..05a6015
4135 +index 0000000..a862e9f
4136 --- /dev/null
4137 +++ b/grsecurity/grsec_init.c
4138 @@ -0,0 +1,283 @@
4139 @@ -61268,7 +61252,7 @@ index 0000000..05a6015
4140 +int grsec_enable_ptrace_readexec;
4141 +int grsec_enable_setxid;
4142 +int grsec_enable_symlinkown;
4143 -+int grsec_symlinkown_gid;
4144 ++kgid_t grsec_symlinkown_gid;
4145 +int grsec_enable_brute;
4146 +int grsec_enable_link;
4147 +int grsec_enable_dmesg;
4148 @@ -61281,7 +61265,7 @@ index 0000000..05a6015
4149 +int grsec_enable_time;
4150 +int grsec_enable_audit_textrel;
4151 +int grsec_enable_group;
4152 -+int grsec_audit_gid;
4153 ++kgid_t grsec_audit_gid;
4154 +int grsec_enable_chdir;
4155 +int grsec_enable_mount;
4156 +int grsec_enable_rofs;
4157 @@ -61300,7 +61284,7 @@ index 0000000..05a6015
4158 +int grsec_enable_chroot_sysctl;
4159 +int grsec_enable_chroot_unix;
4160 +int grsec_enable_tpe;
4161 -+int grsec_tpe_gid;
4162 ++kgid_t grsec_tpe_gid;
4163 +int grsec_enable_blackhole;
4164 +#ifdef CONFIG_IPV6_MODULE
4165 +EXPORT_SYMBOL(grsec_enable_blackhole);
4166 @@ -61309,11 +61293,11 @@ index 0000000..05a6015
4167 +int grsec_enable_tpe_all;
4168 +int grsec_enable_tpe_invert;
4169 +int grsec_enable_socket_all;
4170 -+int grsec_socket_all_gid;
4171 ++kgid_t grsec_socket_all_gid;
4172 +int grsec_enable_socket_client;
4173 -+int grsec_socket_client_gid;
4174 ++kgid_t grsec_socket_client_gid;
4175 +int grsec_enable_socket_server;
4176 -+int grsec_socket_server_gid;
4177 ++kgid_t grsec_socket_server_gid;
4178 +int grsec_resource_logging;
4179 +int grsec_disable_privio;
4180 +int grsec_enable_log_rwxmaps;
4181 @@ -61419,7 +61403,7 @@ index 0000000..05a6015
4182 +#endif
4183 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
4184 + grsec_enable_group = 1;
4185 -+ grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
4186 ++ grsec_audit_gid = KGIDT_INIT(CONFIG_GRKERNSEC_AUDIT_GID);
4187 +#endif
4188 +#ifdef CONFIG_GRKERNSEC_PTRACE_READEXEC
4189 + grsec_enable_ptrace_readexec = 1;
4190 @@ -61514,26 +61498,26 @@ index 0000000..05a6015
4191 +#endif
4192 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
4193 + grsec_enable_symlinkown = 1;
4194 -+ grsec_symlinkown_gid = CONFIG_GRKERNSEC_SYMLINKOWN_GID;
4195 ++ grsec_symlinkown_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SYMLINKOWN_GID);
4196 +#endif
4197 +#ifdef CONFIG_GRKERNSEC_TPE
4198 + grsec_enable_tpe = 1;
4199 -+ grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
4200 ++ grsec_tpe_gid = KGIDT_INIT(CONFIG_GRKERNSEC_TPE_GID);
4201 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
4202 + grsec_enable_tpe_all = 1;
4203 +#endif
4204 +#endif
4205 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
4206 + grsec_enable_socket_all = 1;
4207 -+ grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
4208 ++ grsec_socket_all_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_ALL_GID);
4209 +#endif
4210 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
4211 + grsec_enable_socket_client = 1;
4212 -+ grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
4213 ++ grsec_socket_client_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_CLIENT_GID);
4214 +#endif
4215 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
4216 + grsec_enable_socket_server = 1;
4217 -+ grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
4218 ++ grsec_socket_server_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_SERVER_GID);
4219 +#endif
4220 +#endif
4221 +
4222 @@ -61605,10 +61589,10 @@ index 0000000..6095407
4223 +}
4224 diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c
4225 new file mode 100644
4226 -index 0000000..7bd6c2b
4227 +index 0000000..7c06085
4228 --- /dev/null
4229 +++ b/grsecurity/grsec_log.c
4230 -@@ -0,0 +1,329 @@
4231 +@@ -0,0 +1,326 @@
4232 +#include <linux/kernel.h>
4233 +#include <linux/sched.h>
4234 +#include <linux/file.h>
4235 @@ -61624,9 +61608,6 @@ index 0000000..7bd6c2b
4236 +#define ENABLE_PREEMPT()
4237 +#endif
4238 +
4239 -+#define GR_GLOBAL_UID(x) from_kuid_munged(&init_user_ns, (x))
4240 -+#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x))
4241 -+
4242 +#define BEGIN_LOCKS(x) \
4243 + DISABLE_PREEMPT(); \
4244 + rcu_read_lock(); \
4245 @@ -63107,7 +63088,7 @@ index 0000000..0dc13c3
4246 +EXPORT_SYMBOL(gr_log_timechange);
4247 diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
4248 new file mode 100644
4249 -index 0000000..07e0dc0
4250 +index 0000000..ac20d7f
4251 --- /dev/null
4252 +++ b/grsecurity/grsec_tpe.c
4253 @@ -0,0 +1,73 @@
4254 @@ -63129,7 +63110,7 @@ index 0000000..07e0dc0
4255 + char *msg2 = NULL;
4256 +
4257 + // never restrict root
4258 -+ if (!cred->uid)
4259 ++ if (uid_eq(cred->uid, GLOBAL_ROOT_UID))
4260 + return 1;
4261 +
4262 + if (grsec_enable_tpe) {
4263 @@ -63150,7 +63131,7 @@ index 0000000..07e0dc0
4264 + if (!msg)
4265 + goto next_check;
4266 +
4267 -+ if (inode->i_uid)
4268 ++ if (!uid_eq(inode->i_uid, GLOBAL_ROOT_UID))
4269 + msg2 = "file in non-root-owned directory";
4270 + else if (inode->i_mode & S_IWOTH)
4271 + msg2 = "file in world-writable directory";
4272 @@ -63169,7 +63150,7 @@ index 0000000..07e0dc0
4273 + if (!grsec_enable_tpe || !grsec_enable_tpe_all)
4274 + return 1;
4275 +
4276 -+ if (inode->i_uid && (inode->i_uid != cred->uid))
4277 ++ if (!uid_eq(inode->i_uid, GLOBAL_ROOT_UID) && !uid_eq(inode->i_uid, cred->uid))
4278 + msg = "directory not owned by user";
4279 + else if (inode->i_mode & S_IWOTH)
4280 + msg = "file in world-writable directory";
4281 @@ -65046,7 +65027,7 @@ index 0000000..be66033
4282 +#endif
4283 diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
4284 new file mode 100644
4285 -index 0000000..baa6e96
4286 +index 0000000..9bb6662
4287 --- /dev/null
4288 +++ b/include/linux/grinternal.h
4289 @@ -0,0 +1,215 @@
4290 @@ -65112,18 +65093,18 @@ index 0000000..baa6e96
4291 +extern int grsec_enable_chroot_sysctl;
4292 +extern int grsec_enable_chroot_unix;
4293 +extern int grsec_enable_symlinkown;
4294 -+extern int grsec_symlinkown_gid;
4295 ++extern kgid_t grsec_symlinkown_gid;
4296 +extern int grsec_enable_tpe;
4297 -+extern int grsec_tpe_gid;
4298 ++extern kgid_t grsec_tpe_gid;
4299 +extern int grsec_enable_tpe_all;
4300 +extern int grsec_enable_tpe_invert;
4301 +extern int grsec_enable_socket_all;
4302 -+extern int grsec_socket_all_gid;
4303 ++extern kgid_t grsec_socket_all_gid;
4304 +extern int grsec_enable_socket_client;
4305 -+extern int grsec_socket_client_gid;
4306 ++extern kgid_t grsec_socket_client_gid;
4307 +extern int grsec_enable_socket_server;
4308 -+extern int grsec_socket_server_gid;
4309 -+extern int grsec_audit_gid;
4310 ++extern kgid_t grsec_socket_server_gid;
4311 ++extern kgid_t grsec_audit_gid;
4312 +extern int grsec_enable_group;
4313 +extern int grsec_enable_audit_textrel;
4314 +extern int grsec_enable_log_rwxmaps;
4315 @@ -65384,7 +65365,7 @@ index 0000000..2bd4c8d
4316 +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
4317 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
4318 new file mode 100644
4319 -index 0000000..c5e5913
4320 +index 0000000..1ae241a
4321 --- /dev/null
4322 +++ b/include/linux/grsecurity.h
4323 @@ -0,0 +1,257 @@
4324 @@ -65432,8 +65413,8 @@ index 0000000..c5e5913
4325 +
4326 +int gr_acl_enable_at_secure(void);
4327 +
4328 -+int gr_check_user_change(int real, int effective, int fs);
4329 -+int gr_check_group_change(int real, int effective, int fs);
4330 ++int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
4331 ++int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
4332 +
4333 +void gr_del_task_from_ip_table(struct task_struct *p);
4334 +
4335 @@ -65505,7 +65486,7 @@ index 0000000..c5e5913
4336 +void gr_copy_label(struct task_struct *tsk);
4337 +void gr_handle_crash(struct task_struct *task, const int sig);
4338 +int gr_handle_signal(const struct task_struct *p, const int sig);
4339 -+int gr_check_crash_uid(const uid_t uid);
4340 ++int gr_check_crash_uid(const kuid_t uid);
4341 +int gr_check_protected_task(const struct task_struct *task);
4342 +int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
4343 +int gr_acl_handle_mmap(const struct file *file,
4344 @@ -65532,8 +65513,8 @@ index 0000000..c5e5913
4345 +int gr_check_crash_exec(const struct file *filp);
4346 +int gr_acl_is_enabled(void);
4347 +void gr_set_kernel_label(struct task_struct *task);
4348 -+void gr_set_role_label(struct task_struct *task, const uid_t uid,
4349 -+ const gid_t gid);
4350 ++void gr_set_role_label(struct task_struct *task, const kuid_t uid,
4351 ++ const kgid_t gid);
4352 +int gr_set_proc_label(const struct dentry *dentry,
4353 + const struct vfsmount *mnt,
4354 + const int unsafe_flags);
4355 @@ -65633,7 +65614,7 @@ index 0000000..c5e5913
4356 +extern int grsec_disable_privio;
4357 +
4358 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
4359 -+extern int grsec_proc_gid;
4360 ++extern kgid_t grsec_proc_gid;
4361 +#endif
4362 +
4363 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
4364 @@ -67652,6 +67633,18 @@ index 5ca0951..ab496a5 100644
4365 ret; \
4366 })
4367
4368 +diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
4369 +index 8e522cbc..1b67af5 100644
4370 +--- a/include/linux/uidgid.h
4371 ++++ b/include/linux/uidgid.h
4372 +@@ -197,4 +197,7 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
4373 +
4374 + #endif /* CONFIG_USER_NS */
4375 +
4376 ++#define GR_GLOBAL_UID(x) from_kuid_munged(&init_user_ns, (x))
4377 ++#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x))
4378 ++
4379 + #endif /* _LINUX_UIDGID_H */
4380 diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h
4381 index 99c1b4d..bb94261 100644
4382 --- a/include/linux/unaligned/access_ok.h
4383 @@ -68732,7 +68725,7 @@ index 0993a22..32ba2fe 100644
4384 void *pmi_pal;
4385 u8 *vbe_state_orig; /*
4386 diff --git a/init/Kconfig b/init/Kconfig
4387 -index be8b7f5..b13cb62 100644
4388 +index be8b7f5..1eeca9b 100644
4389 --- a/init/Kconfig
4390 +++ b/init/Kconfig
4391 @@ -990,6 +990,7 @@ endif # CGROUPS
4392 @@ -68743,16 +68736,7 @@ index be8b7f5..b13cb62 100644
4393 default n
4394 help
4395 Enables additional kernel features in a sake of checkpoint/restore.
4396 -@@ -1079,6 +1080,8 @@ config UIDGID_CONVERTED
4397 - depends on OCFS2_FS = n
4398 - depends on XFS_FS = n
4399 -
4400 -+ depends on GRKERNSEC = n
4401 -+
4402 - config UIDGID_STRICT_TYPE_CHECKS
4403 - bool "Require conversions between uid/gids and their internal representation"
4404 - depends on UIDGID_CONVERTED
4405 -@@ -1468,7 +1471,7 @@ config SLUB_DEBUG
4406 +@@ -1468,7 +1469,7 @@ config SLUB_DEBUG
4407
4408 config COMPAT_BRK
4409 bool "Disable heap randomization"
4410 @@ -68761,7 +68745,7 @@ index be8b7f5..b13cb62 100644
4411 help
4412 Randomizing heap placement makes heap exploits harder, but it
4413 also breaks ancient binaries (including anything libc5 based).
4414 -@@ -1711,7 +1714,7 @@ config INIT_ALL_POSSIBLE
4415 +@@ -1711,7 +1712,7 @@ config INIT_ALL_POSSIBLE
4416 config STOP_MACHINE
4417 bool
4418 default y
4419 @@ -69091,7 +69075,7 @@ index 84c6bf1..8899338 100644
4420 next_state = Reset;
4421 return 0;
4422 diff --git a/init/main.c b/init/main.c
4423 -index cee4b5c..47f445e 100644
4424 +index cee4b5c..9c267d9 100644
4425 --- a/init/main.c
4426 +++ b/init/main.c
4427 @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
4428 @@ -69108,10 +69092,10 @@ index cee4b5c..47f445e 100644
4429 __setup("reset_devices", set_reset_devices);
4430
4431 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
4432 -+int grsec_proc_gid = CONFIG_GRKERNSEC_PROC_GID;
4433 ++kgid_t grsec_proc_gid = KGIDT_INIT(CONFIG_GRKERNSEC_PROC_GID);
4434 +static int __init setup_grsec_proc_gid(char *str)
4435 +{
4436 -+ grsec_proc_gid = (int)simple_strtol(str, NULL, 0);
4437 ++ grsec_proc_gid = KGIDT_INIT(simple_strtol(str, NULL, 0));
4438 + return 1;
4439 +}
4440 +__setup("grsec_proc_gid=", setup_grsec_proc_gid);
4441 @@ -69334,7 +69318,7 @@ index 58d31f1..cce7a55 100644
4442 sem_params.flg = semflg;
4443 sem_params.u.nsems = nsems;
4444 diff --git a/ipc/shm.c b/ipc/shm.c
4445 -index 4fa6d8f..38dfd0c 100644
4446 +index 4fa6d8f..55cff14 100644
4447 --- a/ipc/shm.c
4448 +++ b/ipc/shm.c
4449 @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
4450 @@ -69343,7 +69327,7 @@ index 4fa6d8f..38dfd0c 100644
4451
4452 +#ifdef CONFIG_GRKERNSEC
4453 +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
4454 -+ const time_t shm_createtime, const uid_t cuid,
4455 ++ const time_t shm_createtime, const kuid_t cuid,
4456 + const int shmid);
4457 +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
4458 + const time_t shm_createtime);
4459 @@ -69599,10 +69583,10 @@ index 493d972..f87dfbd 100644
4460 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
4461 +}
4462 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
4463 -index 4855892..30d23b4 100644
4464 +index 1e23664..570a83d 100644
4465 --- a/kernel/cgroup.c
4466 +++ b/kernel/cgroup.c
4467 -@@ -5535,7 +5535,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
4468 +@@ -5543,7 +5543,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
4469 struct css_set *cg = link->cg;
4470 struct task_struct *task;
4471 int count = 0;
4472 @@ -69794,7 +69778,7 @@ index 42e8fa0..9e7406b 100644
4473 return -ENOMEM;
4474
4475 diff --git a/kernel/cred.c b/kernel/cred.c
4476 -index e0573a4..eefe488 100644
4477 +index e0573a4..3874e41 100644
4478 --- a/kernel/cred.c
4479 +++ b/kernel/cred.c
4480 @@ -164,6 +164,16 @@ void exit_creds(struct task_struct *tsk)
4481 @@ -69832,7 +69816,7 @@ index e0573a4..eefe488 100644
4482 /* dumpability changes */
4483 if (!uid_eq(old->euid, new->euid) ||
4484 !gid_eq(old->egid, new->egid) ||
4485 -@@ -479,6 +491,101 @@ int commit_creds(struct cred *new)
4486 +@@ -479,6 +491,102 @@ int commit_creds(struct cred *new)
4487 put_cred(old);
4488 return 0;
4489 }
4490 @@ -69846,7 +69830,7 @@ index e0573a4..eefe488 100644
4491 +
4492 + current->delayed_cred = NULL;
4493 +
4494 -+ if (current_uid() && new != NULL) {
4495 ++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID) && new != NULL) {
4496 + // from doing get_cred on it when queueing this
4497 + put_cred(new);
4498 + return;
4499 @@ -69907,7 +69891,8 @@ index e0573a4..eefe488 100644
4500 + init_cred
4501 + */
4502 + if (grsec_enable_setxid && !current_is_single_threaded() &&
4503 -+ !current_uid() && new->uid) {
4504 ++ uid_eq(current_uid(), GLOBAL_ROOT_UID) &&
4505 ++ !uid_eq(new->uid, GLOBAL_ROOT_UID)) {
4506 + schedule_it = 1;
4507 + }
4508 + ret = __commit_creds(new);
4509 @@ -70639,7 +70624,7 @@ index 60f48fa..7f3a770 100644
4510
4511 static int
4512 diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
4513 -index 2169fee..45c017a 100644
4514 +index 2169fee..706ccca 100644
4515 --- a/kernel/kallsyms.c
4516 +++ b/kernel/kallsyms.c
4517 @@ -11,6 +11,9 @@
4518 @@ -70728,7 +70713,7 @@ index 2169fee..45c017a 100644
4519 struct kallsym_iter *iter = m->private;
4520
4521 +#ifdef CONFIG_GRKERNSEC_HIDESYM
4522 -+ if (current_uid())
4523 ++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID))
4524 + return 0;
4525 +#endif
4526 +
4527 @@ -70782,7 +70767,7 @@ index 5e4bd78..00c5b91 100644
4528
4529 /* Don't allow clients that don't understand the native
4530 diff --git a/kernel/kmod.c b/kernel/kmod.c
4531 -index 0023a87..3fe3781 100644
4532 +index 0023a87..b893e79 100644
4533 --- a/kernel/kmod.c
4534 +++ b/kernel/kmod.c
4535 @@ -74,7 +74,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
4536 @@ -70840,7 +70825,7 @@ index 0023a87..3fe3781 100644
4537 return ret;
4538
4539 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
4540 -+ if (!current_uid()) {
4541 ++ if (uid_eq(current_uid(), GLOBAL_ROOT_UID)) {
4542 + /* hack to workaround consolekit/udisks stupidity */
4543 + read_lock(&tasklist_lock);
4544 + if (!strcmp(current->comm, "mount") &&
4545 @@ -70885,12 +70870,12 @@ index 0023a87..3fe3781 100644
4546 + int ret;
4547 +
4548 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
4549 -+ if (current_uid()) {
4550 ++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)) {
4551 + char module_param[MODULE_NAME_LEN];
4552 +
4553 + memset(module_param, 0, sizeof(module_param));
4554 +
4555 -+ snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", current_uid());
4556 ++ snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", GR_GLOBAL_UID(current_uid()));
4557 +
4558 + va_start(args, fmt);
4559 + ret = ____request_module(wait, module_param, fmt, args);
4560 @@ -72087,7 +72072,7 @@ index 942ca27..111e609 100644
4561 .clock_get = thread_cpu_clock_get,
4562 .timer_create = thread_cpu_timer_create,
4563 diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
4564 -index 69185ae..cc2847a 100644
4565 +index e885be1..380fe76 100644
4566 --- a/kernel/posix-timers.c
4567 +++ b/kernel/posix-timers.c
4568 @@ -43,6 +43,7 @@
4569 @@ -72170,7 +72155,7 @@ index 69185ae..cc2847a 100644
4570 }
4571
4572 static int common_timer_create(struct k_itimer *new_timer)
4573 -@@ -959,6 +960,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
4574 +@@ -966,6 +967,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
4575 if (copy_from_user(&new_tp, tp, sizeof (*tp)))
4576 return -EFAULT;
4577
4578 @@ -73541,7 +73526,7 @@ index 2f194e9..2c05ea9 100644
4579 .priority = 10,
4580 };
4581 diff --git a/kernel/sys.c b/kernel/sys.c
4582 -index 265b376..b0cd50d 100644
4583 +index 265b376..4e42ef5 100644
4584 --- a/kernel/sys.c
4585 +++ b/kernel/sys.c
4586 @@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
4587 @@ -73561,7 +73546,7 @@ index 265b376..b0cd50d 100644
4588 goto error;
4589 }
4590
4591 -+ if (gr_check_group_change(new->gid, new->egid, -1))
4592 ++ if (gr_check_group_change(new->gid, new->egid, INVALID_GID))
4593 + goto error;
4594 +
4595 if (rgid != (gid_t) -1 ||
4596 @@ -73591,7 +73576,7 @@ index 265b376..b0cd50d 100644
4597 goto error;
4598 }
4599
4600 -+ if (gr_check_user_change(new->uid, new->euid, -1))
4601 ++ if (gr_check_user_change(new->uid, new->euid, INVALID_UID))
4602 + goto error;
4603 +
4604 if (!uid_eq(new->uid, old->uid)) {
4605 @@ -73614,7 +73599,7 @@ index 265b376..b0cd50d 100644
4606 goto error;
4607 }
4608
4609 -+ if (gr_check_user_change(kruid, keuid, -1))
4610 ++ if (gr_check_user_change(kruid, keuid, INVALID_UID))
4611 + goto error;
4612 +
4613 if (ruid != (uid_t) -1) {
4614 @@ -73624,7 +73609,7 @@ index 265b376..b0cd50d 100644
4615 goto error;
4616 }
4617
4618 -+ if (gr_check_group_change(krgid, kegid, -1))
4619 ++ if (gr_check_group_change(krgid, kegid, INVALID_GID))
4620 + goto error;
4621 +
4622 if (rgid != (gid_t) -1)
4623 @@ -73634,7 +73619,7 @@ index 265b376..b0cd50d 100644
4624 if (!uid_valid(kuid))
4625 return old_fsuid;
4626
4627 -+ if (gr_check_user_change(-1, -1, kuid))
4628 ++ if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid))
4629 + goto error;
4630 +
4631 new = prepare_creds();
4632 @@ -73652,7 +73637,7 @@ index 265b376..b0cd50d 100644
4633 if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
4634 gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
4635 nsown_capable(CAP_SETGID)) {
4636 -+ if (gr_check_group_change(-1, -1, kgid))
4637 ++ if (gr_check_group_change(INVALID_GID, INVALID_GID, kgid))
4638 + goto error;
4639 +
4640 if (!gid_eq(kgid, old->fsgid)) {
4641 @@ -73896,7 +73881,7 @@ index c88878d..99d321b 100644
4642 EXPORT_SYMBOL(proc_doulongvec_minmax);
4643 EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax);
4644 diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
4645 -index 5a63844..a199f50 100644
4646 +index 0ddf3a0..a199f50 100644
4647 --- a/kernel/sysctl_binary.c
4648 +++ b/kernel/sysctl_binary.c
4649 @@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file,
4650 @@ -73953,19 +73938,7 @@ index 5a63844..a199f50 100644
4651 set_fs(old_fs);
4652 if (result < 0)
4653 goto out;
4654 -@@ -1194,9 +1194,10 @@ static ssize_t bin_dn_node_address(struct file *file,
4655 -
4656 - /* Convert the decnet address to binary */
4657 - result = -EIO;
4658 -- nodep = strchr(buf, '.') + 1;
4659 -+ nodep = strchr(buf, '.');
4660 - if (!nodep)
4661 - goto out;
4662 -+ ++nodep;
4663 -
4664 - area = simple_strtoul(buf, NULL, 10);
4665 - node = simple_strtoul(nodep, NULL, 10);
4666 -@@ -1233,7 +1234,7 @@ static ssize_t bin_dn_node_address(struct file *file,
4667 +@@ -1234,7 +1234,7 @@ static ssize_t bin_dn_node_address(struct file *file,
4668 le16_to_cpu(dnaddr) & 0x3ff);
4669
4670 set_fs(KERNEL_DS);
4671 @@ -74236,7 +74209,7 @@ index c0bd030..62a1927 100644
4672 ret = -EIO;
4673 bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
4674 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
4675 -index 41473b4..325fcfc 100644
4676 +index 43defd1..76da436 100644
4677 --- a/kernel/trace/ftrace.c
4678 +++ b/kernel/trace/ftrace.c
4679 @@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
4680 @@ -74279,7 +74252,7 @@ index 41473b4..325fcfc 100644
4681
4682 start_pg = ftrace_allocate_pages(count);
4683 if (!start_pg)
4684 -@@ -4541,8 +4548,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
4685 +@@ -4559,8 +4566,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
4686 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
4687
4688 static int ftrace_graph_active;
4689 @@ -74288,7 +74261,7 @@ index 41473b4..325fcfc 100644
4690 int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace)
4691 {
4692 return 0;
4693 -@@ -4686,6 +4691,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
4694 +@@ -4704,6 +4709,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
4695 return NOTIFY_DONE;
4696 }
4697
4698 @@ -74299,7 +74272,7 @@ index 41473b4..325fcfc 100644
4699 int register_ftrace_graph(trace_func_graph_ret_t retfunc,
4700 trace_func_graph_ent_t entryfunc)
4701 {
4702 -@@ -4699,7 +4708,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
4703 +@@ -4717,7 +4726,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
4704 goto out;
4705 }
4706
4707 @@ -74955,26 +74928,6 @@ index 5e396ac..58d5de1 100644
4708 err_printk(dev, NULL, "DMA-API: device driver maps memory from"
4709 "stack [addr=%p]\n", addr);
4710 }
4711 -diff --git a/lib/idr.c b/lib/idr.c
4712 -index 6482390..ca5aa00 100644
4713 ---- a/lib/idr.c
4714 -+++ b/lib/idr.c
4715 -@@ -625,7 +625,14 @@ void *idr_get_next(struct idr *idp, int *nextidp)
4716 - return p;
4717 - }
4718 -
4719 -- id += 1 << n;
4720 -+ /*
4721 -+ * Proceed to the next layer at the current level. Unlike
4722 -+ * idr_for_each(), @id isn't guaranteed to be aligned to
4723 -+ * layer boundary at this point and adding 1 << n may
4724 -+ * incorrectly skip IDs. Make sure we jump to the
4725 -+ * beginning of the next layer using round_up().
4726 -+ */
4727 -+ id = round_up(id + 1, 1 << n);
4728 - while (n < fls(id)) {
4729 - n += IDR_BITS;
4730 - p = *--paa;
4731 diff --git a/lib/inflate.c b/lib/inflate.c
4732 index 013a761..c28f3fc 100644
4733 --- a/lib/inflate.c
4734 @@ -76555,7 +76508,7 @@ index c9bd528..da8d069 100644
4735 capable(CAP_IPC_LOCK))
4736 ret = do_mlockall(flags);
4737 diff --git a/mm/mmap.c b/mm/mmap.c
4738 -index d1e4124..7d36e4f 100644
4739 +index 8832b87..7d36e4f 100644
4740 --- a/mm/mmap.c
4741 +++ b/mm/mmap.c
4742 @@ -32,6 +32,7 @@
4743 @@ -77301,51 +77254,7 @@ index d1e4124..7d36e4f 100644
4744 spin_unlock(&vma->vm_mm->page_table_lock);
4745
4746 perf_event_mmap(vma);
4747 -@@ -2169,9 +2477,28 @@ int expand_downwards(struct vm_area_struct *vma,
4748 - return error;
4749 - }
4750 -
4751 -+/*
4752 -+ * Note how expand_stack() refuses to expand the stack all the way to
4753 -+ * abut the next virtual mapping, *unless* that mapping itself is also
4754 -+ * a stack mapping. We want to leave room for a guard page, after all
4755 -+ * (the guard page itself is not added here, that is done by the
4756 -+ * actual page faulting logic)
4757 -+ *
4758 -+ * This matches the behavior of the guard page logic (see mm/memory.c:
4759 -+ * check_stack_guard_page()), which only allows the guard page to be
4760 -+ * removed under these circumstances.
4761 -+ */
4762 - #ifdef CONFIG_STACK_GROWSUP
4763 - int expand_stack(struct vm_area_struct *vma, unsigned long address)
4764 - {
4765 -+ struct vm_area_struct *next;
4766 -+
4767 -+ address &= PAGE_MASK;
4768 -+ next = vma->vm_next;
4769 -+ if (next && next->vm_start == address + PAGE_SIZE) {
4770 -+ if (!(next->vm_flags & VM_GROWSUP))
4771 -+ return -ENOMEM;
4772 -+ }
4773 - return expand_upwards(vma, address);
4774 - }
4775 -
4776 -@@ -2194,6 +2521,14 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr)
4777 - #else
4778 - int expand_stack(struct vm_area_struct *vma, unsigned long address)
4779 - {
4780 -+ struct vm_area_struct *prev;
4781 -+
4782 -+ address &= PAGE_MASK;
4783 -+ prev = vma->vm_prev;
4784 -+ if (prev && prev->vm_end == address) {
4785 -+ if (!(prev->vm_flags & VM_GROWSDOWN))
4786 -+ return -ENOMEM;
4787 -+ }
4788 - return expand_downwards(vma, address);
4789 - }
4790 -
4791 -@@ -2236,6 +2571,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
4792 +@@ -2263,6 +2571,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
4793 do {
4794 long nrpages = vma_pages(vma);
4795
4796 @@ -77359,7 +77268,7 @@ index d1e4124..7d36e4f 100644
4797 if (vma->vm_flags & VM_ACCOUNT)
4798 nr_accounted += nrpages;
4799 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
4800 -@@ -2281,6 +2623,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
4801 +@@ -2308,6 +2623,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
4802 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
4803 vma->vm_prev = NULL;
4804 do {
4805 @@ -77376,7 +77285,7 @@ index d1e4124..7d36e4f 100644
4806 vma_rb_erase(vma, &mm->mm_rb);
4807 mm->map_count--;
4808 tail_vma = vma;
4809 -@@ -2312,14 +2664,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4810 +@@ -2339,14 +2664,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4811 struct vm_area_struct *new;
4812 int err = -ENOMEM;
4813
4814 @@ -77410,7 +77319,7 @@ index d1e4124..7d36e4f 100644
4815 /* most fields are the same, copy all, and then fixup */
4816 *new = *vma;
4817
4818 -@@ -2332,6 +2703,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4819 +@@ -2359,6 +2703,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4820 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
4821 }
4822
4823 @@ -77433,7 +77342,7 @@ index d1e4124..7d36e4f 100644
4824 pol = mpol_dup(vma_policy(vma));
4825 if (IS_ERR(pol)) {
4826 err = PTR_ERR(pol);
4827 -@@ -2354,6 +2741,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4828 +@@ -2381,6 +2741,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4829 else
4830 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
4831
4832 @@ -77470,7 +77379,7 @@ index d1e4124..7d36e4f 100644
4833 /* Success. */
4834 if (!err)
4835 return 0;
4836 -@@ -2363,10 +2780,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4837 +@@ -2390,10 +2780,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4838 new->vm_ops->close(new);
4839 if (new->vm_file)
4840 fput(new->vm_file);
4841 @@ -77490,7 +77399,7 @@ index d1e4124..7d36e4f 100644
4842 kmem_cache_free(vm_area_cachep, new);
4843 out_err:
4844 return err;
4845 -@@ -2379,6 +2804,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4846 +@@ -2406,6 +2804,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
4847 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
4848 unsigned long addr, int new_below)
4849 {
4850 @@ -77506,7 +77415,7 @@ index d1e4124..7d36e4f 100644
4851 if (mm->map_count >= sysctl_max_map_count)
4852 return -ENOMEM;
4853
4854 -@@ -2390,11 +2824,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
4855 +@@ -2417,11 +2824,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
4856 * work. This now handles partial unmappings.
4857 * Jeremy Fitzhardinge <jeremy@××××.org>
4858 */
4859 @@ -77537,7 +77446,7 @@ index d1e4124..7d36e4f 100644
4860 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
4861 return -EINVAL;
4862
4863 -@@ -2469,6 +2922,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
4864 +@@ -2496,6 +2922,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
4865 /* Fix up all other VM information */
4866 remove_vma_list(mm, vma);
4867
4868 @@ -77546,7 +77455,7 @@ index d1e4124..7d36e4f 100644
4869 return 0;
4870 }
4871
4872 -@@ -2477,6 +2932,13 @@ int vm_munmap(unsigned long start, size_t len)
4873 +@@ -2504,6 +2932,13 @@ int vm_munmap(unsigned long start, size_t len)
4874 int ret;
4875 struct mm_struct *mm = current->mm;
4876
4877 @@ -77560,7 +77469,7 @@ index d1e4124..7d36e4f 100644
4878 down_write(&mm->mmap_sem);
4879 ret = do_munmap(mm, start, len);
4880 up_write(&mm->mmap_sem);
4881 -@@ -2490,16 +2952,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
4882 +@@ -2517,16 +2952,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
4883 return vm_munmap(addr, len);
4884 }
4885
4886 @@ -77577,7 +77486,7 @@ index d1e4124..7d36e4f 100644
4887 /*
4888 * this is really a simplified "do_mmap". it only handles
4889 * anonymous maps. eventually we may be able to do some
4890 -@@ -2513,6 +2965,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4891 +@@ -2540,6 +2965,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4892 struct rb_node ** rb_link, * rb_parent;
4893 pgoff_t pgoff = addr >> PAGE_SHIFT;
4894 int error;
4895 @@ -77585,7 +77494,7 @@ index d1e4124..7d36e4f 100644
4896
4897 len = PAGE_ALIGN(len);
4898 if (!len)
4899 -@@ -2520,16 +2973,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4900 +@@ -2547,16 +2973,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4901
4902 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
4903
4904 @@ -77617,7 +77526,7 @@ index d1e4124..7d36e4f 100644
4905 locked += mm->locked_vm;
4906 lock_limit = rlimit(RLIMIT_MEMLOCK);
4907 lock_limit >>= PAGE_SHIFT;
4908 -@@ -2546,21 +3013,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4909 +@@ -2573,21 +3013,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4910 /*
4911 * Clear old maps. this also does some error checking for us
4912 */
4913 @@ -77642,7 +77551,7 @@ index d1e4124..7d36e4f 100644
4914 return -ENOMEM;
4915
4916 /* Can we just expand an old private anonymous mapping? */
4917 -@@ -2574,7 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4918 +@@ -2601,7 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4919 */
4920 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
4921 if (!vma) {
4922 @@ -77651,7 +77560,7 @@ index d1e4124..7d36e4f 100644
4923 return -ENOMEM;
4924 }
4925
4926 -@@ -2588,11 +3054,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4927 +@@ -2615,11 +3054,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
4928 vma_link(mm, vma, prev, rb_link, rb_parent);
4929 out:
4930 perf_event_mmap(vma);
4931 @@ -77666,7 +77575,7 @@ index d1e4124..7d36e4f 100644
4932 return addr;
4933 }
4934
4935 -@@ -2650,6 +3117,7 @@ void exit_mmap(struct mm_struct *mm)
4936 +@@ -2677,6 +3117,7 @@ void exit_mmap(struct mm_struct *mm)
4937 while (vma) {
4938 if (vma->vm_flags & VM_ACCOUNT)
4939 nr_accounted += vma_pages(vma);
4940 @@ -77674,7 +77583,7 @@ index d1e4124..7d36e4f 100644
4941 vma = remove_vma(vma);
4942 }
4943 vm_unacct_memory(nr_accounted);
4944 -@@ -2666,6 +3134,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
4945 +@@ -2693,6 +3134,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
4946 struct vm_area_struct *prev;
4947 struct rb_node **rb_link, *rb_parent;
4948
4949 @@ -77688,7 +77597,7 @@ index d1e4124..7d36e4f 100644
4950 /*
4951 * The vm_pgoff of a purely anonymous vma should be irrelevant
4952 * until its first write fault, when page's anon_vma and index
4953 -@@ -2689,7 +3164,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
4954 +@@ -2716,7 +3164,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
4955 security_vm_enough_memory_mm(mm, vma_pages(vma)))
4956 return -ENOMEM;
4957
4958 @@ -77710,7 +77619,7 @@ index d1e4124..7d36e4f 100644
4959 return 0;
4960 }
4961
4962 -@@ -2709,6 +3198,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
4963 +@@ -2736,6 +3198,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
4964 struct mempolicy *pol;
4965 bool faulted_in_anon_vma = true;
4966
4967 @@ -77719,7 +77628,7 @@ index d1e4124..7d36e4f 100644
4968 /*
4969 * If anonymous vma has not yet been faulted, update new pgoff
4970 * to match new location, to increase its chance of merging.
4971 -@@ -2775,6 +3266,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
4972 +@@ -2802,6 +3266,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
4973 return NULL;
4974 }
4975
4976 @@ -77759,7 +77668,7 @@ index d1e4124..7d36e4f 100644
4977 /*
4978 * Return true if the calling process may expand its vm space by the passed
4979 * number of pages
4980 -@@ -2786,6 +3310,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
4981 +@@ -2813,6 +3310,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
4982
4983 lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
4984
4985 @@ -77772,7 +77681,7 @@ index d1e4124..7d36e4f 100644
4986 if (cur + npages > lim)
4987 return 0;
4988 return 1;
4989 -@@ -2856,6 +3386,22 @@ int install_special_mapping(struct mm_struct *mm,
4990 +@@ -2883,6 +3386,22 @@ int install_special_mapping(struct mm_struct *mm,
4991 vma->vm_start = addr;
4992 vma->vm_end = addr + len;
4993
4994 @@ -85392,6 +85301,21 @@ index 38be92c..21f49ee 100644
4995 .name = "smack",
4996
4997 .ptrace_access_check = smack_ptrace_access_check,
4998 +diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
4999 +index 390c646..f2f8db3 100644
5000 +--- a/security/tomoyo/mount.c
5001 ++++ b/security/tomoyo/mount.c
5002 +@@ -118,6 +118,10 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r,
5003 + type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
5004 + need_dev = -1; /* dev_name is a directory */
5005 + } else {
5006 ++ if (!capable(CAP_SYS_ADMIN)) {
5007 ++ error = -EPERM;
5008 ++ goto out;
5009 ++ }
5010 + fstype = get_fs_type(type);
5011 + if (!fstype) {
5012 + error = -ENODEV;
5013 diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
5014 index a2ee362..5754f34 100644
5015 --- a/security/tomoyo/tomoyo.c
Report Message
Find on MARC Find on Google Groups