Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.7.4/
Date: Mon, 28 Jan 2013 02:35:38
Message-Id: 1359340512.9702cf7ee1699958f6aa0d934e6915ba8959ac17.blueness@gentoo
1 commit: 9702cf7ee1699958f6aa0d934e6915ba8959ac17
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Mon Jan 28 02:35:12 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Mon Jan 28 02:35:12 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=9702cf7e
7
8 Grsec/PaX: 2.9.1-3.7.4-201301252226
9
10 ---
11 3.7.4/0000_README | 6 +-
12 3.7.4/1003_linux-3.7.4.patch | 1266 --------------------
13 ...4420_grsecurity-2.9.1-3.7.4-201301252226.patch} | 164 ++-
14 3 files changed, 120 insertions(+), 1316 deletions(-)
15
16 diff --git a/3.7.4/0000_README b/3.7.4/0000_README
17 index b3b6291..f410177 100644
18 --- a/3.7.4/0000_README
19 +++ b/3.7.4/0000_README
20 @@ -2,11 +2,7 @@ README
21 -----------------------------------------------------------------------------
22 Individual Patch Descriptions:
23 -----------------------------------------------------------------------------
24 -Patch: 1003_linux-3.7.4.patch
25 -From: http://www.kernel.org
26 -Desc: Linux 3.7.4
27 -
28 -Patch: 4420_grsecurity-2.9.1-3.7.4-201301230048.patch
29 +Patch: 4420_grsecurity-2.9.1-3.7.4-201301252226.patch
30 From: http://www.grsecurity.net
31 Desc: hardened-sources base patch from upstream grsecurity
32
33
34 diff --git a/3.7.4/1003_linux-3.7.4.patch b/3.7.4/1003_linux-3.7.4.patch
35 deleted file mode 100644
36 index a0c6ff7..0000000
37 --- a/3.7.4/1003_linux-3.7.4.patch
38 +++ /dev/null
39 @@ -1,1266 +0,0 @@
40 -diff --git a/Makefile b/Makefile
41 -index 51a9bda..f9196bc 100644
42 ---- a/Makefile
43 -+++ b/Makefile
44 -@@ -1,6 +1,6 @@
45 - VERSION = 3
46 - PATCHLEVEL = 7
47 --SUBLEVEL = 3
48 -+SUBLEVEL = 4
49 - EXTRAVERSION =
50 - NAME = Terrified Chipmunk
51 -
52 -diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
53 -index 64b1339..7adf414 100644
54 ---- a/arch/arm64/include/asm/pgtable.h
55 -+++ b/arch/arm64/include/asm/pgtable.h
56 -@@ -132,9 +132,8 @@ extern struct page *empty_zero_page;
57 - #define pte_write(pte) (!(pte_val(pte) & PTE_RDONLY))
58 - #define pte_exec(pte) (!(pte_val(pte) & PTE_UXN))
59 -
60 --#define pte_present_exec_user(pte) \
61 -- ((pte_val(pte) & (PTE_VALID | PTE_USER | PTE_UXN)) == \
62 -- (PTE_VALID | PTE_USER))
63 -+#define pte_present_user(pte) \
64 -+ ((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
65 -
66 - #define PTE_BIT_FUNC(fn,op) \
67 - static inline pte_t pte_##fn(pte_t pte) { pte_val(pte) op; return pte; }
68 -@@ -157,10 +156,13 @@ extern void __sync_icache_dcache(pte_t pteval, unsigned long addr);
69 - static inline void set_pte_at(struct mm_struct *mm, unsigned long addr,
70 - pte_t *ptep, pte_t pte)
71 - {
72 -- if (pte_present_exec_user(pte))
73 -- __sync_icache_dcache(pte, addr);
74 -- if (!pte_dirty(pte))
75 -- pte = pte_wrprotect(pte);
76 -+ if (pte_present_user(pte)) {
77 -+ if (pte_exec(pte))
78 -+ __sync_icache_dcache(pte, addr);
79 -+ if (!pte_dirty(pte))
80 -+ pte = pte_wrprotect(pte);
81 -+ }
82 -+
83 - set_pte(ptep, pte);
84 - }
85 -
86 -diff --git a/arch/s390/include/asm/timex.h b/arch/s390/include/asm/timex.h
87 -index fba4d66..4c060bb 100644
88 ---- a/arch/s390/include/asm/timex.h
89 -+++ b/arch/s390/include/asm/timex.h
90 -@@ -128,4 +128,32 @@ static inline unsigned long long get_clock_monotonic(void)
91 - return get_clock_xt() - sched_clock_base_cc;
92 - }
93 -
94 -+/**
95 -+ * tod_to_ns - convert a TOD format value to nanoseconds
96 -+ * @todval: to be converted TOD format value
97 -+ * Returns: number of nanoseconds that correspond to the TOD format value
98 -+ *
99 -+ * Converting a 64 Bit TOD format value to nanoseconds means that the value
100 -+ * must be divided by 4.096. In order to achieve that we multiply with 125
101 -+ * and divide by 512:
102 -+ *
103 -+ * ns = (todval * 125) >> 9;
104 -+ *
105 -+ * In order to avoid an overflow with the multiplication we can rewrite this.
106 -+ * With a split todval == 2^32 * th + tl (th upper 32 bits, tl lower 32 bits)
107 -+ * we end up with
108 -+ *
109 -+ * ns = ((2^32 * th + tl) * 125 ) >> 9;
110 -+ * -> ns = (2^23 * th * 125) + ((tl * 125) >> 9);
111 -+ *
112 -+ */
113 -+static inline unsigned long long tod_to_ns(unsigned long long todval)
114 -+{
115 -+ unsigned long long ns;
116 -+
117 -+ ns = ((todval >> 32) << 23) * 125;
118 -+ ns += ((todval & 0xffffffff) * 125) >> 9;
119 -+ return ns;
120 -+}
121 -+
122 - #endif
123 -diff --git a/arch/s390/kernel/time.c b/arch/s390/kernel/time.c
124 -index 7fcd690..b5d8a18 100644
125 ---- a/arch/s390/kernel/time.c
126 -+++ b/arch/s390/kernel/time.c
127 -@@ -63,7 +63,7 @@ static DEFINE_PER_CPU(struct clock_event_device, comparators);
128 - */
129 - unsigned long long notrace __kprobes sched_clock(void)
130 - {
131 -- return (get_clock_monotonic() * 125) >> 9;
132 -+ return tod_to_ns(get_clock_monotonic());
133 - }
134 -
135 - /*
136 -diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
137 -index ff1e2f8..d533389 100644
138 ---- a/arch/s390/kvm/interrupt.c
139 -+++ b/arch/s390/kvm/interrupt.c
140 -@@ -408,7 +408,7 @@ int kvm_s390_handle_wait(struct kvm_vcpu *vcpu)
141 - return 0;
142 - }
143 -
144 -- sltime = ((vcpu->arch.sie_block->ckc - now)*125)>>9;
145 -+ sltime = tod_to_ns(vcpu->arch.sie_block->ckc - now);
146 -
147 - hrtimer_start(&vcpu->arch.ckc_timer, ktime_set (0, sltime) , HRTIMER_MODE_REL);
148 - VCPU_EVENT(vcpu, 5, "enabled wait via clock comparator: %llx ns", sltime);
149 -diff --git a/arch/sh/include/asm/elf.h b/arch/sh/include/asm/elf.h
150 -index 37924af..bf9f44f 100644
151 ---- a/arch/sh/include/asm/elf.h
152 -+++ b/arch/sh/include/asm/elf.h
153 -@@ -203,9 +203,9 @@ extern void __kernel_vsyscall;
154 - if (vdso_enabled) \
155 - NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_BASE); \
156 - else \
157 -- NEW_AUX_ENT(AT_IGNORE, 0);
158 -+ NEW_AUX_ENT(AT_IGNORE, 0)
159 - #else
160 --#define VSYSCALL_AUX_ENT
161 -+#define VSYSCALL_AUX_ENT NEW_AUX_ENT(AT_IGNORE, 0)
162 - #endif /* CONFIG_VSYSCALL */
163 -
164 - #ifdef CONFIG_SH_FPU
165 -diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
166 -index 88b725a..cf8639b 100644
167 ---- a/arch/x86/kernel/entry_32.S
168 -+++ b/arch/x86/kernel/entry_32.S
169 -@@ -1084,7 +1084,6 @@ ENTRY(xen_failsafe_callback)
170 - lea 16(%esp),%esp
171 - CFI_ADJUST_CFA_OFFSET -16
172 - jz 5f
173 -- addl $16,%esp
174 - jmp iret_exc
175 - 5: pushl_cfi $-1 /* orig_ax = -1 => not a system call */
176 - SAVE_ALL
177 -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
178 -index ca45696..86c524c 100644
179 ---- a/arch/x86/kernel/setup.c
180 -+++ b/arch/x86/kernel/setup.c
181 -@@ -614,6 +614,81 @@ static __init void reserve_ibft_region(void)
182 -
183 - static unsigned reserve_low = CONFIG_X86_RESERVE_LOW << 10;
184 -
185 -+static bool __init snb_gfx_workaround_needed(void)
186 -+{
187 -+ int i;
188 -+ u16 vendor, devid;
189 -+ static const u16 snb_ids[] = {
190 -+ 0x0102,
191 -+ 0x0112,
192 -+ 0x0122,
193 -+ 0x0106,
194 -+ 0x0116,
195 -+ 0x0126,
196 -+ 0x010a,
197 -+ };
198 -+
199 -+ /* Assume no if something weird is going on with PCI */
200 -+ if (!early_pci_allowed())
201 -+ return false;
202 -+
203 -+ vendor = read_pci_config_16(0, 2, 0, PCI_VENDOR_ID);
204 -+ if (vendor != 0x8086)
205 -+ return false;
206 -+
207 -+ devid = read_pci_config_16(0, 2, 0, PCI_DEVICE_ID);
208 -+ for (i = 0; i < ARRAY_SIZE(snb_ids); i++)
209 -+ if (devid == snb_ids[i])
210 -+ return true;
211 -+
212 -+ return false;
213 -+}
214 -+
215 -+/*
216 -+ * Sandy Bridge graphics has trouble with certain ranges, exclude
217 -+ * them from allocation.
218 -+ */
219 -+static void __init trim_snb_memory(void)
220 -+{
221 -+ static const unsigned long bad_pages[] = {
222 -+ 0x20050000,
223 -+ 0x20110000,
224 -+ 0x20130000,
225 -+ 0x20138000,
226 -+ 0x40004000,
227 -+ };
228 -+ int i;
229 -+
230 -+ if (!snb_gfx_workaround_needed())
231 -+ return;
232 -+
233 -+ printk(KERN_DEBUG "reserving inaccessible SNB gfx pages\n");
234 -+
235 -+ /*
236 -+ * Reserve all memory below the 1 MB mark that has not
237 -+ * already been reserved.
238 -+ */
239 -+ memblock_reserve(0, 1<<20);
240 -+
241 -+ for (i = 0; i < ARRAY_SIZE(bad_pages); i++) {
242 -+ if (memblock_reserve(bad_pages[i], PAGE_SIZE))
243 -+ printk(KERN_WARNING "failed to reserve 0x%08lx\n",
244 -+ bad_pages[i]);
245 -+ }
246 -+}
247 -+
248 -+/*
249 -+ * Here we put platform-specific memory range workarounds, i.e.
250 -+ * memory known to be corrupt or otherwise in need to be reserved on
251 -+ * specific platforms.
252 -+ *
253 -+ * If this gets used more widely it could use a real dispatch mechanism.
254 -+ */
255 -+static void __init trim_platform_memory_ranges(void)
256 -+{
257 -+ trim_snb_memory();
258 -+}
259 -+
260 - static void __init trim_bios_range(void)
261 - {
262 - /*
263 -@@ -634,6 +709,7 @@ static void __init trim_bios_range(void)
264 - * take them out.
265 - */
266 - e820_remove_range(BIOS_BEGIN, BIOS_END - BIOS_BEGIN, E820_RAM, 1);
267 -+
268 - sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
269 - }
270 -
271 -@@ -912,6 +988,8 @@ void __init setup_arch(char **cmdline_p)
272 -
273 - setup_real_mode();
274 -
275 -+ trim_platform_memory_ranges();
276 -+
277 - init_gbpages();
278 -
279 - /* max_pfn_mapped is updated here */
280 -diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
281 -index be5f7aa..3724891 100644
282 ---- a/drivers/base/firmware_class.c
283 -+++ b/drivers/base/firmware_class.c
284 -@@ -295,7 +295,7 @@ static bool fw_read_file_contents(struct file *file, struct firmware_buf *fw_buf
285 - char *buf;
286 -
287 - size = fw_file_size(file);
288 -- if (size < 0)
289 -+ if (size <= 0)
290 - return false;
291 - buf = vmalloc(size);
292 - if (!buf)
293 -diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c
294 -index 211c402..1a8594b 100644
295 ---- a/drivers/gpu/drm/radeon/r600_cs.c
296 -+++ b/drivers/gpu/drm/radeon/r600_cs.c
297 -@@ -2429,8 +2429,10 @@ static void r600_cs_parser_fini(struct radeon_cs_parser *parser, int error)
298 - kfree(parser->relocs);
299 - for (i = 0; i < parser->nchunks; i++) {
300 - kfree(parser->chunks[i].kdata);
301 -- kfree(parser->chunks[i].kpage[0]);
302 -- kfree(parser->chunks[i].kpage[1]);
303 -+ if (parser->rdev && (parser->rdev->flags & RADEON_IS_AGP)) {
304 -+ kfree(parser->chunks[i].kpage[0]);
305 -+ kfree(parser->chunks[i].kpage[1]);
306 -+ }
307 - }
308 - kfree(parser->chunks);
309 - kfree(parser->chunks_array);
310 -diff --git a/drivers/gpu/drm/radeon/radeon_cs.c b/drivers/gpu/drm/radeon/radeon_cs.c
311 -index 41672cc..dc8d15a 100644
312 ---- a/drivers/gpu/drm/radeon/radeon_cs.c
313 -+++ b/drivers/gpu/drm/radeon/radeon_cs.c
314 -@@ -266,7 +266,7 @@ int radeon_cs_parser_init(struct radeon_cs_parser *p, void *data)
315 - p->chunks[p->chunk_ib_idx].length_dw);
316 - return -EINVAL;
317 - }
318 -- if ((p->rdev->flags & RADEON_IS_AGP)) {
319 -+ if (p->rdev && (p->rdev->flags & RADEON_IS_AGP)) {
320 - p->chunks[p->chunk_ib_idx].kpage[0] = kmalloc(PAGE_SIZE, GFP_KERNEL);
321 - p->chunks[p->chunk_ib_idx].kpage[1] = kmalloc(PAGE_SIZE, GFP_KERNEL);
322 - if (p->chunks[p->chunk_ib_idx].kpage[0] == NULL ||
323 -@@ -570,7 +570,8 @@ static int radeon_cs_update_pages(struct radeon_cs_parser *p, int pg_idx)
324 - struct radeon_cs_chunk *ibc = &p->chunks[p->chunk_ib_idx];
325 - int i;
326 - int size = PAGE_SIZE;
327 -- bool copy1 = (p->rdev->flags & RADEON_IS_AGP) ? false : true;
328 -+ bool copy1 = (p->rdev && (p->rdev->flags & RADEON_IS_AGP)) ?
329 -+ false : true;
330 -
331 - for (i = ibc->last_copied_page + 1; i < pg_idx; i++) {
332 - if (DRM_COPY_FROM_USER(p->ib.ptr + (i * (PAGE_SIZE/4)),
333 -diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
334 -index 9476c1b..c2c07a4 100644
335 ---- a/drivers/iommu/intel-iommu.c
336 -+++ b/drivers/iommu/intel-iommu.c
337 -@@ -2327,8 +2327,39 @@ static int domain_add_dev_info(struct dmar_domain *domain,
338 - return 0;
339 - }
340 -
341 -+static bool device_has_rmrr(struct pci_dev *dev)
342 -+{
343 -+ struct dmar_rmrr_unit *rmrr;
344 -+ int i;
345 -+
346 -+ for_each_rmrr_units(rmrr) {
347 -+ for (i = 0; i < rmrr->devices_cnt; i++) {
348 -+ /*
349 -+ * Return TRUE if this RMRR contains the device that
350 -+ * is passed in.
351 -+ */
352 -+ if (rmrr->devices[i] == dev)
353 -+ return true;
354 -+ }
355 -+ }
356 -+ return false;
357 -+}
358 -+
359 - static int iommu_should_identity_map(struct pci_dev *pdev, int startup)
360 - {
361 -+
362 -+ /*
363 -+ * We want to prevent any device associated with an RMRR from
364 -+ * getting placed into the SI Domain. This is done because
365 -+ * problems exist when devices are moved in and out of domains
366 -+ * and their respective RMRR info is lost. We exempt USB devices
367 -+ * from this process due to their usage of RMRRs that are known
368 -+ * to not be needed after BIOS hand-off to OS.
369 -+ */
370 -+ if (device_has_rmrr(pdev) &&
371 -+ (pdev->class >> 8) != PCI_CLASS_SERIAL_USB)
372 -+ return 0;
373 -+
374 - if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev))
375 - return 1;
376 -
377 -diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
378 -index e1ceb37..9b178a3 100644
379 ---- a/drivers/net/ethernet/intel/igb/igb_main.c
380 -+++ b/drivers/net/ethernet/intel/igb/igb_main.c
381 -@@ -909,17 +909,18 @@ static int igb_request_msix(struct igb_adapter *adapter)
382 - {
383 - struct net_device *netdev = adapter->netdev;
384 - struct e1000_hw *hw = &adapter->hw;
385 -- int i, err = 0, vector = 0;
386 -+ int i, err = 0, vector = 0, free_vector = 0;
387 -
388 - err = request_irq(adapter->msix_entries[vector].vector,
389 - igb_msix_other, 0, netdev->name, adapter);
390 - if (err)
391 -- goto out;
392 -- vector++;
393 -+ goto err_out;
394 -
395 - for (i = 0; i < adapter->num_q_vectors; i++) {
396 - struct igb_q_vector *q_vector = adapter->q_vector[i];
397 -
398 -+ vector++;
399 -+
400 - q_vector->itr_register = hw->hw_addr + E1000_EITR(vector);
401 -
402 - if (q_vector->rx.ring && q_vector->tx.ring)
403 -@@ -938,13 +939,22 @@ static int igb_request_msix(struct igb_adapter *adapter)
404 - igb_msix_ring, 0, q_vector->name,
405 - q_vector);
406 - if (err)
407 -- goto out;
408 -- vector++;
409 -+ goto err_free;
410 - }
411 -
412 - igb_configure_msix(adapter);
413 - return 0;
414 --out:
415 -+
416 -+err_free:
417 -+ /* free already assigned IRQs */
418 -+ free_irq(adapter->msix_entries[free_vector++].vector, adapter);
419 -+
420 -+ vector--;
421 -+ for (i = 0; i < vector; i++) {
422 -+ free_irq(adapter->msix_entries[free_vector++].vector,
423 -+ adapter->q_vector[i]);
424 -+ }
425 -+err_out:
426 - return err;
427 - }
428 -
429 -diff --git a/drivers/staging/vt6656/bssdb.h b/drivers/staging/vt6656/bssdb.h
430 -index 6b2ec39..806cbf7 100644
431 ---- a/drivers/staging/vt6656/bssdb.h
432 -+++ b/drivers/staging/vt6656/bssdb.h
433 -@@ -90,7 +90,6 @@ typedef struct tagSRSNCapObject {
434 - } SRSNCapObject, *PSRSNCapObject;
435 -
436 - // BSS info(AP)
437 --#pragma pack(1)
438 - typedef struct tagKnownBSS {
439 - // BSS info
440 - BOOL bActive;
441 -diff --git a/drivers/staging/vt6656/int.h b/drivers/staging/vt6656/int.h
442 -index 3734e2c..91ceb77 100644
443 ---- a/drivers/staging/vt6656/int.h
444 -+++ b/drivers/staging/vt6656/int.h
445 -@@ -34,7 +34,6 @@
446 - #include "device.h"
447 -
448 - /*--------------------- Export Definitions -------------------------*/
449 --#pragma pack(1)
450 - typedef struct tagSINTData {
451 - BYTE byTSR0;
452 - BYTE byPkt0;
453 -diff --git a/drivers/staging/vt6656/iocmd.h b/drivers/staging/vt6656/iocmd.h
454 -index 22710ce..ae6e2d2 100644
455 ---- a/drivers/staging/vt6656/iocmd.h
456 -+++ b/drivers/staging/vt6656/iocmd.h
457 -@@ -95,13 +95,12 @@ typedef enum tagWZONETYPE {
458 - // Ioctl interface structure
459 - // Command structure
460 - //
461 --#pragma pack(1)
462 - typedef struct tagSCmdRequest {
463 - u8 name[16];
464 - void *data;
465 - u16 wResult;
466 - u16 wCmdCode;
467 --} SCmdRequest, *PSCmdRequest;
468 -+} __packed SCmdRequest, *PSCmdRequest;
469 -
470 - //
471 - // Scan
472 -@@ -111,7 +110,7 @@ typedef struct tagSCmdScan {
473 -
474 - u8 ssid[SSID_MAXLEN + 2];
475 -
476 --} SCmdScan, *PSCmdScan;
477 -+} __packed SCmdScan, *PSCmdScan;
478 -
479 - //
480 - // BSS Join
481 -@@ -126,7 +125,7 @@ typedef struct tagSCmdBSSJoin {
482 - BOOL bPSEnable;
483 - BOOL bShareKeyAuth;
484 -
485 --} SCmdBSSJoin, *PSCmdBSSJoin;
486 -+} __packed SCmdBSSJoin, *PSCmdBSSJoin;
487 -
488 - //
489 - // Zonetype Setting
490 -@@ -137,7 +136,7 @@ typedef struct tagSCmdZoneTypeSet {
491 - BOOL bWrite;
492 - WZONETYPE ZoneType;
493 -
494 --} SCmdZoneTypeSet, *PSCmdZoneTypeSet;
495 -+} __packed SCmdZoneTypeSet, *PSCmdZoneTypeSet;
496 -
497 - typedef struct tagSWPAResult {
498 - char ifname[100];
499 -@@ -145,7 +144,7 @@ typedef struct tagSWPAResult {
500 - u8 key_mgmt;
501 - u8 eap_type;
502 - BOOL authenticated;
503 --} SWPAResult, *PSWPAResult;
504 -+} __packed SWPAResult, *PSWPAResult;
505 -
506 - typedef struct tagSCmdStartAP {
507 -
508 -@@ -157,7 +156,7 @@ typedef struct tagSCmdStartAP {
509 - BOOL bShareKeyAuth;
510 - u8 byBasicRate;
511 -
512 --} SCmdStartAP, *PSCmdStartAP;
513 -+} __packed SCmdStartAP, *PSCmdStartAP;
514 -
515 - typedef struct tagSCmdSetWEP {
516 -
517 -@@ -167,7 +166,7 @@ typedef struct tagSCmdSetWEP {
518 - BOOL bWepKeyAvailable[WEP_NKEYS];
519 - u32 auWepKeyLength[WEP_NKEYS];
520 -
521 --} SCmdSetWEP, *PSCmdSetWEP;
522 -+} __packed SCmdSetWEP, *PSCmdSetWEP;
523 -
524 - typedef struct tagSBSSIDItem {
525 -
526 -@@ -180,14 +179,14 @@ typedef struct tagSBSSIDItem {
527 - BOOL bWEPOn;
528 - u32 uRSSI;
529 -
530 --} SBSSIDItem;
531 -+} __packed SBSSIDItem;
532 -
533 -
534 - typedef struct tagSBSSIDList {
535 -
536 - u32 uItem;
537 - SBSSIDItem sBSSIDList[0];
538 --} SBSSIDList, *PSBSSIDList;
539 -+} __packed SBSSIDList, *PSBSSIDList;
540 -
541 -
542 - typedef struct tagSNodeItem {
543 -@@ -208,7 +207,7 @@ typedef struct tagSNodeItem {
544 - u32 uTxAttempts;
545 - u16 wFailureRatio;
546 -
547 --} SNodeItem;
548 -+} __packed SNodeItem;
549 -
550 -
551 - typedef struct tagSNodeList {
552 -@@ -216,7 +215,7 @@ typedef struct tagSNodeList {
553 - u32 uItem;
554 - SNodeItem sNodeList[0];
555 -
556 --} SNodeList, *PSNodeList;
557 -+} __packed SNodeList, *PSNodeList;
558 -
559 -
560 - typedef struct tagSCmdLinkStatus {
561 -@@ -229,7 +228,7 @@ typedef struct tagSCmdLinkStatus {
562 - u32 uChannel;
563 - u32 uLinkRate;
564 -
565 --} SCmdLinkStatus, *PSCmdLinkStatus;
566 -+} __packed SCmdLinkStatus, *PSCmdLinkStatus;
567 -
568 - //
569 - // 802.11 counter
570 -@@ -247,7 +246,7 @@ typedef struct tagSDot11MIBCount {
571 - u32 ReceivedFragmentCount;
572 - u32 MulticastReceivedFrameCount;
573 - u32 FCSErrorCount;
574 --} SDot11MIBCount, *PSDot11MIBCount;
575 -+} __packed SDot11MIBCount, *PSDot11MIBCount;
576 -
577 -
578 -
579 -@@ -355,13 +354,13 @@ typedef struct tagSStatMIBCount {
580 - u32 ullTxBroadcastBytes[2];
581 - u32 ullTxMulticastBytes[2];
582 - u32 ullTxDirectedBytes[2];
583 --} SStatMIBCount, *PSStatMIBCount;
584 -+} __packed SStatMIBCount, *PSStatMIBCount;
585 -
586 - typedef struct tagSCmdValue {
587 -
588 - u32 dwValue;
589 -
590 --} SCmdValue, *PSCmdValue;
591 -+} __packed SCmdValue, *PSCmdValue;
592 -
593 - //
594 - // hostapd & viawget ioctl related
595 -@@ -431,7 +430,7 @@ struct viawget_hostapd_param {
596 - u8 ssid[32];
597 - } scan_req;
598 - } u;
599 --};
600 -+} __packed;
601 -
602 - /*--------------------- Export Classes ----------------------------*/
603 -
604 -diff --git a/drivers/staging/vt6656/iowpa.h b/drivers/staging/vt6656/iowpa.h
605 -index 959c886..2522dde 100644
606 ---- a/drivers/staging/vt6656/iowpa.h
607 -+++ b/drivers/staging/vt6656/iowpa.h
608 -@@ -67,12 +67,11 @@ enum {
609 -
610 -
611 -
612 --#pragma pack(1)
613 - typedef struct viawget_wpa_header {
614 - u8 type;
615 - u16 req_ie_len;
616 - u16 resp_ie_len;
617 --} viawget_wpa_header;
618 -+} __packed viawget_wpa_header;
619 -
620 - struct viawget_wpa_param {
621 - u32 cmd;
622 -@@ -113,9 +112,8 @@ struct viawget_wpa_param {
623 - u8 *buf;
624 - } scan_results;
625 - } u;
626 --};
627 -+} __packed;
628 -
629 --#pragma pack(1)
630 - struct viawget_scan_result {
631 - u8 bssid[6];
632 - u8 ssid[32];
633 -@@ -130,7 +128,7 @@ struct viawget_scan_result {
634 - int noise;
635 - int level;
636 - int maxrate;
637 --};
638 -+} __packed;
639 -
640 - /*--------------------- Export Classes ----------------------------*/
641 -
642 -diff --git a/drivers/staging/wlan-ng/prism2mgmt.c b/drivers/staging/wlan-ng/prism2mgmt.c
643 -index 4efa9bc..89bfd85 100644
644 ---- a/drivers/staging/wlan-ng/prism2mgmt.c
645 -+++ b/drivers/staging/wlan-ng/prism2mgmt.c
646 -@@ -406,7 +406,7 @@ int prism2mgmt_scan_results(wlandevice_t *wlandev, void *msgp)
647 - /* SSID */
648 - req->ssid.status = P80211ENUM_msgitem_status_data_ok;
649 - req->ssid.data.len = le16_to_cpu(item->ssid.len);
650 -- req->ssid.data.len = min_t(u16, req->ssid.data.len, WLAN_BSSID_LEN);
651 -+ req->ssid.data.len = min_t(u16, req->ssid.data.len, WLAN_SSID_MAXLEN);
652 - memcpy(req->ssid.data.data, item->ssid.data, req->ssid.data.len);
653 -
654 - /* supported rates */
655 -diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
656 -index 9abef9f..0943ff0 100644
657 ---- a/drivers/target/target_core_device.c
658 -+++ b/drivers/target/target_core_device.c
659 -@@ -1624,6 +1624,7 @@ int core_dev_setup_virtual_lun0(void)
660 - ret = PTR_ERR(dev);
661 - goto out;
662 - }
663 -+ dev->dev_link_magic = SE_DEV_LINK_MAGIC;
664 - se_dev->se_dev_ptr = dev;
665 - g_lun0_dev = dev;
666 -
667 -diff --git a/drivers/target/target_core_fabric_configfs.c b/drivers/target/target_core_fabric_configfs.c
668 -index bca737b..a55f91a 100644
669 ---- a/drivers/target/target_core_fabric_configfs.c
670 -+++ b/drivers/target/target_core_fabric_configfs.c
671 -@@ -71,6 +71,12 @@ static int target_fabric_mappedlun_link(
672 - struct se_portal_group *se_tpg;
673 - struct config_item *nacl_ci, *tpg_ci, *tpg_ci_s, *wwn_ci, *wwn_ci_s;
674 - int ret = 0, lun_access;
675 -+
676 -+ if (lun->lun_link_magic != SE_LUN_LINK_MAGIC) {
677 -+ pr_err("Bad lun->lun_link_magic, not a valid lun_ci pointer:"
678 -+ " %p to struct lun: %p\n", lun_ci, lun);
679 -+ return -EFAULT;
680 -+ }
681 - /*
682 - * Ensure that the source port exists
683 - */
684 -@@ -745,6 +751,12 @@ static int target_fabric_port_link(
685 - struct target_fabric_configfs *tf;
686 - int ret;
687 -
688 -+ if (dev->dev_link_magic != SE_DEV_LINK_MAGIC) {
689 -+ pr_err("Bad dev->dev_link_magic, not a valid se_dev_ci pointer:"
690 -+ " %p to struct se_device: %p\n", se_dev_ci, dev);
691 -+ return -EFAULT;
692 -+ }
693 -+
694 - tpg_ci = &lun_ci->ci_parent->ci_group->cg_item;
695 - se_tpg = container_of(to_config_group(tpg_ci),
696 - struct se_portal_group, tpg_group);
697 -diff --git a/drivers/target/target_core_tpg.c b/drivers/target/target_core_tpg.c
698 -index a531fe2..4c34665 100644
699 ---- a/drivers/target/target_core_tpg.c
700 -+++ b/drivers/target/target_core_tpg.c
701 -@@ -672,6 +672,7 @@ int core_tpg_register(
702 - for (i = 0; i < TRANSPORT_MAX_LUNS_PER_TPG; i++) {
703 - lun = se_tpg->tpg_lun_list[i];
704 - lun->unpacked_lun = i;
705 -+ lun->lun_link_magic = SE_LUN_LINK_MAGIC;
706 - lun->lun_status = TRANSPORT_LUN_STATUS_FREE;
707 - atomic_set(&lun->lun_acl_count, 0);
708 - init_completion(&lun->lun_shutdown_comp);
709 -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
710 -index dcecbfb..13fe16c 100644
711 ---- a/drivers/target/target_core_transport.c
712 -+++ b/drivers/target/target_core_transport.c
713 -@@ -545,9 +545,6 @@ static void transport_lun_remove_cmd(struct se_cmd *cmd)
714 -
715 - void transport_cmd_finish_abort(struct se_cmd *cmd, int remove)
716 - {
717 -- if (!(cmd->se_cmd_flags & SCF_SCSI_TMR_CDB))
718 -- transport_lun_remove_cmd(cmd);
719 --
720 - if (transport_cmd_check_stop_to_fabric(cmd))
721 - return;
722 - if (remove)
723 -@@ -1074,6 +1071,7 @@ struct se_device *transport_add_device_to_core_hba(
724 - dev->se_hba = hba;
725 - dev->se_sub_dev = se_dev;
726 - dev->transport = transport;
727 -+ dev->dev_link_magic = SE_DEV_LINK_MAGIC;
728 - INIT_LIST_HEAD(&dev->dev_list);
729 - INIT_LIST_HEAD(&dev->dev_sep_list);
730 - INIT_LIST_HEAD(&dev->dev_tmr_list);
731 -@@ -1616,6 +1614,8 @@ static void target_complete_tmr_failure(struct work_struct *work)
732 -
733 - se_cmd->se_tmr_req->response = TMR_LUN_DOES_NOT_EXIST;
734 - se_cmd->se_tfo->queue_tm_rsp(se_cmd);
735 -+
736 -+ transport_cmd_check_stop_to_fabric(se_cmd);
737 - }
738 -
739 - /**
740 -@@ -1853,6 +1853,7 @@ void target_execute_cmd(struct se_cmd *cmd)
741 - }
742 -
743 - cmd->t_state = TRANSPORT_PROCESSING;
744 -+ cmd->transport_state |= CMD_T_ACTIVE;
745 - spin_unlock_irq(&cmd->t_state_lock);
746 -
747 - if (dev->dev_task_attr_type != SAM_TASK_ATTR_EMULATED)
748 -@@ -3024,7 +3025,7 @@ int transport_send_check_condition_and_sense(
749 - /* ILLEGAL REQUEST */
750 - buffer[SPC_SENSE_KEY_OFFSET] = ILLEGAL_REQUEST;
751 - /* LOGICAL UNIT COMMUNICATION FAILURE */
752 -- buffer[SPC_ASC_KEY_OFFSET] = 0x80;
753 -+ buffer[SPC_ASC_KEY_OFFSET] = 0x08;
754 - break;
755 - }
756 - /*
757 -@@ -3089,6 +3090,8 @@ void transport_send_task_abort(struct se_cmd *cmd)
758 - }
759 - cmd->scsi_status = SAM_STAT_TASK_ABORTED;
760 -
761 -+ transport_lun_remove_cmd(cmd);
762 -+
763 - pr_debug("Setting SAM_STAT_TASK_ABORTED status for CDB: 0x%02x,"
764 - " ITT: 0x%08x\n", cmd->t_task_cdb[0],
765 - cmd->se_tfo->get_task_tag(cmd));
766 -diff --git a/drivers/target/tcm_fc/tfc_sess.c b/drivers/target/tcm_fc/tfc_sess.c
767 -index 12d6fa2..6659dd3 100644
768 ---- a/drivers/target/tcm_fc/tfc_sess.c
769 -+++ b/drivers/target/tcm_fc/tfc_sess.c
770 -@@ -355,11 +355,11 @@ static int ft_prli_locked(struct fc_rport_priv *rdata, u32 spp_len,
771 -
772 - tport = ft_tport_create(rdata->local_port);
773 - if (!tport)
774 -- return 0; /* not a target for this local port */
775 -+ goto not_target; /* not a target for this local port */
776 -
777 - acl = ft_acl_get(tport->tpg, rdata);
778 - if (!acl)
779 -- return 0;
780 -+ goto not_target; /* no target for this remote */
781 -
782 - if (!rspp)
783 - goto fill;
784 -@@ -396,12 +396,18 @@ static int ft_prli_locked(struct fc_rport_priv *rdata, u32 spp_len,
785 -
786 - /*
787 - * OR in our service parameters with other provider (initiator), if any.
788 -- * TBD XXX - indicate RETRY capability?
789 - */
790 - fill:
791 - fcp_parm = ntohl(spp->spp_params);
792 -+ fcp_parm &= ~FCP_SPPF_RETRY;
793 - spp->spp_params = htonl(fcp_parm | FCP_SPPF_TARG_FCN);
794 - return FC_SPP_RESP_ACK;
795 -+
796 -+not_target:
797 -+ fcp_parm = ntohl(spp->spp_params);
798 -+ fcp_parm &= ~FCP_SPPF_TARG_FCN;
799 -+ spp->spp_params = htonl(fcp_parm);
800 -+ return 0;
801 - }
802 -
803 - /**
804 -diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
805 -index a82b399..8cf8d0a 100644
806 ---- a/drivers/tty/pty.c
807 -+++ b/drivers/tty/pty.c
808 -@@ -395,6 +395,8 @@ static int pty_bsd_ioctl(struct tty_struct *tty,
809 - return pty_set_lock(tty, (int __user *) arg);
810 - case TIOCSIG: /* Send signal to other side of pty */
811 - return pty_signal(tty, (int) arg);
812 -+ case TIOCGPTN: /* TTY returns ENOTTY, but glibc expects EINVAL here */
813 -+ return -EINVAL;
814 - }
815 - return -ENOIOCTLCMD;
816 - }
817 -diff --git a/drivers/tty/serial/8250/8250.c b/drivers/tty/serial/8250/8250.c
818 -index 3ba4234..2c09e64 100644
819 ---- a/drivers/tty/serial/8250/8250.c
820 -+++ b/drivers/tty/serial/8250/8250.c
821 -@@ -290,6 +290,12 @@ static const struct serial8250_config uart_config[] = {
822 - UART_FCR_R_TRIG_00 | UART_FCR_T_TRIG_00,
823 - .flags = UART_CAP_FIFO,
824 - },
825 -+ [PORT_BRCM_TRUMANAGE] = {
826 -+ .name = "TruManage",
827 -+ .fifo_size = 1,
828 -+ .tx_loadsz = 1024,
829 -+ .flags = UART_CAP_HFIFO,
830 -+ },
831 - [PORT_8250_CIR] = {
832 - .name = "CIR port"
833 - }
834 -@@ -1441,6 +1447,11 @@ void serial8250_tx_chars(struct uart_8250_port *up)
835 - port->icount.tx++;
836 - if (uart_circ_empty(xmit))
837 - break;
838 -+ if (up->capabilities & UART_CAP_HFIFO) {
839 -+ if ((serial_port_in(port, UART_LSR) & BOTH_EMPTY) !=
840 -+ BOTH_EMPTY)
841 -+ break;
842 -+ }
843 - } while (--count > 0);
844 -
845 - if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
846 -diff --git a/drivers/tty/serial/8250/8250.h b/drivers/tty/serial/8250/8250.h
847 -index 5a76f9c..c0be2fa 100644
848 ---- a/drivers/tty/serial/8250/8250.h
849 -+++ b/drivers/tty/serial/8250/8250.h
850 -@@ -40,6 +40,7 @@ struct serial8250_config {
851 - #define UART_CAP_AFE (1 << 11) /* MCR-based hw flow control */
852 - #define UART_CAP_UUE (1 << 12) /* UART needs IER bit 6 set (Xscale) */
853 - #define UART_CAP_RTOIE (1 << 13) /* UART needs IER bit 4 set (Xscale, Tegra) */
854 -+#define UART_CAP_HFIFO (1 << 14) /* UART has a "hidden" FIFO */
855 -
856 - #define UART_BUG_QUOT (1 << 0) /* UART has buggy quot LSB */
857 - #define UART_BUG_TXEN (1 << 1) /* UART has buggy TX IIR status */
858 -diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c
859 -index c3b2ec0..71ce540 100644
860 ---- a/drivers/tty/serial/8250/8250_dw.c
861 -+++ b/drivers/tty/serial/8250/8250_dw.c
862 -@@ -79,7 +79,7 @@ static int dw8250_handle_irq(struct uart_port *p)
863 - } else if ((iir & UART_IIR_BUSY) == UART_IIR_BUSY) {
864 - /* Clear the USR and write the LCR again. */
865 - (void)p->serial_in(p, UART_USR);
866 -- p->serial_out(p, d->last_lcr, UART_LCR);
867 -+ p->serial_out(p, UART_LCR, d->last_lcr);
868 -
869 - return 1;
870 - }
871 -diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c
872 -index 17b7d26..a29df69 100644
873 ---- a/drivers/tty/serial/8250/8250_pci.c
874 -+++ b/drivers/tty/serial/8250/8250_pci.c
875 -@@ -1085,6 +1085,18 @@ pci_omegapci_setup(struct serial_private *priv,
876 - return setup_port(priv, port, 2, idx * 8, 0);
877 - }
878 -
879 -+static int
880 -+pci_brcm_trumanage_setup(struct serial_private *priv,
881 -+ const struct pciserial_board *board,
882 -+ struct uart_8250_port *port, int idx)
883 -+{
884 -+ int ret = pci_default_setup(priv, board, port, idx);
885 -+
886 -+ port->port.type = PORT_BRCM_TRUMANAGE;
887 -+ port->port.flags = (port->port.flags | UPF_FIXED_PORT | UPF_FIXED_TYPE);
888 -+ return ret;
889 -+}
890 -+
891 - static int skip_tx_en_setup(struct serial_private *priv,
892 - const struct pciserial_board *board,
893 - struct uart_8250_port *port, int idx)
894 -@@ -1213,6 +1225,7 @@ pci_wch_ch353_setup(struct serial_private *priv,
895 - #define PCI_VENDOR_ID_AGESTAR 0x5372
896 - #define PCI_DEVICE_ID_AGESTAR_9375 0x6872
897 - #define PCI_VENDOR_ID_ASIX 0x9710
898 -+#define PCI_DEVICE_ID_BROADCOM_TRUMANAGE 0x160a
899 -
900 - /* Unknown vendors/cards - this should not be in linux/pci_ids.h */
901 - #define PCI_SUBDEVICE_ID_UNKNOWN_0x1584 0x1584
902 -@@ -1788,6 +1801,17 @@ static struct pci_serial_quirk pci_serial_quirks[] __refdata = {
903 - .setup = pci_asix_setup,
904 - },
905 - /*
906 -+ * Broadcom TruManage (NetXtreme)
907 -+ */
908 -+ {
909 -+ .vendor = PCI_VENDOR_ID_BROADCOM,
910 -+ .device = PCI_DEVICE_ID_BROADCOM_TRUMANAGE,
911 -+ .subvendor = PCI_ANY_ID,
912 -+ .subdevice = PCI_ANY_ID,
913 -+ .setup = pci_brcm_trumanage_setup,
914 -+ },
915 -+
916 -+ /*
917 - * Default "match everything" terminator entry
918 - */
919 - {
920 -@@ -1975,6 +1999,7 @@ enum pci_board_num_t {
921 - pbn_ce4100_1_115200,
922 - pbn_omegapci,
923 - pbn_NETMOS9900_2s_115200,
924 -+ pbn_brcm_trumanage,
925 - };
926 -
927 - /*
928 -@@ -2674,6 +2699,12 @@ static struct pciserial_board pci_boards[] __devinitdata = {
929 - .num_ports = 2,
930 - .base_baud = 115200,
931 - },
932 -+ [pbn_brcm_trumanage] = {
933 -+ .flags = FL_BASE0,
934 -+ .num_ports = 1,
935 -+ .reg_shift = 2,
936 -+ .base_baud = 115200,
937 -+ },
938 - };
939 -
940 - static const struct pci_device_id blacklist[] = {
941 -@@ -4238,6 +4269,13 @@ static struct pci_device_id serial_pci_tbl[] = {
942 - pbn_omegapci },
943 -
944 - /*
945 -+ * Broadcom TruManage
946 -+ */
947 -+ { PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_BROADCOM_TRUMANAGE,
948 -+ PCI_ANY_ID, PCI_ANY_ID, 0, 0,
949 -+ pbn_brcm_trumanage },
950 -+
951 -+ /*
952 - * AgeStar as-prs2-009
953 - */
954 - { PCI_VENDOR_ID_AGESTAR, PCI_DEVICE_ID_AGESTAR_9375,
955 -diff --git a/drivers/tty/serial/ifx6x60.c b/drivers/tty/serial/ifx6x60.c
956 -index 5b9bc19..f5e9666 100644
957 ---- a/drivers/tty/serial/ifx6x60.c
958 -+++ b/drivers/tty/serial/ifx6x60.c
959 -@@ -552,6 +552,7 @@ static void ifx_port_shutdown(struct tty_port *port)
960 - container_of(port, struct ifx_spi_device, tty_port);
961 -
962 - mrdy_set_low(ifx_dev);
963 -+ del_timer(&ifx_dev->spi_timer);
964 - clear_bit(IFX_SPI_STATE_TIMER_PENDING, &ifx_dev->flags);
965 - tasklet_kill(&ifx_dev->io_work_tasklet);
966 - }
967 -diff --git a/drivers/tty/serial/mxs-auart.c b/drivers/tty/serial/mxs-auart.c
968 -index 6db3baa..ea513c9 100644
969 ---- a/drivers/tty/serial/mxs-auart.c
970 -+++ b/drivers/tty/serial/mxs-auart.c
971 -@@ -260,10 +260,12 @@ static void mxs_auart_set_mctrl(struct uart_port *u, unsigned mctrl)
972 -
973 - u32 ctrl = readl(u->membase + AUART_CTRL2);
974 -
975 -- ctrl &= ~AUART_CTRL2_RTSEN;
976 -+ ctrl &= ~(AUART_CTRL2_RTSEN | AUART_CTRL2_RTS);
977 - if (mctrl & TIOCM_RTS) {
978 - if (tty_port_cts_enabled(&u->state->port))
979 - ctrl |= AUART_CTRL2_RTSEN;
980 -+ else
981 -+ ctrl |= AUART_CTRL2_RTS;
982 - }
983 -
984 - s->ctrl = mctrl;
985 -diff --git a/drivers/tty/serial/vt8500_serial.c b/drivers/tty/serial/vt8500_serial.c
986 -index 205d4cf..f528cc2 100644
987 ---- a/drivers/tty/serial/vt8500_serial.c
988 -+++ b/drivers/tty/serial/vt8500_serial.c
989 -@@ -604,7 +604,7 @@ static int __devinit vt8500_serial_probe(struct platform_device *pdev)
990 - vt8500_port->uart.flags = UPF_IOREMAP | UPF_BOOT_AUTOCONF;
991 -
992 - vt8500_port->clk = of_clk_get(pdev->dev.of_node, 0);
993 -- if (vt8500_port->clk) {
994 -+ if (!IS_ERR(vt8500_port->clk)) {
995 - vt8500_port->uart.uartclk = clk_get_rate(vt8500_port->clk);
996 - } else {
997 - /* use the default of 24Mhz if not specified and warn */
998 -diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c
999 -index ebff9f4..7c212f5 100644
1000 ---- a/drivers/usb/chipidea/host.c
1001 -+++ b/drivers/usb/chipidea/host.c
1002 -@@ -129,6 +129,9 @@ static int host_start(struct ci13xxx *ci)
1003 - else
1004 - ci->hcd = hcd;
1005 -
1006 -+ if (ci->platdata->flags & CI13XXX_DISABLE_STREAMING)
1007 -+ hw_write(ci, OP_USBMODE, USBMODE_CI_SDIS, USBMODE_CI_SDIS);
1008 -+
1009 - return ret;
1010 - }
1011 -
1012 -diff --git a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c
1013 -index 60023c2..ed83e7a 100644
1014 ---- a/drivers/usb/serial/io_ti.c
1015 -+++ b/drivers/usb/serial/io_ti.c
1016 -@@ -534,6 +534,9 @@ static void chase_port(struct edgeport_port *port, unsigned long timeout,
1017 - wait_queue_t wait;
1018 - unsigned long flags;
1019 -
1020 -+ if (!tty)
1021 -+ return;
1022 -+
1023 - if (!timeout)
1024 - timeout = (HZ * EDGE_CLOSING_WAIT)/100;
1025 -
1026 -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
1027 -index fd47369..f2727e4 100644
1028 ---- a/drivers/usb/serial/option.c
1029 -+++ b/drivers/usb/serial/option.c
1030 -@@ -450,6 +450,10 @@ static void option_instat_callback(struct urb *urb);
1031 - #define PETATEL_VENDOR_ID 0x1ff4
1032 - #define PETATEL_PRODUCT_NP10T 0x600e
1033 -
1034 -+/* TP-LINK Incorporated products */
1035 -+#define TPLINK_VENDOR_ID 0x2357
1036 -+#define TPLINK_PRODUCT_MA180 0x0201
1037 -+
1038 - /* some devices interfaces need special handling due to a number of reasons */
1039 - enum option_blacklist_reason {
1040 - OPTION_BLACKLIST_NONE = 0,
1041 -@@ -931,7 +935,8 @@ static const struct usb_device_id option_ids[] = {
1042 - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0254, 0xff, 0xff, 0xff) },
1043 - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0257, 0xff, 0xff, 0xff), /* ZTE MF821 */
1044 - .driver_info = (kernel_ulong_t)&net_intf3_blacklist },
1045 -- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0265, 0xff, 0xff, 0xff) },
1046 -+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0265, 0xff, 0xff, 0xff), /* ONDA MT8205 */
1047 -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
1048 - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0284, 0xff, 0xff, 0xff), /* ZTE MF880 */
1049 - .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
1050 - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0317, 0xff, 0xff, 0xff) },
1051 -@@ -1312,6 +1317,8 @@ static const struct usb_device_id option_ids[] = {
1052 - { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x00, 0x00) },
1053 - { USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MEN200) },
1054 - { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T) },
1055 -+ { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180),
1056 -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
1057 - { } /* Terminating entry */
1058 - };
1059 - MODULE_DEVICE_TABLE(usb, option_ids);
1060 -diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c
1061 -index b91f14e..95ce9d0 100644
1062 ---- a/drivers/xen/grant-table.c
1063 -+++ b/drivers/xen/grant-table.c
1064 -@@ -56,10 +56,6 @@
1065 - /* External tools reserve first few grant table entries. */
1066 - #define NR_RESERVED_ENTRIES 8
1067 - #define GNTTAB_LIST_END 0xffffffff
1068 --#define GREFS_PER_GRANT_FRAME \
1069 --(grant_table_version == 1 ? \
1070 --(PAGE_SIZE / sizeof(struct grant_entry_v1)) : \
1071 --(PAGE_SIZE / sizeof(union grant_entry_v2)))
1072 -
1073 - static grant_ref_t **gnttab_list;
1074 - static unsigned int nr_grant_frames;
1075 -@@ -154,6 +150,7 @@ static struct gnttab_ops *gnttab_interface;
1076 - static grant_status_t *grstatus;
1077 -
1078 - static int grant_table_version;
1079 -+static int grefs_per_grant_frame;
1080 -
1081 - static struct gnttab_free_callback *gnttab_free_callback_list;
1082 -
1083 -@@ -767,12 +764,14 @@ static int grow_gnttab_list(unsigned int more_frames)
1084 - unsigned int new_nr_grant_frames, extra_entries, i;
1085 - unsigned int nr_glist_frames, new_nr_glist_frames;
1086 -
1087 -+ BUG_ON(grefs_per_grant_frame == 0);
1088 -+
1089 - new_nr_grant_frames = nr_grant_frames + more_frames;
1090 -- extra_entries = more_frames * GREFS_PER_GRANT_FRAME;
1091 -+ extra_entries = more_frames * grefs_per_grant_frame;
1092 -
1093 -- nr_glist_frames = (nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP;
1094 -+ nr_glist_frames = (nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP;
1095 - new_nr_glist_frames =
1096 -- (new_nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP;
1097 -+ (new_nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP;
1098 - for (i = nr_glist_frames; i < new_nr_glist_frames; i++) {
1099 - gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_ATOMIC);
1100 - if (!gnttab_list[i])
1101 -@@ -780,12 +779,12 @@ static int grow_gnttab_list(unsigned int more_frames)
1102 - }
1103 -
1104 -
1105 -- for (i = GREFS_PER_GRANT_FRAME * nr_grant_frames;
1106 -- i < GREFS_PER_GRANT_FRAME * new_nr_grant_frames - 1; i++)
1107 -+ for (i = grefs_per_grant_frame * nr_grant_frames;
1108 -+ i < grefs_per_grant_frame * new_nr_grant_frames - 1; i++)
1109 - gnttab_entry(i) = i + 1;
1110 -
1111 - gnttab_entry(i) = gnttab_free_head;
1112 -- gnttab_free_head = GREFS_PER_GRANT_FRAME * nr_grant_frames;
1113 -+ gnttab_free_head = grefs_per_grant_frame * nr_grant_frames;
1114 - gnttab_free_count += extra_entries;
1115 -
1116 - nr_grant_frames = new_nr_grant_frames;
1117 -@@ -957,7 +956,8 @@ EXPORT_SYMBOL_GPL(gnttab_unmap_refs);
1118 -
1119 - static unsigned nr_status_frames(unsigned nr_grant_frames)
1120 - {
1121 -- return (nr_grant_frames * GREFS_PER_GRANT_FRAME + SPP - 1) / SPP;
1122 -+ BUG_ON(grefs_per_grant_frame == 0);
1123 -+ return (nr_grant_frames * grefs_per_grant_frame + SPP - 1) / SPP;
1124 - }
1125 -
1126 - static int gnttab_map_frames_v1(xen_pfn_t *frames, unsigned int nr_gframes)
1127 -@@ -1115,6 +1115,7 @@ static void gnttab_request_version(void)
1128 - rc = HYPERVISOR_grant_table_op(GNTTABOP_set_version, &gsv, 1);
1129 - if (rc == 0 && gsv.version == 2) {
1130 - grant_table_version = 2;
1131 -+ grefs_per_grant_frame = PAGE_SIZE / sizeof(union grant_entry_v2);
1132 - gnttab_interface = &gnttab_v2_ops;
1133 - } else if (grant_table_version == 2) {
1134 - /*
1135 -@@ -1127,17 +1128,17 @@ static void gnttab_request_version(void)
1136 - panic("we need grant tables version 2, but only version 1 is available");
1137 - } else {
1138 - grant_table_version = 1;
1139 -+ grefs_per_grant_frame = PAGE_SIZE / sizeof(struct grant_entry_v1);
1140 - gnttab_interface = &gnttab_v1_ops;
1141 - }
1142 - printk(KERN_INFO "Grant tables using version %d layout.\n",
1143 - grant_table_version);
1144 - }
1145 -
1146 --int gnttab_resume(void)
1147 -+static int gnttab_setup(void)
1148 - {
1149 - unsigned int max_nr_gframes;
1150 -
1151 -- gnttab_request_version();
1152 - max_nr_gframes = gnttab_max_grant_frames();
1153 - if (max_nr_gframes < nr_grant_frames)
1154 - return -ENOSYS;
1155 -@@ -1160,6 +1161,12 @@ int gnttab_resume(void)
1156 - return 0;
1157 - }
1158 -
1159 -+int gnttab_resume(void)
1160 -+{
1161 -+ gnttab_request_version();
1162 -+ return gnttab_setup();
1163 -+}
1164 -+
1165 - int gnttab_suspend(void)
1166 - {
1167 - gnttab_interface->unmap_frames();
1168 -@@ -1171,9 +1178,10 @@ static int gnttab_expand(unsigned int req_entries)
1169 - int rc;
1170 - unsigned int cur, extra;
1171 -
1172 -+ BUG_ON(grefs_per_grant_frame == 0);
1173 - cur = nr_grant_frames;
1174 -- extra = ((req_entries + (GREFS_PER_GRANT_FRAME-1)) /
1175 -- GREFS_PER_GRANT_FRAME);
1176 -+ extra = ((req_entries + (grefs_per_grant_frame-1)) /
1177 -+ grefs_per_grant_frame);
1178 - if (cur + extra > gnttab_max_grant_frames())
1179 - return -ENOSPC;
1180 -
1181 -@@ -1191,21 +1199,23 @@ int gnttab_init(void)
1182 - unsigned int nr_init_grefs;
1183 - int ret;
1184 -
1185 -+ gnttab_request_version();
1186 - nr_grant_frames = 1;
1187 - boot_max_nr_grant_frames = __max_nr_grant_frames();
1188 -
1189 - /* Determine the maximum number of frames required for the
1190 - * grant reference free list on the current hypervisor.
1191 - */
1192 -+ BUG_ON(grefs_per_grant_frame == 0);
1193 - max_nr_glist_frames = (boot_max_nr_grant_frames *
1194 -- GREFS_PER_GRANT_FRAME / RPP);
1195 -+ grefs_per_grant_frame / RPP);
1196 -
1197 - gnttab_list = kmalloc(max_nr_glist_frames * sizeof(grant_ref_t *),
1198 - GFP_KERNEL);
1199 - if (gnttab_list == NULL)
1200 - return -ENOMEM;
1201 -
1202 -- nr_glist_frames = (nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP;
1203 -+ nr_glist_frames = (nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP;
1204 - for (i = 0; i < nr_glist_frames; i++) {
1205 - gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_KERNEL);
1206 - if (gnttab_list[i] == NULL) {
1207 -@@ -1214,12 +1224,12 @@ int gnttab_init(void)
1208 - }
1209 - }
1210 -
1211 -- if (gnttab_resume() < 0) {
1212 -+ if (gnttab_setup() < 0) {
1213 - ret = -ENODEV;
1214 - goto ini_nomem;
1215 - }
1216 -
1217 -- nr_init_grefs = nr_grant_frames * GREFS_PER_GRANT_FRAME;
1218 -+ nr_init_grefs = nr_grant_frames * grefs_per_grant_frame;
1219 -
1220 - for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++)
1221 - gnttab_entry(i) = i + 1;
1222 -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
1223 -index b3c243b..f89c0e5 100644
1224 ---- a/fs/ext4/inode.c
1225 -+++ b/fs/ext4/inode.c
1226 -@@ -1503,6 +1503,8 @@ static void ext4_da_block_invalidatepages(struct mpage_da_data *mpd)
1227 -
1228 - index = mpd->first_page;
1229 - end = mpd->next_page - 1;
1230 -+
1231 -+ pagevec_init(&pvec, 0);
1232 - while (index <= end) {
1233 - nr_pages = pagevec_lookup(&pvec, mapping, index, PAGEVEC_SIZE);
1234 - if (nr_pages == 0)
1235 -diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
1236 -index 5be8937..fca8bbe 100644
1237 ---- a/include/target/target_core_base.h
1238 -+++ b/include/target/target_core_base.h
1239 -@@ -734,6 +734,8 @@ struct se_subsystem_dev {
1240 - };
1241 -
1242 - struct se_device {
1243 -+#define SE_DEV_LINK_MAGIC 0xfeeddeef
1244 -+ u32 dev_link_magic;
1245 - /* RELATIVE TARGET PORT IDENTIFER Counter */
1246 - u16 dev_rpti_counter;
1247 - /* Used for SAM Task Attribute ordering */
1248 -@@ -820,6 +822,8 @@ struct se_port_stat_grps {
1249 - };
1250 -
1251 - struct se_lun {
1252 -+#define SE_LUN_LINK_MAGIC 0xffff7771
1253 -+ u32 lun_link_magic;
1254 - /* See transport_lun_status_table */
1255 - enum transport_lun_status_table lun_status;
1256 - u32 lun_access;
1257 -diff --git a/include/uapi/linux/serial_core.h b/include/uapi/linux/serial_core.h
1258 -index 7e1ab20..dbb95db 100644
1259 ---- a/include/uapi/linux/serial_core.h
1260 -+++ b/include/uapi/linux/serial_core.h
1261 -@@ -49,7 +49,9 @@
1262 - #define PORT_XR17D15X 21 /* Exar XR17D15x UART */
1263 - #define PORT_LPC3220 22 /* NXP LPC32xx SoC "Standard" UART */
1264 - #define PORT_8250_CIR 23 /* CIR infrared port, has its own driver */
1265 --#define PORT_MAX_8250 23 /* max port ID */
1266 -+#define PORT_XR17V35X 24 /* Exar XR17V35x UARTs */
1267 -+#define PORT_BRCM_TRUMANAGE 24
1268 -+#define PORT_MAX_8250 25 /* max port ID */
1269 -
1270 - /*
1271 - * ARM specific type numbers. These are not currently guaranteed
1272 -diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
1273 -index 4642c68..a95e198 100644
1274 ---- a/sound/pci/hda/patch_hdmi.c
1275 -+++ b/sound/pci/hda/patch_hdmi.c
1276 -@@ -1499,7 +1499,7 @@ static int hdmi_chmap_ctl_put(struct snd_kcontrol *kcontrol,
1277 - ctl_idx = snd_ctl_get_ioffidx(kcontrol, &ucontrol->id);
1278 - substream = snd_pcm_chmap_substream(info, ctl_idx);
1279 - if (!substream || !substream->runtime)
1280 -- return -EBADFD;
1281 -+ return 0; /* just for avoiding error from alsactl restore */
1282 - switch (substream->runtime->status->state) {
1283 - case SNDRV_PCM_STATE_OPEN:
1284 - case SNDRV_PCM_STATE_SETUP:
1285 -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
1286 -index 0f58b4b..b8d1ad1 100644
1287 ---- a/sound/usb/quirks.c
1288 -+++ b/sound/usb/quirks.c
1289 -@@ -387,11 +387,13 @@ static int snd_usb_fasttrackpro_boot_quirk(struct usb_device *dev)
1290 - * rules
1291 - */
1292 - err = usb_driver_set_configuration(dev, 2);
1293 -- if (err < 0) {
1294 -+ if (err < 0)
1295 - snd_printdd("error usb_driver_set_configuration: %d\n",
1296 - err);
1297 -- return -ENODEV;
1298 -- }
1299 -+ /* Always return an error, so that we stop creating a device
1300 -+ that will just be destroyed and recreated with a new
1301 -+ configuration */
1302 -+ return -ENODEV;
1303 - } else
1304 - snd_printk(KERN_INFO "usb-audio: Fast Track Pro config OK\n");
1305 -
1306
1307 diff --git a/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301230048.patch b/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch
1308 similarity index 99%
1309 rename from 3.7.4/4420_grsecurity-2.9.1-3.7.4-201301230048.patch
1310 rename to 3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch
1311 index 3577167..29e3b84 100644
1312 --- a/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301230048.patch
1313 +++ b/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch
1314 @@ -3975,7 +3975,7 @@ index ddcec1e..c7f983e 100644
1315 * This routine handles page faults. It determines the address,
1316 * and the problem, and then passes it off to one of the appropriate
1317 diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
1318 -index 302d779..ad1772c 100644
1319 +index 302d779..ee9ffb5 100644
1320 --- a/arch/mips/mm/mmap.c
1321 +++ b/arch/mips/mm/mmap.c
1322 @@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
1323 @@ -4026,7 +4026,19 @@ index 302d779..ad1772c 100644
1324 /* cache the address as a hint for next time */
1325 return mm->free_area_cache = addr - len;
1326 }
1327 -@@ -165,7 +170,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
1328 +@@ -155,17 +160,17 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
1329 + goto bottomup;
1330 +
1331 + addr = mm->mmap_base - len;
1332 +- if (do_color_align)
1333 +- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
1334 +
1335 + do {
1336 ++ if (do_color_align)
1337 ++ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
1338 + /*
1339 + * Lookup failure means no vma is above this address,
1340 + * else if new region fits below vma->vm_start,
1341 * return with success:
1342 */
1343 vma = find_vma(mm, addr);
1344 @@ -4035,7 +4047,20 @@ index 302d779..ad1772c 100644
1345 /* cache the address as a hint for next time */
1346 return mm->free_area_cache = addr;
1347 }
1348 -@@ -242,30 +247,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
1349 +@@ -175,10 +180,8 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
1350 + mm->cached_hole_size = vma->vm_start - addr;
1351 +
1352 + /* try just below the current vma->vm_start */
1353 +- addr = vma->vm_start - len;
1354 +- if (do_color_align)
1355 +- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
1356 +- } while (likely(len < vma->vm_start));
1357 ++ addr = skip_heap_stack_gap(vma, len);
1358 ++ } while (!IS_ERR_VALUE(addr));
1359 +
1360 + bottomup:
1361 + /*
1362 +@@ -242,30 +245,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
1363 mm->unmap_area = arch_unmap_area_topdown;
1364 }
1365 }
1366 @@ -20012,7 +20037,7 @@ index 16c6365..5d32218 100644
1367 ip = *(u64 *)(fp+8);
1368 if (!in_sched_functions(ip))
1369 diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
1370 -index 974b67e..044111b 100644
1371 +index 974b67e..12cb2b5 100644
1372 --- a/arch/x86/kernel/ptrace.c
1373 +++ b/arch/x86/kernel/ptrace.c
1374 @@ -183,14 +183,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
1375 @@ -20034,6 +20059,15 @@ index 974b67e..044111b 100644
1376
1377 return (unsigned long)regs;
1378 }
1379 +@@ -587,7 +586,7 @@ static void ptrace_triggered(struct perf_event *bp,
1380 + static unsigned long ptrace_get_dr7(struct perf_event *bp[])
1381 + {
1382 + int i;
1383 +- int dr7 = 0;
1384 ++ unsigned long dr7 = 0;
1385 + struct arch_hw_breakpoint *info;
1386 +
1387 + for (i = 0; i < HBP_NUM; i++) {
1388 @@ -855,7 +854,7 @@ long arch_ptrace(struct task_struct *child, long request,
1389 unsigned long addr, unsigned long data)
1390 {
1391 @@ -29096,7 +29130,7 @@ index 7005ced..530d6eb 100644
1392 + *(void **)&x86_io_apic_ops.read = xen_io_apic_read;
1393 }
1394 diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
1395 -index 586d838..7082fc8 100644
1396 +index 586d838..9181904 100644
1397 --- a/arch/x86/xen/enlighten.c
1398 +++ b/arch/x86/xen/enlighten.c
1399 @@ -99,8 +99,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
1400 @@ -29108,16 +29142,27 @@ index 586d838..7082fc8 100644
1401 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
1402 __read_mostly int xen_have_vector_callback;
1403 EXPORT_SYMBOL_GPL(xen_have_vector_callback);
1404 -@@ -523,7 +521,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
1405 +@@ -473,8 +471,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
1406 + {
1407 + unsigned long va = dtr->address;
1408 + unsigned int size = dtr->size + 1;
1409 +- unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE;
1410 +- unsigned long frames[pages];
1411 ++ unsigned long frames[65536 / PAGE_SIZE];
1412 + int f;
1413 +
1414 + /*
1415 +@@ -522,8 +519,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
1416 + {
1417 unsigned long va = dtr->address;
1418 unsigned int size = dtr->size + 1;
1419 - unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE;
1420 +- unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE;
1421 - unsigned long frames[pages];
1422 + unsigned long frames[65536 / PAGE_SIZE];
1423 int f;
1424
1425 /*
1426 -@@ -918,21 +916,21 @@ static u32 xen_safe_apic_wait_icr_idle(void)
1427 +@@ -918,21 +914,21 @@ static u32 xen_safe_apic_wait_icr_idle(void)
1428
1429 static void set_xen_basic_apic_ops(void)
1430 {
1431 @@ -29152,7 +29197,7 @@ index 586d838..7082fc8 100644
1432 #endif
1433 }
1434
1435 -@@ -1222,30 +1220,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
1436 +@@ -1222,30 +1218,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
1437 #endif
1438 };
1439
1440 @@ -29190,7 +29235,7 @@ index 586d838..7082fc8 100644
1441 {
1442 if (pm_power_off)
1443 pm_power_off();
1444 -@@ -1290,14 +1288,14 @@ static const struct machine_ops xen_machine_ops __initconst = {
1445 +@@ -1290,14 +1286,14 @@ static const struct machine_ops xen_machine_ops __initconst = {
1446 */
1447 static void __init xen_setup_stackprotector(void)
1448 {
1449 @@ -29209,7 +29254,7 @@ index 586d838..7082fc8 100644
1450 }
1451
1452 /* First C function to be called on Xen boot */
1453 -@@ -1315,13 +1313,13 @@ asmlinkage void __init xen_start_kernel(void)
1454 +@@ -1315,13 +1311,13 @@ asmlinkage void __init xen_start_kernel(void)
1455
1456 /* Install Xen paravirt ops */
1457 pv_info = xen_info;
1458 @@ -29229,7 +29274,7 @@ index 586d838..7082fc8 100644
1459
1460 xen_init_time_ops();
1461
1462 -@@ -1347,7 +1345,17 @@ asmlinkage void __init xen_start_kernel(void)
1463 +@@ -1347,7 +1343,17 @@ asmlinkage void __init xen_start_kernel(void)
1464 __userpte_alloc_gfp &= ~__GFP_HIGHMEM;
1465
1466 /* Work out if we support NX */
1467 @@ -29248,7 +29293,7 @@ index 586d838..7082fc8 100644
1468
1469 xen_setup_features();
1470
1471 -@@ -1376,14 +1384,7 @@ asmlinkage void __init xen_start_kernel(void)
1472 +@@ -1376,14 +1382,7 @@ asmlinkage void __init xen_start_kernel(void)
1473 pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;
1474 }
1475
1476 @@ -29264,7 +29309,7 @@ index 586d838..7082fc8 100644
1477
1478 xen_smp_init();
1479
1480 -@@ -1450,7 +1451,7 @@ asmlinkage void __init xen_start_kernel(void)
1481 +@@ -1450,7 +1449,7 @@ asmlinkage void __init xen_start_kernel(void)
1482 add_preferred_console("tty", 0, NULL);
1483 add_preferred_console("hvc", 0, NULL);
1484 if (pci_xen)
1485 @@ -29273,7 +29318,7 @@ index 586d838..7082fc8 100644
1486 } else {
1487 const struct dom0_vga_console_info *info =
1488 (void *)((char *)xen_start_info +
1489 -@@ -1476,8 +1477,8 @@ asmlinkage void __init xen_start_kernel(void)
1490 +@@ -1476,8 +1475,8 @@ asmlinkage void __init xen_start_kernel(void)
1491 xen_acpi_sleep_register();
1492
1493 /* Avoid searching for BIOS MP tables */
1494 @@ -29284,7 +29329,7 @@ index 586d838..7082fc8 100644
1495 }
1496 #ifdef CONFIG_PCI
1497 /* PCI BIOS service won't work from a PV guest. */
1498 -@@ -1583,7 +1584,7 @@ static void __init xen_hvm_guest_init(void)
1499 +@@ -1583,7 +1582,7 @@ static void __init xen_hvm_guest_init(void)
1500 xen_hvm_smp_init();
1501 register_cpu_notifier(&xen_hvm_cpu_notifier);
1502 xen_unplug_emulated_devices();
1503 @@ -44267,7 +44312,7 @@ index 0e7a6f8..332b1ca 100644
1504 fd_offset + ex.a_text);
1505 if (error != N_DATADDR(ex)) {
1506 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
1507 -index fbd9f60..d4edac0 100644
1508 +index fbd9f60..0b845dd 100644
1509 --- a/fs/binfmt_elf.c
1510 +++ b/fs/binfmt_elf.c
1511 @@ -33,6 +33,7 @@
1512 @@ -44734,7 +44779,7 @@ index fbd9f60..d4edac0 100644
1513 unsigned int random_variable = 0;
1514
1515 +#ifdef CONFIG_PAX_RANDUSTACK
1516 -+ if (randomize_va_space)
1517 ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
1518 + return stack_top - current->mm->delta_stack;
1519 +#endif
1520 +
1521 @@ -46349,16 +46394,17 @@ index b2a34a1..162fa69 100644
1522 return rc;
1523 }
1524 diff --git a/fs/exec.c b/fs/exec.c
1525 -index c6e6de4..de6841c 100644
1526 +index c6e6de4..fb98879 100644
1527 --- a/fs/exec.c
1528 +++ b/fs/exec.c
1529 -@@ -55,6 +55,16 @@
1530 +@@ -55,6 +55,17 @@
1531 #include <linux/pipe_fs_i.h>
1532 #include <linux/oom.h>
1533 #include <linux/compat.h>
1534 +#include <linux/random.h>
1535 +#include <linux/seq_file.h>
1536 +#include <linux/coredump.h>
1537 ++#include <linux/mman.h>
1538 +
1539 +#ifdef CONFIG_PAX_REFCOUNT
1540 +#include <linux/kallsyms.h>
1541 @@ -46369,7 +46415,7 @@ index c6e6de4..de6841c 100644
1542
1543 #include <asm/uaccess.h>
1544 #include <asm/mmu_context.h>
1545 -@@ -66,6 +76,18 @@
1546 +@@ -66,6 +77,18 @@
1547
1548 #include <trace/events/sched.h>
1549
1550 @@ -46388,7 +46434,7 @@ index c6e6de4..de6841c 100644
1551 int suid_dumpable = 0;
1552
1553 static LIST_HEAD(formats);
1554 -@@ -180,18 +202,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
1555 +@@ -180,18 +203,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
1556 int write)
1557 {
1558 struct page *page;
1559 @@ -46410,7 +46456,7 @@ index c6e6de4..de6841c 100644
1560 return NULL;
1561
1562 if (write) {
1563 -@@ -207,6 +221,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
1564 +@@ -207,6 +222,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
1565 if (size <= ARG_MAX)
1566 return page;
1567
1568 @@ -46428,7 +46474,7 @@ index c6e6de4..de6841c 100644
1569 /*
1570 * Limit to 1/4-th the stack size for the argv+env strings.
1571 * This ensures that:
1572 -@@ -266,6 +291,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
1573 +@@ -266,6 +292,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
1574 vma->vm_end = STACK_TOP_MAX;
1575 vma->vm_start = vma->vm_end - PAGE_SIZE;
1576 vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP;
1577 @@ -46440,7 +46486,7 @@ index c6e6de4..de6841c 100644
1578 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
1579 INIT_LIST_HEAD(&vma->anon_vma_chain);
1580
1581 -@@ -276,6 +306,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
1582 +@@ -276,6 +307,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
1583 mm->stack_vm = mm->total_vm = 1;
1584 up_write(&mm->mmap_sem);
1585 bprm->p = vma->vm_end - sizeof(void *);
1586 @@ -46453,7 +46499,7 @@ index c6e6de4..de6841c 100644
1587 return 0;
1588 err:
1589 up_write(&mm->mmap_sem);
1590 -@@ -384,19 +420,7 @@ err:
1591 +@@ -384,19 +421,7 @@ err:
1592 return err;
1593 }
1594
1595 @@ -46474,7 +46520,7 @@ index c6e6de4..de6841c 100644
1596 {
1597 const char __user *native;
1598
1599 -@@ -405,14 +429,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
1600 +@@ -405,14 +430,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
1601 compat_uptr_t compat;
1602
1603 if (get_user(compat, argv.ptr.compat + nr))
1604 @@ -46491,7 +46537,7 @@ index c6e6de4..de6841c 100644
1605
1606 return native;
1607 }
1608 -@@ -431,11 +455,12 @@ static int count(struct user_arg_ptr argv, int max)
1609 +@@ -431,11 +456,12 @@ static int count(struct user_arg_ptr argv, int max)
1610 if (!p)
1611 break;
1612
1613 @@ -46506,7 +46552,7 @@ index c6e6de4..de6841c 100644
1614
1615 if (fatal_signal_pending(current))
1616 return -ERESTARTNOHAND;
1617 -@@ -465,7 +490,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
1618 +@@ -465,7 +491,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
1619
1620 ret = -EFAULT;
1621 str = get_user_arg_ptr(argv, argc);
1622 @@ -46515,7 +46561,7 @@ index c6e6de4..de6841c 100644
1623 goto out;
1624
1625 len = strnlen_user(str, MAX_ARG_STRLEN);
1626 -@@ -547,7 +572,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
1627 +@@ -547,7 +573,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
1628 int r;
1629 mm_segment_t oldfs = get_fs();
1630 struct user_arg_ptr argv = {
1631 @@ -46524,7 +46570,7 @@ index c6e6de4..de6841c 100644
1632 };
1633
1634 set_fs(KERNEL_DS);
1635 -@@ -582,7 +607,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
1636 +@@ -582,7 +608,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
1637 unsigned long new_end = old_end - shift;
1638 struct mmu_gather tlb;
1639
1640 @@ -46534,7 +46580,7 @@ index c6e6de4..de6841c 100644
1641
1642 /*
1643 * ensure there are no vmas between where we want to go
1644 -@@ -591,6 +617,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
1645 +@@ -591,6 +618,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
1646 if (vma != find_vma(mm, new_start))
1647 return -EFAULT;
1648
1649 @@ -46545,7 +46591,7 @@ index c6e6de4..de6841c 100644
1650 /*
1651 * cover the whole range: [new_start, old_end)
1652 */
1653 -@@ -671,10 +701,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
1654 +@@ -671,10 +702,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
1655 stack_top = arch_align_stack(stack_top);
1656 stack_top = PAGE_ALIGN(stack_top);
1657
1658 @@ -46556,7 +46602,7 @@ index c6e6de4..de6841c 100644
1659 stack_shift = vma->vm_end - stack_top;
1660
1661 bprm->p -= stack_shift;
1662 -@@ -686,8 +712,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
1663 +@@ -686,8 +713,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
1664 bprm->exec -= stack_shift;
1665
1666 down_write(&mm->mmap_sem);
1667 @@ -46585,7 +46631,7 @@ index c6e6de4..de6841c 100644
1668 /*
1669 * Adjust stack execute permissions; explicitly enable for
1670 * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone
1671 -@@ -706,13 +752,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
1672 +@@ -706,13 +753,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
1673 goto out_unlock;
1674 BUG_ON(prev != vma);
1675
1676 @@ -46599,7 +46645,35 @@ index c6e6de4..de6841c 100644
1677 /* mprotect_fixup is overkill to remove the temporary stack flags */
1678 vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP;
1679
1680 -@@ -771,6 +810,8 @@ struct file *open_exec(const char *name)
1681 +@@ -736,6 +776,27 @@ int setup_arg_pages(struct linux_binprm *bprm,
1682 + #endif
1683 + current->mm->start_stack = bprm->p;
1684 + ret = expand_stack(vma, stack_base);
1685 ++
1686 ++#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_ASLR)
1687 ++ if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) {
1688 ++ unsigned long size, flags, vm_flags;
1689 ++
1690 ++ size = STACK_TOP - vma->vm_end;
1691 ++ flags = MAP_FIXED | MAP_PRIVATE;
1692 ++ vm_flags = VM_NONE | VM_DONTEXPAND | VM_DONTDUMP;
1693 ++
1694 ++ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0);
1695 ++
1696 ++#ifdef CONFIG_X86
1697 ++ if (!ret) {
1698 ++ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT));
1699 ++ ret = 0 != mmap_region(NULL, 0, size, flags, vm_flags, 0);
1700 ++ }
1701 ++#endif
1702 ++
1703 ++ }
1704 ++#endif
1705 ++
1706 + if (ret)
1707 + ret = -EFAULT;
1708 +
1709 +@@ -771,6 +832,8 @@ struct file *open_exec(const char *name)
1710
1711 fsnotify_open(file);
1712
1713 @@ -46608,7 +46682,7 @@ index c6e6de4..de6841c 100644
1714 err = deny_write_access(file);
1715 if (err)
1716 goto exit;
1717 -@@ -794,7 +835,7 @@ int kernel_read(struct file *file, loff_t offset,
1718 +@@ -794,7 +857,7 @@ int kernel_read(struct file *file, loff_t offset,
1719 old_fs = get_fs();
1720 set_fs(get_ds());
1721 /* The cast to a user pointer is valid due to the set_fs() */
1722 @@ -46617,7 +46691,7 @@ index c6e6de4..de6841c 100644
1723 set_fs(old_fs);
1724 return result;
1725 }
1726 -@@ -1246,7 +1287,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
1727 +@@ -1246,7 +1309,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
1728 }
1729 rcu_read_unlock();
1730
1731 @@ -46626,7 +46700,7 @@ index c6e6de4..de6841c 100644
1732 bprm->unsafe |= LSM_UNSAFE_SHARE;
1733 } else {
1734 res = -EAGAIN;
1735 -@@ -1449,6 +1490,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
1736 +@@ -1449,6 +1512,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
1737
1738 EXPORT_SYMBOL(search_binary_handler);
1739
1740 @@ -46655,7 +46729,7 @@ index c6e6de4..de6841c 100644
1741 /*
1742 * sys_execve() executes a new program.
1743 */
1744 -@@ -1457,6 +1520,11 @@ static int do_execve_common(const char *filename,
1745 +@@ -1457,6 +1542,11 @@ static int do_execve_common(const char *filename,
1746 struct user_arg_ptr envp,
1747 struct pt_regs *regs)
1748 {
1749 @@ -46667,7 +46741,7 @@ index c6e6de4..de6841c 100644
1750 struct linux_binprm *bprm;
1751 struct file *file;
1752 struct files_struct *displaced;
1753 -@@ -1464,6 +1532,8 @@ static int do_execve_common(const char *filename,
1754 +@@ -1464,6 +1554,8 @@ static int do_execve_common(const char *filename,
1755 int retval;
1756 const struct cred *cred = current_cred();
1757
1758 @@ -46676,7 +46750,7 @@ index c6e6de4..de6841c 100644
1759 /*
1760 * We move the actual failure in case of RLIMIT_NPROC excess from
1761 * set*uid() to execve() because too many poorly written programs
1762 -@@ -1504,12 +1574,27 @@ static int do_execve_common(const char *filename,
1763 +@@ -1504,12 +1596,27 @@ static int do_execve_common(const char *filename,
1764 if (IS_ERR(file))
1765 goto out_unmark;
1766
1767 @@ -46704,7 +46778,7 @@ index c6e6de4..de6841c 100644
1768 retval = bprm_mm_init(bprm);
1769 if (retval)
1770 goto out_file;
1771 -@@ -1526,24 +1611,65 @@ static int do_execve_common(const char *filename,
1772 +@@ -1526,24 +1633,65 @@ static int do_execve_common(const char *filename,
1773 if (retval < 0)
1774 goto out;
1775
1776 @@ -46774,7 +46848,7 @@ index c6e6de4..de6841c 100644
1777 current->fs->in_exec = 0;
1778 current->in_execve = 0;
1779 acct_update_integrals(current);
1780 -@@ -1552,6 +1678,14 @@ static int do_execve_common(const char *filename,
1781 +@@ -1552,6 +1700,14 @@ static int do_execve_common(const char *filename,
1782 put_files_struct(displaced);
1783 return retval;
1784
1785 @@ -46789,7 +46863,7 @@ index c6e6de4..de6841c 100644
1786 out:
1787 if (bprm->mm) {
1788 acct_arg_size(bprm, 0);
1789 -@@ -1727,3 +1861,253 @@ int kernel_execve(const char *filename,
1790 +@@ -1727,3 +1883,253 @@ int kernel_execve(const char *filename,
1791 ret_from_kernel_execve(p);
1792 }
1793 #endif
Report Message
Find on MARC Find on Google Groups