1 |
commit: 05ef56fc07d1093768b292be3b639b3c333ba3af |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 23 09:59:07 2012 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 23 09:59:07 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=05ef56fc |
7 |
|
8 |
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.2}-201208222031 |
9 |
|
10 |
--- |
11 |
2.6.32/0000_README | 2 +- |
12 |
..._grsecurity-2.9.1-2.6.32.59-201208222030.patch} | 152 +++- |
13 |
{3.2.27 => 3.2.28}/0000_README | 6 +- |
14 |
{3.2.27 => 3.2.28}/1021_linux-3.2.22.patch | 0 |
15 |
{3.2.27 => 3.2.28}/1022_linux-3.2.23.patch | 0 |
16 |
{3.2.27 => 3.2.28}/1023_linux-3.2.24.patch | 0 |
17 |
{3.2.27 => 3.2.28}/1024_linux-3.2.25.patch | 0 |
18 |
{3.2.27 => 3.2.28}/1025_linux-3.2.26.patch | 0 |
19 |
{3.2.27 => 3.2.28}/1026_linux-3.2.27.patch | 0 |
20 |
3.2.28/1027_linux-3.2.28.patch | 1114 ++++++++++++++++++++ |
21 |
...4420_grsecurity-2.9.1-3.2.28-201208222030.patch | 469 ++++++--- |
22 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
23 |
{3.2.27 => 3.2.28}/4435_grsec-mute-warnings.patch | 0 |
24 |
.../4440_grsec-remove-protected-paths.patch | 0 |
25 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
26 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
27 |
{3.2.27 => 3.2.28}/4470_disable-compat_vdso.patch | 0 |
28 |
3.5.2/0000_README | 2 +- |
29 |
...4420_grsecurity-2.9.1-3.5.2-201208222031.patch} | 300 +++++- |
30 |
19 files changed, 1895 insertions(+), 150 deletions(-) |
31 |
|
32 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
33 |
index 0ba8a80..24bc841 100644 |
34 |
--- a/2.6.32/0000_README |
35 |
+++ b/2.6.32/0000_README |
36 |
@@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch |
37 |
From: http://www.kernel.org |
38 |
Desc: Linux 2.6.32.59 |
39 |
|
40 |
-Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208201521.patch |
41 |
+Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208222030.patch |
42 |
From: http://www.grsecurity.net |
43 |
Desc: hardened-sources base patch from upstream grsecurity |
44 |
|
45 |
|
46 |
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208201521.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208222030.patch |
47 |
similarity index 99% |
48 |
rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208201521.patch |
49 |
rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208222030.patch |
50 |
index c356bad..a4b7131 100644 |
51 |
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208201521.patch |
52 |
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208222030.patch |
53 |
@@ -68211,7 +68211,7 @@ index a5bf577..6d19845 100644 |
54 |
return hit; |
55 |
} |
56 |
diff --git a/fs/compat.c b/fs/compat.c |
57 |
-index d1e2411..9a958d2 100644 |
58 |
+index d1e2411..84978fe 100644 |
59 |
--- a/fs/compat.c |
60 |
+++ b/fs/compat.c |
61 |
@@ -133,8 +133,8 @@ asmlinkage long compat_sys_utimes(char __user *filename, struct compat_timeval _ |
62 |
@@ -68332,7 +68332,39 @@ index d1e2411..9a958d2 100644 |
63 |
goto out; |
64 |
if (!file->f_op) |
65 |
goto out; |
66 |
-@@ -1463,11 +1481,35 @@ int compat_do_execve(char * filename, |
67 |
+@@ -1208,11 +1226,14 @@ compat_sys_readv(unsigned long fd, const struct compat_iovec __user *vec, |
68 |
+ struct file *file; |
69 |
+ int fput_needed; |
70 |
+ ssize_t ret; |
71 |
++ loff_t pos; |
72 |
+ |
73 |
+ file = fget_light(fd, &fput_needed); |
74 |
+ if (!file) |
75 |
+ return -EBADF; |
76 |
+- ret = compat_readv(file, vec, vlen, &file->f_pos); |
77 |
++ pos = file->f_pos; |
78 |
++ ret = compat_readv(file, vec, vlen, &pos); |
79 |
++ file->f_pos = pos; |
80 |
+ fput_light(file, fput_needed); |
81 |
+ return ret; |
82 |
+ } |
83 |
+@@ -1265,11 +1286,14 @@ compat_sys_writev(unsigned long fd, const struct compat_iovec __user *vec, |
84 |
+ struct file *file; |
85 |
+ int fput_needed; |
86 |
+ ssize_t ret; |
87 |
++ loff_t pos; |
88 |
+ |
89 |
+ file = fget_light(fd, &fput_needed); |
90 |
+ if (!file) |
91 |
+ return -EBADF; |
92 |
+- ret = compat_writev(file, vec, vlen, &file->f_pos); |
93 |
++ pos = file->f_pos; |
94 |
++ ret = compat_writev(file, vec, vlen, &pos); |
95 |
++ file->f_pos = pos; |
96 |
+ fput_light(file, fput_needed); |
97 |
+ return ret; |
98 |
+ } |
99 |
+@@ -1463,11 +1487,35 @@ int compat_do_execve(char * filename, |
100 |
compat_uptr_t __user *envp, |
101 |
struct pt_regs * regs) |
102 |
{ |
103 |
@@ -68368,7 +68400,7 @@ index d1e2411..9a958d2 100644 |
104 |
|
105 |
retval = unshare_files(&displaced); |
106 |
if (retval) |
107 |
-@@ -1493,12 +1535,26 @@ int compat_do_execve(char * filename, |
108 |
+@@ -1493,12 +1541,26 @@ int compat_do_execve(char * filename, |
109 |
if (IS_ERR(file)) |
110 |
goto out_unmark; |
111 |
|
112 |
@@ -68395,7 +68427,7 @@ index d1e2411..9a958d2 100644 |
113 |
retval = bprm_mm_init(bprm); |
114 |
if (retval) |
115 |
goto out_file; |
116 |
-@@ -1515,24 +1571,63 @@ int compat_do_execve(char * filename, |
117 |
+@@ -1515,24 +1577,63 @@ int compat_do_execve(char * filename, |
118 |
if (retval < 0) |
119 |
goto out; |
120 |
|
121 |
@@ -68463,7 +68495,7 @@ index d1e2411..9a958d2 100644 |
122 |
current->fs->in_exec = 0; |
123 |
current->in_execve = 0; |
124 |
acct_update_integrals(current); |
125 |
-@@ -1541,6 +1636,14 @@ int compat_do_execve(char * filename, |
126 |
+@@ -1541,6 +1642,14 @@ int compat_do_execve(char * filename, |
127 |
put_files_struct(displaced); |
128 |
return retval; |
129 |
|
130 |
@@ -68478,7 +68510,7 @@ index d1e2411..9a958d2 100644 |
131 |
out: |
132 |
if (bprm->mm) { |
133 |
acct_arg_size(bprm, 0); |
134 |
-@@ -1711,6 +1814,8 @@ int compat_core_sys_select(int n, compat_ulong_t __user *inp, |
135 |
+@@ -1711,6 +1820,8 @@ int compat_core_sys_select(int n, compat_ulong_t __user *inp, |
136 |
struct fdtable *fdt; |
137 |
long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; |
138 |
|
139 |
@@ -68487,7 +68519,7 @@ index d1e2411..9a958d2 100644 |
140 |
if (n < 0) |
141 |
goto out_nofds; |
142 |
|
143 |
-@@ -2151,7 +2256,7 @@ asmlinkage long compat_sys_nfsservctl(int cmd, |
144 |
+@@ -2151,7 +2262,7 @@ asmlinkage long compat_sys_nfsservctl(int cmd, |
145 |
oldfs = get_fs(); |
146 |
set_fs(KERNEL_DS); |
147 |
/* The __user pointer casts are valid because of the set_fs() */ |
148 |
@@ -103033,6 +103065,18 @@ index 02cc7e7..4514f1b 100644 |
149 |
__SONET_ITEMS |
150 |
#undef __HANDLE_ITEM |
151 |
} |
152 |
+diff --git a/net/atm/common.c b/net/atm/common.c |
153 |
+index 950bd16..0baf05e 100644 |
154 |
+--- a/net/atm/common.c |
155 |
++++ b/net/atm/common.c |
156 |
+@@ -749,6 +749,7 @@ int vcc_getsockopt(struct socket *sock, int level, int optname, |
157 |
+ if (!vcc->dev || |
158 |
+ !test_bit(ATM_VF_ADDR,&vcc->flags)) |
159 |
+ return -ENOTCONN; |
160 |
++ memset(&pvc, 0, sizeof(pvc)); |
161 |
+ pvc.sap_family = AF_ATMPVC; |
162 |
+ pvc.sap_addr.itf = vcc->dev->number; |
163 |
+ pvc.sap_addr.vpi = vcc->vpi; |
164 |
diff --git a/net/atm/lec.h b/net/atm/lec.h |
165 |
index 9d14d19..5c145f3 100644 |
166 |
--- a/net/atm/lec.h |
167 |
@@ -103114,6 +103158,20 @@ index ab8419a..aa91497 100644 |
168 |
else |
169 |
seq_printf(seq, "%3d %3d %5d ", |
170 |
vcc->dev->number, vcc->vpi, vcc->vci); |
171 |
+diff --git a/net/atm/pvc.c b/net/atm/pvc.c |
172 |
+index d4c0245..5f6d1fb 100644 |
173 |
+--- a/net/atm/pvc.c |
174 |
++++ b/net/atm/pvc.c |
175 |
+@@ -92,7 +92,8 @@ static int pvc_getname(struct socket *sock,struct sockaddr *sockaddr, |
176 |
+ |
177 |
+ if (!vcc->dev || !test_bit(ATM_VF_ADDR,&vcc->flags)) return -ENOTCONN; |
178 |
+ *sockaddr_len = sizeof(struct sockaddr_atmpvc); |
179 |
+- addr = (struct sockaddr_atmpvc *) sockaddr; |
180 |
++ addr = (struct sockaddr_atmpvc *)sockaddr; |
181 |
++ memset(addr, 0, sizeof(*addr)); |
182 |
+ addr->sap_family = AF_ATMPVC; |
183 |
+ addr->sap_addr.itf = vcc->dev->number; |
184 |
+ addr->sap_addr.vpi = vcc->vpi; |
185 |
diff --git a/net/atm/resources.c b/net/atm/resources.c |
186 |
index 56b7322..c48b84e 100644 |
187 |
--- a/net/atm/resources.c |
188 |
@@ -103136,6 +103194,44 @@ index 56b7322..c48b84e 100644 |
189 |
__AAL_STAT_ITEMS |
190 |
#undef __HANDLE_ITEM |
191 |
} |
192 |
+diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c |
193 |
+index 75302a9..45caaaa 100644 |
194 |
+--- a/net/bluetooth/hci_sock.c |
195 |
++++ b/net/bluetooth/hci_sock.c |
196 |
+@@ -576,6 +576,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char |
197 |
+ { |
198 |
+ struct hci_filter *f = &hci_pi(sk)->filter; |
199 |
+ |
200 |
++ memset(&uf, 0, sizeof(uf)); |
201 |
+ uf.type_mask = f->type_mask; |
202 |
+ uf.opcode = f->opcode; |
203 |
+ uf.event_mask[0] = *((u32 *) f->event_mask + 0); |
204 |
+diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c |
205 |
+index 1ae3f80..c47b7c4 100644 |
206 |
+--- a/net/bluetooth/rfcomm/sock.c |
207 |
++++ b/net/bluetooth/rfcomm/sock.c |
208 |
+@@ -543,6 +543,7 @@ static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int * |
209 |
+ |
210 |
+ BT_DBG("sock %p, sk %p", sock, sk); |
211 |
+ |
212 |
++ memset(sa, 0, sizeof(*sa)); |
213 |
+ sa->rc_family = AF_BLUETOOTH; |
214 |
+ sa->rc_channel = rfcomm_pi(sk)->channel; |
215 |
+ if (peer) |
216 |
+diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c |
217 |
+index 5f6a305..00b8f21 100644 |
218 |
+--- a/net/bluetooth/rfcomm/tty.c |
219 |
++++ b/net/bluetooth/rfcomm/tty.c |
220 |
+@@ -472,7 +472,8 @@ static int rfcomm_get_dev_list(void __user *arg) |
221 |
+ |
222 |
+ size = sizeof(*dl) + dev_num * sizeof(*di); |
223 |
+ |
224 |
+- if (!(dl = kmalloc(size, GFP_KERNEL))) |
225 |
++ dl = kzalloc(size, GFP_KERNEL); |
226 |
++ if (!dl) |
227 |
+ return -ENOMEM; |
228 |
+ |
229 |
+ di = dl->dev_info; |
230 |
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h |
231 |
index 8567d47..bba2292 100644 |
232 |
--- a/net/bridge/br_private.h |
233 |
@@ -103592,6 +103688,28 @@ index 6605e75..3acebda 100644 |
234 |
} |
235 |
EXPORT_SYMBOL(sock_init_data); |
236 |
|
237 |
+diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h |
238 |
+index facedd2..ab260b0 100644 |
239 |
+--- a/net/dccp/ccid.h |
240 |
++++ b/net/dccp/ccid.h |
241 |
+@@ -214,7 +214,7 @@ static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk, |
242 |
+ u32 __user *optval, int __user *optlen) |
243 |
+ { |
244 |
+ int rc = -ENOPROTOOPT; |
245 |
+- if (ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL) |
246 |
++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL) |
247 |
+ rc = ccid->ccid_ops->ccid_hc_rx_getsockopt(sk, optname, len, |
248 |
+ optval, optlen); |
249 |
+ return rc; |
250 |
+@@ -225,7 +225,7 @@ static inline int ccid_hc_tx_getsockopt(struct ccid *ccid, struct sock *sk, |
251 |
+ u32 __user *optval, int __user *optlen) |
252 |
+ { |
253 |
+ int rc = -ENOPROTOOPT; |
254 |
+- if (ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL) |
255 |
++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL) |
256 |
+ rc = ccid->ccid_ops->ccid_hc_tx_getsockopt(sk, optname, len, |
257 |
+ optval, optlen); |
258 |
+ return rc; |
259 |
diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c |
260 |
index 2036568..c55883d 100644 |
261 |
--- a/net/decnet/sysctl_net_decnet.c |
262 |
@@ -104961,6 +105079,26 @@ index bda96d1..c038b72 100644 |
263 |
used = 1; |
264 |
} |
265 |
|
266 |
+diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c |
267 |
+index 2da8d14..606b6ad 100644 |
268 |
+--- a/net/llc/af_llc.c |
269 |
++++ b/net/llc/af_llc.c |
270 |
+@@ -912,14 +912,13 @@ static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr, |
271 |
+ struct sockaddr_llc sllc; |
272 |
+ struct sock *sk = sock->sk; |
273 |
+ struct llc_sock *llc = llc_sk(sk); |
274 |
+- int rc = 0; |
275 |
++ int rc = -EBADF; |
276 |
+ |
277 |
+ memset(&sllc, 0, sizeof(sllc)); |
278 |
+ lock_sock(sk); |
279 |
+ if (sock_flag(sk, SOCK_ZAPPED)) |
280 |
+ goto out; |
281 |
+ *uaddrlen = sizeof(sllc); |
282 |
+- memset(uaddr, 0, *uaddrlen); |
283 |
+ if (peer) { |
284 |
+ rc = -ENOTCONN; |
285 |
+ if (sk->sk_state != TCP_ESTABLISHED) |
286 |
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c |
287 |
index fe2d3f8..e57f683 100644 |
288 |
--- a/net/mac80211/cfg.c |
289 |
|
290 |
diff --git a/3.2.27/0000_README b/3.2.28/0000_README |
291 |
similarity index 93% |
292 |
rename from 3.2.27/0000_README |
293 |
rename to 3.2.28/0000_README |
294 |
index f12c523..c88942b 100644 |
295 |
--- a/3.2.27/0000_README |
296 |
+++ b/3.2.28/0000_README |
297 |
@@ -26,7 +26,11 @@ Patch: 1026_linux-3.2.27.patch |
298 |
From: http://www.kernel.org |
299 |
Desc: Linux 3.2.27 |
300 |
|
301 |
-Patch: 4420_grsecurity-2.9.1-3.2.27-201208201521.patch |
302 |
+Patch: 1027_linux-3.2.28.patch |
303 |
+From: http://www.kernel.org |
304 |
+Desc: Linux 3.2.28 |
305 |
+ |
306 |
+Patch: 4420_grsecurity-2.9.1-3.2.28-201208222030.patch |
307 |
From: http://www.grsecurity.net |
308 |
Desc: hardened-sources base patch from upstream grsecurity |
309 |
|
310 |
|
311 |
diff --git a/3.2.27/1021_linux-3.2.22.patch b/3.2.28/1021_linux-3.2.22.patch |
312 |
similarity index 100% |
313 |
rename from 3.2.27/1021_linux-3.2.22.patch |
314 |
rename to 3.2.28/1021_linux-3.2.22.patch |
315 |
|
316 |
diff --git a/3.2.27/1022_linux-3.2.23.patch b/3.2.28/1022_linux-3.2.23.patch |
317 |
similarity index 100% |
318 |
rename from 3.2.27/1022_linux-3.2.23.patch |
319 |
rename to 3.2.28/1022_linux-3.2.23.patch |
320 |
|
321 |
diff --git a/3.2.27/1023_linux-3.2.24.patch b/3.2.28/1023_linux-3.2.24.patch |
322 |
similarity index 100% |
323 |
rename from 3.2.27/1023_linux-3.2.24.patch |
324 |
rename to 3.2.28/1023_linux-3.2.24.patch |
325 |
|
326 |
diff --git a/3.2.27/1024_linux-3.2.25.patch b/3.2.28/1024_linux-3.2.25.patch |
327 |
similarity index 100% |
328 |
rename from 3.2.27/1024_linux-3.2.25.patch |
329 |
rename to 3.2.28/1024_linux-3.2.25.patch |
330 |
|
331 |
diff --git a/3.2.27/1025_linux-3.2.26.patch b/3.2.28/1025_linux-3.2.26.patch |
332 |
similarity index 100% |
333 |
rename from 3.2.27/1025_linux-3.2.26.patch |
334 |
rename to 3.2.28/1025_linux-3.2.26.patch |
335 |
|
336 |
diff --git a/3.2.27/1026_linux-3.2.27.patch b/3.2.28/1026_linux-3.2.27.patch |
337 |
similarity index 100% |
338 |
rename from 3.2.27/1026_linux-3.2.27.patch |
339 |
rename to 3.2.28/1026_linux-3.2.27.patch |
340 |
|
341 |
diff --git a/3.2.28/1027_linux-3.2.28.patch b/3.2.28/1027_linux-3.2.28.patch |
342 |
new file mode 100644 |
343 |
index 0000000..4dbba4b |
344 |
--- /dev/null |
345 |
+++ b/3.2.28/1027_linux-3.2.28.patch |
346 |
@@ -0,0 +1,1114 @@ |
347 |
+diff --git a/Makefile b/Makefile |
348 |
+index bdf851f..5368961 100644 |
349 |
+--- a/Makefile |
350 |
++++ b/Makefile |
351 |
+@@ -1,6 +1,6 @@ |
352 |
+ VERSION = 3 |
353 |
+ PATCHLEVEL = 2 |
354 |
+-SUBLEVEL = 27 |
355 |
++SUBLEVEL = 28 |
356 |
+ EXTRAVERSION = |
357 |
+ NAME = Saber-toothed Squirrel |
358 |
+ |
359 |
+diff --git a/arch/arm/configs/mxs_defconfig b/arch/arm/configs/mxs_defconfig |
360 |
+index 6ee781b..3ee3e84 100644 |
361 |
+--- a/arch/arm/configs/mxs_defconfig |
362 |
++++ b/arch/arm/configs/mxs_defconfig |
363 |
+@@ -32,7 +32,6 @@ CONFIG_NO_HZ=y |
364 |
+ CONFIG_HIGH_RES_TIMERS=y |
365 |
+ CONFIG_PREEMPT_VOLUNTARY=y |
366 |
+ CONFIG_AEABI=y |
367 |
+-CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 |
368 |
+ CONFIG_AUTO_ZRELADDR=y |
369 |
+ CONFIG_FPE_NWFPE=y |
370 |
+ CONFIG_NET=y |
371 |
+diff --git a/arch/arm/mach-pxa/raumfeld.c b/arch/arm/mach-pxa/raumfeld.c |
372 |
+index f0c05f4..ae7786d 100644 |
373 |
+--- a/arch/arm/mach-pxa/raumfeld.c |
374 |
++++ b/arch/arm/mach-pxa/raumfeld.c |
375 |
+@@ -951,12 +951,12 @@ static struct i2c_board_info raumfeld_connector_i2c_board_info __initdata = { |
376 |
+ |
377 |
+ static struct eeti_ts_platform_data eeti_ts_pdata = { |
378 |
+ .irq_active_high = 1, |
379 |
++ .irq_gpio = GPIO_TOUCH_IRQ, |
380 |
+ }; |
381 |
+ |
382 |
+ static struct i2c_board_info raumfeld_controller_i2c_board_info __initdata = { |
383 |
+ .type = "eeti_ts", |
384 |
+ .addr = 0x0a, |
385 |
+- .irq = gpio_to_irq(GPIO_TOUCH_IRQ), |
386 |
+ .platform_data = &eeti_ts_pdata, |
387 |
+ }; |
388 |
+ |
389 |
+diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c |
390 |
+index 84a9828..38c6645 100644 |
391 |
+--- a/arch/s390/kernel/compat_linux.c |
392 |
++++ b/arch/s390/kernel/compat_linux.c |
393 |
+@@ -615,7 +615,6 @@ asmlinkage unsigned long old32_mmap(struct mmap_arg_struct_emu31 __user *arg) |
394 |
+ return -EFAULT; |
395 |
+ if (a.offset & ~PAGE_MASK) |
396 |
+ return -EINVAL; |
397 |
+- a.addr = (unsigned long) compat_ptr(a.addr); |
398 |
+ return sys_mmap_pgoff(a.addr, a.len, a.prot, a.flags, a.fd, |
399 |
+ a.offset >> PAGE_SHIFT); |
400 |
+ } |
401 |
+@@ -626,7 +625,6 @@ asmlinkage long sys32_mmap2(struct mmap_arg_struct_emu31 __user *arg) |
402 |
+ |
403 |
+ if (copy_from_user(&a, arg, sizeof(a))) |
404 |
+ return -EFAULT; |
405 |
+- a.addr = (unsigned long) compat_ptr(a.addr); |
406 |
+ return sys_mmap_pgoff(a.addr, a.len, a.prot, a.flags, a.fd, a.offset); |
407 |
+ } |
408 |
+ |
409 |
+diff --git a/arch/s390/kernel/compat_wrapper.S b/arch/s390/kernel/compat_wrapper.S |
410 |
+index 18c51df..25408d3 100644 |
411 |
+--- a/arch/s390/kernel/compat_wrapper.S |
412 |
++++ b/arch/s390/kernel/compat_wrapper.S |
413 |
+@@ -1636,7 +1636,7 @@ ENTRY(compat_sys_process_vm_readv_wrapper) |
414 |
+ llgfr %r6,%r6 # unsigned long |
415 |
+ llgf %r0,164(%r15) # unsigned long |
416 |
+ stg %r0,160(%r15) |
417 |
+- jg sys_process_vm_readv |
418 |
++ jg compat_sys_process_vm_readv |
419 |
+ |
420 |
+ ENTRY(compat_sys_process_vm_writev_wrapper) |
421 |
+ lgfr %r2,%r2 # compat_pid_t |
422 |
+@@ -1646,4 +1646,4 @@ ENTRY(compat_sys_process_vm_writev_wrapper) |
423 |
+ llgfr %r6,%r6 # unsigned long |
424 |
+ llgf %r0,164(%r15) # unsigned long |
425 |
+ stg %r0,160(%r15) |
426 |
+- jg sys_process_vm_writev |
427 |
++ jg compat_sys_process_vm_writev |
428 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
429 |
+index 7315488..407789b 100644 |
430 |
+--- a/arch/x86/kvm/vmx.c |
431 |
++++ b/arch/x86/kvm/vmx.c |
432 |
+@@ -1956,6 +1956,7 @@ static __init void nested_vmx_setup_ctls_msrs(void) |
433 |
+ #endif |
434 |
+ CPU_BASED_MOV_DR_EXITING | CPU_BASED_UNCOND_IO_EXITING | |
435 |
+ CPU_BASED_USE_IO_BITMAPS | CPU_BASED_MONITOR_EXITING | |
436 |
++ CPU_BASED_RDPMC_EXITING | |
437 |
+ CPU_BASED_ACTIVATE_SECONDARY_CONTROLS; |
438 |
+ /* |
439 |
+ * We can allow some features even when not supported by the |
440 |
+diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h |
441 |
+index d62c731..c364358 100644 |
442 |
+--- a/drivers/gpu/drm/i915/i915_drv.h |
443 |
++++ b/drivers/gpu/drm/i915/i915_drv.h |
444 |
+@@ -1170,12 +1170,7 @@ i915_seqno_passed(uint32_t seq1, uint32_t seq2) |
445 |
+ return (int32_t)(seq1 - seq2) >= 0; |
446 |
+ } |
447 |
+ |
448 |
+-static inline u32 |
449 |
+-i915_gem_next_request_seqno(struct intel_ring_buffer *ring) |
450 |
+-{ |
451 |
+- drm_i915_private_t *dev_priv = ring->dev->dev_private; |
452 |
+- return ring->outstanding_lazy_request = dev_priv->next_seqno; |
453 |
+-} |
454 |
++u32 i915_gem_next_request_seqno(struct intel_ring_buffer *ring); |
455 |
+ |
456 |
+ int __must_check i915_gem_object_get_fence(struct drm_i915_gem_object *obj, |
457 |
+ struct intel_ring_buffer *pipelined); |
458 |
+diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c |
459 |
+index 3e2edc6..548a400 100644 |
460 |
+--- a/drivers/gpu/drm/i915/i915_gem.c |
461 |
++++ b/drivers/gpu/drm/i915/i915_gem.c |
462 |
+@@ -1647,6 +1647,28 @@ i915_gem_process_flushing_list(struct intel_ring_buffer *ring, |
463 |
+ } |
464 |
+ } |
465 |
+ |
466 |
++static u32 |
467 |
++i915_gem_get_seqno(struct drm_device *dev) |
468 |
++{ |
469 |
++ drm_i915_private_t *dev_priv = dev->dev_private; |
470 |
++ u32 seqno = dev_priv->next_seqno; |
471 |
++ |
472 |
++ /* reserve 0 for non-seqno */ |
473 |
++ if (++dev_priv->next_seqno == 0) |
474 |
++ dev_priv->next_seqno = 1; |
475 |
++ |
476 |
++ return seqno; |
477 |
++} |
478 |
++ |
479 |
++u32 |
480 |
++i915_gem_next_request_seqno(struct intel_ring_buffer *ring) |
481 |
++{ |
482 |
++ if (ring->outstanding_lazy_request == 0) |
483 |
++ ring->outstanding_lazy_request = i915_gem_get_seqno(ring->dev); |
484 |
++ |
485 |
++ return ring->outstanding_lazy_request; |
486 |
++} |
487 |
++ |
488 |
+ int |
489 |
+ i915_add_request(struct intel_ring_buffer *ring, |
490 |
+ struct drm_file *file, |
491 |
+@@ -1658,6 +1680,7 @@ i915_add_request(struct intel_ring_buffer *ring, |
492 |
+ int ret; |
493 |
+ |
494 |
+ BUG_ON(request == NULL); |
495 |
++ seqno = i915_gem_next_request_seqno(ring); |
496 |
+ |
497 |
+ ret = ring->add_request(ring, &seqno); |
498 |
+ if (ret) |
499 |
+diff --git a/drivers/gpu/drm/i915/intel_ringbuffer.c b/drivers/gpu/drm/i915/intel_ringbuffer.c |
500 |
+index f6613dc..19085c0 100644 |
501 |
+--- a/drivers/gpu/drm/i915/intel_ringbuffer.c |
502 |
++++ b/drivers/gpu/drm/i915/intel_ringbuffer.c |
503 |
+@@ -52,20 +52,6 @@ static inline int ring_space(struct intel_ring_buffer *ring) |
504 |
+ return space; |
505 |
+ } |
506 |
+ |
507 |
+-static u32 i915_gem_get_seqno(struct drm_device *dev) |
508 |
+-{ |
509 |
+- drm_i915_private_t *dev_priv = dev->dev_private; |
510 |
+- u32 seqno; |
511 |
+- |
512 |
+- seqno = dev_priv->next_seqno; |
513 |
+- |
514 |
+- /* reserve 0 for non-seqno */ |
515 |
+- if (++dev_priv->next_seqno == 0) |
516 |
+- dev_priv->next_seqno = 1; |
517 |
+- |
518 |
+- return seqno; |
519 |
+-} |
520 |
+- |
521 |
+ static int |
522 |
+ render_ring_flush(struct intel_ring_buffer *ring, |
523 |
+ u32 invalidate_domains, |
524 |
+@@ -277,8 +263,6 @@ static int init_ring_common(struct intel_ring_buffer *ring) |
525 |
+ I915_WRITE_HEAD(ring, 0); |
526 |
+ ring->write_tail(ring, 0); |
527 |
+ |
528 |
+- /* Initialize the ring. */ |
529 |
+- I915_WRITE_START(ring, obj->gtt_offset); |
530 |
+ head = I915_READ_HEAD(ring) & HEAD_ADDR; |
531 |
+ |
532 |
+ /* G45 ring initialization fails to reset head to zero */ |
533 |
+@@ -304,14 +288,19 @@ static int init_ring_common(struct intel_ring_buffer *ring) |
534 |
+ } |
535 |
+ } |
536 |
+ |
537 |
++ /* Initialize the ring. This must happen _after_ we've cleared the ring |
538 |
++ * registers with the above sequence (the readback of the HEAD registers |
539 |
++ * also enforces ordering), otherwise the hw might lose the new ring |
540 |
++ * register values. */ |
541 |
++ I915_WRITE_START(ring, obj->gtt_offset); |
542 |
+ I915_WRITE_CTL(ring, |
543 |
+ ((ring->size - PAGE_SIZE) & RING_NR_PAGES) |
544 |
+ | RING_VALID); |
545 |
+ |
546 |
+ /* If the head is still not zero, the ring is dead */ |
547 |
+- if ((I915_READ_CTL(ring) & RING_VALID) == 0 || |
548 |
+- I915_READ_START(ring) != obj->gtt_offset || |
549 |
+- (I915_READ_HEAD(ring) & HEAD_ADDR) != 0) { |
550 |
++ if (wait_for((I915_READ_CTL(ring) & RING_VALID) != 0 && |
551 |
++ I915_READ_START(ring) == obj->gtt_offset && |
552 |
++ (I915_READ_HEAD(ring) & HEAD_ADDR) == 0, 50)) { |
553 |
+ DRM_ERROR("%s initialization failed " |
554 |
+ "ctl %08x head %08x tail %08x start %08x\n", |
555 |
+ ring->name, |
556 |
+@@ -488,7 +477,7 @@ gen6_add_request(struct intel_ring_buffer *ring, |
557 |
+ mbox1_reg = ring->signal_mbox[0]; |
558 |
+ mbox2_reg = ring->signal_mbox[1]; |
559 |
+ |
560 |
+- *seqno = i915_gem_get_seqno(ring->dev); |
561 |
++ *seqno = i915_gem_next_request_seqno(ring); |
562 |
+ |
563 |
+ update_mboxes(ring, *seqno, mbox1_reg); |
564 |
+ update_mboxes(ring, *seqno, mbox2_reg); |
565 |
+@@ -586,8 +575,7 @@ static int |
566 |
+ pc_render_add_request(struct intel_ring_buffer *ring, |
567 |
+ u32 *result) |
568 |
+ { |
569 |
+- struct drm_device *dev = ring->dev; |
570 |
+- u32 seqno = i915_gem_get_seqno(dev); |
571 |
++ u32 seqno = i915_gem_next_request_seqno(ring); |
572 |
+ struct pipe_control *pc = ring->private; |
573 |
+ u32 scratch_addr = pc->gtt_offset + 128; |
574 |
+ int ret; |
575 |
+@@ -638,8 +626,7 @@ static int |
576 |
+ render_ring_add_request(struct intel_ring_buffer *ring, |
577 |
+ u32 *result) |
578 |
+ { |
579 |
+- struct drm_device *dev = ring->dev; |
580 |
+- u32 seqno = i915_gem_get_seqno(dev); |
581 |
++ u32 seqno = i915_gem_next_request_seqno(ring); |
582 |
+ int ret; |
583 |
+ |
584 |
+ ret = intel_ring_begin(ring, 4); |
585 |
+@@ -813,7 +800,7 @@ ring_add_request(struct intel_ring_buffer *ring, |
586 |
+ if (ret) |
587 |
+ return ret; |
588 |
+ |
589 |
+- seqno = i915_gem_get_seqno(ring->dev); |
590 |
++ seqno = i915_gem_next_request_seqno(ring); |
591 |
+ |
592 |
+ intel_ring_emit(ring, MI_STORE_DWORD_INDEX); |
593 |
+ intel_ring_emit(ring, I915_GEM_HWS_INDEX << MI_STORE_DWORD_INDEX_SHIFT); |
594 |
+diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c |
595 |
+index 931f4df..fc0633c 100644 |
596 |
+--- a/drivers/gpu/drm/radeon/evergreen.c |
597 |
++++ b/drivers/gpu/drm/radeon/evergreen.c |
598 |
+@@ -1065,24 +1065,8 @@ void evergreen_agp_enable(struct radeon_device *rdev) |
599 |
+ |
600 |
+ void evergreen_mc_stop(struct radeon_device *rdev, struct evergreen_mc_save *save) |
601 |
+ { |
602 |
+- save->vga_control[0] = RREG32(D1VGA_CONTROL); |
603 |
+- save->vga_control[1] = RREG32(D2VGA_CONTROL); |
604 |
+ save->vga_render_control = RREG32(VGA_RENDER_CONTROL); |
605 |
+ save->vga_hdp_control = RREG32(VGA_HDP_CONTROL); |
606 |
+- save->crtc_control[0] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC0_REGISTER_OFFSET); |
607 |
+- save->crtc_control[1] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC1_REGISTER_OFFSET); |
608 |
+- if (rdev->num_crtc >= 4) { |
609 |
+- save->vga_control[2] = RREG32(EVERGREEN_D3VGA_CONTROL); |
610 |
+- save->vga_control[3] = RREG32(EVERGREEN_D4VGA_CONTROL); |
611 |
+- save->crtc_control[2] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC2_REGISTER_OFFSET); |
612 |
+- save->crtc_control[3] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC3_REGISTER_OFFSET); |
613 |
+- } |
614 |
+- if (rdev->num_crtc >= 6) { |
615 |
+- save->vga_control[4] = RREG32(EVERGREEN_D5VGA_CONTROL); |
616 |
+- save->vga_control[5] = RREG32(EVERGREEN_D6VGA_CONTROL); |
617 |
+- save->crtc_control[4] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC4_REGISTER_OFFSET); |
618 |
+- save->crtc_control[5] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC5_REGISTER_OFFSET); |
619 |
+- } |
620 |
+ |
621 |
+ /* Stop all video */ |
622 |
+ WREG32(VGA_RENDER_CONTROL, 0); |
623 |
+@@ -1193,47 +1177,6 @@ void evergreen_mc_resume(struct radeon_device *rdev, struct evergreen_mc_save *s |
624 |
+ /* Unlock host access */ |
625 |
+ WREG32(VGA_HDP_CONTROL, save->vga_hdp_control); |
626 |
+ mdelay(1); |
627 |
+- /* Restore video state */ |
628 |
+- WREG32(D1VGA_CONTROL, save->vga_control[0]); |
629 |
+- WREG32(D2VGA_CONTROL, save->vga_control[1]); |
630 |
+- if (rdev->num_crtc >= 4) { |
631 |
+- WREG32(EVERGREEN_D3VGA_CONTROL, save->vga_control[2]); |
632 |
+- WREG32(EVERGREEN_D4VGA_CONTROL, save->vga_control[3]); |
633 |
+- } |
634 |
+- if (rdev->num_crtc >= 6) { |
635 |
+- WREG32(EVERGREEN_D5VGA_CONTROL, save->vga_control[4]); |
636 |
+- WREG32(EVERGREEN_D6VGA_CONTROL, save->vga_control[5]); |
637 |
+- } |
638 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC0_REGISTER_OFFSET, 1); |
639 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC1_REGISTER_OFFSET, 1); |
640 |
+- if (rdev->num_crtc >= 4) { |
641 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC2_REGISTER_OFFSET, 1); |
642 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC3_REGISTER_OFFSET, 1); |
643 |
+- } |
644 |
+- if (rdev->num_crtc >= 6) { |
645 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC4_REGISTER_OFFSET, 1); |
646 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC5_REGISTER_OFFSET, 1); |
647 |
+- } |
648 |
+- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC0_REGISTER_OFFSET, save->crtc_control[0]); |
649 |
+- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC1_REGISTER_OFFSET, save->crtc_control[1]); |
650 |
+- if (rdev->num_crtc >= 4) { |
651 |
+- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC2_REGISTER_OFFSET, save->crtc_control[2]); |
652 |
+- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC3_REGISTER_OFFSET, save->crtc_control[3]); |
653 |
+- } |
654 |
+- if (rdev->num_crtc >= 6) { |
655 |
+- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC4_REGISTER_OFFSET, save->crtc_control[4]); |
656 |
+- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC5_REGISTER_OFFSET, save->crtc_control[5]); |
657 |
+- } |
658 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC0_REGISTER_OFFSET, 0); |
659 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC1_REGISTER_OFFSET, 0); |
660 |
+- if (rdev->num_crtc >= 4) { |
661 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC2_REGISTER_OFFSET, 0); |
662 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC3_REGISTER_OFFSET, 0); |
663 |
+- } |
664 |
+- if (rdev->num_crtc >= 6) { |
665 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC4_REGISTER_OFFSET, 0); |
666 |
+- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC5_REGISTER_OFFSET, 0); |
667 |
+- } |
668 |
+ WREG32(VGA_RENDER_CONTROL, save->vga_render_control); |
669 |
+ } |
670 |
+ |
671 |
+@@ -2080,10 +2023,18 @@ static void evergreen_gpu_init(struct radeon_device *rdev) |
672 |
+ if (rdev->flags & RADEON_IS_IGP) |
673 |
+ rdev->config.evergreen.tile_config |= 1 << 4; |
674 |
+ else { |
675 |
+- if ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) |
676 |
+- rdev->config.evergreen.tile_config |= 1 << 4; |
677 |
+- else |
678 |
++ switch ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) { |
679 |
++ case 0: /* four banks */ |
680 |
+ rdev->config.evergreen.tile_config |= 0 << 4; |
681 |
++ break; |
682 |
++ case 1: /* eight banks */ |
683 |
++ rdev->config.evergreen.tile_config |= 1 << 4; |
684 |
++ break; |
685 |
++ case 2: /* sixteen banks */ |
686 |
++ default: |
687 |
++ rdev->config.evergreen.tile_config |= 2 << 4; |
688 |
++ break; |
689 |
++ } |
690 |
+ } |
691 |
+ rdev->config.evergreen.tile_config |= |
692 |
+ ((mc_arb_ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT) << 8; |
693 |
+diff --git a/drivers/gpu/drm/radeon/ni.c b/drivers/gpu/drm/radeon/ni.c |
694 |
+index 9e50814..636255b 100644 |
695 |
+--- a/drivers/gpu/drm/radeon/ni.c |
696 |
++++ b/drivers/gpu/drm/radeon/ni.c |
697 |
+@@ -804,10 +804,18 @@ static void cayman_gpu_init(struct radeon_device *rdev) |
698 |
+ rdev->config.cayman.tile_config |= (3 << 0); |
699 |
+ break; |
700 |
+ } |
701 |
+- if ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) |
702 |
+- rdev->config.cayman.tile_config |= 1 << 4; |
703 |
+- else |
704 |
++ switch ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) { |
705 |
++ case 0: /* four banks */ |
706 |
+ rdev->config.cayman.tile_config |= 0 << 4; |
707 |
++ break; |
708 |
++ case 1: /* eight banks */ |
709 |
++ rdev->config.cayman.tile_config |= 1 << 4; |
710 |
++ break; |
711 |
++ case 2: /* sixteen banks */ |
712 |
++ default: |
713 |
++ rdev->config.cayman.tile_config |= 2 << 4; |
714 |
++ break; |
715 |
++ } |
716 |
+ rdev->config.cayman.tile_config |= |
717 |
+ ((gb_addr_config & PIPE_INTERLEAVE_SIZE_MASK) >> PIPE_INTERLEAVE_SIZE_SHIFT) << 8; |
718 |
+ rdev->config.cayman.tile_config |= |
719 |
+diff --git a/drivers/gpu/drm/radeon/radeon_asic.h b/drivers/gpu/drm/radeon/radeon_asic.h |
720 |
+index 5991484..5ce9402 100644 |
721 |
+--- a/drivers/gpu/drm/radeon/radeon_asic.h |
722 |
++++ b/drivers/gpu/drm/radeon/radeon_asic.h |
723 |
+@@ -253,13 +253,10 @@ void rs690_line_buffer_adjust(struct radeon_device *rdev, |
724 |
+ * rv515 |
725 |
+ */ |
726 |
+ struct rv515_mc_save { |
727 |
+- u32 d1vga_control; |
728 |
+- u32 d2vga_control; |
729 |
+ u32 vga_render_control; |
730 |
+ u32 vga_hdp_control; |
731 |
+- u32 d1crtc_control; |
732 |
+- u32 d2crtc_control; |
733 |
+ }; |
734 |
++ |
735 |
+ int rv515_init(struct radeon_device *rdev); |
736 |
+ void rv515_fini(struct radeon_device *rdev); |
737 |
+ uint32_t rv515_mc_rreg(struct radeon_device *rdev, uint32_t reg); |
738 |
+@@ -387,11 +384,10 @@ void r700_cp_fini(struct radeon_device *rdev); |
739 |
+ * evergreen |
740 |
+ */ |
741 |
+ struct evergreen_mc_save { |
742 |
+- u32 vga_control[6]; |
743 |
+ u32 vga_render_control; |
744 |
+ u32 vga_hdp_control; |
745 |
+- u32 crtc_control[6]; |
746 |
+ }; |
747 |
++ |
748 |
+ void evergreen_pcie_gart_tlb_flush(struct radeon_device *rdev); |
749 |
+ int evergreen_init(struct radeon_device *rdev); |
750 |
+ void evergreen_fini(struct radeon_device *rdev); |
751 |
+diff --git a/drivers/gpu/drm/radeon/rv515.c b/drivers/gpu/drm/radeon/rv515.c |
752 |
+index 6613ee9..d5f45b4 100644 |
753 |
+--- a/drivers/gpu/drm/radeon/rv515.c |
754 |
++++ b/drivers/gpu/drm/radeon/rv515.c |
755 |
+@@ -281,12 +281,8 @@ int rv515_debugfs_ga_info_init(struct radeon_device *rdev) |
756 |
+ |
757 |
+ void rv515_mc_stop(struct radeon_device *rdev, struct rv515_mc_save *save) |
758 |
+ { |
759 |
+- save->d1vga_control = RREG32(R_000330_D1VGA_CONTROL); |
760 |
+- save->d2vga_control = RREG32(R_000338_D2VGA_CONTROL); |
761 |
+ save->vga_render_control = RREG32(R_000300_VGA_RENDER_CONTROL); |
762 |
+ save->vga_hdp_control = RREG32(R_000328_VGA_HDP_CONTROL); |
763 |
+- save->d1crtc_control = RREG32(R_006080_D1CRTC_CONTROL); |
764 |
+- save->d2crtc_control = RREG32(R_006880_D2CRTC_CONTROL); |
765 |
+ |
766 |
+ /* Stop all video */ |
767 |
+ WREG32(R_0068E8_D2CRTC_UPDATE_LOCK, 0); |
768 |
+@@ -311,15 +307,6 @@ void rv515_mc_resume(struct radeon_device *rdev, struct rv515_mc_save *save) |
769 |
+ /* Unlock host access */ |
770 |
+ WREG32(R_000328_VGA_HDP_CONTROL, save->vga_hdp_control); |
771 |
+ mdelay(1); |
772 |
+- /* Restore video state */ |
773 |
+- WREG32(R_000330_D1VGA_CONTROL, save->d1vga_control); |
774 |
+- WREG32(R_000338_D2VGA_CONTROL, save->d2vga_control); |
775 |
+- WREG32(R_0060E8_D1CRTC_UPDATE_LOCK, 1); |
776 |
+- WREG32(R_0068E8_D2CRTC_UPDATE_LOCK, 1); |
777 |
+- WREG32(R_006080_D1CRTC_CONTROL, save->d1crtc_control); |
778 |
+- WREG32(R_006880_D2CRTC_CONTROL, save->d2crtc_control); |
779 |
+- WREG32(R_0060E8_D1CRTC_UPDATE_LOCK, 0); |
780 |
+- WREG32(R_0068E8_D2CRTC_UPDATE_LOCK, 0); |
781 |
+ WREG32(R_000300_VGA_RENDER_CONTROL, save->vga_render_control); |
782 |
+ } |
783 |
+ |
784 |
+diff --git a/drivers/input/touchscreen/eeti_ts.c b/drivers/input/touchscreen/eeti_ts.c |
785 |
+index 7f8f538..4f938bb 100644 |
786 |
+--- a/drivers/input/touchscreen/eeti_ts.c |
787 |
++++ b/drivers/input/touchscreen/eeti_ts.c |
788 |
+@@ -48,7 +48,7 @@ struct eeti_ts_priv { |
789 |
+ struct input_dev *input; |
790 |
+ struct work_struct work; |
791 |
+ struct mutex mutex; |
792 |
+- int irq, irq_active_high; |
793 |
++ int irq_gpio, irq, irq_active_high; |
794 |
+ }; |
795 |
+ |
796 |
+ #define EETI_TS_BITDEPTH (11) |
797 |
+@@ -62,7 +62,7 @@ struct eeti_ts_priv { |
798 |
+ |
799 |
+ static inline int eeti_ts_irq_active(struct eeti_ts_priv *priv) |
800 |
+ { |
801 |
+- return gpio_get_value(irq_to_gpio(priv->irq)) == priv->irq_active_high; |
802 |
++ return gpio_get_value(priv->irq_gpio) == priv->irq_active_high; |
803 |
+ } |
804 |
+ |
805 |
+ static void eeti_ts_read(struct work_struct *work) |
806 |
+@@ -157,7 +157,7 @@ static void eeti_ts_close(struct input_dev *dev) |
807 |
+ static int __devinit eeti_ts_probe(struct i2c_client *client, |
808 |
+ const struct i2c_device_id *idp) |
809 |
+ { |
810 |
+- struct eeti_ts_platform_data *pdata; |
811 |
++ struct eeti_ts_platform_data *pdata = client->dev.platform_data; |
812 |
+ struct eeti_ts_priv *priv; |
813 |
+ struct input_dev *input; |
814 |
+ unsigned int irq_flags; |
815 |
+@@ -199,9 +199,12 @@ static int __devinit eeti_ts_probe(struct i2c_client *client, |
816 |
+ |
817 |
+ priv->client = client; |
818 |
+ priv->input = input; |
819 |
+- priv->irq = client->irq; |
820 |
++ priv->irq_gpio = pdata->irq_gpio; |
821 |
++ priv->irq = gpio_to_irq(pdata->irq_gpio); |
822 |
+ |
823 |
+- pdata = client->dev.platform_data; |
824 |
++ err = gpio_request_one(pdata->irq_gpio, GPIOF_IN, client->name); |
825 |
++ if (err < 0) |
826 |
++ goto err1; |
827 |
+ |
828 |
+ if (pdata) |
829 |
+ priv->irq_active_high = pdata->irq_active_high; |
830 |
+@@ -215,13 +218,13 @@ static int __devinit eeti_ts_probe(struct i2c_client *client, |
831 |
+ |
832 |
+ err = input_register_device(input); |
833 |
+ if (err) |
834 |
+- goto err1; |
835 |
++ goto err2; |
836 |
+ |
837 |
+ err = request_irq(priv->irq, eeti_ts_isr, irq_flags, |
838 |
+ client->name, priv); |
839 |
+ if (err) { |
840 |
+ dev_err(&client->dev, "Unable to request touchscreen IRQ.\n"); |
841 |
+- goto err2; |
842 |
++ goto err3; |
843 |
+ } |
844 |
+ |
845 |
+ /* |
846 |
+@@ -233,9 +236,11 @@ static int __devinit eeti_ts_probe(struct i2c_client *client, |
847 |
+ device_init_wakeup(&client->dev, 0); |
848 |
+ return 0; |
849 |
+ |
850 |
+-err2: |
851 |
++err3: |
852 |
+ input_unregister_device(input); |
853 |
+ input = NULL; /* so we dont try to free it below */ |
854 |
++err2: |
855 |
++ gpio_free(pdata->irq_gpio); |
856 |
+ err1: |
857 |
+ input_free_device(input); |
858 |
+ kfree(priv); |
859 |
+diff --git a/drivers/mfd/ezx-pcap.c b/drivers/mfd/ezx-pcap.c |
860 |
+index 43a76c4..db662e2 100644 |
861 |
+--- a/drivers/mfd/ezx-pcap.c |
862 |
++++ b/drivers/mfd/ezx-pcap.c |
863 |
+@@ -202,7 +202,7 @@ static void pcap_isr_work(struct work_struct *work) |
864 |
+ } |
865 |
+ local_irq_enable(); |
866 |
+ ezx_pcap_write(pcap, PCAP_REG_MSR, pcap->msr); |
867 |
+- } while (gpio_get_value(irq_to_gpio(pcap->spi->irq))); |
868 |
++ } while (gpio_get_value(pdata->gpio)); |
869 |
+ } |
870 |
+ |
871 |
+ static void pcap_irq_handler(unsigned int irq, struct irq_desc *desc) |
872 |
+diff --git a/drivers/net/caif/caif_serial.c b/drivers/net/caif/caif_serial.c |
873 |
+index 23406e6..ae286a9 100644 |
874 |
+--- a/drivers/net/caif/caif_serial.c |
875 |
++++ b/drivers/net/caif/caif_serial.c |
876 |
+@@ -325,6 +325,9 @@ static int ldisc_open(struct tty_struct *tty) |
877 |
+ |
878 |
+ sprintf(name, "cf%s", tty->name); |
879 |
+ dev = alloc_netdev(sizeof(*ser), name, caifdev_setup); |
880 |
++ if (!dev) |
881 |
++ return -ENOMEM; |
882 |
++ |
883 |
+ ser = netdev_priv(dev); |
884 |
+ ser->tty = tty_kref_get(tty); |
885 |
+ ser->dev = dev; |
886 |
+diff --git a/drivers/net/ethernet/broadcom/bnx2.c b/drivers/net/ethernet/broadcom/bnx2.c |
887 |
+index 965c723..721adfd 100644 |
888 |
+--- a/drivers/net/ethernet/broadcom/bnx2.c |
889 |
++++ b/drivers/net/ethernet/broadcom/bnx2.c |
890 |
+@@ -5378,7 +5378,7 @@ bnx2_free_tx_skbs(struct bnx2 *bp) |
891 |
+ int k, last; |
892 |
+ |
893 |
+ if (skb == NULL) { |
894 |
+- j++; |
895 |
++ j = NEXT_TX_BD(j); |
896 |
+ continue; |
897 |
+ } |
898 |
+ |
899 |
+@@ -5390,8 +5390,8 @@ bnx2_free_tx_skbs(struct bnx2 *bp) |
900 |
+ tx_buf->skb = NULL; |
901 |
+ |
902 |
+ last = tx_buf->nr_frags; |
903 |
+- j++; |
904 |
+- for (k = 0; k < last; k++, j++) { |
905 |
++ j = NEXT_TX_BD(j); |
906 |
++ for (k = 0; k < last; k++, j = NEXT_TX_BD(j)) { |
907 |
+ tx_buf = &txr->tx_buf_ring[TX_RING_IDX(j)]; |
908 |
+ dma_unmap_page(&bp->pdev->dev, |
909 |
+ dma_unmap_addr(tx_buf, mapping), |
910 |
+diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c |
911 |
+index de00805..0549261 100644 |
912 |
+--- a/drivers/net/ethernet/intel/e1000/e1000_main.c |
913 |
++++ b/drivers/net/ethernet/intel/e1000/e1000_main.c |
914 |
+@@ -4743,12 +4743,14 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool *enable_wake) |
915 |
+ e1000_setup_rctl(adapter); |
916 |
+ e1000_set_rx_mode(netdev); |
917 |
+ |
918 |
++ rctl = er32(RCTL); |
919 |
++ |
920 |
+ /* turn on all-multi mode if wake on multicast is enabled */ |
921 |
+- if (wufc & E1000_WUFC_MC) { |
922 |
+- rctl = er32(RCTL); |
923 |
++ if (wufc & E1000_WUFC_MC) |
924 |
+ rctl |= E1000_RCTL_MPE; |
925 |
+- ew32(RCTL, rctl); |
926 |
+- } |
927 |
++ |
928 |
++ /* enable receives in the hardware */ |
929 |
++ ew32(RCTL, rctl | E1000_RCTL_EN); |
930 |
+ |
931 |
+ if (hw->mac_type >= e1000_82540) { |
932 |
+ ctrl = er32(CTRL); |
933 |
+diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c |
934 |
+index 3072d35..4f4d52a 100644 |
935 |
+--- a/drivers/net/ethernet/intel/e1000e/82571.c |
936 |
++++ b/drivers/net/ethernet/intel/e1000e/82571.c |
937 |
+@@ -1600,10 +1600,8 @@ static s32 e1000_check_for_serdes_link_82571(struct e1000_hw *hw) |
938 |
+ * auto-negotiation in the TXCW register and disable |
939 |
+ * forced link in the Device Control register in an |
940 |
+ * attempt to auto-negotiate with our link partner. |
941 |
+- * If the partner code word is null, stop forcing |
942 |
+- * and restart auto negotiation. |
943 |
+ */ |
944 |
+- if ((rxcw & E1000_RXCW_C) || !(rxcw & E1000_RXCW_CW)) { |
945 |
++ if (rxcw & E1000_RXCW_C) { |
946 |
+ /* Enable autoneg, and unforce link up */ |
947 |
+ ew32(TXCW, mac->txcw); |
948 |
+ ew32(CTRL, (ctrl & ~E1000_CTRL_SLU)); |
949 |
+diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
950 |
+index 7bea9c6..a12c9bf 100644 |
951 |
+--- a/drivers/net/tun.c |
952 |
++++ b/drivers/net/tun.c |
953 |
+@@ -1243,10 +1243,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, |
954 |
+ int vnet_hdr_sz; |
955 |
+ int ret; |
956 |
+ |
957 |
+- if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) |
958 |
++ if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) { |
959 |
+ if (copy_from_user(&ifr, argp, ifreq_len)) |
960 |
+ return -EFAULT; |
961 |
+- |
962 |
++ } else { |
963 |
++ memset(&ifr, 0, sizeof(ifr)); |
964 |
++ } |
965 |
+ if (cmd == TUNGETFEATURES) { |
966 |
+ /* Currently this just means: "what IFF flags are valid?". |
967 |
+ * This is needed because we never checked for invalid flags on |
968 |
+diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c |
969 |
+index 582ca2d..c4c6a73 100644 |
970 |
+--- a/drivers/net/usb/kaweth.c |
971 |
++++ b/drivers/net/usb/kaweth.c |
972 |
+@@ -1308,7 +1308,7 @@ static int kaweth_internal_control_msg(struct usb_device *usb_dev, |
973 |
+ int retv; |
974 |
+ int length = 0; /* shut up GCC */ |
975 |
+ |
976 |
+- urb = usb_alloc_urb(0, GFP_NOIO); |
977 |
++ urb = usb_alloc_urb(0, GFP_ATOMIC); |
978 |
+ if (!urb) |
979 |
+ return -ENOMEM; |
980 |
+ |
981 |
+diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c |
982 |
+index 7f97164..2b8e957 100644 |
983 |
+--- a/drivers/net/wireless/ath/ath9k/hw.c |
984 |
++++ b/drivers/net/wireless/ath/ath9k/hw.c |
985 |
+@@ -674,6 +674,7 @@ int ath9k_hw_init(struct ath_hw *ah) |
986 |
+ case AR9300_DEVID_AR9340: |
987 |
+ case AR9300_DEVID_AR9580: |
988 |
+ case AR9300_DEVID_AR9462: |
989 |
++ case AR9485_DEVID_AR1111: |
990 |
+ break; |
991 |
+ default: |
992 |
+ if (common->bus_ops->ath_bus_type == ATH_USB) |
993 |
+diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h |
994 |
+index 1bd8edf..a5c4ba8 100644 |
995 |
+--- a/drivers/net/wireless/ath/ath9k/hw.h |
996 |
++++ b/drivers/net/wireless/ath/ath9k/hw.h |
997 |
+@@ -48,6 +48,7 @@ |
998 |
+ #define AR9300_DEVID_AR9580 0x0033 |
999 |
+ #define AR9300_DEVID_AR9462 0x0034 |
1000 |
+ #define AR9300_DEVID_AR9330 0x0035 |
1001 |
++#define AR9485_DEVID_AR1111 0x0037 |
1002 |
+ |
1003 |
+ #define AR5416_AR9100_DEVID 0x000b |
1004 |
+ |
1005 |
+diff --git a/drivers/net/wireless/ath/ath9k/pci.c b/drivers/net/wireless/ath/ath9k/pci.c |
1006 |
+index 2dcdf63..1883d39 100644 |
1007 |
+--- a/drivers/net/wireless/ath/ath9k/pci.c |
1008 |
++++ b/drivers/net/wireless/ath/ath9k/pci.c |
1009 |
+@@ -35,6 +35,7 @@ static DEFINE_PCI_DEVICE_TABLE(ath_pci_id_table) = { |
1010 |
+ { PCI_VDEVICE(ATHEROS, 0x0032) }, /* PCI-E AR9485 */ |
1011 |
+ { PCI_VDEVICE(ATHEROS, 0x0033) }, /* PCI-E AR9580 */ |
1012 |
+ { PCI_VDEVICE(ATHEROS, 0x0034) }, /* PCI-E AR9462 */ |
1013 |
++ { PCI_VDEVICE(ATHEROS, 0x0037) }, /* PCI-E AR1111/AR9485 */ |
1014 |
+ { 0 } |
1015 |
+ }; |
1016 |
+ |
1017 |
+diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c |
1018 |
+index 9ba2c1b..3395025 100644 |
1019 |
+--- a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c |
1020 |
++++ b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c |
1021 |
+@@ -708,11 +708,14 @@ static int rs_toggle_antenna(u32 valid_ant, u32 *rate_n_flags, |
1022 |
+ */ |
1023 |
+ static bool rs_use_green(struct ieee80211_sta *sta) |
1024 |
+ { |
1025 |
+- struct iwl_station_priv *sta_priv = (void *)sta->drv_priv; |
1026 |
+- struct iwl_rxon_context *ctx = sta_priv->ctx; |
1027 |
+- |
1028 |
+- return (sta->ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD) && |
1029 |
+- !(ctx->ht.non_gf_sta_present); |
1030 |
++ /* |
1031 |
++ * There's a bug somewhere in this code that causes the |
1032 |
++ * scaling to get stuck because GF+SGI can't be combined |
1033 |
++ * in SISO rates. Until we find that bug, disable GF, it |
1034 |
++ * has only limited benefit and we still interoperate with |
1035 |
++ * GF APs since we can always receive GF transmissions. |
1036 |
++ */ |
1037 |
++ return false; |
1038 |
+ } |
1039 |
+ |
1040 |
+ /** |
1041 |
+diff --git a/drivers/net/wireless/rt2x00/rt61pci.c b/drivers/net/wireless/rt2x00/rt61pci.c |
1042 |
+index bf55b4a..d69f88c 100644 |
1043 |
+--- a/drivers/net/wireless/rt2x00/rt61pci.c |
1044 |
++++ b/drivers/net/wireless/rt2x00/rt61pci.c |
1045 |
+@@ -2243,8 +2243,7 @@ static void rt61pci_txdone(struct rt2x00_dev *rt2x00dev) |
1046 |
+ |
1047 |
+ static void rt61pci_wakeup(struct rt2x00_dev *rt2x00dev) |
1048 |
+ { |
1049 |
+- struct ieee80211_conf conf = { .flags = 0 }; |
1050 |
+- struct rt2x00lib_conf libconf = { .conf = &conf }; |
1051 |
++ struct rt2x00lib_conf libconf = { .conf = &rt2x00dev->hw->conf }; |
1052 |
+ |
1053 |
+ rt61pci_config(rt2x00dev, &libconf, IEEE80211_CONF_CHANGE_PS); |
1054 |
+ } |
1055 |
+diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c |
1056 |
+index db34db6..a49e848 100644 |
1057 |
+--- a/drivers/net/wireless/rtlwifi/usb.c |
1058 |
++++ b/drivers/net/wireless/rtlwifi/usb.c |
1059 |
+@@ -120,15 +120,19 @@ static u32 _usb_read_sync(struct rtl_priv *rtlpriv, u32 addr, u16 len) |
1060 |
+ u8 request; |
1061 |
+ u16 wvalue; |
1062 |
+ u16 index; |
1063 |
+- __le32 *data = &rtlpriv->usb_data[rtlpriv->usb_data_index]; |
1064 |
++ __le32 *data; |
1065 |
++ unsigned long flags; |
1066 |
+ |
1067 |
++ spin_lock_irqsave(&rtlpriv->locks.usb_lock, flags); |
1068 |
++ if (++rtlpriv->usb_data_index >= RTL_USB_MAX_RX_COUNT) |
1069 |
++ rtlpriv->usb_data_index = 0; |
1070 |
++ data = &rtlpriv->usb_data[rtlpriv->usb_data_index]; |
1071 |
++ spin_unlock_irqrestore(&rtlpriv->locks.usb_lock, flags); |
1072 |
+ request = REALTEK_USB_VENQT_CMD_REQ; |
1073 |
+ index = REALTEK_USB_VENQT_CMD_IDX; /* n/a */ |
1074 |
+ |
1075 |
+ wvalue = (u16)addr; |
1076 |
+ _usbctrl_vendorreq_sync_read(udev, request, wvalue, index, data, len); |
1077 |
+- if (++rtlpriv->usb_data_index >= RTL_USB_MAX_RX_COUNT) |
1078 |
+- rtlpriv->usb_data_index = 0; |
1079 |
+ return le32_to_cpu(*data); |
1080 |
+ } |
1081 |
+ |
1082 |
+@@ -909,6 +913,10 @@ int __devinit rtl_usb_probe(struct usb_interface *intf, |
1083 |
+ GFP_KERNEL); |
1084 |
+ if (!rtlpriv->usb_data) |
1085 |
+ return -ENOMEM; |
1086 |
++ |
1087 |
++ /* this spin lock must be initialized early */ |
1088 |
++ spin_lock_init(&rtlpriv->locks.usb_lock); |
1089 |
++ |
1090 |
+ rtlpriv->usb_data_index = 0; |
1091 |
+ SET_IEEE80211_DEV(hw, &intf->dev); |
1092 |
+ udev = interface_to_usbdev(intf); |
1093 |
+diff --git a/drivers/net/wireless/rtlwifi/wifi.h b/drivers/net/wireless/rtlwifi/wifi.h |
1094 |
+index b1e9deb..deb87e9 100644 |
1095 |
+--- a/drivers/net/wireless/rtlwifi/wifi.h |
1096 |
++++ b/drivers/net/wireless/rtlwifi/wifi.h |
1097 |
+@@ -1550,6 +1550,7 @@ struct rtl_locks { |
1098 |
+ spinlock_t rf_lock; |
1099 |
+ spinlock_t lps_lock; |
1100 |
+ spinlock_t waitq_lock; |
1101 |
++ spinlock_t usb_lock; |
1102 |
+ |
1103 |
+ /*Dual mac*/ |
1104 |
+ spinlock_t cck_and_rw_pagea_lock; |
1105 |
+diff --git a/fs/hfsplus/wrapper.c b/fs/hfsplus/wrapper.c |
1106 |
+index 7daf4b8..90effcc 100644 |
1107 |
+--- a/fs/hfsplus/wrapper.c |
1108 |
++++ b/fs/hfsplus/wrapper.c |
1109 |
+@@ -56,7 +56,7 @@ int hfsplus_submit_bio(struct super_block *sb, sector_t sector, |
1110 |
+ DECLARE_COMPLETION_ONSTACK(wait); |
1111 |
+ struct bio *bio; |
1112 |
+ int ret = 0; |
1113 |
+- unsigned int io_size; |
1114 |
++ u64 io_size; |
1115 |
+ loff_t start; |
1116 |
+ int offset; |
1117 |
+ |
1118 |
+diff --git a/include/linux/input/eeti_ts.h b/include/linux/input/eeti_ts.h |
1119 |
+index f875b31..16625d7 100644 |
1120 |
+--- a/include/linux/input/eeti_ts.h |
1121 |
++++ b/include/linux/input/eeti_ts.h |
1122 |
+@@ -2,6 +2,7 @@ |
1123 |
+ #define LINUX_INPUT_EETI_TS_H |
1124 |
+ |
1125 |
+ struct eeti_ts_platform_data { |
1126 |
++ int irq_gpio; |
1127 |
+ unsigned int irq_active_high; |
1128 |
+ }; |
1129 |
+ |
1130 |
+diff --git a/include/linux/mfd/ezx-pcap.h b/include/linux/mfd/ezx-pcap.h |
1131 |
+index 40c37216..32a1b5c 100644 |
1132 |
+--- a/include/linux/mfd/ezx-pcap.h |
1133 |
++++ b/include/linux/mfd/ezx-pcap.h |
1134 |
+@@ -16,6 +16,7 @@ struct pcap_subdev { |
1135 |
+ struct pcap_platform_data { |
1136 |
+ unsigned int irq_base; |
1137 |
+ unsigned int config; |
1138 |
++ int gpio; |
1139 |
+ void (*init) (void *); /* board specific init */ |
1140 |
+ int num_subdevs; |
1141 |
+ struct pcap_subdev *subdevs; |
1142 |
+diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c |
1143 |
+index 68223e4..4e9115d 100644 |
1144 |
+--- a/net/caif/caif_dev.c |
1145 |
++++ b/net/caif/caif_dev.c |
1146 |
+@@ -428,9 +428,9 @@ static int __init caif_device_init(void) |
1147 |
+ |
1148 |
+ static void __exit caif_device_exit(void) |
1149 |
+ { |
1150 |
+- unregister_pernet_subsys(&caif_net_ops); |
1151 |
+ unregister_netdevice_notifier(&caif_device_notifier); |
1152 |
+ dev_remove_pack(&caif_packet_type); |
1153 |
++ unregister_pernet_subsys(&caif_net_ops); |
1154 |
+ } |
1155 |
+ |
1156 |
+ module_init(caif_device_init); |
1157 |
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
1158 |
+index 05842ab..0cf604b 100644 |
1159 |
+--- a/net/core/rtnetlink.c |
1160 |
++++ b/net/core/rtnetlink.c |
1161 |
+@@ -670,6 +670,12 @@ static void set_operstate(struct net_device *dev, unsigned char transition) |
1162 |
+ } |
1163 |
+ } |
1164 |
+ |
1165 |
++static unsigned int rtnl_dev_get_flags(const struct net_device *dev) |
1166 |
++{ |
1167 |
++ return (dev->flags & ~(IFF_PROMISC | IFF_ALLMULTI)) | |
1168 |
++ (dev->gflags & (IFF_PROMISC | IFF_ALLMULTI)); |
1169 |
++} |
1170 |
++ |
1171 |
+ static unsigned int rtnl_dev_combine_flags(const struct net_device *dev, |
1172 |
+ const struct ifinfomsg *ifm) |
1173 |
+ { |
1174 |
+@@ -678,7 +684,7 @@ static unsigned int rtnl_dev_combine_flags(const struct net_device *dev, |
1175 |
+ /* bugwards compatibility: ifi_change == 0 is treated as ~0 */ |
1176 |
+ if (ifm->ifi_change) |
1177 |
+ flags = (flags & ifm->ifi_change) | |
1178 |
+- (dev->flags & ~ifm->ifi_change); |
1179 |
++ (rtnl_dev_get_flags(dev) & ~ifm->ifi_change); |
1180 |
+ |
1181 |
+ return flags; |
1182 |
+ } |
1183 |
+diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c |
1184 |
+index 86f3b88..afaa735 100644 |
1185 |
+--- a/net/ipv4/cipso_ipv4.c |
1186 |
++++ b/net/ipv4/cipso_ipv4.c |
1187 |
+@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) |
1188 |
+ case CIPSO_V4_TAG_LOCAL: |
1189 |
+ /* This is a non-standard tag that we only allow for |
1190 |
+ * local connections, so if the incoming interface is |
1191 |
+- * not the loopback device drop the packet. */ |
1192 |
+- if (!(skb->dev->flags & IFF_LOOPBACK)) { |
1193 |
++ * not the loopback device drop the packet. Further, |
1194 |
++ * there is no legitimate reason for setting this from |
1195 |
++ * userspace so reject it if skb is NULL. */ |
1196 |
++ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) { |
1197 |
+ err_offset = opt_iter; |
1198 |
+ goto validate_return_locked; |
1199 |
+ } |
1200 |
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c |
1201 |
+index 11ba922..ad466a7 100644 |
1202 |
+--- a/net/ipv4/tcp.c |
1203 |
++++ b/net/ipv4/tcp.c |
1204 |
+@@ -2391,7 +2391,10 @@ static int do_tcp_setsockopt(struct sock *sk, int level, |
1205 |
+ /* Cap the max timeout in ms TCP will retry/retrans |
1206 |
+ * before giving up and aborting (ETIMEDOUT) a connection. |
1207 |
+ */ |
1208 |
+- icsk->icsk_user_timeout = msecs_to_jiffies(val); |
1209 |
++ if (val < 0) |
1210 |
++ err = -EINVAL; |
1211 |
++ else |
1212 |
++ icsk->icsk_user_timeout = msecs_to_jiffies(val); |
1213 |
+ break; |
1214 |
+ default: |
1215 |
+ err = -ENOPROTOOPT; |
1216 |
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
1217 |
+index 32e6ca2..a08a621 100644 |
1218 |
+--- a/net/ipv4/tcp_input.c |
1219 |
++++ b/net/ipv4/tcp_input.c |
1220 |
+@@ -5415,7 +5415,9 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb, |
1221 |
+ if (tp->copied_seq == tp->rcv_nxt && |
1222 |
+ len - tcp_header_len <= tp->ucopy.len) { |
1223 |
+ #ifdef CONFIG_NET_DMA |
1224 |
+- if (tcp_dma_try_early_copy(sk, skb, tcp_header_len)) { |
1225 |
++ if (tp->ucopy.task == current && |
1226 |
++ sock_owned_by_user(sk) && |
1227 |
++ tcp_dma_try_early_copy(sk, skb, tcp_header_len)) { |
1228 |
+ copied_early = 1; |
1229 |
+ eaten = 1; |
1230 |
+ } |
1231 |
+diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c |
1232 |
+index a7078fd..f85de8e 100644 |
1233 |
+--- a/net/mac80211/mesh.c |
1234 |
++++ b/net/mac80211/mesh.c |
1235 |
+@@ -543,6 +543,7 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) |
1236 |
+ |
1237 |
+ del_timer_sync(&sdata->u.mesh.housekeeping_timer); |
1238 |
+ del_timer_sync(&sdata->u.mesh.mesh_path_root_timer); |
1239 |
++ del_timer_sync(&sdata->u.mesh.mesh_path_timer); |
1240 |
+ /* |
1241 |
+ * If the timer fired while we waited for it, it will have |
1242 |
+ * requeued the work. Now the work will be running again |
1243 |
+diff --git a/net/sched/sch_sfb.c b/net/sched/sch_sfb.c |
1244 |
+index 17859ea..351a69b 100644 |
1245 |
+--- a/net/sched/sch_sfb.c |
1246 |
++++ b/net/sched/sch_sfb.c |
1247 |
+@@ -559,6 +559,8 @@ static int sfb_dump(struct Qdisc *sch, struct sk_buff *skb) |
1248 |
+ |
1249 |
+ sch->qstats.backlog = q->qdisc->qstats.backlog; |
1250 |
+ opts = nla_nest_start(skb, TCA_OPTIONS); |
1251 |
++ if (opts == NULL) |
1252 |
++ goto nla_put_failure; |
1253 |
+ NLA_PUT(skb, TCA_SFB_PARMS, sizeof(opt), &opt); |
1254 |
+ return nla_nest_end(skb, opts); |
1255 |
+ |
1256 |
+diff --git a/net/sctp/input.c b/net/sctp/input.c |
1257 |
+index b7692aa..0fc18c7 100644 |
1258 |
+--- a/net/sctp/input.c |
1259 |
++++ b/net/sctp/input.c |
1260 |
+@@ -736,15 +736,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) |
1261 |
+ |
1262 |
+ epb = &ep->base; |
1263 |
+ |
1264 |
+- if (hlist_unhashed(&epb->node)) |
1265 |
+- return; |
1266 |
+- |
1267 |
+ epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); |
1268 |
+ |
1269 |
+ head = &sctp_ep_hashtable[epb->hashent]; |
1270 |
+ |
1271 |
+ sctp_write_lock(&head->lock); |
1272 |
+- __hlist_del(&epb->node); |
1273 |
++ hlist_del_init(&epb->node); |
1274 |
+ sctp_write_unlock(&head->lock); |
1275 |
+ } |
1276 |
+ |
1277 |
+@@ -825,7 +822,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc) |
1278 |
+ head = &sctp_assoc_hashtable[epb->hashent]; |
1279 |
+ |
1280 |
+ sctp_write_lock(&head->lock); |
1281 |
+- __hlist_del(&epb->node); |
1282 |
++ hlist_del_init(&epb->node); |
1283 |
+ sctp_write_unlock(&head->lock); |
1284 |
+ } |
1285 |
+ |
1286 |
+diff --git a/net/sctp/socket.c b/net/sctp/socket.c |
1287 |
+index 0075554..8e49d76 100644 |
1288 |
+--- a/net/sctp/socket.c |
1289 |
++++ b/net/sctp/socket.c |
1290 |
+@@ -1231,8 +1231,14 @@ out_free: |
1291 |
+ SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p" |
1292 |
+ " kaddrs: %p err: %d\n", |
1293 |
+ asoc, kaddrs, err); |
1294 |
+- if (asoc) |
1295 |
++ if (asoc) { |
1296 |
++ /* sctp_primitive_ASSOCIATE may have added this association |
1297 |
++ * To the hash table, try to unhash it, just in case, its a noop |
1298 |
++ * if it wasn't hashed so we're safe |
1299 |
++ */ |
1300 |
++ sctp_unhash_established(asoc); |
1301 |
+ sctp_association_free(asoc); |
1302 |
++ } |
1303 |
+ return err; |
1304 |
+ } |
1305 |
+ |
1306 |
+@@ -1942,8 +1948,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, |
1307 |
+ goto out_unlock; |
1308 |
+ |
1309 |
+ out_free: |
1310 |
+- if (new_asoc) |
1311 |
++ if (new_asoc) { |
1312 |
++ sctp_unhash_established(asoc); |
1313 |
+ sctp_association_free(asoc); |
1314 |
++ } |
1315 |
+ out_unlock: |
1316 |
+ sctp_release_sock(sk); |
1317 |
+ |
1318 |
+diff --git a/net/wanrouter/wanmain.c b/net/wanrouter/wanmain.c |
1319 |
+index 788a12c..2ab7850 100644 |
1320 |
+--- a/net/wanrouter/wanmain.c |
1321 |
++++ b/net/wanrouter/wanmain.c |
1322 |
+@@ -602,36 +602,31 @@ static int wanrouter_device_new_if(struct wan_device *wandev, |
1323 |
+ * successfully, add it to the interface list. |
1324 |
+ */ |
1325 |
+ |
1326 |
+- if (dev->name == NULL) { |
1327 |
+- err = -EINVAL; |
1328 |
+- } else { |
1329 |
++#ifdef WANDEBUG |
1330 |
++ printk(KERN_INFO "%s: registering interface %s...\n", |
1331 |
++ wanrouter_modname, dev->name); |
1332 |
++#endif |
1333 |
+ |
1334 |
+- #ifdef WANDEBUG |
1335 |
+- printk(KERN_INFO "%s: registering interface %s...\n", |
1336 |
+- wanrouter_modname, dev->name); |
1337 |
+- #endif |
1338 |
+- |
1339 |
+- err = register_netdev(dev); |
1340 |
+- if (!err) { |
1341 |
+- struct net_device *slave = NULL; |
1342 |
+- unsigned long smp_flags=0; |
1343 |
+- |
1344 |
+- lock_adapter_irq(&wandev->lock, &smp_flags); |
1345 |
+- |
1346 |
+- if (wandev->dev == NULL) { |
1347 |
+- wandev->dev = dev; |
1348 |
+- } else { |
1349 |
+- for (slave=wandev->dev; |
1350 |
+- DEV_TO_SLAVE(slave); |
1351 |
+- slave = DEV_TO_SLAVE(slave)) |
1352 |
+- DEV_TO_SLAVE(slave) = dev; |
1353 |
+- } |
1354 |
+- ++wandev->ndev; |
1355 |
+- |
1356 |
+- unlock_adapter_irq(&wandev->lock, &smp_flags); |
1357 |
+- err = 0; /* done !!! */ |
1358 |
+- goto out; |
1359 |
++ err = register_netdev(dev); |
1360 |
++ if (!err) { |
1361 |
++ struct net_device *slave = NULL; |
1362 |
++ unsigned long smp_flags=0; |
1363 |
++ |
1364 |
++ lock_adapter_irq(&wandev->lock, &smp_flags); |
1365 |
++ |
1366 |
++ if (wandev->dev == NULL) { |
1367 |
++ wandev->dev = dev; |
1368 |
++ } else { |
1369 |
++ for (slave=wandev->dev; |
1370 |
++ DEV_TO_SLAVE(slave); |
1371 |
++ slave = DEV_TO_SLAVE(slave)) |
1372 |
++ DEV_TO_SLAVE(slave) = dev; |
1373 |
+ } |
1374 |
++ ++wandev->ndev; |
1375 |
++ |
1376 |
++ unlock_adapter_irq(&wandev->lock, &smp_flags); |
1377 |
++ err = 0; /* done !!! */ |
1378 |
++ goto out; |
1379 |
+ } |
1380 |
+ if (wandev->del_if) |
1381 |
+ wandev->del_if(wandev, dev); |
1382 |
+diff --git a/net/wireless/core.c b/net/wireless/core.c |
1383 |
+index 220f3bd..8f5042d 100644 |
1384 |
+--- a/net/wireless/core.c |
1385 |
++++ b/net/wireless/core.c |
1386 |
+@@ -971,6 +971,11 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb, |
1387 |
+ */ |
1388 |
+ synchronize_rcu(); |
1389 |
+ INIT_LIST_HEAD(&wdev->list); |
1390 |
++ /* |
1391 |
++ * Ensure that all events have been processed and |
1392 |
++ * freed. |
1393 |
++ */ |
1394 |
++ cfg80211_process_wdev_events(wdev); |
1395 |
+ break; |
1396 |
+ case NETDEV_PRE_UP: |
1397 |
+ if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype))) |
1398 |
+diff --git a/net/wireless/core.h b/net/wireless/core.h |
1399 |
+index b9ec306..02c3be3 100644 |
1400 |
+--- a/net/wireless/core.h |
1401 |
++++ b/net/wireless/core.h |
1402 |
+@@ -426,6 +426,7 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev, |
1403 |
+ struct net_device *dev, enum nl80211_iftype ntype, |
1404 |
+ u32 *flags, struct vif_params *params); |
1405 |
+ void cfg80211_process_rdev_events(struct cfg80211_registered_device *rdev); |
1406 |
++void cfg80211_process_wdev_events(struct wireless_dev *wdev); |
1407 |
+ |
1408 |
+ int cfg80211_can_change_interface(struct cfg80211_registered_device *rdev, |
1409 |
+ struct wireless_dev *wdev, |
1410 |
+diff --git a/net/wireless/util.c b/net/wireless/util.c |
1411 |
+index b5e4c1c..22fb802 100644 |
1412 |
+--- a/net/wireless/util.c |
1413 |
++++ b/net/wireless/util.c |
1414 |
+@@ -725,7 +725,7 @@ void cfg80211_upload_connect_keys(struct wireless_dev *wdev) |
1415 |
+ wdev->connect_keys = NULL; |
1416 |
+ } |
1417 |
+ |
1418 |
+-static void cfg80211_process_wdev_events(struct wireless_dev *wdev) |
1419 |
++void cfg80211_process_wdev_events(struct wireless_dev *wdev) |
1420 |
+ { |
1421 |
+ struct cfg80211_event *ev; |
1422 |
+ unsigned long flags; |
1423 |
+diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c |
1424 |
+index 51a1afc..402f330 100644 |
1425 |
+--- a/sound/pci/hda/patch_conexant.c |
1426 |
++++ b/sound/pci/hda/patch_conexant.c |
1427 |
+@@ -3059,7 +3059,6 @@ static const struct snd_pci_quirk cxt5066_cfg_tbl[] = { |
1428 |
+ SND_PCI_QUIRK(0x1028, 0x02d8, "Dell Vostro", CXT5066_DELL_VOSTRO), |
1429 |
+ SND_PCI_QUIRK(0x1028, 0x02f5, "Dell Vostro 320", CXT5066_IDEAPAD), |
1430 |
+ SND_PCI_QUIRK(0x1028, 0x0401, "Dell Vostro 1014", CXT5066_DELL_VOSTRO), |
1431 |
+- SND_PCI_QUIRK(0x1028, 0x0402, "Dell Vostro", CXT5066_DELL_VOSTRO), |
1432 |
+ SND_PCI_QUIRK(0x1028, 0x0408, "Dell Inspiron One 19T", CXT5066_IDEAPAD), |
1433 |
+ SND_PCI_QUIRK(0x1028, 0x050f, "Dell Inspiron", CXT5066_IDEAPAD), |
1434 |
+ SND_PCI_QUIRK(0x1028, 0x0510, "Dell Vostro", CXT5066_IDEAPAD), |
1435 |
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
1436 |
+index 2e2eb93..32c8169 100644 |
1437 |
+--- a/sound/pci/hda/patch_realtek.c |
1438 |
++++ b/sound/pci/hda/patch_realtek.c |
1439 |
+@@ -4981,6 +4981,8 @@ static const struct alc_fixup alc269_fixups[] = { |
1440 |
+ [ALC269_FIXUP_PCM_44K] = { |
1441 |
+ .type = ALC_FIXUP_FUNC, |
1442 |
+ .v.func = alc269_fixup_pcm_44k, |
1443 |
++ .chained = true, |
1444 |
++ .chain_id = ALC269_FIXUP_QUANTA_MUTE |
1445 |
+ }, |
1446 |
+ [ALC269_FIXUP_STEREO_DMIC] = { |
1447 |
+ .type = ALC_FIXUP_FUNC, |
1448 |
+@@ -5077,9 +5079,10 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
1449 |
+ SND_PCI_QUIRK(0x17aa, 0x21ca, "Thinkpad L412", ALC269_FIXUP_SKU_IGNORE), |
1450 |
+ SND_PCI_QUIRK(0x17aa, 0x21e9, "Thinkpad Edge 15", ALC269_FIXUP_SKU_IGNORE), |
1451 |
+ SND_PCI_QUIRK(0x17aa, 0x21f6, "Thinkpad T530", ALC269_FIXUP_LENOVO_DOCK), |
1452 |
++ SND_PCI_QUIRK(0x17aa, 0x21fa, "Thinkpad X230", ALC269_FIXUP_LENOVO_DOCK), |
1453 |
++ SND_PCI_QUIRK(0x17aa, 0x21fb, "Thinkpad T430s", ALC269_FIXUP_LENOVO_DOCK), |
1454 |
+ SND_PCI_QUIRK(0x17aa, 0x2203, "Thinkpad X230 Tablet", ALC269_FIXUP_LENOVO_DOCK), |
1455 |
+- SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_QUANTA_MUTE), |
1456 |
+- SND_PCI_QUIRK(0x17aa, 0x3bf8, "Lenovo Ideapd", ALC269_FIXUP_PCM_44K), |
1457 |
++ SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_PCM_44K), |
1458 |
+ SND_PCI_QUIRK(0x17aa, 0x9e54, "LENOVO NB", ALC269_FIXUP_LENOVO_EAPD), |
1459 |
+ |
1460 |
+ #if 1 |
1461 |
|
1462 |
diff --git a/3.2.27/4420_grsecurity-2.9.1-3.2.27-201208201521.patch b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208222030.patch |
1463 |
similarity index 99% |
1464 |
rename from 3.2.27/4420_grsecurity-2.9.1-3.2.27-201208201521.patch |
1465 |
rename to 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208222030.patch |
1466 |
index 7be4f7e..0f3c55e 100644 |
1467 |
--- a/3.2.27/4420_grsecurity-2.9.1-3.2.27-201208201521.patch |
1468 |
+++ b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208222030.patch |
1469 |
@@ -245,7 +245,7 @@ index 88fd7f5..b318a78 100644 |
1470 |
============================================================== |
1471 |
|
1472 |
diff --git a/Makefile b/Makefile |
1473 |
-index bdf851f..c020e9d 100644 |
1474 |
+index 5368961..3fed4d4 100644 |
1475 |
--- a/Makefile |
1476 |
+++ b/Makefile |
1477 |
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
1478 |
@@ -20547,7 +20547,7 @@ index 94a4672..5c6b853 100644 |
1479 |
|
1480 |
local_irq_disable(); |
1481 |
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
1482 |
-index 7315488..187fb78 100644 |
1483 |
+index 407789b..942f6a6 100644 |
1484 |
--- a/arch/x86/kvm/vmx.c |
1485 |
+++ b/arch/x86/kvm/vmx.c |
1486 |
@@ -1305,7 +1305,11 @@ static void reload_tss(void) |
1487 |
@@ -20562,7 +20562,7 @@ index 7315488..187fb78 100644 |
1488 |
load_TR_desc(); |
1489 |
} |
1490 |
|
1491 |
-@@ -2633,8 +2637,11 @@ static __init int hardware_setup(void) |
1492 |
+@@ -2634,8 +2638,11 @@ static __init int hardware_setup(void) |
1493 |
if (!cpu_has_vmx_flexpriority()) |
1494 |
flexpriority_enabled = 0; |
1495 |
|
1496 |
@@ -20576,7 +20576,7 @@ index 7315488..187fb78 100644 |
1497 |
|
1498 |
if (enable_ept && !cpu_has_vmx_ept_2m_page()) |
1499 |
kvm_disable_largepages(); |
1500 |
-@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void) |
1501 |
+@@ -3649,7 +3656,7 @@ static void vmx_set_constant_host_state(void) |
1502 |
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ |
1503 |
|
1504 |
asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); |
1505 |
@@ -20585,7 +20585,7 @@ index 7315488..187fb78 100644 |
1506 |
|
1507 |
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); |
1508 |
vmcs_write32(HOST_IA32_SYSENTER_CS, low32); |
1509 |
-@@ -6171,6 +6178,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
1510 |
+@@ -6172,6 +6179,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
1511 |
"jmp .Lkvm_vmx_return \n\t" |
1512 |
".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" |
1513 |
".Lkvm_vmx_return: " |
1514 |
@@ -20598,7 +20598,7 @@ index 7315488..187fb78 100644 |
1515 |
/* Save guest registers, load host registers, keep flags */ |
1516 |
"mov %0, %c[wordsize](%%"R"sp) \n\t" |
1517 |
"pop %0 \n\t" |
1518 |
-@@ -6219,6 +6232,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
1519 |
+@@ -6220,6 +6233,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
1520 |
#endif |
1521 |
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), |
1522 |
[wordsize]"i"(sizeof(ulong)) |
1523 |
@@ -20610,7 +20610,7 @@ index 7315488..187fb78 100644 |
1524 |
: "cc", "memory" |
1525 |
, R"ax", R"bx", R"di", R"si" |
1526 |
#ifdef CONFIG_X86_64 |
1527 |
-@@ -6247,7 +6265,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
1528 |
+@@ -6248,7 +6266,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
1529 |
} |
1530 |
} |
1531 |
|
1532 |
@@ -30926,7 +30926,7 @@ index ca67338..0003ba7 100644 |
1533 |
return can_switch; |
1534 |
} |
1535 |
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h |
1536 |
-index d62c731..89d435b 100644 |
1537 |
+index c364358..317c8de 100644 |
1538 |
--- a/drivers/gpu/drm/i915/i915_drv.h |
1539 |
+++ b/drivers/gpu/drm/i915/i915_drv.h |
1540 |
@@ -229,7 +229,7 @@ struct drm_i915_display_funcs { |
1541 |
@@ -30956,7 +30956,7 @@ index d62c731..89d435b 100644 |
1542 |
}; |
1543 |
|
1544 |
#define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) |
1545 |
-@@ -1276,7 +1276,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); |
1546 |
+@@ -1271,7 +1271,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); |
1547 |
extern void intel_teardown_gmbus(struct drm_device *dev); |
1548 |
extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); |
1549 |
extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); |
1550 |
@@ -35401,7 +35401,7 @@ index e1159e5..e18684d 100644 |
1551 |
/* Set media type */ |
1552 |
switch (adapter->pdev->device) { |
1553 |
diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c |
1554 |
-index 3072d35..a0f4827 100644 |
1555 |
+index 4f4d52a..2317bbc 100644 |
1556 |
--- a/drivers/net/ethernet/intel/e1000e/82571.c |
1557 |
+++ b/drivers/net/ethernet/intel/e1000e/82571.c |
1558 |
@@ -239,7 +239,7 @@ static s32 e1000_init_mac_params_82571(struct e1000_adapter *adapter) |
1559 |
@@ -35929,7 +35929,7 @@ index 46db5c5..37c1536 100644 |
1560 |
err = platform_driver_register(&sk_isa_driver); |
1561 |
if (err) |
1562 |
diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
1563 |
-index 7bea9c6..7ef073c 100644 |
1564 |
+index a12c9bf..3b1862d 100644 |
1565 |
--- a/drivers/net/tun.c |
1566 |
+++ b/drivers/net/tun.c |
1567 |
@@ -359,7 +359,7 @@ static void tun_free_netdev(struct net_device *dev) |
1568 |
@@ -36314,10 +36314,10 @@ index f5ae3c6..7936af3 100644 |
1569 |
|
1570 |
static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) |
1571 |
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h |
1572 |
-index 1bd8edf..10c6d30 100644 |
1573 |
+index a5c4ba8..a2cea02 100644 |
1574 |
--- a/drivers/net/wireless/ath/ath9k/hw.h |
1575 |
+++ b/drivers/net/wireless/ath/ath9k/hw.h |
1576 |
-@@ -605,7 +605,7 @@ struct ath_hw_private_ops { |
1577 |
+@@ -606,7 +606,7 @@ struct ath_hw_private_ops { |
1578 |
|
1579 |
/* ANI */ |
1580 |
void (*ani_cache_ini_regs)(struct ath_hw *ah); |
1581 |
@@ -36326,7 +36326,7 @@ index 1bd8edf..10c6d30 100644 |
1582 |
|
1583 |
/** |
1584 |
* struct ath_hw_ops - callbacks used by hardware code and driver code |
1585 |
-@@ -635,7 +635,7 @@ struct ath_hw_ops { |
1586 |
+@@ -636,7 +636,7 @@ struct ath_hw_ops { |
1587 |
void (*antdiv_comb_conf_set)(struct ath_hw *ah, |
1588 |
struct ath_hw_antcomb_conf *antconf); |
1589 |
|
1590 |
@@ -36335,7 +36335,7 @@ index 1bd8edf..10c6d30 100644 |
1591 |
|
1592 |
struct ath_nf_limits { |
1593 |
s16 max; |
1594 |
-@@ -655,7 +655,7 @@ enum ath_cal_list { |
1595 |
+@@ -656,7 +656,7 @@ enum ath_cal_list { |
1596 |
#define AH_FASTCC 0x4 |
1597 |
|
1598 |
struct ath_hw { |
1599 |
@@ -44230,7 +44230,7 @@ index 6901578..d402eb5 100644 |
1600 |
|
1601 |
return hit; |
1602 |
diff --git a/fs/compat.c b/fs/compat.c |
1603 |
-index c987875..08771ca 100644 |
1604 |
+index c987875..1b4dfbb 100644 |
1605 |
--- a/fs/compat.c |
1606 |
+++ b/fs/compat.c |
1607 |
@@ -132,8 +132,8 @@ asmlinkage long compat_sys_utimes(const char __user *filename, struct compat_tim |
1608 |
@@ -44351,6 +44351,38 @@ index c987875..08771ca 100644 |
1609 |
if (__put_user_unaligned(d_off, &lastdirent->d_off)) |
1610 |
error = -EFAULT; |
1611 |
else |
1612 |
+@@ -1174,11 +1192,14 @@ compat_sys_readv(unsigned long fd, const struct compat_iovec __user *vec, |
1613 |
+ struct file *file; |
1614 |
+ int fput_needed; |
1615 |
+ ssize_t ret; |
1616 |
++ loff_t pos; |
1617 |
+ |
1618 |
+ file = fget_light(fd, &fput_needed); |
1619 |
+ if (!file) |
1620 |
+ return -EBADF; |
1621 |
+- ret = compat_readv(file, vec, vlen, &file->f_pos); |
1622 |
++ pos = file->f_pos; |
1623 |
++ ret = compat_readv(file, vec, vlen, &pos); |
1624 |
++ file->f_pos = pos; |
1625 |
+ fput_light(file, fput_needed); |
1626 |
+ return ret; |
1627 |
+ } |
1628 |
+@@ -1233,11 +1254,14 @@ compat_sys_writev(unsigned long fd, const struct compat_iovec __user *vec, |
1629 |
+ struct file *file; |
1630 |
+ int fput_needed; |
1631 |
+ ssize_t ret; |
1632 |
++ loff_t pos; |
1633 |
+ |
1634 |
+ file = fget_light(fd, &fput_needed); |
1635 |
+ if (!file) |
1636 |
+ return -EBADF; |
1637 |
+- ret = compat_writev(file, vec, vlen, &file->f_pos); |
1638 |
++ pos = file->f_pos; |
1639 |
++ ret = compat_writev(file, vec, vlen, &pos); |
1640 |
++ file->f_pos = pos; |
1641 |
+ fput_light(file, fput_needed); |
1642 |
+ return ret; |
1643 |
+ } |
1644 |
diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c |
1645 |
index 112e45a..b59845b 100644 |
1646 |
--- a/fs/compat_binfmt_elf.c |
1647 |
@@ -65631,6 +65663,23 @@ index d786b4f..4c3dd41 100644 |
1648 |
|
1649 |
#ifdef CONFIG_IP_MROUTE |
1650 |
#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES |
1651 |
+diff --git a/include/net/scm.h b/include/net/scm.h |
1652 |
+index d456f4c..0c0017c 100644 |
1653 |
+--- a/include/net/scm.h |
1654 |
++++ b/include/net/scm.h |
1655 |
+@@ -71,9 +71,11 @@ static __inline__ void scm_destroy(struct scm_cookie *scm) |
1656 |
+ } |
1657 |
+ |
1658 |
+ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, |
1659 |
+- struct scm_cookie *scm) |
1660 |
++ struct scm_cookie *scm, bool forcecreds) |
1661 |
+ { |
1662 |
+ memset(scm, 0, sizeof(*scm)); |
1663 |
++ if (forcecreds) |
1664 |
++ scm_set_cred(scm, task_tgid(current), current_cred()); |
1665 |
+ unix_get_peersec_dgram(sock, scm); |
1666 |
+ if (msg->msg_controllen <= 0) |
1667 |
+ return 0; |
1668 |
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h |
1669 |
index ad03988..0c5a964 100644 |
1670 |
--- a/include/net/sctp/sctp.h |
1671 |
@@ -76308,6 +76357,18 @@ index f41f026..fe76ea8 100644 |
1672 |
__SONET_ITEMS |
1673 |
#undef __HANDLE_ITEM |
1674 |
} |
1675 |
+diff --git a/net/atm/common.c b/net/atm/common.c |
1676 |
+index 14ff9fe..0ca06e8 100644 |
1677 |
+--- a/net/atm/common.c |
1678 |
++++ b/net/atm/common.c |
1679 |
+@@ -784,6 +784,7 @@ int vcc_getsockopt(struct socket *sock, int level, int optname, |
1680 |
+ |
1681 |
+ if (!vcc->dev || !test_bit(ATM_VF_ADDR, &vcc->flags)) |
1682 |
+ return -ENOTCONN; |
1683 |
++ memset(&pvc, 0, sizeof(pvc)); |
1684 |
+ pvc.sap_family = AF_ATMPVC; |
1685 |
+ pvc.sap_addr.itf = vcc->dev->number; |
1686 |
+ pvc.sap_addr.vpi = vcc->vpi; |
1687 |
diff --git a/net/atm/lec.h b/net/atm/lec.h |
1688 |
index dfc0719..47c5322 100644 |
1689 |
--- a/net/atm/lec.h |
1690 |
@@ -76351,6 +76412,18 @@ index 0d020de..011c7bb 100644 |
1691 |
} |
1692 |
|
1693 |
static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev) |
1694 |
+diff --git a/net/atm/pvc.c b/net/atm/pvc.c |
1695 |
+index 3a73491..ae03240 100644 |
1696 |
+--- a/net/atm/pvc.c |
1697 |
++++ b/net/atm/pvc.c |
1698 |
+@@ -95,6 +95,7 @@ static int pvc_getname(struct socket *sock, struct sockaddr *sockaddr, |
1699 |
+ return -ENOTCONN; |
1700 |
+ *sockaddr_len = sizeof(struct sockaddr_atmpvc); |
1701 |
+ addr = (struct sockaddr_atmpvc *)sockaddr; |
1702 |
++ memset(addr, 0, sizeof(*addr)); |
1703 |
+ addr->sap_family = AF_ATMPVC; |
1704 |
+ addr->sap_addr.itf = vcc->dev->number; |
1705 |
+ addr->sap_addr.vpi = vcc->vpi; |
1706 |
diff --git a/net/atm/resources.c b/net/atm/resources.c |
1707 |
index 23f45ce..c748f1a 100644 |
1708 |
--- a/net/atm/resources.c |
1709 |
@@ -76491,6 +76564,26 @@ index 98bfbd5..47ccdd6 100644 |
1710 |
|
1711 |
hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); |
1712 |
} |
1713 |
+diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c |
1714 |
+index f6afe3d..8361ee4 100644 |
1715 |
+--- a/net/bluetooth/hci_sock.c |
1716 |
++++ b/net/bluetooth/hci_sock.c |
1717 |
+@@ -388,6 +388,7 @@ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *add |
1718 |
+ *addr_len = sizeof(*haddr); |
1719 |
+ haddr->hci_family = AF_BLUETOOTH; |
1720 |
+ haddr->hci_dev = hdev->id; |
1721 |
++ haddr->hci_channel= 0; |
1722 |
+ |
1723 |
+ release_sock(sk); |
1724 |
+ return 0; |
1725 |
+@@ -671,6 +672,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char |
1726 |
+ { |
1727 |
+ struct hci_filter *f = &hci_pi(sk)->filter; |
1728 |
+ |
1729 |
++ memset(&uf, 0, sizeof(uf)); |
1730 |
+ uf.type_mask = f->type_mask; |
1731 |
+ uf.opcode = f->opcode; |
1732 |
+ uf.event_mask[0] = *((u32 *) f->event_mask + 0); |
1733 |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c |
1734 |
index 17b5b1c..826d872 100644 |
1735 |
--- a/net/bluetooth/l2cap_core.c |
1736 |
@@ -76521,6 +76614,51 @@ index 17b5b1c..826d872 100644 |
1737 |
goto done; |
1738 |
} |
1739 |
} |
1740 |
+diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c |
1741 |
+index 5c406d3..6dedd6f 100644 |
1742 |
+--- a/net/bluetooth/l2cap_sock.c |
1743 |
++++ b/net/bluetooth/l2cap_sock.c |
1744 |
+@@ -293,6 +293,7 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l |
1745 |
+ |
1746 |
+ BT_DBG("sock %p, sk %p", sock, sk); |
1747 |
+ |
1748 |
++ memset(la, 0, sizeof(struct sockaddr_l2)); |
1749 |
+ addr->sa_family = AF_BLUETOOTH; |
1750 |
+ *len = sizeof(struct sockaddr_l2); |
1751 |
+ |
1752 |
+diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c |
1753 |
+index 5417f61..7ee4ead 100644 |
1754 |
+--- a/net/bluetooth/rfcomm/sock.c |
1755 |
++++ b/net/bluetooth/rfcomm/sock.c |
1756 |
+@@ -547,6 +547,7 @@ static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int * |
1757 |
+ |
1758 |
+ BT_DBG("sock %p, sk %p", sock, sk); |
1759 |
+ |
1760 |
++ memset(sa, 0, sizeof(*sa)); |
1761 |
+ sa->rc_family = AF_BLUETOOTH; |
1762 |
+ sa->rc_channel = rfcomm_pi(sk)->channel; |
1763 |
+ if (peer) |
1764 |
+@@ -835,6 +836,7 @@ static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, c |
1765 |
+ } |
1766 |
+ |
1767 |
+ sec.level = rfcomm_pi(sk)->sec_level; |
1768 |
++ sec.key_size = 0; |
1769 |
+ |
1770 |
+ len = min_t(unsigned int, len, sizeof(sec)); |
1771 |
+ if (copy_to_user(optval, (char *) &sec, len)) |
1772 |
+diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c |
1773 |
+index c258796..bc1eb56 100644 |
1774 |
+--- a/net/bluetooth/rfcomm/tty.c |
1775 |
++++ b/net/bluetooth/rfcomm/tty.c |
1776 |
+@@ -471,7 +471,7 @@ static int rfcomm_get_dev_list(void __user *arg) |
1777 |
+ |
1778 |
+ size = sizeof(*dl) + dev_num * sizeof(*di); |
1779 |
+ |
1780 |
+- dl = kmalloc(size, GFP_KERNEL); |
1781 |
++ dl = kzalloc(size, GFP_KERNEL); |
1782 |
+ if (!dl) |
1783 |
+ return -ENOMEM; |
1784 |
+ |
1785 |
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c |
1786 |
index 5ac1811..7eb2320 100644 |
1787 |
--- a/net/bridge/br_multicast.c |
1788 |
@@ -76547,21 +76685,6 @@ index 5864cc4..121f3a30 100644 |
1789 |
BUGPRINT("c2u Didn't work\n"); |
1790 |
ret = -EFAULT; |
1791 |
break; |
1792 |
-diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c |
1793 |
-index 68223e4..4e9115d 100644 |
1794 |
---- a/net/caif/caif_dev.c |
1795 |
-+++ b/net/caif/caif_dev.c |
1796 |
-@@ -428,9 +428,9 @@ static int __init caif_device_init(void) |
1797 |
- |
1798 |
- static void __exit caif_device_exit(void) |
1799 |
- { |
1800 |
-- unregister_pernet_subsys(&caif_net_ops); |
1801 |
- unregister_netdevice_notifier(&caif_device_notifier); |
1802 |
- dev_remove_pack(&caif_packet_type); |
1803 |
-+ unregister_pernet_subsys(&caif_net_ops); |
1804 |
- } |
1805 |
- |
1806 |
- module_init(caif_device_init); |
1807 |
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c |
1808 |
index a986280..13444a1 100644 |
1809 |
--- a/net/caif/caif_socket.c |
1810 |
@@ -76738,6 +76861,80 @@ index 5cf5222..6f704ad 100644 |
1811 |
p->sequence_no); |
1812 |
list_del(&p->list); |
1813 |
goto out; |
1814 |
+diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c |
1815 |
+index 8656909..a2ae45d 100644 |
1816 |
+--- a/net/caif/chnl_net.c |
1817 |
++++ b/net/caif/chnl_net.c |
1818 |
+@@ -74,7 +74,6 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) |
1819 |
+ struct sk_buff *skb; |
1820 |
+ struct chnl_net *priv = container_of(layr, struct chnl_net, chnl); |
1821 |
+ int pktlen; |
1822 |
+- int err = 0; |
1823 |
+ const u8 *ip_version; |
1824 |
+ u8 buf; |
1825 |
+ |
1826 |
+@@ -95,8 +94,11 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) |
1827 |
+ |
1828 |
+ /* check the version of IP */ |
1829 |
+ ip_version = skb_header_pointer(skb, 0, 1, &buf); |
1830 |
+- if (!ip_version) |
1831 |
++ if (!ip_version) { |
1832 |
++ kfree_skb(skb); |
1833 |
+ return -EINVAL; |
1834 |
++ } |
1835 |
++ |
1836 |
+ switch (*ip_version >> 4) { |
1837 |
+ case 4: |
1838 |
+ skb->protocol = htons(ETH_P_IP); |
1839 |
+@@ -105,6 +107,8 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) |
1840 |
+ skb->protocol = htons(ETH_P_IPV6); |
1841 |
+ break; |
1842 |
+ default: |
1843 |
++ kfree_skb(skb); |
1844 |
++ priv->netdev->stats.rx_errors++; |
1845 |
+ return -EINVAL; |
1846 |
+ } |
1847 |
+ |
1848 |
+@@ -123,7 +127,7 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) |
1849 |
+ priv->netdev->stats.rx_packets++; |
1850 |
+ priv->netdev->stats.rx_bytes += pktlen; |
1851 |
+ |
1852 |
+- return err; |
1853 |
++ return 0; |
1854 |
+ } |
1855 |
+ |
1856 |
+ static int delete_device(struct chnl_net *dev) |
1857 |
+@@ -221,12 +225,16 @@ static int chnl_net_start_xmit(struct sk_buff *skb, struct net_device *dev) |
1858 |
+ |
1859 |
+ if (skb->len > priv->netdev->mtu) { |
1860 |
+ pr_warn("Size of skb exceeded MTU\n"); |
1861 |
+- return -ENOSPC; |
1862 |
++ kfree_skb(skb); |
1863 |
++ dev->stats.tx_errors++; |
1864 |
++ return NETDEV_TX_OK; |
1865 |
+ } |
1866 |
+ |
1867 |
+ if (!priv->flowenabled) { |
1868 |
+ pr_debug("dropping packets flow off\n"); |
1869 |
+- return NETDEV_TX_BUSY; |
1870 |
++ kfree_skb(skb); |
1871 |
++ dev->stats.tx_dropped++; |
1872 |
++ return NETDEV_TX_OK; |
1873 |
+ } |
1874 |
+ |
1875 |
+ if (priv->conn_req.protocol == CAIFPROTO_DATAGRAM_LOOP) |
1876 |
+@@ -240,9 +248,8 @@ static int chnl_net_start_xmit(struct sk_buff *skb, struct net_device *dev) |
1877 |
+ /* Send the packet down the stack. */ |
1878 |
+ result = priv->chnl.dn->transmit(priv->chnl.dn, pkt); |
1879 |
+ if (result) { |
1880 |
+- if (result == -EAGAIN) |
1881 |
+- result = NETDEV_TX_BUSY; |
1882 |
+- return result; |
1883 |
++ dev->stats.tx_dropped++; |
1884 |
++ return NETDEV_TX_OK; |
1885 |
+ } |
1886 |
+ |
1887 |
+ /* Update statistics. */ |
1888 |
diff --git a/net/can/gw.c b/net/can/gw.c |
1889 |
index 3d79b12..8de85fa 100644 |
1890 |
--- a/net/can/gw.c |
1891 |
@@ -77049,7 +77246,7 @@ index c40f27e..7f49254 100644 |
1892 |
|
1893 |
m->msg_iov = iov; |
1894 |
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
1895 |
-index 05842ab..6d674ce 100644 |
1896 |
+index 0cf604b..8d4b86f 100644 |
1897 |
--- a/net/core/rtnetlink.c |
1898 |
+++ b/net/core/rtnetlink.c |
1899 |
@@ -57,7 +57,7 @@ struct rtnl_link { |
1900 |
@@ -77186,6 +77383,40 @@ index 8d095b9..315c541 100644 |
1901 |
} |
1902 |
EXPORT_SYMBOL(sock_init_data); |
1903 |
|
1904 |
+diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h |
1905 |
+index 75c3582..fb85d37 100644 |
1906 |
+--- a/net/dccp/ccid.h |
1907 |
++++ b/net/dccp/ccid.h |
1908 |
+@@ -246,7 +246,7 @@ static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk, |
1909 |
+ u32 __user *optval, int __user *optlen) |
1910 |
+ { |
1911 |
+ int rc = -ENOPROTOOPT; |
1912 |
+- if (ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL) |
1913 |
++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL) |
1914 |
+ rc = ccid->ccid_ops->ccid_hc_rx_getsockopt(sk, optname, len, |
1915 |
+ optval, optlen); |
1916 |
+ return rc; |
1917 |
+@@ -257,7 +257,7 @@ static inline int ccid_hc_tx_getsockopt(struct ccid *ccid, struct sock *sk, |
1918 |
+ u32 __user *optval, int __user *optlen) |
1919 |
+ { |
1920 |
+ int rc = -ENOPROTOOPT; |
1921 |
+- if (ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL) |
1922 |
++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL) |
1923 |
+ rc = ccid->ccid_ops->ccid_hc_tx_getsockopt(sk, optname, len, |
1924 |
+ optval, optlen); |
1925 |
+ return rc; |
1926 |
+diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c |
1927 |
+index 3d604e1..4caf63f 100644 |
1928 |
+--- a/net/dccp/ccids/ccid3.c |
1929 |
++++ b/net/dccp/ccids/ccid3.c |
1930 |
+@@ -532,6 +532,7 @@ static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len, |
1931 |
+ case DCCP_SOCKOPT_CCID_TX_INFO: |
1932 |
+ if (len < sizeof(tfrc)) |
1933 |
+ return -EINVAL; |
1934 |
++ memset(&tfrc, 0, sizeof(tfrc)); |
1935 |
+ tfrc.tfrctx_x = hc->tx_x; |
1936 |
+ tfrc.tfrctx_x_recv = hc->tx_x_recv; |
1937 |
+ tfrc.tfrctx_x_calc = hc->tx_x_calc; |
1938 |
diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c |
1939 |
index 02e75d1..9a57a7c 100644 |
1940 |
--- a/net/decnet/sysctl_net_decnet.c |
1941 |
@@ -77221,23 +77452,6 @@ index 39a2d29..f39c0fe 100644 |
1942 |
---help--- |
1943 |
Econet is a fairly old and slow networking protocol mainly used by |
1944 |
Acorn computers to access file and print servers. It uses native |
1945 |
-diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c |
1946 |
-index 86f3b88..afaa735 100644 |
1947 |
---- a/net/ipv4/cipso_ipv4.c |
1948 |
-+++ b/net/ipv4/cipso_ipv4.c |
1949 |
-@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) |
1950 |
- case CIPSO_V4_TAG_LOCAL: |
1951 |
- /* This is a non-standard tag that we only allow for |
1952 |
- * local connections, so if the incoming interface is |
1953 |
-- * not the loopback device drop the packet. */ |
1954 |
-- if (!(skb->dev->flags & IFF_LOOPBACK)) { |
1955 |
-+ * not the loopback device drop the packet. Further, |
1956 |
-+ * there is no legitimate reason for setting this from |
1957 |
-+ * userspace so reject it if skb is NULL. */ |
1958 |
-+ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) { |
1959 |
- err_offset = opt_iter; |
1960 |
- goto validate_return_locked; |
1961 |
- } |
1962 |
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c |
1963 |
index 92fc5f6..b790d91 100644 |
1964 |
--- a/net/ipv4/fib_frontend.c |
1965 |
@@ -77561,10 +77775,10 @@ index 94cdbc5..0cb0063 100644 |
1966 |
ts = peer->tcp_ts; |
1967 |
tsage = get_seconds() - peer->tcp_ts_stamp; |
1968 |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
1969 |
-index 32e6ca2..436489e 100644 |
1970 |
+index a08a621..2e17402 100644 |
1971 |
--- a/net/ipv4/tcp_input.c |
1972 |
+++ b/net/ipv4/tcp_input.c |
1973 |
-@@ -5836,7 +5836,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, |
1974 |
+@@ -5838,7 +5838,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, |
1975 |
goto discard; |
1976 |
|
1977 |
if (th->syn) { |
1978 |
@@ -78325,6 +78539,26 @@ index 1e733e9..3d73c9f 100644 |
1979 |
} while (!res); |
1980 |
return res; |
1981 |
} |
1982 |
+diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c |
1983 |
+index a18e6c3..99a60d5 100644 |
1984 |
+--- a/net/llc/af_llc.c |
1985 |
++++ b/net/llc/af_llc.c |
1986 |
+@@ -966,14 +966,13 @@ static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr, |
1987 |
+ struct sockaddr_llc sllc; |
1988 |
+ struct sock *sk = sock->sk; |
1989 |
+ struct llc_sock *llc = llc_sk(sk); |
1990 |
+- int rc = 0; |
1991 |
++ int rc = -EBADF; |
1992 |
+ |
1993 |
+ memset(&sllc, 0, sizeof(sllc)); |
1994 |
+ lock_sock(sk); |
1995 |
+ if (sock_flag(sk, SOCK_ZAPPED)) |
1996 |
+ goto out; |
1997 |
+ *uaddrlen = sizeof(sllc); |
1998 |
+- memset(uaddr, 0, *uaddrlen); |
1999 |
+ if (peer) { |
2000 |
+ rc = -ENOTCONN; |
2001 |
+ if (sk->sk_state != TCP_ESTABLISHED) |
2002 |
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h |
2003 |
index 73495f1..ad51356 100644 |
2004 |
--- a/net/mac80211/ieee80211_i.h |
2005 |
@@ -78574,7 +78808,7 @@ index 6dc7d7d..e45913a 100644 |
2006 |
if ((ipvs->sync_state & IP_VS_STATE_MASTER) && |
2007 |
cp->protocol == IPPROTO_SCTP) { |
2008 |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c |
2009 |
-index e1a66cf..0910076 100644 |
2010 |
+index e1a66cf..2772ca6 100644 |
2011 |
--- a/net/netfilter/ipvs/ip_vs_ctl.c |
2012 |
+++ b/net/netfilter/ipvs/ip_vs_ctl.c |
2013 |
@@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, |
2014 |
@@ -78613,7 +78847,15 @@ index e1a66cf..0910076 100644 |
2015 |
entry.weight = atomic_read(&dest->weight); |
2016 |
entry.u_threshold = dest->u_threshold; |
2017 |
entry.l_threshold = dest->l_threshold; |
2018 |
-@@ -3042,7 +3042,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) |
2019 |
+@@ -2713,6 +2713,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) |
2020 |
+ { |
2021 |
+ struct ip_vs_timeout_user t; |
2022 |
+ |
2023 |
++ memset(&t, 0, sizeof(t)); |
2024 |
+ __ip_vs_get_timeouts(net, &t); |
2025 |
+ if (copy_to_user(user, &t, sizeof(t)) != 0) |
2026 |
+ ret = -EFAULT; |
2027 |
+@@ -3042,7 +3043,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) |
2028 |
NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port); |
2029 |
|
2030 |
NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD, |
2031 |
@@ -78807,7 +79049,7 @@ index 4fe4fb4..87a89e5 100644 |
2032 |
return 0; |
2033 |
} |
2034 |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
2035 |
-index a99fb41..740c2a4 100644 |
2036 |
+index a99fb41..b6962a8 100644 |
2037 |
--- a/net/netlink/af_netlink.c |
2038 |
+++ b/net/netlink/af_netlink.c |
2039 |
@@ -742,7 +742,7 @@ static void netlink_overrun(struct sock *sk) |
2040 |
@@ -78819,6 +79061,15 @@ index a99fb41..740c2a4 100644 |
2041 |
} |
2042 |
|
2043 |
static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid) |
2044 |
+@@ -1333,7 +1333,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, |
2045 |
+ if (NULL == siocb->scm) |
2046 |
+ siocb->scm = &scm; |
2047 |
+ |
2048 |
+- err = scm_send(sock, msg, siocb->scm); |
2049 |
++ err = scm_send(sock, msg, siocb->scm, true); |
2050 |
+ if (err < 0) |
2051 |
+ return err; |
2052 |
+ |
2053 |
@@ -2001,7 +2001,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) |
2054 |
sk_wmem_alloc_get(s), |
2055 |
nlk->cb, |
2056 |
@@ -79418,36 +79669,6 @@ index 7635107..4670276 100644 |
2057 |
_proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); |
2058 |
|
2059 |
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); |
2060 |
-diff --git a/net/sctp/input.c b/net/sctp/input.c |
2061 |
-index b7692aa..0fc18c7 100644 |
2062 |
---- a/net/sctp/input.c |
2063 |
-+++ b/net/sctp/input.c |
2064 |
-@@ -736,15 +736,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) |
2065 |
- |
2066 |
- epb = &ep->base; |
2067 |
- |
2068 |
-- if (hlist_unhashed(&epb->node)) |
2069 |
-- return; |
2070 |
-- |
2071 |
- epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); |
2072 |
- |
2073 |
- head = &sctp_ep_hashtable[epb->hashent]; |
2074 |
- |
2075 |
- sctp_write_lock(&head->lock); |
2076 |
-- __hlist_del(&epb->node); |
2077 |
-+ hlist_del_init(&epb->node); |
2078 |
- sctp_write_unlock(&head->lock); |
2079 |
- } |
2080 |
- |
2081 |
-@@ -825,7 +822,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc) |
2082 |
- head = &sctp_assoc_hashtable[epb->hashent]; |
2083 |
- |
2084 |
- sctp_write_lock(&head->lock); |
2085 |
-- __hlist_del(&epb->node); |
2086 |
-+ hlist_del_init(&epb->node); |
2087 |
- sctp_write_unlock(&head->lock); |
2088 |
- } |
2089 |
- |
2090 |
diff --git a/net/sctp/proc.c b/net/sctp/proc.c |
2091 |
index 1e2eee8..ce3967e 100644 |
2092 |
--- a/net/sctp/proc.c |
2093 |
@@ -79463,38 +79684,10 @@ index 1e2eee8..ce3967e 100644 |
2094 |
assoc->assoc_id, |
2095 |
assoc->sndbuf_used, |
2096 |
diff --git a/net/sctp/socket.c b/net/sctp/socket.c |
2097 |
-index 0075554..ba19fd7 100644 |
2098 |
+index 8e49d76..ba19fd7 100644 |
2099 |
--- a/net/sctp/socket.c |
2100 |
+++ b/net/sctp/socket.c |
2101 |
-@@ -1231,8 +1231,14 @@ out_free: |
2102 |
- SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p" |
2103 |
- " kaddrs: %p err: %d\n", |
2104 |
- asoc, kaddrs, err); |
2105 |
-- if (asoc) |
2106 |
-+ if (asoc) { |
2107 |
-+ /* sctp_primitive_ASSOCIATE may have added this association |
2108 |
-+ * To the hash table, try to unhash it, just in case, its a noop |
2109 |
-+ * if it wasn't hashed so we're safe |
2110 |
-+ */ |
2111 |
-+ sctp_unhash_established(asoc); |
2112 |
- sctp_association_free(asoc); |
2113 |
-+ } |
2114 |
- return err; |
2115 |
- } |
2116 |
- |
2117 |
-@@ -1942,8 +1948,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, |
2118 |
- goto out_unlock; |
2119 |
- |
2120 |
- out_free: |
2121 |
-- if (new_asoc) |
2122 |
-+ if (new_asoc) { |
2123 |
-+ sctp_unhash_established(asoc); |
2124 |
- sctp_association_free(asoc); |
2125 |
-+ } |
2126 |
- out_unlock: |
2127 |
- sctp_release_sock(sk); |
2128 |
- |
2129 |
-@@ -4575,7 +4583,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, |
2130 |
+@@ -4583,7 +4583,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, |
2131 |
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; |
2132 |
if (space_left < addrlen) |
2133 |
return -ENOMEM; |
2134 |
@@ -79504,7 +79697,7 @@ index 0075554..ba19fd7 100644 |
2135 |
to += addrlen; |
2136 |
cnt++; |
2137 |
diff --git a/net/socket.c b/net/socket.c |
2138 |
-index 273cbce..fd1e8ff 100644 |
2139 |
+index 273cbce..ed22cd4 100644 |
2140 |
--- a/net/socket.c |
2141 |
+++ b/net/socket.c |
2142 |
@@ -88,6 +88,7 @@ |
2143 |
@@ -79675,7 +79868,15 @@ index 273cbce..fd1e8ff 100644 |
2144 |
uaddr_len = COMPAT_NAMELEN(msg); |
2145 |
if (MSG_CMSG_COMPAT & flags) { |
2146 |
err = verify_compat_iovec(msg_sys, iov, |
2147 |
-@@ -2748,7 +2808,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2148 |
+@@ -2645,6 +2705,7 @@ static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32) |
2149 |
+ if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf))) |
2150 |
+ return -EFAULT; |
2151 |
+ |
2152 |
++ memset(&ifc, 0, sizeof(ifc)); |
2153 |
+ if (ifc32.ifcbuf == 0) { |
2154 |
+ ifc32.ifc_len = 0; |
2155 |
+ ifc.ifc_len = 0; |
2156 |
+@@ -2748,7 +2809,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2157 |
} |
2158 |
|
2159 |
ifr = compat_alloc_user_space(buf_size); |
2160 |
@@ -79684,7 +79885,7 @@ index 273cbce..fd1e8ff 100644 |
2161 |
|
2162 |
if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) |
2163 |
return -EFAULT; |
2164 |
-@@ -2772,12 +2832,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2165 |
+@@ -2772,12 +2833,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2166 |
offsetof(struct ethtool_rxnfc, fs.ring_cookie)); |
2167 |
|
2168 |
if (copy_in_user(rxnfc, compat_rxnfc, |
2169 |
@@ -79701,7 +79902,7 @@ index 273cbce..fd1e8ff 100644 |
2170 |
copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, |
2171 |
sizeof(rxnfc->rule_cnt))) |
2172 |
return -EFAULT; |
2173 |
-@@ -2789,12 +2849,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2174 |
+@@ -2789,12 +2850,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2175 |
|
2176 |
if (convert_out) { |
2177 |
if (copy_in_user(compat_rxnfc, rxnfc, |
2178 |
@@ -79718,7 +79919,7 @@ index 273cbce..fd1e8ff 100644 |
2179 |
copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, |
2180 |
sizeof(rxnfc->rule_cnt))) |
2181 |
return -EFAULT; |
2182 |
-@@ -2864,7 +2924,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
2183 |
+@@ -2864,7 +2925,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
2184 |
old_fs = get_fs(); |
2185 |
set_fs(KERNEL_DS); |
2186 |
err = dev_ioctl(net, cmd, |
2187 |
@@ -79727,7 +79928,7 @@ index 273cbce..fd1e8ff 100644 |
2188 |
set_fs(old_fs); |
2189 |
|
2190 |
return err; |
2191 |
-@@ -2973,7 +3033,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
2192 |
+@@ -2973,7 +3034,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
2193 |
|
2194 |
old_fs = get_fs(); |
2195 |
set_fs(KERNEL_DS); |
2196 |
@@ -79736,7 +79937,7 @@ index 273cbce..fd1e8ff 100644 |
2197 |
set_fs(old_fs); |
2198 |
|
2199 |
if (cmd == SIOCGIFMAP && !err) { |
2200 |
-@@ -3078,7 +3138,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
2201 |
+@@ -3078,7 +3139,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
2202 |
ret |= __get_user(rtdev, &(ur4->rt_dev)); |
2203 |
if (rtdev) { |
2204 |
ret |= copy_from_user(devname, compat_ptr(rtdev), 15); |
2205 |
@@ -79745,7 +79946,7 @@ index 273cbce..fd1e8ff 100644 |
2206 |
devname[15] = 0; |
2207 |
} else |
2208 |
r4.rt_dev = NULL; |
2209 |
-@@ -3318,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
2210 |
+@@ -3318,8 +3379,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
2211 |
int __user *uoptlen; |
2212 |
int err; |
2213 |
|
2214 |
@@ -79756,7 +79957,7 @@ index 273cbce..fd1e8ff 100644 |
2215 |
|
2216 |
set_fs(KERNEL_DS); |
2217 |
if (level == SOL_SOCKET) |
2218 |
-@@ -3339,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
2219 |
+@@ -3339,7 +3400,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
2220 |
char __user *uoptval; |
2221 |
int err; |
2222 |
|
2223 |
@@ -80069,7 +80270,7 @@ index 1983717..4d6102c 100644 |
2224 |
|
2225 |
sub->evt.event = htohl(event, sub->swap); |
2226 |
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
2227 |
-index d99678a..3514a21 100644 |
2228 |
+index d99678a..6786706 100644 |
2229 |
--- a/net/unix/af_unix.c |
2230 |
+++ b/net/unix/af_unix.c |
2231 |
@@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net, |
2232 |
@@ -80118,8 +80319,26 @@ index d99678a..3514a21 100644 |
2233 |
mutex_unlock(&path.dentry->d_inode->i_mutex); |
2234 |
dput(path.dentry); |
2235 |
path.dentry = dentry; |
2236 |
+@@ -1435,7 +1455,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock, |
2237 |
+ if (NULL == siocb->scm) |
2238 |
+ siocb->scm = &tmp_scm; |
2239 |
+ wait_for_unix_gc(); |
2240 |
+- err = scm_send(sock, msg, siocb->scm); |
2241 |
++ err = scm_send(sock, msg, siocb->scm, false); |
2242 |
+ if (err < 0) |
2243 |
+ return err; |
2244 |
+ |
2245 |
+@@ -1596,7 +1616,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, |
2246 |
+ if (NULL == siocb->scm) |
2247 |
+ siocb->scm = &tmp_scm; |
2248 |
+ wait_for_unix_gc(); |
2249 |
+- err = scm_send(sock, msg, siocb->scm); |
2250 |
++ err = scm_send(sock, msg, siocb->scm, false); |
2251 |
+ if (err < 0) |
2252 |
+ return err; |
2253 |
+ |
2254 |
diff --git a/net/wireless/core.h b/net/wireless/core.h |
2255 |
-index b9ec306..b4a563e 100644 |
2256 |
+index 02c3be3..e022efa 100644 |
2257 |
--- a/net/wireless/core.h |
2258 |
+++ b/net/wireless/core.h |
2259 |
@@ -27,7 +27,7 @@ struct cfg80211_registered_device { |
2260 |
|
2261 |
diff --git a/3.2.27/4430_grsec-remove-localversion-grsec.patch b/3.2.28/4430_grsec-remove-localversion-grsec.patch |
2262 |
similarity index 100% |
2263 |
rename from 3.2.27/4430_grsec-remove-localversion-grsec.patch |
2264 |
rename to 3.2.28/4430_grsec-remove-localversion-grsec.patch |
2265 |
|
2266 |
diff --git a/3.2.27/4435_grsec-mute-warnings.patch b/3.2.28/4435_grsec-mute-warnings.patch |
2267 |
similarity index 100% |
2268 |
rename from 3.2.27/4435_grsec-mute-warnings.patch |
2269 |
rename to 3.2.28/4435_grsec-mute-warnings.patch |
2270 |
|
2271 |
diff --git a/3.2.27/4440_grsec-remove-protected-paths.patch b/3.2.28/4440_grsec-remove-protected-paths.patch |
2272 |
similarity index 100% |
2273 |
rename from 3.2.27/4440_grsec-remove-protected-paths.patch |
2274 |
rename to 3.2.28/4440_grsec-remove-protected-paths.patch |
2275 |
|
2276 |
diff --git a/3.2.27/4450_grsec-kconfig-default-gids.patch b/3.2.28/4450_grsec-kconfig-default-gids.patch |
2277 |
similarity index 100% |
2278 |
rename from 3.2.27/4450_grsec-kconfig-default-gids.patch |
2279 |
rename to 3.2.28/4450_grsec-kconfig-default-gids.patch |
2280 |
|
2281 |
diff --git a/3.2.27/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.28/4465_selinux-avc_audit-log-curr_ip.patch |
2282 |
similarity index 100% |
2283 |
rename from 3.2.27/4465_selinux-avc_audit-log-curr_ip.patch |
2284 |
rename to 3.2.28/4465_selinux-avc_audit-log-curr_ip.patch |
2285 |
|
2286 |
diff --git a/3.2.27/4470_disable-compat_vdso.patch b/3.2.28/4470_disable-compat_vdso.patch |
2287 |
similarity index 100% |
2288 |
rename from 3.2.27/4470_disable-compat_vdso.patch |
2289 |
rename to 3.2.28/4470_disable-compat_vdso.patch |
2290 |
|
2291 |
diff --git a/3.5.2/0000_README b/3.5.2/0000_README |
2292 |
index 2baff0f..268fe76 100644 |
2293 |
--- a/3.5.2/0000_README |
2294 |
+++ b/3.5.2/0000_README |
2295 |
@@ -2,7 +2,7 @@ README |
2296 |
----------------------------------------------------------------------------- |
2297 |
Individual Patch Descriptions: |
2298 |
----------------------------------------------------------------------------- |
2299 |
-Patch: 4420_grsecurity-2.9.1-3.5.2-201208201522.patch |
2300 |
+Patch: 4420_grsecurity-2.9.1-3.5.2-201208222031.patch |
2301 |
From: http://www.grsecurity.net |
2302 |
Desc: hardened-sources base patch from upstream grsecurity |
2303 |
|
2304 |
|
2305 |
diff --git a/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208201522.patch b/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208222031.patch |
2306 |
similarity index 99% |
2307 |
rename from 3.5.2/4420_grsecurity-2.9.1-3.5.2-201208201522.patch |
2308 |
rename to 3.5.2/4420_grsecurity-2.9.1-3.5.2-201208222031.patch |
2309 |
index 61d4d0c..f04a5aa 100644 |
2310 |
--- a/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208201522.patch |
2311 |
+++ b/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208222031.patch |
2312 |
@@ -43873,7 +43873,7 @@ index 6901578..d402eb5 100644 |
2313 |
|
2314 |
return hit; |
2315 |
diff --git a/fs/compat.c b/fs/compat.c |
2316 |
-index 6161255..512b1a1 100644 |
2317 |
+index 6161255..9f28287 100644 |
2318 |
--- a/fs/compat.c |
2319 |
+++ b/fs/compat.c |
2320 |
@@ -490,7 +490,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) |
2321 |
@@ -43983,6 +43983,38 @@ index 6161255..512b1a1 100644 |
2322 |
if (__put_user_unaligned(d_off, &lastdirent->d_off)) |
2323 |
error = -EFAULT; |
2324 |
else |
2325 |
+@@ -1155,11 +1173,14 @@ compat_sys_readv(unsigned long fd, const struct compat_iovec __user *vec, |
2326 |
+ struct file *file; |
2327 |
+ int fput_needed; |
2328 |
+ ssize_t ret; |
2329 |
++ loff_t pos; |
2330 |
+ |
2331 |
+ file = fget_light(fd, &fput_needed); |
2332 |
+ if (!file) |
2333 |
+ return -EBADF; |
2334 |
+- ret = compat_readv(file, vec, vlen, &file->f_pos); |
2335 |
++ pos = file->f_pos; |
2336 |
++ ret = compat_readv(file, vec, vlen, &pos); |
2337 |
++ file->f_pos = pos; |
2338 |
+ fput_light(file, fput_needed); |
2339 |
+ return ret; |
2340 |
+ } |
2341 |
+@@ -1221,11 +1242,14 @@ compat_sys_writev(unsigned long fd, const struct compat_iovec __user *vec, |
2342 |
+ struct file *file; |
2343 |
+ int fput_needed; |
2344 |
+ ssize_t ret; |
2345 |
++ loff_t pos; |
2346 |
+ |
2347 |
+ file = fget_light(fd, &fput_needed); |
2348 |
+ if (!file) |
2349 |
+ return -EBADF; |
2350 |
+- ret = compat_writev(file, vec, vlen, &file->f_pos); |
2351 |
++ pos = file->f_pos; |
2352 |
++ ret = compat_writev(file, vec, vlen, &pos); |
2353 |
++ file->f_pos = pos; |
2354 |
+ fput_light(file, fput_needed); |
2355 |
+ return ret; |
2356 |
+ } |
2357 |
diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c |
2358 |
index 112e45a..b59845b 100644 |
2359 |
--- a/fs/compat_binfmt_elf.c |
2360 |
@@ -45093,6 +45125,18 @@ index 01434f2..bd995b4 100644 |
2361 |
atomic_t s_lock_busy; |
2362 |
|
2363 |
/* locality groups */ |
2364 |
+diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c |
2365 |
+index 58a75fe..9752106 100644 |
2366 |
+--- a/fs/ext4/extents.c |
2367 |
++++ b/fs/ext4/extents.c |
2368 |
+@@ -2663,6 +2663,7 @@ cont: |
2369 |
+ } |
2370 |
+ path[0].p_depth = depth; |
2371 |
+ path[0].p_hdr = ext_inode_hdr(inode); |
2372 |
++ i = 0; |
2373 |
+ |
2374 |
+ if (ext4_ext_check(inode, path[0].p_hdr, depth)) { |
2375 |
+ err = -EIO; |
2376 |
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c |
2377 |
index 1cd6994..5799d45 100644 |
2378 |
--- a/fs/ext4/mballoc.c |
2379 |
@@ -64645,6 +64689,23 @@ index bbd023a..97c6d0d 100644 |
2380 |
|
2381 |
#ifdef CONFIG_IP_MROUTE |
2382 |
#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES |
2383 |
+diff --git a/include/net/scm.h b/include/net/scm.h |
2384 |
+index d456f4c..0c0017c 100644 |
2385 |
+--- a/include/net/scm.h |
2386 |
++++ b/include/net/scm.h |
2387 |
+@@ -71,9 +71,11 @@ static __inline__ void scm_destroy(struct scm_cookie *scm) |
2388 |
+ } |
2389 |
+ |
2390 |
+ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, |
2391 |
+- struct scm_cookie *scm) |
2392 |
++ struct scm_cookie *scm, bool forcecreds) |
2393 |
+ { |
2394 |
+ memset(scm, 0, sizeof(*scm)); |
2395 |
++ if (forcecreds) |
2396 |
++ scm_set_cred(scm, task_tgid(current), current_cred()); |
2397 |
+ unix_get_peersec_dgram(sock, scm); |
2398 |
+ if (msg->msg_controllen <= 0) |
2399 |
+ return 0; |
2400 |
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h |
2401 |
index a2ef814..31a8e3f 100644 |
2402 |
--- a/include/net/sctp/sctp.h |
2403 |
@@ -75045,6 +75106,18 @@ index 876fbe8..8bbea9f 100644 |
2404 |
__SONET_ITEMS |
2405 |
#undef __HANDLE_ITEM |
2406 |
} |
2407 |
+diff --git a/net/atm/common.c b/net/atm/common.c |
2408 |
+index b4b44db..0c0ad93 100644 |
2409 |
+--- a/net/atm/common.c |
2410 |
++++ b/net/atm/common.c |
2411 |
+@@ -812,6 +812,7 @@ int vcc_getsockopt(struct socket *sock, int level, int optname, |
2412 |
+ |
2413 |
+ if (!vcc->dev || !test_bit(ATM_VF_ADDR, &vcc->flags)) |
2414 |
+ return -ENOTCONN; |
2415 |
++ memset(&pvc, 0, sizeof(pvc)); |
2416 |
+ pvc.sap_family = AF_ATMPVC; |
2417 |
+ pvc.sap_addr.itf = vcc->dev->number; |
2418 |
+ pvc.sap_addr.vpi = vcc->vpi; |
2419 |
diff --git a/net/atm/lec.h b/net/atm/lec.h |
2420 |
index a86aff9..3a0d6f6 100644 |
2421 |
--- a/net/atm/lec.h |
2422 |
@@ -75088,6 +75161,18 @@ index 0d020de..011c7bb 100644 |
2423 |
} |
2424 |
|
2425 |
static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev) |
2426 |
+diff --git a/net/atm/pvc.c b/net/atm/pvc.c |
2427 |
+index 3a73491..ae03240 100644 |
2428 |
+--- a/net/atm/pvc.c |
2429 |
++++ b/net/atm/pvc.c |
2430 |
+@@ -95,6 +95,7 @@ static int pvc_getname(struct socket *sock, struct sockaddr *sockaddr, |
2431 |
+ return -ENOTCONN; |
2432 |
+ *sockaddr_len = sizeof(struct sockaddr_atmpvc); |
2433 |
+ addr = (struct sockaddr_atmpvc *)sockaddr; |
2434 |
++ memset(addr, 0, sizeof(*addr)); |
2435 |
+ addr->sap_family = AF_ATMPVC; |
2436 |
+ addr->sap_addr.itf = vcc->dev->number; |
2437 |
+ addr->sap_addr.vpi = vcc->vpi; |
2438 |
diff --git a/net/atm/resources.c b/net/atm/resources.c |
2439 |
index 23f45ce..c748f1a 100644 |
2440 |
--- a/net/atm/resources.c |
2441 |
@@ -75231,6 +75316,26 @@ index 74175c2..32f8901 100644 |
2442 |
frag1->seqno = htons(seqno - 1); |
2443 |
frag2->seqno = htons(seqno); |
2444 |
|
2445 |
+diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c |
2446 |
+index 5914623..bedc768 100644 |
2447 |
+--- a/net/bluetooth/hci_sock.c |
2448 |
++++ b/net/bluetooth/hci_sock.c |
2449 |
+@@ -706,6 +706,7 @@ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *add |
2450 |
+ *addr_len = sizeof(*haddr); |
2451 |
+ haddr->hci_family = AF_BLUETOOTH; |
2452 |
+ haddr->hci_dev = hdev->id; |
2453 |
++ haddr->hci_channel= 0; |
2454 |
+ |
2455 |
+ release_sock(sk); |
2456 |
+ return 0; |
2457 |
+@@ -1016,6 +1017,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char |
2458 |
+ { |
2459 |
+ struct hci_filter *f = &hci_pi(sk)->filter; |
2460 |
+ |
2461 |
++ memset(&uf, 0, sizeof(uf)); |
2462 |
+ uf.type_mask = f->type_mask; |
2463 |
+ uf.opcode = f->opcode; |
2464 |
+ uf.event_mask[0] = *((u32 *) f->event_mask + 0); |
2465 |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c |
2466 |
index 4554e80..b778671 100644 |
2467 |
--- a/net/bluetooth/l2cap_core.c |
2468 |
@@ -75248,8 +75353,40 @@ index 4554e80..b778671 100644 |
2469 |
|
2470 |
if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && |
2471 |
rfc.mode != chan->mode) |
2472 |
+diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c |
2473 |
+index 3bb1611..fcf656b 100644 |
2474 |
+--- a/net/bluetooth/l2cap_sock.c |
2475 |
++++ b/net/bluetooth/l2cap_sock.c |
2476 |
+@@ -246,6 +246,7 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l |
2477 |
+ |
2478 |
+ BT_DBG("sock %p, sk %p", sock, sk); |
2479 |
+ |
2480 |
++ memset(la, 0, sizeof(struct sockaddr_l2)); |
2481 |
+ addr->sa_family = AF_BLUETOOTH; |
2482 |
+ *len = sizeof(struct sockaddr_l2); |
2483 |
+ |
2484 |
+diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c |
2485 |
+index e8707de..2df6956 100644 |
2486 |
+--- a/net/bluetooth/rfcomm/sock.c |
2487 |
++++ b/net/bluetooth/rfcomm/sock.c |
2488 |
+@@ -547,6 +547,7 @@ static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int * |
2489 |
+ |
2490 |
+ BT_DBG("sock %p, sk %p", sock, sk); |
2491 |
+ |
2492 |
++ memset(sa, 0, sizeof(*sa)); |
2493 |
+ sa->rc_family = AF_BLUETOOTH; |
2494 |
+ sa->rc_channel = rfcomm_pi(sk)->channel; |
2495 |
+ if (peer) |
2496 |
+@@ -841,6 +842,7 @@ static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, c |
2497 |
+ } |
2498 |
+ |
2499 |
+ sec.level = rfcomm_pi(sk)->sec_level; |
2500 |
++ sec.key_size = 0; |
2501 |
+ |
2502 |
+ len = min_t(unsigned int, len, sizeof(sec)); |
2503 |
+ if (copy_to_user(optval, (char *) &sec, len)) |
2504 |
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c |
2505 |
-index d1820ff..d414b0e 100644 |
2506 |
+index d1820ff..4f8c8f6 100644 |
2507 |
--- a/net/bluetooth/rfcomm/tty.c |
2508 |
+++ b/net/bluetooth/rfcomm/tty.c |
2509 |
@@ -314,7 +314,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev) |
2510 |
@@ -75261,6 +75398,15 @@ index d1820ff..d414b0e 100644 |
2511 |
spin_unlock_irqrestore(&dev->port.lock, flags); |
2512 |
return; |
2513 |
} |
2514 |
+@@ -461,7 +461,7 @@ static int rfcomm_get_dev_list(void __user *arg) |
2515 |
+ |
2516 |
+ size = sizeof(*dl) + dev_num * sizeof(*di); |
2517 |
+ |
2518 |
+- dl = kmalloc(size, GFP_KERNEL); |
2519 |
++ dl = kzalloc(size, GFP_KERNEL); |
2520 |
+ if (!dl) |
2521 |
+ return -ENOMEM; |
2522 |
+ |
2523 |
@@ -669,10 +669,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) |
2524 |
return -ENODEV; |
2525 |
|
2526 |
@@ -75343,6 +75489,21 @@ index 047cd0e..461fd28 100644 |
2527 |
p->sequence_no); |
2528 |
list_del(&p->list); |
2529 |
goto out; |
2530 |
+diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c |
2531 |
+index 69771c0..e597733 100644 |
2532 |
+--- a/net/caif/chnl_net.c |
2533 |
++++ b/net/caif/chnl_net.c |
2534 |
+@@ -94,6 +94,10 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) |
2535 |
+ |
2536 |
+ /* check the version of IP */ |
2537 |
+ ip_version = skb_header_pointer(skb, 0, 1, &buf); |
2538 |
++ if (!ip_version) { |
2539 |
++ kfree_skb(skb); |
2540 |
++ return -EINVAL; |
2541 |
++ } |
2542 |
+ |
2543 |
+ switch (*ip_version >> 4) { |
2544 |
+ case 4: |
2545 |
diff --git a/net/can/gw.c b/net/can/gw.c |
2546 |
index b41acf2..3affb3a 100644 |
2547 |
--- a/net/can/gw.c |
2548 |
@@ -75836,6 +75997,40 @@ index 5fd1467..8b70900 100644 |
2549 |
} |
2550 |
EXPORT_SYMBOL_GPL(sock_diag_save_cookie); |
2551 |
|
2552 |
+diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h |
2553 |
+index 75c3582..fb85d37 100644 |
2554 |
+--- a/net/dccp/ccid.h |
2555 |
++++ b/net/dccp/ccid.h |
2556 |
+@@ -246,7 +246,7 @@ static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk, |
2557 |
+ u32 __user *optval, int __user *optlen) |
2558 |
+ { |
2559 |
+ int rc = -ENOPROTOOPT; |
2560 |
+- if (ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL) |
2561 |
++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL) |
2562 |
+ rc = ccid->ccid_ops->ccid_hc_rx_getsockopt(sk, optname, len, |
2563 |
+ optval, optlen); |
2564 |
+ return rc; |
2565 |
+@@ -257,7 +257,7 @@ static inline int ccid_hc_tx_getsockopt(struct ccid *ccid, struct sock *sk, |
2566 |
+ u32 __user *optval, int __user *optlen) |
2567 |
+ { |
2568 |
+ int rc = -ENOPROTOOPT; |
2569 |
+- if (ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL) |
2570 |
++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL) |
2571 |
+ rc = ccid->ccid_ops->ccid_hc_tx_getsockopt(sk, optname, len, |
2572 |
+ optval, optlen); |
2573 |
+ return rc; |
2574 |
+diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c |
2575 |
+index 8c67bed..ce0d140 100644 |
2576 |
+--- a/net/dccp/ccids/ccid3.c |
2577 |
++++ b/net/dccp/ccids/ccid3.c |
2578 |
+@@ -531,6 +531,7 @@ static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len, |
2579 |
+ case DCCP_SOCKOPT_CCID_TX_INFO: |
2580 |
+ if (len < sizeof(tfrc)) |
2581 |
+ return -EINVAL; |
2582 |
++ memset(&tfrc, 0, sizeof(tfrc)); |
2583 |
+ tfrc.tfrctx_x = hc->tx_x; |
2584 |
+ tfrc.tfrctx_x_recv = hc->tx_x_recv; |
2585 |
+ tfrc.tfrctx_x_calc = hc->tx_x_calc; |
2586 |
diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c |
2587 |
index a55eecc..dd8428c 100644 |
2588 |
--- a/net/decnet/sysctl_net_decnet.c |
2589 |
@@ -76859,6 +77054,38 @@ index 34e4185..8823368 100644 |
2590 |
} while (!res); |
2591 |
return res; |
2592 |
} |
2593 |
+diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c |
2594 |
+index 35e1e4b..9275471 100644 |
2595 |
+--- a/net/l2tp/l2tp_ip6.c |
2596 |
++++ b/net/l2tp/l2tp_ip6.c |
2597 |
+@@ -410,6 +410,7 @@ static int l2tp_ip6_getname(struct socket *sock, struct sockaddr *uaddr, |
2598 |
+ lsa->l2tp_family = AF_INET6; |
2599 |
+ lsa->l2tp_flowinfo = 0; |
2600 |
+ lsa->l2tp_scope_id = 0; |
2601 |
++ lsa->l2tp_unused = 0; |
2602 |
+ if (peer) { |
2603 |
+ if (!lsk->peer_conn_id) |
2604 |
+ return -ENOTCONN; |
2605 |
+diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c |
2606 |
+index fe5453c..a13c3e23 100644 |
2607 |
+--- a/net/llc/af_llc.c |
2608 |
++++ b/net/llc/af_llc.c |
2609 |
+@@ -969,14 +969,13 @@ static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr, |
2610 |
+ struct sockaddr_llc sllc; |
2611 |
+ struct sock *sk = sock->sk; |
2612 |
+ struct llc_sock *llc = llc_sk(sk); |
2613 |
+- int rc = 0; |
2614 |
++ int rc = -EBADF; |
2615 |
+ |
2616 |
+ memset(&sllc, 0, sizeof(sllc)); |
2617 |
+ lock_sock(sk); |
2618 |
+ if (sock_flag(sk, SOCK_ZAPPED)) |
2619 |
+ goto out; |
2620 |
+ *uaddrlen = sizeof(sllc); |
2621 |
+- memset(uaddr, 0, *uaddrlen); |
2622 |
+ if (peer) { |
2623 |
+ rc = -ENOTCONN; |
2624 |
+ if (sk->sk_state != TCP_ESTABLISHED) |
2625 |
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h |
2626 |
index 3f3cd50..d2cf249 100644 |
2627 |
--- a/net/mac80211/ieee80211_i.h |
2628 |
@@ -77117,7 +77344,7 @@ index a54b018c..07e0120 100644 |
2629 |
if (ipvs->sync_state & IP_VS_STATE_MASTER) |
2630 |
ip_vs_sync_conn(net, cp, pkts); |
2631 |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c |
2632 |
-index 84444dd..86adaa0 100644 |
2633 |
+index 84444dd..f91c066 100644 |
2634 |
--- a/net/netfilter/ipvs/ip_vs_ctl.c |
2635 |
+++ b/net/netfilter/ipvs/ip_vs_ctl.c |
2636 |
@@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, |
2637 |
@@ -77156,7 +77383,15 @@ index 84444dd..86adaa0 100644 |
2638 |
entry.weight = atomic_read(&dest->weight); |
2639 |
entry.u_threshold = dest->u_threshold; |
2640 |
entry.l_threshold = dest->l_threshold; |
2641 |
-@@ -3089,7 +3089,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) |
2642 |
+@@ -2759,6 +2759,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) |
2643 |
+ { |
2644 |
+ struct ip_vs_timeout_user t; |
2645 |
+ |
2646 |
++ memset(&t, 0, sizeof(t)); |
2647 |
+ __ip_vs_get_timeouts(net, &t); |
2648 |
+ if (copy_to_user(user, &t, sizeof(t)) != 0) |
2649 |
+ ret = -EFAULT; |
2650 |
+@@ -3089,7 +3090,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) |
2651 |
if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) || |
2652 |
nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) || |
2653 |
nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD, |
2654 |
@@ -77359,7 +77594,7 @@ index 4fe4fb4..87a89e5 100644 |
2655 |
return 0; |
2656 |
} |
2657 |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
2658 |
-index b3025a6..d63a537 100644 |
2659 |
+index b3025a6..e21e5297 100644 |
2660 |
--- a/net/netlink/af_netlink.c |
2661 |
+++ b/net/netlink/af_netlink.c |
2662 |
@@ -753,7 +753,7 @@ static void netlink_overrun(struct sock *sk) |
2663 |
@@ -77371,6 +77606,15 @@ index b3025a6..d63a537 100644 |
2664 |
} |
2665 |
|
2666 |
static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid) |
2667 |
+@@ -1344,7 +1344,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, |
2668 |
+ if (NULL == siocb->scm) |
2669 |
+ siocb->scm = &scm; |
2670 |
+ |
2671 |
+- err = scm_send(sock, msg, siocb->scm); |
2672 |
++ err = scm_send(sock, msg, siocb->scm, true); |
2673 |
+ if (err < 0) |
2674 |
+ return err; |
2675 |
+ |
2676 |
@@ -2022,7 +2022,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) |
2677 |
sk_wmem_alloc_get(s), |
2678 |
nlk->cb, |
2679 |
@@ -77994,7 +78238,7 @@ index 31c7bfc..bc380ae 100644 |
2680 |
to += addrlen; |
2681 |
cnt++; |
2682 |
diff --git a/net/socket.c b/net/socket.c |
2683 |
-index 0452dca..7e9758c 100644 |
2684 |
+index 0452dca..0d601e0 100644 |
2685 |
--- a/net/socket.c |
2686 |
+++ b/net/socket.c |
2687 |
@@ -88,6 +88,7 @@ |
2688 |
@@ -78165,7 +78409,15 @@ index 0452dca..7e9758c 100644 |
2689 |
uaddr_len = COMPAT_NAMELEN(msg); |
2690 |
if (MSG_CMSG_COMPAT & flags) { |
2691 |
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); |
2692 |
-@@ -2761,7 +2821,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2693 |
+@@ -2658,6 +2718,7 @@ static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32) |
2694 |
+ if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf))) |
2695 |
+ return -EFAULT; |
2696 |
+ |
2697 |
++ memset(&ifc, 0, sizeof(ifc)); |
2698 |
+ if (ifc32.ifcbuf == 0) { |
2699 |
+ ifc32.ifc_len = 0; |
2700 |
+ ifc.ifc_len = 0; |
2701 |
+@@ -2761,7 +2822,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2702 |
} |
2703 |
|
2704 |
ifr = compat_alloc_user_space(buf_size); |
2705 |
@@ -78174,7 +78426,7 @@ index 0452dca..7e9758c 100644 |
2706 |
|
2707 |
if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) |
2708 |
return -EFAULT; |
2709 |
-@@ -2785,12 +2845,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2710 |
+@@ -2785,12 +2846,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2711 |
offsetof(struct ethtool_rxnfc, fs.ring_cookie)); |
2712 |
|
2713 |
if (copy_in_user(rxnfc, compat_rxnfc, |
2714 |
@@ -78191,7 +78443,7 @@ index 0452dca..7e9758c 100644 |
2715 |
copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, |
2716 |
sizeof(rxnfc->rule_cnt))) |
2717 |
return -EFAULT; |
2718 |
-@@ -2802,12 +2862,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2719 |
+@@ -2802,12 +2863,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
2720 |
|
2721 |
if (convert_out) { |
2722 |
if (copy_in_user(compat_rxnfc, rxnfc, |
2723 |
@@ -78208,7 +78460,7 @@ index 0452dca..7e9758c 100644 |
2724 |
copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, |
2725 |
sizeof(rxnfc->rule_cnt))) |
2726 |
return -EFAULT; |
2727 |
-@@ -2877,7 +2937,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
2728 |
+@@ -2877,7 +2938,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
2729 |
old_fs = get_fs(); |
2730 |
set_fs(KERNEL_DS); |
2731 |
err = dev_ioctl(net, cmd, |
2732 |
@@ -78217,7 +78469,7 @@ index 0452dca..7e9758c 100644 |
2733 |
set_fs(old_fs); |
2734 |
|
2735 |
return err; |
2736 |
-@@ -2986,7 +3046,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
2737 |
+@@ -2986,7 +3047,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
2738 |
|
2739 |
old_fs = get_fs(); |
2740 |
set_fs(KERNEL_DS); |
2741 |
@@ -78226,7 +78478,7 @@ index 0452dca..7e9758c 100644 |
2742 |
set_fs(old_fs); |
2743 |
|
2744 |
if (cmd == SIOCGIFMAP && !err) { |
2745 |
-@@ -3091,7 +3151,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
2746 |
+@@ -3091,7 +3152,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
2747 |
ret |= __get_user(rtdev, &(ur4->rt_dev)); |
2748 |
if (rtdev) { |
2749 |
ret |= copy_from_user(devname, compat_ptr(rtdev), 15); |
2750 |
@@ -78235,7 +78487,7 @@ index 0452dca..7e9758c 100644 |
2751 |
devname[15] = 0; |
2752 |
} else |
2753 |
r4.rt_dev = NULL; |
2754 |
-@@ -3317,8 +3377,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
2755 |
+@@ -3317,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
2756 |
int __user *uoptlen; |
2757 |
int err; |
2758 |
|
2759 |
@@ -78246,7 +78498,7 @@ index 0452dca..7e9758c 100644 |
2760 |
|
2761 |
set_fs(KERNEL_DS); |
2762 |
if (level == SOL_SOCKET) |
2763 |
-@@ -3338,7 +3398,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
2764 |
+@@ -3338,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
2765 |
char __user *uoptval; |
2766 |
int err; |
2767 |
|
2768 |
@@ -78546,7 +78798,7 @@ index f976e9cd..560d055 100644 |
2769 |
|
2770 |
sub->evt.event = htohl(event, sub->swap); |
2771 |
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
2772 |
-index 641f2e4..a63f5e1 100644 |
2773 |
+index 641f2e4..590bb48 100644 |
2774 |
--- a/net/unix/af_unix.c |
2775 |
+++ b/net/unix/af_unix.c |
2776 |
@@ -780,6 +780,12 @@ static struct sock *unix_find_other(struct net *net, |
2777 |
@@ -78595,6 +78847,24 @@ index 641f2e4..a63f5e1 100644 |
2778 |
mutex_unlock(&path.dentry->d_inode->i_mutex); |
2779 |
dput(path.dentry); |
2780 |
path.dentry = dentry; |
2781 |
+@@ -1448,7 +1468,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock, |
2782 |
+ if (NULL == siocb->scm) |
2783 |
+ siocb->scm = &tmp_scm; |
2784 |
+ wait_for_unix_gc(); |
2785 |
+- err = scm_send(sock, msg, siocb->scm); |
2786 |
++ err = scm_send(sock, msg, siocb->scm, false); |
2787 |
+ if (err < 0) |
2788 |
+ return err; |
2789 |
+ |
2790 |
+@@ -1617,7 +1637,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, |
2791 |
+ if (NULL == siocb->scm) |
2792 |
+ siocb->scm = &tmp_scm; |
2793 |
+ wait_for_unix_gc(); |
2794 |
+- err = scm_send(sock, msg, siocb->scm); |
2795 |
++ err = scm_send(sock, msg, siocb->scm, false); |
2796 |
+ if (err < 0) |
2797 |
+ return err; |
2798 |
+ |
2799 |
diff --git a/net/wireless/core.h b/net/wireless/core.h |
2800 |
index bc686ef..27845e6 100644 |
2801 |
--- a/net/wireless/core.h |