Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.28/, 2.6.32/, 3.2.27/, 3.5.2/
Date: Thu, 23 Aug 2012 10:00:05
Message-Id: 1345715947.05ef56fc07d1093768b292be3b639b3c333ba3af.blueness@gentoo
1 commit: 05ef56fc07d1093768b292be3b639b3c333ba3af
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Thu Aug 23 09:59:07 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Thu Aug 23 09:59:07 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=05ef56fc
7
8 Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.2}-201208222031
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.59-201208222030.patch} | 152 +++-
13 {3.2.27 => 3.2.28}/0000_README | 6 +-
14 {3.2.27 => 3.2.28}/1021_linux-3.2.22.patch | 0
15 {3.2.27 => 3.2.28}/1022_linux-3.2.23.patch | 0
16 {3.2.27 => 3.2.28}/1023_linux-3.2.24.patch | 0
17 {3.2.27 => 3.2.28}/1024_linux-3.2.25.patch | 0
18 {3.2.27 => 3.2.28}/1025_linux-3.2.26.patch | 0
19 {3.2.27 => 3.2.28}/1026_linux-3.2.27.patch | 0
20 3.2.28/1027_linux-3.2.28.patch | 1114 ++++++++++++++++++++
21 ...4420_grsecurity-2.9.1-3.2.28-201208222030.patch | 469 ++++++---
22 .../4430_grsec-remove-localversion-grsec.patch | 0
23 {3.2.27 => 3.2.28}/4435_grsec-mute-warnings.patch | 0
24 .../4440_grsec-remove-protected-paths.patch | 0
25 .../4450_grsec-kconfig-default-gids.patch | 0
26 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
27 {3.2.27 => 3.2.28}/4470_disable-compat_vdso.patch | 0
28 3.5.2/0000_README | 2 +-
29 ...4420_grsecurity-2.9.1-3.5.2-201208222031.patch} | 300 +++++-
30 19 files changed, 1895 insertions(+), 150 deletions(-)
31
32 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
33 index 0ba8a80..24bc841 100644
34 --- a/2.6.32/0000_README
35 +++ b/2.6.32/0000_README
36 @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
37 From: http://www.kernel.org
38 Desc: Linux 2.6.32.59
39
40 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208201521.patch
41 +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208222030.patch
42 From: http://www.grsecurity.net
43 Desc: hardened-sources base patch from upstream grsecurity
44
45
46 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208201521.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208222030.patch
47 similarity index 99%
48 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208201521.patch
49 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208222030.patch
50 index c356bad..a4b7131 100644
51 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208201521.patch
52 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208222030.patch
53 @@ -68211,7 +68211,7 @@ index a5bf577..6d19845 100644
54 return hit;
55 }
56 diff --git a/fs/compat.c b/fs/compat.c
57 -index d1e2411..9a958d2 100644
58 +index d1e2411..84978fe 100644
59 --- a/fs/compat.c
60 +++ b/fs/compat.c
61 @@ -133,8 +133,8 @@ asmlinkage long compat_sys_utimes(char __user *filename, struct compat_timeval _
62 @@ -68332,7 +68332,39 @@ index d1e2411..9a958d2 100644
63 goto out;
64 if (!file->f_op)
65 goto out;
66 -@@ -1463,11 +1481,35 @@ int compat_do_execve(char * filename,
67 +@@ -1208,11 +1226,14 @@ compat_sys_readv(unsigned long fd, const struct compat_iovec __user *vec,
68 + struct file *file;
69 + int fput_needed;
70 + ssize_t ret;
71 ++ loff_t pos;
72 +
73 + file = fget_light(fd, &fput_needed);
74 + if (!file)
75 + return -EBADF;
76 +- ret = compat_readv(file, vec, vlen, &file->f_pos);
77 ++ pos = file->f_pos;
78 ++ ret = compat_readv(file, vec, vlen, &pos);
79 ++ file->f_pos = pos;
80 + fput_light(file, fput_needed);
81 + return ret;
82 + }
83 +@@ -1265,11 +1286,14 @@ compat_sys_writev(unsigned long fd, const struct compat_iovec __user *vec,
84 + struct file *file;
85 + int fput_needed;
86 + ssize_t ret;
87 ++ loff_t pos;
88 +
89 + file = fget_light(fd, &fput_needed);
90 + if (!file)
91 + return -EBADF;
92 +- ret = compat_writev(file, vec, vlen, &file->f_pos);
93 ++ pos = file->f_pos;
94 ++ ret = compat_writev(file, vec, vlen, &pos);
95 ++ file->f_pos = pos;
96 + fput_light(file, fput_needed);
97 + return ret;
98 + }
99 +@@ -1463,11 +1487,35 @@ int compat_do_execve(char * filename,
100 compat_uptr_t __user *envp,
101 struct pt_regs * regs)
102 {
103 @@ -68368,7 +68400,7 @@ index d1e2411..9a958d2 100644
104
105 retval = unshare_files(&displaced);
106 if (retval)
107 -@@ -1493,12 +1535,26 @@ int compat_do_execve(char * filename,
108 +@@ -1493,12 +1541,26 @@ int compat_do_execve(char * filename,
109 if (IS_ERR(file))
110 goto out_unmark;
111
112 @@ -68395,7 +68427,7 @@ index d1e2411..9a958d2 100644
113 retval = bprm_mm_init(bprm);
114 if (retval)
115 goto out_file;
116 -@@ -1515,24 +1571,63 @@ int compat_do_execve(char * filename,
117 +@@ -1515,24 +1577,63 @@ int compat_do_execve(char * filename,
118 if (retval < 0)
119 goto out;
120
121 @@ -68463,7 +68495,7 @@ index d1e2411..9a958d2 100644
122 current->fs->in_exec = 0;
123 current->in_execve = 0;
124 acct_update_integrals(current);
125 -@@ -1541,6 +1636,14 @@ int compat_do_execve(char * filename,
126 +@@ -1541,6 +1642,14 @@ int compat_do_execve(char * filename,
127 put_files_struct(displaced);
128 return retval;
129
130 @@ -68478,7 +68510,7 @@ index d1e2411..9a958d2 100644
131 out:
132 if (bprm->mm) {
133 acct_arg_size(bprm, 0);
134 -@@ -1711,6 +1814,8 @@ int compat_core_sys_select(int n, compat_ulong_t __user *inp,
135 +@@ -1711,6 +1820,8 @@ int compat_core_sys_select(int n, compat_ulong_t __user *inp,
136 struct fdtable *fdt;
137 long stack_fds[SELECT_STACK_ALLOC/sizeof(long)];
138
139 @@ -68487,7 +68519,7 @@ index d1e2411..9a958d2 100644
140 if (n < 0)
141 goto out_nofds;
142
143 -@@ -2151,7 +2256,7 @@ asmlinkage long compat_sys_nfsservctl(int cmd,
144 +@@ -2151,7 +2262,7 @@ asmlinkage long compat_sys_nfsservctl(int cmd,
145 oldfs = get_fs();
146 set_fs(KERNEL_DS);
147 /* The __user pointer casts are valid because of the set_fs() */
148 @@ -103033,6 +103065,18 @@ index 02cc7e7..4514f1b 100644
149 __SONET_ITEMS
150 #undef __HANDLE_ITEM
151 }
152 +diff --git a/net/atm/common.c b/net/atm/common.c
153 +index 950bd16..0baf05e 100644
154 +--- a/net/atm/common.c
155 ++++ b/net/atm/common.c
156 +@@ -749,6 +749,7 @@ int vcc_getsockopt(struct socket *sock, int level, int optname,
157 + if (!vcc->dev ||
158 + !test_bit(ATM_VF_ADDR,&vcc->flags))
159 + return -ENOTCONN;
160 ++ memset(&pvc, 0, sizeof(pvc));
161 + pvc.sap_family = AF_ATMPVC;
162 + pvc.sap_addr.itf = vcc->dev->number;
163 + pvc.sap_addr.vpi = vcc->vpi;
164 diff --git a/net/atm/lec.h b/net/atm/lec.h
165 index 9d14d19..5c145f3 100644
166 --- a/net/atm/lec.h
167 @@ -103114,6 +103158,20 @@ index ab8419a..aa91497 100644
168 else
169 seq_printf(seq, "%3d %3d %5d ",
170 vcc->dev->number, vcc->vpi, vcc->vci);
171 +diff --git a/net/atm/pvc.c b/net/atm/pvc.c
172 +index d4c0245..5f6d1fb 100644
173 +--- a/net/atm/pvc.c
174 ++++ b/net/atm/pvc.c
175 +@@ -92,7 +92,8 @@ static int pvc_getname(struct socket *sock,struct sockaddr *sockaddr,
176 +
177 + if (!vcc->dev || !test_bit(ATM_VF_ADDR,&vcc->flags)) return -ENOTCONN;
178 + *sockaddr_len = sizeof(struct sockaddr_atmpvc);
179 +- addr = (struct sockaddr_atmpvc *) sockaddr;
180 ++ addr = (struct sockaddr_atmpvc *)sockaddr;
181 ++ memset(addr, 0, sizeof(*addr));
182 + addr->sap_family = AF_ATMPVC;
183 + addr->sap_addr.itf = vcc->dev->number;
184 + addr->sap_addr.vpi = vcc->vpi;
185 diff --git a/net/atm/resources.c b/net/atm/resources.c
186 index 56b7322..c48b84e 100644
187 --- a/net/atm/resources.c
188 @@ -103136,6 +103194,44 @@ index 56b7322..c48b84e 100644
189 __AAL_STAT_ITEMS
190 #undef __HANDLE_ITEM
191 }
192 +diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
193 +index 75302a9..45caaaa 100644
194 +--- a/net/bluetooth/hci_sock.c
195 ++++ b/net/bluetooth/hci_sock.c
196 +@@ -576,6 +576,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char
197 + {
198 + struct hci_filter *f = &hci_pi(sk)->filter;
199 +
200 ++ memset(&uf, 0, sizeof(uf));
201 + uf.type_mask = f->type_mask;
202 + uf.opcode = f->opcode;
203 + uf.event_mask[0] = *((u32 *) f->event_mask + 0);
204 +diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
205 +index 1ae3f80..c47b7c4 100644
206 +--- a/net/bluetooth/rfcomm/sock.c
207 ++++ b/net/bluetooth/rfcomm/sock.c
208 +@@ -543,6 +543,7 @@ static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *
209 +
210 + BT_DBG("sock %p, sk %p", sock, sk);
211 +
212 ++ memset(sa, 0, sizeof(*sa));
213 + sa->rc_family = AF_BLUETOOTH;
214 + sa->rc_channel = rfcomm_pi(sk)->channel;
215 + if (peer)
216 +diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
217 +index 5f6a305..00b8f21 100644
218 +--- a/net/bluetooth/rfcomm/tty.c
219 ++++ b/net/bluetooth/rfcomm/tty.c
220 +@@ -472,7 +472,8 @@ static int rfcomm_get_dev_list(void __user *arg)
221 +
222 + size = sizeof(*dl) + dev_num * sizeof(*di);
223 +
224 +- if (!(dl = kmalloc(size, GFP_KERNEL)))
225 ++ dl = kzalloc(size, GFP_KERNEL);
226 ++ if (!dl)
227 + return -ENOMEM;
228 +
229 + di = dl->dev_info;
230 diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
231 index 8567d47..bba2292 100644
232 --- a/net/bridge/br_private.h
233 @@ -103592,6 +103688,28 @@ index 6605e75..3acebda 100644
234 }
235 EXPORT_SYMBOL(sock_init_data);
236
237 +diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h
238 +index facedd2..ab260b0 100644
239 +--- a/net/dccp/ccid.h
240 ++++ b/net/dccp/ccid.h
241 +@@ -214,7 +214,7 @@ static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk,
242 + u32 __user *optval, int __user *optlen)
243 + {
244 + int rc = -ENOPROTOOPT;
245 +- if (ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL)
246 ++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL)
247 + rc = ccid->ccid_ops->ccid_hc_rx_getsockopt(sk, optname, len,
248 + optval, optlen);
249 + return rc;
250 +@@ -225,7 +225,7 @@ static inline int ccid_hc_tx_getsockopt(struct ccid *ccid, struct sock *sk,
251 + u32 __user *optval, int __user *optlen)
252 + {
253 + int rc = -ENOPROTOOPT;
254 +- if (ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL)
255 ++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL)
256 + rc = ccid->ccid_ops->ccid_hc_tx_getsockopt(sk, optname, len,
257 + optval, optlen);
258 + return rc;
259 diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c
260 index 2036568..c55883d 100644
261 --- a/net/decnet/sysctl_net_decnet.c
262 @@ -104961,6 +105079,26 @@ index bda96d1..c038b72 100644
263 used = 1;
264 }
265
266 +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
267 +index 2da8d14..606b6ad 100644
268 +--- a/net/llc/af_llc.c
269 ++++ b/net/llc/af_llc.c
270 +@@ -912,14 +912,13 @@ static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr,
271 + struct sockaddr_llc sllc;
272 + struct sock *sk = sock->sk;
273 + struct llc_sock *llc = llc_sk(sk);
274 +- int rc = 0;
275 ++ int rc = -EBADF;
276 +
277 + memset(&sllc, 0, sizeof(sllc));
278 + lock_sock(sk);
279 + if (sock_flag(sk, SOCK_ZAPPED))
280 + goto out;
281 + *uaddrlen = sizeof(sllc);
282 +- memset(uaddr, 0, *uaddrlen);
283 + if (peer) {
284 + rc = -ENOTCONN;
285 + if (sk->sk_state != TCP_ESTABLISHED)
286 diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
287 index fe2d3f8..e57f683 100644
288 --- a/net/mac80211/cfg.c
289
290 diff --git a/3.2.27/0000_README b/3.2.28/0000_README
291 similarity index 93%
292 rename from 3.2.27/0000_README
293 rename to 3.2.28/0000_README
294 index f12c523..c88942b 100644
295 --- a/3.2.27/0000_README
296 +++ b/3.2.28/0000_README
297 @@ -26,7 +26,11 @@ Patch: 1026_linux-3.2.27.patch
298 From: http://www.kernel.org
299 Desc: Linux 3.2.27
300
301 -Patch: 4420_grsecurity-2.9.1-3.2.27-201208201521.patch
302 +Patch: 1027_linux-3.2.28.patch
303 +From: http://www.kernel.org
304 +Desc: Linux 3.2.28
305 +
306 +Patch: 4420_grsecurity-2.9.1-3.2.28-201208222030.patch
307 From: http://www.grsecurity.net
308 Desc: hardened-sources base patch from upstream grsecurity
309
310
311 diff --git a/3.2.27/1021_linux-3.2.22.patch b/3.2.28/1021_linux-3.2.22.patch
312 similarity index 100%
313 rename from 3.2.27/1021_linux-3.2.22.patch
314 rename to 3.2.28/1021_linux-3.2.22.patch
315
316 diff --git a/3.2.27/1022_linux-3.2.23.patch b/3.2.28/1022_linux-3.2.23.patch
317 similarity index 100%
318 rename from 3.2.27/1022_linux-3.2.23.patch
319 rename to 3.2.28/1022_linux-3.2.23.patch
320
321 diff --git a/3.2.27/1023_linux-3.2.24.patch b/3.2.28/1023_linux-3.2.24.patch
322 similarity index 100%
323 rename from 3.2.27/1023_linux-3.2.24.patch
324 rename to 3.2.28/1023_linux-3.2.24.patch
325
326 diff --git a/3.2.27/1024_linux-3.2.25.patch b/3.2.28/1024_linux-3.2.25.patch
327 similarity index 100%
328 rename from 3.2.27/1024_linux-3.2.25.patch
329 rename to 3.2.28/1024_linux-3.2.25.patch
330
331 diff --git a/3.2.27/1025_linux-3.2.26.patch b/3.2.28/1025_linux-3.2.26.patch
332 similarity index 100%
333 rename from 3.2.27/1025_linux-3.2.26.patch
334 rename to 3.2.28/1025_linux-3.2.26.patch
335
336 diff --git a/3.2.27/1026_linux-3.2.27.patch b/3.2.28/1026_linux-3.2.27.patch
337 similarity index 100%
338 rename from 3.2.27/1026_linux-3.2.27.patch
339 rename to 3.2.28/1026_linux-3.2.27.patch
340
341 diff --git a/3.2.28/1027_linux-3.2.28.patch b/3.2.28/1027_linux-3.2.28.patch
342 new file mode 100644
343 index 0000000..4dbba4b
344 --- /dev/null
345 +++ b/3.2.28/1027_linux-3.2.28.patch
346 @@ -0,0 +1,1114 @@
347 +diff --git a/Makefile b/Makefile
348 +index bdf851f..5368961 100644
349 +--- a/Makefile
350 ++++ b/Makefile
351 +@@ -1,6 +1,6 @@
352 + VERSION = 3
353 + PATCHLEVEL = 2
354 +-SUBLEVEL = 27
355 ++SUBLEVEL = 28
356 + EXTRAVERSION =
357 + NAME = Saber-toothed Squirrel
358 +
359 +diff --git a/arch/arm/configs/mxs_defconfig b/arch/arm/configs/mxs_defconfig
360 +index 6ee781b..3ee3e84 100644
361 +--- a/arch/arm/configs/mxs_defconfig
362 ++++ b/arch/arm/configs/mxs_defconfig
363 +@@ -32,7 +32,6 @@ CONFIG_NO_HZ=y
364 + CONFIG_HIGH_RES_TIMERS=y
365 + CONFIG_PREEMPT_VOLUNTARY=y
366 + CONFIG_AEABI=y
367 +-CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
368 + CONFIG_AUTO_ZRELADDR=y
369 + CONFIG_FPE_NWFPE=y
370 + CONFIG_NET=y
371 +diff --git a/arch/arm/mach-pxa/raumfeld.c b/arch/arm/mach-pxa/raumfeld.c
372 +index f0c05f4..ae7786d 100644
373 +--- a/arch/arm/mach-pxa/raumfeld.c
374 ++++ b/arch/arm/mach-pxa/raumfeld.c
375 +@@ -951,12 +951,12 @@ static struct i2c_board_info raumfeld_connector_i2c_board_info __initdata = {
376 +
377 + static struct eeti_ts_platform_data eeti_ts_pdata = {
378 + .irq_active_high = 1,
379 ++ .irq_gpio = GPIO_TOUCH_IRQ,
380 + };
381 +
382 + static struct i2c_board_info raumfeld_controller_i2c_board_info __initdata = {
383 + .type = "eeti_ts",
384 + .addr = 0x0a,
385 +- .irq = gpio_to_irq(GPIO_TOUCH_IRQ),
386 + .platform_data = &eeti_ts_pdata,
387 + };
388 +
389 +diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
390 +index 84a9828..38c6645 100644
391 +--- a/arch/s390/kernel/compat_linux.c
392 ++++ b/arch/s390/kernel/compat_linux.c
393 +@@ -615,7 +615,6 @@ asmlinkage unsigned long old32_mmap(struct mmap_arg_struct_emu31 __user *arg)
394 + return -EFAULT;
395 + if (a.offset & ~PAGE_MASK)
396 + return -EINVAL;
397 +- a.addr = (unsigned long) compat_ptr(a.addr);
398 + return sys_mmap_pgoff(a.addr, a.len, a.prot, a.flags, a.fd,
399 + a.offset >> PAGE_SHIFT);
400 + }
401 +@@ -626,7 +625,6 @@ asmlinkage long sys32_mmap2(struct mmap_arg_struct_emu31 __user *arg)
402 +
403 + if (copy_from_user(&a, arg, sizeof(a)))
404 + return -EFAULT;
405 +- a.addr = (unsigned long) compat_ptr(a.addr);
406 + return sys_mmap_pgoff(a.addr, a.len, a.prot, a.flags, a.fd, a.offset);
407 + }
408 +
409 +diff --git a/arch/s390/kernel/compat_wrapper.S b/arch/s390/kernel/compat_wrapper.S
410 +index 18c51df..25408d3 100644
411 +--- a/arch/s390/kernel/compat_wrapper.S
412 ++++ b/arch/s390/kernel/compat_wrapper.S
413 +@@ -1636,7 +1636,7 @@ ENTRY(compat_sys_process_vm_readv_wrapper)
414 + llgfr %r6,%r6 # unsigned long
415 + llgf %r0,164(%r15) # unsigned long
416 + stg %r0,160(%r15)
417 +- jg sys_process_vm_readv
418 ++ jg compat_sys_process_vm_readv
419 +
420 + ENTRY(compat_sys_process_vm_writev_wrapper)
421 + lgfr %r2,%r2 # compat_pid_t
422 +@@ -1646,4 +1646,4 @@ ENTRY(compat_sys_process_vm_writev_wrapper)
423 + llgfr %r6,%r6 # unsigned long
424 + llgf %r0,164(%r15) # unsigned long
425 + stg %r0,160(%r15)
426 +- jg sys_process_vm_writev
427 ++ jg compat_sys_process_vm_writev
428 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
429 +index 7315488..407789b 100644
430 +--- a/arch/x86/kvm/vmx.c
431 ++++ b/arch/x86/kvm/vmx.c
432 +@@ -1956,6 +1956,7 @@ static __init void nested_vmx_setup_ctls_msrs(void)
433 + #endif
434 + CPU_BASED_MOV_DR_EXITING | CPU_BASED_UNCOND_IO_EXITING |
435 + CPU_BASED_USE_IO_BITMAPS | CPU_BASED_MONITOR_EXITING |
436 ++ CPU_BASED_RDPMC_EXITING |
437 + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS;
438 + /*
439 + * We can allow some features even when not supported by the
440 +diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
441 +index d62c731..c364358 100644
442 +--- a/drivers/gpu/drm/i915/i915_drv.h
443 ++++ b/drivers/gpu/drm/i915/i915_drv.h
444 +@@ -1170,12 +1170,7 @@ i915_seqno_passed(uint32_t seq1, uint32_t seq2)
445 + return (int32_t)(seq1 - seq2) >= 0;
446 + }
447 +
448 +-static inline u32
449 +-i915_gem_next_request_seqno(struct intel_ring_buffer *ring)
450 +-{
451 +- drm_i915_private_t *dev_priv = ring->dev->dev_private;
452 +- return ring->outstanding_lazy_request = dev_priv->next_seqno;
453 +-}
454 ++u32 i915_gem_next_request_seqno(struct intel_ring_buffer *ring);
455 +
456 + int __must_check i915_gem_object_get_fence(struct drm_i915_gem_object *obj,
457 + struct intel_ring_buffer *pipelined);
458 +diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
459 +index 3e2edc6..548a400 100644
460 +--- a/drivers/gpu/drm/i915/i915_gem.c
461 ++++ b/drivers/gpu/drm/i915/i915_gem.c
462 +@@ -1647,6 +1647,28 @@ i915_gem_process_flushing_list(struct intel_ring_buffer *ring,
463 + }
464 + }
465 +
466 ++static u32
467 ++i915_gem_get_seqno(struct drm_device *dev)
468 ++{
469 ++ drm_i915_private_t *dev_priv = dev->dev_private;
470 ++ u32 seqno = dev_priv->next_seqno;
471 ++
472 ++ /* reserve 0 for non-seqno */
473 ++ if (++dev_priv->next_seqno == 0)
474 ++ dev_priv->next_seqno = 1;
475 ++
476 ++ return seqno;
477 ++}
478 ++
479 ++u32
480 ++i915_gem_next_request_seqno(struct intel_ring_buffer *ring)
481 ++{
482 ++ if (ring->outstanding_lazy_request == 0)
483 ++ ring->outstanding_lazy_request = i915_gem_get_seqno(ring->dev);
484 ++
485 ++ return ring->outstanding_lazy_request;
486 ++}
487 ++
488 + int
489 + i915_add_request(struct intel_ring_buffer *ring,
490 + struct drm_file *file,
491 +@@ -1658,6 +1680,7 @@ i915_add_request(struct intel_ring_buffer *ring,
492 + int ret;
493 +
494 + BUG_ON(request == NULL);
495 ++ seqno = i915_gem_next_request_seqno(ring);
496 +
497 + ret = ring->add_request(ring, &seqno);
498 + if (ret)
499 +diff --git a/drivers/gpu/drm/i915/intel_ringbuffer.c b/drivers/gpu/drm/i915/intel_ringbuffer.c
500 +index f6613dc..19085c0 100644
501 +--- a/drivers/gpu/drm/i915/intel_ringbuffer.c
502 ++++ b/drivers/gpu/drm/i915/intel_ringbuffer.c
503 +@@ -52,20 +52,6 @@ static inline int ring_space(struct intel_ring_buffer *ring)
504 + return space;
505 + }
506 +
507 +-static u32 i915_gem_get_seqno(struct drm_device *dev)
508 +-{
509 +- drm_i915_private_t *dev_priv = dev->dev_private;
510 +- u32 seqno;
511 +-
512 +- seqno = dev_priv->next_seqno;
513 +-
514 +- /* reserve 0 for non-seqno */
515 +- if (++dev_priv->next_seqno == 0)
516 +- dev_priv->next_seqno = 1;
517 +-
518 +- return seqno;
519 +-}
520 +-
521 + static int
522 + render_ring_flush(struct intel_ring_buffer *ring,
523 + u32 invalidate_domains,
524 +@@ -277,8 +263,6 @@ static int init_ring_common(struct intel_ring_buffer *ring)
525 + I915_WRITE_HEAD(ring, 0);
526 + ring->write_tail(ring, 0);
527 +
528 +- /* Initialize the ring. */
529 +- I915_WRITE_START(ring, obj->gtt_offset);
530 + head = I915_READ_HEAD(ring) & HEAD_ADDR;
531 +
532 + /* G45 ring initialization fails to reset head to zero */
533 +@@ -304,14 +288,19 @@ static int init_ring_common(struct intel_ring_buffer *ring)
534 + }
535 + }
536 +
537 ++ /* Initialize the ring. This must happen _after_ we've cleared the ring
538 ++ * registers with the above sequence (the readback of the HEAD registers
539 ++ * also enforces ordering), otherwise the hw might lose the new ring
540 ++ * register values. */
541 ++ I915_WRITE_START(ring, obj->gtt_offset);
542 + I915_WRITE_CTL(ring,
543 + ((ring->size - PAGE_SIZE) & RING_NR_PAGES)
544 + | RING_VALID);
545 +
546 + /* If the head is still not zero, the ring is dead */
547 +- if ((I915_READ_CTL(ring) & RING_VALID) == 0 ||
548 +- I915_READ_START(ring) != obj->gtt_offset ||
549 +- (I915_READ_HEAD(ring) & HEAD_ADDR) != 0) {
550 ++ if (wait_for((I915_READ_CTL(ring) & RING_VALID) != 0 &&
551 ++ I915_READ_START(ring) == obj->gtt_offset &&
552 ++ (I915_READ_HEAD(ring) & HEAD_ADDR) == 0, 50)) {
553 + DRM_ERROR("%s initialization failed "
554 + "ctl %08x head %08x tail %08x start %08x\n",
555 + ring->name,
556 +@@ -488,7 +477,7 @@ gen6_add_request(struct intel_ring_buffer *ring,
557 + mbox1_reg = ring->signal_mbox[0];
558 + mbox2_reg = ring->signal_mbox[1];
559 +
560 +- *seqno = i915_gem_get_seqno(ring->dev);
561 ++ *seqno = i915_gem_next_request_seqno(ring);
562 +
563 + update_mboxes(ring, *seqno, mbox1_reg);
564 + update_mboxes(ring, *seqno, mbox2_reg);
565 +@@ -586,8 +575,7 @@ static int
566 + pc_render_add_request(struct intel_ring_buffer *ring,
567 + u32 *result)
568 + {
569 +- struct drm_device *dev = ring->dev;
570 +- u32 seqno = i915_gem_get_seqno(dev);
571 ++ u32 seqno = i915_gem_next_request_seqno(ring);
572 + struct pipe_control *pc = ring->private;
573 + u32 scratch_addr = pc->gtt_offset + 128;
574 + int ret;
575 +@@ -638,8 +626,7 @@ static int
576 + render_ring_add_request(struct intel_ring_buffer *ring,
577 + u32 *result)
578 + {
579 +- struct drm_device *dev = ring->dev;
580 +- u32 seqno = i915_gem_get_seqno(dev);
581 ++ u32 seqno = i915_gem_next_request_seqno(ring);
582 + int ret;
583 +
584 + ret = intel_ring_begin(ring, 4);
585 +@@ -813,7 +800,7 @@ ring_add_request(struct intel_ring_buffer *ring,
586 + if (ret)
587 + return ret;
588 +
589 +- seqno = i915_gem_get_seqno(ring->dev);
590 ++ seqno = i915_gem_next_request_seqno(ring);
591 +
592 + intel_ring_emit(ring, MI_STORE_DWORD_INDEX);
593 + intel_ring_emit(ring, I915_GEM_HWS_INDEX << MI_STORE_DWORD_INDEX_SHIFT);
594 +diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
595 +index 931f4df..fc0633c 100644
596 +--- a/drivers/gpu/drm/radeon/evergreen.c
597 ++++ b/drivers/gpu/drm/radeon/evergreen.c
598 +@@ -1065,24 +1065,8 @@ void evergreen_agp_enable(struct radeon_device *rdev)
599 +
600 + void evergreen_mc_stop(struct radeon_device *rdev, struct evergreen_mc_save *save)
601 + {
602 +- save->vga_control[0] = RREG32(D1VGA_CONTROL);
603 +- save->vga_control[1] = RREG32(D2VGA_CONTROL);
604 + save->vga_render_control = RREG32(VGA_RENDER_CONTROL);
605 + save->vga_hdp_control = RREG32(VGA_HDP_CONTROL);
606 +- save->crtc_control[0] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC0_REGISTER_OFFSET);
607 +- save->crtc_control[1] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC1_REGISTER_OFFSET);
608 +- if (rdev->num_crtc >= 4) {
609 +- save->vga_control[2] = RREG32(EVERGREEN_D3VGA_CONTROL);
610 +- save->vga_control[3] = RREG32(EVERGREEN_D4VGA_CONTROL);
611 +- save->crtc_control[2] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC2_REGISTER_OFFSET);
612 +- save->crtc_control[3] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC3_REGISTER_OFFSET);
613 +- }
614 +- if (rdev->num_crtc >= 6) {
615 +- save->vga_control[4] = RREG32(EVERGREEN_D5VGA_CONTROL);
616 +- save->vga_control[5] = RREG32(EVERGREEN_D6VGA_CONTROL);
617 +- save->crtc_control[4] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC4_REGISTER_OFFSET);
618 +- save->crtc_control[5] = RREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC5_REGISTER_OFFSET);
619 +- }
620 +
621 + /* Stop all video */
622 + WREG32(VGA_RENDER_CONTROL, 0);
623 +@@ -1193,47 +1177,6 @@ void evergreen_mc_resume(struct radeon_device *rdev, struct evergreen_mc_save *s
624 + /* Unlock host access */
625 + WREG32(VGA_HDP_CONTROL, save->vga_hdp_control);
626 + mdelay(1);
627 +- /* Restore video state */
628 +- WREG32(D1VGA_CONTROL, save->vga_control[0]);
629 +- WREG32(D2VGA_CONTROL, save->vga_control[1]);
630 +- if (rdev->num_crtc >= 4) {
631 +- WREG32(EVERGREEN_D3VGA_CONTROL, save->vga_control[2]);
632 +- WREG32(EVERGREEN_D4VGA_CONTROL, save->vga_control[3]);
633 +- }
634 +- if (rdev->num_crtc >= 6) {
635 +- WREG32(EVERGREEN_D5VGA_CONTROL, save->vga_control[4]);
636 +- WREG32(EVERGREEN_D6VGA_CONTROL, save->vga_control[5]);
637 +- }
638 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC0_REGISTER_OFFSET, 1);
639 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC1_REGISTER_OFFSET, 1);
640 +- if (rdev->num_crtc >= 4) {
641 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC2_REGISTER_OFFSET, 1);
642 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC3_REGISTER_OFFSET, 1);
643 +- }
644 +- if (rdev->num_crtc >= 6) {
645 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC4_REGISTER_OFFSET, 1);
646 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC5_REGISTER_OFFSET, 1);
647 +- }
648 +- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC0_REGISTER_OFFSET, save->crtc_control[0]);
649 +- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC1_REGISTER_OFFSET, save->crtc_control[1]);
650 +- if (rdev->num_crtc >= 4) {
651 +- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC2_REGISTER_OFFSET, save->crtc_control[2]);
652 +- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC3_REGISTER_OFFSET, save->crtc_control[3]);
653 +- }
654 +- if (rdev->num_crtc >= 6) {
655 +- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC4_REGISTER_OFFSET, save->crtc_control[4]);
656 +- WREG32(EVERGREEN_CRTC_CONTROL + EVERGREEN_CRTC5_REGISTER_OFFSET, save->crtc_control[5]);
657 +- }
658 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC0_REGISTER_OFFSET, 0);
659 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC1_REGISTER_OFFSET, 0);
660 +- if (rdev->num_crtc >= 4) {
661 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC2_REGISTER_OFFSET, 0);
662 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC3_REGISTER_OFFSET, 0);
663 +- }
664 +- if (rdev->num_crtc >= 6) {
665 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC4_REGISTER_OFFSET, 0);
666 +- WREG32(EVERGREEN_CRTC_UPDATE_LOCK + EVERGREEN_CRTC5_REGISTER_OFFSET, 0);
667 +- }
668 + WREG32(VGA_RENDER_CONTROL, save->vga_render_control);
669 + }
670 +
671 +@@ -2080,10 +2023,18 @@ static void evergreen_gpu_init(struct radeon_device *rdev)
672 + if (rdev->flags & RADEON_IS_IGP)
673 + rdev->config.evergreen.tile_config |= 1 << 4;
674 + else {
675 +- if ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT)
676 +- rdev->config.evergreen.tile_config |= 1 << 4;
677 +- else
678 ++ switch ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) {
679 ++ case 0: /* four banks */
680 + rdev->config.evergreen.tile_config |= 0 << 4;
681 ++ break;
682 ++ case 1: /* eight banks */
683 ++ rdev->config.evergreen.tile_config |= 1 << 4;
684 ++ break;
685 ++ case 2: /* sixteen banks */
686 ++ default:
687 ++ rdev->config.evergreen.tile_config |= 2 << 4;
688 ++ break;
689 ++ }
690 + }
691 + rdev->config.evergreen.tile_config |=
692 + ((mc_arb_ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT) << 8;
693 +diff --git a/drivers/gpu/drm/radeon/ni.c b/drivers/gpu/drm/radeon/ni.c
694 +index 9e50814..636255b 100644
695 +--- a/drivers/gpu/drm/radeon/ni.c
696 ++++ b/drivers/gpu/drm/radeon/ni.c
697 +@@ -804,10 +804,18 @@ static void cayman_gpu_init(struct radeon_device *rdev)
698 + rdev->config.cayman.tile_config |= (3 << 0);
699 + break;
700 + }
701 +- if ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT)
702 +- rdev->config.cayman.tile_config |= 1 << 4;
703 +- else
704 ++ switch ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) {
705 ++ case 0: /* four banks */
706 + rdev->config.cayman.tile_config |= 0 << 4;
707 ++ break;
708 ++ case 1: /* eight banks */
709 ++ rdev->config.cayman.tile_config |= 1 << 4;
710 ++ break;
711 ++ case 2: /* sixteen banks */
712 ++ default:
713 ++ rdev->config.cayman.tile_config |= 2 << 4;
714 ++ break;
715 ++ }
716 + rdev->config.cayman.tile_config |=
717 + ((gb_addr_config & PIPE_INTERLEAVE_SIZE_MASK) >> PIPE_INTERLEAVE_SIZE_SHIFT) << 8;
718 + rdev->config.cayman.tile_config |=
719 +diff --git a/drivers/gpu/drm/radeon/radeon_asic.h b/drivers/gpu/drm/radeon/radeon_asic.h
720 +index 5991484..5ce9402 100644
721 +--- a/drivers/gpu/drm/radeon/radeon_asic.h
722 ++++ b/drivers/gpu/drm/radeon/radeon_asic.h
723 +@@ -253,13 +253,10 @@ void rs690_line_buffer_adjust(struct radeon_device *rdev,
724 + * rv515
725 + */
726 + struct rv515_mc_save {
727 +- u32 d1vga_control;
728 +- u32 d2vga_control;
729 + u32 vga_render_control;
730 + u32 vga_hdp_control;
731 +- u32 d1crtc_control;
732 +- u32 d2crtc_control;
733 + };
734 ++
735 + int rv515_init(struct radeon_device *rdev);
736 + void rv515_fini(struct radeon_device *rdev);
737 + uint32_t rv515_mc_rreg(struct radeon_device *rdev, uint32_t reg);
738 +@@ -387,11 +384,10 @@ void r700_cp_fini(struct radeon_device *rdev);
739 + * evergreen
740 + */
741 + struct evergreen_mc_save {
742 +- u32 vga_control[6];
743 + u32 vga_render_control;
744 + u32 vga_hdp_control;
745 +- u32 crtc_control[6];
746 + };
747 ++
748 + void evergreen_pcie_gart_tlb_flush(struct radeon_device *rdev);
749 + int evergreen_init(struct radeon_device *rdev);
750 + void evergreen_fini(struct radeon_device *rdev);
751 +diff --git a/drivers/gpu/drm/radeon/rv515.c b/drivers/gpu/drm/radeon/rv515.c
752 +index 6613ee9..d5f45b4 100644
753 +--- a/drivers/gpu/drm/radeon/rv515.c
754 ++++ b/drivers/gpu/drm/radeon/rv515.c
755 +@@ -281,12 +281,8 @@ int rv515_debugfs_ga_info_init(struct radeon_device *rdev)
756 +
757 + void rv515_mc_stop(struct radeon_device *rdev, struct rv515_mc_save *save)
758 + {
759 +- save->d1vga_control = RREG32(R_000330_D1VGA_CONTROL);
760 +- save->d2vga_control = RREG32(R_000338_D2VGA_CONTROL);
761 + save->vga_render_control = RREG32(R_000300_VGA_RENDER_CONTROL);
762 + save->vga_hdp_control = RREG32(R_000328_VGA_HDP_CONTROL);
763 +- save->d1crtc_control = RREG32(R_006080_D1CRTC_CONTROL);
764 +- save->d2crtc_control = RREG32(R_006880_D2CRTC_CONTROL);
765 +
766 + /* Stop all video */
767 + WREG32(R_0068E8_D2CRTC_UPDATE_LOCK, 0);
768 +@@ -311,15 +307,6 @@ void rv515_mc_resume(struct radeon_device *rdev, struct rv515_mc_save *save)
769 + /* Unlock host access */
770 + WREG32(R_000328_VGA_HDP_CONTROL, save->vga_hdp_control);
771 + mdelay(1);
772 +- /* Restore video state */
773 +- WREG32(R_000330_D1VGA_CONTROL, save->d1vga_control);
774 +- WREG32(R_000338_D2VGA_CONTROL, save->d2vga_control);
775 +- WREG32(R_0060E8_D1CRTC_UPDATE_LOCK, 1);
776 +- WREG32(R_0068E8_D2CRTC_UPDATE_LOCK, 1);
777 +- WREG32(R_006080_D1CRTC_CONTROL, save->d1crtc_control);
778 +- WREG32(R_006880_D2CRTC_CONTROL, save->d2crtc_control);
779 +- WREG32(R_0060E8_D1CRTC_UPDATE_LOCK, 0);
780 +- WREG32(R_0068E8_D2CRTC_UPDATE_LOCK, 0);
781 + WREG32(R_000300_VGA_RENDER_CONTROL, save->vga_render_control);
782 + }
783 +
784 +diff --git a/drivers/input/touchscreen/eeti_ts.c b/drivers/input/touchscreen/eeti_ts.c
785 +index 7f8f538..4f938bb 100644
786 +--- a/drivers/input/touchscreen/eeti_ts.c
787 ++++ b/drivers/input/touchscreen/eeti_ts.c
788 +@@ -48,7 +48,7 @@ struct eeti_ts_priv {
789 + struct input_dev *input;
790 + struct work_struct work;
791 + struct mutex mutex;
792 +- int irq, irq_active_high;
793 ++ int irq_gpio, irq, irq_active_high;
794 + };
795 +
796 + #define EETI_TS_BITDEPTH (11)
797 +@@ -62,7 +62,7 @@ struct eeti_ts_priv {
798 +
799 + static inline int eeti_ts_irq_active(struct eeti_ts_priv *priv)
800 + {
801 +- return gpio_get_value(irq_to_gpio(priv->irq)) == priv->irq_active_high;
802 ++ return gpio_get_value(priv->irq_gpio) == priv->irq_active_high;
803 + }
804 +
805 + static void eeti_ts_read(struct work_struct *work)
806 +@@ -157,7 +157,7 @@ static void eeti_ts_close(struct input_dev *dev)
807 + static int __devinit eeti_ts_probe(struct i2c_client *client,
808 + const struct i2c_device_id *idp)
809 + {
810 +- struct eeti_ts_platform_data *pdata;
811 ++ struct eeti_ts_platform_data *pdata = client->dev.platform_data;
812 + struct eeti_ts_priv *priv;
813 + struct input_dev *input;
814 + unsigned int irq_flags;
815 +@@ -199,9 +199,12 @@ static int __devinit eeti_ts_probe(struct i2c_client *client,
816 +
817 + priv->client = client;
818 + priv->input = input;
819 +- priv->irq = client->irq;
820 ++ priv->irq_gpio = pdata->irq_gpio;
821 ++ priv->irq = gpio_to_irq(pdata->irq_gpio);
822 +
823 +- pdata = client->dev.platform_data;
824 ++ err = gpio_request_one(pdata->irq_gpio, GPIOF_IN, client->name);
825 ++ if (err < 0)
826 ++ goto err1;
827 +
828 + if (pdata)
829 + priv->irq_active_high = pdata->irq_active_high;
830 +@@ -215,13 +218,13 @@ static int __devinit eeti_ts_probe(struct i2c_client *client,
831 +
832 + err = input_register_device(input);
833 + if (err)
834 +- goto err1;
835 ++ goto err2;
836 +
837 + err = request_irq(priv->irq, eeti_ts_isr, irq_flags,
838 + client->name, priv);
839 + if (err) {
840 + dev_err(&client->dev, "Unable to request touchscreen IRQ.\n");
841 +- goto err2;
842 ++ goto err3;
843 + }
844 +
845 + /*
846 +@@ -233,9 +236,11 @@ static int __devinit eeti_ts_probe(struct i2c_client *client,
847 + device_init_wakeup(&client->dev, 0);
848 + return 0;
849 +
850 +-err2:
851 ++err3:
852 + input_unregister_device(input);
853 + input = NULL; /* so we dont try to free it below */
854 ++err2:
855 ++ gpio_free(pdata->irq_gpio);
856 + err1:
857 + input_free_device(input);
858 + kfree(priv);
859 +diff --git a/drivers/mfd/ezx-pcap.c b/drivers/mfd/ezx-pcap.c
860 +index 43a76c4..db662e2 100644
861 +--- a/drivers/mfd/ezx-pcap.c
862 ++++ b/drivers/mfd/ezx-pcap.c
863 +@@ -202,7 +202,7 @@ static void pcap_isr_work(struct work_struct *work)
864 + }
865 + local_irq_enable();
866 + ezx_pcap_write(pcap, PCAP_REG_MSR, pcap->msr);
867 +- } while (gpio_get_value(irq_to_gpio(pcap->spi->irq)));
868 ++ } while (gpio_get_value(pdata->gpio));
869 + }
870 +
871 + static void pcap_irq_handler(unsigned int irq, struct irq_desc *desc)
872 +diff --git a/drivers/net/caif/caif_serial.c b/drivers/net/caif/caif_serial.c
873 +index 23406e6..ae286a9 100644
874 +--- a/drivers/net/caif/caif_serial.c
875 ++++ b/drivers/net/caif/caif_serial.c
876 +@@ -325,6 +325,9 @@ static int ldisc_open(struct tty_struct *tty)
877 +
878 + sprintf(name, "cf%s", tty->name);
879 + dev = alloc_netdev(sizeof(*ser), name, caifdev_setup);
880 ++ if (!dev)
881 ++ return -ENOMEM;
882 ++
883 + ser = netdev_priv(dev);
884 + ser->tty = tty_kref_get(tty);
885 + ser->dev = dev;
886 +diff --git a/drivers/net/ethernet/broadcom/bnx2.c b/drivers/net/ethernet/broadcom/bnx2.c
887 +index 965c723..721adfd 100644
888 +--- a/drivers/net/ethernet/broadcom/bnx2.c
889 ++++ b/drivers/net/ethernet/broadcom/bnx2.c
890 +@@ -5378,7 +5378,7 @@ bnx2_free_tx_skbs(struct bnx2 *bp)
891 + int k, last;
892 +
893 + if (skb == NULL) {
894 +- j++;
895 ++ j = NEXT_TX_BD(j);
896 + continue;
897 + }
898 +
899 +@@ -5390,8 +5390,8 @@ bnx2_free_tx_skbs(struct bnx2 *bp)
900 + tx_buf->skb = NULL;
901 +
902 + last = tx_buf->nr_frags;
903 +- j++;
904 +- for (k = 0; k < last; k++, j++) {
905 ++ j = NEXT_TX_BD(j);
906 ++ for (k = 0; k < last; k++, j = NEXT_TX_BD(j)) {
907 + tx_buf = &txr->tx_buf_ring[TX_RING_IDX(j)];
908 + dma_unmap_page(&bp->pdev->dev,
909 + dma_unmap_addr(tx_buf, mapping),
910 +diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c
911 +index de00805..0549261 100644
912 +--- a/drivers/net/ethernet/intel/e1000/e1000_main.c
913 ++++ b/drivers/net/ethernet/intel/e1000/e1000_main.c
914 +@@ -4743,12 +4743,14 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool *enable_wake)
915 + e1000_setup_rctl(adapter);
916 + e1000_set_rx_mode(netdev);
917 +
918 ++ rctl = er32(RCTL);
919 ++
920 + /* turn on all-multi mode if wake on multicast is enabled */
921 +- if (wufc & E1000_WUFC_MC) {
922 +- rctl = er32(RCTL);
923 ++ if (wufc & E1000_WUFC_MC)
924 + rctl |= E1000_RCTL_MPE;
925 +- ew32(RCTL, rctl);
926 +- }
927 ++
928 ++ /* enable receives in the hardware */
929 ++ ew32(RCTL, rctl | E1000_RCTL_EN);
930 +
931 + if (hw->mac_type >= e1000_82540) {
932 + ctrl = er32(CTRL);
933 +diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c
934 +index 3072d35..4f4d52a 100644
935 +--- a/drivers/net/ethernet/intel/e1000e/82571.c
936 ++++ b/drivers/net/ethernet/intel/e1000e/82571.c
937 +@@ -1600,10 +1600,8 @@ static s32 e1000_check_for_serdes_link_82571(struct e1000_hw *hw)
938 + * auto-negotiation in the TXCW register and disable
939 + * forced link in the Device Control register in an
940 + * attempt to auto-negotiate with our link partner.
941 +- * If the partner code word is null, stop forcing
942 +- * and restart auto negotiation.
943 + */
944 +- if ((rxcw & E1000_RXCW_C) || !(rxcw & E1000_RXCW_CW)) {
945 ++ if (rxcw & E1000_RXCW_C) {
946 + /* Enable autoneg, and unforce link up */
947 + ew32(TXCW, mac->txcw);
948 + ew32(CTRL, (ctrl & ~E1000_CTRL_SLU));
949 +diff --git a/drivers/net/tun.c b/drivers/net/tun.c
950 +index 7bea9c6..a12c9bf 100644
951 +--- a/drivers/net/tun.c
952 ++++ b/drivers/net/tun.c
953 +@@ -1243,10 +1243,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
954 + int vnet_hdr_sz;
955 + int ret;
956 +
957 +- if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89)
958 ++ if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) {
959 + if (copy_from_user(&ifr, argp, ifreq_len))
960 + return -EFAULT;
961 +-
962 ++ } else {
963 ++ memset(&ifr, 0, sizeof(ifr));
964 ++ }
965 + if (cmd == TUNGETFEATURES) {
966 + /* Currently this just means: "what IFF flags are valid?".
967 + * This is needed because we never checked for invalid flags on
968 +diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c
969 +index 582ca2d..c4c6a73 100644
970 +--- a/drivers/net/usb/kaweth.c
971 ++++ b/drivers/net/usb/kaweth.c
972 +@@ -1308,7 +1308,7 @@ static int kaweth_internal_control_msg(struct usb_device *usb_dev,
973 + int retv;
974 + int length = 0; /* shut up GCC */
975 +
976 +- urb = usb_alloc_urb(0, GFP_NOIO);
977 ++ urb = usb_alloc_urb(0, GFP_ATOMIC);
978 + if (!urb)
979 + return -ENOMEM;
980 +
981 +diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c
982 +index 7f97164..2b8e957 100644
983 +--- a/drivers/net/wireless/ath/ath9k/hw.c
984 ++++ b/drivers/net/wireless/ath/ath9k/hw.c
985 +@@ -674,6 +674,7 @@ int ath9k_hw_init(struct ath_hw *ah)
986 + case AR9300_DEVID_AR9340:
987 + case AR9300_DEVID_AR9580:
988 + case AR9300_DEVID_AR9462:
989 ++ case AR9485_DEVID_AR1111:
990 + break;
991 + default:
992 + if (common->bus_ops->ath_bus_type == ATH_USB)
993 +diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
994 +index 1bd8edf..a5c4ba8 100644
995 +--- a/drivers/net/wireless/ath/ath9k/hw.h
996 ++++ b/drivers/net/wireless/ath/ath9k/hw.h
997 +@@ -48,6 +48,7 @@
998 + #define AR9300_DEVID_AR9580 0x0033
999 + #define AR9300_DEVID_AR9462 0x0034
1000 + #define AR9300_DEVID_AR9330 0x0035
1001 ++#define AR9485_DEVID_AR1111 0x0037
1002 +
1003 + #define AR5416_AR9100_DEVID 0x000b
1004 +
1005 +diff --git a/drivers/net/wireless/ath/ath9k/pci.c b/drivers/net/wireless/ath/ath9k/pci.c
1006 +index 2dcdf63..1883d39 100644
1007 +--- a/drivers/net/wireless/ath/ath9k/pci.c
1008 ++++ b/drivers/net/wireless/ath/ath9k/pci.c
1009 +@@ -35,6 +35,7 @@ static DEFINE_PCI_DEVICE_TABLE(ath_pci_id_table) = {
1010 + { PCI_VDEVICE(ATHEROS, 0x0032) }, /* PCI-E AR9485 */
1011 + { PCI_VDEVICE(ATHEROS, 0x0033) }, /* PCI-E AR9580 */
1012 + { PCI_VDEVICE(ATHEROS, 0x0034) }, /* PCI-E AR9462 */
1013 ++ { PCI_VDEVICE(ATHEROS, 0x0037) }, /* PCI-E AR1111/AR9485 */
1014 + { 0 }
1015 + };
1016 +
1017 +diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c
1018 +index 9ba2c1b..3395025 100644
1019 +--- a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c
1020 ++++ b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c
1021 +@@ -708,11 +708,14 @@ static int rs_toggle_antenna(u32 valid_ant, u32 *rate_n_flags,
1022 + */
1023 + static bool rs_use_green(struct ieee80211_sta *sta)
1024 + {
1025 +- struct iwl_station_priv *sta_priv = (void *)sta->drv_priv;
1026 +- struct iwl_rxon_context *ctx = sta_priv->ctx;
1027 +-
1028 +- return (sta->ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD) &&
1029 +- !(ctx->ht.non_gf_sta_present);
1030 ++ /*
1031 ++ * There's a bug somewhere in this code that causes the
1032 ++ * scaling to get stuck because GF+SGI can't be combined
1033 ++ * in SISO rates. Until we find that bug, disable GF, it
1034 ++ * has only limited benefit and we still interoperate with
1035 ++ * GF APs since we can always receive GF transmissions.
1036 ++ */
1037 ++ return false;
1038 + }
1039 +
1040 + /**
1041 +diff --git a/drivers/net/wireless/rt2x00/rt61pci.c b/drivers/net/wireless/rt2x00/rt61pci.c
1042 +index bf55b4a..d69f88c 100644
1043 +--- a/drivers/net/wireless/rt2x00/rt61pci.c
1044 ++++ b/drivers/net/wireless/rt2x00/rt61pci.c
1045 +@@ -2243,8 +2243,7 @@ static void rt61pci_txdone(struct rt2x00_dev *rt2x00dev)
1046 +
1047 + static void rt61pci_wakeup(struct rt2x00_dev *rt2x00dev)
1048 + {
1049 +- struct ieee80211_conf conf = { .flags = 0 };
1050 +- struct rt2x00lib_conf libconf = { .conf = &conf };
1051 ++ struct rt2x00lib_conf libconf = { .conf = &rt2x00dev->hw->conf };
1052 +
1053 + rt61pci_config(rt2x00dev, &libconf, IEEE80211_CONF_CHANGE_PS);
1054 + }
1055 +diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c
1056 +index db34db6..a49e848 100644
1057 +--- a/drivers/net/wireless/rtlwifi/usb.c
1058 ++++ b/drivers/net/wireless/rtlwifi/usb.c
1059 +@@ -120,15 +120,19 @@ static u32 _usb_read_sync(struct rtl_priv *rtlpriv, u32 addr, u16 len)
1060 + u8 request;
1061 + u16 wvalue;
1062 + u16 index;
1063 +- __le32 *data = &rtlpriv->usb_data[rtlpriv->usb_data_index];
1064 ++ __le32 *data;
1065 ++ unsigned long flags;
1066 +
1067 ++ spin_lock_irqsave(&rtlpriv->locks.usb_lock, flags);
1068 ++ if (++rtlpriv->usb_data_index >= RTL_USB_MAX_RX_COUNT)
1069 ++ rtlpriv->usb_data_index = 0;
1070 ++ data = &rtlpriv->usb_data[rtlpriv->usb_data_index];
1071 ++ spin_unlock_irqrestore(&rtlpriv->locks.usb_lock, flags);
1072 + request = REALTEK_USB_VENQT_CMD_REQ;
1073 + index = REALTEK_USB_VENQT_CMD_IDX; /* n/a */
1074 +
1075 + wvalue = (u16)addr;
1076 + _usbctrl_vendorreq_sync_read(udev, request, wvalue, index, data, len);
1077 +- if (++rtlpriv->usb_data_index >= RTL_USB_MAX_RX_COUNT)
1078 +- rtlpriv->usb_data_index = 0;
1079 + return le32_to_cpu(*data);
1080 + }
1081 +
1082 +@@ -909,6 +913,10 @@ int __devinit rtl_usb_probe(struct usb_interface *intf,
1083 + GFP_KERNEL);
1084 + if (!rtlpriv->usb_data)
1085 + return -ENOMEM;
1086 ++
1087 ++ /* this spin lock must be initialized early */
1088 ++ spin_lock_init(&rtlpriv->locks.usb_lock);
1089 ++
1090 + rtlpriv->usb_data_index = 0;
1091 + SET_IEEE80211_DEV(hw, &intf->dev);
1092 + udev = interface_to_usbdev(intf);
1093 +diff --git a/drivers/net/wireless/rtlwifi/wifi.h b/drivers/net/wireless/rtlwifi/wifi.h
1094 +index b1e9deb..deb87e9 100644
1095 +--- a/drivers/net/wireless/rtlwifi/wifi.h
1096 ++++ b/drivers/net/wireless/rtlwifi/wifi.h
1097 +@@ -1550,6 +1550,7 @@ struct rtl_locks {
1098 + spinlock_t rf_lock;
1099 + spinlock_t lps_lock;
1100 + spinlock_t waitq_lock;
1101 ++ spinlock_t usb_lock;
1102 +
1103 + /*Dual mac*/
1104 + spinlock_t cck_and_rw_pagea_lock;
1105 +diff --git a/fs/hfsplus/wrapper.c b/fs/hfsplus/wrapper.c
1106 +index 7daf4b8..90effcc 100644
1107 +--- a/fs/hfsplus/wrapper.c
1108 ++++ b/fs/hfsplus/wrapper.c
1109 +@@ -56,7 +56,7 @@ int hfsplus_submit_bio(struct super_block *sb, sector_t sector,
1110 + DECLARE_COMPLETION_ONSTACK(wait);
1111 + struct bio *bio;
1112 + int ret = 0;
1113 +- unsigned int io_size;
1114 ++ u64 io_size;
1115 + loff_t start;
1116 + int offset;
1117 +
1118 +diff --git a/include/linux/input/eeti_ts.h b/include/linux/input/eeti_ts.h
1119 +index f875b31..16625d7 100644
1120 +--- a/include/linux/input/eeti_ts.h
1121 ++++ b/include/linux/input/eeti_ts.h
1122 +@@ -2,6 +2,7 @@
1123 + #define LINUX_INPUT_EETI_TS_H
1124 +
1125 + struct eeti_ts_platform_data {
1126 ++ int irq_gpio;
1127 + unsigned int irq_active_high;
1128 + };
1129 +
1130 +diff --git a/include/linux/mfd/ezx-pcap.h b/include/linux/mfd/ezx-pcap.h
1131 +index 40c37216..32a1b5c 100644
1132 +--- a/include/linux/mfd/ezx-pcap.h
1133 ++++ b/include/linux/mfd/ezx-pcap.h
1134 +@@ -16,6 +16,7 @@ struct pcap_subdev {
1135 + struct pcap_platform_data {
1136 + unsigned int irq_base;
1137 + unsigned int config;
1138 ++ int gpio;
1139 + void (*init) (void *); /* board specific init */
1140 + int num_subdevs;
1141 + struct pcap_subdev *subdevs;
1142 +diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c
1143 +index 68223e4..4e9115d 100644
1144 +--- a/net/caif/caif_dev.c
1145 ++++ b/net/caif/caif_dev.c
1146 +@@ -428,9 +428,9 @@ static int __init caif_device_init(void)
1147 +
1148 + static void __exit caif_device_exit(void)
1149 + {
1150 +- unregister_pernet_subsys(&caif_net_ops);
1151 + unregister_netdevice_notifier(&caif_device_notifier);
1152 + dev_remove_pack(&caif_packet_type);
1153 ++ unregister_pernet_subsys(&caif_net_ops);
1154 + }
1155 +
1156 + module_init(caif_device_init);
1157 +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
1158 +index 05842ab..0cf604b 100644
1159 +--- a/net/core/rtnetlink.c
1160 ++++ b/net/core/rtnetlink.c
1161 +@@ -670,6 +670,12 @@ static void set_operstate(struct net_device *dev, unsigned char transition)
1162 + }
1163 + }
1164 +
1165 ++static unsigned int rtnl_dev_get_flags(const struct net_device *dev)
1166 ++{
1167 ++ return (dev->flags & ~(IFF_PROMISC | IFF_ALLMULTI)) |
1168 ++ (dev->gflags & (IFF_PROMISC | IFF_ALLMULTI));
1169 ++}
1170 ++
1171 + static unsigned int rtnl_dev_combine_flags(const struct net_device *dev,
1172 + const struct ifinfomsg *ifm)
1173 + {
1174 +@@ -678,7 +684,7 @@ static unsigned int rtnl_dev_combine_flags(const struct net_device *dev,
1175 + /* bugwards compatibility: ifi_change == 0 is treated as ~0 */
1176 + if (ifm->ifi_change)
1177 + flags = (flags & ifm->ifi_change) |
1178 +- (dev->flags & ~ifm->ifi_change);
1179 ++ (rtnl_dev_get_flags(dev) & ~ifm->ifi_change);
1180 +
1181 + return flags;
1182 + }
1183 +diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
1184 +index 86f3b88..afaa735 100644
1185 +--- a/net/ipv4/cipso_ipv4.c
1186 ++++ b/net/ipv4/cipso_ipv4.c
1187 +@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option)
1188 + case CIPSO_V4_TAG_LOCAL:
1189 + /* This is a non-standard tag that we only allow for
1190 + * local connections, so if the incoming interface is
1191 +- * not the loopback device drop the packet. */
1192 +- if (!(skb->dev->flags & IFF_LOOPBACK)) {
1193 ++ * not the loopback device drop the packet. Further,
1194 ++ * there is no legitimate reason for setting this from
1195 ++ * userspace so reject it if skb is NULL. */
1196 ++ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) {
1197 + err_offset = opt_iter;
1198 + goto validate_return_locked;
1199 + }
1200 +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
1201 +index 11ba922..ad466a7 100644
1202 +--- a/net/ipv4/tcp.c
1203 ++++ b/net/ipv4/tcp.c
1204 +@@ -2391,7 +2391,10 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
1205 + /* Cap the max timeout in ms TCP will retry/retrans
1206 + * before giving up and aborting (ETIMEDOUT) a connection.
1207 + */
1208 +- icsk->icsk_user_timeout = msecs_to_jiffies(val);
1209 ++ if (val < 0)
1210 ++ err = -EINVAL;
1211 ++ else
1212 ++ icsk->icsk_user_timeout = msecs_to_jiffies(val);
1213 + break;
1214 + default:
1215 + err = -ENOPROTOOPT;
1216 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
1217 +index 32e6ca2..a08a621 100644
1218 +--- a/net/ipv4/tcp_input.c
1219 ++++ b/net/ipv4/tcp_input.c
1220 +@@ -5415,7 +5415,9 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
1221 + if (tp->copied_seq == tp->rcv_nxt &&
1222 + len - tcp_header_len <= tp->ucopy.len) {
1223 + #ifdef CONFIG_NET_DMA
1224 +- if (tcp_dma_try_early_copy(sk, skb, tcp_header_len)) {
1225 ++ if (tp->ucopy.task == current &&
1226 ++ sock_owned_by_user(sk) &&
1227 ++ tcp_dma_try_early_copy(sk, skb, tcp_header_len)) {
1228 + copied_early = 1;
1229 + eaten = 1;
1230 + }
1231 +diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
1232 +index a7078fd..f85de8e 100644
1233 +--- a/net/mac80211/mesh.c
1234 ++++ b/net/mac80211/mesh.c
1235 +@@ -543,6 +543,7 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
1236 +
1237 + del_timer_sync(&sdata->u.mesh.housekeeping_timer);
1238 + del_timer_sync(&sdata->u.mesh.mesh_path_root_timer);
1239 ++ del_timer_sync(&sdata->u.mesh.mesh_path_timer);
1240 + /*
1241 + * If the timer fired while we waited for it, it will have
1242 + * requeued the work. Now the work will be running again
1243 +diff --git a/net/sched/sch_sfb.c b/net/sched/sch_sfb.c
1244 +index 17859ea..351a69b 100644
1245 +--- a/net/sched/sch_sfb.c
1246 ++++ b/net/sched/sch_sfb.c
1247 +@@ -559,6 +559,8 @@ static int sfb_dump(struct Qdisc *sch, struct sk_buff *skb)
1248 +
1249 + sch->qstats.backlog = q->qdisc->qstats.backlog;
1250 + opts = nla_nest_start(skb, TCA_OPTIONS);
1251 ++ if (opts == NULL)
1252 ++ goto nla_put_failure;
1253 + NLA_PUT(skb, TCA_SFB_PARMS, sizeof(opt), &opt);
1254 + return nla_nest_end(skb, opts);
1255 +
1256 +diff --git a/net/sctp/input.c b/net/sctp/input.c
1257 +index b7692aa..0fc18c7 100644
1258 +--- a/net/sctp/input.c
1259 ++++ b/net/sctp/input.c
1260 +@@ -736,15 +736,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep)
1261 +
1262 + epb = &ep->base;
1263 +
1264 +- if (hlist_unhashed(&epb->node))
1265 +- return;
1266 +-
1267 + epb->hashent = sctp_ep_hashfn(epb->bind_addr.port);
1268 +
1269 + head = &sctp_ep_hashtable[epb->hashent];
1270 +
1271 + sctp_write_lock(&head->lock);
1272 +- __hlist_del(&epb->node);
1273 ++ hlist_del_init(&epb->node);
1274 + sctp_write_unlock(&head->lock);
1275 + }
1276 +
1277 +@@ -825,7 +822,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc)
1278 + head = &sctp_assoc_hashtable[epb->hashent];
1279 +
1280 + sctp_write_lock(&head->lock);
1281 +- __hlist_del(&epb->node);
1282 ++ hlist_del_init(&epb->node);
1283 + sctp_write_unlock(&head->lock);
1284 + }
1285 +
1286 +diff --git a/net/sctp/socket.c b/net/sctp/socket.c
1287 +index 0075554..8e49d76 100644
1288 +--- a/net/sctp/socket.c
1289 ++++ b/net/sctp/socket.c
1290 +@@ -1231,8 +1231,14 @@ out_free:
1291 + SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p"
1292 + " kaddrs: %p err: %d\n",
1293 + asoc, kaddrs, err);
1294 +- if (asoc)
1295 ++ if (asoc) {
1296 ++ /* sctp_primitive_ASSOCIATE may have added this association
1297 ++ * To the hash table, try to unhash it, just in case, its a noop
1298 ++ * if it wasn't hashed so we're safe
1299 ++ */
1300 ++ sctp_unhash_established(asoc);
1301 + sctp_association_free(asoc);
1302 ++ }
1303 + return err;
1304 + }
1305 +
1306 +@@ -1942,8 +1948,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
1307 + goto out_unlock;
1308 +
1309 + out_free:
1310 +- if (new_asoc)
1311 ++ if (new_asoc) {
1312 ++ sctp_unhash_established(asoc);
1313 + sctp_association_free(asoc);
1314 ++ }
1315 + out_unlock:
1316 + sctp_release_sock(sk);
1317 +
1318 +diff --git a/net/wanrouter/wanmain.c b/net/wanrouter/wanmain.c
1319 +index 788a12c..2ab7850 100644
1320 +--- a/net/wanrouter/wanmain.c
1321 ++++ b/net/wanrouter/wanmain.c
1322 +@@ -602,36 +602,31 @@ static int wanrouter_device_new_if(struct wan_device *wandev,
1323 + * successfully, add it to the interface list.
1324 + */
1325 +
1326 +- if (dev->name == NULL) {
1327 +- err = -EINVAL;
1328 +- } else {
1329 ++#ifdef WANDEBUG
1330 ++ printk(KERN_INFO "%s: registering interface %s...\n",
1331 ++ wanrouter_modname, dev->name);
1332 ++#endif
1333 +
1334 +- #ifdef WANDEBUG
1335 +- printk(KERN_INFO "%s: registering interface %s...\n",
1336 +- wanrouter_modname, dev->name);
1337 +- #endif
1338 +-
1339 +- err = register_netdev(dev);
1340 +- if (!err) {
1341 +- struct net_device *slave = NULL;
1342 +- unsigned long smp_flags=0;
1343 +-
1344 +- lock_adapter_irq(&wandev->lock, &smp_flags);
1345 +-
1346 +- if (wandev->dev == NULL) {
1347 +- wandev->dev = dev;
1348 +- } else {
1349 +- for (slave=wandev->dev;
1350 +- DEV_TO_SLAVE(slave);
1351 +- slave = DEV_TO_SLAVE(slave))
1352 +- DEV_TO_SLAVE(slave) = dev;
1353 +- }
1354 +- ++wandev->ndev;
1355 +-
1356 +- unlock_adapter_irq(&wandev->lock, &smp_flags);
1357 +- err = 0; /* done !!! */
1358 +- goto out;
1359 ++ err = register_netdev(dev);
1360 ++ if (!err) {
1361 ++ struct net_device *slave = NULL;
1362 ++ unsigned long smp_flags=0;
1363 ++
1364 ++ lock_adapter_irq(&wandev->lock, &smp_flags);
1365 ++
1366 ++ if (wandev->dev == NULL) {
1367 ++ wandev->dev = dev;
1368 ++ } else {
1369 ++ for (slave=wandev->dev;
1370 ++ DEV_TO_SLAVE(slave);
1371 ++ slave = DEV_TO_SLAVE(slave))
1372 ++ DEV_TO_SLAVE(slave) = dev;
1373 + }
1374 ++ ++wandev->ndev;
1375 ++
1376 ++ unlock_adapter_irq(&wandev->lock, &smp_flags);
1377 ++ err = 0; /* done !!! */
1378 ++ goto out;
1379 + }
1380 + if (wandev->del_if)
1381 + wandev->del_if(wandev, dev);
1382 +diff --git a/net/wireless/core.c b/net/wireless/core.c
1383 +index 220f3bd..8f5042d 100644
1384 +--- a/net/wireless/core.c
1385 ++++ b/net/wireless/core.c
1386 +@@ -971,6 +971,11 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
1387 + */
1388 + synchronize_rcu();
1389 + INIT_LIST_HEAD(&wdev->list);
1390 ++ /*
1391 ++ * Ensure that all events have been processed and
1392 ++ * freed.
1393 ++ */
1394 ++ cfg80211_process_wdev_events(wdev);
1395 + break;
1396 + case NETDEV_PRE_UP:
1397 + if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype)))
1398 +diff --git a/net/wireless/core.h b/net/wireless/core.h
1399 +index b9ec306..02c3be3 100644
1400 +--- a/net/wireless/core.h
1401 ++++ b/net/wireless/core.h
1402 +@@ -426,6 +426,7 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
1403 + struct net_device *dev, enum nl80211_iftype ntype,
1404 + u32 *flags, struct vif_params *params);
1405 + void cfg80211_process_rdev_events(struct cfg80211_registered_device *rdev);
1406 ++void cfg80211_process_wdev_events(struct wireless_dev *wdev);
1407 +
1408 + int cfg80211_can_change_interface(struct cfg80211_registered_device *rdev,
1409 + struct wireless_dev *wdev,
1410 +diff --git a/net/wireless/util.c b/net/wireless/util.c
1411 +index b5e4c1c..22fb802 100644
1412 +--- a/net/wireless/util.c
1413 ++++ b/net/wireless/util.c
1414 +@@ -725,7 +725,7 @@ void cfg80211_upload_connect_keys(struct wireless_dev *wdev)
1415 + wdev->connect_keys = NULL;
1416 + }
1417 +
1418 +-static void cfg80211_process_wdev_events(struct wireless_dev *wdev)
1419 ++void cfg80211_process_wdev_events(struct wireless_dev *wdev)
1420 + {
1421 + struct cfg80211_event *ev;
1422 + unsigned long flags;
1423 +diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c
1424 +index 51a1afc..402f330 100644
1425 +--- a/sound/pci/hda/patch_conexant.c
1426 ++++ b/sound/pci/hda/patch_conexant.c
1427 +@@ -3059,7 +3059,6 @@ static const struct snd_pci_quirk cxt5066_cfg_tbl[] = {
1428 + SND_PCI_QUIRK(0x1028, 0x02d8, "Dell Vostro", CXT5066_DELL_VOSTRO),
1429 + SND_PCI_QUIRK(0x1028, 0x02f5, "Dell Vostro 320", CXT5066_IDEAPAD),
1430 + SND_PCI_QUIRK(0x1028, 0x0401, "Dell Vostro 1014", CXT5066_DELL_VOSTRO),
1431 +- SND_PCI_QUIRK(0x1028, 0x0402, "Dell Vostro", CXT5066_DELL_VOSTRO),
1432 + SND_PCI_QUIRK(0x1028, 0x0408, "Dell Inspiron One 19T", CXT5066_IDEAPAD),
1433 + SND_PCI_QUIRK(0x1028, 0x050f, "Dell Inspiron", CXT5066_IDEAPAD),
1434 + SND_PCI_QUIRK(0x1028, 0x0510, "Dell Vostro", CXT5066_IDEAPAD),
1435 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
1436 +index 2e2eb93..32c8169 100644
1437 +--- a/sound/pci/hda/patch_realtek.c
1438 ++++ b/sound/pci/hda/patch_realtek.c
1439 +@@ -4981,6 +4981,8 @@ static const struct alc_fixup alc269_fixups[] = {
1440 + [ALC269_FIXUP_PCM_44K] = {
1441 + .type = ALC_FIXUP_FUNC,
1442 + .v.func = alc269_fixup_pcm_44k,
1443 ++ .chained = true,
1444 ++ .chain_id = ALC269_FIXUP_QUANTA_MUTE
1445 + },
1446 + [ALC269_FIXUP_STEREO_DMIC] = {
1447 + .type = ALC_FIXUP_FUNC,
1448 +@@ -5077,9 +5079,10 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
1449 + SND_PCI_QUIRK(0x17aa, 0x21ca, "Thinkpad L412", ALC269_FIXUP_SKU_IGNORE),
1450 + SND_PCI_QUIRK(0x17aa, 0x21e9, "Thinkpad Edge 15", ALC269_FIXUP_SKU_IGNORE),
1451 + SND_PCI_QUIRK(0x17aa, 0x21f6, "Thinkpad T530", ALC269_FIXUP_LENOVO_DOCK),
1452 ++ SND_PCI_QUIRK(0x17aa, 0x21fa, "Thinkpad X230", ALC269_FIXUP_LENOVO_DOCK),
1453 ++ SND_PCI_QUIRK(0x17aa, 0x21fb, "Thinkpad T430s", ALC269_FIXUP_LENOVO_DOCK),
1454 + SND_PCI_QUIRK(0x17aa, 0x2203, "Thinkpad X230 Tablet", ALC269_FIXUP_LENOVO_DOCK),
1455 +- SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_QUANTA_MUTE),
1456 +- SND_PCI_QUIRK(0x17aa, 0x3bf8, "Lenovo Ideapd", ALC269_FIXUP_PCM_44K),
1457 ++ SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_PCM_44K),
1458 + SND_PCI_QUIRK(0x17aa, 0x9e54, "LENOVO NB", ALC269_FIXUP_LENOVO_EAPD),
1459 +
1460 + #if 1
1461
1462 diff --git a/3.2.27/4420_grsecurity-2.9.1-3.2.27-201208201521.patch b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208222030.patch
1463 similarity index 99%
1464 rename from 3.2.27/4420_grsecurity-2.9.1-3.2.27-201208201521.patch
1465 rename to 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208222030.patch
1466 index 7be4f7e..0f3c55e 100644
1467 --- a/3.2.27/4420_grsecurity-2.9.1-3.2.27-201208201521.patch
1468 +++ b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208222030.patch
1469 @@ -245,7 +245,7 @@ index 88fd7f5..b318a78 100644
1470 ==============================================================
1471
1472 diff --git a/Makefile b/Makefile
1473 -index bdf851f..c020e9d 100644
1474 +index 5368961..3fed4d4 100644
1475 --- a/Makefile
1476 +++ b/Makefile
1477 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
1478 @@ -20547,7 +20547,7 @@ index 94a4672..5c6b853 100644
1479
1480 local_irq_disable();
1481 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
1482 -index 7315488..187fb78 100644
1483 +index 407789b..942f6a6 100644
1484 --- a/arch/x86/kvm/vmx.c
1485 +++ b/arch/x86/kvm/vmx.c
1486 @@ -1305,7 +1305,11 @@ static void reload_tss(void)
1487 @@ -20562,7 +20562,7 @@ index 7315488..187fb78 100644
1488 load_TR_desc();
1489 }
1490
1491 -@@ -2633,8 +2637,11 @@ static __init int hardware_setup(void)
1492 +@@ -2634,8 +2638,11 @@ static __init int hardware_setup(void)
1493 if (!cpu_has_vmx_flexpriority())
1494 flexpriority_enabled = 0;
1495
1496 @@ -20576,7 +20576,7 @@ index 7315488..187fb78 100644
1497
1498 if (enable_ept && !cpu_has_vmx_ept_2m_page())
1499 kvm_disable_largepages();
1500 -@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void)
1501 +@@ -3649,7 +3656,7 @@ static void vmx_set_constant_host_state(void)
1502 vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
1503
1504 asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl));
1505 @@ -20585,7 +20585,7 @@ index 7315488..187fb78 100644
1506
1507 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
1508 vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
1509 -@@ -6171,6 +6178,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
1510 +@@ -6172,6 +6179,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
1511 "jmp .Lkvm_vmx_return \n\t"
1512 ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
1513 ".Lkvm_vmx_return: "
1514 @@ -20598,7 +20598,7 @@ index 7315488..187fb78 100644
1515 /* Save guest registers, load host registers, keep flags */
1516 "mov %0, %c[wordsize](%%"R"sp) \n\t"
1517 "pop %0 \n\t"
1518 -@@ -6219,6 +6232,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
1519 +@@ -6220,6 +6233,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
1520 #endif
1521 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
1522 [wordsize]"i"(sizeof(ulong))
1523 @@ -20610,7 +20610,7 @@ index 7315488..187fb78 100644
1524 : "cc", "memory"
1525 , R"ax", R"bx", R"di", R"si"
1526 #ifdef CONFIG_X86_64
1527 -@@ -6247,7 +6265,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
1528 +@@ -6248,7 +6266,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
1529 }
1530 }
1531
1532 @@ -30926,7 +30926,7 @@ index ca67338..0003ba7 100644
1533 return can_switch;
1534 }
1535 diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
1536 -index d62c731..89d435b 100644
1537 +index c364358..317c8de 100644
1538 --- a/drivers/gpu/drm/i915/i915_drv.h
1539 +++ b/drivers/gpu/drm/i915/i915_drv.h
1540 @@ -229,7 +229,7 @@ struct drm_i915_display_funcs {
1541 @@ -30956,7 +30956,7 @@ index d62c731..89d435b 100644
1542 };
1543
1544 #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base)
1545 -@@ -1276,7 +1276,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
1546 +@@ -1271,7 +1271,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
1547 extern void intel_teardown_gmbus(struct drm_device *dev);
1548 extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
1549 extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
1550 @@ -35401,7 +35401,7 @@ index e1159e5..e18684d 100644
1551 /* Set media type */
1552 switch (adapter->pdev->device) {
1553 diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c
1554 -index 3072d35..a0f4827 100644
1555 +index 4f4d52a..2317bbc 100644
1556 --- a/drivers/net/ethernet/intel/e1000e/82571.c
1557 +++ b/drivers/net/ethernet/intel/e1000e/82571.c
1558 @@ -239,7 +239,7 @@ static s32 e1000_init_mac_params_82571(struct e1000_adapter *adapter)
1559 @@ -35929,7 +35929,7 @@ index 46db5c5..37c1536 100644
1560 err = platform_driver_register(&sk_isa_driver);
1561 if (err)
1562 diff --git a/drivers/net/tun.c b/drivers/net/tun.c
1563 -index 7bea9c6..7ef073c 100644
1564 +index a12c9bf..3b1862d 100644
1565 --- a/drivers/net/tun.c
1566 +++ b/drivers/net/tun.c
1567 @@ -359,7 +359,7 @@ static void tun_free_netdev(struct net_device *dev)
1568 @@ -36314,10 +36314,10 @@ index f5ae3c6..7936af3 100644
1569
1570 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
1571 diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
1572 -index 1bd8edf..10c6d30 100644
1573 +index a5c4ba8..a2cea02 100644
1574 --- a/drivers/net/wireless/ath/ath9k/hw.h
1575 +++ b/drivers/net/wireless/ath/ath9k/hw.h
1576 -@@ -605,7 +605,7 @@ struct ath_hw_private_ops {
1577 +@@ -606,7 +606,7 @@ struct ath_hw_private_ops {
1578
1579 /* ANI */
1580 void (*ani_cache_ini_regs)(struct ath_hw *ah);
1581 @@ -36326,7 +36326,7 @@ index 1bd8edf..10c6d30 100644
1582
1583 /**
1584 * struct ath_hw_ops - callbacks used by hardware code and driver code
1585 -@@ -635,7 +635,7 @@ struct ath_hw_ops {
1586 +@@ -636,7 +636,7 @@ struct ath_hw_ops {
1587 void (*antdiv_comb_conf_set)(struct ath_hw *ah,
1588 struct ath_hw_antcomb_conf *antconf);
1589
1590 @@ -36335,7 +36335,7 @@ index 1bd8edf..10c6d30 100644
1591
1592 struct ath_nf_limits {
1593 s16 max;
1594 -@@ -655,7 +655,7 @@ enum ath_cal_list {
1595 +@@ -656,7 +656,7 @@ enum ath_cal_list {
1596 #define AH_FASTCC 0x4
1597
1598 struct ath_hw {
1599 @@ -44230,7 +44230,7 @@ index 6901578..d402eb5 100644
1600
1601 return hit;
1602 diff --git a/fs/compat.c b/fs/compat.c
1603 -index c987875..08771ca 100644
1604 +index c987875..1b4dfbb 100644
1605 --- a/fs/compat.c
1606 +++ b/fs/compat.c
1607 @@ -132,8 +132,8 @@ asmlinkage long compat_sys_utimes(const char __user *filename, struct compat_tim
1608 @@ -44351,6 +44351,38 @@ index c987875..08771ca 100644
1609 if (__put_user_unaligned(d_off, &lastdirent->d_off))
1610 error = -EFAULT;
1611 else
1612 +@@ -1174,11 +1192,14 @@ compat_sys_readv(unsigned long fd, const struct compat_iovec __user *vec,
1613 + struct file *file;
1614 + int fput_needed;
1615 + ssize_t ret;
1616 ++ loff_t pos;
1617 +
1618 + file = fget_light(fd, &fput_needed);
1619 + if (!file)
1620 + return -EBADF;
1621 +- ret = compat_readv(file, vec, vlen, &file->f_pos);
1622 ++ pos = file->f_pos;
1623 ++ ret = compat_readv(file, vec, vlen, &pos);
1624 ++ file->f_pos = pos;
1625 + fput_light(file, fput_needed);
1626 + return ret;
1627 + }
1628 +@@ -1233,11 +1254,14 @@ compat_sys_writev(unsigned long fd, const struct compat_iovec __user *vec,
1629 + struct file *file;
1630 + int fput_needed;
1631 + ssize_t ret;
1632 ++ loff_t pos;
1633 +
1634 + file = fget_light(fd, &fput_needed);
1635 + if (!file)
1636 + return -EBADF;
1637 +- ret = compat_writev(file, vec, vlen, &file->f_pos);
1638 ++ pos = file->f_pos;
1639 ++ ret = compat_writev(file, vec, vlen, &pos);
1640 ++ file->f_pos = pos;
1641 + fput_light(file, fput_needed);
1642 + return ret;
1643 + }
1644 diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c
1645 index 112e45a..b59845b 100644
1646 --- a/fs/compat_binfmt_elf.c
1647 @@ -65631,6 +65663,23 @@ index d786b4f..4c3dd41 100644
1648
1649 #ifdef CONFIG_IP_MROUTE
1650 #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
1651 +diff --git a/include/net/scm.h b/include/net/scm.h
1652 +index d456f4c..0c0017c 100644
1653 +--- a/include/net/scm.h
1654 ++++ b/include/net/scm.h
1655 +@@ -71,9 +71,11 @@ static __inline__ void scm_destroy(struct scm_cookie *scm)
1656 + }
1657 +
1658 + static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
1659 +- struct scm_cookie *scm)
1660 ++ struct scm_cookie *scm, bool forcecreds)
1661 + {
1662 + memset(scm, 0, sizeof(*scm));
1663 ++ if (forcecreds)
1664 ++ scm_set_cred(scm, task_tgid(current), current_cred());
1665 + unix_get_peersec_dgram(sock, scm);
1666 + if (msg->msg_controllen <= 0)
1667 + return 0;
1668 diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
1669 index ad03988..0c5a964 100644
1670 --- a/include/net/sctp/sctp.h
1671 @@ -76308,6 +76357,18 @@ index f41f026..fe76ea8 100644
1672 __SONET_ITEMS
1673 #undef __HANDLE_ITEM
1674 }
1675 +diff --git a/net/atm/common.c b/net/atm/common.c
1676 +index 14ff9fe..0ca06e8 100644
1677 +--- a/net/atm/common.c
1678 ++++ b/net/atm/common.c
1679 +@@ -784,6 +784,7 @@ int vcc_getsockopt(struct socket *sock, int level, int optname,
1680 +
1681 + if (!vcc->dev || !test_bit(ATM_VF_ADDR, &vcc->flags))
1682 + return -ENOTCONN;
1683 ++ memset(&pvc, 0, sizeof(pvc));
1684 + pvc.sap_family = AF_ATMPVC;
1685 + pvc.sap_addr.itf = vcc->dev->number;
1686 + pvc.sap_addr.vpi = vcc->vpi;
1687 diff --git a/net/atm/lec.h b/net/atm/lec.h
1688 index dfc0719..47c5322 100644
1689 --- a/net/atm/lec.h
1690 @@ -76351,6 +76412,18 @@ index 0d020de..011c7bb 100644
1691 }
1692
1693 static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev)
1694 +diff --git a/net/atm/pvc.c b/net/atm/pvc.c
1695 +index 3a73491..ae03240 100644
1696 +--- a/net/atm/pvc.c
1697 ++++ b/net/atm/pvc.c
1698 +@@ -95,6 +95,7 @@ static int pvc_getname(struct socket *sock, struct sockaddr *sockaddr,
1699 + return -ENOTCONN;
1700 + *sockaddr_len = sizeof(struct sockaddr_atmpvc);
1701 + addr = (struct sockaddr_atmpvc *)sockaddr;
1702 ++ memset(addr, 0, sizeof(*addr));
1703 + addr->sap_family = AF_ATMPVC;
1704 + addr->sap_addr.itf = vcc->dev->number;
1705 + addr->sap_addr.vpi = vcc->vpi;
1706 diff --git a/net/atm/resources.c b/net/atm/resources.c
1707 index 23f45ce..c748f1a 100644
1708 --- a/net/atm/resources.c
1709 @@ -76491,6 +76564,26 @@ index 98bfbd5..47ccdd6 100644
1710
1711 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
1712 }
1713 +diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
1714 +index f6afe3d..8361ee4 100644
1715 +--- a/net/bluetooth/hci_sock.c
1716 ++++ b/net/bluetooth/hci_sock.c
1717 +@@ -388,6 +388,7 @@ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *add
1718 + *addr_len = sizeof(*haddr);
1719 + haddr->hci_family = AF_BLUETOOTH;
1720 + haddr->hci_dev = hdev->id;
1721 ++ haddr->hci_channel= 0;
1722 +
1723 + release_sock(sk);
1724 + return 0;
1725 +@@ -671,6 +672,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char
1726 + {
1727 + struct hci_filter *f = &hci_pi(sk)->filter;
1728 +
1729 ++ memset(&uf, 0, sizeof(uf));
1730 + uf.type_mask = f->type_mask;
1731 + uf.opcode = f->opcode;
1732 + uf.event_mask[0] = *((u32 *) f->event_mask + 0);
1733 diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
1734 index 17b5b1c..826d872 100644
1735 --- a/net/bluetooth/l2cap_core.c
1736 @@ -76521,6 +76614,51 @@ index 17b5b1c..826d872 100644
1737 goto done;
1738 }
1739 }
1740 +diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
1741 +index 5c406d3..6dedd6f 100644
1742 +--- a/net/bluetooth/l2cap_sock.c
1743 ++++ b/net/bluetooth/l2cap_sock.c
1744 +@@ -293,6 +293,7 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
1745 +
1746 + BT_DBG("sock %p, sk %p", sock, sk);
1747 +
1748 ++ memset(la, 0, sizeof(struct sockaddr_l2));
1749 + addr->sa_family = AF_BLUETOOTH;
1750 + *len = sizeof(struct sockaddr_l2);
1751 +
1752 +diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
1753 +index 5417f61..7ee4ead 100644
1754 +--- a/net/bluetooth/rfcomm/sock.c
1755 ++++ b/net/bluetooth/rfcomm/sock.c
1756 +@@ -547,6 +547,7 @@ static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *
1757 +
1758 + BT_DBG("sock %p, sk %p", sock, sk);
1759 +
1760 ++ memset(sa, 0, sizeof(*sa));
1761 + sa->rc_family = AF_BLUETOOTH;
1762 + sa->rc_channel = rfcomm_pi(sk)->channel;
1763 + if (peer)
1764 +@@ -835,6 +836,7 @@ static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, c
1765 + }
1766 +
1767 + sec.level = rfcomm_pi(sk)->sec_level;
1768 ++ sec.key_size = 0;
1769 +
1770 + len = min_t(unsigned int, len, sizeof(sec));
1771 + if (copy_to_user(optval, (char *) &sec, len))
1772 +diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
1773 +index c258796..bc1eb56 100644
1774 +--- a/net/bluetooth/rfcomm/tty.c
1775 ++++ b/net/bluetooth/rfcomm/tty.c
1776 +@@ -471,7 +471,7 @@ static int rfcomm_get_dev_list(void __user *arg)
1777 +
1778 + size = sizeof(*dl) + dev_num * sizeof(*di);
1779 +
1780 +- dl = kmalloc(size, GFP_KERNEL);
1781 ++ dl = kzalloc(size, GFP_KERNEL);
1782 + if (!dl)
1783 + return -ENOMEM;
1784 +
1785 diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
1786 index 5ac1811..7eb2320 100644
1787 --- a/net/bridge/br_multicast.c
1788 @@ -76547,21 +76685,6 @@ index 5864cc4..121f3a30 100644
1789 BUGPRINT("c2u Didn't work\n");
1790 ret = -EFAULT;
1791 break;
1792 -diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c
1793 -index 68223e4..4e9115d 100644
1794 ---- a/net/caif/caif_dev.c
1795 -+++ b/net/caif/caif_dev.c
1796 -@@ -428,9 +428,9 @@ static int __init caif_device_init(void)
1797 -
1798 - static void __exit caif_device_exit(void)
1799 - {
1800 -- unregister_pernet_subsys(&caif_net_ops);
1801 - unregister_netdevice_notifier(&caif_device_notifier);
1802 - dev_remove_pack(&caif_packet_type);
1803 -+ unregister_pernet_subsys(&caif_net_ops);
1804 - }
1805 -
1806 - module_init(caif_device_init);
1807 diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
1808 index a986280..13444a1 100644
1809 --- a/net/caif/caif_socket.c
1810 @@ -76738,6 +76861,80 @@ index 5cf5222..6f704ad 100644
1811 p->sequence_no);
1812 list_del(&p->list);
1813 goto out;
1814 +diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c
1815 +index 8656909..a2ae45d 100644
1816 +--- a/net/caif/chnl_net.c
1817 ++++ b/net/caif/chnl_net.c
1818 +@@ -74,7 +74,6 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt)
1819 + struct sk_buff *skb;
1820 + struct chnl_net *priv = container_of(layr, struct chnl_net, chnl);
1821 + int pktlen;
1822 +- int err = 0;
1823 + const u8 *ip_version;
1824 + u8 buf;
1825 +
1826 +@@ -95,8 +94,11 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt)
1827 +
1828 + /* check the version of IP */
1829 + ip_version = skb_header_pointer(skb, 0, 1, &buf);
1830 +- if (!ip_version)
1831 ++ if (!ip_version) {
1832 ++ kfree_skb(skb);
1833 + return -EINVAL;
1834 ++ }
1835 ++
1836 + switch (*ip_version >> 4) {
1837 + case 4:
1838 + skb->protocol = htons(ETH_P_IP);
1839 +@@ -105,6 +107,8 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt)
1840 + skb->protocol = htons(ETH_P_IPV6);
1841 + break;
1842 + default:
1843 ++ kfree_skb(skb);
1844 ++ priv->netdev->stats.rx_errors++;
1845 + return -EINVAL;
1846 + }
1847 +
1848 +@@ -123,7 +127,7 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt)
1849 + priv->netdev->stats.rx_packets++;
1850 + priv->netdev->stats.rx_bytes += pktlen;
1851 +
1852 +- return err;
1853 ++ return 0;
1854 + }
1855 +
1856 + static int delete_device(struct chnl_net *dev)
1857 +@@ -221,12 +225,16 @@ static int chnl_net_start_xmit(struct sk_buff *skb, struct net_device *dev)
1858 +
1859 + if (skb->len > priv->netdev->mtu) {
1860 + pr_warn("Size of skb exceeded MTU\n");
1861 +- return -ENOSPC;
1862 ++ kfree_skb(skb);
1863 ++ dev->stats.tx_errors++;
1864 ++ return NETDEV_TX_OK;
1865 + }
1866 +
1867 + if (!priv->flowenabled) {
1868 + pr_debug("dropping packets flow off\n");
1869 +- return NETDEV_TX_BUSY;
1870 ++ kfree_skb(skb);
1871 ++ dev->stats.tx_dropped++;
1872 ++ return NETDEV_TX_OK;
1873 + }
1874 +
1875 + if (priv->conn_req.protocol == CAIFPROTO_DATAGRAM_LOOP)
1876 +@@ -240,9 +248,8 @@ static int chnl_net_start_xmit(struct sk_buff *skb, struct net_device *dev)
1877 + /* Send the packet down the stack. */
1878 + result = priv->chnl.dn->transmit(priv->chnl.dn, pkt);
1879 + if (result) {
1880 +- if (result == -EAGAIN)
1881 +- result = NETDEV_TX_BUSY;
1882 +- return result;
1883 ++ dev->stats.tx_dropped++;
1884 ++ return NETDEV_TX_OK;
1885 + }
1886 +
1887 + /* Update statistics. */
1888 diff --git a/net/can/gw.c b/net/can/gw.c
1889 index 3d79b12..8de85fa 100644
1890 --- a/net/can/gw.c
1891 @@ -77049,7 +77246,7 @@ index c40f27e..7f49254 100644
1892
1893 m->msg_iov = iov;
1894 diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
1895 -index 05842ab..6d674ce 100644
1896 +index 0cf604b..8d4b86f 100644
1897 --- a/net/core/rtnetlink.c
1898 +++ b/net/core/rtnetlink.c
1899 @@ -57,7 +57,7 @@ struct rtnl_link {
1900 @@ -77186,6 +77383,40 @@ index 8d095b9..315c541 100644
1901 }
1902 EXPORT_SYMBOL(sock_init_data);
1903
1904 +diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h
1905 +index 75c3582..fb85d37 100644
1906 +--- a/net/dccp/ccid.h
1907 ++++ b/net/dccp/ccid.h
1908 +@@ -246,7 +246,7 @@ static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk,
1909 + u32 __user *optval, int __user *optlen)
1910 + {
1911 + int rc = -ENOPROTOOPT;
1912 +- if (ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL)
1913 ++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL)
1914 + rc = ccid->ccid_ops->ccid_hc_rx_getsockopt(sk, optname, len,
1915 + optval, optlen);
1916 + return rc;
1917 +@@ -257,7 +257,7 @@ static inline int ccid_hc_tx_getsockopt(struct ccid *ccid, struct sock *sk,
1918 + u32 __user *optval, int __user *optlen)
1919 + {
1920 + int rc = -ENOPROTOOPT;
1921 +- if (ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL)
1922 ++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL)
1923 + rc = ccid->ccid_ops->ccid_hc_tx_getsockopt(sk, optname, len,
1924 + optval, optlen);
1925 + return rc;
1926 +diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
1927 +index 3d604e1..4caf63f 100644
1928 +--- a/net/dccp/ccids/ccid3.c
1929 ++++ b/net/dccp/ccids/ccid3.c
1930 +@@ -532,6 +532,7 @@ static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len,
1931 + case DCCP_SOCKOPT_CCID_TX_INFO:
1932 + if (len < sizeof(tfrc))
1933 + return -EINVAL;
1934 ++ memset(&tfrc, 0, sizeof(tfrc));
1935 + tfrc.tfrctx_x = hc->tx_x;
1936 + tfrc.tfrctx_x_recv = hc->tx_x_recv;
1937 + tfrc.tfrctx_x_calc = hc->tx_x_calc;
1938 diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c
1939 index 02e75d1..9a57a7c 100644
1940 --- a/net/decnet/sysctl_net_decnet.c
1941 @@ -77221,23 +77452,6 @@ index 39a2d29..f39c0fe 100644
1942 ---help---
1943 Econet is a fairly old and slow networking protocol mainly used by
1944 Acorn computers to access file and print servers. It uses native
1945 -diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
1946 -index 86f3b88..afaa735 100644
1947 ---- a/net/ipv4/cipso_ipv4.c
1948 -+++ b/net/ipv4/cipso_ipv4.c
1949 -@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option)
1950 - case CIPSO_V4_TAG_LOCAL:
1951 - /* This is a non-standard tag that we only allow for
1952 - * local connections, so if the incoming interface is
1953 -- * not the loopback device drop the packet. */
1954 -- if (!(skb->dev->flags & IFF_LOOPBACK)) {
1955 -+ * not the loopback device drop the packet. Further,
1956 -+ * there is no legitimate reason for setting this from
1957 -+ * userspace so reject it if skb is NULL. */
1958 -+ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) {
1959 - err_offset = opt_iter;
1960 - goto validate_return_locked;
1961 - }
1962 diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
1963 index 92fc5f6..b790d91 100644
1964 --- a/net/ipv4/fib_frontend.c
1965 @@ -77561,10 +77775,10 @@ index 94cdbc5..0cb0063 100644
1966 ts = peer->tcp_ts;
1967 tsage = get_seconds() - peer->tcp_ts_stamp;
1968 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
1969 -index 32e6ca2..436489e 100644
1970 +index a08a621..2e17402 100644
1971 --- a/net/ipv4/tcp_input.c
1972 +++ b/net/ipv4/tcp_input.c
1973 -@@ -5836,7 +5836,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
1974 +@@ -5838,7 +5838,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
1975 goto discard;
1976
1977 if (th->syn) {
1978 @@ -78325,6 +78539,26 @@ index 1e733e9..3d73c9f 100644
1979 } while (!res);
1980 return res;
1981 }
1982 +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
1983 +index a18e6c3..99a60d5 100644
1984 +--- a/net/llc/af_llc.c
1985 ++++ b/net/llc/af_llc.c
1986 +@@ -966,14 +966,13 @@ static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr,
1987 + struct sockaddr_llc sllc;
1988 + struct sock *sk = sock->sk;
1989 + struct llc_sock *llc = llc_sk(sk);
1990 +- int rc = 0;
1991 ++ int rc = -EBADF;
1992 +
1993 + memset(&sllc, 0, sizeof(sllc));
1994 + lock_sock(sk);
1995 + if (sock_flag(sk, SOCK_ZAPPED))
1996 + goto out;
1997 + *uaddrlen = sizeof(sllc);
1998 +- memset(uaddr, 0, *uaddrlen);
1999 + if (peer) {
2000 + rc = -ENOTCONN;
2001 + if (sk->sk_state != TCP_ESTABLISHED)
2002 diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
2003 index 73495f1..ad51356 100644
2004 --- a/net/mac80211/ieee80211_i.h
2005 @@ -78574,7 +78808,7 @@ index 6dc7d7d..e45913a 100644
2006 if ((ipvs->sync_state & IP_VS_STATE_MASTER) &&
2007 cp->protocol == IPPROTO_SCTP) {
2008 diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
2009 -index e1a66cf..0910076 100644
2010 +index e1a66cf..2772ca6 100644
2011 --- a/net/netfilter/ipvs/ip_vs_ctl.c
2012 +++ b/net/netfilter/ipvs/ip_vs_ctl.c
2013 @@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
2014 @@ -78613,7 +78847,15 @@ index e1a66cf..0910076 100644
2015 entry.weight = atomic_read(&dest->weight);
2016 entry.u_threshold = dest->u_threshold;
2017 entry.l_threshold = dest->l_threshold;
2018 -@@ -3042,7 +3042,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
2019 +@@ -2713,6 +2713,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2020 + {
2021 + struct ip_vs_timeout_user t;
2022 +
2023 ++ memset(&t, 0, sizeof(t));
2024 + __ip_vs_get_timeouts(net, &t);
2025 + if (copy_to_user(user, &t, sizeof(t)) != 0)
2026 + ret = -EFAULT;
2027 +@@ -3042,7 +3043,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
2028 NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port);
2029
2030 NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD,
2031 @@ -78807,7 +79049,7 @@ index 4fe4fb4..87a89e5 100644
2032 return 0;
2033 }
2034 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
2035 -index a99fb41..740c2a4 100644
2036 +index a99fb41..b6962a8 100644
2037 --- a/net/netlink/af_netlink.c
2038 +++ b/net/netlink/af_netlink.c
2039 @@ -742,7 +742,7 @@ static void netlink_overrun(struct sock *sk)
2040 @@ -78819,6 +79061,15 @@ index a99fb41..740c2a4 100644
2041 }
2042
2043 static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
2044 +@@ -1333,7 +1333,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
2045 + if (NULL == siocb->scm)
2046 + siocb->scm = &scm;
2047 +
2048 +- err = scm_send(sock, msg, siocb->scm);
2049 ++ err = scm_send(sock, msg, siocb->scm, true);
2050 + if (err < 0)
2051 + return err;
2052 +
2053 @@ -2001,7 +2001,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
2054 sk_wmem_alloc_get(s),
2055 nlk->cb,
2056 @@ -79418,36 +79669,6 @@ index 7635107..4670276 100644
2057 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
2058
2059 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
2060 -diff --git a/net/sctp/input.c b/net/sctp/input.c
2061 -index b7692aa..0fc18c7 100644
2062 ---- a/net/sctp/input.c
2063 -+++ b/net/sctp/input.c
2064 -@@ -736,15 +736,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep)
2065 -
2066 - epb = &ep->base;
2067 -
2068 -- if (hlist_unhashed(&epb->node))
2069 -- return;
2070 --
2071 - epb->hashent = sctp_ep_hashfn(epb->bind_addr.port);
2072 -
2073 - head = &sctp_ep_hashtable[epb->hashent];
2074 -
2075 - sctp_write_lock(&head->lock);
2076 -- __hlist_del(&epb->node);
2077 -+ hlist_del_init(&epb->node);
2078 - sctp_write_unlock(&head->lock);
2079 - }
2080 -
2081 -@@ -825,7 +822,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc)
2082 - head = &sctp_assoc_hashtable[epb->hashent];
2083 -
2084 - sctp_write_lock(&head->lock);
2085 -- __hlist_del(&epb->node);
2086 -+ hlist_del_init(&epb->node);
2087 - sctp_write_unlock(&head->lock);
2088 - }
2089 -
2090 diff --git a/net/sctp/proc.c b/net/sctp/proc.c
2091 index 1e2eee8..ce3967e 100644
2092 --- a/net/sctp/proc.c
2093 @@ -79463,38 +79684,10 @@ index 1e2eee8..ce3967e 100644
2094 assoc->assoc_id,
2095 assoc->sndbuf_used,
2096 diff --git a/net/sctp/socket.c b/net/sctp/socket.c
2097 -index 0075554..ba19fd7 100644
2098 +index 8e49d76..ba19fd7 100644
2099 --- a/net/sctp/socket.c
2100 +++ b/net/sctp/socket.c
2101 -@@ -1231,8 +1231,14 @@ out_free:
2102 - SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p"
2103 - " kaddrs: %p err: %d\n",
2104 - asoc, kaddrs, err);
2105 -- if (asoc)
2106 -+ if (asoc) {
2107 -+ /* sctp_primitive_ASSOCIATE may have added this association
2108 -+ * To the hash table, try to unhash it, just in case, its a noop
2109 -+ * if it wasn't hashed so we're safe
2110 -+ */
2111 -+ sctp_unhash_established(asoc);
2112 - sctp_association_free(asoc);
2113 -+ }
2114 - return err;
2115 - }
2116 -
2117 -@@ -1942,8 +1948,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
2118 - goto out_unlock;
2119 -
2120 - out_free:
2121 -- if (new_asoc)
2122 -+ if (new_asoc) {
2123 -+ sctp_unhash_established(asoc);
2124 - sctp_association_free(asoc);
2125 -+ }
2126 - out_unlock:
2127 - sctp_release_sock(sk);
2128 -
2129 -@@ -4575,7 +4583,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
2130 +@@ -4583,7 +4583,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
2131 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
2132 if (space_left < addrlen)
2133 return -ENOMEM;
2134 @@ -79504,7 +79697,7 @@ index 0075554..ba19fd7 100644
2135 to += addrlen;
2136 cnt++;
2137 diff --git a/net/socket.c b/net/socket.c
2138 -index 273cbce..fd1e8ff 100644
2139 +index 273cbce..ed22cd4 100644
2140 --- a/net/socket.c
2141 +++ b/net/socket.c
2142 @@ -88,6 +88,7 @@
2143 @@ -79675,7 +79868,15 @@ index 273cbce..fd1e8ff 100644
2144 uaddr_len = COMPAT_NAMELEN(msg);
2145 if (MSG_CMSG_COMPAT & flags) {
2146 err = verify_compat_iovec(msg_sys, iov,
2147 -@@ -2748,7 +2808,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2148 +@@ -2645,6 +2705,7 @@ static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
2149 + if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
2150 + return -EFAULT;
2151 +
2152 ++ memset(&ifc, 0, sizeof(ifc));
2153 + if (ifc32.ifcbuf == 0) {
2154 + ifc32.ifc_len = 0;
2155 + ifc.ifc_len = 0;
2156 +@@ -2748,7 +2809,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2157 }
2158
2159 ifr = compat_alloc_user_space(buf_size);
2160 @@ -79684,7 +79885,7 @@ index 273cbce..fd1e8ff 100644
2161
2162 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
2163 return -EFAULT;
2164 -@@ -2772,12 +2832,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2165 +@@ -2772,12 +2833,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2166 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
2167
2168 if (copy_in_user(rxnfc, compat_rxnfc,
2169 @@ -79701,7 +79902,7 @@ index 273cbce..fd1e8ff 100644
2170 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
2171 sizeof(rxnfc->rule_cnt)))
2172 return -EFAULT;
2173 -@@ -2789,12 +2849,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2174 +@@ -2789,12 +2850,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2175
2176 if (convert_out) {
2177 if (copy_in_user(compat_rxnfc, rxnfc,
2178 @@ -79718,7 +79919,7 @@ index 273cbce..fd1e8ff 100644
2179 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
2180 sizeof(rxnfc->rule_cnt)))
2181 return -EFAULT;
2182 -@@ -2864,7 +2924,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
2183 +@@ -2864,7 +2925,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
2184 old_fs = get_fs();
2185 set_fs(KERNEL_DS);
2186 err = dev_ioctl(net, cmd,
2187 @@ -79727,7 +79928,7 @@ index 273cbce..fd1e8ff 100644
2188 set_fs(old_fs);
2189
2190 return err;
2191 -@@ -2973,7 +3033,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
2192 +@@ -2973,7 +3034,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
2193
2194 old_fs = get_fs();
2195 set_fs(KERNEL_DS);
2196 @@ -79736,7 +79937,7 @@ index 273cbce..fd1e8ff 100644
2197 set_fs(old_fs);
2198
2199 if (cmd == SIOCGIFMAP && !err) {
2200 -@@ -3078,7 +3138,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
2201 +@@ -3078,7 +3139,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
2202 ret |= __get_user(rtdev, &(ur4->rt_dev));
2203 if (rtdev) {
2204 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
2205 @@ -79745,7 +79946,7 @@ index 273cbce..fd1e8ff 100644
2206 devname[15] = 0;
2207 } else
2208 r4.rt_dev = NULL;
2209 -@@ -3318,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
2210 +@@ -3318,8 +3379,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
2211 int __user *uoptlen;
2212 int err;
2213
2214 @@ -79756,7 +79957,7 @@ index 273cbce..fd1e8ff 100644
2215
2216 set_fs(KERNEL_DS);
2217 if (level == SOL_SOCKET)
2218 -@@ -3339,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
2219 +@@ -3339,7 +3400,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
2220 char __user *uoptval;
2221 int err;
2222
2223 @@ -80069,7 +80270,7 @@ index 1983717..4d6102c 100644
2224
2225 sub->evt.event = htohl(event, sub->swap);
2226 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
2227 -index d99678a..3514a21 100644
2228 +index d99678a..6786706 100644
2229 --- a/net/unix/af_unix.c
2230 +++ b/net/unix/af_unix.c
2231 @@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net,
2232 @@ -80118,8 +80319,26 @@ index d99678a..3514a21 100644
2233 mutex_unlock(&path.dentry->d_inode->i_mutex);
2234 dput(path.dentry);
2235 path.dentry = dentry;
2236 +@@ -1435,7 +1455,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
2237 + if (NULL == siocb->scm)
2238 + siocb->scm = &tmp_scm;
2239 + wait_for_unix_gc();
2240 +- err = scm_send(sock, msg, siocb->scm);
2241 ++ err = scm_send(sock, msg, siocb->scm, false);
2242 + if (err < 0)
2243 + return err;
2244 +
2245 +@@ -1596,7 +1616,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
2246 + if (NULL == siocb->scm)
2247 + siocb->scm = &tmp_scm;
2248 + wait_for_unix_gc();
2249 +- err = scm_send(sock, msg, siocb->scm);
2250 ++ err = scm_send(sock, msg, siocb->scm, false);
2251 + if (err < 0)
2252 + return err;
2253 +
2254 diff --git a/net/wireless/core.h b/net/wireless/core.h
2255 -index b9ec306..b4a563e 100644
2256 +index 02c3be3..e022efa 100644
2257 --- a/net/wireless/core.h
2258 +++ b/net/wireless/core.h
2259 @@ -27,7 +27,7 @@ struct cfg80211_registered_device {
2260
2261 diff --git a/3.2.27/4430_grsec-remove-localversion-grsec.patch b/3.2.28/4430_grsec-remove-localversion-grsec.patch
2262 similarity index 100%
2263 rename from 3.2.27/4430_grsec-remove-localversion-grsec.patch
2264 rename to 3.2.28/4430_grsec-remove-localversion-grsec.patch
2265
2266 diff --git a/3.2.27/4435_grsec-mute-warnings.patch b/3.2.28/4435_grsec-mute-warnings.patch
2267 similarity index 100%
2268 rename from 3.2.27/4435_grsec-mute-warnings.patch
2269 rename to 3.2.28/4435_grsec-mute-warnings.patch
2270
2271 diff --git a/3.2.27/4440_grsec-remove-protected-paths.patch b/3.2.28/4440_grsec-remove-protected-paths.patch
2272 similarity index 100%
2273 rename from 3.2.27/4440_grsec-remove-protected-paths.patch
2274 rename to 3.2.28/4440_grsec-remove-protected-paths.patch
2275
2276 diff --git a/3.2.27/4450_grsec-kconfig-default-gids.patch b/3.2.28/4450_grsec-kconfig-default-gids.patch
2277 similarity index 100%
2278 rename from 3.2.27/4450_grsec-kconfig-default-gids.patch
2279 rename to 3.2.28/4450_grsec-kconfig-default-gids.patch
2280
2281 diff --git a/3.2.27/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.28/4465_selinux-avc_audit-log-curr_ip.patch
2282 similarity index 100%
2283 rename from 3.2.27/4465_selinux-avc_audit-log-curr_ip.patch
2284 rename to 3.2.28/4465_selinux-avc_audit-log-curr_ip.patch
2285
2286 diff --git a/3.2.27/4470_disable-compat_vdso.patch b/3.2.28/4470_disable-compat_vdso.patch
2287 similarity index 100%
2288 rename from 3.2.27/4470_disable-compat_vdso.patch
2289 rename to 3.2.28/4470_disable-compat_vdso.patch
2290
2291 diff --git a/3.5.2/0000_README b/3.5.2/0000_README
2292 index 2baff0f..268fe76 100644
2293 --- a/3.5.2/0000_README
2294 +++ b/3.5.2/0000_README
2295 @@ -2,7 +2,7 @@ README
2296 -----------------------------------------------------------------------------
2297 Individual Patch Descriptions:
2298 -----------------------------------------------------------------------------
2299 -Patch: 4420_grsecurity-2.9.1-3.5.2-201208201522.patch
2300 +Patch: 4420_grsecurity-2.9.1-3.5.2-201208222031.patch
2301 From: http://www.grsecurity.net
2302 Desc: hardened-sources base patch from upstream grsecurity
2303
2304
2305 diff --git a/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208201522.patch b/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208222031.patch
2306 similarity index 99%
2307 rename from 3.5.2/4420_grsecurity-2.9.1-3.5.2-201208201522.patch
2308 rename to 3.5.2/4420_grsecurity-2.9.1-3.5.2-201208222031.patch
2309 index 61d4d0c..f04a5aa 100644
2310 --- a/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208201522.patch
2311 +++ b/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208222031.patch
2312 @@ -43873,7 +43873,7 @@ index 6901578..d402eb5 100644
2313
2314 return hit;
2315 diff --git a/fs/compat.c b/fs/compat.c
2316 -index 6161255..512b1a1 100644
2317 +index 6161255..9f28287 100644
2318 --- a/fs/compat.c
2319 +++ b/fs/compat.c
2320 @@ -490,7 +490,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
2321 @@ -43983,6 +43983,38 @@ index 6161255..512b1a1 100644
2322 if (__put_user_unaligned(d_off, &lastdirent->d_off))
2323 error = -EFAULT;
2324 else
2325 +@@ -1155,11 +1173,14 @@ compat_sys_readv(unsigned long fd, const struct compat_iovec __user *vec,
2326 + struct file *file;
2327 + int fput_needed;
2328 + ssize_t ret;
2329 ++ loff_t pos;
2330 +
2331 + file = fget_light(fd, &fput_needed);
2332 + if (!file)
2333 + return -EBADF;
2334 +- ret = compat_readv(file, vec, vlen, &file->f_pos);
2335 ++ pos = file->f_pos;
2336 ++ ret = compat_readv(file, vec, vlen, &pos);
2337 ++ file->f_pos = pos;
2338 + fput_light(file, fput_needed);
2339 + return ret;
2340 + }
2341 +@@ -1221,11 +1242,14 @@ compat_sys_writev(unsigned long fd, const struct compat_iovec __user *vec,
2342 + struct file *file;
2343 + int fput_needed;
2344 + ssize_t ret;
2345 ++ loff_t pos;
2346 +
2347 + file = fget_light(fd, &fput_needed);
2348 + if (!file)
2349 + return -EBADF;
2350 +- ret = compat_writev(file, vec, vlen, &file->f_pos);
2351 ++ pos = file->f_pos;
2352 ++ ret = compat_writev(file, vec, vlen, &pos);
2353 ++ file->f_pos = pos;
2354 + fput_light(file, fput_needed);
2355 + return ret;
2356 + }
2357 diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c
2358 index 112e45a..b59845b 100644
2359 --- a/fs/compat_binfmt_elf.c
2360 @@ -45093,6 +45125,18 @@ index 01434f2..bd995b4 100644
2361 atomic_t s_lock_busy;
2362
2363 /* locality groups */
2364 +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
2365 +index 58a75fe..9752106 100644
2366 +--- a/fs/ext4/extents.c
2367 ++++ b/fs/ext4/extents.c
2368 +@@ -2663,6 +2663,7 @@ cont:
2369 + }
2370 + path[0].p_depth = depth;
2371 + path[0].p_hdr = ext_inode_hdr(inode);
2372 ++ i = 0;
2373 +
2374 + if (ext4_ext_check(inode, path[0].p_hdr, depth)) {
2375 + err = -EIO;
2376 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
2377 index 1cd6994..5799d45 100644
2378 --- a/fs/ext4/mballoc.c
2379 @@ -64645,6 +64689,23 @@ index bbd023a..97c6d0d 100644
2380
2381 #ifdef CONFIG_IP_MROUTE
2382 #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
2383 +diff --git a/include/net/scm.h b/include/net/scm.h
2384 +index d456f4c..0c0017c 100644
2385 +--- a/include/net/scm.h
2386 ++++ b/include/net/scm.h
2387 +@@ -71,9 +71,11 @@ static __inline__ void scm_destroy(struct scm_cookie *scm)
2388 + }
2389 +
2390 + static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
2391 +- struct scm_cookie *scm)
2392 ++ struct scm_cookie *scm, bool forcecreds)
2393 + {
2394 + memset(scm, 0, sizeof(*scm));
2395 ++ if (forcecreds)
2396 ++ scm_set_cred(scm, task_tgid(current), current_cred());
2397 + unix_get_peersec_dgram(sock, scm);
2398 + if (msg->msg_controllen <= 0)
2399 + return 0;
2400 diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
2401 index a2ef814..31a8e3f 100644
2402 --- a/include/net/sctp/sctp.h
2403 @@ -75045,6 +75106,18 @@ index 876fbe8..8bbea9f 100644
2404 __SONET_ITEMS
2405 #undef __HANDLE_ITEM
2406 }
2407 +diff --git a/net/atm/common.c b/net/atm/common.c
2408 +index b4b44db..0c0ad93 100644
2409 +--- a/net/atm/common.c
2410 ++++ b/net/atm/common.c
2411 +@@ -812,6 +812,7 @@ int vcc_getsockopt(struct socket *sock, int level, int optname,
2412 +
2413 + if (!vcc->dev || !test_bit(ATM_VF_ADDR, &vcc->flags))
2414 + return -ENOTCONN;
2415 ++ memset(&pvc, 0, sizeof(pvc));
2416 + pvc.sap_family = AF_ATMPVC;
2417 + pvc.sap_addr.itf = vcc->dev->number;
2418 + pvc.sap_addr.vpi = vcc->vpi;
2419 diff --git a/net/atm/lec.h b/net/atm/lec.h
2420 index a86aff9..3a0d6f6 100644
2421 --- a/net/atm/lec.h
2422 @@ -75088,6 +75161,18 @@ index 0d020de..011c7bb 100644
2423 }
2424
2425 static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev)
2426 +diff --git a/net/atm/pvc.c b/net/atm/pvc.c
2427 +index 3a73491..ae03240 100644
2428 +--- a/net/atm/pvc.c
2429 ++++ b/net/atm/pvc.c
2430 +@@ -95,6 +95,7 @@ static int pvc_getname(struct socket *sock, struct sockaddr *sockaddr,
2431 + return -ENOTCONN;
2432 + *sockaddr_len = sizeof(struct sockaddr_atmpvc);
2433 + addr = (struct sockaddr_atmpvc *)sockaddr;
2434 ++ memset(addr, 0, sizeof(*addr));
2435 + addr->sap_family = AF_ATMPVC;
2436 + addr->sap_addr.itf = vcc->dev->number;
2437 + addr->sap_addr.vpi = vcc->vpi;
2438 diff --git a/net/atm/resources.c b/net/atm/resources.c
2439 index 23f45ce..c748f1a 100644
2440 --- a/net/atm/resources.c
2441 @@ -75231,6 +75316,26 @@ index 74175c2..32f8901 100644
2442 frag1->seqno = htons(seqno - 1);
2443 frag2->seqno = htons(seqno);
2444
2445 +diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
2446 +index 5914623..bedc768 100644
2447 +--- a/net/bluetooth/hci_sock.c
2448 ++++ b/net/bluetooth/hci_sock.c
2449 +@@ -706,6 +706,7 @@ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *add
2450 + *addr_len = sizeof(*haddr);
2451 + haddr->hci_family = AF_BLUETOOTH;
2452 + haddr->hci_dev = hdev->id;
2453 ++ haddr->hci_channel= 0;
2454 +
2455 + release_sock(sk);
2456 + return 0;
2457 +@@ -1016,6 +1017,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char
2458 + {
2459 + struct hci_filter *f = &hci_pi(sk)->filter;
2460 +
2461 ++ memset(&uf, 0, sizeof(uf));
2462 + uf.type_mask = f->type_mask;
2463 + uf.opcode = f->opcode;
2464 + uf.event_mask[0] = *((u32 *) f->event_mask + 0);
2465 diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
2466 index 4554e80..b778671 100644
2467 --- a/net/bluetooth/l2cap_core.c
2468 @@ -75248,8 +75353,40 @@ index 4554e80..b778671 100644
2469
2470 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
2471 rfc.mode != chan->mode)
2472 +diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
2473 +index 3bb1611..fcf656b 100644
2474 +--- a/net/bluetooth/l2cap_sock.c
2475 ++++ b/net/bluetooth/l2cap_sock.c
2476 +@@ -246,6 +246,7 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
2477 +
2478 + BT_DBG("sock %p, sk %p", sock, sk);
2479 +
2480 ++ memset(la, 0, sizeof(struct sockaddr_l2));
2481 + addr->sa_family = AF_BLUETOOTH;
2482 + *len = sizeof(struct sockaddr_l2);
2483 +
2484 +diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
2485 +index e8707de..2df6956 100644
2486 +--- a/net/bluetooth/rfcomm/sock.c
2487 ++++ b/net/bluetooth/rfcomm/sock.c
2488 +@@ -547,6 +547,7 @@ static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *
2489 +
2490 + BT_DBG("sock %p, sk %p", sock, sk);
2491 +
2492 ++ memset(sa, 0, sizeof(*sa));
2493 + sa->rc_family = AF_BLUETOOTH;
2494 + sa->rc_channel = rfcomm_pi(sk)->channel;
2495 + if (peer)
2496 +@@ -841,6 +842,7 @@ static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, c
2497 + }
2498 +
2499 + sec.level = rfcomm_pi(sk)->sec_level;
2500 ++ sec.key_size = 0;
2501 +
2502 + len = min_t(unsigned int, len, sizeof(sec));
2503 + if (copy_to_user(optval, (char *) &sec, len))
2504 diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
2505 -index d1820ff..d414b0e 100644
2506 +index d1820ff..4f8c8f6 100644
2507 --- a/net/bluetooth/rfcomm/tty.c
2508 +++ b/net/bluetooth/rfcomm/tty.c
2509 @@ -314,7 +314,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev)
2510 @@ -75261,6 +75398,15 @@ index d1820ff..d414b0e 100644
2511 spin_unlock_irqrestore(&dev->port.lock, flags);
2512 return;
2513 }
2514 +@@ -461,7 +461,7 @@ static int rfcomm_get_dev_list(void __user *arg)
2515 +
2516 + size = sizeof(*dl) + dev_num * sizeof(*di);
2517 +
2518 +- dl = kmalloc(size, GFP_KERNEL);
2519 ++ dl = kzalloc(size, GFP_KERNEL);
2520 + if (!dl)
2521 + return -ENOMEM;
2522 +
2523 @@ -669,10 +669,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
2524 return -ENODEV;
2525
2526 @@ -75343,6 +75489,21 @@ index 047cd0e..461fd28 100644
2527 p->sequence_no);
2528 list_del(&p->list);
2529 goto out;
2530 +diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c
2531 +index 69771c0..e597733 100644
2532 +--- a/net/caif/chnl_net.c
2533 ++++ b/net/caif/chnl_net.c
2534 +@@ -94,6 +94,10 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt)
2535 +
2536 + /* check the version of IP */
2537 + ip_version = skb_header_pointer(skb, 0, 1, &buf);
2538 ++ if (!ip_version) {
2539 ++ kfree_skb(skb);
2540 ++ return -EINVAL;
2541 ++ }
2542 +
2543 + switch (*ip_version >> 4) {
2544 + case 4:
2545 diff --git a/net/can/gw.c b/net/can/gw.c
2546 index b41acf2..3affb3a 100644
2547 --- a/net/can/gw.c
2548 @@ -75836,6 +75997,40 @@ index 5fd1467..8b70900 100644
2549 }
2550 EXPORT_SYMBOL_GPL(sock_diag_save_cookie);
2551
2552 +diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h
2553 +index 75c3582..fb85d37 100644
2554 +--- a/net/dccp/ccid.h
2555 ++++ b/net/dccp/ccid.h
2556 +@@ -246,7 +246,7 @@ static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk,
2557 + u32 __user *optval, int __user *optlen)
2558 + {
2559 + int rc = -ENOPROTOOPT;
2560 +- if (ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL)
2561 ++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL)
2562 + rc = ccid->ccid_ops->ccid_hc_rx_getsockopt(sk, optname, len,
2563 + optval, optlen);
2564 + return rc;
2565 +@@ -257,7 +257,7 @@ static inline int ccid_hc_tx_getsockopt(struct ccid *ccid, struct sock *sk,
2566 + u32 __user *optval, int __user *optlen)
2567 + {
2568 + int rc = -ENOPROTOOPT;
2569 +- if (ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL)
2570 ++ if (ccid != NULL && ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL)
2571 + rc = ccid->ccid_ops->ccid_hc_tx_getsockopt(sk, optname, len,
2572 + optval, optlen);
2573 + return rc;
2574 +diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
2575 +index 8c67bed..ce0d140 100644
2576 +--- a/net/dccp/ccids/ccid3.c
2577 ++++ b/net/dccp/ccids/ccid3.c
2578 +@@ -531,6 +531,7 @@ static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len,
2579 + case DCCP_SOCKOPT_CCID_TX_INFO:
2580 + if (len < sizeof(tfrc))
2581 + return -EINVAL;
2582 ++ memset(&tfrc, 0, sizeof(tfrc));
2583 + tfrc.tfrctx_x = hc->tx_x;
2584 + tfrc.tfrctx_x_recv = hc->tx_x_recv;
2585 + tfrc.tfrctx_x_calc = hc->tx_x_calc;
2586 diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c
2587 index a55eecc..dd8428c 100644
2588 --- a/net/decnet/sysctl_net_decnet.c
2589 @@ -76859,6 +77054,38 @@ index 34e4185..8823368 100644
2590 } while (!res);
2591 return res;
2592 }
2593 +diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
2594 +index 35e1e4b..9275471 100644
2595 +--- a/net/l2tp/l2tp_ip6.c
2596 ++++ b/net/l2tp/l2tp_ip6.c
2597 +@@ -410,6 +410,7 @@ static int l2tp_ip6_getname(struct socket *sock, struct sockaddr *uaddr,
2598 + lsa->l2tp_family = AF_INET6;
2599 + lsa->l2tp_flowinfo = 0;
2600 + lsa->l2tp_scope_id = 0;
2601 ++ lsa->l2tp_unused = 0;
2602 + if (peer) {
2603 + if (!lsk->peer_conn_id)
2604 + return -ENOTCONN;
2605 +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
2606 +index fe5453c..a13c3e23 100644
2607 +--- a/net/llc/af_llc.c
2608 ++++ b/net/llc/af_llc.c
2609 +@@ -969,14 +969,13 @@ static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr,
2610 + struct sockaddr_llc sllc;
2611 + struct sock *sk = sock->sk;
2612 + struct llc_sock *llc = llc_sk(sk);
2613 +- int rc = 0;
2614 ++ int rc = -EBADF;
2615 +
2616 + memset(&sllc, 0, sizeof(sllc));
2617 + lock_sock(sk);
2618 + if (sock_flag(sk, SOCK_ZAPPED))
2619 + goto out;
2620 + *uaddrlen = sizeof(sllc);
2621 +- memset(uaddr, 0, *uaddrlen);
2622 + if (peer) {
2623 + rc = -ENOTCONN;
2624 + if (sk->sk_state != TCP_ESTABLISHED)
2625 diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
2626 index 3f3cd50..d2cf249 100644
2627 --- a/net/mac80211/ieee80211_i.h
2628 @@ -77117,7 +77344,7 @@ index a54b018c..07e0120 100644
2629 if (ipvs->sync_state & IP_VS_STATE_MASTER)
2630 ip_vs_sync_conn(net, cp, pkts);
2631 diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
2632 -index 84444dd..86adaa0 100644
2633 +index 84444dd..f91c066 100644
2634 --- a/net/netfilter/ipvs/ip_vs_ctl.c
2635 +++ b/net/netfilter/ipvs/ip_vs_ctl.c
2636 @@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
2637 @@ -77156,7 +77383,15 @@ index 84444dd..86adaa0 100644
2638 entry.weight = atomic_read(&dest->weight);
2639 entry.u_threshold = dest->u_threshold;
2640 entry.l_threshold = dest->l_threshold;
2641 -@@ -3089,7 +3089,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
2642 +@@ -2759,6 +2759,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2643 + {
2644 + struct ip_vs_timeout_user t;
2645 +
2646 ++ memset(&t, 0, sizeof(t));
2647 + __ip_vs_get_timeouts(net, &t);
2648 + if (copy_to_user(user, &t, sizeof(t)) != 0)
2649 + ret = -EFAULT;
2650 +@@ -3089,7 +3090,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
2651 if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) ||
2652 nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) ||
2653 nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD,
2654 @@ -77359,7 +77594,7 @@ index 4fe4fb4..87a89e5 100644
2655 return 0;
2656 }
2657 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
2658 -index b3025a6..d63a537 100644
2659 +index b3025a6..e21e5297 100644
2660 --- a/net/netlink/af_netlink.c
2661 +++ b/net/netlink/af_netlink.c
2662 @@ -753,7 +753,7 @@ static void netlink_overrun(struct sock *sk)
2663 @@ -77371,6 +77606,15 @@ index b3025a6..d63a537 100644
2664 }
2665
2666 static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
2667 +@@ -1344,7 +1344,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
2668 + if (NULL == siocb->scm)
2669 + siocb->scm = &scm;
2670 +
2671 +- err = scm_send(sock, msg, siocb->scm);
2672 ++ err = scm_send(sock, msg, siocb->scm, true);
2673 + if (err < 0)
2674 + return err;
2675 +
2676 @@ -2022,7 +2022,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
2677 sk_wmem_alloc_get(s),
2678 nlk->cb,
2679 @@ -77994,7 +78238,7 @@ index 31c7bfc..bc380ae 100644
2680 to += addrlen;
2681 cnt++;
2682 diff --git a/net/socket.c b/net/socket.c
2683 -index 0452dca..7e9758c 100644
2684 +index 0452dca..0d601e0 100644
2685 --- a/net/socket.c
2686 +++ b/net/socket.c
2687 @@ -88,6 +88,7 @@
2688 @@ -78165,7 +78409,15 @@ index 0452dca..7e9758c 100644
2689 uaddr_len = COMPAT_NAMELEN(msg);
2690 if (MSG_CMSG_COMPAT & flags) {
2691 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2692 -@@ -2761,7 +2821,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2693 +@@ -2658,6 +2718,7 @@ static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
2694 + if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
2695 + return -EFAULT;
2696 +
2697 ++ memset(&ifc, 0, sizeof(ifc));
2698 + if (ifc32.ifcbuf == 0) {
2699 + ifc32.ifc_len = 0;
2700 + ifc.ifc_len = 0;
2701 +@@ -2761,7 +2822,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2702 }
2703
2704 ifr = compat_alloc_user_space(buf_size);
2705 @@ -78174,7 +78426,7 @@ index 0452dca..7e9758c 100644
2706
2707 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
2708 return -EFAULT;
2709 -@@ -2785,12 +2845,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2710 +@@ -2785,12 +2846,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2711 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
2712
2713 if (copy_in_user(rxnfc, compat_rxnfc,
2714 @@ -78191,7 +78443,7 @@ index 0452dca..7e9758c 100644
2715 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
2716 sizeof(rxnfc->rule_cnt)))
2717 return -EFAULT;
2718 -@@ -2802,12 +2862,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2719 +@@ -2802,12 +2863,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2720
2721 if (convert_out) {
2722 if (copy_in_user(compat_rxnfc, rxnfc,
2723 @@ -78208,7 +78460,7 @@ index 0452dca..7e9758c 100644
2724 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
2725 sizeof(rxnfc->rule_cnt)))
2726 return -EFAULT;
2727 -@@ -2877,7 +2937,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
2728 +@@ -2877,7 +2938,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
2729 old_fs = get_fs();
2730 set_fs(KERNEL_DS);
2731 err = dev_ioctl(net, cmd,
2732 @@ -78217,7 +78469,7 @@ index 0452dca..7e9758c 100644
2733 set_fs(old_fs);
2734
2735 return err;
2736 -@@ -2986,7 +3046,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
2737 +@@ -2986,7 +3047,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
2738
2739 old_fs = get_fs();
2740 set_fs(KERNEL_DS);
2741 @@ -78226,7 +78478,7 @@ index 0452dca..7e9758c 100644
2742 set_fs(old_fs);
2743
2744 if (cmd == SIOCGIFMAP && !err) {
2745 -@@ -3091,7 +3151,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
2746 +@@ -3091,7 +3152,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
2747 ret |= __get_user(rtdev, &(ur4->rt_dev));
2748 if (rtdev) {
2749 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
2750 @@ -78235,7 +78487,7 @@ index 0452dca..7e9758c 100644
2751 devname[15] = 0;
2752 } else
2753 r4.rt_dev = NULL;
2754 -@@ -3317,8 +3377,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
2755 +@@ -3317,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
2756 int __user *uoptlen;
2757 int err;
2758
2759 @@ -78246,7 +78498,7 @@ index 0452dca..7e9758c 100644
2760
2761 set_fs(KERNEL_DS);
2762 if (level == SOL_SOCKET)
2763 -@@ -3338,7 +3398,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
2764 +@@ -3338,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
2765 char __user *uoptval;
2766 int err;
2767
2768 @@ -78546,7 +78798,7 @@ index f976e9cd..560d055 100644
2769
2770 sub->evt.event = htohl(event, sub->swap);
2771 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
2772 -index 641f2e4..a63f5e1 100644
2773 +index 641f2e4..590bb48 100644
2774 --- a/net/unix/af_unix.c
2775 +++ b/net/unix/af_unix.c
2776 @@ -780,6 +780,12 @@ static struct sock *unix_find_other(struct net *net,
2777 @@ -78595,6 +78847,24 @@ index 641f2e4..a63f5e1 100644
2778 mutex_unlock(&path.dentry->d_inode->i_mutex);
2779 dput(path.dentry);
2780 path.dentry = dentry;
2781 +@@ -1448,7 +1468,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
2782 + if (NULL == siocb->scm)
2783 + siocb->scm = &tmp_scm;
2784 + wait_for_unix_gc();
2785 +- err = scm_send(sock, msg, siocb->scm);
2786 ++ err = scm_send(sock, msg, siocb->scm, false);
2787 + if (err < 0)
2788 + return err;
2789 +
2790 +@@ -1617,7 +1637,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
2791 + if (NULL == siocb->scm)
2792 + siocb->scm = &tmp_scm;
2793 + wait_for_unix_gc();
2794 +- err = scm_send(sock, msg, siocb->scm);
2795 ++ err = scm_send(sock, msg, siocb->scm, false);
2796 + if (err < 0)
2797 + return err;
2798 +
2799 diff --git a/net/wireless/core.h b/net/wireless/core.h
2800 index bc686ef..27845e6 100644
2801 --- a/net/wireless/core.h
Report Message
Find on MARC Find on Google Groups