1 |
commit: 0e6807eeaecaa7b480734954188884619fde9cc8 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 29 23:44:23 2013 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 29 23:44:23 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=0e6807ee |
7 |
|
8 |
Grsec/PaX: 2.9.1-{3.2.50.3.10.9}-201308282054 |
9 |
|
10 |
--- |
11 |
3.10.9/0000_README | 10 +- |
12 |
3.10.9/1007_linux-3.10.8.patch | 1793 ------------------ |
13 |
3.10.9/1008_linux-3.10.9.patch | 37 - |
14 |
...420_grsecurity-2.9.1-3.10.9-201308282054.patch} | 1954 ++++++++++++++++++-- |
15 |
3.2.50/0000_README | 2 +- |
16 |
...420_grsecurity-2.9.1-3.2.50-201308282053.patch} | 501 ++++- |
17 |
6 files changed, 2338 insertions(+), 1959 deletions(-) |
18 |
|
19 |
diff --git a/3.10.9/0000_README b/3.10.9/0000_README |
20 |
index 71cd5ee..d335961 100644 |
21 |
--- a/3.10.9/0000_README |
22 |
+++ b/3.10.9/0000_README |
23 |
@@ -2,15 +2,7 @@ README |
24 |
----------------------------------------------------------------------------- |
25 |
Individual Patch Descriptions: |
26 |
----------------------------------------------------------------------------- |
27 |
-Patch: 1007_linux-3.10.8.patch |
28 |
-From: http://www.kernel.org |
29 |
-Desc: Linux 3.10.8 |
30 |
- |
31 |
-Patch: 1008_linux-3.10.9.patch |
32 |
-From: http://www.kernel.org |
33 |
-Desc: Linux 3.10.9 |
34 |
- |
35 |
-Patch: 4420_grsecurity-2.9.1-3.10.9-201308202015.patch |
36 |
+Patch: 4420_grsecurity-2.9.1-3.10.9-201308282054.patch |
37 |
From: http://www.grsecurity.net |
38 |
Desc: hardened-sources base patch from upstream grsecurity |
39 |
|
40 |
|
41 |
diff --git a/3.10.9/1007_linux-3.10.8.patch b/3.10.9/1007_linux-3.10.8.patch |
42 |
deleted file mode 100644 |
43 |
index bf200d8..0000000 |
44 |
--- a/3.10.9/1007_linux-3.10.8.patch |
45 |
+++ /dev/null |
46 |
@@ -1,1793 +0,0 @@ |
47 |
-diff --git a/Makefile b/Makefile |
48 |
-index 33e36ab..1a21612 100644 |
49 |
---- a/Makefile |
50 |
-+++ b/Makefile |
51 |
-@@ -1,6 +1,6 @@ |
52 |
- VERSION = 3 |
53 |
- PATCHLEVEL = 10 |
54 |
--SUBLEVEL = 7 |
55 |
-+SUBLEVEL = 8 |
56 |
- EXTRAVERSION = |
57 |
- NAME = TOSSUG Baby Fish |
58 |
- |
59 |
-diff --git a/arch/Kconfig b/arch/Kconfig |
60 |
-index a4429bc..00e3702 100644 |
61 |
---- a/arch/Kconfig |
62 |
-+++ b/arch/Kconfig |
63 |
-@@ -404,6 +404,12 @@ config CLONE_BACKWARDS2 |
64 |
- help |
65 |
- Architecture has the first two arguments of clone(2) swapped. |
66 |
- |
67 |
-+config CLONE_BACKWARDS3 |
68 |
-+ bool |
69 |
-+ help |
70 |
-+ Architecture has tls passed as the 3rd argument of clone(2), |
71 |
-+ not the 5th one. |
72 |
-+ |
73 |
- config ODD_RT_SIGACTION |
74 |
- bool |
75 |
- help |
76 |
-diff --git a/arch/arm/include/asm/kvm_asm.h b/arch/arm/include/asm/kvm_asm.h |
77 |
-index 18d5032..4bb08e3 100644 |
78 |
---- a/arch/arm/include/asm/kvm_asm.h |
79 |
-+++ b/arch/arm/include/asm/kvm_asm.h |
80 |
-@@ -37,16 +37,18 @@ |
81 |
- #define c5_AIFSR 15 /* Auxilary Instrunction Fault Status R */ |
82 |
- #define c6_DFAR 16 /* Data Fault Address Register */ |
83 |
- #define c6_IFAR 17 /* Instruction Fault Address Register */ |
84 |
--#define c9_L2CTLR 18 /* Cortex A15 L2 Control Register */ |
85 |
--#define c10_PRRR 19 /* Primary Region Remap Register */ |
86 |
--#define c10_NMRR 20 /* Normal Memory Remap Register */ |
87 |
--#define c12_VBAR 21 /* Vector Base Address Register */ |
88 |
--#define c13_CID 22 /* Context ID Register */ |
89 |
--#define c13_TID_URW 23 /* Thread ID, User R/W */ |
90 |
--#define c13_TID_URO 24 /* Thread ID, User R/O */ |
91 |
--#define c13_TID_PRIV 25 /* Thread ID, Privileged */ |
92 |
--#define c14_CNTKCTL 26 /* Timer Control Register (PL1) */ |
93 |
--#define NR_CP15_REGS 27 /* Number of regs (incl. invalid) */ |
94 |
-+#define c7_PAR 18 /* Physical Address Register */ |
95 |
-+#define c7_PAR_high 19 /* PAR top 32 bits */ |
96 |
-+#define c9_L2CTLR 20 /* Cortex A15 L2 Control Register */ |
97 |
-+#define c10_PRRR 21 /* Primary Region Remap Register */ |
98 |
-+#define c10_NMRR 22 /* Normal Memory Remap Register */ |
99 |
-+#define c12_VBAR 23 /* Vector Base Address Register */ |
100 |
-+#define c13_CID 24 /* Context ID Register */ |
101 |
-+#define c13_TID_URW 25 /* Thread ID, User R/W */ |
102 |
-+#define c13_TID_URO 26 /* Thread ID, User R/O */ |
103 |
-+#define c13_TID_PRIV 27 /* Thread ID, Privileged */ |
104 |
-+#define c14_CNTKCTL 28 /* Timer Control Register (PL1) */ |
105 |
-+#define NR_CP15_REGS 29 /* Number of regs (incl. invalid) */ |
106 |
- |
107 |
- #define ARM_EXCEPTION_RESET 0 |
108 |
- #define ARM_EXCEPTION_UNDEFINED 1 |
109 |
-diff --git a/arch/arm/include/asm/tlb.h b/arch/arm/include/asm/tlb.h |
110 |
-index bdf2b84..aa9b4ac 100644 |
111 |
---- a/arch/arm/include/asm/tlb.h |
112 |
-+++ b/arch/arm/include/asm/tlb.h |
113 |
-@@ -43,6 +43,7 @@ struct mmu_gather { |
114 |
- struct mm_struct *mm; |
115 |
- unsigned int fullmm; |
116 |
- struct vm_area_struct *vma; |
117 |
-+ unsigned long start, end; |
118 |
- unsigned long range_start; |
119 |
- unsigned long range_end; |
120 |
- unsigned int nr; |
121 |
-@@ -107,10 +108,12 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb) |
122 |
- } |
123 |
- |
124 |
- static inline void |
125 |
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int fullmm) |
126 |
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end) |
127 |
- { |
128 |
- tlb->mm = mm; |
129 |
-- tlb->fullmm = fullmm; |
130 |
-+ tlb->fullmm = !(start | (end+1)); |
131 |
-+ tlb->start = start; |
132 |
-+ tlb->end = end; |
133 |
- tlb->vma = NULL; |
134 |
- tlb->max = ARRAY_SIZE(tlb->local); |
135 |
- tlb->pages = tlb->local; |
136 |
-diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c |
137 |
-index d9f5cd4..e19edc6 100644 |
138 |
---- a/arch/arm/kernel/perf_event.c |
139 |
-+++ b/arch/arm/kernel/perf_event.c |
140 |
-@@ -53,7 +53,12 @@ armpmu_map_cache_event(const unsigned (*cache_map) |
141 |
- static int |
142 |
- armpmu_map_hw_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config) |
143 |
- { |
144 |
-- int mapping = (*event_map)[config]; |
145 |
-+ int mapping; |
146 |
-+ |
147 |
-+ if (config >= PERF_COUNT_HW_MAX) |
148 |
-+ return -ENOENT; |
149 |
-+ |
150 |
-+ mapping = (*event_map)[config]; |
151 |
- return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping; |
152 |
- } |
153 |
- |
154 |
-@@ -253,6 +258,9 @@ validate_event(struct pmu_hw_events *hw_events, |
155 |
- struct arm_pmu *armpmu = to_arm_pmu(event->pmu); |
156 |
- struct pmu *leader_pmu = event->group_leader->pmu; |
157 |
- |
158 |
-+ if (is_software_event(event)) |
159 |
-+ return 1; |
160 |
-+ |
161 |
- if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF) |
162 |
- return 1; |
163 |
- |
164 |
-diff --git a/arch/arm/kvm/coproc.c b/arch/arm/kvm/coproc.c |
165 |
-index 8eea97b..4a51990 100644 |
166 |
---- a/arch/arm/kvm/coproc.c |
167 |
-+++ b/arch/arm/kvm/coproc.c |
168 |
-@@ -180,6 +180,10 @@ static const struct coproc_reg cp15_regs[] = { |
169 |
- NULL, reset_unknown, c6_DFAR }, |
170 |
- { CRn( 6), CRm( 0), Op1( 0), Op2( 2), is32, |
171 |
- NULL, reset_unknown, c6_IFAR }, |
172 |
-+ |
173 |
-+ /* PAR swapped by interrupt.S */ |
174 |
-+ { CRn( 7), Op1( 0), is64, NULL, reset_unknown64, c7_PAR }, |
175 |
-+ |
176 |
- /* |
177 |
- * DC{C,I,CI}SW operations: |
178 |
- */ |
179 |
-diff --git a/arch/arm/kvm/interrupts.S b/arch/arm/kvm/interrupts.S |
180 |
-index f7793df..16cd4ba 100644 |
181 |
---- a/arch/arm/kvm/interrupts.S |
182 |
-+++ b/arch/arm/kvm/interrupts.S |
183 |
-@@ -49,6 +49,7 @@ __kvm_hyp_code_start: |
184 |
- ENTRY(__kvm_tlb_flush_vmid_ipa) |
185 |
- push {r2, r3} |
186 |
- |
187 |
-+ dsb ishst |
188 |
- add r0, r0, #KVM_VTTBR |
189 |
- ldrd r2, r3, [r0] |
190 |
- mcrr p15, 6, r2, r3, c2 @ Write VTTBR |
191 |
-@@ -291,6 +292,7 @@ THUMB( orr r2, r2, #PSR_T_BIT ) |
192 |
- ldr r2, =BSYM(panic) |
193 |
- msr ELR_hyp, r2 |
194 |
- ldr r0, =\panic_str |
195 |
-+ clrex @ Clear exclusive monitor |
196 |
- eret |
197 |
- .endm |
198 |
- |
199 |
-@@ -414,6 +416,10 @@ guest_trap: |
200 |
- mrcne p15, 4, r2, c6, c0, 4 @ HPFAR |
201 |
- bne 3f |
202 |
- |
203 |
-+ /* Preserve PAR */ |
204 |
-+ mrrc p15, 0, r0, r1, c7 @ PAR |
205 |
-+ push {r0, r1} |
206 |
-+ |
207 |
- /* Resolve IPA using the xFAR */ |
208 |
- mcr p15, 0, r2, c7, c8, 0 @ ATS1CPR |
209 |
- isb |
210 |
-@@ -424,13 +430,20 @@ guest_trap: |
211 |
- lsl r2, r2, #4 |
212 |
- orr r2, r2, r1, lsl #24 |
213 |
- |
214 |
-+ /* Restore PAR */ |
215 |
-+ pop {r0, r1} |
216 |
-+ mcrr p15, 0, r0, r1, c7 @ PAR |
217 |
-+ |
218 |
- 3: load_vcpu @ Load VCPU pointer to r0 |
219 |
- str r2, [r0, #VCPU_HPFAR] |
220 |
- |
221 |
- 1: mov r1, #ARM_EXCEPTION_HVC |
222 |
- b __kvm_vcpu_return |
223 |
- |
224 |
--4: pop {r0, r1, r2} @ Failed translation, return to guest |
225 |
-+4: pop {r0, r1} @ Failed translation, return to guest |
226 |
-+ mcrr p15, 0, r0, r1, c7 @ PAR |
227 |
-+ clrex |
228 |
-+ pop {r0, r1, r2} |
229 |
- eret |
230 |
- |
231 |
- /* |
232 |
-@@ -456,6 +469,7 @@ switch_to_guest_vfp: |
233 |
- |
234 |
- pop {r3-r7} |
235 |
- pop {r0-r2} |
236 |
-+ clrex |
237 |
- eret |
238 |
- #endif |
239 |
- |
240 |
-diff --git a/arch/arm/kvm/interrupts_head.S b/arch/arm/kvm/interrupts_head.S |
241 |
-index 3c8f2f0..2b44b95 100644 |
242 |
---- a/arch/arm/kvm/interrupts_head.S |
243 |
-+++ b/arch/arm/kvm/interrupts_head.S |
244 |
-@@ -302,11 +302,14 @@ vcpu .req r0 @ vcpu pointer always in r0 |
245 |
- .endif |
246 |
- |
247 |
- mrc p15, 0, r2, c14, c1, 0 @ CNTKCTL |
248 |
-+ mrrc p15, 0, r4, r5, c7 @ PAR |
249 |
- |
250 |
- .if \store_to_vcpu == 0 |
251 |
-- push {r2} |
252 |
-+ push {r2,r4-r5} |
253 |
- .else |
254 |
- str r2, [vcpu, #CP15_OFFSET(c14_CNTKCTL)] |
255 |
-+ add r12, vcpu, #CP15_OFFSET(c7_PAR) |
256 |
-+ strd r4, r5, [r12] |
257 |
- .endif |
258 |
- .endm |
259 |
- |
260 |
-@@ -319,12 +322,15 @@ vcpu .req r0 @ vcpu pointer always in r0 |
261 |
- */ |
262 |
- .macro write_cp15_state read_from_vcpu |
263 |
- .if \read_from_vcpu == 0 |
264 |
-- pop {r2} |
265 |
-+ pop {r2,r4-r5} |
266 |
- .else |
267 |
- ldr r2, [vcpu, #CP15_OFFSET(c14_CNTKCTL)] |
268 |
-+ add r12, vcpu, #CP15_OFFSET(c7_PAR) |
269 |
-+ ldrd r4, r5, [r12] |
270 |
- .endif |
271 |
- |
272 |
- mcr p15, 0, r2, c14, c1, 0 @ CNTKCTL |
273 |
-+ mcrr p15, 0, r4, r5, c7 @ PAR |
274 |
- |
275 |
- .if \read_from_vcpu == 0 |
276 |
- pop {r2-r12} |
277 |
-diff --git a/arch/arm64/include/asm/tlb.h b/arch/arm64/include/asm/tlb.h |
278 |
-index 654f096..5546653 100644 |
279 |
---- a/arch/arm64/include/asm/tlb.h |
280 |
-+++ b/arch/arm64/include/asm/tlb.h |
281 |
-@@ -35,6 +35,7 @@ struct mmu_gather { |
282 |
- struct mm_struct *mm; |
283 |
- unsigned int fullmm; |
284 |
- struct vm_area_struct *vma; |
285 |
-+ unsigned long start, end; |
286 |
- unsigned long range_start; |
287 |
- unsigned long range_end; |
288 |
- unsigned int nr; |
289 |
-@@ -97,10 +98,12 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb) |
290 |
- } |
291 |
- |
292 |
- static inline void |
293 |
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int fullmm) |
294 |
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end) |
295 |
- { |
296 |
- tlb->mm = mm; |
297 |
-- tlb->fullmm = fullmm; |
298 |
-+ tlb->fullmm = !(start | (end+1)); |
299 |
-+ tlb->start = start; |
300 |
-+ tlb->end = end; |
301 |
- tlb->vma = NULL; |
302 |
- tlb->max = ARRAY_SIZE(tlb->local); |
303 |
- tlb->pages = tlb->local; |
304 |
-diff --git a/arch/ia64/include/asm/tlb.h b/arch/ia64/include/asm/tlb.h |
305 |
-index ef3a9de..bc5efc7 100644 |
306 |
---- a/arch/ia64/include/asm/tlb.h |
307 |
-+++ b/arch/ia64/include/asm/tlb.h |
308 |
-@@ -22,7 +22,7 @@ |
309 |
- * unmapping a portion of the virtual address space, these hooks are called according to |
310 |
- * the following template: |
311 |
- * |
312 |
-- * tlb <- tlb_gather_mmu(mm, full_mm_flush); // start unmap for address space MM |
313 |
-+ * tlb <- tlb_gather_mmu(mm, start, end); // start unmap for address space MM |
314 |
- * { |
315 |
- * for each vma that needs a shootdown do { |
316 |
- * tlb_start_vma(tlb, vma); |
317 |
-@@ -58,6 +58,7 @@ struct mmu_gather { |
318 |
- unsigned int max; |
319 |
- unsigned char fullmm; /* non-zero means full mm flush */ |
320 |
- unsigned char need_flush; /* really unmapped some PTEs? */ |
321 |
-+ unsigned long start, end; |
322 |
- unsigned long start_addr; |
323 |
- unsigned long end_addr; |
324 |
- struct page **pages; |
325 |
-@@ -155,13 +156,15 @@ static inline void __tlb_alloc_page(struct mmu_gather *tlb) |
326 |
- |
327 |
- |
328 |
- static inline void |
329 |
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush) |
330 |
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end) |
331 |
- { |
332 |
- tlb->mm = mm; |
333 |
- tlb->max = ARRAY_SIZE(tlb->local); |
334 |
- tlb->pages = tlb->local; |
335 |
- tlb->nr = 0; |
336 |
-- tlb->fullmm = full_mm_flush; |
337 |
-+ tlb->fullmm = !(start | (end+1)); |
338 |
-+ tlb->start = start; |
339 |
-+ tlb->end = end; |
340 |
- tlb->start_addr = ~0UL; |
341 |
- } |
342 |
- |
343 |
-diff --git a/arch/m68k/emu/natfeat.c b/arch/m68k/emu/natfeat.c |
344 |
-index 2291a7d..fa277ae 100644 |
345 |
---- a/arch/m68k/emu/natfeat.c |
346 |
-+++ b/arch/m68k/emu/natfeat.c |
347 |
-@@ -18,9 +18,11 @@ |
348 |
- #include <asm/machdep.h> |
349 |
- #include <asm/natfeat.h> |
350 |
- |
351 |
-+extern long nf_get_id2(const char *feature_name); |
352 |
-+ |
353 |
- asm("\n" |
354 |
--" .global nf_get_id,nf_call\n" |
355 |
--"nf_get_id:\n" |
356 |
-+" .global nf_get_id2,nf_call\n" |
357 |
-+"nf_get_id2:\n" |
358 |
- " .short 0x7300\n" |
359 |
- " rts\n" |
360 |
- "nf_call:\n" |
361 |
-@@ -29,12 +31,25 @@ asm("\n" |
362 |
- "1: moveq.l #0,%d0\n" |
363 |
- " rts\n" |
364 |
- " .section __ex_table,\"a\"\n" |
365 |
--" .long nf_get_id,1b\n" |
366 |
-+" .long nf_get_id2,1b\n" |
367 |
- " .long nf_call,1b\n" |
368 |
- " .previous"); |
369 |
--EXPORT_SYMBOL_GPL(nf_get_id); |
370 |
- EXPORT_SYMBOL_GPL(nf_call); |
371 |
- |
372 |
-+long nf_get_id(const char *feature_name) |
373 |
-+{ |
374 |
-+ /* feature_name may be in vmalloc()ed memory, so make a copy */ |
375 |
-+ char name_copy[32]; |
376 |
-+ size_t n; |
377 |
-+ |
378 |
-+ n = strlcpy(name_copy, feature_name, sizeof(name_copy)); |
379 |
-+ if (n >= sizeof(name_copy)) |
380 |
-+ return 0; |
381 |
-+ |
382 |
-+ return nf_get_id2(name_copy); |
383 |
-+} |
384 |
-+EXPORT_SYMBOL_GPL(nf_get_id); |
385 |
-+ |
386 |
- void nfprint(const char *fmt, ...) |
387 |
- { |
388 |
- static char buf[256]; |
389 |
-diff --git a/arch/m68k/include/asm/div64.h b/arch/m68k/include/asm/div64.h |
390 |
-index 444ea8a..ef881cf 100644 |
391 |
---- a/arch/m68k/include/asm/div64.h |
392 |
-+++ b/arch/m68k/include/asm/div64.h |
393 |
-@@ -15,16 +15,17 @@ |
394 |
- unsigned long long n64; \ |
395 |
- } __n; \ |
396 |
- unsigned long __rem, __upper; \ |
397 |
-+ unsigned long __base = (base); \ |
398 |
- \ |
399 |
- __n.n64 = (n); \ |
400 |
- if ((__upper = __n.n32[0])) { \ |
401 |
- asm ("divul.l %2,%1:%0" \ |
402 |
-- : "=d" (__n.n32[0]), "=d" (__upper) \ |
403 |
-- : "d" (base), "0" (__n.n32[0])); \ |
404 |
-+ : "=d" (__n.n32[0]), "=d" (__upper) \ |
405 |
-+ : "d" (__base), "0" (__n.n32[0])); \ |
406 |
- } \ |
407 |
- asm ("divu.l %2,%1:%0" \ |
408 |
-- : "=d" (__n.n32[1]), "=d" (__rem) \ |
409 |
-- : "d" (base), "1" (__upper), "0" (__n.n32[1])); \ |
410 |
-+ : "=d" (__n.n32[1]), "=d" (__rem) \ |
411 |
-+ : "d" (__base), "1" (__upper), "0" (__n.n32[1])); \ |
412 |
- (n) = __n.n64; \ |
413 |
- __rem; \ |
414 |
- }) |
415 |
-diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig |
416 |
-index d22a4ec..4fab522 100644 |
417 |
---- a/arch/microblaze/Kconfig |
418 |
-+++ b/arch/microblaze/Kconfig |
419 |
-@@ -28,7 +28,7 @@ config MICROBLAZE |
420 |
- select GENERIC_CLOCKEVENTS |
421 |
- select GENERIC_IDLE_POLL_SETUP |
422 |
- select MODULES_USE_ELF_RELA |
423 |
-- select CLONE_BACKWARDS |
424 |
-+ select CLONE_BACKWARDS3 |
425 |
- |
426 |
- config SWAP |
427 |
- def_bool n |
428 |
-diff --git a/arch/s390/include/asm/tlb.h b/arch/s390/include/asm/tlb.h |
429 |
-index b75d7d6..6d6d92b 100644 |
430 |
---- a/arch/s390/include/asm/tlb.h |
431 |
-+++ b/arch/s390/include/asm/tlb.h |
432 |
-@@ -32,6 +32,7 @@ struct mmu_gather { |
433 |
- struct mm_struct *mm; |
434 |
- struct mmu_table_batch *batch; |
435 |
- unsigned int fullmm; |
436 |
-+ unsigned long start, end; |
437 |
- }; |
438 |
- |
439 |
- struct mmu_table_batch { |
440 |
-@@ -48,10 +49,13 @@ extern void tlb_remove_table(struct mmu_gather *tlb, void *table); |
441 |
- |
442 |
- static inline void tlb_gather_mmu(struct mmu_gather *tlb, |
443 |
- struct mm_struct *mm, |
444 |
-- unsigned int full_mm_flush) |
445 |
-+ unsigned long start, |
446 |
-+ unsigned long end) |
447 |
- { |
448 |
- tlb->mm = mm; |
449 |
-- tlb->fullmm = full_mm_flush; |
450 |
-+ tlb->start = start; |
451 |
-+ tlb->end = end; |
452 |
-+ tlb->fullmm = !(start | (end+1)); |
453 |
- tlb->batch = NULL; |
454 |
- if (tlb->fullmm) |
455 |
- __tlb_flush_mm(mm); |
456 |
-diff --git a/arch/sh/include/asm/tlb.h b/arch/sh/include/asm/tlb.h |
457 |
-index e61d43d..362192e 100644 |
458 |
---- a/arch/sh/include/asm/tlb.h |
459 |
-+++ b/arch/sh/include/asm/tlb.h |
460 |
-@@ -36,10 +36,12 @@ static inline void init_tlb_gather(struct mmu_gather *tlb) |
461 |
- } |
462 |
- |
463 |
- static inline void |
464 |
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush) |
465 |
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end) |
466 |
- { |
467 |
- tlb->mm = mm; |
468 |
-- tlb->fullmm = full_mm_flush; |
469 |
-+ tlb->start = start; |
470 |
-+ tlb->end = end; |
471 |
-+ tlb->fullmm = !(start | (end+1)); |
472 |
- |
473 |
- init_tlb_gather(tlb); |
474 |
- } |
475 |
-diff --git a/arch/um/include/asm/tlb.h b/arch/um/include/asm/tlb.h |
476 |
-index 4febacd..29b0301 100644 |
477 |
---- a/arch/um/include/asm/tlb.h |
478 |
-+++ b/arch/um/include/asm/tlb.h |
479 |
-@@ -45,10 +45,12 @@ static inline void init_tlb_gather(struct mmu_gather *tlb) |
480 |
- } |
481 |
- |
482 |
- static inline void |
483 |
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush) |
484 |
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end) |
485 |
- { |
486 |
- tlb->mm = mm; |
487 |
-- tlb->fullmm = full_mm_flush; |
488 |
-+ tlb->start = start; |
489 |
-+ tlb->end = end; |
490 |
-+ tlb->fullmm = !(start | (end+1)); |
491 |
- |
492 |
- init_tlb_gather(tlb); |
493 |
- } |
494 |
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c |
495 |
-index 52441a2..8aac56b 100644 |
496 |
---- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c |
497 |
-+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c |
498 |
-@@ -314,8 +314,8 @@ static struct uncore_event_desc snbep_uncore_imc_events[] = { |
499 |
- static struct uncore_event_desc snbep_uncore_qpi_events[] = { |
500 |
- INTEL_UNCORE_EVENT_DESC(clockticks, "event=0x14"), |
501 |
- INTEL_UNCORE_EVENT_DESC(txl_flits_active, "event=0x00,umask=0x06"), |
502 |
-- INTEL_UNCORE_EVENT_DESC(drs_data, "event=0x02,umask=0x08"), |
503 |
-- INTEL_UNCORE_EVENT_DESC(ncb_data, "event=0x03,umask=0x04"), |
504 |
-+ INTEL_UNCORE_EVENT_DESC(drs_data, "event=0x102,umask=0x08"), |
505 |
-+ INTEL_UNCORE_EVENT_DESC(ncb_data, "event=0x103,umask=0x04"), |
506 |
- { /* end: all zeroes */ }, |
507 |
- }; |
508 |
- |
509 |
-diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c |
510 |
-index dbded5a..48f8375 100644 |
511 |
---- a/arch/x86/kernel/sys_x86_64.c |
512 |
-+++ b/arch/x86/kernel/sys_x86_64.c |
513 |
-@@ -101,7 +101,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, |
514 |
- *begin = new_begin; |
515 |
- } |
516 |
- } else { |
517 |
-- *begin = TASK_UNMAPPED_BASE; |
518 |
-+ *begin = mmap_legacy_base(); |
519 |
- *end = TASK_SIZE; |
520 |
- } |
521 |
- } |
522 |
-diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c |
523 |
-index 845df68..c1af323 100644 |
524 |
---- a/arch/x86/mm/mmap.c |
525 |
-+++ b/arch/x86/mm/mmap.c |
526 |
-@@ -98,7 +98,7 @@ static unsigned long mmap_base(void) |
527 |
- * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64 |
528 |
- * does, but not when emulating X86_32 |
529 |
- */ |
530 |
--static unsigned long mmap_legacy_base(void) |
531 |
-+unsigned long mmap_legacy_base(void) |
532 |
- { |
533 |
- if (mmap_is_ia32()) |
534 |
- return TASK_UNMAPPED_BASE; |
535 |
-diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c |
536 |
-index d5cd313..d5bbdcf 100644 |
537 |
---- a/block/cfq-iosched.c |
538 |
-+++ b/block/cfq-iosched.c |
539 |
-@@ -4347,18 +4347,28 @@ static void cfq_exit_queue(struct elevator_queue *e) |
540 |
- kfree(cfqd); |
541 |
- } |
542 |
- |
543 |
--static int cfq_init_queue(struct request_queue *q) |
544 |
-+static int cfq_init_queue(struct request_queue *q, struct elevator_type *e) |
545 |
- { |
546 |
- struct cfq_data *cfqd; |
547 |
- struct blkcg_gq *blkg __maybe_unused; |
548 |
- int i, ret; |
549 |
-+ struct elevator_queue *eq; |
550 |
-+ |
551 |
-+ eq = elevator_alloc(q, e); |
552 |
-+ if (!eq) |
553 |
-+ return -ENOMEM; |
554 |
- |
555 |
- cfqd = kmalloc_node(sizeof(*cfqd), GFP_KERNEL | __GFP_ZERO, q->node); |
556 |
-- if (!cfqd) |
557 |
-+ if (!cfqd) { |
558 |
-+ kobject_put(&eq->kobj); |
559 |
- return -ENOMEM; |
560 |
-+ } |
561 |
-+ eq->elevator_data = cfqd; |
562 |
- |
563 |
- cfqd->queue = q; |
564 |
-- q->elevator->elevator_data = cfqd; |
565 |
-+ spin_lock_irq(q->queue_lock); |
566 |
-+ q->elevator = eq; |
567 |
-+ spin_unlock_irq(q->queue_lock); |
568 |
- |
569 |
- /* Init root service tree */ |
570 |
- cfqd->grp_service_tree = CFQ_RB_ROOT; |
571 |
-@@ -4433,6 +4443,7 @@ static int cfq_init_queue(struct request_queue *q) |
572 |
- |
573 |
- out_free: |
574 |
- kfree(cfqd); |
575 |
-+ kobject_put(&eq->kobj); |
576 |
- return ret; |
577 |
- } |
578 |
- |
579 |
-diff --git a/block/deadline-iosched.c b/block/deadline-iosched.c |
580 |
-index ba19a3a..20614a3 100644 |
581 |
---- a/block/deadline-iosched.c |
582 |
-+++ b/block/deadline-iosched.c |
583 |
-@@ -337,13 +337,21 @@ static void deadline_exit_queue(struct elevator_queue *e) |
584 |
- /* |
585 |
- * initialize elevator private data (deadline_data). |
586 |
- */ |
587 |
--static int deadline_init_queue(struct request_queue *q) |
588 |
-+static int deadline_init_queue(struct request_queue *q, struct elevator_type *e) |
589 |
- { |
590 |
- struct deadline_data *dd; |
591 |
-+ struct elevator_queue *eq; |
592 |
-+ |
593 |
-+ eq = elevator_alloc(q, e); |
594 |
-+ if (!eq) |
595 |
-+ return -ENOMEM; |
596 |
- |
597 |
- dd = kmalloc_node(sizeof(*dd), GFP_KERNEL | __GFP_ZERO, q->node); |
598 |
-- if (!dd) |
599 |
-+ if (!dd) { |
600 |
-+ kobject_put(&eq->kobj); |
601 |
- return -ENOMEM; |
602 |
-+ } |
603 |
-+ eq->elevator_data = dd; |
604 |
- |
605 |
- INIT_LIST_HEAD(&dd->fifo_list[READ]); |
606 |
- INIT_LIST_HEAD(&dd->fifo_list[WRITE]); |
607 |
-@@ -355,7 +363,9 @@ static int deadline_init_queue(struct request_queue *q) |
608 |
- dd->front_merges = 1; |
609 |
- dd->fifo_batch = fifo_batch; |
610 |
- |
611 |
-- q->elevator->elevator_data = dd; |
612 |
-+ spin_lock_irq(q->queue_lock); |
613 |
-+ q->elevator = eq; |
614 |
-+ spin_unlock_irq(q->queue_lock); |
615 |
- return 0; |
616 |
- } |
617 |
- |
618 |
-diff --git a/block/elevator.c b/block/elevator.c |
619 |
-index eba5b04..668394d 100644 |
620 |
---- a/block/elevator.c |
621 |
-+++ b/block/elevator.c |
622 |
-@@ -150,7 +150,7 @@ void __init load_default_elevator_module(void) |
623 |
- |
624 |
- static struct kobj_type elv_ktype; |
625 |
- |
626 |
--static struct elevator_queue *elevator_alloc(struct request_queue *q, |
627 |
-+struct elevator_queue *elevator_alloc(struct request_queue *q, |
628 |
- struct elevator_type *e) |
629 |
- { |
630 |
- struct elevator_queue *eq; |
631 |
-@@ -170,6 +170,7 @@ err: |
632 |
- elevator_put(e); |
633 |
- return NULL; |
634 |
- } |
635 |
-+EXPORT_SYMBOL(elevator_alloc); |
636 |
- |
637 |
- static void elevator_release(struct kobject *kobj) |
638 |
- { |
639 |
-@@ -221,16 +222,7 @@ int elevator_init(struct request_queue *q, char *name) |
640 |
- } |
641 |
- } |
642 |
- |
643 |
-- q->elevator = elevator_alloc(q, e); |
644 |
-- if (!q->elevator) |
645 |
-- return -ENOMEM; |
646 |
-- |
647 |
-- err = e->ops.elevator_init_fn(q); |
648 |
-- if (err) { |
649 |
-- kobject_put(&q->elevator->kobj); |
650 |
-- return err; |
651 |
-- } |
652 |
-- |
653 |
-+ err = e->ops.elevator_init_fn(q, e); |
654 |
- return 0; |
655 |
- } |
656 |
- EXPORT_SYMBOL(elevator_init); |
657 |
-@@ -935,16 +927,9 @@ static int elevator_switch(struct request_queue *q, struct elevator_type *new_e) |
658 |
- spin_unlock_irq(q->queue_lock); |
659 |
- |
660 |
- /* allocate, init and register new elevator */ |
661 |
-- err = -ENOMEM; |
662 |
-- q->elevator = elevator_alloc(q, new_e); |
663 |
-- if (!q->elevator) |
664 |
-- goto fail_init; |
665 |
-- |
666 |
-- err = new_e->ops.elevator_init_fn(q); |
667 |
-- if (err) { |
668 |
-- kobject_put(&q->elevator->kobj); |
669 |
-+ err = new_e->ops.elevator_init_fn(q, new_e); |
670 |
-+ if (err) |
671 |
- goto fail_init; |
672 |
-- } |
673 |
- |
674 |
- if (registered) { |
675 |
- err = elv_register_queue(q); |
676 |
-diff --git a/block/noop-iosched.c b/block/noop-iosched.c |
677 |
-index 5d1bf70..3de89d4 100644 |
678 |
---- a/block/noop-iosched.c |
679 |
-+++ b/block/noop-iosched.c |
680 |
-@@ -59,16 +59,27 @@ noop_latter_request(struct request_queue *q, struct request *rq) |
681 |
- return list_entry(rq->queuelist.next, struct request, queuelist); |
682 |
- } |
683 |
- |
684 |
--static int noop_init_queue(struct request_queue *q) |
685 |
-+static int noop_init_queue(struct request_queue *q, struct elevator_type *e) |
686 |
- { |
687 |
- struct noop_data *nd; |
688 |
-+ struct elevator_queue *eq; |
689 |
-+ |
690 |
-+ eq = elevator_alloc(q, e); |
691 |
-+ if (!eq) |
692 |
-+ return -ENOMEM; |
693 |
- |
694 |
- nd = kmalloc_node(sizeof(*nd), GFP_KERNEL, q->node); |
695 |
-- if (!nd) |
696 |
-+ if (!nd) { |
697 |
-+ kobject_put(&eq->kobj); |
698 |
- return -ENOMEM; |
699 |
-+ } |
700 |
-+ eq->elevator_data = nd; |
701 |
- |
702 |
- INIT_LIST_HEAD(&nd->queue); |
703 |
-- q->elevator->elevator_data = nd; |
704 |
-+ |
705 |
-+ spin_lock_irq(q->queue_lock); |
706 |
-+ q->elevator = eq; |
707 |
-+ spin_unlock_irq(q->queue_lock); |
708 |
- return 0; |
709 |
- } |
710 |
- |
711 |
-diff --git a/drivers/net/can/usb/peak_usb/pcan_usb.c b/drivers/net/can/usb/peak_usb/pcan_usb.c |
712 |
-index 25723d8..925ab8e 100644 |
713 |
---- a/drivers/net/can/usb/peak_usb/pcan_usb.c |
714 |
-+++ b/drivers/net/can/usb/peak_usb/pcan_usb.c |
715 |
-@@ -649,7 +649,7 @@ static int pcan_usb_decode_data(struct pcan_usb_msg_context *mc, u8 status_len) |
716 |
- if ((mc->ptr + rec_len) > mc->end) |
717 |
- goto decode_failed; |
718 |
- |
719 |
-- memcpy(cf->data, mc->ptr, rec_len); |
720 |
-+ memcpy(cf->data, mc->ptr, cf->can_dlc); |
721 |
- mc->ptr += rec_len; |
722 |
- } |
723 |
- |
724 |
-diff --git a/drivers/net/wireless/iwlegacy/4965-mac.c b/drivers/net/wireless/iwlegacy/4965-mac.c |
725 |
-index 9a95045..900f5f8 100644 |
726 |
---- a/drivers/net/wireless/iwlegacy/4965-mac.c |
727 |
-+++ b/drivers/net/wireless/iwlegacy/4965-mac.c |
728 |
-@@ -4442,12 +4442,12 @@ il4965_irq_tasklet(struct il_priv *il) |
729 |
- * is killed. Hence update the killswitch state here. The |
730 |
- * rfkill handler will care about restarting if needed. |
731 |
- */ |
732 |
-- if (!test_bit(S_ALIVE, &il->status)) { |
733 |
-- if (hw_rf_kill) |
734 |
-- set_bit(S_RFKILL, &il->status); |
735 |
-- else |
736 |
-- clear_bit(S_RFKILL, &il->status); |
737 |
-+ if (hw_rf_kill) { |
738 |
-+ set_bit(S_RFKILL, &il->status); |
739 |
-+ } else { |
740 |
-+ clear_bit(S_RFKILL, &il->status); |
741 |
- wiphy_rfkill_set_hw_state(il->hw->wiphy, hw_rf_kill); |
742 |
-+ il_force_reset(il, true); |
743 |
- } |
744 |
- |
745 |
- handled |= CSR_INT_BIT_RF_KILL; |
746 |
-@@ -5316,6 +5316,9 @@ il4965_alive_start(struct il_priv *il) |
747 |
- |
748 |
- il->active_rate = RATES_MASK; |
749 |
- |
750 |
-+ il_power_update_mode(il, true); |
751 |
-+ D_INFO("Updated power mode\n"); |
752 |
-+ |
753 |
- if (il_is_associated(il)) { |
754 |
- struct il_rxon_cmd *active_rxon = |
755 |
- (struct il_rxon_cmd *)&il->active; |
756 |
-@@ -5346,9 +5349,6 @@ il4965_alive_start(struct il_priv *il) |
757 |
- D_INFO("ALIVE processing complete.\n"); |
758 |
- wake_up(&il->wait_command_queue); |
759 |
- |
760 |
-- il_power_update_mode(il, true); |
761 |
-- D_INFO("Updated power mode\n"); |
762 |
-- |
763 |
- return; |
764 |
- |
765 |
- restart: |
766 |
-diff --git a/drivers/net/wireless/iwlegacy/common.c b/drivers/net/wireless/iwlegacy/common.c |
767 |
-index e9a3cbc..9c9ebad 100644 |
768 |
---- a/drivers/net/wireless/iwlegacy/common.c |
769 |
-+++ b/drivers/net/wireless/iwlegacy/common.c |
770 |
-@@ -4660,6 +4660,7 @@ il_force_reset(struct il_priv *il, bool external) |
771 |
- |
772 |
- return 0; |
773 |
- } |
774 |
-+EXPORT_SYMBOL(il_force_reset); |
775 |
- |
776 |
- int |
777 |
- il_mac_change_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif, |
778 |
-diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c |
779 |
-index a635988..5b44cd4 100644 |
780 |
---- a/drivers/usb/core/quirks.c |
781 |
-+++ b/drivers/usb/core/quirks.c |
782 |
-@@ -78,6 +78,12 @@ static const struct usb_device_id usb_quirk_list[] = { |
783 |
- { USB_DEVICE(0x04d8, 0x000c), .driver_info = |
784 |
- USB_QUIRK_CONFIG_INTF_STRINGS }, |
785 |
- |
786 |
-+ /* CarrolTouch 4000U */ |
787 |
-+ { USB_DEVICE(0x04e7, 0x0009), .driver_info = USB_QUIRK_RESET_RESUME }, |
788 |
-+ |
789 |
-+ /* CarrolTouch 4500U */ |
790 |
-+ { USB_DEVICE(0x04e7, 0x0030), .driver_info = USB_QUIRK_RESET_RESUME }, |
791 |
-+ |
792 |
- /* Samsung Android phone modem - ID conflict with SPH-I500 */ |
793 |
- { USB_DEVICE(0x04e8, 0x6601), .driver_info = |
794 |
- USB_QUIRK_CONFIG_INTF_STRINGS }, |
795 |
-diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c |
796 |
-index f80d033..8e3c878 100644 |
797 |
---- a/drivers/usb/host/ehci-sched.c |
798 |
-+++ b/drivers/usb/host/ehci-sched.c |
799 |
-@@ -1391,21 +1391,20 @@ iso_stream_schedule ( |
800 |
- |
801 |
- /* Behind the scheduling threshold? */ |
802 |
- if (unlikely(start < next)) { |
803 |
-+ unsigned now2 = (now - base) & (mod - 1); |
804 |
- |
805 |
- /* USB_ISO_ASAP: Round up to the first available slot */ |
806 |
- if (urb->transfer_flags & URB_ISO_ASAP) |
807 |
- start += (next - start + period - 1) & -period; |
808 |
- |
809 |
- /* |
810 |
-- * Not ASAP: Use the next slot in the stream. If |
811 |
-- * the entire URB falls before the threshold, fail. |
812 |
-+ * Not ASAP: Use the next slot in the stream, |
813 |
-+ * no matter what. |
814 |
- */ |
815 |
-- else if (start + span - period < next) { |
816 |
-- ehci_dbg(ehci, "iso urb late %p (%u+%u < %u)\n", |
817 |
-+ else if (start + span - period < now2) { |
818 |
-+ ehci_dbg(ehci, "iso underrun %p (%u+%u < %u)\n", |
819 |
- urb, start + base, |
820 |
-- span - period, next + base); |
821 |
-- status = -EXDEV; |
822 |
-- goto fail; |
823 |
-+ span - period, now2 + base); |
824 |
- } |
825 |
- } |
826 |
- |
827 |
-diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c |
828 |
-index 3549d07..07fbdf0 100644 |
829 |
---- a/drivers/usb/serial/keyspan.c |
830 |
-+++ b/drivers/usb/serial/keyspan.c |
831 |
-@@ -2315,7 +2315,7 @@ static int keyspan_startup(struct usb_serial *serial) |
832 |
- if (d_details == NULL) { |
833 |
- dev_err(&serial->dev->dev, "%s - unknown product id %x\n", |
834 |
- __func__, le16_to_cpu(serial->dev->descriptor.idProduct)); |
835 |
-- return 1; |
836 |
-+ return -ENODEV; |
837 |
- } |
838 |
- |
839 |
- /* Setup private data for serial driver */ |
840 |
-diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c |
841 |
-index f27c621..5050cc8 100644 |
842 |
---- a/drivers/usb/serial/mos7720.c |
843 |
-+++ b/drivers/usb/serial/mos7720.c |
844 |
-@@ -90,6 +90,7 @@ struct urbtracker { |
845 |
- struct list_head urblist_entry; |
846 |
- struct kref ref_count; |
847 |
- struct urb *urb; |
848 |
-+ struct usb_ctrlrequest *setup; |
849 |
- }; |
850 |
- |
851 |
- enum mos7715_pp_modes { |
852 |
-@@ -271,6 +272,7 @@ static void destroy_urbtracker(struct kref *kref) |
853 |
- struct mos7715_parport *mos_parport = urbtrack->mos_parport; |
854 |
- |
855 |
- usb_free_urb(urbtrack->urb); |
856 |
-+ kfree(urbtrack->setup); |
857 |
- kfree(urbtrack); |
858 |
- kref_put(&mos_parport->ref_count, destroy_mos_parport); |
859 |
- } |
860 |
-@@ -355,7 +357,6 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport, |
861 |
- struct urbtracker *urbtrack; |
862 |
- int ret_val; |
863 |
- unsigned long flags; |
864 |
-- struct usb_ctrlrequest setup; |
865 |
- struct usb_serial *serial = mos_parport->serial; |
866 |
- struct usb_device *usbdev = serial->dev; |
867 |
- |
868 |
-@@ -373,14 +374,20 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport, |
869 |
- kfree(urbtrack); |
870 |
- return -ENOMEM; |
871 |
- } |
872 |
-- setup.bRequestType = (__u8)0x40; |
873 |
-- setup.bRequest = (__u8)0x0e; |
874 |
-- setup.wValue = get_reg_value(reg, dummy); |
875 |
-- setup.wIndex = get_reg_index(reg); |
876 |
-- setup.wLength = 0; |
877 |
-+ urbtrack->setup = kmalloc(sizeof(*urbtrack->setup), GFP_KERNEL); |
878 |
-+ if (!urbtrack->setup) { |
879 |
-+ usb_free_urb(urbtrack->urb); |
880 |
-+ kfree(urbtrack); |
881 |
-+ return -ENOMEM; |
882 |
-+ } |
883 |
-+ urbtrack->setup->bRequestType = (__u8)0x40; |
884 |
-+ urbtrack->setup->bRequest = (__u8)0x0e; |
885 |
-+ urbtrack->setup->wValue = get_reg_value(reg, dummy); |
886 |
-+ urbtrack->setup->wIndex = get_reg_index(reg); |
887 |
-+ urbtrack->setup->wLength = 0; |
888 |
- usb_fill_control_urb(urbtrack->urb, usbdev, |
889 |
- usb_sndctrlpipe(usbdev, 0), |
890 |
-- (unsigned char *)&setup, |
891 |
-+ (unsigned char *)urbtrack->setup, |
892 |
- NULL, 0, async_complete, urbtrack); |
893 |
- kref_init(&urbtrack->ref_count); |
894 |
- INIT_LIST_HEAD(&urbtrack->urblist_entry); |
895 |
-diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c |
896 |
-index b92d333..2c1749d 100644 |
897 |
---- a/drivers/usb/serial/mos7840.c |
898 |
-+++ b/drivers/usb/serial/mos7840.c |
899 |
-@@ -2208,7 +2208,7 @@ static int mos7810_check(struct usb_serial *serial) |
900 |
- static int mos7840_probe(struct usb_serial *serial, |
901 |
- const struct usb_device_id *id) |
902 |
- { |
903 |
-- u16 product = serial->dev->descriptor.idProduct; |
904 |
-+ u16 product = le16_to_cpu(serial->dev->descriptor.idProduct); |
905 |
- u8 *buf; |
906 |
- int device_type; |
907 |
- |
908 |
-diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c |
909 |
-index 01f79f1..32bdd5e 100644 |
910 |
---- a/drivers/usb/serial/ti_usb_3410_5052.c |
911 |
-+++ b/drivers/usb/serial/ti_usb_3410_5052.c |
912 |
-@@ -1536,14 +1536,15 @@ static int ti_download_firmware(struct ti_device *tdev) |
913 |
- char buf[32]; |
914 |
- |
915 |
- /* try ID specific firmware first, then try generic firmware */ |
916 |
-- sprintf(buf, "ti_usb-v%04x-p%04x.fw", dev->descriptor.idVendor, |
917 |
-- dev->descriptor.idProduct); |
918 |
-+ sprintf(buf, "ti_usb-v%04x-p%04x.fw", |
919 |
-+ le16_to_cpu(dev->descriptor.idVendor), |
920 |
-+ le16_to_cpu(dev->descriptor.idProduct)); |
921 |
- status = request_firmware(&fw_p, buf, &dev->dev); |
922 |
- |
923 |
- if (status != 0) { |
924 |
- buf[0] = '\0'; |
925 |
-- if (dev->descriptor.idVendor == MTS_VENDOR_ID) { |
926 |
-- switch (dev->descriptor.idProduct) { |
927 |
-+ if (le16_to_cpu(dev->descriptor.idVendor) == MTS_VENDOR_ID) { |
928 |
-+ switch (le16_to_cpu(dev->descriptor.idProduct)) { |
929 |
- case MTS_CDMA_PRODUCT_ID: |
930 |
- strcpy(buf, "mts_cdma.fw"); |
931 |
- break; |
932 |
-diff --git a/drivers/usb/serial/usb_wwan.c b/drivers/usb/serial/usb_wwan.c |
933 |
-index ece326e..db0cf53 100644 |
934 |
---- a/drivers/usb/serial/usb_wwan.c |
935 |
-+++ b/drivers/usb/serial/usb_wwan.c |
936 |
-@@ -291,18 +291,18 @@ static void usb_wwan_indat_callback(struct urb *urb) |
937 |
- tty_flip_buffer_push(&port->port); |
938 |
- } else |
939 |
- dev_dbg(dev, "%s: empty read urb received\n", __func__); |
940 |
-- |
941 |
-- /* Resubmit urb so we continue receiving */ |
942 |
-- err = usb_submit_urb(urb, GFP_ATOMIC); |
943 |
-- if (err) { |
944 |
-- if (err != -EPERM) { |
945 |
-- dev_err(dev, "%s: resubmit read urb failed. (%d)\n", __func__, err); |
946 |
-- /* busy also in error unless we are killed */ |
947 |
-- usb_mark_last_busy(port->serial->dev); |
948 |
-- } |
949 |
-- } else { |
950 |
-+ } |
951 |
-+ /* Resubmit urb so we continue receiving */ |
952 |
-+ err = usb_submit_urb(urb, GFP_ATOMIC); |
953 |
-+ if (err) { |
954 |
-+ if (err != -EPERM) { |
955 |
-+ dev_err(dev, "%s: resubmit read urb failed. (%d)\n", |
956 |
-+ __func__, err); |
957 |
-+ /* busy also in error unless we are killed */ |
958 |
- usb_mark_last_busy(port->serial->dev); |
959 |
- } |
960 |
-+ } else { |
961 |
-+ usb_mark_last_busy(port->serial->dev); |
962 |
- } |
963 |
- } |
964 |
- |
965 |
-diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c |
966 |
-index 6ef94bc..028fc83 100644 |
967 |
---- a/drivers/usb/wusbcore/wa-xfer.c |
968 |
-+++ b/drivers/usb/wusbcore/wa-xfer.c |
969 |
-@@ -1110,6 +1110,12 @@ int wa_urb_dequeue(struct wahc *wa, struct urb *urb) |
970 |
- } |
971 |
- spin_lock_irqsave(&xfer->lock, flags); |
972 |
- rpipe = xfer->ep->hcpriv; |
973 |
-+ if (rpipe == NULL) { |
974 |
-+ pr_debug("%s: xfer id 0x%08X has no RPIPE. %s", |
975 |
-+ __func__, wa_xfer_id(xfer), |
976 |
-+ "Probably already aborted.\n" ); |
977 |
-+ goto out_unlock; |
978 |
-+ } |
979 |
- /* Check the delayed list -> if there, release and complete */ |
980 |
- spin_lock_irqsave(&wa->xfer_list_lock, flags2); |
981 |
- if (!list_empty(&xfer->list_node) && xfer->seg == NULL) |
982 |
-@@ -1493,8 +1499,7 @@ static void wa_xfer_result_cb(struct urb *urb) |
983 |
- break; |
984 |
- } |
985 |
- usb_status = xfer_result->bTransferStatus & 0x3f; |
986 |
-- if (usb_status == WA_XFER_STATUS_ABORTED |
987 |
-- || usb_status == WA_XFER_STATUS_NOT_FOUND) |
988 |
-+ if (usb_status == WA_XFER_STATUS_NOT_FOUND) |
989 |
- /* taken care of already */ |
990 |
- break; |
991 |
- xfer_id = xfer_result->dwTransferID; |
992 |
-diff --git a/fs/exec.c b/fs/exec.c |
993 |
-index ffd7a81..1f44670 100644 |
994 |
---- a/fs/exec.c |
995 |
-+++ b/fs/exec.c |
996 |
-@@ -607,7 +607,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) |
997 |
- return -ENOMEM; |
998 |
- |
999 |
- lru_add_drain(); |
1000 |
-- tlb_gather_mmu(&tlb, mm, 0); |
1001 |
-+ tlb_gather_mmu(&tlb, mm, old_start, old_end); |
1002 |
- if (new_end > old_start) { |
1003 |
- /* |
1004 |
- * when the old and new regions overlap clear from new_end. |
1005 |
-@@ -624,7 +624,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) |
1006 |
- free_pgd_range(&tlb, old_start, old_end, new_end, |
1007 |
- vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING); |
1008 |
- } |
1009 |
-- tlb_finish_mmu(&tlb, new_end, old_end); |
1010 |
-+ tlb_finish_mmu(&tlb, old_start, old_end); |
1011 |
- |
1012 |
- /* |
1013 |
- * Shrink the vma to just the new range. Always succeeds. |
1014 |
-diff --git a/fs/ext4/ext4_jbd2.c b/fs/ext4/ext4_jbd2.c |
1015 |
-index 451eb40..1c88061 100644 |
1016 |
---- a/fs/ext4/ext4_jbd2.c |
1017 |
-+++ b/fs/ext4/ext4_jbd2.c |
1018 |
-@@ -219,10 +219,10 @@ int __ext4_handle_dirty_metadata(const char *where, unsigned int line, |
1019 |
- set_buffer_prio(bh); |
1020 |
- if (ext4_handle_valid(handle)) { |
1021 |
- err = jbd2_journal_dirty_metadata(handle, bh); |
1022 |
-- if (err) { |
1023 |
-- /* Errors can only happen if there is a bug */ |
1024 |
-- handle->h_err = err; |
1025 |
-- __ext4_journal_stop(where, line, handle); |
1026 |
-+ /* Errors can only happen if there is a bug */ |
1027 |
-+ if (WARN_ON_ONCE(err)) { |
1028 |
-+ ext4_journal_abort_handle(where, line, __func__, bh, |
1029 |
-+ handle, err); |
1030 |
- } |
1031 |
- } else { |
1032 |
- if (inode) |
1033 |
-diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c |
1034 |
-index 3e636d8..65fc60a 100644 |
1035 |
---- a/fs/proc/task_mmu.c |
1036 |
-+++ b/fs/proc/task_mmu.c |
1037 |
-@@ -792,14 +792,14 @@ typedef struct { |
1038 |
- } pagemap_entry_t; |
1039 |
- |
1040 |
- struct pagemapread { |
1041 |
-- int pos, len; |
1042 |
-+ int pos, len; /* units: PM_ENTRY_BYTES, not bytes */ |
1043 |
- pagemap_entry_t *buffer; |
1044 |
- }; |
1045 |
- |
1046 |
- #define PAGEMAP_WALK_SIZE (PMD_SIZE) |
1047 |
- #define PAGEMAP_WALK_MASK (PMD_MASK) |
1048 |
- |
1049 |
--#define PM_ENTRY_BYTES sizeof(u64) |
1050 |
-+#define PM_ENTRY_BYTES sizeof(pagemap_entry_t) |
1051 |
- #define PM_STATUS_BITS 3 |
1052 |
- #define PM_STATUS_OFFSET (64 - PM_STATUS_BITS) |
1053 |
- #define PM_STATUS_MASK (((1LL << PM_STATUS_BITS) - 1) << PM_STATUS_OFFSET) |
1054 |
-@@ -1038,8 +1038,8 @@ static ssize_t pagemap_read(struct file *file, char __user *buf, |
1055 |
- if (!count) |
1056 |
- goto out_task; |
1057 |
- |
1058 |
-- pm.len = PM_ENTRY_BYTES * (PAGEMAP_WALK_SIZE >> PAGE_SHIFT); |
1059 |
-- pm.buffer = kmalloc(pm.len, GFP_TEMPORARY); |
1060 |
-+ pm.len = (PAGEMAP_WALK_SIZE >> PAGE_SHIFT); |
1061 |
-+ pm.buffer = kmalloc(pm.len * PM_ENTRY_BYTES, GFP_TEMPORARY); |
1062 |
- ret = -ENOMEM; |
1063 |
- if (!pm.buffer) |
1064 |
- goto out_task; |
1065 |
-diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h |
1066 |
-index 13821c3..5672d7e 100644 |
1067 |
---- a/include/asm-generic/tlb.h |
1068 |
-+++ b/include/asm-generic/tlb.h |
1069 |
-@@ -112,7 +112,7 @@ struct mmu_gather { |
1070 |
- |
1071 |
- #define HAVE_GENERIC_MMU_GATHER |
1072 |
- |
1073 |
--void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm); |
1074 |
-+void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end); |
1075 |
- void tlb_flush_mmu(struct mmu_gather *tlb); |
1076 |
- void tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start, |
1077 |
- unsigned long end); |
1078 |
-diff --git a/include/linux/elevator.h b/include/linux/elevator.h |
1079 |
-index acd0312..306dd8c 100644 |
1080 |
---- a/include/linux/elevator.h |
1081 |
-+++ b/include/linux/elevator.h |
1082 |
-@@ -7,6 +7,7 @@ |
1083 |
- #ifdef CONFIG_BLOCK |
1084 |
- |
1085 |
- struct io_cq; |
1086 |
-+struct elevator_type; |
1087 |
- |
1088 |
- typedef int (elevator_merge_fn) (struct request_queue *, struct request **, |
1089 |
- struct bio *); |
1090 |
-@@ -35,7 +36,8 @@ typedef void (elevator_put_req_fn) (struct request *); |
1091 |
- typedef void (elevator_activate_req_fn) (struct request_queue *, struct request *); |
1092 |
- typedef void (elevator_deactivate_req_fn) (struct request_queue *, struct request *); |
1093 |
- |
1094 |
--typedef int (elevator_init_fn) (struct request_queue *); |
1095 |
-+typedef int (elevator_init_fn) (struct request_queue *, |
1096 |
-+ struct elevator_type *e); |
1097 |
- typedef void (elevator_exit_fn) (struct elevator_queue *); |
1098 |
- |
1099 |
- struct elevator_ops |
1100 |
-@@ -155,6 +157,8 @@ extern int elevator_init(struct request_queue *, char *); |
1101 |
- extern void elevator_exit(struct elevator_queue *); |
1102 |
- extern int elevator_change(struct request_queue *, const char *); |
1103 |
- extern bool elv_rq_merge_ok(struct request *, struct bio *); |
1104 |
-+extern struct elevator_queue *elevator_alloc(struct request_queue *, |
1105 |
-+ struct elevator_type *); |
1106 |
- |
1107 |
- /* |
1108 |
- * Helper functions. |
1109 |
-diff --git a/include/linux/sched.h b/include/linux/sched.h |
1110 |
-index 178a8d9..3aeb14b 100644 |
1111 |
---- a/include/linux/sched.h |
1112 |
-+++ b/include/linux/sched.h |
1113 |
-@@ -314,6 +314,7 @@ struct nsproxy; |
1114 |
- struct user_namespace; |
1115 |
- |
1116 |
- #ifdef CONFIG_MMU |
1117 |
-+extern unsigned long mmap_legacy_base(void); |
1118 |
- extern void arch_pick_mmap_layout(struct mm_struct *mm); |
1119 |
- extern unsigned long |
1120 |
- arch_get_unmapped_area(struct file *, unsigned long, unsigned long, |
1121 |
-diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h |
1122 |
-index 4147d70..84662ec 100644 |
1123 |
---- a/include/linux/syscalls.h |
1124 |
-+++ b/include/linux/syscalls.h |
1125 |
-@@ -802,9 +802,14 @@ asmlinkage long sys_vfork(void); |
1126 |
- asmlinkage long sys_clone(unsigned long, unsigned long, int __user *, int, |
1127 |
- int __user *); |
1128 |
- #else |
1129 |
-+#ifdef CONFIG_CLONE_BACKWARDS3 |
1130 |
-+asmlinkage long sys_clone(unsigned long, unsigned long, int, int __user *, |
1131 |
-+ int __user *, int); |
1132 |
-+#else |
1133 |
- asmlinkage long sys_clone(unsigned long, unsigned long, int __user *, |
1134 |
- int __user *, int); |
1135 |
- #endif |
1136 |
-+#endif |
1137 |
- |
1138 |
- asmlinkage long sys_execve(const char __user *filename, |
1139 |
- const char __user *const __user *argv, |
1140 |
-diff --git a/kernel/cpuset.c b/kernel/cpuset.c |
1141 |
-index 64b3f79..6948e94 100644 |
1142 |
---- a/kernel/cpuset.c |
1143 |
-+++ b/kernel/cpuset.c |
1144 |
-@@ -1502,11 +1502,13 @@ static int cpuset_write_u64(struct cgroup *cgrp, struct cftype *cft, u64 val) |
1145 |
- { |
1146 |
- struct cpuset *cs = cgroup_cs(cgrp); |
1147 |
- cpuset_filetype_t type = cft->private; |
1148 |
-- int retval = -ENODEV; |
1149 |
-+ int retval = 0; |
1150 |
- |
1151 |
- mutex_lock(&cpuset_mutex); |
1152 |
-- if (!is_cpuset_online(cs)) |
1153 |
-+ if (!is_cpuset_online(cs)) { |
1154 |
-+ retval = -ENODEV; |
1155 |
- goto out_unlock; |
1156 |
-+ } |
1157 |
- |
1158 |
- switch (type) { |
1159 |
- case FILE_CPU_EXCLUSIVE: |
1160 |
-diff --git a/kernel/fork.c b/kernel/fork.c |
1161 |
-index 987b28a..ffbc090 100644 |
1162 |
---- a/kernel/fork.c |
1163 |
-+++ b/kernel/fork.c |
1164 |
-@@ -1675,6 +1675,12 @@ SYSCALL_DEFINE5(clone, unsigned long, newsp, unsigned long, clone_flags, |
1165 |
- int __user *, parent_tidptr, |
1166 |
- int __user *, child_tidptr, |
1167 |
- int, tls_val) |
1168 |
-+#elif defined(CONFIG_CLONE_BACKWARDS3) |
1169 |
-+SYSCALL_DEFINE6(clone, unsigned long, clone_flags, unsigned long, newsp, |
1170 |
-+ int, stack_size, |
1171 |
-+ int __user *, parent_tidptr, |
1172 |
-+ int __user *, child_tidptr, |
1173 |
-+ int, tls_val) |
1174 |
- #else |
1175 |
- SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp, |
1176 |
- int __user *, parent_tidptr, |
1177 |
-diff --git a/kernel/power/qos.c b/kernel/power/qos.c |
1178 |
-index 587ddde..25cf89b 100644 |
1179 |
---- a/kernel/power/qos.c |
1180 |
-+++ b/kernel/power/qos.c |
1181 |
-@@ -293,6 +293,15 @@ int pm_qos_request_active(struct pm_qos_request *req) |
1182 |
- } |
1183 |
- EXPORT_SYMBOL_GPL(pm_qos_request_active); |
1184 |
- |
1185 |
-+static void __pm_qos_update_request(struct pm_qos_request *req, |
1186 |
-+ s32 new_value) |
1187 |
-+{ |
1188 |
-+ if (new_value != req->node.prio) |
1189 |
-+ pm_qos_update_target( |
1190 |
-+ pm_qos_array[req->pm_qos_class]->constraints, |
1191 |
-+ &req->node, PM_QOS_UPDATE_REQ, new_value); |
1192 |
-+} |
1193 |
-+ |
1194 |
- /** |
1195 |
- * pm_qos_work_fn - the timeout handler of pm_qos_update_request_timeout |
1196 |
- * @work: work struct for the delayed work (timeout) |
1197 |
-@@ -305,7 +314,7 @@ static void pm_qos_work_fn(struct work_struct *work) |
1198 |
- struct pm_qos_request, |
1199 |
- work); |
1200 |
- |
1201 |
-- pm_qos_update_request(req, PM_QOS_DEFAULT_VALUE); |
1202 |
-+ __pm_qos_update_request(req, PM_QOS_DEFAULT_VALUE); |
1203 |
- } |
1204 |
- |
1205 |
- /** |
1206 |
-@@ -365,6 +374,8 @@ void pm_qos_update_request(struct pm_qos_request *req, |
1207 |
- pm_qos_update_target( |
1208 |
- pm_qos_array[req->pm_qos_class]->constraints, |
1209 |
- &req->node, PM_QOS_UPDATE_REQ, new_value); |
1210 |
-+ |
1211 |
-+ __pm_qos_update_request(req, new_value); |
1212 |
- } |
1213 |
- EXPORT_SYMBOL_GPL(pm_qos_update_request); |
1214 |
- |
1215 |
-diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
1216 |
-index c61a614..03b73be 100644 |
1217 |
---- a/kernel/sched/fair.c |
1218 |
-+++ b/kernel/sched/fair.c |
1219 |
-@@ -1984,6 +1984,7 @@ entity_tick(struct cfs_rq *cfs_rq, struct sched_entity *curr, int queued) |
1220 |
- */ |
1221 |
- update_entity_load_avg(curr, 1); |
1222 |
- update_cfs_rq_blocked_load(cfs_rq, 1); |
1223 |
-+ update_cfs_shares(cfs_rq); |
1224 |
- |
1225 |
- #ifdef CONFIG_SCHED_HRTICK |
1226 |
- /* |
1227 |
-diff --git a/mm/hugetlb.c b/mm/hugetlb.c |
1228 |
-index 5cf99bf..7c5eb85 100644 |
1229 |
---- a/mm/hugetlb.c |
1230 |
-+++ b/mm/hugetlb.c |
1231 |
-@@ -2490,7 +2490,7 @@ void unmap_hugepage_range(struct vm_area_struct *vma, unsigned long start, |
1232 |
- |
1233 |
- mm = vma->vm_mm; |
1234 |
- |
1235 |
-- tlb_gather_mmu(&tlb, mm, 0); |
1236 |
-+ tlb_gather_mmu(&tlb, mm, start, end); |
1237 |
- __unmap_hugepage_range(&tlb, vma, start, end, ref_page); |
1238 |
- tlb_finish_mmu(&tlb, start, end); |
1239 |
- } |
1240 |
-diff --git a/mm/memcontrol.c b/mm/memcontrol.c |
1241 |
-index 15b0409..82a187a 100644 |
1242 |
---- a/mm/memcontrol.c |
1243 |
-+++ b/mm/memcontrol.c |
1244 |
-@@ -3186,11 +3186,11 @@ int memcg_register_cache(struct mem_cgroup *memcg, struct kmem_cache *s, |
1245 |
- if (!s->memcg_params) |
1246 |
- return -ENOMEM; |
1247 |
- |
1248 |
-- INIT_WORK(&s->memcg_params->destroy, |
1249 |
-- kmem_cache_destroy_work_func); |
1250 |
- if (memcg) { |
1251 |
- s->memcg_params->memcg = memcg; |
1252 |
- s->memcg_params->root_cache = root_cache; |
1253 |
-+ INIT_WORK(&s->memcg_params->destroy, |
1254 |
-+ kmem_cache_destroy_work_func); |
1255 |
- } else |
1256 |
- s->memcg_params->is_root_cache = true; |
1257 |
- |
1258 |
-diff --git a/mm/memory.c b/mm/memory.c |
1259 |
-index 5e50800..5a35443 100644 |
1260 |
---- a/mm/memory.c |
1261 |
-+++ b/mm/memory.c |
1262 |
-@@ -211,14 +211,15 @@ static int tlb_next_batch(struct mmu_gather *tlb) |
1263 |
- * tear-down from @mm. The @fullmm argument is used when @mm is without |
1264 |
- * users and we're going to destroy the full address space (exit/execve). |
1265 |
- */ |
1266 |
--void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm) |
1267 |
-+void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end) |
1268 |
- { |
1269 |
- tlb->mm = mm; |
1270 |
- |
1271 |
-- tlb->fullmm = fullmm; |
1272 |
-+ /* Is it from 0 to ~0? */ |
1273 |
-+ tlb->fullmm = !(start | (end+1)); |
1274 |
- tlb->need_flush_all = 0; |
1275 |
-- tlb->start = -1UL; |
1276 |
-- tlb->end = 0; |
1277 |
-+ tlb->start = start; |
1278 |
-+ tlb->end = end; |
1279 |
- tlb->need_flush = 0; |
1280 |
- tlb->local.next = NULL; |
1281 |
- tlb->local.nr = 0; |
1282 |
-@@ -258,8 +259,6 @@ void tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start, unsigned long e |
1283 |
- { |
1284 |
- struct mmu_gather_batch *batch, *next; |
1285 |
- |
1286 |
-- tlb->start = start; |
1287 |
-- tlb->end = end; |
1288 |
- tlb_flush_mmu(tlb); |
1289 |
- |
1290 |
- /* keep the page table cache within bounds */ |
1291 |
-@@ -1101,7 +1100,6 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb, |
1292 |
- spinlock_t *ptl; |
1293 |
- pte_t *start_pte; |
1294 |
- pte_t *pte; |
1295 |
-- unsigned long range_start = addr; |
1296 |
- |
1297 |
- again: |
1298 |
- init_rss_vec(rss); |
1299 |
-@@ -1204,17 +1202,25 @@ again: |
1300 |
- * and page-free while holding it. |
1301 |
- */ |
1302 |
- if (force_flush) { |
1303 |
-+ unsigned long old_end; |
1304 |
-+ |
1305 |
- force_flush = 0; |
1306 |
- |
1307 |
--#ifdef HAVE_GENERIC_MMU_GATHER |
1308 |
-- tlb->start = range_start; |
1309 |
-+ /* |
1310 |
-+ * Flush the TLB just for the previous segment, |
1311 |
-+ * then update the range to be the remaining |
1312 |
-+ * TLB range. |
1313 |
-+ */ |
1314 |
-+ old_end = tlb->end; |
1315 |
- tlb->end = addr; |
1316 |
--#endif |
1317 |
-+ |
1318 |
- tlb_flush_mmu(tlb); |
1319 |
-- if (addr != end) { |
1320 |
-- range_start = addr; |
1321 |
-+ |
1322 |
-+ tlb->start = addr; |
1323 |
-+ tlb->end = old_end; |
1324 |
-+ |
1325 |
-+ if (addr != end) |
1326 |
- goto again; |
1327 |
-- } |
1328 |
- } |
1329 |
- |
1330 |
- return addr; |
1331 |
-@@ -1399,7 +1405,7 @@ void zap_page_range(struct vm_area_struct *vma, unsigned long start, |
1332 |
- unsigned long end = start + size; |
1333 |
- |
1334 |
- lru_add_drain(); |
1335 |
-- tlb_gather_mmu(&tlb, mm, 0); |
1336 |
-+ tlb_gather_mmu(&tlb, mm, start, end); |
1337 |
- update_hiwater_rss(mm); |
1338 |
- mmu_notifier_invalidate_range_start(mm, start, end); |
1339 |
- for ( ; vma && vma->vm_start < end; vma = vma->vm_next) |
1340 |
-@@ -1425,7 +1431,7 @@ static void zap_page_range_single(struct vm_area_struct *vma, unsigned long addr |
1341 |
- unsigned long end = address + size; |
1342 |
- |
1343 |
- lru_add_drain(); |
1344 |
-- tlb_gather_mmu(&tlb, mm, 0); |
1345 |
-+ tlb_gather_mmu(&tlb, mm, address, end); |
1346 |
- update_hiwater_rss(mm); |
1347 |
- mmu_notifier_invalidate_range_start(mm, address, end); |
1348 |
- unmap_single_vma(&tlb, vma, address, end, details); |
1349 |
-diff --git a/mm/mmap.c b/mm/mmap.c |
1350 |
-index 7dbe397..8d25fdc 100644 |
1351 |
---- a/mm/mmap.c |
1352 |
-+++ b/mm/mmap.c |
1353 |
-@@ -2356,7 +2356,7 @@ static void unmap_region(struct mm_struct *mm, |
1354 |
- struct mmu_gather tlb; |
1355 |
- |
1356 |
- lru_add_drain(); |
1357 |
-- tlb_gather_mmu(&tlb, mm, 0); |
1358 |
-+ tlb_gather_mmu(&tlb, mm, start, end); |
1359 |
- update_hiwater_rss(mm); |
1360 |
- unmap_vmas(&tlb, vma, start, end); |
1361 |
- free_pgtables(&tlb, vma, prev ? prev->vm_end : FIRST_USER_ADDRESS, |
1362 |
-@@ -2735,7 +2735,7 @@ void exit_mmap(struct mm_struct *mm) |
1363 |
- |
1364 |
- lru_add_drain(); |
1365 |
- flush_cache_mm(mm); |
1366 |
-- tlb_gather_mmu(&tlb, mm, 1); |
1367 |
-+ tlb_gather_mmu(&tlb, mm, 0, -1); |
1368 |
- /* update_hiwater_rss(mm) here? but nobody should be looking */ |
1369 |
- /* Use -1 here to ensure all VMAs in the mm are unmapped */ |
1370 |
- unmap_vmas(&tlb, vma, 0, -1); |
1371 |
-diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c |
1372 |
-index 741448b..55a42f9 100644 |
1373 |
---- a/net/mac80211/mlme.c |
1374 |
-+++ b/net/mac80211/mlme.c |
1375 |
-@@ -237,8 +237,9 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, |
1376 |
- struct ieee80211_channel *channel, |
1377 |
- const struct ieee80211_ht_operation *ht_oper, |
1378 |
- const struct ieee80211_vht_operation *vht_oper, |
1379 |
-- struct cfg80211_chan_def *chandef, bool verbose) |
1380 |
-+ struct cfg80211_chan_def *chandef, bool tracking) |
1381 |
- { |
1382 |
-+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; |
1383 |
- struct cfg80211_chan_def vht_chandef; |
1384 |
- u32 ht_cfreq, ret; |
1385 |
- |
1386 |
-@@ -257,7 +258,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, |
1387 |
- ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, |
1388 |
- channel->band); |
1389 |
- /* check that channel matches the right operating channel */ |
1390 |
-- if (channel->center_freq != ht_cfreq) { |
1391 |
-+ if (!tracking && channel->center_freq != ht_cfreq) { |
1392 |
- /* |
1393 |
- * It's possible that some APs are confused here; |
1394 |
- * Netgear WNDR3700 sometimes reports 4 higher than |
1395 |
-@@ -265,11 +266,10 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, |
1396 |
- * since we look at probe response/beacon data here |
1397 |
- * it should be OK. |
1398 |
- */ |
1399 |
-- if (verbose) |
1400 |
-- sdata_info(sdata, |
1401 |
-- "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", |
1402 |
-- channel->center_freq, ht_cfreq, |
1403 |
-- ht_oper->primary_chan, channel->band); |
1404 |
-+ sdata_info(sdata, |
1405 |
-+ "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", |
1406 |
-+ channel->center_freq, ht_cfreq, |
1407 |
-+ ht_oper->primary_chan, channel->band); |
1408 |
- ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; |
1409 |
- goto out; |
1410 |
- } |
1411 |
-@@ -323,7 +323,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, |
1412 |
- channel->band); |
1413 |
- break; |
1414 |
- default: |
1415 |
-- if (verbose) |
1416 |
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) |
1417 |
- sdata_info(sdata, |
1418 |
- "AP VHT operation IE has invalid channel width (%d), disable VHT\n", |
1419 |
- vht_oper->chan_width); |
1420 |
-@@ -332,7 +332,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, |
1421 |
- } |
1422 |
- |
1423 |
- if (!cfg80211_chandef_valid(&vht_chandef)) { |
1424 |
-- if (verbose) |
1425 |
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) |
1426 |
- sdata_info(sdata, |
1427 |
- "AP VHT information is invalid, disable VHT\n"); |
1428 |
- ret = IEEE80211_STA_DISABLE_VHT; |
1429 |
-@@ -345,7 +345,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, |
1430 |
- } |
1431 |
- |
1432 |
- if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { |
1433 |
-- if (verbose) |
1434 |
-+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) |
1435 |
- sdata_info(sdata, |
1436 |
- "AP VHT information doesn't match HT, disable VHT\n"); |
1437 |
- ret = IEEE80211_STA_DISABLE_VHT; |
1438 |
-@@ -361,18 +361,27 @@ out: |
1439 |
- if (ret & IEEE80211_STA_DISABLE_VHT) |
1440 |
- vht_chandef = *chandef; |
1441 |
- |
1442 |
-+ /* |
1443 |
-+ * Ignore the DISABLED flag when we're already connected and only |
1444 |
-+ * tracking the APs beacon for bandwidth changes - otherwise we |
1445 |
-+ * might get disconnected here if we connect to an AP, update our |
1446 |
-+ * regulatory information based on the AP's country IE and the |
1447 |
-+ * information we have is wrong/outdated and disables the channel |
1448 |
-+ * that we're actually using for the connection to the AP. |
1449 |
-+ */ |
1450 |
- while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, |
1451 |
-- IEEE80211_CHAN_DISABLED)) { |
1452 |
-+ tracking ? 0 : |
1453 |
-+ IEEE80211_CHAN_DISABLED)) { |
1454 |
- if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { |
1455 |
- ret = IEEE80211_STA_DISABLE_HT | |
1456 |
- IEEE80211_STA_DISABLE_VHT; |
1457 |
-- goto out; |
1458 |
-+ break; |
1459 |
- } |
1460 |
- |
1461 |
- ret |= chandef_downgrade(chandef); |
1462 |
- } |
1463 |
- |
1464 |
-- if (chandef->width != vht_chandef.width && verbose) |
1465 |
-+ if (chandef->width != vht_chandef.width && !tracking) |
1466 |
- sdata_info(sdata, |
1467 |
- "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); |
1468 |
- |
1469 |
-@@ -412,7 +421,7 @@ static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, |
1470 |
- |
1471 |
- /* calculate new channel (type) based on HT/VHT operation IEs */ |
1472 |
- flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, |
1473 |
-- vht_oper, &chandef, false); |
1474 |
-+ vht_oper, &chandef, true); |
1475 |
- |
1476 |
- /* |
1477 |
- * Downgrade the new channel if we associated with restricted |
1478 |
-@@ -3906,7 +3915,7 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, |
1479 |
- ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, |
1480 |
- cbss->channel, |
1481 |
- ht_oper, vht_oper, |
1482 |
-- &chandef, true); |
1483 |
-+ &chandef, false); |
1484 |
- |
1485 |
- sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), |
1486 |
- local->rx_chains); |
1487 |
-diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c |
1488 |
-index 1076fe1..ba6e55d 100644 |
1489 |
---- a/net/netlink/genetlink.c |
1490 |
-+++ b/net/netlink/genetlink.c |
1491 |
-@@ -789,6 +789,10 @@ static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb) |
1492 |
- struct net *net = sock_net(skb->sk); |
1493 |
- int chains_to_skip = cb->args[0]; |
1494 |
- int fams_to_skip = cb->args[1]; |
1495 |
-+ bool need_locking = chains_to_skip || fams_to_skip; |
1496 |
-+ |
1497 |
-+ if (need_locking) |
1498 |
-+ genl_lock(); |
1499 |
- |
1500 |
- for (i = chains_to_skip; i < GENL_FAM_TAB_SIZE; i++) { |
1501 |
- n = 0; |
1502 |
-@@ -810,6 +814,9 @@ errout: |
1503 |
- cb->args[0] = i; |
1504 |
- cb->args[1] = n; |
1505 |
- |
1506 |
-+ if (need_locking) |
1507 |
-+ genl_unlock(); |
1508 |
-+ |
1509 |
- return skb->len; |
1510 |
- } |
1511 |
- |
1512 |
-diff --git a/net/wireless/core.c b/net/wireless/core.c |
1513 |
-index 73405e0..64fcbae 100644 |
1514 |
---- a/net/wireless/core.c |
1515 |
-+++ b/net/wireless/core.c |
1516 |
-@@ -876,6 +876,7 @@ void cfg80211_leave(struct cfg80211_registered_device *rdev, |
1517 |
- cfg80211_leave_mesh(rdev, dev); |
1518 |
- break; |
1519 |
- case NL80211_IFTYPE_AP: |
1520 |
-+ case NL80211_IFTYPE_P2P_GO: |
1521 |
- cfg80211_stop_ap(rdev, dev); |
1522 |
- break; |
1523 |
- default: |
1524 |
-diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c |
1525 |
-index db8ead9..448c034 100644 |
1526 |
---- a/net/wireless/nl80211.c |
1527 |
-+++ b/net/wireless/nl80211.c |
1528 |
-@@ -471,10 +471,12 @@ static int nl80211_prepare_wdev_dump(struct sk_buff *skb, |
1529 |
- goto out_unlock; |
1530 |
- } |
1531 |
- *rdev = wiphy_to_dev((*wdev)->wiphy); |
1532 |
-- cb->args[0] = (*rdev)->wiphy_idx; |
1533 |
-+ /* 0 is the first index - add 1 to parse only once */ |
1534 |
-+ cb->args[0] = (*rdev)->wiphy_idx + 1; |
1535 |
- cb->args[1] = (*wdev)->identifier; |
1536 |
- } else { |
1537 |
-- struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]); |
1538 |
-+ /* subtract the 1 again here */ |
1539 |
-+ struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); |
1540 |
- struct wireless_dev *tmp; |
1541 |
- |
1542 |
- if (!wiphy) { |
1543 |
-diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c |
1544 |
-index 24400cf..ad22dec 100644 |
1545 |
---- a/sound/pci/hda/hda_generic.c |
1546 |
-+++ b/sound/pci/hda/hda_generic.c |
1547 |
-@@ -519,7 +519,7 @@ static bool same_amp_caps(struct hda_codec *codec, hda_nid_t nid1, |
1548 |
- } |
1549 |
- |
1550 |
- #define nid_has_mute(codec, nid, dir) \ |
1551 |
-- check_amp_caps(codec, nid, dir, AC_AMPCAP_MUTE) |
1552 |
-+ check_amp_caps(codec, nid, dir, (AC_AMPCAP_MUTE | AC_AMPCAP_MIN_MUTE)) |
1553 |
- #define nid_has_volume(codec, nid, dir) \ |
1554 |
- check_amp_caps(codec, nid, dir, AC_AMPCAP_NUM_STEPS) |
1555 |
- |
1556 |
-@@ -621,7 +621,7 @@ static int get_amp_val_to_activate(struct hda_codec *codec, hda_nid_t nid, |
1557 |
- if (enable) |
1558 |
- val = (caps & AC_AMPCAP_OFFSET) >> AC_AMPCAP_OFFSET_SHIFT; |
1559 |
- } |
1560 |
-- if (caps & AC_AMPCAP_MUTE) { |
1561 |
-+ if (caps & (AC_AMPCAP_MUTE | AC_AMPCAP_MIN_MUTE)) { |
1562 |
- if (!enable) |
1563 |
- val |= HDA_AMP_MUTE; |
1564 |
- } |
1565 |
-@@ -645,7 +645,7 @@ static unsigned int get_amp_mask_to_modify(struct hda_codec *codec, |
1566 |
- { |
1567 |
- unsigned int mask = 0xff; |
1568 |
- |
1569 |
-- if (caps & AC_AMPCAP_MUTE) { |
1570 |
-+ if (caps & (AC_AMPCAP_MUTE | AC_AMPCAP_MIN_MUTE)) { |
1571 |
- if (is_ctl_associated(codec, nid, dir, idx, NID_PATH_MUTE_CTL)) |
1572 |
- mask &= ~0x80; |
1573 |
- } |
1574 |
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
1575 |
-index 051c03d..57f9f2a 100644 |
1576 |
---- a/sound/pci/hda/patch_realtek.c |
1577 |
-+++ b/sound/pci/hda/patch_realtek.c |
1578 |
-@@ -1027,6 +1027,7 @@ enum { |
1579 |
- ALC880_FIXUP_GPIO2, |
1580 |
- ALC880_FIXUP_MEDION_RIM, |
1581 |
- ALC880_FIXUP_LG, |
1582 |
-+ ALC880_FIXUP_LG_LW25, |
1583 |
- ALC880_FIXUP_W810, |
1584 |
- ALC880_FIXUP_EAPD_COEF, |
1585 |
- ALC880_FIXUP_TCL_S700, |
1586 |
-@@ -1085,6 +1086,14 @@ static const struct hda_fixup alc880_fixups[] = { |
1587 |
- { } |
1588 |
- } |
1589 |
- }, |
1590 |
-+ [ALC880_FIXUP_LG_LW25] = { |
1591 |
-+ .type = HDA_FIXUP_PINS, |
1592 |
-+ .v.pins = (const struct hda_pintbl[]) { |
1593 |
-+ { 0x1a, 0x0181344f }, /* line-in */ |
1594 |
-+ { 0x1b, 0x0321403f }, /* headphone */ |
1595 |
-+ { } |
1596 |
-+ } |
1597 |
-+ }, |
1598 |
- [ALC880_FIXUP_W810] = { |
1599 |
- .type = HDA_FIXUP_PINS, |
1600 |
- .v.pins = (const struct hda_pintbl[]) { |
1601 |
-@@ -1337,6 +1346,7 @@ static const struct snd_pci_quirk alc880_fixup_tbl[] = { |
1602 |
- SND_PCI_QUIRK(0x1854, 0x003b, "LG", ALC880_FIXUP_LG), |
1603 |
- SND_PCI_QUIRK(0x1854, 0x005f, "LG P1 Express", ALC880_FIXUP_LG), |
1604 |
- SND_PCI_QUIRK(0x1854, 0x0068, "LG w1", ALC880_FIXUP_LG), |
1605 |
-+ SND_PCI_QUIRK(0x1854, 0x0077, "LG LW25", ALC880_FIXUP_LG_LW25), |
1606 |
- SND_PCI_QUIRK(0x19db, 0x4188, "TCL S700", ALC880_FIXUP_TCL_S700), |
1607 |
- |
1608 |
- /* Below is the copied entries from alc880_quirks.c. |
1609 |
-@@ -4200,6 +4210,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = { |
1610 |
- SND_PCI_QUIRK(0x1025, 0x0308, "Acer Aspire 8942G", ALC662_FIXUP_ASPIRE), |
1611 |
- SND_PCI_QUIRK(0x1025, 0x031c, "Gateway NV79", ALC662_FIXUP_SKU_IGNORE), |
1612 |
- SND_PCI_QUIRK(0x1025, 0x0349, "eMachines eM250", ALC662_FIXUP_INV_DMIC), |
1613 |
-+ SND_PCI_QUIRK(0x1025, 0x034a, "Gateway LT27", ALC662_FIXUP_INV_DMIC), |
1614 |
- SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE), |
1615 |
- SND_PCI_QUIRK(0x1028, 0x05d8, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), |
1616 |
- SND_PCI_QUIRK(0x1028, 0x05db, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), |
1617 |
-diff --git a/sound/soc/codecs/cs42l52.c b/sound/soc/codecs/cs42l52.c |
1618 |
-index 987f728..ee25f32 100644 |
1619 |
---- a/sound/soc/codecs/cs42l52.c |
1620 |
-+++ b/sound/soc/codecs/cs42l52.c |
1621 |
-@@ -451,7 +451,7 @@ static const struct snd_kcontrol_new cs42l52_snd_controls[] = { |
1622 |
- SOC_ENUM("Beep Pitch", beep_pitch_enum), |
1623 |
- SOC_ENUM("Beep on Time", beep_ontime_enum), |
1624 |
- SOC_ENUM("Beep off Time", beep_offtime_enum), |
1625 |
-- SOC_SINGLE_TLV("Beep Volume", CS42L52_BEEP_VOL, 0, 0x1f, 0x07, hl_tlv), |
1626 |
-+ SOC_SINGLE_SX_TLV("Beep Volume", CS42L52_BEEP_VOL, 0, 0x07, 0x1f, hl_tlv), |
1627 |
- SOC_SINGLE("Beep Mixer Switch", CS42L52_BEEP_TONE_CTL, 5, 1, 1), |
1628 |
- SOC_ENUM("Beep Treble Corner Freq", beep_treble_enum), |
1629 |
- SOC_ENUM("Beep Bass Corner Freq", beep_bass_enum), |
1630 |
-diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c |
1631 |
-index c7051c4..3606383 100644 |
1632 |
---- a/sound/soc/soc-dapm.c |
1633 |
-+++ b/sound/soc/soc-dapm.c |
1634 |
-@@ -682,13 +682,14 @@ static int dapm_new_mux(struct snd_soc_dapm_widget *w) |
1635 |
- return -EINVAL; |
1636 |
- } |
1637 |
- |
1638 |
-- path = list_first_entry(&w->sources, struct snd_soc_dapm_path, |
1639 |
-- list_sink); |
1640 |
-- if (!path) { |
1641 |
-+ if (list_empty(&w->sources)) { |
1642 |
- dev_err(dapm->dev, "ASoC: mux %s has no paths\n", w->name); |
1643 |
- return -EINVAL; |
1644 |
- } |
1645 |
- |
1646 |
-+ path = list_first_entry(&w->sources, struct snd_soc_dapm_path, |
1647 |
-+ list_sink); |
1648 |
-+ |
1649 |
- ret = dapm_create_or_share_mixmux_kcontrol(w, 0, path); |
1650 |
- if (ret < 0) |
1651 |
- return ret; |
1652 |
-diff --git a/sound/soc/tegra/tegra30_i2s.c b/sound/soc/tegra/tegra30_i2s.c |
1653 |
-index 31d092d..a5432b1 100644 |
1654 |
---- a/sound/soc/tegra/tegra30_i2s.c |
1655 |
-+++ b/sound/soc/tegra/tegra30_i2s.c |
1656 |
-@@ -228,7 +228,7 @@ static int tegra30_i2s_hw_params(struct snd_pcm_substream *substream, |
1657 |
- reg = TEGRA30_I2S_CIF_RX_CTRL; |
1658 |
- } else { |
1659 |
- val |= TEGRA30_AUDIOCIF_CTRL_DIRECTION_TX; |
1660 |
-- reg = TEGRA30_I2S_CIF_RX_CTRL; |
1661 |
-+ reg = TEGRA30_I2S_CIF_TX_CTRL; |
1662 |
- } |
1663 |
- |
1664 |
- regmap_write(i2s->regmap, reg, val); |
1665 |
-diff --git a/sound/usb/6fire/midi.c b/sound/usb/6fire/midi.c |
1666 |
-index 2672242..f3dd726 100644 |
1667 |
---- a/sound/usb/6fire/midi.c |
1668 |
-+++ b/sound/usb/6fire/midi.c |
1669 |
-@@ -19,6 +19,10 @@ |
1670 |
- #include "chip.h" |
1671 |
- #include "comm.h" |
1672 |
- |
1673 |
-+enum { |
1674 |
-+ MIDI_BUFSIZE = 64 |
1675 |
-+}; |
1676 |
-+ |
1677 |
- static void usb6fire_midi_out_handler(struct urb *urb) |
1678 |
- { |
1679 |
- struct midi_runtime *rt = urb->context; |
1680 |
-@@ -156,6 +160,12 @@ int usb6fire_midi_init(struct sfire_chip *chip) |
1681 |
- if (!rt) |
1682 |
- return -ENOMEM; |
1683 |
- |
1684 |
-+ rt->out_buffer = kzalloc(MIDI_BUFSIZE, GFP_KERNEL); |
1685 |
-+ if (!rt->out_buffer) { |
1686 |
-+ kfree(rt); |
1687 |
-+ return -ENOMEM; |
1688 |
-+ } |
1689 |
-+ |
1690 |
- rt->chip = chip; |
1691 |
- rt->in_received = usb6fire_midi_in_received; |
1692 |
- rt->out_buffer[0] = 0x80; /* 'send midi' command */ |
1693 |
-@@ -169,6 +179,7 @@ int usb6fire_midi_init(struct sfire_chip *chip) |
1694 |
- |
1695 |
- ret = snd_rawmidi_new(chip->card, "6FireUSB", 0, 1, 1, &rt->instance); |
1696 |
- if (ret < 0) { |
1697 |
-+ kfree(rt->out_buffer); |
1698 |
- kfree(rt); |
1699 |
- snd_printk(KERN_ERR PREFIX "unable to create midi.\n"); |
1700 |
- return ret; |
1701 |
-@@ -197,6 +208,9 @@ void usb6fire_midi_abort(struct sfire_chip *chip) |
1702 |
- |
1703 |
- void usb6fire_midi_destroy(struct sfire_chip *chip) |
1704 |
- { |
1705 |
-- kfree(chip->midi); |
1706 |
-+ struct midi_runtime *rt = chip->midi; |
1707 |
-+ |
1708 |
-+ kfree(rt->out_buffer); |
1709 |
-+ kfree(rt); |
1710 |
- chip->midi = NULL; |
1711 |
- } |
1712 |
-diff --git a/sound/usb/6fire/midi.h b/sound/usb/6fire/midi.h |
1713 |
-index c321006..84851b9 100644 |
1714 |
---- a/sound/usb/6fire/midi.h |
1715 |
-+++ b/sound/usb/6fire/midi.h |
1716 |
-@@ -16,10 +16,6 @@ |
1717 |
- |
1718 |
- #include "common.h" |
1719 |
- |
1720 |
--enum { |
1721 |
-- MIDI_BUFSIZE = 64 |
1722 |
--}; |
1723 |
-- |
1724 |
- struct midi_runtime { |
1725 |
- struct sfire_chip *chip; |
1726 |
- struct snd_rawmidi *instance; |
1727 |
-@@ -32,7 +28,7 @@ struct midi_runtime { |
1728 |
- struct snd_rawmidi_substream *out; |
1729 |
- struct urb out_urb; |
1730 |
- u8 out_serial; /* serial number of out packet */ |
1731 |
-- u8 out_buffer[MIDI_BUFSIZE]; |
1732 |
-+ u8 *out_buffer; |
1733 |
- int buffer_offset; |
1734 |
- |
1735 |
- void (*in_received)(struct midi_runtime *rt, u8 *data, int length); |
1736 |
-diff --git a/sound/usb/6fire/pcm.c b/sound/usb/6fire/pcm.c |
1737 |
-index 074aaf7..25f9e61 100644 |
1738 |
---- a/sound/usb/6fire/pcm.c |
1739 |
-+++ b/sound/usb/6fire/pcm.c |
1740 |
-@@ -580,6 +580,33 @@ static void usb6fire_pcm_init_urb(struct pcm_urb *urb, |
1741 |
- urb->instance.number_of_packets = PCM_N_PACKETS_PER_URB; |
1742 |
- } |
1743 |
- |
1744 |
-+static int usb6fire_pcm_buffers_init(struct pcm_runtime *rt) |
1745 |
-+{ |
1746 |
-+ int i; |
1747 |
-+ |
1748 |
-+ for (i = 0; i < PCM_N_URBS; i++) { |
1749 |
-+ rt->out_urbs[i].buffer = kzalloc(PCM_N_PACKETS_PER_URB |
1750 |
-+ * PCM_MAX_PACKET_SIZE, GFP_KERNEL); |
1751 |
-+ if (!rt->out_urbs[i].buffer) |
1752 |
-+ return -ENOMEM; |
1753 |
-+ rt->in_urbs[i].buffer = kzalloc(PCM_N_PACKETS_PER_URB |
1754 |
-+ * PCM_MAX_PACKET_SIZE, GFP_KERNEL); |
1755 |
-+ if (!rt->in_urbs[i].buffer) |
1756 |
-+ return -ENOMEM; |
1757 |
-+ } |
1758 |
-+ return 0; |
1759 |
-+} |
1760 |
-+ |
1761 |
-+static void usb6fire_pcm_buffers_destroy(struct pcm_runtime *rt) |
1762 |
-+{ |
1763 |
-+ int i; |
1764 |
-+ |
1765 |
-+ for (i = 0; i < PCM_N_URBS; i++) { |
1766 |
-+ kfree(rt->out_urbs[i].buffer); |
1767 |
-+ kfree(rt->in_urbs[i].buffer); |
1768 |
-+ } |
1769 |
-+} |
1770 |
-+ |
1771 |
- int usb6fire_pcm_init(struct sfire_chip *chip) |
1772 |
- { |
1773 |
- int i; |
1774 |
-@@ -591,6 +618,13 @@ int usb6fire_pcm_init(struct sfire_chip *chip) |
1775 |
- if (!rt) |
1776 |
- return -ENOMEM; |
1777 |
- |
1778 |
-+ ret = usb6fire_pcm_buffers_init(rt); |
1779 |
-+ if (ret) { |
1780 |
-+ usb6fire_pcm_buffers_destroy(rt); |
1781 |
-+ kfree(rt); |
1782 |
-+ return ret; |
1783 |
-+ } |
1784 |
-+ |
1785 |
- rt->chip = chip; |
1786 |
- rt->stream_state = STREAM_DISABLED; |
1787 |
- rt->rate = ARRAY_SIZE(rates); |
1788 |
-@@ -612,6 +646,7 @@ int usb6fire_pcm_init(struct sfire_chip *chip) |
1789 |
- |
1790 |
- ret = snd_pcm_new(chip->card, "DMX6FireUSB", 0, 1, 1, &pcm); |
1791 |
- if (ret < 0) { |
1792 |
-+ usb6fire_pcm_buffers_destroy(rt); |
1793 |
- kfree(rt); |
1794 |
- snd_printk(KERN_ERR PREFIX "cannot create pcm instance.\n"); |
1795 |
- return ret; |
1796 |
-@@ -627,6 +662,7 @@ int usb6fire_pcm_init(struct sfire_chip *chip) |
1797 |
- snd_dma_continuous_data(GFP_KERNEL), |
1798 |
- MAX_BUFSIZE, MAX_BUFSIZE); |
1799 |
- if (ret) { |
1800 |
-+ usb6fire_pcm_buffers_destroy(rt); |
1801 |
- kfree(rt); |
1802 |
- snd_printk(KERN_ERR PREFIX |
1803 |
- "error preallocating pcm buffers.\n"); |
1804 |
-@@ -671,6 +707,9 @@ void usb6fire_pcm_abort(struct sfire_chip *chip) |
1805 |
- |
1806 |
- void usb6fire_pcm_destroy(struct sfire_chip *chip) |
1807 |
- { |
1808 |
-- kfree(chip->pcm); |
1809 |
-+ struct pcm_runtime *rt = chip->pcm; |
1810 |
-+ |
1811 |
-+ usb6fire_pcm_buffers_destroy(rt); |
1812 |
-+ kfree(rt); |
1813 |
- chip->pcm = NULL; |
1814 |
- } |
1815 |
-diff --git a/sound/usb/6fire/pcm.h b/sound/usb/6fire/pcm.h |
1816 |
-index 9b01133..f5779d6 100644 |
1817 |
---- a/sound/usb/6fire/pcm.h |
1818 |
-+++ b/sound/usb/6fire/pcm.h |
1819 |
-@@ -32,7 +32,7 @@ struct pcm_urb { |
1820 |
- struct urb instance; |
1821 |
- struct usb_iso_packet_descriptor packets[PCM_N_PACKETS_PER_URB]; |
1822 |
- /* END DO NOT SEPARATE */ |
1823 |
-- u8 buffer[PCM_N_PACKETS_PER_URB * PCM_MAX_PACKET_SIZE]; |
1824 |
-+ u8 *buffer; |
1825 |
- |
1826 |
- struct pcm_urb *peer; |
1827 |
- }; |
1828 |
-diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c |
1829 |
-index d543808..95558ef 100644 |
1830 |
---- a/sound/usb/mixer.c |
1831 |
-+++ b/sound/usb/mixer.c |
1832 |
-@@ -888,6 +888,7 @@ static void volume_control_quirks(struct usb_mixer_elem_info *cval, |
1833 |
- case USB_ID(0x046d, 0x081b): /* HD Webcam c310 */ |
1834 |
- case USB_ID(0x046d, 0x081d): /* HD Webcam c510 */ |
1835 |
- case USB_ID(0x046d, 0x0825): /* HD Webcam c270 */ |
1836 |
-+ case USB_ID(0x046d, 0x0826): /* HD Webcam c525 */ |
1837 |
- case USB_ID(0x046d, 0x0991): |
1838 |
- /* Most audio usb devices lie about volume resolution. |
1839 |
- * Most Logitech webcams have res = 384. |
1840 |
|
1841 |
diff --git a/3.10.9/1008_linux-3.10.9.patch b/3.10.9/1008_linux-3.10.9.patch |
1842 |
deleted file mode 100644 |
1843 |
index e91b33a..0000000 |
1844 |
--- a/3.10.9/1008_linux-3.10.9.patch |
1845 |
+++ /dev/null |
1846 |
@@ -1,37 +0,0 @@ |
1847 |
-diff --git a/Makefile b/Makefile |
1848 |
-index 1a21612..4b31d62 100644 |
1849 |
---- a/Makefile |
1850 |
-+++ b/Makefile |
1851 |
-@@ -1,6 +1,6 @@ |
1852 |
- VERSION = 3 |
1853 |
- PATCHLEVEL = 10 |
1854 |
--SUBLEVEL = 8 |
1855 |
-+SUBLEVEL = 9 |
1856 |
- EXTRAVERSION = |
1857 |
- NAME = TOSSUG Baby Fish |
1858 |
- |
1859 |
-diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c |
1860 |
-index ba6e55d..1076fe1 100644 |
1861 |
---- a/net/netlink/genetlink.c |
1862 |
-+++ b/net/netlink/genetlink.c |
1863 |
-@@ -789,10 +789,6 @@ static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb) |
1864 |
- struct net *net = sock_net(skb->sk); |
1865 |
- int chains_to_skip = cb->args[0]; |
1866 |
- int fams_to_skip = cb->args[1]; |
1867 |
-- bool need_locking = chains_to_skip || fams_to_skip; |
1868 |
-- |
1869 |
-- if (need_locking) |
1870 |
-- genl_lock(); |
1871 |
- |
1872 |
- for (i = chains_to_skip; i < GENL_FAM_TAB_SIZE; i++) { |
1873 |
- n = 0; |
1874 |
-@@ -814,9 +810,6 @@ errout: |
1875 |
- cb->args[0] = i; |
1876 |
- cb->args[1] = n; |
1877 |
- |
1878 |
-- if (need_locking) |
1879 |
-- genl_unlock(); |
1880 |
-- |
1881 |
- return skb->len; |
1882 |
- } |
1883 |
- |
1884 |
|
1885 |
diff --git a/3.10.9/4420_grsecurity-2.9.1-3.10.9-201308202015.patch b/3.10.9/4420_grsecurity-2.9.1-3.10.9-201308282054.patch |
1886 |
similarity index 98% |
1887 |
rename from 3.10.9/4420_grsecurity-2.9.1-3.10.9-201308202015.patch |
1888 |
rename to 3.10.9/4420_grsecurity-2.9.1-3.10.9-201308282054.patch |
1889 |
index 24d81a0..ed67d72 100644 |
1890 |
--- a/3.10.9/4420_grsecurity-2.9.1-3.10.9-201308202015.patch |
1891 |
+++ b/3.10.9/4420_grsecurity-2.9.1-3.10.9-201308282054.patch |
1892 |
@@ -1968,7 +1968,7 @@ index 86b8fe3..e25f975 100644 |
1893 |
#define L_PTE_DIRTY_HIGH (1 << (55 - 32)) |
1894 |
|
1895 |
diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h |
1896 |
-index 9bcd262..fba731c 100644 |
1897 |
+index 9bcd262..1ff999b 100644 |
1898 |
--- a/arch/arm/include/asm/pgtable.h |
1899 |
+++ b/arch/arm/include/asm/pgtable.h |
1900 |
@@ -30,6 +30,9 @@ |
1901 |
@@ -1991,20 +1991,18 @@ index 9bcd262..fba731c 100644 |
1902 |
extern void __pte_error(const char *file, int line, pte_t); |
1903 |
extern void __pmd_error(const char *file, int line, pmd_t); |
1904 |
extern void __pgd_error(const char *file, int line, pgd_t); |
1905 |
-@@ -53,6 +59,50 @@ extern void __pgd_error(const char *file, int line, pgd_t); |
1906 |
+@@ -53,6 +59,48 @@ extern void __pgd_error(const char *file, int line, pgd_t); |
1907 |
#define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd) |
1908 |
#define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd) |
1909 |
|
1910 |
+#define __HAVE_ARCH_PAX_OPEN_KERNEL |
1911 |
+#define __HAVE_ARCH_PAX_CLOSE_KERNEL |
1912 |
+ |
1913 |
-+#ifdef CONFIG_PAX_KERNEXEC |
1914 |
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) |
1915 |
+#include <asm/domain.h> |
1916 |
+#include <linux/thread_info.h> |
1917 |
+#include <linux/preempt.h> |
1918 |
-+#endif |
1919 |
+ |
1920 |
-+#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) |
1921 |
+static inline int test_domain(int domain, int domaintype) |
1922 |
+{ |
1923 |
+ return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype); |
1924 |
@@ -2042,7 +2040,7 @@ index 9bcd262..fba731c 100644 |
1925 |
/* |
1926 |
* This is the lowest virtual address we can permit any user space |
1927 |
* mapping to be mapped at. This is particularly important for |
1928 |
-@@ -72,8 +122,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); |
1929 |
+@@ -72,8 +120,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); |
1930 |
/* |
1931 |
* The pgprot_* and protection_map entries will be fixed up in runtime |
1932 |
* to include the cachable and bufferable bits based on memory policy, |
1933 |
@@ -2053,7 +2051,7 @@ index 9bcd262..fba731c 100644 |
1934 |
*/ |
1935 |
#define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG |
1936 |
|
1937 |
-@@ -257,7 +307,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } |
1938 |
+@@ -257,7 +305,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } |
1939 |
static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) |
1940 |
{ |
1941 |
const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | |
1942 |
@@ -3737,7 +3735,7 @@ index 6f4585b..7b6f52b 100644 |
1943 |
goto fault; \ |
1944 |
} while (0) |
1945 |
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c |
1946 |
-index 5dbf13f..ee1ec24 100644 |
1947 |
+index 5dbf13f..a2d1876 100644 |
1948 |
--- a/arch/arm/mm/fault.c |
1949 |
+++ b/arch/arm/mm/fault.c |
1950 |
@@ -25,6 +25,7 @@ |
1951 |
@@ -3840,7 +3838,7 @@ index 5dbf13f..ee1ec24 100644 |
1952 |
printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", |
1953 |
inf->name, fsr, addr); |
1954 |
|
1955 |
-@@ -569,15 +631,67 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs * |
1956 |
+@@ -569,15 +631,68 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs * |
1957 |
ifsr_info[nr].name = name; |
1958 |
} |
1959 |
|
1960 |
@@ -3852,18 +3850,19 @@ index 5dbf13f..ee1ec24 100644 |
1961 |
{ |
1962 |
const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); |
1963 |
struct siginfo info; |
1964 |
- |
1965 |
++ unsigned long pc = instruction_pointer(regs); |
1966 |
++ |
1967 |
+ if (user_mode(regs)) { |
1968 |
+ unsigned long sigpage = current->mm->context.sigpage; |
1969 |
+ |
1970 |
-+ if (sigpage <= addr && addr < sigpage + 7*4) { |
1971 |
-+ if (addr < sigpage + 3*4) |
1972 |
++ if (sigpage <= pc && pc < sigpage + 7*4) { |
1973 |
++ if (pc < sigpage + 3*4) |
1974 |
+ sys_sigreturn(regs); |
1975 |
+ else |
1976 |
+ sys_rt_sigreturn(regs); |
1977 |
+ return; |
1978 |
+ } |
1979 |
-+ if (addr == 0xffff0fe0UL) { |
1980 |
++ if (pc == 0xffff0fe0UL) { |
1981 |
+ /* |
1982 |
+ * PaX: __kuser_get_tls emulation |
1983 |
+ */ |
1984 |
@@ -3878,11 +3877,11 @@ index 5dbf13f..ee1ec24 100644 |
1985 |
+ if (current->signal->curr_ip) |
1986 |
+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
1987 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), |
1988 |
-+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); |
1989 |
++ pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc); |
1990 |
+ else |
1991 |
+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), |
1992 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), |
1993 |
-+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); |
1994 |
++ pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc); |
1995 |
+ goto die; |
1996 |
+ } |
1997 |
+#endif |
1998 |
@@ -3891,7 +3890,7 @@ index 5dbf13f..ee1ec24 100644 |
1999 |
+ if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) { |
2000 |
+ unsigned int bkpt; |
2001 |
+ |
2002 |
-+ if (!probe_kernel_address((unsigned int *)addr, bkpt) && bkpt == 0xe12f1073) { |
2003 |
++ if (!probe_kernel_address((unsigned int *)pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) { |
2004 |
+ current->thread.error_code = ifsr; |
2005 |
+ current->thread.trap_no = 0; |
2006 |
+ pax_report_refcount_overflow(regs); |
2007 |
@@ -3900,7 +3899,7 @@ index 5dbf13f..ee1ec24 100644 |
2008 |
+ } |
2009 |
+ } |
2010 |
+#endif |
2011 |
-+ |
2012 |
+ |
2013 |
if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs)) |
2014 |
return; |
2015 |
|
2016 |
@@ -5347,10 +5346,10 @@ index 4efe96a..60e8699 100644 |
2017 |
#define SMP_CACHE_BYTES L1_CACHE_BYTES |
2018 |
|
2019 |
diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h |
2020 |
-index 08b6079..eb272cf 100644 |
2021 |
+index 08b6079..e94e6da 100644 |
2022 |
--- a/arch/mips/include/asm/atomic.h |
2023 |
+++ b/arch/mips/include/asm/atomic.h |
2024 |
-@@ -21,6 +21,10 @@ |
2025 |
+@@ -21,15 +21,39 @@ |
2026 |
#include <asm/cmpxchg.h> |
2027 |
#include <asm/war.h> |
2028 |
|
2029 |
@@ -5360,24 +5359,887 @@ index 08b6079..eb272cf 100644 |
2030 |
+ |
2031 |
#define ATOMIC_INIT(i) { (i) } |
2032 |
|
2033 |
++#ifdef CONFIG_64BIT |
2034 |
++#define _ASM_EXTABLE(from, to) \ |
2035 |
++" .section __ex_table,\"a\"\n" \ |
2036 |
++" .dword " #from ", " #to"\n" \ |
2037 |
++" .previous\n" |
2038 |
++#else |
2039 |
++#define _ASM_EXTABLE(from, to) \ |
2040 |
++" .section __ex_table,\"a\"\n" \ |
2041 |
++" .word " #from ", " #to"\n" \ |
2042 |
++" .previous\n" |
2043 |
++#endif |
2044 |
++ |
2045 |
/* |
2046 |
-@@ -759,6 +763,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) |
2047 |
+ * atomic_read - read atomic variable |
2048 |
+ * @v: pointer of type atomic_t |
2049 |
+ * |
2050 |
+ * Atomically reads the value of @v. |
2051 |
*/ |
2052 |
- #define atomic64_add_negative(i, v) (atomic64_add_return(i, (v)) < 0) |
2053 |
+-#define atomic_read(v) (*(volatile int *)&(v)->counter) |
2054 |
++static inline int atomic_read(const atomic_t *v) |
2055 |
++{ |
2056 |
++ return (*(volatile const int *) &v->counter); |
2057 |
++} |
2058 |
++ |
2059 |
++static inline int atomic_read_unchecked(const atomic_unchecked_t *v) |
2060 |
++{ |
2061 |
++ return (*(volatile const int *) &v->counter); |
2062 |
++} |
2063 |
|
2064 |
-+#define atomic64_read_unchecked(v) atomic64_read(v) |
2065 |
-+#define atomic64_set_unchecked(v, i) atomic64_set((v), (i)) |
2066 |
-+#define atomic64_add_unchecked(a, v) atomic64_add((a), (v)) |
2067 |
-+#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v)) |
2068 |
-+#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v)) |
2069 |
-+#define atomic64_inc_unchecked(v) atomic64_inc(v) |
2070 |
-+#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v) |
2071 |
-+#define atomic64_dec_unchecked(v) atomic64_dec(v) |
2072 |
-+#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n)) |
2073 |
+ /* |
2074 |
+ * atomic_set - set atomic variable |
2075 |
+@@ -38,7 +62,15 @@ |
2076 |
+ * |
2077 |
+ * Atomically sets the value of @v to @i. |
2078 |
+ */ |
2079 |
+-#define atomic_set(v, i) ((v)->counter = (i)) |
2080 |
++static inline void atomic_set(atomic_t *v, int i) |
2081 |
++{ |
2082 |
++ v->counter = i; |
2083 |
++} |
2084 |
+ |
2085 |
- #endif /* CONFIG_64BIT */ |
2086 |
++static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i) |
2087 |
++{ |
2088 |
++ v->counter = i; |
2089 |
++} |
2090 |
+ |
2091 |
+ /* |
2092 |
+ * atomic_add - add integer to atomic variable |
2093 |
+@@ -47,7 +79,67 @@ |
2094 |
+ * |
2095 |
+ * Atomically adds @i to @v. |
2096 |
+ */ |
2097 |
+-static __inline__ void atomic_add(int i, atomic_t * v) |
2098 |
++static __inline__ void atomic_add(int i, atomic_t *v) |
2099 |
++{ |
2100 |
++ int temp; |
2101 |
++ |
2102 |
++ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2103 |
++ __asm__ __volatile__( |
2104 |
++ " .set mips3 \n" |
2105 |
++ "1: ll %0, %1 # atomic_add \n" |
2106 |
++#ifdef CONFIG_PAX_REFCOUNT |
2107 |
++ /* Exception on overflow. */ |
2108 |
++ "2: add %0, %2 \n" |
2109 |
++#else |
2110 |
++ " addu %0, %2 \n" |
2111 |
++#endif |
2112 |
++ " sc %0, %1 \n" |
2113 |
++ " beqzl %0, 1b \n" |
2114 |
++#ifdef CONFIG_PAX_REFCOUNT |
2115 |
++ "3: \n" |
2116 |
++ _ASM_EXTABLE(2b, 3b) |
2117 |
++#endif |
2118 |
++ " .set mips0 \n" |
2119 |
++ : "=&r" (temp), "+m" (v->counter) |
2120 |
++ : "Ir" (i)); |
2121 |
++ } else if (kernel_uses_llsc) { |
2122 |
++ __asm__ __volatile__( |
2123 |
++ " .set mips3 \n" |
2124 |
++ "1: ll %0, %1 # atomic_add \n" |
2125 |
++#ifdef CONFIG_PAX_REFCOUNT |
2126 |
++ /* Exception on overflow. */ |
2127 |
++ "2: add %0, %2 \n" |
2128 |
++#else |
2129 |
++ " addu %0, %2 \n" |
2130 |
++#endif |
2131 |
++ " sc %0, %1 \n" |
2132 |
++ " beqz %0, 1b \n" |
2133 |
++#ifdef CONFIG_PAX_REFCOUNT |
2134 |
++ "3: \n" |
2135 |
++ _ASM_EXTABLE(2b, 3b) |
2136 |
++#endif |
2137 |
++ " .set mips0 \n" |
2138 |
++ : "=&r" (temp), "+m" (v->counter) |
2139 |
++ : "Ir" (i)); |
2140 |
++ } else { |
2141 |
++ unsigned long flags; |
2142 |
++ |
2143 |
++ raw_local_irq_save(flags); |
2144 |
++ __asm__ __volatile__( |
2145 |
++#ifdef CONFIG_PAX_REFCOUNT |
2146 |
++ /* Exception on overflow. */ |
2147 |
++ "1: add %0, %1 \n" |
2148 |
++ "2: \n" |
2149 |
++ _ASM_EXTABLE(1b, 2b) |
2150 |
++#else |
2151 |
++ " addu %0, %1 \n" |
2152 |
++#endif |
2153 |
++ : "+r" (v->counter) : "Ir" (i)); |
2154 |
++ raw_local_irq_restore(flags); |
2155 |
++ } |
2156 |
++} |
2157 |
++ |
2158 |
++static __inline__ void atomic_add_unchecked(int i, atomic_unchecked_t *v) |
2159 |
+ { |
2160 |
+ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2161 |
+ int temp; |
2162 |
+@@ -90,7 +182,67 @@ static __inline__ void atomic_add(int i, atomic_t * v) |
2163 |
+ * |
2164 |
+ * Atomically subtracts @i from @v. |
2165 |
+ */ |
2166 |
+-static __inline__ void atomic_sub(int i, atomic_t * v) |
2167 |
++static __inline__ void atomic_sub(int i, atomic_t *v) |
2168 |
++{ |
2169 |
++ int temp; |
2170 |
++ |
2171 |
++ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2172 |
++ __asm__ __volatile__( |
2173 |
++ " .set mips3 \n" |
2174 |
++ "1: ll %0, %1 # atomic64_sub \n" |
2175 |
++#ifdef CONFIG_PAX_REFCOUNT |
2176 |
++ /* Exception on overflow. */ |
2177 |
++ "2: sub %0, %2 \n" |
2178 |
++#else |
2179 |
++ " subu %0, %2 \n" |
2180 |
++#endif |
2181 |
++ " sc %0, %1 \n" |
2182 |
++ " beqzl %0, 1b \n" |
2183 |
++#ifdef CONFIG_PAX_REFCOUNT |
2184 |
++ "3: \n" |
2185 |
++ _ASM_EXTABLE(2b, 3b) |
2186 |
++#endif |
2187 |
++ " .set mips0 \n" |
2188 |
++ : "=&r" (temp), "+m" (v->counter) |
2189 |
++ : "Ir" (i)); |
2190 |
++ } else if (kernel_uses_llsc) { |
2191 |
++ __asm__ __volatile__( |
2192 |
++ " .set mips3 \n" |
2193 |
++ "1: ll %0, %1 # atomic64_sub \n" |
2194 |
++#ifdef CONFIG_PAX_REFCOUNT |
2195 |
++ /* Exception on overflow. */ |
2196 |
++ "2: sub %0, %2 \n" |
2197 |
++#else |
2198 |
++ " subu %0, %2 \n" |
2199 |
++#endif |
2200 |
++ " sc %0, %1 \n" |
2201 |
++ " beqz %0, 1b \n" |
2202 |
++#ifdef CONFIG_PAX_REFCOUNT |
2203 |
++ "3: \n" |
2204 |
++ _ASM_EXTABLE(2b, 3b) |
2205 |
++#endif |
2206 |
++ " .set mips0 \n" |
2207 |
++ : "=&r" (temp), "+m" (v->counter) |
2208 |
++ : "Ir" (i)); |
2209 |
++ } else { |
2210 |
++ unsigned long flags; |
2211 |
++ |
2212 |
++ raw_local_irq_save(flags); |
2213 |
++ __asm__ __volatile__( |
2214 |
++#ifdef CONFIG_PAX_REFCOUNT |
2215 |
++ /* Exception on overflow. */ |
2216 |
++ "1: sub %0, %1 \n" |
2217 |
++ "2: \n" |
2218 |
++ _ASM_EXTABLE(1b, 2b) |
2219 |
++#else |
2220 |
++ " subu %0, %1 \n" |
2221 |
++#endif |
2222 |
++ : "+r" (v->counter) : "Ir" (i)); |
2223 |
++ raw_local_irq_restore(flags); |
2224 |
++ } |
2225 |
++} |
2226 |
++ |
2227 |
++static __inline__ void atomic_sub_unchecked(long i, atomic_unchecked_t *v) |
2228 |
+ { |
2229 |
+ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2230 |
+ int temp; |
2231 |
+@@ -129,7 +281,93 @@ static __inline__ void atomic_sub(int i, atomic_t * v) |
2232 |
+ /* |
2233 |
+ * Same as above, but return the result value |
2234 |
+ */ |
2235 |
+-static __inline__ int atomic_add_return(int i, atomic_t * v) |
2236 |
++static __inline__ int atomic_add_return(int i, atomic_t *v) |
2237 |
++{ |
2238 |
++ int result; |
2239 |
++ int temp; |
2240 |
++ |
2241 |
++ smp_mb__before_llsc(); |
2242 |
++ |
2243 |
++ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2244 |
++ __asm__ __volatile__( |
2245 |
++ " .set mips3 \n" |
2246 |
++ "1: ll %1, %2 # atomic_add_return \n" |
2247 |
++#ifdef CONFIG_PAX_REFCOUNT |
2248 |
++ "2: add %0, %1, %3 \n" |
2249 |
++#else |
2250 |
++ " addu %0, %1, %3 \n" |
2251 |
++#endif |
2252 |
++ " sc %0, %2 \n" |
2253 |
++ " beqzl %0, 1b \n" |
2254 |
++#ifdef CONFIG_PAX_REFCOUNT |
2255 |
++ " b 4f \n" |
2256 |
++ " .set noreorder \n" |
2257 |
++ "3: b 5f \n" |
2258 |
++ " move %0, %1 \n" |
2259 |
++ " .set reorder \n" |
2260 |
++ _ASM_EXTABLE(2b, 3b) |
2261 |
++#endif |
2262 |
++ "4: addu %0, %1, %3 \n" |
2263 |
++#ifdef CONFIG_PAX_REFCOUNT |
2264 |
++ "5: \n" |
2265 |
++#endif |
2266 |
++ " .set mips0 \n" |
2267 |
++ : "=&r" (result), "=&r" (temp), "+m" (v->counter) |
2268 |
++ : "Ir" (i)); |
2269 |
++ } else if (kernel_uses_llsc) { |
2270 |
++ __asm__ __volatile__( |
2271 |
++ " .set mips3 \n" |
2272 |
++ "1: ll %1, %2 # atomic_add_return \n" |
2273 |
++#ifdef CONFIG_PAX_REFCOUNT |
2274 |
++ "2: add %0, %1, %3 \n" |
2275 |
++#else |
2276 |
++ " addu %0, %1, %3 \n" |
2277 |
++#endif |
2278 |
++ " sc %0, %2 \n" |
2279 |
++ " bnez %0, 4f \n" |
2280 |
++ " b 1b \n" |
2281 |
++#ifdef CONFIG_PAX_REFCOUNT |
2282 |
++ " .set noreorder \n" |
2283 |
++ "3: b 5f \n" |
2284 |
++ " move %0, %1 \n" |
2285 |
++ " .set reorder \n" |
2286 |
++ _ASM_EXTABLE(2b, 3b) |
2287 |
++#endif |
2288 |
++ "4: addu %0, %1, %3 \n" |
2289 |
++#ifdef CONFIG_PAX_REFCOUNT |
2290 |
++ "5: \n" |
2291 |
++#endif |
2292 |
++ " .set mips0 \n" |
2293 |
++ : "=&r" (result), "=&r" (temp), "+m" (v->counter) |
2294 |
++ : "Ir" (i)); |
2295 |
++ } else { |
2296 |
++ unsigned long flags; |
2297 |
++ |
2298 |
++ raw_local_irq_save(flags); |
2299 |
++ __asm__ __volatile__( |
2300 |
++ " lw %0, %1 \n" |
2301 |
++#ifdef CONFIG_PAX_REFCOUNT |
2302 |
++ /* Exception on overflow. */ |
2303 |
++ "1: add %0, %2 \n" |
2304 |
++#else |
2305 |
++ " addu %0, %2 \n" |
2306 |
++#endif |
2307 |
++ " sw %0, %1 \n" |
2308 |
++#ifdef CONFIG_PAX_REFCOUNT |
2309 |
++ /* Note: Dest reg is not modified on overflow */ |
2310 |
++ "2: \n" |
2311 |
++ _ASM_EXTABLE(1b, 2b) |
2312 |
++#endif |
2313 |
++ : "=&r" (result), "+m" (v->counter) : "Ir" (i)); |
2314 |
++ raw_local_irq_restore(flags); |
2315 |
++ } |
2316 |
++ |
2317 |
++ smp_llsc_mb(); |
2318 |
++ |
2319 |
++ return result; |
2320 |
++} |
2321 |
++ |
2322 |
++static __inline__ int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) |
2323 |
+ { |
2324 |
+ int result; |
2325 |
+ |
2326 |
+@@ -178,7 +416,93 @@ static __inline__ int atomic_add_return(int i, atomic_t * v) |
2327 |
+ return result; |
2328 |
+ } |
2329 |
+ |
2330 |
+-static __inline__ int atomic_sub_return(int i, atomic_t * v) |
2331 |
++static __inline__ int atomic_sub_return(int i, atomic_t *v) |
2332 |
++{ |
2333 |
++ int result; |
2334 |
++ int temp; |
2335 |
++ |
2336 |
++ smp_mb__before_llsc(); |
2337 |
++ |
2338 |
++ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2339 |
++ __asm__ __volatile__( |
2340 |
++ " .set mips3 \n" |
2341 |
++ "1: ll %1, %2 # atomic_sub_return \n" |
2342 |
++#ifdef CONFIG_PAX_REFCOUNT |
2343 |
++ "2: sub %0, %1, %3 \n" |
2344 |
++#else |
2345 |
++ " subu %0, %1, %3 \n" |
2346 |
++#endif |
2347 |
++ " sc %0, %2 \n" |
2348 |
++ " beqzl %0, 1b \n" |
2349 |
++#ifdef CONFIG_PAX_REFCOUNT |
2350 |
++ " b 4f \n" |
2351 |
++ " .set noreorder \n" |
2352 |
++ "3: b 5f \n" |
2353 |
++ " move %0, %1 \n" |
2354 |
++ " .set reorder \n" |
2355 |
++ _ASM_EXTABLE(2b, 3b) |
2356 |
++#endif |
2357 |
++ "4: subu %0, %1, %3 \n" |
2358 |
++#ifdef CONFIG_PAX_REFCOUNT |
2359 |
++ "5: \n" |
2360 |
++#endif |
2361 |
++ " .set mips0 \n" |
2362 |
++ : "=&r" (result), "=&r" (temp), "=m" (v->counter) |
2363 |
++ : "Ir" (i), "m" (v->counter) |
2364 |
++ : "memory"); |
2365 |
++ } else if (kernel_uses_llsc) { |
2366 |
++ __asm__ __volatile__( |
2367 |
++ " .set mips3 \n" |
2368 |
++ "1: ll %1, %2 # atomic_sub_return \n" |
2369 |
++#ifdef CONFIG_PAX_REFCOUNT |
2370 |
++ "2: sub %0, %1, %3 \n" |
2371 |
++#else |
2372 |
++ " subu %0, %1, %3 \n" |
2373 |
++#endif |
2374 |
++ " sc %0, %2 \n" |
2375 |
++ " bnez %0, 4f \n" |
2376 |
++ " b 1b \n" |
2377 |
++#ifdef CONFIG_PAX_REFCOUNT |
2378 |
++ " .set noreorder \n" |
2379 |
++ "3: b 5f \n" |
2380 |
++ " move %0, %1 \n" |
2381 |
++ " .set reorder \n" |
2382 |
++ _ASM_EXTABLE(2b, 3b) |
2383 |
++#endif |
2384 |
++ "4: subu %0, %1, %3 \n" |
2385 |
++#ifdef CONFIG_PAX_REFCOUNT |
2386 |
++ "5: \n" |
2387 |
++#endif |
2388 |
++ " .set mips0 \n" |
2389 |
++ : "=&r" (result), "=&r" (temp), "+m" (v->counter) |
2390 |
++ : "Ir" (i)); |
2391 |
++ } else { |
2392 |
++ unsigned long flags; |
2393 |
++ |
2394 |
++ raw_local_irq_save(flags); |
2395 |
++ __asm__ __volatile__( |
2396 |
++ " lw %0, %1 \n" |
2397 |
++#ifdef CONFIG_PAX_REFCOUNT |
2398 |
++ /* Exception on overflow. */ |
2399 |
++ "1: sub %0, %2 \n" |
2400 |
++#else |
2401 |
++ " subu %0, %2 \n" |
2402 |
++#endif |
2403 |
++ " sw %0, %1 \n" |
2404 |
++#ifdef CONFIG_PAX_REFCOUNT |
2405 |
++ /* Note: Dest reg is not modified on overflow */ |
2406 |
++ "2: \n" |
2407 |
++ _ASM_EXTABLE(1b, 2b) |
2408 |
++#endif |
2409 |
++ : "=&r" (result), "+m" (v->counter) : "Ir" (i)); |
2410 |
++ raw_local_irq_restore(flags); |
2411 |
++ } |
2412 |
++ |
2413 |
++ smp_llsc_mb(); |
2414 |
++ |
2415 |
++ return result; |
2416 |
++} |
2417 |
++static __inline__ int atomic_sub_return_unchecked(int i, atomic_unchecked_t *v) |
2418 |
+ { |
2419 |
+ int result; |
2420 |
+ |
2421 |
+@@ -238,7 +562,7 @@ static __inline__ int atomic_sub_return(int i, atomic_t * v) |
2422 |
+ * Atomically test @v and subtract @i if @v is greater or equal than @i. |
2423 |
+ * The function returns the old value of @v minus @i. |
2424 |
+ */ |
2425 |
+-static __inline__ int atomic_sub_if_positive(int i, atomic_t * v) |
2426 |
++static __inline__ int atomic_sub_if_positive(int i, atomic_t *v) |
2427 |
+ { |
2428 |
+ int result; |
2429 |
+ |
2430 |
+@@ -295,8 +619,26 @@ static __inline__ int atomic_sub_if_positive(int i, atomic_t * v) |
2431 |
+ return result; |
2432 |
+ } |
2433 |
+ |
2434 |
+-#define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n))) |
2435 |
+-#define atomic_xchg(v, new) (xchg(&((v)->counter), (new))) |
2436 |
++static inline int atomic_cmpxchg(atomic_t *v, int old, int new) |
2437 |
++{ |
2438 |
++ return cmpxchg(&v->counter, old, new); |
2439 |
++} |
2440 |
++ |
2441 |
++static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, |
2442 |
++ int new) |
2443 |
++{ |
2444 |
++ return cmpxchg(&(v->counter), old, new); |
2445 |
++} |
2446 |
++ |
2447 |
++static inline int atomic_xchg(atomic_t *v, int new) |
2448 |
++{ |
2449 |
++ return xchg(&v->counter, new); |
2450 |
++} |
2451 |
++ |
2452 |
++static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new) |
2453 |
++{ |
2454 |
++ return xchg(&(v->counter), new); |
2455 |
++} |
2456 |
+ |
2457 |
+ /** |
2458 |
+ * __atomic_add_unless - add unless the number is a given value |
2459 |
+@@ -324,6 +666,7 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) |
2460 |
+ |
2461 |
+ #define atomic_dec_return(v) atomic_sub_return(1, (v)) |
2462 |
+ #define atomic_inc_return(v) atomic_add_return(1, (v)) |
2463 |
++#define atomic_inc_return_unchecked(v) atomic_add_return_unchecked(1, (v)) |
2464 |
+ |
2465 |
+ /* |
2466 |
+ * atomic_sub_and_test - subtract value from variable and test result |
2467 |
+@@ -345,6 +688,7 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) |
2468 |
+ * other cases. |
2469 |
+ */ |
2470 |
+ #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0) |
2471 |
++#define atomic_inc_and_test_unchecked(v) (atomic_add_return_unchecked(1, (v)) == 0) |
2472 |
+ |
2473 |
+ /* |
2474 |
+ * atomic_dec_and_test - decrement by 1 and test |
2475 |
+@@ -369,6 +713,7 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) |
2476 |
+ * Atomically increments @v by 1. |
2477 |
+ */ |
2478 |
+ #define atomic_inc(v) atomic_add(1, (v)) |
2479 |
++#define atomic_inc_unchecked(v) atomic_add_unchecked(1, (v)) |
2480 |
+ |
2481 |
+ /* |
2482 |
+ * atomic_dec - decrement and test |
2483 |
+@@ -377,6 +722,7 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) |
2484 |
+ * Atomically decrements @v by 1. |
2485 |
+ */ |
2486 |
+ #define atomic_dec(v) atomic_sub(1, (v)) |
2487 |
++#define atomic_dec_unchecked(v) atomic_sub_return_unchecked(1, (v)) |
2488 |
+ |
2489 |
+ /* |
2490 |
+ * atomic_add_negative - add and test if negative |
2491 |
+@@ -398,14 +744,30 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) |
2492 |
+ * @v: pointer of type atomic64_t |
2493 |
+ * |
2494 |
+ */ |
2495 |
+-#define atomic64_read(v) (*(volatile long *)&(v)->counter) |
2496 |
++static inline long atomic64_read(const atomic64_t *v) |
2497 |
++{ |
2498 |
++ return (*(volatile const long *) &v->counter); |
2499 |
++} |
2500 |
++ |
2501 |
++static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v) |
2502 |
++{ |
2503 |
++ return (*(volatile const long *) &v->counter); |
2504 |
++} |
2505 |
+ |
2506 |
+ /* |
2507 |
+ * atomic64_set - set atomic variable |
2508 |
+ * @v: pointer of type atomic64_t |
2509 |
+ * @i: required value |
2510 |
+ */ |
2511 |
+-#define atomic64_set(v, i) ((v)->counter = (i)) |
2512 |
++static inline void atomic64_set(atomic64_t *v, long i) |
2513 |
++{ |
2514 |
++ v->counter = i; |
2515 |
++} |
2516 |
++ |
2517 |
++static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i) |
2518 |
++{ |
2519 |
++ v->counter = i; |
2520 |
++} |
2521 |
+ |
2522 |
+ /* |
2523 |
+ * atomic64_add - add integer to atomic variable |
2524 |
+@@ -414,7 +776,66 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) |
2525 |
+ * |
2526 |
+ * Atomically adds @i to @v. |
2527 |
+ */ |
2528 |
+-static __inline__ void atomic64_add(long i, atomic64_t * v) |
2529 |
++static __inline__ void atomic64_add(long i, atomic64_t *v) |
2530 |
++{ |
2531 |
++ long temp; |
2532 |
++ |
2533 |
++ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2534 |
++ __asm__ __volatile__( |
2535 |
++ " .set mips3 \n" |
2536 |
++ "1: lld %0, %1 # atomic64_add \n" |
2537 |
++#ifdef CONFIG_PAX_REFCOUNT |
2538 |
++ /* Exception on overflow. */ |
2539 |
++ "2: dadd %0, %2 \n" |
2540 |
++#else |
2541 |
++ " daddu %0, %2 \n" |
2542 |
++#endif |
2543 |
++ " scd %0, %1 \n" |
2544 |
++ " beqzl %0, 1b \n" |
2545 |
++#ifdef CONFIG_PAX_REFCOUNT |
2546 |
++ "3: \n" |
2547 |
++ _ASM_EXTABLE(2b, 3b) |
2548 |
++#endif |
2549 |
++ " .set mips0 \n" |
2550 |
++ : "=&r" (temp), "+m" (v->counter) |
2551 |
++ : "Ir" (i)); |
2552 |
++ } else if (kernel_uses_llsc) { |
2553 |
++ __asm__ __volatile__( |
2554 |
++ " .set mips3 \n" |
2555 |
++ "1: lld %0, %1 # atomic64_add \n" |
2556 |
++#ifdef CONFIG_PAX_REFCOUNT |
2557 |
++ /* Exception on overflow. */ |
2558 |
++ "2: dadd %0, %2 \n" |
2559 |
++#else |
2560 |
++ " daddu %0, %2 \n" |
2561 |
++#endif |
2562 |
++ " scd %0, %1 \n" |
2563 |
++ " beqz %0, 1b \n" |
2564 |
++#ifdef CONFIG_PAX_REFCOUNT |
2565 |
++ "3: \n" |
2566 |
++ _ASM_EXTABLE(2b, 3b) |
2567 |
++#endif |
2568 |
++ " .set mips0 \n" |
2569 |
++ : "=&r" (temp), "+m" (v->counter) |
2570 |
++ : "Ir" (i)); |
2571 |
++ } else { |
2572 |
++ unsigned long flags; |
2573 |
++ |
2574 |
++ raw_local_irq_save(flags); |
2575 |
++ __asm__ __volatile__( |
2576 |
++#ifdef CONFIG_PAX_REFCOUNT |
2577 |
++ /* Exception on overflow. */ |
2578 |
++ "1: dadd %0, %1 \n" |
2579 |
++ "2: \n" |
2580 |
++ _ASM_EXTABLE(1b, 2b) |
2581 |
++#else |
2582 |
++ " daddu %0, %1 \n" |
2583 |
++#endif |
2584 |
++ : "+r" (v->counter) : "Ir" (i)); |
2585 |
++ raw_local_irq_restore(flags); |
2586 |
++ } |
2587 |
++} |
2588 |
++static __inline__ void atomic64_add_unchecked(long i, atomic64_unchecked_t *v) |
2589 |
+ { |
2590 |
+ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2591 |
+ long temp; |
2592 |
+@@ -457,7 +878,67 @@ static __inline__ void atomic64_add(long i, atomic64_t * v) |
2593 |
+ * |
2594 |
+ * Atomically subtracts @i from @v. |
2595 |
+ */ |
2596 |
+-static __inline__ void atomic64_sub(long i, atomic64_t * v) |
2597 |
++static __inline__ void atomic64_sub(long i, atomic64_t *v) |
2598 |
++{ |
2599 |
++ long temp; |
2600 |
++ |
2601 |
++ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2602 |
++ __asm__ __volatile__( |
2603 |
++ " .set mips3 \n" |
2604 |
++ "1: lld %0, %1 # atomic64_sub \n" |
2605 |
++#ifdef CONFIG_PAX_REFCOUNT |
2606 |
++ /* Exception on overflow. */ |
2607 |
++ "2: dsub %0, %2 \n" |
2608 |
++#else |
2609 |
++ " dsubu %0, %2 \n" |
2610 |
++#endif |
2611 |
++ " scd %0, %1 \n" |
2612 |
++ " beqzl %0, 1b \n" |
2613 |
++#ifdef CONFIG_PAX_REFCOUNT |
2614 |
++ "3: \n" |
2615 |
++ _ASM_EXTABLE(2b, 3b) |
2616 |
++#endif |
2617 |
++ " .set mips0 \n" |
2618 |
++ : "=&r" (temp), "+m" (v->counter) |
2619 |
++ : "Ir" (i)); |
2620 |
++ } else if (kernel_uses_llsc) { |
2621 |
++ __asm__ __volatile__( |
2622 |
++ " .set mips3 \n" |
2623 |
++ "1: lld %0, %1 # atomic64_sub \n" |
2624 |
++#ifdef CONFIG_PAX_REFCOUNT |
2625 |
++ /* Exception on overflow. */ |
2626 |
++ "2: dsub %0, %2 \n" |
2627 |
++#else |
2628 |
++ " dsubu %0, %2 \n" |
2629 |
++#endif |
2630 |
++ " scd %0, %1 \n" |
2631 |
++ " beqz %0, 1b \n" |
2632 |
++#ifdef CONFIG_PAX_REFCOUNT |
2633 |
++ "3: \n" |
2634 |
++ _ASM_EXTABLE(2b, 3b) |
2635 |
++#endif |
2636 |
++ " .set mips0 \n" |
2637 |
++ : "=&r" (temp), "+m" (v->counter) |
2638 |
++ : "Ir" (i)); |
2639 |
++ } else { |
2640 |
++ unsigned long flags; |
2641 |
++ |
2642 |
++ raw_local_irq_save(flags); |
2643 |
++ __asm__ __volatile__( |
2644 |
++#ifdef CONFIG_PAX_REFCOUNT |
2645 |
++ /* Exception on overflow. */ |
2646 |
++ "1: dsub %0, %1 \n" |
2647 |
++ "2: \n" |
2648 |
++ _ASM_EXTABLE(1b, 2b) |
2649 |
++#else |
2650 |
++ " dsubu %0, %1 \n" |
2651 |
++#endif |
2652 |
++ : "+r" (v->counter) : "Ir" (i)); |
2653 |
++ raw_local_irq_restore(flags); |
2654 |
++ } |
2655 |
++} |
2656 |
++ |
2657 |
++static __inline__ void atomic64_sub_unchecked(long i, atomic64_unchecked_t *v) |
2658 |
+ { |
2659 |
+ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2660 |
+ long temp; |
2661 |
+@@ -496,7 +977,93 @@ static __inline__ void atomic64_sub(long i, atomic64_t * v) |
2662 |
+ /* |
2663 |
+ * Same as above, but return the result value |
2664 |
+ */ |
2665 |
+-static __inline__ long atomic64_add_return(long i, atomic64_t * v) |
2666 |
++static __inline__ long atomic64_add_return(long i, atomic64_t *v) |
2667 |
++{ |
2668 |
++ long result; |
2669 |
++ long temp; |
2670 |
++ |
2671 |
++ smp_mb__before_llsc(); |
2672 |
++ |
2673 |
++ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2674 |
++ __asm__ __volatile__( |
2675 |
++ " .set mips3 \n" |
2676 |
++ "1: lld %1, %2 # atomic64_add_return \n" |
2677 |
++#ifdef CONFIG_PAX_REFCOUNT |
2678 |
++ "2: dadd %0, %1, %3 \n" |
2679 |
++#else |
2680 |
++ " daddu %0, %1, %3 \n" |
2681 |
++#endif |
2682 |
++ " scd %0, %2 \n" |
2683 |
++ " beqzl %0, 1b \n" |
2684 |
++#ifdef CONFIG_PAX_REFCOUNT |
2685 |
++ " b 4f \n" |
2686 |
++ " .set noreorder \n" |
2687 |
++ "3: b 5f \n" |
2688 |
++ " move %0, %1 \n" |
2689 |
++ " .set reorder \n" |
2690 |
++ _ASM_EXTABLE(2b, 3b) |
2691 |
++#endif |
2692 |
++ "4: daddu %0, %1, %3 \n" |
2693 |
++#ifdef CONFIG_PAX_REFCOUNT |
2694 |
++ "5: \n" |
2695 |
++#endif |
2696 |
++ " .set mips0 \n" |
2697 |
++ : "=&r" (result), "=&r" (temp), "+m" (v->counter) |
2698 |
++ : "Ir" (i)); |
2699 |
++ } else if (kernel_uses_llsc) { |
2700 |
++ __asm__ __volatile__( |
2701 |
++ " .set mips3 \n" |
2702 |
++ "1: lld %1, %2 # atomic64_add_return \n" |
2703 |
++#ifdef CONFIG_PAX_REFCOUNT |
2704 |
++ "2: dadd %0, %1, %3 \n" |
2705 |
++#else |
2706 |
++ " daddu %0, %1, %3 \n" |
2707 |
++#endif |
2708 |
++ " scd %0, %2 \n" |
2709 |
++ " bnez %0, 4f \n" |
2710 |
++ " b 1b \n" |
2711 |
++#ifdef CONFIG_PAX_REFCOUNT |
2712 |
++ " .set noreorder \n" |
2713 |
++ "3: b 5f \n" |
2714 |
++ " move %0, %1 \n" |
2715 |
++ " .set reorder \n" |
2716 |
++ _ASM_EXTABLE(2b, 3b) |
2717 |
++#endif |
2718 |
++ "4: daddu %0, %1, %3 \n" |
2719 |
++#ifdef CONFIG_PAX_REFCOUNT |
2720 |
++ "5: \n" |
2721 |
++#endif |
2722 |
++ " .set mips0 \n" |
2723 |
++ : "=&r" (result), "=&r" (temp), "=m" (v->counter) |
2724 |
++ : "Ir" (i), "m" (v->counter) |
2725 |
++ : "memory"); |
2726 |
++ } else { |
2727 |
++ unsigned long flags; |
2728 |
++ |
2729 |
++ raw_local_irq_save(flags); |
2730 |
++ __asm__ __volatile__( |
2731 |
++ " ld %0, %1 \n" |
2732 |
++#ifdef CONFIG_PAX_REFCOUNT |
2733 |
++ /* Exception on overflow. */ |
2734 |
++ "1: dadd %0, %2 \n" |
2735 |
++#else |
2736 |
++ " daddu %0, %2 \n" |
2737 |
++#endif |
2738 |
++ " sd %0, %1 \n" |
2739 |
++#ifdef CONFIG_PAX_REFCOUNT |
2740 |
++ /* Note: Dest reg is not modified on overflow */ |
2741 |
++ "2: \n" |
2742 |
++ _ASM_EXTABLE(1b, 2b) |
2743 |
++#endif |
2744 |
++ : "=&r" (result), "+m" (v->counter) : "Ir" (i)); |
2745 |
++ raw_local_irq_restore(flags); |
2746 |
++ } |
2747 |
++ |
2748 |
++ smp_llsc_mb(); |
2749 |
++ |
2750 |
++ return result; |
2751 |
++} |
2752 |
++static __inline__ long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v) |
2753 |
+ { |
2754 |
+ long result; |
2755 |
+ |
2756 |
+@@ -546,7 +1113,97 @@ static __inline__ long atomic64_add_return(long i, atomic64_t * v) |
2757 |
+ return result; |
2758 |
+ } |
2759 |
+ |
2760 |
+-static __inline__ long atomic64_sub_return(long i, atomic64_t * v) |
2761 |
++static __inline__ long atomic64_sub_return(long i, atomic64_t *v) |
2762 |
++{ |
2763 |
++ long result; |
2764 |
++ long temp; |
2765 |
++ |
2766 |
++ smp_mb__before_llsc(); |
2767 |
++ |
2768 |
++ if (kernel_uses_llsc && R10000_LLSC_WAR) { |
2769 |
++ long temp; |
2770 |
++ |
2771 |
++ __asm__ __volatile__( |
2772 |
++ " .set mips3 \n" |
2773 |
++ "1: lld %1, %2 # atomic64_sub_return \n" |
2774 |
++#ifdef CONFIG_PAX_REFCOUNT |
2775 |
++ "2: dsub %0, %1, %3 \n" |
2776 |
++#else |
2777 |
++ " dsubu %0, %1, %3 \n" |
2778 |
++#endif |
2779 |
++ " scd %0, %2 \n" |
2780 |
++ " beqzl %0, 1b \n" |
2781 |
++#ifdef CONFIG_PAX_REFCOUNT |
2782 |
++ " b 4f \n" |
2783 |
++ " .set noreorder \n" |
2784 |
++ "3: b 5f \n" |
2785 |
++ " move %0, %1 \n" |
2786 |
++ " .set reorder \n" |
2787 |
++ _ASM_EXTABLE(2b, 3b) |
2788 |
++#endif |
2789 |
++ "4: dsubu %0, %1, %3 \n" |
2790 |
++#ifdef CONFIG_PAX_REFCOUNT |
2791 |
++ "5: \n" |
2792 |
++#endif |
2793 |
++ " .set mips0 \n" |
2794 |
++ : "=&r" (result), "=&r" (temp), "=m" (v->counter) |
2795 |
++ : "Ir" (i), "m" (v->counter) |
2796 |
++ : "memory"); |
2797 |
++ } else if (kernel_uses_llsc) { |
2798 |
++ __asm__ __volatile__( |
2799 |
++ " .set mips3 \n" |
2800 |
++ "1: lld %1, %2 # atomic64_sub_return \n" |
2801 |
++#ifdef CONFIG_PAX_REFCOUNT |
2802 |
++ "2: dsub %0, %1, %3 \n" |
2803 |
++#else |
2804 |
++ " dsubu %0, %1, %3 \n" |
2805 |
++#endif |
2806 |
++ " scd %0, %2 \n" |
2807 |
++ " bnez %0, 4f \n" |
2808 |
++ " b 1b \n" |
2809 |
++#ifdef CONFIG_PAX_REFCOUNT |
2810 |
++ " .set noreorder \n" |
2811 |
++ "3: b 5f \n" |
2812 |
++ " move %0, %1 \n" |
2813 |
++ " .set reorder \n" |
2814 |
++ _ASM_EXTABLE(2b, 3b) |
2815 |
++#endif |
2816 |
++ "4: dsubu %0, %1, %3 \n" |
2817 |
++#ifdef CONFIG_PAX_REFCOUNT |
2818 |
++ "5: \n" |
2819 |
++#endif |
2820 |
++ " .set mips0 \n" |
2821 |
++ : "=&r" (result), "=&r" (temp), "=m" (v->counter) |
2822 |
++ : "Ir" (i), "m" (v->counter) |
2823 |
++ : "memory"); |
2824 |
++ } else { |
2825 |
++ unsigned long flags; |
2826 |
++ |
2827 |
++ raw_local_irq_save(flags); |
2828 |
++ __asm__ __volatile__( |
2829 |
++ " ld %0, %1 \n" |
2830 |
++#ifdef CONFIG_PAX_REFCOUNT |
2831 |
++ /* Exception on overflow. */ |
2832 |
++ "1: dsub %0, %2 \n" |
2833 |
++#else |
2834 |
++ " dsubu %0, %2 \n" |
2835 |
++#endif |
2836 |
++ " sd %0, %1 \n" |
2837 |
++#ifdef CONFIG_PAX_REFCOUNT |
2838 |
++ /* Note: Dest reg is not modified on overflow */ |
2839 |
++ "2: \n" |
2840 |
++ _ASM_EXTABLE(1b, 2b) |
2841 |
++#endif |
2842 |
++ : "=&r" (result), "+m" (v->counter) : "Ir" (i)); |
2843 |
++ raw_local_irq_restore(flags); |
2844 |
++ } |
2845 |
++ |
2846 |
++ smp_llsc_mb(); |
2847 |
++ |
2848 |
++ return result; |
2849 |
++} |
2850 |
++ |
2851 |
++static __inline__ long atomic64_sub_return_unchecked(long i, atomic64_unchecked_t *v) |
2852 |
+ { |
2853 |
+ long result; |
2854 |
+ |
2855 |
+@@ -605,7 +1262,7 @@ static __inline__ long atomic64_sub_return(long i, atomic64_t * v) |
2856 |
+ * Atomically test @v and subtract @i if @v is greater or equal than @i. |
2857 |
+ * The function returns the old value of @v minus @i. |
2858 |
+ */ |
2859 |
+-static __inline__ long atomic64_sub_if_positive(long i, atomic64_t * v) |
2860 |
++static __inline__ long atomic64_sub_if_positive(long i, atomic64_t *v) |
2861 |
+ { |
2862 |
+ long result; |
2863 |
+ |
2864 |
+@@ -662,9 +1319,26 @@ static __inline__ long atomic64_sub_if_positive(long i, atomic64_t * v) |
2865 |
+ return result; |
2866 |
+ } |
2867 |
+ |
2868 |
+-#define atomic64_cmpxchg(v, o, n) \ |
2869 |
+- ((__typeof__((v)->counter))cmpxchg(&((v)->counter), (o), (n))) |
2870 |
+-#define atomic64_xchg(v, new) (xchg(&((v)->counter), (new))) |
2871 |
++static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) |
2872 |
++{ |
2873 |
++ return cmpxchg(&v->counter, old, new); |
2874 |
++} |
2875 |
++ |
2876 |
++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, |
2877 |
++ long new) |
2878 |
++{ |
2879 |
++ return cmpxchg(&(v->counter), old, new); |
2880 |
++} |
2881 |
++ |
2882 |
++static inline long atomic64_xchg(atomic64_t *v, long new) |
2883 |
++{ |
2884 |
++ return xchg(&v->counter, new); |
2885 |
++} |
2886 |
++ |
2887 |
++static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new) |
2888 |
++{ |
2889 |
++ return xchg(&(v->counter), new); |
2890 |
++} |
2891 |
+ |
2892 |
+ /** |
2893 |
+ * atomic64_add_unless - add unless the number is a given value |
2894 |
+@@ -694,6 +1368,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) |
2895 |
+ |
2896 |
+ #define atomic64_dec_return(v) atomic64_sub_return(1, (v)) |
2897 |
+ #define atomic64_inc_return(v) atomic64_add_return(1, (v)) |
2898 |
++#define atomic64_inc_return_unchecked(v) atomic64_add_return_unchecked(1, (v)) |
2899 |
|
2900 |
/* |
2901 |
+ * atomic64_sub_and_test - subtract value from variable and test result |
2902 |
+@@ -715,6 +1390,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) |
2903 |
+ * other cases. |
2904 |
+ */ |
2905 |
+ #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0) |
2906 |
++#define atomic64_inc_and_test_unchecked(v) atomic64_add_return_unchecked(1, (v)) == 0) |
2907 |
+ |
2908 |
+ /* |
2909 |
+ * atomic64_dec_and_test - decrement by 1 and test |
2910 |
+@@ -739,6 +1415,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) |
2911 |
+ * Atomically increments @v by 1. |
2912 |
+ */ |
2913 |
+ #define atomic64_inc(v) atomic64_add(1, (v)) |
2914 |
++#define atomic64_inc_unchecked(v) atomic64_add_unchecked(1, (v)) |
2915 |
+ |
2916 |
+ /* |
2917 |
+ * atomic64_dec - decrement and test |
2918 |
+@@ -747,6 +1424,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) |
2919 |
+ * Atomically decrements @v by 1. |
2920 |
+ */ |
2921 |
+ #define atomic64_dec(v) atomic64_sub(1, (v)) |
2922 |
++#define atomic64_dec_unchecked(v) atomic64_sub_unchecked(1, (v)) |
2923 |
+ |
2924 |
+ /* |
2925 |
+ * atomic64_add_negative - add and test if negative |
2926 |
diff --git a/arch/mips/include/asm/cache.h b/arch/mips/include/asm/cache.h |
2927 |
index b4db69f..8f3b093 100644 |
2928 |
--- a/arch/mips/include/asm/cache.h |
2929 |
@@ -5721,6 +6583,29 @@ index 74f485d..47d2c38 100644 |
2930 |
LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? |
2931 |
and t0, t1, t0 |
2932 |
bnez t0, trace_a_syscall |
2933 |
+diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c |
2934 |
+index a75ae40..0d0f56a 100644 |
2935 |
+--- a/arch/mips/kernel/traps.c |
2936 |
++++ b/arch/mips/kernel/traps.c |
2937 |
+@@ -675,7 +675,17 @@ asmlinkage void do_ov(struct pt_regs *regs) |
2938 |
+ { |
2939 |
+ siginfo_t info; |
2940 |
+ |
2941 |
+- die_if_kernel("Integer overflow", regs); |
2942 |
++ if (unlikely(!user_mode(regs))) { |
2943 |
++ |
2944 |
++#ifdef CONFIG_PAX_REFCOUNT |
2945 |
++ if (fixup_exception(regs)) { |
2946 |
++ pax_report_refcount_overflow(regs); |
2947 |
++ return; |
2948 |
++ } |
2949 |
++#endif |
2950 |
++ |
2951 |
++ die("Integer overflow", regs); |
2952 |
++ } |
2953 |
+ |
2954 |
+ info.si_code = FPE_INTOVF; |
2955 |
+ info.si_signo = SIGFPE; |
2956 |
diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c |
2957 |
index 0fead53..eeb00a6 100644 |
2958 |
--- a/arch/mips/mm/fault.c |
2959 |
@@ -16806,15 +17691,17 @@ index a1df6e8..e002940 100644 |
2960 |
#endif |
2961 |
#endif /* _ASM_X86_THREAD_INFO_H */ |
2962 |
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h |
2963 |
-index 50a7fc0..7c437a7 100644 |
2964 |
+index 50a7fc0..45844c0 100644 |
2965 |
--- a/arch/x86/include/asm/tlbflush.h |
2966 |
+++ b/arch/x86/include/asm/tlbflush.h |
2967 |
-@@ -17,18 +17,40 @@ |
2968 |
+@@ -17,18 +17,44 @@ |
2969 |
|
2970 |
static inline void __native_flush_tlb(void) |
2971 |
{ |
2972 |
+ if (static_cpu_has(X86_FEATURE_INVPCID)) { |
2973 |
+ unsigned long descriptor[2]; |
2974 |
++ |
2975 |
++ descriptor[0] = PCID_KERNEL; |
2976 |
+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory"); |
2977 |
+ return; |
2978 |
+ } |
2979 |
@@ -16838,15 +17725,17 @@ index 50a7fc0..7c437a7 100644 |
2980 |
- unsigned long cr4; |
2981 |
+ if (static_cpu_has(X86_FEATURE_INVPCID)) { |
2982 |
+ unsigned long descriptor[2]; |
2983 |
-+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_GLOBAL) : "memory"); |
2984 |
-+ } else { |
2985 |
-+ unsigned long cr4; |
2986 |
|
2987 |
- cr4 = native_read_cr4(); |
2988 |
- /* clear PGE */ |
2989 |
- native_write_cr4(cr4 & ~X86_CR4_PGE); |
2990 |
- /* write old PGE again and flush TLBs */ |
2991 |
- native_write_cr4(cr4); |
2992 |
++ descriptor[0] = PCID_KERNEL; |
2993 |
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_GLOBAL) : "memory"); |
2994 |
++ } else { |
2995 |
++ unsigned long cr4; |
2996 |
++ |
2997 |
+ cr4 = native_read_cr4(); |
2998 |
+ /* clear PGE */ |
2999 |
+ native_write_cr4(cr4 & ~X86_CR4_PGE); |
3000 |
@@ -16856,7 +17745,7 @@ index 50a7fc0..7c437a7 100644 |
3001 |
} |
3002 |
|
3003 |
static inline void __native_flush_tlb_global(void) |
3004 |
-@@ -49,6 +71,42 @@ static inline void __native_flush_tlb_global(void) |
3005 |
+@@ -49,6 +75,42 @@ static inline void __native_flush_tlb_global(void) |
3006 |
|
3007 |
static inline void __native_flush_tlb_single(unsigned long addr) |
3008 |
{ |
3009 |
@@ -17350,7 +18239,7 @@ index 7f760a9..04b1c65 100644 |
3010 |
} |
3011 |
|
3012 |
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h |
3013 |
-index 142810c..1f2a0a7 100644 |
3014 |
+index 142810c..1dbe82f 100644 |
3015 |
--- a/arch/x86/include/asm/uaccess_64.h |
3016 |
+++ b/arch/x86/include/asm/uaccess_64.h |
3017 |
@@ -10,6 +10,9 @@ |
3018 |
@@ -17669,8 +18558,9 @@ index 142810c..1f2a0a7 100644 |
3019 |
} |
3020 |
} |
3021 |
|
3022 |
- static __must_check __always_inline int |
3023 |
+-static __must_check __always_inline int |
3024 |
-__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) |
3025 |
++static __must_check __always_inline unsigned long |
3026 |
+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) |
3027 |
{ |
3028 |
- return copy_user_generic(dst, (__force const void *)src, size); |
3029 |
@@ -38535,10 +39425,112 @@ index 8c04943..4370ed9 100644 |
3030 |
err = drm_debugfs_create_files(dc->debugfs_files, |
3031 |
ARRAY_SIZE(debugfs_files), |
3032 |
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
3033 |
-index 402f486..f862d7e 100644 |
3034 |
+index 402f486..5340852 100644 |
3035 |
--- a/drivers/hid/hid-core.c |
3036 |
+++ b/drivers/hid/hid-core.c |
3037 |
-@@ -2275,7 +2275,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); |
3038 |
+@@ -63,6 +63,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, |
3039 |
+ struct hid_report_enum *report_enum = device->report_enum + type; |
3040 |
+ struct hid_report *report; |
3041 |
+ |
3042 |
++ if (id >= HID_MAX_IDS) |
3043 |
++ return NULL; |
3044 |
+ if (report_enum->report_id_hash[id]) |
3045 |
+ return report_enum->report_id_hash[id]; |
3046 |
+ |
3047 |
+@@ -404,8 +406,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item) |
3048 |
+ |
3049 |
+ case HID_GLOBAL_ITEM_TAG_REPORT_ID: |
3050 |
+ parser->global.report_id = item_udata(item); |
3051 |
+- if (parser->global.report_id == 0) { |
3052 |
+- hid_err(parser->device, "report_id 0 is invalid\n"); |
3053 |
++ if (parser->global.report_id == 0 || |
3054 |
++ parser->global.report_id >= HID_MAX_IDS) { |
3055 |
++ hid_err(parser->device, "report_id %u is invalid\n", |
3056 |
++ parser->global.report_id); |
3057 |
+ return -1; |
3058 |
+ } |
3059 |
+ return 0; |
3060 |
+@@ -575,7 +579,7 @@ static void hid_close_report(struct hid_device *device) |
3061 |
+ for (i = 0; i < HID_REPORT_TYPES; i++) { |
3062 |
+ struct hid_report_enum *report_enum = device->report_enum + i; |
3063 |
+ |
3064 |
+- for (j = 0; j < 256; j++) { |
3065 |
++ for (j = 0; j < HID_MAX_IDS; j++) { |
3066 |
+ struct hid_report *report = report_enum->report_id_hash[j]; |
3067 |
+ if (report) |
3068 |
+ hid_free_report(report); |
3069 |
+@@ -755,6 +759,56 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size) |
3070 |
+ } |
3071 |
+ EXPORT_SYMBOL_GPL(hid_parse_report); |
3072 |
+ |
3073 |
++static const char * const hid_report_names[] = { |
3074 |
++ "HID_INPUT_REPORT", |
3075 |
++ "HID_OUTPUT_REPORT", |
3076 |
++ "HID_FEATURE_REPORT", |
3077 |
++}; |
3078 |
++/** |
3079 |
++ * hid_validate_report - validate existing device report |
3080 |
++ * |
3081 |
++ * @device: hid device |
3082 |
++ * @type: which report type to examine |
3083 |
++ * @id: which report ID to examine (0 for first) |
3084 |
++ * @fields: expected number of fields |
3085 |
++ * @report_counts: expected number of values per field |
3086 |
++ * |
3087 |
++ * Validate the report details after parsing. |
3088 |
++ */ |
3089 |
++struct hid_report *hid_validate_report(struct hid_device *hid, |
3090 |
++ unsigned int type, unsigned int id, |
3091 |
++ unsigned int fields, |
3092 |
++ unsigned int report_counts) |
3093 |
++{ |
3094 |
++ struct hid_report *report; |
3095 |
++ unsigned int i; |
3096 |
++ |
3097 |
++ if (type > HID_FEATURE_REPORT) { |
3098 |
++ hid_err(hid, "invalid HID report %u\n", type); |
3099 |
++ return NULL; |
3100 |
++ } |
3101 |
++ |
3102 |
++ report = hid->report_enum[type].report_id_hash[id]; |
3103 |
++ if (!report) { |
3104 |
++ hid_err(hid, "missing %s %u\n", hid_report_names[type], id); |
3105 |
++ return NULL; |
3106 |
++ } |
3107 |
++ if (report->maxfield < fields) { |
3108 |
++ hid_err(hid, "not enough fields in %s %u\n", |
3109 |
++ hid_report_names[type], id); |
3110 |
++ return NULL; |
3111 |
++ } |
3112 |
++ for (i = 0; i < fields; i++) { |
3113 |
++ if (report->field[i]->report_count < report_counts) { |
3114 |
++ hid_err(hid, "not enough values in %s %u fields\n", |
3115 |
++ hid_report_names[type], id); |
3116 |
++ return NULL; |
3117 |
++ } |
3118 |
++ } |
3119 |
++ return report; |
3120 |
++} |
3121 |
++EXPORT_SYMBOL_GPL(hid_validate_report); |
3122 |
++ |
3123 |
+ /** |
3124 |
+ * hid_open_report - open a driver-specific device report |
3125 |
+ * |
3126 |
+@@ -1152,7 +1206,12 @@ EXPORT_SYMBOL_GPL(hid_output_report); |
3127 |
+ |
3128 |
+ int hid_set_field(struct hid_field *field, unsigned offset, __s32 value) |
3129 |
+ { |
3130 |
+- unsigned size = field->report_size; |
3131 |
++ unsigned size; |
3132 |
++ |
3133 |
++ if (!field) |
3134 |
++ return -1; |
3135 |
++ |
3136 |
++ size = field->report_size; |
3137 |
+ |
3138 |
+ hid_dump_input(field->report->device, field->usage + offset, value); |
3139 |
+ |
3140 |
+@@ -2275,7 +2334,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); |
3141 |
|
3142 |
int hid_add_device(struct hid_device *hdev) |
3143 |
{ |
3144 |
@@ -38547,7 +39539,7 @@ index 402f486..f862d7e 100644 |
3145 |
int ret; |
3146 |
|
3147 |
if (WARN_ON(hdev->status & HID_STAT_ADDED)) |
3148 |
-@@ -2309,7 +2309,7 @@ int hid_add_device(struct hid_device *hdev) |
3149 |
+@@ -2309,7 +2368,7 @@ int hid_add_device(struct hid_device *hdev) |
3150 |
/* XXX hack, any other cleaner solution after the driver core |
3151 |
* is converted to allow more than 20 bytes as the device name? */ |
3152 |
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, |
3153 |
@@ -38556,6 +39548,349 @@ index 402f486..f862d7e 100644 |
3154 |
|
3155 |
hid_debug_register(hdev, dev_name(&hdev->dev)); |
3156 |
ret = device_add(&hdev->dev); |
3157 |
+diff --git a/drivers/hid/hid-lenovo-tpkbd.c b/drivers/hid/hid-lenovo-tpkbd.c |
3158 |
+index 07837f5..b697ada 100644 |
3159 |
+--- a/drivers/hid/hid-lenovo-tpkbd.c |
3160 |
++++ b/drivers/hid/hid-lenovo-tpkbd.c |
3161 |
+@@ -341,6 +341,11 @@ static int tpkbd_probe_tp(struct hid_device *hdev) |
3162 |
+ char *name_mute, *name_micmute; |
3163 |
+ int ret; |
3164 |
+ |
3165 |
++ /* Validate required reports. */ |
3166 |
++ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, 4, 4, 1) || |
3167 |
++ !hid_validate_report(hdev, HID_OUTPUT_REPORT, 3, 1, 2)) |
3168 |
++ return -ENODEV; |
3169 |
++ |
3170 |
+ if (sysfs_create_group(&hdev->dev.kobj, |
3171 |
+ &tpkbd_attr_group_pointer)) { |
3172 |
+ hid_warn(hdev, "Could not create sysfs group\n"); |
3173 |
+diff --git a/drivers/hid/hid-lg2ff.c b/drivers/hid/hid-lg2ff.c |
3174 |
+index b3cd150..9805197 100644 |
3175 |
+--- a/drivers/hid/hid-lg2ff.c |
3176 |
++++ b/drivers/hid/hid-lg2ff.c |
3177 |
+@@ -64,26 +64,13 @@ int lg2ff_init(struct hid_device *hid) |
3178 |
+ struct hid_report *report; |
3179 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, |
3180 |
+ struct hid_input, list); |
3181 |
+- struct list_head *report_list = |
3182 |
+- &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
3183 |
+ struct input_dev *dev = hidinput->input; |
3184 |
+ int error; |
3185 |
+ |
3186 |
+- if (list_empty(report_list)) { |
3187 |
+- hid_err(hid, "no output report found\n"); |
3188 |
++ /* Check that the report looks ok */ |
3189 |
++ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7); |
3190 |
++ if (!report) |
3191 |
+ return -ENODEV; |
3192 |
+- } |
3193 |
+- |
3194 |
+- report = list_entry(report_list->next, struct hid_report, list); |
3195 |
+- |
3196 |
+- if (report->maxfield < 1) { |
3197 |
+- hid_err(hid, "output report is empty\n"); |
3198 |
+- return -ENODEV; |
3199 |
+- } |
3200 |
+- if (report->field[0]->report_count < 7) { |
3201 |
+- hid_err(hid, "not enough values in the field\n"); |
3202 |
+- return -ENODEV; |
3203 |
+- } |
3204 |
+ |
3205 |
+ lg2ff = kmalloc(sizeof(struct lg2ff_device), GFP_KERNEL); |
3206 |
+ if (!lg2ff) |
3207 |
+diff --git a/drivers/hid/hid-lg3ff.c b/drivers/hid/hid-lg3ff.c |
3208 |
+index e52f181..53ac79b 100644 |
3209 |
+--- a/drivers/hid/hid-lg3ff.c |
3210 |
++++ b/drivers/hid/hid-lg3ff.c |
3211 |
+@@ -66,10 +66,11 @@ static int hid_lg3ff_play(struct input_dev *dev, void *data, |
3212 |
+ int x, y; |
3213 |
+ |
3214 |
+ /* |
3215 |
+- * Maxusage should always be 63 (maximum fields) |
3216 |
+- * likely a better way to ensure this data is clean |
3217 |
++ * Available values in the field should always be 63, but we only use up to |
3218 |
++ * 35. Instead, clear the entire area, however big it is. |
3219 |
+ */ |
3220 |
+- memset(report->field[0]->value, 0, sizeof(__s32)*report->field[0]->maxusage); |
3221 |
++ memset(report->field[0]->value, 0, |
3222 |
++ sizeof(__s32) * report->field[0]->report_count); |
3223 |
+ |
3224 |
+ switch (effect->type) { |
3225 |
+ case FF_CONSTANT: |
3226 |
+@@ -129,32 +130,14 @@ static const signed short ff3_joystick_ac[] = { |
3227 |
+ int lg3ff_init(struct hid_device *hid) |
3228 |
+ { |
3229 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
3230 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
3231 |
+ struct input_dev *dev = hidinput->input; |
3232 |
+- struct hid_report *report; |
3233 |
+- struct hid_field *field; |
3234 |
+ const signed short *ff_bits = ff3_joystick_ac; |
3235 |
+ int error; |
3236 |
+ int i; |
3237 |
+ |
3238 |
+- /* Find the report to use */ |
3239 |
+- if (list_empty(report_list)) { |
3240 |
+- hid_err(hid, "No output report found\n"); |
3241 |
+- return -1; |
3242 |
+- } |
3243 |
+- |
3244 |
+ /* Check that the report looks ok */ |
3245 |
+- report = list_entry(report_list->next, struct hid_report, list); |
3246 |
+- if (!report) { |
3247 |
+- hid_err(hid, "NULL output report\n"); |
3248 |
+- return -1; |
3249 |
+- } |
3250 |
+- |
3251 |
+- field = report->field[0]; |
3252 |
+- if (!field) { |
3253 |
+- hid_err(hid, "NULL field\n"); |
3254 |
+- return -1; |
3255 |
+- } |
3256 |
++ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 35)) |
3257 |
++ return -ENODEV; |
3258 |
+ |
3259 |
+ /* Assume single fixed device G940 */ |
3260 |
+ for (i = 0; ff_bits[i] >= 0; i++) |
3261 |
+diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c |
3262 |
+index 0ddae2a..8b89f0f 100644 |
3263 |
+--- a/drivers/hid/hid-lg4ff.c |
3264 |
++++ b/drivers/hid/hid-lg4ff.c |
3265 |
+@@ -484,34 +484,16 @@ static enum led_brightness lg4ff_led_get_brightness(struct led_classdev *led_cde |
3266 |
+ int lg4ff_init(struct hid_device *hid) |
3267 |
+ { |
3268 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
3269 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
3270 |
+ struct input_dev *dev = hidinput->input; |
3271 |
+- struct hid_report *report; |
3272 |
+- struct hid_field *field; |
3273 |
+ struct lg4ff_device_entry *entry; |
3274 |
+ struct lg_drv_data *drv_data; |
3275 |
+ struct usb_device_descriptor *udesc; |
3276 |
+ int error, i, j; |
3277 |
+ __u16 bcdDevice, rev_maj, rev_min; |
3278 |
+ |
3279 |
+- /* Find the report to use */ |
3280 |
+- if (list_empty(report_list)) { |
3281 |
+- hid_err(hid, "No output report found\n"); |
3282 |
+- return -1; |
3283 |
+- } |
3284 |
+- |
3285 |
+ /* Check that the report looks ok */ |
3286 |
+- report = list_entry(report_list->next, struct hid_report, list); |
3287 |
+- if (!report) { |
3288 |
+- hid_err(hid, "NULL output report\n"); |
3289 |
++ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7)) |
3290 |
+ return -1; |
3291 |
+- } |
3292 |
+- |
3293 |
+- field = report->field[0]; |
3294 |
+- if (!field) { |
3295 |
+- hid_err(hid, "NULL field\n"); |
3296 |
+- return -1; |
3297 |
+- } |
3298 |
+ |
3299 |
+ /* Check what wheel has been connected */ |
3300 |
+ for (i = 0; i < ARRAY_SIZE(lg4ff_devices); i++) { |
3301 |
+diff --git a/drivers/hid/hid-lgff.c b/drivers/hid/hid-lgff.c |
3302 |
+index d7ea8c8..a84fb40 100644 |
3303 |
+--- a/drivers/hid/hid-lgff.c |
3304 |
++++ b/drivers/hid/hid-lgff.c |
3305 |
+@@ -128,27 +128,14 @@ static void hid_lgff_set_autocenter(struct input_dev *dev, u16 magnitude) |
3306 |
+ int lgff_init(struct hid_device* hid) |
3307 |
+ { |
3308 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
3309 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
3310 |
+ struct input_dev *dev = hidinput->input; |
3311 |
+- struct hid_report *report; |
3312 |
+- struct hid_field *field; |
3313 |
+ const signed short *ff_bits = ff_joystick; |
3314 |
+ int error; |
3315 |
+ int i; |
3316 |
+ |
3317 |
+- /* Find the report to use */ |
3318 |
+- if (list_empty(report_list)) { |
3319 |
+- hid_err(hid, "No output report found\n"); |
3320 |
+- return -1; |
3321 |
+- } |
3322 |
+- |
3323 |
+ /* Check that the report looks ok */ |
3324 |
+- report = list_entry(report_list->next, struct hid_report, list); |
3325 |
+- field = report->field[0]; |
3326 |
+- if (!field) { |
3327 |
+- hid_err(hid, "NULL field\n"); |
3328 |
+- return -1; |
3329 |
+- } |
3330 |
++ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7)) |
3331 |
++ return -ENODEV; |
3332 |
+ |
3333 |
+ for (i = 0; i < ARRAY_SIZE(devices); i++) { |
3334 |
+ if (dev->id.vendor == devices[i].idVendor && |
3335 |
+diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c |
3336 |
+index 5207591a..6c9197f 100644 |
3337 |
+--- a/drivers/hid/hid-logitech-dj.c |
3338 |
++++ b/drivers/hid/hid-logitech-dj.c |
3339 |
+@@ -421,7 +421,7 @@ static int logi_dj_recv_send_report(struct dj_receiver_dev *djrcv_dev, |
3340 |
+ struct hid_report *report; |
3341 |
+ struct hid_report_enum *output_report_enum; |
3342 |
+ u8 *data = (u8 *)(&dj_report->device_index); |
3343 |
+- int i; |
3344 |
++ unsigned int i, length; |
3345 |
+ |
3346 |
+ output_report_enum = &hdev->report_enum[HID_OUTPUT_REPORT]; |
3347 |
+ report = output_report_enum->report_id_hash[REPORT_ID_DJ_SHORT]; |
3348 |
+@@ -431,7 +431,9 @@ static int logi_dj_recv_send_report(struct dj_receiver_dev *djrcv_dev, |
3349 |
+ return -ENODEV; |
3350 |
+ } |
3351 |
+ |
3352 |
+- for (i = 0; i < report->field[0]->report_count; i++) |
3353 |
++ length = min_t(size_t, sizeof(*dj_report) - 1, |
3354 |
++ report->field[0]->report_count); |
3355 |
++ for (i = 0; i < length; i++) |
3356 |
+ report->field[0]->value[i] = data[i]; |
3357 |
+ |
3358 |
+ hid_hw_request(hdev, report, HID_REQ_SET_REPORT); |
3359 |
+@@ -738,6 +740,12 @@ static int logi_dj_probe(struct hid_device *hdev, |
3360 |
+ goto hid_parse_fail; |
3361 |
+ } |
3362 |
+ |
3363 |
++ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, REPORT_ID_DJ_SHORT, |
3364 |
++ 1, 3)) { |
3365 |
++ retval = -ENODEV; |
3366 |
++ goto hid_parse_fail; |
3367 |
++ } |
3368 |
++ |
3369 |
+ /* Starts the usb device and connects to upper interfaces hiddev and |
3370 |
+ * hidraw */ |
3371 |
+ retval = hid_hw_start(hdev, HID_CONNECT_DEFAULT); |
3372 |
+diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c |
3373 |
+index d39a5ce..4892dfc 100644 |
3374 |
+--- a/drivers/hid/hid-multitouch.c |
3375 |
++++ b/drivers/hid/hid-multitouch.c |
3376 |
+@@ -330,9 +330,18 @@ static void mt_feature_mapping(struct hid_device *hdev, |
3377 |
+ break; |
3378 |
+ } |
3379 |
+ } |
3380 |
++ /* Ignore if value index is out of bounds. */ |
3381 |
++ if (td->inputmode_index < 0 || |
3382 |
++ td->inputmode_index >= field->report_count) { |
3383 |
++ dev_err(&hdev->dev, "HID_DG_INPUTMODE out of range\n"); |
3384 |
++ td->inputmode = -1; |
3385 |
++ } |
3386 |
+ |
3387 |
+ break; |
3388 |
+ case HID_DG_CONTACTMAX: |
3389 |
++ /* Ignore if value count is out of bounds. */ |
3390 |
++ if (field->report_count < 1) |
3391 |
++ break; |
3392 |
+ td->maxcontact_report_id = field->report->id; |
3393 |
+ td->maxcontacts = field->value[0]; |
3394 |
+ if (!td->maxcontacts && |
3395 |
+@@ -743,15 +752,21 @@ static void mt_touch_report(struct hid_device *hid, struct hid_report *report) |
3396 |
+ unsigned count; |
3397 |
+ int r, n; |
3398 |
+ |
3399 |
++ if (report->maxfield == 0) |
3400 |
++ return; |
3401 |
++ |
3402 |
+ /* |
3403 |
+ * Includes multi-packet support where subsequent |
3404 |
+ * packets are sent with zero contactcount. |
3405 |
+ */ |
3406 |
+- if (td->cc_index >= 0) { |
3407 |
+- struct hid_field *field = report->field[td->cc_index]; |
3408 |
+- int value = field->value[td->cc_value_index]; |
3409 |
+- if (value) |
3410 |
+- td->num_expected = value; |
3411 |
++ if (td->cc_index >= 0 && td->cc_index < report->maxfield) { |
3412 |
++ field = report->field[td->cc_index]; |
3413 |
++ if (td->cc_value_index >= 0 && |
3414 |
++ td->cc_value_index < field->report_count) { |
3415 |
++ int value = field->value[td->cc_value_index]; |
3416 |
++ if (value) |
3417 |
++ td->num_expected = value; |
3418 |
++ } |
3419 |
+ } |
3420 |
+ |
3421 |
+ for (r = 0; r < report->maxfield; r++) { |
3422 |
+diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c |
3423 |
+index ef95102..5482156 100644 |
3424 |
+--- a/drivers/hid/hid-ntrig.c |
3425 |
++++ b/drivers/hid/hid-ntrig.c |
3426 |
+@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev) |
3427 |
+ struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT]. |
3428 |
+ report_id_hash[0x0d]; |
3429 |
+ |
3430 |
+- if (!report) |
3431 |
++ if (!report || report->maxfield < 1 || |
3432 |
++ report->field[0]->report_count < 1) |
3433 |
+ return -EINVAL; |
3434 |
+ |
3435 |
+ hid_hw_request(hdev, report, HID_REQ_GET_REPORT); |
3436 |
+diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c |
3437 |
+index b48092d..72bba1e 100644 |
3438 |
+--- a/drivers/hid/hid-picolcd_core.c |
3439 |
++++ b/drivers/hid/hid-picolcd_core.c |
3440 |
+@@ -290,7 +290,7 @@ static ssize_t picolcd_operation_mode_store(struct device *dev, |
3441 |
+ buf += 10; |
3442 |
+ cnt -= 10; |
3443 |
+ } |
3444 |
+- if (!report) |
3445 |
++ if (!report || report->maxfield < 1) |
3446 |
+ return -EINVAL; |
3447 |
+ |
3448 |
+ while (cnt > 0 && (buf[cnt-1] == '\n' || buf[cnt-1] == '\r')) |
3449 |
+diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c |
3450 |
+index d29112f..2dcd7d9 100644 |
3451 |
+--- a/drivers/hid/hid-pl.c |
3452 |
++++ b/drivers/hid/hid-pl.c |
3453 |
+@@ -132,8 +132,14 @@ static int plff_init(struct hid_device *hid) |
3454 |
+ strong = &report->field[0]->value[2]; |
3455 |
+ weak = &report->field[0]->value[3]; |
3456 |
+ debug("detected single-field device"); |
3457 |
+- } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 && |
3458 |
+- report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) { |
3459 |
++ } else if (report->field[0]->maxusage == 1 && |
3460 |
++ report->field[0]->usage[0].hid == |
3461 |
++ (HID_UP_LED | 0x43) && |
3462 |
++ report->maxfield >= 4 && |
3463 |
++ report->field[0]->report_count >= 1 && |
3464 |
++ report->field[1]->report_count >= 1 && |
3465 |
++ report->field[2]->report_count >= 1 && |
3466 |
++ report->field[3]->report_count >= 1) { |
3467 |
+ report->field[0]->value[0] = 0x00; |
3468 |
+ report->field[1]->value[0] = 0x00; |
3469 |
+ strong = &report->field[2]->value[0]; |
3470 |
+diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c |
3471 |
+index ca749810..aa34755 100644 |
3472 |
+--- a/drivers/hid/hid-sensor-hub.c |
3473 |
++++ b/drivers/hid/hid-sensor-hub.c |
3474 |
+@@ -221,7 +221,8 @@ int sensor_hub_get_feature(struct hid_sensor_hub_device *hsdev, u32 report_id, |
3475 |
+ |
3476 |
+ mutex_lock(&data->mutex); |
3477 |
+ report = sensor_hub_report(report_id, hsdev->hdev, HID_FEATURE_REPORT); |
3478 |
+- if (!report || (field_index >= report->maxfield)) { |
3479 |
++ if (!report || (field_index >= report->maxfield) || |
3480 |
++ report->field[field_index]->report_count < 1) { |
3481 |
+ ret = -EINVAL; |
3482 |
+ goto done_proc; |
3483 |
+ } |
3484 |
+diff --git a/drivers/hid/hid-steelseries.c b/drivers/hid/hid-steelseries.c |
3485 |
+index d164911..ef42e86 100644 |
3486 |
+--- a/drivers/hid/hid-steelseries.c |
3487 |
++++ b/drivers/hid/hid-steelseries.c |
3488 |
+@@ -249,6 +249,11 @@ static int steelseries_srws1_probe(struct hid_device *hdev, |
3489 |
+ goto err_free; |
3490 |
+ } |
3491 |
+ |
3492 |
++ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, 0, 1, 16)) { |
3493 |
++ ret = -ENODEV; |
3494 |
++ goto err_free; |
3495 |
++ } |
3496 |
++ |
3497 |
+ ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT); |
3498 |
+ if (ret) { |
3499 |
+ hid_err(hdev, "hw start failed\n"); |
3500 |
diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c |
3501 |
index 90124ff..3761764 100644 |
3502 |
--- a/drivers/hid/hid-wiimote-debug.c |
3503 |
@@ -38569,6 +39904,66 @@ index 90124ff..3761764 100644 |
3504 |
return -EFAULT; |
3505 |
|
3506 |
*off += size; |
3507 |
+diff --git a/drivers/hid/hid-zpff.c b/drivers/hid/hid-zpff.c |
3508 |
+index 6ec28a3..b124991 100644 |
3509 |
+--- a/drivers/hid/hid-zpff.c |
3510 |
++++ b/drivers/hid/hid-zpff.c |
3511 |
+@@ -68,22 +68,12 @@ static int zpff_init(struct hid_device *hid) |
3512 |
+ struct hid_report *report; |
3513 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, |
3514 |
+ struct hid_input, list); |
3515 |
+- struct list_head *report_list = |
3516 |
+- &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
3517 |
+ struct input_dev *dev = hidinput->input; |
3518 |
+ int error; |
3519 |
+ |
3520 |
+- if (list_empty(report_list)) { |
3521 |
+- hid_err(hid, "no output report found\n"); |
3522 |
++ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 4, 1); |
3523 |
++ if (!report) |
3524 |
+ return -ENODEV; |
3525 |
+- } |
3526 |
+- |
3527 |
+- report = list_entry(report_list->next, struct hid_report, list); |
3528 |
+- |
3529 |
+- if (report->maxfield < 4) { |
3530 |
+- hid_err(hid, "not enough fields in report\n"); |
3531 |
+- return -ENODEV; |
3532 |
+- } |
3533 |
+ |
3534 |
+ zpff = kzalloc(sizeof(struct zpff_device), GFP_KERNEL); |
3535 |
+ if (!zpff) |
3536 |
+diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c |
3537 |
+index fc307e0..2b255e8 100644 |
3538 |
+--- a/drivers/hid/uhid.c |
3539 |
++++ b/drivers/hid/uhid.c |
3540 |
+@@ -47,7 +47,7 @@ struct uhid_device { |
3541 |
+ struct mutex report_lock; |
3542 |
+ wait_queue_head_t report_wait; |
3543 |
+ atomic_t report_done; |
3544 |
+- atomic_t report_id; |
3545 |
++ atomic_unchecked_t report_id; |
3546 |
+ struct uhid_event report_buf; |
3547 |
+ }; |
3548 |
+ |
3549 |
+@@ -187,7 +187,7 @@ static int uhid_hid_get_raw(struct hid_device *hid, unsigned char rnum, |
3550 |
+ |
3551 |
+ spin_lock_irqsave(&uhid->qlock, flags); |
3552 |
+ ev->type = UHID_FEATURE; |
3553 |
+- ev->u.feature.id = atomic_inc_return(&uhid->report_id); |
3554 |
++ ev->u.feature.id = atomic_inc_return_unchecked(&uhid->report_id); |
3555 |
+ ev->u.feature.rnum = rnum; |
3556 |
+ ev->u.feature.rtype = report_type; |
3557 |
+ |
3558 |
+@@ -471,7 +471,7 @@ static int uhid_dev_feature_answer(struct uhid_device *uhid, |
3559 |
+ spin_lock_irqsave(&uhid->qlock, flags); |
3560 |
+ |
3561 |
+ /* id for old report; drop it silently */ |
3562 |
+- if (atomic_read(&uhid->report_id) != ev->u.feature_answer.id) |
3563 |
++ if (atomic_read_unchecked(&uhid->report_id) != ev->u.feature_answer.id) |
3564 |
+ goto unlock; |
3565 |
+ if (atomic_read(&uhid->report_done)) |
3566 |
+ goto unlock; |
3567 |
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c |
3568 |
index 0b122f8..b1d8160 100644 |
3569 |
--- a/drivers/hv/channel.c |
3570 |
@@ -39908,6 +41303,19 @@ index 600c79b..3752bab 100644 |
3571 |
tty_port_tty_set(&cs->port, NULL); |
3572 |
|
3573 |
mutex_unlock(&cs->mutex); |
3574 |
+diff --git a/drivers/isdn/gigaset/usb-gigaset.c b/drivers/isdn/gigaset/usb-gigaset.c |
3575 |
+index d0a41cb..f0cdb8c 100644 |
3576 |
+--- a/drivers/isdn/gigaset/usb-gigaset.c |
3577 |
++++ b/drivers/isdn/gigaset/usb-gigaset.c |
3578 |
+@@ -547,7 +547,7 @@ static int gigaset_brkchars(struct cardstate *cs, const unsigned char buf[6]) |
3579 |
+ gigaset_dbg_buffer(DEBUG_USBREQ, "brkchars", 6, buf); |
3580 |
+ memcpy(cs->hw.usb->bchars, buf, 6); |
3581 |
+ return usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0x19, 0x41, |
3582 |
+- 0, 0, &buf, 6, 2000); |
3583 |
++ 0, 0, buf, 6, 2000); |
3584 |
+ } |
3585 |
+ |
3586 |
+ static void gigaset_freebcshw(struct bc_state *bcs) |
3587 |
diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c |
3588 |
index 4d9b195..455075c 100644 |
3589 |
--- a/drivers/isdn/hardware/avm/b1.c |
3590 |
@@ -39930,6 +41338,19 @@ index 4d9b195..455075c 100644 |
3591 |
return -EFAULT; |
3592 |
} else { |
3593 |
memcpy(buf, dp, left); |
3594 |
+diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c |
3595 |
+index 9bb12ba..d4262f7 100644 |
3596 |
+--- a/drivers/isdn/i4l/isdn_common.c |
3597 |
++++ b/drivers/isdn/i4l/isdn_common.c |
3598 |
+@@ -1651,6 +1651,8 @@ isdn_ioctl(struct file *file, uint cmd, ulong arg) |
3599 |
+ } else |
3600 |
+ return -EINVAL; |
3601 |
+ case IIOCDBGVAR: |
3602 |
++ if (!capable(CAP_SYS_RAWIO)) |
3603 |
++ return -EPERM; |
3604 |
+ if (arg) { |
3605 |
+ if (copy_to_user(argp, &dev, sizeof(ulong))) |
3606 |
+ return -EFAULT; |
3607 |
diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c |
3608 |
index 3c5f249..5fac4d0 100644 |
3609 |
--- a/drivers/isdn/i4l/isdn_tty.c |
3610 |
@@ -42807,6 +44228,22 @@ index ae30343..a117806 100644 |
3611 |
|
3612 |
struct ath_nf_limits { |
3613 |
s16 max; |
3614 |
+diff --git a/drivers/net/wireless/hostap/hostap_ioctl.c b/drivers/net/wireless/hostap/hostap_ioctl.c |
3615 |
+index ac07473..e509030 100644 |
3616 |
+--- a/drivers/net/wireless/hostap/hostap_ioctl.c |
3617 |
++++ b/drivers/net/wireless/hostap/hostap_ioctl.c |
3618 |
+@@ -523,9 +523,9 @@ static int prism2_ioctl_giwaplist(struct net_device *dev, |
3619 |
+ |
3620 |
+ data->length = prism2_ap_get_sta_qual(local, addr, qual, IW_MAX_AP, 1); |
3621 |
+ |
3622 |
+- memcpy(extra, &addr, sizeof(struct sockaddr) * data->length); |
3623 |
++ memcpy(extra, addr, sizeof(struct sockaddr) * data->length); |
3624 |
+ data->flags = 1; /* has quality information */ |
3625 |
+- memcpy(extra + sizeof(struct sockaddr) * data->length, &qual, |
3626 |
++ memcpy(extra + sizeof(struct sockaddr) * data->length, qual, |
3627 |
+ sizeof(struct iw_quality) * data->length); |
3628 |
+ |
3629 |
+ kfree(addr); |
3630 |
diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c |
3631 |
index b37a582..680835d 100644 |
3632 |
--- a/drivers/net/wireless/iwlegacy/3945-mac.c |
3633 |
@@ -46639,6 +48076,29 @@ index d53547d..6a22d02 100644 |
3634 |
if (atomic_read(&urb->reject)) |
3635 |
wake_up(&usb_kill_urb_queue); |
3636 |
usb_put_urb(urb); |
3637 |
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c |
3638 |
+index da2905a..834a569 100644 |
3639 |
+--- a/drivers/usb/core/hub.c |
3640 |
++++ b/drivers/usb/core/hub.c |
3641 |
+@@ -27,6 +27,7 @@ |
3642 |
+ #include <linux/freezer.h> |
3643 |
+ #include <linux/random.h> |
3644 |
+ #include <linux/pm_qos.h> |
3645 |
++#include <linux/grsecurity.h> |
3646 |
+ |
3647 |
+ #include <asm/uaccess.h> |
3648 |
+ #include <asm/byteorder.h> |
3649 |
+@@ -4424,6 +4425,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, |
3650 |
+ goto done; |
3651 |
+ return; |
3652 |
+ } |
3653 |
++ |
3654 |
++ if (gr_handle_new_usb()) |
3655 |
++ goto done; |
3656 |
++ |
3657 |
+ if (hub_is_superspeed(hub->hdev)) |
3658 |
+ unit_load = 150; |
3659 |
+ else |
3660 |
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c |
3661 |
index 444d30e..f15c850 100644 |
3662 |
--- a/drivers/usb/core/message.c |
3663 |
@@ -46678,6 +48138,19 @@ index b10da72..43aa0b2 100644 |
3664 |
|
3665 |
INIT_LIST_HEAD(&dev->ep0.urb_list); |
3666 |
dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; |
3667 |
+diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c |
3668 |
+index f77083f..f3e2e34 100644 |
3669 |
+--- a/drivers/usb/dwc3/gadget.c |
3670 |
++++ b/drivers/usb/dwc3/gadget.c |
3671 |
+@@ -550,8 +550,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, |
3672 |
+ if (!usb_endpoint_xfer_isoc(desc)) |
3673 |
+ return 0; |
3674 |
+ |
3675 |
+- memset(&trb_link, 0, sizeof(trb_link)); |
3676 |
+- |
3677 |
+ /* Link TRB for ISOC. The HWO bit is never reset */ |
3678 |
+ trb_st_hw = &dep->trb_pool[0]; |
3679 |
+ |
3680 |
diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c |
3681 |
index 5e29dde..eca992f 100644 |
3682 |
--- a/drivers/usb/early/ehci-dbgp.c |
3683 |
@@ -50272,6 +51745,19 @@ index 88714ae..16c2e11 100644 |
3684 |
|
3685 |
|
3686 |
static inline u32 get_pll_internal_frequency(u32 ref_freq, |
3687 |
+diff --git a/drivers/xen/events.c b/drivers/xen/events.c |
3688 |
+index 6a6bbe4..c733886 100644 |
3689 |
+--- a/drivers/xen/events.c |
3690 |
++++ b/drivers/xen/events.c |
3691 |
+@@ -346,7 +346,7 @@ static void init_evtchn_cpu_bindings(void) |
3692 |
+ |
3693 |
+ for_each_possible_cpu(i) |
3694 |
+ memset(per_cpu(cpu_evtchn_mask, i), |
3695 |
+- (i == 0) ? ~0 : 0, sizeof(*per_cpu(cpu_evtchn_mask, i))); |
3696 |
++ (i == 0) ? ~0 : 0, NR_EVENT_CHANNELS/8); |
3697 |
+ } |
3698 |
+ |
3699 |
+ static inline void clear_evtchn(int port) |
3700 |
diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c |
3701 |
index fef20db..d28b1ab 100644 |
3702 |
--- a/drivers/xen/xenfs/xenstored.c |
3703 |
@@ -51538,10 +53024,38 @@ index d50bbe5..af3b649 100644 |
3704 |
goto err; |
3705 |
} |
3706 |
diff --git a/fs/bio.c b/fs/bio.c |
3707 |
-index 94bbc04..6fe78a4 100644 |
3708 |
+index 94bbc04..599e3cf 100644 |
3709 |
--- a/fs/bio.c |
3710 |
+++ b/fs/bio.c |
3711 |
-@@ -1096,7 +1096,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, |
3712 |
+@@ -1045,12 +1045,22 @@ static int __bio_copy_iov(struct bio *bio, struct bio_vec *iovecs, |
3713 |
+ int bio_uncopy_user(struct bio *bio) |
3714 |
+ { |
3715 |
+ struct bio_map_data *bmd = bio->bi_private; |
3716 |
+- int ret = 0; |
3717 |
++ struct bio_vec *bvec; |
3718 |
++ int ret = 0, i; |
3719 |
+ |
3720 |
+- if (!bio_flagged(bio, BIO_NULL_MAPPED)) |
3721 |
+- ret = __bio_copy_iov(bio, bmd->iovecs, bmd->sgvecs, |
3722 |
+- bmd->nr_sgvecs, bio_data_dir(bio) == READ, |
3723 |
+- 0, bmd->is_our_pages); |
3724 |
++ if (!bio_flagged(bio, BIO_NULL_MAPPED)) { |
3725 |
++ /* |
3726 |
++ * if we're in a workqueue, the request is orphaned, so |
3727 |
++ * don't copy into a random user address space, just free. |
3728 |
++ */ |
3729 |
++ if (current->mm) |
3730 |
++ ret = __bio_copy_iov(bio, bmd->iovecs, bmd->sgvecs, |
3731 |
++ bmd->nr_sgvecs, bio_data_dir(bio) == READ, |
3732 |
++ 0, bmd->is_our_pages); |
3733 |
++ else if (bmd->is_our_pages) |
3734 |
++ bio_for_each_segment_all(bvec, bio, i) |
3735 |
++ __free_page(bvec->bv_page); |
3736 |
++ } |
3737 |
+ bio_free_map_data(bmd); |
3738 |
+ bio_put(bio); |
3739 |
+ return ret; |
3740 |
+@@ -1096,7 +1106,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, |
3741 |
/* |
3742 |
* Overflow, abort |
3743 |
*/ |
3744 |
@@ -51550,7 +53064,7 @@ index 94bbc04..6fe78a4 100644 |
3745 |
return ERR_PTR(-EINVAL); |
3746 |
|
3747 |
nr_pages += end - start; |
3748 |
-@@ -1230,7 +1230,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, |
3749 |
+@@ -1230,7 +1240,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, |
3750 |
/* |
3751 |
* Overflow, abort |
3752 |
*/ |
3753 |
@@ -51559,7 +53073,7 @@ index 94bbc04..6fe78a4 100644 |
3754 |
return ERR_PTR(-EINVAL); |
3755 |
|
3756 |
nr_pages += end - start; |
3757 |
-@@ -1492,7 +1492,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) |
3758 |
+@@ -1492,7 +1502,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) |
3759 |
const int read = bio_data_dir(bio) == READ; |
3760 |
struct bio_map_data *bmd = bio->bi_private; |
3761 |
int i; |
3762 |
@@ -56560,9 +58074,18 @@ index aa411c3..c260a84 100644 |
3763 |
"inode 0x%lx or driver bug.", vdir->i_ino); |
3764 |
goto err_out; |
3765 |
diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c |
3766 |
-index c5670b8..01a3656 100644 |
3767 |
+index c5670b8..2b43d9b 100644 |
3768 |
--- a/fs/ntfs/file.c |
3769 |
+++ b/fs/ntfs/file.c |
3770 |
+@@ -1282,7 +1282,7 @@ static inline size_t ntfs_copy_from_user(struct page **pages, |
3771 |
+ char *addr; |
3772 |
+ size_t total = 0; |
3773 |
+ unsigned len; |
3774 |
+- int left; |
3775 |
++ unsigned left; |
3776 |
+ |
3777 |
+ do { |
3778 |
+ len = PAGE_CACHE_SIZE - ofs; |
3779 |
@@ -2241,6 +2241,6 @@ const struct inode_operations ntfs_file_inode_ops = { |
3780 |
#endif /* NTFS_RW */ |
3781 |
}; |
3782 |
@@ -59456,10 +60979,10 @@ index ca9ecaa..60100c7 100644 |
3783 |
kfree(s); |
3784 |
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
3785 |
new file mode 100644 |
3786 |
-index 0000000..712a85d |
3787 |
+index 0000000..76e84b9 |
3788 |
--- /dev/null |
3789 |
+++ b/grsecurity/Kconfig |
3790 |
-@@ -0,0 +1,1043 @@ |
3791 |
+@@ -0,0 +1,1063 @@ |
3792 |
+# |
3793 |
+# grecurity configuration |
3794 |
+# |
3795 |
@@ -60431,6 +61954,26 @@ index 0000000..712a85d |
3796 |
+ option with name "socket_server_gid" is created. |
3797 |
+ |
3798 |
+endmenu |
3799 |
++ |
3800 |
++menu "Physical Protections" |
3801 |
++depends on GRKERNSEC |
3802 |
++ |
3803 |
++config GRKERNSEC_DENYUSB |
3804 |
++ bool "Deny new USB connections after toggle" |
3805 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3806 |
++ help |
3807 |
++ If you say Y here, a new sysctl option with name "deny_new_usb" |
3808 |
++ will be created. Setting its value to 1 will prevent any new |
3809 |
++ USB devices from being recognized by the OS. Any attempted USB |
3810 |
++ device insertion will be logged. This option is intended to be |
3811 |
++ used against custom USB devices designed to exploit vulnerabilities |
3812 |
++ in various USB device drivers. |
3813 |
++ |
3814 |
++ For greatest effectiveness, this sysctl should be set after any |
3815 |
++ relevant init scripts. Once set, it cannot be unset. |
3816 |
++ |
3817 |
++endmenu |
3818 |
++ |
3819 |
+menu "Sysctl Support" |
3820 |
+depends on GRKERNSEC && SYSCTL |
3821 |
+ |
3822 |
@@ -60505,10 +62048,10 @@ index 0000000..712a85d |
3823 |
+endmenu |
3824 |
diff --git a/grsecurity/Makefile b/grsecurity/Makefile |
3825 |
new file mode 100644 |
3826 |
-index 0000000..36845aa |
3827 |
+index 0000000..b0b77d5 |
3828 |
--- /dev/null |
3829 |
+++ b/grsecurity/Makefile |
3830 |
-@@ -0,0 +1,42 @@ |
3831 |
+@@ -0,0 +1,43 @@ |
3832 |
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton |
3833 |
+# during 2001-2009 it has been completely redesigned by Brad Spengler |
3834 |
+# into an RBAC system |
3835 |
@@ -60521,7 +62064,8 @@ index 0000000..36845aa |
3836 |
+ |
3837 |
+obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \ |
3838 |
+ grsec_mount.o grsec_sig.o grsec_sysctl.o \ |
3839 |
-+ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o |
3840 |
++ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o \ |
3841 |
++ grsec_usb.o |
3842 |
+ |
3843 |
+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \ |
3844 |
+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ |
3845 |
@@ -67806,10 +69350,10 @@ index 0000000..8ca18bf |
3846 |
+} |
3847 |
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c |
3848 |
new file mode 100644 |
3849 |
-index 0000000..ab2d875 |
3850 |
+index 0000000..836f38f |
3851 |
--- /dev/null |
3852 |
+++ b/grsecurity/grsec_init.c |
3853 |
-@@ -0,0 +1,279 @@ |
3854 |
+@@ -0,0 +1,280 @@ |
3855 |
+#include <linux/kernel.h> |
3856 |
+#include <linux/sched.h> |
3857 |
+#include <linux/mm.h> |
3858 |
@@ -67838,6 +69382,7 @@ index 0000000..ab2d875 |
3859 |
+int grsec_enable_chdir; |
3860 |
+int grsec_enable_mount; |
3861 |
+int grsec_enable_rofs; |
3862 |
++int grsec_deny_new_usb; |
3863 |
+int grsec_enable_chroot_findtask; |
3864 |
+int grsec_enable_chroot_mount; |
3865 |
+int grsec_enable_chroot_shmat; |
3866 |
@@ -69205,10 +70750,10 @@ index 0000000..4030d57 |
3867 |
+} |
3868 |
diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c |
3869 |
new file mode 100644 |
3870 |
-index 0000000..7624d1c |
3871 |
+index 0000000..301c665 |
3872 |
--- /dev/null |
3873 |
+++ b/grsecurity/grsec_sysctl.c |
3874 |
-@@ -0,0 +1,460 @@ |
3875 |
+@@ -0,0 +1,471 @@ |
3876 |
+#include <linux/kernel.h> |
3877 |
+#include <linux/sched.h> |
3878 |
+#include <linux/sysctl.h> |
3879 |
@@ -69666,6 +71211,17 @@ index 0000000..7624d1c |
3880 |
+ .extra2 = &one, |
3881 |
+ }, |
3882 |
+#endif |
3883 |
++#ifdef CONFIG_GRKERNSEC_DENYUSB |
3884 |
++ { |
3885 |
++ .procname = "deny_new_usb", |
3886 |
++ .data = &grsec_deny_new_usb, |
3887 |
++ .maxlen = sizeof(int), |
3888 |
++ .mode = 0600, |
3889 |
++ .proc_handler = &proc_dointvec_minmax, |
3890 |
++ .extra1 = &one, |
3891 |
++ .extra2 = &one, |
3892 |
++ }, |
3893 |
++#endif |
3894 |
+ { } |
3895 |
+}; |
3896 |
+#endif |
3897 |
@@ -69770,6 +71326,27 @@ index 0000000..ee57dcf |
3898 |
+#endif |
3899 |
+ return 1; |
3900 |
+} |
3901 |
+diff --git a/grsecurity/grsec_usb.c b/grsecurity/grsec_usb.c |
3902 |
+new file mode 100644 |
3903 |
+index 0000000..ae02d8e |
3904 |
+--- /dev/null |
3905 |
++++ b/grsecurity/grsec_usb.c |
3906 |
+@@ -0,0 +1,15 @@ |
3907 |
++#include <linux/kernel.h> |
3908 |
++#include <linux/grinternal.h> |
3909 |
++#include <linux/module.h> |
3910 |
++ |
3911 |
++int gr_handle_new_usb(void) |
3912 |
++{ |
3913 |
++#ifdef CONFIG_GRKERNSEC_DENYUSB |
3914 |
++ if (grsec_deny_new_usb) { |
3915 |
++ printk(KERN_ALERT "grsec: denied insert of new USB device\n"); |
3916 |
++ return 1; |
3917 |
++ } |
3918 |
++#endif |
3919 |
++ return 0; |
3920 |
++} |
3921 |
++EXPORT_SYMBOL_GPL(gr_handle_new_usb); |
3922 |
diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c |
3923 |
new file mode 100644 |
3924 |
index 0000000..9f7b1ac |
3925 |
@@ -72156,10 +73733,10 @@ index 0000000..be66033 |
3926 |
+#endif |
3927 |
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h |
3928 |
new file mode 100644 |
3929 |
-index 0000000..fd8598b |
3930 |
+index 0000000..e337683 |
3931 |
--- /dev/null |
3932 |
+++ b/include/linux/grinternal.h |
3933 |
-@@ -0,0 +1,228 @@ |
3934 |
+@@ -0,0 +1,229 @@ |
3935 |
+#ifndef __GRINTERNAL_H |
3936 |
+#define __GRINTERNAL_H |
3937 |
+ |
3938 |
@@ -72208,6 +73785,7 @@ index 0000000..fd8598b |
3939 |
+extern int grsec_enable_forkfail; |
3940 |
+extern int grsec_enable_time; |
3941 |
+extern int grsec_enable_rofs; |
3942 |
++extern int grsec_deny_new_usb; |
3943 |
+extern int grsec_enable_chroot_shmat; |
3944 |
+extern int grsec_enable_chroot_mount; |
3945 |
+extern int grsec_enable_chroot_double; |
3946 |
@@ -72509,10 +74087,10 @@ index 0000000..a4396b5 |
3947 |
+#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for " |
3948 |
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h |
3949 |
new file mode 100644 |
3950 |
-index 0000000..3676b0b |
3951 |
+index 0000000..d6f5a21 |
3952 |
--- /dev/null |
3953 |
+++ b/include/linux/grsecurity.h |
3954 |
-@@ -0,0 +1,242 @@ |
3955 |
+@@ -0,0 +1,244 @@ |
3956 |
+#ifndef GR_SECURITY_H |
3957 |
+#define GR_SECURITY_H |
3958 |
+#include <linux/fs.h> |
3959 |
@@ -72534,6 +74112,8 @@ index 0000000..3676b0b |
3960 |
+#error "CONFIG_PAX enabled, but no PaX options are enabled." |
3961 |
+#endif |
3962 |
+ |
3963 |
++int gr_handle_new_usb(void); |
3964 |
++ |
3965 |
+void gr_handle_brute_attach(unsigned long mm_flags); |
3966 |
+void gr_handle_brute_check(void); |
3967 |
+void gr_handle_kernel_exploit(void); |
3968 |
@@ -72780,6 +74360,35 @@ index 0000000..e7ffaaf |
3969 |
+ const int protocol); |
3970 |
+ |
3971 |
+#endif |
3972 |
+diff --git a/include/linux/hid.h b/include/linux/hid.h |
3973 |
+index 0c48991..76e41d8 100644 |
3974 |
+--- a/include/linux/hid.h |
3975 |
++++ b/include/linux/hid.h |
3976 |
+@@ -393,10 +393,12 @@ struct hid_report { |
3977 |
+ struct hid_device *device; /* associated device */ |
3978 |
+ }; |
3979 |
+ |
3980 |
++#define HID_MAX_IDS 256 |
3981 |
++ |
3982 |
+ struct hid_report_enum { |
3983 |
+ unsigned numbered; |
3984 |
+ struct list_head report_list; |
3985 |
+- struct hid_report *report_id_hash[256]; |
3986 |
++ struct hid_report *report_id_hash[HID_MAX_IDS]; |
3987 |
+ }; |
3988 |
+ |
3989 |
+ #define HID_REPORT_TYPES 3 |
3990 |
+@@ -747,6 +749,10 @@ void hid_output_report(struct hid_report *report, __u8 *data); |
3991 |
+ struct hid_device *hid_allocate_device(void); |
3992 |
+ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id); |
3993 |
+ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size); |
3994 |
++struct hid_report *hid_validate_report(struct hid_device *hid, |
3995 |
++ unsigned int type, unsigned int id, |
3996 |
++ unsigned int fields, |
3997 |
++ unsigned int report_counts); |
3998 |
+ int hid_open_report(struct hid_device *device); |
3999 |
+ int hid_check_keys_pressed(struct hid_device *hid); |
4000 |
+ int hid_connect(struct hid_device *hid, unsigned int connect_mask); |
4001 |
diff --git a/include/linux/highmem.h b/include/linux/highmem.h |
4002 |
index 7fb31da..08b5114 100644 |
4003 |
--- a/include/linux/highmem.h |
4004 |
@@ -78484,7 +80093,7 @@ index e76e495..cbfe63a 100644 |
4005 |
|
4006 |
/* |
4007 |
diff --git a/kernel/events/internal.h b/kernel/events/internal.h |
4008 |
-index ca65997..cc8cee4 100644 |
4009 |
+index ca65997..60df03d 100644 |
4010 |
--- a/kernel/events/internal.h |
4011 |
+++ b/kernel/events/internal.h |
4012 |
@@ -81,10 +81,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb) |
4013 |
@@ -78492,11 +80101,12 @@ index ca65997..cc8cee4 100644 |
4014 |
} |
4015 |
|
4016 |
-#define DEFINE_OUTPUT_COPY(func_name, memcpy_func) \ |
4017 |
+-static inline unsigned int \ |
4018 |
+#define DEFINE_OUTPUT_COPY(func_name, memcpy_func, user) \ |
4019 |
- static inline unsigned int \ |
4020 |
++static inline unsigned long \ |
4021 |
func_name(struct perf_output_handle *handle, \ |
4022 |
- const void *buf, unsigned int len) \ |
4023 |
-+ const void user *buf, unsigned int len) \ |
4024 |
++ const void user *buf, unsigned long len) \ |
4025 |
{ \ |
4026 |
unsigned long size, written; \ |
4027 |
\ |
4028 |
@@ -78521,6 +80131,19 @@ index ca65997..cc8cee4 100644 |
4029 |
|
4030 |
/* Callchain handling */ |
4031 |
extern struct perf_callchain_entry * |
4032 |
+diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c |
4033 |
+index f356974..cb8c570 100644 |
4034 |
+--- a/kernel/events/uprobes.c |
4035 |
++++ b/kernel/events/uprobes.c |
4036 |
+@@ -1556,7 +1556,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) |
4037 |
+ { |
4038 |
+ struct page *page; |
4039 |
+ uprobe_opcode_t opcode; |
4040 |
+- int result; |
4041 |
++ long result; |
4042 |
+ |
4043 |
+ pagefault_disable(); |
4044 |
+ result = __copy_from_user_inatomic(&opcode, (void __user*)vaddr, |
4045 |
diff --git a/kernel/exit.c b/kernel/exit.c |
4046 |
index 7bb73f9..d7978ed 100644 |
4047 |
--- a/kernel/exit.c |
4048 |
@@ -78906,7 +80529,7 @@ index ffbc090..08ceeee 100644 |
4049 |
else |
4050 |
new_fs = fs; |
4051 |
diff --git a/kernel/futex.c b/kernel/futex.c |
4052 |
-index 49dacfb..5c6b450 100644 |
4053 |
+index 49dacfb..2ac4526 100644 |
4054 |
--- a/kernel/futex.c |
4055 |
+++ b/kernel/futex.c |
4056 |
@@ -54,6 +54,7 @@ |
4057 |
@@ -78929,6 +80552,15 @@ index 49dacfb..5c6b450 100644 |
4058 |
/* |
4059 |
* The futex address must be "naturally" aligned. |
4060 |
*/ |
4061 |
+@@ -440,7 +446,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, |
4062 |
+ |
4063 |
+ static int get_futex_value_locked(u32 *dest, u32 __user *from) |
4064 |
+ { |
4065 |
+- int ret; |
4066 |
++ unsigned long ret; |
4067 |
+ |
4068 |
+ pagefault_disable(); |
4069 |
+ ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); |
4070 |
@@ -2733,6 +2739,7 @@ static int __init futex_init(void) |
4071 |
{ |
4072 |
u32 curval; |
4073 |
@@ -84210,7 +85842,7 @@ index 5025174..9d67dcd 100644 |
4074 |
bdi_destroy(bdi); |
4075 |
return err; |
4076 |
diff --git a/mm/filemap.c b/mm/filemap.c |
4077 |
-index 7905fe7..e60faa8 100644 |
4078 |
+index 7905fe7..f59502b 100644 |
4079 |
--- a/mm/filemap.c |
4080 |
+++ b/mm/filemap.c |
4081 |
@@ -1766,7 +1766,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) |
4082 |
@@ -84222,6 +85854,42 @@ index 7905fe7..e60faa8 100644 |
4083 |
file_accessed(file); |
4084 |
vma->vm_ops = &generic_file_vm_ops; |
4085 |
return 0; |
4086 |
+@@ -1948,7 +1948,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, |
4087 |
+ |
4088 |
+ while (bytes) { |
4089 |
+ char __user *buf = iov->iov_base + base; |
4090 |
+- int copy = min(bytes, iov->iov_len - base); |
4091 |
++ size_t copy = min(bytes, iov->iov_len - base); |
4092 |
+ |
4093 |
+ base = 0; |
4094 |
+ left = __copy_from_user_inatomic(vaddr, buf, copy); |
4095 |
+@@ -1977,7 +1977,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, |
4096 |
+ BUG_ON(!in_atomic()); |
4097 |
+ kaddr = kmap_atomic(page); |
4098 |
+ if (likely(i->nr_segs == 1)) { |
4099 |
+- int left; |
4100 |
++ size_t left; |
4101 |
+ char __user *buf = i->iov->iov_base + i->iov_offset; |
4102 |
+ left = __copy_from_user_inatomic(kaddr + offset, buf, bytes); |
4103 |
+ copied = bytes - left; |
4104 |
+@@ -2005,7 +2005,7 @@ size_t iov_iter_copy_from_user(struct page *page, |
4105 |
+ |
4106 |
+ kaddr = kmap(page); |
4107 |
+ if (likely(i->nr_segs == 1)) { |
4108 |
+- int left; |
4109 |
++ size_t left; |
4110 |
+ char __user *buf = i->iov->iov_base + i->iov_offset; |
4111 |
+ left = __copy_from_user(kaddr + offset, buf, bytes); |
4112 |
+ copied = bytes - left; |
4113 |
+@@ -2035,7 +2035,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) |
4114 |
+ * zero-length segments (without overruning the iovec). |
4115 |
+ */ |
4116 |
+ while (bytes || unlikely(i->count && !iov->iov_len)) { |
4117 |
+- int copy; |
4118 |
++ size_t copy; |
4119 |
+ |
4120 |
+ copy = min(bytes, iov->iov_len - base); |
4121 |
+ BUG_ON(!i->count || i->count < copy); |
4122 |
@@ -2106,6 +2106,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i |
4123 |
*pos = i_size_read(inode); |
4124 |
|
4125 |
@@ -90212,9 +91880,18 @@ index a08bd2b..c59bd7c 100644 |
4126 |
if (extfilt) |
4127 |
filter_mask = nla_get_u32(extfilt); |
4128 |
diff --git a/net/core/scm.c b/net/core/scm.c |
4129 |
-index 03795d0..eaf7368 100644 |
4130 |
+index 03795d0..98d6bdb 100644 |
4131 |
--- a/net/core/scm.c |
4132 |
+++ b/net/core/scm.c |
4133 |
+@@ -54,7 +54,7 @@ static __inline__ int scm_check_creds(struct ucred *creds) |
4134 |
+ return -EINVAL; |
4135 |
+ |
4136 |
+ if ((creds->pid == task_tgid_vnr(current) || |
4137 |
+- ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) && |
4138 |
++ ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && |
4139 |
+ ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || |
4140 |
+ uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && |
4141 |
+ ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || |
4142 |
@@ -210,7 +210,7 @@ EXPORT_SYMBOL(__scm_send); |
4143 |
int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) |
4144 |
{ |
4145 |
@@ -90526,6 +92203,19 @@ index a55eecc..dd8428c 100644 |
4146 |
return -EFAULT; |
4147 |
|
4148 |
*lenp = len; |
4149 |
+diff --git a/net/ieee802154/6lowpan.c b/net/ieee802154/6lowpan.c |
4150 |
+index 55e1fd5..fd602b8 100644 |
4151 |
+--- a/net/ieee802154/6lowpan.c |
4152 |
++++ b/net/ieee802154/6lowpan.c |
4153 |
+@@ -459,7 +459,7 @@ static int lowpan_header_create(struct sk_buff *skb, |
4154 |
+ hc06_ptr += 3; |
4155 |
+ } else { |
4156 |
+ /* compress nothing */ |
4157 |
+- memcpy(hc06_ptr, &hdr, 4); |
4158 |
++ memcpy(hc06_ptr, hdr, 4); |
4159 |
+ /* replace the top byte with new ECN | DSCP format */ |
4160 |
+ *hc06_ptr = tmp; |
4161 |
+ hc06_ptr += 4; |
4162 |
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c |
4163 |
index d01be2a..8976537 100644 |
4164 |
--- a/net/ipv4/af_inet.c |
4165 |
@@ -91688,7 +93378,7 @@ index 9a459be..086b866 100644 |
4166 |
return -ENOMEM; |
4167 |
} |
4168 |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
4169 |
-index fb8c94c..fb18024 100644 |
4170 |
+index fb8c94c..80a31d8 100644 |
4171 |
--- a/net/ipv6/addrconf.c |
4172 |
+++ b/net/ipv6/addrconf.c |
4173 |
@@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, |
4174 |
@@ -91700,7 +93390,24 @@ index fb8c94c..fb18024 100644 |
4175 |
net->dev_base_seq; |
4176 |
hlist_for_each_entry_rcu(dev, head, index_hlist) { |
4177 |
if (idx < s_idx) |
4178 |
-@@ -2380,7 +2380,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
4179 |
+@@ -1124,12 +1124,10 @@ retry: |
4180 |
+ if (ifp->flags & IFA_F_OPTIMISTIC) |
4181 |
+ addr_flags |= IFA_F_OPTIMISTIC; |
4182 |
+ |
4183 |
+- ift = !max_addresses || |
4184 |
+- ipv6_count_addresses(idev) < max_addresses ? |
4185 |
+- ipv6_add_addr(idev, &addr, tmp_plen, |
4186 |
+- ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, |
4187 |
+- addr_flags) : NULL; |
4188 |
+- if (IS_ERR_OR_NULL(ift)) { |
4189 |
++ ift = ipv6_add_addr(idev, &addr, tmp_plen, |
4190 |
++ ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, |
4191 |
++ addr_flags); |
4192 |
++ if (IS_ERR(ift)) { |
4193 |
+ in6_ifa_put(ifp); |
4194 |
+ in6_dev_put(idev); |
4195 |
+ pr_info("%s: retry temporary address regeneration\n", __func__); |
4196 |
+@@ -2380,7 +2378,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
4197 |
p.iph.ihl = 5; |
4198 |
p.iph.protocol = IPPROTO_IPV6; |
4199 |
p.iph.ttl = 64; |
4200 |
@@ -91709,7 +93416,7 @@ index fb8c94c..fb18024 100644 |
4201 |
|
4202 |
if (ops->ndo_do_ioctl) { |
4203 |
mm_segment_t oldfs = get_fs(); |
4204 |
-@@ -4002,7 +4002,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, |
4205 |
+@@ -4002,7 +4000,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, |
4206 |
s_ip_idx = ip_idx = cb->args[2]; |
4207 |
|
4208 |
rcu_read_lock(); |
4209 |
@@ -91718,7 +93425,7 @@ index fb8c94c..fb18024 100644 |
4210 |
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { |
4211 |
idx = 0; |
4212 |
head = &net->dev_index_head[h]; |
4213 |
-@@ -4587,7 +4587,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
4214 |
+@@ -4587,7 +4585,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
4215 |
dst_free(&ifp->rt->dst); |
4216 |
break; |
4217 |
} |
4218 |
@@ -91727,7 +93434,7 @@ index fb8c94c..fb18024 100644 |
4219 |
} |
4220 |
|
4221 |
static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
4222 |
-@@ -4607,7 +4607,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, |
4223 |
+@@ -4607,7 +4605,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, |
4224 |
int *valp = ctl->data; |
4225 |
int val = *valp; |
4226 |
loff_t pos = *ppos; |
4227 |
@@ -91736,7 +93443,7 @@ index fb8c94c..fb18024 100644 |
4228 |
int ret; |
4229 |
|
4230 |
/* |
4231 |
-@@ -4689,7 +4689,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, |
4232 |
+@@ -4689,7 +4687,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, |
4233 |
int *valp = ctl->data; |
4234 |
int val = *valp; |
4235 |
loff_t pos = *ppos; |
4236 |
@@ -91938,9 +93645,18 @@ index dffdc1a..ccc6678 100644 |
4237 |
return -ENOMEM; |
4238 |
} |
4239 |
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c |
4240 |
-index eedff8c..6e13a47 100644 |
4241 |
+index eedff8c..7d7e24a 100644 |
4242 |
--- a/net/ipv6/raw.c |
4243 |
+++ b/net/ipv6/raw.c |
4244 |
+@@ -108,7 +108,7 @@ found: |
4245 |
+ */ |
4246 |
+ static int icmpv6_filter(const struct sock *sk, const struct sk_buff *skb) |
4247 |
+ { |
4248 |
+- struct icmp6hdr *_hdr; |
4249 |
++ struct icmp6hdr _hdr; |
4250 |
+ const struct icmp6hdr *hdr; |
4251 |
+ |
4252 |
+ hdr = skb_header_pointer(skb, skb_transport_offset(skb), |
4253 |
@@ -378,7 +378,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) |
4254 |
{ |
4255 |
if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) && |
4256 |
@@ -92939,9 +94655,18 @@ index 0ab9636..cea3c6a 100644 |
4257 |
{ |
4258 |
if (users > 0) |
4259 |
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c |
4260 |
-index a99b6c3..3841268 100644 |
4261 |
+index a99b6c3..cb372f9 100644 |
4262 |
--- a/net/netfilter/nf_conntrack_proto_dccp.c |
4263 |
+++ b/net/netfilter/nf_conntrack_proto_dccp.c |
4264 |
+@@ -428,7 +428,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, |
4265 |
+ const char *msg; |
4266 |
+ u_int8_t state; |
4267 |
+ |
4268 |
+- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); |
4269 |
++ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); |
4270 |
+ BUG_ON(dh == NULL); |
4271 |
+ |
4272 |
+ state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE]; |
4273 |
@@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, |
4274 |
out_invalid: |
4275 |
if (LOG_INVALID(net, IPPROTO_DCCP)) |
4276 |
@@ -92951,6 +94676,24 @@ index a99b6c3..3841268 100644 |
4277 |
return false; |
4278 |
} |
4279 |
|
4280 |
+@@ -486,7 +486,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb, |
4281 |
+ u_int8_t type, old_state, new_state; |
4282 |
+ enum ct_dccp_roles role; |
4283 |
+ |
4284 |
+- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); |
4285 |
++ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); |
4286 |
+ BUG_ON(dh == NULL); |
4287 |
+ type = dh->dccph_type; |
4288 |
+ |
4289 |
+@@ -577,7 +577,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, |
4290 |
+ unsigned int cscov; |
4291 |
+ const char *msg; |
4292 |
+ |
4293 |
+- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); |
4294 |
++ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); |
4295 |
+ if (dh == NULL) { |
4296 |
+ msg = "nf_ct_dccp: short packet "; |
4297 |
+ goto out_invalid; |
4298 |
@@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, |
4299 |
|
4300 |
out_invalid: |
4301 |
@@ -95557,7 +97300,7 @@ index f5eb43d..1814de8 100644 |
4302 |
shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); |
4303 |
shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); |
4304 |
diff --git a/security/Kconfig b/security/Kconfig |
4305 |
-index e9c6ac7..3e3f362 100644 |
4306 |
+index e9c6ac7..c5d45c8 100644 |
4307 |
--- a/security/Kconfig |
4308 |
+++ b/security/Kconfig |
4309 |
@@ -4,6 +4,959 @@ |
4310 |
@@ -96396,7 +98139,7 @@ index e9c6ac7..3e3f362 100644 |
4311 |
+config PAX_REFCOUNT |
4312 |
+ bool "Prevent various kernel object reference counter overflows" |
4313 |
+ default y if GRKERNSEC_CONFIG_AUTO |
4314 |
-+ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || SPARC64 || X86) |
4315 |
++ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || SPARC64 || X86) |
4316 |
+ help |
4317 |
+ By saying Y here the kernel will detect and prevent overflowing |
4318 |
+ various (but not all) kinds of object reference counters. Such |
4319 |
@@ -99033,10 +100776,10 @@ index 0000000..568b360 |
4320 |
+} |
4321 |
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c |
4322 |
new file mode 100644 |
4323 |
-index 0000000..0408e06 |
4324 |
+index 0000000..257529f |
4325 |
--- /dev/null |
4326 |
+++ b/tools/gcc/kernexec_plugin.c |
4327 |
-@@ -0,0 +1,465 @@ |
4328 |
+@@ -0,0 +1,471 @@ |
4329 |
+/* |
4330 |
+ * Copyright 2011-2013 by the PaX Team <pageexec@××××××××.hu> |
4331 |
+ * Licensed under the GPL v2 |
4332 |
@@ -99088,7 +100831,7 @@ index 0000000..0408e06 |
4333 |
+int plugin_is_GPL_compatible; |
4334 |
+ |
4335 |
+static struct plugin_info kernexec_plugin_info = { |
4336 |
-+ .version = "201302112000", |
4337 |
++ .version = "201308230150", |
4338 |
+ .help = "method=[bts|or]\tinstrumentation method\n" |
4339 |
+}; |
4340 |
+ |
4341 |
@@ -99239,7 +100982,7 @@ index 0000000..0408e06 |
4342 |
+static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi) |
4343 |
+{ |
4344 |
+ gimple assign_intptr, assign_new_fptr, call_stmt; |
4345 |
-+ tree intptr, old_fptr, new_fptr, kernexec_mask; |
4346 |
++ tree intptr, orptr, old_fptr, new_fptr, kernexec_mask; |
4347 |
+ |
4348 |
+ call_stmt = gsi_stmt(*gsi); |
4349 |
+ old_fptr = gimple_call_fn(call_stmt); |
4350 |
@@ -99248,16 +100991,20 @@ index 0000000..0408e06 |
4351 |
+ intptr = create_tmp_var(long_unsigned_type_node, "kernexec_bts"); |
4352 |
+#if BUILDING_GCC_VERSION <= 4007 |
4353 |
+ add_referenced_var(intptr); |
4354 |
-+ mark_sym_for_renaming(intptr); |
4355 |
+#endif |
4356 |
++ intptr = make_ssa_name(intptr, NULL); |
4357 |
+ assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); |
4358 |
++ SSA_NAME_DEF_STMT(intptr) = assign_intptr; |
4359 |
+ gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); |
4360 |
+ update_stmt(assign_intptr); |
4361 |
+ |
4362 |
+ // apply logical or to temporary unsigned long and bitmask |
4363 |
+ kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL); |
4364 |
+// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL); |
4365 |
-+ assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask)); |
4366 |
++ orptr = fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask); |
4367 |
++ intptr = make_ssa_name(SSA_NAME_VAR(intptr), NULL); |
4368 |
++ assign_intptr = gimple_build_assign(intptr, orptr); |
4369 |
++ SSA_NAME_DEF_STMT(intptr) = assign_intptr; |
4370 |
+ gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); |
4371 |
+ update_stmt(assign_intptr); |
4372 |
+ |
4373 |
@@ -99265,9 +101012,10 @@ index 0000000..0408e06 |
4374 |
+ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr"); |
4375 |
+#if BUILDING_GCC_VERSION <= 4007 |
4376 |
+ add_referenced_var(new_fptr); |
4377 |
-+ mark_sym_for_renaming(new_fptr); |
4378 |
+#endif |
4379 |
++ new_fptr = make_ssa_name(new_fptr, NULL); |
4380 |
+ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); |
4381 |
++ SSA_NAME_DEF_STMT(new_fptr) = assign_new_fptr; |
4382 |
+ gsi_insert_before(gsi, assign_new_fptr, GSI_SAME_STMT); |
4383 |
+ update_stmt(assign_new_fptr); |
4384 |
+ |
4385 |
@@ -99295,8 +101043,8 @@ index 0000000..0408e06 |
4386 |
+ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_or"); |
4387 |
+#if BUILDING_GCC_VERSION <= 4007 |
4388 |
+ add_referenced_var(new_fptr); |
4389 |
-+ mark_sym_for_renaming(new_fptr); |
4390 |
+#endif |
4391 |
++ new_fptr = make_ssa_name(new_fptr, NULL); |
4392 |
+ |
4393 |
+ // build asm volatile("orq %%r10, %0\n\t" : "=r"(new_fptr) : "0"(old_fptr)); |
4394 |
+ input = build_tree_list(NULL_TREE, build_string(2, "0")); |
4395 |
@@ -99311,6 +101059,7 @@ index 0000000..0408e06 |
4396 |
+ vec_safe_push(outputs, output); |
4397 |
+#endif |
4398 |
+ asm_or_stmt = gimple_build_asm_vec("orq %%r10, %0\n\t", inputs, outputs, NULL, NULL); |
4399 |
++ SSA_NAME_DEF_STMT(new_fptr) = asm_or_stmt; |
4400 |
+ gimple_asm_set_volatile(asm_or_stmt, true); |
4401 |
+ gsi_insert_before(gsi, asm_or_stmt, GSI_SAME_STMT); |
4402 |
+ update_stmt(asm_or_stmt); |
4403 |
@@ -99504,10 +101253,10 @@ index 0000000..0408e06 |
4404 |
+} |
4405 |
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c |
4406 |
new file mode 100644 |
4407 |
-index 0000000..b5395ba |
4408 |
+index 0000000..2ef6fd9 |
4409 |
--- /dev/null |
4410 |
+++ b/tools/gcc/latent_entropy_plugin.c |
4411 |
-@@ -0,0 +1,327 @@ |
4412 |
+@@ -0,0 +1,321 @@ |
4413 |
+/* |
4414 |
+ * Copyright 2012-2013 by the PaX Team <pageexec@××××××××.hu> |
4415 |
+ * Licensed under the GPL v2 |
4416 |
@@ -99559,7 +101308,7 @@ index 0000000..b5395ba |
4417 |
+static tree latent_entropy_decl; |
4418 |
+ |
4419 |
+static struct plugin_info latent_entropy_plugin_info = { |
4420 |
-+ .version = "201303102320", |
4421 |
++ .version = "201308230230", |
4422 |
+ .help = NULL |
4423 |
+}; |
4424 |
+ |
4425 |
@@ -99668,13 +101417,10 @@ index 0000000..b5395ba |
4426 |
+ op = get_op(&rhs); |
4427 |
+ addxorrol = fold_build2_loc(UNKNOWN_LOCATION, op, unsigned_intDI_type_node, local_entropy, rhs); |
4428 |
+ assign = gimple_build_assign(local_entropy, addxorrol); |
4429 |
-+#if BUILDING_GCC_VERSION <= 4007 |
4430 |
-+ find_referenced_vars_in(assign); |
4431 |
-+#endif |
4432 |
-+//debug_bb(bb); |
4433 |
+ gsi = gsi_after_labels(bb); |
4434 |
+ gsi_insert_before(&gsi, assign, GSI_NEW_STMT); |
4435 |
+ update_stmt(assign); |
4436 |
++//debug_bb(bb); |
4437 |
+} |
4438 |
+ |
4439 |
+static void perturb_latent_entropy(basic_block bb, tree rhs) |
4440 |
@@ -99687,13 +101433,14 @@ index 0000000..b5395ba |
4441 |
+ temp = create_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy"); |
4442 |
+#if BUILDING_GCC_VERSION <= 4007 |
4443 |
+ add_referenced_var(temp); |
4444 |
-+ mark_sym_for_renaming(temp); |
4445 |
+#endif |
4446 |
+ |
4447 |
+ // 2. read... |
4448 |
++ temp = make_ssa_name(temp, NULL); |
4449 |
+ assign = gimple_build_assign(temp, latent_entropy_decl); |
4450 |
++ SSA_NAME_DEF_STMT(temp) = assign; |
4451 |
+#if BUILDING_GCC_VERSION <= 4007 |
4452 |
-+ find_referenced_vars_in(assign); |
4453 |
++ add_referenced_var(latent_entropy_decl); |
4454 |
+#endif |
4455 |
+ gsi = gsi_after_labels(bb); |
4456 |
+ gsi_insert_after(&gsi, assign, GSI_NEW_STMT); |
4457 |
@@ -99701,18 +101448,14 @@ index 0000000..b5395ba |
4458 |
+ |
4459 |
+ // 3. ...modify... |
4460 |
+ addxorrol = fold_build2_loc(UNKNOWN_LOCATION, get_op(NULL), unsigned_intDI_type_node, temp, rhs); |
4461 |
++ temp = make_ssa_name(SSA_NAME_VAR(temp), NULL); |
4462 |
+ assign = gimple_build_assign(temp, addxorrol); |
4463 |
-+#if BUILDING_GCC_VERSION <= 4007 |
4464 |
-+ find_referenced_vars_in(assign); |
4465 |
-+#endif |
4466 |
++ SSA_NAME_DEF_STMT(temp) = assign; |
4467 |
+ gsi_insert_after(&gsi, assign, GSI_NEW_STMT); |
4468 |
+ update_stmt(assign); |
4469 |
+ |
4470 |
+ // 4. ...write latent_entropy |
4471 |
+ assign = gimple_build_assign(latent_entropy_decl, temp); |
4472 |
-+#if BUILDING_GCC_VERSION <= 4007 |
4473 |
-+ find_referenced_vars_in(assign); |
4474 |
-+#endif |
4475 |
+ gsi_insert_after(&gsi, assign, GSI_NEW_STMT); |
4476 |
+ update_stmt(assign); |
4477 |
+} |
4478 |
@@ -99763,21 +101506,21 @@ index 0000000..b5395ba |
4479 |
+ |
4480 |
+ assign = gimple_build_assign(local_entropy, build_int_cstu(unsigned_intDI_type_node, get_random_const())); |
4481 |
+// gimple_set_location(assign, loc); |
4482 |
-+#if BUILDING_GCC_VERSION <= 4007 |
4483 |
-+ find_referenced_vars_in(assign); |
4484 |
-+#endif |
4485 |
+ gsi_insert_after(&gsi, assign, GSI_NEW_STMT); |
4486 |
+ update_stmt(assign); |
4487 |
++//debug_bb(bb); |
4488 |
+ bb = bb->next_bb; |
4489 |
+ |
4490 |
+ // 3. instrument each BB with an operation on the local entropy variable |
4491 |
+ while (bb != EXIT_BLOCK_PTR) { |
4492 |
+ perturb_local_entropy(bb, local_entropy); |
4493 |
++//debug_bb(bb); |
4494 |
+ bb = bb->next_bb; |
4495 |
+ }; |
4496 |
+ |
4497 |
+ // 4. mix local entropy into the global entropy variable |
4498 |
+ perturb_latent_entropy(EXIT_BLOCK_PTR->prev_bb, local_entropy); |
4499 |
++//debug_bb(EXIT_BLOCK_PTR->prev_bb); |
4500 |
+ return 0; |
4501 |
+} |
4502 |
+ |
4503 |
@@ -106193,10 +107936,10 @@ index 0000000..b04803b |
4504 |
+alloc_dr_65495 alloc_dr 2 65495 NULL |
4505 |
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c |
4506 |
new file mode 100644 |
4507 |
-index 0000000..9db0d0e |
4508 |
+index 0000000..03d0c84 |
4509 |
--- /dev/null |
4510 |
+++ b/tools/gcc/size_overflow_plugin.c |
4511 |
-@@ -0,0 +1,2114 @@ |
4512 |
+@@ -0,0 +1,2113 @@ |
4513 |
+/* |
4514 |
+ * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@×××××.com> |
4515 |
+ * Licensed under the GPL v2, or (at your option) v3 |
4516 |
@@ -106286,7 +108029,7 @@ index 0000000..9db0d0e |
4517 |
+static void print_missing_msg(tree func, unsigned int argnum); |
4518 |
+ |
4519 |
+static struct plugin_info size_overflow_plugin_info = { |
4520 |
-+ .version = "20130410beta", |
4521 |
++ .version = "20130822beta", |
4522 |
+ .help = "no-size-overflow\tturn off size overflow checking\n", |
4523 |
+}; |
4524 |
+ |
4525 |
@@ -106666,7 +108409,6 @@ index 0000000..9db0d0e |
4526 |
+ |
4527 |
+#if BUILDING_GCC_VERSION <= 4007 |
4528 |
+ add_referenced_var(new_var); |
4529 |
-+ mark_sym_for_renaming(new_var); |
4530 |
+#endif |
4531 |
+ return new_var; |
4532 |
+} |
4533 |
|
4534 |
diff --git a/3.2.50/0000_README b/3.2.50/0000_README |
4535 |
index a654e82..8d5d81f 100644 |
4536 |
--- a/3.2.50/0000_README |
4537 |
+++ b/3.2.50/0000_README |
4538 |
@@ -118,7 +118,7 @@ Patch: 1049_linux-3.2.50.patch |
4539 |
From: http://www.kernel.org |
4540 |
Desc: Linux 3.2.50 |
4541 |
|
4542 |
-Patch: 4420_grsecurity-2.9.1-3.2.50-201308202017.patch |
4543 |
+Patch: 4420_grsecurity-2.9.1-3.2.50-201308282053.patch |
4544 |
From: http://www.grsecurity.net |
4545 |
Desc: hardened-sources base patch from upstream grsecurity |
4546 |
|
4547 |
|
4548 |
diff --git a/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308202017.patch b/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308282053.patch |
4549 |
similarity index 99% |
4550 |
rename from 3.2.50/4420_grsecurity-2.9.1-3.2.50-201308202017.patch |
4551 |
rename to 3.2.50/4420_grsecurity-2.9.1-3.2.50-201308282053.patch |
4552 |
index 01378eb..581a30c 100644 |
4553 |
--- a/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308202017.patch |
4554 |
+++ b/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308282053.patch |
4555 |
@@ -35590,10 +35590,112 @@ index 8a8725c2..afed796 100644 |
4556 |
marker = list_first_entry(&queue->head, |
4557 |
struct vmw_marker, head); |
4558 |
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
4559 |
-index 611aafc..d6aafa2 100644 |
4560 |
+index 611aafc..3f9bbc0 100644 |
4561 |
--- a/drivers/hid/hid-core.c |
4562 |
+++ b/drivers/hid/hid-core.c |
4563 |
-@@ -2034,7 +2034,7 @@ static bool hid_ignore(struct hid_device *hdev) |
4564 |
+@@ -59,6 +59,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, |
4565 |
+ struct hid_report_enum *report_enum = device->report_enum + type; |
4566 |
+ struct hid_report *report; |
4567 |
+ |
4568 |
++ if (id >= HID_MAX_IDS) |
4569 |
++ return NULL; |
4570 |
+ if (report_enum->report_id_hash[id]) |
4571 |
+ return report_enum->report_id_hash[id]; |
4572 |
+ |
4573 |
+@@ -380,8 +382,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item) |
4574 |
+ |
4575 |
+ case HID_GLOBAL_ITEM_TAG_REPORT_ID: |
4576 |
+ parser->global.report_id = item_udata(item); |
4577 |
+- if (parser->global.report_id == 0) { |
4578 |
+- dbg_hid("report_id 0 is invalid\n"); |
4579 |
++ if (parser->global.report_id == 0 || |
4580 |
++ parser->global.report_id >= HID_MAX_IDS) { |
4581 |
++ dbg_hid("report_id %u is invalid\n", |
4582 |
++ parser->global.report_id); |
4583 |
+ return -1; |
4584 |
+ } |
4585 |
+ return 0; |
4586 |
+@@ -552,7 +556,7 @@ static void hid_device_release(struct device *dev) |
4587 |
+ for (i = 0; i < HID_REPORT_TYPES; i++) { |
4588 |
+ struct hid_report_enum *report_enum = device->report_enum + i; |
4589 |
+ |
4590 |
+- for (j = 0; j < 256; j++) { |
4591 |
++ for (j = 0; j < HID_MAX_IDS; j++) { |
4592 |
+ struct hid_report *report = report_enum->report_id_hash[j]; |
4593 |
+ if (report) |
4594 |
+ hid_free_report(report); |
4595 |
+@@ -710,6 +714,56 @@ err: |
4596 |
+ } |
4597 |
+ EXPORT_SYMBOL_GPL(hid_parse_report); |
4598 |
+ |
4599 |
++static const char * const hid_report_names[] = { |
4600 |
++ "HID_INPUT_REPORT", |
4601 |
++ "HID_OUTPUT_REPORT", |
4602 |
++ "HID_FEATURE_REPORT", |
4603 |
++}; |
4604 |
++/** |
4605 |
++ * hid_validate_report - validate existing device report |
4606 |
++ * |
4607 |
++ * @device: hid device |
4608 |
++ * @type: which report type to examine |
4609 |
++ * @id: which report ID to examine (0 for first) |
4610 |
++ * @fields: expected number of fields |
4611 |
++ * @report_counts: expected number of values per field |
4612 |
++ * |
4613 |
++ * Validate the report details after parsing. |
4614 |
++ */ |
4615 |
++struct hid_report *hid_validate_report(struct hid_device *hid, |
4616 |
++ unsigned int type, unsigned int id, |
4617 |
++ unsigned int fields, |
4618 |
++ unsigned int report_counts) |
4619 |
++{ |
4620 |
++ struct hid_report *report; |
4621 |
++ unsigned int i; |
4622 |
++ |
4623 |
++ if (type > HID_FEATURE_REPORT) { |
4624 |
++ hid_err(hid, "invalid HID report %u\n", type); |
4625 |
++ return NULL; |
4626 |
++ } |
4627 |
++ |
4628 |
++ report = hid->report_enum[type].report_id_hash[id]; |
4629 |
++ if (!report) { |
4630 |
++ hid_err(hid, "missing %s %u\n", hid_report_names[type], id); |
4631 |
++ return NULL; |
4632 |
++ } |
4633 |
++ if (report->maxfield < fields) { |
4634 |
++ hid_err(hid, "not enough fields in %s %u\n", |
4635 |
++ hid_report_names[type], id); |
4636 |
++ return NULL; |
4637 |
++ } |
4638 |
++ for (i = 0; i < fields; i++) { |
4639 |
++ if (report->field[i]->report_count < report_counts) { |
4640 |
++ hid_err(hid, "not enough values in %s %u fields\n", |
4641 |
++ hid_report_names[type], id); |
4642 |
++ return NULL; |
4643 |
++ } |
4644 |
++ } |
4645 |
++ return report; |
4646 |
++} |
4647 |
++EXPORT_SYMBOL_GPL(hid_validate_report); |
4648 |
++ |
4649 |
+ /* |
4650 |
+ * Convert a signed n-bit integer to signed 32-bit integer. Common |
4651 |
+ * cases are done through the compiler, the screwed things has to be |
4652 |
+@@ -990,7 +1044,12 @@ EXPORT_SYMBOL_GPL(hid_output_report); |
4653 |
+ |
4654 |
+ int hid_set_field(struct hid_field *field, unsigned offset, __s32 value) |
4655 |
+ { |
4656 |
+- unsigned size = field->report_size; |
4657 |
++ unsigned size; |
4658 |
++ |
4659 |
++ if (!field) |
4660 |
++ return -1; |
4661 |
++ |
4662 |
++ size = field->report_size; |
4663 |
+ |
4664 |
+ hid_dump_input(field->report->device, field->usage + offset, value); |
4665 |
+ |
4666 |
+@@ -2034,7 +2093,7 @@ static bool hid_ignore(struct hid_device *hdev) |
4667 |
|
4668 |
int hid_add_device(struct hid_device *hdev) |
4669 |
{ |
4670 |
@@ -35602,7 +35704,7 @@ index 611aafc..d6aafa2 100644 |
4671 |
int ret; |
4672 |
|
4673 |
if (WARN_ON(hdev->status & HID_STAT_ADDED)) |
4674 |
-@@ -2049,7 +2049,7 @@ int hid_add_device(struct hid_device *hdev) |
4675 |
+@@ -2049,7 +2108,7 @@ int hid_add_device(struct hid_device *hdev) |
4676 |
/* XXX hack, any other cleaner solution after the driver core |
4677 |
* is converted to allow more than 20 bytes as the device name? */ |
4678 |
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, |
4679 |
@@ -35611,6 +35713,253 @@ index 611aafc..d6aafa2 100644 |
4680 |
|
4681 |
hid_debug_register(hdev, dev_name(&hdev->dev)); |
4682 |
ret = device_add(&hdev->dev); |
4683 |
+diff --git a/drivers/hid/hid-lg2ff.c b/drivers/hid/hid-lg2ff.c |
4684 |
+index 3c31bc6..f7b432a 100644 |
4685 |
+--- a/drivers/hid/hid-lg2ff.c |
4686 |
++++ b/drivers/hid/hid-lg2ff.c |
4687 |
+@@ -66,26 +66,13 @@ int lg2ff_init(struct hid_device *hid) |
4688 |
+ struct hid_report *report; |
4689 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, |
4690 |
+ struct hid_input, list); |
4691 |
+- struct list_head *report_list = |
4692 |
+- &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
4693 |
+ struct input_dev *dev = hidinput->input; |
4694 |
+ int error; |
4695 |
+ |
4696 |
+- if (list_empty(report_list)) { |
4697 |
+- hid_err(hid, "no output report found\n"); |
4698 |
++ /* Check that the report looks ok */ |
4699 |
++ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7); |
4700 |
++ if (!report) |
4701 |
+ return -ENODEV; |
4702 |
+- } |
4703 |
+- |
4704 |
+- report = list_entry(report_list->next, struct hid_report, list); |
4705 |
+- |
4706 |
+- if (report->maxfield < 1) { |
4707 |
+- hid_err(hid, "output report is empty\n"); |
4708 |
+- return -ENODEV; |
4709 |
+- } |
4710 |
+- if (report->field[0]->report_count < 7) { |
4711 |
+- hid_err(hid, "not enough values in the field\n"); |
4712 |
+- return -ENODEV; |
4713 |
+- } |
4714 |
+ |
4715 |
+ lg2ff = kmalloc(sizeof(struct lg2ff_device), GFP_KERNEL); |
4716 |
+ if (!lg2ff) |
4717 |
+diff --git a/drivers/hid/hid-lg3ff.c b/drivers/hid/hid-lg3ff.c |
4718 |
+index f98644c..8590851 100644 |
4719 |
+--- a/drivers/hid/hid-lg3ff.c |
4720 |
++++ b/drivers/hid/hid-lg3ff.c |
4721 |
+@@ -68,10 +68,11 @@ static int hid_lg3ff_play(struct input_dev *dev, void *data, |
4722 |
+ int x, y; |
4723 |
+ |
4724 |
+ /* |
4725 |
+- * Maxusage should always be 63 (maximum fields) |
4726 |
+- * likely a better way to ensure this data is clean |
4727 |
++ * Available values in the field should always be 63, but we only use up to |
4728 |
++ * 35. Instead, clear the entire area, however big it is. |
4729 |
+ */ |
4730 |
+- memset(report->field[0]->value, 0, sizeof(__s32)*report->field[0]->maxusage); |
4731 |
++ memset(report->field[0]->value, 0, |
4732 |
++ sizeof(__s32) * report->field[0]->report_count); |
4733 |
+ |
4734 |
+ switch (effect->type) { |
4735 |
+ case FF_CONSTANT: |
4736 |
+@@ -131,32 +132,14 @@ static const signed short ff3_joystick_ac[] = { |
4737 |
+ int lg3ff_init(struct hid_device *hid) |
4738 |
+ { |
4739 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
4740 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
4741 |
+ struct input_dev *dev = hidinput->input; |
4742 |
+- struct hid_report *report; |
4743 |
+- struct hid_field *field; |
4744 |
+ const signed short *ff_bits = ff3_joystick_ac; |
4745 |
+ int error; |
4746 |
+ int i; |
4747 |
+ |
4748 |
+- /* Find the report to use */ |
4749 |
+- if (list_empty(report_list)) { |
4750 |
+- hid_err(hid, "No output report found\n"); |
4751 |
+- return -1; |
4752 |
+- } |
4753 |
+- |
4754 |
+ /* Check that the report looks ok */ |
4755 |
+- report = list_entry(report_list->next, struct hid_report, list); |
4756 |
+- if (!report) { |
4757 |
+- hid_err(hid, "NULL output report\n"); |
4758 |
+- return -1; |
4759 |
+- } |
4760 |
+- |
4761 |
+- field = report->field[0]; |
4762 |
+- if (!field) { |
4763 |
+- hid_err(hid, "NULL field\n"); |
4764 |
+- return -1; |
4765 |
+- } |
4766 |
++ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 35)) |
4767 |
++ return -ENODEV; |
4768 |
+ |
4769 |
+ /* Assume single fixed device G940 */ |
4770 |
+ for (i = 0; ff_bits[i] >= 0; i++) |
4771 |
+diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c |
4772 |
+index 103f30d..b9a39e5 100644 |
4773 |
+--- a/drivers/hid/hid-lg4ff.c |
4774 |
++++ b/drivers/hid/hid-lg4ff.c |
4775 |
+@@ -339,33 +339,15 @@ static ssize_t lg4ff_range_store(struct device *dev, struct device_attribute *at |
4776 |
+ int lg4ff_init(struct hid_device *hid) |
4777 |
+ { |
4778 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
4779 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
4780 |
+ struct input_dev *dev = hidinput->input; |
4781 |
+- struct hid_report *report; |
4782 |
+- struct hid_field *field; |
4783 |
+ struct lg4ff_device_entry *entry; |
4784 |
+ struct usb_device_descriptor *udesc; |
4785 |
+ int error, i, j; |
4786 |
+ __u16 bcdDevice, rev_maj, rev_min; |
4787 |
+ |
4788 |
+- /* Find the report to use */ |
4789 |
+- if (list_empty(report_list)) { |
4790 |
+- hid_err(hid, "No output report found\n"); |
4791 |
+- return -1; |
4792 |
+- } |
4793 |
+- |
4794 |
+ /* Check that the report looks ok */ |
4795 |
+- report = list_entry(report_list->next, struct hid_report, list); |
4796 |
+- if (!report) { |
4797 |
+- hid_err(hid, "NULL output report\n"); |
4798 |
++ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7)) |
4799 |
+ return -1; |
4800 |
+- } |
4801 |
+- |
4802 |
+- field = report->field[0]; |
4803 |
+- if (!field) { |
4804 |
+- hid_err(hid, "NULL field\n"); |
4805 |
+- return -1; |
4806 |
+- } |
4807 |
+ |
4808 |
+ /* Check what wheel has been connected */ |
4809 |
+ for (i = 0; i < ARRAY_SIZE(lg4ff_devices); i++) { |
4810 |
+diff --git a/drivers/hid/hid-lgff.c b/drivers/hid/hid-lgff.c |
4811 |
+index 27bc54f..6d25789 100644 |
4812 |
+--- a/drivers/hid/hid-lgff.c |
4813 |
++++ b/drivers/hid/hid-lgff.c |
4814 |
+@@ -130,27 +130,14 @@ static void hid_lgff_set_autocenter(struct input_dev *dev, u16 magnitude) |
4815 |
+ int lgff_init(struct hid_device* hid) |
4816 |
+ { |
4817 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
4818 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
4819 |
+ struct input_dev *dev = hidinput->input; |
4820 |
+- struct hid_report *report; |
4821 |
+- struct hid_field *field; |
4822 |
+ const signed short *ff_bits = ff_joystick; |
4823 |
+ int error; |
4824 |
+ int i; |
4825 |
+ |
4826 |
+- /* Find the report to use */ |
4827 |
+- if (list_empty(report_list)) { |
4828 |
+- hid_err(hid, "No output report found\n"); |
4829 |
+- return -1; |
4830 |
+- } |
4831 |
+- |
4832 |
+ /* Check that the report looks ok */ |
4833 |
+- report = list_entry(report_list->next, struct hid_report, list); |
4834 |
+- field = report->field[0]; |
4835 |
+- if (!field) { |
4836 |
+- hid_err(hid, "NULL field\n"); |
4837 |
+- return -1; |
4838 |
+- } |
4839 |
++ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7)) |
4840 |
++ return -ENODEV; |
4841 |
+ |
4842 |
+ for (i = 0; i < ARRAY_SIZE(devices); i++) { |
4843 |
+ if (dev->id.vendor == devices[i].idVendor && |
4844 |
+diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c |
4845 |
+index 13af0f1..dc797c9 100644 |
4846 |
+--- a/drivers/hid/hid-multitouch.c |
4847 |
++++ b/drivers/hid/hid-multitouch.c |
4848 |
+@@ -195,6 +195,9 @@ static void mt_feature_mapping(struct hid_device *hdev, |
4849 |
+ td->inputmode = field->report->id; |
4850 |
+ break; |
4851 |
+ case HID_DG_CONTACTMAX: |
4852 |
++ /* Ignore if value count is out of bounds. */ |
4853 |
++ if (field->report_count < 1) |
4854 |
++ break; |
4855 |
+ td->maxcontacts = field->value[0]; |
4856 |
+ if (td->mtclass->maxcontacts) |
4857 |
+ /* check if the maxcontacts is given by the class */ |
4858 |
+@@ -506,7 +509,6 @@ static int mt_event(struct hid_device *hid, struct hid_field *field, |
4859 |
+ if (field->index == td->last_field_index |
4860 |
+ && td->num_received >= td->num_expected) |
4861 |
+ mt_emit_event(td, field->hidinput->input); |
4862 |
+- |
4863 |
+ } |
4864 |
+ |
4865 |
+ /* we have handled the hidinput part, now remains hiddev */ |
4866 |
+diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c |
4867 |
+index 9fae2eb..48cba85 100644 |
4868 |
+--- a/drivers/hid/hid-ntrig.c |
4869 |
++++ b/drivers/hid/hid-ntrig.c |
4870 |
+@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev) |
4871 |
+ struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT]. |
4872 |
+ report_id_hash[0x0d]; |
4873 |
+ |
4874 |
+- if (!report) |
4875 |
++ if (!report || report->maxfield < 1 || |
4876 |
++ report->field[0]->report_count < 1) |
4877 |
+ return -EINVAL; |
4878 |
+ |
4879 |
+ usbhid_submit_report(hdev, report, USB_DIR_IN); |
4880 |
+diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c |
4881 |
+index 070f93a..12786cd 100644 |
4882 |
+--- a/drivers/hid/hid-pl.c |
4883 |
++++ b/drivers/hid/hid-pl.c |
4884 |
+@@ -129,8 +129,14 @@ static int plff_init(struct hid_device *hid) |
4885 |
+ strong = &report->field[0]->value[2]; |
4886 |
+ weak = &report->field[0]->value[3]; |
4887 |
+ debug("detected single-field device"); |
4888 |
+- } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 && |
4889 |
+- report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) { |
4890 |
++ } else if (report->field[0]->maxusage == 1 && |
4891 |
++ report->field[0]->usage[0].hid == |
4892 |
++ (HID_UP_LED | 0x43) && |
4893 |
++ report->maxfield >= 4 && |
4894 |
++ report->field[0]->report_count >= 1 && |
4895 |
++ report->field[1]->report_count >= 1 && |
4896 |
++ report->field[2]->report_count >= 1 && |
4897 |
++ report->field[3]->report_count >= 1) { |
4898 |
+ report->field[0]->value[0] = 0x00; |
4899 |
+ report->field[1]->value[0] = 0x00; |
4900 |
+ strong = &report->field[2]->value[0]; |
4901 |
+diff --git a/drivers/hid/hid-zpff.c b/drivers/hid/hid-zpff.c |
4902 |
+index f6ba81d..f7e37f7 100644 |
4903 |
+--- a/drivers/hid/hid-zpff.c |
4904 |
++++ b/drivers/hid/hid-zpff.c |
4905 |
+@@ -70,22 +70,12 @@ static int zpff_init(struct hid_device *hid) |
4906 |
+ struct hid_report *report; |
4907 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, |
4908 |
+ struct hid_input, list); |
4909 |
+- struct list_head *report_list = |
4910 |
+- &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
4911 |
+ struct input_dev *dev = hidinput->input; |
4912 |
+ int error; |
4913 |
+ |
4914 |
+- if (list_empty(report_list)) { |
4915 |
+- hid_err(hid, "no output report found\n"); |
4916 |
++ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 4, 1); |
4917 |
++ if (!report) |
4918 |
+ return -ENODEV; |
4919 |
+- } |
4920 |
+- |
4921 |
+- report = list_entry(report_list->next, struct hid_report, list); |
4922 |
+- |
4923 |
+- if (report->maxfield < 4) { |
4924 |
+- hid_err(hid, "not enough fields in report\n"); |
4925 |
+- return -ENODEV; |
4926 |
+- } |
4927 |
+ |
4928 |
+ zpff = kzalloc(sizeof(struct zpff_device), GFP_KERNEL); |
4929 |
+ if (!zpff) |
4930 |
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c |
4931 |
index 4ef02b2..8a96831 100644 |
4932 |
--- a/drivers/hid/usbhid/hiddev.c |
4933 |
@@ -40799,6 +41148,22 @@ index 62dc461..5250f0b 100644 |
4934 |
|
4935 |
/* dongle iscan controller */ |
4936 |
struct brcmf_cfg80211_iscan_ctrl { |
4937 |
+diff --git a/drivers/net/wireless/hostap/hostap_ioctl.c b/drivers/net/wireless/hostap/hostap_ioctl.c |
4938 |
+index 045a936..271e818 100644 |
4939 |
+--- a/drivers/net/wireless/hostap/hostap_ioctl.c |
4940 |
++++ b/drivers/net/wireless/hostap/hostap_ioctl.c |
4941 |
+@@ -522,9 +522,9 @@ static int prism2_ioctl_giwaplist(struct net_device *dev, |
4942 |
+ |
4943 |
+ data->length = prism2_ap_get_sta_qual(local, addr, qual, IW_MAX_AP, 1); |
4944 |
+ |
4945 |
+- memcpy(extra, &addr, sizeof(struct sockaddr) * data->length); |
4946 |
++ memcpy(extra, addr, sizeof(struct sockaddr) * data->length); |
4947 |
+ data->flags = 1; /* has quality information */ |
4948 |
+- memcpy(extra + sizeof(struct sockaddr) * data->length, &qual, |
4949 |
++ memcpy(extra + sizeof(struct sockaddr) * data->length, qual, |
4950 |
+ sizeof(struct iw_quality) * data->length); |
4951 |
+ |
4952 |
+ kfree(addr); |
4953 |
diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c |
4954 |
index b3d9f3f..9931f58 100644 |
4955 |
--- a/drivers/net/wireless/iwlegacy/iwl3945-base.c |
4956 |
@@ -49268,10 +49633,38 @@ index 7423cb9..9379ddd 100644 |
4957 |
static int __init init_misc_binfmt(void) |
4958 |
{ |
4959 |
diff --git a/fs/bio.c b/fs/bio.c |
4960 |
-index 4fc4dbb..bae9dce 100644 |
4961 |
+index 4fc4dbb..0cf9d6d 100644 |
4962 |
--- a/fs/bio.c |
4963 |
+++ b/fs/bio.c |
4964 |
-@@ -838,7 +838,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, |
4965 |
+@@ -787,12 +787,22 @@ static int __bio_copy_iov(struct bio *bio, struct bio_vec *iovecs, |
4966 |
+ int bio_uncopy_user(struct bio *bio) |
4967 |
+ { |
4968 |
+ struct bio_map_data *bmd = bio->bi_private; |
4969 |
+- int ret = 0; |
4970 |
++ struct bio_vec *bvec; |
4971 |
++ int ret = 0, i; |
4972 |
+ |
4973 |
+- if (!bio_flagged(bio, BIO_NULL_MAPPED)) |
4974 |
+- ret = __bio_copy_iov(bio, bmd->iovecs, bmd->sgvecs, |
4975 |
+- bmd->nr_sgvecs, bio_data_dir(bio) == READ, |
4976 |
+- 0, bmd->is_our_pages); |
4977 |
++ if (!bio_flagged(bio, BIO_NULL_MAPPED)) { |
4978 |
++ /* |
4979 |
++ * if we're in a workqueue, the request is orphaned, so |
4980 |
++ * don't copy into a random user address space, just free. |
4981 |
++ */ |
4982 |
++ if (current->mm) |
4983 |
++ ret = __bio_copy_iov(bio, bmd->iovecs, bmd->sgvecs, |
4984 |
++ bmd->nr_sgvecs, bio_data_dir(bio) == READ, |
4985 |
++ 0, bmd->is_our_pages); |
4986 |
++ else if (bmd->is_our_pages) |
4987 |
++ __bio_for_each_segment(bvec, bio, i, 0) |
4988 |
++ __free_page(bvec->bv_page); |
4989 |
++ } |
4990 |
+ bio_free_map_data(bmd); |
4991 |
+ bio_put(bio); |
4992 |
+ return ret; |
4993 |
+@@ -838,7 +848,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, |
4994 |
/* |
4995 |
* Overflow, abort |
4996 |
*/ |
4997 |
@@ -49280,7 +49673,7 @@ index 4fc4dbb..bae9dce 100644 |
4998 |
return ERR_PTR(-EINVAL); |
4999 |
|
5000 |
nr_pages += end - start; |
5001 |
-@@ -972,7 +972,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, |
5002 |
+@@ -972,7 +982,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, |
5003 |
/* |
5004 |
* Overflow, abort |
5005 |
*/ |
5006 |
@@ -49289,7 +49682,7 @@ index 4fc4dbb..bae9dce 100644 |
5007 |
return ERR_PTR(-EINVAL); |
5008 |
|
5009 |
nr_pages += end - start; |
5010 |
-@@ -1234,7 +1234,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) |
5011 |
+@@ -1234,7 +1244,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) |
5012 |
const int read = bio_data_dir(bio) == READ; |
5013 |
struct bio_map_data *bmd = bio->bi_private; |
5014 |
int i; |
5015 |
@@ -49607,9 +50000,27 @@ index 9895400..78a67e7 100644 |
5016 |
} |
5017 |
|
5018 |
diff --git a/fs/ceph/super.c b/fs/ceph/super.c |
5019 |
-index de268a8..06e0541 100644 |
5020 |
+index de268a8..2a158be 100644 |
5021 |
--- a/fs/ceph/super.c |
5022 |
+++ b/fs/ceph/super.c |
5023 |
+@@ -785,7 +785,7 @@ static int ceph_compare_super(struct super_block *sb, void *data) |
5024 |
+ /* |
5025 |
+ * construct our own bdi so we can control readahead, etc. |
5026 |
+ */ |
5027 |
+-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0); |
5028 |
++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0); |
5029 |
+ |
5030 |
+ static int ceph_register_bdi(struct super_block *sb, |
5031 |
+ struct ceph_fs_client *fsc) |
5032 |
+@@ -802,7 +802,7 @@ static int ceph_register_bdi(struct super_block *sb, |
5033 |
+ default_backing_dev_info.ra_pages; |
5034 |
+ |
5035 |
+ err = bdi_register(&fsc->backing_dev_info, NULL, "ceph-%d", |
5036 |
+- atomic_long_inc_return(&bdi_seq)); |
5037 |
++ atomic_long_inc_return_unchecked(&bdi_seq)); |
5038 |
+ if (!err) |
5039 |
+ sb->s_bdi = &fsc->backing_dev_info; |
5040 |
+ return err; |
5041 |
@@ -901,6 +901,7 @@ static struct file_system_type ceph_fs_type = { |
5042 |
.kill_sb = ceph_kill_sb, |
5043 |
.fs_flags = FS_RENAME_DOES_D_MOVE, |
5044 |
@@ -71398,6 +71809,35 @@ index 0000000..e7ffaaf |
5045 |
+ const int protocol); |
5046 |
+ |
5047 |
+#endif |
5048 |
+diff --git a/include/linux/hid.h b/include/linux/hid.h |
5049 |
+index 331e2ef..37c06bd 100644 |
5050 |
+--- a/include/linux/hid.h |
5051 |
++++ b/include/linux/hid.h |
5052 |
+@@ -416,10 +416,12 @@ struct hid_report { |
5053 |
+ struct hid_device *device; /* associated device */ |
5054 |
+ }; |
5055 |
+ |
5056 |
++#define HID_MAX_IDS 256 |
5057 |
++ |
5058 |
+ struct hid_report_enum { |
5059 |
+ unsigned numbered; |
5060 |
+ struct list_head report_list; |
5061 |
+- struct hid_report *report_id_hash[256]; |
5062 |
++ struct hid_report *report_id_hash[HID_MAX_IDS]; |
5063 |
+ }; |
5064 |
+ |
5065 |
+ #define HID_REPORT_TYPES 3 |
5066 |
+@@ -716,6 +718,10 @@ void hid_output_report(struct hid_report *report, __u8 *data); |
5067 |
+ struct hid_device *hid_allocate_device(void); |
5068 |
+ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id); |
5069 |
+ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size); |
5070 |
++struct hid_report *hid_validate_report(struct hid_device *hid, |
5071 |
++ unsigned int type, unsigned int id, |
5072 |
++ unsigned int fields, |
5073 |
++ unsigned int report_counts); |
5074 |
+ int hid_check_keys_pressed(struct hid_device *hid); |
5075 |
+ int hid_connect(struct hid_device *hid, unsigned int connect_mask); |
5076 |
+ void hid_disconnect(struct hid_device *hid); |
5077 |
diff --git a/include/linux/highmem.h b/include/linux/highmem.h |
5078 |
index 52e9620..26c34b1 100644 |
5079 |
--- a/include/linux/highmem.h |
5080 |
@@ -79040,7 +79480,7 @@ index 962c291..31cf69d7 100644 |
5081 |
.clock_get = thread_cpu_clock_get, |
5082 |
.timer_create = thread_cpu_timer_create, |
5083 |
diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c |
5084 |
-index e885be1..380fe76 100644 |
5085 |
+index e885be1..f005738 100644 |
5086 |
--- a/kernel/posix-timers.c |
5087 |
+++ b/kernel/posix-timers.c |
5088 |
@@ -43,6 +43,7 @@ |
5089 |
@@ -79123,6 +79563,15 @@ index e885be1..380fe76 100644 |
5090 |
} |
5091 |
|
5092 |
static int common_timer_create(struct k_itimer *new_timer) |
5093 |
+@@ -539,7 +540,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock, |
5094 |
+ struct k_clock *kc = clockid_to_kclock(which_clock); |
5095 |
+ struct k_itimer *new_timer; |
5096 |
+ int error, new_timer_id; |
5097 |
+- sigevent_t event; |
5098 |
++ sigevent_t event = { }; |
5099 |
+ int it_id_set = IT_ID_NOT_SET; |
5100 |
+ |
5101 |
+ if (!kc) |
5102 |
@@ -966,6 +967,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, |
5103 |
if (copy_from_user(&new_tp, tp, sizeof (*tp))) |
5104 |
return -EFAULT; |
5105 |
@@ -82610,9 +83059,18 @@ index 011b110..fad8776 100644 |
5106 |
|
5107 |
config NOMMU_INITIAL_TRIM_EXCESS |
5108 |
diff --git a/mm/backing-dev.c b/mm/backing-dev.c |
5109 |
-index 2b49dd2..00bdcdb 100644 |
5110 |
+index 2b49dd2..0527d62 100644 |
5111 |
--- a/mm/backing-dev.c |
5112 |
+++ b/mm/backing-dev.c |
5113 |
+@@ -12,7 +12,7 @@ |
5114 |
+ #include <linux/device.h> |
5115 |
+ #include <trace/events/writeback.h> |
5116 |
+ |
5117 |
+-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0); |
5118 |
++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0); |
5119 |
+ |
5120 |
+ struct backing_dev_info default_backing_dev_info = { |
5121 |
+ .name = "default", |
5122 |
@@ -759,7 +759,6 @@ EXPORT_SYMBOL(bdi_destroy); |
5123 |
int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, |
5124 |
unsigned int cap) |
5125 |
@@ -82627,7 +83085,7 @@ index 2b49dd2..00bdcdb 100644 |
5126 |
|
5127 |
- sprintf(tmp, "%.28s%s", name, "-%d"); |
5128 |
- err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq)); |
5129 |
-+ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq)); |
5130 |
++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return_unchecked(&bdi_seq)); |
5131 |
if (err) { |
5132 |
bdi_destroy(bdi); |
5133 |
return err; |
5134 |
@@ -90563,10 +91021,27 @@ index 5decc93..79830d4 100644 |
5135 |
|
5136 |
int udp4_seq_show(struct seq_file *seq, void *v) |
5137 |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
5138 |
-index 314bda2..9503a4f 100644 |
5139 |
+index 314bda2..19a815f 100644 |
5140 |
--- a/net/ipv6/addrconf.c |
5141 |
+++ b/net/ipv6/addrconf.c |
5142 |
-@@ -2159,7 +2159,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
5143 |
+@@ -913,12 +913,10 @@ retry: |
5144 |
+ if (ifp->flags & IFA_F_OPTIMISTIC) |
5145 |
+ addr_flags |= IFA_F_OPTIMISTIC; |
5146 |
+ |
5147 |
+- ift = !max_addresses || |
5148 |
+- ipv6_count_addresses(idev) < max_addresses ? |
5149 |
+- ipv6_add_addr(idev, &addr, tmp_plen, |
5150 |
+- ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, |
5151 |
+- addr_flags) : NULL; |
5152 |
+- if (!ift || IS_ERR(ift)) { |
5153 |
++ ift = ipv6_add_addr(idev, &addr, tmp_plen, |
5154 |
++ ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, |
5155 |
++ addr_flags); |
5156 |
++ if (IS_ERR(ift)) { |
5157 |
+ in6_ifa_put(ifp); |
5158 |
+ in6_dev_put(idev); |
5159 |
+ printk(KERN_INFO |
5160 |
+@@ -2159,7 +2157,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
5161 |
p.iph.ihl = 5; |
5162 |
p.iph.protocol = IPPROTO_IPV6; |
5163 |
p.iph.ttl = 64; |