Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.6.8/, 3.2.34/, 3.6.7/
Date: Tue, 27 Nov 2012 15:11:47
Message-Id: 1354023639.b09ce05600fc4d3a5dbb532e7c2d0c20ee67feff.blueness@gentoo
1 commit: b09ce05600fc4d3a5dbb532e7c2d0c20ee67feff
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Tue Nov 27 13:40:39 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Tue Nov 27 13:40:39 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=b09ce056
7
8 Grsec/PaX: 2.9.1-{2.6.32.60,3.2.34,3.6.8}-201211261714
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.60-201211261713.patch} | 204 ++-
13 3.2.34/0000_README | 2 +-
14 ...420_grsecurity-2.9.1-3.2.34-201211251859.patch} | 162 +-
15 3.6.7/1006_linux-3.6.7.patch | 3082 --------------------
16 {3.6.7 => 3.6.8}/0000_README | 6 +-
17 .../4420_grsecurity-2.9.1-3.6.8-201211261714.patch | 312 +--
18 {3.6.7 => 3.6.8}/4425-tmpfs-user-namespace.patch | 0
19 .../4430_grsec-remove-localversion-grsec.patch | 0
20 {3.6.7 => 3.6.8}/4435_grsec-mute-warnings.patch | 0
21 .../4440_grsec-remove-protected-paths.patch | 0
22 .../4450_grsec-kconfig-default-gids.patch | 0
23 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
24 {3.6.7 => 3.6.8}/4470_disable-compat_vdso.patch | 0
25 14 files changed, 451 insertions(+), 3319 deletions(-)
26
27 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
28 index 424bb70..05d6bef 100644
29 --- a/2.6.32/0000_README
30 +++ b/2.6.32/0000_README
31 @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
32 From: http://www.kernel.org
33 Desc: Linux 2.6.32.59
34
35 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201211220959.patch
36 +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201211261713.patch
37 From: http://www.grsecurity.net
38 Desc: hardened-sources base patch from upstream grsecurity
39
40
41 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211220959.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211261713.patch
42 similarity index 99%
43 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211220959.patch
44 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211261713.patch
45 index 8492134..6c95f6c 100644
46 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211220959.patch
47 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211261713.patch
48 @@ -3574,6 +3574,30 @@ index 2120746..8d70a5e 100644
49
50 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
51 me->arch.unwind_section, table, end, gp);
52 +diff --git a/arch/parisc/kernel/signal32.c b/arch/parisc/kernel/signal32.c
53 +index fb59852..32d43e7 100644
54 +--- a/arch/parisc/kernel/signal32.c
55 ++++ b/arch/parisc/kernel/signal32.c
56 +@@ -68,7 +68,8 @@ put_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz)
57 + {
58 + compat_sigset_t s;
59 +
60 +- if (sz != sizeof *set) panic("put_sigset32()");
61 ++ if (sz != sizeof *set)
62 ++ return -EINVAL;
63 + sigset_64to32(&s, set);
64 +
65 + return copy_to_user(up, &s, sizeof s);
66 +@@ -80,7 +81,8 @@ get_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz)
67 + compat_sigset_t s;
68 + int r;
69 +
70 +- if (sz != sizeof *set) panic("put_sigset32()");
71 ++ if (sz != sizeof *set)
72 ++ return -EINVAL;
73 +
74 + if ((r = copy_from_user(&s, up, sz)) == 0) {
75 + sigset_32to64(set, &s);
76 diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
77 index 9147391..f3d949a 100644
78 --- a/arch/parisc/kernel/sys_parisc.c
79 @@ -76721,7 +76745,7 @@ index ff57421..f65f88a 100644
80
81 out_free_fd:
82 diff --git a/fs/exec.c b/fs/exec.c
83 -index 86fafc6..25f0d1a 100644
84 +index 86fafc6..ab06586 100644
85 --- a/fs/exec.c
86 +++ b/fs/exec.c
87 @@ -56,12 +56,33 @@
88 @@ -76746,7 +76770,7 @@ index 86fafc6..25f0d1a 100644
89 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
90 +void __weak pax_set_initial_flags(struct linux_binprm *bprm)
91 +{
92 -+ WARN_ONCE(1, "PAX: PAX_HAVE_ACL_FLAGS was enabled without providing the pax_set_initial_flags callback, this is probably not what you wanted.\n");
93 ++ printk_once(KERN_WARNING "PAX: PAX_HAVE_ACL_FLAGS was enabled without providing the pax_set_initial_flags callback, this is probably not what you wanted.\n");
94 +}
95 +#endif
96 +
97 @@ -96993,50 +97017,68 @@ index 4c4e57d..f3c5303 100644
98 and pointers */
99 #endif
100 diff --git a/include/linux/init.h b/include/linux/init.h
101 -index ff8bde5..0296174 100644
102 +index ff8bde5..c7815d8 100644
103 --- a/include/linux/init.h
104 +++ b/include/linux/init.h
105 -@@ -38,9 +38,15 @@
106 +@@ -38,9 +38,33 @@
107 * Also note, that this data cannot be "const".
108 */
109
110 +#ifdef MODULE
111 -+#define add_latent_entropy
112 ++#define add_init_latent_entropy
113 ++#else
114 ++#define add_init_latent_entropy __latent_entropy
115 ++#endif
116 ++
117 ++#ifdef CONFIG_HOTPLUG
118 ++#define add_devinit_latent_entropy
119 ++#else
120 ++#define add_devinit_latent_entropy __latent_entropy
121 ++#endif
122 ++
123 ++#ifdef CONFIG_HOTPLUG_CPU
124 ++#define add_cpuinit_latent_entropy
125 ++#else
126 ++#define add_cpuinit_latent_entropy __latent_entropy
127 ++#endif
128 ++
129 ++#ifdef CONFIG_MEMORY_HOTPLUG
130 ++#define add_meminit_latent_entropy
131 +#else
132 -+#define add_latent_entropy __latent_entropy
133 ++#define add_meminit_latent_entropy __latent_entropy
134 +#endif
135 +
136 /* These are for everybody (although not all archs will actually
137 discard it in modules) */
138 -#define __init __section(.init.text) __cold notrace
139 -+#define __init __section(.init.text) __cold notrace add_latent_entropy
140 ++#define __init __section(.init.text) __cold notrace add_init_latent_entropy
141 #define __initdata __section(.init.data)
142 #define __initconst __section(.init.rodata)
143 #define __exitdata __section(.exit.data)
144 -@@ -75,7 +81,7 @@
145 +@@ -75,7 +99,7 @@
146 #define __exit __section(.exit.text) __exitused __cold
147
148 /* Used for HOTPLUG */
149 -#define __devinit __section(.devinit.text) __cold
150 -+#define __devinit __section(.devinit.text) __cold add_latent_entropy
151 ++#define __devinit __section(.devinit.text) __cold add_devinit_latent_entropy
152 #define __devinitdata __section(.devinit.data)
153 #define __devinitconst __section(.devinit.rodata)
154 #define __devexit __section(.devexit.text) __exitused __cold
155 -@@ -83,7 +89,7 @@
156 +@@ -83,7 +107,7 @@
157 #define __devexitconst __section(.devexit.rodata)
158
159 /* Used for HOTPLUG_CPU */
160 -#define __cpuinit __section(.cpuinit.text) __cold
161 -+#define __cpuinit __section(.cpuinit.text) __cold add_latent_entropy
162 ++#define __cpuinit __section(.cpuinit.text) __cold add_cpuinit_latent_entropy
163 #define __cpuinitdata __section(.cpuinit.data)
164 #define __cpuinitconst __section(.cpuinit.rodata)
165 #define __cpuexit __section(.cpuexit.text) __exitused __cold
166 -@@ -91,7 +97,7 @@
167 +@@ -91,7 +115,7 @@
168 #define __cpuexitconst __section(.cpuexit.rodata)
169
170 /* Used for MEMORY_HOTPLUG */
171 -#define __meminit __section(.meminit.text) __cold
172 -+#define __meminit __section(.meminit.text) __cold add_latent_entropy
173 ++#define __meminit __section(.meminit.text) __cold add_meminit_latent_entropy
174 #define __meminitdata __section(.meminit.data)
175 #define __meminitconst __section(.meminit.rodata)
176 #define __memexit __section(.memexit.text) __exitused __cold
177 @@ -101969,7 +102011,7 @@ index c28f804..96ea6cb 100644
178 else
179 new_fs = fs;
180 diff --git a/kernel/futex.c b/kernel/futex.c
181 -index 9c5ffe1..05b7eb1 100644
182 +index 9c5ffe1..abe0820 100644
183 --- a/kernel/futex.c
184 +++ b/kernel/futex.c
185 @@ -54,6 +54,7 @@
186 @@ -101992,7 +102034,105 @@ index 9c5ffe1..05b7eb1 100644
187 /*
188 * The futex address must be "naturally" aligned.
189 */
190 -@@ -1831,6 +1837,8 @@ static int futex_wait(u32 __user *uaddr, int fshared,
191 +@@ -665,8 +671,8 @@ static int futex_lock_pi_atomic(u32 __user *uaddr, struct futex_hash_bucket *hb,
192 + struct futex_pi_state **ps,
193 + struct task_struct *task, int set_waiters)
194 + {
195 +- int lock_taken, ret, ownerdied = 0;
196 +- u32 uval, newval, curval;
197 ++ int lock_taken, ret, force_take = 0;
198 ++ u32 uval, newval, curval, vpid = task_pid_vnr(task);
199 +
200 + retry:
201 + ret = lock_taken = 0;
202 +@@ -676,7 +682,7 @@ retry:
203 + * (by doing a 0 -> TID atomic cmpxchg), while holding all
204 + * the locks. It will most likely not succeed.
205 + */
206 +- newval = task_pid_vnr(task);
207 ++ newval = vpid;
208 + if (set_waiters)
209 + newval |= FUTEX_WAITERS;
210 +
211 +@@ -688,7 +694,7 @@ retry:
212 + /*
213 + * Detect deadlocks.
214 + */
215 +- if ((unlikely((curval & FUTEX_TID_MASK) == task_pid_vnr(task))))
216 ++ if ((unlikely((curval & FUTEX_TID_MASK) == vpid)))
217 + return -EDEADLK;
218 +
219 + /*
220 +@@ -706,17 +712,15 @@ retry:
221 + newval = curval | FUTEX_WAITERS;
222 +
223 + /*
224 +- * There are two cases, where a futex might have no owner (the
225 +- * owner TID is 0): OWNER_DIED. We take over the futex in this
226 +- * case. We also do an unconditional take over, when the owner
227 +- * of the futex died.
228 +- *
229 +- * This is safe as we are protected by the hash bucket lock !
230 ++ * Should we force take the futex? See below.
231 + */
232 +- if (unlikely(ownerdied || !(curval & FUTEX_TID_MASK))) {
233 +- /* Keep the OWNER_DIED bit */
234 +- newval = (curval & ~FUTEX_TID_MASK) | task_pid_vnr(task);
235 +- ownerdied = 0;
236 ++ if (unlikely(force_take)) {
237 ++ /*
238 ++ * Keep the OWNER_DIED and the WAITERS bit and set the
239 ++ * new TID value.
240 ++ */
241 ++ newval = (curval & ~FUTEX_TID_MASK) | vpid;
242 ++ force_take = 0;
243 + lock_taken = 1;
244 + }
245 +
246 +@@ -728,7 +732,7 @@ retry:
247 + goto retry;
248 +
249 + /*
250 +- * We took the lock due to owner died take over.
251 ++ * We took the lock due to forced take over.
252 + */
253 + if (unlikely(lock_taken))
254 + return 1;
255 +@@ -743,20 +747,25 @@ retry:
256 + switch (ret) {
257 + case -ESRCH:
258 + /*
259 +- * No owner found for this futex. Check if the
260 +- * OWNER_DIED bit is set to figure out whether
261 +- * this is a robust futex or not.
262 ++ * We failed to find an owner for this
263 ++ * futex. So we have no pi_state to block
264 ++ * on. This can happen in two cases:
265 ++ *
266 ++ * 1) The owner died
267 ++ * 2) A stale FUTEX_WAITERS bit
268 ++ *
269 ++ * Re-read the futex value.
270 + */
271 + if (get_futex_value_locked(&curval, uaddr))
272 + return -EFAULT;
273 +
274 + /*
275 +- * We simply start over in case of a robust
276 +- * futex. The code above will take the futex
277 +- * and return happy.
278 ++ * If the owner died or we have a stale
279 ++ * WAITERS bit the owner TID in the user space
280 ++ * futex is 0.
281 + */
282 +- if (curval & FUTEX_OWNER_DIED) {
283 +- ownerdied = 1;
284 ++ if (!(curval & FUTEX_TID_MASK)) {
285 ++ force_take = 1;
286 + goto retry;
287 + }
288 + default:
289 +@@ -1831,6 +1840,8 @@ static int futex_wait(u32 __user *uaddr, int fshared,
290 struct futex_q q;
291 int ret;
292
293 @@ -102001,7 +102141,7 @@ index 9c5ffe1..05b7eb1 100644
294 if (!bitset)
295 return -EINVAL;
296
297 -@@ -1883,7 +1891,7 @@ retry:
298 +@@ -1883,7 +1894,7 @@ retry:
299
300 restart = &current_thread_info()->restart_block;
301 restart->fn = futex_wait_restart;
302 @@ -102010,7 +102150,7 @@ index 9c5ffe1..05b7eb1 100644
303 restart->futex.val = val;
304 restart->futex.time = abs_time->tv64;
305 restart->futex.bitset = bitset;
306 -@@ -2245,6 +2253,8 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared,
307 +@@ -2245,6 +2256,8 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared,
308 struct futex_q q;
309 int res, ret;
310
311 @@ -102019,7 +102159,7 @@ index 9c5ffe1..05b7eb1 100644
312 if (uaddr == uaddr2)
313 return -EINVAL;
314
315 -@@ -2438,6 +2448,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
316 +@@ -2438,6 +2451,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
317 if (!p)
318 goto err_unlock;
319 ret = -EPERM;
320 @@ -102030,7 +102170,7 @@ index 9c5ffe1..05b7eb1 100644
321 pcred = __task_cred(p);
322 if (cred->euid != pcred->euid &&
323 cred->euid != pcred->uid &&
324 -@@ -2504,7 +2518,7 @@ retry:
325 +@@ -2504,7 +2521,7 @@ retry:
326 */
327 static inline int fetch_robust_entry(struct robust_list __user **entry,
328 struct robust_list __user * __user *head,
329 @@ -102039,7 +102179,7 @@ index 9c5ffe1..05b7eb1 100644
330 {
331 unsigned long uentry;
332
333 -@@ -2685,6 +2699,7 @@ static int __init futex_init(void)
334 +@@ -2685,6 +2702,7 @@ static int __init futex_init(void)
335 {
336 u32 curval;
337 int i;
338 @@ -102047,7 +102187,7 @@ index 9c5ffe1..05b7eb1 100644
339
340 /*
341 * This will fail and we want it. Some arch implementations do
342 -@@ -2696,7 +2711,10 @@ static int __init futex_init(void)
343 +@@ -2696,7 +2714,10 @@ static int __init futex_init(void)
344 * implementation, the non functional ones will return
345 * -ENOSYS.
346 */
347 @@ -106312,10 +106452,10 @@ index 9ecd6e8..12c94c1 100644
348
349 if (atomic_dec_and_test(&kref->refcount)) {
350 diff --git a/lib/list_debug.c b/lib/list_debug.c
351 -index 1a39f4e..c2714ca 100644
352 +index 1a39f4e..745720b 100644
353 --- a/lib/list_debug.c
354 +++ b/lib/list_debug.c
355 -@@ -20,14 +20,15 @@ void __list_add(struct list_head *new,
356 +@@ -20,14 +20,18 @@ void __list_add(struct list_head *new,
357 struct list_head *prev,
358 struct list_head *next)
359 {
360 @@ -106330,12 +106470,15 @@ index 1a39f4e..c2714ca 100644
361 "list_add corruption. prev->next should be "
362 "next (%p), but was %p. (prev=%p).\n",
363 - next, prev->next, prev);
364 -+ next, prev->next, prev))
365 ++ next, prev->next, prev) ||
366 ++ WARN(new == prev || new == next,
367 ++ "list_add double add: new=%p, prev=%p, next=%p.\n",
368 ++ new, prev, next))
369 + return;
370 next->prev = new;
371 new->next = next;
372 new->prev = prev;
373 -@@ -43,12 +44,13 @@ EXPORT_SYMBOL(__list_add);
374 +@@ -43,12 +47,13 @@ EXPORT_SYMBOL(__list_add);
375 */
376 void list_del(struct list_head *entry)
377 {
378 @@ -118864,10 +119007,10 @@ index 0000000..a86e422
379 +}
380 diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
381 new file mode 100644
382 -index 0000000..98011fa
383 +index 0000000..8856202
384 --- /dev/null
385 +++ b/tools/gcc/kernexec_plugin.c
386 -@@ -0,0 +1,427 @@
387 +@@ -0,0 +1,432 @@
388 +/*
389 + * Copyright 2011 by the PaX Team <pageexec@××××××××.hu>
390 + * Licensed under the GPL v2
391 @@ -118908,6 +119051,10 @@ index 0000000..98011fa
392 +extern void print_gimple_stmt(FILE *, gimple, int, int);
393 +extern rtx emit_move_insn(rtx x, rtx y);
394 +
395 ++#if BUILDING_GCC_VERSION <= 4006
396 ++#define ANY_RETURN_P(rtx) (GET_CODE(rtx) == RETURN)
397 ++#endif
398 ++
399 +int plugin_is_GPL_compatible;
400 +
401 +static struct plugin_info kernexec_plugin_info = {
402 @@ -119212,6 +119359,7 @@ index 0000000..98011fa
403 + for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
404 + // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil))
405 + // (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil))
406 ++ // (jump_insn 97 96 98 6 (simple_return) fptr.c:50 -1 (nil) -> simple_return)
407 + rtx body;
408 +
409 + // is it a retn
410 @@ -119220,7 +119368,7 @@ index 0000000..98011fa
411 + body = PATTERN(insn);
412 + if (GET_CODE(body) == PARALLEL)
413 + body = XVECEXP(body, 0, 0);
414 -+ if (GET_CODE(body) != RETURN)
415 ++ if (!ANY_RETURN_P(body))
416 + continue;
417 + kernexec_instrument_retaddr(insn);
418 + }
419
420 diff --git a/3.2.34/0000_README b/3.2.34/0000_README
421 index 5f22bbb..3c72d25 100644
422 --- a/3.2.34/0000_README
423 +++ b/3.2.34/0000_README
424 @@ -54,7 +54,7 @@ Patch: 1033_linux-3.2.34.patch
425 From: http://www.kernel.org
426 Desc: Linux 3.2.34
427
428 -Patch: 4420_grsecurity-2.9.1-3.2.34-201211220959.patch
429 +Patch: 4420_grsecurity-2.9.1-3.2.34-201211251859.patch
430 From: http://www.grsecurity.net
431 Desc: hardened-sources base patch from upstream grsecurity
432
433
434 diff --git a/3.2.34/4420_grsecurity-2.9.1-3.2.34-201211220959.patch b/3.2.34/4420_grsecurity-2.9.1-3.2.34-201211251859.patch
435 similarity index 99%
436 rename from 3.2.34/4420_grsecurity-2.9.1-3.2.34-201211220959.patch
437 rename to 3.2.34/4420_grsecurity-2.9.1-3.2.34-201211251859.patch
438 index f917c5d..a958ea6 100644
439 --- a/3.2.34/4420_grsecurity-2.9.1-3.2.34-201211220959.patch
440 +++ b/3.2.34/4420_grsecurity-2.9.1-3.2.34-201211251859.patch
441 @@ -3515,6 +3515,30 @@ index 5e34ccf..672bc9c 100644
442
443 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
444 me->arch.unwind_section, table, end, gp);
445 +diff --git a/arch/parisc/kernel/signal32.c b/arch/parisc/kernel/signal32.c
446 +index e141324..d0ea054 100644
447 +--- a/arch/parisc/kernel/signal32.c
448 ++++ b/arch/parisc/kernel/signal32.c
449 +@@ -67,7 +67,8 @@ put_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz)
450 + {
451 + compat_sigset_t s;
452 +
453 +- if (sz != sizeof *set) panic("put_sigset32()");
454 ++ if (sz != sizeof *set)
455 ++ return -EINVAL;
456 + sigset_64to32(&s, set);
457 +
458 + return copy_to_user(up, &s, sizeof s);
459 +@@ -79,7 +80,8 @@ get_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz)
460 + compat_sigset_t s;
461 + int r;
462 +
463 +- if (sz != sizeof *set) panic("put_sigset32()");
464 ++ if (sz != sizeof *set)
465 ++ return -EINVAL;
466 +
467 + if ((r = copy_from_user(&s, up, sz)) == 0) {
468 + sigset_32to64(set, &s);
469 diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
470 index c9b9322..02d8940 100644
471 --- a/arch/parisc/kernel/sys_parisc.c
472 @@ -45336,7 +45360,7 @@ index a6f3763..f38ed00 100644
473
474 out_free_fd:
475 diff --git a/fs/exec.c b/fs/exec.c
476 -index 121ccae..c12bdc7 100644
477 +index 121ccae..d0404a2 100644
478 --- a/fs/exec.c
479 +++ b/fs/exec.c
480 @@ -55,12 +55,33 @@
481 @@ -45361,7 +45385,7 @@ index 121ccae..c12bdc7 100644
482 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
483 +void __weak pax_set_initial_flags(struct linux_binprm *bprm)
484 +{
485 -+ WARN_ONCE(1, "PAX: PAX_HAVE_ACL_FLAGS was enabled without providing the pax_set_initial_flags callback, this is probably not what you wanted.\n");
486 ++ pr_warn_once("PAX: PAX_HAVE_ACL_FLAGS was enabled without providing the pax_set_initial_flags callback, this is probably not what you wanted.\n");
487 +}
488 +#endif
489 +
490 @@ -64036,50 +64060,68 @@ index a6deef4..c56a7f2 100644
491 and pointers */
492 #endif
493 diff --git a/include/linux/init.h b/include/linux/init.h
494 -index 9146f39..5c80baf 100644
495 +index 9146f39..0963f76 100644
496 --- a/include/linux/init.h
497 +++ b/include/linux/init.h
498 -@@ -38,9 +38,15 @@
499 +@@ -38,9 +38,33 @@
500 * Also note, that this data cannot be "const".
501 */
502
503 +#ifdef MODULE
504 -+#define add_latent_entropy
505 ++#define add_init_latent_entropy
506 ++#else
507 ++#define add_init_latent_entropy __latent_entropy
508 ++#endif
509 ++
510 ++#ifdef CONFIG_HOTPLUG
511 ++#define add_devinit_latent_entropy
512 +#else
513 -+#define add_latent_entropy __latent_entropy
514 ++#define add_devinit_latent_entropy __latent_entropy
515 ++#endif
516 ++
517 ++#ifdef CONFIG_HOTPLUG_CPU
518 ++#define add_cpuinit_latent_entropy
519 ++#else
520 ++#define add_cpuinit_latent_entropy __latent_entropy
521 ++#endif
522 ++
523 ++#ifdef CONFIG_MEMORY_HOTPLUG
524 ++#define add_meminit_latent_entropy
525 ++#else
526 ++#define add_meminit_latent_entropy __latent_entropy
527 +#endif
528 +
529 /* These are for everybody (although not all archs will actually
530 discard it in modules) */
531 -#define __init __section(.init.text) __cold notrace
532 -+#define __init __section(.init.text) __cold notrace add_latent_entropy
533 ++#define __init __section(.init.text) __cold notrace add_init_latent_entropy
534 #define __initdata __section(.init.data)
535 #define __initconst __section(.init.rodata)
536 #define __exitdata __section(.exit.data)
537 -@@ -82,7 +88,7 @@
538 +@@ -82,7 +106,7 @@
539 #define __exit __section(.exit.text) __exitused __cold notrace
540
541 /* Used for HOTPLUG */
542 -#define __devinit __section(.devinit.text) __cold notrace
543 -+#define __devinit __section(.devinit.text) __cold notrace add_latent_entropy
544 ++#define __devinit __section(.devinit.text) __cold notrace add_devinit_latent_entropy
545 #define __devinitdata __section(.devinit.data)
546 #define __devinitconst __section(.devinit.rodata)
547 #define __devexit __section(.devexit.text) __exitused __cold notrace
548 -@@ -90,7 +96,7 @@
549 +@@ -90,7 +114,7 @@
550 #define __devexitconst __section(.devexit.rodata)
551
552 /* Used for HOTPLUG_CPU */
553 -#define __cpuinit __section(.cpuinit.text) __cold notrace
554 -+#define __cpuinit __section(.cpuinit.text) __cold notrace add_latent_entropy
555 ++#define __cpuinit __section(.cpuinit.text) __cold notrace add_cpuinit_latent_entropy
556 #define __cpuinitdata __section(.cpuinit.data)
557 #define __cpuinitconst __section(.cpuinit.rodata)
558 #define __cpuexit __section(.cpuexit.text) __exitused __cold notrace
559 -@@ -98,7 +104,7 @@
560 +@@ -98,7 +122,7 @@
561 #define __cpuexitconst __section(.cpuexit.rodata)
562
563 /* Used for MEMORY_HOTPLUG */
564 -#define __meminit __section(.meminit.text) __cold notrace
565 -+#define __meminit __section(.meminit.text) __cold notrace add_latent_entropy
566 ++#define __meminit __section(.meminit.text) __cold notrace add_meminit_latent_entropy
567 #define __meminitdata __section(.meminit.data)
568 #define __meminitconst __section(.meminit.rodata)
569 #define __memexit __section(.memexit.text) __exitused __cold notrace
570 @@ -68764,7 +68806,7 @@ index 222457a..de637ca 100644
571 else
572 new_fs = fs;
573 diff --git a/kernel/futex.c b/kernel/futex.c
574 -index 80fb1c6..23d88d8 100644
575 +index 80fb1c6..2238366 100644
576 --- a/kernel/futex.c
577 +++ b/kernel/futex.c
578 @@ -54,6 +54,7 @@
579 @@ -68787,7 +68829,84 @@ index 80fb1c6..23d88d8 100644
580 /*
581 * The futex address must be "naturally" aligned.
582 */
583 -@@ -2724,6 +2730,7 @@ static int __init futex_init(void)
584 +@@ -716,7 +722,7 @@ static int futex_lock_pi_atomic(u32 __user *uaddr, struct futex_hash_bucket *hb,
585 + struct futex_pi_state **ps,
586 + struct task_struct *task, int set_waiters)
587 + {
588 +- int lock_taken, ret, ownerdied = 0;
589 ++ int lock_taken, ret, force_take = 0;
590 + u32 uval, newval, curval, vpid = task_pid_vnr(task);
591 +
592 + retry:
593 +@@ -755,17 +761,15 @@ retry:
594 + newval = curval | FUTEX_WAITERS;
595 +
596 + /*
597 +- * There are two cases, where a futex might have no owner (the
598 +- * owner TID is 0): OWNER_DIED. We take over the futex in this
599 +- * case. We also do an unconditional take over, when the owner
600 +- * of the futex died.
601 +- *
602 +- * This is safe as we are protected by the hash bucket lock !
603 ++ * Should we force take the futex? See below.
604 + */
605 +- if (unlikely(ownerdied || !(curval & FUTEX_TID_MASK))) {
606 +- /* Keep the OWNER_DIED bit */
607 ++ if (unlikely(force_take)) {
608 ++ /*
609 ++ * Keep the OWNER_DIED and the WAITERS bit and set the
610 ++ * new TID value.
611 ++ */
612 + newval = (curval & ~FUTEX_TID_MASK) | vpid;
613 +- ownerdied = 0;
614 ++ force_take = 0;
615 + lock_taken = 1;
616 + }
617 +
618 +@@ -775,7 +779,7 @@ retry:
619 + goto retry;
620 +
621 + /*
622 +- * We took the lock due to owner died take over.
623 ++ * We took the lock due to forced take over.
624 + */
625 + if (unlikely(lock_taken))
626 + return 1;
627 +@@ -790,20 +794,25 @@ retry:
628 + switch (ret) {
629 + case -ESRCH:
630 + /*
631 +- * No owner found for this futex. Check if the
632 +- * OWNER_DIED bit is set to figure out whether
633 +- * this is a robust futex or not.
634 ++ * We failed to find an owner for this
635 ++ * futex. So we have no pi_state to block
636 ++ * on. This can happen in two cases:
637 ++ *
638 ++ * 1) The owner died
639 ++ * 2) A stale FUTEX_WAITERS bit
640 ++ *
641 ++ * Re-read the futex value.
642 + */
643 + if (get_futex_value_locked(&curval, uaddr))
644 + return -EFAULT;
645 +
646 + /*
647 +- * We simply start over in case of a robust
648 +- * futex. The code above will take the futex
649 +- * and return happy.
650 ++ * If the owner died or we have a stale
651 ++ * WAITERS bit the owner TID in the user space
652 ++ * futex is 0.
653 + */
654 +- if (curval & FUTEX_OWNER_DIED) {
655 +- ownerdied = 1;
656 ++ if (!(curval & FUTEX_TID_MASK)) {
657 ++ force_take = 1;
658 + goto retry;
659 + }
660 + default:
661 +@@ -2724,6 +2733,7 @@ static int __init futex_init(void)
662 {
663 u32 curval;
664 int i;
665 @@ -68795,7 +68914,7 @@ index 80fb1c6..23d88d8 100644
666
667 /*
668 * This will fail and we want it. Some arch implementations do
669 -@@ -2735,8 +2742,11 @@ static int __init futex_init(void)
670 +@@ -2735,8 +2745,11 @@ static int __init futex_init(void)
671 * implementation, the non-functional ones will return
672 * -ENOSYS.
673 */
674 @@ -85101,10 +85220,10 @@ index 0000000..a86e422
675 +}
676 diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
677 new file mode 100644
678 -index 0000000..98011fa
679 +index 0000000..8856202
680 --- /dev/null
681 +++ b/tools/gcc/kernexec_plugin.c
682 -@@ -0,0 +1,427 @@
683 +@@ -0,0 +1,432 @@
684 +/*
685 + * Copyright 2011 by the PaX Team <pageexec@××××××××.hu>
686 + * Licensed under the GPL v2
687 @@ -85145,6 +85264,10 @@ index 0000000..98011fa
688 +extern void print_gimple_stmt(FILE *, gimple, int, int);
689 +extern rtx emit_move_insn(rtx x, rtx y);
690 +
691 ++#if BUILDING_GCC_VERSION <= 4006
692 ++#define ANY_RETURN_P(rtx) (GET_CODE(rtx) == RETURN)
693 ++#endif
694 ++
695 +int plugin_is_GPL_compatible;
696 +
697 +static struct plugin_info kernexec_plugin_info = {
698 @@ -85449,6 +85572,7 @@ index 0000000..98011fa
699 + for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
700 + // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil))
701 + // (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil))
702 ++ // (jump_insn 97 96 98 6 (simple_return) fptr.c:50 -1 (nil) -> simple_return)
703 + rtx body;
704 +
705 + // is it a retn
706 @@ -85457,7 +85581,7 @@ index 0000000..98011fa
707 + body = PATTERN(insn);
708 + if (GET_CODE(body) == PARALLEL)
709 + body = XVECEXP(body, 0, 0);
710 -+ if (GET_CODE(body) != RETURN)
711 ++ if (!ANY_RETURN_P(body))
712 + continue;
713 + kernexec_instrument_retaddr(insn);
714 + }
715
716 diff --git a/3.6.7/1006_linux-3.6.7.patch b/3.6.7/1006_linux-3.6.7.patch
717 deleted file mode 100644
718 index 4b496eb..0000000
719 --- a/3.6.7/1006_linux-3.6.7.patch
720 +++ /dev/null
721 @@ -1,3082 +0,0 @@
722 -diff --git a/Makefile b/Makefile
723 -index 471b83c..07f2308 100644
724 ---- a/Makefile
725 -+++ b/Makefile
726 -@@ -1,6 +1,6 @@
727 - VERSION = 3
728 - PATCHLEVEL = 6
729 --SUBLEVEL = 6
730 -+SUBLEVEL = 7
731 - EXTRAVERSION =
732 - NAME = Terrified Chipmunk
733 -
734 -diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
735 -index 5141d80..dde1a3f 100644
736 ---- a/arch/x86/xen/mmu.c
737 -+++ b/arch/x86/xen/mmu.c
738 -@@ -1215,6 +1215,25 @@ unsigned long xen_read_cr2_direct(void)
739 - return this_cpu_read(xen_vcpu_info.arch.cr2);
740 - }
741 -
742 -+void xen_flush_tlb_all(void)
743 -+{
744 -+ struct mmuext_op *op;
745 -+ struct multicall_space mcs;
746 -+
747 -+ trace_xen_mmu_flush_tlb_all(0);
748 -+
749 -+ preempt_disable();
750 -+
751 -+ mcs = xen_mc_entry(sizeof(*op));
752 -+
753 -+ op = mcs.args;
754 -+ op->cmd = MMUEXT_TLB_FLUSH_ALL;
755 -+ MULTI_mmuext_op(mcs.mc, op, 1, NULL, DOMID_SELF);
756 -+
757 -+ xen_mc_issue(PARAVIRT_LAZY_MMU);
758 -+
759 -+ preempt_enable();
760 -+}
761 - static void xen_flush_tlb(void)
762 - {
763 - struct mmuext_op *op;
764 -@@ -2366,7 +2385,7 @@ int xen_remap_domain_mfn_range(struct vm_area_struct *vma,
765 - err = 0;
766 - out:
767 -
768 -- flush_tlb_all();
769 -+ xen_flush_tlb_all();
770 -
771 - return err;
772 - }
773 -diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
774 -index 5062eec..7aff5c7 100644
775 ---- a/drivers/gpu/drm/drm_fops.c
776 -+++ b/drivers/gpu/drm/drm_fops.c
777 -@@ -121,6 +121,8 @@ int drm_open(struct inode *inode, struct file *filp)
778 - int minor_id = iminor(inode);
779 - struct drm_minor *minor;
780 - int retcode = 0;
781 -+ int need_setup = 0;
782 -+ struct address_space *old_mapping;
783 -
784 - minor = idr_find(&drm_minors_idr, minor_id);
785 - if (!minor)
786 -@@ -132,23 +134,37 @@ int drm_open(struct inode *inode, struct file *filp)
787 - if (drm_device_is_unplugged(dev))
788 - return -ENODEV;
789 -
790 -+ if (!dev->open_count++)
791 -+ need_setup = 1;
792 -+ mutex_lock(&dev->struct_mutex);
793 -+ old_mapping = dev->dev_mapping;
794 -+ if (old_mapping == NULL)
795 -+ dev->dev_mapping = &inode->i_data;
796 -+ /* ihold ensures nobody can remove inode with our i_data */
797 -+ ihold(container_of(dev->dev_mapping, struct inode, i_data));
798 -+ inode->i_mapping = dev->dev_mapping;
799 -+ filp->f_mapping = dev->dev_mapping;
800 -+ mutex_unlock(&dev->struct_mutex);
801 -+
802 - retcode = drm_open_helper(inode, filp, dev);
803 -- if (!retcode) {
804 -- atomic_inc(&dev->counts[_DRM_STAT_OPENS]);
805 -- if (!dev->open_count++)
806 -- retcode = drm_setup(dev);
807 -- }
808 -- if (!retcode) {
809 -- mutex_lock(&dev->struct_mutex);
810 -- if (dev->dev_mapping == NULL)
811 -- dev->dev_mapping = &inode->i_data;
812 -- /* ihold ensures nobody can remove inode with our i_data */
813 -- ihold(container_of(dev->dev_mapping, struct inode, i_data));
814 -- inode->i_mapping = dev->dev_mapping;
815 -- filp->f_mapping = dev->dev_mapping;
816 -- mutex_unlock(&dev->struct_mutex);
817 -+ if (retcode)
818 -+ goto err_undo;
819 -+ atomic_inc(&dev->counts[_DRM_STAT_OPENS]);
820 -+ if (need_setup) {
821 -+ retcode = drm_setup(dev);
822 -+ if (retcode)
823 -+ goto err_undo;
824 - }
825 -+ return 0;
826 -
827 -+err_undo:
828 -+ mutex_lock(&dev->struct_mutex);
829 -+ filp->f_mapping = old_mapping;
830 -+ inode->i_mapping = old_mapping;
831 -+ iput(container_of(dev->dev_mapping, struct inode, i_data));
832 -+ dev->dev_mapping = old_mapping;
833 -+ mutex_unlock(&dev->struct_mutex);
834 -+ dev->open_count--;
835 - return retcode;
836 - }
837 - EXPORT_SYMBOL(drm_open);
838 -diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
839 -index 914c0df..0969a7c 100644
840 ---- a/drivers/gpu/drm/i915/i915_dma.c
841 -+++ b/drivers/gpu/drm/i915/i915_dma.c
842 -@@ -1484,7 +1484,8 @@ int i915_driver_load(struct drm_device *dev, unsigned long flags)
843 - goto put_gmch;
844 - }
845 -
846 -- i915_kick_out_firmware_fb(dev_priv);
847 -+ if (drm_core_check_feature(dev, DRIVER_MODESET))
848 -+ i915_kick_out_firmware_fb(dev_priv);
849 -
850 - pci_set_master(dev->pdev);
851 -
852 -diff --git a/drivers/gpu/drm/i915/intel_overlay.c b/drivers/gpu/drm/i915/intel_overlay.c
853 -index 830d0dd..cf49a57 100644
854 ---- a/drivers/gpu/drm/i915/intel_overlay.c
855 -+++ b/drivers/gpu/drm/i915/intel_overlay.c
856 -@@ -431,9 +431,17 @@ static int intel_overlay_off(struct intel_overlay *overlay)
857 - intel_ring_emit(ring, flip_addr);
858 - intel_ring_emit(ring, MI_WAIT_FOR_EVENT | MI_WAIT_FOR_OVERLAY_FLIP);
859 - /* turn overlay off */
860 -- intel_ring_emit(ring, MI_OVERLAY_FLIP | MI_OVERLAY_OFF);
861 -- intel_ring_emit(ring, flip_addr);
862 -- intel_ring_emit(ring, MI_WAIT_FOR_EVENT | MI_WAIT_FOR_OVERLAY_FLIP);
863 -+ if (IS_I830(dev)) {
864 -+ /* Workaround: Don't disable the overlay fully, since otherwise
865 -+ * it dies on the next OVERLAY_ON cmd. */
866 -+ intel_ring_emit(ring, MI_NOOP);
867 -+ intel_ring_emit(ring, MI_NOOP);
868 -+ intel_ring_emit(ring, MI_NOOP);
869 -+ } else {
870 -+ intel_ring_emit(ring, MI_OVERLAY_FLIP | MI_OVERLAY_OFF);
871 -+ intel_ring_emit(ring, flip_addr);
872 -+ intel_ring_emit(ring, MI_WAIT_FOR_EVENT | MI_WAIT_FOR_OVERLAY_FLIP);
873 -+ }
874 - intel_ring_advance(ring);
875 -
876 - return intel_overlay_do_wait_request(overlay, request,
877 -diff --git a/drivers/gpu/drm/i915/intel_sdvo.c b/drivers/gpu/drm/i915/intel_sdvo.c
878 -index 123afd3..20cb52d 100644
879 ---- a/drivers/gpu/drm/i915/intel_sdvo.c
880 -+++ b/drivers/gpu/drm/i915/intel_sdvo.c
881 -@@ -882,6 +882,45 @@ static void intel_sdvo_dump_hdmi_buf(struct intel_sdvo *intel_sdvo)
882 - }
883 - #endif
884 -
885 -+static bool intel_sdvo_write_infoframe(struct intel_sdvo *intel_sdvo,
886 -+ unsigned if_index, uint8_t tx_rate,
887 -+ uint8_t *data, unsigned length)
888 -+{
889 -+ uint8_t set_buf_index[2] = { if_index, 0 };
890 -+ uint8_t hbuf_size, tmp[8];
891 -+ int i;
892 -+
893 -+ if (!intel_sdvo_set_value(intel_sdvo,
894 -+ SDVO_CMD_SET_HBUF_INDEX,
895 -+ set_buf_index, 2))
896 -+ return false;
897 -+
898 -+ if (!intel_sdvo_get_value(intel_sdvo, SDVO_CMD_GET_HBUF_INFO,
899 -+ &hbuf_size, 1))
900 -+ return false;
901 -+
902 -+ /* Buffer size is 0 based, hooray! */
903 -+ hbuf_size++;
904 -+
905 -+ DRM_DEBUG_KMS("writing sdvo hbuf: %i, hbuf_size %i, hbuf_size: %i\n",
906 -+ if_index, length, hbuf_size);
907 -+
908 -+ for (i = 0; i < hbuf_size; i += 8) {
909 -+ memset(tmp, 0, 8);
910 -+ if (i < length)
911 -+ memcpy(tmp, data + i, min_t(unsigned, 8, length - i));
912 -+
913 -+ if (!intel_sdvo_set_value(intel_sdvo,
914 -+ SDVO_CMD_SET_HBUF_DATA,
915 -+ tmp, 8))
916 -+ return false;
917 -+ }
918 -+
919 -+ return intel_sdvo_set_value(intel_sdvo,
920 -+ SDVO_CMD_SET_HBUF_TXRATE,
921 -+ &tx_rate, 1);
922 -+}
923 -+
924 - static bool intel_sdvo_set_avi_infoframe(struct intel_sdvo *intel_sdvo)
925 - {
926 - struct dip_infoframe avi_if = {
927 -@@ -889,11 +928,7 @@ static bool intel_sdvo_set_avi_infoframe(struct intel_sdvo *intel_sdvo)
928 - .ver = DIP_VERSION_AVI,
929 - .len = DIP_LEN_AVI,
930 - };
931 -- uint8_t tx_rate = SDVO_HBUF_TX_VSYNC;
932 -- uint8_t set_buf_index[2] = { 1, 0 };
933 - uint8_t sdvo_data[4 + sizeof(avi_if.body.avi)];
934 -- uint64_t *data = (uint64_t *)sdvo_data;
935 -- unsigned i;
936 -
937 - intel_dip_infoframe_csum(&avi_if);
938 -
939 -@@ -903,22 +938,9 @@ static bool intel_sdvo_set_avi_infoframe(struct intel_sdvo *intel_sdvo)
940 - sdvo_data[3] = avi_if.checksum;
941 - memcpy(&sdvo_data[4], &avi_if.body, sizeof(avi_if.body.avi));
942 -
943 -- if (!intel_sdvo_set_value(intel_sdvo,
944 -- SDVO_CMD_SET_HBUF_INDEX,
945 -- set_buf_index, 2))
946 -- return false;
947 --
948 -- for (i = 0; i < sizeof(sdvo_data); i += 8) {
949 -- if (!intel_sdvo_set_value(intel_sdvo,
950 -- SDVO_CMD_SET_HBUF_DATA,
951 -- data, 8))
952 -- return false;
953 -- data++;
954 -- }
955 --
956 -- return intel_sdvo_set_value(intel_sdvo,
957 -- SDVO_CMD_SET_HBUF_TXRATE,
958 -- &tx_rate, 1);
959 -+ return intel_sdvo_write_infoframe(intel_sdvo, SDVO_HBUF_INDEX_AVI_IF,
960 -+ SDVO_HBUF_TX_VSYNC,
961 -+ sdvo_data, sizeof(sdvo_data));
962 - }
963 -
964 - static bool intel_sdvo_set_tv_format(struct intel_sdvo *intel_sdvo)
965 -diff --git a/drivers/gpu/drm/i915/intel_sdvo_regs.h b/drivers/gpu/drm/i915/intel_sdvo_regs.h
966 -index 9d03014..770bdd6 100644
967 ---- a/drivers/gpu/drm/i915/intel_sdvo_regs.h
968 -+++ b/drivers/gpu/drm/i915/intel_sdvo_regs.h
969 -@@ -708,6 +708,8 @@ struct intel_sdvo_enhancements_arg {
970 - #define SDVO_CMD_SET_AUDIO_STAT 0x91
971 - #define SDVO_CMD_GET_AUDIO_STAT 0x92
972 - #define SDVO_CMD_SET_HBUF_INDEX 0x93
973 -+ #define SDVO_HBUF_INDEX_ELD 0
974 -+ #define SDVO_HBUF_INDEX_AVI_IF 1
975 - #define SDVO_CMD_GET_HBUF_INDEX 0x94
976 - #define SDVO_CMD_GET_HBUF_INFO 0x95
977 - #define SDVO_CMD_SET_HBUF_AV_SPLIT 0x96
978 -diff --git a/drivers/gpu/drm/radeon/evergreen_cs.c b/drivers/gpu/drm/radeon/evergreen_cs.c
979 -index e932810..4a33cdc 100644
980 ---- a/drivers/gpu/drm/radeon/evergreen_cs.c
981 -+++ b/drivers/gpu/drm/radeon/evergreen_cs.c
982 -@@ -2725,6 +2725,9 @@ static bool evergreen_vm_reg_valid(u32 reg)
983 - /* check config regs */
984 - switch (reg) {
985 - case GRBM_GFX_INDEX:
986 -+ case CP_STRMOUT_CNTL:
987 -+ case CP_COHER_CNTL:
988 -+ case CP_COHER_SIZE:
989 - case VGT_VTX_VECT_EJECT_REG:
990 - case VGT_CACHE_INVALIDATION:
991 - case VGT_GS_VERTEX_REUSE:
992 -diff --git a/drivers/gpu/drm/radeon/evergreend.h b/drivers/gpu/drm/radeon/evergreend.h
993 -index 7934785..302af4f 100644
994 ---- a/drivers/gpu/drm/radeon/evergreend.h
995 -+++ b/drivers/gpu/drm/radeon/evergreend.h
996 -@@ -87,6 +87,10 @@
997 -
998 - #define CONFIG_MEMSIZE 0x5428
999 -
1000 -+#define CP_STRMOUT_CNTL 0x84FC
1001 -+
1002 -+#define CP_COHER_CNTL 0x85F0
1003 -+#define CP_COHER_SIZE 0x85F4
1004 - #define CP_COHER_BASE 0x85F8
1005 - #define CP_STALLED_STAT1 0x8674
1006 - #define CP_STALLED_STAT2 0x8678
1007 -diff --git a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
1008 -index d16f50f..dd402bb 100644
1009 ---- a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
1010 -+++ b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
1011 -@@ -651,6 +651,7 @@ static enum drm_connector_status radeon_legacy_primary_dac_detect(struct drm_enc
1012 - tmp |= RADEON_DAC_RANGE_CNTL_PS2 | RADEON_DAC_CMP_EN;
1013 - WREG32(RADEON_DAC_CNTL, tmp);
1014 -
1015 -+ tmp = dac_macro_cntl;
1016 - tmp &= ~(RADEON_DAC_PDWN_R |
1017 - RADEON_DAC_PDWN_G |
1018 - RADEON_DAC_PDWN_B);
1019 -diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
1020 -index 0139e22..6ab4a90 100644
1021 ---- a/drivers/gpu/drm/radeon/si.c
1022 -+++ b/drivers/gpu/drm/radeon/si.c
1023 -@@ -2472,6 +2472,7 @@ static bool si_vm_reg_valid(u32 reg)
1024 - /* check config regs */
1025 - switch (reg) {
1026 - case GRBM_GFX_INDEX:
1027 -+ case CP_STRMOUT_CNTL:
1028 - case VGT_VTX_VECT_EJECT_REG:
1029 - case VGT_CACHE_INVALIDATION:
1030 - case VGT_ESGS_RING_SIZE:
1031 -diff --git a/drivers/gpu/drm/radeon/sid.h b/drivers/gpu/drm/radeon/sid.h
1032 -index ef4815c..6f0083a 100644
1033 ---- a/drivers/gpu/drm/radeon/sid.h
1034 -+++ b/drivers/gpu/drm/radeon/sid.h
1035 -@@ -424,6 +424,7 @@
1036 - # define RDERR_INT_ENABLE (1 << 0)
1037 - # define GUI_IDLE_INT_ENABLE (1 << 19)
1038 -
1039 -+#define CP_STRMOUT_CNTL 0x84FC
1040 - #define SCRATCH_REG0 0x8500
1041 - #define SCRATCH_REG1 0x8504
1042 - #define SCRATCH_REG2 0x8508
1043 -diff --git a/drivers/gpu/drm/udl/udl_drv.h b/drivers/gpu/drm/udl/udl_drv.h
1044 -index fccd361..87aa5f5 100644
1045 ---- a/drivers/gpu/drm/udl/udl_drv.h
1046 -+++ b/drivers/gpu/drm/udl/udl_drv.h
1047 -@@ -104,7 +104,7 @@ udl_fb_user_fb_create(struct drm_device *dev,
1048 -
1049 - int udl_render_hline(struct drm_device *dev, int bpp, struct urb **urb_ptr,
1050 - const char *front, char **urb_buf_ptr,
1051 -- u32 byte_offset, u32 byte_width,
1052 -+ u32 byte_offset, u32 device_byte_offset, u32 byte_width,
1053 - int *ident_ptr, int *sent_ptr);
1054 -
1055 - int udl_dumb_create(struct drm_file *file_priv,
1056 -diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
1057 -index ce9a611..6f6ca50 100644
1058 ---- a/drivers/gpu/drm/udl/udl_fb.c
1059 -+++ b/drivers/gpu/drm/udl/udl_fb.c
1060 -@@ -114,9 +114,10 @@ static void udlfb_dpy_deferred_io(struct fb_info *info,
1061 - list_for_each_entry(cur, &fbdefio->pagelist, lru) {
1062 -
1063 - if (udl_render_hline(dev, (ufbdev->ufb.base.bits_per_pixel / 8),
1064 -- &urb, (char *) info->fix.smem_start,
1065 -- &cmd, cur->index << PAGE_SHIFT,
1066 -- PAGE_SIZE, &bytes_identical, &bytes_sent))
1067 -+ &urb, (char *) info->fix.smem_start,
1068 -+ &cmd, cur->index << PAGE_SHIFT,
1069 -+ cur->index << PAGE_SHIFT,
1070 -+ PAGE_SIZE, &bytes_identical, &bytes_sent))
1071 - goto error;
1072 - bytes_rendered += PAGE_SIZE;
1073 - }
1074 -@@ -187,10 +188,11 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y,
1075 - for (i = y; i < y + height ; i++) {
1076 - const int line_offset = fb->base.pitches[0] * i;
1077 - const int byte_offset = line_offset + (x * bpp);
1078 --
1079 -+ const int dev_byte_offset = (fb->base.width * bpp * i) + (x * bpp);
1080 - if (udl_render_hline(dev, bpp, &urb,
1081 - (char *) fb->obj->vmapping,
1082 -- &cmd, byte_offset, width * bpp,
1083 -+ &cmd, byte_offset, dev_byte_offset,
1084 -+ width * bpp,
1085 - &bytes_identical, &bytes_sent))
1086 - goto error;
1087 - }
1088 -diff --git a/drivers/gpu/drm/udl/udl_transfer.c b/drivers/gpu/drm/udl/udl_transfer.c
1089 -index b9320e2..fc11344 100644
1090 ---- a/drivers/gpu/drm/udl/udl_transfer.c
1091 -+++ b/drivers/gpu/drm/udl/udl_transfer.c
1092 -@@ -213,11 +213,12 @@ static void udl_compress_hline16(
1093 - */
1094 - int udl_render_hline(struct drm_device *dev, int bpp, struct urb **urb_ptr,
1095 - const char *front, char **urb_buf_ptr,
1096 -- u32 byte_offset, u32 byte_width,
1097 -+ u32 byte_offset, u32 device_byte_offset,
1098 -+ u32 byte_width,
1099 - int *ident_ptr, int *sent_ptr)
1100 - {
1101 - const u8 *line_start, *line_end, *next_pixel;
1102 -- u32 base16 = 0 + (byte_offset / bpp) * 2;
1103 -+ u32 base16 = 0 + (device_byte_offset / bpp) * 2;
1104 - struct urb *urb = *urb_ptr;
1105 - u8 *cmd = *urb_buf_ptr;
1106 - u8 *cmd_end = (u8 *) urb->transfer_buffer + urb->transfer_buffer_length;
1107 -diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_dmabuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_dmabuf.c
1108 -index 3fa884d..27151f7 100644
1109 ---- a/drivers/gpu/drm/vmwgfx/vmwgfx_dmabuf.c
1110 -+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_dmabuf.c
1111 -@@ -306,7 +306,7 @@ void vmw_bo_pin(struct ttm_buffer_object *bo, bool pin)
1112 -
1113 - BUG_ON(!atomic_read(&bo->reserved));
1114 - BUG_ON(old_mem_type != TTM_PL_VRAM &&
1115 -- old_mem_type != VMW_PL_FLAG_GMR);
1116 -+ old_mem_type != VMW_PL_GMR);
1117 -
1118 - pl_flags = TTM_PL_FLAG_VRAM | VMW_PL_FLAG_GMR | TTM_PL_FLAG_CACHED;
1119 - if (pin)
1120 -diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
1121 -index ba2c35d..4a04ae0 100644
1122 ---- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
1123 -+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
1124 -@@ -1099,6 +1099,11 @@ static void vmw_pm_complete(struct device *kdev)
1125 - struct drm_device *dev = pci_get_drvdata(pdev);
1126 - struct vmw_private *dev_priv = vmw_priv(dev);
1127 -
1128 -+ mutex_lock(&dev_priv->hw_mutex);
1129 -+ vmw_write(dev_priv, SVGA_REG_ID, SVGA_ID_2);
1130 -+ (void) vmw_read(dev_priv, SVGA_REG_ID);
1131 -+ mutex_unlock(&dev_priv->hw_mutex);
1132 -+
1133 - /**
1134 - * Reclaim 3d reference held by fbdev and potentially
1135 - * start fifo.
1136 -diff --git a/drivers/hwmon/w83627ehf.c b/drivers/hwmon/w83627ehf.c
1137 -index 1821b74..de3c7e0 100644
1138 ---- a/drivers/hwmon/w83627ehf.c
1139 -+++ b/drivers/hwmon/w83627ehf.c
1140 -@@ -2083,6 +2083,7 @@ static int __devinit w83627ehf_probe(struct platform_device *pdev)
1141 - mutex_init(&data->lock);
1142 - mutex_init(&data->update_lock);
1143 - data->name = w83627ehf_device_names[sio_data->kind];
1144 -+ data->bank = 0xff; /* Force initial bank selection */
1145 - platform_set_drvdata(pdev, data);
1146 -
1147 - /* 627EHG and 627EHF have 10 voltage inputs; 627DHG and 667HG have 9 */
1148 -diff --git a/drivers/input/touchscreen/tsc40.c b/drivers/input/touchscreen/tsc40.c
1149 -index 63209aa..eb96f16 100644
1150 ---- a/drivers/input/touchscreen/tsc40.c
1151 -+++ b/drivers/input/touchscreen/tsc40.c
1152 -@@ -107,7 +107,6 @@ static int tsc_connect(struct serio *serio, struct serio_driver *drv)
1153 - __set_bit(BTN_TOUCH, input_dev->keybit);
1154 - input_set_abs_params(ptsc->dev, ABS_X, 0, 0x3ff, 0, 0);
1155 - input_set_abs_params(ptsc->dev, ABS_Y, 0, 0x3ff, 0, 0);
1156 -- input_set_abs_params(ptsc->dev, ABS_PRESSURE, 0, 0, 0, 0);
1157 -
1158 - serio_set_drvdata(serio, ptsc);
1159 -
1160 -diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
1161 -index 9a11dc3..b1facf9 100644
1162 ---- a/drivers/mmc/host/sdhci.c
1163 -+++ b/drivers/mmc/host/sdhci.c
1164 -@@ -1307,16 +1307,19 @@ static void sdhci_request(struct mmc_host *mmc, struct mmc_request *mrq)
1165 - */
1166 - if ((host->flags & SDHCI_NEEDS_RETUNING) &&
1167 - !(present_state & (SDHCI_DOING_WRITE | SDHCI_DOING_READ))) {
1168 -- /* eMMC uses cmd21 while sd and sdio use cmd19 */
1169 -- tuning_opcode = mmc->card->type == MMC_TYPE_MMC ?
1170 -- MMC_SEND_TUNING_BLOCK_HS200 :
1171 -- MMC_SEND_TUNING_BLOCK;
1172 -- spin_unlock_irqrestore(&host->lock, flags);
1173 -- sdhci_execute_tuning(mmc, tuning_opcode);
1174 -- spin_lock_irqsave(&host->lock, flags);
1175 --
1176 -- /* Restore original mmc_request structure */
1177 -- host->mrq = mrq;
1178 -+ if (mmc->card) {
1179 -+ /* eMMC uses cmd21 but sd and sdio use cmd19 */
1180 -+ tuning_opcode =
1181 -+ mmc->card->type == MMC_TYPE_MMC ?
1182 -+ MMC_SEND_TUNING_BLOCK_HS200 :
1183 -+ MMC_SEND_TUNING_BLOCK;
1184 -+ spin_unlock_irqrestore(&host->lock, flags);
1185 -+ sdhci_execute_tuning(mmc, tuning_opcode);
1186 -+ spin_lock_irqsave(&host->lock, flags);
1187 -+
1188 -+ /* Restore original mmc_request structure */
1189 -+ host->mrq = mrq;
1190 -+ }
1191 - }
1192 -
1193 - if (mrq->sbc && !(host->flags & SDHCI_AUTO_CMD23))
1194 -diff --git a/drivers/mmc/host/sh_mmcif.c b/drivers/mmc/host/sh_mmcif.c
1195 -index ba0e493..9058d21 100644
1196 ---- a/drivers/mmc/host/sh_mmcif.c
1197 -+++ b/drivers/mmc/host/sh_mmcif.c
1198 -@@ -1464,9 +1464,9 @@ static int __devexit sh_mmcif_remove(struct platform_device *pdev)
1199 -
1200 - platform_set_drvdata(pdev, NULL);
1201 -
1202 -+ clk_disable(host->hclk);
1203 - mmc_free_host(host->mmc);
1204 - pm_runtime_put_sync(&pdev->dev);
1205 -- clk_disable(host->hclk);
1206 - pm_runtime_disable(&pdev->dev);
1207 -
1208 - return 0;
1209 -diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
1210 -index 56b20d1..116f0e9 100644
1211 ---- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
1212 -+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
1213 -@@ -2673,6 +2673,9 @@ static int ixgbe_get_ts_info(struct net_device *dev,
1214 - case ixgbe_mac_X540:
1215 - case ixgbe_mac_82599EB:
1216 - info->so_timestamping =
1217 -+ SOF_TIMESTAMPING_TX_SOFTWARE |
1218 -+ SOF_TIMESTAMPING_RX_SOFTWARE |
1219 -+ SOF_TIMESTAMPING_SOFTWARE |
1220 - SOF_TIMESTAMPING_TX_HARDWARE |
1221 - SOF_TIMESTAMPING_RX_HARDWARE |
1222 - SOF_TIMESTAMPING_RAW_HARDWARE;
1223 -diff --git a/drivers/net/ethernet/nxp/lpc_eth.c b/drivers/net/ethernet/nxp/lpc_eth.c
1224 -index 53743f7..af8b414 100644
1225 ---- a/drivers/net/ethernet/nxp/lpc_eth.c
1226 -+++ b/drivers/net/ethernet/nxp/lpc_eth.c
1227 -@@ -1524,6 +1524,7 @@ static int lpc_eth_drv_remove(struct platform_device *pdev)
1228 - pldat->dma_buff_base_p);
1229 - free_irq(ndev->irq, ndev);
1230 - iounmap(pldat->net_base);
1231 -+ mdiobus_unregister(pldat->mii_bus);
1232 - mdiobus_free(pldat->mii_bus);
1233 - clk_disable(pldat->clk);
1234 - clk_put(pldat->clk);
1235 -diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
1236 -index fc9f578..9c382b5 100644
1237 ---- a/drivers/net/usb/usbnet.c
1238 -+++ b/drivers/net/usb/usbnet.c
1239 -@@ -1158,6 +1158,7 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
1240 - usb_anchor_urb(urb, &dev->deferred);
1241 - /* no use to process more packets */
1242 - netif_stop_queue(net);
1243 -+ usb_put_urb(urb);
1244 - spin_unlock_irqrestore(&dev->txq.lock, flags);
1245 - netdev_dbg(dev->net, "Delaying transmission for resumption\n");
1246 - goto deferred;
1247 -@@ -1310,6 +1311,8 @@ void usbnet_disconnect (struct usb_interface *intf)
1248 -
1249 - cancel_work_sync(&dev->kevent);
1250 -
1251 -+ usb_scuttle_anchored_urbs(&dev->deferred);
1252 -+
1253 - if (dev->driver_info->unbind)
1254 - dev->driver_info->unbind (dev, intf);
1255 -
1256 -diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
1257 -index 423a9f3..88b6acc 100644
1258 ---- a/drivers/net/wireless/ath/ath9k/xmit.c
1259 -+++ b/drivers/net/wireless/ath/ath9k/xmit.c
1260 -@@ -312,6 +312,7 @@ static struct ath_buf *ath_tx_get_buffer(struct ath_softc *sc)
1261 - }
1262 -
1263 - bf = list_first_entry(&sc->tx.txbuf, struct ath_buf, list);
1264 -+ bf->bf_next = NULL;
1265 - list_del(&bf->list);
1266 -
1267 - spin_unlock_bh(&sc->tx.txbuflock);
1268 -@@ -393,7 +394,7 @@ static void ath_tx_complete_aggr(struct ath_softc *sc, struct ath_txq *txq,
1269 - u16 seq_st = 0, acked_cnt = 0, txfail_cnt = 0, seq_first;
1270 - u32 ba[WME_BA_BMP_SIZE >> 5];
1271 - int isaggr, txfail, txpending, sendbar = 0, needreset = 0, nbad = 0;
1272 -- bool rc_update = true;
1273 -+ bool rc_update = true, isba;
1274 - struct ieee80211_tx_rate rates[4];
1275 - struct ath_frame_info *fi;
1276 - int nframes;
1277 -@@ -437,13 +438,17 @@ static void ath_tx_complete_aggr(struct ath_softc *sc, struct ath_txq *txq,
1278 - tidno = ieee80211_get_qos_ctl(hdr)[0] & IEEE80211_QOS_CTL_TID_MASK;
1279 - tid = ATH_AN_2_TID(an, tidno);
1280 - seq_first = tid->seq_start;
1281 -+ isba = ts->ts_flags & ATH9K_TX_BA;
1282 -
1283 - /*
1284 - * The hardware occasionally sends a tx status for the wrong TID.
1285 - * In this case, the BA status cannot be considered valid and all
1286 - * subframes need to be retransmitted
1287 -+ *
1288 -+ * Only BlockAcks have a TID and therefore normal Acks cannot be
1289 -+ * checked
1290 - */
1291 -- if (tidno != ts->tid)
1292 -+ if (isba && tidno != ts->tid)
1293 - txok = false;
1294 -
1295 - isaggr = bf_isaggr(bf);
1296 -@@ -1774,6 +1779,7 @@ static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq,
1297 - list_add_tail(&bf->list, &bf_head);
1298 - bf->bf_state.bf_type = 0;
1299 -
1300 -+ bf->bf_next = NULL;
1301 - bf->bf_lastbf = bf;
1302 - ath_tx_fill_desc(sc, bf, txq, fi->framelen);
1303 - ath_tx_txqaddbuf(sc, txq, &bf_head, false);
1304 -diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c
1305 -index b93516d..1345bdd 100644
1306 ---- a/drivers/net/wireless/rt2x00/rt2800lib.c
1307 -+++ b/drivers/net/wireless/rt2x00/rt2800lib.c
1308 -@@ -2395,7 +2395,7 @@ static int rt2800_get_gain_calibration_delta(struct rt2x00_dev *rt2x00dev)
1309 - /*
1310 - * Check if temperature compensation is supported.
1311 - */
1312 -- if (tssi_bounds[4] == 0xff)
1313 -+ if (tssi_bounds[4] == 0xff || step == 0xff)
1314 - return 0;
1315 -
1316 - /*
1317 -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
1318 -index dd4fce2..6b6f50a 100644
1319 ---- a/drivers/target/iscsi/iscsi_target.c
1320 -+++ b/drivers/target/iscsi/iscsi_target.c
1321 -@@ -3735,7 +3735,9 @@ restart:
1322 - */
1323 - iscsit_thread_check_cpumask(conn, current, 1);
1324 -
1325 -- schedule_timeout_interruptible(MAX_SCHEDULE_TIMEOUT);
1326 -+ wait_event_interruptible(conn->queues_wq,
1327 -+ !iscsit_conn_all_queues_empty(conn) ||
1328 -+ ts->status == ISCSI_THREAD_SET_RESET);
1329 -
1330 - if ((ts->status == ISCSI_THREAD_SET_RESET) ||
1331 - signal_pending(current))
1332 -diff --git a/drivers/target/iscsi/iscsi_target_core.h b/drivers/target/iscsi/iscsi_target_core.h
1333 -index a90294f..1d63d56 100644
1334 ---- a/drivers/target/iscsi/iscsi_target_core.h
1335 -+++ b/drivers/target/iscsi/iscsi_target_core.h
1336 -@@ -486,6 +486,7 @@ struct iscsi_tmr_req {
1337 - };
1338 -
1339 - struct iscsi_conn {
1340 -+ wait_queue_head_t queues_wq;
1341 - /* Authentication Successful for this connection */
1342 - u8 auth_complete;
1343 - /* State connection is currently in */
1344 -diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c
1345 -index 6aba439..7b643ab 100644
1346 ---- a/drivers/target/iscsi/iscsi_target_login.c
1347 -+++ b/drivers/target/iscsi/iscsi_target_login.c
1348 -@@ -45,6 +45,7 @@ extern spinlock_t sess_idr_lock;
1349 -
1350 - static int iscsi_login_init_conn(struct iscsi_conn *conn)
1351 - {
1352 -+ init_waitqueue_head(&conn->queues_wq);
1353 - INIT_LIST_HEAD(&conn->conn_list);
1354 - INIT_LIST_HEAD(&conn->conn_cmd_list);
1355 - INIT_LIST_HEAD(&conn->immed_queue_list);
1356 -diff --git a/drivers/target/iscsi/iscsi_target_util.c b/drivers/target/iscsi/iscsi_target_util.c
1357 -index b42cdeb..552f45a 100644
1358 ---- a/drivers/target/iscsi/iscsi_target_util.c
1359 -+++ b/drivers/target/iscsi/iscsi_target_util.c
1360 -@@ -488,7 +488,7 @@ void iscsit_add_cmd_to_immediate_queue(
1361 - atomic_set(&conn->check_immediate_queue, 1);
1362 - spin_unlock_bh(&conn->immed_queue_lock);
1363 -
1364 -- wake_up_process(conn->thread_set->tx_thread);
1365 -+ wake_up(&conn->queues_wq);
1366 - }
1367 -
1368 - struct iscsi_queue_req *iscsit_get_cmd_from_immediate_queue(struct iscsi_conn *conn)
1369 -@@ -562,7 +562,7 @@ void iscsit_add_cmd_to_response_queue(
1370 - atomic_inc(&cmd->response_queue_count);
1371 - spin_unlock_bh(&conn->response_queue_lock);
1372 -
1373 -- wake_up_process(conn->thread_set->tx_thread);
1374 -+ wake_up(&conn->queues_wq);
1375 - }
1376 -
1377 - struct iscsi_queue_req *iscsit_get_cmd_from_response_queue(struct iscsi_conn *conn)
1378 -@@ -616,6 +616,24 @@ static void iscsit_remove_cmd_from_response_queue(
1379 - }
1380 - }
1381 -
1382 -+bool iscsit_conn_all_queues_empty(struct iscsi_conn *conn)
1383 -+{
1384 -+ bool empty;
1385 -+
1386 -+ spin_lock_bh(&conn->immed_queue_lock);
1387 -+ empty = list_empty(&conn->immed_queue_list);
1388 -+ spin_unlock_bh(&conn->immed_queue_lock);
1389 -+
1390 -+ if (!empty)
1391 -+ return empty;
1392 -+
1393 -+ spin_lock_bh(&conn->response_queue_lock);
1394 -+ empty = list_empty(&conn->response_queue_list);
1395 -+ spin_unlock_bh(&conn->response_queue_lock);
1396 -+
1397 -+ return empty;
1398 -+}
1399 -+
1400 - void iscsit_free_queue_reqs_for_conn(struct iscsi_conn *conn)
1401 - {
1402 - struct iscsi_queue_req *qr, *qr_tmp;
1403 -diff --git a/drivers/target/iscsi/iscsi_target_util.h b/drivers/target/iscsi/iscsi_target_util.h
1404 -index e1c729b..2ff9bbc 100644
1405 ---- a/drivers/target/iscsi/iscsi_target_util.h
1406 -+++ b/drivers/target/iscsi/iscsi_target_util.h
1407 -@@ -25,6 +25,7 @@ extern struct iscsi_queue_req *iscsit_get_cmd_from_immediate_queue(struct iscsi_
1408 - extern void iscsit_add_cmd_to_response_queue(struct iscsi_cmd *, struct iscsi_conn *, u8);
1409 - extern struct iscsi_queue_req *iscsit_get_cmd_from_response_queue(struct iscsi_conn *);
1410 - extern void iscsit_remove_cmd_from_tx_queues(struct iscsi_cmd *, struct iscsi_conn *);
1411 -+extern bool iscsit_conn_all_queues_empty(struct iscsi_conn *);
1412 - extern void iscsit_free_queue_reqs_for_conn(struct iscsi_conn *);
1413 - extern void iscsit_release_cmd(struct iscsi_cmd *);
1414 - extern void iscsit_free_cmd(struct iscsi_cmd *);
1415 -diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
1416 -index 06aca11..ac0b69f 100644
1417 ---- a/drivers/target/target_core_configfs.c
1418 -+++ b/drivers/target/target_core_configfs.c
1419 -@@ -3214,7 +3214,8 @@ static int __init target_core_init_configfs(void)
1420 - if (ret < 0)
1421 - goto out;
1422 -
1423 -- if (core_dev_setup_virtual_lun0() < 0)
1424 -+ ret = core_dev_setup_virtual_lun0();
1425 -+ if (ret < 0)
1426 - goto out;
1427 -
1428 - return 0;
1429 -diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
1430 -index 9fc9a60..68d4c10 100644
1431 ---- a/drivers/target/target_core_device.c
1432 -+++ b/drivers/target/target_core_device.c
1433 -@@ -850,20 +850,20 @@ int se_dev_check_shutdown(struct se_device *dev)
1434 -
1435 - static u32 se_dev_align_max_sectors(u32 max_sectors, u32 block_size)
1436 - {
1437 -- u32 tmp, aligned_max_sectors;
1438 -+ u32 aligned_max_sectors;
1439 -+ u32 alignment;
1440 - /*
1441 - * Limit max_sectors to a PAGE_SIZE aligned value for modern
1442 - * transport_allocate_data_tasks() operation.
1443 - */
1444 -- tmp = rounddown((max_sectors * block_size), PAGE_SIZE);
1445 -- aligned_max_sectors = (tmp / block_size);
1446 -- if (max_sectors != aligned_max_sectors) {
1447 -- printk(KERN_INFO "Rounding down aligned max_sectors from %u"
1448 -- " to %u\n", max_sectors, aligned_max_sectors);
1449 -- return aligned_max_sectors;
1450 -- }
1451 -+ alignment = max(1ul, PAGE_SIZE / block_size);
1452 -+ aligned_max_sectors = rounddown(max_sectors, alignment);
1453 -+
1454 -+ if (max_sectors != aligned_max_sectors)
1455 -+ pr_info("Rounding down aligned max_sectors from %u to %u\n",
1456 -+ max_sectors, aligned_max_sectors);
1457 -
1458 -- return max_sectors;
1459 -+ return aligned_max_sectors;
1460 - }
1461 -
1462 - void se_dev_set_default_attribs(
1463 -diff --git a/drivers/target/target_core_spc.c b/drivers/target/target_core_spc.c
1464 -index 9229bd9..6fd434d 100644
1465 ---- a/drivers/target/target_core_spc.c
1466 -+++ b/drivers/target/target_core_spc.c
1467 -@@ -605,6 +605,8 @@ static int spc_emulate_inquiry(struct se_cmd *cmd)
1468 - unsigned char buf[SE_INQUIRY_BUF];
1469 - int p, ret;
1470 -
1471 -+ memset(buf, 0, SE_INQUIRY_BUF);
1472 -+
1473 - if (dev == tpg->tpg_virt_lun0.lun_se_dev)
1474 - buf[0] = 0x3f; /* Not connected */
1475 - else
1476 -diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c
1477 -index 1c59a3c..be75c43 100644
1478 ---- a/drivers/target/target_core_tmr.c
1479 -+++ b/drivers/target/target_core_tmr.c
1480 -@@ -140,15 +140,15 @@ void core_tmr_abort_task(
1481 - printk("ABORT_TASK: Found referenced %s task_tag: %u\n",
1482 - se_cmd->se_tfo->get_fabric_name(), ref_tag);
1483 -
1484 -- spin_lock_irq(&se_cmd->t_state_lock);
1485 -+ spin_lock(&se_cmd->t_state_lock);
1486 - if (se_cmd->transport_state & CMD_T_COMPLETE) {
1487 - printk("ABORT_TASK: ref_tag: %u already complete, skipping\n", ref_tag);
1488 -- spin_unlock_irq(&se_cmd->t_state_lock);
1489 -+ spin_unlock(&se_cmd->t_state_lock);
1490 - spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags);
1491 - goto out;
1492 - }
1493 - se_cmd->transport_state |= CMD_T_ABORTED;
1494 -- spin_unlock_irq(&se_cmd->t_state_lock);
1495 -+ spin_unlock(&se_cmd->t_state_lock);
1496 -
1497 - list_del_init(&se_cmd->se_cmd_list);
1498 - kref_get(&se_cmd->cmd_kref);
1499 -diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
1500 -index 7f12416..9a113b7 100644
1501 ---- a/drivers/xen/gntdev.c
1502 -+++ b/drivers/xen/gntdev.c
1503 -@@ -105,6 +105,21 @@ static void gntdev_print_maps(struct gntdev_priv *priv,
1504 - #endif
1505 - }
1506 -
1507 -+static void gntdev_free_map(struct grant_map *map)
1508 -+{
1509 -+ if (map == NULL)
1510 -+ return;
1511 -+
1512 -+ if (map->pages)
1513 -+ free_xenballooned_pages(map->count, map->pages);
1514 -+ kfree(map->pages);
1515 -+ kfree(map->grants);
1516 -+ kfree(map->map_ops);
1517 -+ kfree(map->unmap_ops);
1518 -+ kfree(map->kmap_ops);
1519 -+ kfree(map);
1520 -+}
1521 -+
1522 - static struct grant_map *gntdev_alloc_map(struct gntdev_priv *priv, int count)
1523 - {
1524 - struct grant_map *add;
1525 -@@ -142,12 +157,7 @@ static struct grant_map *gntdev_alloc_map(struct gntdev_priv *priv, int count)
1526 - return add;
1527 -
1528 - err:
1529 -- kfree(add->pages);
1530 -- kfree(add->grants);
1531 -- kfree(add->map_ops);
1532 -- kfree(add->unmap_ops);
1533 -- kfree(add->kmap_ops);
1534 -- kfree(add);
1535 -+ gntdev_free_map(add);
1536 - return NULL;
1537 - }
1538 -
1539 -@@ -198,17 +208,9 @@ static void gntdev_put_map(struct grant_map *map)
1540 - evtchn_put(map->notify.event);
1541 - }
1542 -
1543 -- if (map->pages) {
1544 -- if (!use_ptemod)
1545 -- unmap_grant_pages(map, 0, map->count);
1546 --
1547 -- free_xenballooned_pages(map->count, map->pages);
1548 -- }
1549 -- kfree(map->pages);
1550 -- kfree(map->grants);
1551 -- kfree(map->map_ops);
1552 -- kfree(map->unmap_ops);
1553 -- kfree(map);
1554 -+ if (map->pages && !use_ptemod)
1555 -+ unmap_grant_pages(map, 0, map->count);
1556 -+ gntdev_free_map(map);
1557 - }
1558 -
1559 - /* ------------------------------------------------------------------ */
1560 -diff --git a/fs/gfs2/lops.c b/fs/gfs2/lops.c
1561 -index 8ff95a2..0967d0c 100644
1562 ---- a/fs/gfs2/lops.c
1563 -+++ b/fs/gfs2/lops.c
1564 -@@ -393,12 +393,10 @@ static void buf_lo_add(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd)
1565 - struct gfs2_meta_header *mh;
1566 - struct gfs2_trans *tr;
1567 -
1568 -- lock_buffer(bd->bd_bh);
1569 -- gfs2_log_lock(sdp);
1570 - tr = current->journal_info;
1571 - tr->tr_touched = 1;
1572 - if (!list_empty(&bd->bd_list))
1573 -- goto out;
1574 -+ return;
1575 - set_bit(GLF_LFLUSH, &bd->bd_gl->gl_flags);
1576 - set_bit(GLF_DIRTY, &bd->bd_gl->gl_flags);
1577 - mh = (struct gfs2_meta_header *)bd->bd_bh->b_data;
1578 -@@ -414,9 +412,6 @@ static void buf_lo_add(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd)
1579 - sdp->sd_log_num_buf++;
1580 - list_add(&bd->bd_list, &sdp->sd_log_le_buf);
1581 - tr->tr_num_buf_new++;
1582 --out:
1583 -- gfs2_log_unlock(sdp);
1584 -- unlock_buffer(bd->bd_bh);
1585 - }
1586 -
1587 - static void gfs2_check_magic(struct buffer_head *bh)
1588 -@@ -777,12 +772,10 @@ static void databuf_lo_add(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd)
1589 - struct address_space *mapping = bd->bd_bh->b_page->mapping;
1590 - struct gfs2_inode *ip = GFS2_I(mapping->host);
1591 -
1592 -- lock_buffer(bd->bd_bh);
1593 -- gfs2_log_lock(sdp);
1594 - if (tr)
1595 - tr->tr_touched = 1;
1596 - if (!list_empty(&bd->bd_list))
1597 -- goto out;
1598 -+ return;
1599 - set_bit(GLF_LFLUSH, &bd->bd_gl->gl_flags);
1600 - set_bit(GLF_DIRTY, &bd->bd_gl->gl_flags);
1601 - if (gfs2_is_jdata(ip)) {
1602 -@@ -793,9 +786,6 @@ static void databuf_lo_add(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd)
1603 - } else {
1604 - list_add_tail(&bd->bd_list, &sdp->sd_log_le_ordered);
1605 - }
1606 --out:
1607 -- gfs2_log_unlock(sdp);
1608 -- unlock_buffer(bd->bd_bh);
1609 - }
1610 -
1611 - /**
1612 -diff --git a/fs/gfs2/trans.c b/fs/gfs2/trans.c
1613 -index adbd278..4136270 100644
1614 ---- a/fs/gfs2/trans.c
1615 -+++ b/fs/gfs2/trans.c
1616 -@@ -155,14 +155,22 @@ void gfs2_trans_add_bh(struct gfs2_glock *gl, struct buffer_head *bh, int meta)
1617 - struct gfs2_sbd *sdp = gl->gl_sbd;
1618 - struct gfs2_bufdata *bd;
1619 -
1620 -+ lock_buffer(bh);
1621 -+ gfs2_log_lock(sdp);
1622 - bd = bh->b_private;
1623 - if (bd)
1624 - gfs2_assert(sdp, bd->bd_gl == gl);
1625 - else {
1626 -+ gfs2_log_unlock(sdp);
1627 -+ unlock_buffer(bh);
1628 - gfs2_attach_bufdata(gl, bh, meta);
1629 - bd = bh->b_private;
1630 -+ lock_buffer(bh);
1631 -+ gfs2_log_lock(sdp);
1632 - }
1633 - lops_add(sdp, bd);
1634 -+ gfs2_log_unlock(sdp);
1635 -+ unlock_buffer(bh);
1636 - }
1637 -
1638 - void gfs2_trans_add_revoke(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd)
1639 -diff --git a/fs/nfs/dns_resolve.c b/fs/nfs/dns_resolve.c
1640 -index 31c26c4..ca4b11e 100644
1641 ---- a/fs/nfs/dns_resolve.c
1642 -+++ b/fs/nfs/dns_resolve.c
1643 -@@ -217,7 +217,7 @@ static int nfs_dns_parse(struct cache_detail *cd, char *buf, int buflen)
1644 - {
1645 - char buf1[NFS_DNS_HOSTNAME_MAXLEN+1];
1646 - struct nfs_dns_ent key, *item;
1647 -- unsigned long ttl;
1648 -+ unsigned int ttl;
1649 - ssize_t len;
1650 - int ret = -EINVAL;
1651 -
1652 -@@ -240,7 +240,8 @@ static int nfs_dns_parse(struct cache_detail *cd, char *buf, int buflen)
1653 - key.namelen = len;
1654 - memset(&key.h, 0, sizeof(key.h));
1655 -
1656 -- ttl = get_expiry(&buf);
1657 -+ if (get_uint(&buf, &ttl) < 0)
1658 -+ goto out;
1659 - if (ttl == 0)
1660 - goto out;
1661 - key.h.expiry_time = ttl + seconds_since_boot();
1662 -diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
1663 -index 31fdb03..e794dee 100644
1664 ---- a/fs/nfs/internal.h
1665 -+++ b/fs/nfs/internal.h
1666 -@@ -353,8 +353,9 @@ extern void nfs_sb_active(struct super_block *sb);
1667 - extern void nfs_sb_deactive(struct super_block *sb);
1668 -
1669 - /* namespace.c */
1670 -+#define NFS_PATH_CANONICAL 1
1671 - extern char *nfs_path(char **p, struct dentry *dentry,
1672 -- char *buffer, ssize_t buflen);
1673 -+ char *buffer, ssize_t buflen, unsigned flags);
1674 - extern struct vfsmount *nfs_d_automount(struct path *path);
1675 - struct vfsmount *nfs_submount(struct nfs_server *, struct dentry *,
1676 - struct nfs_fh *, struct nfs_fattr *);
1677 -@@ -491,7 +492,7 @@ static inline char *nfs_devname(struct dentry *dentry,
1678 - char *buffer, ssize_t buflen)
1679 - {
1680 - char *dummy;
1681 -- return nfs_path(&dummy, dentry, buffer, buflen);
1682 -+ return nfs_path(&dummy, dentry, buffer, buflen, NFS_PATH_CANONICAL);
1683 - }
1684 -
1685 - /*
1686 -diff --git a/fs/nfs/mount_clnt.c b/fs/nfs/mount_clnt.c
1687 -index 8e65c7f..015f71f 100644
1688 ---- a/fs/nfs/mount_clnt.c
1689 -+++ b/fs/nfs/mount_clnt.c
1690 -@@ -181,7 +181,7 @@ int nfs_mount(struct nfs_mount_request *info)
1691 - else
1692 - msg.rpc_proc = &mnt_clnt->cl_procinfo[MOUNTPROC_MNT];
1693 -
1694 -- status = rpc_call_sync(mnt_clnt, &msg, 0);
1695 -+ status = rpc_call_sync(mnt_clnt, &msg, RPC_TASK_SOFT|RPC_TASK_TIMEOUT);
1696 - rpc_shutdown_client(mnt_clnt);
1697 -
1698 - if (status < 0)
1699 -diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c
1700 -index 6559253..dd057bc 100644
1701 ---- a/fs/nfs/namespace.c
1702 -+++ b/fs/nfs/namespace.c
1703 -@@ -33,6 +33,7 @@ int nfs_mountpoint_expiry_timeout = 500 * HZ;
1704 - * @dentry - pointer to dentry
1705 - * @buffer - result buffer
1706 - * @buflen - length of buffer
1707 -+ * @flags - options (see below)
1708 - *
1709 - * Helper function for constructing the server pathname
1710 - * by arbitrary hashed dentry.
1711 -@@ -40,8 +41,14 @@ int nfs_mountpoint_expiry_timeout = 500 * HZ;
1712 - * This is mainly for use in figuring out the path on the
1713 - * server side when automounting on top of an existing partition
1714 - * and in generating /proc/mounts and friends.
1715 -+ *
1716 -+ * Supported flags:
1717 -+ * NFS_PATH_CANONICAL: ensure there is exactly one slash after
1718 -+ * the original device (export) name
1719 -+ * (if unset, the original name is returned verbatim)
1720 - */
1721 --char *nfs_path(char **p, struct dentry *dentry, char *buffer, ssize_t buflen)
1722 -+char *nfs_path(char **p, struct dentry *dentry, char *buffer, ssize_t buflen,
1723 -+ unsigned flags)
1724 - {
1725 - char *end;
1726 - int namelen;
1727 -@@ -74,7 +81,7 @@ rename_retry:
1728 - rcu_read_unlock();
1729 - goto rename_retry;
1730 - }
1731 -- if (*end != '/') {
1732 -+ if ((flags & NFS_PATH_CANONICAL) && *end != '/') {
1733 - if (--buflen < 0) {
1734 - spin_unlock(&dentry->d_lock);
1735 - rcu_read_unlock();
1736 -@@ -91,9 +98,11 @@ rename_retry:
1737 - return end;
1738 - }
1739 - namelen = strlen(base);
1740 -- /* Strip off excess slashes in base string */
1741 -- while (namelen > 0 && base[namelen - 1] == '/')
1742 -- namelen--;
1743 -+ if (flags & NFS_PATH_CANONICAL) {
1744 -+ /* Strip off excess slashes in base string */
1745 -+ while (namelen > 0 && base[namelen - 1] == '/')
1746 -+ namelen--;
1747 -+ }
1748 - buflen -= namelen;
1749 - if (buflen < 0) {
1750 - spin_unlock(&dentry->d_lock);
1751 -diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c
1752 -index 017b4b0..c077b25 100644
1753 ---- a/fs/nfs/nfs4namespace.c
1754 -+++ b/fs/nfs/nfs4namespace.c
1755 -@@ -81,7 +81,8 @@ static char *nfs_path_component(const char *nfspath, const char *end)
1756 - static char *nfs4_path(struct dentry *dentry, char *buffer, ssize_t buflen)
1757 - {
1758 - char *limit;
1759 -- char *path = nfs_path(&limit, dentry, buffer, buflen);
1760 -+ char *path = nfs_path(&limit, dentry, buffer, buflen,
1761 -+ NFS_PATH_CANONICAL);
1762 - if (!IS_ERR(path)) {
1763 - char *path_component = nfs_path_component(path, limit);
1764 - if (path_component)
1765 -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
1766 -index d5a0cf1..7bff871 100644
1767 ---- a/fs/nfs/nfs4proc.c
1768 -+++ b/fs/nfs/nfs4proc.c
1769 -@@ -331,8 +331,7 @@ static int nfs4_handle_exception(struct nfs_server *server, int errorcode, struc
1770 - dprintk("%s ERROR: %d Reset session\n", __func__,
1771 - errorcode);
1772 - nfs4_schedule_session_recovery(clp->cl_session, errorcode);
1773 -- exception->retry = 1;
1774 -- break;
1775 -+ goto wait_on_recovery;
1776 - #endif /* defined(CONFIG_NFS_V4_1) */
1777 - case -NFS4ERR_FILE_OPEN:
1778 - if (exception->timeout > HZ) {
1779 -@@ -1499,9 +1498,11 @@ static void nfs4_open_prepare(struct rpc_task *task, void *calldata)
1780 - data->timestamp = jiffies;
1781 - if (nfs4_setup_sequence(data->o_arg.server,
1782 - &data->o_arg.seq_args,
1783 -- &data->o_res.seq_res, task))
1784 -- return;
1785 -- rpc_call_start(task);
1786 -+ &data->o_res.seq_res,
1787 -+ task) != 0)
1788 -+ nfs_release_seqid(data->o_arg.seqid);
1789 -+ else
1790 -+ rpc_call_start(task);
1791 - return;
1792 - unlock_no_action:
1793 - rcu_read_unlock();
1794 -@@ -2182,9 +2183,10 @@ static void nfs4_close_prepare(struct rpc_task *task, void *data)
1795 - if (nfs4_setup_sequence(NFS_SERVER(calldata->inode),
1796 - &calldata->arg.seq_args,
1797 - &calldata->res.seq_res,
1798 -- task))
1799 -- goto out;
1800 -- rpc_call_start(task);
1801 -+ task) != 0)
1802 -+ nfs_release_seqid(calldata->arg.seqid);
1803 -+ else
1804 -+ rpc_call_start(task);
1805 - out:
1806 - dprintk("%s: done!\n", __func__);
1807 - }
1808 -@@ -4390,6 +4392,7 @@ static void nfs4_locku_done(struct rpc_task *task, void *data)
1809 - if (nfs4_async_handle_error(task, calldata->server, NULL) == -EAGAIN)
1810 - rpc_restart_call_prepare(task);
1811 - }
1812 -+ nfs_release_seqid(calldata->arg.seqid);
1813 - }
1814 -
1815 - static void nfs4_locku_prepare(struct rpc_task *task, void *data)
1816 -@@ -4406,9 +4409,11 @@ static void nfs4_locku_prepare(struct rpc_task *task, void *data)
1817 - calldata->timestamp = jiffies;
1818 - if (nfs4_setup_sequence(calldata->server,
1819 - &calldata->arg.seq_args,
1820 -- &calldata->res.seq_res, task))
1821 -- return;
1822 -- rpc_call_start(task);
1823 -+ &calldata->res.seq_res,
1824 -+ task) != 0)
1825 -+ nfs_release_seqid(calldata->arg.seqid);
1826 -+ else
1827 -+ rpc_call_start(task);
1828 - }
1829 -
1830 - static const struct rpc_call_ops nfs4_locku_ops = {
1831 -@@ -4553,7 +4558,7 @@ static void nfs4_lock_prepare(struct rpc_task *task, void *calldata)
1832 - /* Do we need to do an open_to_lock_owner? */
1833 - if (!(data->arg.lock_seqid->sequence->flags & NFS_SEQID_CONFIRMED)) {
1834 - if (nfs_wait_on_sequence(data->arg.open_seqid, task) != 0)
1835 -- return;
1836 -+ goto out_release_lock_seqid;
1837 - data->arg.open_stateid = &state->stateid;
1838 - data->arg.new_lock_owner = 1;
1839 - data->res.open_seqid = data->arg.open_seqid;
1840 -@@ -4562,10 +4567,15 @@ static void nfs4_lock_prepare(struct rpc_task *task, void *calldata)
1841 - data->timestamp = jiffies;
1842 - if (nfs4_setup_sequence(data->server,
1843 - &data->arg.seq_args,
1844 -- &data->res.seq_res, task))
1845 -+ &data->res.seq_res,
1846 -+ task) == 0) {
1847 -+ rpc_call_start(task);
1848 - return;
1849 -- rpc_call_start(task);
1850 -- dprintk("%s: done!, ret = %d\n", __func__, data->rpc_status);
1851 -+ }
1852 -+ nfs_release_seqid(data->arg.open_seqid);
1853 -+out_release_lock_seqid:
1854 -+ nfs_release_seqid(data->arg.lock_seqid);
1855 -+ dprintk("%s: done!, ret = %d\n", __func__, task->tk_status);
1856 - }
1857 -
1858 - static void nfs4_recover_lock_prepare(struct rpc_task *task, void *calldata)
1859 -diff --git a/fs/nfs/super.c b/fs/nfs/super.c
1860 -index b8eda70..d8d7396 100644
1861 ---- a/fs/nfs/super.c
1862 -+++ b/fs/nfs/super.c
1863 -@@ -765,7 +765,7 @@ int nfs_show_devname(struct seq_file *m, struct dentry *root)
1864 - int err = 0;
1865 - if (!page)
1866 - return -ENOMEM;
1867 -- devname = nfs_path(&dummy, root, page, PAGE_SIZE);
1868 -+ devname = nfs_path(&dummy, root, page, PAGE_SIZE, 0);
1869 - if (IS_ERR(devname))
1870 - err = PTR_ERR(devname);
1871 - else
1872 -diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
1873 -index a8d0ed9..becf4a9 100644
1874 ---- a/fs/xfs/xfs_buf_item.c
1875 -+++ b/fs/xfs/xfs_buf_item.c
1876 -@@ -526,7 +526,25 @@ xfs_buf_item_unpin(
1877 - }
1878 - xfs_buf_relse(bp);
1879 - } else if (freed && remove) {
1880 -+ /*
1881 -+ * There are currently two references to the buffer - the active
1882 -+ * LRU reference and the buf log item. What we are about to do
1883 -+ * here - simulate a failed IO completion - requires 3
1884 -+ * references.
1885 -+ *
1886 -+ * The LRU reference is removed by the xfs_buf_stale() call. The
1887 -+ * buf item reference is removed by the xfs_buf_iodone()
1888 -+ * callback that is run by xfs_buf_do_callbacks() during ioend
1889 -+ * processing (via the bp->b_iodone callback), and then finally
1890 -+ * the ioend processing will drop the IO reference if the buffer
1891 -+ * is marked XBF_ASYNC.
1892 -+ *
1893 -+ * Hence we need to take an additional reference here so that IO
1894 -+ * completion processing doesn't free the buffer prematurely.
1895 -+ */
1896 - xfs_buf_lock(bp);
1897 -+ xfs_buf_hold(bp);
1898 -+ bp->b_flags |= XBF_ASYNC;
1899 - xfs_buf_ioerror(bp, EIO);
1900 - XFS_BUF_UNDONE(bp);
1901 - xfs_buf_stale(bp);
1902 -diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
1903 -index 5da3ace..d308749 100644
1904 ---- a/fs/xfs/xfs_log_recover.c
1905 -+++ b/fs/xfs/xfs_log_recover.c
1906 -@@ -3541,7 +3541,7 @@ xlog_do_recovery_pass(
1907 - * - order is important.
1908 - */
1909 - error = xlog_bread_offset(log, 0,
1910 -- bblks - split_bblks, hbp,
1911 -+ bblks - split_bblks, dbp,
1912 - offset + BBTOB(split_bblks));
1913 - if (error)
1914 - goto bread_err2;
1915 -diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
1916 -index f10553c..fb5204b 100644
1917 ---- a/include/net/cfg80211.h
1918 -+++ b/include/net/cfg80211.h
1919 -@@ -2633,6 +2633,15 @@ unsigned int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb);
1920 - unsigned int __attribute_const__ ieee80211_hdrlen(__le16 fc);
1921 -
1922 - /**
1923 -+ * ieee80211_get_mesh_hdrlen - get mesh extension header length
1924 -+ * @meshhdr: the mesh extension header, only the flags field
1925 -+ * (first byte) will be accessed
1926 -+ * Returns the length of the extension header, which is always at
1927 -+ * least 6 bytes and at most 18 if address 5 and 6 are present.
1928 -+ */
1929 -+unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr);
1930 -+
1931 -+/**
1932 - * DOC: Data path helpers
1933 - *
1934 - * In addition to generic utilities, cfg80211 also offers
1935 -diff --git a/include/sound/core.h b/include/sound/core.h
1936 -index bc05668..93896ad 100644
1937 ---- a/include/sound/core.h
1938 -+++ b/include/sound/core.h
1939 -@@ -132,6 +132,7 @@ struct snd_card {
1940 - int shutdown; /* this card is going down */
1941 - int free_on_last_close; /* free in context of file_release */
1942 - wait_queue_head_t shutdown_sleep;
1943 -+ atomic_t refcount; /* refcount for disconnection */
1944 - struct device *dev; /* device assigned to this card */
1945 - struct device *card_dev; /* cardX object for sysfs */
1946 -
1947 -@@ -189,6 +190,7 @@ struct snd_minor {
1948 - const struct file_operations *f_ops; /* file operations */
1949 - void *private_data; /* private data for f_ops->open */
1950 - struct device *dev; /* device for sysfs */
1951 -+ struct snd_card *card_ptr; /* assigned card instance */
1952 - };
1953 -
1954 - /* return a device pointer linked to each sound device as a parent */
1955 -@@ -295,6 +297,7 @@ int snd_card_info_done(void);
1956 - int snd_component_add(struct snd_card *card, const char *component);
1957 - int snd_card_file_add(struct snd_card *card, struct file *file);
1958 - int snd_card_file_remove(struct snd_card *card, struct file *file);
1959 -+void snd_card_unref(struct snd_card *card);
1960 -
1961 - #define snd_card_set_dev(card, devptr) ((card)->dev = (devptr))
1962 -
1963 -diff --git a/include/trace/events/xen.h b/include/trace/events/xen.h
1964 -index 15ba03b..d06b6da 100644
1965 ---- a/include/trace/events/xen.h
1966 -+++ b/include/trace/events/xen.h
1967 -@@ -377,6 +377,14 @@ DECLARE_EVENT_CLASS(xen_mmu_pgd,
1968 - DEFINE_XEN_MMU_PGD_EVENT(xen_mmu_pgd_pin);
1969 - DEFINE_XEN_MMU_PGD_EVENT(xen_mmu_pgd_unpin);
1970 -
1971 -+TRACE_EVENT(xen_mmu_flush_tlb_all,
1972 -+ TP_PROTO(int x),
1973 -+ TP_ARGS(x),
1974 -+ TP_STRUCT__entry(__array(char, x, 0)),
1975 -+ TP_fast_assign((void)x),
1976 -+ TP_printk("%s", "")
1977 -+ );
1978 -+
1979 - TRACE_EVENT(xen_mmu_flush_tlb,
1980 - TP_PROTO(int x),
1981 - TP_ARGS(x),
1982 -diff --git a/kernel/futex.c b/kernel/futex.c
1983 -index 3717e7b..20ef219 100644
1984 ---- a/kernel/futex.c
1985 -+++ b/kernel/futex.c
1986 -@@ -716,7 +716,7 @@ static int futex_lock_pi_atomic(u32 __user *uaddr, struct futex_hash_bucket *hb,
1987 - struct futex_pi_state **ps,
1988 - struct task_struct *task, int set_waiters)
1989 - {
1990 -- int lock_taken, ret, ownerdied = 0;
1991 -+ int lock_taken, ret, force_take = 0;
1992 - u32 uval, newval, curval, vpid = task_pid_vnr(task);
1993 -
1994 - retry:
1995 -@@ -755,17 +755,15 @@ retry:
1996 - newval = curval | FUTEX_WAITERS;
1997 -
1998 - /*
1999 -- * There are two cases, where a futex might have no owner (the
2000 -- * owner TID is 0): OWNER_DIED. We take over the futex in this
2001 -- * case. We also do an unconditional take over, when the owner
2002 -- * of the futex died.
2003 -- *
2004 -- * This is safe as we are protected by the hash bucket lock !
2005 -+ * Should we force take the futex? See below.
2006 - */
2007 -- if (unlikely(ownerdied || !(curval & FUTEX_TID_MASK))) {
2008 -- /* Keep the OWNER_DIED bit */
2009 -+ if (unlikely(force_take)) {
2010 -+ /*
2011 -+ * Keep the OWNER_DIED and the WAITERS bit and set the
2012 -+ * new TID value.
2013 -+ */
2014 - newval = (curval & ~FUTEX_TID_MASK) | vpid;
2015 -- ownerdied = 0;
2016 -+ force_take = 0;
2017 - lock_taken = 1;
2018 - }
2019 -
2020 -@@ -775,7 +773,7 @@ retry:
2021 - goto retry;
2022 -
2023 - /*
2024 -- * We took the lock due to owner died take over.
2025 -+ * We took the lock due to forced take over.
2026 - */
2027 - if (unlikely(lock_taken))
2028 - return 1;
2029 -@@ -790,20 +788,25 @@ retry:
2030 - switch (ret) {
2031 - case -ESRCH:
2032 - /*
2033 -- * No owner found for this futex. Check if the
2034 -- * OWNER_DIED bit is set to figure out whether
2035 -- * this is a robust futex or not.
2036 -+ * We failed to find an owner for this
2037 -+ * futex. So we have no pi_state to block
2038 -+ * on. This can happen in two cases:
2039 -+ *
2040 -+ * 1) The owner died
2041 -+ * 2) A stale FUTEX_WAITERS bit
2042 -+ *
2043 -+ * Re-read the futex value.
2044 - */
2045 - if (get_futex_value_locked(&curval, uaddr))
2046 - return -EFAULT;
2047 -
2048 - /*
2049 -- * We simply start over in case of a robust
2050 -- * futex. The code above will take the futex
2051 -- * and return happy.
2052 -+ * If the owner died or we have a stale
2053 -+ * WAITERS bit the owner TID in the user space
2054 -+ * futex is 0.
2055 - */
2056 -- if (curval & FUTEX_OWNER_DIED) {
2057 -- ownerdied = 1;
2058 -+ if (!(curval & FUTEX_TID_MASK)) {
2059 -+ force_take = 1;
2060 - goto retry;
2061 - }
2062 - default:
2063 -diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
2064 -index 6705d35..e7b5777 100644
2065 ---- a/net/batman-adv/bridge_loop_avoidance.c
2066 -+++ b/net/batman-adv/bridge_loop_avoidance.c
2067 -@@ -1205,8 +1205,8 @@ int batadv_bla_init(struct batadv_priv *bat_priv)
2068 - /**
2069 - * batadv_bla_check_bcast_duplist
2070 - * @bat_priv: the bat priv with all the soft interface information
2071 -- * @bcast_packet: originator mac address
2072 -- * @hdr_size: maximum length of the frame
2073 -+ * @bcast_packet: encapsulated broadcast frame plus batman header
2074 -+ * @bcast_packet_len: length of encapsulated broadcast frame plus batman header
2075 - *
2076 - * check if it is on our broadcast list. Another gateway might
2077 - * have sent the same packet because it is connected to the same backbone,
2078 -@@ -1219,14 +1219,14 @@ int batadv_bla_init(struct batadv_priv *bat_priv)
2079 - */
2080 - int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
2081 - struct batadv_bcast_packet *bcast_packet,
2082 -- int hdr_size)
2083 -+ int bcast_packet_len)
2084 - {
2085 - int i, length, curr;
2086 - uint8_t *content;
2087 - uint16_t crc;
2088 - struct batadv_bcast_duplist_entry *entry;
2089 -
2090 -- length = hdr_size - sizeof(*bcast_packet);
2091 -+ length = bcast_packet_len - sizeof(*bcast_packet);
2092 - content = (uint8_t *)bcast_packet;
2093 - content += sizeof(*bcast_packet);
2094 -
2095 -diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
2096 -index bc2b88b..f861b7c 100644
2097 ---- a/net/batman-adv/routing.c
2098 -+++ b/net/batman-adv/routing.c
2099 -@@ -1136,8 +1136,14 @@ int batadv_recv_bcast_packet(struct sk_buff *skb,
2100 -
2101 - spin_unlock_bh(&orig_node->bcast_seqno_lock);
2102 -
2103 -+ /* keep skb linear for crc calculation */
2104 -+ if (skb_linearize(skb) < 0)
2105 -+ goto out;
2106 -+
2107 -+ bcast_packet = (struct batadv_bcast_packet *)skb->data;
2108 -+
2109 - /* check whether this has been sent by another originator before */
2110 -- if (batadv_bla_check_bcast_duplist(bat_priv, bcast_packet, hdr_size))
2111 -+ if (batadv_bla_check_bcast_duplist(bat_priv, bcast_packet, skb->len))
2112 - goto out;
2113 -
2114 - /* rebroadcast packet */
2115 -diff --git a/net/core/dev.c b/net/core/dev.c
2116 -index 2fb9f59..aed87a4 100644
2117 ---- a/net/core/dev.c
2118 -+++ b/net/core/dev.c
2119 -@@ -1644,7 +1644,7 @@ static inline int deliver_skb(struct sk_buff *skb,
2120 -
2121 - static inline bool skb_loop_sk(struct packet_type *ptype, struct sk_buff *skb)
2122 - {
2123 -- if (ptype->af_packet_priv == NULL)
2124 -+ if (!ptype->af_packet_priv || !skb->sk)
2125 - return false;
2126 -
2127 - if (ptype->id_match)
2128 -diff --git a/net/core/skbuff.c b/net/core/skbuff.c
2129 -index ef172af..9708777 100644
2130 ---- a/net/core/skbuff.c
2131 -+++ b/net/core/skbuff.c
2132 -@@ -3384,10 +3384,12 @@ EXPORT_SYMBOL(__skb_warn_lro_forwarding);
2133 -
2134 - void kfree_skb_partial(struct sk_buff *skb, bool head_stolen)
2135 - {
2136 -- if (head_stolen)
2137 -+ if (head_stolen) {
2138 -+ skb_release_head_state(skb);
2139 - kmem_cache_free(skbuff_head_cache, skb);
2140 -- else
2141 -+ } else {
2142 - __kfree_skb(skb);
2143 -+ }
2144 - }
2145 - EXPORT_SYMBOL(kfree_skb_partial);
2146 -
2147 -diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
2148 -index 570e61f..6405a44 100644
2149 ---- a/net/ipv4/inet_diag.c
2150 -+++ b/net/ipv4/inet_diag.c
2151 -@@ -883,13 +883,16 @@ static int __inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
2152 - struct inet_diag_req_v2 *r, struct nlattr *bc)
2153 - {
2154 - const struct inet_diag_handler *handler;
2155 -+ int err = 0;
2156 -
2157 - handler = inet_diag_lock_handler(r->sdiag_protocol);
2158 - if (!IS_ERR(handler))
2159 - handler->dump(skb, cb, r, bc);
2160 -+ else
2161 -+ err = PTR_ERR(handler);
2162 - inet_diag_unlock_handler(handler);
2163 -
2164 -- return skb->len;
2165 -+ return err ? : skb->len;
2166 - }
2167 -
2168 - static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
2169 -diff --git a/net/ipv4/route.c b/net/ipv4/route.c
2170 -index 2a1383c..c017cb1 100644
2171 ---- a/net/ipv4/route.c
2172 -+++ b/net/ipv4/route.c
2173 -@@ -1166,8 +1166,12 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
2174 - spin_lock_bh(&fnhe_lock);
2175 -
2176 - if (daddr == fnhe->fnhe_daddr) {
2177 -- struct rtable *orig;
2178 --
2179 -+ struct rtable *orig = rcu_dereference(fnhe->fnhe_rth);
2180 -+ if (orig && rt_is_expired(orig)) {
2181 -+ fnhe->fnhe_gw = 0;
2182 -+ fnhe->fnhe_pmtu = 0;
2183 -+ fnhe->fnhe_expires = 0;
2184 -+ }
2185 - if (fnhe->fnhe_pmtu) {
2186 - unsigned long expires = fnhe->fnhe_expires;
2187 - unsigned long diff = expires - jiffies;
2188 -@@ -1184,7 +1188,6 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
2189 - } else if (!rt->rt_gateway)
2190 - rt->rt_gateway = daddr;
2191 -
2192 -- orig = rcu_dereference(fnhe->fnhe_rth);
2193 - rcu_assign_pointer(fnhe->fnhe_rth, rt);
2194 - if (orig)
2195 - rt_free(orig);
2196 -diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
2197 -index 5f64193..49dd993 100644
2198 ---- a/net/ipv4/tcp.c
2199 -+++ b/net/ipv4/tcp.c
2200 -@@ -548,14 +548,12 @@ int tcp_ioctl(struct sock *sk, int cmd, unsigned long arg)
2201 - !tp->urg_data ||
2202 - before(tp->urg_seq, tp->copied_seq) ||
2203 - !before(tp->urg_seq, tp->rcv_nxt)) {
2204 -- struct sk_buff *skb;
2205 -
2206 - answ = tp->rcv_nxt - tp->copied_seq;
2207 -
2208 -- /* Subtract 1, if FIN is in queue. */
2209 -- skb = skb_peek_tail(&sk->sk_receive_queue);
2210 -- if (answ && skb)
2211 -- answ -= tcp_hdr(skb)->fin;
2212 -+ /* Subtract 1, if FIN was received */
2213 -+ if (answ && sock_flag(sk, SOCK_DONE))
2214 -+ answ--;
2215 - } else
2216 - answ = tp->urg_seq - tp->copied_seq;
2217 - release_sock(sk);
2218 -diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c
2219 -index 813b43a..834857f 100644
2220 ---- a/net/ipv4/tcp_illinois.c
2221 -+++ b/net/ipv4/tcp_illinois.c
2222 -@@ -313,11 +313,13 @@ static void tcp_illinois_info(struct sock *sk, u32 ext,
2223 - .tcpv_rttcnt = ca->cnt_rtt,
2224 - .tcpv_minrtt = ca->base_rtt,
2225 - };
2226 -- u64 t = ca->sum_rtt;
2227 -
2228 -- do_div(t, ca->cnt_rtt);
2229 -- info.tcpv_rtt = t;
2230 -+ if (info.tcpv_rttcnt > 0) {
2231 -+ u64 t = ca->sum_rtt;
2232 -
2233 -+ do_div(t, info.tcpv_rttcnt);
2234 -+ info.tcpv_rtt = t;
2235 -+ }
2236 - nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
2237 - }
2238 - }
2239 -diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
2240 -index d377f48..c92c4da 100644
2241 ---- a/net/ipv4/tcp_input.c
2242 -+++ b/net/ipv4/tcp_input.c
2243 -@@ -4556,6 +4556,9 @@ int tcp_send_rcvq(struct sock *sk, struct msghdr *msg, size_t size)
2244 - struct tcphdr *th;
2245 - bool fragstolen;
2246 -
2247 -+ if (size == 0)
2248 -+ return 0;
2249 -+
2250 - skb = alloc_skb(size + sizeof(*th), sk->sk_allocation);
2251 - if (!skb)
2252 - goto err;
2253 -diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
2254 -index ff36194..2edce30 100644
2255 ---- a/net/ipv6/ndisc.c
2256 -+++ b/net/ipv6/ndisc.c
2257 -@@ -535,7 +535,7 @@ static void ndisc_send_unsol_na(struct net_device *dev)
2258 - {
2259 - struct inet6_dev *idev;
2260 - struct inet6_ifaddr *ifa;
2261 -- struct in6_addr mcaddr;
2262 -+ struct in6_addr mcaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
2263 -
2264 - idev = in6_dev_get(dev);
2265 - if (!idev)
2266 -@@ -543,7 +543,6 @@ static void ndisc_send_unsol_na(struct net_device *dev)
2267 -
2268 - read_lock_bh(&idev->lock);
2269 - list_for_each_entry(ifa, &idev->addr_list, if_list) {
2270 -- addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
2271 - ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
2272 - /*router=*/ !!idev->cnf.forwarding,
2273 - /*solicited=*/ false, /*override=*/ true,
2274 -diff --git a/net/ipv6/route.c b/net/ipv6/route.c
2275 -index 46eff42..070a3ce 100644
2276 ---- a/net/ipv6/route.c
2277 -+++ b/net/ipv6/route.c
2278 -@@ -219,7 +219,7 @@ static struct dst_ops ip6_dst_blackhole_ops = {
2279 - };
2280 -
2281 - static const u32 ip6_template_metrics[RTAX_MAX] = {
2282 -- [RTAX_HOPLIMIT - 1] = 255,
2283 -+ [RTAX_HOPLIMIT - 1] = 0,
2284 - };
2285 -
2286 - static struct rt6_info ip6_null_entry_template = {
2287 -@@ -1241,7 +1241,7 @@ struct dst_entry *icmp6_dst_alloc(struct net_device *dev,
2288 - rt->rt6i_dst.addr = fl6->daddr;
2289 - rt->rt6i_dst.plen = 128;
2290 - rt->rt6i_idev = idev;
2291 -- dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 255);
2292 -+ dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 0);
2293 -
2294 - spin_lock_bh(&icmp6_dst_lock);
2295 - rt->dst.next = icmp6_dst_gc_list;
2296 -diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c
2297 -index 3bfb34a..69bf48d 100644
2298 ---- a/net/l2tp/l2tp_eth.c
2299 -+++ b/net/l2tp/l2tp_eth.c
2300 -@@ -290,6 +290,7 @@ static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 p
2301 -
2302 - out_del_dev:
2303 - free_netdev(dev);
2304 -+ spriv->dev = NULL;
2305 - out_del_session:
2306 - l2tp_session_delete(session);
2307 - out:
2308 -diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
2309 -index 5746d62..327aa07 100644
2310 ---- a/net/mac80211/ibss.c
2311 -+++ b/net/mac80211/ibss.c
2312 -@@ -1074,7 +1074,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
2313 - sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
2314 - sdata->u.ibss.ibss_join_req = jiffies;
2315 -
2316 -- memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN);
2317 -+ memcpy(sdata->u.ibss.ssid, params->ssid, params->ssid_len);
2318 - sdata->u.ibss.ssid_len = params->ssid_len;
2319 -
2320 - mutex_unlock(&sdata->u.ibss.mtx);
2321 -diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
2322 -index 0cb4ede..37fe5ce 100644
2323 ---- a/net/mac80211/rx.c
2324 -+++ b/net/mac80211/rx.c
2325 -@@ -491,6 +491,11 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
2326 -
2327 - if (ieee80211_is_action(hdr->frame_control)) {
2328 - u8 category;
2329 -+
2330 -+ /* make sure category field is present */
2331 -+ if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE)
2332 -+ return RX_DROP_MONITOR;
2333 -+
2334 - mgmt = (struct ieee80211_mgmt *)hdr;
2335 - category = mgmt->u.action.category;
2336 - if (category != WLAN_CATEGORY_MESH_ACTION &&
2337 -@@ -843,14 +848,16 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
2338 - */
2339 - if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
2340 - ieee80211_is_data_present(hdr->frame_control)) {
2341 -- u16 ethertype;
2342 -- u8 *payload;
2343 --
2344 -- payload = rx->skb->data +
2345 -- ieee80211_hdrlen(hdr->frame_control);
2346 -- ethertype = (payload[6] << 8) | payload[7];
2347 -- if (cpu_to_be16(ethertype) ==
2348 -- rx->sdata->control_port_protocol)
2349 -+ unsigned int hdrlen;
2350 -+ __be16 ethertype;
2351 -+
2352 -+ hdrlen = ieee80211_hdrlen(hdr->frame_control);
2353 -+
2354 -+ if (rx->skb->len < hdrlen + 8)
2355 -+ return RX_DROP_MONITOR;
2356 -+
2357 -+ skb_copy_bits(rx->skb, hdrlen + 6, &ethertype, 2);
2358 -+ if (ethertype == rx->sdata->control_port_protocol)
2359 - return RX_CONTINUE;
2360 - }
2361 -
2362 -@@ -1422,11 +1429,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
2363 -
2364 - hdr = (struct ieee80211_hdr *)rx->skb->data;
2365 - fc = hdr->frame_control;
2366 -+
2367 -+ if (ieee80211_is_ctl(fc))
2368 -+ return RX_CONTINUE;
2369 -+
2370 - sc = le16_to_cpu(hdr->seq_ctrl);
2371 - frag = sc & IEEE80211_SCTL_FRAG;
2372 -
2373 - if (likely((!ieee80211_has_morefrags(fc) && frag == 0) ||
2374 -- (rx->skb)->len < 24 ||
2375 - is_multicast_ether_addr(hdr->addr1))) {
2376 - /* not fragmented */
2377 - goto out;
2378 -@@ -1849,6 +1859,20 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
2379 -
2380 - hdr = (struct ieee80211_hdr *) skb->data;
2381 - hdrlen = ieee80211_hdrlen(hdr->frame_control);
2382 -+
2383 -+ /* make sure fixed part of mesh header is there, also checks skb len */
2384 -+ if (!pskb_may_pull(rx->skb, hdrlen + 6))
2385 -+ return RX_DROP_MONITOR;
2386 -+
2387 -+ mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
2388 -+
2389 -+ /* make sure full mesh header is there, also checks skb len */
2390 -+ if (!pskb_may_pull(rx->skb,
2391 -+ hdrlen + ieee80211_get_mesh_hdrlen(mesh_hdr)))
2392 -+ return RX_DROP_MONITOR;
2393 -+
2394 -+ /* reload pointers */
2395 -+ hdr = (struct ieee80211_hdr *) skb->data;
2396 - mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
2397 -
2398 - /* frame is in RMC, don't forward */
2399 -@@ -1857,7 +1881,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
2400 - mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata))
2401 - return RX_DROP_MONITOR;
2402 -
2403 -- if (!ieee80211_is_data(hdr->frame_control))
2404 -+ if (!ieee80211_is_data(hdr->frame_control) ||
2405 -+ !(status->rx_flags & IEEE80211_RX_RA_MATCH))
2406 - return RX_CONTINUE;
2407 -
2408 - if (!mesh_hdr->ttl)
2409 -@@ -1871,9 +1896,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
2410 - if (is_multicast_ether_addr(hdr->addr1)) {
2411 - mpp_addr = hdr->addr3;
2412 - proxied_addr = mesh_hdr->eaddr1;
2413 -- } else {
2414 -+ } else if (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6) {
2415 -+ /* has_a4 already checked in ieee80211_rx_mesh_check */
2416 - mpp_addr = hdr->addr4;
2417 - proxied_addr = mesh_hdr->eaddr2;
2418 -+ } else {
2419 -+ return RX_DROP_MONITOR;
2420 - }
2421 -
2422 - rcu_read_lock();
2423 -@@ -1901,9 +1929,6 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
2424 - }
2425 - skb_set_queue_mapping(skb, q);
2426 -
2427 -- if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
2428 -- goto out;
2429 --
2430 - if (!--mesh_hdr->ttl) {
2431 - IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl);
2432 - return RX_DROP_MONITOR;
2433 -@@ -2313,6 +2338,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2434 - }
2435 - break;
2436 - case WLAN_CATEGORY_SELF_PROTECTED:
2437 -+ if (len < (IEEE80211_MIN_ACTION_SIZE +
2438 -+ sizeof(mgmt->u.action.u.self_prot.action_code)))
2439 -+ break;
2440 -+
2441 - switch (mgmt->u.action.u.self_prot.action_code) {
2442 - case WLAN_SP_MESH_PEERING_OPEN:
2443 - case WLAN_SP_MESH_PEERING_CLOSE:
2444 -@@ -2331,6 +2360,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2445 - }
2446 - break;
2447 - case WLAN_CATEGORY_MESH_ACTION:
2448 -+ if (len < (IEEE80211_MIN_ACTION_SIZE +
2449 -+ sizeof(mgmt->u.action.u.mesh_action.action_code)))
2450 -+ break;
2451 -+
2452 - if (!ieee80211_vif_is_mesh(&sdata->vif))
2453 - break;
2454 - if (mesh_action_is_path_sel(mgmt) &&
2455 -@@ -2865,10 +2898,15 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2456 - if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc))
2457 - local->dot11ReceivedFragmentCount++;
2458 -
2459 -- if (ieee80211_is_mgmt(fc))
2460 -- err = skb_linearize(skb);
2461 -- else
2462 -+ if (ieee80211_is_mgmt(fc)) {
2463 -+ /* drop frame if too short for header */
2464 -+ if (skb->len < ieee80211_hdrlen(fc))
2465 -+ err = -ENOBUFS;
2466 -+ else
2467 -+ err = skb_linearize(skb);
2468 -+ } else {
2469 - err = !pskb_may_pull(skb, ieee80211_hdrlen(fc));
2470 -+ }
2471 -
2472 - if (err) {
2473 - dev_kfree_skb(skb);
2474 -diff --git a/net/mac80211/util.c b/net/mac80211/util.c
2475 -index c9b52f7..1cfe6d5 100644
2476 ---- a/net/mac80211/util.c
2477 -+++ b/net/mac80211/util.c
2478 -@@ -637,13 +637,41 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
2479 - break;
2480 - }
2481 -
2482 -- if (id != WLAN_EID_VENDOR_SPECIFIC &&
2483 -- id != WLAN_EID_QUIET &&
2484 -- test_bit(id, seen_elems)) {
2485 -- elems->parse_error = true;
2486 -- left -= elen;
2487 -- pos += elen;
2488 -- continue;
2489 -+ switch (id) {
2490 -+ case WLAN_EID_SSID:
2491 -+ case WLAN_EID_SUPP_RATES:
2492 -+ case WLAN_EID_FH_PARAMS:
2493 -+ case WLAN_EID_DS_PARAMS:
2494 -+ case WLAN_EID_CF_PARAMS:
2495 -+ case WLAN_EID_TIM:
2496 -+ case WLAN_EID_IBSS_PARAMS:
2497 -+ case WLAN_EID_CHALLENGE:
2498 -+ case WLAN_EID_RSN:
2499 -+ case WLAN_EID_ERP_INFO:
2500 -+ case WLAN_EID_EXT_SUPP_RATES:
2501 -+ case WLAN_EID_HT_CAPABILITY:
2502 -+ case WLAN_EID_HT_OPERATION:
2503 -+ case WLAN_EID_VHT_CAPABILITY:
2504 -+ case WLAN_EID_VHT_OPERATION:
2505 -+ case WLAN_EID_MESH_ID:
2506 -+ case WLAN_EID_MESH_CONFIG:
2507 -+ case WLAN_EID_PEER_MGMT:
2508 -+ case WLAN_EID_PREQ:
2509 -+ case WLAN_EID_PREP:
2510 -+ case WLAN_EID_PERR:
2511 -+ case WLAN_EID_RANN:
2512 -+ case WLAN_EID_CHANNEL_SWITCH:
2513 -+ case WLAN_EID_EXT_CHANSWITCH_ANN:
2514 -+ case WLAN_EID_COUNTRY:
2515 -+ case WLAN_EID_PWR_CONSTRAINT:
2516 -+ case WLAN_EID_TIMEOUT_INTERVAL:
2517 -+ if (test_bit(id, seen_elems)) {
2518 -+ elems->parse_error = true;
2519 -+ left -= elen;
2520 -+ pos += elen;
2521 -+ continue;
2522 -+ }
2523 -+ break;
2524 - }
2525 -
2526 - if (calc_crc && id < 64 && (filter & (1ULL << id)))
2527 -diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
2528 -index 9172179..0426b67 100644
2529 ---- a/net/netlink/af_netlink.c
2530 -+++ b/net/netlink/af_netlink.c
2531 -@@ -138,6 +138,8 @@ static int netlink_dump(struct sock *sk);
2532 - static DEFINE_RWLOCK(nl_table_lock);
2533 - static atomic_t nl_table_users = ATOMIC_INIT(0);
2534 -
2535 -+#define nl_deref_protected(X) rcu_dereference_protected(X, lockdep_is_held(&nl_table_lock));
2536 -+
2537 - static ATOMIC_NOTIFIER_HEAD(netlink_chain);
2538 -
2539 - static inline u32 netlink_group_mask(u32 group)
2540 -@@ -345,6 +347,11 @@ netlink_update_listeners(struct sock *sk)
2541 - struct hlist_node *node;
2542 - unsigned long mask;
2543 - unsigned int i;
2544 -+ struct listeners *listeners;
2545 -+
2546 -+ listeners = nl_deref_protected(tbl->listeners);
2547 -+ if (!listeners)
2548 -+ return;
2549 -
2550 - for (i = 0; i < NLGRPLONGS(tbl->groups); i++) {
2551 - mask = 0;
2552 -@@ -352,7 +359,7 @@ netlink_update_listeners(struct sock *sk)
2553 - if (i < NLGRPLONGS(nlk_sk(sk)->ngroups))
2554 - mask |= nlk_sk(sk)->groups[i];
2555 - }
2556 -- tbl->listeners->masks[i] = mask;
2557 -+ listeners->masks[i] = mask;
2558 - }
2559 - /* this function is only called with the netlink table "grabbed", which
2560 - * makes sure updates are visible before bind or setsockopt return. */
2561 -@@ -536,7 +543,11 @@ static int netlink_release(struct socket *sock)
2562 - if (netlink_is_kernel(sk)) {
2563 - BUG_ON(nl_table[sk->sk_protocol].registered == 0);
2564 - if (--nl_table[sk->sk_protocol].registered == 0) {
2565 -- kfree(nl_table[sk->sk_protocol].listeners);
2566 -+ struct listeners *old;
2567 -+
2568 -+ old = nl_deref_protected(nl_table[sk->sk_protocol].listeners);
2569 -+ RCU_INIT_POINTER(nl_table[sk->sk_protocol].listeners, NULL);
2570 -+ kfree_rcu(old, rcu);
2571 - nl_table[sk->sk_protocol].module = NULL;
2572 - nl_table[sk->sk_protocol].registered = 0;
2573 - }
2574 -@@ -978,7 +989,7 @@ int netlink_has_listeners(struct sock *sk, unsigned int group)
2575 - rcu_read_lock();
2576 - listeners = rcu_dereference(nl_table[sk->sk_protocol].listeners);
2577 -
2578 -- if (group - 1 < nl_table[sk->sk_protocol].groups)
2579 -+ if (listeners && group - 1 < nl_table[sk->sk_protocol].groups)
2580 - res = test_bit(group - 1, listeners->masks);
2581 -
2582 - rcu_read_unlock();
2583 -@@ -1620,7 +1631,7 @@ int __netlink_change_ngroups(struct sock *sk, unsigned int groups)
2584 - new = kzalloc(sizeof(*new) + NLGRPSZ(groups), GFP_ATOMIC);
2585 - if (!new)
2586 - return -ENOMEM;
2587 -- old = rcu_dereference_protected(tbl->listeners, 1);
2588 -+ old = nl_deref_protected(tbl->listeners);
2589 - memcpy(new->masks, old->masks, NLGRPSZ(tbl->groups));
2590 - rcu_assign_pointer(tbl->listeners, new);
2591 -
2592 -diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
2593 -index fe99628..b1c5be3 100644
2594 ---- a/net/sctp/sm_sideeffect.c
2595 -+++ b/net/sctp/sm_sideeffect.c
2596 -@@ -1634,8 +1634,9 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
2597 - asoc->outqueue.outstanding_bytes;
2598 - sackh.num_gap_ack_blocks = 0;
2599 - sackh.num_dup_tsns = 0;
2600 -+ chunk->subh.sack_hdr = &sackh;
2601 - sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK,
2602 -- SCTP_SACKH(&sackh));
2603 -+ SCTP_CHUNK(chunk));
2604 - break;
2605 -
2606 - case SCTP_CMD_DISCARD_PACKET:
2607 -diff --git a/net/wireless/core.c b/net/wireless/core.c
2608 -index dcd64d5..5797032 100644
2609 ---- a/net/wireless/core.c
2610 -+++ b/net/wireless/core.c
2611 -@@ -506,8 +506,7 @@ int wiphy_register(struct wiphy *wiphy)
2612 - for (i = 0; i < sband->n_channels; i++) {
2613 - sband->channels[i].orig_flags =
2614 - sband->channels[i].flags;
2615 -- sband->channels[i].orig_mag =
2616 -- sband->channels[i].max_antenna_gain;
2617 -+ sband->channels[i].orig_mag = INT_MAX;
2618 - sband->channels[i].orig_mpwr =
2619 - sband->channels[i].max_power;
2620 - sband->channels[i].band = band;
2621 -diff --git a/net/wireless/util.c b/net/wireless/util.c
2622 -index 994e2f0..09afde7 100644
2623 ---- a/net/wireless/util.c
2624 -+++ b/net/wireless/util.c
2625 -@@ -309,23 +309,21 @@ unsigned int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
2626 - }
2627 - EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
2628 -
2629 --static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr)
2630 -+unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr)
2631 - {
2632 - int ae = meshhdr->flags & MESH_FLAGS_AE;
2633 -- /* 7.1.3.5a.2 */
2634 -+ /* 802.11-2012, 8.2.4.7.3 */
2635 - switch (ae) {
2636 -+ default:
2637 - case 0:
2638 - return 6;
2639 - case MESH_FLAGS_AE_A4:
2640 - return 12;
2641 - case MESH_FLAGS_AE_A5_A6:
2642 - return 18;
2643 -- case (MESH_FLAGS_AE_A4 | MESH_FLAGS_AE_A5_A6):
2644 -- return 24;
2645 -- default:
2646 -- return 6;
2647 - }
2648 - }
2649 -+EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen);
2650 -
2651 - int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
2652 - enum nl80211_iftype iftype)
2653 -@@ -373,6 +371,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
2654 - /* make sure meshdr->flags is on the linear part */
2655 - if (!pskb_may_pull(skb, hdrlen + 1))
2656 - return -1;
2657 -+ if (meshdr->flags & MESH_FLAGS_AE_A4)
2658 -+ return -1;
2659 - if (meshdr->flags & MESH_FLAGS_AE_A5_A6) {
2660 - skb_copy_bits(skb, hdrlen +
2661 - offsetof(struct ieee80211s_hdr, eaddr1),
2662 -@@ -397,6 +397,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
2663 - /* make sure meshdr->flags is on the linear part */
2664 - if (!pskb_may_pull(skb, hdrlen + 1))
2665 - return -1;
2666 -+ if (meshdr->flags & MESH_FLAGS_AE_A5_A6)
2667 -+ return -1;
2668 - if (meshdr->flags & MESH_FLAGS_AE_A4)
2669 - skb_copy_bits(skb, hdrlen +
2670 - offsetof(struct ieee80211s_hdr, eaddr1),
2671 -diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
2672 -index eb60cb8..d5103f7 100644
2673 ---- a/sound/core/compress_offload.c
2674 -+++ b/sound/core/compress_offload.c
2675 -@@ -100,12 +100,15 @@ static int snd_compr_open(struct inode *inode, struct file *f)
2676 -
2677 - if (dirn != compr->direction) {
2678 - pr_err("this device doesn't support this direction\n");
2679 -+ snd_card_unref(compr->card);
2680 - return -EINVAL;
2681 - }
2682 -
2683 - data = kzalloc(sizeof(*data), GFP_KERNEL);
2684 -- if (!data)
2685 -+ if (!data) {
2686 -+ snd_card_unref(compr->card);
2687 - return -ENOMEM;
2688 -+ }
2689 - data->stream.ops = compr->ops;
2690 - data->stream.direction = dirn;
2691 - data->stream.private_data = compr->private_data;
2692 -@@ -113,6 +116,7 @@ static int snd_compr_open(struct inode *inode, struct file *f)
2693 - runtime = kzalloc(sizeof(*runtime), GFP_KERNEL);
2694 - if (!runtime) {
2695 - kfree(data);
2696 -+ snd_card_unref(compr->card);
2697 - return -ENOMEM;
2698 - }
2699 - runtime->state = SNDRV_PCM_STATE_OPEN;
2700 -@@ -126,7 +130,8 @@ static int snd_compr_open(struct inode *inode, struct file *f)
2701 - kfree(runtime);
2702 - kfree(data);
2703 - }
2704 -- return ret;
2705 -+ snd_card_unref(compr->card);
2706 -+ return 0;
2707 - }
2708 -
2709 - static int snd_compr_free(struct inode *inode, struct file *f)
2710 -diff --git a/sound/core/control.c b/sound/core/control.c
2711 -index 2487a6b..daa4fc8 100644
2712 ---- a/sound/core/control.c
2713 -+++ b/sound/core/control.c
2714 -@@ -86,6 +86,7 @@ static int snd_ctl_open(struct inode *inode, struct file *file)
2715 - write_lock_irqsave(&card->ctl_files_rwlock, flags);
2716 - list_add_tail(&ctl->list, &card->ctl_files);
2717 - write_unlock_irqrestore(&card->ctl_files_rwlock, flags);
2718 -+ snd_card_unref(card);
2719 - return 0;
2720 -
2721 - __error:
2722 -@@ -93,6 +94,8 @@ static int snd_ctl_open(struct inode *inode, struct file *file)
2723 - __error2:
2724 - snd_card_file_remove(card, file);
2725 - __error1:
2726 -+ if (card)
2727 -+ snd_card_unref(card);
2728 - return err;
2729 - }
2730 -
2731 -@@ -1433,6 +1436,8 @@ static ssize_t snd_ctl_read(struct file *file, char __user *buffer,
2732 - spin_unlock_irq(&ctl->read_lock);
2733 - schedule();
2734 - remove_wait_queue(&ctl->change_sleep, &wait);
2735 -+ if (ctl->card->shutdown)
2736 -+ return -ENODEV;
2737 - if (signal_pending(current))
2738 - return -ERESTARTSYS;
2739 - spin_lock_irq(&ctl->read_lock);
2740 -diff --git a/sound/core/hwdep.c b/sound/core/hwdep.c
2741 -index 75ea16f..3f7f662 100644
2742 ---- a/sound/core/hwdep.c
2743 -+++ b/sound/core/hwdep.c
2744 -@@ -100,8 +100,10 @@ static int snd_hwdep_open(struct inode *inode, struct file * file)
2745 - if (hw == NULL)
2746 - return -ENODEV;
2747 -
2748 -- if (!try_module_get(hw->card->module))
2749 -+ if (!try_module_get(hw->card->module)) {
2750 -+ snd_card_unref(hw->card);
2751 - return -EFAULT;
2752 -+ }
2753 -
2754 - init_waitqueue_entry(&wait, current);
2755 - add_wait_queue(&hw->open_wait, &wait);
2756 -@@ -129,6 +131,10 @@ static int snd_hwdep_open(struct inode *inode, struct file * file)
2757 - mutex_unlock(&hw->open_mutex);
2758 - schedule();
2759 - mutex_lock(&hw->open_mutex);
2760 -+ if (hw->card->shutdown) {
2761 -+ err = -ENODEV;
2762 -+ break;
2763 -+ }
2764 - if (signal_pending(current)) {
2765 - err = -ERESTARTSYS;
2766 - break;
2767 -@@ -148,6 +154,7 @@ static int snd_hwdep_open(struct inode *inode, struct file * file)
2768 - mutex_unlock(&hw->open_mutex);
2769 - if (err < 0)
2770 - module_put(hw->card->module);
2771 -+ snd_card_unref(hw->card);
2772 - return err;
2773 - }
2774 -
2775 -@@ -459,12 +466,15 @@ static int snd_hwdep_dev_disconnect(struct snd_device *device)
2776 - mutex_unlock(&register_mutex);
2777 - return -EINVAL;
2778 - }
2779 -+ mutex_lock(&hwdep->open_mutex);
2780 -+ wake_up(&hwdep->open_wait);
2781 - #ifdef CONFIG_SND_OSSEMUL
2782 - if (hwdep->ossreg)
2783 - snd_unregister_oss_device(hwdep->oss_type, hwdep->card, hwdep->device);
2784 - #endif
2785 - snd_unregister_device(SNDRV_DEVICE_TYPE_HWDEP, hwdep->card, hwdep->device);
2786 - list_del_init(&hwdep->list);
2787 -+ mutex_unlock(&hwdep->open_mutex);
2788 - mutex_unlock(&register_mutex);
2789 - return 0;
2790 - }
2791 -diff --git a/sound/core/init.c b/sound/core/init.c
2792 -index d8ec849..7b012d1 100644
2793 ---- a/sound/core/init.c
2794 -+++ b/sound/core/init.c
2795 -@@ -213,6 +213,7 @@ int snd_card_create(int idx, const char *xid,
2796 - spin_lock_init(&card->files_lock);
2797 - INIT_LIST_HEAD(&card->files_list);
2798 - init_waitqueue_head(&card->shutdown_sleep);
2799 -+ atomic_set(&card->refcount, 0);
2800 - #ifdef CONFIG_PM
2801 - mutex_init(&card->power_lock);
2802 - init_waitqueue_head(&card->power_sleep);
2803 -@@ -446,21 +447,36 @@ static int snd_card_do_free(struct snd_card *card)
2804 - return 0;
2805 - }
2806 -
2807 -+/**
2808 -+ * snd_card_unref - release the reference counter
2809 -+ * @card: the card instance
2810 -+ *
2811 -+ * Decrements the reference counter. When it reaches to zero, wake up
2812 -+ * the sleeper and call the destructor if needed.
2813 -+ */
2814 -+void snd_card_unref(struct snd_card *card)
2815 -+{
2816 -+ if (atomic_dec_and_test(&card->refcount)) {
2817 -+ wake_up(&card->shutdown_sleep);
2818 -+ if (card->free_on_last_close)
2819 -+ snd_card_do_free(card);
2820 -+ }
2821 -+}
2822 -+EXPORT_SYMBOL(snd_card_unref);
2823 -+
2824 - int snd_card_free_when_closed(struct snd_card *card)
2825 - {
2826 -- int free_now = 0;
2827 -- int ret = snd_card_disconnect(card);
2828 -- if (ret)
2829 -- return ret;
2830 -+ int ret;
2831 -
2832 -- spin_lock(&card->files_lock);
2833 -- if (list_empty(&card->files_list))
2834 -- free_now = 1;
2835 -- else
2836 -- card->free_on_last_close = 1;
2837 -- spin_unlock(&card->files_lock);
2838 -+ atomic_inc(&card->refcount);
2839 -+ ret = snd_card_disconnect(card);
2840 -+ if (ret) {
2841 -+ atomic_dec(&card->refcount);
2842 -+ return ret;
2843 -+ }
2844 -
2845 -- if (free_now)
2846 -+ card->free_on_last_close = 1;
2847 -+ if (atomic_dec_and_test(&card->refcount))
2848 - snd_card_do_free(card);
2849 - return 0;
2850 - }
2851 -@@ -474,7 +490,7 @@ int snd_card_free(struct snd_card *card)
2852 - return ret;
2853 -
2854 - /* wait, until all devices are ready for the free operation */
2855 -- wait_event(card->shutdown_sleep, list_empty(&card->files_list));
2856 -+ wait_event(card->shutdown_sleep, !atomic_read(&card->refcount));
2857 - snd_card_do_free(card);
2858 - return 0;
2859 - }
2860 -@@ -886,6 +902,7 @@ int snd_card_file_add(struct snd_card *card, struct file *file)
2861 - return -ENODEV;
2862 - }
2863 - list_add(&mfile->list, &card->files_list);
2864 -+ atomic_inc(&card->refcount);
2865 - spin_unlock(&card->files_lock);
2866 - return 0;
2867 - }
2868 -@@ -908,7 +925,6 @@ EXPORT_SYMBOL(snd_card_file_add);
2869 - int snd_card_file_remove(struct snd_card *card, struct file *file)
2870 - {
2871 - struct snd_monitor_file *mfile, *found = NULL;
2872 -- int last_close = 0;
2873 -
2874 - spin_lock(&card->files_lock);
2875 - list_for_each_entry(mfile, &card->files_list, list) {
2876 -@@ -923,19 +939,13 @@ int snd_card_file_remove(struct snd_card *card, struct file *file)
2877 - break;
2878 - }
2879 - }
2880 -- if (list_empty(&card->files_list))
2881 -- last_close = 1;
2882 - spin_unlock(&card->files_lock);
2883 -- if (last_close) {
2884 -- wake_up(&card->shutdown_sleep);
2885 -- if (card->free_on_last_close)
2886 -- snd_card_do_free(card);
2887 -- }
2888 - if (!found) {
2889 - snd_printk(KERN_ERR "ALSA card file remove problem (%p)\n", file);
2890 - return -ENOENT;
2891 - }
2892 - kfree(found);
2893 -+ snd_card_unref(card);
2894 - return 0;
2895 - }
2896 -
2897 -diff --git a/sound/core/oss/mixer_oss.c b/sound/core/oss/mixer_oss.c
2898 -index 18297f7..c353768 100644
2899 ---- a/sound/core/oss/mixer_oss.c
2900 -+++ b/sound/core/oss/mixer_oss.c
2901 -@@ -52,14 +52,19 @@ static int snd_mixer_oss_open(struct inode *inode, struct file *file)
2902 - SNDRV_OSS_DEVICE_TYPE_MIXER);
2903 - if (card == NULL)
2904 - return -ENODEV;
2905 -- if (card->mixer_oss == NULL)
2906 -+ if (card->mixer_oss == NULL) {
2907 -+ snd_card_unref(card);
2908 - return -ENODEV;
2909 -+ }
2910 - err = snd_card_file_add(card, file);
2911 -- if (err < 0)
2912 -+ if (err < 0) {
2913 -+ snd_card_unref(card);
2914 - return err;
2915 -+ }
2916 - fmixer = kzalloc(sizeof(*fmixer), GFP_KERNEL);
2917 - if (fmixer == NULL) {
2918 - snd_card_file_remove(card, file);
2919 -+ snd_card_unref(card);
2920 - return -ENOMEM;
2921 - }
2922 - fmixer->card = card;
2923 -@@ -68,8 +73,10 @@ static int snd_mixer_oss_open(struct inode *inode, struct file *file)
2924 - if (!try_module_get(card->module)) {
2925 - kfree(fmixer);
2926 - snd_card_file_remove(card, file);
2927 -+ snd_card_unref(card);
2928 - return -EFAULT;
2929 - }
2930 -+ snd_card_unref(card);
2931 - return 0;
2932 - }
2933 -
2934 -diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
2935 -index 08fde00..4c1cc51 100644
2936 ---- a/sound/core/oss/pcm_oss.c
2937 -+++ b/sound/core/oss/pcm_oss.c
2938 -@@ -2441,6 +2441,10 @@ static int snd_pcm_oss_open(struct inode *inode, struct file *file)
2939 - mutex_unlock(&pcm->open_mutex);
2940 - schedule();
2941 - mutex_lock(&pcm->open_mutex);
2942 -+ if (pcm->card->shutdown) {
2943 -+ err = -ENODEV;
2944 -+ break;
2945 -+ }
2946 - if (signal_pending(current)) {
2947 - err = -ERESTARTSYS;
2948 - break;
2949 -@@ -2450,6 +2454,7 @@ static int snd_pcm_oss_open(struct inode *inode, struct file *file)
2950 - mutex_unlock(&pcm->open_mutex);
2951 - if (err < 0)
2952 - goto __error;
2953 -+ snd_card_unref(pcm->card);
2954 - return err;
2955 -
2956 - __error:
2957 -@@ -2457,6 +2462,8 @@ static int snd_pcm_oss_open(struct inode *inode, struct file *file)
2958 - __error2:
2959 - snd_card_file_remove(pcm->card, file);
2960 - __error1:
2961 -+ if (pcm)
2962 -+ snd_card_unref(pcm->card);
2963 - return err;
2964 - }
2965 -
2966 -diff --git a/sound/core/pcm.c b/sound/core/pcm.c
2967 -index 1a3070b..e30e1be 100644
2968 ---- a/sound/core/pcm.c
2969 -+++ b/sound/core/pcm.c
2970 -@@ -1086,11 +1086,19 @@ static int snd_pcm_dev_disconnect(struct snd_device *device)
2971 - if (list_empty(&pcm->list))
2972 - goto unlock;
2973 -
2974 -+ mutex_lock(&pcm->open_mutex);
2975 -+ wake_up(&pcm->open_wait);
2976 - list_del_init(&pcm->list);
2977 - for (cidx = 0; cidx < 2; cidx++)
2978 -- for (substream = pcm->streams[cidx].substream; substream; substream = substream->next)
2979 -- if (substream->runtime)
2980 -+ for (substream = pcm->streams[cidx].substream; substream; substream = substream->next) {
2981 -+ snd_pcm_stream_lock_irq(substream);
2982 -+ if (substream->runtime) {
2983 - substream->runtime->status->state = SNDRV_PCM_STATE_DISCONNECTED;
2984 -+ wake_up(&substream->runtime->sleep);
2985 -+ wake_up(&substream->runtime->tsleep);
2986 -+ }
2987 -+ snd_pcm_stream_unlock_irq(substream);
2988 -+ }
2989 - list_for_each_entry(notify, &snd_pcm_notify_list, list) {
2990 - notify->n_disconnect(pcm);
2991 - }
2992 -@@ -1106,6 +1114,7 @@ static int snd_pcm_dev_disconnect(struct snd_device *device)
2993 - }
2994 - snd_unregister_device(devtype, pcm->card, pcm->device);
2995 - }
2996 -+ mutex_unlock(&pcm->open_mutex);
2997 - unlock:
2998 - mutex_unlock(&register_mutex);
2999 - return 0;
3000 -diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
3001 -index 53b5ada..bf3bf43 100644
3002 ---- a/sound/core/pcm_native.c
3003 -+++ b/sound/core/pcm_native.c
3004 -@@ -369,6 +369,14 @@ static int period_to_usecs(struct snd_pcm_runtime *runtime)
3005 - return usecs;
3006 - }
3007 -
3008 -+static void snd_pcm_set_state(struct snd_pcm_substream *substream, int state)
3009 -+{
3010 -+ snd_pcm_stream_lock_irq(substream);
3011 -+ if (substream->runtime->status->state != SNDRV_PCM_STATE_DISCONNECTED)
3012 -+ substream->runtime->status->state = state;
3013 -+ snd_pcm_stream_unlock_irq(substream);
3014 -+}
3015 -+
3016 - static int snd_pcm_hw_params(struct snd_pcm_substream *substream,
3017 - struct snd_pcm_hw_params *params)
3018 - {
3019 -@@ -452,7 +460,7 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream,
3020 - runtime->boundary *= 2;
3021 -
3022 - snd_pcm_timer_resolution_change(substream);
3023 -- runtime->status->state = SNDRV_PCM_STATE_SETUP;
3024 -+ snd_pcm_set_state(substream, SNDRV_PCM_STATE_SETUP);
3025 -
3026 - if (pm_qos_request_active(&substream->latency_pm_qos_req))
3027 - pm_qos_remove_request(&substream->latency_pm_qos_req);
3028 -@@ -464,7 +472,7 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream,
3029 - /* hardware might be unusable from this time,
3030 - so we force application to retry to set
3031 - the correct hardware parameter settings */
3032 -- runtime->status->state = SNDRV_PCM_STATE_OPEN;
3033 -+ snd_pcm_set_state(substream, SNDRV_PCM_STATE_OPEN);
3034 - if (substream->ops->hw_free != NULL)
3035 - substream->ops->hw_free(substream);
3036 - return err;
3037 -@@ -512,7 +520,7 @@ static int snd_pcm_hw_free(struct snd_pcm_substream *substream)
3038 - return -EBADFD;
3039 - if (substream->ops->hw_free)
3040 - result = substream->ops->hw_free(substream);
3041 -- runtime->status->state = SNDRV_PCM_STATE_OPEN;
3042 -+ snd_pcm_set_state(substream, SNDRV_PCM_STATE_OPEN);
3043 - pm_qos_remove_request(&substream->latency_pm_qos_req);
3044 - return result;
3045 - }
3046 -@@ -1320,7 +1328,7 @@ static void snd_pcm_post_prepare(struct snd_pcm_substream *substream, int state)
3047 - {
3048 - struct snd_pcm_runtime *runtime = substream->runtime;
3049 - runtime->control->appl_ptr = runtime->status->hw_ptr;
3050 -- runtime->status->state = SNDRV_PCM_STATE_PREPARED;
3051 -+ snd_pcm_set_state(substream, SNDRV_PCM_STATE_PREPARED);
3052 - }
3053 -
3054 - static struct action_ops snd_pcm_action_prepare = {
3055 -@@ -1510,6 +1518,10 @@ static int snd_pcm_drain(struct snd_pcm_substream *substream,
3056 - down_read(&snd_pcm_link_rwsem);
3057 - snd_pcm_stream_lock_irq(substream);
3058 - remove_wait_queue(&to_check->sleep, &wait);
3059 -+ if (card->shutdown) {
3060 -+ result = -ENODEV;
3061 -+ break;
3062 -+ }
3063 - if (tout == 0) {
3064 - if (substream->runtime->status->state == SNDRV_PCM_STATE_SUSPENDED)
3065 - result = -ESTRPIPE;
3066 -@@ -1633,6 +1645,7 @@ static int snd_pcm_link(struct snd_pcm_substream *substream, int fd)
3067 - write_unlock_irq(&snd_pcm_link_rwlock);
3068 - up_write(&snd_pcm_link_rwsem);
3069 - _nolock:
3070 -+ snd_card_unref(substream1->pcm->card);
3071 - fput(file);
3072 - if (res < 0)
3073 - kfree(group);
3074 -@@ -2107,7 +2120,10 @@ static int snd_pcm_playback_open(struct inode *inode, struct file *file)
3075 - return err;
3076 - pcm = snd_lookup_minor_data(iminor(inode),
3077 - SNDRV_DEVICE_TYPE_PCM_PLAYBACK);
3078 -- return snd_pcm_open(file, pcm, SNDRV_PCM_STREAM_PLAYBACK);
3079 -+ err = snd_pcm_open(file, pcm, SNDRV_PCM_STREAM_PLAYBACK);
3080 -+ if (pcm)
3081 -+ snd_card_unref(pcm->card);
3082 -+ return err;
3083 - }
3084 -
3085 - static int snd_pcm_capture_open(struct inode *inode, struct file *file)
3086 -@@ -2118,7 +2134,10 @@ static int snd_pcm_capture_open(struct inode *inode, struct file *file)
3087 - return err;
3088 - pcm = snd_lookup_minor_data(iminor(inode),
3089 - SNDRV_DEVICE_TYPE_PCM_CAPTURE);
3090 -- return snd_pcm_open(file, pcm, SNDRV_PCM_STREAM_CAPTURE);
3091 -+ err = snd_pcm_open(file, pcm, SNDRV_PCM_STREAM_CAPTURE);
3092 -+ if (pcm)
3093 -+ snd_card_unref(pcm->card);
3094 -+ return err;
3095 - }
3096 -
3097 - static int snd_pcm_open(struct file *file, struct snd_pcm *pcm, int stream)
3098 -@@ -2155,6 +2174,10 @@ static int snd_pcm_open(struct file *file, struct snd_pcm *pcm, int stream)
3099 - mutex_unlock(&pcm->open_mutex);
3100 - schedule();
3101 - mutex_lock(&pcm->open_mutex);
3102 -+ if (pcm->card->shutdown) {
3103 -+ err = -ENODEV;
3104 -+ break;
3105 -+ }
3106 - if (signal_pending(current)) {
3107 - err = -ERESTARTSYS;
3108 - break;
3109 -diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
3110 -index ebf6e49..1bb95ae 100644
3111 ---- a/sound/core/rawmidi.c
3112 -+++ b/sound/core/rawmidi.c
3113 -@@ -379,8 +379,10 @@ static int snd_rawmidi_open(struct inode *inode, struct file *file)
3114 - if (rmidi == NULL)
3115 - return -ENODEV;
3116 -
3117 -- if (!try_module_get(rmidi->card->module))
3118 -+ if (!try_module_get(rmidi->card->module)) {
3119 -+ snd_card_unref(rmidi->card);
3120 - return -ENXIO;
3121 -+ }
3122 -
3123 - mutex_lock(&rmidi->open_mutex);
3124 - card = rmidi->card;
3125 -@@ -422,6 +424,10 @@ static int snd_rawmidi_open(struct inode *inode, struct file *file)
3126 - mutex_unlock(&rmidi->open_mutex);
3127 - schedule();
3128 - mutex_lock(&rmidi->open_mutex);
3129 -+ if (rmidi->card->shutdown) {
3130 -+ err = -ENODEV;
3131 -+ break;
3132 -+ }
3133 - if (signal_pending(current)) {
3134 - err = -ERESTARTSYS;
3135 - break;
3136 -@@ -440,6 +446,7 @@ static int snd_rawmidi_open(struct inode *inode, struct file *file)
3137 - #endif
3138 - file->private_data = rawmidi_file;
3139 - mutex_unlock(&rmidi->open_mutex);
3140 -+ snd_card_unref(rmidi->card);
3141 - return 0;
3142 -
3143 - __error:
3144 -@@ -447,6 +454,7 @@ static int snd_rawmidi_open(struct inode *inode, struct file *file)
3145 - __error_card:
3146 - mutex_unlock(&rmidi->open_mutex);
3147 - module_put(rmidi->card->module);
3148 -+ snd_card_unref(rmidi->card);
3149 - return err;
3150 - }
3151 -
3152 -@@ -991,6 +999,8 @@ static ssize_t snd_rawmidi_read(struct file *file, char __user *buf, size_t coun
3153 - spin_unlock_irq(&runtime->lock);
3154 - schedule();
3155 - remove_wait_queue(&runtime->sleep, &wait);
3156 -+ if (rfile->rmidi->card->shutdown)
3157 -+ return -ENODEV;
3158 - if (signal_pending(current))
3159 - return result > 0 ? result : -ERESTARTSYS;
3160 - if (!runtime->avail)
3161 -@@ -1234,6 +1244,8 @@ static ssize_t snd_rawmidi_write(struct file *file, const char __user *buf,
3162 - spin_unlock_irq(&runtime->lock);
3163 - timeout = schedule_timeout(30 * HZ);
3164 - remove_wait_queue(&runtime->sleep, &wait);
3165 -+ if (rfile->rmidi->card->shutdown)
3166 -+ return -ENODEV;
3167 - if (signal_pending(current))
3168 - return result > 0 ? result : -ERESTARTSYS;
3169 - if (!runtime->avail && !timeout)
3170 -@@ -1609,9 +1621,20 @@ static int snd_rawmidi_dev_register(struct snd_device *device)
3171 - static int snd_rawmidi_dev_disconnect(struct snd_device *device)
3172 - {
3173 - struct snd_rawmidi *rmidi = device->device_data;
3174 -+ int dir;
3175 -
3176 - mutex_lock(&register_mutex);
3177 -+ mutex_lock(&rmidi->open_mutex);
3178 -+ wake_up(&rmidi->open_wait);
3179 - list_del_init(&rmidi->list);
3180 -+ for (dir = 0; dir < 2; dir++) {
3181 -+ struct snd_rawmidi_substream *s;
3182 -+ list_for_each_entry(s, &rmidi->streams[dir].substreams, list) {
3183 -+ if (s->runtime)
3184 -+ wake_up(&s->runtime->sleep);
3185 -+ }
3186 -+ }
3187 -+
3188 - #ifdef CONFIG_SND_OSSEMUL
3189 - if (rmidi->ossreg) {
3190 - if ((int)rmidi->device == midi_map[rmidi->card->number]) {
3191 -@@ -1626,6 +1649,7 @@ static int snd_rawmidi_dev_disconnect(struct snd_device *device)
3192 - }
3193 - #endif /* CONFIG_SND_OSSEMUL */
3194 - snd_unregister_device(SNDRV_DEVICE_TYPE_RAWMIDI, rmidi->card, rmidi->device);
3195 -+ mutex_unlock(&rmidi->open_mutex);
3196 - mutex_unlock(&register_mutex);
3197 - return 0;
3198 - }
3199 -diff --git a/sound/core/sound.c b/sound/core/sound.c
3200 -index 28f3559..3700d96 100644
3201 ---- a/sound/core/sound.c
3202 -+++ b/sound/core/sound.c
3203 -@@ -99,6 +99,10 @@ static void snd_request_other(int minor)
3204 - *
3205 - * Checks that a minor device with the specified type is registered, and returns
3206 - * its user data pointer.
3207 -+ *
3208 -+ * This function increments the reference counter of the card instance
3209 -+ * if an associated instance with the given minor number and type is found.
3210 -+ * The caller must call snd_card_unref() appropriately later.
3211 - */
3212 - void *snd_lookup_minor_data(unsigned int minor, int type)
3213 - {
3214 -@@ -109,9 +113,11 @@ void *snd_lookup_minor_data(unsigned int minor, int type)
3215 - return NULL;
3216 - mutex_lock(&sound_mutex);
3217 - mreg = snd_minors[minor];
3218 -- if (mreg && mreg->type == type)
3219 -+ if (mreg && mreg->type == type) {
3220 - private_data = mreg->private_data;
3221 -- else
3222 -+ if (private_data && mreg->card_ptr)
3223 -+ atomic_inc(&mreg->card_ptr->refcount);
3224 -+ } else
3225 - private_data = NULL;
3226 - mutex_unlock(&sound_mutex);
3227 - return private_data;
3228 -@@ -276,6 +282,7 @@ int snd_register_device_for_dev(int type, struct snd_card *card, int dev,
3229 - preg->device = dev;
3230 - preg->f_ops = f_ops;
3231 - preg->private_data = private_data;
3232 -+ preg->card_ptr = card;
3233 - mutex_lock(&sound_mutex);
3234 - #ifdef CONFIG_SND_DYNAMIC_MINORS
3235 - minor = snd_find_free_minor(type);
3236 -diff --git a/sound/core/sound_oss.c b/sound/core/sound_oss.c
3237 -index e952833..726a49a 100644
3238 ---- a/sound/core/sound_oss.c
3239 -+++ b/sound/core/sound_oss.c
3240 -@@ -40,6 +40,9 @@
3241 - static struct snd_minor *snd_oss_minors[SNDRV_OSS_MINORS];
3242 - static DEFINE_MUTEX(sound_oss_mutex);
3243 -
3244 -+/* NOTE: This function increments the refcount of the associated card like
3245 -+ * snd_lookup_minor_data(); the caller must call snd_card_unref() appropriately
3246 -+ */
3247 - void *snd_lookup_oss_minor_data(unsigned int minor, int type)
3248 - {
3249 - struct snd_minor *mreg;
3250 -@@ -49,9 +52,11 @@ void *snd_lookup_oss_minor_data(unsigned int minor, int type)
3251 - return NULL;
3252 - mutex_lock(&sound_oss_mutex);
3253 - mreg = snd_oss_minors[minor];
3254 -- if (mreg && mreg->type == type)
3255 -+ if (mreg && mreg->type == type) {
3256 - private_data = mreg->private_data;
3257 -- else
3258 -+ if (private_data && mreg->card_ptr)
3259 -+ atomic_inc(&mreg->card_ptr->refcount);
3260 -+ } else
3261 - private_data = NULL;
3262 - mutex_unlock(&sound_oss_mutex);
3263 - return private_data;
3264 -@@ -123,6 +128,7 @@ int snd_register_oss_device(int type, struct snd_card *card, int dev,
3265 - preg->device = dev;
3266 - preg->f_ops = f_ops;
3267 - preg->private_data = private_data;
3268 -+ preg->card_ptr = card;
3269 - mutex_lock(&sound_oss_mutex);
3270 - snd_oss_minors[minor] = preg;
3271 - minor_unit = SNDRV_MINOR_OSS_DEVICE(minor);
3272 -diff --git a/sound/usb/card.c b/sound/usb/card.c
3273 -index 4a469f0..b3f5ad4 100644
3274 ---- a/sound/usb/card.c
3275 -+++ b/sound/usb/card.c
3276 -@@ -339,7 +339,7 @@ static int snd_usb_audio_create(struct usb_device *dev, int idx,
3277 - }
3278 -
3279 - mutex_init(&chip->mutex);
3280 -- mutex_init(&chip->shutdown_mutex);
3281 -+ init_rwsem(&chip->shutdown_rwsem);
3282 - chip->index = idx;
3283 - chip->dev = dev;
3284 - chip->card = card;
3285 -@@ -559,9 +559,11 @@ static void snd_usb_audio_disconnect(struct usb_device *dev,
3286 - return;
3287 -
3288 - card = chip->card;
3289 -- mutex_lock(&register_mutex);
3290 -- mutex_lock(&chip->shutdown_mutex);
3291 -+ down_write(&chip->shutdown_rwsem);
3292 - chip->shutdown = 1;
3293 -+ up_write(&chip->shutdown_rwsem);
3294 -+
3295 -+ mutex_lock(&register_mutex);
3296 - chip->num_interfaces--;
3297 - if (chip->num_interfaces <= 0) {
3298 - snd_card_disconnect(card);
3299 -@@ -582,11 +584,9 @@ static void snd_usb_audio_disconnect(struct usb_device *dev,
3300 - snd_usb_mixer_disconnect(p);
3301 - }
3302 - usb_chip[chip->index] = NULL;
3303 -- mutex_unlock(&chip->shutdown_mutex);
3304 - mutex_unlock(&register_mutex);
3305 - snd_card_free_when_closed(card);
3306 - } else {
3307 -- mutex_unlock(&chip->shutdown_mutex);
3308 - mutex_unlock(&register_mutex);
3309 - }
3310 - }
3311 -@@ -618,16 +618,20 @@ int snd_usb_autoresume(struct snd_usb_audio *chip)
3312 - {
3313 - int err = -ENODEV;
3314 -
3315 -+ down_read(&chip->shutdown_rwsem);
3316 - if (!chip->shutdown && !chip->probing)
3317 - err = usb_autopm_get_interface(chip->pm_intf);
3318 -+ up_read(&chip->shutdown_rwsem);
3319 -
3320 - return err;
3321 - }
3322 -
3323 - void snd_usb_autosuspend(struct snd_usb_audio *chip)
3324 - {
3325 -+ down_read(&chip->shutdown_rwsem);
3326 - if (!chip->shutdown && !chip->probing)
3327 - usb_autopm_put_interface(chip->pm_intf);
3328 -+ up_read(&chip->shutdown_rwsem);
3329 - }
3330 -
3331 - static int usb_audio_suspend(struct usb_interface *intf, pm_message_t message)
3332 -diff --git a/sound/usb/card.h b/sound/usb/card.h
3333 -index d9d2b5a..6e262c5 100644
3334 ---- a/sound/usb/card.h
3335 -+++ b/sound/usb/card.h
3336 -@@ -125,6 +125,7 @@ struct snd_usb_substream {
3337 - struct snd_usb_endpoint *data_endpoint;
3338 - struct snd_usb_endpoint *sync_endpoint;
3339 - unsigned long flags;
3340 -+ unsigned int speed; /* USB_SPEED_XXX */
3341 -
3342 - u64 formats; /* format bitmasks (all or'ed) */
3343 - unsigned int num_formats; /* number of supported audio formats (list) */
3344 -diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c
3345 -index fe56c9d..298070e 100644
3346 ---- a/sound/usb/mixer.c
3347 -+++ b/sound/usb/mixer.c
3348 -@@ -287,25 +287,32 @@ static int get_ctl_value_v1(struct usb_mixer_elem_info *cval, int request, int v
3349 - unsigned char buf[2];
3350 - int val_len = cval->val_type >= USB_MIXER_S16 ? 2 : 1;
3351 - int timeout = 10;
3352 -- int err;
3353 -+ int idx = 0, err;
3354 -
3355 - err = snd_usb_autoresume(cval->mixer->chip);
3356 - if (err < 0)
3357 - return -EIO;
3358 -+ down_read(&chip->shutdown_rwsem);
3359 - while (timeout-- > 0) {
3360 -+ if (chip->shutdown)
3361 -+ break;
3362 -+ idx = snd_usb_ctrl_intf(chip) | (cval->id << 8);
3363 - if (snd_usb_ctl_msg(chip->dev, usb_rcvctrlpipe(chip->dev, 0), request,
3364 - USB_RECIP_INTERFACE | USB_TYPE_CLASS | USB_DIR_IN,
3365 -- validx, snd_usb_ctrl_intf(chip) | (cval->id << 8),
3366 -- buf, val_len) >= val_len) {
3367 -+ validx, idx, buf, val_len) >= val_len) {
3368 - *value_ret = convert_signed_value(cval, snd_usb_combine_bytes(buf, val_len));
3369 -- snd_usb_autosuspend(cval->mixer->chip);
3370 -- return 0;
3371 -+ err = 0;
3372 -+ goto out;
3373 - }
3374 - }
3375 -- snd_usb_autosuspend(cval->mixer->chip);
3376 - snd_printdd(KERN_ERR "cannot get ctl value: req = %#x, wValue = %#x, wIndex = %#x, type = %d\n",
3377 -- request, validx, snd_usb_ctrl_intf(chip) | (cval->id << 8), cval->val_type);
3378 -- return -EINVAL;
3379 -+ request, validx, idx, cval->val_type);
3380 -+ err = -EINVAL;
3381 -+
3382 -+ out:
3383 -+ up_read(&chip->shutdown_rwsem);
3384 -+ snd_usb_autosuspend(cval->mixer->chip);
3385 -+ return err;
3386 - }
3387 -
3388 - static int get_ctl_value_v2(struct usb_mixer_elem_info *cval, int request, int validx, int *value_ret)
3389 -@@ -313,7 +320,7 @@ static int get_ctl_value_v2(struct usb_mixer_elem_info *cval, int request, int v
3390 - struct snd_usb_audio *chip = cval->mixer->chip;
3391 - unsigned char buf[2 + 3*sizeof(__u16)]; /* enough space for one range */
3392 - unsigned char *val;
3393 -- int ret, size;
3394 -+ int idx = 0, ret, size;
3395 - __u8 bRequest;
3396 -
3397 - if (request == UAC_GET_CUR) {
3398 -@@ -330,16 +337,22 @@ static int get_ctl_value_v2(struct usb_mixer_elem_info *cval, int request, int v
3399 - if (ret)
3400 - goto error;
3401 -
3402 -- ret = snd_usb_ctl_msg(chip->dev, usb_rcvctrlpipe(chip->dev, 0), bRequest,
3403 -+ down_read(&chip->shutdown_rwsem);
3404 -+ if (chip->shutdown)
3405 -+ ret = -ENODEV;
3406 -+ else {
3407 -+ idx = snd_usb_ctrl_intf(chip) | (cval->id << 8);
3408 -+ ret = snd_usb_ctl_msg(chip->dev, usb_rcvctrlpipe(chip->dev, 0), bRequest,
3409 - USB_RECIP_INTERFACE | USB_TYPE_CLASS | USB_DIR_IN,
3410 -- validx, snd_usb_ctrl_intf(chip) | (cval->id << 8),
3411 -- buf, size);
3412 -+ validx, idx, buf, size);
3413 -+ }
3414 -+ up_read(&chip->shutdown_rwsem);
3415 - snd_usb_autosuspend(chip);
3416 -
3417 - if (ret < 0) {
3418 - error:
3419 - snd_printk(KERN_ERR "cannot get ctl value: req = %#x, wValue = %#x, wIndex = %#x, type = %d\n",
3420 -- request, validx, snd_usb_ctrl_intf(chip) | (cval->id << 8), cval->val_type);
3421 -+ request, validx, idx, cval->val_type);
3422 - return ret;
3423 - }
3424 -
3425 -@@ -417,7 +430,7 @@ int snd_usb_mixer_set_ctl_value(struct usb_mixer_elem_info *cval,
3426 - {
3427 - struct snd_usb_audio *chip = cval->mixer->chip;
3428 - unsigned char buf[2];
3429 -- int val_len, err, timeout = 10;
3430 -+ int idx = 0, val_len, err, timeout = 10;
3431 -
3432 - if (cval->mixer->protocol == UAC_VERSION_1) {
3433 - val_len = cval->val_type >= USB_MIXER_S16 ? 2 : 1;
3434 -@@ -440,19 +453,27 @@ int snd_usb_mixer_set_ctl_value(struct usb_mixer_elem_info *cval,
3435 - err = snd_usb_autoresume(chip);
3436 - if (err < 0)
3437 - return -EIO;
3438 -- while (timeout-- > 0)
3439 -+ down_read(&chip->shutdown_rwsem);
3440 -+ while (timeout-- > 0) {
3441 -+ if (chip->shutdown)
3442 -+ break;
3443 -+ idx = snd_usb_ctrl_intf(chip) | (cval->id << 8);
3444 - if (snd_usb_ctl_msg(chip->dev,
3445 - usb_sndctrlpipe(chip->dev, 0), request,
3446 - USB_RECIP_INTERFACE | USB_TYPE_CLASS | USB_DIR_OUT,
3447 -- validx, snd_usb_ctrl_intf(chip) | (cval->id << 8),
3448 -- buf, val_len) >= 0) {
3449 -- snd_usb_autosuspend(chip);
3450 -- return 0;
3451 -+ validx, idx, buf, val_len) >= 0) {
3452 -+ err = 0;
3453 -+ goto out;
3454 - }
3455 -- snd_usb_autosuspend(chip);
3456 -+ }
3457 - snd_printdd(KERN_ERR "cannot set ctl value: req = %#x, wValue = %#x, wIndex = %#x, type = %d, data = %#x/%#x\n",
3458 -- request, validx, snd_usb_ctrl_intf(chip) | (cval->id << 8), cval->val_type, buf[0], buf[1]);
3459 -- return -EINVAL;
3460 -+ request, validx, idx, cval->val_type, buf[0], buf[1]);
3461 -+ err = -EINVAL;
3462 -+
3463 -+ out:
3464 -+ up_read(&chip->shutdown_rwsem);
3465 -+ snd_usb_autosuspend(chip);
3466 -+ return err;
3467 - }
3468 -
3469 - static int set_cur_ctl_value(struct usb_mixer_elem_info *cval, int validx, int value)
3470 -diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
3471 -index 690000d..ae2b714 100644
3472 ---- a/sound/usb/mixer_quirks.c
3473 -+++ b/sound/usb/mixer_quirks.c
3474 -@@ -283,6 +283,11 @@ static int snd_audigy2nx_led_put(struct snd_kcontrol *kcontrol, struct snd_ctl_e
3475 - if (value > 1)
3476 - return -EINVAL;
3477 - changed = value != mixer->audigy2nx_leds[index];
3478 -+ down_read(&mixer->chip->shutdown_rwsem);
3479 -+ if (mixer->chip->shutdown) {
3480 -+ err = -ENODEV;
3481 -+ goto out;
3482 -+ }
3483 - if (mixer->chip->usb_id == USB_ID(0x041e, 0x3042))
3484 - err = snd_usb_ctl_msg(mixer->chip->dev,
3485 - usb_sndctrlpipe(mixer->chip->dev, 0), 0x24,
3486 -@@ -299,6 +304,8 @@ static int snd_audigy2nx_led_put(struct snd_kcontrol *kcontrol, struct snd_ctl_e
3487 - usb_sndctrlpipe(mixer->chip->dev, 0), 0x24,
3488 - USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_OTHER,
3489 - value, index + 2, NULL, 0);
3490 -+ out:
3491 -+ up_read(&mixer->chip->shutdown_rwsem);
3492 - if (err < 0)
3493 - return err;
3494 - mixer->audigy2nx_leds[index] = value;
3495 -@@ -392,11 +399,16 @@ static void snd_audigy2nx_proc_read(struct snd_info_entry *entry,
3496 -
3497 - for (i = 0; jacks[i].name; ++i) {
3498 - snd_iprintf(buffer, "%s: ", jacks[i].name);
3499 -- err = snd_usb_ctl_msg(mixer->chip->dev,
3500 -+ down_read(&mixer->chip->shutdown_rwsem);
3501 -+ if (mixer->chip->shutdown)
3502 -+ err = 0;
3503 -+ else
3504 -+ err = snd_usb_ctl_msg(mixer->chip->dev,
3505 - usb_rcvctrlpipe(mixer->chip->dev, 0),
3506 - UAC_GET_MEM, USB_DIR_IN | USB_TYPE_CLASS |
3507 - USB_RECIP_INTERFACE, 0,
3508 - jacks[i].unitid << 8, buf, 3);
3509 -+ up_read(&mixer->chip->shutdown_rwsem);
3510 - if (err == 3 && (buf[0] == 3 || buf[0] == 6))
3511 - snd_iprintf(buffer, "%02x %02x\n", buf[1], buf[2]);
3512 - else
3513 -@@ -426,10 +438,15 @@ static int snd_xonar_u1_switch_put(struct snd_kcontrol *kcontrol,
3514 - else
3515 - new_status = old_status & ~0x02;
3516 - changed = new_status != old_status;
3517 -- err = snd_usb_ctl_msg(mixer->chip->dev,
3518 -+ down_read(&mixer->chip->shutdown_rwsem);
3519 -+ if (mixer->chip->shutdown)
3520 -+ err = -ENODEV;
3521 -+ else
3522 -+ err = snd_usb_ctl_msg(mixer->chip->dev,
3523 - usb_sndctrlpipe(mixer->chip->dev, 0), 0x08,
3524 - USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_OTHER,
3525 - 50, 0, &new_status, 1);
3526 -+ up_read(&mixer->chip->shutdown_rwsem);
3527 - if (err < 0)
3528 - return err;
3529 - mixer->xonar_u1_status = new_status;
3530 -@@ -468,11 +485,17 @@ static int snd_nativeinstruments_control_get(struct snd_kcontrol *kcontrol,
3531 - u8 bRequest = (kcontrol->private_value >> 16) & 0xff;
3532 - u16 wIndex = kcontrol->private_value & 0xffff;
3533 - u8 tmp;
3534 -+ int ret;
3535 -
3536 -- int ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), bRequest,
3537 -+ down_read(&mixer->chip->shutdown_rwsem);
3538 -+ if (mixer->chip->shutdown)
3539 -+ ret = -ENODEV;
3540 -+ else
3541 -+ ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), bRequest,
3542 - USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
3543 - 0, cpu_to_le16(wIndex),
3544 - &tmp, sizeof(tmp), 1000);
3545 -+ up_read(&mixer->chip->shutdown_rwsem);
3546 -
3547 - if (ret < 0) {
3548 - snd_printk(KERN_ERR
3549 -@@ -493,11 +516,17 @@ static int snd_nativeinstruments_control_put(struct snd_kcontrol *kcontrol,
3550 - u8 bRequest = (kcontrol->private_value >> 16) & 0xff;
3551 - u16 wIndex = kcontrol->private_value & 0xffff;
3552 - u16 wValue = ucontrol->value.integer.value[0];
3553 -+ int ret;
3554 -
3555 -- int ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), bRequest,
3556 -+ down_read(&mixer->chip->shutdown_rwsem);
3557 -+ if (mixer->chip->shutdown)
3558 -+ ret = -ENODEV;
3559 -+ else
3560 -+ ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), bRequest,
3561 - USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
3562 - cpu_to_le16(wValue), cpu_to_le16(wIndex),
3563 - NULL, 0, 1000);
3564 -+ up_read(&mixer->chip->shutdown_rwsem);
3565 -
3566 - if (ret < 0) {
3567 - snd_printk(KERN_ERR
3568 -@@ -656,11 +685,16 @@ static int snd_ftu_eff_switch_get(struct snd_kcontrol *kctl,
3569 - return -EINVAL;
3570 -
3571 -
3572 -- err = snd_usb_ctl_msg(chip->dev,
3573 -+ down_read(&mixer->chip->shutdown_rwsem);
3574 -+ if (mixer->chip->shutdown)
3575 -+ err = -ENODEV;
3576 -+ else
3577 -+ err = snd_usb_ctl_msg(chip->dev,
3578 - usb_rcvctrlpipe(chip->dev, 0), UAC_GET_CUR,
3579 - USB_RECIP_INTERFACE | USB_TYPE_CLASS | USB_DIR_IN,
3580 - validx << 8, snd_usb_ctrl_intf(chip) | (id << 8),
3581 - value, val_len);
3582 -+ up_read(&mixer->chip->shutdown_rwsem);
3583 - if (err < 0)
3584 - return err;
3585 -
3586 -@@ -703,11 +737,16 @@ static int snd_ftu_eff_switch_put(struct snd_kcontrol *kctl,
3587 -
3588 - if (!pval->is_cached) {
3589 - /* Read current value */
3590 -- err = snd_usb_ctl_msg(chip->dev,
3591 -+ down_read(&mixer->chip->shutdown_rwsem);
3592 -+ if (mixer->chip->shutdown)
3593 -+ err = -ENODEV;
3594 -+ else
3595 -+ err = snd_usb_ctl_msg(chip->dev,
3596 - usb_rcvctrlpipe(chip->dev, 0), UAC_GET_CUR,
3597 - USB_RECIP_INTERFACE | USB_TYPE_CLASS | USB_DIR_IN,
3598 - validx << 8, snd_usb_ctrl_intf(chip) | (id << 8),
3599 - value, val_len);
3600 -+ up_read(&mixer->chip->shutdown_rwsem);
3601 - if (err < 0)
3602 - return err;
3603 -
3604 -@@ -719,11 +758,16 @@ static int snd_ftu_eff_switch_put(struct snd_kcontrol *kctl,
3605 - if (cur_val != new_val) {
3606 - value[0] = new_val;
3607 - value[1] = 0;
3608 -- err = snd_usb_ctl_msg(chip->dev,
3609 -+ down_read(&mixer->chip->shutdown_rwsem);
3610 -+ if (mixer->chip->shutdown)
3611 -+ err = -ENODEV;
3612 -+ else
3613 -+ err = snd_usb_ctl_msg(chip->dev,
3614 - usb_sndctrlpipe(chip->dev, 0), UAC_SET_CUR,
3615 - USB_RECIP_INTERFACE | USB_TYPE_CLASS | USB_DIR_OUT,
3616 - validx << 8, snd_usb_ctrl_intf(chip) | (id << 8),
3617 - value, val_len);
3618 -+ up_read(&mixer->chip->shutdown_rwsem);
3619 - if (err < 0)
3620 - return err;
3621 -
3622 -diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c
3623 -index f782ce1..ee3c15c 100644
3624 ---- a/sound/usb/pcm.c
3625 -+++ b/sound/usb/pcm.c
3626 -@@ -71,6 +71,8 @@ static snd_pcm_uframes_t snd_usb_pcm_pointer(struct snd_pcm_substream *substream
3627 - unsigned int hwptr_done;
3628 -
3629 - subs = (struct snd_usb_substream *)substream->runtime->private_data;
3630 -+ if (subs->stream->chip->shutdown)
3631 -+ return SNDRV_PCM_POS_XRUN;
3632 - spin_lock(&subs->lock);
3633 - hwptr_done = subs->hwptr_done;
3634 - substream->runtime->delay = snd_usb_pcm_delay(subs,
3635 -@@ -471,8 +473,14 @@ static int snd_usb_hw_params(struct snd_pcm_substream *substream,
3636 - changed = subs->cur_audiofmt != fmt ||
3637 - subs->period_bytes != params_period_bytes(hw_params) ||
3638 - subs->cur_rate != rate;
3639 -+
3640 -+ down_read(&subs->stream->chip->shutdown_rwsem);
3641 -+ if (subs->stream->chip->shutdown) {
3642 -+ ret = -ENODEV;
3643 -+ goto unlock;
3644 -+ }
3645 - if ((ret = set_format(subs, fmt)) < 0)
3646 -- return ret;
3647 -+ goto unlock;
3648 -
3649 - if (subs->cur_rate != rate) {
3650 - struct usb_host_interface *alts;
3651 -@@ -481,12 +489,11 @@ static int snd_usb_hw_params(struct snd_pcm_substream *substream,
3652 - alts = &iface->altsetting[fmt->altset_idx];
3653 - ret = snd_usb_init_sample_rate(subs->stream->chip, fmt->iface, alts, fmt, rate);
3654 - if (ret < 0)
3655 -- return ret;
3656 -+ goto unlock;
3657 - subs->cur_rate = rate;
3658 - }
3659 -
3660 - if (changed) {
3661 -- mutex_lock(&subs->stream->chip->shutdown_mutex);
3662 - /* format changed */
3663 - stop_endpoints(subs, 0, 0, 0);
3664 - ret = snd_usb_endpoint_set_params(subs->data_endpoint, hw_params, fmt,
3665 -@@ -497,8 +504,6 @@ static int snd_usb_hw_params(struct snd_pcm_substream *substream,
3666 - if (subs->sync_endpoint)
3667 - ret = snd_usb_endpoint_set_params(subs->sync_endpoint,
3668 - hw_params, fmt, NULL);
3669 --unlock:
3670 -- mutex_unlock(&subs->stream->chip->shutdown_mutex);
3671 - }
3672 -
3673 - if (ret == 0) {
3674 -@@ -506,6 +511,8 @@ unlock:
3675 - subs->altset_idx = fmt->altset_idx;
3676 - }
3677 -
3678 -+unlock:
3679 -+ up_read(&subs->stream->chip->shutdown_rwsem);
3680 - return ret;
3681 - }
3682 -
3683 -@@ -521,10 +528,12 @@ static int snd_usb_hw_free(struct snd_pcm_substream *substream)
3684 - subs->cur_audiofmt = NULL;
3685 - subs->cur_rate = 0;
3686 - subs->period_bytes = 0;
3687 -- mutex_lock(&subs->stream->chip->shutdown_mutex);
3688 -- stop_endpoints(subs, 0, 1, 1);
3689 -- deactivate_endpoints(subs);
3690 -- mutex_unlock(&subs->stream->chip->shutdown_mutex);
3691 -+ down_read(&subs->stream->chip->shutdown_rwsem);
3692 -+ if (!subs->stream->chip->shutdown) {
3693 -+ stop_endpoints(subs, 0, 1, 1);
3694 -+ deactivate_endpoints(subs);
3695 -+ }
3696 -+ up_read(&subs->stream->chip->shutdown_rwsem);
3697 - return snd_pcm_lib_free_vmalloc_buffer(substream);
3698 - }
3699 -
3700 -@@ -537,14 +546,22 @@ static int snd_usb_pcm_prepare(struct snd_pcm_substream *substream)
3701 - {
3702 - struct snd_pcm_runtime *runtime = substream->runtime;
3703 - struct snd_usb_substream *subs = runtime->private_data;
3704 -+ int ret = 0;
3705 -
3706 - if (! subs->cur_audiofmt) {
3707 - snd_printk(KERN_ERR "usbaudio: no format is specified!\n");
3708 - return -ENXIO;
3709 - }
3710 -
3711 -- if (snd_BUG_ON(!subs->data_endpoint))
3712 -- return -EIO;
3713 -+ down_read(&subs->stream->chip->shutdown_rwsem);
3714 -+ if (subs->stream->chip->shutdown) {
3715 -+ ret = -ENODEV;
3716 -+ goto unlock;
3717 -+ }
3718 -+ if (snd_BUG_ON(!subs->data_endpoint)) {
3719 -+ ret = -EIO;
3720 -+ goto unlock;
3721 -+ }
3722 -
3723 - /* some unit conversions in runtime */
3724 - subs->data_endpoint->maxframesize =
3725 -@@ -562,9 +579,11 @@ static int snd_usb_pcm_prepare(struct snd_pcm_substream *substream)
3726 - /* for playback, submit the URBs now; otherwise, the first hwptr_done
3727 - * updates for all URBs would happen at the same time when starting */
3728 - if (subs->direction == SNDRV_PCM_STREAM_PLAYBACK)
3729 -- return start_endpoints(subs, 1);
3730 -+ ret = start_endpoints(subs, 1);
3731 -
3732 -- return 0;
3733 -+ unlock:
3734 -+ up_read(&subs->stream->chip->shutdown_rwsem);
3735 -+ return ret;
3736 - }
3737 -
3738 - static struct snd_pcm_hardware snd_usb_hardware =
3739 -@@ -617,7 +636,7 @@ static int hw_check_valid_format(struct snd_usb_substream *subs,
3740 - return 0;
3741 - }
3742 - /* check whether the period time is >= the data packet interval */
3743 -- if (snd_usb_get_speed(subs->dev) != USB_SPEED_FULL) {
3744 -+ if (subs->speed != USB_SPEED_FULL) {
3745 - ptime = 125 * (1 << fp->datainterval);
3746 - if (ptime > pt->max || (ptime == pt->max && pt->openmax)) {
3747 - hwc_debug(" > check: ptime %u > max %u\n", ptime, pt->max);
3748 -@@ -895,7 +914,7 @@ static int setup_hw_info(struct snd_pcm_runtime *runtime, struct snd_usb_substre
3749 - return err;
3750 -
3751 - param_period_time_if_needed = SNDRV_PCM_HW_PARAM_PERIOD_TIME;
3752 -- if (snd_usb_get_speed(subs->dev) == USB_SPEED_FULL)
3753 -+ if (subs->speed == USB_SPEED_FULL)
3754 - /* full speed devices have fixed data packet interval */
3755 - ptmin = 1000;
3756 - if (ptmin == 1000)
3757 -diff --git a/sound/usb/proc.c b/sound/usb/proc.c
3758 -index ebc1a5b..d218f76 100644
3759 ---- a/sound/usb/proc.c
3760 -+++ b/sound/usb/proc.c
3761 -@@ -108,7 +108,7 @@ static void proc_dump_substream_formats(struct snd_usb_substream *subs, struct s
3762 - }
3763 - snd_iprintf(buffer, "\n");
3764 - }
3765 -- if (snd_usb_get_speed(subs->dev) != USB_SPEED_FULL)
3766 -+ if (subs->speed != USB_SPEED_FULL)
3767 - snd_iprintf(buffer, " Data packet interval: %d us\n",
3768 - 125 * (1 << fp->datainterval));
3769 - // snd_iprintf(buffer, " Max Packet Size = %d\n", fp->maxpacksize);
3770 -@@ -124,7 +124,7 @@ static void proc_dump_ep_status(struct snd_usb_substream *subs,
3771 - return;
3772 - snd_iprintf(buffer, " Packet Size = %d\n", ep->curpacksize);
3773 - snd_iprintf(buffer, " Momentary freq = %u Hz (%#x.%04x)\n",
3774 -- snd_usb_get_speed(subs->dev) == USB_SPEED_FULL
3775 -+ subs->speed == USB_SPEED_FULL
3776 - ? get_full_speed_hz(ep->freqm)
3777 - : get_high_speed_hz(ep->freqm),
3778 - ep->freqm >> 16, ep->freqm & 0xffff);
3779 -diff --git a/sound/usb/stream.c b/sound/usb/stream.c
3780 -index 083ed81..1de0c8c 100644
3781 ---- a/sound/usb/stream.c
3782 -+++ b/sound/usb/stream.c
3783 -@@ -90,6 +90,7 @@ static void snd_usb_init_substream(struct snd_usb_stream *as,
3784 - subs->direction = stream;
3785 - subs->dev = as->chip->dev;
3786 - subs->txfr_quirk = as->chip->txfr_quirk;
3787 -+ subs->speed = snd_usb_get_speed(subs->dev);
3788 -
3789 - snd_usb_set_pcm_ops(as->pcm, stream);
3790 -
3791 -diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h
3792 -index b8233eb..ef42797 100644
3793 ---- a/sound/usb/usbaudio.h
3794 -+++ b/sound/usb/usbaudio.h
3795 -@@ -37,7 +37,7 @@ struct snd_usb_audio {
3796 - struct usb_interface *pm_intf;
3797 - u32 usb_id;
3798 - struct mutex mutex;
3799 -- struct mutex shutdown_mutex;
3800 -+ struct rw_semaphore shutdown_rwsem;
3801 - unsigned int shutdown:1;
3802 - unsigned int probing:1;
3803 - unsigned int autosuspended:1;
3804
3805 diff --git a/3.6.7/0000_README b/3.6.8/0000_README
3806 similarity index 91%
3807 rename from 3.6.7/0000_README
3808 rename to 3.6.8/0000_README
3809 index 05b1561..f24acf7 100644
3810 --- a/3.6.7/0000_README
3811 +++ b/3.6.8/0000_README
3812 @@ -2,11 +2,7 @@ README
3813 -----------------------------------------------------------------------------
3814 Individual Patch Descriptions:
3815 -----------------------------------------------------------------------------
3816 -Patch: 1006_linux-3.6.7.patch
3817 -From: http://www.kernel.org
3818 -Desc: Linux 3.6.7
3819 -
3820 -Patch: 4420_grsecurity-2.9.1-3.6.7-201211221000.patch
3821 +Patch: 4420_grsecurity-2.9.1-3.6.8-201211261714.patch
3822 From: http://www.grsecurity.net
3823 Desc: hardened-sources base patch from upstream grsecurity
3824
3825
3826 diff --git a/3.6.7/4420_grsecurity-2.9.1-3.6.7-201211221000.patch b/3.6.8/4420_grsecurity-2.9.1-3.6.8-201211261714.patch
3827 similarity index 99%
3828 rename from 3.6.7/4420_grsecurity-2.9.1-3.6.7-201211221000.patch
3829 rename to 3.6.8/4420_grsecurity-2.9.1-3.6.8-201211261714.patch
3830 index cdc60ce..13615ed 100644
3831 --- a/3.6.7/4420_grsecurity-2.9.1-3.6.7-201211221000.patch
3832 +++ b/3.6.8/4420_grsecurity-2.9.1-3.6.8-201211261714.patch
3833 @@ -251,7 +251,7 @@ index ad7e2e5..199f49e 100644
3834
3835 pcd. [PARIDE]
3836 diff --git a/Makefile b/Makefile
3837 -index 07f2308..7271d99 100644
3838 +index c5cc2f0..6570abb 100644
3839 --- a/Makefile
3840 +++ b/Makefile
3841 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
3842 @@ -3470,6 +3470,30 @@ index 5e34ccf..672bc9c 100644
3843
3844 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
3845 me->arch.unwind_section, table, end, gp);
3846 +diff --git a/arch/parisc/kernel/signal32.c b/arch/parisc/kernel/signal32.c
3847 +index fd49aed..5dede04 100644
3848 +--- a/arch/parisc/kernel/signal32.c
3849 ++++ b/arch/parisc/kernel/signal32.c
3850 +@@ -65,7 +65,8 @@ put_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz)
3851 + {
3852 + compat_sigset_t s;
3853 +
3854 +- if (sz != sizeof *set) panic("put_sigset32()");
3855 ++ if (sz != sizeof *set)
3856 ++ return -EINVAL;
3857 + sigset_64to32(&s, set);
3858 +
3859 + return copy_to_user(up, &s, sizeof s);
3860 +@@ -77,7 +78,8 @@ get_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz)
3861 + compat_sigset_t s;
3862 + int r;
3863 +
3864 +- if (sz != sizeof *set) panic("put_sigset32()");
3865 ++ if (sz != sizeof *set)
3866 ++ return -EINVAL;
3867 +
3868 + if ((r = copy_from_user(&s, up, sz)) == 0) {
3869 + sigset_32to64(set, &s);
3870 diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
3871 index 7426e40..30c8dbe 100644
3872 --- a/arch/parisc/kernel/sys_parisc.c
3873 @@ -20537,7 +20561,7 @@ index baead95..90feeb4 100644
3874
3875 local_irq_disable();
3876 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
3877 -index b1eb202..254e292 100644
3878 +index ff66a3b..48ad872 100644
3879 --- a/arch/x86/kvm/vmx.c
3880 +++ b/arch/x86/kvm/vmx.c
3881 @@ -1331,7 +1331,11 @@ static void reload_tss(void)
3882 @@ -28017,7 +28041,7 @@ index 9a87daa..fb17486 100644
3883 goto error;
3884
3885 diff --git a/crypto/cryptd.c b/crypto/cryptd.c
3886 -index 671d4d6..afec999 100644
3887 +index 7bdd61b..afec999 100644
3888 --- a/crypto/cryptd.c
3889 +++ b/crypto/cryptd.c
3890 @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx {
3891 @@ -28038,28 +28062,6 @@ index 671d4d6..afec999 100644
3892
3893 static void cryptd_queue_worker(struct work_struct *work);
3894
3895 -@@ -137,13 +137,18 @@ static void cryptd_queue_worker(struct work_struct *work)
3896 - struct crypto_async_request *req, *backlog;
3897 -
3898 - cpu_queue = container_of(work, struct cryptd_cpu_queue, work);
3899 -- /* Only handle one request at a time to avoid hogging crypto
3900 -- * workqueue. preempt_disable/enable is used to prevent
3901 -- * being preempted by cryptd_enqueue_request() */
3902 -+ /*
3903 -+ * Only handle one request at a time to avoid hogging crypto workqueue.
3904 -+ * preempt_disable/enable is used to prevent being preempted by
3905 -+ * cryptd_enqueue_request(). local_bh_disable/enable is used to prevent
3906 -+ * cryptd_enqueue_request() being accessed from software interrupts.
3907 -+ */
3908 -+ local_bh_disable();
3909 - preempt_disable();
3910 - backlog = crypto_get_backlog(&cpu_queue->queue);
3911 - req = crypto_dequeue_request(&cpu_queue->queue);
3912 - preempt_enable();
3913 -+ local_bh_enable();
3914 -
3915 - if (!req)
3916 - return;
3917 diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c
3918 index e6defd8..c26a225 100644
3919 --- a/drivers/acpi/apei/cper.c
3920 @@ -31555,7 +31557,7 @@ index 3b663fc..57850f4 100644
3921 if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full &&
3922 rdev->pm.k8_bandwidth.full)
3923 diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
3924 -index ebc6fac..a8313ed 100644
3925 +index 578207e..1073f25 100644
3926 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
3927 +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
3928 @@ -394,9 +394,9 @@ static int ttm_pool_get_num_unused_pages(void)
3929 @@ -35596,7 +35598,7 @@ index 4a518a3..936b334 100644
3930 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \
3931 ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next)
3932 diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
3933 -index b47d5b3..273a516 100644
3934 +index df7bbba..162f850 100644
3935 --- a/drivers/net/ethernet/realtek/r8169.c
3936 +++ b/drivers/net/ethernet/realtek/r8169.c
3937 @@ -745,22 +745,22 @@ struct rtl8169_private {
3938 @@ -36581,10 +36583,10 @@ index 61859d0..124539e 100644
3939 /* No printks while decoding is disabled! */
3940 if (!dev->mmio_always_on) {
3941 diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
3942 -index 27911b5..5b6db88 100644
3943 +index af028c7..654cdfc 100644
3944 --- a/drivers/pci/proc.c
3945 +++ b/drivers/pci/proc.c
3946 -@@ -476,7 +476,16 @@ static const struct file_operations proc_bus_pci_dev_operations = {
3947 +@@ -484,7 +484,16 @@ static const struct file_operations proc_bus_pci_dev_operations = {
3948 static int __init pci_proc_init(void)
3949 {
3950 struct pci_dev *dev = NULL;
3951 @@ -42932,22 +42934,6 @@ index 88714ae..16c2e11 100644
3952
3953
3954 static inline u32 get_pll_internal_frequency(u32 ref_freq,
3955 -diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
3956 -index c3b3f7f..abd47c7 100644
3957 ---- a/drivers/virtio/virtio.c
3958 -+++ b/drivers/virtio/virtio.c
3959 -@@ -225,8 +225,10 @@ EXPORT_SYMBOL_GPL(register_virtio_device);
3960 -
3961 - void unregister_virtio_device(struct virtio_device *dev)
3962 - {
3963 -+ int index = dev->index; /* save for after device release */
3964 -+
3965 - device_unregister(&dev->dev);
3966 -- ida_simple_remove(&virtio_index_ida, dev->index);
3967 -+ ida_simple_remove(&virtio_index_ida, index);
3968 - }
3969 - EXPORT_SYMBOL_GPL(unregister_virtio_device);
3970 -
3971 diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c
3972 index 453db0c..604973e 100644
3973 --- a/drivers/virtio/virtio_mmio.c
3974 @@ -45203,7 +45189,7 @@ index b2a34a1..162fa69 100644
3975 return rc;
3976 }
3977 diff --git a/fs/exec.c b/fs/exec.c
3978 -index fab2c6d..4fa20c0 100644
3979 +index fab2c6d..6a13dff 100644
3980 --- a/fs/exec.c
3981 +++ b/fs/exec.c
3982 @@ -55,6 +55,15 @@
3983 @@ -45229,7 +45215,7 @@ index fab2c6d..4fa20c0 100644
3984 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
3985 +void __weak pax_set_initial_flags(struct linux_binprm *bprm)
3986 +{
3987 -+ WARN_ONCE(1, "PAX: PAX_HAVE_ACL_FLAGS was enabled without providing the pax_set_initial_flags callback, this is probably not what you wanted.\n");
3988 ++ pr_warn_once("PAX: PAX_HAVE_ACL_FLAGS was enabled without providing the pax_set_initial_flags callback, this is probably not what you wanted.\n");
3989 +}
3990 +#endif
3991 +
3992 @@ -46042,7 +46028,7 @@ index cf18217..8f6b9c3 100644
3993 if (free_clusters >= (nclusters + dirty_clusters))
3994 return 1;
3995 diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
3996 -index 5c69f2b..05dec7f 100644
3997 +index b686b43..4b46d01 100644
3998 --- a/fs/ext4/ext4.h
3999 +++ b/fs/ext4/ext4.h
4000 @@ -1248,19 +1248,19 @@ struct ext4_sb_info {
4001 @@ -48755,18 +48741,6 @@ index a9269f1..5490437 100644
4002 set_fs(oldfs);
4003
4004 if (host_err < 0)
4005 -diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
4006 -index f35794b..a506360 100644
4007 ---- a/fs/notify/fanotify/fanotify.c
4008 -+++ b/fs/notify/fanotify/fanotify.c
4009 -@@ -21,6 +21,7 @@ static bool should_merge(struct fsnotify_event *old, struct fsnotify_event *new)
4010 - if ((old->path.mnt == new->path.mnt) &&
4011 - (old->path.dentry == new->path.dentry))
4012 - return true;
4013 -+ break;
4014 - case (FSNOTIFY_EVENT_NONE):
4015 - return true;
4016 - default:
4017 diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
4018 index d438036..0ecadde 100644
4019 --- a/fs/notify/fanotify/fanotify_user.c
4020 @@ -50397,25 +50371,6 @@ index 1ccfa53..0848f95 100644
4021 } else if (mm) {
4022 pid_t tid = vm_is_stack(priv->task, vma, is_pid);
4023
4024 -diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
4025 -index 29996e8..2d1e0f3 100644
4026 ---- a/fs/pstore/platform.c
4027 -+++ b/fs/pstore/platform.c
4028 -@@ -161,12 +161,13 @@ static void pstore_console_write(struct console *con, const char *s, unsigned c)
4029 -
4030 - while (s < e) {
4031 - unsigned long flags;
4032 -+ u64 id;
4033 -
4034 - if (c > psinfo->bufsize)
4035 - c = psinfo->bufsize;
4036 - spin_lock_irqsave(&psinfo->buf_lock, flags);
4037 - memcpy(psinfo->buf, s, c);
4038 -- psinfo->write(PSTORE_TYPE_CONSOLE, 0, NULL, 0, c, psinfo);
4039 -+ psinfo->write(PSTORE_TYPE_CONSOLE, 0, &id, 0, c, psinfo);
4040 - spin_unlock_irqrestore(&psinfo->buf_lock, flags);
4041 - s += c;
4042 - c = e - s;
4043 diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c
4044 index d67908b..d13f6a6 100644
4045 --- a/fs/quota/netlink.c
4046 @@ -63486,50 +63441,68 @@ index aa2e167..84024ce 100644
4047 };
4048
4049 diff --git a/include/linux/init.h b/include/linux/init.h
4050 -index 5e664f6..0a1225c 100644
4051 +index 5e664f6..15ae326 100644
4052 --- a/include/linux/init.h
4053 +++ b/include/linux/init.h
4054 -@@ -39,9 +39,15 @@
4055 +@@ -39,9 +39,33 @@
4056 * Also note, that this data cannot be "const".
4057 */
4058
4059 +#ifdef MODULE
4060 -+#define add_latent_entropy
4061 ++#define add_init_latent_entropy
4062 +#else
4063 -+#define add_latent_entropy __latent_entropy
4064 ++#define add_init_latent_entropy __latent_entropy
4065 ++#endif
4066 ++
4067 ++#ifdef CONFIG_HOTPLUG
4068 ++#define add_devinit_latent_entropy
4069 ++#else
4070 ++#define add_devinit_latent_entropy __latent_entropy
4071 ++#endif
4072 ++
4073 ++#ifdef CONFIG_HOTPLUG_CPU
4074 ++#define add_cpuinit_latent_entropy
4075 ++#else
4076 ++#define add_cpuinit_latent_entropy __latent_entropy
4077 ++#endif
4078 ++
4079 ++#ifdef CONFIG_MEMORY_HOTPLUG
4080 ++#define add_meminit_latent_entropy
4081 ++#else
4082 ++#define add_meminit_latent_entropy __latent_entropy
4083 +#endif
4084 +
4085 /* These are for everybody (although not all archs will actually
4086 discard it in modules) */
4087 -#define __init __section(.init.text) __cold notrace
4088 -+#define __init __section(.init.text) __cold notrace add_latent_entropy
4089 ++#define __init __section(.init.text) __cold notrace add_init_latent_entropy
4090 #define __initdata __section(.init.data)
4091 #define __initconst __section(.init.rodata)
4092 #define __exitdata __section(.exit.data)
4093 -@@ -83,7 +89,7 @@
4094 +@@ -83,7 +107,7 @@
4095 #define __exit __section(.exit.text) __exitused __cold notrace
4096
4097 /* Used for HOTPLUG */
4098 -#define __devinit __section(.devinit.text) __cold notrace
4099 -+#define __devinit __section(.devinit.text) __cold notrace add_latent_entropy
4100 ++#define __devinit __section(.devinit.text) __cold notrace add_devinit_latent_entropy
4101 #define __devinitdata __section(.devinit.data)
4102 #define __devinitconst __section(.devinit.rodata)
4103 #define __devexit __section(.devexit.text) __exitused __cold notrace
4104 -@@ -91,7 +97,7 @@
4105 +@@ -91,7 +115,7 @@
4106 #define __devexitconst __section(.devexit.rodata)
4107
4108 /* Used for HOTPLUG_CPU */
4109 -#define __cpuinit __section(.cpuinit.text) __cold notrace
4110 -+#define __cpuinit __section(.cpuinit.text) __cold notrace add_latent_entropy
4111 ++#define __cpuinit __section(.cpuinit.text) __cold notrace add_cpuinit_latent_entropy
4112 #define __cpuinitdata __section(.cpuinit.data)
4113 #define __cpuinitconst __section(.cpuinit.rodata)
4114 #define __cpuexit __section(.cpuexit.text) __exitused __cold notrace
4115 -@@ -99,7 +105,7 @@
4116 +@@ -99,7 +123,7 @@
4117 #define __cpuexitconst __section(.cpuexit.rodata)
4118
4119 /* Used for MEMORY_HOTPLUG */
4120 -#define __meminit __section(.meminit.text) __cold notrace
4121 -+#define __meminit __section(.meminit.text) __cold notrace add_latent_entropy
4122 ++#define __meminit __section(.meminit.text) __cold notrace add_meminit_latent_entropy
4123 #define __meminitdata __section(.meminit.data)
4124 #define __meminitconst __section(.meminit.rodata)
4125 #define __memexit __section(.memexit.text) __exitused __cold notrace
4126 @@ -64011,7 +63984,7 @@ index 1d1b1e1..2a13c78 100644
4127
4128 #define pmdp_clear_flush_notify(__vma, __address, __pmdp) \
4129 diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
4130 -index 2daa54f..bfdf2f5 100644
4131 +index a16d929..860ae00 100644
4132 --- a/include/linux/mmzone.h
4133 +++ b/include/linux/mmzone.h
4134 @@ -414,7 +414,7 @@ struct zone {
4135 @@ -68560,7 +68533,7 @@ index 91c32a0..7b88d63 100644
4136 seq_printf(m, "%40s %14lu %29s %pS\n",
4137 name, stats->contending_point[i],
4138 diff --git a/kernel/module.c b/kernel/module.c
4139 -index 9ad9ee9..731c128 100644
4140 +index 2a15c59..731c128 100644
4141 --- a/kernel/module.c
4142 +++ b/kernel/module.c
4143 @@ -58,6 +58,7 @@
4144 @@ -68849,7 +68822,7 @@ index 9ad9ee9..731c128 100644
4145 }
4146 }
4147
4148 -@@ -2266,28 +2284,33 @@ static void layout_symtab(struct module *mod, struct load_info *info)
4149 +@@ -2266,7 +2284,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
4150
4151 /* Put symbol section at end of init part of module. */
4152 symsect->sh_flags |= SHF_ALLOC;
4153 @@ -68858,23 +68831,8 @@ index 9ad9ee9..731c128 100644
4154 info->index.sym) | INIT_OFFSET_MASK;
4155 pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
4156
4157 - src = (void *)info->hdr + symsect->sh_offset;
4158 - nsrc = symsect->sh_size / sizeof(*src);
4159 -
4160 -+ /* strtab always starts with a nul, so offset 0 is the empty string. */
4161 -+ strtab_size = 1;
4162 -+
4163 - /* Compute total space required for the core symbols' strtab. */
4164 -- for (ndst = i = strtab_size = 1; i < nsrc; ++i, ++src)
4165 -- if (is_core_symbol(src, info->sechdrs, info->hdr->e_shnum)) {
4166 -- strtab_size += strlen(&info->strtab[src->st_name]) + 1;
4167 -+ for (ndst = i = 0; i < nsrc; i++) {
4168 -+ if (i == 0 ||
4169 -+ is_core_symbol(src+i, info->sechdrs, info->hdr->e_shnum)) {
4170 -+ strtab_size += strlen(&info->strtab[src[i].st_name])+1;
4171 - ndst++;
4172 - }
4173 -+ }
4174 +@@ -2286,13 +2304,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
4175 + }
4176
4177 /* Append room for core symbols at end of core part. */
4178 - info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
4179 @@ -68891,7 +68849,7 @@ index 9ad9ee9..731c128 100644
4180 info->index.str) | INIT_OFFSET_MASK;
4181 pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
4182 }
4183 -@@ -2305,24 +2328,28 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
4184 +@@ -2310,12 +2328,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
4185 /* Make sure we get permanent strtab: don't use info->strtab. */
4186 mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
4187
4188 @@ -68906,23 +68864,10 @@ index 9ad9ee9..731c128 100644
4189 + mod->core_symtab = dst = mod->module_core_rx + info->symoffs;
4190 + mod->core_strtab = s = mod->module_core_rx + info->stroffs;
4191 src = mod->symtab;
4192 -- *dst = *src;
4193 *s++ = 0;
4194 -- for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) {
4195 -- if (!is_core_symbol(src, info->sechdrs, info->hdr->e_shnum))
4196 -- continue;
4197 --
4198 -- dst[ndst] = *src;
4199 -- dst[ndst++].st_name = s - mod->core_strtab;
4200 -- s += strlcpy(s, &mod->strtab[src->st_name], KSYM_NAME_LEN) + 1;
4201 -+ for (ndst = i = 0; i < mod->num_symtab; i++) {
4202 -+ if (i == 0 ||
4203 -+ is_core_symbol(src+i, info->sechdrs, info->hdr->e_shnum)) {
4204 -+ dst[ndst] = src[i];
4205 -+ dst[ndst++].st_name = s - mod->core_strtab;
4206 -+ s += strlcpy(s, &mod->strtab[src[i].st_name],
4207 -+ KSYM_NAME_LEN) + 1;
4208 -+ }
4209 + for (ndst = i = 0; i < mod->num_symtab; i++) {
4210 +@@ -2328,6 +2348,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
4211 + }
4212 }
4213 mod->core_num_syms = ndst;
4214 +
4215 @@ -68930,7 +68875,7 @@ index 9ad9ee9..731c128 100644
4216 }
4217 #else
4218 static inline void layout_symtab(struct module *mod, struct load_info *info)
4219 -@@ -2356,17 +2383,33 @@ void * __weak module_alloc(unsigned long size)
4220 +@@ -2361,17 +2383,33 @@ void * __weak module_alloc(unsigned long size)
4221 return size == 0 ? NULL : vmalloc_exec(size);
4222 }
4223
4224 @@ -68969,7 +68914,7 @@ index 9ad9ee9..731c128 100644
4225 mutex_unlock(&module_mutex);
4226 }
4227 return ret;
4228 -@@ -2544,8 +2587,14 @@ static struct module *setup_load_info(struct load_info *info)
4229 +@@ -2549,8 +2587,14 @@ static struct module *setup_load_info(struct load_info *info)
4230 static int check_modinfo(struct module *mod, struct load_info *info)
4231 {
4232 const char *modmagic = get_modinfo(info, "vermagic");
4233 @@ -68984,7 +68929,7 @@ index 9ad9ee9..731c128 100644
4234 /* This is allowed: modprobe --force will invalidate it. */
4235 if (!modmagic) {
4236 err = try_to_force_load(mod, "bad vermagic");
4237 -@@ -2568,7 +2617,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
4238 +@@ -2573,7 +2617,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
4239 }
4240
4241 /* Set up license info based on the info section */
4242 @@ -68993,7 +68938,7 @@ index 9ad9ee9..731c128 100644
4243
4244 return 0;
4245 }
4246 -@@ -2662,7 +2711,7 @@ static int move_module(struct module *mod, struct load_info *info)
4247 +@@ -2667,7 +2711,7 @@ static int move_module(struct module *mod, struct load_info *info)
4248 void *ptr;
4249
4250 /* Do the allocs. */
4251 @@ -69002,7 +68947,7 @@ index 9ad9ee9..731c128 100644
4252 /*
4253 * The pointer to this block is stored in the module structure
4254 * which is inside the block. Just mark it as not being a
4255 -@@ -2672,23 +2721,50 @@ static int move_module(struct module *mod, struct load_info *info)
4256 +@@ -2677,23 +2721,50 @@ static int move_module(struct module *mod, struct load_info *info)
4257 if (!ptr)
4258 return -ENOMEM;
4259
4260 @@ -69061,7 +69006,7 @@ index 9ad9ee9..731c128 100644
4261
4262 /* Transfer each section which specifies SHF_ALLOC */
4263 pr_debug("final section addresses:\n");
4264 -@@ -2699,16 +2775,45 @@ static int move_module(struct module *mod, struct load_info *info)
4265 +@@ -2704,16 +2775,45 @@ static int move_module(struct module *mod, struct load_info *info)
4266 if (!(shdr->sh_flags & SHF_ALLOC))
4267 continue;
4268
4269 @@ -69114,7 +69059,7 @@ index 9ad9ee9..731c128 100644
4270 pr_debug("\t0x%lx %s\n",
4271 (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
4272 }
4273 -@@ -2763,12 +2868,12 @@ static void flush_module_icache(const struct module *mod)
4274 +@@ -2768,12 +2868,12 @@ static void flush_module_icache(const struct module *mod)
4275 * Do it before processing of module parameters, so the module
4276 * can provide parameter accessor functions of its own.
4277 */
4278 @@ -69133,7 +69078,7 @@ index 9ad9ee9..731c128 100644
4279
4280 set_fs(old_fs);
4281 }
4282 -@@ -2838,8 +2943,10 @@ out:
4283 +@@ -2843,8 +2943,10 @@ out:
4284 static void module_deallocate(struct module *mod, struct load_info *info)
4285 {
4286 percpu_modfree(mod);
4287 @@ -69146,7 +69091,7 @@ index 9ad9ee9..731c128 100644
4288 }
4289
4290 int __weak module_finalize(const Elf_Ehdr *hdr,
4291 -@@ -2852,7 +2959,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
4292 +@@ -2857,7 +2959,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
4293 static int post_relocation(struct module *mod, const struct load_info *info)
4294 {
4295 /* Sort exception table now relocations are done. */
4296 @@ -69156,7 +69101,7 @@ index 9ad9ee9..731c128 100644
4297
4298 /* Copy relocated percpu area over. */
4299 percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
4300 -@@ -2903,9 +3012,38 @@ static struct module *load_module(void __user *umod,
4301 +@@ -2908,9 +3012,38 @@ static struct module *load_module(void __user *umod,
4302 if (err)
4303 goto free_unload;
4304
4305 @@ -69195,7 +69140,7 @@ index 9ad9ee9..731c128 100644
4306 /* Fix up syms, so that st_value is a pointer to location. */
4307 err = simplify_symbols(mod, &info);
4308 if (err < 0)
4309 -@@ -2921,13 +3059,6 @@ static struct module *load_module(void __user *umod,
4310 +@@ -2926,13 +3059,6 @@ static struct module *load_module(void __user *umod,
4311
4312 flush_module_icache(mod);
4313
4314 @@ -69209,7 +69154,7 @@ index 9ad9ee9..731c128 100644
4315 /* Mark state as coming so strong_try_module_get() ignores us. */
4316 mod->state = MODULE_STATE_COMING;
4317
4318 -@@ -2985,11 +3116,10 @@ static struct module *load_module(void __user *umod,
4319 +@@ -2990,11 +3116,10 @@ static struct module *load_module(void __user *umod,
4320 unlock:
4321 mutex_unlock(&module_mutex);
4322 synchronize_sched();
4323 @@ -69222,7 +69167,7 @@ index 9ad9ee9..731c128 100644
4324 free_unload:
4325 module_unload_free(mod);
4326 free_module:
4327 -@@ -3030,16 +3160,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
4328 +@@ -3035,16 +3160,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
4329 MODULE_STATE_COMING, mod);
4330
4331 /* Set RO and NX regions for core */
4332 @@ -69247,7 +69192,7 @@ index 9ad9ee9..731c128 100644
4333
4334 do_mod_ctors(mod);
4335 /* Start the module */
4336 -@@ -3085,11 +3215,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
4337 +@@ -3090,11 +3215,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
4338 mod->strtab = mod->core_strtab;
4339 #endif
4340 unset_module_init_ro_nx(mod);
4341 @@ -69265,7 +69210,7 @@ index 9ad9ee9..731c128 100644
4342 mutex_unlock(&module_mutex);
4343
4344 return 0;
4345 -@@ -3120,10 +3251,16 @@ static const char *get_ksymbol(struct module *mod,
4346 +@@ -3125,10 +3251,16 @@ static const char *get_ksymbol(struct module *mod,
4347 unsigned long nextval;
4348
4349 /* At worse, next value is at end of module */
4350 @@ -69285,7 +69230,7 @@ index 9ad9ee9..731c128 100644
4351
4352 /* Scan for closest preceding symbol, and next symbol. (ELF
4353 starts real symbols at 1). */
4354 -@@ -3358,7 +3495,7 @@ static int m_show(struct seq_file *m, void *p)
4355 +@@ -3363,7 +3495,7 @@ static int m_show(struct seq_file *m, void *p)
4356 char buf[8];
4357
4358 seq_printf(m, "%s %u",
4359 @@ -69294,7 +69239,7 @@ index 9ad9ee9..731c128 100644
4360 print_unload_info(m, mod);
4361
4362 /* Informative for users. */
4363 -@@ -3367,7 +3504,7 @@ static int m_show(struct seq_file *m, void *p)
4364 +@@ -3372,7 +3504,7 @@ static int m_show(struct seq_file *m, void *p)
4365 mod->state == MODULE_STATE_COMING ? "Loading":
4366 "Live");
4367 /* Used by oprofile and other similar tools. */
4368 @@ -69303,7 +69248,7 @@ index 9ad9ee9..731c128 100644
4369
4370 /* Taints info */
4371 if (mod->taints)
4372 -@@ -3403,7 +3540,17 @@ static const struct file_operations proc_modules_operations = {
4373 +@@ -3408,7 +3540,17 @@ static const struct file_operations proc_modules_operations = {
4374
4375 static int __init proc_modules_init(void)
4376 {
4377 @@ -69321,7 +69266,7 @@ index 9ad9ee9..731c128 100644
4378 return 0;
4379 }
4380 module_init(proc_modules_init);
4381 -@@ -3462,12 +3609,12 @@ struct module *__module_address(unsigned long addr)
4382 +@@ -3467,12 +3609,12 @@ struct module *__module_address(unsigned long addr)
4383 {
4384 struct module *mod;
4385
4386 @@ -69337,7 +69282,7 @@ index 9ad9ee9..731c128 100644
4387 return mod;
4388 return NULL;
4389 }
4390 -@@ -3501,11 +3648,20 @@ bool is_module_text_address(unsigned long addr)
4391 +@@ -3506,11 +3648,20 @@ bool is_module_text_address(unsigned long addr)
4392 */
4393 struct module *__module_text_address(unsigned long addr)
4394 {
4395 @@ -72090,9 +72035,18 @@ index 9ed4fd4..c42648d 100644
4396 * Make sure the vma is shared, that it supports prefaulting,
4397 * and that the remapped range is valid and fully within
4398 diff --git a/mm/highmem.c b/mm/highmem.c
4399 -index d517cd1..006a1c5 100644
4400 +index d517cd1..9568fec 100644
4401 --- a/mm/highmem.c
4402 +++ b/mm/highmem.c
4403 +@@ -98,7 +98,7 @@ struct page *kmap_to_page(void *vaddr)
4404 + {
4405 + unsigned long addr = (unsigned long)vaddr;
4406 +
4407 +- if (addr >= PKMAP_ADDR(0) && addr <= PKMAP_ADDR(LAST_PKMAP)) {
4408 ++ if (addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP)) {
4409 + int i = (addr - PKMAP_ADDR(0)) >> PAGE_SHIFT;
4410 + return pte_page(pkmap_page_table[i]);
4411 + }
4412 @@ -137,9 +137,10 @@ static void flush_all_zero_pkmaps(void)
4413 * So no dangers, even with speculative execution.
4414 */
4415 @@ -74900,7 +74854,7 @@ index d4b0c10..ed421b5 100644
4416 new->vm_region = region;
4417
4418 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
4419 -index c13ea75..081ab2c 100644
4420 +index d2d8f54..be2a87c 100644
4421 --- a/mm/page_alloc.c
4422 +++ b/mm/page_alloc.c
4423 @@ -340,7 +340,7 @@ out:
4424 @@ -75116,7 +75070,7 @@ index aa95e59..b681a63 100644
4425 struct anon_vma_chain *avc;
4426 struct anon_vma *anon_vma;
4427 diff --git a/mm/shmem.c b/mm/shmem.c
4428 -index d2eeca1..92f3123 100644
4429 +index 31e1506..dbf3647 100644
4430 --- a/mm/shmem.c
4431 +++ b/mm/shmem.c
4432 @@ -31,7 +31,7 @@
4433 @@ -75137,7 +75091,7 @@ index d2eeca1..92f3123 100644
4434
4435 struct shmem_xattr {
4436 struct list_head list; /* anchored by shmem_inode_info->xattr_list */
4437 -@@ -2207,6 +2207,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
4438 +@@ -2219,6 +2219,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
4439 static int shmem_xattr_validate(const char *name)
4440 {
4441 struct { const char *prefix; size_t len; } arr[] = {
4442 @@ -75149,7 +75103,7 @@ index d2eeca1..92f3123 100644
4443 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
4444 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
4445 };
4446 -@@ -2260,6 +2265,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
4447 +@@ -2272,6 +2277,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
4448 if (err)
4449 return err;
4450
4451 @@ -75165,7 +75119,7 @@ index d2eeca1..92f3123 100644
4452 if (size == 0)
4453 value = ""; /* empty EA, do not remove */
4454
4455 -@@ -2594,8 +2608,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
4456 +@@ -2606,8 +2620,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
4457 int err = -ENOMEM;
4458
4459 /* Round up to L1_CACHE_BYTES to resist false sharing */
4460 @@ -76354,19 +76308,6 @@ index 2bb90b1..3795e47 100644
4461 v->addr, v->addr + v->size, v->size);
4462
4463 if (v->caller)
4464 -diff --git a/mm/vmscan.c b/mm/vmscan.c
4465 -index 99b434b..a018dfc 100644
4466 ---- a/mm/vmscan.c
4467 -+++ b/mm/vmscan.c
4468 -@@ -2953,6 +2953,8 @@ static int kswapd(void *p)
4469 - &balanced_classzone_idx);
4470 - }
4471 - }
4472 -+
4473 -+ current->reclaim_state = NULL;
4474 - return 0;
4475 - }
4476 -
4477 diff --git a/mm/vmstat.c b/mm/vmstat.c
4478 index df7a674..8b4a4f3 100644
4479 --- a/mm/vmstat.c
4480 @@ -77052,7 +76993,7 @@ index 0337e2b..47914a0 100644
4481
4482 return err;
4483 diff --git a/net/core/dev.c b/net/core/dev.c
4484 -index aed87a4..72cc526 100644
4485 +index 1dce5b5..363a522 100644
4486 --- a/net/core/dev.c
4487 +++ b/net/core/dev.c
4488 @@ -1138,9 +1138,13 @@ void dev_load(struct net *net, const char *name)
4489 @@ -77096,7 +77037,7 @@ index aed87a4..72cc526 100644
4490
4491 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
4492
4493 -@@ -2928,7 +2932,7 @@ enqueue:
4494 +@@ -2930,7 +2934,7 @@ enqueue:
4495
4496 local_irq_restore(flags);
4497
4498 @@ -77105,7 +77046,7 @@ index aed87a4..72cc526 100644
4499 kfree_skb(skb);
4500 return NET_RX_DROP;
4501 }
4502 -@@ -3000,7 +3004,7 @@ int netif_rx_ni(struct sk_buff *skb)
4503 +@@ -3002,7 +3006,7 @@ int netif_rx_ni(struct sk_buff *skb)
4504 }
4505 EXPORT_SYMBOL(netif_rx_ni);
4506
4507 @@ -77114,7 +77055,7 @@ index aed87a4..72cc526 100644
4508 {
4509 struct softnet_data *sd = &__get_cpu_var(softnet_data);
4510
4511 -@@ -3331,7 +3335,7 @@ ncls:
4512 +@@ -3333,7 +3337,7 @@ ncls:
4513 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
4514 } else {
4515 drop:
4516 @@ -77123,7 +77064,7 @@ index aed87a4..72cc526 100644
4517 kfree_skb(skb);
4518 /* Jamal, now you will not able to escape explaining
4519 * me how you were going to use this. :-)
4520 -@@ -3898,7 +3902,7 @@ void netif_napi_del(struct napi_struct *napi)
4521 +@@ -3900,7 +3904,7 @@ void netif_napi_del(struct napi_struct *napi)
4522 }
4523 EXPORT_SYMBOL(netif_napi_del);
4524
4525 @@ -77132,7 +77073,7 @@ index aed87a4..72cc526 100644
4526 {
4527 struct softnet_data *sd = &__get_cpu_var(softnet_data);
4528 unsigned long time_limit = jiffies + 2;
4529 -@@ -4368,8 +4372,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
4530 +@@ -4370,8 +4374,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
4531 else
4532 seq_printf(seq, "%04x", ntohs(pt->type));
4533
4534 @@ -77146,7 +77087,7 @@ index aed87a4..72cc526 100644
4535 }
4536
4537 return 0;
4538 -@@ -5922,7 +5931,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
4539 +@@ -5924,7 +5933,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
4540 } else {
4541 netdev_stats_to_stats64(storage, &dev->stats);
4542 }
4543 @@ -77520,10 +77461,10 @@ index 8d07c97..d0812ef 100644
4544
4545 rc = qp->q.fragments && (end - start) > max;
4546 diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
4547 -index 5eea4a8..49819c2 100644
4548 +index 14bbfcf..644f472 100644
4549 --- a/net/ipv4/ip_sockglue.c
4550 +++ b/net/ipv4/ip_sockglue.c
4551 -@@ -1142,7 +1142,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
4552 +@@ -1151,7 +1151,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
4553 len = min_t(unsigned int, len, opt->optlen);
4554 if (put_user(len, optlen))
4555 return -EFAULT;
4556 @@ -77533,7 +77474,7 @@ index 5eea4a8..49819c2 100644
4557 return -EFAULT;
4558 return 0;
4559 }
4560 -@@ -1273,7 +1274,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
4561 +@@ -1282,7 +1283,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
4562 if (sk->sk_type != SOCK_STREAM)
4563 return -ENOPROTOOPT;
4564
4565 @@ -78078,10 +78019,10 @@ index b10374d..0baa1f9 100644
4566 if (ops->ndo_do_ioctl) {
4567 mm_segment_t oldfs = get_fs();
4568 diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
4569 -index ba6d13d..6899122 100644
4570 +index e02faed..9780f28 100644
4571 --- a/net/ipv6/ipv6_sockglue.c
4572 +++ b/net/ipv6/ipv6_sockglue.c
4573 -@@ -989,7 +989,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
4574 +@@ -990,7 +990,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
4575 if (sk->sk_type != SOCK_STREAM)
4576 return -ENOPROTOOPT;
4577
4578 @@ -78561,7 +78502,7 @@ index 34e4185..8823368 100644
4579 return res;
4580 }
4581 diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
4582 -index bb61f77..3788d63 100644
4583 +index 642a2a3..9dcc3dd 100644
4584 --- a/net/mac80211/ieee80211_i.h
4585 +++ b/net/mac80211/ieee80211_i.h
4586 @@ -28,6 +28,7 @@
4587 @@ -78719,7 +78660,7 @@ index c97a065..ff61928 100644
4588
4589 return p;
4590 diff --git a/net/mac80211/util.c b/net/mac80211/util.c
4591 -index 1cfe6d5..c428ba3 100644
4592 +index 7883449..17c6a9a 100644
4593 --- a/net/mac80211/util.c
4594 +++ b/net/mac80211/util.c
4595 @@ -1279,7 +1279,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
4596 @@ -83594,10 +83535,10 @@ index 0000000..a86e422
4597 +}
4598 diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
4599 new file mode 100644
4600 -index 0000000..98011fa
4601 +index 0000000..8856202
4602 --- /dev/null
4603 +++ b/tools/gcc/kernexec_plugin.c
4604 -@@ -0,0 +1,427 @@
4605 +@@ -0,0 +1,432 @@
4606 +/*
4607 + * Copyright 2011 by the PaX Team <pageexec@××××××××.hu>
4608 + * Licensed under the GPL v2
4609 @@ -83638,6 +83579,10 @@ index 0000000..98011fa
4610 +extern void print_gimple_stmt(FILE *, gimple, int, int);
4611 +extern rtx emit_move_insn(rtx x, rtx y);
4612 +
4613 ++#if BUILDING_GCC_VERSION <= 4006
4614 ++#define ANY_RETURN_P(rtx) (GET_CODE(rtx) == RETURN)
4615 ++#endif
4616 ++
4617 +int plugin_is_GPL_compatible;
4618 +
4619 +static struct plugin_info kernexec_plugin_info = {
4620 @@ -83942,6 +83887,7 @@ index 0000000..98011fa
4621 + for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
4622 + // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil))
4623 + // (jump_insn 12 9 11 2 (parallel [ (return) (unspec [ (0) ] UNSPEC_REP) ]) fptr.c:46 635 {return_internal_long} (nil))
4624 ++ // (jump_insn 97 96 98 6 (simple_return) fptr.c:50 -1 (nil) -> simple_return)
4625 + rtx body;
4626 +
4627 + // is it a retn
4628 @@ -83950,7 +83896,7 @@ index 0000000..98011fa
4629 + body = PATTERN(insn);
4630 + if (GET_CODE(body) == PARALLEL)
4631 + body = XVECEXP(body, 0, 0);
4632 -+ if (GET_CODE(body) != RETURN)
4633 ++ if (!ANY_RETURN_P(body))
4634 + continue;
4635 + kernexec_instrument_retaddr(insn);
4636 + }
4637
4638 diff --git a/3.6.7/4425-tmpfs-user-namespace.patch b/3.6.8/4425-tmpfs-user-namespace.patch
4639 similarity index 100%
4640 rename from 3.6.7/4425-tmpfs-user-namespace.patch
4641 rename to 3.6.8/4425-tmpfs-user-namespace.patch
4642
4643 diff --git a/3.6.7/4430_grsec-remove-localversion-grsec.patch b/3.6.8/4430_grsec-remove-localversion-grsec.patch
4644 similarity index 100%
4645 rename from 3.6.7/4430_grsec-remove-localversion-grsec.patch
4646 rename to 3.6.8/4430_grsec-remove-localversion-grsec.patch
4647
4648 diff --git a/3.6.7/4435_grsec-mute-warnings.patch b/3.6.8/4435_grsec-mute-warnings.patch
4649 similarity index 100%
4650 rename from 3.6.7/4435_grsec-mute-warnings.patch
4651 rename to 3.6.8/4435_grsec-mute-warnings.patch
4652
4653 diff --git a/3.6.7/4440_grsec-remove-protected-paths.patch b/3.6.8/4440_grsec-remove-protected-paths.patch
4654 similarity index 100%
4655 rename from 3.6.7/4440_grsec-remove-protected-paths.patch
4656 rename to 3.6.8/4440_grsec-remove-protected-paths.patch
4657
4658 diff --git a/3.6.7/4450_grsec-kconfig-default-gids.patch b/3.6.8/4450_grsec-kconfig-default-gids.patch
4659 similarity index 100%
4660 rename from 3.6.7/4450_grsec-kconfig-default-gids.patch
4661 rename to 3.6.8/4450_grsec-kconfig-default-gids.patch
4662
4663 diff --git a/3.6.7/4465_selinux-avc_audit-log-curr_ip.patch b/3.6.8/4465_selinux-avc_audit-log-curr_ip.patch
4664 similarity index 100%
4665 rename from 3.6.7/4465_selinux-avc_audit-log-curr_ip.patch
4666 rename to 3.6.8/4465_selinux-avc_audit-log-curr_ip.patch
4667
4668 diff --git a/3.6.7/4470_disable-compat_vdso.patch b/3.6.8/4470_disable-compat_vdso.patch
4669 similarity index 100%
4670 rename from 3.6.7/4470_disable-compat_vdso.patch
4671 rename to 3.6.8/4470_disable-compat_vdso.patch
Report Message
Find on MARC Find on Google Groups