diff options
| -rw-r--r-- | 2.6.32/0000_README | 6 | ||||
| -rw-r--r-- | 2.6.32/1053_linux-2.6.32.54.patch | 492 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201182131.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.53-201201101724.patch) | 327 | ||||
| -rw-r--r-- | 3.1.10/0000_README (renamed from 3.1.8/0000_README) | 6 | ||||
| -rw-r--r-- | 3.1.10/4420_grsecurity-2.2.2-3.1.10-201201182132.patch (renamed from 3.1.8/4420_grsecurity-2.2.2-3.1.8-201201111906.patch) | 484 | ||||
| -rw-r--r-- | 3.1.10/4421_grsec-remove-localversion-grsec.patch (renamed from 3.1.8/4421_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.1.10/4422_grsec-mute-warnings.patch (renamed from 3.1.8/4422_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.1.10/4423_grsec-remove-protected-paths.patch (renamed from 3.1.8/4423_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.1.10/4425_grsec-pax-without-grsec.patch (renamed from 3.1.8/4425_grsec-pax-without-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.1.10/4430_grsec-kconfig-default-gids.patch (renamed from 3.1.8/4430_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.1.10/4435_grsec-kconfig-gentoo.patch (renamed from 3.1.8/4435_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.1.10/4437-grsec-kconfig-proc-user.patch (renamed from 3.1.8/4437-grsec-kconfig-proc-user.patch) | 0 | ||||
| -rw-r--r-- | 3.1.10/4440_selinux-avc_audit-log-curr_ip.patch (renamed from 3.1.8/4440_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.1.10/4445_disable-compat_vdso.patch (renamed from 3.1.8/4445_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.1.8/1007_linux-3.1.8.patch | 4111 |
15 files changed, 1216 insertions, 4210 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 3369bb1..2f2c637 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -6,7 +6,11 @@ Patch: 1052_linux-2.6.32.53.patch From: http://www.kernel.org Desc: Linux 2.6.32.53 -Patch: 4420_grsecurity-2.2.2-2.6.32.53-201201101724.patch +Patch: 1053_linux-2.6.32.54.patch +From: http://www.kernel.org +Desc: Linux 2.6.32.54 + +Patch: 4420_grsecurity-2.2.2-2.6.32.54-201201182131.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/1053_linux-2.6.32.54.patch b/2.6.32/1053_linux-2.6.32.54.patch new file mode 100644 index 0000000..a66d8e8 --- /dev/null +++ b/2.6.32/1053_linux-2.6.32.54.patch @@ -0,0 +1,492 @@ +diff --git a/Documentation/HOWTO b/Documentation/HOWTO +index 8495fc9..cb0863e 100644 +--- a/Documentation/HOWTO ++++ b/Documentation/HOWTO +@@ -275,8 +275,8 @@ versions. + If no 2.6.x.y kernel is available, then the highest numbered 2.6.x + kernel is the current stable kernel. + +-2.6.x.y are maintained by the "stable" team <stable@kernel.org>, and are +-released as needs dictate. The normal release period is approximately ++2.6.x.y are maintained by the "stable" team <stable@vger.kernel.org>, and ++are released as needs dictate. The normal release period is approximately + two weeks, but it can be longer if there are no pressing problems. A + security-related problem, instead, can cause a release to happen almost + instantly. +diff --git a/Documentation/development-process/5.Posting b/Documentation/development-process/5.Posting +index f622c1e..73c36ac 100644 +--- a/Documentation/development-process/5.Posting ++++ b/Documentation/development-process/5.Posting +@@ -267,10 +267,10 @@ copies should go to: + the linux-kernel list. + + - If you are fixing a bug, think about whether the fix should go into the +- next stable update. If so, stable@kernel.org should get a copy of the +- patch. Also add a "Cc: stable@kernel.org" to the tags within the patch +- itself; that will cause the stable team to get a notification when your +- fix goes into the mainline. ++ next stable update. If so, stable@vger.kernel.org should get a copy of ++ the patch. Also add a "Cc: stable@vger.kernel.org" to the tags within ++ the patch itself; that will cause the stable team to get a notification ++ when your fix goes into the mainline. + + When selecting recipients for a patch, it is good to have an idea of who + you think will eventually accept the patch and get it merged. While it +diff --git a/Documentation/usb/usbmon.txt b/Documentation/usb/usbmon.txt +index 66f92d1..40818ff 100644 +--- a/Documentation/usb/usbmon.txt ++++ b/Documentation/usb/usbmon.txt +@@ -43,10 +43,11 @@ This allows to filter away annoying devices that talk continuously. + + 2. Find which bus connects to the desired device + +-Run "cat /proc/bus/usb/devices", and find the T-line which corresponds to +-the device. Usually you do it by looking for the vendor string. If you have +-many similar devices, unplug one and compare two /proc/bus/usb/devices outputs. +-The T-line will have a bus number. Example: ++Run "cat /sys/kernel/debug/usb/devices", and find the T-line which corresponds ++to the device. Usually you do it by looking for the vendor string. If you have ++many similar devices, unplug one and compare the two ++/sys/kernel/debug/usb/devices outputs. The T-line will have a bus number. ++Example: + + T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=12 MxCh= 0 + D: Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs= 1 +@@ -54,7 +55,10 @@ P: Vendor=0557 ProdID=2004 Rev= 1.00 + S: Manufacturer=ATEN + S: Product=UC100KM V2.00 + +-Bus=03 means it's bus 3. ++"Bus=03" means it's bus 3. Alternatively, you can look at the output from ++"lsusb" and get the bus number from the appropriate line. Example: ++ ++Bus 003 Device 002: ID 0557:2004 ATEN UC100KM V2.00 + + 3. Start 'cat' + +diff --git a/MAINTAINERS b/MAINTAINERS +index ea3302f..613da5d 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -5010,7 +5010,7 @@ F: arch/alpha/kernel/srm_env.c + + STABLE BRANCH + M: Greg Kroah-Hartman <greg@kroah.com> +-L: stable@kernel.org ++L: stable@vger.kernel.org + S: Maintained + + STAGING SUBSYSTEM +diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c +index e0e6570..f6872f9 100644 +--- a/drivers/base/firmware_class.c ++++ b/drivers/base/firmware_class.c +@@ -161,13 +161,13 @@ static ssize_t firmware_loading_store(struct device *dev, + int loading = simple_strtol(buf, NULL, 10); + int i; + ++ mutex_lock(&fw_lock); ++ ++ if (!fw_priv->fw) ++ goto out; ++ + switch (loading) { + case 1: +- mutex_lock(&fw_lock); +- if (!fw_priv->fw) { +- mutex_unlock(&fw_lock); +- break; +- } + firmware_free_data(fw_priv->fw); + memset(fw_priv->fw, 0, sizeof(struct firmware)); + /* If the pages are not owned by 'struct firmware' */ +@@ -178,7 +178,6 @@ static ssize_t firmware_loading_store(struct device *dev, + fw_priv->page_array_size = 0; + fw_priv->nr_pages = 0; + set_bit(FW_STATUS_LOADING, &fw_priv->status); +- mutex_unlock(&fw_lock); + break; + case 0: + if (test_bit(FW_STATUS_LOADING, &fw_priv->status)) { +@@ -209,7 +208,8 @@ static ssize_t firmware_loading_store(struct device *dev, + fw_load_abort(fw_priv); + break; + } +- ++out: ++ mutex_unlock(&fw_lock); + return count; + } + +diff --git a/drivers/net/usb/asix.c b/drivers/net/usb/asix.c +index 73123486..e794b39 100644 +--- a/drivers/net/usb/asix.c ++++ b/drivers/net/usb/asix.c +@@ -339,7 +339,7 @@ static int asix_rx_fixup(struct usbnet *dev, struct sk_buff *skb) + + skb_pull(skb, (size + 1) & 0xfffe); + +- if (skb->len == 0) ++ if (skb->len < sizeof(header)) + break; + + head = (u8 *) skb->data; +@@ -1522,6 +1522,10 @@ static const struct usb_device_id products [] = { + // ASIX 88772a + USB_DEVICE(0x0db0, 0xa877), + .driver_info = (unsigned long) &ax88772_info, ++}, { ++ // Asus USB Ethernet Adapter ++ USB_DEVICE (0x0b95, 0x7e2b), ++ .driver_info = (unsigned long) &ax88772_info, + }, + { }, // END + }; +diff --git a/drivers/scsi/device_handler/scsi_dh.c b/drivers/scsi/device_handler/scsi_dh.c +index bfec4fa..2d04d61 100644 +--- a/drivers/scsi/device_handler/scsi_dh.c ++++ b/drivers/scsi/device_handler/scsi_dh.c +@@ -432,7 +432,12 @@ int scsi_dh_activate(struct request_queue *q) + + spin_lock_irqsave(q->queue_lock, flags); + sdev = q->queuedata; +- if (sdev && sdev->scsi_dh_data) ++ if (!sdev) { ++ spin_unlock_irqrestore(q->queue_lock, flags); ++ return SCSI_DH_NOSYS; ++ } ++ ++ if (sdev->scsi_dh_data) + scsi_dh = sdev->scsi_dh_data->scsi_dh; + if (!scsi_dh || !get_device(&sdev->sdev_gendev)) + err = SCSI_DH_NOSYS; +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c +index cec9bff..653f853 100644 +--- a/drivers/usb/class/cdc-acm.c ++++ b/drivers/usb/class/cdc-acm.c +@@ -1264,6 +1264,8 @@ made_compressed_probe: + i = device_create_file(&intf->dev, &dev_attr_wCountryCodes); + if (i < 0) { + kfree(acm->country_codes); ++ acm->country_codes = NULL; ++ acm->country_code_size = 0; + goto skip_countries; + } + +@@ -1272,6 +1274,8 @@ made_compressed_probe: + if (i < 0) { + device_remove_file(&intf->dev, &dev_attr_wCountryCodes); + kfree(acm->country_codes); ++ acm->country_codes = NULL; ++ acm->country_code_size = 0; + goto skip_countries; + } + } +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c +index e163df9..4923702 100644 +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -114,9 +114,12 @@ static const struct usb_device_id usb_quirk_list[] = { + { USB_DEVICE(0x06a3, 0x0006), .driver_info = + USB_QUIRK_CONFIG_INTF_STRINGS }, + +- /* Guillemot Webcam Hercules Dualpix Exchange*/ ++ /* Guillemot Webcam Hercules Dualpix Exchange (2nd ID) */ + { USB_DEVICE(0x06f8, 0x0804), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* Guillemot Webcam Hercules Dualpix Exchange*/ ++ { USB_DEVICE(0x06f8, 0x3005), .driver_info = USB_QUIRK_RESET_RESUME }, ++ + /* M-Systems Flash Disk Pioneers */ + { USB_DEVICE(0x08ec, 0x1000), .driver_info = USB_QUIRK_RESET_RESUME }, + +diff --git a/drivers/usb/misc/isight_firmware.c b/drivers/usb/misc/isight_firmware.c +index b897f65..6199f12 100644 +--- a/drivers/usb/misc/isight_firmware.c ++++ b/drivers/usb/misc/isight_firmware.c +@@ -54,8 +54,9 @@ static int isight_firmware_load(struct usb_interface *intf, + + ptr = firmware->data; + ++ buf[0] = 0x01; + if (usb_control_msg +- (dev, usb_sndctrlpipe(dev, 0), 0xa0, 0x40, 0xe600, 0, "\1", 1, ++ (dev, usb_sndctrlpipe(dev, 0), 0xa0, 0x40, 0xe600, 0, buf, 1, + 300) != 1) { + printk(KERN_ERR + "Failed to initialise isight firmware loader\n"); +@@ -99,8 +100,9 @@ static int isight_firmware_load(struct usb_interface *intf, + } + } + ++ buf[0] = 0x00; + if (usb_control_msg +- (dev, usb_sndctrlpipe(dev, 0), 0xa0, 0x40, 0xe600, 0, "\0", 1, ++ (dev, usb_sndctrlpipe(dev, 0), 0xa0, 0x40, 0xe600, 0, buf, 1, + 300) != 1) { + printk(KERN_ERR "isight firmware loading completion failed\n"); + ret = -ENODEV; +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index f77908b..8dcaf42 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -94,6 +94,7 @@ static struct usb_device_id id_table [] = { + { USB_DEVICE(0x10C4, 0x818B) }, /* AVIT Research USB to TTL */ + { USB_DEVICE(0x10C4, 0x819F) }, /* MJS USB Toslink Switcher */ + { USB_DEVICE(0x10C4, 0x81A6) }, /* ThinkOptics WavIt */ ++ { USB_DEVICE(0x10C4, 0x81A9) }, /* Multiplex RC Interface */ + { USB_DEVICE(0x10C4, 0x81AC) }, /* MSD Dash Hawk */ + { USB_DEVICE(0x10C4, 0x81AD) }, /* INSYS USB Modem */ + { USB_DEVICE(0x10C4, 0x81C8) }, /* Lipowsky Industrie Elektronik GmbH, Baby-JTAG */ +diff --git a/drivers/usb/serial/omninet.c b/drivers/usb/serial/omninet.c +index 0622650..c116bd9 100644 +--- a/drivers/usb/serial/omninet.c ++++ b/drivers/usb/serial/omninet.c +@@ -317,7 +317,7 @@ static int omninet_write_room(struct tty_struct *tty) + int room = 0; /* Default: no room */ + + /* FIXME: no consistent locking for write_urb_busy */ +- if (wport->write_urb_busy) ++ if (!wport->write_urb_busy) + room = wport->bulk_out_size - OMNINET_HEADERLEN; + + dbg("%s - returns %d", __func__, room); +diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c +index 33197fa..6ce1095 100644 +--- a/drivers/usb/storage/usb.c ++++ b/drivers/usb/storage/usb.c +@@ -1025,6 +1025,7 @@ static struct usb_driver usb_storage_driver = { + .post_reset = usb_stor_post_reset, + .id_table = usb_storage_usb_ids, + .soft_unbind = 1, ++ .no_dynamic_id = 1, + }; + + static int __init usb_stor_init(void) +diff --git a/drivers/video/offb.c b/drivers/video/offb.c +index b043ac8..dbc8274 100644 +--- a/drivers/video/offb.c ++++ b/drivers/video/offb.c +@@ -100,36 +100,32 @@ static int offb_setcolreg(u_int regno, u_int red, u_int green, u_int blue, + u_int transp, struct fb_info *info) + { + struct offb_par *par = (struct offb_par *) info->par; +- int i, depth; +- u32 *pal = info->pseudo_palette; +- +- depth = info->var.bits_per_pixel; +- if (depth == 16) +- depth = (info->var.green.length == 5) ? 15 : 16; +- +- if (regno > 255 || +- (depth == 16 && regno > 63) || +- (depth == 15 && regno > 31)) +- return 1; +- +- if (regno < 16) { +- switch (depth) { +- case 15: +- pal[regno] = (regno << 10) | (regno << 5) | regno; +- break; +- case 16: +- pal[regno] = (regno << 11) | (regno << 5) | regno; +- break; +- case 24: +- pal[regno] = (regno << 16) | (regno << 8) | regno; +- break; +- case 32: +- i = (regno << 8) | regno; +- pal[regno] = (i << 16) | i; +- break; ++ ++ if (info->fix.visual == FB_VISUAL_TRUECOLOR) { ++ u32 *pal = info->pseudo_palette; ++ u32 cr = red >> (16 - info->var.red.length); ++ u32 cg = green >> (16 - info->var.green.length); ++ u32 cb = blue >> (16 - info->var.blue.length); ++ u32 value; ++ ++ if (regno >= 16) ++ return -EINVAL; ++ ++ value = (cr << info->var.red.offset) | ++ (cg << info->var.green.offset) | ++ (cb << info->var.blue.offset); ++ if (info->var.transp.length > 0) { ++ u32 mask = (1 << info->var.transp.length) - 1; ++ mask <<= info->var.transp.offset; ++ value |= mask; + } ++ pal[regno] = value; ++ return 0; + } + ++ if (regno > 255) ++ return -EINVAL; ++ + red >>= 8; + green >>= 8; + blue >>= 8; +@@ -381,7 +377,7 @@ static void __init offb_init_fb(const char *name, const char *full_name, + int pitch, unsigned long address, + int foreign_endian, struct device_node *dp) + { +- unsigned long res_size = pitch * height * (depth + 7) / 8; ++ unsigned long res_size = pitch * height; + struct offb_par *par = &default_par; + unsigned long res_start = address; + struct fb_fix_screeninfo *fix; +diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c +index f0ad05f..7cb1285 100644 +--- a/fs/reiserfs/super.c ++++ b/fs/reiserfs/super.c +@@ -445,16 +445,20 @@ int remove_save_link(struct inode *inode, int truncate) + static void reiserfs_kill_sb(struct super_block *s) + { + if (REISERFS_SB(s)) { +- if (REISERFS_SB(s)->xattr_root) { +- d_invalidate(REISERFS_SB(s)->xattr_root); +- dput(REISERFS_SB(s)->xattr_root); +- REISERFS_SB(s)->xattr_root = NULL; +- } +- if (REISERFS_SB(s)->priv_root) { +- d_invalidate(REISERFS_SB(s)->priv_root); +- dput(REISERFS_SB(s)->priv_root); +- REISERFS_SB(s)->priv_root = NULL; +- } ++ /* ++ * Force any pending inode evictions to occur now. Any ++ * inodes to be removed that have extended attributes ++ * associated with them need to clean them up before ++ * we can release the extended attribute root dentries. ++ * shrink_dcache_for_umount will BUG if we don't release ++ * those before it's called so ->put_super is too late. ++ */ ++ shrink_dcache_sb(s); ++ ++ dput(REISERFS_SB(s)->xattr_root); ++ REISERFS_SB(s)->xattr_root = NULL; ++ dput(REISERFS_SB(s)->priv_root); ++ REISERFS_SB(s)->priv_root = NULL; + } + + kill_block_super(s); +@@ -1149,7 +1153,8 @@ static void handle_quota_files(struct super_block *s, char **qf_names, + kfree(REISERFS_SB(s)->s_qf_names[i]); + REISERFS_SB(s)->s_qf_names[i] = qf_names[i]; + } +- REISERFS_SB(s)->s_jquota_fmt = *qfmt; ++ if (*qfmt) ++ REISERFS_SB(s)->s_jquota_fmt = *qfmt; + } + #endif + +diff --git a/fs/xfs/linux-2.6/xfs_acl.c b/fs/xfs/linux-2.6/xfs_acl.c +index 4c7b145..ad60d61 100644 +--- a/fs/xfs/linux-2.6/xfs_acl.c ++++ b/fs/xfs/linux-2.6/xfs_acl.c +@@ -37,9 +37,11 @@ xfs_acl_from_disk(struct xfs_acl *aclp) + struct posix_acl_entry *acl_e; + struct posix_acl *acl; + struct xfs_acl_entry *ace; +- int count, i; ++ unsigned int count, i; + + count = be32_to_cpu(aclp->acl_cnt); ++ if (count > XFS_ACL_MAX_ENTRIES) ++ return ERR_PTR(-EFSCORRUPTED); + + acl = posix_acl_alloc(count, GFP_KERNEL); + if (!acl) +diff --git a/kernel/cpu.c b/kernel/cpu.c +index 7e8b6ac..3f2f04f 100644 +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -14,6 +14,7 @@ + #include <linux/kthread.h> + #include <linux/stop_machine.h> + #include <linux/mutex.h> ++#include <linux/suspend.h> + + #ifdef CONFIG_SMP + /* Serializes the updates to cpu_online_mask, cpu_present_mask */ +@@ -442,6 +443,79 @@ static int alloc_frozen_cpus(void) + return 0; + } + core_initcall(alloc_frozen_cpus); ++ ++/* ++ * Prevent regular CPU hotplug from racing with the freezer, by disabling CPU ++ * hotplug when tasks are about to be frozen. Also, don't allow the freezer ++ * to continue until any currently running CPU hotplug operation gets ++ * completed. ++ * To modify the 'cpu_hotplug_disabled' flag, we need to acquire the ++ * 'cpu_add_remove_lock'. And this same lock is also taken by the regular ++ * CPU hotplug path and released only after it is complete. Thus, we ++ * (and hence the freezer) will block here until any currently running CPU ++ * hotplug operation gets completed. ++ */ ++void cpu_hotplug_disable_before_freeze(void) ++{ ++ cpu_maps_update_begin(); ++ cpu_hotplug_disabled = 1; ++ cpu_maps_update_done(); ++} ++ ++ ++/* ++ * When tasks have been thawed, re-enable regular CPU hotplug (which had been ++ * disabled while beginning to freeze tasks). ++ */ ++void cpu_hotplug_enable_after_thaw(void) ++{ ++ cpu_maps_update_begin(); ++ cpu_hotplug_disabled = 0; ++ cpu_maps_update_done(); ++} ++ ++/* ++ * When callbacks for CPU hotplug notifications are being executed, we must ++ * ensure that the state of the system with respect to the tasks being frozen ++ * or not, as reported by the notification, remains unchanged *throughout the ++ * duration* of the execution of the callbacks. ++ * Hence we need to prevent the freezer from racing with regular CPU hotplug. ++ * ++ * This synchronization is implemented by mutually excluding regular CPU ++ * hotplug and Suspend/Hibernate call paths by hooking onto the Suspend/ ++ * Hibernate notifications. ++ */ ++static int ++cpu_hotplug_pm_callback(struct notifier_block *nb, ++ unsigned long action, void *ptr) ++{ ++ switch (action) { ++ ++ case PM_SUSPEND_PREPARE: ++ case PM_HIBERNATION_PREPARE: ++ cpu_hotplug_disable_before_freeze(); ++ break; ++ ++ case PM_POST_SUSPEND: ++ case PM_POST_HIBERNATION: ++ cpu_hotplug_enable_after_thaw(); ++ break; ++ ++ default: ++ return NOTIFY_DONE; ++ } ++ ++ return NOTIFY_OK; ++} ++ ++ ++int cpu_hotplug_pm_sync_init(void) ++{ ++ pm_notifier(cpu_hotplug_pm_callback, 0); ++ return 0; ++} ++core_initcall(cpu_hotplug_pm_sync_init); ++ + #endif /* CONFIG_PM_SLEEP_SMP */ + + /** diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.53-201201101724.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201182131.patch index c8f7239..8e8325c 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.53-201201101724.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201182131.patch @@ -185,7 +185,7 @@ index c840e7d..f4c451c 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 8472e43..c5792be 100644 +index e480d8c..c7b2c86 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -27299,10 +27299,18 @@ index a847046..75a1746 100644 .store = elv_attr_store, }; diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 1d5a780..0e2fb8c 100644 +index 1d5a780..d85b6c2 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c -@@ -220,8 +220,20 @@ EXPORT_SYMBOL(blk_verify_command); +@@ -24,6 +24,7 @@ + #include <linux/capability.h> + #include <linux/completion.h> + #include <linux/cdrom.h> ++#include <linux/ratelimit.h> + #include <linux/slab.h> + #include <linux/times.h> + #include <asm/uaccess.h> +@@ -220,8 +221,20 @@ EXPORT_SYMBOL(blk_verify_command); static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, struct sg_io_hdr *hdr, fmode_t mode) { @@ -27324,7 +27332,7 @@ index 1d5a780..0e2fb8c 100644 if (blk_verify_command(rq->cmd, mode & FMODE_WRITE)) return -EPERM; -@@ -430,6 +442,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -430,6 +443,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, int err; unsigned int in_len, out_len, bytes, opcode, cmdlen; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; @@ -27333,7 +27341,7 @@ index 1d5a780..0e2fb8c 100644 if (!sic) return -EINVAL; -@@ -463,9 +477,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -463,9 +478,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, */ err = -EFAULT; rq->cmd_len = cmdlen; @@ -27353,6 +27361,67 @@ index 1d5a780..0e2fb8c 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +@@ -689,7 +713,59 @@ int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mod + } + EXPORT_SYMBOL(scsi_cmd_ioctl); + +-int __init blk_scsi_ioctl_init(void) ++int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd) ++{ ++ if (bd && bd == bd->bd_contains) ++ return 0; ++ ++ /* Actually none of these is particularly useful on a partition, ++ * but they are safe. ++ */ ++ switch (cmd) { ++ case SCSI_IOCTL_GET_IDLUN: ++ case SCSI_IOCTL_GET_BUS_NUMBER: ++ case SCSI_IOCTL_GET_PCI: ++ case SCSI_IOCTL_PROBE_HOST: ++ case SG_GET_VERSION_NUM: ++ case SG_SET_TIMEOUT: ++ case SG_GET_TIMEOUT: ++ case SG_GET_RESERVED_SIZE: ++ case SG_SET_RESERVED_SIZE: ++ case SG_EMULATED_HOST: ++ return 0; ++ case CDROM_GET_CAPABILITY: ++ /* Keep this until we remove the printk below. udev sends it ++ * and we do not want to spam dmesg about it. CD-ROMs do ++ * not have partitions, so we get here only for disks. ++ */ ++ return -ENOIOCTLCMD; ++ default: ++ break; ++ } ++ ++ /* In particular, rule out all resets and host-specific ioctls. */ ++ if (printk_ratelimit()) ++ printk(KERN_WARNING "%s: sending ioctl %x to a partition!\n", ++ current->comm, cmd); ++ ++ return capable(CAP_SYS_RAWIO) ? 0 : -ENOIOCTLCMD; ++} ++EXPORT_SYMBOL(scsi_verify_blk_ioctl); ++ ++int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode, ++ unsigned int cmd, void __user *arg) ++{ ++ int ret; ++ ++ ret = scsi_verify_blk_ioctl(bd, cmd); ++ if (ret < 0) ++ return ret; ++ ++ return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg); ++} ++EXPORT_SYMBOL(scsi_cmd_blk_ioctl); ++ ++static int __init blk_scsi_ioctl_init(void) + { + blk_set_cmd_filter_defaults(&blk_default_cmd_filter); + return 0; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 3533582..f143117 100644 --- a/crypto/cryptd.c @@ -30383,7 +30452,7 @@ index eb4fa19..1954777 100644 DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) + sizeof(DAC960_SCSI_Inquiry_T) + diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index ca9c548..ca6899c 100644 +index ca9c548..7e2e3f3 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -1011,6 +1011,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, @@ -30395,6 +30464,27 @@ index ca9c548..ca6899c 100644 err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, +@@ -1583,7 +1585,7 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode, + return status; + } + +- /* scsi_cmd_ioctl handles these, below, though some are not */ ++ /* scsi_cmd_blk_ioctl handles these, below, though some are not */ + /* very meaningful for cciss. SG_IO is the main one people want. */ + + case SG_GET_VERSION_NUM: +@@ -1594,9 +1596,9 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode, + case SG_EMULATED_HOST: + case SG_IO: + case SCSI_IOCTL_SEND_COMMAND: +- return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp); ++ return scsi_cmd_blk_ioctl(bdev, mode, cmd, argp); + +- /* scsi_cmd_ioctl would normally handle these, below, but */ ++ /* scsi_cmd_blk_ioctl would normally handle these, below, but */ + /* they aren't a good fit for cciss, as CD-ROMs are */ + /* not supported, and we don't have any bus/target/lun */ + /* which we present to the kernel. */ @@ -2852,7 +2854,7 @@ static unsigned long pollcomplete(int ctlr) /* Wait (up to 20 seconds) for a command to complete */ @@ -30698,6 +30788,55 @@ index a5d585d..d087be3 100644 .show = kobj_pkt_show, .store = kobj_pkt_store }; +diff --git a/drivers/block/ub.c b/drivers/block/ub.c +index c739b20..c6ac1b2 100644 +--- a/drivers/block/ub.c ++++ b/drivers/block/ub.c +@@ -1726,10 +1726,9 @@ static int ub_bd_release(struct gendisk *disk, fmode_t mode) + static int ub_bd_ioctl(struct block_device *bdev, fmode_t mode, + unsigned int cmd, unsigned long arg) + { +- struct gendisk *disk = bdev->bd_disk; + void __user *usermem = (void __user *) arg; + +- return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, usermem); ++ return scsi_cmd_blk_ioctl(bdev, mode, cmd, usermem); + } + + /* +diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c +index 51042f0ba7..44d019b 100644 +--- a/drivers/block/virtio_blk.c ++++ b/drivers/block/virtio_blk.c +@@ -200,8 +200,8 @@ static int virtblk_ioctl(struct block_device *bdev, fmode_t mode, + if (!virtio_has_feature(vblk->vdev, VIRTIO_BLK_F_SCSI)) + return -ENOTTY; + +- return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, +- (void __user *)data); ++ return scsi_cmd_blk_ioctl(bdev, mode, cmd, ++ (void __user *)data); + } + + /* We provide getgeo only to please some old bootloader/partitioning tools */ +diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c +index 614da5b..59cccc9 100644 +--- a/drivers/cdrom/cdrom.c ++++ b/drivers/cdrom/cdrom.c +@@ -2684,12 +2684,11 @@ int cdrom_ioctl(struct cdrom_device_info *cdi, struct block_device *bdev, + { + void __user *argp = (void __user *)arg; + int ret; +- struct gendisk *disk = bdev->bd_disk; + + /* + * Try the generic SCSI command ioctl's first. + */ +- ret = scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp); ++ ret = scsi_cmd_blk_ioctl(bdev, mode, cmd, argp); + if (ret != -ENOTTY) + return ret; + diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig index 6aad99e..89cd142 100644 --- a/drivers/char/Kconfig @@ -32680,7 +32819,7 @@ index ba14553..182d0bb 100644 DRM_ERROR("Device busy: %d\n", atomic_read(&dev->ioctl_count)); diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c -index 8bf3770..7942280 100644 +index 8bf3770..79422805 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -83,11 +83,11 @@ drm_gem_init(struct drm_device *dev) @@ -34285,6 +34424,20 @@ index fefbdfc..62ff465 100644 ide_debug_log(IDE_DBG_FUNC, "enter"); drive->bios_cyl = 0; +diff --git a/drivers/ide/ide-floppy_ioctl.c b/drivers/ide/ide-floppy_ioctl.c +index 9c22882..05f024c 100644 +--- a/drivers/ide/ide-floppy_ioctl.c ++++ b/drivers/ide/ide-floppy_ioctl.c +@@ -287,8 +287,7 @@ int ide_floppy_ioctl(ide_drive_t *drive, struct block_device *bdev, + * and CDROM_SEND_PACKET (legacy) ioctls + */ + if (cmd != CDROM_SEND_PACKET && cmd != SCSI_IOCTL_SEND_COMMAND) +- err = scsi_cmd_ioctl(bdev->bd_disk->queue, bdev->bd_disk, +- mode, cmd, argp); ++ err = scsi_cmd_blk_ioctl(bdev, mode, cmd, argp); + + if (err == -ENOTTY) + err = generic_ide_ioctl(drive, bdev, cmd, arg); diff --git a/drivers/ide/ide-pci-generic.c b/drivers/ide/ide-pci-generic.c index 39d4e01..11538ce 100644 --- a/drivers/ide/ide-pci-generic.c @@ -34798,6 +34951,30 @@ index a5dea6b..0cefe8f 100644 .show = cm_show_counter }; +diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c +index 8fd3a6f..61d8075 100644 +--- a/drivers/infiniband/core/cma.c ++++ b/drivers/infiniband/core/cma.c +@@ -2267,6 +2267,9 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv, + + req.private_data_len = sizeof(struct cma_hdr) + + conn_param->private_data_len; ++ if (req.private_data_len < conn_param->private_data_len) ++ return -EINVAL; ++ + req.private_data = kzalloc(req.private_data_len, GFP_ATOMIC); + if (!req.private_data) + return -ENOMEM; +@@ -2314,6 +2317,9 @@ static int cma_connect_ib(struct rdma_id_private *id_priv, + memset(&req, 0, sizeof req); + offset = cma_user_data_offset(id_priv->id.ps); + req.private_data_len = offset + conn_param->private_data_len; ++ if (req.private_data_len < conn_param->private_data_len) ++ return -EINVAL; ++ + private_data = kzalloc(req.private_data_len, GFP_ATOMIC); + if (!private_data) + return -ENOMEM; diff --git a/drivers/infiniband/core/fmr_pool.c b/drivers/infiniband/core/fmr_pool.c index 4507043..14ad522 100644 --- a/drivers/infiniband/core/fmr_pool.c @@ -41435,6 +41612,51 @@ index 21a045e..ec89e03 100644 dev_set_name(&rport->dev, "port-%d:%d", shost->host_no, id); transport_setup_device(&rport->dev); +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c +index 568d363..fd8145f 100644 +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -817,6 +817,10 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode, + SCSI_LOG_IOCTL(1, printk("sd_ioctl: disk=%s, cmd=0x%x\n", + disk->disk_name, cmd)); + ++ error = scsi_verify_blk_ioctl(bdev, cmd); ++ if (error < 0) ++ return error; ++ + /* + * If we are in the middle of error recovery, don't let anyone + * else try and use this device. Also, if error recovery fails, it +@@ -838,7 +842,7 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode, + case SCSI_IOCTL_GET_BUS_NUMBER: + return scsi_ioctl(sdp, cmd, p); + default: +- error = scsi_cmd_ioctl(disk->queue, disk, mode, cmd, p); ++ error = scsi_cmd_blk_ioctl(bdev, mode, cmd, p); + if (error != -ENOTTY) + return error; + } +@@ -996,6 +1000,11 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, + unsigned int cmd, unsigned long arg) + { + struct scsi_device *sdev = scsi_disk(bdev->bd_disk)->device; ++ int ret; ++ ++ ret = scsi_verify_blk_ioctl(bdev, cmd); ++ if (ret < 0) ++ return ret; + + /* + * If we are in the middle of error recovery, don't let anyone +@@ -1007,8 +1016,6 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, + return -ENODEV; + + if (sdev->host->hostt->compat_ioctl) { +- int ret; +- + ret = sdev->host->hostt->compat_ioctl(sdev, cmd, (void __user *)arg); + + return ret; diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 040f751..98a5ed2 100644 --- a/drivers/scsi/sg.c @@ -51815,7 +52037,7 @@ index 2e09588..596421d 100644 if (host_err < 0) diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c -index f6af760..d6b2b83 100644 +index f6af760..d0adf34 100644 --- a/fs/nilfs2/ioctl.c +++ b/fs/nilfs2/ioctl.c @@ -480,7 +480,7 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp, @@ -51827,6 +52049,16 @@ index f6af760..d6b2b83 100644 sizeof(struct nilfs_vdesc), sizeof(struct nilfs_period), sizeof(__u64), +@@ -522,6 +522,9 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp, + if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment) + goto out_free; + ++ if (argv[n].v_nmembs >= UINT_MAX / argv[n].v_size) ++ goto out_free; ++ + len = argv[n].v_size * argv[n].v_nmembs; + base = (void __user *)(unsigned long)argv[n].v_base; + if (len == 0) { diff --git a/fs/notify/dnotify/dnotify.c b/fs/notify/dnotify/dnotify.c index 7e54e52..9337248 100644 --- a/fs/notify/dnotify/dnotify.c @@ -53841,10 +54073,10 @@ index d036ee5..4c7dca1 100644 if (inode) { /* Do we count quotas for item? */ diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c -index f0ad05f..af3306f 100644 +index 7cb1285..c726cd0 100644 --- a/fs/reiserfs/super.c +++ b/fs/reiserfs/super.c -@@ -912,6 +912,8 @@ static int reiserfs_parse_options(struct super_block *s, char *options, /* strin +@@ -916,6 +916,8 @@ static int reiserfs_parse_options(struct super_block *s, char *options, /* strin {.option_name = NULL} }; @@ -63406,10 +63638,10 @@ index 0000000..472c1d6 +} diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c new file mode 100644 -index 0000000..dc73fe9 +index 0000000..c648492 --- /dev/null +++ b/grsecurity/grsec_sig.c -@@ -0,0 +1,205 @@ +@@ -0,0 +1,206 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/delay.h> @@ -63444,7 +63676,8 @@ index 0000000..dc73fe9 +gr_handle_signal(const struct task_struct *p, const int sig) +{ +#ifdef CONFIG_GRKERNSEC -+ if (current->pid > 1 && gr_check_protected_task(p)) { ++ /* ignore the 0 signal for protected task checks */ ++ if (current->pid > 1 && sig && gr_check_protected_task(p)) { + gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig); + return -EPERM; + } else if (gr_pid_is_chrooted((struct task_struct *)p)) { @@ -65401,10 +65634,20 @@ index a3d802e..482f69c 100644 int hasvdso; }; diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index a06bfab..4fa38bb 100644 +index a06bfab..a2906d2 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1278,7 +1278,7 @@ struct block_device_operations { +@@ -777,6 +777,9 @@ extern void blk_plug_device(struct request_queue *); + extern void blk_plug_device_unlocked(struct request_queue *); + extern int blk_remove_plug(struct request_queue *); + extern void blk_recount_segments(struct request_queue *, struct bio *); ++extern int scsi_verify_blk_ioctl(struct block_device *, unsigned int); ++extern int scsi_cmd_blk_ioctl(struct block_device *, fmode_t, ++ unsigned int, void __user *); + extern int scsi_cmd_ioctl(struct request_queue *, struct gendisk *, fmode_t, + unsigned int, void __user *); + extern int sg_scsi_ioctl(struct request_queue *, struct gendisk *, fmode_t, +@@ -1278,7 +1281,7 @@ struct block_device_operations { int (*revalidate_disk) (struct gendisk *); int (*getgeo)(struct block_device *, struct hd_geometry *); struct module *owner; @@ -70690,7 +70933,7 @@ index a6605ca..ca91111 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 5feed23..513b02c 100644 +index 5feed23..48415fd 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -110,7 +110,7 @@ u32 audit_sig_sid = 0; @@ -70742,10 +70985,37 @@ index 5feed23..513b02c 100644 break; } case AUDIT_TTY_SET: { +@@ -1262,12 +1264,13 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, + avail = audit_expand(ab, + max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail)); + if (!avail) +- goto out; ++ goto out_va_end; + len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2); + } +- va_end(args2); + if (len > 0) + skb_put(skb, len); ++out_va_end: ++ va_end(args2); + out: + return; + } diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 267e484..f8e295a 100644 +index 267e484..ac41bc3 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c +@@ -1157,8 +1157,8 @@ static void audit_log_execve_info(struct audit_context *context, + struct audit_buffer **ab, + struct audit_aux_data_execve *axi) + { +- int i; +- size_t len, len_sent = 0; ++ int i, len; ++ size_t len_sent = 0; + const char __user *p; + char *buf; + @@ -2113,7 +2113,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } @@ -70986,10 +71256,10 @@ index abaee68..047facd 100644 return -ENOMEM; diff --git a/kernel/cpu.c b/kernel/cpu.c -index 7e8b6ac..8921388 100644 +index 3f2f04f..4e53ded 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c -@@ -19,7 +19,7 @@ +@@ -20,7 +20,7 @@ /* Serializes the updates to cpu_online_mask, cpu_present_mask */ static DEFINE_MUTEX(cpu_add_remove_lock); @@ -72854,10 +73124,23 @@ index 67578ca..4115fbf 100644 static inline void mutex_clear_owner(struct mutex *lock) diff --git a/kernel/panic.c b/kernel/panic.c -index 96b45d0..45c447a 100644 +index 96b45d0..ff70a46 100644 --- a/kernel/panic.c +++ b/kernel/panic.c -@@ -352,7 +352,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, struc +@@ -71,7 +71,11 @@ NORET_TYPE void panic(const char * fmt, ...) + va_end(args); + printk(KERN_EMERG "Kernel panic - not syncing: %s\n",buf); + #ifdef CONFIG_DEBUG_BUGVERBOSE +- dump_stack(); ++ /* ++ * Avoid nested stack-dumping if a panic occurs during oops processing ++ */ ++ if (!oops_in_progress) ++ dump_stack(); + #endif + + /* +@@ -352,7 +356,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, struc const char *board; printk(KERN_WARNING "------------[ cut here ]------------\n"); @@ -72866,7 +73149,7 @@ index 96b45d0..45c447a 100644 board = dmi_get_system_info(DMI_PRODUCT_NAME); if (board) printk(KERN_WARNING "Hardware name: %s\n", board); -@@ -392,7 +392,8 @@ EXPORT_SYMBOL(warn_slowpath_null); +@@ -392,7 +396,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { diff --git a/3.1.8/0000_README b/3.1.10/0000_README index 9148cab..c6d0fe6 100644 --- a/3.1.8/0000_README +++ b/3.1.10/0000_README @@ -2,11 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1007_linux-3.1.8.patch -From: http://www.kernel.org -Desc: Linux 3.1.8 - -Patch: 4420_grsecurity-2.2.2-3.1.8-201201111906.patch +Patch: 4420_grsecurity-2.2.2-3.1.10-201201182132.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.1.8/4420_grsecurity-2.2.2-3.1.8-201201111906.patch b/3.1.10/4420_grsecurity-2.2.2-3.1.10-201201182132.patch index 990a964..2f087ff 100644 --- a/3.1.8/4420_grsecurity-2.2.2-3.1.8-201201111906.patch +++ b/3.1.10/4420_grsecurity-2.2.2-3.1.10-201201182132.patch @@ -186,7 +186,7 @@ index d6e6724..a024ce8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 64a2e76..5b86280 100644 +index 7c8f52a..371cd76 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -22983,7 +22983,7 @@ index d87dd6d..bf3fa66 100644 pte = kmemcheck_pte_lookup(address); diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c -index 1dab519..60a7e5f 100644 +index f927429..39c2947 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -49,7 +49,7 @@ static unsigned int stack_maxrandom_size(void) @@ -24949,10 +24949,18 @@ index 7b72502..646105c 100644 err = -EFAULT; goto out; diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 4f4230b..0feae9a 100644 +index 4f4230b..2ac96e7 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c -@@ -222,8 +222,20 @@ EXPORT_SYMBOL(blk_verify_command); +@@ -24,6 +24,7 @@ + #include <linux/capability.h> + #include <linux/completion.h> + #include <linux/cdrom.h> ++#include <linux/ratelimit.h> + #include <linux/slab.h> + #include <linux/times.h> + #include <asm/uaccess.h> +@@ -222,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command); static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, struct sg_io_hdr *hdr, fmode_t mode) { @@ -24974,7 +24982,7 @@ index 4f4230b..0feae9a 100644 if (blk_verify_command(rq->cmd, mode & FMODE_WRITE)) return -EPERM; -@@ -432,6 +444,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -432,6 +445,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, int err; unsigned int in_len, out_len, bytes, opcode, cmdlen; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; @@ -24983,7 +24991,7 @@ index 4f4230b..0feae9a 100644 if (!sic) return -EINVAL; -@@ -465,9 +479,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -465,9 +480,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, */ err = -EFAULT; rq->cmd_len = cmdlen; @@ -25003,6 +25011,64 @@ index 4f4230b..0feae9a 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +@@ -691,6 +715,57 @@ int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mod + } + EXPORT_SYMBOL(scsi_cmd_ioctl); + ++int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd) ++{ ++ if (bd && bd == bd->bd_contains) ++ return 0; ++ ++ /* Actually none of these is particularly useful on a partition, ++ * but they are safe. ++ */ ++ switch (cmd) { ++ case SCSI_IOCTL_GET_IDLUN: ++ case SCSI_IOCTL_GET_BUS_NUMBER: ++ case SCSI_IOCTL_GET_PCI: ++ case SCSI_IOCTL_PROBE_HOST: ++ case SG_GET_VERSION_NUM: ++ case SG_SET_TIMEOUT: ++ case SG_GET_TIMEOUT: ++ case SG_GET_RESERVED_SIZE: ++ case SG_SET_RESERVED_SIZE: ++ case SG_EMULATED_HOST: ++ return 0; ++ case CDROM_GET_CAPABILITY: ++ /* Keep this until we remove the printk below. udev sends it ++ * and we do not want to spam dmesg about it. CD-ROMs do ++ * not have partitions, so we get here only for disks. ++ */ ++ return -ENOIOCTLCMD; ++ default: ++ break; ++ } ++ ++ /* In particular, rule out all resets and host-specific ioctls. */ ++ printk_ratelimited(KERN_WARNING ++ "%s: sending ioctl %x to a partition!\n", current->comm, cmd); ++ ++ return capable(CAP_SYS_RAWIO) ? 0 : -ENOIOCTLCMD; ++} ++EXPORT_SYMBOL(scsi_verify_blk_ioctl); ++ ++int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode, ++ unsigned int cmd, void __user *arg) ++{ ++ int ret; ++ ++ ret = scsi_verify_blk_ioctl(bd, cmd); ++ if (ret < 0) ++ return ret; ++ ++ return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg); ++} ++EXPORT_SYMBOL(scsi_cmd_blk_ioctl); ++ + static int __init blk_scsi_ioctl_init(void) + { + blk_set_cmd_filter_defaults(&blk_default_cmd_filter); diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 671d4d6..5f24030 100644 --- a/crypto/cryptd.c @@ -25397,7 +25463,7 @@ index 9307141..d8521bf 100644 "UTP", "05?", "06?", "07?", /* 4- 7 */ "TAXI","09?", "10?", "11?", /* 8-11 */ diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c -index 5072f8a..fa52520 100644 +index 5072f8a..fa52520d 100644 --- a/drivers/atm/firestream.c +++ b/drivers/atm/firestream.c @@ -750,7 +750,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q) @@ -26312,7 +26378,7 @@ index e086fbb..398e1fe 100644 DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) + sizeof(DAC960_SCSI_Inquiry_T) + diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index c2f9b3e..5911988 100644 +index c2f9b3e..11b8693 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -1179,6 +1179,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, @@ -26324,6 +26390,27 @@ index c2f9b3e..5911988 100644 err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, +@@ -1716,7 +1718,7 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode, + case CCISS_BIG_PASSTHRU: + return cciss_bigpassthru(h, argp); + +- /* scsi_cmd_ioctl handles these, below, though some are not */ ++ /* scsi_cmd_blk_ioctl handles these, below, though some are not */ + /* very meaningful for cciss. SG_IO is the main one people want. */ + + case SG_GET_VERSION_NUM: +@@ -1727,9 +1729,9 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode, + case SG_EMULATED_HOST: + case SG_IO: + case SCSI_IOCTL_SEND_COMMAND: +- return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp); ++ return scsi_cmd_blk_ioctl(bdev, mode, cmd, argp); + +- /* scsi_cmd_ioctl would normally handle these, below, but */ ++ /* scsi_cmd_blk_ioctl would normally handle these, below, but */ + /* they aren't a good fit for cciss, as CD-ROMs are */ + /* not supported, and we don't have any bus/target/lun */ + /* which we present to the kernel. */ @@ -2986,7 +2988,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); @@ -26869,6 +26956,57 @@ index f533f33..6177bcb 100644 switch (cmd) { case NBD_DISCONNECT: { struct request sreq; +diff --git a/drivers/block/ub.c b/drivers/block/ub.c +index 0e376d4..7333b9e 100644 +--- a/drivers/block/ub.c ++++ b/drivers/block/ub.c +@@ -1744,12 +1744,11 @@ static int ub_bd_release(struct gendisk *disk, fmode_t mode) + static int ub_bd_ioctl(struct block_device *bdev, fmode_t mode, + unsigned int cmd, unsigned long arg) + { +- struct gendisk *disk = bdev->bd_disk; + void __user *usermem = (void __user *) arg; + int ret; + + mutex_lock(&ub_mutex); +- ret = scsi_cmd_ioctl(disk->queue, disk, mode, cmd, usermem); ++ ret = scsi_cmd_blk_ioctl(bdev, mode, cmd, usermem); + mutex_unlock(&ub_mutex); + + return ret; +diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c +index 079c088..5d7a934 100644 +--- a/drivers/block/virtio_blk.c ++++ b/drivers/block/virtio_blk.c +@@ -236,8 +236,8 @@ static int virtblk_ioctl(struct block_device *bdev, fmode_t mode, + if (!virtio_has_feature(vblk->vdev, VIRTIO_BLK_F_SCSI)) + return -ENOTTY; + +- return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, +- (void __user *)data); ++ return scsi_cmd_blk_ioctl(bdev, mode, cmd, ++ (void __user *)data); + } + + /* We provide getgeo only to please some old bootloader/partitioning tools */ +diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c +index f997c27..cedb231 100644 +--- a/drivers/cdrom/cdrom.c ++++ b/drivers/cdrom/cdrom.c +@@ -2747,12 +2747,11 @@ int cdrom_ioctl(struct cdrom_device_info *cdi, struct block_device *bdev, + { + void __user *argp = (void __user *)arg; + int ret; +- struct gendisk *disk = bdev->bd_disk; + + /* + * Try the generic SCSI command ioctl's first. + */ +- ret = scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp); ++ ret = scsi_cmd_blk_ioctl(bdev, mode, cmd, argp); + if (ret != -ENOTTY) + return ret; + diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig index 423fd56..06d3be0 100644 --- a/drivers/char/Kconfig @@ -28777,10 +28915,10 @@ index a098edc..d001c09 100644 return false; diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index b51e157..8f14fb9 100644 +index 50d105a..355cf8d 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -684,7 +684,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -29199,7 +29337,7 @@ index c72f1c0..18376f1 100644 vga_put(pdev, io_state); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index f26ae31..721fe1b 100644 +index e9c8f80..427d61e 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1951,7 +1951,7 @@ static bool hid_ignore(struct hid_device *hdev) @@ -29592,6 +29730,20 @@ index 61fdf54..2834ea6 100644 ide_debug_log(IDE_DBG_FUNC, "enter"); drive->bios_cyl = 0; +diff --git a/drivers/ide/ide-floppy_ioctl.c b/drivers/ide/ide-floppy_ioctl.c +index d267b7a..a22ca84 100644 +--- a/drivers/ide/ide-floppy_ioctl.c ++++ b/drivers/ide/ide-floppy_ioctl.c +@@ -292,8 +292,7 @@ int ide_floppy_ioctl(ide_drive_t *drive, struct block_device *bdev, + * and CDROM_SEND_PACKET (legacy) ioctls + */ + if (cmd != CDROM_SEND_PACKET && cmd != SCSI_IOCTL_SEND_COMMAND) +- err = scsi_cmd_ioctl(bdev->bd_disk->queue, bdev->bd_disk, +- mode, cmd, argp); ++ err = scsi_cmd_blk_ioctl(bdev, mode, cmd, argp); + + if (err == -ENOTTY) + err = generic_ide_ioctl(drive, bdev, cmd, arg); diff --git a/drivers/ide/ide-pci-generic.c b/drivers/ide/ide-pci-generic.c index a743e68..1cfd674 100644 --- a/drivers/ide/ide-pci-generic.c @@ -31590,10 +31742,10 @@ index 0a309dc..7e01d7f 100644 struct mdk_personality diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index d9587df..83a0dc3 100644 +index 606fc04..f1ff8dc 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1541,7 +1541,7 @@ static int fix_sync_read_error(r1bio_t *r1_bio) +@@ -1550,7 +1550,7 @@ static int fix_sync_read_error(r1bio_t *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -31602,7 +31754,7 @@ index d9587df..83a0dc3 100644 } sectors -= s; sect += s; -@@ -1754,7 +1754,7 @@ static void fix_read_error(conf_t *conf, int read_disk, +@@ -1763,7 +1763,7 @@ static void fix_read_error(conf_t *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -31866,6 +32018,19 @@ index ba91735..4261d84 100644 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, +diff --git a/drivers/media/dvb/frontends/ds3000.c b/drivers/media/dvb/frontends/ds3000.c +index 90bf573..e8463da 100644 +--- a/drivers/media/dvb/frontends/ds3000.c ++++ b/drivers/media/dvb/frontends/ds3000.c +@@ -1210,7 +1210,7 @@ static int ds3000_set_frontend(struct dvb_frontend *fe, + + for (i = 0; i < 30 ; i++) { + ds3000_read_status(fe, &status); +- if (status && FE_HAS_LOCK) ++ if (status & FE_HAS_LOCK) + break; + + msleep(10); diff --git a/drivers/media/dvb/frontends/mb86a16.c b/drivers/media/dvb/frontends/mb86a16.c index c283112..7f367a7 100644 --- a/drivers/media/dvb/frontends/mb86a16.c @@ -36785,6 +36950,51 @@ index 21a045e..ec89e03 100644 dev_set_name(&rport->dev, "port-%d:%d", shost->host_no, id); transport_setup_device(&rport->dev); +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c +index 953773c..c7f29de 100644 +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -1073,6 +1073,10 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode, + SCSI_LOG_IOCTL(1, printk("sd_ioctl: disk=%s, cmd=0x%x\n", + disk->disk_name, cmd)); + ++ error = scsi_verify_blk_ioctl(bdev, cmd); ++ if (error < 0) ++ return error; ++ + /* + * If we are in the middle of error recovery, don't let anyone + * else try and use this device. Also, if error recovery fails, it +@@ -1095,7 +1099,7 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode, + error = scsi_ioctl(sdp, cmd, p); + break; + default: +- error = scsi_cmd_ioctl(disk->queue, disk, mode, cmd, p); ++ error = scsi_cmd_blk_ioctl(bdev, mode, cmd, p); + if (error != -ENOTTY) + break; + error = scsi_ioctl(sdp, cmd, p); +@@ -1265,6 +1269,11 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, + unsigned int cmd, unsigned long arg) + { + struct scsi_device *sdev = scsi_disk(bdev->bd_disk)->device; ++ int ret; ++ ++ ret = scsi_verify_blk_ioctl(bdev, cmd); ++ if (ret < 0) ++ return ret; + + /* + * If we are in the middle of error recovery, don't let anyone +@@ -1276,8 +1285,6 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, + return -ENODEV; + + if (sdev->host->hostt->compat_ioctl) { +- int ret; +- + ret = sdev->host->hostt->compat_ioctl(sdev, cmd, (void __user *)arg); + + return ret; diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 909ed9e..1ae290a 100644 --- a/drivers/scsi/sg.c @@ -47518,6 +47728,32 @@ index 9fde1c0..14e8827 100644 fanotify_event_metadata.event_len)) goto out_kill_access_response; +diff --git a/fs/notify/mark.c b/fs/notify/mark.c +index e14587d..f104d56 100644 +--- a/fs/notify/mark.c ++++ b/fs/notify/mark.c +@@ -135,9 +135,6 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark) + + mark->flags &= ~FSNOTIFY_MARK_FLAG_ALIVE; + +- /* 1 from caller and 1 for being on i_list/g_list */ +- BUG_ON(atomic_read(&mark->refcnt) < 2); +- + spin_lock(&group->mark_lock); + + if (mark->flags & FSNOTIFY_MARK_FLAG_INODE) { +@@ -182,6 +179,11 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark) + iput(inode); + + /* ++ * We don't necessarily have a ref on mark from caller so the above iput ++ * may have already destroyed it. Don't touch from now on. ++ */ ++ ++ /* + * it's possible that this group tried to destroy itself, but this + * this mark was simultaneously being freed by inode. If that's the + * case, we finish freeing the group here. diff --git a/fs/notify/notification.c b/fs/notify/notification.c index ee18815..7aa5d01 100644 --- a/fs/notify/notification.c @@ -49307,10 +49543,10 @@ index 313d39d..3a5811b 100644 if (inode) { /* Do we count quotas for item? */ diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c -index 14363b9..dd95a04 100644 +index 5e3527b..e55e569 100644 --- a/fs/reiserfs/super.c +++ b/fs/reiserfs/super.c -@@ -927,6 +927,8 @@ static int reiserfs_parse_options(struct super_block *s, char *options, /* strin +@@ -931,6 +931,8 @@ static int reiserfs_parse_options(struct super_block *s, char *options, /* strin {.option_name = NULL} }; @@ -49660,10 +49896,10 @@ index a7ac78f..02158e1 100644 free_page((unsigned long)page); } diff --git a/fs/udf/inode.c b/fs/udf/inode.c -index 1d1358e..408bedb 100644 +index 262050f..d2df565 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c -@@ -560,6 +560,8 @@ static struct buffer_head *inode_getblk(struct inode *inode, sector_t block, +@@ -576,6 +576,8 @@ static struct buffer_head *inode_getblk(struct inode *inode, sector_t block, int goal = 0, pgoal = iinfo->i_location.logicalBlockNum; int lastblock = 0; @@ -58659,10 +58895,10 @@ index 0000000..472c1d6 +} diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c new file mode 100644 -index 0000000..cf090b3 +index 0000000..7a5b2de --- /dev/null +++ b/grsecurity/grsec_sig.c -@@ -0,0 +1,206 @@ +@@ -0,0 +1,207 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/delay.h> @@ -58697,7 +58933,8 @@ index 0000000..cf090b3 +gr_handle_signal(const struct task_struct *p, const int sig) +{ +#ifdef CONFIG_GRKERNSEC -+ if (current->pid > 1 && gr_check_protected_task(p)) { ++ /* ignore the 0 signal for protected task checks */ ++ if (current->pid > 1 && sig && gr_check_protected_task(p)) { + gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig); + return -EPERM; + } else if (gr_pid_is_chrooted((struct task_struct *)p)) { @@ -60341,10 +60578,20 @@ index fd88a39..f4d0bad 100644 }; diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 5e30b45..5fdcf66 100644 +index 5e30b45..5b41b49 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1318,7 +1318,7 @@ struct block_device_operations { +@@ -675,6 +675,9 @@ extern int blk_insert_cloned_request(struct request_queue *q, + struct request *rq); + extern void blk_delay_queue(struct request_queue *, unsigned long); + extern void blk_recount_segments(struct request_queue *, struct bio *); ++extern int scsi_verify_blk_ioctl(struct block_device *, unsigned int); ++extern int scsi_cmd_blk_ioctl(struct block_device *, fmode_t, ++ unsigned int, void __user *); + extern int scsi_cmd_ioctl(struct request_queue *, struct gendisk *, fmode_t, + unsigned int, void __user *); + extern int sg_scsi_ioctl(struct request_queue *, struct gendisk *, fmode_t, +@@ -1318,7 +1321,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -64605,7 +64852,7 @@ index d627783..693a9f3 100644 Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). diff --git a/init/do_mounts.c b/init/do_mounts.c -index c0851a8..4f8977d 100644 +index ef6478f..fdb0d8a 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -287,11 +287,11 @@ static void __init get_fs_names(char *page) @@ -64622,7 +64869,7 @@ index c0851a8..4f8977d 100644 ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev; printk(KERN_INFO "VFS: Mounted root (%s filesystem)%s on device %u:%u.\n", -@@ -383,18 +383,18 @@ void __init change_floppy(char *fmt, ...) +@@ -410,18 +410,18 @@ void __init change_floppy(char *fmt, ...) va_start(args, fmt); vsprintf(buf, fmt, args); va_end(args); @@ -64644,7 +64891,7 @@ index c0851a8..4f8977d 100644 termios.c_lflag |= ICANON; sys_ioctl(fd, TCSETSF, (long)&termios); sys_close(fd); -@@ -488,6 +488,6 @@ void __init prepare_namespace(void) +@@ -515,6 +515,6 @@ void __init prepare_namespace(void) mount_root(); out: devtmpfs_mount("dev"); @@ -65216,7 +65463,7 @@ index fa7eb3d..7faf116 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 0a1355c..dca420f 100644 +index 0a1355c..9359745 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -115,7 +115,7 @@ u32 audit_sig_sid = 0; @@ -65255,10 +65502,37 @@ index 0a1355c..dca420f 100644 status_set.backlog = skb_queue_len(&audit_skb_queue); audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, &status_set, sizeof(status_set)); +@@ -1260,12 +1260,13 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, + avail = audit_expand(ab, + max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail)); + if (!avail) +- goto out; ++ goto out_va_end; + len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2); + } +- va_end(args2); + if (len > 0) + skb_put(skb, len); ++out_va_end: ++ va_end(args2); + out: + return; + } diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index ce4b054..8139ed7 100644 +index ce4b054..aaa419e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c +@@ -1166,8 +1166,8 @@ static void audit_log_execve_info(struct audit_context *context, + struct audit_buffer **ab, + struct audit_aux_data_execve *axi) + { +- int i; +- size_t len, len_sent = 0; ++ int i, len; ++ size_t len_sent = 0; + const char __user *p; + char *buf; + @@ -2118,7 +2118,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } @@ -65342,7 +65616,7 @@ index 283c529..36ac81e 100644 * nsown_capable - Check superior capability to one's own user_ns * @cap: The capability in question diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index b7ab0b8..b3a88d2 100644 +index e4cbdfb..191bec4 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -595,6 +595,8 @@ static struct css_set *find_css_set( @@ -65548,7 +65822,7 @@ index 42e8fa0..9e7406b 100644 return -ENOMEM; diff --git a/kernel/cred.c b/kernel/cred.c -index 8ef31f5..a4a483a 100644 +index 8ef31f5..7957d07 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -158,6 +158,8 @@ static void put_cred_rcu(struct rcu_head *rcu) @@ -65730,7 +66004,7 @@ index 8ef31f5..a4a483a 100644 + } + + __commit_creds(t, ncred); -+ } ++ } + read_unlock(&tasklist_lock); + rcu_read_unlock(); + } @@ -67706,10 +67980,23 @@ index b91941d..0871d60 100644 atomic_set(&pd->refcnt, 0); pd->pinst = pinst; diff --git a/kernel/panic.c b/kernel/panic.c -index d7bb697..9ef9f19 100644 +index d7bb697..0ff55cc 100644 --- a/kernel/panic.c +++ b/kernel/panic.c -@@ -371,7 +371,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, +@@ -78,7 +78,11 @@ NORET_TYPE void panic(const char * fmt, ...) + va_end(args); + printk(KERN_EMERG "Kernel panic - not syncing: %s\n",buf); + #ifdef CONFIG_DEBUG_BUGVERBOSE +- dump_stack(); ++ /* ++ * Avoid nested stack-dumping if a panic occurs during oops processing ++ */ ++ if (!oops_in_progress) ++ dump_stack(); + #endif + + /* +@@ -371,7 +375,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, const char *board; printk(KERN_WARNING "------------[ cut here ]------------\n"); @@ -67718,7 +68005,7 @@ index d7bb697..9ef9f19 100644 board = dmi_get_system_info(DMI_PRODUCT_NAME); if (board) printk(KERN_WARNING "Hardware name: %s\n", board); -@@ -426,7 +426,8 @@ EXPORT_SYMBOL(warn_slowpath_null); +@@ -426,7 +430,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { @@ -70276,10 +70563,10 @@ index f2f1ca1..0645f06 100644 from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. diff --git a/mm/filemap.c b/mm/filemap.c -index b91f3aa..d0ac1d4 100644 +index 0eedbf8..b108990 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -1784,7 +1784,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1770,7 +1770,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -70288,7 +70575,7 @@ index b91f3aa..d0ac1d4 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; vma->vm_flags |= VM_CAN_NONLINEAR; -@@ -2187,6 +2187,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2173,6 +2173,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -73863,7 +74150,7 @@ index bf39181..727f7a3 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 7c54fe8..ce9940d 100644 +index f73234d..ce9940d 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -208,7 +208,7 @@ struct track { @@ -73884,19 +74171,7 @@ index 7c54fe8..ce9940d 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2077,6 +2077,11 @@ static void *__slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, - goto new_slab; - } - -+ /* must check again c->freelist in case of cpu migration or IRQ */ -+ object = c->freelist; -+ if (object) -+ goto load_freelist; -+ - stat(s, ALLOC_SLOWPATH); - - do { -@@ -2456,6 +2461,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) +@@ -2461,6 +2461,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) page = virt_to_head_page(x); @@ -73905,7 +74180,7 @@ index 7c54fe8..ce9940d 100644 slab_free(s, page, x, _RET_IP_); trace_kmem_cache_free(_RET_IP_, x); -@@ -2489,7 +2496,7 @@ static int slub_min_objects; +@@ -2494,7 +2496,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -73914,7 +74189,7 @@ index 7c54fe8..ce9940d 100644 /* * Calculate the order of allocation given an slab object size. -@@ -2912,7 +2919,7 @@ static int kmem_cache_open(struct kmem_cache *s, +@@ -2917,7 +2919,7 @@ static int kmem_cache_open(struct kmem_cache *s, * list to avoid pounding the page allocator excessively. */ set_min_partial(s, ilog2(s->size)); @@ -73923,7 +74198,7 @@ index 7c54fe8..ce9940d 100644 #ifdef CONFIG_NUMA s->remote_node_defrag_ratio = 1000; #endif -@@ -3017,8 +3024,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) +@@ -3022,8 +3024,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) void kmem_cache_destroy(struct kmem_cache *s) { down_write(&slub_lock); @@ -73933,7 +74208,7 @@ index 7c54fe8..ce9940d 100644 list_del(&s->list); if (kmem_cache_close(s)) { printk(KERN_ERR "SLUB %s: %s called for cache that " -@@ -3228,6 +3234,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3233,6 +3234,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -73984,7 +74259,7 @@ index 7c54fe8..ce9940d 100644 size_t ksize(const void *object) { struct page *page; -@@ -3502,7 +3552,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) +@@ -3507,7 +3552,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) int node; list_add(&s->list, &slab_caches); @@ -73993,7 +74268,7 @@ index 7c54fe8..ce9940d 100644 for_each_node_state(node, N_NORMAL_MEMORY) { struct kmem_cache_node *n = get_node(s, node); -@@ -3619,17 +3669,17 @@ void __init kmem_cache_init(void) +@@ -3624,17 +3669,17 @@ void __init kmem_cache_init(void) /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <= 32) { @@ -74014,7 +74289,7 @@ index 7c54fe8..ce9940d 100644 caches++; } -@@ -3697,7 +3747,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3702,7 +3747,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -74023,7 +74298,7 @@ index 7c54fe8..ce9940d 100644 return 1; return 0; -@@ -3756,7 +3806,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3761,7 +3806,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, down_write(&slub_lock); s = find_mergeable(size, align, flags, name, ctor); if (s) { @@ -74032,7 +74307,7 @@ index 7c54fe8..ce9940d 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3765,7 +3815,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3770,7 +3815,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -74041,7 +74316,7 @@ index 7c54fe8..ce9940d 100644 goto err; } up_write(&slub_lock); -@@ -3893,7 +3943,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -3898,7 +3943,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -74050,7 +74325,7 @@ index 7c54fe8..ce9940d 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4280,12 +4330,12 @@ static void resiliency_test(void) +@@ -4285,12 +4330,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -74065,7 +74340,7 @@ index 7c54fe8..ce9940d 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4495,7 +4545,7 @@ SLAB_ATTR_RO(ctor); +@@ -4500,7 +4545,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -74074,7 +74349,7 @@ index 7c54fe8..ce9940d 100644 } SLAB_ATTR_RO(aliases); -@@ -5025,6 +5075,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5030,6 +5075,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -74082,7 +74357,7 @@ index 7c54fe8..ce9940d 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5087,6 +5138,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5092,6 +5138,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -74090,7 +74365,7 @@ index 7c54fe8..ce9940d 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5100,6 +5152,7 @@ struct saved_alias { +@@ -5105,6 +5152,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -74098,7 +74373,7 @@ index 7c54fe8..ce9940d 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5122,6 +5175,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5127,6 +5175,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -74106,7 +74381,7 @@ index 7c54fe8..ce9940d 100644 static int __init slab_sysfs_init(void) { -@@ -5257,7 +5311,13 @@ static const struct file_operations proc_slabinfo_operations = { +@@ -5262,7 +5311,13 @@ static const struct file_operations proc_slabinfo_operations = { static int __init slab_proc_init(void) { @@ -79765,7 +80040,7 @@ index 08408bd..67e6e78 100644 }; extern struct ima_h_table ima_htable; diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c -index da36d2c..e1e1965 100644 +index 5335605..abcd9b7 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -75,7 +75,7 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, @@ -79777,6 +80052,25 @@ index da36d2c..e1e1965 100644 entry = kmalloc(sizeof(*entry), GFP_KERNEL); if (!entry) { +diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c +index c5c5a72..2ad942f 100644 +--- a/security/integrity/ima/ima_audit.c ++++ b/security/integrity/ima/ima_audit.c +@@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, + audit_log_format(ab, " name="); + audit_log_untrustedstring(ab, fname); + } +- if (inode) +- audit_log_format(ab, " dev=%s ino=%lu", +- inode->i_sb->s_id, inode->i_ino); ++ if (inode) { ++ audit_log_format(ab, " dev="); ++ audit_log_untrustedstring(ab, inode->i_sb->s_id); ++ audit_log_format(ab, " ino=%lu", inode->i_ino); ++ } + audit_log_format(ab, " res=%d", !result ? 0 : 1); + audit_log_end(ab); + } diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index ef21b96..d53e674 100644 --- a/security/integrity/ima/ima_fs.c @@ -79797,10 +80091,10 @@ index ef21b96..d53e674 100644 } diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c -index 8e28f04..d5951b1 100644 +index 55a6271..ad829c3 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c -@@ -79,7 +79,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) +@@ -81,7 +81,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) INIT_LIST_HEAD(&qe->later); list_add_tail_rcu(&qe->later, &ima_measurements); @@ -79885,6 +80179,54 @@ index 30e242f..ec111ab 100644 goto error; buflen -= tmp; +diff --git a/security/lsm_audit.c b/security/lsm_audit.c +index 893af8a..ba9237c 100644 +--- a/security/lsm_audit.c ++++ b/security/lsm_audit.c +@@ -234,10 +234,11 @@ static void dump_common_audit_data(struct audit_buffer *ab, + audit_log_d_path(ab, "path=", &a->u.path); + + inode = a->u.path.dentry->d_inode; +- if (inode) +- audit_log_format(ab, " dev=%s ino=%lu", +- inode->i_sb->s_id, +- inode->i_ino); ++ if (inode) { ++ audit_log_format(ab, " dev="); ++ audit_log_untrustedstring(ab, inode->i_sb->s_id); ++ audit_log_format(ab, " ino=%lu", inode->i_ino); ++ } + break; + } + case LSM_AUDIT_DATA_DENTRY: { +@@ -247,10 +248,11 @@ static void dump_common_audit_data(struct audit_buffer *ab, + audit_log_untrustedstring(ab, a->u.dentry->d_name.name); + + inode = a->u.dentry->d_inode; +- if (inode) +- audit_log_format(ab, " dev=%s ino=%lu", +- inode->i_sb->s_id, +- inode->i_ino); ++ if (inode) { ++ audit_log_format(ab, " dev="); ++ audit_log_untrustedstring(ab, inode->i_sb->s_id); ++ audit_log_format(ab, " ino=%lu", inode->i_ino); ++ } + break; + } + case LSM_AUDIT_DATA_INODE: { +@@ -265,8 +267,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, + dentry->d_name.name); + dput(dentry); + } +- audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id, +- inode->i_ino); ++ audit_log_format(ab, " dev="); ++ audit_log_untrustedstring(ab, inode->i_sb->s_id); ++ audit_log_format(ab, " ino=%lu", inode->i_ino); + break; + } + case LSM_AUDIT_DATA_TASK: diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c diff --git a/3.1.8/4421_grsec-remove-localversion-grsec.patch b/3.1.10/4421_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.1.8/4421_grsec-remove-localversion-grsec.patch +++ b/3.1.10/4421_grsec-remove-localversion-grsec.patch diff --git a/3.1.8/4422_grsec-mute-warnings.patch b/3.1.10/4422_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.1.8/4422_grsec-mute-warnings.patch +++ b/3.1.10/4422_grsec-mute-warnings.patch diff --git a/3.1.8/4423_grsec-remove-protected-paths.patch b/3.1.10/4423_grsec-remove-protected-paths.patch index 4afb3e2..4afb3e2 100644 --- a/3.1.8/4423_grsec-remove-protected-paths.patch +++ b/3.1.10/4423_grsec-remove-protected-paths.patch diff --git a/3.1.8/4425_grsec-pax-without-grsec.patch b/3.1.10/4425_grsec-pax-without-grsec.patch index 3511545..3511545 100644 --- a/3.1.8/4425_grsec-pax-without-grsec.patch +++ b/3.1.10/4425_grsec-pax-without-grsec.patch diff --git a/3.1.8/4430_grsec-kconfig-default-gids.patch b/3.1.10/4430_grsec-kconfig-default-gids.patch index 243fbd5..243fbd5 100644 --- a/3.1.8/4430_grsec-kconfig-default-gids.patch +++ b/3.1.10/4430_grsec-kconfig-default-gids.patch diff --git a/3.1.8/4435_grsec-kconfig-gentoo.patch b/3.1.10/4435_grsec-kconfig-gentoo.patch index 9ff2fe7..9ff2fe7 100644 --- a/3.1.8/4435_grsec-kconfig-gentoo.patch +++ b/3.1.10/4435_grsec-kconfig-gentoo.patch diff --git a/3.1.8/4437-grsec-kconfig-proc-user.patch b/3.1.10/4437-grsec-kconfig-proc-user.patch index 54b2678..54b2678 100644 --- a/3.1.8/4437-grsec-kconfig-proc-user.patch +++ b/3.1.10/4437-grsec-kconfig-proc-user.patch diff --git a/3.1.8/4440_selinux-avc_audit-log-curr_ip.patch b/3.1.10/4440_selinux-avc_audit-log-curr_ip.patch index 9c38cfc..9c38cfc 100644 --- a/3.1.8/4440_selinux-avc_audit-log-curr_ip.patch +++ b/3.1.10/4440_selinux-avc_audit-log-curr_ip.patch diff --git a/3.1.8/4445_disable-compat_vdso.patch b/3.1.10/4445_disable-compat_vdso.patch index 737dcca..737dcca 100644 --- a/3.1.8/4445_disable-compat_vdso.patch +++ b/3.1.10/4445_disable-compat_vdso.patch diff --git a/3.1.8/1007_linux-3.1.8.patch b/3.1.8/1007_linux-3.1.8.patch deleted file mode 100644 index 5e3020a..0000000 --- a/3.1.8/1007_linux-3.1.8.patch +++ /dev/null @@ -1,4111 +0,0 @@ -diff --git a/Makefile b/Makefile -index 96c48df..64a2e76 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 1 --SUBLEVEL = 7 -+SUBLEVEL = 8 - EXTRAVERSION = - NAME = "Divemaster Edition" - -diff --git a/arch/arm/mach-omap2/board-rx51-peripherals.c b/arch/arm/mach-omap2/board-rx51-peripherals.c -index 5a886cd..73a6a5b 100644 ---- a/arch/arm/mach-omap2/board-rx51-peripherals.c -+++ b/arch/arm/mach-omap2/board-rx51-peripherals.c -@@ -193,7 +193,7 @@ static struct platform_device rx51_charger_device = { - static void __init rx51_charger_init(void) - { - WARN_ON(gpio_request_one(RX51_USB_TRANSCEIVER_RST_GPIO, -- GPIOF_OUT_INIT_LOW, "isp1704_reset")); -+ GPIOF_OUT_INIT_HIGH, "isp1704_reset")); - - platform_device_register(&rx51_charger_device); - } -diff --git a/arch/arm/oprofile/common.c b/arch/arm/oprofile/common.c -index c074e66..4e0a371 100644 ---- a/arch/arm/oprofile/common.c -+++ b/arch/arm/oprofile/common.c -@@ -116,7 +116,7 @@ int __init oprofile_arch_init(struct oprofile_operations *ops) - return oprofile_perf_init(ops); - } - --void __exit oprofile_arch_exit(void) -+void oprofile_arch_exit(void) - { - oprofile_perf_exit(); - } -diff --git a/arch/arm/plat-mxc/pwm.c b/arch/arm/plat-mxc/pwm.c -index 761c3c9..8d4fdb0 100644 ---- a/arch/arm/plat-mxc/pwm.c -+++ b/arch/arm/plat-mxc/pwm.c -@@ -32,6 +32,9 @@ - #define MX3_PWMSAR 0x0C /* PWM Sample Register */ - #define MX3_PWMPR 0x10 /* PWM Period Register */ - #define MX3_PWMCR_PRESCALER(x) (((x - 1) & 0xFFF) << 4) -+#define MX3_PWMCR_DOZEEN (1 << 24) -+#define MX3_PWMCR_WAITEN (1 << 23) -+#define MX3_PWMCR_DBGEN (1 << 22) - #define MX3_PWMCR_CLKSRC_IPG_HIGH (2 << 16) - #define MX3_PWMCR_CLKSRC_IPG (1 << 16) - #define MX3_PWMCR_EN (1 << 0) -@@ -74,10 +77,21 @@ int pwm_config(struct pwm_device *pwm, int duty_ns, int period_ns) - do_div(c, period_ns); - duty_cycles = c; - -+ /* -+ * according to imx pwm RM, the real period value should be -+ * PERIOD value in PWMPR plus 2. -+ */ -+ if (period_cycles > 2) -+ period_cycles -= 2; -+ else -+ period_cycles = 0; -+ - writel(duty_cycles, pwm->mmio_base + MX3_PWMSAR); - writel(period_cycles, pwm->mmio_base + MX3_PWMPR); - -- cr = MX3_PWMCR_PRESCALER(prescale) | MX3_PWMCR_EN; -+ cr = MX3_PWMCR_PRESCALER(prescale) | -+ MX3_PWMCR_DOZEEN | MX3_PWMCR_WAITEN | -+ MX3_PWMCR_DBGEN | MX3_PWMCR_EN; - - if (cpu_is_mx25()) - cr |= MX3_PWMCR_CLKSRC_IPG; -diff --git a/arch/s390/oprofile/init.c b/arch/s390/oprofile/init.c -index 6efc18b..bd58b72 100644 ---- a/arch/s390/oprofile/init.c -+++ b/arch/s390/oprofile/init.c -@@ -88,7 +88,7 @@ static ssize_t hwsampler_write(struct file *file, char const __user *buf, - return -EINVAL; - - retval = oprofilefs_ulong_from_user(&val, buf, count); -- if (retval) -+ if (retval <= 0) - return retval; - - if (oprofile_started) -diff --git a/arch/sh/oprofile/common.c b/arch/sh/oprofile/common.c -index b4c2d2b..e4dd5d5 100644 ---- a/arch/sh/oprofile/common.c -+++ b/arch/sh/oprofile/common.c -@@ -49,7 +49,7 @@ int __init oprofile_arch_init(struct oprofile_operations *ops) - return oprofile_perf_init(ops); - } - --void __exit oprofile_arch_exit(void) -+void oprofile_arch_exit(void) - { - oprofile_perf_exit(); - kfree(sh_pmu_op_name); -@@ -60,5 +60,5 @@ int __init oprofile_arch_init(struct oprofile_operations *ops) - ops->backtrace = sh_backtrace; - return -ENODEV; - } --void __exit oprofile_arch_exit(void) {} -+void oprofile_arch_exit(void) {} - #endif /* CONFIG_HW_PERF_EVENTS */ -diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h -index 5b31a8e..a790cc6 100644 ---- a/arch/sparc/include/asm/pgtable_32.h -+++ b/arch/sparc/include/asm/pgtable_32.h -@@ -431,10 +431,6 @@ extern unsigned long *sparc_valid_addr_bitmap; - #define kern_addr_valid(addr) \ - (test_bit(__pa((unsigned long)(addr))>>20, sparc_valid_addr_bitmap)) - --extern int io_remap_pfn_range(struct vm_area_struct *vma, -- unsigned long from, unsigned long pfn, -- unsigned long size, pgprot_t prot); -- - /* - * For sparc32&64, the pfn in io_remap_pfn_range() carries <iospace> in - * its high 4 bits. These macros/functions put it there or get it from there. -@@ -443,6 +439,22 @@ extern int io_remap_pfn_range(struct vm_area_struct *vma, - #define GET_IOSPACE(pfn) (pfn >> (BITS_PER_LONG - 4)) - #define GET_PFN(pfn) (pfn & 0x0fffffffUL) - -+extern int remap_pfn_range(struct vm_area_struct *, unsigned long, unsigned long, -+ unsigned long, pgprot_t); -+ -+static inline int io_remap_pfn_range(struct vm_area_struct *vma, -+ unsigned long from, unsigned long pfn, -+ unsigned long size, pgprot_t prot) -+{ -+ unsigned long long offset, space, phys_base; -+ -+ offset = ((unsigned long long) GET_PFN(pfn)) << PAGE_SHIFT; -+ space = GET_IOSPACE(pfn); -+ phys_base = offset | (space << 32ULL); -+ -+ return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot); -+} -+ - #define __HAVE_ARCH_PTEP_SET_ACCESS_FLAGS - #define ptep_set_access_flags(__vma, __address, __ptep, __entry, __dirty) \ - ({ \ -diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h -index adf8932..38ebb2c 100644 ---- a/arch/sparc/include/asm/pgtable_64.h -+++ b/arch/sparc/include/asm/pgtable_64.h -@@ -757,10 +757,6 @@ static inline bool kern_addr_valid(unsigned long addr) - - extern int page_in_phys_avail(unsigned long paddr); - --extern int io_remap_pfn_range(struct vm_area_struct *vma, unsigned long from, -- unsigned long pfn, -- unsigned long size, pgprot_t prot); -- - /* - * For sparc32&64, the pfn in io_remap_pfn_range() carries <iospace> in - * its high 4 bits. These macros/functions put it there or get it from there. -@@ -769,6 +765,22 @@ extern int io_remap_pfn_range(struct vm_area_struct *vma, unsigned long from, - #define GET_IOSPACE(pfn) (pfn >> (BITS_PER_LONG - 4)) - #define GET_PFN(pfn) (pfn & 0x0fffffffffffffffUL) - -+extern int remap_pfn_range(struct vm_area_struct *, unsigned long, unsigned long, -+ unsigned long, pgprot_t); -+ -+static inline int io_remap_pfn_range(struct vm_area_struct *vma, -+ unsigned long from, unsigned long pfn, -+ unsigned long size, pgprot_t prot) -+{ -+ unsigned long offset = GET_PFN(pfn) << PAGE_SHIFT; -+ int space = GET_IOSPACE(pfn); -+ unsigned long phys_base; -+ -+ phys_base = offset | (((unsigned long) space) << 32UL); -+ -+ return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot); -+} -+ - #include <asm-generic/pgtable.h> - - /* We provide our own get_unmapped_area to cope with VA holes and -diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h -index e27f8ea..0c218e4 100644 ---- a/arch/sparc/kernel/entry.h -+++ b/arch/sparc/kernel/entry.h -@@ -42,6 +42,9 @@ extern void fpsave(unsigned long *fpregs, unsigned long *fsr, - extern void fpload(unsigned long *fpregs, unsigned long *fsr); - - #else /* CONFIG_SPARC32 */ -+ -+#include <asm/trap_block.h> -+ - struct popc_3insn_patch_entry { - unsigned int addr; - unsigned int insns[3]; -@@ -57,6 +60,10 @@ extern struct popc_6insn_patch_entry __popc_6insn_patch, - __popc_6insn_patch_end; - - extern void __init per_cpu_patch(void); -+extern void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *, -+ struct sun4v_1insn_patch_entry *); -+extern void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *, -+ struct sun4v_2insn_patch_entry *); - extern void __init sun4v_patch(void); - extern void __init boot_cpu_id_too_large(int cpu); - extern unsigned int dcache_parity_tl1_occurred; -diff --git a/arch/sparc/kernel/module.c b/arch/sparc/kernel/module.c -index da0c6c7..e551987 100644 ---- a/arch/sparc/kernel/module.c -+++ b/arch/sparc/kernel/module.c -@@ -17,6 +17,8 @@ - #include <asm/processor.h> - #include <asm/spitfire.h> - -+#include "entry.h" -+ - #ifdef CONFIG_SPARC64 - - #include <linux/jump_label.h> -@@ -203,6 +205,29 @@ int apply_relocate_add(Elf_Shdr *sechdrs, - } - - #ifdef CONFIG_SPARC64 -+static void do_patch_sections(const Elf_Ehdr *hdr, -+ const Elf_Shdr *sechdrs) -+{ -+ const Elf_Shdr *s, *sun4v_1insn = NULL, *sun4v_2insn = NULL; -+ char *secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset; -+ -+ for (s = sechdrs; s < sechdrs + hdr->e_shnum; s++) { -+ if (!strcmp(".sun4v_1insn_patch", secstrings + s->sh_name)) -+ sun4v_1insn = s; -+ if (!strcmp(".sun4v_2insn_patch", secstrings + s->sh_name)) -+ sun4v_2insn = s; -+ } -+ -+ if (sun4v_1insn && tlb_type == hypervisor) { -+ void *p = (void *) sun4v_1insn->sh_addr; -+ sun4v_patch_1insn_range(p, p + sun4v_1insn->sh_size); -+ } -+ if (sun4v_2insn && tlb_type == hypervisor) { -+ void *p = (void *) sun4v_2insn->sh_addr; -+ sun4v_patch_2insn_range(p, p + sun4v_2insn->sh_size); -+ } -+} -+ - int module_finalize(const Elf_Ehdr *hdr, - const Elf_Shdr *sechdrs, - struct module *me) -@@ -210,6 +235,8 @@ int module_finalize(const Elf_Ehdr *hdr, - /* make jump label nops */ - jump_label_apply_nops(me); - -+ do_patch_sections(hdr, sechdrs); -+ - /* Cheetah's I-cache is fully coherent. */ - if (tlb_type == spitfire) { - unsigned long va; -diff --git a/arch/sparc/kernel/pci_sun4v.c b/arch/sparc/kernel/pci_sun4v.c -index b01a06e..9e73c4a 100644 ---- a/arch/sparc/kernel/pci_sun4v.c -+++ b/arch/sparc/kernel/pci_sun4v.c -@@ -848,10 +848,10 @@ static int pci_sun4v_msiq_build_irq(struct pci_pbm_info *pbm, - if (!irq) - return -ENOMEM; - -- if (pci_sun4v_msiq_setstate(pbm->devhandle, msiqid, HV_MSIQSTATE_IDLE)) -- return -EINVAL; - if (pci_sun4v_msiq_setvalid(pbm->devhandle, msiqid, HV_MSIQ_VALID)) - return -EINVAL; -+ if (pci_sun4v_msiq_setstate(pbm->devhandle, msiqid, HV_MSIQSTATE_IDLE)) -+ return -EINVAL; - - return irq; - } -diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c -index c965595a..a854a1c 100644 ---- a/arch/sparc/kernel/setup_64.c -+++ b/arch/sparc/kernel/setup_64.c -@@ -234,40 +234,50 @@ void __init per_cpu_patch(void) - } - } - --void __init sun4v_patch(void) -+void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *start, -+ struct sun4v_1insn_patch_entry *end) - { -- extern void sun4v_hvapi_init(void); -- struct sun4v_1insn_patch_entry *p1; -- struct sun4v_2insn_patch_entry *p2; -- -- if (tlb_type != hypervisor) -- return; -+ while (start < end) { -+ unsigned long addr = start->addr; - -- p1 = &__sun4v_1insn_patch; -- while (p1 < &__sun4v_1insn_patch_end) { -- unsigned long addr = p1->addr; -- -- *(unsigned int *) (addr + 0) = p1->insn; -+ *(unsigned int *) (addr + 0) = start->insn; - wmb(); - __asm__ __volatile__("flush %0" : : "r" (addr + 0)); - -- p1++; -+ start++; - } -+} - -- p2 = &__sun4v_2insn_patch; -- while (p2 < &__sun4v_2insn_patch_end) { -- unsigned long addr = p2->addr; -+void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start, -+ struct sun4v_2insn_patch_entry *end) -+{ -+ while (start < end) { -+ unsigned long addr = start->addr; - -- *(unsigned int *) (addr + 0) = p2->insns[0]; -+ *(unsigned int *) (addr + 0) = start->insns[0]; - wmb(); - __asm__ __volatile__("flush %0" : : "r" (addr + 0)); - -- *(unsigned int *) (addr + 4) = p2->insns[1]; -+ *(unsigned int *) (addr + 4) = start->insns[1]; - wmb(); - __asm__ __volatile__("flush %0" : : "r" (addr + 4)); - -- p2++; -+ start++; - } -+} -+ -+void __init sun4v_patch(void) -+{ -+ extern void sun4v_hvapi_init(void); -+ -+ if (tlb_type != hypervisor) -+ return; -+ -+ sun4v_patch_1insn_range(&__sun4v_1insn_patch, -+ &__sun4v_1insn_patch_end); -+ -+ sun4v_patch_2insn_range(&__sun4v_2insn_patch, -+ &__sun4v_2insn_patch_end); - - sun4v_hvapi_init(); - } -diff --git a/arch/sparc/kernel/signal32.c b/arch/sparc/kernel/signal32.c -index 2caa556..023b886 100644 ---- a/arch/sparc/kernel/signal32.c -+++ b/arch/sparc/kernel/signal32.c -@@ -822,21 +822,23 @@ static inline void syscall_restart32(unsigned long orig_i0, struct pt_regs *regs - * want to handle. Thus you cannot kill init even with a SIGKILL even by - * mistake. - */ --void do_signal32(sigset_t *oldset, struct pt_regs * regs, -- int restart_syscall, unsigned long orig_i0) -+void do_signal32(sigset_t *oldset, struct pt_regs * regs) - { - struct k_sigaction ka; -+ unsigned long orig_i0; -+ int restart_syscall; - siginfo_t info; - int signr; - - signr = get_signal_to_deliver(&info, &ka, regs, NULL); - -- /* If the debugger messes with the program counter, it clears -- * the "in syscall" bit, directing us to not perform a syscall -- * restart. -- */ -- if (restart_syscall && !pt_regs_is_syscall(regs)) -- restart_syscall = 0; -+ restart_syscall = 0; -+ orig_i0 = 0; -+ if (pt_regs_is_syscall(regs) && -+ (regs->tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) { -+ restart_syscall = 1; -+ orig_i0 = regs->u_regs[UREG_G6]; -+ } - - if (signr > 0) { - if (restart_syscall) -diff --git a/arch/sparc/kernel/signal_32.c b/arch/sparc/kernel/signal_32.c -index 8ce247a..d54c6e5 100644 ---- a/arch/sparc/kernel/signal_32.c -+++ b/arch/sparc/kernel/signal_32.c -@@ -519,10 +519,26 @@ static void do_signal(struct pt_regs *regs, unsigned long orig_i0) - siginfo_t info; - int signr; - -+ /* It's a lot of work and synchronization to add a new ptrace -+ * register for GDB to save and restore in order to get -+ * orig_i0 correct for syscall restarts when debugging. -+ * -+ * Although it should be the case that most of the global -+ * registers are volatile across a system call, glibc already -+ * depends upon that fact that we preserve them. So we can't -+ * just use any global register to save away the orig_i0 value. -+ * -+ * In particular %g2, %g3, %g4, and %g5 are all assumed to be -+ * preserved across a system call trap by various pieces of -+ * code in glibc. -+ * -+ * %g7 is used as the "thread register". %g6 is not used in -+ * any fixed manner. %g6 is used as a scratch register and -+ * a compiler temporary, but it's value is never used across -+ * a system call. Therefore %g6 is usable for orig_i0 storage. -+ */ - if (pt_regs_is_syscall(regs) && (regs->psr & PSR_C)) -- restart_syscall = 1; -- else -- restart_syscall = 0; -+ regs->u_regs[UREG_G6] = orig_i0; - - if (test_thread_flag(TIF_RESTORE_SIGMASK)) - oldset = ¤t->saved_sigmask; -@@ -535,8 +551,12 @@ static void do_signal(struct pt_regs *regs, unsigned long orig_i0) - * the software "in syscall" bit, directing us to not perform - * a syscall restart. - */ -- if (restart_syscall && !pt_regs_is_syscall(regs)) -- restart_syscall = 0; -+ restart_syscall = 0; -+ if (pt_regs_is_syscall(regs) && (regs->psr & PSR_C)) { -+ restart_syscall = 1; -+ orig_i0 = regs->u_regs[UREG_G6]; -+ } -+ - - if (signr > 0) { - if (restart_syscall) -diff --git a/arch/sparc/kernel/signal_64.c b/arch/sparc/kernel/signal_64.c -index a2b8159..f0836cd 100644 ---- a/arch/sparc/kernel/signal_64.c -+++ b/arch/sparc/kernel/signal_64.c -@@ -529,11 +529,27 @@ static void do_signal(struct pt_regs *regs, unsigned long orig_i0) - siginfo_t info; - int signr; - -+ /* It's a lot of work and synchronization to add a new ptrace -+ * register for GDB to save and restore in order to get -+ * orig_i0 correct for syscall restarts when debugging. -+ * -+ * Although it should be the case that most of the global -+ * registers are volatile across a system call, glibc already -+ * depends upon that fact that we preserve them. So we can't -+ * just use any global register to save away the orig_i0 value. -+ * -+ * In particular %g2, %g3, %g4, and %g5 are all assumed to be -+ * preserved across a system call trap by various pieces of -+ * code in glibc. -+ * -+ * %g7 is used as the "thread register". %g6 is not used in -+ * any fixed manner. %g6 is used as a scratch register and -+ * a compiler temporary, but it's value is never used across -+ * a system call. Therefore %g6 is usable for orig_i0 storage. -+ */ - if (pt_regs_is_syscall(regs) && -- (regs->tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) { -- restart_syscall = 1; -- } else -- restart_syscall = 0; -+ (regs->tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) -+ regs->u_regs[UREG_G6] = orig_i0; - - if (current_thread_info()->status & TS_RESTORE_SIGMASK) - oldset = ¤t->saved_sigmask; -@@ -542,22 +558,20 @@ static void do_signal(struct pt_regs *regs, unsigned long orig_i0) - - #ifdef CONFIG_COMPAT - if (test_thread_flag(TIF_32BIT)) { -- extern void do_signal32(sigset_t *, struct pt_regs *, -- int restart_syscall, -- unsigned long orig_i0); -- do_signal32(oldset, regs, restart_syscall, orig_i0); -+ extern void do_signal32(sigset_t *, struct pt_regs *); -+ do_signal32(oldset, regs); - return; - } - #endif - - signr = get_signal_to_deliver(&info, &ka, regs, NULL); - -- /* If the debugger messes with the program counter, it clears -- * the software "in syscall" bit, directing us to not perform -- * a syscall restart. -- */ -- if (restart_syscall && !pt_regs_is_syscall(regs)) -- restart_syscall = 0; -+ restart_syscall = 0; -+ if (pt_regs_is_syscall(regs) && -+ (regs->tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) { -+ restart_syscall = 1; -+ orig_i0 = regs->u_regs[UREG_G6]; -+ } - - if (signr > 0) { - if (restart_syscall) -diff --git a/arch/sparc/kernel/visemul.c b/arch/sparc/kernel/visemul.c -index 32b626c..7337067 100644 ---- a/arch/sparc/kernel/visemul.c -+++ b/arch/sparc/kernel/visemul.c -@@ -713,17 +713,17 @@ static void pcmp(struct pt_regs *regs, unsigned int insn, unsigned int opf) - s16 b = (rs2 >> (i * 16)) & 0xffff; - - if (a > b) -- rd_val |= 1 << i; -+ rd_val |= 8 >> i; - } - break; - - case FCMPGT32_OPF: - for (i = 0; i < 2; i++) { -- s32 a = (rs1 >> (i * 32)) & 0xffff; -- s32 b = (rs2 >> (i * 32)) & 0xffff; -+ s32 a = (rs1 >> (i * 32)) & 0xffffffff; -+ s32 b = (rs2 >> (i * 32)) & 0xffffffff; - - if (a > b) -- rd_val |= 1 << i; -+ rd_val |= 2 >> i; - } - break; - -@@ -733,17 +733,17 @@ static void pcmp(struct pt_regs *regs, unsigned int insn, unsigned int opf) - s16 b = (rs2 >> (i * 16)) & 0xffff; - - if (a <= b) -- rd_val |= 1 << i; -+ rd_val |= 8 >> i; - } - break; - - case FCMPLE32_OPF: - for (i = 0; i < 2; i++) { -- s32 a = (rs1 >> (i * 32)) & 0xffff; -- s32 b = (rs2 >> (i * 32)) & 0xffff; -+ s32 a = (rs1 >> (i * 32)) & 0xffffffff; -+ s32 b = (rs2 >> (i * 32)) & 0xffffffff; - - if (a <= b) -- rd_val |= 1 << i; -+ rd_val |= 2 >> i; - } - break; - -@@ -753,17 +753,17 @@ static void pcmp(struct pt_regs *regs, unsigned int insn, unsigned int opf) - s16 b = (rs2 >> (i * 16)) & 0xffff; - - if (a != b) -- rd_val |= 1 << i; -+ rd_val |= 8 >> i; - } - break; - - case FCMPNE32_OPF: - for (i = 0; i < 2; i++) { -- s32 a = (rs1 >> (i * 32)) & 0xffff; -- s32 b = (rs2 >> (i * 32)) & 0xffff; -+ s32 a = (rs1 >> (i * 32)) & 0xffffffff; -+ s32 b = (rs2 >> (i * 32)) & 0xffffffff; - - if (a != b) -- rd_val |= 1 << i; -+ rd_val |= 2 >> i; - } - break; - -@@ -773,17 +773,17 @@ static void pcmp(struct pt_regs *regs, unsigned int insn, unsigned int opf) - s16 b = (rs2 >> (i * 16)) & 0xffff; - - if (a == b) -- rd_val |= 1 << i; -+ rd_val |= 8 >> i; - } - break; - - case FCMPEQ32_OPF: - for (i = 0; i < 2; i++) { -- s32 a = (rs1 >> (i * 32)) & 0xffff; -- s32 b = (rs2 >> (i * 32)) & 0xffff; -+ s32 a = (rs1 >> (i * 32)) & 0xffffffff; -+ s32 b = (rs2 >> (i * 32)) & 0xffffffff; - - if (a == b) -- rd_val |= 1 << i; -+ rd_val |= 2 >> i; - } - break; - } -diff --git a/arch/sparc/lib/memcpy.S b/arch/sparc/lib/memcpy.S -index 34fe657..4d8c497 100644 ---- a/arch/sparc/lib/memcpy.S -+++ b/arch/sparc/lib/memcpy.S -@@ -7,40 +7,12 @@ - * Copyright (C) 1996 Jakub Jelinek (jj@sunsite.mff.cuni.cz) - */ - --#ifdef __KERNEL__ -- --#define FUNC(x) \ -+#define FUNC(x) \ - .globl x; \ - .type x,@function; \ -- .align 4; \ -+ .align 4; \ - x: - --#undef FASTER_REVERSE --#undef FASTER_NONALIGNED --#define FASTER_ALIGNED -- --/* In kernel these functions don't return a value. -- * One should use macros in asm/string.h for that purpose. -- * We return 0, so that bugs are more apparent. -- */ --#define SETUP_RETL --#define RETL_INSN clr %o0 -- --#else -- --/* libc */ -- --#include "DEFS.h" -- --#define FASTER_REVERSE --#define FASTER_NONALIGNED --#define FASTER_ALIGNED -- --#define SETUP_RETL mov %o0, %g6 --#define RETL_INSN mov %g6, %o0 -- --#endif -- - /* Both these macros have to start with exactly the same insn */ - #define MOVE_BIGCHUNK(src, dst, offset, t0, t1, t2, t3, t4, t5, t6, t7) \ - ldd [%src + (offset) + 0x00], %t0; \ -@@ -164,30 +136,6 @@ x: - .text - .align 4 - --#ifdef FASTER_REVERSE -- --70: /* rdword_align */ -- -- andcc %o1, 1, %g0 -- be 4f -- andcc %o1, 2, %g0 -- -- ldub [%o1 - 1], %g2 -- sub %o1, 1, %o1 -- stb %g2, [%o0 - 1] -- sub %o2, 1, %o2 -- be 3f -- sub %o0, 1, %o0 --4: -- lduh [%o1 - 2], %g2 -- sub %o1, 2, %o1 -- sth %g2, [%o0 - 2] -- sub %o2, 2, %o2 -- b 3f -- sub %o0, 2, %o0 -- --#endif /* FASTER_REVERSE */ -- - 0: - retl - nop ! Only bcopy returns here and it retuns void... -@@ -198,7 +146,7 @@ FUNC(__memmove) - #endif - FUNC(memmove) - cmp %o0, %o1 -- SETUP_RETL -+ mov %o0, %g7 - bleu 9f - sub %o0, %o1, %o4 - -@@ -207,8 +155,6 @@ FUNC(memmove) - bleu 0f - andcc %o4, 3, %o5 - --#ifndef FASTER_REVERSE -- - add %o1, %o2, %o1 - add %o0, %o2, %o0 - sub %o1, 1, %o1 -@@ -224,295 +170,7 @@ FUNC(memmove) - sub %o0, 1, %o0 - - retl -- RETL_INSN -- --#else /* FASTER_REVERSE */ -- -- add %o1, %o2, %o1 -- add %o0, %o2, %o0 -- bne 77f -- cmp %o2, 15 -- bleu 91f -- andcc %o1, 3, %g0 -- bne 70b --3: -- andcc %o1, 4, %g0 -- -- be 2f -- mov %o2, %g1 -- -- ld [%o1 - 4], %o4 -- sub %g1, 4, %g1 -- st %o4, [%o0 - 4] -- sub %o1, 4, %o1 -- sub %o0, 4, %o0 --2: -- andcc %g1, 0xffffff80, %g7 -- be 3f -- andcc %o0, 4, %g0 -- -- be 74f + 4 --5: -- RMOVE_BIGCHUNK(o1, o0, 0x00, o2, o3, o4, o5, g2, g3, g4, g5) -- RMOVE_BIGCHUNK(o1, o0, 0x20, o2, o3, o4, o5, g2, g3, g4, g5) -- RMOVE_BIGCHUNK(o1, o0, 0x40, o2, o3, o4, o5, g2, g3, g4, g5) -- RMOVE_BIGCHUNK(o1, o0, 0x60, o2, o3, o4, o5, g2, g3, g4, g5) -- subcc %g7, 128, %g7 -- sub %o1, 128, %o1 -- bne 5b -- sub %o0, 128, %o0 --3: -- andcc %g1, 0x70, %g7 -- be 72f -- andcc %g1, 8, %g0 -- -- sethi %hi(72f), %o5 -- srl %g7, 1, %o4 -- add %g7, %o4, %o4 -- sub %o1, %g7, %o1 -- sub %o5, %o4, %o5 -- jmpl %o5 + %lo(72f), %g0 -- sub %o0, %g7, %o0 -- --71: /* rmemcpy_table */ -- RMOVE_LASTCHUNK(o1, o0, 0x60, g2, g3, g4, g5) -- RMOVE_LASTCHUNK(o1, o0, 0x50, g2, g3, g4, g5) -- RMOVE_LASTCHUNK(o1, o0, 0x40, g2, g3, g4, g5) -- RMOVE_LASTCHUNK(o1, o0, 0x30, g2, g3, g4, g5) -- RMOVE_LASTCHUNK(o1, o0, 0x20, g2, g3, g4, g5) -- RMOVE_LASTCHUNK(o1, o0, 0x10, g2, g3, g4, g5) -- RMOVE_LASTCHUNK(o1, o0, 0x00, g2, g3, g4, g5) -- --72: /* rmemcpy_table_end */ -- -- be 73f -- andcc %g1, 4, %g0 -- -- ldd [%o1 - 0x08], %g2 -- sub %o0, 8, %o0 -- sub %o1, 8, %o1 -- st %g2, [%o0] -- st %g3, [%o0 + 0x04] -- --73: /* rmemcpy_last7 */ -- -- be 1f -- andcc %g1, 2, %g0 -- -- ld [%o1 - 4], %g2 -- sub %o1, 4, %o1 -- st %g2, [%o0 - 4] -- sub %o0, 4, %o0 --1: -- be 1f -- andcc %g1, 1, %g0 -- -- lduh [%o1 - 2], %g2 -- sub %o1, 2, %o1 -- sth %g2, [%o0 - 2] -- sub %o0, 2, %o0 --1: -- be 1f -- nop -- -- ldub [%o1 - 1], %g2 -- stb %g2, [%o0 - 1] --1: -- retl -- RETL_INSN -- --74: /* rldd_std */ -- RMOVE_BIGALIGNCHUNK(o1, o0, 0x00, o2, o3, o4, o5, g2, g3, g4, g5) -- RMOVE_BIGALIGNCHUNK(o1, o0, 0x20, o2, o3, o4, o5, g2, g3, g4, g5) -- RMOVE_BIGALIGNCHUNK(o1, o0, 0x40, o2, o3, o4, o5, g2, g3, g4, g5) -- RMOVE_BIGALIGNCHUNK(o1, o0, 0x60, o2, o3, o4, o5, g2, g3, g4, g5) -- subcc %g7, 128, %g7 -- sub %o1, 128, %o1 -- bne 74b -- sub %o0, 128, %o0 -- -- andcc %g1, 0x70, %g7 -- be 72b -- andcc %g1, 8, %g0 -- -- sethi %hi(72b), %o5 -- srl %g7, 1, %o4 -- add %g7, %o4, %o4 -- sub %o1, %g7, %o1 -- sub %o5, %o4, %o5 -- jmpl %o5 + %lo(72b), %g0 -- sub %o0, %g7, %o0 -- --75: /* rshort_end */ -- -- and %o2, 0xe, %o3 --2: -- sethi %hi(76f), %o5 -- sll %o3, 3, %o4 -- sub %o0, %o3, %o0 -- sub %o5, %o4, %o5 -- sub %o1, %o3, %o1 -- jmpl %o5 + %lo(76f), %g0 -- andcc %o2, 1, %g0 -- -- RMOVE_SHORTCHUNK(o1, o0, 0x0c, g2, g3) -- RMOVE_SHORTCHUNK(o1, o0, 0x0a, g2, g3) -- RMOVE_SHORTCHUNK(o1, o0, 0x08, g2, g3) -- RMOVE_SHORTCHUNK(o1, o0, 0x06, g2, g3) -- RMOVE_SHORTCHUNK(o1, o0, 0x04, g2, g3) -- RMOVE_SHORTCHUNK(o1, o0, 0x02, g2, g3) -- RMOVE_SHORTCHUNK(o1, o0, 0x00, g2, g3) -- --76: /* rshort_table_end */ -- -- be 1f -- nop -- ldub [%o1 - 1], %g2 -- stb %g2, [%o0 - 1] --1: -- retl -- RETL_INSN -- --91: /* rshort_aligned_end */ -- -- bne 75b -- andcc %o2, 8, %g0 -- -- be 1f -- andcc %o2, 4, %g0 -- -- ld [%o1 - 0x08], %g2 -- ld [%o1 - 0x04], %g3 -- sub %o1, 8, %o1 -- st %g2, [%o0 - 0x08] -- st %g3, [%o0 - 0x04] -- sub %o0, 8, %o0 --1: -- b 73b -- mov %o2, %g1 -- --77: /* rnon_aligned */ -- cmp %o2, 15 -- bleu 75b -- andcc %o0, 3, %g0 -- be 64f -- andcc %o0, 1, %g0 -- be 63f -- andcc %o0, 2, %g0 -- ldub [%o1 - 1], %g5 -- sub %o1, 1, %o1 -- stb %g5, [%o0 - 1] -- sub %o0, 1, %o0 -- be 64f -- sub %o2, 1, %o2 --63: -- ldub [%o1 - 1], %g5 -- sub %o1, 2, %o1 -- stb %g5, [%o0 - 1] -- sub %o0, 2, %o0 -- ldub [%o1], %g5 -- sub %o2, 2, %o2 -- stb %g5, [%o0] --64: -- and %o1, 3, %g2 -- and %o1, -4, %o1 -- and %o2, 0xc, %g3 -- add %o1, 4, %o1 -- cmp %g3, 4 -- sll %g2, 3, %g4 -- mov 32, %g2 -- be 4f -- sub %g2, %g4, %g7 -- -- blu 3f -- cmp %g3, 8 -- -- be 2f -- srl %o2, 2, %g3 -- -- ld [%o1 - 4], %o3 -- add %o0, -8, %o0 -- ld [%o1 - 8], %o4 -- add %o1, -16, %o1 -- b 7f -- add %g3, 1, %g3 --2: -- ld [%o1 - 4], %o4 -- add %o0, -4, %o0 -- ld [%o1 - 8], %g1 -- add %o1, -12, %o1 -- b 8f -- add %g3, 2, %g3 --3: -- ld [%o1 - 4], %o5 -- add %o0, -12, %o0 -- ld [%o1 - 8], %o3 -- add %o1, -20, %o1 -- b 6f -- srl %o2, 2, %g3 --4: -- ld [%o1 - 4], %g1 -- srl %o2, 2, %g3 -- ld [%o1 - 8], %o5 -- add %o1, -24, %o1 -- add %o0, -16, %o0 -- add %g3, -1, %g3 -- -- ld [%o1 + 12], %o3 --5: -- sll %o5, %g4, %g2 -- srl %g1, %g7, %g5 -- or %g2, %g5, %g2 -- st %g2, [%o0 + 12] --6: -- ld [%o1 + 8], %o4 -- sll %o3, %g4, %g2 -- srl %o5, %g7, %g5 -- or %g2, %g5, %g2 -- st %g2, [%o0 + 8] --7: -- ld [%o1 + 4], %g1 -- sll %o4, %g4, %g2 -- srl %o3, %g7, %g5 -- or %g2, %g5, %g2 -- st %g2, [%o0 + 4] --8: -- ld [%o1], %o5 -- sll %g1, %g4, %g2 -- srl %o4, %g7, %g5 -- addcc %g3, -4, %g3 -- or %g2, %g5, %g2 -- add %o1, -16, %o1 -- st %g2, [%o0] -- add %o0, -16, %o0 -- bne,a 5b -- ld [%o1 + 12], %o3 -- sll %o5, %g4, %g2 -- srl %g1, %g7, %g5 -- srl %g4, 3, %g3 -- or %g2, %g5, %g2 -- add %o1, %g3, %o1 -- andcc %o2, 2, %g0 -- st %g2, [%o0 + 12] -- be 1f -- andcc %o2, 1, %g0 -- -- ldub [%o1 + 15], %g5 -- add %o1, -2, %o1 -- stb %g5, [%o0 + 11] -- add %o0, -2, %o0 -- ldub [%o1 + 16], %g5 -- stb %g5, [%o0 + 12] --1: -- be 1f -- nop -- ldub [%o1 + 15], %g5 -- stb %g5, [%o0 + 11] --1: -- retl -- RETL_INSN -- --#endif /* FASTER_REVERSE */ -+ mov %g7, %o0 - - /* NOTE: This code is executed just for the cases, - where %src (=%o1) & 3 is != 0. -@@ -546,7 +204,7 @@ FUNC(memmove) - FUNC(memcpy) /* %o0=dst %o1=src %o2=len */ - - sub %o0, %o1, %o4 -- SETUP_RETL -+ mov %o0, %g7 - 9: - andcc %o4, 3, %o5 - 0: -@@ -569,7 +227,7 @@ FUNC(memcpy) /* %o0=dst %o1=src %o2=len */ - add %o1, 4, %o1 - add %o0, 4, %o0 - 2: -- andcc %g1, 0xffffff80, %g7 -+ andcc %g1, 0xffffff80, %g0 - be 3f - andcc %o0, 4, %g0 - -@@ -579,22 +237,23 @@ FUNC(memcpy) /* %o0=dst %o1=src %o2=len */ - MOVE_BIGCHUNK(o1, o0, 0x20, o2, o3, o4, o5, g2, g3, g4, g5) - MOVE_BIGCHUNK(o1, o0, 0x40, o2, o3, o4, o5, g2, g3, g4, g5) - MOVE_BIGCHUNK(o1, o0, 0x60, o2, o3, o4, o5, g2, g3, g4, g5) -- subcc %g7, 128, %g7 -+ sub %g1, 128, %g1 - add %o1, 128, %o1 -- bne 5b -+ cmp %g1, 128 -+ bge 5b - add %o0, 128, %o0 - 3: -- andcc %g1, 0x70, %g7 -+ andcc %g1, 0x70, %g4 - be 80f - andcc %g1, 8, %g0 - - sethi %hi(80f), %o5 -- srl %g7, 1, %o4 -- add %g7, %o4, %o4 -- add %o1, %g7, %o1 -+ srl %g4, 1, %o4 -+ add %g4, %o4, %o4 -+ add %o1, %g4, %o1 - sub %o5, %o4, %o5 - jmpl %o5 + %lo(80f), %g0 -- add %o0, %g7, %o0 -+ add %o0, %g4, %o0 - - 79: /* memcpy_table */ - -@@ -641,43 +300,28 @@ FUNC(memcpy) /* %o0=dst %o1=src %o2=len */ - stb %g2, [%o0] - 1: - retl -- RETL_INSN -+ mov %g7, %o0 - - 82: /* ldd_std */ - MOVE_BIGALIGNCHUNK(o1, o0, 0x00, o2, o3, o4, o5, g2, g3, g4, g5) - MOVE_BIGALIGNCHUNK(o1, o0, 0x20, o2, o3, o4, o5, g2, g3, g4, g5) - MOVE_BIGALIGNCHUNK(o1, o0, 0x40, o2, o3, o4, o5, g2, g3, g4, g5) - MOVE_BIGALIGNCHUNK(o1, o0, 0x60, o2, o3, o4, o5, g2, g3, g4, g5) -- subcc %g7, 128, %g7 -+ subcc %g1, 128, %g1 - add %o1, 128, %o1 -- bne 82b -+ cmp %g1, 128 -+ bge 82b - add %o0, 128, %o0 - --#ifndef FASTER_ALIGNED -- -- andcc %g1, 0x70, %g7 -- be 80b -- andcc %g1, 8, %g0 -- -- sethi %hi(80b), %o5 -- srl %g7, 1, %o4 -- add %g7, %o4, %o4 -- add %o1, %g7, %o1 -- sub %o5, %o4, %o5 -- jmpl %o5 + %lo(80b), %g0 -- add %o0, %g7, %o0 -- --#else /* FASTER_ALIGNED */ -- -- andcc %g1, 0x70, %g7 -+ andcc %g1, 0x70, %g4 - be 84f - andcc %g1, 8, %g0 - - sethi %hi(84f), %o5 -- add %o1, %g7, %o1 -- sub %o5, %g7, %o5 -+ add %o1, %g4, %o1 -+ sub %o5, %g4, %o5 - jmpl %o5 + %lo(84f), %g0 -- add %o0, %g7, %o0 -+ add %o0, %g4, %o0 - - 83: /* amemcpy_table */ - -@@ -721,382 +365,132 @@ FUNC(memcpy) /* %o0=dst %o1=src %o2=len */ - stb %g2, [%o0] - 1: - retl -- RETL_INSN -- --#endif /* FASTER_ALIGNED */ -+ mov %g7, %o0 - - 86: /* non_aligned */ - cmp %o2, 6 - bleu 88f -+ nop - --#ifdef FASTER_NONALIGNED -- -- cmp %o2, 256 -- bcc 87f -- --#endif /* FASTER_NONALIGNED */ -- -- andcc %o0, 3, %g0 -+ save %sp, -96, %sp -+ andcc %i0, 3, %g0 - be 61f -- andcc %o0, 1, %g0 -+ andcc %i0, 1, %g0 - be 60f -- andcc %o0, 2, %g0 -+ andcc %i0, 2, %g0 - -- ldub [%o1], %g5 -- add %o1, 1, %o1 -- stb %g5, [%o0] -- sub %o2, 1, %o2 -+ ldub [%i1], %g5 -+ add %i1, 1, %i1 -+ stb %g5, [%i0] -+ sub %i2, 1, %i2 - bne 61f -- add %o0, 1, %o0 -+ add %i0, 1, %i0 - 60: -- ldub [%o1], %g3 -- add %o1, 2, %o1 -- stb %g3, [%o0] -- sub %o2, 2, %o2 -- ldub [%o1 - 1], %g3 -- add %o0, 2, %o0 -- stb %g3, [%o0 - 1] -+ ldub [%i1], %g3 -+ add %i1, 2, %i1 -+ stb %g3, [%i0] -+ sub %i2, 2, %i2 -+ ldub [%i1 - 1], %g3 -+ add %i0, 2, %i0 -+ stb %g3, [%i0 - 1] - 61: -- and %o1, 3, %g2 -- and %o2, 0xc, %g3 -- and %o1, -4, %o1 -+ and %i1, 3, %g2 -+ and %i2, 0xc, %g3 -+ and %i1, -4, %i1 - cmp %g3, 4 - sll %g2, 3, %g4 - mov 32, %g2 - be 4f -- sub %g2, %g4, %g7 -+ sub %g2, %g4, %l0 - - blu 3f - cmp %g3, 0x8 - - be 2f -- srl %o2, 2, %g3 -+ srl %i2, 2, %g3 - -- ld [%o1], %o3 -- add %o0, -8, %o0 -- ld [%o1 + 4], %o4 -+ ld [%i1], %i3 -+ add %i0, -8, %i0 -+ ld [%i1 + 4], %i4 - b 8f - add %g3, 1, %g3 - 2: -- ld [%o1], %o4 -- add %o0, -12, %o0 -- ld [%o1 + 4], %o5 -+ ld [%i1], %i4 -+ add %i0, -12, %i0 -+ ld [%i1 + 4], %i5 - add %g3, 2, %g3 - b 9f -- add %o1, -4, %o1 -+ add %i1, -4, %i1 - 3: -- ld [%o1], %g1 -- add %o0, -4, %o0 -- ld [%o1 + 4], %o3 -- srl %o2, 2, %g3 -+ ld [%i1], %g1 -+ add %i0, -4, %i0 -+ ld [%i1 + 4], %i3 -+ srl %i2, 2, %g3 - b 7f -- add %o1, 4, %o1 -+ add %i1, 4, %i1 - 4: -- ld [%o1], %o5 -- cmp %o2, 7 -- ld [%o1 + 4], %g1 -- srl %o2, 2, %g3 -+ ld [%i1], %i5 -+ cmp %i2, 7 -+ ld [%i1 + 4], %g1 -+ srl %i2, 2, %g3 - bleu 10f -- add %o1, 8, %o1 -+ add %i1, 8, %i1 - -- ld [%o1], %o3 -+ ld [%i1], %i3 - add %g3, -1, %g3 - 5: -- sll %o5, %g4, %g2 -- srl %g1, %g7, %g5 -+ sll %i5, %g4, %g2 -+ srl %g1, %l0, %g5 - or %g2, %g5, %g2 -- st %g2, [%o0] -+ st %g2, [%i0] - 7: -- ld [%o1 + 4], %o4 -+ ld [%i1 + 4], %i4 - sll %g1, %g4, %g2 -- srl %o3, %g7, %g5 -+ srl %i3, %l0, %g5 - or %g2, %g5, %g2 -- st %g2, [%o0 + 4] -+ st %g2, [%i0 + 4] - 8: -- ld [%o1 + 8], %o5 -- sll %o3, %g4, %g2 -- srl %o4, %g7, %g5 -+ ld [%i1 + 8], %i5 -+ sll %i3, %g4, %g2 -+ srl %i4, %l0, %g5 - or %g2, %g5, %g2 -- st %g2, [%o0 + 8] -+ st %g2, [%i0 + 8] - 9: -- ld [%o1 + 12], %g1 -- sll %o4, %g4, %g2 -- srl %o5, %g7, %g5 -+ ld [%i1 + 12], %g1 -+ sll %i4, %g4, %g2 -+ srl %i5, %l0, %g5 - addcc %g3, -4, %g3 - or %g2, %g5, %g2 -- add %o1, 16, %o1 -- st %g2, [%o0 + 12] -- add %o0, 16, %o0 -+ add %i1, 16, %i1 -+ st %g2, [%i0 + 12] -+ add %i0, 16, %i0 - bne,a 5b -- ld [%o1], %o3 -+ ld [%i1], %i3 - 10: -- sll %o5, %g4, %g2 -- srl %g1, %g7, %g5 -- srl %g7, 3, %g3 -+ sll %i5, %g4, %g2 -+ srl %g1, %l0, %g5 -+ srl %l0, 3, %g3 - or %g2, %g5, %g2 -- sub %o1, %g3, %o1 -- andcc %o2, 2, %g0 -- st %g2, [%o0] -+ sub %i1, %g3, %i1 -+ andcc %i2, 2, %g0 -+ st %g2, [%i0] - be 1f -- andcc %o2, 1, %g0 -- -- ldub [%o1], %g2 -- add %o1, 2, %o1 -- stb %g2, [%o0 + 4] -- add %o0, 2, %o0 -- ldub [%o1 - 1], %g2 -- stb %g2, [%o0 + 3] -+ andcc %i2, 1, %g0 -+ -+ ldub [%i1], %g2 -+ add %i1, 2, %i1 -+ stb %g2, [%i0 + 4] -+ add %i0, 2, %i0 -+ ldub [%i1 - 1], %g2 -+ stb %g2, [%i0 + 3] - 1: - be 1f - nop -- ldub [%o1], %g2 -- stb %g2, [%o0 + 4] --1: -- retl -- RETL_INSN -- --#ifdef FASTER_NONALIGNED -- --87: /* faster_nonaligned */ -- -- andcc %o1, 3, %g0 -- be 3f -- andcc %o1, 1, %g0 -- -- be 4f -- andcc %o1, 2, %g0 -- -- ldub [%o1], %g2 -- add %o1, 1, %o1 -- stb %g2, [%o0] -- sub %o2, 1, %o2 -- bne 3f -- add %o0, 1, %o0 --4: -- lduh [%o1], %g2 -- add %o1, 2, %o1 -- srl %g2, 8, %g3 -- sub %o2, 2, %o2 -- stb %g3, [%o0] -- add %o0, 2, %o0 -- stb %g2, [%o0 - 1] --3: -- andcc %o1, 4, %g0 -- -- bne 2f -- cmp %o5, 1 -- -- ld [%o1], %o4 -- srl %o4, 24, %g2 -- stb %g2, [%o0] -- srl %o4, 16, %g3 -- stb %g3, [%o0 + 1] -- srl %o4, 8, %g2 -- stb %g2, [%o0 + 2] -- sub %o2, 4, %o2 -- stb %o4, [%o0 + 3] -- add %o1, 4, %o1 -- add %o0, 4, %o0 --2: -- be 33f -- cmp %o5, 2 -- be 32f -- sub %o2, 4, %o2 --31: -- ld [%o1], %g2 -- add %o1, 4, %o1 -- srl %g2, 24, %g3 -- and %o0, 7, %g5 -- stb %g3, [%o0] -- cmp %g5, 7 -- sll %g2, 8, %g1 -- add %o0, 4, %o0 -- be 41f -- and %o2, 0xffffffc0, %o3 -- ld [%o0 - 7], %o4 --4: -- SMOVE_CHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- SMOVE_CHUNK(o1, o0, 0x10, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- SMOVE_CHUNK(o1, o0, 0x20, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- SMOVE_CHUNK(o1, o0, 0x30, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- subcc %o3, 64, %o3 -- add %o1, 64, %o1 -- bne 4b -- add %o0, 64, %o0 -- -- andcc %o2, 0x30, %o3 -- be,a 1f -- srl %g1, 16, %g2 --4: -- SMOVE_CHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- subcc %o3, 16, %o3 -- add %o1, 16, %o1 -- bne 4b -- add %o0, 16, %o0 -- -- srl %g1, 16, %g2 --1: -- st %o4, [%o0 - 7] -- sth %g2, [%o0 - 3] -- srl %g1, 8, %g4 -- b 88f -- stb %g4, [%o0 - 1] --32: -- ld [%o1], %g2 -- add %o1, 4, %o1 -- srl %g2, 16, %g3 -- and %o0, 7, %g5 -- sth %g3, [%o0] -- cmp %g5, 6 -- sll %g2, 16, %g1 -- add %o0, 4, %o0 -- be 42f -- and %o2, 0xffffffc0, %o3 -- ld [%o0 - 6], %o4 --4: -- SMOVE_CHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- SMOVE_CHUNK(o1, o0, 0x10, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- SMOVE_CHUNK(o1, o0, 0x20, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- SMOVE_CHUNK(o1, o0, 0x30, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- subcc %o3, 64, %o3 -- add %o1, 64, %o1 -- bne 4b -- add %o0, 64, %o0 -- -- andcc %o2, 0x30, %o3 -- be,a 1f -- srl %g1, 16, %g2 --4: -- SMOVE_CHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- subcc %o3, 16, %o3 -- add %o1, 16, %o1 -- bne 4b -- add %o0, 16, %o0 -- -- srl %g1, 16, %g2 --1: -- st %o4, [%o0 - 6] -- b 88f -- sth %g2, [%o0 - 2] --33: -- ld [%o1], %g2 -- sub %o2, 4, %o2 -- srl %g2, 24, %g3 -- and %o0, 7, %g5 -- stb %g3, [%o0] -- cmp %g5, 5 -- srl %g2, 8, %g4 -- sll %g2, 24, %g1 -- sth %g4, [%o0 + 1] -- add %o1, 4, %o1 -- be 43f -- and %o2, 0xffffffc0, %o3 -- -- ld [%o0 - 1], %o4 -- add %o0, 4, %o0 --4: -- SMOVE_CHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, -1) -- SMOVE_CHUNK(o1, o0, 0x10, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, -1) -- SMOVE_CHUNK(o1, o0, 0x20, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, -1) -- SMOVE_CHUNK(o1, o0, 0x30, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, -1) -- subcc %o3, 64, %o3 -- add %o1, 64, %o1 -- bne 4b -- add %o0, 64, %o0 -- -- andcc %o2, 0x30, %o3 -- be,a 1f -- srl %g1, 24, %g2 --4: -- SMOVE_CHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, -1) -- subcc %o3, 16, %o3 -- add %o1, 16, %o1 -- bne 4b -- add %o0, 16, %o0 -- -- srl %g1, 24, %g2 --1: -- st %o4, [%o0 - 5] -- b 88f -- stb %g2, [%o0 - 1] --41: -- SMOVE_ALIGNCHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- SMOVE_ALIGNCHUNK(o1, o0, 0x10, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- SMOVE_ALIGNCHUNK(o1, o0, 0x20, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- SMOVE_ALIGNCHUNK(o1, o0, 0x30, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- subcc %o3, 64, %o3 -- add %o1, 64, %o1 -- bne 41b -- add %o0, 64, %o0 -- -- andcc %o2, 0x30, %o3 -- be,a 1f -- srl %g1, 16, %g2 --4: -- SMOVE_ALIGNCHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 8, 24, -3) -- subcc %o3, 16, %o3 -- add %o1, 16, %o1 -- bne 4b -- add %o0, 16, %o0 -- -- srl %g1, 16, %g2 -+ ldub [%i1], %g2 -+ stb %g2, [%i0 + 4] - 1: -- sth %g2, [%o0 - 3] -- srl %g1, 8, %g4 -- b 88f -- stb %g4, [%o0 - 1] --43: -- SMOVE_ALIGNCHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, 3) -- SMOVE_ALIGNCHUNK(o1, o0, 0x10, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, 3) -- SMOVE_ALIGNCHUNK(o1, o0, 0x20, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, 3) -- SMOVE_ALIGNCHUNK(o1, o0, 0x30, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, 3) -- subcc %o3, 64, %o3 -- add %o1, 64, %o1 -- bne 43b -- add %o0, 64, %o0 -- -- andcc %o2, 0x30, %o3 -- be,a 1f -- srl %g1, 24, %g2 --4: -- SMOVE_ALIGNCHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 24, 8, 3) -- subcc %o3, 16, %o3 -- add %o1, 16, %o1 -- bne 4b -- add %o0, 16, %o0 -- -- srl %g1, 24, %g2 --1: -- stb %g2, [%o0 + 3] -- b 88f -- add %o0, 4, %o0 --42: -- SMOVE_ALIGNCHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- SMOVE_ALIGNCHUNK(o1, o0, 0x10, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- SMOVE_ALIGNCHUNK(o1, o0, 0x20, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- SMOVE_ALIGNCHUNK(o1, o0, 0x30, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- subcc %o3, 64, %o3 -- add %o1, 64, %o1 -- bne 42b -- add %o0, 64, %o0 -- -- andcc %o2, 0x30, %o3 -- be,a 1f -- srl %g1, 16, %g2 --4: -- SMOVE_ALIGNCHUNK(o1, o0, 0x00, g2, g3, g4, g5, o4, o5, g7, g1, 16, 16, -2) -- subcc %o3, 16, %o3 -- add %o1, 16, %o1 -- bne 4b -- add %o0, 16, %o0 -- -- srl %g1, 16, %g2 --1: -- sth %g2, [%o0 - 2] -- -- /* Fall through */ -- --#endif /* FASTER_NONALIGNED */ -+ ret -+ restore %g7, %g0, %o0 - - 88: /* short_end */ - -@@ -1127,7 +521,7 @@ FUNC(memcpy) /* %o0=dst %o1=src %o2=len */ - stb %g2, [%o0] - 1: - retl -- RETL_INSN -+ mov %g7, %o0 - - 90: /* short_aligned_end */ - bne 88b -diff --git a/arch/sparc/mm/Makefile b/arch/sparc/mm/Makefile -index e3cda21..301421c 100644 ---- a/arch/sparc/mm/Makefile -+++ b/arch/sparc/mm/Makefile -@@ -8,7 +8,6 @@ obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o - obj-y += fault_$(BITS).o - obj-y += init_$(BITS).o - obj-$(CONFIG_SPARC32) += loadmmu.o --obj-y += generic_$(BITS).o - obj-$(CONFIG_SPARC32) += extable.o btfixup.o srmmu.o iommu.o io-unit.o - obj-$(CONFIG_SPARC32) += hypersparc.o viking.o tsunami.o swift.o - obj-$(CONFIG_SPARC_LEON)+= leon_mm.o -diff --git a/arch/sparc/mm/btfixup.c b/arch/sparc/mm/btfixup.c -index 5175ac2..8a7f817 100644 ---- a/arch/sparc/mm/btfixup.c -+++ b/arch/sparc/mm/btfixup.c -@@ -302,8 +302,7 @@ void __init btfixup(void) - case 'i': /* INT */ - if ((insn & 0xc1c00000) == 0x01000000) /* %HI */ - set_addr(addr, q[1], fmangled, (insn & 0xffc00000) | (p[1] >> 10)); -- else if ((insn & 0x80002000) == 0x80002000 && -- (insn & 0x01800000) != 0x01800000) /* %LO */ -+ else if ((insn & 0x80002000) == 0x80002000) /* %LO */ - set_addr(addr, q[1], fmangled, (insn & 0xffffe000) | (p[1] & 0x3ff)); - else { - prom_printf(insn_i, p, addr, insn); -diff --git a/arch/sparc/mm/generic_32.c b/arch/sparc/mm/generic_32.c -deleted file mode 100644 -index e6067b7..0000000 ---- a/arch/sparc/mm/generic_32.c -+++ /dev/null -@@ -1,98 +0,0 @@ --/* -- * generic.c: Generic Sparc mm routines that are not dependent upon -- * MMU type but are Sparc specific. -- * -- * Copyright (C) 1996 David S. Miller (davem@caip.rutgers.edu) -- */ -- --#include <linux/kernel.h> --#include <linux/mm.h> --#include <linux/swap.h> --#include <linux/pagemap.h> -- --#include <asm/pgalloc.h> --#include <asm/pgtable.h> --#include <asm/page.h> --#include <asm/cacheflush.h> --#include <asm/tlbflush.h> -- --/* Remap IO memory, the same way as remap_pfn_range(), but use -- * the obio memory space. -- * -- * They use a pgprot that sets PAGE_IO and does not check the -- * mem_map table as this is independent of normal memory. -- */ --static inline void io_remap_pte_range(struct mm_struct *mm, pte_t * pte, unsigned long address, unsigned long size, -- unsigned long offset, pgprot_t prot, int space) --{ -- unsigned long end; -- -- address &= ~PMD_MASK; -- end = address + size; -- if (end > PMD_SIZE) -- end = PMD_SIZE; -- do { -- set_pte_at(mm, address, pte, mk_pte_io(offset, prot, space)); -- address += PAGE_SIZE; -- offset += PAGE_SIZE; -- pte++; -- } while (address < end); --} -- --static inline int io_remap_pmd_range(struct mm_struct *mm, pmd_t * pmd, unsigned long address, unsigned long size, -- unsigned long offset, pgprot_t prot, int space) --{ -- unsigned long end; -- -- address &= ~PGDIR_MASK; -- end = address + size; -- if (end > PGDIR_SIZE) -- end = PGDIR_SIZE; -- offset -= address; -- do { -- pte_t *pte = pte_alloc_map(mm, NULL, pmd, address); -- if (!pte) -- return -ENOMEM; -- io_remap_pte_range(mm, pte, address, end - address, address + offset, prot, space); -- address = (address + PMD_SIZE) & PMD_MASK; -- pmd++; -- } while (address < end); -- return 0; --} -- --int io_remap_pfn_range(struct vm_area_struct *vma, unsigned long from, -- unsigned long pfn, unsigned long size, pgprot_t prot) --{ -- int error = 0; -- pgd_t * dir; -- unsigned long beg = from; -- unsigned long end = from + size; -- struct mm_struct *mm = vma->vm_mm; -- int space = GET_IOSPACE(pfn); -- unsigned long offset = GET_PFN(pfn) << PAGE_SHIFT; -- -- /* See comment in mm/memory.c remap_pfn_range */ -- vma->vm_flags |= VM_IO | VM_RESERVED | VM_PFNMAP; -- vma->vm_pgoff = (offset >> PAGE_SHIFT) | -- ((unsigned long)space << 28UL); -- -- offset -= from; -- dir = pgd_offset(mm, from); -- flush_cache_range(vma, beg, end); -- -- while (from < end) { -- pmd_t *pmd = pmd_alloc(mm, dir, from); -- error = -ENOMEM; -- if (!pmd) -- break; -- error = io_remap_pmd_range(mm, pmd, from, end - from, offset + from, prot, space); -- if (error) -- break; -- from = (from + PGDIR_SIZE) & PGDIR_MASK; -- dir++; -- } -- -- flush_tlb_range(vma, beg, end); -- return error; --} --EXPORT_SYMBOL(io_remap_pfn_range); -diff --git a/arch/sparc/mm/generic_64.c b/arch/sparc/mm/generic_64.c -deleted file mode 100644 -index 3cb00df..0000000 ---- a/arch/sparc/mm/generic_64.c -+++ /dev/null -@@ -1,164 +0,0 @@ --/* -- * generic.c: Generic Sparc mm routines that are not dependent upon -- * MMU type but are Sparc specific. -- * -- * Copyright (C) 1996 David S. Miller (davem@caip.rutgers.edu) -- */ -- --#include <linux/kernel.h> --#include <linux/mm.h> --#include <linux/swap.h> --#include <linux/pagemap.h> -- --#include <asm/pgalloc.h> --#include <asm/pgtable.h> --#include <asm/page.h> --#include <asm/tlbflush.h> -- --/* Remap IO memory, the same way as remap_pfn_range(), but use -- * the obio memory space. -- * -- * They use a pgprot that sets PAGE_IO and does not check the -- * mem_map table as this is independent of normal memory. -- */ --static inline void io_remap_pte_range(struct mm_struct *mm, pte_t * pte, -- unsigned long address, -- unsigned long size, -- unsigned long offset, pgprot_t prot, -- int space) --{ -- unsigned long end; -- -- /* clear hack bit that was used as a write_combine side-effect flag */ -- offset &= ~0x1UL; -- address &= ~PMD_MASK; -- end = address + size; -- if (end > PMD_SIZE) -- end = PMD_SIZE; -- do { -- pte_t entry; -- unsigned long curend = address + PAGE_SIZE; -- -- entry = mk_pte_io(offset, prot, space, PAGE_SIZE); -- if (!(address & 0xffff)) { -- if (PAGE_SIZE < (4 * 1024 * 1024) && -- !(address & 0x3fffff) && -- !(offset & 0x3ffffe) && -- end >= address + 0x400000) { -- entry = mk_pte_io(offset, prot, space, -- 4 * 1024 * 1024); -- curend = address + 0x400000; -- offset += 0x400000; -- } else if (PAGE_SIZE < (512 * 1024) && -- !(address & 0x7ffff) && -- !(offset & 0x7fffe) && -- end >= address + 0x80000) { -- entry = mk_pte_io(offset, prot, space, -- 512 * 1024 * 1024); -- curend = address + 0x80000; -- offset += 0x80000; -- } else if (PAGE_SIZE < (64 * 1024) && -- !(offset & 0xfffe) && -- end >= address + 0x10000) { -- entry = mk_pte_io(offset, prot, space, -- 64 * 1024); -- curend = address + 0x10000; -- offset += 0x10000; -- } else -- offset += PAGE_SIZE; -- } else -- offset += PAGE_SIZE; -- -- if (pte_write(entry)) -- entry = pte_mkdirty(entry); -- do { -- BUG_ON(!pte_none(*pte)); -- set_pte_at(mm, address, pte, entry); -- address += PAGE_SIZE; -- pte_val(entry) += PAGE_SIZE; -- pte++; -- } while (address < curend); -- } while (address < end); --} -- --static inline int io_remap_pmd_range(struct mm_struct *mm, pmd_t * pmd, unsigned long address, unsigned long size, -- unsigned long offset, pgprot_t prot, int space) --{ -- unsigned long end; -- -- address &= ~PGDIR_MASK; -- end = address + size; -- if (end > PGDIR_SIZE) -- end = PGDIR_SIZE; -- offset -= address; -- do { -- pte_t *pte = pte_alloc_map(mm, NULL, pmd, address); -- if (!pte) -- return -ENOMEM; -- io_remap_pte_range(mm, pte, address, end - address, address + offset, prot, space); -- pte_unmap(pte); -- address = (address + PMD_SIZE) & PMD_MASK; -- pmd++; -- } while (address < end); -- return 0; --} -- --static inline int io_remap_pud_range(struct mm_struct *mm, pud_t * pud, unsigned long address, unsigned long size, -- unsigned long offset, pgprot_t prot, int space) --{ -- unsigned long end; -- -- address &= ~PUD_MASK; -- end = address + size; -- if (end > PUD_SIZE) -- end = PUD_SIZE; -- offset -= address; -- do { -- pmd_t *pmd = pmd_alloc(mm, pud, address); -- if (!pud) -- return -ENOMEM; -- io_remap_pmd_range(mm, pmd, address, end - address, address + offset, prot, space); -- address = (address + PUD_SIZE) & PUD_MASK; -- pud++; -- } while (address < end); -- return 0; --} -- --int io_remap_pfn_range(struct vm_area_struct *vma, unsigned long from, -- unsigned long pfn, unsigned long size, pgprot_t prot) --{ -- int error = 0; -- pgd_t * dir; -- unsigned long beg = from; -- unsigned long end = from + size; -- struct mm_struct *mm = vma->vm_mm; -- int space = GET_IOSPACE(pfn); -- unsigned long offset = GET_PFN(pfn) << PAGE_SHIFT; -- unsigned long phys_base; -- -- phys_base = offset | (((unsigned long) space) << 32UL); -- -- /* See comment in mm/memory.c remap_pfn_range */ -- vma->vm_flags |= VM_IO | VM_RESERVED | VM_PFNMAP; -- vma->vm_pgoff = phys_base >> PAGE_SHIFT; -- -- offset -= from; -- dir = pgd_offset(mm, from); -- flush_cache_range(vma, beg, end); -- -- while (from < end) { -- pud_t *pud = pud_alloc(mm, dir, from); -- error = -ENOMEM; -- if (!pud) -- break; -- error = io_remap_pud_range(mm, pud, from, end - from, offset + from, prot, space); -- if (error) -- break; -- from = (from + PGDIR_SIZE) & PGDIR_MASK; -- dir++; -- } -- -- flush_tlb_range(vma, beg, end); -- return error; --} --EXPORT_SYMBOL(io_remap_pfn_range); -diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index bfab3fa..7b65f75 100644 ---- a/arch/x86/net/bpf_jit_comp.c -+++ b/arch/x86/net/bpf_jit_comp.c -@@ -568,8 +568,8 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; - break; - } - if (filter[i].jt != 0) { -- if (filter[i].jf) -- t_offset += is_near(f_offset) ? 2 : 6; -+ if (filter[i].jf && f_offset) -+ t_offset += is_near(f_offset) ? 2 : 5; - EMIT_COND_JMP(t_op, t_offset); - if (filter[i].jf) - EMIT_JMP(f_offset); -diff --git a/block/blk-core.c b/block/blk-core.c -index 795154e..8fc4ae2 100644 ---- a/block/blk-core.c -+++ b/block/blk-core.c -@@ -418,6 +418,7 @@ struct request_queue *blk_alloc_queue_node(gfp_t gfp_mask, int node_id) - q->backing_dev_info.state = 0; - q->backing_dev_info.capabilities = BDI_CAP_MAP_COPY; - q->backing_dev_info.name = "block"; -+ q->node = node_id; - - err = bdi_init(&q->backing_dev_info); - if (err) { -@@ -502,7 +503,7 @@ blk_init_queue_node(request_fn_proc *rfn, spinlock_t *lock, int node_id) - if (!uninit_q) - return NULL; - -- q = blk_init_allocated_queue_node(uninit_q, rfn, lock, node_id); -+ q = blk_init_allocated_queue(uninit_q, rfn, lock); - if (!q) - blk_cleanup_queue(uninit_q); - -@@ -514,18 +515,9 @@ struct request_queue * - blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn, - spinlock_t *lock) - { -- return blk_init_allocated_queue_node(q, rfn, lock, -1); --} --EXPORT_SYMBOL(blk_init_allocated_queue); -- --struct request_queue * --blk_init_allocated_queue_node(struct request_queue *q, request_fn_proc *rfn, -- spinlock_t *lock, int node_id) --{ - if (!q) - return NULL; - -- q->node = node_id; - if (blk_init_free_list(q)) - return NULL; - -@@ -555,7 +547,7 @@ blk_init_allocated_queue_node(struct request_queue *q, request_fn_proc *rfn, - - return NULL; - } --EXPORT_SYMBOL(blk_init_allocated_queue_node); -+EXPORT_SYMBOL(blk_init_allocated_queue); - - int blk_get_queue(struct request_queue *q) - { -diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c -index 16ace89..4c12869 100644 ---- a/block/cfq-iosched.c -+++ b/block/cfq-iosched.c -@@ -3184,7 +3184,7 @@ static int cfq_cic_link(struct cfq_data *cfqd, struct io_context *ioc, - } - } - -- if (ret) -+ if (ret && ret != -EEXIST) - printk(KERN_ERR "cfq: cic link failed!\n"); - - return ret; -@@ -3200,6 +3200,7 @@ cfq_get_io_context(struct cfq_data *cfqd, gfp_t gfp_mask) - { - struct io_context *ioc = NULL; - struct cfq_io_context *cic; -+ int ret; - - might_sleep_if(gfp_mask & __GFP_WAIT); - -@@ -3207,6 +3208,7 @@ cfq_get_io_context(struct cfq_data *cfqd, gfp_t gfp_mask) - if (!ioc) - return NULL; - -+retry: - cic = cfq_cic_lookup(cfqd, ioc); - if (cic) - goto out; -@@ -3215,7 +3217,12 @@ cfq_get_io_context(struct cfq_data *cfqd, gfp_t gfp_mask) - if (cic == NULL) - goto err; - -- if (cfq_cic_link(cfqd, ioc, cic, gfp_mask)) -+ ret = cfq_cic_link(cfqd, ioc, cic, gfp_mask); -+ if (ret == -EEXIST) { -+ /* someone has linked cic to ioc already */ -+ cfq_cic_free(cic); -+ goto retry; -+ } else if (ret) - goto err_free; - - out: -@@ -4036,6 +4043,11 @@ static void *cfq_init_queue(struct request_queue *q) - - if (blkio_alloc_blkg_stats(&cfqg->blkg)) { - kfree(cfqg); -+ -+ spin_lock(&cic_index_lock); -+ ida_remove(&cic_index_ida, cfqd->cic_index); -+ spin_unlock(&cic_index_lock); -+ - kfree(cfqd); - return NULL; - } -diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index 8a3942c..c72b590 100644 ---- a/drivers/gpu/drm/i915/i915_dma.c -+++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1453,6 +1453,14 @@ unsigned long i915_chipset_val(struct drm_i915_private *dev_priv) - - diff1 = now - dev_priv->last_time1; - -+ /* Prevent division-by-zero if we are asking too fast. -+ * Also, we don't get interesting results if we are polling -+ * faster than once in 10ms, so just return the saved value -+ * in such cases. -+ */ -+ if (diff1 <= 10) -+ return dev_priv->chipset_power; -+ - count1 = I915_READ(DMIEC); - count2 = I915_READ(DDREC); - count3 = I915_READ(CSIEC); -@@ -1483,6 +1491,8 @@ unsigned long i915_chipset_val(struct drm_i915_private *dev_priv) - dev_priv->last_count1 = total_count; - dev_priv->last_time1 = now; - -+ dev_priv->chipset_power = ret; -+ - return ret; - } - -diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 7916bd9..1a2a2d1 100644 ---- a/drivers/gpu/drm/i915/i915_drv.h -+++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -707,6 +707,7 @@ typedef struct drm_i915_private { - - u64 last_count1; - unsigned long last_time1; -+ unsigned long chipset_power; - u64 last_count2; - struct timespec last_time2; - unsigned long gfx_power; -diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h -index ad381a2..2ae29de 100644 ---- a/drivers/gpu/drm/i915/i915_reg.h -+++ b/drivers/gpu/drm/i915/i915_reg.h -@@ -3271,10 +3271,10 @@ - /* or SDVOB */ - #define HDMIB 0xe1140 - #define PORT_ENABLE (1 << 31) --#define TRANSCODER_A (0) --#define TRANSCODER_B (1 << 30) --#define TRANSCODER(pipe) ((pipe) << 30) --#define TRANSCODER_MASK (1 << 30) -+#define TRANSCODER(pipe) ((pipe) << 30) -+#define TRANSCODER_CPT(pipe) ((pipe) << 29) -+#define TRANSCODER_MASK (1 << 30) -+#define TRANSCODER_MASK_CPT (3 << 29) - #define COLOR_FORMAT_8bpc (0) - #define COLOR_FORMAT_12bpc (3 << 26) - #define SDVOB_HOTPLUG_ENABLE (1 << 23) -diff --git a/drivers/gpu/drm/i915/intel_sdvo.c b/drivers/gpu/drm/i915/intel_sdvo.c -index 6348c49..ac0c323 100644 ---- a/drivers/gpu/drm/i915/intel_sdvo.c -+++ b/drivers/gpu/drm/i915/intel_sdvo.c -@@ -1085,8 +1085,12 @@ static void intel_sdvo_mode_set(struct drm_encoder *encoder, - } - sdvox |= (9 << 19) | SDVO_BORDER_ENABLE; - } -- if (intel_crtc->pipe == 1) -- sdvox |= SDVO_PIPE_B_SELECT; -+ -+ if (INTEL_PCH_TYPE(dev) >= PCH_CPT) -+ sdvox |= TRANSCODER_CPT(intel_crtc->pipe); -+ else -+ sdvox |= TRANSCODER(intel_crtc->pipe); -+ - if (intel_sdvo->has_hdmi_audio) - sdvox |= SDVO_AUDIO_ENABLE; - -diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c -index d4ee6f0..c3f0d42 100644 ---- a/drivers/gpu/drm/radeon/evergreen.c -+++ b/drivers/gpu/drm/radeon/evergreen.c -@@ -3258,6 +3258,18 @@ int evergreen_init(struct radeon_device *rdev) - rdev->accel_working = false; - } - } -+ -+ /* Don't start up if the MC ucode is missing on BTC parts. -+ * The default clocks and voltages before the MC ucode -+ * is loaded are not suffient for advanced operations. -+ */ -+ if (ASIC_IS_DCE5(rdev)) { -+ if (!rdev->mc_fw && !(rdev->flags & RADEON_IS_IGP)) { -+ DRM_ERROR("radeon: MC ucode required for NI+.\n"); -+ return -EINVAL; -+ } -+ } -+ - return 0; - } - -diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c -index 285acc4..a098edc 100644 ---- a/drivers/gpu/drm/radeon/radeon_atombios.c -+++ b/drivers/gpu/drm/radeon/radeon_atombios.c -@@ -2568,7 +2568,11 @@ void radeon_atombios_get_power_modes(struct radeon_device *rdev) - - rdev->pm.current_power_state_index = rdev->pm.default_power_state_index; - rdev->pm.current_clock_mode_index = 0; -- rdev->pm.current_vddc = rdev->pm.power_state[rdev->pm.default_power_state_index].clock_info[0].voltage.voltage; -+ if (rdev->pm.default_power_state_index >= 0) -+ rdev->pm.current_vddc = -+ rdev->pm.power_state[rdev->pm.default_power_state_index].clock_info[0].voltage.voltage; -+ else -+ rdev->pm.current_vddc = 0; - } - - void radeon_atom_set_clock_gating(struct radeon_device *rdev, int enable) -diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c -index fa643f4..059a865 100644 ---- a/drivers/infiniband/hw/mlx4/main.c -+++ b/drivers/infiniband/hw/mlx4/main.c -@@ -1144,7 +1144,8 @@ err_reg: - - err_counter: - for (; i; --i) -- mlx4_counter_free(ibdev->dev, ibdev->counters[i - 1]); -+ if (ibdev->counters[i - 1] != -1) -+ mlx4_counter_free(ibdev->dev, ibdev->counters[i - 1]); - - err_map: - iounmap(ibdev->uar_map); -@@ -1175,7 +1176,8 @@ static void mlx4_ib_remove(struct mlx4_dev *dev, void *ibdev_ptr) - } - iounmap(ibdev->uar_map); - for (p = 0; p < ibdev->num_ports; ++p) -- mlx4_counter_free(ibdev->dev, ibdev->counters[p]); -+ if (ibdev->counters[p] != -1) -+ mlx4_counter_free(ibdev->dev, ibdev->counters[p]); - mlx4_foreach_port(p, dev, MLX4_PORT_TYPE_IB) - mlx4_CLOSE_PORT(dev, p); - -diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c -index 5538fc6..7675363 100644 ---- a/drivers/input/mouse/synaptics.c -+++ b/drivers/input/mouse/synaptics.c -@@ -24,6 +24,7 @@ - */ - - #include <linux/module.h> -+#include <linux/delay.h> - #include <linux/dmi.h> - #include <linux/input/mt.h> - #include <linux/serio.h> -@@ -786,6 +787,16 @@ static int synaptics_reconnect(struct psmouse *psmouse) - - do { - psmouse_reset(psmouse); -+ if (retry) { -+ /* -+ * On some boxes, right after resuming, the touchpad -+ * needs some time to finish initializing (I assume -+ * it needs time to calibrate) and start responding -+ * to Synaptics-specific queries, so let's wait a -+ * bit. -+ */ -+ ssleep(1); -+ } - error = synaptics_detect(psmouse, 0); - } while (error && ++retry < 3); - -diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c -index b3a5ecd..3422da0 100644 ---- a/drivers/media/video/omap/omap_vout.c -+++ b/drivers/media/video/omap/omap_vout.c -@@ -38,6 +38,7 @@ - #include <linux/irq.h> - #include <linux/videodev2.h> - #include <linux/dma-mapping.h> -+#include <linux/slab.h> - - #include <media/videobuf-dma-contig.h> - #include <media/v4l2-device.h> -diff --git a/drivers/media/video/s5p-fimc/fimc-core.c b/drivers/media/video/s5p-fimc/fimc-core.c -index aa55066..b062b1a 100644 ---- a/drivers/media/video/s5p-fimc/fimc-core.c -+++ b/drivers/media/video/s5p-fimc/fimc-core.c -@@ -35,7 +35,7 @@ static char *fimc_clocks[MAX_FIMC_CLOCKS] = { - static struct fimc_fmt fimc_formats[] = { - { - .name = "RGB565", -- .fourcc = V4L2_PIX_FMT_RGB565X, -+ .fourcc = V4L2_PIX_FMT_RGB565, - .depth = { 16 }, - .color = S5P_FIMC_RGB565, - .memplanes = 1, -diff --git a/drivers/mfd/twl-core.c b/drivers/mfd/twl-core.c -index b8eef46..35cdc80 100644 ---- a/drivers/mfd/twl-core.c -+++ b/drivers/mfd/twl-core.c -@@ -362,13 +362,13 @@ int twl_i2c_write(u8 mod_no, u8 *value, u8 reg, unsigned num_bytes) - pr_err("%s: invalid module number %d\n", DRIVER_NAME, mod_no); - return -EPERM; - } -- sid = twl_map[mod_no].sid; -- twl = &twl_modules[sid]; -- - if (unlikely(!inuse)) { -- pr_err("%s: client %d is not initialized\n", DRIVER_NAME, sid); -+ pr_err("%s: not initialized\n", DRIVER_NAME); - return -EPERM; - } -+ sid = twl_map[mod_no].sid; -+ twl = &twl_modules[sid]; -+ - mutex_lock(&twl->xfer_lock); - /* - * [MSG1]: fill the register address data -@@ -419,13 +419,13 @@ int twl_i2c_read(u8 mod_no, u8 *value, u8 reg, unsigned num_bytes) - pr_err("%s: invalid module number %d\n", DRIVER_NAME, mod_no); - return -EPERM; - } -- sid = twl_map[mod_no].sid; -- twl = &twl_modules[sid]; -- - if (unlikely(!inuse)) { -- pr_err("%s: client %d is not initialized\n", DRIVER_NAME, sid); -+ pr_err("%s: not initialized\n", DRIVER_NAME); - return -EPERM; - } -+ sid = twl_map[mod_no].sid; -+ twl = &twl_modules[sid]; -+ - mutex_lock(&twl->xfer_lock); - /* [MSG1] fill the register address data */ - msg = &twl->xfer_msg[0]; -diff --git a/drivers/mfd/twl4030-madc.c b/drivers/mfd/twl4030-madc.c -index 7cbf2aa..834f824 100644 ---- a/drivers/mfd/twl4030-madc.c -+++ b/drivers/mfd/twl4030-madc.c -@@ -740,6 +740,28 @@ static int __devinit twl4030_madc_probe(struct platform_device *pdev) - TWL4030_BCI_BCICTL1); - goto err_i2c; - } -+ -+ /* Check that MADC clock is on */ -+ ret = twl_i2c_read_u8(TWL4030_MODULE_INTBR, ®val, TWL4030_REG_GPBR1); -+ if (ret) { -+ dev_err(&pdev->dev, "unable to read reg GPBR1 0x%X\n", -+ TWL4030_REG_GPBR1); -+ goto err_i2c; -+ } -+ -+ /* If MADC clk is not on, turn it on */ -+ if (!(regval & TWL4030_GPBR1_MADC_HFCLK_EN)) { -+ dev_info(&pdev->dev, "clk disabled, enabling\n"); -+ regval |= TWL4030_GPBR1_MADC_HFCLK_EN; -+ ret = twl_i2c_write_u8(TWL4030_MODULE_INTBR, regval, -+ TWL4030_REG_GPBR1); -+ if (ret) { -+ dev_err(&pdev->dev, "unable to write reg GPBR1 0x%X\n", -+ TWL4030_REG_GPBR1); -+ goto err_i2c; -+ } -+ } -+ - platform_set_drvdata(pdev, madc); - mutex_init(&madc->lock); - ret = request_threaded_irq(platform_get_irq(pdev, 0), NULL, -diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c -index 56e9a41..d8eac24 100644 ---- a/drivers/mmc/host/mmci.c -+++ b/drivers/mmc/host/mmci.c -@@ -673,7 +673,8 @@ mmci_data_irq(struct mmci_host *host, struct mmc_data *data, - unsigned int status) - { - /* First check for errors */ -- if (status & (MCI_DATACRCFAIL|MCI_DATATIMEOUT|MCI_TXUNDERRUN|MCI_RXOVERRUN)) { -+ if (status & (MCI_DATACRCFAIL|MCI_DATATIMEOUT|MCI_STARTBITERR| -+ MCI_TXUNDERRUN|MCI_RXOVERRUN)) { - u32 remain, success; - - /* Terminate the DMA transfer */ -@@ -752,8 +753,12 @@ mmci_cmd_irq(struct mmci_host *host, struct mmc_command *cmd, - } - - if (!cmd->data || cmd->error) { -- if (host->data) -+ if (host->data) { -+ /* Terminate the DMA transfer */ -+ if (dma_inprogress(host)) -+ mmci_dma_data_error(host); - mmci_stop_data(host); -+ } - mmci_request_end(host, cmd->mrq); - } else if (!(cmd->data->flags & MMC_DATA_READ)) { - mmci_start_data(host, cmd->data); -@@ -953,8 +958,9 @@ static irqreturn_t mmci_irq(int irq, void *dev_id) - dev_dbg(mmc_dev(host->mmc), "irq0 (data+cmd) %08x\n", status); - - data = host->data; -- if (status & (MCI_DATACRCFAIL|MCI_DATATIMEOUT|MCI_TXUNDERRUN| -- MCI_RXOVERRUN|MCI_DATAEND|MCI_DATABLOCKEND) && data) -+ if (status & (MCI_DATACRCFAIL|MCI_DATATIMEOUT|MCI_STARTBITERR| -+ MCI_TXUNDERRUN|MCI_RXOVERRUN|MCI_DATAEND| -+ MCI_DATABLOCKEND) && data) - mmci_data_irq(host, data, status); - - cmd = host->cmd; -diff --git a/drivers/mmc/host/vub300.c b/drivers/mmc/host/vub300.c -index e8f6e65..2ec978b 100644 ---- a/drivers/mmc/host/vub300.c -+++ b/drivers/mmc/host/vub300.c -@@ -259,7 +259,7 @@ static int firmware_rom_wait_states = 0x04; - static int firmware_rom_wait_states = 0x1C; - #endif - --module_param(firmware_rom_wait_states, bool, 0644); -+module_param(firmware_rom_wait_states, int, 0644); - MODULE_PARM_DESC(firmware_rom_wait_states, - "ROM wait states byte=RRRIIEEE (Reserved Internal External)"); - -diff --git a/drivers/net/pptp.c b/drivers/net/pptp.c -index 89f829f..f8a6853 100644 ---- a/drivers/net/pptp.c -+++ b/drivers/net/pptp.c -@@ -423,10 +423,8 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr, - lock_sock(sk); - - opt->src_addr = sp->sa_addr.pptp; -- if (add_chan(po)) { -- release_sock(sk); -+ if (add_chan(po)) - error = -EBUSY; -- } - - release_sock(sk); - return error; -diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c -index 722967b..69736d8 100644 ---- a/drivers/net/wireless/ath/ath9k/main.c -+++ b/drivers/net/wireless/ath/ath9k/main.c -@@ -1841,6 +1841,9 @@ static void ath9k_sta_notify(struct ieee80211_hw *hw, - struct ath_softc *sc = hw->priv; - struct ath_node *an = (struct ath_node *) sta->drv_priv; - -+ if (!(sc->sc_flags & SC_OP_TXAGGR)) -+ return; -+ - switch (cmd) { - case STA_NOTIFY_SLEEP: - an->sleeping = true; -diff --git a/drivers/net/wireless/ath/ath9k/rc.c b/drivers/net/wireless/ath/ath9k/rc.c -index c04a6c3..297d762 100644 ---- a/drivers/net/wireless/ath/ath9k/rc.c -+++ b/drivers/net/wireless/ath/ath9k/rc.c -@@ -1250,7 +1250,9 @@ static void ath_rc_init(struct ath_softc *sc, - - ath_rc_priv->max_valid_rate = k; - ath_rc_sort_validrates(rate_table, ath_rc_priv); -- ath_rc_priv->rate_max_phy = ath_rc_priv->valid_rate_index[k-4]; -+ ath_rc_priv->rate_max_phy = (k > 4) ? -+ ath_rc_priv->valid_rate_index[k-4] : -+ ath_rc_priv->valid_rate_index[k-1]; - ath_rc_priv->rate_table = rate_table; - - ath_dbg(common, ATH_DBG_CONFIG, -diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c -index eabbf1a..5493f94 100644 ---- a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c -+++ b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c -@@ -620,8 +620,8 @@ int iwlagn_mac_config(struct ieee80211_hw *hw, u32 changed) - if (ctx->ht.enabled) { - /* if HT40 is used, it should not change - * after associated except channel switch */ -- if (iwl_is_associated_ctx(ctx) && -- !ctx->ht.is_40mhz) -+ if (!ctx->ht.is_40mhz || -+ !iwl_is_associated_ctx(ctx)) - iwlagn_config_ht40(conf, ctx); - } else - ctx->ht.is_40mhz = false; -diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-tx.c b/drivers/net/wireless/iwlwifi/iwl-agn-tx.c -index 53bb59e..475f9d4 100644 ---- a/drivers/net/wireless/iwlwifi/iwl-agn-tx.c -+++ b/drivers/net/wireless/iwlwifi/iwl-agn-tx.c -@@ -166,7 +166,10 @@ static void iwlagn_tx_cmd_build_basic(struct iwl_priv *priv, - tx_cmd->tid_tspec = qc[0] & 0xf; - tx_flags &= ~TX_CMD_FLG_SEQ_CTL_MSK; - } else { -- tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK; -+ if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) -+ tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK; -+ else -+ tx_flags &= ~TX_CMD_FLG_SEQ_CTL_MSK; - } - - iwlagn_tx_cmd_protection(priv, info, fc, &tx_flags); -diff --git a/drivers/net/wireless/iwlwifi/iwl-trans.c b/drivers/net/wireless/iwlwifi/iwl-trans.c -index 41f0de9..32eb4fe 100644 ---- a/drivers/net/wireless/iwlwifi/iwl-trans.c -+++ b/drivers/net/wireless/iwlwifi/iwl-trans.c -@@ -1068,9 +1068,7 @@ static int iwl_trans_tx(struct iwl_priv *priv, struct sk_buff *skb, - iwl_print_hex_dump(priv, IWL_DL_TX, (u8 *)tx_cmd->hdr, hdr_len); - - /* Set up entry for this TFD in Tx byte-count array */ -- if (ampdu) -- iwl_trans_txq_update_byte_cnt_tbl(priv, txq, -- le16_to_cpu(tx_cmd->len)); -+ iwl_trans_txq_update_byte_cnt_tbl(priv, txq, le16_to_cpu(tx_cmd->len)); - - dma_sync_single_for_device(priv->bus->dev, txcmd_phys, firstlen, - DMA_BIDIRECTIONAL); -diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c b/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c -index 592a10a..3b585aa 100644 ---- a/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c -+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/phy.c -@@ -569,7 +569,7 @@ static bool _rtl92ce_phy_set_rf_power_state(struct ieee80211_hw *hw, - } - case ERFSLEEP:{ - if (ppsc->rfpwr_state == ERFOFF) -- break; -+ return false; - for (queue_id = 0, i = 0; - queue_id < RTL_PCI_MAX_TX_QUEUE_COUNT;) { - ring = &pcipriv->dev.tx_ring[queue_id]; -diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/phy.c b/drivers/net/wireless/rtlwifi/rtl8192cu/phy.c -index 7285290..e49cf22 100644 ---- a/drivers/net/wireless/rtlwifi/rtl8192cu/phy.c -+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/phy.c -@@ -548,7 +548,7 @@ static bool _rtl92cu_phy_set_rf_power_state(struct ieee80211_hw *hw, - break; - case ERFSLEEP: - if (ppsc->rfpwr_state == ERFOFF) -- break; -+ return false; - for (queue_id = 0, i = 0; - queue_id < RTL_PCI_MAX_TX_QUEUE_COUNT;) { - ring = &pcipriv->dev.tx_ring[queue_id]; -diff --git a/drivers/net/wireless/rtlwifi/rtl8192de/phy.c b/drivers/net/wireless/rtlwifi/rtl8192de/phy.c -index 3ac7af1..0883349 100644 ---- a/drivers/net/wireless/rtlwifi/rtl8192de/phy.c -+++ b/drivers/net/wireless/rtlwifi/rtl8192de/phy.c -@@ -3374,7 +3374,7 @@ bool rtl92d_phy_set_rf_power_state(struct ieee80211_hw *hw, - break; - case ERFSLEEP: - if (ppsc->rfpwr_state == ERFOFF) -- break; -+ return false; - - for (queue_id = 0, i = 0; - queue_id < RTL_PCI_MAX_TX_QUEUE_COUNT;) { -diff --git a/drivers/net/wireless/rtlwifi/rtl8192se/phy.c b/drivers/net/wireless/rtlwifi/rtl8192se/phy.c -index f27171a..f10ac1a 100644 ---- a/drivers/net/wireless/rtlwifi/rtl8192se/phy.c -+++ b/drivers/net/wireless/rtlwifi/rtl8192se/phy.c -@@ -602,7 +602,7 @@ bool rtl92s_phy_set_rf_power_state(struct ieee80211_hw *hw, - } - case ERFSLEEP: - if (ppsc->rfpwr_state == ERFOFF) -- break; -+ return false; - - for (queue_id = 0, i = 0; - queue_id < RTL_PCI_MAX_TX_QUEUE_COUNT;) { -diff --git a/drivers/oprofile/oprofile_files.c b/drivers/oprofile/oprofile_files.c -index 89f6345..84a208d 100644 ---- a/drivers/oprofile/oprofile_files.c -+++ b/drivers/oprofile/oprofile_files.c -@@ -45,7 +45,7 @@ static ssize_t timeout_write(struct file *file, char const __user *buf, - return -EINVAL; - - retval = oprofilefs_ulong_from_user(&val, buf, count); -- if (retval) -+ if (retval <= 0) - return retval; - - retval = oprofile_set_timeout(val); -@@ -84,7 +84,7 @@ static ssize_t depth_write(struct file *file, char const __user *buf, size_t cou - return -EINVAL; - - retval = oprofilefs_ulong_from_user(&val, buf, count); -- if (retval) -+ if (retval <= 0) - return retval; - - retval = oprofile_set_ulong(&oprofile_backtrace_depth, val); -@@ -141,9 +141,10 @@ static ssize_t enable_write(struct file *file, char const __user *buf, size_t co - return -EINVAL; - - retval = oprofilefs_ulong_from_user(&val, buf, count); -- if (retval) -+ if (retval <= 0) - return retval; - -+ retval = 0; - if (val) - retval = oprofile_start(); - else -diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c -index e9ff6f7..1c0b799 100644 ---- a/drivers/oprofile/oprofilefs.c -+++ b/drivers/oprofile/oprofilefs.c -@@ -60,6 +60,13 @@ ssize_t oprofilefs_ulong_to_user(unsigned long val, char __user *buf, size_t cou - } - - -+/* -+ * Note: If oprofilefs_ulong_from_user() returns 0, then *val remains -+ * unchanged and might be uninitialized. This follows write syscall -+ * implementation when count is zero: "If count is zero ... [and if] -+ * no errors are detected, 0 will be returned without causing any -+ * other effect." (man 2 write) -+ */ - int oprofilefs_ulong_from_user(unsigned long *val, char const __user *buf, size_t count) - { - char tmpbuf[TMPBUFSIZE]; -@@ -79,7 +86,7 @@ int oprofilefs_ulong_from_user(unsigned long *val, char const __user *buf, size_ - spin_lock_irqsave(&oprofilefs_lock, flags); - *val = simple_strtoul(tmpbuf, NULL, 0); - spin_unlock_irqrestore(&oprofilefs_lock, flags); -- return 0; -+ return count; - } - - -@@ -99,7 +106,7 @@ static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_ - return -EINVAL; - - retval = oprofilefs_ulong_from_user(&value, buf, count); -- if (retval) -+ if (retval <= 0) - return retval; - - retval = oprofile_set_ulong(file->private_data, value); -diff --git a/drivers/rtc/interface.c b/drivers/rtc/interface.c -index 3d9d2b9..44e91e5 100644 ---- a/drivers/rtc/interface.c -+++ b/drivers/rtc/interface.c -@@ -318,20 +318,6 @@ int rtc_read_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm) - } - EXPORT_SYMBOL_GPL(rtc_read_alarm); - --static int ___rtc_set_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm) --{ -- int err; -- -- if (!rtc->ops) -- err = -ENODEV; -- else if (!rtc->ops->set_alarm) -- err = -EINVAL; -- else -- err = rtc->ops->set_alarm(rtc->dev.parent, alarm); -- -- return err; --} -- - static int __rtc_set_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm) - { - struct rtc_time tm; -@@ -355,7 +341,14 @@ static int __rtc_set_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm) - * over right here, before we set the alarm. - */ - -- return ___rtc_set_alarm(rtc, alarm); -+ if (!rtc->ops) -+ err = -ENODEV; -+ else if (!rtc->ops->set_alarm) -+ err = -EINVAL; -+ else -+ err = rtc->ops->set_alarm(rtc->dev.parent, alarm); -+ -+ return err; - } - - int rtc_set_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm) -@@ -769,20 +762,6 @@ static int rtc_timer_enqueue(struct rtc_device *rtc, struct rtc_timer *timer) - return 0; - } - --static void rtc_alarm_disable(struct rtc_device *rtc) --{ -- struct rtc_wkalrm alarm; -- struct rtc_time tm; -- -- __rtc_read_time(rtc, &tm); -- -- alarm.time = rtc_ktime_to_tm(ktime_add(rtc_tm_to_ktime(tm), -- ktime_set(300, 0))); -- alarm.enabled = 0; -- -- ___rtc_set_alarm(rtc, &alarm); --} -- - /** - * rtc_timer_remove - Removes a rtc_timer from the rtc_device timerqueue - * @rtc rtc device -@@ -804,10 +783,8 @@ static void rtc_timer_remove(struct rtc_device *rtc, struct rtc_timer *timer) - struct rtc_wkalrm alarm; - int err; - next = timerqueue_getnext(&rtc->timerqueue); -- if (!next) { -- rtc_alarm_disable(rtc); -+ if (!next) - return; -- } - alarm.time = rtc_ktime_to_tm(next->expires); - alarm.enabled = 1; - err = __rtc_set_alarm(rtc, &alarm); -@@ -869,8 +846,7 @@ again: - err = __rtc_set_alarm(rtc, &alarm); - if (err == -ETIME) - goto again; -- } else -- rtc_alarm_disable(rtc); -+ } - - mutex_unlock(&rtc->ops_lock); - } -diff --git a/drivers/rtc/rtc-m41t80.c b/drivers/rtc/rtc-m41t80.c -index eda128f..64aedd8 100644 ---- a/drivers/rtc/rtc-m41t80.c -+++ b/drivers/rtc/rtc-m41t80.c -@@ -357,10 +357,19 @@ static int m41t80_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *t) - static struct rtc_class_ops m41t80_rtc_ops = { - .read_time = m41t80_rtc_read_time, - .set_time = m41t80_rtc_set_time, -+ /* -+ * XXX - m41t80 alarm functionality is reported broken. -+ * until it is fixed, don't register alarm functions. -+ * - .read_alarm = m41t80_rtc_read_alarm, - .set_alarm = m41t80_rtc_set_alarm, -+ */ - .proc = m41t80_rtc_proc, -+ /* -+ * See above comment on broken alarm -+ * - .alarm_irq_enable = m41t80_rtc_alarm_irq_enable, -+ */ - }; - - #if defined(CONFIG_RTC_INTF_SYSFS) || defined(CONFIG_RTC_INTF_SYSFS_MODULE) -diff --git a/drivers/s390/scsi/zfcp_scsi.c b/drivers/s390/scsi/zfcp_scsi.c -index 7cac873..169ba7b 100644 ---- a/drivers/s390/scsi/zfcp_scsi.c -+++ b/drivers/s390/scsi/zfcp_scsi.c -@@ -57,6 +57,10 @@ static void zfcp_scsi_slave_destroy(struct scsi_device *sdev) - { - struct zfcp_scsi_dev *zfcp_sdev = sdev_to_zfcp(sdev); - -+ /* if previous slave_alloc returned early, there is nothing to do */ -+ if (!zfcp_sdev->port) -+ return; -+ - zfcp_erp_lun_shutdown_wait(sdev, "scssd_1"); - put_device(&zfcp_sdev->port->dev); - } -diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c -index 5d0e9a2..8858170 100644 ---- a/drivers/scsi/fcoe/fcoe.c -+++ b/drivers/scsi/fcoe/fcoe.c -@@ -1635,6 +1635,7 @@ static inline int fcoe_filter_frames(struct fc_lport *lport, - stats->InvalidCRCCount++; - if (stats->InvalidCRCCount < 5) - printk(KERN_WARNING "fcoe: dropping frame with CRC error\n"); -+ put_cpu(); - return -EINVAL; - } - -diff --git a/drivers/scsi/mpt2sas/mpt2sas_base.c b/drivers/scsi/mpt2sas/mpt2sas_base.c -index 83035bd..39e81cd 100644 ---- a/drivers/scsi/mpt2sas/mpt2sas_base.c -+++ b/drivers/scsi/mpt2sas/mpt2sas_base.c -@@ -1082,41 +1082,6 @@ _base_config_dma_addressing(struct MPT2SAS_ADAPTER *ioc, struct pci_dev *pdev) - } - - /** -- * _base_save_msix_table - backup msix vector table -- * @ioc: per adapter object -- * -- * This address an errata where diag reset clears out the table -- */ --static void --_base_save_msix_table(struct MPT2SAS_ADAPTER *ioc) --{ -- int i; -- -- if (!ioc->msix_enable || ioc->msix_table_backup == NULL) -- return; -- -- for (i = 0; i < ioc->msix_vector_count; i++) -- ioc->msix_table_backup[i] = ioc->msix_table[i]; --} -- --/** -- * _base_restore_msix_table - this restores the msix vector table -- * @ioc: per adapter object -- * -- */ --static void --_base_restore_msix_table(struct MPT2SAS_ADAPTER *ioc) --{ -- int i; -- -- if (!ioc->msix_enable || ioc->msix_table_backup == NULL) -- return; -- -- for (i = 0; i < ioc->msix_vector_count; i++) -- ioc->msix_table[i] = ioc->msix_table_backup[i]; --} -- --/** - * _base_check_enable_msix - checks MSIX capabable. - * @ioc: per adapter object - * -@@ -1128,7 +1093,7 @@ _base_check_enable_msix(struct MPT2SAS_ADAPTER *ioc) - { - int base; - u16 message_control; -- u32 msix_table_offset; -+ - - base = pci_find_capability(ioc->pdev, PCI_CAP_ID_MSIX); - if (!base) { -@@ -1141,14 +1106,8 @@ _base_check_enable_msix(struct MPT2SAS_ADAPTER *ioc) - pci_read_config_word(ioc->pdev, base + 2, &message_control); - ioc->msix_vector_count = (message_control & 0x3FF) + 1; - -- /* get msix table */ -- pci_read_config_dword(ioc->pdev, base + 4, &msix_table_offset); -- msix_table_offset &= 0xFFFFFFF8; -- ioc->msix_table = (u32 *)((void *)ioc->chip + msix_table_offset); -- - dinitprintk(ioc, printk(MPT2SAS_INFO_FMT "msix is supported, " -- "vector_count(%d), table_offset(0x%08x), table(%p)\n", ioc->name, -- ioc->msix_vector_count, msix_table_offset, ioc->msix_table)); -+ "vector_count(%d)\n", ioc->name, ioc->msix_vector_count)); - return 0; - } - -@@ -1162,8 +1121,6 @@ _base_disable_msix(struct MPT2SAS_ADAPTER *ioc) - { - if (ioc->msix_enable) { - pci_disable_msix(ioc->pdev); -- kfree(ioc->msix_table_backup); -- ioc->msix_table_backup = NULL; - ioc->msix_enable = 0; - } - } -@@ -1189,14 +1146,6 @@ _base_enable_msix(struct MPT2SAS_ADAPTER *ioc) - if (_base_check_enable_msix(ioc) != 0) - goto try_ioapic; - -- ioc->msix_table_backup = kcalloc(ioc->msix_vector_count, -- sizeof(u32), GFP_KERNEL); -- if (!ioc->msix_table_backup) { -- dfailprintk(ioc, printk(MPT2SAS_INFO_FMT "allocation for " -- "msix_table_backup failed!!!\n", ioc->name)); -- goto try_ioapic; -- } -- - memset(&entries, 0, sizeof(struct msix_entry)); - r = pci_enable_msix(ioc->pdev, &entries, 1); - if (r) { -@@ -3513,9 +3462,6 @@ _base_diag_reset(struct MPT2SAS_ADAPTER *ioc, int sleep_flag) - u32 hcb_size; - - printk(MPT2SAS_INFO_FMT "sending diag reset !!\n", ioc->name); -- -- _base_save_msix_table(ioc); -- - drsprintk(ioc, printk(MPT2SAS_INFO_FMT "clear interrupts\n", - ioc->name)); - -@@ -3611,7 +3557,6 @@ _base_diag_reset(struct MPT2SAS_ADAPTER *ioc, int sleep_flag) - goto out; - } - -- _base_restore_msix_table(ioc); - printk(MPT2SAS_INFO_FMT "diag reset: SUCCESS\n", ioc->name); - return 0; - -diff --git a/drivers/scsi/mpt2sas/mpt2sas_base.h b/drivers/scsi/mpt2sas/mpt2sas_base.h -index 8d5be21..7df640f 100644 ---- a/drivers/scsi/mpt2sas/mpt2sas_base.h -+++ b/drivers/scsi/mpt2sas/mpt2sas_base.h -@@ -636,8 +636,6 @@ enum mutex_type { - * @wait_for_port_enable_to_complete: - * @msix_enable: flag indicating msix is enabled - * @msix_vector_count: number msix vectors -- * @msix_table: virt address to the msix table -- * @msix_table_backup: backup msix table - * @scsi_io_cb_idx: shost generated commands - * @tm_cb_idx: task management commands - * @scsih_cb_idx: scsih internal commands -@@ -779,8 +777,6 @@ struct MPT2SAS_ADAPTER { - - u8 msix_enable; - u16 msix_vector_count; -- u32 *msix_table; -- u32 *msix_table_backup; - u32 ioc_reset_count; - - /* internal commands, callback index */ -diff --git a/drivers/scsi/mpt2sas/mpt2sas_scsih.c b/drivers/scsi/mpt2sas/mpt2sas_scsih.c -index 97aac82..d3b3567 100644 ---- a/drivers/scsi/mpt2sas/mpt2sas_scsih.c -+++ b/drivers/scsi/mpt2sas/mpt2sas_scsih.c -@@ -4210,7 +4210,7 @@ _scsih_smart_predicted_fault(struct MPT2SAS_ADAPTER *ioc, u16 handle) - /* insert into event log */ - sz = offsetof(Mpi2EventNotificationReply_t, EventData) + - sizeof(Mpi2EventDataSasDeviceStatusChange_t); -- event_reply = kzalloc(sz, GFP_KERNEL); -+ event_reply = kzalloc(sz, GFP_ATOMIC); - if (!event_reply) { - printk(MPT2SAS_ERR_FMT "failure at %s:%d/%s()!\n", - ioc->name, __FILE__, __LINE__, __func__); -diff --git a/drivers/ssb/driver_pcicore.c b/drivers/ssb/driver_pcicore.c -index e6ac317..32c535f 100644 ---- a/drivers/ssb/driver_pcicore.c -+++ b/drivers/ssb/driver_pcicore.c -@@ -516,10 +516,14 @@ static void ssb_pcicore_pcie_setup_workarounds(struct ssb_pcicore *pc) - - static void __devinit ssb_pcicore_init_clientmode(struct ssb_pcicore *pc) - { -- ssb_pcicore_fix_sprom_core_index(pc); -+ struct ssb_device *pdev = pc->dev; -+ struct ssb_bus *bus = pdev->bus; -+ -+ if (bus->bustype == SSB_BUSTYPE_PCI) -+ ssb_pcicore_fix_sprom_core_index(pc); - - /* Disable PCI interrupts. */ -- ssb_write32(pc->dev, SSB_INTVEC, 0); -+ ssb_write32(pdev, SSB_INTVEC, 0); - - /* Additional PCIe always once-executed workarounds */ - if (pc->dev->id.coreid == SSB_DEV_PCIE) { -diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c -index 809cbda..1795977 100644 ---- a/drivers/watchdog/hpwdt.c -+++ b/drivers/watchdog/hpwdt.c -@@ -230,6 +230,7 @@ static int __devinit cru_detect(unsigned long map_entry, - - cmn_regs.u1.reax = CRU_BIOS_SIGNATURE_VALUE; - -+ set_memory_x((unsigned long)bios32_entrypoint, (2 * PAGE_SIZE)); - asminline_call(&cmn_regs, bios32_entrypoint); - - if (cmn_regs.u1.ral != 0) { -@@ -247,8 +248,10 @@ static int __devinit cru_detect(unsigned long map_entry, - if ((physical_bios_base + physical_bios_offset)) { - cru_rom_addr = - ioremap(cru_physical_address, cru_length); -- if (cru_rom_addr) -+ if (cru_rom_addr) { -+ set_memory_x((unsigned long)cru_rom_addr, cru_length); - retval = 0; -+ } - } - - printk(KERN_DEBUG "hpwdt: CRU Base Address: 0x%lx\n", -diff --git a/fs/nfs/file.c b/fs/nfs/file.c -index 5b3d984..babaf3a 100644 ---- a/fs/nfs/file.c -+++ b/fs/nfs/file.c -@@ -191,7 +191,7 @@ static loff_t nfs_file_llseek(struct file *filp, loff_t offset, int origin) - * origin == SEEK_END || SEEK_DATA || SEEK_HOLE => we must revalidate - * the cached file length - */ -- if (origin != SEEK_SET || origin != SEEK_CUR) { -+ if (origin != SEEK_SET && origin != SEEK_CUR) { - struct inode *inode = filp->f_mapping->host; - - int retval = nfs_revalidate_file_size(inode, filp); -diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c -index 39914be..efd8431 100644 ---- a/fs/nfs/nfs4state.c -+++ b/fs/nfs/nfs4state.c -@@ -1525,16 +1525,16 @@ void nfs41_handle_sequence_flag_errors(struct nfs_client *clp, u32 flags) - { - if (!flags) - return; -- else if (flags & SEQ4_STATUS_RESTART_RECLAIM_NEEDED) -+ if (flags & SEQ4_STATUS_RESTART_RECLAIM_NEEDED) - nfs41_handle_server_reboot(clp); -- else if (flags & (SEQ4_STATUS_EXPIRED_ALL_STATE_REVOKED | -+ if (flags & (SEQ4_STATUS_EXPIRED_ALL_STATE_REVOKED | - SEQ4_STATUS_EXPIRED_SOME_STATE_REVOKED | - SEQ4_STATUS_ADMIN_STATE_REVOKED | - SEQ4_STATUS_LEASE_MOVED)) - nfs41_handle_state_revoked(clp); -- else if (flags & SEQ4_STATUS_RECALLABLE_STATE_REVOKED) -+ if (flags & SEQ4_STATUS_RECALLABLE_STATE_REVOKED) - nfs41_handle_recallable_state_revoked(clp); -- else if (flags & (SEQ4_STATUS_CB_PATH_DOWN | -+ if (flags & (SEQ4_STATUS_CB_PATH_DOWN | - SEQ4_STATUS_BACKCHANNEL_FAULT | - SEQ4_STATUS_CB_PATH_DOWN_SESSION)) - nfs41_handle_cb_path_down(clp); -diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c -index 41d6743..3e65427 100644 ---- a/fs/nilfs2/ioctl.c -+++ b/fs/nilfs2/ioctl.c -@@ -842,6 +842,19 @@ long nilfs_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) - case FS_IOC32_GETVERSION: - cmd = FS_IOC_GETVERSION; - break; -+ case NILFS_IOCTL_CHANGE_CPMODE: -+ case NILFS_IOCTL_DELETE_CHECKPOINT: -+ case NILFS_IOCTL_GET_CPINFO: -+ case NILFS_IOCTL_GET_CPSTAT: -+ case NILFS_IOCTL_GET_SUINFO: -+ case NILFS_IOCTL_GET_SUSTAT: -+ case NILFS_IOCTL_GET_VINFO: -+ case NILFS_IOCTL_GET_BDESCS: -+ case NILFS_IOCTL_CLEAN_SEGMENTS: -+ case NILFS_IOCTL_SYNC: -+ case NILFS_IOCTL_RESIZE: -+ case NILFS_IOCTL_SET_ALLOC_RANGE: -+ break; - default: - return -ENOIOCTLCMD; - } -diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 7fbaa91..5e30b45 100644 ---- a/include/linux/blkdev.h -+++ b/include/linux/blkdev.h -@@ -803,9 +803,6 @@ extern void blk_unprep_request(struct request *); - */ - extern struct request_queue *blk_init_queue_node(request_fn_proc *rfn, - spinlock_t *lock, int node_id); --extern struct request_queue *blk_init_allocated_queue_node(struct request_queue *, -- request_fn_proc *, -- spinlock_t *, int node_id); - extern struct request_queue *blk_init_queue(request_fn_proc *, spinlock_t *); - extern struct request_queue *blk_init_allocated_queue(struct request_queue *, - request_fn_proc *, spinlock_t *); -diff --git a/include/linux/i2c/twl4030-madc.h b/include/linux/i2c/twl4030-madc.h -index 6427d29..530e11b 100644 ---- a/include/linux/i2c/twl4030-madc.h -+++ b/include/linux/i2c/twl4030-madc.h -@@ -129,6 +129,10 @@ enum sample_type { - #define REG_BCICTL2 0x024 - #define TWL4030_BCI_ITHSENS 0x007 - -+/* Register and bits for GPBR1 register */ -+#define TWL4030_REG_GPBR1 0x0c -+#define TWL4030_GPBR1_MADC_HFCLK_EN (1 << 7) -+ - struct twl4030_madc_user_parms { - int channel; - int average; -diff --git a/include/linux/lglock.h b/include/linux/lglock.h -index f549056..87f402c 100644 ---- a/include/linux/lglock.h -+++ b/include/linux/lglock.h -@@ -22,6 +22,7 @@ - #include <linux/spinlock.h> - #include <linux/lockdep.h> - #include <linux/percpu.h> -+#include <linux/cpu.h> - - /* can make br locks by using local lock for read side, global lock for write */ - #define br_lock_init(name) name##_lock_init() -@@ -72,9 +73,31 @@ - - #define DEFINE_LGLOCK(name) \ - \ -+ DEFINE_SPINLOCK(name##_cpu_lock); \ -+ cpumask_t name##_cpus __read_mostly; \ - DEFINE_PER_CPU(arch_spinlock_t, name##_lock); \ - DEFINE_LGLOCK_LOCKDEP(name); \ - \ -+ static int \ -+ name##_lg_cpu_callback(struct notifier_block *nb, \ -+ unsigned long action, void *hcpu) \ -+ { \ -+ switch (action & ~CPU_TASKS_FROZEN) { \ -+ case CPU_UP_PREPARE: \ -+ spin_lock(&name##_cpu_lock); \ -+ cpu_set((unsigned long)hcpu, name##_cpus); \ -+ spin_unlock(&name##_cpu_lock); \ -+ break; \ -+ case CPU_UP_CANCELED: case CPU_DEAD: \ -+ spin_lock(&name##_cpu_lock); \ -+ cpu_clear((unsigned long)hcpu, name##_cpus); \ -+ spin_unlock(&name##_cpu_lock); \ -+ } \ -+ return NOTIFY_OK; \ -+ } \ -+ static struct notifier_block name##_lg_cpu_notifier = { \ -+ .notifier_call = name##_lg_cpu_callback, \ -+ }; \ - void name##_lock_init(void) { \ - int i; \ - LOCKDEP_INIT_MAP(&name##_lock_dep_map, #name, &name##_lock_key, 0); \ -@@ -83,6 +106,11 @@ - lock = &per_cpu(name##_lock, i); \ - *lock = (arch_spinlock_t)__ARCH_SPIN_LOCK_UNLOCKED; \ - } \ -+ register_hotcpu_notifier(&name##_lg_cpu_notifier); \ -+ get_online_cpus(); \ -+ for_each_online_cpu(i) \ -+ cpu_set(i, name##_cpus); \ -+ put_online_cpus(); \ - } \ - EXPORT_SYMBOL(name##_lock_init); \ - \ -@@ -124,9 +152,9 @@ - \ - void name##_global_lock_online(void) { \ - int i; \ -- preempt_disable(); \ -+ spin_lock(&name##_cpu_lock); \ - rwlock_acquire(&name##_lock_dep_map, 0, 0, _RET_IP_); \ -- for_each_online_cpu(i) { \ -+ for_each_cpu(i, &name##_cpus) { \ - arch_spinlock_t *lock; \ - lock = &per_cpu(name##_lock, i); \ - arch_spin_lock(lock); \ -@@ -137,12 +165,12 @@ - void name##_global_unlock_online(void) { \ - int i; \ - rwlock_release(&name##_lock_dep_map, 1, _RET_IP_); \ -- for_each_online_cpu(i) { \ -+ for_each_cpu(i, &name##_cpus) { \ - arch_spinlock_t *lock; \ - lock = &per_cpu(name##_lock, i); \ - arch_spin_unlock(lock); \ - } \ -- preempt_enable(); \ -+ spin_unlock(&name##_cpu_lock); \ - } \ - EXPORT_SYMBOL(name##_global_unlock_online); \ - \ -diff --git a/include/net/dst.h b/include/net/dst.h -index 13d507d..8295249 100644 ---- a/include/net/dst.h -+++ b/include/net/dst.h -@@ -53,6 +53,7 @@ struct dst_entry { - #define DST_NOHASH 0x0008 - #define DST_NOCACHE 0x0010 - #define DST_NOCOUNT 0x0020 -+#define DST_NOPEER 0x0040 - - short error; - short obsolete; -diff --git a/include/net/flow.h b/include/net/flow.h -index a094477..57f15a7 100644 ---- a/include/net/flow.h -+++ b/include/net/flow.h -@@ -207,6 +207,7 @@ extern struct flow_cache_object *flow_cache_lookup( - u8 dir, flow_resolve_t resolver, void *ctx); - - extern void flow_cache_flush(void); -+extern void flow_cache_flush_deferred(void); - extern atomic_t flow_cache_genid; - - #endif -diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h -index f7d9c3f..ec86952 100644 ---- a/include/net/sctp/structs.h -+++ b/include/net/sctp/structs.h -@@ -241,6 +241,9 @@ extern struct sctp_globals { - * bits is an indicator of when to send and window update SACK. - */ - int rwnd_update_shift; -+ -+ /* Threshold for autoclose timeout, in seconds. */ -+ unsigned long max_autoclose; - } sctp_globals; - - #define sctp_rto_initial (sctp_globals.rto_initial) -@@ -281,6 +284,7 @@ extern struct sctp_globals { - #define sctp_auth_enable (sctp_globals.auth_enable) - #define sctp_checksum_disable (sctp_globals.checksum_disable) - #define sctp_rwnd_upd_shift (sctp_globals.rwnd_update_shift) -+#define sctp_max_autoclose (sctp_globals.max_autoclose) - - /* SCTP Socket type: UDP or TCP style. */ - typedef enum { -diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 1d2b6ce..b7ab0b8 100644 ---- a/kernel/cgroup.c -+++ b/kernel/cgroup.c -@@ -2098,11 +2098,6 @@ int cgroup_attach_proc(struct cgroup *cgrp, struct task_struct *leader) - continue; - /* get old css_set pointer */ - task_lock(tsk); -- if (tsk->flags & PF_EXITING) { -- /* ignore this task if it's going away */ -- task_unlock(tsk); -- continue; -- } - oldcg = tsk->cgroups; - get_css_set(oldcg); - task_unlock(tsk); -diff --git a/kernel/exit.c b/kernel/exit.c -index 2913b35..9e316ae 100644 ---- a/kernel/exit.c -+++ b/kernel/exit.c -@@ -1542,8 +1542,15 @@ static int wait_consider_task(struct wait_opts *wo, int ptrace, - } - - /* dead body doesn't have much to contribute */ -- if (p->exit_state == EXIT_DEAD) -+ if (unlikely(p->exit_state == EXIT_DEAD)) { -+ /* -+ * But do not ignore this task until the tracer does -+ * wait_task_zombie()->do_notify_parent(). -+ */ -+ if (likely(!ptrace) && unlikely(ptrace_reparented(p))) -+ wo->notask_error = 0; - return 0; -+ } - - /* slay zombie? */ - if (p->exit_state == EXIT_ZOMBIE) { -diff --git a/kernel/futex.c b/kernel/futex.c -index 11cbe05..e6160fa 100644 ---- a/kernel/futex.c -+++ b/kernel/futex.c -@@ -314,17 +314,29 @@ again: - #endif - - lock_page(page_head); -+ -+ /* -+ * If page_head->mapping is NULL, then it cannot be a PageAnon -+ * page; but it might be the ZERO_PAGE or in the gate area or -+ * in a special mapping (all cases which we are happy to fail); -+ * or it may have been a good file page when get_user_pages_fast -+ * found it, but truncated or holepunched or subjected to -+ * invalidate_complete_page2 before we got the page lock (also -+ * cases which we are happy to fail). And we hold a reference, -+ * so refcount care in invalidate_complete_page's remove_mapping -+ * prevents drop_caches from setting mapping to NULL beneath us. -+ * -+ * The case we do have to guard against is when memory pressure made -+ * shmem_writepage move it from filecache to swapcache beneath us: -+ * an unlikely race, but we do need to retry for page_head->mapping. -+ */ - if (!page_head->mapping) { -+ int shmem_swizzled = PageSwapCache(page_head); - unlock_page(page_head); - put_page(page_head); -- /* -- * ZERO_PAGE pages don't have a mapping. Avoid a busy loop -- * trying to find one. RW mapping would have COW'd (and thus -- * have a mapping) so this page is RO and won't ever change. -- */ -- if ((page_head == ZERO_PAGE(address))) -- return -EFAULT; -- goto again; -+ if (shmem_swizzled) -+ goto again; -+ return -EFAULT; - } - - /* -diff --git a/kernel/hung_task.c b/kernel/hung_task.c -index ea64012..e972276 100644 ---- a/kernel/hung_task.c -+++ b/kernel/hung_task.c -@@ -74,11 +74,17 @@ static void check_hung_task(struct task_struct *t, unsigned long timeout) - - /* - * Ensure the task is not frozen. -- * Also, when a freshly created task is scheduled once, changes -- * its state to TASK_UNINTERRUPTIBLE without having ever been -- * switched out once, it musn't be checked. -+ * Also, skip vfork and any other user process that freezer should skip. - */ -- if (unlikely(t->flags & PF_FROZEN || !switch_count)) -+ if (unlikely(t->flags & (PF_FROZEN | PF_FREEZER_SKIP))) -+ return; -+ -+ /* -+ * When a freshly created task is scheduled once, changes its state to -+ * TASK_UNINTERRUPTIBLE without having ever been switched out once, it -+ * musn't be checked. -+ */ -+ if (unlikely(!switch_count)) - return; - - if (switch_count != t->last_switch_count) { -diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index a70d2a5..67d1fdd 100644 ---- a/kernel/ptrace.c -+++ b/kernel/ptrace.c -@@ -96,9 +96,20 @@ void __ptrace_unlink(struct task_struct *child) - */ - if (!(child->flags & PF_EXITING) && - (child->signal->flags & SIGNAL_STOP_STOPPED || -- child->signal->group_stop_count)) -+ child->signal->group_stop_count)) { - child->jobctl |= JOBCTL_STOP_PENDING; - -+ /* -+ * This is only possible if this thread was cloned by the -+ * traced task running in the stopped group, set the signal -+ * for the future reports. -+ * FIXME: we should change ptrace_init_task() to handle this -+ * case. -+ */ -+ if (!(child->jobctl & JOBCTL_STOP_SIGMASK)) -+ child->jobctl |= SIGSTOP; -+ } -+ - /* - * If transition to TASK_STOPPED is pending or in TASK_TRACED, kick - * @child in the butt. Note that @resume should be used iff @child -diff --git a/kernel/signal.c b/kernel/signal.c -index 291c970..195331c 100644 ---- a/kernel/signal.c -+++ b/kernel/signal.c -@@ -1986,8 +1986,6 @@ static bool do_signal_stop(int signr) - */ - if (!(sig->flags & SIGNAL_STOP_STOPPED)) - sig->group_exit_code = signr; -- else -- WARN_ON_ONCE(!current->ptrace); - - sig->group_stop_count = 0; - -diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c -index e8bffbe..2ce1b30 100644 ---- a/kernel/sysctl_binary.c -+++ b/kernel/sysctl_binary.c -@@ -1354,7 +1354,7 @@ static ssize_t binary_sysctl(const int *name, int nlen, - - fput(file); - out_putname: -- putname(pathname); -+ __putname(pathname); - out: - return result; - } -diff --git a/mm/filemap.c b/mm/filemap.c -index 7771871..b91f3aa 100644 ---- a/mm/filemap.c -+++ b/mm/filemap.c -@@ -1828,7 +1828,7 @@ repeat: - page = __page_cache_alloc(gfp | __GFP_COLD); - if (!page) - return ERR_PTR(-ENOMEM); -- err = add_to_page_cache_lru(page, mapping, index, GFP_KERNEL); -+ err = add_to_page_cache_lru(page, mapping, index, gfp); - if (unlikely(err)) { - page_cache_release(page); - if (err == -EEXIST) -@@ -1925,10 +1925,7 @@ static struct page *wait_on_page_read(struct page *page) - * @gfp: the page allocator flags to use if allocating - * - * This is the same as "read_mapping_page(mapping, index, NULL)", but with -- * any new page allocations done using the specified allocation flags. Note -- * that the Radix tree operations will still use GFP_KERNEL, so you can't -- * expect to do this atomically or anything like that - but you can pass in -- * other page requirements. -+ * any new page allocations done using the specified allocation flags. - * - * If the page does not get brought uptodate, return -EIO. - */ -diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 73f17c0..2316840 100644 ---- a/mm/hugetlb.c -+++ b/mm/hugetlb.c -@@ -901,7 +901,6 @@ retry: - h->resv_huge_pages += delta; - ret = 0; - -- spin_unlock(&hugetlb_lock); - /* Free the needed pages to the hugetlb pool */ - list_for_each_entry_safe(page, tmp, &surplus_list, lru) { - if ((--needed) < 0) -@@ -915,6 +914,7 @@ retry: - VM_BUG_ON(page_count(page)); - enqueue_huge_page(h, page); - } -+ spin_unlock(&hugetlb_lock); - - /* Free unnecessary surplus pages to the buddy allocator */ - free: -diff --git a/mm/memcontrol.c b/mm/memcontrol.c -index 3508777..afde618 100644 ---- a/mm/memcontrol.c -+++ b/mm/memcontrol.c -@@ -4898,9 +4898,9 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont) - int cpu; - enable_swap_cgroup(); - parent = NULL; -- root_mem_cgroup = mem; - if (mem_cgroup_soft_limit_tree_init()) - goto free_out; -+ root_mem_cgroup = mem; - for_each_possible_cpu(cpu) { - struct memcg_stock_pcp *stock = - &per_cpu(memcg_stock, cpu); -@@ -4939,7 +4939,6 @@ mem_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cont) - return &mem->css; - free_out: - __mem_cgroup_free(mem); -- root_mem_cgroup = NULL; - return ERR_PTR(error); - } - -diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 9c51f9f..2775fd0 100644 ---- a/mm/mempolicy.c -+++ b/mm/mempolicy.c -@@ -636,6 +636,7 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, - struct vm_area_struct *prev; - struct vm_area_struct *vma; - int err = 0; -+ pgoff_t pgoff; - unsigned long vmstart; - unsigned long vmend; - -@@ -643,13 +644,21 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, - if (!vma || vma->vm_start > start) - return -EFAULT; - -+ if (start > vma->vm_start) -+ prev = vma; -+ - for (; vma && vma->vm_start < end; prev = vma, vma = next) { - next = vma->vm_next; - vmstart = max(start, vma->vm_start); - vmend = min(end, vma->vm_end); - -+ if (mpol_equal(vma_policy(vma), new_pol)) -+ continue; -+ -+ pgoff = vma->vm_pgoff + -+ ((vmstart - vma->vm_start) >> PAGE_SHIFT); - prev = vma_merge(mm, prev, vmstart, vmend, vma->vm_flags, -- vma->anon_vma, vma->vm_file, vma->vm_pgoff, -+ vma->anon_vma, vma->vm_file, pgoff, - new_pol); - if (prev) { - vma = prev; -diff --git a/mm/oom_kill.c b/mm/oom_kill.c -index 626303b..e9a1785 100644 ---- a/mm/oom_kill.c -+++ b/mm/oom_kill.c -@@ -162,7 +162,7 @@ static bool oom_unkillable_task(struct task_struct *p, - unsigned int oom_badness(struct task_struct *p, struct mem_cgroup *mem, - const nodemask_t *nodemask, unsigned long totalpages) - { -- int points; -+ long points; - - if (oom_unkillable_task(p, mem, nodemask)) - return 0; -diff --git a/mm/percpu.c b/mm/percpu.c -index 93b5a7c..0ae7a09 100644 ---- a/mm/percpu.c -+++ b/mm/percpu.c -@@ -1011,9 +1011,11 @@ phys_addr_t per_cpu_ptr_to_phys(void *addr) - if (!is_vmalloc_addr(addr)) - return __pa(addr); - else -- return page_to_phys(vmalloc_to_page(addr)); -+ return page_to_phys(vmalloc_to_page(addr)) + -+ offset_in_page(addr); - } else -- return page_to_phys(pcpu_addr_to_page(addr)); -+ return page_to_phys(pcpu_addr_to_page(addr)) + -+ offset_in_page(addr); - } - - /** -diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c -index d6ec372..5693e5f 100644 ---- a/net/bridge/br_netfilter.c -+++ b/net/bridge/br_netfilter.c -@@ -141,7 +141,7 @@ void br_netfilter_rtable_init(struct net_bridge *br) - rt->dst.dev = br->dev; - rt->dst.path = &rt->dst; - dst_init_metrics(&rt->dst, br_dst_default_metrics, true); -- rt->dst.flags = DST_NOXFRM; -+ rt->dst.flags = DST_NOXFRM | DST_NOPEER; - rt->dst.ops = &fake_dst_ops; - } - -diff --git a/net/core/flow.c b/net/core/flow.c -index 555a456..d6968e5 100644 ---- a/net/core/flow.c -+++ b/net/core/flow.c -@@ -358,6 +358,18 @@ void flow_cache_flush(void) - put_online_cpus(); - } - -+static void flow_cache_flush_task(struct work_struct *work) -+{ -+ flow_cache_flush(); -+} -+ -+static DECLARE_WORK(flow_cache_flush_work, flow_cache_flush_task); -+ -+void flow_cache_flush_deferred(void) -+{ -+ schedule_work(&flow_cache_flush_work); -+} -+ - static int __cpuinit flow_cache_cpu_prepare(struct flow_cache *fc, int cpu) - { - struct flow_cache_percpu *fcp = per_cpu_ptr(fc->percpu, cpu); -diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c -index bc19bd0..070f214 100644 ---- a/net/ipv4/devinet.c -+++ b/net/ipv4/devinet.c -@@ -1490,7 +1490,9 @@ static int devinet_conf_proc(ctl_table *ctl, int write, - void __user *buffer, - size_t *lenp, loff_t *ppos) - { -+ int old_value = *(int *)ctl->data; - int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); -+ int new_value = *(int *)ctl->data; - - if (write) { - struct ipv4_devconf *cnf = ctl->extra1; -@@ -1501,6 +1503,9 @@ static int devinet_conf_proc(ctl_table *ctl, int write, - - if (cnf == net->ipv4.devconf_dflt) - devinet_copy_dflt_conf(net, i); -+ if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1) -+ if ((new_value == 0) && (old_value != 0)) -+ rt_cache_flush(net, 0); - } - - return ret; -diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index 472a8c4..004bb74 100644 ---- a/net/ipv4/ipconfig.c -+++ b/net/ipv4/ipconfig.c -@@ -252,6 +252,10 @@ static int __init ic_open_devs(void) - } - } - -+ /* no point in waiting if we could not bring up at least one device */ -+ if (!ic_first_dev) -+ goto have_carrier; -+ - /* wait for a carrier on at least one device */ - start = jiffies; - while (jiffies - start < msecs_to_jiffies(CONF_CARRIER_TIMEOUT)) { -diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c -index 378b20b..6f06f7f 100644 ---- a/net/ipv4/ipip.c -+++ b/net/ipv4/ipip.c -@@ -285,6 +285,8 @@ static struct ip_tunnel * ipip_tunnel_locate(struct net *net, - if (register_netdevice(dev) < 0) - goto failed_free; - -+ strcpy(nt->parms.name, dev->name); -+ - dev_hold(dev); - ipip_tunnel_link(ipn, nt); - return nt; -@@ -759,7 +761,6 @@ static int ipip_tunnel_init(struct net_device *dev) - struct ip_tunnel *tunnel = netdev_priv(dev); - - tunnel->dev = dev; -- strcpy(tunnel->parms.name, dev->name); - - memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); - memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); -@@ -825,6 +826,7 @@ static void ipip_destroy_tunnels(struct ipip_net *ipn, struct list_head *head) - static int __net_init ipip_init_net(struct net *net) - { - struct ipip_net *ipn = net_generic(net, ipip_net_id); -+ struct ip_tunnel *t; - int err; - - ipn->tunnels[0] = ipn->tunnels_wc; -@@ -848,6 +850,9 @@ static int __net_init ipip_init_net(struct net *net) - if ((err = register_netdev(ipn->fb_tunnel_dev))) - goto err_reg_dev; - -+ t = netdev_priv(ipn->fb_tunnel_dev); -+ -+ strcpy(t->parms.name, ipn->fb_tunnel_dev->name); - return 0; - - err_reg_dev: -diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 05ac666c..b563854 100644 ---- a/net/ipv4/route.c -+++ b/net/ipv4/route.c -@@ -91,6 +91,7 @@ - #include <linux/rcupdate.h> - #include <linux/times.h> - #include <linux/slab.h> -+#include <linux/prefetch.h> - #include <net/dst.h> - #include <net/net_namespace.h> - #include <net/protocol.h> -@@ -134,6 +135,9 @@ static int ip_rt_min_advmss __read_mostly = 256; - static int rt_chain_length_max __read_mostly = 20; - static int redirect_genid; - -+static struct delayed_work expires_work; -+static unsigned long expires_ljiffies; -+ - /* - * Interface to generic destination cache. - */ -@@ -831,6 +835,97 @@ static int has_noalias(const struct rtable *head, const struct rtable *rth) - return ONE; - } - -+static void rt_check_expire(void) -+{ -+ static unsigned int rover; -+ unsigned int i = rover, goal; -+ struct rtable *rth; -+ struct rtable __rcu **rthp; -+ unsigned long samples = 0; -+ unsigned long sum = 0, sum2 = 0; -+ unsigned long delta; -+ u64 mult; -+ -+ delta = jiffies - expires_ljiffies; -+ expires_ljiffies = jiffies; -+ mult = ((u64)delta) << rt_hash_log; -+ if (ip_rt_gc_timeout > 1) -+ do_div(mult, ip_rt_gc_timeout); -+ goal = (unsigned int)mult; -+ if (goal > rt_hash_mask) -+ goal = rt_hash_mask + 1; -+ for (; goal > 0; goal--) { -+ unsigned long tmo = ip_rt_gc_timeout; -+ unsigned long length; -+ -+ i = (i + 1) & rt_hash_mask; -+ rthp = &rt_hash_table[i].chain; -+ -+ if (need_resched()) -+ cond_resched(); -+ -+ samples++; -+ -+ if (rcu_dereference_raw(*rthp) == NULL) -+ continue; -+ length = 0; -+ spin_lock_bh(rt_hash_lock_addr(i)); -+ while ((rth = rcu_dereference_protected(*rthp, -+ lockdep_is_held(rt_hash_lock_addr(i)))) != NULL) { -+ prefetch(rth->dst.rt_next); -+ if (rt_is_expired(rth)) { -+ *rthp = rth->dst.rt_next; -+ rt_free(rth); -+ continue; -+ } -+ if (rth->dst.expires) { -+ /* Entry is expired even if it is in use */ -+ if (time_before_eq(jiffies, rth->dst.expires)) { -+nofree: -+ tmo >>= 1; -+ rthp = &rth->dst.rt_next; -+ /* -+ * We only count entries on -+ * a chain with equal hash inputs once -+ * so that entries for different QOS -+ * levels, and other non-hash input -+ * attributes don't unfairly skew -+ * the length computation -+ */ -+ length += has_noalias(rt_hash_table[i].chain, rth); -+ continue; -+ } -+ } else if (!rt_may_expire(rth, tmo, ip_rt_gc_timeout)) -+ goto nofree; -+ -+ /* Cleanup aged off entries. */ -+ *rthp = rth->dst.rt_next; -+ rt_free(rth); -+ } -+ spin_unlock_bh(rt_hash_lock_addr(i)); -+ sum += length; -+ sum2 += length*length; -+ } -+ if (samples) { -+ unsigned long avg = sum / samples; -+ unsigned long sd = int_sqrt(sum2 / samples - avg*avg); -+ rt_chain_length_max = max_t(unsigned long, -+ ip_rt_gc_elasticity, -+ (avg + 4*sd) >> FRACT_BITS); -+ } -+ rover = i; -+} -+ -+/* -+ * rt_worker_func() is run in process context. -+ * we call rt_check_expire() to scan part of the hash table -+ */ -+static void rt_worker_func(struct work_struct *work) -+{ -+ rt_check_expire(); -+ schedule_delayed_work(&expires_work, ip_rt_gc_interval); -+} -+ - /* - * Perturbation of rt_genid by a small quantity [1..256] - * Using 8 bits of shuffling ensure we can call rt_cache_invalidate() -@@ -1272,7 +1367,7 @@ void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more) - { - struct rtable *rt = (struct rtable *) dst; - -- if (rt) { -+ if (rt && !(rt->dst.flags & DST_NOPEER)) { - if (rt->peer == NULL) - rt_bind_peer(rt, rt->rt_dst, 1); - -@@ -1283,7 +1378,7 @@ void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more) - iph->id = htons(inet_getid(rt->peer, more)); - return; - } -- } else -+ } else if (!rt) - printk(KERN_DEBUG "rt_bind_peer(0) @%p\n", - __builtin_return_address(0)); - -@@ -3176,6 +3271,13 @@ static ctl_table ipv4_route_table[] = { - .proc_handler = proc_dointvec_jiffies, - }, - { -+ .procname = "gc_interval", -+ .data = &ip_rt_gc_interval, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_jiffies, -+ }, -+ { - .procname = "redirect_load", - .data = &ip_rt_redirect_load, - .maxlen = sizeof(int), -@@ -3385,6 +3487,11 @@ int __init ip_rt_init(void) - devinet_init(); - ip_fib_init(); - -+ INIT_DELAYED_WORK_DEFERRABLE(&expires_work, rt_worker_func); -+ expires_ljiffies = jiffies; -+ schedule_delayed_work(&expires_work, -+ net_random() % ip_rt_gc_interval + ip_rt_gc_interval); -+ - if (ip_rt_proc_init()) - printk(KERN_ERR "Unable to create route proc files\n"); - #ifdef CONFIG_XFRM -diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 4c882cf..55a35c1 100644 ---- a/net/ipv6/ip6_output.c -+++ b/net/ipv6/ip6_output.c -@@ -606,7 +606,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) - static atomic_t ipv6_fragmentation_id; - int old, new; - -- if (rt) { -+ if (rt && !(rt->dst.flags & DST_NOPEER)) { - struct inet_peer *peer; - - if (!rt->rt6i_peer) -diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 57b82dc..f02fe52 100644 ---- a/net/ipv6/route.c -+++ b/net/ipv6/route.c -@@ -725,7 +725,7 @@ static struct rt6_info *rt6_alloc_cow(const struct rt6_info *ort, - int attempts = !in_softirq(); - - if (!(rt->rt6i_flags&RTF_GATEWAY)) { -- if (rt->rt6i_dst.plen != 128 && -+ if (ort->rt6i_dst.plen != 128 && - ipv6_addr_equal(&ort->rt6i_dst.addr, daddr)) - rt->rt6i_flags |= RTF_ANYCAST; - ipv6_addr_copy(&rt->rt6i_gateway, daddr); -diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index 00b15ac..c1e0d63 100644 ---- a/net/ipv6/sit.c -+++ b/net/ipv6/sit.c -@@ -263,6 +263,8 @@ static struct ip_tunnel *ipip6_tunnel_locate(struct net *net, - if (register_netdevice(dev) < 0) - goto failed_free; - -+ strcpy(nt->parms.name, dev->name); -+ - dev_hold(dev); - - ipip6_tunnel_link(sitn, nt); -@@ -1144,7 +1146,6 @@ static int ipip6_tunnel_init(struct net_device *dev) - struct ip_tunnel *tunnel = netdev_priv(dev); - - tunnel->dev = dev; -- strcpy(tunnel->parms.name, dev->name); - - memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); - memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); -@@ -1207,6 +1208,7 @@ static void __net_exit sit_destroy_tunnels(struct sit_net *sitn, struct list_hea - static int __net_init sit_init_net(struct net *net) - { - struct sit_net *sitn = net_generic(net, sit_net_id); -+ struct ip_tunnel *t; - int err; - - sitn->tunnels[0] = sitn->tunnels_wc; -@@ -1231,6 +1233,9 @@ static int __net_init sit_init_net(struct net *net) - if ((err = register_netdev(sitn->fb_tunnel_dev))) - goto err_reg_dev; - -+ t = netdev_priv(sitn->fb_tunnel_dev); -+ -+ strcpy(t->parms.name, sitn->fb_tunnel_dev->name); - return 0; - - err_reg_dev: -diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c -index dfd3a64..a18e6c3 100644 ---- a/net/llc/af_llc.c -+++ b/net/llc/af_llc.c -@@ -833,15 +833,15 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, - copied += used; - len -= used; - -+ /* For non stream protcols we get one packet per recvmsg call */ -+ if (sk->sk_type != SOCK_STREAM) -+ goto copy_uaddr; -+ - if (!(flags & MSG_PEEK)) { - sk_eat_skb(sk, skb, 0); - *seq = 0; - } - -- /* For non stream protcols we get one packet per recvmsg call */ -- if (sk->sk_type != SOCK_STREAM) -- goto copy_uaddr; -- - /* Partial read */ - if (used + offset < skb->len) - continue; -@@ -857,6 +857,12 @@ copy_uaddr: - } - if (llc_sk(sk)->cmsg_flags) - llc_cmsg_rcv(msg, skb); -+ -+ if (!(flags & MSG_PEEK)) { -+ sk_eat_skb(sk, skb, 0); -+ *seq = 0; -+ } -+ - goto out; - } - -diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c -index db7db43..b7f4f5c 100644 ---- a/net/mac80211/agg-tx.c -+++ b/net/mac80211/agg-tx.c -@@ -304,6 +304,38 @@ ieee80211_wake_queue_agg(struct ieee80211_local *local, int tid) - __release(agg_queue); - } - -+/* -+ * splice packets from the STA's pending to the local pending, -+ * requires a call to ieee80211_agg_splice_finish later -+ */ -+static void __acquires(agg_queue) -+ieee80211_agg_splice_packets(struct ieee80211_local *local, -+ struct tid_ampdu_tx *tid_tx, u16 tid) -+{ -+ int queue = ieee80211_ac_from_tid(tid); -+ unsigned long flags; -+ -+ ieee80211_stop_queue_agg(local, tid); -+ -+ if (WARN(!tid_tx, "TID %d gone but expected when splicing aggregates" -+ " from the pending queue\n", tid)) -+ return; -+ -+ if (!skb_queue_empty(&tid_tx->pending)) { -+ spin_lock_irqsave(&local->queue_stop_reason_lock, flags); -+ /* copy over remaining packets */ -+ skb_queue_splice_tail_init(&tid_tx->pending, -+ &local->pending[queue]); -+ spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); -+ } -+} -+ -+static void __releases(agg_queue) -+ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid) -+{ -+ ieee80211_wake_queue_agg(local, tid); -+} -+ - void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) - { - struct tid_ampdu_tx *tid_tx; -@@ -315,19 +347,17 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) - tid_tx = rcu_dereference_protected_tid_tx(sta, tid); - - /* -- * While we're asking the driver about the aggregation, -- * stop the AC queue so that we don't have to worry -- * about frames that came in while we were doing that, -- * which would require us to put them to the AC pending -- * afterwards which just makes the code more complex. -+ * Start queuing up packets for this aggregation session. -+ * We're going to release them once the driver is OK with -+ * that. - */ -- ieee80211_stop_queue_agg(local, tid); -- - clear_bit(HT_AGG_STATE_WANT_START, &tid_tx->state); - - /* -- * make sure no packets are being processed to get -- * valid starting sequence number -+ * Make sure no packets are being processed. This ensures that -+ * we have a valid starting sequence number and that in-flight -+ * packets have been flushed out and no packets for this TID -+ * will go into the driver during the ampdu_action call. - */ - synchronize_net(); - -@@ -341,17 +371,15 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) - " tid %d\n", tid); - #endif - spin_lock_bh(&sta->lock); -+ ieee80211_agg_splice_packets(local, tid_tx, tid); - ieee80211_assign_tid_tx(sta, tid, NULL); -+ ieee80211_agg_splice_finish(local, tid); - spin_unlock_bh(&sta->lock); - -- ieee80211_wake_queue_agg(local, tid); - kfree_rcu(tid_tx, rcu_head); - return; - } - -- /* we can take packets again now */ -- ieee80211_wake_queue_agg(local, tid); -- - /* activate the timer for the recipient's addBA response */ - mod_timer(&tid_tx->addba_resp_timer, jiffies + ADDBA_RESP_INTERVAL); - #ifdef CONFIG_MAC80211_HT_DEBUG -@@ -471,38 +499,6 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid, - } - EXPORT_SYMBOL(ieee80211_start_tx_ba_session); - --/* -- * splice packets from the STA's pending to the local pending, -- * requires a call to ieee80211_agg_splice_finish later -- */ --static void __acquires(agg_queue) --ieee80211_agg_splice_packets(struct ieee80211_local *local, -- struct tid_ampdu_tx *tid_tx, u16 tid) --{ -- int queue = ieee80211_ac_from_tid(tid); -- unsigned long flags; -- -- ieee80211_stop_queue_agg(local, tid); -- -- if (WARN(!tid_tx, "TID %d gone but expected when splicing aggregates" -- " from the pending queue\n", tid)) -- return; -- -- if (!skb_queue_empty(&tid_tx->pending)) { -- spin_lock_irqsave(&local->queue_stop_reason_lock, flags); -- /* copy over remaining packets */ -- skb_queue_splice_tail_init(&tid_tx->pending, -- &local->pending[queue]); -- spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); -- } --} -- --static void __releases(agg_queue) --ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid) --{ -- ieee80211_wake_queue_agg(local, tid); --} -- - static void ieee80211_agg_tx_operational(struct ieee80211_local *local, - struct sta_info *sta, u16 tid) - { -diff --git a/net/sched/sch_gred.c b/net/sched/sch_gred.c -index b9493a0..6cd8ddf 100644 ---- a/net/sched/sch_gred.c -+++ b/net/sched/sch_gred.c -@@ -385,7 +385,7 @@ static inline int gred_change_vq(struct Qdisc *sch, int dp, - struct gred_sched_data *q; - - if (table->tab[dp] == NULL) { -- table->tab[dp] = kzalloc(sizeof(*q), GFP_KERNEL); -+ table->tab[dp] = kzalloc(sizeof(*q), GFP_ATOMIC); - if (table->tab[dp] == NULL) - return -ENOMEM; - } -diff --git a/net/sched/sch_mqprio.c b/net/sched/sch_mqprio.c -index ea17cbe..59b26b8 100644 ---- a/net/sched/sch_mqprio.c -+++ b/net/sched/sch_mqprio.c -@@ -106,7 +106,7 @@ static int mqprio_init(struct Qdisc *sch, struct nlattr *opt) - if (!netif_is_multiqueue(dev)) - return -EOPNOTSUPP; - -- if (nla_len(opt) < sizeof(*qopt)) -+ if (!opt || nla_len(opt) < sizeof(*qopt)) - return -EINVAL; - - qopt = nla_data(opt); -diff --git a/net/sctp/associola.c b/net/sctp/associola.c -index dc16b90..4981482 100644 ---- a/net/sctp/associola.c -+++ b/net/sctp/associola.c -@@ -173,7 +173,7 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a - asoc->timeouts[SCTP_EVENT_TIMEOUT_HEARTBEAT] = 0; - asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] = asoc->sackdelay; - asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] = -- (unsigned long)sp->autoclose * HZ; -+ min_t(unsigned long, sp->autoclose, sctp_max_autoclose) * HZ; - - /* Initializes the timers */ - for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i) -diff --git a/net/sctp/output.c b/net/sctp/output.c -index 08b3cea..817174e 100644 ---- a/net/sctp/output.c -+++ b/net/sctp/output.c -@@ -697,13 +697,7 @@ static void sctp_packet_append_data(struct sctp_packet *packet, - /* Keep track of how many bytes are in flight to the receiver. */ - asoc->outqueue.outstanding_bytes += datasize; - -- /* Update our view of the receiver's rwnd. Include sk_buff overhead -- * while updating peer.rwnd so that it reduces the chances of a -- * receiver running out of receive buffer space even when receive -- * window is still open. This can happen when a sender is sending -- * sending small messages. -- */ -- datasize += sizeof(struct sk_buff); -+ /* Update our view of the receiver's rwnd. */ - if (datasize < rwnd) - rwnd -= datasize; - else -diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c -index a6d27bf..6edd7de 100644 ---- a/net/sctp/outqueue.c -+++ b/net/sctp/outqueue.c -@@ -411,8 +411,7 @@ void sctp_retransmit_mark(struct sctp_outq *q, - chunk->transport->flight_size -= - sctp_data_size(chunk); - q->outstanding_bytes -= sctp_data_size(chunk); -- q->asoc->peer.rwnd += (sctp_data_size(chunk) + -- sizeof(struct sk_buff)); -+ q->asoc->peer.rwnd += sctp_data_size(chunk); - } - continue; - } -@@ -432,8 +431,7 @@ void sctp_retransmit_mark(struct sctp_outq *q, - * (Section 7.2.4)), add the data size of those - * chunks to the rwnd. - */ -- q->asoc->peer.rwnd += (sctp_data_size(chunk) + -- sizeof(struct sk_buff)); -+ q->asoc->peer.rwnd += sctp_data_size(chunk); - q->outstanding_bytes -= sctp_data_size(chunk); - if (chunk->transport) - transport->flight_size -= sctp_data_size(chunk); -diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c -index 91784f4..48cb7b9 100644 ---- a/net/sctp/protocol.c -+++ b/net/sctp/protocol.c -@@ -1285,6 +1285,9 @@ SCTP_STATIC __init int sctp_init(void) - sctp_max_instreams = SCTP_DEFAULT_INSTREAMS; - sctp_max_outstreams = SCTP_DEFAULT_OUTSTREAMS; - -+ /* Initialize maximum autoclose timeout. */ -+ sctp_max_autoclose = INT_MAX / HZ; -+ - /* Initialize handle used for association ids. */ - idr_init(&sctp_assocs_id); - -diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 836aa63..4760f4e 100644 ---- a/net/sctp/socket.c -+++ b/net/sctp/socket.c -@@ -2199,8 +2199,6 @@ static int sctp_setsockopt_autoclose(struct sock *sk, char __user *optval, - return -EINVAL; - if (copy_from_user(&sp->autoclose, optval, optlen)) - return -EFAULT; -- /* make sure it won't exceed MAX_SCHEDULE_TIMEOUT */ -- sp->autoclose = min_t(long, sp->autoclose, MAX_SCHEDULE_TIMEOUT / HZ); - - return 0; - } -diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c -index 6b39529..60ffbd0 100644 ---- a/net/sctp/sysctl.c -+++ b/net/sctp/sysctl.c -@@ -53,6 +53,10 @@ static int sack_timer_min = 1; - static int sack_timer_max = 500; - static int addr_scope_max = 3; /* check sctp_scope_policy_t in include/net/sctp/constants.h for max entries */ - static int rwnd_scale_max = 16; -+static unsigned long max_autoclose_min = 0; -+static unsigned long max_autoclose_max = -+ (MAX_SCHEDULE_TIMEOUT / HZ > UINT_MAX) -+ ? UINT_MAX : MAX_SCHEDULE_TIMEOUT / HZ; - - extern long sysctl_sctp_mem[3]; - extern int sysctl_sctp_rmem[3]; -@@ -258,6 +262,15 @@ static ctl_table sctp_table[] = { - .extra1 = &one, - .extra2 = &rwnd_scale_max, - }, -+ { -+ .procname = "max_autoclose", -+ .data = &sctp_max_autoclose, -+ .maxlen = sizeof(unsigned long), -+ .mode = 0644, -+ .proc_handler = &proc_doulongvec_minmax, -+ .extra1 = &max_autoclose_min, -+ .extra2 = &max_autoclose_max, -+ }, - - { /* sentinel */ } - }; -diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c -index f4385e4..c64c0ef 100644 ---- a/net/sunrpc/xprt.c -+++ b/net/sunrpc/xprt.c -@@ -995,13 +995,11 @@ out_init_req: - - static void xprt_free_slot(struct rpc_xprt *xprt, struct rpc_rqst *req) - { -- if (xprt_dynamic_free_slot(xprt, req)) -- return; -- -- memset(req, 0, sizeof(*req)); /* mark unused */ -- - spin_lock(&xprt->reserve_lock); -- list_add(&req->rq_list, &xprt->free); -+ if (!xprt_dynamic_free_slot(xprt, req)) { -+ memset(req, 0, sizeof(*req)); /* mark unused */ -+ list_add(&req->rq_list, &xprt->free); -+ } - rpc_wake_up_next(&xprt->backlog); - spin_unlock(&xprt->reserve_lock); - } -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 552df27..7e088c0 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -2276,8 +2276,6 @@ static void __xfrm_garbage_collect(struct net *net) - { - struct dst_entry *head, *next; - -- flow_cache_flush(); -- - spin_lock_bh(&xfrm_policy_sk_bundle_lock); - head = xfrm_policy_sk_bundles; - xfrm_policy_sk_bundles = NULL; -@@ -2290,6 +2288,18 @@ static void __xfrm_garbage_collect(struct net *net) - } - } - -+static void xfrm_garbage_collect(struct net *net) -+{ -+ flow_cache_flush(); -+ __xfrm_garbage_collect(net); -+} -+ -+static void xfrm_garbage_collect_deferred(struct net *net) -+{ -+ flow_cache_flush_deferred(); -+ __xfrm_garbage_collect(net); -+} -+ - static void xfrm_init_pmtu(struct dst_entry *dst) - { - do { -@@ -2420,7 +2430,7 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) - if (likely(dst_ops->neigh_lookup == NULL)) - dst_ops->neigh_lookup = xfrm_neigh_lookup; - if (likely(afinfo->garbage_collect == NULL)) -- afinfo->garbage_collect = __xfrm_garbage_collect; -+ afinfo->garbage_collect = xfrm_garbage_collect_deferred; - xfrm_policy_afinfo[afinfo->family] = afinfo; - } - write_unlock_bh(&xfrm_policy_afinfo_lock); -@@ -2514,7 +2524,7 @@ static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void - - switch (event) { - case NETDEV_DOWN: -- __xfrm_garbage_collect(dev_net(dev)); -+ xfrm_garbage_collect(dev_net(dev)); - } - return NOTIFY_DONE; - } -diff --git a/security/selinux/netport.c b/security/selinux/netport.c -index 0b62bd1..7b9eb1f 100644 ---- a/security/selinux/netport.c -+++ b/security/selinux/netport.c -@@ -123,7 +123,9 @@ static void sel_netport_insert(struct sel_netport *port) - if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) { - struct sel_netport *tail; - tail = list_entry( -- rcu_dereference(sel_netport_hash[idx].list.prev), -+ rcu_dereference_protected( -+ sel_netport_hash[idx].list.prev, -+ lockdep_is_held(&sel_netport_lock)), - struct sel_netport, list); - list_del_rcu(&tail->list); - kfree_rcu(tail, rcu); -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c -index f665975..82b7c88 100644 ---- a/sound/pci/hda/hda_intel.c -+++ b/sound/pci/hda/hda_intel.c -@@ -2375,6 +2375,7 @@ static struct snd_pci_quirk position_fix_list[] __devinitdata = { - SND_PCI_QUIRK(0x1043, 0x813d, "ASUS P5AD2", POS_FIX_LPIB), - SND_PCI_QUIRK(0x1043, 0x81b3, "ASUS", POS_FIX_LPIB), - SND_PCI_QUIRK(0x1043, 0x81e7, "ASUS M2V", POS_FIX_LPIB), -+ SND_PCI_QUIRK(0x1043, 0x83ce, "ASUS 1101HA", POS_FIX_LPIB), - SND_PCI_QUIRK(0x104d, 0x9069, "Sony VPCS11V9E", POS_FIX_LPIB), - SND_PCI_QUIRK(0x1106, 0x3288, "ASUS M2V-MX SE", POS_FIX_LPIB), - SND_PCI_QUIRK(0x1297, 0x3166, "Shuttle", POS_FIX_LPIB), -diff --git a/sound/soc/codecs/wm8996.c b/sound/soc/codecs/wm8996.c -index c9c4e5c..5c40874 100644 ---- a/sound/soc/codecs/wm8996.c -+++ b/sound/soc/codecs/wm8996.c -@@ -1895,6 +1895,7 @@ static int wm8996_set_sysclk(struct snd_soc_dai *dai, - break; - case 24576000: - ratediv = WM8996_SYSCLK_DIV; -+ wm8996->sysclk /= 2; - case 12288000: - snd_soc_update_bits(codec, WM8996_AIF_RATE, - WM8996_SYSCLK_RATE, WM8996_SYSCLK_RATE); |