diff options
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch (renamed from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204131714.patch) | 140 | ||||
| -rw-r--r-- | 3.2.15/1014_linux-3.2.15.patch | 2169 | ||||
| -rw-r--r-- | 3.2.16/0000_README (renamed from 3.2.15/0000_README) | 6 | ||||
| -rw-r--r-- | 3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch (renamed from 3.2.15/4420_grsecurity-2.9-3.2.15-201204131715.patch) | 204 | ||||
| -rw-r--r-- | 3.2.16/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.15/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.16/4435_grsec-mute-warnings.patch (renamed from 3.2.15/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.2.16/4440_grsec-remove-protected-paths.patch (renamed from 3.2.15/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.2.16/4445_grsec-pax-without-grsec.patch (renamed from 3.2.15/4445_grsec-pax-without-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.16/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.15/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.2.16/4455_grsec-kconfig-gentoo.patch (renamed from 3.2.15/4455_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.2.16/4460-grsec-kconfig-proc-user.patch (renamed from 3.2.15/4460-grsec-kconfig-proc-user.patch) | 0 | ||||
| -rw-r--r-- | 3.2.16/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.15/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.2.16/4470_disable-compat_vdso.patch (renamed from 3.2.15/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/0000_README (renamed from 3.3.2/0000_README) | 2 | ||||
| -rw-r--r-- | 3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch (renamed from 3.3.2/4420_grsecurity-2.9-3.3.2-201204131715.patch) | 331 | ||||
| -rw-r--r-- | 3.3.3/4430_grsec-remove-localversion-grsec.patch (renamed from 3.3.2/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/4435_grsec-mute-warnings.patch (renamed from 3.3.2/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/4440_grsec-remove-protected-paths.patch (renamed from 3.3.2/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/4445_grsec-pax-without-grsec.patch (renamed from 3.3.2/4445_grsec-pax-without-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/4450_grsec-kconfig-default-gids.patch (renamed from 3.3.2/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/4455_grsec-kconfig-gentoo.patch (renamed from 3.3.2/4455_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/4460-grsec-kconfig-proc-user.patch (renamed from 3.3.2/4460-grsec-kconfig-proc-user.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.3.2/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.3.3/4470_disable-compat_vdso.patch (renamed from 3.3.2/4470_disable-compat_vdso.patch) | 0 |
25 files changed, 403 insertions, 2451 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 044094c..88d91ed 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9-2.6.32.59-201204131714.patch +Patch: 4420_grsecurity-2.9-2.6.32.59-201204231832.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204131714.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch index 3c1b659..f9f051f 100644 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204131714.patch +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch @@ -213,7 +213,7 @@ index 613da5d..4fe3eda 100644 M: Liam Girdwood <lrg@slimlogic.co.uk> M: Mark Brown <broonie@opensource.wolfsonmicro.com> diff --git a/Makefile b/Makefile -index 3a9a721..e5a22f7 100644 +index 3a9a721..683dc09 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -248,15 +248,17 @@ index 3a9a721..e5a22f7 100644 include/linux/version.h headers_% \ kernelrelease kernelversion -@@ -526,6 +527,53 @@ else +@@ -526,6 +527,55 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS +ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN ++ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN +endif ++endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK +STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN +STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 @@ -302,7 +304,7 @@ index 3a9a721..e5a22f7 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -647,7 +695,7 @@ export mod_strip_cmd +@@ -647,7 +697,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -311,7 +313,7 @@ index 3a9a721..e5a22f7 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -868,6 +916,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -868,6 +918,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -320,7 +322,7 @@ index 3a9a721..e5a22f7 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -877,7 +927,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -877,7 +929,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -329,7 +331,7 @@ index 3a9a721..e5a22f7 100644 $(Q)$(MAKE) $(build)=$@ # Build the kernel release string -@@ -986,6 +1036,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1038,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. @@ -337,7 +339,7 @@ index 3a9a721..e5a22f7 100644 prepare: prepare0 # The asm symlink changes when $(ARCH) changes. -@@ -1127,6 +1178,8 @@ all: modules +@@ -1127,6 +1180,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -346,7 +348,7 @@ index 3a9a721..e5a22f7 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1136,7 +1189,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) +@@ -1136,7 +1191,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) # Target to prepare building external modules PHONY += modules_prepare @@ -355,7 +357,7 @@ index 3a9a721..e5a22f7 100644 # Target to install modules PHONY += modules_install -@@ -1201,7 +1254,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \ +@@ -1201,7 +1256,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \ include/linux/autoconf.h include/linux/version.h \ include/linux/utsrelease.h \ include/linux/bounds.h include/asm*/asm-offsets.h \ @@ -364,7 +366,7 @@ index 3a9a721..e5a22f7 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1245,7 +1298,7 @@ distclean: mrproper +@@ -1245,7 +1300,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -373,7 +375,7 @@ index 3a9a721..e5a22f7 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1292,6 +1345,7 @@ help: +@@ -1292,6 +1347,7 @@ help: @echo ' modules_prepare - Set up for building external modules' @echo ' tags/TAGS - Generate tags file for editors' @echo ' cscope - Generate cscope index' @@ -381,7 +383,7 @@ index 3a9a721..e5a22f7 100644 @echo ' kernelrelease - Output the release version string' @echo ' kernelversion - Output the version stored in Makefile' @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \ -@@ -1393,6 +1447,8 @@ PHONY += $(module-dirs) modules +@@ -1393,6 +1449,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -390,7 +392,7 @@ index 3a9a721..e5a22f7 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1448,7 +1504,7 @@ endif # KBUILD_EXTMOD +@@ -1448,7 +1506,7 @@ endif # KBUILD_EXTMOD quiet_cmd_tags = GEN $@ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@ @@ -399,7 +401,7 @@ index 3a9a721..e5a22f7 100644 $(call cmd,tags) # Scripts to check various things for consistency -@@ -1513,17 +1569,21 @@ else +@@ -1513,17 +1571,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -425,7 +427,7 @@ index 3a9a721..e5a22f7 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1533,11 +1593,15 @@ endif +@@ -1533,11 +1595,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -5938,6 +5940,16 @@ index 2782681..77ded84 100644 extra-y := head_$(BITS).o extra-y += init_task.o +diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c +index 4a700f4..6a831bd 100644 +--- a/arch/sparc/kernel/ds.c ++++ b/arch/sparc/kernel/ds.c +@@ -1242,4 +1242,4 @@ static int __init ds_init(void) + return vio_register_driver(&ds_driver); + } + +-subsys_initcall(ds_init); ++fs_initcall(ds_init); diff --git a/arch/sparc/kernel/iommu.c b/arch/sparc/kernel/iommu.c index 7690cc2..ece64c9 100644 --- a/arch/sparc/kernel/iommu.c @@ -6108,6 +6120,32 @@ index cb70476..3d0c191 100644 (void *) gp->tpc, (void *) gp->o7, (void *) gp->i7, +diff --git a/arch/sparc/kernel/rtrap_64.S b/arch/sparc/kernel/rtrap_64.S +index fd3cee4..cc4b1ff 100644 +--- a/arch/sparc/kernel/rtrap_64.S ++++ b/arch/sparc/kernel/rtrap_64.S +@@ -20,11 +20,6 @@ + + .text + .align 32 +-__handle_softirq: +- call do_softirq +- nop +- ba,a,pt %xcc, __handle_softirq_continue +- nop + __handle_preemption: + call schedule + wrpr %g0, RTRAP_PSTATE, %pstate +@@ -159,9 +154,7 @@ rtrap: + cmp %l1, 0 + + /* mm/ultra.S:xcall_report_regs KNOWS about this load. */ +- bne,pn %icc, __handle_softirq + ldx [%sp + PTREGS_OFF + PT_V9_TSTATE], %l1 +-__handle_softirq_continue: + rtrap_xcall: + sethi %hi(0xf << 20), %l4 + and %l1, %l4, %l4 diff --git a/arch/sparc/kernel/sigutil_64.c b/arch/sparc/kernel/sigutil_64.c index 6edc4e5..06a69b4 100644 --- a/arch/sparc/kernel/sigutil_64.c @@ -22613,18 +22651,10 @@ index 3bc2707..dd157e2 100644 sptep, *sptep, write_pt); diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 7c6e63e..1b7dac1 100644 +index 7c6e63e..c5d92c1 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -2240,6 +2240,7 @@ static int rdmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run) - return 1; - } - -+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3); - static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) - { - struct vcpu_svm *svm = to_svm(vcpu); -@@ -2486,7 +2487,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -2486,7 +2486,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu); @@ -22636,7 +22666,7 @@ index 7c6e63e..1b7dac1 100644 load_TR_desc(); } -@@ -2947,7 +2952,7 @@ static bool svm_gb_page_enable(void) +@@ -2947,7 +2951,7 @@ static bool svm_gb_page_enable(void) return true; } @@ -69564,7 +69594,7 @@ index c598ea4..6aac13e 100644 for (loop = 0; loop < pagevec->nr; loop++) { diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c -index 46435f3..8cddf18 100644 +index 46435f3a..8cddf18 100644 --- a/fs/fscache/stats.c +++ b/fs/fscache/stats.c @@ -18,95 +18,95 @@ @@ -73188,7 +73218,7 @@ index d42c30c..4fd8718 100644 reiserfs_check_lock_depth(inode->i_sb, "readdir"); diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c -index 128d3f7..8840d44 100644 +index 128d3f7c..8840d44 100644 --- a/fs/reiserfs/do_balan.c +++ b/fs/reiserfs/do_balan.c @@ -2058,7 +2058,7 @@ void do_balance(struct tree_balance *tb, /* tree_balance structure */ @@ -88852,6 +88882,27 @@ index 67ad11f..0bbd8af 100644 __SONET_ITEMS #undef __HANDLE_ITEM }; +diff --git a/include/linux/stddef.h b/include/linux/stddef.h +index 6a40c76..1747b67 100644 +--- a/include/linux/stddef.h ++++ b/include/linux/stddef.h +@@ -3,14 +3,10 @@ + + #include <linux/compiler.h> + ++#ifdef __KERNEL__ ++ + #undef NULL +-#if defined(__cplusplus) +-#define NULL 0 +-#else + #define NULL ((void *)0) +-#endif +- +-#ifdef __KERNEL__ + + enum { + false = 0, diff --git a/include/linux/sunrpc/cache.h b/include/linux/sunrpc/cache.h index 6f52b4d..5500323 100644 --- a/include/linux/sunrpc/cache.h @@ -104310,10 +104361,10 @@ index d52f7a0..b66cdd9 100755 rm -f tags xtags ctags diff --git a/security/Kconfig b/security/Kconfig -index fb363cd..a9d08e5 100644 +index fb363cd..50f3c98 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,638 @@ +@@ -4,6 +4,633 @@ menu "Security options" @@ -104924,11 +104975,6 @@ index fb363cd..a9d08e5 100644 + accessors. Though the whitelist of regions will be reduced over + time, it notably protects important data structures like task structs. + -+ -+ If frame pointers are enabled on x86, this option will also -+ restrict copies into and out of the kernel stack to local variables -+ within a single frame. -+ + Since this has a negligible performance impact, you should enable + this feature. + @@ -104952,7 +104998,7 @@ index fb363cd..a9d08e5 100644 config KEYS bool "Enable access key retention support" help -@@ -146,7 +778,7 @@ config INTEL_TXT +@@ -146,7 +773,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -104975,7 +105021,7 @@ index fce07a7..5f12858 100644 }; diff --git a/security/commoncap.c b/security/commoncap.c -index fe30751..aaba312 100644 +index fe30751..7702d78 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -27,6 +27,8 @@ @@ -105006,7 +105052,19 @@ index fe30751..aaba312 100644 return 0; } -@@ -582,6 +593,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -511,6 +522,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) + } + skip: + ++ /* if we have fs caps, clear dangerous personality flags */ ++ if (!cap_issubset(new->cap_permitted, old->cap_permitted)) ++ bprm->per_clear |= PER_CLEAR_ON_SETID; ++ ++ + /* Don't let someone trace a set[ug]id/setpcap binary with the revised + * credentials unless they have the appropriate permit + */ +@@ -582,6 +598,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) { const struct cred *cred = current_cred(); @@ -105016,7 +105074,7 @@ index fe30751..aaba312 100644 if (cred->uid != 0) { if (bprm->cap_effective) return 1; -@@ -956,13 +970,18 @@ error: +@@ -956,13 +975,18 @@ error: /** * cap_syslog - Determine whether syslog function is permitted * @type: Function requested @@ -106627,7 +106685,7 @@ index 0000000..ee950d0 +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..704a564 +index 0000000..88a7438 --- /dev/null +++ b/tools/gcc/constify_plugin.c @@ -0,0 +1,303 @@ @@ -106890,7 +106948,7 @@ index 0000000..704a564 +// continue; + + if (walk_struct(type)) { -+ error("constified variable %qE cannot be local", var); ++ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var); + return 1; + } + } diff --git a/3.2.15/1014_linux-3.2.15.patch b/3.2.15/1014_linux-3.2.15.patch deleted file mode 100644 index b836a63..0000000 --- a/3.2.15/1014_linux-3.2.15.patch +++ /dev/null @@ -1,2169 +0,0 @@ -diff --git a/Makefile b/Makefile -index afe4c7d..6195122 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 2 --SUBLEVEL = 14 -+SUBLEVEL = 15 - EXTRAVERSION = - NAME = Saber-toothed Squirrel - -diff --git a/arch/arm/mach-tegra/Kconfig b/arch/arm/mach-tegra/Kconfig -index dbc59fa..379cdc7 100644 ---- a/arch/arm/mach-tegra/Kconfig -+++ b/arch/arm/mach-tegra/Kconfig -@@ -61,11 +61,6 @@ config MACH_SEABOARD - config MACH_TEGRA_DT - bool "Generic Tegra board (FDT support)" - select USE_OF -- select ARM_ERRATA_743622 -- select ARM_ERRATA_751472 -- select ARM_ERRATA_754322 -- select ARM_ERRATA_764369 -- select PL310_ERRATA_769419 if CACHE_L2X0 - help - Support for generic nVidia Tegra boards using Flattened Device Tree - -diff --git a/arch/m68k/mac/config.c b/arch/m68k/mac/config.c -index c247de0..1918d76 100644 ---- a/arch/m68k/mac/config.c -+++ b/arch/m68k/mac/config.c -@@ -950,6 +950,9 @@ int __init mac_platform_init(void) - { - u8 *swim_base; - -+ if (!MACH_IS_MAC) -+ return -ENODEV; -+ - /* - * Serial devices - */ -diff --git a/arch/x86/include/asm/timer.h b/arch/x86/include/asm/timer.h -index 431793e..34baa0e 100644 ---- a/arch/x86/include/asm/timer.h -+++ b/arch/x86/include/asm/timer.h -@@ -57,14 +57,10 @@ DECLARE_PER_CPU(unsigned long long, cyc2ns_offset); - - static inline unsigned long long __cycles_2_ns(unsigned long long cyc) - { -- unsigned long long quot; -- unsigned long long rem; - int cpu = smp_processor_id(); - unsigned long long ns = per_cpu(cyc2ns_offset, cpu); -- quot = (cyc >> CYC2NS_SCALE_FACTOR); -- rem = cyc & ((1ULL << CYC2NS_SCALE_FACTOR) - 1); -- ns += quot * per_cpu(cyc2ns, cpu) + -- ((rem * per_cpu(cyc2ns, cpu)) >> CYC2NS_SCALE_FACTOR); -+ ns += mult_frac(cyc, per_cpu(cyc2ns, cpu), -+ (1UL << CYC2NS_SCALE_FACTOR)); - return ns; - } - -diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index a25e276..6d939d7 100644 ---- a/arch/x86/kernel/apic/io_apic.c -+++ b/arch/x86/kernel/apic/io_apic.c -@@ -3963,36 +3963,18 @@ int mp_find_ioapic_pin(int ioapic, u32 gsi) - static __init int bad_ioapic(unsigned long address) - { - if (nr_ioapics >= MAX_IO_APICS) { -- pr_warn("WARNING: Max # of I/O APICs (%d) exceeded (found %d), skipping\n", -- MAX_IO_APICS, nr_ioapics); -+ printk(KERN_WARNING "WARNING: Max # of I/O APICs (%d) exceeded " -+ "(found %d), skipping\n", MAX_IO_APICS, nr_ioapics); - return 1; - } - if (!address) { -- pr_warn("WARNING: Bogus (zero) I/O APIC address found in table, skipping!\n"); -+ printk(KERN_WARNING "WARNING: Bogus (zero) I/O APIC address" -+ " found in table, skipping!\n"); - return 1; - } - return 0; - } - --static __init int bad_ioapic_register(int idx) --{ -- union IO_APIC_reg_00 reg_00; -- union IO_APIC_reg_01 reg_01; -- union IO_APIC_reg_02 reg_02; -- -- reg_00.raw = io_apic_read(idx, 0); -- reg_01.raw = io_apic_read(idx, 1); -- reg_02.raw = io_apic_read(idx, 2); -- -- if (reg_00.raw == -1 && reg_01.raw == -1 && reg_02.raw == -1) { -- pr_warn("I/O APIC 0x%x registers return all ones, skipping!\n", -- mpc_ioapic_addr(idx)); -- return 1; -- } -- -- return 0; --} -- - void __init mp_register_ioapic(int id, u32 address, u32 gsi_base) - { - int idx = 0; -@@ -4009,12 +3991,6 @@ void __init mp_register_ioapic(int id, u32 address, u32 gsi_base) - ioapics[idx].mp_config.apicaddr = address; - - set_fixmap_nocache(FIX_IO_APIC_BASE_0 + idx, address); -- -- if (bad_ioapic_register(idx)) { -- clear_fixmap(FIX_IO_APIC_BASE_0 + idx); -- return; -- } -- - ioapics[idx].mp_config.apicid = io_apic_unique_id(id); - ioapics[idx].mp_config.apicver = io_apic_get_version(idx); - -@@ -4035,10 +4011,10 @@ void __init mp_register_ioapic(int id, u32 address, u32 gsi_base) - if (gsi_cfg->gsi_end >= gsi_top) - gsi_top = gsi_cfg->gsi_end + 1; - -- pr_info("IOAPIC[%d]: apic_id %d, version %d, address 0x%x, GSI %d-%d\n", -- idx, mpc_ioapic_id(idx), -- mpc_ioapic_ver(idx), mpc_ioapic_addr(idx), -- gsi_cfg->gsi_base, gsi_cfg->gsi_end); -+ printk(KERN_INFO "IOAPIC[%d]: apic_id %d, version %d, address 0x%x, " -+ "GSI %d-%d\n", idx, mpc_ioapic_id(idx), -+ mpc_ioapic_ver(idx), mpc_ioapic_addr(idx), -+ gsi_cfg->gsi_base, gsi_cfg->gsi_end); - - nr_ioapics++; - } -diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c -index faba577..2f45c4c 100644 ---- a/arch/x86/kernel/kgdb.c -+++ b/arch/x86/kernel/kgdb.c -@@ -43,6 +43,8 @@ - #include <linux/smp.h> - #include <linux/nmi.h> - #include <linux/hw_breakpoint.h> -+#include <linux/uaccess.h> -+#include <linux/memory.h> - - #include <asm/debugreg.h> - #include <asm/apicdef.h> -@@ -740,6 +742,64 @@ void kgdb_arch_set_pc(struct pt_regs *regs, unsigned long ip) - regs->ip = ip; - } - -+int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt) -+{ -+ int err; -+ char opc[BREAK_INSTR_SIZE]; -+ -+ bpt->type = BP_BREAKPOINT; -+ err = probe_kernel_read(bpt->saved_instr, (char *)bpt->bpt_addr, -+ BREAK_INSTR_SIZE); -+ if (err) -+ return err; -+ err = probe_kernel_write((char *)bpt->bpt_addr, -+ arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE); -+#ifdef CONFIG_DEBUG_RODATA -+ if (!err) -+ return err; -+ /* -+ * It is safe to call text_poke() because normal kernel execution -+ * is stopped on all cores, so long as the text_mutex is not locked. -+ */ -+ if (mutex_is_locked(&text_mutex)) -+ return -EBUSY; -+ text_poke((void *)bpt->bpt_addr, arch_kgdb_ops.gdb_bpt_instr, -+ BREAK_INSTR_SIZE); -+ err = probe_kernel_read(opc, (char *)bpt->bpt_addr, BREAK_INSTR_SIZE); -+ if (err) -+ return err; -+ if (memcmp(opc, arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE)) -+ return -EINVAL; -+ bpt->type = BP_POKE_BREAKPOINT; -+#endif /* CONFIG_DEBUG_RODATA */ -+ return err; -+} -+ -+int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt) -+{ -+#ifdef CONFIG_DEBUG_RODATA -+ int err; -+ char opc[BREAK_INSTR_SIZE]; -+ -+ if (bpt->type != BP_POKE_BREAKPOINT) -+ goto knl_write; -+ /* -+ * It is safe to call text_poke() because normal kernel execution -+ * is stopped on all cores, so long as the text_mutex is not locked. -+ */ -+ if (mutex_is_locked(&text_mutex)) -+ goto knl_write; -+ text_poke((void *)bpt->bpt_addr, bpt->saved_instr, BREAK_INSTR_SIZE); -+ err = probe_kernel_read(opc, (char *)bpt->bpt_addr, BREAK_INSTR_SIZE); -+ if (err || memcmp(opc, bpt->saved_instr, BREAK_INSTR_SIZE)) -+ goto knl_write; -+ return err; -+knl_write: -+#endif /* CONFIG_DEBUG_RODATA */ -+ return probe_kernel_write((char *)bpt->bpt_addr, -+ (char *)bpt->saved_instr, BREAK_INSTR_SIZE); -+} -+ - struct kgdb_arch arch_kgdb_ops = { - /* Breakpoint instruction: */ - .gdb_bpt_instr = { 0xcc }, -diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c -index 3fe298a..1ec515b 100644 ---- a/arch/x86/kernel/tsc.c -+++ b/arch/x86/kernel/tsc.c -@@ -622,7 +622,8 @@ static void set_cyc2ns_scale(unsigned long cpu_khz, int cpu) - - if (cpu_khz) { - *scale = (NSEC_PER_MSEC << CYC2NS_SCALE_FACTOR)/cpu_khz; -- *offset = ns_now - (tsc_now * *scale >> CYC2NS_SCALE_FACTOR); -+ *offset = ns_now - mult_frac(tsc_now, *scale, -+ (1UL << CYC2NS_SCALE_FACTOR)); - } - - sched_clock_idle_wakeup_event(0); -diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 5671752..5a5b6e4 100644 ---- a/arch/x86/net/bpf_jit_comp.c -+++ b/arch/x86/net/bpf_jit_comp.c -@@ -289,7 +289,7 @@ void bpf_jit_compile(struct sk_filter *fp) - EMIT2(0x24, K & 0xFF); /* and imm8,%al */ - } else if (K >= 0xFFFF0000) { - EMIT2(0x66, 0x25); /* and imm16,%ax */ -- EMIT2(K, 2); -+ EMIT(K, 2); - } else { - EMIT1_off32(0x25, K); /* and imm32,%eax */ - } -diff --git a/arch/x86/pci/acpi.c b/arch/x86/pci/acpi.c -index f8348ab..0ed97d8 100644 ---- a/arch/x86/pci/acpi.c -+++ b/arch/x86/pci/acpi.c -@@ -54,6 +54,16 @@ static const struct dmi_system_id pci_use_crs_table[] __initconst = { - DMI_MATCH(DMI_BIOS_VENDOR, "American Megatrends Inc."), - }, - }, -+ /* https://bugzilla.kernel.org/show_bug.cgi?id=42619 */ -+ { -+ .callback = set_use_crs, -+ .ident = "MSI MS-7253", -+ .matches = { -+ DMI_MATCH(DMI_BOARD_VENDOR, "MICRO-STAR INTERNATIONAL CO., LTD"), -+ DMI_MATCH(DMI_BOARD_NAME, "MS-7253"), -+ DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies, LTD"), -+ }, -+ }, - {} - }; - -diff --git a/drivers/acpi/acpica/tbfadt.c b/drivers/acpi/acpica/tbfadt.c -index 6f5588e..4c531b4 100644 ---- a/drivers/acpi/acpica/tbfadt.c -+++ b/drivers/acpi/acpica/tbfadt.c -@@ -350,10 +350,6 @@ static void acpi_tb_convert_fadt(void) - u32 address32; - u32 i; - -- /* Update the local FADT table header length */ -- -- acpi_gbl_FADT.header.length = sizeof(struct acpi_table_fadt); -- - /* - * Expand the 32-bit FACS and DSDT addresses to 64-bit as necessary. - * Later code will always use the X 64-bit field. Also, check for an -@@ -395,6 +391,10 @@ static void acpi_tb_convert_fadt(void) - acpi_gbl_FADT.boot_flags = 0; - } - -+ /* Update the local FADT table header length */ -+ -+ acpi_gbl_FADT.header.length = sizeof(struct acpi_table_fadt); -+ - /* - * Expand the ACPI 1.0 32-bit addresses to the ACPI 2.0 64-bit "X" - * generic address structures as necessary. Later code will always use -diff --git a/drivers/acpi/processor_thermal.c b/drivers/acpi/processor_thermal.c -index 870550d..4da7d9d 100644 ---- a/drivers/acpi/processor_thermal.c -+++ b/drivers/acpi/processor_thermal.c -@@ -58,6 +58,27 @@ ACPI_MODULE_NAME("processor_thermal"); - static DEFINE_PER_CPU(unsigned int, cpufreq_thermal_reduction_pctg); - static unsigned int acpi_thermal_cpufreq_is_init = 0; - -+#define reduction_pctg(cpu) \ -+ per_cpu(cpufreq_thermal_reduction_pctg, phys_package_first_cpu(cpu)) -+ -+/* -+ * Emulate "per package data" using per cpu data (which should really be -+ * provided elsewhere) -+ * -+ * Note we can lose a CPU on cpu hotunplug, in this case we forget the state -+ * temporarily. Fortunately that's not a big issue here (I hope) -+ */ -+static int phys_package_first_cpu(int cpu) -+{ -+ int i; -+ int id = topology_physical_package_id(cpu); -+ -+ for_each_online_cpu(i) -+ if (topology_physical_package_id(i) == id) -+ return i; -+ return 0; -+} -+ - static int cpu_has_cpufreq(unsigned int cpu) - { - struct cpufreq_policy policy; -@@ -77,7 +98,7 @@ static int acpi_thermal_cpufreq_notifier(struct notifier_block *nb, - - max_freq = ( - policy->cpuinfo.max_freq * -- (100 - per_cpu(cpufreq_thermal_reduction_pctg, policy->cpu) * 20) -+ (100 - reduction_pctg(policy->cpu) * 20) - ) / 100; - - cpufreq_verify_within_limits(policy, 0, max_freq); -@@ -103,16 +124,28 @@ static int cpufreq_get_cur_state(unsigned int cpu) - if (!cpu_has_cpufreq(cpu)) - return 0; - -- return per_cpu(cpufreq_thermal_reduction_pctg, cpu); -+ return reduction_pctg(cpu); - } - - static int cpufreq_set_cur_state(unsigned int cpu, int state) - { -+ int i; -+ - if (!cpu_has_cpufreq(cpu)) - return 0; - -- per_cpu(cpufreq_thermal_reduction_pctg, cpu) = state; -- cpufreq_update_policy(cpu); -+ reduction_pctg(cpu) = state; -+ -+ /* -+ * Update all the CPUs in the same package because they all -+ * contribute to the temperature and often share the same -+ * frequency. -+ */ -+ for_each_online_cpu(i) { -+ if (topology_physical_package_id(i) == -+ topology_physical_package_id(cpu)) -+ cpufreq_update_policy(i); -+ } - return 0; - } - -@@ -120,10 +153,6 @@ void acpi_thermal_cpufreq_init(void) - { - int i; - -- for (i = 0; i < nr_cpu_ids; i++) -- if (cpu_present(i)) -- per_cpu(cpufreq_thermal_reduction_pctg, i) = 0; -- - i = cpufreq_register_notifier(&acpi_thermal_cpufreq_notifier_block, - CPUFREQ_POLICY_NOTIFIER); - if (!i) -diff --git a/drivers/dma/ioat/dma.c b/drivers/dma/ioat/dma.c -index a4d6cb0..6595180 100644 ---- a/drivers/dma/ioat/dma.c -+++ b/drivers/dma/ioat/dma.c -@@ -548,9 +548,9 @@ void ioat_dma_unmap(struct ioat_chan_common *chan, enum dma_ctrl_flags flags, - PCI_DMA_TODEVICE, flags, 0); - } - --unsigned long ioat_get_current_completion(struct ioat_chan_common *chan) -+dma_addr_t ioat_get_current_completion(struct ioat_chan_common *chan) - { -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - u64 completion; - - completion = *chan->completion; -@@ -571,7 +571,7 @@ unsigned long ioat_get_current_completion(struct ioat_chan_common *chan) - } - - bool ioat_cleanup_preamble(struct ioat_chan_common *chan, -- unsigned long *phys_complete) -+ dma_addr_t *phys_complete) - { - *phys_complete = ioat_get_current_completion(chan); - if (*phys_complete == chan->last_completion) -@@ -582,14 +582,14 @@ bool ioat_cleanup_preamble(struct ioat_chan_common *chan, - return true; - } - --static void __cleanup(struct ioat_dma_chan *ioat, unsigned long phys_complete) -+static void __cleanup(struct ioat_dma_chan *ioat, dma_addr_t phys_complete) - { - struct ioat_chan_common *chan = &ioat->base; - struct list_head *_desc, *n; - struct dma_async_tx_descriptor *tx; - -- dev_dbg(to_dev(chan), "%s: phys_complete: %lx\n", -- __func__, phys_complete); -+ dev_dbg(to_dev(chan), "%s: phys_complete: %llx\n", -+ __func__, (unsigned long long) phys_complete); - list_for_each_safe(_desc, n, &ioat->used_desc) { - struct ioat_desc_sw *desc; - -@@ -655,7 +655,7 @@ static void __cleanup(struct ioat_dma_chan *ioat, unsigned long phys_complete) - static void ioat1_cleanup(struct ioat_dma_chan *ioat) - { - struct ioat_chan_common *chan = &ioat->base; -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - - prefetch(chan->completion); - -@@ -701,7 +701,7 @@ static void ioat1_timer_event(unsigned long data) - mod_timer(&chan->timer, jiffies + COMPLETION_TIMEOUT); - spin_unlock_bh(&ioat->desc_lock); - } else if (test_bit(IOAT_COMPLETION_PENDING, &chan->state)) { -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - - spin_lock_bh(&ioat->desc_lock); - /* if we haven't made progress and we have already -diff --git a/drivers/dma/ioat/dma.h b/drivers/dma/ioat/dma.h -index 5216c8a..8bebddd 100644 ---- a/drivers/dma/ioat/dma.h -+++ b/drivers/dma/ioat/dma.h -@@ -88,7 +88,7 @@ struct ioatdma_device { - struct ioat_chan_common { - struct dma_chan common; - void __iomem *reg_base; -- unsigned long last_completion; -+ dma_addr_t last_completion; - spinlock_t cleanup_lock; - dma_cookie_t completed_cookie; - unsigned long state; -@@ -333,7 +333,7 @@ int __devinit ioat_dma_self_test(struct ioatdma_device *device); - void __devexit ioat_dma_remove(struct ioatdma_device *device); - struct dca_provider * __devinit ioat_dca_init(struct pci_dev *pdev, - void __iomem *iobase); --unsigned long ioat_get_current_completion(struct ioat_chan_common *chan); -+dma_addr_t ioat_get_current_completion(struct ioat_chan_common *chan); - void ioat_init_channel(struct ioatdma_device *device, - struct ioat_chan_common *chan, int idx); - enum dma_status ioat_dma_tx_status(struct dma_chan *c, dma_cookie_t cookie, -@@ -341,7 +341,7 @@ enum dma_status ioat_dma_tx_status(struct dma_chan *c, dma_cookie_t cookie, - void ioat_dma_unmap(struct ioat_chan_common *chan, enum dma_ctrl_flags flags, - size_t len, struct ioat_dma_descriptor *hw); - bool ioat_cleanup_preamble(struct ioat_chan_common *chan, -- unsigned long *phys_complete); -+ dma_addr_t *phys_complete); - void ioat_kobject_add(struct ioatdma_device *device, struct kobj_type *type); - void ioat_kobject_del(struct ioatdma_device *device); - extern const struct sysfs_ops ioat_sysfs_ops; -diff --git a/drivers/dma/ioat/dma_v2.c b/drivers/dma/ioat/dma_v2.c -index 5d65f83..cb8864d 100644 ---- a/drivers/dma/ioat/dma_v2.c -+++ b/drivers/dma/ioat/dma_v2.c -@@ -126,7 +126,7 @@ static void ioat2_start_null_desc(struct ioat2_dma_chan *ioat) - spin_unlock_bh(&ioat->prep_lock); - } - --static void __cleanup(struct ioat2_dma_chan *ioat, unsigned long phys_complete) -+static void __cleanup(struct ioat2_dma_chan *ioat, dma_addr_t phys_complete) - { - struct ioat_chan_common *chan = &ioat->base; - struct dma_async_tx_descriptor *tx; -@@ -178,7 +178,7 @@ static void __cleanup(struct ioat2_dma_chan *ioat, unsigned long phys_complete) - static void ioat2_cleanup(struct ioat2_dma_chan *ioat) - { - struct ioat_chan_common *chan = &ioat->base; -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - - spin_lock_bh(&chan->cleanup_lock); - if (ioat_cleanup_preamble(chan, &phys_complete)) -@@ -259,7 +259,7 @@ int ioat2_reset_sync(struct ioat_chan_common *chan, unsigned long tmo) - static void ioat2_restart_channel(struct ioat2_dma_chan *ioat) - { - struct ioat_chan_common *chan = &ioat->base; -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - - ioat2_quiesce(chan, 0); - if (ioat_cleanup_preamble(chan, &phys_complete)) -@@ -274,7 +274,7 @@ void ioat2_timer_event(unsigned long data) - struct ioat_chan_common *chan = &ioat->base; - - if (test_bit(IOAT_COMPLETION_PENDING, &chan->state)) { -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - u64 status; - - status = ioat_chansts(chan); -diff --git a/drivers/dma/ioat/dma_v3.c b/drivers/dma/ioat/dma_v3.c -index f519c93..2dbf32b 100644 ---- a/drivers/dma/ioat/dma_v3.c -+++ b/drivers/dma/ioat/dma_v3.c -@@ -256,7 +256,7 @@ static bool desc_has_ext(struct ioat_ring_ent *desc) - * The difference from the dma_v2.c __cleanup() is that this routine - * handles extended descriptors and dma-unmapping raid operations. - */ --static void __cleanup(struct ioat2_dma_chan *ioat, unsigned long phys_complete) -+static void __cleanup(struct ioat2_dma_chan *ioat, dma_addr_t phys_complete) - { - struct ioat_chan_common *chan = &ioat->base; - struct ioat_ring_ent *desc; -@@ -314,7 +314,7 @@ static void __cleanup(struct ioat2_dma_chan *ioat, unsigned long phys_complete) - static void ioat3_cleanup(struct ioat2_dma_chan *ioat) - { - struct ioat_chan_common *chan = &ioat->base; -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - - spin_lock_bh(&chan->cleanup_lock); - if (ioat_cleanup_preamble(chan, &phys_complete)) -@@ -333,7 +333,7 @@ static void ioat3_cleanup_event(unsigned long data) - static void ioat3_restart_channel(struct ioat2_dma_chan *ioat) - { - struct ioat_chan_common *chan = &ioat->base; -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - - ioat2_quiesce(chan, 0); - if (ioat_cleanup_preamble(chan, &phys_complete)) -@@ -348,7 +348,7 @@ static void ioat3_timer_event(unsigned long data) - struct ioat_chan_common *chan = &ioat->base; - - if (test_bit(IOAT_COMPLETION_PENDING, &chan->state)) { -- unsigned long phys_complete; -+ dma_addr_t phys_complete; - u64 status; - - status = ioat_chansts(chan); -diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c -index 80fe39d..dd58373 100644 ---- a/drivers/gpu/drm/drm_fb_helper.c -+++ b/drivers/gpu/drm/drm_fb_helper.c -@@ -610,9 +610,13 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, - return -EINVAL; - - /* Need to resize the fb object !!! */ -- if (var->bits_per_pixel > fb->bits_per_pixel || var->xres > fb->width || var->yres > fb->height) { -+ if (var->bits_per_pixel > fb->bits_per_pixel || -+ var->xres > fb->width || var->yres > fb->height || -+ var->xres_virtual > fb->width || var->yres_virtual > fb->height) { - DRM_DEBUG("fb userspace requested width/height/bpp is greater than current fb " -- "object %dx%d-%d > %dx%d-%d\n", var->xres, var->yres, var->bits_per_pixel, -+ "request %dx%d-%d (virtual %dx%d) > %dx%d-%d\n", -+ var->xres, var->yres, var->bits_per_pixel, -+ var->xres_virtual, var->yres_virtual, - fb->width, fb->height, fb->bits_per_pixel); - return -EINVAL; - } -diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c -index d04597d..e52b705 100644 ---- a/drivers/gpu/drm/i915/i915_drv.c -+++ b/drivers/gpu/drm/i915/i915_drv.c -@@ -508,7 +508,9 @@ static int i915_drm_thaw(struct drm_device *dev) - drm_irq_install(dev); - - /* Resume the modeset for every activated CRTC */ -+ mutex_lock(&dev->mode_config.mutex); - drm_helper_resume_force_mode(dev); -+ mutex_unlock(&dev->mode_config.mutex); - - if (IS_IRONLAKE_M(dev)) - ironlake_enable_rc6(dev); -diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h -index 1608d2a..2f99fd4 100644 ---- a/drivers/gpu/drm/i915/i915_reg.h -+++ b/drivers/gpu/drm/i915/i915_reg.h -@@ -2312,6 +2312,7 @@ - #define PIPECONF_DISABLE 0 - #define PIPECONF_DOUBLE_WIDE (1<<30) - #define I965_PIPECONF_ACTIVE (1<<30) -+#define PIPECONF_FRAME_START_DELAY_MASK (3<<27) - #define PIPECONF_SINGLE_WIDE 0 - #define PIPECONF_PIPE_UNLOCKED 0 - #define PIPECONF_PIPE_LOCKED (1<<25) -diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c -index 63880e2..22efb08 100644 ---- a/drivers/gpu/drm/i915/intel_bios.c -+++ b/drivers/gpu/drm/i915/intel_bios.c -@@ -24,6 +24,7 @@ - * Eric Anholt <eric@anholt.net> - * - */ -+#include <linux/dmi.h> - #include <drm/drm_dp_helper.h> - #include "drmP.h" - #include "drm.h" -@@ -621,6 +622,26 @@ init_vbt_defaults(struct drm_i915_private *dev_priv) - dev_priv->edp.bpp = 18; - } - -+static int __init intel_no_opregion_vbt_callback(const struct dmi_system_id *id) -+{ -+ DRM_DEBUG_KMS("Falling back to manually reading VBT from " -+ "VBIOS ROM for %s\n", -+ id->ident); -+ return 1; -+} -+ -+static const struct dmi_system_id intel_no_opregion_vbt[] = { -+ { -+ .callback = intel_no_opregion_vbt_callback, -+ .ident = "ThinkCentre A57", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "97027RG"), -+ }, -+ }, -+ { } -+}; -+ - /** - * intel_parse_bios - find VBT and initialize settings from the BIOS - * @dev: DRM device -@@ -641,7 +662,7 @@ intel_parse_bios(struct drm_device *dev) - init_vbt_defaults(dev_priv); - - /* XXX Should this validation be moved to intel_opregion.c? */ -- if (dev_priv->opregion.vbt) { -+ if (!dmi_check_system(intel_no_opregion_vbt) && dev_priv->opregion.vbt) { - struct vbt_header *vbt = dev_priv->opregion.vbt; - if (memcmp(vbt->signature, "$VBT", 4) == 0) { - DRM_DEBUG_KMS("Using VBT from OpRegion: %20s\n", -diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 9ec9755..9011f48 100644 ---- a/drivers/gpu/drm/i915/intel_display.c -+++ b/drivers/gpu/drm/i915/intel_display.c -@@ -7278,6 +7278,12 @@ static void intel_sanitize_modesetting(struct drm_device *dev, - struct drm_i915_private *dev_priv = dev->dev_private; - u32 reg, val; - -+ /* Clear any frame start delays used for debugging left by the BIOS */ -+ for_each_pipe(pipe) { -+ reg = PIPECONF(pipe); -+ I915_WRITE(reg, I915_READ(reg) & ~PIPECONF_FRAME_START_DELAY_MASK); -+ } -+ - if (HAS_PCH_SPLIT(dev)) - return; - -diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c -index b83f745..583c2d0 100644 ---- a/drivers/gpu/drm/i915/intel_lvds.c -+++ b/drivers/gpu/drm/i915/intel_lvds.c -@@ -731,6 +731,14 @@ static const struct dmi_system_id intel_no_lvds[] = { - DMI_MATCH(DMI_BOARD_NAME, "AT5NM10T-I"), - }, - }, -+ { -+ .callback = intel_no_lvds_dmi_callback, -+ .ident = "MSI Wind Box DC500", -+ .matches = { -+ DMI_MATCH(DMI_BOARD_VENDOR, "MICRO-STAR INTERNATIONAL CO., LTD"), -+ DMI_MATCH(DMI_BOARD_NAME, "MS-7469"), -+ }, -+ }, - - { } /* terminating entry */ - }; -diff --git a/drivers/gpu/drm/radeon/atom.c b/drivers/gpu/drm/radeon/atom.c -index 14cc88a..3a05cdb 100644 ---- a/drivers/gpu/drm/radeon/atom.c -+++ b/drivers/gpu/drm/radeon/atom.c -@@ -1304,8 +1304,11 @@ struct atom_context *atom_parse(struct card_info *card, void *bios) - - int atom_asic_init(struct atom_context *ctx) - { -+ struct radeon_device *rdev = ctx->card->dev->dev_private; - int hwi = CU16(ctx->data_table + ATOM_DATA_FWI_PTR); - uint32_t ps[16]; -+ int ret; -+ - memset(ps, 0, 64); - - ps[0] = cpu_to_le32(CU32(hwi + ATOM_FWI_DEFSCLK_PTR)); -@@ -1315,7 +1318,17 @@ int atom_asic_init(struct atom_context *ctx) - - if (!CU16(ctx->cmd_table + 4 + 2 * ATOM_CMD_INIT)) - return 1; -- return atom_execute_table(ctx, ATOM_CMD_INIT, ps); -+ ret = atom_execute_table(ctx, ATOM_CMD_INIT, ps); -+ if (ret) -+ return ret; -+ -+ memset(ps, 0, 64); -+ -+ if (rdev->family < CHIP_R600) { -+ if (CU16(ctx->cmd_table + 4 + 2 * ATOM_CMD_SPDFANCNTL)) -+ atom_execute_table(ctx, ATOM_CMD_SPDFANCNTL, ps); -+ } -+ return ret; - } - - void atom_destroy(struct atom_context *ctx) -diff --git a/drivers/gpu/drm/radeon/atom.h b/drivers/gpu/drm/radeon/atom.h -index 93cfe20..25fea63 100644 ---- a/drivers/gpu/drm/radeon/atom.h -+++ b/drivers/gpu/drm/radeon/atom.h -@@ -44,6 +44,7 @@ - #define ATOM_CMD_SETSCLK 0x0A - #define ATOM_CMD_SETMCLK 0x0B - #define ATOM_CMD_SETPCLK 0x0C -+#define ATOM_CMD_SPDFANCNTL 0x39 - - #define ATOM_DATA_FWI_PTR 0xC - #define ATOM_DATA_IIO_PTR 0x32 -diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c -index 5c74179..20d5852 100644 ---- a/drivers/iommu/amd_iommu_init.c -+++ b/drivers/iommu/amd_iommu_init.c -@@ -1033,8 +1033,9 @@ static int iommu_setup_msi(struct amd_iommu *iommu) - { - int r; - -- if (pci_enable_msi(iommu->dev)) -- return 1; -+ r = pci_enable_msi(iommu->dev); -+ if (r) -+ return r; - - r = request_threaded_irq(iommu->dev->irq, - amd_iommu_int_handler, -@@ -1044,24 +1045,33 @@ static int iommu_setup_msi(struct amd_iommu *iommu) - - if (r) { - pci_disable_msi(iommu->dev); -- return 1; -+ return r; - } - - iommu->int_enabled = true; -- iommu_feature_enable(iommu, CONTROL_EVT_INT_EN); - - return 0; - } - - static int iommu_init_msi(struct amd_iommu *iommu) - { -+ int ret; -+ - if (iommu->int_enabled) -- return 0; -+ goto enable_faults; - - if (pci_find_capability(iommu->dev, PCI_CAP_ID_MSI)) -- return iommu_setup_msi(iommu); -+ ret = iommu_setup_msi(iommu); -+ else -+ ret = -ENODEV; - -- return 1; -+ if (ret) -+ return ret; -+ -+enable_faults: -+ iommu_feature_enable(iommu, CONTROL_EVT_INT_EN); -+ -+ return 0; - } - - /**************************************************************************** -diff --git a/drivers/mfd/twl6030-irq.c b/drivers/mfd/twl6030-irq.c -index 3eee45f..83f4988 100644 ---- a/drivers/mfd/twl6030-irq.c -+++ b/drivers/mfd/twl6030-irq.c -@@ -187,8 +187,17 @@ static int twl6030_irq_thread(void *data) - } - local_irq_enable(); - } -- ret = twl_i2c_write(TWL_MODULE_PIH, sts.bytes, -- REG_INT_STS_A, 3); /* clear INT_STS_A */ -+ -+ /* -+ * NOTE: -+ * Simulation confirms that documentation is wrong w.r.t the -+ * interrupt status clear operation. A single *byte* write to -+ * any one of STS_A to STS_C register results in all three -+ * STS registers being reset. Since it does not matter which -+ * value is written, all three registers are cleared on a -+ * single byte write, so we just use 0x0 to clear. -+ */ -+ ret = twl_i2c_write_u8(TWL_MODULE_PIH, 0x00, REG_INT_STS_A); - if (ret) - pr_warning("twl6030: I2C error in clearing PIH ISR\n"); - -diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c -index 3f7ad83..3aa9a96 100644 ---- a/drivers/misc/kgdbts.c -+++ b/drivers/misc/kgdbts.c -@@ -134,12 +134,17 @@ static int force_hwbrks; - static int hwbreaks_ok; - static int hw_break_val; - static int hw_break_val2; -+static int cont_instead_of_sstep; -+static unsigned long cont_thread_id; -+static unsigned long sstep_thread_id; - #if defined(CONFIG_ARM) || defined(CONFIG_MIPS) || defined(CONFIG_SPARC) - static int arch_needs_sstep_emulation = 1; - #else - static int arch_needs_sstep_emulation; - #endif -+static unsigned long cont_addr; - static unsigned long sstep_addr; -+static int restart_from_top_after_write; - static int sstep_state; - - /* Storage for the registers, in GDB format. */ -@@ -187,7 +192,8 @@ static int kgdbts_unreg_thread(void *ptr) - */ - while (!final_ack) - msleep_interruptible(1500); -- -+ /* Pause for any other threads to exit after final ack. */ -+ msleep_interruptible(1000); - if (configured) - kgdb_unregister_io_module(&kgdbts_io_ops); - configured = 0; -@@ -211,7 +217,7 @@ static unsigned long lookup_addr(char *arg) - if (!strcmp(arg, "kgdbts_break_test")) - addr = (unsigned long)kgdbts_break_test; - else if (!strcmp(arg, "sys_open")) -- addr = (unsigned long)sys_open; -+ addr = (unsigned long)do_sys_open; - else if (!strcmp(arg, "do_fork")) - addr = (unsigned long)do_fork; - else if (!strcmp(arg, "hw_break_val")) -@@ -283,6 +289,16 @@ static void hw_break_val_write(void) - hw_break_val++; - } - -+static int get_thread_id_continue(char *put_str, char *arg) -+{ -+ char *ptr = &put_str[11]; -+ -+ if (put_str[1] != 'T' || put_str[2] != '0') -+ return 1; -+ kgdb_hex2long(&ptr, &cont_thread_id); -+ return 0; -+} -+ - static int check_and_rewind_pc(char *put_str, char *arg) - { - unsigned long addr = lookup_addr(arg); -@@ -299,13 +315,21 @@ static int check_and_rewind_pc(char *put_str, char *arg) - if (addr + BREAK_INSTR_SIZE == ip) - offset = -BREAK_INSTR_SIZE; - #endif -- if (strcmp(arg, "silent") && ip + offset != addr) { -+ -+ if (arch_needs_sstep_emulation && sstep_addr && -+ ip + offset == sstep_addr && -+ ((!strcmp(arg, "sys_open") || !strcmp(arg, "do_fork")))) { -+ /* This is special case for emulated single step */ -+ v2printk("Emul: rewind hit single step bp\n"); -+ restart_from_top_after_write = 1; -+ } else if (strcmp(arg, "silent") && ip + offset != addr) { - eprintk("kgdbts: BP mismatch %lx expected %lx\n", - ip + offset, addr); - return 1; - } - /* Readjust the instruction pointer if needed */ - ip += offset; -+ cont_addr = ip; - #ifdef GDB_ADJUSTS_BREAK_OFFSET - instruction_pointer_set(&kgdbts_regs, ip); - #endif -@@ -315,6 +339,8 @@ static int check_and_rewind_pc(char *put_str, char *arg) - static int check_single_step(char *put_str, char *arg) - { - unsigned long addr = lookup_addr(arg); -+ static int matched_id; -+ - /* - * From an arch indepent point of view the instruction pointer - * should be on a different instruction -@@ -324,6 +350,29 @@ static int check_single_step(char *put_str, char *arg) - gdb_regs_to_pt_regs(kgdbts_gdb_regs, &kgdbts_regs); - v2printk("Singlestep stopped at IP: %lx\n", - instruction_pointer(&kgdbts_regs)); -+ -+ if (sstep_thread_id != cont_thread_id) { -+ /* -+ * Ensure we stopped in the same thread id as before, else the -+ * debugger should continue until the original thread that was -+ * single stepped is scheduled again, emulating gdb's behavior. -+ */ -+ v2printk("ThrID does not match: %lx\n", cont_thread_id); -+ if (arch_needs_sstep_emulation) { -+ if (matched_id && -+ instruction_pointer(&kgdbts_regs) != addr) -+ goto continue_test; -+ matched_id++; -+ ts.idx -= 2; -+ sstep_state = 0; -+ return 0; -+ } -+ cont_instead_of_sstep = 1; -+ ts.idx -= 4; -+ return 0; -+ } -+continue_test: -+ matched_id = 0; - if (instruction_pointer(&kgdbts_regs) == addr) { - eprintk("kgdbts: SingleStep failed at %lx\n", - instruction_pointer(&kgdbts_regs)); -@@ -365,10 +414,40 @@ static int got_break(char *put_str, char *arg) - return 1; - } - -+static void get_cont_catch(char *arg) -+{ -+ /* Always send detach because the test is completed at this point */ -+ fill_get_buf("D"); -+} -+ -+static int put_cont_catch(char *put_str, char *arg) -+{ -+ /* This is at the end of the test and we catch any and all input */ -+ v2printk("kgdbts: cleanup task: %lx\n", sstep_thread_id); -+ ts.idx--; -+ return 0; -+} -+ -+static int emul_reset(char *put_str, char *arg) -+{ -+ if (strncmp(put_str, "$OK", 3)) -+ return 1; -+ if (restart_from_top_after_write) { -+ restart_from_top_after_write = 0; -+ ts.idx = -1; -+ } -+ return 0; -+} -+ - static void emul_sstep_get(char *arg) - { - if (!arch_needs_sstep_emulation) { -- fill_get_buf(arg); -+ if (cont_instead_of_sstep) { -+ cont_instead_of_sstep = 0; -+ fill_get_buf("c"); -+ } else { -+ fill_get_buf(arg); -+ } - return; - } - switch (sstep_state) { -@@ -398,9 +477,11 @@ static void emul_sstep_get(char *arg) - static int emul_sstep_put(char *put_str, char *arg) - { - if (!arch_needs_sstep_emulation) { -- if (!strncmp(put_str+1, arg, 2)) -- return 0; -- return 1; -+ char *ptr = &put_str[11]; -+ if (put_str[1] != 'T' || put_str[2] != '0') -+ return 1; -+ kgdb_hex2long(&ptr, &sstep_thread_id); -+ return 0; - } - switch (sstep_state) { - case 1: -@@ -411,8 +492,7 @@ static int emul_sstep_put(char *put_str, char *arg) - v2printk("Stopped at IP: %lx\n", - instruction_pointer(&kgdbts_regs)); - /* Want to stop at IP + break instruction size by default */ -- sstep_addr = instruction_pointer(&kgdbts_regs) + -- BREAK_INSTR_SIZE; -+ sstep_addr = cont_addr + BREAK_INSTR_SIZE; - break; - case 2: - if (strncmp(put_str, "$OK", 3)) { -@@ -424,6 +504,9 @@ static int emul_sstep_put(char *put_str, char *arg) - if (strncmp(put_str, "$T0", 3)) { - eprintk("kgdbts: failed continue sstep\n"); - return 1; -+ } else { -+ char *ptr = &put_str[11]; -+ kgdb_hex2long(&ptr, &sstep_thread_id); - } - break; - case 4: -@@ -502,10 +585,10 @@ static struct test_struct bad_read_test[] = { - static struct test_struct singlestep_break_test[] = { - { "?", "S0*" }, /* Clear break points */ - { "kgdbts_break_test", "OK", sw_break, }, /* set sw breakpoint */ -- { "c", "T0*", }, /* Continue */ -+ { "c", "T0*", NULL, get_thread_id_continue }, /* Continue */ -+ { "kgdbts_break_test", "OK", sw_rem_break }, /*remove breakpoint */ - { "g", "kgdbts_break_test", NULL, check_and_rewind_pc }, - { "write", "OK", write_regs }, /* Write registers */ -- { "kgdbts_break_test", "OK", sw_rem_break }, /*remove breakpoint */ - { "s", "T0*", emul_sstep_get, emul_sstep_put }, /* Single step */ - { "g", "kgdbts_break_test", NULL, check_single_step }, - { "kgdbts_break_test", "OK", sw_break, }, /* set sw breakpoint */ -@@ -523,16 +606,16 @@ static struct test_struct singlestep_break_test[] = { - static struct test_struct do_fork_test[] = { - { "?", "S0*" }, /* Clear break points */ - { "do_fork", "OK", sw_break, }, /* set sw breakpoint */ -- { "c", "T0*", }, /* Continue */ -- { "g", "do_fork", NULL, check_and_rewind_pc }, /* check location */ -- { "write", "OK", write_regs }, /* Write registers */ -+ { "c", "T0*", NULL, get_thread_id_continue }, /* Continue */ - { "do_fork", "OK", sw_rem_break }, /*remove breakpoint */ -+ { "g", "do_fork", NULL, check_and_rewind_pc }, /* check location */ -+ { "write", "OK", write_regs, emul_reset }, /* Write registers */ - { "s", "T0*", emul_sstep_get, emul_sstep_put }, /* Single step */ - { "g", "do_fork", NULL, check_single_step }, - { "do_fork", "OK", sw_break, }, /* set sw breakpoint */ - { "7", "T0*", skip_back_repeat_test }, /* Loop based on repeat_test */ - { "D", "OK", NULL, final_ack_set }, /* detach and unregister I/O */ -- { "", "" }, -+ { "", "", get_cont_catch, put_cont_catch }, - }; - - /* Test for hitting a breakpoint at sys_open for what ever the number -@@ -541,16 +624,16 @@ static struct test_struct do_fork_test[] = { - static struct test_struct sys_open_test[] = { - { "?", "S0*" }, /* Clear break points */ - { "sys_open", "OK", sw_break, }, /* set sw breakpoint */ -- { "c", "T0*", }, /* Continue */ -- { "g", "sys_open", NULL, check_and_rewind_pc }, /* check location */ -- { "write", "OK", write_regs }, /* Write registers */ -+ { "c", "T0*", NULL, get_thread_id_continue }, /* Continue */ - { "sys_open", "OK", sw_rem_break }, /*remove breakpoint */ -+ { "g", "sys_open", NULL, check_and_rewind_pc }, /* check location */ -+ { "write", "OK", write_regs, emul_reset }, /* Write registers */ - { "s", "T0*", emul_sstep_get, emul_sstep_put }, /* Single step */ - { "g", "sys_open", NULL, check_single_step }, - { "sys_open", "OK", sw_break, }, /* set sw breakpoint */ - { "7", "T0*", skip_back_repeat_test }, /* Loop based on repeat_test */ - { "D", "OK", NULL, final_ack_set }, /* detach and unregister I/O */ -- { "", "" }, -+ { "", "", get_cont_catch, put_cont_catch }, - }; - - /* -@@ -693,8 +776,8 @@ static int run_simple_test(int is_get_char, int chr) - /* This callback is a put char which is when kgdb sends data to - * this I/O module. - */ -- if (ts.tst[ts.idx].get[0] == '\0' && -- ts.tst[ts.idx].put[0] == '\0') { -+ if (ts.tst[ts.idx].get[0] == '\0' && ts.tst[ts.idx].put[0] == '\0' && -+ !ts.tst[ts.idx].get_handler) { - eprintk("kgdbts: ERROR: beyond end of test on" - " '%s' line %i\n", ts.name, ts.idx); - return 0; -@@ -907,6 +990,17 @@ static void kgdbts_run_tests(void) - if (ptr) - sstep_test = simple_strtol(ptr+1, NULL, 10); - -+ /* All HW break point tests */ -+ if (arch_kgdb_ops.flags & KGDB_HW_BREAKPOINT) { -+ hwbreaks_ok = 1; -+ v1printk("kgdbts:RUN hw breakpoint test\n"); -+ run_breakpoint_test(1); -+ v1printk("kgdbts:RUN hw write breakpoint test\n"); -+ run_hw_break_test(1); -+ v1printk("kgdbts:RUN access write breakpoint test\n"); -+ run_hw_break_test(0); -+ } -+ - /* required internal KGDB tests */ - v1printk("kgdbts:RUN plant and detach test\n"); - run_plant_and_detach_test(0); -@@ -924,35 +1018,11 @@ static void kgdbts_run_tests(void) - - /* ===Optional tests=== */ - -- /* All HW break point tests */ -- if (arch_kgdb_ops.flags & KGDB_HW_BREAKPOINT) { -- hwbreaks_ok = 1; -- v1printk("kgdbts:RUN hw breakpoint test\n"); -- run_breakpoint_test(1); -- v1printk("kgdbts:RUN hw write breakpoint test\n"); -- run_hw_break_test(1); -- v1printk("kgdbts:RUN access write breakpoint test\n"); -- run_hw_break_test(0); -- } -- - if (nmi_sleep) { - v1printk("kgdbts:RUN NMI sleep %i seconds test\n", nmi_sleep); - run_nmi_sleep_test(nmi_sleep); - } - --#ifdef CONFIG_DEBUG_RODATA -- /* Until there is an api to write to read-only text segments, use -- * HW breakpoints for the remainder of any tests, else print a -- * failure message if hw breakpoints do not work. -- */ -- if (!(arch_kgdb_ops.flags & KGDB_HW_BREAKPOINT && hwbreaks_ok)) { -- eprintk("kgdbts: HW breakpoints do not work," -- "skipping remaining tests\n"); -- return; -- } -- force_hwbrks = 1; --#endif /* CONFIG_DEBUG_RODATA */ -- - /* If the do_fork test is run it will be the last test that is - * executed because a kernel thread will be spawned at the very - * end to unregister the debug hooks. -diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c -index 9896933..0932024 100644 ---- a/drivers/mmc/host/atmel-mci.c -+++ b/drivers/mmc/host/atmel-mci.c -@@ -480,7 +480,14 @@ err: - static inline unsigned int atmci_ns_to_clocks(struct atmel_mci *host, - unsigned int ns) - { -- return (ns * (host->bus_hz / 1000000) + 999) / 1000; -+ /* -+ * It is easier here to use us instead of ns for the timeout, -+ * it prevents from overflows during calculation. -+ */ -+ unsigned int us = DIV_ROUND_UP(ns, 1000); -+ -+ /* Maximum clock frequency is host->bus_hz/2 */ -+ return us * (DIV_ROUND_UP(host->bus_hz, 2000000)); - } - - static void atmci_set_timeout(struct atmel_mci *host, -diff --git a/drivers/mmc/host/sdhci-dove.c b/drivers/mmc/host/sdhci-dove.c -index a81312c..31acb70 100644 ---- a/drivers/mmc/host/sdhci-dove.c -+++ b/drivers/mmc/host/sdhci-dove.c -@@ -20,6 +20,7 @@ - */ - - #include <linux/io.h> -+#include <linux/module.h> - #include <linux/mmc/host.h> - - #include "sdhci-pltfm.h" -diff --git a/drivers/mtd/devices/block2mtd.c b/drivers/mtd/devices/block2mtd.c -index b78f231..8cd983c 100644 ---- a/drivers/mtd/devices/block2mtd.c -+++ b/drivers/mtd/devices/block2mtd.c -@@ -284,6 +284,7 @@ static struct block2mtd_dev *add_device(char *devname, int erase_size) - dev->mtd.size = dev->blkdev->bd_inode->i_size & PAGE_MASK; - dev->mtd.erasesize = erase_size; - dev->mtd.writesize = 1; -+ dev->mtd.writebufsize = PAGE_SIZE; - dev->mtd.type = MTD_RAM; - dev->mtd.flags = MTD_CAP_RAM; - dev->mtd.erase = block2mtd_erase; -diff --git a/drivers/mtd/devices/lart.c b/drivers/mtd/devices/lart.c -index 3a11ea6..5f12668 100644 ---- a/drivers/mtd/devices/lart.c -+++ b/drivers/mtd/devices/lart.c -@@ -630,6 +630,7 @@ static int __init lart_flash_init (void) - mtd.name = module_name; - mtd.type = MTD_NORFLASH; - mtd.writesize = 1; -+ mtd.writebufsize = 4; - mtd.flags = MTD_CAP_NORFLASH; - mtd.size = FLASH_BLOCKSIZE_PARAM * FLASH_NUMBLOCKS_16m_PARAM + FLASH_BLOCKSIZE_MAIN * FLASH_NUMBLOCKS_16m_MAIN; - mtd.erasesize = FLASH_BLOCKSIZE_MAIN; -diff --git a/drivers/mtd/devices/m25p80.c b/drivers/mtd/devices/m25p80.c -index 884904d..9f9982f 100644 ---- a/drivers/mtd/devices/m25p80.c -+++ b/drivers/mtd/devices/m25p80.c -@@ -932,6 +932,7 @@ static int __devinit m25p_probe(struct spi_device *spi) - ppdata.of_node = spi->dev.of_node; - flash->mtd.dev.parent = &spi->dev; - flash->page_size = info->page_size; -+ flash->mtd.writebufsize = flash->page_size; - - if (info->addr_width) - flash->addr_width = info->addr_width; -diff --git a/drivers/mtd/devices/sst25l.c b/drivers/mtd/devices/sst25l.c -index d38ef3b..9c35250 100644 ---- a/drivers/mtd/devices/sst25l.c -+++ b/drivers/mtd/devices/sst25l.c -@@ -402,6 +402,7 @@ static int __devinit sst25l_probe(struct spi_device *spi) - flash->mtd.flags = MTD_CAP_NORFLASH; - flash->mtd.erasesize = flash_info->erase_size; - flash->mtd.writesize = flash_info->page_size; -+ flash->mtd.writebufsize = flash_info->page_size; - flash->mtd.size = flash_info->page_size * flash_info->nr_pages; - flash->mtd.erase = sst25l_erase; - flash->mtd.read = sst25l_read; -diff --git a/drivers/mtd/maps/ixp4xx.c b/drivers/mtd/maps/ixp4xx.c -index 3040901..696372f 100644 ---- a/drivers/mtd/maps/ixp4xx.c -+++ b/drivers/mtd/maps/ixp4xx.c -@@ -182,6 +182,9 @@ static int ixp4xx_flash_probe(struct platform_device *dev) - { - struct flash_platform_data *plat = dev->dev.platform_data; - struct ixp4xx_flash_info *info; -+ struct mtd_part_parser_data ppdata = { -+ .origin = dev->resource->start, -+ }; - int err = -1; - - if (!plat) -@@ -247,7 +250,7 @@ static int ixp4xx_flash_probe(struct platform_device *dev) - /* Use the fast version */ - info->map.write = ixp4xx_write16; - -- err = mtd_device_parse_register(info->mtd, probes, dev->resource->start, -+ err = mtd_device_parse_register(info->mtd, probes, &ppdata, - plat->parts, plat->nr_parts); - if (err) { - printk(KERN_ERR "Could not parse partitions\n"); -diff --git a/drivers/mtd/maps/lantiq-flash.c b/drivers/mtd/maps/lantiq-flash.c -index 4f10e27..764d468 100644 ---- a/drivers/mtd/maps/lantiq-flash.c -+++ b/drivers/mtd/maps/lantiq-flash.c -@@ -45,6 +45,7 @@ struct ltq_mtd { - }; - - static char ltq_map_name[] = "ltq_nor"; -+static const char *ltq_probe_types[] __devinitconst = { "cmdlinepart", NULL }; - - static map_word - ltq_read16(struct map_info *map, unsigned long adr) -@@ -168,7 +169,7 @@ ltq_mtd_probe(struct platform_device *pdev) - cfi->addr_unlock1 ^= 1; - cfi->addr_unlock2 ^= 1; - -- err = mtd_device_parse_register(ltq_mtd->mtd, NULL, 0, -+ err = mtd_device_parse_register(ltq_mtd->mtd, ltq_probe_types, 0, - ltq_mtd_data->parts, ltq_mtd_data->nr_parts); - if (err) { - dev_err(&pdev->dev, "failed to add partitions\n"); -diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c -index 493ec2f..f39f83e 100644 ---- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c -+++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c -@@ -1124,7 +1124,7 @@ static int gpmi_block_markbad(struct mtd_info *mtd, loff_t ofs) - chip->bbt[block >> 2] |= 0x01 << ((block & 0x03) << 1); - - /* Do we have a flash based bad block table ? */ -- if (chip->options & NAND_BBT_USE_FLASH) -+ if (chip->bbt_options & NAND_BBT_USE_FLASH) - ret = nand_update_bbt(mtd, ofs); - else { - chipnr = (int)(ofs >> chip->chip_shift); -diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c -index bf40741..3d55883 100644 ---- a/drivers/net/ethernet/broadcom/tg3.c -+++ b/drivers/net/ethernet/broadcom/tg3.c -@@ -2794,7 +2794,9 @@ static void tg3_power_down_phy(struct tg3 *tp, bool do_low_power) - if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5700 || - GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5704 || - (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5780 && -- (tp->phy_flags & TG3_PHYFLG_MII_SERDES))) -+ (tp->phy_flags & TG3_PHYFLG_MII_SERDES)) || -+ (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5717 && -+ !tp->pci_fn)) - return; - - if (GET_CHIP_REV(tp->pci_chip_rev_id) == CHIPREV_5784_AX || -diff --git a/drivers/net/ethernet/freescale/fsl_pq_mdio.c b/drivers/net/ethernet/freescale/fsl_pq_mdio.c -index 4d9f84b..ada234a 100644 ---- a/drivers/net/ethernet/freescale/fsl_pq_mdio.c -+++ b/drivers/net/ethernet/freescale/fsl_pq_mdio.c -@@ -356,16 +356,15 @@ static int fsl_pq_mdio_probe(struct platform_device *ofdev) - - if (prop) - tbiaddr = *prop; -- } -- -- if (tbiaddr == -1) { -- err = -EBUSY; - -- goto err_free_irqs; -+ if (tbiaddr == -1) { -+ err = -EBUSY; -+ goto err_free_irqs; -+ } else { -+ out_be32(tbipa, tbiaddr); -+ } - } - -- out_be32(tbipa, tbiaddr); -- - err = of_mdiobus_register(new_bus, np); - if (err) { - printk (KERN_ERR "%s: Cannot register as MDIO bus\n", -diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c -index f612b35..7eb8a00 100644 ---- a/drivers/net/ethernet/marvell/sky2.c -+++ b/drivers/net/ethernet/marvell/sky2.c -@@ -1766,13 +1766,14 @@ static int sky2_open(struct net_device *dev) - - sky2_hw_up(sky2); - -+ /* Enable interrupts from phy/mac for port */ -+ imask = sky2_read32(hw, B0_IMSK); -+ - if (hw->chip_id == CHIP_ID_YUKON_OPT || - hw->chip_id == CHIP_ID_YUKON_PRM || - hw->chip_id == CHIP_ID_YUKON_OP_2) - imask |= Y2_IS_PHY_QLNK; /* enable PHY Quick Link */ - -- /* Enable interrupts from phy/mac for port */ -- imask = sky2_read32(hw, B0_IMSK); - imask |= portirq_msk[port]; - sky2_write32(hw, B0_IMSK, imask); - sky2_read32(hw, B0_IMSK); -diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 0cf2351..697cae3 100644 ---- a/drivers/net/ethernet/realtek/r8169.c -+++ b/drivers/net/ethernet/realtek/r8169.c -@@ -6194,6 +6194,9 @@ static void rtl_shutdown(struct pci_dev *pdev) - { - struct net_device *dev = pci_get_drvdata(pdev); - struct rtl8169_private *tp = netdev_priv(dev); -+ struct device *d = &pdev->dev; -+ -+ pm_runtime_get_sync(d); - - rtl8169_net_suspend(dev); - -@@ -6215,6 +6218,8 @@ static void rtl_shutdown(struct pci_dev *pdev) - pci_wake_from_d3(pdev, true); - pci_set_power_state(pdev, PCI_D3hot); - } -+ -+ pm_runtime_put_noidle(d); - } - - static struct pci_driver rtl8169_pci_driver = { -diff --git a/drivers/net/usb/cdc_eem.c b/drivers/net/usb/cdc_eem.c -index 882f53f..82d43b2 100644 ---- a/drivers/net/usb/cdc_eem.c -+++ b/drivers/net/usb/cdc_eem.c -@@ -93,6 +93,7 @@ static int eem_bind(struct usbnet *dev, struct usb_interface *intf) - /* no jumbogram (16K) support for now */ - - dev->net->hard_header_len += EEM_HEAD + ETH_FCS_LEN; -+ dev->hard_mtu = dev->net->mtu + dev->net->hard_header_len; - - return 0; - } -diff --git a/drivers/net/usb/zaurus.c b/drivers/net/usb/zaurus.c -index 246b3bb..c1e6a44 100644 ---- a/drivers/net/usb/zaurus.c -+++ b/drivers/net/usb/zaurus.c -@@ -332,6 +332,11 @@ static const struct usb_device_id products [] = { - .driver_info = ZAURUS_PXA_INFO, - }, - { -+ /* Motorola Rokr E6 */ -+ USB_DEVICE_AND_INTERFACE_INFO(0x22b8, 0x6027, USB_CLASS_COMM, -+ USB_CDC_SUBCLASS_MDLM, USB_CDC_PROTO_NONE), -+ .driver_info = (unsigned long) &bogus_mdlm_info, -+}, { - /* Motorola MOTOMAGX phones */ - USB_DEVICE_AND_INTERFACE_INFO(0x22b8, 0x6425, USB_CLASS_COMM, - USB_CDC_SUBCLASS_MDLM, USB_CDC_PROTO_NONE), -diff --git a/drivers/net/wireless/rtlwifi/rtl8192c/phy_common.c b/drivers/net/wireless/rtlwifi/rtl8192c/phy_common.c -index 1f07558..f20678a 100644 ---- a/drivers/net/wireless/rtlwifi/rtl8192c/phy_common.c -+++ b/drivers/net/wireless/rtlwifi/rtl8192c/phy_common.c -@@ -1968,7 +1968,7 @@ void rtl92c_phy_set_io(struct ieee80211_hw *hw) - break; - case IO_CMD_PAUSE_DM_BY_SCAN: - rtlphy->initgain_backup.xaagccore1 = dm_digtable.cur_igvalue; -- dm_digtable.cur_igvalue = 0x17; -+ dm_digtable.cur_igvalue = 0x37; - rtl92c_dm_write_dig(hw); - break; - default: -diff --git a/drivers/net/wireless/rtlwifi/rtl8192de/phy.c b/drivers/net/wireless/rtlwifi/rtl8192de/phy.c -index 0883349..2cf4c5f 100644 ---- a/drivers/net/wireless/rtlwifi/rtl8192de/phy.c -+++ b/drivers/net/wireless/rtlwifi/rtl8192de/phy.c -@@ -3192,7 +3192,7 @@ static void rtl92d_phy_set_io(struct ieee80211_hw *hw) - break; - case IO_CMD_PAUSE_DM_BY_SCAN: - rtlphy->initgain_backup.xaagccore1 = de_digtable.cur_igvalue; -- de_digtable.cur_igvalue = 0x17; -+ de_digtable.cur_igvalue = 0x37; - rtl92d_dm_write_dig(hw); - break; - default: -diff --git a/drivers/platform/x86/acer-wmi.c b/drivers/platform/x86/acer-wmi.c -index 1e5290b..110e4af 100644 ---- a/drivers/platform/x86/acer-wmi.c -+++ b/drivers/platform/x86/acer-wmi.c -@@ -692,6 +692,7 @@ static const struct acpi_device_id norfkill_ids[] = { - { "VPC2004", 0}, - { "IBM0068", 0}, - { "LEN0068", 0}, -+ { "SNY5001", 0}, /* sony-laptop in charge */ - { "", 0}, - }; - -diff --git a/drivers/pnp/pnpacpi/core.c b/drivers/pnp/pnpacpi/core.c -index b00c176..d21e8f5 100644 ---- a/drivers/pnp/pnpacpi/core.c -+++ b/drivers/pnp/pnpacpi/core.c -@@ -321,9 +321,14 @@ static int __init acpi_pnp_match(struct device *dev, void *_pnp) - { - struct acpi_device *acpi = to_acpi_device(dev); - struct pnp_dev *pnp = _pnp; -+ struct device *physical_device; -+ -+ physical_device = acpi_get_physical_device(acpi->handle); -+ if (physical_device) -+ put_device(physical_device); - - /* true means it matched */ -- return !acpi_get_physical_device(acpi->handle) -+ return !physical_device - && compare_pnp_id(pnp->id, acpi_device_hid(acpi)); - } - -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index cdb774b..5660916 100644 ---- a/drivers/target/target_core_transport.c -+++ b/drivers/target/target_core_transport.c -@@ -2666,7 +2666,7 @@ static int transport_generic_cmd_sequencer( - cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB; - - if (target_check_write_same_discard(&cdb[10], dev) < 0) -- goto out_invalid_cdb_field; -+ goto out_unsupported_cdb; - if (!passthrough) - cmd->execute_task = target_emulate_write_same; - break; -@@ -2949,7 +2949,7 @@ static int transport_generic_cmd_sequencer( - cmd->se_cmd_flags |= SCF_SCSI_CONTROL_SG_IO_CDB; - - if (target_check_write_same_discard(&cdb[1], dev) < 0) -- goto out_invalid_cdb_field; -+ goto out_unsupported_cdb; - if (!passthrough) - cmd->execute_task = target_emulate_write_same; - break; -@@ -2972,7 +2972,7 @@ static int transport_generic_cmd_sequencer( - * of byte 1 bit 3 UNMAP instead of original reserved field - */ - if (target_check_write_same_discard(&cdb[1], dev) < 0) -- goto out_invalid_cdb_field; -+ goto out_unsupported_cdb; - if (!passthrough) - cmd->execute_task = target_emulate_write_same; - break; -diff --git a/drivers/target/tcm_fc/tcm_fc.h b/drivers/target/tcm_fc/tcm_fc.h -index e05c551..be7ed12 100644 ---- a/drivers/target/tcm_fc/tcm_fc.h -+++ b/drivers/target/tcm_fc/tcm_fc.h -@@ -124,6 +124,7 @@ struct ft_cmd { - /* Local sense buffer */ - unsigned char ft_sense_buffer[TRANSPORT_SENSE_BUFFER]; - u32 was_ddp_setup:1; /* Set only if ddp is setup */ -+ u32 aborted:1; /* Set if aborted by reset or timeout */ - struct scatterlist *sg; /* Set only if DDP is setup */ - u32 sg_cnt; /* No. of item in scatterlist */ - }; -diff --git a/drivers/target/tcm_fc/tfc_cmd.c b/drivers/target/tcm_fc/tfc_cmd.c -index 754b669..d95cfe2 100644 ---- a/drivers/target/tcm_fc/tfc_cmd.c -+++ b/drivers/target/tcm_fc/tfc_cmd.c -@@ -130,6 +130,8 @@ int ft_queue_status(struct se_cmd *se_cmd) - struct fc_exch *ep; - size_t len; - -+ if (cmd->aborted) -+ return 0; - ft_dump_cmd(cmd, __func__); - ep = fc_seq_exch(cmd->seq); - lport = ep->lp; -@@ -196,6 +198,8 @@ int ft_write_pending(struct se_cmd *se_cmd) - - ft_dump_cmd(cmd, __func__); - -+ if (cmd->aborted) -+ return 0; - ep = fc_seq_exch(cmd->seq); - lport = ep->lp; - fp = fc_frame_alloc(lport, sizeof(*txrdy)); -@@ -266,10 +270,10 @@ static void ft_recv_seq(struct fc_seq *sp, struct fc_frame *fp, void *arg) - struct ft_cmd *cmd = arg; - struct fc_frame_header *fh; - -- if (IS_ERR(fp)) { -+ if (unlikely(IS_ERR(fp))) { - /* XXX need to find cmd if queued */ - cmd->seq = NULL; -- transport_generic_free_cmd(&cmd->se_cmd, 0); -+ cmd->aborted = true; - return; - } - -@@ -447,6 +451,8 @@ int ft_queue_tm_resp(struct se_cmd *se_cmd) - struct se_tmr_req *tmr = se_cmd->se_tmr_req; - enum fcp_resp_rsp_codes code; - -+ if (cmd->aborted) -+ return 0; - switch (tmr->response) { - case TMR_FUNCTION_COMPLETE: - code = FCP_TMF_CMPL; -diff --git a/drivers/target/tcm_fc/tfc_conf.c b/drivers/target/tcm_fc/tfc_conf.c -index 9402b73..7962325 100644 ---- a/drivers/target/tcm_fc/tfc_conf.c -+++ b/drivers/target/tcm_fc/tfc_conf.c -@@ -304,6 +304,7 @@ static struct se_portal_group *ft_add_tpg( - { - struct ft_lport_acl *lacl; - struct ft_tpg *tpg; -+ struct workqueue_struct *wq; - unsigned long index; - int ret; - -@@ -325,18 +326,20 @@ static struct se_portal_group *ft_add_tpg( - tpg->lport_acl = lacl; - INIT_LIST_HEAD(&tpg->lun_list); - -- ret = core_tpg_register(&ft_configfs->tf_ops, wwn, &tpg->se_tpg, -- tpg, TRANSPORT_TPG_TYPE_NORMAL); -- if (ret < 0) { -+ wq = alloc_workqueue("tcm_fc", 0, 1); -+ if (!wq) { - kfree(tpg); - return NULL; - } - -- tpg->workqueue = alloc_workqueue("tcm_fc", 0, 1); -- if (!tpg->workqueue) { -+ ret = core_tpg_register(&ft_configfs->tf_ops, wwn, &tpg->se_tpg, -+ tpg, TRANSPORT_TPG_TYPE_NORMAL); -+ if (ret < 0) { -+ destroy_workqueue(wq); - kfree(tpg); - return NULL; - } -+ tpg->workqueue = wq; - - mutex_lock(&ft_lport_lock); - list_add_tail(&tpg->list, &lacl->tpg_list); -diff --git a/drivers/target/tcm_fc/tfc_io.c b/drivers/target/tcm_fc/tfc_io.c -index 1369b1c..ada131c 100644 ---- a/drivers/target/tcm_fc/tfc_io.c -+++ b/drivers/target/tcm_fc/tfc_io.c -@@ -84,6 +84,8 @@ int ft_queue_data_in(struct se_cmd *se_cmd) - void *from; - void *to = NULL; - -+ if (cmd->aborted) -+ return 0; - ep = fc_seq_exch(cmd->seq); - lport = ep->lp; - cmd->seq = lport->tt.seq_start_next(cmd->seq); -diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 159fcc5..0f7dc22 100644 ---- a/fs/cifs/file.c -+++ b/fs/cifs/file.c -@@ -835,13 +835,21 @@ cifs_posix_lock_set(struct file *file, struct file_lock *flock) - if ((flock->fl_flags & FL_POSIX) == 0) - return rc; - -+try_again: - mutex_lock(&cinode->lock_mutex); - if (!cinode->can_cache_brlcks) { - mutex_unlock(&cinode->lock_mutex); - return rc; - } -- rc = posix_lock_file_wait(file, flock); -+ -+ rc = posix_lock_file(file, flock, NULL); - mutex_unlock(&cinode->lock_mutex); -+ if (rc == FILE_LOCK_DEFERRED) { -+ rc = wait_event_interruptible(flock->fl_wait, !flock->fl_next); -+ if (!rc) -+ goto try_again; -+ locks_delete_block(flock); -+ } - return rc; - } - -diff --git a/fs/locks.c b/fs/locks.c -index 637694b..0d68f1f 100644 ---- a/fs/locks.c -+++ b/fs/locks.c -@@ -510,12 +510,13 @@ static void __locks_delete_block(struct file_lock *waiter) - - /* - */ --static void locks_delete_block(struct file_lock *waiter) -+void locks_delete_block(struct file_lock *waiter) - { - lock_flocks(); - __locks_delete_block(waiter); - unlock_flocks(); - } -+EXPORT_SYMBOL(locks_delete_block); - - /* Insert waiter into blocker's block list. - * We use a circular list so that processes can be easily woken up in -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c -index d945700..757293b 100644 ---- a/fs/nfs/nfs4proc.c -+++ b/fs/nfs/nfs4proc.c -@@ -3618,7 +3618,7 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t bu - if (acl_len > buflen) - goto out_free; - _copy_from_pages(buf, pages, res.acl_data_offset, -- res.acl_len); -+ acl_len); - } - ret = acl_len; - out_free: -diff --git a/include/linux/fs.h b/include/linux/fs.h -index 10b2288..11f1951 100644 ---- a/include/linux/fs.h -+++ b/include/linux/fs.h -@@ -1203,6 +1203,7 @@ extern int vfs_setlease(struct file *, long, struct file_lock **); - extern int lease_modify(struct file_lock **, int); - extern int lock_may_read(struct inode *, loff_t start, unsigned long count); - extern int lock_may_write(struct inode *, loff_t start, unsigned long count); -+extern void locks_delete_block(struct file_lock *waiter); - extern void lock_flocks(void); - extern void unlock_flocks(void); - #else /* !CONFIG_FILE_LOCKING */ -@@ -1347,6 +1348,10 @@ static inline int lock_may_write(struct inode *inode, loff_t start, - return 1; - } - -+static inline void locks_delete_block(struct file_lock *waiter) -+{ -+} -+ - static inline void lock_flocks(void) - { - } -diff --git a/include/linux/kernel.h b/include/linux/kernel.h -index e8b1597..a70783d 100644 ---- a/include/linux/kernel.h -+++ b/include/linux/kernel.h -@@ -85,6 +85,19 @@ - } \ - ) - -+/* -+ * Multiplies an integer by a fraction, while avoiding unnecessary -+ * overflow or loss of precision. -+ */ -+#define mult_frac(x, numer, denom)( \ -+{ \ -+ typeof(x) quot = (x) / (denom); \ -+ typeof(x) rem = (x) % (denom); \ -+ (quot * (numer)) + ((rem * (numer)) / (denom)); \ -+} \ -+) -+ -+ - #define _RET_IP_ (unsigned long)__builtin_return_address(0) - #define _THIS_IP_ ({ __label__ __here; __here: (unsigned long)&&__here; }) - -diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index fa39183..c4d2fc1 100644 ---- a/include/linux/kgdb.h -+++ b/include/linux/kgdb.h -@@ -63,7 +63,8 @@ enum kgdb_bptype { - BP_HARDWARE_BREAKPOINT, - BP_WRITE_WATCHPOINT, - BP_READ_WATCHPOINT, -- BP_ACCESS_WATCHPOINT -+ BP_ACCESS_WATCHPOINT, -+ BP_POKE_BREAKPOINT, - }; - - enum kgdb_bpstate { -@@ -207,8 +208,8 @@ extern void kgdb_arch_set_pc(struct pt_regs *regs, unsigned long pc); - - /* Optional functions. */ - extern int kgdb_validate_break_address(unsigned long addr); --extern int kgdb_arch_set_breakpoint(unsigned long addr, char *saved_instr); --extern int kgdb_arch_remove_breakpoint(unsigned long addr, char *bundle); -+extern int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt); -+extern int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt); - - /** - * kgdb_arch_late - Perform any architecture specific initalization. -diff --git a/kernel/cred.c b/kernel/cred.c -index 5791612..48c6fd3 100644 ---- a/kernel/cred.c -+++ b/kernel/cred.c -@@ -385,6 +385,8 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags) - struct cred *new; - int ret; - -+ p->replacement_session_keyring = NULL; -+ - if ( - #ifdef CONFIG_KEYS - !p->cred->thread_keyring && -diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c -index 0d7c087..7fda904 100644 ---- a/kernel/debug/debug_core.c -+++ b/kernel/debug/debug_core.c -@@ -157,37 +157,39 @@ early_param("nokgdbroundup", opt_nokgdbroundup); - * Weak aliases for breakpoint management, - * can be overriden by architectures when needed: - */ --int __weak kgdb_arch_set_breakpoint(unsigned long addr, char *saved_instr) -+int __weak kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt) - { - int err; - -- err = probe_kernel_read(saved_instr, (char *)addr, BREAK_INSTR_SIZE); -+ err = probe_kernel_read(bpt->saved_instr, (char *)bpt->bpt_addr, -+ BREAK_INSTR_SIZE); - if (err) - return err; -- -- return probe_kernel_write((char *)addr, arch_kgdb_ops.gdb_bpt_instr, -- BREAK_INSTR_SIZE); -+ err = probe_kernel_write((char *)bpt->bpt_addr, -+ arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE); -+ return err; - } - --int __weak kgdb_arch_remove_breakpoint(unsigned long addr, char *bundle) -+int __weak kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt) - { -- return probe_kernel_write((char *)addr, -- (char *)bundle, BREAK_INSTR_SIZE); -+ return probe_kernel_write((char *)bpt->bpt_addr, -+ (char *)bpt->saved_instr, BREAK_INSTR_SIZE); - } - - int __weak kgdb_validate_break_address(unsigned long addr) - { -- char tmp_variable[BREAK_INSTR_SIZE]; -+ struct kgdb_bkpt tmp; - int err; -- /* Validate setting the breakpoint and then removing it. In the -+ /* Validate setting the breakpoint and then removing it. If the - * remove fails, the kernel needs to emit a bad message because we - * are deep trouble not being able to put things back the way we - * found them. - */ -- err = kgdb_arch_set_breakpoint(addr, tmp_variable); -+ tmp.bpt_addr = addr; -+ err = kgdb_arch_set_breakpoint(&tmp); - if (err) - return err; -- err = kgdb_arch_remove_breakpoint(addr, tmp_variable); -+ err = kgdb_arch_remove_breakpoint(&tmp); - if (err) - printk(KERN_ERR "KGDB: Critical breakpoint error, kernel " - "memory destroyed at: %lx", addr); -@@ -231,7 +233,6 @@ static void kgdb_flush_swbreak_addr(unsigned long addr) - */ - int dbg_activate_sw_breakpoints(void) - { -- unsigned long addr; - int error; - int ret = 0; - int i; -@@ -240,16 +241,15 @@ int dbg_activate_sw_breakpoints(void) - if (kgdb_break[i].state != BP_SET) - continue; - -- addr = kgdb_break[i].bpt_addr; -- error = kgdb_arch_set_breakpoint(addr, -- kgdb_break[i].saved_instr); -+ error = kgdb_arch_set_breakpoint(&kgdb_break[i]); - if (error) { - ret = error; -- printk(KERN_INFO "KGDB: BP install failed: %lx", addr); -+ printk(KERN_INFO "KGDB: BP install failed: %lx", -+ kgdb_break[i].bpt_addr); - continue; - } - -- kgdb_flush_swbreak_addr(addr); -+ kgdb_flush_swbreak_addr(kgdb_break[i].bpt_addr); - kgdb_break[i].state = BP_ACTIVE; - } - return ret; -@@ -298,7 +298,6 @@ int dbg_set_sw_break(unsigned long addr) - - int dbg_deactivate_sw_breakpoints(void) - { -- unsigned long addr; - int error; - int ret = 0; - int i; -@@ -306,15 +305,14 @@ int dbg_deactivate_sw_breakpoints(void) - for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { - if (kgdb_break[i].state != BP_ACTIVE) - continue; -- addr = kgdb_break[i].bpt_addr; -- error = kgdb_arch_remove_breakpoint(addr, -- kgdb_break[i].saved_instr); -+ error = kgdb_arch_remove_breakpoint(&kgdb_break[i]); - if (error) { -- printk(KERN_INFO "KGDB: BP remove failed: %lx\n", addr); -+ printk(KERN_INFO "KGDB: BP remove failed: %lx\n", -+ kgdb_break[i].bpt_addr); - ret = error; - } - -- kgdb_flush_swbreak_addr(addr); -+ kgdb_flush_swbreak_addr(kgdb_break[i].bpt_addr); - kgdb_break[i].state = BP_SET; - } - return ret; -@@ -348,7 +346,6 @@ int kgdb_isremovedbreak(unsigned long addr) - - int dbg_remove_all_break(void) - { -- unsigned long addr; - int error; - int i; - -@@ -356,12 +353,10 @@ int dbg_remove_all_break(void) - for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { - if (kgdb_break[i].state != BP_ACTIVE) - goto setundefined; -- addr = kgdb_break[i].bpt_addr; -- error = kgdb_arch_remove_breakpoint(addr, -- kgdb_break[i].saved_instr); -+ error = kgdb_arch_remove_breakpoint(&kgdb_break[i]); - if (error) - printk(KERN_ERR "KGDB: breakpoint remove failed: %lx\n", -- addr); -+ kgdb_break[i].bpt_addr); - setundefined: - kgdb_break[i].state = BP_UNDEFINED; - } -diff --git a/kernel/irq/migration.c b/kernel/irq/migration.c -index 4742090..c3c8975 100644 ---- a/kernel/irq/migration.c -+++ b/kernel/irq/migration.c -@@ -43,12 +43,16 @@ void irq_move_masked_irq(struct irq_data *idata) - * masking the irqs. - */ - if (likely(cpumask_any_and(desc->pending_mask, cpu_online_mask) -- < nr_cpu_ids)) -- if (!chip->irq_set_affinity(&desc->irq_data, -- desc->pending_mask, false)) { -+ < nr_cpu_ids)) { -+ int ret = chip->irq_set_affinity(&desc->irq_data, -+ desc->pending_mask, false); -+ switch (ret) { -+ case IRQ_SET_MASK_OK: - cpumask_copy(desc->irq_data.affinity, desc->pending_mask); -+ case IRQ_SET_MASK_OK_NOCOPY: - irq_set_thread_affinity(desc); - } -+ } - - cpumask_clear(desc->pending_mask); - } -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index ae27196..ea7ec7f 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -166,7 +166,7 @@ static int proc_taint(struct ctl_table *table, int write, - #endif - - #ifdef CONFIG_PRINTK --static int proc_dmesg_restrict(struct ctl_table *table, int write, -+static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, loff_t *ppos); - #endif - -@@ -713,7 +713,7 @@ static struct ctl_table kern_table[] = { - .data = &dmesg_restrict, - .maxlen = sizeof(int), - .mode = 0644, -- .proc_handler = proc_dointvec_minmax, -+ .proc_handler = proc_dointvec_minmax_sysadmin, - .extra1 = &zero, - .extra2 = &one, - }, -@@ -722,7 +722,7 @@ static struct ctl_table kern_table[] = { - .data = &kptr_restrict, - .maxlen = sizeof(int), - .mode = 0644, -- .proc_handler = proc_dmesg_restrict, -+ .proc_handler = proc_dointvec_minmax_sysadmin, - .extra1 = &zero, - .extra2 = &two, - }, -@@ -2422,7 +2422,7 @@ static int proc_taint(struct ctl_table *table, int write, - } - - #ifdef CONFIG_PRINTK --static int proc_dmesg_restrict(struct ctl_table *table, int write, -+static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, loff_t *ppos) - { - if (write && !capable(CAP_SYS_ADMIN)) -diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index f2bd275..697e49d 100644 ---- a/kernel/trace/trace.c -+++ b/kernel/trace/trace.c -@@ -1642,6 +1642,7 @@ __find_next_entry(struct trace_iterator *iter, int *ent_cpu, - int cpu_file = iter->cpu_file; - u64 next_ts = 0, ts; - int next_cpu = -1; -+ int next_size = 0; - int cpu; - - /* -@@ -1673,9 +1674,12 @@ __find_next_entry(struct trace_iterator *iter, int *ent_cpu, - next_cpu = cpu; - next_ts = ts; - next_lost = lost_events; -+ next_size = iter->ent_size; - } - } - -+ iter->ent_size = next_size; -+ - if (ent_cpu) - *ent_cpu = next_cpu; - -diff --git a/kernel/trace/trace_entries.h b/kernel/trace/trace_entries.h -index 9336590..205dcac 100644 ---- a/kernel/trace/trace_entries.h -+++ b/kernel/trace/trace_entries.h -@@ -156,6 +156,12 @@ FTRACE_ENTRY_DUP(wakeup, ctx_switch_entry, - - #define FTRACE_STACK_ENTRIES 8 - -+#ifndef CONFIG_64BIT -+# define IP_FMT "%08lx" -+#else -+# define IP_FMT "%016lx" -+#endif -+ - FTRACE_ENTRY(kernel_stack, stack_entry, - - TRACE_STACK, -@@ -165,8 +171,9 @@ FTRACE_ENTRY(kernel_stack, stack_entry, - __dynamic_array(unsigned long, caller ) - ), - -- F_printk("\t=> (%08lx)\n\t=> (%08lx)\n\t=> (%08lx)\n\t=> (%08lx)\n" -- "\t=> (%08lx)\n\t=> (%08lx)\n\t=> (%08lx)\n\t=> (%08lx)\n", -+ F_printk("\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n" -+ "\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n" -+ "\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n", - __entry->caller[0], __entry->caller[1], __entry->caller[2], - __entry->caller[3], __entry->caller[4], __entry->caller[5], - __entry->caller[6], __entry->caller[7]) -@@ -181,8 +188,9 @@ FTRACE_ENTRY(user_stack, userstack_entry, - __array( unsigned long, caller, FTRACE_STACK_ENTRIES ) - ), - -- F_printk("\t=> (%08lx)\n\t=> (%08lx)\n\t=> (%08lx)\n\t=> (%08lx)\n" -- "\t=> (%08lx)\n\t=> (%08lx)\n\t=> (%08lx)\n\t=> (%08lx)\n", -+ F_printk("\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n" -+ "\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n" -+ "\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n", - __entry->caller[0], __entry->caller[1], __entry->caller[2], - __entry->caller[3], __entry->caller[4], __entry->caller[5], - __entry->caller[6], __entry->caller[7]) -diff --git a/kernel/trace/trace_export.c b/kernel/trace/trace_export.c -index bbeec31..ad4000c 100644 ---- a/kernel/trace/trace_export.c -+++ b/kernel/trace/trace_export.c -@@ -150,7 +150,7 @@ ftrace_define_fields_##name(struct ftrace_event_call *event_call) \ - #define __dynamic_array(type, item) - - #undef F_printk --#define F_printk(fmt, args...) #fmt ", " __stringify(args) -+#define F_printk(fmt, args...) __stringify(fmt) ", " __stringify(args) - - #undef FTRACE_ENTRY - #define FTRACE_ENTRY(call, struct_name, etype, tstruct, print) \ -diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c -index c1c597e..98bfbd5 100644 ---- a/net/bluetooth/hci_conn.c -+++ b/net/bluetooth/hci_conn.c -@@ -608,6 +608,10 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) - - if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { - struct hci_cp_auth_requested cp; -+ -+ /* encrypt must be pending if auth is also pending */ -+ set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); -+ - cp.handle = cpu_to_le16(conn->handle); - hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, - sizeof(cp), &cp); -diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c -index 41c2310..aea1559 100644 ---- a/net/mac80211/agg-rx.c -+++ b/net/mac80211/agg-rx.c -@@ -49,6 +49,8 @@ static void ieee80211_free_tid_rx(struct rcu_head *h) - container_of(h, struct tid_ampdu_rx, rcu_head); - int i; - -+ del_timer_sync(&tid_rx->reorder_timer); -+ - for (i = 0; i < tid_rx->buf_size; i++) - dev_kfree_skb(tid_rx->reorder_buf[i]); - kfree(tid_rx->reorder_buf); -@@ -88,7 +90,6 @@ void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, - tid, 0, reason); - - del_timer_sync(&tid_rx->session_timer); -- del_timer_sync(&tid_rx->reorder_timer); - - call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx); - } -diff --git a/net/rose/rose_dev.c b/net/rose/rose_dev.c -index 178ff4f..2679507 100644 ---- a/net/rose/rose_dev.c -+++ b/net/rose/rose_dev.c -@@ -96,11 +96,11 @@ static int rose_set_mac_address(struct net_device *dev, void *addr) - struct sockaddr *sa = addr; - int err; - -- if (!memcpy(dev->dev_addr, sa->sa_data, dev->addr_len)) -+ if (!memcmp(dev->dev_addr, sa->sa_data, dev->addr_len)) - return 0; - - if (dev->flags & IFF_UP) { -- err = rose_add_loopback_node((rose_address *)dev->dev_addr); -+ err = rose_add_loopback_node((rose_address *)sa->sa_data); - if (err) - return err; - -diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 2bd594e..619228d 100644 ---- a/scripts/mod/modpost.c -+++ b/scripts/mod/modpost.c -@@ -132,8 +132,10 @@ static struct module *new_module(char *modname) - /* strip trailing .o */ - s = strrchr(p, '.'); - if (s != NULL) -- if (strcmp(s, ".o") == 0) -+ if (strcmp(s, ".o") == 0) { - *s = '\0'; -+ mod->is_dot_o = 1; -+ } - - /* add to list */ - mod->name = p; -@@ -587,7 +589,8 @@ static void handle_modversions(struct module *mod, struct elf_info *info, - unsigned int crc; - enum export export; - -- if (!is_vmlinux(mod->name) && strncmp(symname, "__ksymtab", 9) == 0) -+ if ((!is_vmlinux(mod->name) || mod->is_dot_o) && -+ strncmp(symname, "__ksymtab", 9) == 0) - export = export_from_secname(info, get_secindex(info, sym)); - else - export = export_from_sec(info, get_secindex(info, sym)); -@@ -849,7 +852,7 @@ static void check_section(const char *modname, struct elf_info *elf, - - #define ALL_INIT_DATA_SECTIONS \ - ".init.setup$", ".init.rodata$", \ -- ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$" \ -+ ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$", \ - ".init.data$", ".devinit.data$", ".cpuinit.data$", ".meminit.data$" - #define ALL_EXIT_DATA_SECTIONS \ - ".exit.data$", ".devexit.data$", ".cpuexit.data$", ".memexit.data$" -diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h -index 2031119..51207e4 100644 ---- a/scripts/mod/modpost.h -+++ b/scripts/mod/modpost.h -@@ -113,6 +113,7 @@ struct module { - int has_cleanup; - struct buffer dev_table_buf; - char srcversion[25]; -+ int is_dot_o; - }; - - struct elf_info { -diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c -index bee09d0..fe00cdf 100644 ---- a/security/tomoyo/mount.c -+++ b/security/tomoyo/mount.c -@@ -199,30 +199,32 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, - if (flags & MS_REMOUNT) { - type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]; - flags &= ~MS_REMOUNT; -- } -- if (flags & MS_MOVE) { -- type = tomoyo_mounts[TOMOYO_MOUNT_MOVE]; -- flags &= ~MS_MOVE; -- } -- if (flags & MS_BIND) { -+ } else if (flags & MS_BIND) { - type = tomoyo_mounts[TOMOYO_MOUNT_BIND]; - flags &= ~MS_BIND; -- } -- if (flags & MS_UNBINDABLE) { -- type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE]; -- flags &= ~MS_UNBINDABLE; -- } -- if (flags & MS_PRIVATE) { -+ } else if (flags & MS_SHARED) { -+ if (flags & (MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE)) -+ return -EINVAL; -+ type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]; -+ flags &= ~MS_SHARED; -+ } else if (flags & MS_PRIVATE) { -+ if (flags & (MS_SHARED | MS_SLAVE | MS_UNBINDABLE)) -+ return -EINVAL; - type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE]; - flags &= ~MS_PRIVATE; -- } -- if (flags & MS_SLAVE) { -+ } else if (flags & MS_SLAVE) { -+ if (flags & (MS_SHARED | MS_PRIVATE | MS_UNBINDABLE)) -+ return -EINVAL; - type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE]; - flags &= ~MS_SLAVE; -- } -- if (flags & MS_SHARED) { -- type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]; -- flags &= ~MS_SHARED; -+ } else if (flags & MS_UNBINDABLE) { -+ if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE)) -+ return -EINVAL; -+ type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE]; -+ flags &= ~MS_UNBINDABLE; -+ } else if (flags & MS_MOVE) { -+ type = tomoyo_mounts[TOMOYO_MOUNT_MOVE]; -+ flags &= ~MS_MOVE; - } - if (!type) - type = "<NULL>"; -diff --git a/sound/soc/codecs/ak4642.c b/sound/soc/codecs/ak4642.c -index 12c1bde..1c4999d 100644 ---- a/sound/soc/codecs/ak4642.c -+++ b/sound/soc/codecs/ak4642.c -@@ -144,7 +144,7 @@ - * min : 0xFE : -115.0 dB - * mute: 0xFF - */ --static const DECLARE_TLV_DB_SCALE(out_tlv, -11500, 50, 1); -+static const DECLARE_TLV_DB_SCALE(out_tlv, -11550, 50, 1); - - static const struct snd_kcontrol_new ak4642_snd_controls[] = { - -diff --git a/sound/soc/codecs/wm8994.c b/sound/soc/codecs/wm8994.c -index 6e502af..2f1f5f8 100644 ---- a/sound/soc/codecs/wm8994.c -+++ b/sound/soc/codecs/wm8994.c -@@ -3190,7 +3190,7 @@ static int wm8994_codec_probe(struct snd_soc_codec *codec) - case 2: - case 3: - wm8994->hubs.dcs_codes_l = -9; -- wm8994->hubs.dcs_codes_r = -5; -+ wm8994->hubs.dcs_codes_r = -7; - break; - default: - break; diff --git a/3.2.15/0000_README b/3.2.16/0000_README index 0b6d426..1868caa 100644 --- a/3.2.15/0000_README +++ b/3.2.16/0000_README @@ -2,11 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1014_linux-3.2.15.patch -From: http://www.kernel.org -Desc: Linux 3.2.15 - -Patch: 4420_grsecurity-2.9-3.2.15-201204131715.patch +Patch: 4420_grsecurity-2.9-3.2.16-201204231833.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.15/4420_grsecurity-2.9-3.2.15-201204131715.patch b/3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch index 81cf1c0..e77a05a 100644 --- a/3.2.15/4420_grsecurity-2.9-3.2.15-201204131715.patch +++ b/3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch @@ -195,7 +195,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 6195122..55e3055 100644 +index 3da29cb..47b7468 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -221,15 +221,17 @@ index 6195122..55e3055 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,53 @@ else +@@ -564,6 +565,55 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS +ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN ++ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN +endif ++endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK +STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN +STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 @@ -275,7 +277,7 @@ index 6195122..55e3055 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +756,7 @@ export mod_strip_cmd +@@ -708,7 +758,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -284,7 +286,7 @@ index 6195122..55e3055 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +982,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -293,7 +295,7 @@ index 6195122..55e3055 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +993,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -302,7 +304,7 @@ index 6195122..55e3055 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1037,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -310,7 +312,7 @@ index 6195122..55e3055 100644 prepare: prepare0 # Generate some files -@@ -1086,6 +1137,8 @@ all: modules +@@ -1086,6 +1139,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -319,7 +321,7 @@ index 6195122..55e3055 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1101,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1101,7 +1156,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -328,7 +330,7 @@ index 6195122..55e3055 100644 # Target to install modules PHONY += modules_install -@@ -1198,6 +1251,7 @@ distclean: mrproper +@@ -1198,6 +1253,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -336,7 +338,7 @@ index 6195122..55e3055 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1358,6 +1412,8 @@ PHONY += $(module-dirs) modules +@@ -1358,6 +1414,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -345,7 +347,7 @@ index 6195122..55e3055 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1484,17 +1540,21 @@ else +@@ -1484,17 +1542,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -371,7 +373,7 @@ index 6195122..55e3055 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1504,11 +1564,15 @@ endif +@@ -1504,11 +1566,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -20119,18 +20121,10 @@ index 9299410..ade2f9b 100644 spin_unlock(&vcpu->kvm->mmu_lock); diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 94a4672..1700ed1 100644 +index 94a4672..5c6b853 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3037,6 +3037,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data) - return 0; - } - -+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3); - static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) - { - struct vcpu_svm *svm = to_svm(vcpu); -@@ -3405,7 +3406,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3405,7 +3405,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -20142,7 +20136,7 @@ index 94a4672..1700ed1 100644 load_TR_desc(); } -@@ -3783,6 +3788,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3783,6 +3787,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -30503,7 +30497,7 @@ index d47a53b..61154c2 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 9011f48..00bf0d4 100644 +index 390768f..172aa06 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, @@ -30524,7 +30518,7 @@ index 9011f48..00bf0d4 100644 } static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -6952,7 +6952,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -6955,7 +6955,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, atomic_clear_mask(1 << intel_crtc->plane, &obj->pending_flip.counter); @@ -30533,7 +30527,22 @@ index 9011f48..00bf0d4 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7242,7 +7242,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7138,7 +7138,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, + OUT_RING(fb->pitch | obj->tiling_mode); + OUT_RING(obj->gtt_offset); + +- pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; ++ /* Contrary to the suggestions in the documentation, ++ * "Enable Panel Fitter" does not seem to be required when page ++ * flipping with a non-native mode, and worse causes a normal ++ * modeset to fail. ++ * pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; ++ */ ++ pf = 0; + pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; + OUT_RING(pf | pipesrc); + ADVANCE_LP_RING(); +@@ -7245,7 +7251,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -30542,7 +30551,7 @@ index 9011f48..00bf0d4 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7256,7 +7256,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7259,7 +7265,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: @@ -35250,6 +35259,19 @@ index 41e6b33..8e89b0f 100644 } /* To mask all all interrupts.*/ +diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c +index 1b7082d..c786773 100644 +--- a/drivers/net/macvtap.c ++++ b/drivers/net/macvtap.c +@@ -526,6 +526,8 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, + } + base = (unsigned long)from->iov_base + offset1; + size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT; ++ if (i + size >= MAX_SKB_FRAGS) ++ return -EFAULT; + num_pages = get_user_pages_fast(base, size, 0, &page[i]); + if ((num_pages != size) || + (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags)) diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 486b404..0d6677d 100644 --- a/drivers/net/ppp/ppp_generic.c @@ -41803,7 +41825,7 @@ index 41746bb..febcb44 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index 7f8472c..9842e87 100644 +index 8813588..1c6b358 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -41856,7 +41878,24 @@ index 7f8472c..9842e87 100644 printk(KERN_INFO "uvesafb: protected mode interface info at " "%04x:%04x\n", (u16)task->t.regs.es, (u16)task->t.regs.edi); -@@ -1821,6 +1844,11 @@ out: +@@ -816,13 +839,14 @@ static int __devinit uvesafb_vbe_init(struct fb_info *info) + par->ypan = ypan; + + if (par->pmi_setpal || par->ypan) { ++#if !defined(CONFIG_MODULES) || !defined(CONFIG_PAX_KERNEXEC) + if (__supported_pte_mask & _PAGE_NX) { + par->pmi_setpal = par->ypan = 0; + printk(KERN_WARNING "uvesafb: NX protection is actively." + "We have better not to use the PMI.\n"); +- } else { ++ } else ++#endif + uvesafb_vbe_getpmi(task, par); +- } + } + #else + /* The protected mode interface is not available on non-x86. */ +@@ -1828,6 +1852,11 @@ out: if (par->vbe_modes) kfree(par->vbe_modes); @@ -41868,7 +41907,7 @@ index 7f8472c..9842e87 100644 framebuffer_release(info); return err; } -@@ -1847,6 +1875,12 @@ static int uvesafb_remove(struct platform_device *dev) +@@ -1854,6 +1883,12 @@ static int uvesafb_remove(struct platform_device *dev) kfree(par->vbe_state_orig); if (par->vbe_state_saved) kfree(par->vbe_state_saved); @@ -44992,10 +45031,10 @@ index 12ccacd..a6035fce0 100644 if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index dbae4d9..0caa13e 100644 +index 7b1cd5c..6f5b317 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1210,19 +1210,19 @@ struct ext4_sb_info { +@@ -1207,19 +1207,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -60335,12 +60374,12 @@ index 810431d..ccc3638 100644 * The "pgd_xxx()" functions here are trivial for a folded two-level * setup: the pud is never bad, and a pud always exists (as it's folded diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index a03c098..9624b83 100644 +index a03c098..7e5b223 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h -@@ -504,6 +504,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) - - #endif /* CONFIG_MMU */ +@@ -502,6 +502,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) + #endif + } +#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL +static inline unsigned long pax_open_kernel(void) { return 0; } @@ -60350,9 +60389,9 @@ index a03c098..9624b83 100644 +static inline unsigned long pax_close_kernel(void) { return 0; } +#endif + - #endif /* !__ASSEMBLY__ */ + #endif /* CONFIG_MMU */ - #endif /* _ASM_GENERIC_PGTABLE_H */ + #endif /* !__ASSEMBLY__ */ diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h index ac68c99..90d3439 100644 --- a/include/asm-generic/uaccess.h @@ -64015,6 +64054,27 @@ index de8832d..0147b46 100644 __SONET_ITEMS #undef __HANDLE_ITEM }; +diff --git a/include/linux/stddef.h b/include/linux/stddef.h +index 6a40c76..1747b67 100644 +--- a/include/linux/stddef.h ++++ b/include/linux/stddef.h +@@ -3,14 +3,10 @@ + + #include <linux/compiler.h> + ++#ifdef __KERNEL__ ++ + #undef NULL +-#if defined(__cplusplus) +-#define NULL 0 +-#else + #define NULL ((void *)0) +-#endif +- +-#ifdef __KERNEL__ + + enum { + false = 0, diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h index 3d8f9c4..69f1c0a 100644 --- a/include/linux/sunrpc/clnt.h @@ -66718,7 +66778,7 @@ index 0acf42c0..9e40e2e 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 0677023..f3c3b79 100644 +index 866c9d5..5c5f828 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -66729,7 +66789,7 @@ index 0677023..f3c3b79 100644 #include <linux/signal.h> #include <linux/export.h> #include <linux/magic.h> -@@ -238,6 +239,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -239,6 +240,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -66741,18 +66801,7 @@ index 0677023..f3c3b79 100644 /* * The futex address must be "naturally" aligned. */ -@@ -2459,6 +2465,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, - if (!p) - goto err_unlock; - ret = -EPERM; -+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP -+ if (!ptrace_may_access(p, PTRACE_MODE_READ)) -+ goto err_unlock; -+#endif - pcred = __task_cred(p); - /* If victim is in different user_ns, then uids are not - comparable, so we must have CAP_SYS_PTRACE */ -@@ -2731,6 +2741,7 @@ static int __init futex_init(void) +@@ -2721,6 +2727,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -66760,7 +66809,7 @@ index 0677023..f3c3b79 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2742,8 +2753,11 @@ static int __init futex_init(void) +@@ -2732,8 +2739,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -66772,39 +66821,6 @@ index 0677023..f3c3b79 100644 for (i = 0; i < ARRAY_SIZE(futex_queues); i++) { plist_head_init(&futex_queues[i].chain); -diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c -index 5f9e689..582d46d 100644 ---- a/kernel/futex_compat.c -+++ b/kernel/futex_compat.c -@@ -10,6 +10,7 @@ - #include <linux/compat.h> - #include <linux/nsproxy.h> - #include <linux/futex.h> -+#include <linux/ptrace.h> - - #include <asm/uaccess.h> - -@@ -136,7 +137,8 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, - { - struct compat_robust_list_head __user *head; - unsigned long ret; -- const struct cred *cred = current_cred(), *pcred; -+ const struct cred *cred = current_cred(); -+ const struct cred *pcred; - - if (!futex_cmpxchg_enabled) - return -ENOSYS; -@@ -152,6 +154,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, - if (!p) - goto err_unlock; - ret = -EPERM; -+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP -+ if (!ptrace_may_access(p, PTRACE_MODE_READ)) -+ goto err_unlock; -+#endif - pcred = __task_cred(p); - /* If victim is in different user_ns, then uids are not - comparable, so we must have CAP_SYS_PTRACE */ diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c index 9b22d03..6295b62 100644 --- a/kernel/gcov/base.c @@ -70735,7 +70751,7 @@ index 8f005e9..1cb1036 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 2316840..b418671 100644 +index bd936ed..3184b5d 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2347,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, @@ -79873,18 +79889,18 @@ index 3783202..1852837 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index ee4f848..a320c64 100644 +index 12440ee..317c541 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -28,6 +28,7 @@ - #include <linux/prctl.h> +@@ -29,6 +29,7 @@ #include <linux/securebits.h> #include <linux/user_namespace.h> + #include <linux/personality.h> +#include <net/sock.h> /* * If a non-root user executes a setuid-root binary in -@@ -58,7 +59,7 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) +@@ -59,7 +60,7 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) int cap_netlink_recv(struct sk_buff *skb, int cap) { @@ -79893,7 +79909,7 @@ index ee4f848..a320c64 100644 return -EPERM; return 0; } -@@ -579,6 +580,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -585,6 +586,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) { const struct cred *cred = current_cred(); @@ -81142,7 +81158,7 @@ index 0000000..ee950d0 +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..704a564 +index 0000000..88a7438 --- /dev/null +++ b/tools/gcc/constify_plugin.c @@ -0,0 +1,303 @@ @@ -81405,7 +81421,7 @@ index 0000000..704a564 +// continue; + + if (walk_struct(type)) { -+ error("constified variable %qE cannot be local", var); ++ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var); + return 1; + } + } diff --git a/3.2.15/4430_grsec-remove-localversion-grsec.patch b/3.2.16/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.15/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.16/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.15/4435_grsec-mute-warnings.patch b/3.2.16/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.2.15/4435_grsec-mute-warnings.patch +++ b/3.2.16/4435_grsec-mute-warnings.patch diff --git a/3.2.15/4440_grsec-remove-protected-paths.patch b/3.2.16/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.2.15/4440_grsec-remove-protected-paths.patch +++ b/3.2.16/4440_grsec-remove-protected-paths.patch diff --git a/3.2.15/4445_grsec-pax-without-grsec.patch b/3.2.16/4445_grsec-pax-without-grsec.patch index 58301c0..58301c0 100644 --- a/3.2.15/4445_grsec-pax-without-grsec.patch +++ b/3.2.16/4445_grsec-pax-without-grsec.patch diff --git a/3.2.15/4450_grsec-kconfig-default-gids.patch b/3.2.16/4450_grsec-kconfig-default-gids.patch index 123f877..123f877 100644 --- a/3.2.15/4450_grsec-kconfig-default-gids.patch +++ b/3.2.16/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.15/4455_grsec-kconfig-gentoo.patch b/3.2.16/4455_grsec-kconfig-gentoo.patch index 2527bad..2527bad 100644 --- a/3.2.15/4455_grsec-kconfig-gentoo.patch +++ b/3.2.16/4455_grsec-kconfig-gentoo.patch diff --git a/3.2.15/4460-grsec-kconfig-proc-user.patch b/3.2.16/4460-grsec-kconfig-proc-user.patch index b2b3188..b2b3188 100644 --- a/3.2.15/4460-grsec-kconfig-proc-user.patch +++ b/3.2.16/4460-grsec-kconfig-proc-user.patch diff --git a/3.2.15/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.16/4465_selinux-avc_audit-log-curr_ip.patch index 5a9d80c..5a9d80c 100644 --- a/3.2.15/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.16/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.15/4470_disable-compat_vdso.patch b/3.2.16/4470_disable-compat_vdso.patch index 4742d01..4742d01 100644 --- a/3.2.15/4470_disable-compat_vdso.patch +++ b/3.2.16/4470_disable-compat_vdso.patch diff --git a/3.3.2/0000_README b/3.3.3/0000_README index 6f6bc4c..b75ac47 100644 --- a/3.3.2/0000_README +++ b/3.3.3/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.3.2-201204131715.patch +Patch: 4420_grsecurity-2.9-3.3.3-201204231833.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.3.2/4420_grsecurity-2.9-3.3.2-201204131715.patch b/3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch index ab58d80..8309b6e 100644 --- a/3.3.2/4420_grsecurity-2.9-3.3.2-201204131715.patch +++ b/3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch @@ -195,7 +195,7 @@ index d99fd9c..8689fef 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index ddcb70a..32da20d 100644 +index 0acd141..865e73d 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -221,15 +221,17 @@ index ddcb70a..32da20d 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,53 @@ else +@@ -564,6 +565,55 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS +ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN ++ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN +endif ++endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK +STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN +STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 @@ -275,7 +277,7 @@ index ddcb70a..32da20d 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +756,7 @@ export mod_strip_cmd +@@ -708,7 +758,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -284,7 +286,7 @@ index ddcb70a..32da20d 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +982,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -293,7 +295,7 @@ index ddcb70a..32da20d 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +993,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -302,7 +304,7 @@ index ddcb70a..32da20d 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1037,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -310,7 +312,7 @@ index ddcb70a..32da20d 100644 prepare: prepare0 # Generate some files -@@ -1089,6 +1140,8 @@ all: modules +@@ -1089,6 +1142,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -319,7 +321,7 @@ index ddcb70a..32da20d 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1104,7 +1157,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1104,7 +1159,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -328,7 +330,7 @@ index ddcb70a..32da20d 100644 # Target to install modules PHONY += modules_install -@@ -1201,6 +1254,7 @@ distclean: mrproper +@@ -1201,6 +1256,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -336,7 +338,7 @@ index ddcb70a..32da20d 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1361,6 +1415,8 @@ PHONY += $(module-dirs) modules +@@ -1361,6 +1417,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -345,7 +347,7 @@ index ddcb70a..32da20d 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1487,17 +1543,21 @@ else +@@ -1487,17 +1545,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -371,7 +373,7 @@ index ddcb70a..32da20d 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1507,11 +1567,15 @@ endif +@@ -1507,11 +1569,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -9650,7 +9652,7 @@ index 46fc474..b02b0f9 100644 if (len) diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h -index b3b7332..3935f40 100644 +index 99480e5..d81165b 100644 --- a/arch/x86/include/asm/cmpxchg.h +++ b/arch/x86/include/asm/cmpxchg.h @@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void) @@ -10214,7 +10216,7 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index 52d6640..3d2c938 100644 +index 52d6640..136b3bd 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -663,7 +663,7 @@ struct kvm_x86_ops { @@ -10235,15 +10237,6 @@ index 52d6640..3d2c938 100644 u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn); extern bool tdp_enabled; -@@ -756,7 +756,7 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l); - int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr); - - int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata); --int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data); -+int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data) __size_overflow(3); - - unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu); - void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags); @@ -781,7 +781,7 @@ int fx_init(struct kvm_vcpu *vcpu); void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu); @@ -20089,18 +20082,10 @@ index 1561028..0ed7f14 100644 goto error; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index e385214..029e9dd 100644 +index e385214..f8df033 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3051,6 +3051,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data) - return 0; - } - -+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3); - static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) - { - struct vcpu_svm *svm = to_svm(vcpu); -@@ -3420,7 +3421,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -20112,7 +20097,7 @@ index e385214..029e9dd 100644 load_TR_desc(); } -@@ -3798,6 +3803,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -20124,7 +20109,7 @@ index e385214..029e9dd 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 3b4c8d8..4ae0af6 100644 +index 3b4c8d8..f457b63 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1306,7 +1306,11 @@ static void reload_tss(void) @@ -20139,15 +20124,7 @@ index 3b4c8d8..4ae0af6 100644 load_TR_desc(); } -@@ -2162,6 +2166,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) - * Returns 0 on success, non-0 otherwise. - * Assumes vcpu_load() was already called. - */ -+static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) __size_overflow(3); - static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) - { - struct vcpu_vmx *vmx = to_vmx(vcpu); -@@ -2631,8 +2636,11 @@ static __init int hardware_setup(void) +@@ -2631,8 +2635,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -20161,7 +20138,7 @@ index 3b4c8d8..4ae0af6 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3648,7 +3656,7 @@ static void vmx_set_constant_host_state(void) +@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -20170,7 +20147,7 @@ index 3b4c8d8..4ae0af6 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6184,6 +6192,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6184,6 +6191,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -20183,7 +20160,7 @@ index 3b4c8d8..4ae0af6 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6232,6 +6246,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6232,6 +6245,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20195,7 +20172,7 @@ index 3b4c8d8..4ae0af6 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6260,7 +6279,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6260,7 +6278,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } @@ -30365,7 +30342,7 @@ index 5bd4361..0241a42 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 2163818..e536c3d 100644 +index 2163818..cede019 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, @@ -30395,7 +30372,22 @@ index 2163818..e536c3d 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7461,7 +7461,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7354,7 +7354,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, + OUT_RING(fb->pitches[0] | obj->tiling_mode); + OUT_RING(obj->gtt_offset); + +- pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; ++ /* Contrary to the suggestions in the documentation, ++ * "Enable Panel Fitter" does not seem to be required when page ++ * flipping with a non-native mode, and worse causes a normal ++ * modeset to fail. ++ * pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; ++ */ ++ pf = 0; + pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; + OUT_RING(pf | pipesrc); + ADVANCE_LP_RING(); +@@ -7461,7 +7467,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -30404,7 +30396,7 @@ index 2163818..e536c3d 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7475,7 +7475,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7475,7 +7481,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: @@ -33524,7 +33516,7 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 118e0f6..210c4d7 100644 +index edc735a..e9b97f1 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1645,7 +1645,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) @@ -33536,7 +33528,7 @@ index 118e0f6..210c4d7 100644 } sectors -= s; sect += s; -@@ -1858,7 +1858,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -1859,7 +1859,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -33546,7 +33538,7 @@ index 118e0f6..210c4d7 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index be7101d..f23ba30 100644 +index 1898389..a3aa617 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c @@ -1636,7 +1636,7 @@ static void end_sync_read(struct bio *bio, int error) @@ -35249,6 +35241,19 @@ index 133b7fb..d58c559 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); +diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c +index 58dc117..f140c77 100644 +--- a/drivers/net/macvtap.c ++++ b/drivers/net/macvtap.c +@@ -526,6 +526,8 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, + } + base = (unsigned long)from->iov_base + offset1; + size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT; ++ if (i + size >= MAX_SKB_FRAGS) ++ return -EFAULT; + num_pages = get_user_pages_fast(base, size, 0, &page[i]); + if ((num_pages != size) || + (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags)) diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 486b404..0d6677d 100644 --- a/drivers/net/ppp/ppp_generic.c @@ -41612,7 +41617,7 @@ index a40c05e..785c583 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index e7f69ef..83af4fd 100644 +index 8408543..357841c 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -41665,7 +41670,24 @@ index e7f69ef..83af4fd 100644 printk(KERN_INFO "uvesafb: protected mode interface info at " "%04x:%04x\n", (u16)task->t.regs.es, (u16)task->t.regs.edi); -@@ -1821,6 +1844,11 @@ out: +@@ -816,13 +839,14 @@ static int __devinit uvesafb_vbe_init(struct fb_info *info) + par->ypan = ypan; + + if (par->pmi_setpal || par->ypan) { ++#if !defined(CONFIG_MODULES) || !defined(CONFIG_PAX_KERNEXEC) + if (__supported_pte_mask & _PAGE_NX) { + par->pmi_setpal = par->ypan = 0; + printk(KERN_WARNING "uvesafb: NX protection is actively." + "We have better not to use the PMI.\n"); +- } else { ++ } else ++#endif + uvesafb_vbe_getpmi(task, par); +- } + } + #else + /* The protected mode interface is not available on non-x86. */ +@@ -1828,6 +1852,11 @@ out: if (par->vbe_modes) kfree(par->vbe_modes); @@ -41677,7 +41699,7 @@ index e7f69ef..83af4fd 100644 framebuffer_release(info); return err; } -@@ -1847,6 +1875,12 @@ static int uvesafb_remove(struct platform_device *dev) +@@ -1854,6 +1883,12 @@ static int uvesafb_remove(struct platform_device *dev) kfree(par->vbe_state_orig); if (par->vbe_state_saved) kfree(par->vbe_state_saved); @@ -43036,7 +43058,7 @@ index 892b347..b3db246 100644 * If a file is moved, it will inherit the cow and compression flags of the new * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index d8b5471..e5463d7 100644 +index 1b36f19..5ac7360 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2783,9 +2783,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) @@ -44717,10 +44739,10 @@ index f9e2cd8..bfdc476 100644 if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 3ce6a0c..0311fe5 100644 +index 9983ba8..2a5272c 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1220,19 +1220,19 @@ struct ext4_sb_info { +@@ -1217,19 +1217,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -59983,12 +60005,12 @@ index 810431d..ccc3638 100644 * The "pgd_xxx()" functions here are trivial for a folded two-level * setup: the pud is never bad, and a pud always exists (as it's folded diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index a03c098..9624b83 100644 +index a03c098..7e5b223 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h -@@ -504,6 +504,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) - - #endif /* CONFIG_MMU */ +@@ -502,6 +502,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) + #endif + } +#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL +static inline unsigned long pax_open_kernel(void) { return 0; } @@ -59998,9 +60020,9 @@ index a03c098..9624b83 100644 +static inline unsigned long pax_close_kernel(void) { return 0; } +#endif + - #endif /* !__ASSEMBLY__ */ + #endif /* CONFIG_MMU */ - #endif /* _ASM_GENERIC_PGTABLE_H */ + #endif /* !__ASSEMBLY__ */ diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h index 9788568..510dece 100644 --- a/include/asm-generic/uaccess.h @@ -62179,7 +62201,7 @@ index 9c07dce..a92fa71 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 900c763..3287a0b 100644 +index 900c763..098aefa 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); @@ -62227,7 +62249,27 @@ index 900c763..3287a0b 100644 void kvm_arch_exit(void); int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); -@@ -721,7 +721,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm); +@@ -593,6 +593,7 @@ void kvm_free_irq_source_id(struct kvm *kvm, int irq_source_id); + + #ifdef CONFIG_IOMMU_API + int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot); ++void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot); + int kvm_iommu_map_guest(struct kvm *kvm); + int kvm_iommu_unmap_guest(struct kvm *kvm); + int kvm_assign_device(struct kvm *kvm, +@@ -606,6 +607,11 @@ static inline int kvm_iommu_map_pages(struct kvm *kvm, + return 0; + } + ++static inline void kvm_iommu_unmap_pages(struct kvm *kvm, ++ struct kvm_memory_slot *slot) ++{ ++} ++ + static inline int kvm_iommu_map_guest(struct kvm *kvm) + { + return -ENODEV; +@@ -721,7 +727,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm); int kvm_set_irq_routing(struct kvm *kvm, const struct kvm_irq_routing_entry *entries, unsigned nr, @@ -63642,6 +63684,27 @@ index de8832d..0147b46 100644 __SONET_ITEMS #undef __HANDLE_ITEM }; +diff --git a/include/linux/stddef.h b/include/linux/stddef.h +index 6a40c76..1747b67 100644 +--- a/include/linux/stddef.h ++++ b/include/linux/stddef.h +@@ -3,14 +3,10 @@ + + #include <linux/compiler.h> + ++#ifdef __KERNEL__ ++ + #undef NULL +-#if defined(__cplusplus) +-#define NULL 0 +-#else + #define NULL ((void *)0) +-#endif +- +-#ifdef __KERNEL__ + + enum { + false = 0, diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h index 2c5993a..b0e79f0 100644 --- a/include/linux/sunrpc/clnt.h @@ -66340,7 +66403,7 @@ index 26a7a67..a1053f9 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 0677023..f3c3b79 100644 +index 866c9d5..5c5f828 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -66351,7 +66414,7 @@ index 0677023..f3c3b79 100644 #include <linux/signal.h> #include <linux/export.h> #include <linux/magic.h> -@@ -238,6 +239,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -239,6 +240,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -66363,18 +66426,7 @@ index 0677023..f3c3b79 100644 /* * The futex address must be "naturally" aligned. */ -@@ -2459,6 +2465,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, - if (!p) - goto err_unlock; - ret = -EPERM; -+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP -+ if (!ptrace_may_access(p, PTRACE_MODE_READ)) -+ goto err_unlock; -+#endif - pcred = __task_cred(p); - /* If victim is in different user_ns, then uids are not - comparable, so we must have CAP_SYS_PTRACE */ -@@ -2731,6 +2741,7 @@ static int __init futex_init(void) +@@ -2721,6 +2727,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -66382,7 +66434,7 @@ index 0677023..f3c3b79 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2742,8 +2753,11 @@ static int __init futex_init(void) +@@ -2732,8 +2739,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -66394,39 +66446,6 @@ index 0677023..f3c3b79 100644 for (i = 0; i < ARRAY_SIZE(futex_queues); i++) { plist_head_init(&futex_queues[i].chain); -diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c -index 5f9e689..582d46d 100644 ---- a/kernel/futex_compat.c -+++ b/kernel/futex_compat.c -@@ -10,6 +10,7 @@ - #include <linux/compat.h> - #include <linux/nsproxy.h> - #include <linux/futex.h> -+#include <linux/ptrace.h> - - #include <asm/uaccess.h> - -@@ -136,7 +137,8 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, - { - struct compat_robust_list_head __user *head; - unsigned long ret; -- const struct cred *cred = current_cred(), *pcred; -+ const struct cred *cred = current_cred(); -+ const struct cred *pcred; - - if (!futex_cmpxchg_enabled) - return -ENOSYS; -@@ -152,6 +154,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, - if (!p) - goto err_unlock; - ret = -EPERM; -+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP -+ if (!ptrace_may_access(p, PTRACE_MODE_READ)) -+ goto err_unlock; -+#endif - pcred = __task_cred(p); - /* If victim is in different user_ns, then uids are not - comparable, so we must have CAP_SYS_PTRACE */ diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c index 9b22d03..6295b62 100644 --- a/kernel/gcov/base.c @@ -67691,18 +67710,9 @@ index b452599..5d68f4e 100644 atomic_set(&pd->refcnt, 0); pd->pinst = pinst; diff --git a/kernel/panic.c b/kernel/panic.c -index 80aed44..e83856a 100644 +index 8ed89a1..e83856a 100644 --- a/kernel/panic.c +++ b/kernel/panic.c -@@ -97,7 +97,7 @@ void panic(const char *fmt, ...) - /* - * Avoid nested stack-dumping if a panic occurs during oops processing - */ -- if (!oops_in_progress) -+ if (!test_taint(TAINT_DIE) && oops_in_progress <= 1) - dump_stack(); - #endif - @@ -402,7 +402,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, const char *board; @@ -70288,7 +70298,7 @@ index 8f7fc39..69bf1e9 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index a876871..132cde0 100644 +index a7cf829..d60e0e1 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2346,6 +2346,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, @@ -74543,7 +74553,7 @@ index 07d1c1d..7e9bea9 100644 frag2->seqno = htons(seqno); diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c -index 07bc69e..21e76b1 100644 +index 280953b..cd219bb 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -234,7 +234,7 @@ void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16]) @@ -79335,18 +79345,18 @@ index 97ce8fa..23dad96 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index 7ce191e..6c29c34 100644 +index b8d2bb9..980069e 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -28,6 +28,7 @@ - #include <linux/prctl.h> +@@ -29,6 +29,7 @@ #include <linux/securebits.h> #include <linux/user_namespace.h> + #include <linux/personality.h> +#include <net/sock.h> /* * If a non-root user executes a setuid-root binary in -@@ -569,6 +570,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -575,6 +576,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) { const struct cred *cred = current_cred(); @@ -80528,7 +80538,7 @@ index 0000000..ee950d0 +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..704a564 +index 0000000..88a7438 --- /dev/null +++ b/tools/gcc/constify_plugin.c @@ -0,0 +1,303 @@ @@ -80791,7 +80801,7 @@ index 0000000..704a564 +// continue; + + if (walk_struct(type)) { -+ error("constified variable %qE cannot be local", var); ++ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var); + return 1; + } + } @@ -86008,8 +86018,33 @@ index af0f22f..9a7d479 100644 } else break; } +diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c +index a457d21..fec1723 100644 +--- a/virt/kvm/iommu.c ++++ b/virt/kvm/iommu.c +@@ -310,6 +310,11 @@ static void kvm_iommu_put_pages(struct kvm *kvm, + } + } + ++void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot) ++{ ++ kvm_iommu_put_pages(kvm, slot->base_gfn, slot->npages); ++} ++ + static int kvm_iommu_unmap_memslots(struct kvm *kvm) + { + int idx; +@@ -320,7 +325,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm) + slots = kvm_memslots(kvm); + + kvm_for_each_memslot(memslot, slots) +- kvm_iommu_put_pages(kvm, memslot->base_gfn, memslot->npages); ++ kvm_iommu_unmap_pages(kvm, memslot); + + srcu_read_unlock(&kvm->srcu, idx); + diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index a91f980..a58d32c 100644 +index a91f980..527711d 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,7 +75,7 @@ LIST_HEAD(vm_list); @@ -86021,7 +86056,23 @@ index a91f980..a58d32c 100644 struct kmem_cache *kvm_vcpu_cache; EXPORT_SYMBOL_GPL(kvm_vcpu_cache); -@@ -2312,7 +2312,7 @@ static void hardware_enable_nolock(void *junk) +@@ -873,12 +873,13 @@ skip_lpage: + if (r) + goto out_free; + +- /* map the pages in iommu page table */ ++ /* map/unmap the pages in iommu page table */ + if (npages) { + r = kvm_iommu_map_pages(kvm, &new); + if (r) + goto out_free; +- } ++ } else ++ kvm_iommu_unmap_pages(kvm, &old); + + r = -ENOMEM; + slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots), +@@ -2312,7 +2313,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -86030,7 +86081,7 @@ index a91f980..a58d32c 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2366,10 +2366,10 @@ static int hardware_enable_all(void) +@@ -2366,10 +2367,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -86043,7 +86094,7 @@ index a91f980..a58d32c 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2732,7 +2732,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2732,7 +2733,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -86052,7 +86103,7 @@ index a91f980..a58d32c 100644 struct module *module) { int r; -@@ -2795,7 +2795,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2795,7 +2796,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -86061,7 +86112,7 @@ index a91f980..a58d32c 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2805,9 +2805,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2805,9 +2806,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; diff --git a/3.3.2/4430_grsec-remove-localversion-grsec.patch b/3.3.3/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.3.2/4430_grsec-remove-localversion-grsec.patch +++ b/3.3.3/4430_grsec-remove-localversion-grsec.patch diff --git a/3.3.2/4435_grsec-mute-warnings.patch b/3.3.3/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.3.2/4435_grsec-mute-warnings.patch +++ b/3.3.3/4435_grsec-mute-warnings.patch diff --git a/3.3.2/4440_grsec-remove-protected-paths.patch b/3.3.3/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.3.2/4440_grsec-remove-protected-paths.patch +++ b/3.3.3/4440_grsec-remove-protected-paths.patch diff --git a/3.3.2/4445_grsec-pax-without-grsec.patch b/3.3.3/4445_grsec-pax-without-grsec.patch index 35255c2..35255c2 100644 --- a/3.3.2/4445_grsec-pax-without-grsec.patch +++ b/3.3.3/4445_grsec-pax-without-grsec.patch diff --git a/3.3.2/4450_grsec-kconfig-default-gids.patch b/3.3.3/4450_grsec-kconfig-default-gids.patch index 123f877..123f877 100644 --- a/3.3.2/4450_grsec-kconfig-default-gids.patch +++ b/3.3.3/4450_grsec-kconfig-default-gids.patch diff --git a/3.3.2/4455_grsec-kconfig-gentoo.patch b/3.3.3/4455_grsec-kconfig-gentoo.patch index ef59341..ef59341 100644 --- a/3.3.2/4455_grsec-kconfig-gentoo.patch +++ b/3.3.3/4455_grsec-kconfig-gentoo.patch diff --git a/3.3.2/4460-grsec-kconfig-proc-user.patch b/3.3.3/4460-grsec-kconfig-proc-user.patch index b2b3188..b2b3188 100644 --- a/3.3.2/4460-grsec-kconfig-proc-user.patch +++ b/3.3.3/4460-grsec-kconfig-proc-user.patch diff --git a/3.3.2/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.3/4465_selinux-avc_audit-log-curr_ip.patch index 5a9d80c..5a9d80c 100644 --- a/3.3.2/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.3.3/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.3.2/4470_disable-compat_vdso.patch b/3.3.3/4470_disable-compat_vdso.patch index c40f44f..c40f44f 100644 --- a/3.3.2/4470_disable-compat_vdso.patch +++ b/3.3.3/4470_disable-compat_vdso.patch |