diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-06-12 11:00:45 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-06-12 11:00:45 -0400 |
| commit | b1a85db18db1d532e8e365aedd4e9c3bf5c70183 (patch) | |
| tree | 3cae0d5ce1e196b5e781c6e578c8e73cfd4dd9b6 | |
| parent | Add missing patch for 3.4.1 (diff) | |
| download | hardened-patchset-b1a85db18db1d532e8e365aedd4e9c3bf5c70183.tar.gz hardened-patchset-b1a85db18db1d532e8e365aedd4e9c3bf5c70183.tar.bz2 hardened-patchset-b1a85db18db1d532e8e365aedd4e9c3bf5c70183.zip | |
Grsec/PaX: 2.9-{2.6.32.59,3.2.20,3.4.2}-20120611183820120611
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206111836.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206091539.patch) | 184 | ||||
| -rw-r--r-- | 3.2.20/0000_README (renamed from 3.4.1/0000_README) | 6 | ||||
| -rw-r--r-- | 3.2.20/1019_linux-3.2.20.patch | 2829 | ||||
| -rw-r--r-- | 3.2.20/4420_grsecurity-2.9.1-3.2.20-201206111836.patch (renamed from 3.2.19/4420_grsecurity-2.9.1-3.2.19-201206091539.patch) | 565 | ||||
| -rw-r--r-- | 3.2.20/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.19/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.20/4435_grsec-mute-warnings.patch (renamed from 3.2.19/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.2.20/4440_grsec-remove-protected-paths.patch (renamed from 3.2.19/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.2.20/4445_grsec-pax-without-grsec.patch (renamed from 3.2.19/4445_grsec-pax-without-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.20/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.19/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.2.20/4455_grsec-kconfig-gentoo.patch (renamed from 3.2.19/4455_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.2.20/4460-grsec-kconfig-proc-user.patch (renamed from 3.2.19/4460-grsec-kconfig-proc-user.patch) | 0 | ||||
| -rw-r--r-- | 3.2.20/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.19/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.2.20/4470_disable-compat_vdso.patch (renamed from 3.2.19/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.4.1/1000_linux-3.4.1.patch | 2647 | ||||
| -rw-r--r-- | 3.4.2/0000_README (renamed from 3.2.19/0000_README) | 10 | ||||
| -rw-r--r-- | 3.4.2/4420_grsecurity-2.9.1-3.4.2-201206111838.patch (renamed from 3.4.1/4420_grsecurity-2.9.1-3.4.1-201206091540.patch) | 485 | ||||
| -rw-r--r-- | 3.4.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.4.1/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.4.2/4435_grsec-mute-warnings.patch (renamed from 3.4.1/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.4.2/4440_grsec-remove-protected-paths.patch (renamed from 3.4.1/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.4.2/4445_grsec-pax-without-grsec.patch (renamed from 3.4.1/4445_grsec-pax-without-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.4.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.4.1/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.4.2/4455_grsec-kconfig-gentoo.patch (renamed from 3.4.1/4455_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.4.2/4460-grsec-kconfig-proc-user.patch (renamed from 3.4.1/4460-grsec-kconfig-proc-user.patch) | 0 | ||||
| -rw-r--r-- | 3.4.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.4.1/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.4.2/4470_disable-compat_vdso.patch (renamed from 3.4.1/4470_disable-compat_vdso.patch) | 0 |
26 files changed, 3509 insertions, 3219 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 29be958..79a61c4 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201206091539.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201206111836.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206091539.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206111836.patch index 9707bca..e531299 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206091539.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206111836.patch @@ -67656,10 +67656,10 @@ index 90a6087..fa05803 100644 if (rc < 0) goto out_free; diff --git a/fs/exec.c b/fs/exec.c -index 86fafc6..6a109b9 100644 +index 86fafc6..fb681de 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -56,12 +56,28 @@ +@@ -56,12 +56,30 @@ #include <linux/fsnotify.h> #include <linux/fs_struct.h> #include <linux/pipe_fs_i.h> @@ -67670,6 +67670,8 @@ index 86fafc6..6a109b9 100644 +#include <linux/kallsyms.h> +#include <linux/kdebug.h> +#endif ++ ++#include <trace/events/fs.h> #include <asm/uaccess.h> #include <asm/mmu_context.h> @@ -67688,7 +67690,7 @@ index 86fafc6..6a109b9 100644 int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] = "core"; unsigned int core_pipe_limit; -@@ -178,18 +194,10 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -178,18 +196,10 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -67710,7 +67712,7 @@ index 86fafc6..6a109b9 100644 return NULL; if (write) { -@@ -205,6 +213,17 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -205,6 +215,17 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -67728,7 +67730,7 @@ index 86fafc6..6a109b9 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -263,6 +282,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -263,6 +284,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS; @@ -67740,7 +67742,7 @@ index 86fafc6..6a109b9 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); err = security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1); -@@ -276,6 +300,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -276,6 +302,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -67753,7 +67755,7 @@ index 86fafc6..6a109b9 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -510,7 +540,7 @@ int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm) +@@ -510,7 +542,7 @@ int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm) int r; mm_segment_t oldfs = get_fs(); set_fs(KERNEL_DS); @@ -67762,7 +67764,7 @@ index 86fafc6..6a109b9 100644 set_fs(oldfs); return r; } -@@ -540,7 +570,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -540,7 +572,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather *tlb; @@ -67772,7 +67774,7 @@ index 86fafc6..6a109b9 100644 /* * ensure there are no vmas between where we want to go -@@ -549,6 +580,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -549,6 +582,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -67783,7 +67785,7 @@ index 86fafc6..6a109b9 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -630,10 +665,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -630,10 +667,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -67794,7 +67796,7 @@ index 86fafc6..6a109b9 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -645,6 +676,14 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -645,6 +678,14 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -67809,7 +67811,7 @@ index 86fafc6..6a109b9 100644 vm_flags = VM_STACK_FLAGS; /* -@@ -658,19 +697,24 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -658,19 +699,24 @@ int setup_arg_pages(struct linux_binprm *bprm, vm_flags &= ~VM_EXEC; vm_flags |= mm->def_flags; @@ -67841,7 +67843,16 @@ index 86fafc6..6a109b9 100644 stack_expand = EXTRA_STACK_VM_PAGES * PAGE_SIZE; stack_size = vma->vm_end - vma->vm_start; /* -@@ -744,7 +788,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -721,6 +767,8 @@ struct file *open_exec(const char *name) + + fsnotify_open(file->f_path.dentry); + ++ trace_open_exec(name); ++ + err = deny_write_access(file); + if (err) + goto exit; +@@ -744,7 +792,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -67850,7 +67861,7 @@ index 86fafc6..6a109b9 100644 set_fs(old_fs); return result; } -@@ -985,6 +1029,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) +@@ -985,6 +1033,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) perf_event_comm(tsk); } @@ -67872,7 +67883,7 @@ index 86fafc6..6a109b9 100644 int flush_old_exec(struct linux_binprm * bprm) { int retval; -@@ -999,6 +1058,7 @@ int flush_old_exec(struct linux_binprm * bprm) +@@ -999,6 +1062,7 @@ int flush_old_exec(struct linux_binprm * bprm) set_mm_exe_file(bprm->mm, bprm->file); @@ -67880,7 +67891,7 @@ index 86fafc6..6a109b9 100644 /* * Release all of the old mmap stuff */ -@@ -1023,10 +1083,6 @@ EXPORT_SYMBOL(flush_old_exec); +@@ -1023,10 +1087,6 @@ EXPORT_SYMBOL(flush_old_exec); void setup_new_exec(struct linux_binprm * bprm) { @@ -67891,7 +67902,7 @@ index 86fafc6..6a109b9 100644 arch_pick_mmap_layout(current->mm); /* This is the point of no return */ -@@ -1037,18 +1093,7 @@ void setup_new_exec(struct linux_binprm * bprm) +@@ -1037,18 +1097,7 @@ void setup_new_exec(struct linux_binprm * bprm) else set_dumpable(current->mm, suid_dumpable); @@ -67911,7 +67922,7 @@ index 86fafc6..6a109b9 100644 /* Set the new mm task size. We have to do that late because it may * depend on TIF_32BIT which is only updated in flush_thread() on -@@ -1152,7 +1197,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1152,7 +1201,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -67920,7 +67931,7 @@ index 86fafc6..6a109b9 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1339,6 +1384,21 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1339,6 +1388,21 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -67942,7 +67953,7 @@ index 86fafc6..6a109b9 100644 /* * sys_execve() executes a new program. */ -@@ -1347,11 +1407,35 @@ int do_execve(char * filename, +@@ -1347,11 +1411,35 @@ int do_execve(char * filename, char __user *__user *envp, struct pt_regs * regs) { @@ -67978,7 +67989,7 @@ index 86fafc6..6a109b9 100644 retval = unshare_files(&displaced); if (retval) -@@ -1377,12 +1461,27 @@ int do_execve(char * filename, +@@ -1377,12 +1465,27 @@ int do_execve(char * filename, if (IS_ERR(file)) goto out_unmark; @@ -68006,7 +68017,7 @@ index 86fafc6..6a109b9 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1399,25 +1498,66 @@ int do_execve(char * filename, +@@ -1399,25 +1502,66 @@ int do_execve(char * filename, if (retval < 0) goto out; @@ -68077,7 +68088,7 @@ index 86fafc6..6a109b9 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1426,6 +1566,14 @@ int do_execve(char * filename, +@@ -1426,6 +1570,14 @@ int do_execve(char * filename, put_files_struct(displaced); return retval; @@ -68092,7 +68103,7 @@ index 86fafc6..6a109b9 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1591,6 +1739,229 @@ out: +@@ -1591,6 +1743,229 @@ out: return ispipe; } @@ -68322,7 +68333,7 @@ index 86fafc6..6a109b9 100644 static int zap_process(struct task_struct *start) { struct task_struct *t; -@@ -1793,17 +2164,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -1793,17 +2168,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -68345,7 +68356,7 @@ index 86fafc6..6a109b9 100644 pipe_unlock(pipe); } -@@ -1826,10 +2197,13 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -1826,10 +2201,13 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) char **helper_argv = NULL; int helper_argc = 0; int dump_count = 0; @@ -68360,7 +68371,7 @@ index 86fafc6..6a109b9 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -1874,6 +2248,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -1874,6 +2252,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) */ clear_thread_flag(TIF_SIGPENDING); @@ -68369,7 +68380,7 @@ index 86fafc6..6a109b9 100644 /* * lock_kernel() because format_corename() is controlled by sysctl, which * uses lock_kernel() -@@ -1908,7 +2284,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -1908,7 +2288,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) goto fail_unlock; } @@ -68378,7 +68389,7 @@ index 86fafc6..6a109b9 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -1972,7 +2348,7 @@ close_fail: +@@ -1972,7 +2352,7 @@ close_fail: filp_close(file, NULL); fail_dropcount: if (dump_count) @@ -71666,10 +71677,20 @@ index 9f55be4..a3f8048 100644 /* Copy the blockcheck stats from the superblock probe */ osb->osb_ecc_stats = *stats; diff --git a/fs/open.c b/fs/open.c -index 4f01e06..2a8057a 100644 +index 4f01e06..b8a21b3 100644 --- a/fs/open.c +++ b/fs/open.c -@@ -275,6 +275,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) +@@ -31,6 +31,9 @@ + #include <linux/falloc.h> + #include <linux/fs_struct.h> + ++#define CREATE_TRACE_POINTS ++#include <trace/events/fs.h> ++ + int vfs_statfs(struct dentry *dentry, struct kstatfs *buf) + { + int retval = -ENODEV; +@@ -275,6 +278,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) error = locks_verify_truncate(inode, NULL, length); if (!error) error = security_path_truncate(&path, length, 0); @@ -71680,7 +71701,7 @@ index 4f01e06..2a8057a 100644 if (!error) { vfs_dq_init(inode); error = do_truncate(path.dentry, length, 0, NULL); -@@ -511,6 +515,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) +@@ -511,6 +518,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -71690,7 +71711,7 @@ index 4f01e06..2a8057a 100644 out_path_release: path_put(&path); out: -@@ -537,6 +544,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) +@@ -537,6 +547,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) if (error) goto dput_and_out; @@ -71699,7 +71720,7 @@ index 4f01e06..2a8057a 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -563,6 +572,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -563,6 +575,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_ACCESS); @@ -71713,7 +71734,7 @@ index 4f01e06..2a8057a 100644 if (!error) set_fs_pwd(current->fs, &file->f_path); out_putf: -@@ -588,7 +604,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) +@@ -588,7 +607,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) if (!capable(CAP_SYS_CHROOT)) goto dput_and_out; @@ -71727,7 +71748,7 @@ index 4f01e06..2a8057a 100644 error = 0; dput_and_out: path_put(&path); -@@ -596,66 +618,57 @@ out: +@@ -596,66 +621,57 @@ out: return error; } @@ -71830,7 +71851,7 @@ index 4f01e06..2a8057a 100644 return error; } -@@ -664,12 +677,15 @@ SYSCALL_DEFINE2(chmod, const char __user *, filename, mode_t, mode) +@@ -664,12 +680,15 @@ SYSCALL_DEFINE2(chmod, const char __user *, filename, mode_t, mode) return sys_fchmodat(AT_FDCWD, filename, mode); } @@ -71847,7 +71868,7 @@ index 4f01e06..2a8057a 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { newattrs.ia_valid |= ATTR_UID; -@@ -700,7 +716,7 @@ SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group) +@@ -700,7 +719,7 @@ SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group) error = mnt_want_write(path.mnt); if (error) goto out_release; @@ -71856,7 +71877,7 @@ index 4f01e06..2a8057a 100644 mnt_drop_write(path.mnt); out_release: path_put(&path); -@@ -725,7 +741,7 @@ SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, +@@ -725,7 +744,7 @@ SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, error = mnt_want_write(path.mnt); if (error) goto out_release; @@ -71865,7 +71886,7 @@ index 4f01e06..2a8057a 100644 mnt_drop_write(path.mnt); out_release: path_put(&path); -@@ -744,7 +760,7 @@ SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group +@@ -744,7 +763,7 @@ SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group error = mnt_want_write(path.mnt); if (error) goto out_release; @@ -71874,7 +71895,7 @@ index 4f01e06..2a8057a 100644 mnt_drop_write(path.mnt); out_release: path_put(&path); -@@ -767,7 +783,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) +@@ -767,7 +786,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) goto out_fput; dentry = file->f_path.dentry; audit_inode(NULL, dentry); @@ -71883,7 +71904,7 @@ index 4f01e06..2a8057a 100644 mnt_drop_write(file->f_path.mnt); out_fput: fput(file); -@@ -1036,7 +1052,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, int mode) +@@ -1036,13 +1055,14 @@ long do_sys_open(int dfd, const char __user *filename, int flags, int mode) if (!IS_ERR(tmp)) { fd = get_unused_fd_flags(flags); if (fd >= 0) { @@ -71892,6 +71913,13 @@ index 4f01e06..2a8057a 100644 if (IS_ERR(f)) { put_unused_fd(fd); fd = PTR_ERR(f); + } else { + fsnotify_open(f->f_path.dentry); + fd_install(fd, f); ++ trace_do_sys_open(tmp, flags, mode); + } + } + putname(tmp); diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c index 6ab70f4..f4103d1 100644 --- a/fs/partitions/efi.c @@ -90124,6 +90152,65 @@ index 444cd6b..3327cc5 100644 struct snd_info_entry *proc_entry; const struct firmware *dsp_microcode; const struct firmware *controller_microcode; +diff --git a/include/trace/events/fs.h b/include/trace/events/fs.h +new file mode 100644 +index 0000000..2efe49d +--- /dev/null ++++ b/include/trace/events/fs.h +@@ -0,0 +1,53 @@ ++#undef TRACE_SYSTEM ++#define TRACE_SYSTEM fs ++ ++#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ) ++#define _TRACE_FS_H ++ ++#include <linux/fs.h> ++#include <linux/tracepoint.h> ++ ++TRACE_EVENT(do_sys_open, ++ ++ TP_PROTO(char *filename, int flags, int mode), ++ ++ TP_ARGS(filename, flags, mode), ++ ++ TP_STRUCT__entry( ++ __string( filename, filename ) ++ __field( int, flags ) ++ __field( int, mode ) ++ ), ++ ++ TP_fast_assign( ++ __assign_str(filename, filename); ++ __entry->flags = flags; ++ __entry->mode = mode; ++ ), ++ ++ TP_printk("\"%s\" %x %o", ++ __get_str(filename), __entry->flags, __entry->mode) ++); ++ ++TRACE_EVENT(open_exec, ++ ++ TP_PROTO(const char *filename), ++ ++ TP_ARGS(filename), ++ ++ TP_STRUCT__entry( ++ __string( filename, filename ) ++ ), ++ ++ TP_fast_assign( ++ __assign_str(filename, filename); ++ ), ++ ++ TP_printk("\"%s\"", ++ __get_str(filename)) ++); ++ ++#endif /* _TRACE_FS_H */ ++ ++/* This part must be outside protection */ ++#include <trace/define_trace.h> diff --git a/include/trace/events/irq.h b/include/trace/events/irq.h index b89f9db..f097b38 100644 --- a/include/trace/events/irq.h @@ -105227,19 +105314,20 @@ index fce07a7..5f12858 100644 }; diff --git a/security/commoncap.c b/security/commoncap.c -index fe30751..7702d78 100644 +index fe30751..8f3a4fe 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -27,6 +27,8 @@ +@@ -27,6 +27,9 @@ #include <linux/sched.h> #include <linux/prctl.h> #include <linux/securebits.h> +#include <linux/syslog.h> ++#include <linux/personality.h> +#include <net/sock.h> /* * If a non-root user executes a setuid-root binary in -@@ -50,9 +52,18 @@ static void warn_setuid_and_fcaps_mixed(char *fname) +@@ -50,9 +53,18 @@ static void warn_setuid_and_fcaps_mixed(char *fname) } } @@ -105258,7 +105346,7 @@ index fe30751..7702d78 100644 return 0; } -@@ -511,6 +522,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) +@@ -511,6 +523,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) } skip: @@ -105270,7 +105358,7 @@ index fe30751..7702d78 100644 /* Don't let someone trace a set[ug]id/setpcap binary with the revised * credentials unless they have the appropriate permit */ -@@ -582,6 +598,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -582,6 +599,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) { const struct cred *cred = current_cred(); @@ -105280,7 +105368,7 @@ index fe30751..7702d78 100644 if (cred->uid != 0) { if (bprm->cap_effective) return 1; -@@ -956,13 +975,18 @@ error: +@@ -956,13 +976,18 @@ error: /** * cap_syslog - Determine whether syslog function is permitted * @type: Function requested diff --git a/3.4.1/0000_README b/3.2.20/0000_README index 69d223e..857121d 100644 --- a/3.4.1/0000_README +++ b/3.2.20/0000_README @@ -2,11 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1000_linux-3.4.1.patch +Patch: 1019_linux-3.2.20.patch From: http://www.kernel.org -Desc: Linux 3.4.1 +Desc: Linux 3.2.20 -Patch: 4420_grsecurity-2.9.1-3.4.1-201206091540.patch +Patch: 4420_grsecurity-2.9.1-3.2.20-201206111836.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.20/1019_linux-3.2.20.patch b/3.2.20/1019_linux-3.2.20.patch new file mode 100644 index 0000000..5350ff6 --- /dev/null +++ b/3.2.20/1019_linux-3.2.20.patch @@ -0,0 +1,2829 @@ +diff --git a/Makefile b/Makefile +index c291184..c7e9cc4 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 2 +-SUBLEVEL = 19 ++SUBLEVEL = 20 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index ef642a0..987c72d 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -520,7 +520,7 @@ config ARCH_IXP4XX + depends on MMU + select CLKSRC_MMIO + select CPU_XSCALE +- select GENERIC_GPIO ++ select ARCH_REQUIRE_GPIOLIB + select GENERIC_CLOCKEVENTS + select HAVE_SCHED_CLOCK + select MIGHT_HAVE_PCI +diff --git a/arch/arm/mach-ixp4xx/common.c b/arch/arm/mach-ixp4xx/common.c +index b86a005..caf28fc 100644 +--- a/arch/arm/mach-ixp4xx/common.c ++++ b/arch/arm/mach-ixp4xx/common.c +@@ -29,6 +29,7 @@ + #include <linux/clockchips.h> + #include <linux/io.h> + #include <linux/export.h> ++#include <linux/gpio.h> + + #include <mach/udc.h> + #include <mach/hardware.h> +@@ -106,7 +107,7 @@ static signed char irq2gpio[32] = { + 7, 8, 9, 10, 11, 12, -1, -1, + }; + +-int gpio_to_irq(int gpio) ++static int ixp4xx_gpio_to_irq(struct gpio_chip *chip, unsigned gpio) + { + int irq; + +@@ -116,7 +117,6 @@ int gpio_to_irq(int gpio) + } + return -EINVAL; + } +-EXPORT_SYMBOL(gpio_to_irq); + + int irq_to_gpio(unsigned int irq) + { +@@ -376,12 +376,56 @@ static struct platform_device *ixp46x_devices[] __initdata = { + unsigned long ixp4xx_exp_bus_size; + EXPORT_SYMBOL(ixp4xx_exp_bus_size); + ++static int ixp4xx_gpio_direction_input(struct gpio_chip *chip, unsigned gpio) ++{ ++ gpio_line_config(gpio, IXP4XX_GPIO_IN); ++ ++ return 0; ++} ++ ++static int ixp4xx_gpio_direction_output(struct gpio_chip *chip, unsigned gpio, ++ int level) ++{ ++ gpio_line_set(gpio, level); ++ gpio_line_config(gpio, IXP4XX_GPIO_OUT); ++ ++ return 0; ++} ++ ++static int ixp4xx_gpio_get_value(struct gpio_chip *chip, unsigned gpio) ++{ ++ int value; ++ ++ gpio_line_get(gpio, &value); ++ ++ return value; ++} ++ ++static void ixp4xx_gpio_set_value(struct gpio_chip *chip, unsigned gpio, ++ int value) ++{ ++ gpio_line_set(gpio, value); ++} ++ ++static struct gpio_chip ixp4xx_gpio_chip = { ++ .label = "IXP4XX_GPIO_CHIP", ++ .direction_input = ixp4xx_gpio_direction_input, ++ .direction_output = ixp4xx_gpio_direction_output, ++ .get = ixp4xx_gpio_get_value, ++ .set = ixp4xx_gpio_set_value, ++ .to_irq = ixp4xx_gpio_to_irq, ++ .base = 0, ++ .ngpio = 16, ++}; ++ + void __init ixp4xx_sys_init(void) + { + ixp4xx_exp_bus_size = SZ_16M; + + platform_add_devices(ixp4xx_devices, ARRAY_SIZE(ixp4xx_devices)); + ++ gpiochip_add(&ixp4xx_gpio_chip); ++ + if (cpu_is_ixp46x()) { + int region; + +diff --git a/arch/arm/mach-ixp4xx/include/mach/gpio.h b/arch/arm/mach-ixp4xx/include/mach/gpio.h +index 83d6b4e..ef37f26 100644 +--- a/arch/arm/mach-ixp4xx/include/mach/gpio.h ++++ b/arch/arm/mach-ixp4xx/include/mach/gpio.h +@@ -1,79 +1,2 @@ +-/* +- * arch/arm/mach-ixp4xx/include/mach/gpio.h +- * +- * IXP4XX GPIO wrappers for arch-neutral GPIO calls +- * +- * Written by Milan Svoboda <msvoboda@ra.rockwell.com> +- * Based on PXA implementation by Philipp Zabel <philipp.zabel@gmail.com> +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation; either version 2 of the License, or +- * (at your option) any later version. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with this program; if not, write to the Free Software +- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +- * +- */ +- +-#ifndef __ASM_ARCH_IXP4XX_GPIO_H +-#define __ASM_ARCH_IXP4XX_GPIO_H +- +-#include <linux/kernel.h> +-#include <mach/hardware.h> +- +-#define __ARM_GPIOLIB_COMPLEX +- +-static inline int gpio_request(unsigned gpio, const char *label) +-{ +- return 0; +-} +- +-static inline void gpio_free(unsigned gpio) +-{ +- might_sleep(); +- +- return; +-} +- +-static inline int gpio_direction_input(unsigned gpio) +-{ +- gpio_line_config(gpio, IXP4XX_GPIO_IN); +- return 0; +-} +- +-static inline int gpio_direction_output(unsigned gpio, int level) +-{ +- gpio_line_set(gpio, level); +- gpio_line_config(gpio, IXP4XX_GPIO_OUT); +- return 0; +-} +- +-static inline int gpio_get_value(unsigned gpio) +-{ +- int value; +- +- gpio_line_get(gpio, &value); +- +- return value; +-} +- +-static inline void gpio_set_value(unsigned gpio, int value) +-{ +- gpio_line_set(gpio, value); +-} +- +-#include <asm-generic/gpio.h> /* cansleep wrappers */ +- +-extern int gpio_to_irq(int gpio); +-#define gpio_to_irq gpio_to_irq +-extern int irq_to_gpio(unsigned int irq); +- +-#endif ++/* empty */ + +diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig +index e446bab..a93ed04 100644 +--- a/arch/microblaze/Kconfig ++++ b/arch/microblaze/Kconfig +@@ -46,7 +46,7 @@ config GENERIC_CLOCKEVENTS + def_bool y + + config GENERIC_GPIO +- def_bool y ++ bool + + config GENERIC_CSUM + def_bool y +diff --git a/arch/mips/include/asm/mach-bcm63xx/bcm63xx_gpio.h b/arch/mips/include/asm/mach-bcm63xx/bcm63xx_gpio.h +index 3999ec0..67d1ce0 100644 +--- a/arch/mips/include/asm/mach-bcm63xx/bcm63xx_gpio.h ++++ b/arch/mips/include/asm/mach-bcm63xx/bcm63xx_gpio.h +@@ -2,6 +2,7 @@ + #define BCM63XX_GPIO_H + + #include <linux/init.h> ++#include <bcm63xx_cpu.h> + + int __init bcm63xx_gpio_init(void); + +diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S +index 5350342..07ef351 100644 +--- a/arch/parisc/kernel/entry.S ++++ b/arch/parisc/kernel/entry.S +@@ -552,7 +552,7 @@ + * entry (identifying the physical page) and %r23 up with + * the from tlb entry (or nothing if only a to entry---for + * clear_user_page_asm) */ +- .macro do_alias spc,tmp,tmp1,va,pte,prot,fault ++ .macro do_alias spc,tmp,tmp1,va,pte,prot,fault,patype + cmpib,COND(<>),n 0,\spc,\fault + ldil L%(TMPALIAS_MAP_START),\tmp + #if defined(CONFIG_64BIT) && (TMPALIAS_MAP_START >= 0x80000000) +@@ -581,11 +581,15 @@ + */ + cmpiclr,= 0x01,\tmp,%r0 + ldi (_PAGE_DIRTY|_PAGE_READ|_PAGE_WRITE),\prot +-#ifdef CONFIG_64BIT ++.ifc \patype,20 + depd,z \prot,8,7,\prot +-#else ++.else ++.ifc \patype,11 + depw,z \prot,8,7,\prot +-#endif ++.else ++ .error "undefined PA type to do_alias" ++.endif ++.endif + /* + * OK, it is in the temp alias region, check whether "from" or "to". + * Check "subtle" note in pacache.S re: r23/r26. +@@ -1189,7 +1193,7 @@ dtlb_miss_20w: + nop + + dtlb_check_alias_20w: +- do_alias spc,t0,t1,va,pte,prot,dtlb_fault ++ do_alias spc,t0,t1,va,pte,prot,dtlb_fault,20 + + idtlbt pte,prot + +@@ -1213,7 +1217,7 @@ nadtlb_miss_20w: + nop + + nadtlb_check_alias_20w: +- do_alias spc,t0,t1,va,pte,prot,nadtlb_emulate ++ do_alias spc,t0,t1,va,pte,prot,nadtlb_emulate,20 + + idtlbt pte,prot + +@@ -1245,7 +1249,7 @@ dtlb_miss_11: + nop + + dtlb_check_alias_11: +- do_alias spc,t0,t1,va,pte,prot,dtlb_fault ++ do_alias spc,t0,t1,va,pte,prot,dtlb_fault,11 + + idtlba pte,(va) + idtlbp prot,(va) +@@ -1277,7 +1281,7 @@ nadtlb_miss_11: + nop + + nadtlb_check_alias_11: +- do_alias spc,t0,t1,va,pte,prot,nadtlb_emulate ++ do_alias spc,t0,t1,va,pte,prot,nadtlb_emulate,11 + + idtlba pte,(va) + idtlbp prot,(va) +@@ -1304,7 +1308,7 @@ dtlb_miss_20: + nop + + dtlb_check_alias_20: +- do_alias spc,t0,t1,va,pte,prot,dtlb_fault ++ do_alias spc,t0,t1,va,pte,prot,dtlb_fault,20 + + idtlbt pte,prot + +@@ -1330,7 +1334,7 @@ nadtlb_miss_20: + nop + + nadtlb_check_alias_20: +- do_alias spc,t0,t1,va,pte,prot,nadtlb_emulate ++ do_alias spc,t0,t1,va,pte,prot,nadtlb_emulate,20 + + idtlbt pte,prot + +@@ -1457,7 +1461,7 @@ naitlb_miss_20w: + nop + + naitlb_check_alias_20w: +- do_alias spc,t0,t1,va,pte,prot,naitlb_fault ++ do_alias spc,t0,t1,va,pte,prot,naitlb_fault,20 + + iitlbt pte,prot + +@@ -1511,7 +1515,7 @@ naitlb_miss_11: + nop + + naitlb_check_alias_11: +- do_alias spc,t0,t1,va,pte,prot,itlb_fault ++ do_alias spc,t0,t1,va,pte,prot,itlb_fault,11 + + iitlba pte,(%sr0, va) + iitlbp prot,(%sr0, va) +@@ -1557,7 +1561,7 @@ naitlb_miss_20: + nop + + naitlb_check_alias_20: +- do_alias spc,t0,t1,va,pte,prot,naitlb_fault ++ do_alias spc,t0,t1,va,pte,prot,naitlb_fault,20 + + iitlbt pte,prot + +diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S +index fa6f2b8..64a9998 100644 +--- a/arch/parisc/kernel/vmlinux.lds.S ++++ b/arch/parisc/kernel/vmlinux.lds.S +@@ -50,8 +50,10 @@ SECTIONS + . = KERNEL_BINARY_TEXT_START; + + _text = .; /* Text and read-only data */ +- .text ALIGN(16) : { ++ .head ALIGN(16) : { + HEAD_TEXT ++ } = 0 ++ .text ALIGN(16) : { + TEXT_TEXT + SCHED_TEXT + LOCK_TEXT +@@ -65,7 +67,7 @@ SECTIONS + *(.fixup) + *(.lock.text) /* out-of-line lock text */ + *(.gnu.warning) +- } = 0 ++ } + /* End of text section */ + _etext = .; + +diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c +index e7c920b..cca659e 100644 +--- a/arch/x86/xen/enlighten.c ++++ b/arch/x86/xen/enlighten.c +@@ -982,7 +982,10 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = { + .wbinvd = native_wbinvd, + + .read_msr = native_read_msr_safe, ++ .rdmsr_regs = native_rdmsr_safe_regs, + .write_msr = xen_write_msr_safe, ++ .wrmsr_regs = native_wrmsr_safe_regs, ++ + .read_tsc = native_read_tsc, + .read_pmc = native_read_pmc, + +diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c +index 7711d94..5535477 100644 +--- a/drivers/acpi/battery.c ++++ b/drivers/acpi/battery.c +@@ -643,11 +643,19 @@ static int acpi_battery_update(struct acpi_battery *battery) + + static void acpi_battery_refresh(struct acpi_battery *battery) + { ++ int power_unit; ++ + if (!battery->bat.dev) + return; + ++ power_unit = battery->power_unit; ++ + acpi_battery_get_info(battery); +- /* The battery may have changed its reporting units. */ ++ ++ if (power_unit == battery->power_unit) ++ return; ++ ++ /* The battery has changed its reporting units. */ + sysfs_remove_battery(battery); + sysfs_add_battery(battery); + } +diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c +index 5d1d076..d452592 100644 +--- a/drivers/atm/solos-pci.c ++++ b/drivers/atm/solos-pci.c +@@ -984,6 +984,7 @@ static uint32_t fpga_tx(struct solos_card *card) + } else if (skb && card->using_dma) { + SKB_CB(skb)->dma_addr = pci_map_single(card->dev, skb->data, + skb->len, PCI_DMA_TODEVICE); ++ card->tx_skb[port] = skb; + iowrite32(SKB_CB(skb)->dma_addr, + card->config_regs + TX_DMA_ADDR(port)); + } +@@ -1152,7 +1153,8 @@ static int fpga_probe(struct pci_dev *dev, const struct pci_device_id *id) + db_fpga_upgrade = db_firmware_upgrade = 0; + } + +- if (card->fpga_version >= DMA_SUPPORTED){ ++ if (card->fpga_version >= DMA_SUPPORTED) { ++ pci_set_master(dev); + card->using_dma = 1; + } else { + card->using_dma = 0; +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c +index 99fefbd..f1bd44f 100644 +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -74,10 +74,15 @@ static struct usb_device_id ath3k_table[] = { + { USB_DEVICE(0x0CF3, 0x311D) }, + { USB_DEVICE(0x13d3, 0x3375) }, + { USB_DEVICE(0x04CA, 0x3005) }, ++ { USB_DEVICE(0x13d3, 0x3362) }, ++ { USB_DEVICE(0x0CF3, 0xE004) }, + + /* Atheros AR5BBU12 with sflash firmware */ + { USB_DEVICE(0x0489, 0xE02C) }, + ++ /* Atheros AR5BBU22 with sflash firmware */ ++ { USB_DEVICE(0x0489, 0xE03C) }, ++ + { } /* Terminating entry */ + }; + +@@ -93,6 +98,11 @@ static struct usb_device_id ath3k_blist_tbl[] = { + { USB_DEVICE(0x0cf3, 0x311D), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, ++ ++ /* Atheros AR5BBU22 with sflash firmware */ ++ { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 }, + + { } /* Terminating entry */ + }; +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c +index e56da6a..fc4bcd6 100644 +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -61,7 +61,7 @@ static struct usb_device_id btusb_table[] = { + { USB_DEVICE_INFO(0xe0, 0x01, 0x01) }, + + /* Broadcom SoftSailing reporting vendor specific */ +- { USB_DEVICE(0x05ac, 0x21e1) }, ++ { USB_DEVICE(0x0a5c, 0x21e1) }, + + /* Apple MacBookPro 7,1 */ + { USB_DEVICE(0x05ac, 0x8213) }, +@@ -101,9 +101,16 @@ static struct usb_device_id btusb_table[] = { + { USB_DEVICE(0x0c10, 0x0000) }, + + /* Broadcom BCM20702A0 */ ++ { USB_DEVICE(0x0489, 0xe042) }, + { USB_DEVICE(0x0a5c, 0x21e3) }, ++ { USB_DEVICE(0x0a5c, 0x21e6) }, ++ { USB_DEVICE(0x0a5c, 0x21e8) }, ++ { USB_DEVICE(0x0a5c, 0x21f3) }, + { USB_DEVICE(0x413c, 0x8197) }, + ++ /* Foxconn - Hon Hai */ ++ { USB_DEVICE(0x0489, 0xe033) }, ++ + { } /* Terminating entry */ + }; + +@@ -130,10 +137,15 @@ static struct usb_device_id blacklist_table[] = { + { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, + + /* Atheros AR5BBU12 with sflash firmware */ + { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, + ++ /* Atheros AR5BBU12 with sflash firmware */ ++ { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, ++ + /* Broadcom BCM2035 */ + { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, + { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, +diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h +index a1d53b6..06ec1e5 100644 +--- a/drivers/gpu/drm/i915/i915_reg.h ++++ b/drivers/gpu/drm/i915/i915_reg.h +@@ -3533,7 +3533,11 @@ + #define GEN6_CAGF_MASK (0x7f << GEN6_CAGF_SHIFT) + #define GEN6_RP_CONTROL 0xA024 + #define GEN6_RP_MEDIA_TURBO (1<<11) +-#define GEN6_RP_USE_NORMAL_FREQ (1<<9) ++#define GEN6_RP_MEDIA_MODE_MASK (3<<9) ++#define GEN6_RP_MEDIA_HW_TURBO_MODE (3<<9) ++#define GEN6_RP_MEDIA_HW_NORMAL_MODE (2<<9) ++#define GEN6_RP_MEDIA_HW_MODE (1<<9) ++#define GEN6_RP_MEDIA_SW_MODE (0<<9) + #define GEN6_RP_MEDIA_IS_GFX (1<<8) + #define GEN6_RP_ENABLE (1<<7) + #define GEN6_RP_UP_IDLE_MIN (0x1<<3) +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c +index 3ff980d..4720397 100644 +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -1864,7 +1864,7 @@ static void intel_update_fbc(struct drm_device *dev) + if (enable_fbc < 0) { + DRM_DEBUG_KMS("fbc set to per-chip default\n"); + enable_fbc = 1; +- if (INTEL_INFO(dev)->gen <= 5) ++ if (INTEL_INFO(dev)->gen <= 6) + enable_fbc = 0; + } + if (!enable_fbc) { +@@ -8005,7 +8005,7 @@ void gen6_enable_rps(struct drm_i915_private *dev_priv) + I915_WRITE(GEN6_RP_IDLE_HYSTERSIS, 10); + I915_WRITE(GEN6_RP_CONTROL, + GEN6_RP_MEDIA_TURBO | +- GEN6_RP_USE_NORMAL_FREQ | ++ GEN6_RP_MEDIA_HW_NORMAL_MODE | + GEN6_RP_MEDIA_IS_GFX | + GEN6_RP_ENABLE | + GEN6_RP_UP_BUSY_AVG | +diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c +index 12eb789..d4c4937 100644 +--- a/drivers/gpu/drm/i915/intel_dp.c ++++ b/drivers/gpu/drm/i915/intel_dp.c +@@ -1149,10 +1149,10 @@ static void ironlake_edp_panel_off(struct intel_dp *intel_dp) + + DRM_DEBUG_KMS("Turn eDP power off\n"); + +- WARN(intel_dp->want_panel_vdd, "Cannot turn power off while VDD is on\n"); ++ WARN(!intel_dp->want_panel_vdd, "Need VDD to turn off panel\n"); + + pp = ironlake_get_pp_control(dev_priv); +- pp &= ~(POWER_TARGET_ON | EDP_FORCE_VDD | PANEL_POWER_RESET | EDP_BLC_ENABLE); ++ pp &= ~(POWER_TARGET_ON | PANEL_POWER_RESET | EDP_BLC_ENABLE); + I915_WRITE(PCH_PP_CONTROL, pp); + POSTING_READ(PCH_PP_CONTROL); + +@@ -1260,18 +1260,16 @@ static void intel_dp_prepare(struct drm_encoder *encoder) + { + struct intel_dp *intel_dp = enc_to_intel_dp(encoder); + ++ ++ /* Make sure the panel is off before trying to change the mode. But also ++ * ensure that we have vdd while we switch off the panel. */ ++ ironlake_edp_panel_vdd_on(intel_dp); + ironlake_edp_backlight_off(intel_dp); + ironlake_edp_panel_off(intel_dp); + +- /* Wake up the sink first */ +- ironlake_edp_panel_vdd_on(intel_dp); + intel_dp_sink_dpms(intel_dp, DRM_MODE_DPMS_ON); + intel_dp_link_down(intel_dp); + ironlake_edp_panel_vdd_off(intel_dp, false); +- +- /* Make sure the panel is off before trying to +- * change the mode +- */ + } + + static void intel_dp_commit(struct drm_encoder *encoder) +@@ -1303,10 +1301,11 @@ intel_dp_dpms(struct drm_encoder *encoder, int mode) + uint32_t dp_reg = I915_READ(intel_dp->output_reg); + + if (mode != DRM_MODE_DPMS_ON) { ++ /* Switching the panel off requires vdd. */ ++ ironlake_edp_panel_vdd_on(intel_dp); + ironlake_edp_backlight_off(intel_dp); + ironlake_edp_panel_off(intel_dp); + +- ironlake_edp_panel_vdd_on(intel_dp); + intel_dp_sink_dpms(intel_dp, mode); + intel_dp_link_down(intel_dp); + ironlake_edp_panel_vdd_off(intel_dp, false); +diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c +index 583c2d0..ceec71b 100644 +--- a/drivers/gpu/drm/i915/intel_lvds.c ++++ b/drivers/gpu/drm/i915/intel_lvds.c +@@ -716,6 +716,14 @@ static const struct dmi_system_id intel_no_lvds[] = { + }, + }, + { ++ .callback = intel_no_lvds_dmi_callback, ++ .ident = "Clientron E830", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Clientron"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "E830"), ++ }, ++ }, ++ { + .callback = intel_no_lvds_dmi_callback, + .ident = "Asus EeeBox PC EB1007", + .matches = { +@@ -733,6 +741,30 @@ static const struct dmi_system_id intel_no_lvds[] = { + }, + { + .callback = intel_no_lvds_dmi_callback, ++ .ident = "Hewlett-Packard HP t5740e Thin Client", ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Hewlett-Packard"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "HP t5740e Thin Client"), ++ }, ++ }, ++ { ++ .callback = intel_no_lvds_dmi_callback, ++ .ident = "Hewlett-Packard t5745", ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Hewlett-Packard"), ++ DMI_MATCH(DMI_BOARD_NAME, "hp t5745"), ++ }, ++ }, ++ { ++ .callback = intel_no_lvds_dmi_callback, ++ .ident = "Hewlett-Packard st5747", ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Hewlett-Packard"), ++ DMI_MATCH(DMI_BOARD_NAME, "hp st5747"), ++ }, ++ }, ++ { ++ .callback = intel_no_lvds_dmi_callback, + .ident = "MSI Wind Box DC500", + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "MICRO-STAR INTERNATIONAL CO., LTD"), +diff --git a/drivers/gpu/drm/i915/intel_sdvo.c b/drivers/gpu/drm/i915/intel_sdvo.c +index 8eddcca..a8d8ee5 100644 +--- a/drivers/gpu/drm/i915/intel_sdvo.c ++++ b/drivers/gpu/drm/i915/intel_sdvo.c +@@ -769,10 +769,12 @@ static void intel_sdvo_get_dtd_from_mode(struct intel_sdvo_dtd *dtd, + ((v_sync_len & 0x30) >> 4); + + dtd->part2.dtd_flags = 0x18; ++ if (mode->flags & DRM_MODE_FLAG_INTERLACE) ++ dtd->part2.dtd_flags |= DTD_FLAG_INTERLACE; + if (mode->flags & DRM_MODE_FLAG_PHSYNC) +- dtd->part2.dtd_flags |= 0x2; ++ dtd->part2.dtd_flags |= DTD_FLAG_HSYNC_POSITIVE; + if (mode->flags & DRM_MODE_FLAG_PVSYNC) +- dtd->part2.dtd_flags |= 0x4; ++ dtd->part2.dtd_flags |= DTD_FLAG_VSYNC_POSITIVE; + + dtd->part2.sdvo_flags = 0; + dtd->part2.v_sync_off_high = v_sync_offset & 0xc0; +@@ -806,9 +808,11 @@ static void intel_sdvo_get_mode_from_dtd(struct drm_display_mode * mode, + mode->clock = dtd->part1.clock * 10; + + mode->flags &= ~(DRM_MODE_FLAG_PHSYNC | DRM_MODE_FLAG_PVSYNC); +- if (dtd->part2.dtd_flags & 0x2) ++ if (dtd->part2.dtd_flags & DTD_FLAG_INTERLACE) ++ mode->flags |= DRM_MODE_FLAG_INTERLACE; ++ if (dtd->part2.dtd_flags & DTD_FLAG_HSYNC_POSITIVE) + mode->flags |= DRM_MODE_FLAG_PHSYNC; +- if (dtd->part2.dtd_flags & 0x4) ++ if (dtd->part2.dtd_flags & DTD_FLAG_VSYNC_POSITIVE) + mode->flags |= DRM_MODE_FLAG_PVSYNC; + } + +diff --git a/drivers/gpu/drm/i915/intel_sdvo_regs.h b/drivers/gpu/drm/i915/intel_sdvo_regs.h +index 4aa6f34..372f33b 100644 +--- a/drivers/gpu/drm/i915/intel_sdvo_regs.h ++++ b/drivers/gpu/drm/i915/intel_sdvo_regs.h +@@ -61,6 +61,11 @@ struct intel_sdvo_caps { + u16 output_flags; + } __attribute__((packed)); + ++/* Note: SDVO detailed timing flags match EDID misc flags. */ ++#define DTD_FLAG_HSYNC_POSITIVE (1 << 1) ++#define DTD_FLAG_VSYNC_POSITIVE (1 << 2) ++#define DTD_FLAG_INTERLACE (1 << 7) ++ + /** This matches the EDID DTD structure, more or less */ + struct intel_sdvo_dtd { + struct { +diff --git a/drivers/gpu/drm/i915/intel_tv.c b/drivers/gpu/drm/i915/intel_tv.c +index 2b1fcad..12041fa 100644 +--- a/drivers/gpu/drm/i915/intel_tv.c ++++ b/drivers/gpu/drm/i915/intel_tv.c +@@ -1307,6 +1307,11 @@ intel_tv_detect_type(struct intel_tv *intel_tv, + + I915_WRITE(TV_DAC, save_tv_dac & ~TVDAC_STATE_CHG_EN); + I915_WRITE(TV_CTL, save_tv_ctl); ++ POSTING_READ(TV_CTL); ++ ++ /* For unknown reasons the hw barfs if we don't do this vblank wait. */ ++ intel_wait_for_vblank(intel_tv->base.base.dev, ++ to_intel_crtc(intel_tv->base.base.crtc)->pipe); + + /* Restore interrupt config */ + if (connector->polled & DRM_CONNECTOR_POLL_HPD) { +diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c +index 92c9628..dac178b 100644 +--- a/drivers/gpu/drm/radeon/evergreen.c ++++ b/drivers/gpu/drm/radeon/evergreen.c +@@ -977,6 +977,11 @@ int evergreen_pcie_gart_enable(struct radeon_device *rdev) + WREG32(MC_VM_MD_L1_TLB0_CNTL, tmp); + WREG32(MC_VM_MD_L1_TLB1_CNTL, tmp); + WREG32(MC_VM_MD_L1_TLB2_CNTL, tmp); ++ if ((rdev->family == CHIP_JUNIPER) || ++ (rdev->family == CHIP_CYPRESS) || ++ (rdev->family == CHIP_HEMLOCK) || ++ (rdev->family == CHIP_BARTS)) ++ WREG32(MC_VM_MD_L1_TLB3_CNTL, tmp); + } + WREG32(MC_VM_MB_L1_TLB0_CNTL, tmp); + WREG32(MC_VM_MB_L1_TLB1_CNTL, tmp); +@@ -2074,9 +2079,12 @@ static void evergreen_gpu_init(struct radeon_device *rdev) + /* num banks is 8 on all fusion asics. 0 = 4, 1 = 8, 2 = 16 */ + if (rdev->flags & RADEON_IS_IGP) + rdev->config.evergreen.tile_config |= 1 << 4; +- else +- rdev->config.evergreen.tile_config |= +- ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) << 4; ++ else { ++ if ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) ++ rdev->config.evergreen.tile_config |= 1 << 4; ++ else ++ rdev->config.evergreen.tile_config |= 0 << 4; ++ } + rdev->config.evergreen.tile_config |= + ((mc_arb_ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT) << 8; + rdev->config.evergreen.tile_config |= +@@ -2108,9 +2116,9 @@ static void evergreen_gpu_init(struct radeon_device *rdev) + WREG32(CC_SYS_RB_BACKEND_DISABLE, rb); + WREG32(GC_USER_RB_BACKEND_DISABLE, rb); + WREG32(CC_GC_SHADER_PIPE_CONFIG, sp); +- } ++ } + +- grbm_gfx_index |= SE_BROADCAST_WRITES; ++ grbm_gfx_index = INSTANCE_BROADCAST_WRITES | SE_BROADCAST_WRITES; + WREG32(GRBM_GFX_INDEX, grbm_gfx_index); + WREG32(RLC_GFX_INDEX, grbm_gfx_index); + +diff --git a/drivers/gpu/drm/radeon/evergreend.h b/drivers/gpu/drm/radeon/evergreend.h +index e00039e..0128445 100644 +--- a/drivers/gpu/drm/radeon/evergreend.h ++++ b/drivers/gpu/drm/radeon/evergreend.h +@@ -230,6 +230,7 @@ + #define MC_VM_MD_L1_TLB0_CNTL 0x2654 + #define MC_VM_MD_L1_TLB1_CNTL 0x2658 + #define MC_VM_MD_L1_TLB2_CNTL 0x265C ++#define MC_VM_MD_L1_TLB3_CNTL 0x2698 + + #define FUS_MC_VM_MD_L1_TLB0_CNTL 0x265C + #define FUS_MC_VM_MD_L1_TLB1_CNTL 0x2660 +diff --git a/drivers/gpu/drm/radeon/ni.c b/drivers/gpu/drm/radeon/ni.c +index 0e57998..9e50814 100644 +--- a/drivers/gpu/drm/radeon/ni.c ++++ b/drivers/gpu/drm/radeon/ni.c +@@ -804,8 +804,10 @@ static void cayman_gpu_init(struct radeon_device *rdev) + rdev->config.cayman.tile_config |= (3 << 0); + break; + } +- rdev->config.cayman.tile_config |= +- ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) << 4; ++ if ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) ++ rdev->config.cayman.tile_config |= 1 << 4; ++ else ++ rdev->config.cayman.tile_config |= 0 << 4; + rdev->config.cayman.tile_config |= + ((gb_addr_config & PIPE_INTERLEAVE_SIZE_MASK) >> PIPE_INTERLEAVE_SIZE_SHIFT) << 8; + rdev->config.cayman.tile_config |= +diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c +index 8e1532f..9d2c369 100644 +--- a/drivers/gpu/drm/radeon/radeon_atombios.c ++++ b/drivers/gpu/drm/radeon/radeon_atombios.c +@@ -438,7 +438,9 @@ static bool radeon_atom_apply_quirks(struct drm_device *dev, + */ + if ((dev->pdev->device == 0x9498) && + (dev->pdev->subsystem_vendor == 0x1682) && +- (dev->pdev->subsystem_device == 0x2452)) { ++ (dev->pdev->subsystem_device == 0x2452) && ++ (i2c_bus->valid == false) && ++ !(supported_device & (ATOM_DEVICE_TV_SUPPORT | ATOM_DEVICE_CV_SUPPORT))) { + struct radeon_device *rdev = dev->dev_private; + *i2c_bus = radeon_lookup_i2c_gpio(rdev, 0x93); + } +diff --git a/drivers/gpu/drm/radeon/rv770.c b/drivers/gpu/drm/radeon/rv770.c +index 23ae1c6..e36ba7f 100644 +--- a/drivers/gpu/drm/radeon/rv770.c ++++ b/drivers/gpu/drm/radeon/rv770.c +@@ -151,6 +151,8 @@ int rv770_pcie_gart_enable(struct radeon_device *rdev) + WREG32(MC_VM_MD_L1_TLB0_CNTL, tmp); + WREG32(MC_VM_MD_L1_TLB1_CNTL, tmp); + WREG32(MC_VM_MD_L1_TLB2_CNTL, tmp); ++ if (rdev->family == CHIP_RV740) ++ WREG32(MC_VM_MD_L1_TLB3_CNTL, tmp); + WREG32(MC_VM_MB_L1_TLB0_CNTL, tmp); + WREG32(MC_VM_MB_L1_TLB1_CNTL, tmp); + WREG32(MC_VM_MB_L1_TLB2_CNTL, tmp); +@@ -689,8 +691,12 @@ static void rv770_gpu_init(struct radeon_device *rdev) + + if (rdev->family == CHIP_RV770) + gb_tiling_config |= BANK_TILING(1); +- else +- gb_tiling_config |= BANK_TILING((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT); ++ else { ++ if ((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT) ++ gb_tiling_config |= BANK_TILING(1); ++ else ++ gb_tiling_config |= BANK_TILING(0); ++ } + rdev->config.rv770.tiling_nbanks = 4 << ((gb_tiling_config >> 4) & 0x3); + gb_tiling_config |= GROUP_SIZE((mc_arb_ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT); + if ((mc_arb_ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT) +diff --git a/drivers/gpu/drm/radeon/rv770d.h b/drivers/gpu/drm/radeon/rv770d.h +index 79fa588..7538092 100644 +--- a/drivers/gpu/drm/radeon/rv770d.h ++++ b/drivers/gpu/drm/radeon/rv770d.h +@@ -174,6 +174,7 @@ + #define MC_VM_MD_L1_TLB0_CNTL 0x2654 + #define MC_VM_MD_L1_TLB1_CNTL 0x2658 + #define MC_VM_MD_L1_TLB2_CNTL 0x265C ++#define MC_VM_MD_L1_TLB3_CNTL 0x2698 + #define MC_VM_SYSTEM_APERTURE_DEFAULT_ADDR 0x203C + #define MC_VM_SYSTEM_APERTURE_HIGH_ADDR 0x2038 + #define MC_VM_SYSTEM_APERTURE_LOW_ADDR 0x2034 +diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c +index 0bb0f5f..0d27bff 100644 +--- a/drivers/gpu/drm/ttm/ttm_bo.c ++++ b/drivers/gpu/drm/ttm/ttm_bo.c +@@ -1816,6 +1816,7 @@ static int ttm_bo_swapout(struct ttm_mem_shrink *shrink) + spin_unlock(&glob->lru_lock); + (void) ttm_bo_cleanup_refs(bo, false, false, false); + kref_put(&bo->list_kref, ttm_bo_release_list); ++ spin_lock(&glob->lru_lock); + continue; + } + +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gmr.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gmr.c +index f4e7763..c41226a 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_gmr.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gmr.c +@@ -66,7 +66,7 @@ static int vmw_gmr2_bind(struct vmw_private *dev_priv, + cmd += sizeof(remap_cmd) / sizeof(uint32); + + for (i = 0; i < num_pages; ++i) { +- if (VMW_PPN_SIZE > 4) ++ if (VMW_PPN_SIZE <= 4) + *cmd = page_to_pfn(*pages++); + else + *((uint64_t *)cmd) = page_to_pfn(*pages++); +diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c +index 966a6e7..f1d5408 100644 +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -381,12 +381,27 @@ static void dump_command(unsigned long phys_addr) + + static void iommu_print_event(struct amd_iommu *iommu, void *__evt) + { +- u32 *event = __evt; +- int type = (event[1] >> EVENT_TYPE_SHIFT) & EVENT_TYPE_MASK; +- int devid = (event[0] >> EVENT_DEVID_SHIFT) & EVENT_DEVID_MASK; +- int domid = (event[1] >> EVENT_DOMID_SHIFT) & EVENT_DOMID_MASK; +- int flags = (event[1] >> EVENT_FLAGS_SHIFT) & EVENT_FLAGS_MASK; +- u64 address = (u64)(((u64)event[3]) << 32) | event[2]; ++ int type, devid, domid, flags; ++ volatile u32 *event = __evt; ++ int count = 0; ++ u64 address; ++ ++retry: ++ type = (event[1] >> EVENT_TYPE_SHIFT) & EVENT_TYPE_MASK; ++ devid = (event[0] >> EVENT_DEVID_SHIFT) & EVENT_DEVID_MASK; ++ domid = (event[1] >> EVENT_DOMID_SHIFT) & EVENT_DOMID_MASK; ++ flags = (event[1] >> EVENT_FLAGS_SHIFT) & EVENT_FLAGS_MASK; ++ address = (u64)(((u64)event[3]) << 32) | event[2]; ++ ++ if (type == 0) { ++ /* Did we hit the erratum? */ ++ if (++count == LOOP_TIMEOUT) { ++ pr_err("AMD-Vi: No event written to event log\n"); ++ return; ++ } ++ udelay(1); ++ goto retry; ++ } + + printk(KERN_ERR "AMD-Vi: Event logged ["); + +@@ -439,6 +454,8 @@ static void iommu_print_event(struct amd_iommu *iommu, void *__evt) + default: + printk(KERN_ERR "UNKNOWN type=0x%02x]\n", type); + } ++ ++ memset(__evt, 0, 4 * sizeof(u32)); + } + + static void iommu_poll_events(struct amd_iommu *iommu) +diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c +index 20d5852..6269eb0 100644 +--- a/drivers/iommu/amd_iommu_init.c ++++ b/drivers/iommu/amd_iommu_init.c +@@ -943,6 +943,9 @@ static int __init init_iommu_one(struct amd_iommu *iommu, struct ivhd_header *h) + if (!iommu->dev) + return 1; + ++ iommu->root_pdev = pci_get_bus_and_slot(iommu->dev->bus->number, ++ PCI_DEVFN(0, 0)); ++ + iommu->cap_ptr = h->cap_ptr; + iommu->pci_seg = h->pci_seg; + iommu->mmio_phys = h->mmio_phys; +@@ -1225,20 +1228,16 @@ static void iommu_apply_resume_quirks(struct amd_iommu *iommu) + { + int i, j; + u32 ioc_feature_control; +- struct pci_dev *pdev = NULL; ++ struct pci_dev *pdev = iommu->root_pdev; + + /* RD890 BIOSes may not have completely reconfigured the iommu */ +- if (!is_rd890_iommu(iommu->dev)) ++ if (!is_rd890_iommu(iommu->dev) || !pdev) + return; + + /* + * First, we need to ensure that the iommu is enabled. This is + * controlled by a register in the northbridge + */ +- pdev = pci_get_bus_and_slot(iommu->dev->bus->number, PCI_DEVFN(0, 0)); +- +- if (!pdev) +- return; + + /* Select Northbridge indirect register 0x75 and enable writing */ + pci_write_config_dword(pdev, 0x60, 0x75 | (1 << 7)); +@@ -1248,8 +1247,6 @@ static void iommu_apply_resume_quirks(struct amd_iommu *iommu) + if (!(ioc_feature_control & 0x1)) + pci_write_config_dword(pdev, 0x64, ioc_feature_control | 1); + +- pci_dev_put(pdev); +- + /* Restore the iommu BAR */ + pci_write_config_dword(iommu->dev, iommu->cap_ptr + 4, + iommu->stored_addr_lo); +diff --git a/drivers/iommu/amd_iommu_types.h b/drivers/iommu/amd_iommu_types.h +index 5b9c507..40ab83b 100644 +--- a/drivers/iommu/amd_iommu_types.h ++++ b/drivers/iommu/amd_iommu_types.h +@@ -385,6 +385,9 @@ struct amd_iommu { + /* Pointer to PCI device of this IOMMU */ + struct pci_dev *dev; + ++ /* Cache pdev to root device for resume quirks */ ++ struct pci_dev *root_pdev; ++ + /* physical address of MMIO space */ + u64 mmio_phys; + /* virtual address of MMIO space */ +diff --git a/drivers/mtd/Kconfig b/drivers/mtd/Kconfig +index 318a869..4035b6d 100644 +--- a/drivers/mtd/Kconfig ++++ b/drivers/mtd/Kconfig +@@ -128,7 +128,7 @@ config MTD_AFS_PARTS + + config MTD_OF_PARTS + tristate "OpenFirmware partitioning information support" +- default Y ++ default y + depends on OF + help + This provides a partition parsing function which derives +diff --git a/drivers/mtd/nand/nand_bbt.c b/drivers/mtd/nand/nand_bbt.c +index 69148ae..f024375 100644 +--- a/drivers/mtd/nand/nand_bbt.c ++++ b/drivers/mtd/nand/nand_bbt.c +@@ -324,6 +324,7 @@ static int scan_read_raw_oob(struct mtd_info *mtd, uint8_t *buf, loff_t offs, + + buf += mtd->oobsize + mtd->writesize; + len -= mtd->writesize; ++ offs += mtd->writesize; + } + return 0; + } +diff --git a/drivers/net/ethernet/freescale/fec_mpc52xx.c b/drivers/net/ethernet/freescale/fec_mpc52xx.c +index 30745b5..1e52736 100644 +--- a/drivers/net/ethernet/freescale/fec_mpc52xx.c ++++ b/drivers/net/ethernet/freescale/fec_mpc52xx.c +@@ -437,7 +437,7 @@ static irqreturn_t mpc52xx_fec_rx_interrupt(int irq, void *dev_id) + length = status & BCOM_FEC_RX_BD_LEN_MASK; + skb_put(rskb, length - 4); /* length without CRC32 */ + rskb->protocol = eth_type_trans(rskb, dev); +- if (!skb_defer_rx_timestamp(skb)) ++ if (!skb_defer_rx_timestamp(rskb)) + netif_rx(rskb); + + spin_lock(&priv->lock); +diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c +index 697cae3..cc2565c 100644 +--- a/drivers/net/ethernet/realtek/r8169.c ++++ b/drivers/net/ethernet/realtek/r8169.c +@@ -62,8 +62,12 @@ + #define R8169_MSG_DEFAULT \ + (NETIF_MSG_DRV | NETIF_MSG_PROBE | NETIF_MSG_IFUP | NETIF_MSG_IFDOWN) + +-#define TX_BUFFS_AVAIL(tp) \ +- (tp->dirty_tx + NUM_TX_DESC - tp->cur_tx - 1) ++#define TX_SLOTS_AVAIL(tp) \ ++ (tp->dirty_tx + NUM_TX_DESC - tp->cur_tx) ++ ++/* A skbuff with nr_frags needs nr_frags+1 entries in the tx queue */ ++#define TX_FRAGS_READY_FOR(tp,nr_frags) \ ++ (TX_SLOTS_AVAIL(tp) >= (nr_frags + 1)) + + /* Maximum number of multicast addresses to filter (vs. Rx-all-multicast). + The RTL chips use a 64 element hash table based on the Ethernet CRC. */ +@@ -5512,7 +5516,7 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, + u32 opts[2]; + int frags; + +- if (unlikely(TX_BUFFS_AVAIL(tp) < skb_shinfo(skb)->nr_frags)) { ++ if (unlikely(!TX_FRAGS_READY_FOR(tp, skb_shinfo(skb)->nr_frags))) { + netif_err(tp, drv, dev, "BUG! Tx Ring full when queue awake!\n"); + goto err_stop_0; + } +@@ -5560,10 +5564,21 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, + + RTL_W8(TxPoll, NPQ); + +- if (TX_BUFFS_AVAIL(tp) < MAX_SKB_FRAGS) { ++ if (!TX_FRAGS_READY_FOR(tp, MAX_SKB_FRAGS)) { ++ /* Avoid wrongly optimistic queue wake-up: rtl_tx thread must ++ * not miss a ring update when it notices a stopped queue. ++ */ ++ smp_wmb(); + netif_stop_queue(dev); +- smp_rmb(); +- if (TX_BUFFS_AVAIL(tp) >= MAX_SKB_FRAGS) ++ /* Sync with rtl_tx: ++ * - publish queue status and cur_tx ring index (write barrier) ++ * - refresh dirty_tx ring index (read barrier). ++ * May the current thread have a pessimistic view of the ring ++ * status and forget to wake up queue, a racing rtl_tx thread ++ * can't. ++ */ ++ smp_mb(); ++ if (TX_FRAGS_READY_FOR(tp, MAX_SKB_FRAGS)) + netif_wake_queue(dev); + } + +@@ -5663,9 +5678,16 @@ static void rtl8169_tx_interrupt(struct net_device *dev, + + if (tp->dirty_tx != dirty_tx) { + tp->dirty_tx = dirty_tx; +- smp_wmb(); ++ /* Sync with rtl8169_start_xmit: ++ * - publish dirty_tx ring index (write barrier) ++ * - refresh cur_tx ring index and queue status (read barrier) ++ * May the current thread miss the stopped queue condition, ++ * a racing xmit thread can only have a right view of the ++ * ring status. ++ */ ++ smp_mb(); + if (netif_queue_stopped(dev) && +- (TX_BUFFS_AVAIL(tp) >= MAX_SKB_FRAGS)) { ++ TX_FRAGS_READY_FOR(tp, MAX_SKB_FRAGS)) { + netif_wake_queue(dev); + } + /* +@@ -5674,7 +5696,6 @@ static void rtl8169_tx_interrupt(struct net_device *dev, + * of start_xmit activity is detected (if it is not detected, + * it is slow enough). -- FR + */ +- smp_rmb(); + if (tp->cur_tx != dirty_tx) + RTL_W8(TxPoll, NPQ); + } +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c +index 959d448..97f342e 100644 +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -258,7 +258,7 @@ static int macvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev) + + xmit_world: + skb->ip_summed = ip_summed; +- skb_set_dev(skb, vlan->lowerdev); ++ skb->dev = vlan->lowerdev; + return dev_queue_xmit(skb); + } + +diff --git a/drivers/net/usb/asix.c b/drivers/net/usb/asix.c +index a9abee8..fc147a5 100644 +--- a/drivers/net/usb/asix.c ++++ b/drivers/net/usb/asix.c +@@ -35,6 +35,7 @@ + #include <linux/crc32.h> + #include <linux/usb/usbnet.h> + #include <linux/slab.h> ++#include <linux/if_vlan.h> + + #define DRIVER_VERSION "08-Nov-2011" + #define DRIVER_NAME "asix" +@@ -348,7 +349,7 @@ static int asix_rx_fixup(struct usbnet *dev, struct sk_buff *skb) + return 2; + } + +- if (size > dev->net->mtu + ETH_HLEN) { ++ if (size > dev->net->mtu + ETH_HLEN + VLAN_HLEN) { + netdev_err(dev->net, "asix_rx_fixup() Bad RX Length %d\n", + size); + return 0; +diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c +index 03b0a65..76fd277 100644 +--- a/drivers/net/wireless/ath/ath9k/xmit.c ++++ b/drivers/net/wireless/ath/ath9k/xmit.c +@@ -64,7 +64,8 @@ static void ath_tx_update_baw(struct ath_softc *sc, struct ath_atx_tid *tid, + static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc, + struct ath_txq *txq, + struct ath_atx_tid *tid, +- struct sk_buff *skb); ++ struct sk_buff *skb, ++ bool dequeue); + + enum { + MCS_HT20, +@@ -761,7 +762,7 @@ static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc, + fi = get_frame_info(skb); + bf = fi->bf; + if (!fi->bf) +- bf = ath_tx_setup_buffer(sc, txq, tid, skb); ++ bf = ath_tx_setup_buffer(sc, txq, tid, skb, true); + + if (!bf) + continue; +@@ -1669,7 +1670,7 @@ static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_atx_tid *tid, + return; + } + +- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb); ++ bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb, false); + if (!bf) + return; + +@@ -1696,7 +1697,7 @@ static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq, + + bf = fi->bf; + if (!bf) +- bf = ath_tx_setup_buffer(sc, txq, tid, skb); ++ bf = ath_tx_setup_buffer(sc, txq, tid, skb, false); + + if (!bf) + return; +@@ -1761,7 +1762,8 @@ u8 ath_txchainmask_reduction(struct ath_softc *sc, u8 chainmask, u32 rate) + static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc, + struct ath_txq *txq, + struct ath_atx_tid *tid, +- struct sk_buff *skb) ++ struct sk_buff *skb, ++ bool dequeue) + { + struct ath_common *common = ath9k_hw_common(sc->sc_ah); + struct ath_frame_info *fi = get_frame_info(skb); +@@ -1802,6 +1804,8 @@ static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc, + return bf; + + error: ++ if (dequeue) ++ __skb_unlink(skb, &tid->buf_q); + dev_kfree_skb_any(skb); + return NULL; + } +@@ -1833,7 +1837,7 @@ static void ath_tx_start_dma(struct ath_softc *sc, struct sk_buff *skb, + */ + ath_tx_send_ampdu(sc, tid, skb, txctl); + } else { +- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb); ++ bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb, false); + if (!bf) + goto out; + +diff --git a/drivers/net/wireless/iwlwifi/iwl-2000.c b/drivers/net/wireless/iwlwifi/iwl-2000.c +index 9823e41..a97a52a 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-2000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-2000.c +@@ -211,7 +211,7 @@ static struct iwl_base_params iwl2000_base_params = { + .chain_noise_scale = 1000, + .wd_timeout = IWL_DEF_WD_TIMEOUT, + .max_event_log_size = 512, +- .shadow_reg_enable = true, ++ .shadow_reg_enable = false, /* TODO: fix bugs using this feature */ + .hd_v2 = true, + }; + +@@ -230,7 +230,7 @@ static struct iwl_base_params iwl2030_base_params = { + .chain_noise_scale = 1000, + .wd_timeout = IWL_LONG_WD_TIMEOUT, + .max_event_log_size = 512, +- .shadow_reg_enable = true, ++ .shadow_reg_enable = false, /* TODO: fix bugs using this feature */ + .hd_v2 = true, + }; + +diff --git a/drivers/net/wireless/iwlwifi/iwl-6000.c b/drivers/net/wireless/iwlwifi/iwl-6000.c +index b4f809c..0b9f797 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-6000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-6000.c +@@ -308,7 +308,7 @@ static struct iwl_base_params iwl6000_base_params = { + .chain_noise_scale = 1000, + .wd_timeout = IWL_DEF_WD_TIMEOUT, + .max_event_log_size = 512, +- .shadow_reg_enable = true, ++ .shadow_reg_enable = false, /* TODO: fix bugs using this feature */ + }; + + static struct iwl_base_params iwl6050_base_params = { +@@ -325,7 +325,7 @@ static struct iwl_base_params iwl6050_base_params = { + .chain_noise_scale = 1500, + .wd_timeout = IWL_DEF_WD_TIMEOUT, + .max_event_log_size = 1024, +- .shadow_reg_enable = true, ++ .shadow_reg_enable = false, /* TODO: fix bugs using this feature */ + }; + static struct iwl_base_params iwl6000_g2_base_params = { + .eeprom_size = OTP_LOW_IMAGE_SIZE, +@@ -341,7 +341,7 @@ static struct iwl_base_params iwl6000_g2_base_params = { + .chain_noise_scale = 1000, + .wd_timeout = IWL_LONG_WD_TIMEOUT, + .max_event_log_size = 512, +- .shadow_reg_enable = true, ++ .shadow_reg_enable = false, /* TODO: fix bugs using this feature */ + }; + + static struct iwl_ht_params iwl6000_ht_params = { +diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c +index 66118ce..9ba2c1b 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c ++++ b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c +@@ -886,6 +886,7 @@ static void rs_bt_update_lq(struct iwl_priv *priv, struct iwl_rxon_context *ctx, + if ((priv->bt_traffic_load != priv->last_bt_traffic_load) || + (priv->bt_full_concurrent != full_concurrent)) { + priv->bt_full_concurrent = full_concurrent; ++ priv->last_bt_traffic_load = priv->bt_traffic_load; + + /* Update uCode's rate table. */ + tbl = &(lq_sta->lq_info[lq_sta->active_tbl]); +diff --git a/drivers/net/wireless/wl1251/sdio.c b/drivers/net/wireless/wl1251/sdio.c +index 1b851f6..e2750a1 100644 +--- a/drivers/net/wireless/wl1251/sdio.c ++++ b/drivers/net/wireless/wl1251/sdio.c +@@ -260,6 +260,7 @@ static int wl1251_sdio_probe(struct sdio_func *func, + } + + if (wl->irq) { ++ irq_set_status_flags(wl->irq, IRQ_NOAUTOEN); + ret = request_irq(wl->irq, wl1251_line_irq, 0, "wl1251", wl); + if (ret < 0) { + wl1251_error("request_irq() failed: %d", ret); +@@ -267,7 +268,6 @@ static int wl1251_sdio_probe(struct sdio_func *func, + } + + irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING); +- disable_irq(wl->irq); + + wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq; + wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq; +diff --git a/drivers/net/wireless/wl1251/spi.c b/drivers/net/wireless/wl1251/spi.c +index eaa5f95..134ae9c 100644 +--- a/drivers/net/wireless/wl1251/spi.c ++++ b/drivers/net/wireless/wl1251/spi.c +@@ -281,6 +281,7 @@ static int __devinit wl1251_spi_probe(struct spi_device *spi) + + wl->use_eeprom = pdata->use_eeprom; + ++ irq_set_status_flags(wl->irq, IRQ_NOAUTOEN); + ret = request_irq(wl->irq, wl1251_irq, 0, DRIVER_NAME, wl); + if (ret < 0) { + wl1251_error("request_irq() failed: %d", ret); +@@ -289,8 +290,6 @@ static int __devinit wl1251_spi_probe(struct spi_device *spi) + + irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING); + +- disable_irq(wl->irq); +- + ret = wl1251_init_ieee80211(wl); + if (ret) + goto out_irq; +diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c +index f85cfa6..f0ab58e 100644 +--- a/drivers/scsi/scsi_lib.c ++++ b/drivers/scsi/scsi_lib.c +@@ -1382,16 +1382,19 @@ static int scsi_lld_busy(struct request_queue *q) + { + struct scsi_device *sdev = q->queuedata; + struct Scsi_Host *shost; +- struct scsi_target *starget; + + if (!sdev) + return 0; + + shost = sdev->host; +- starget = scsi_target(sdev); + +- if (scsi_host_in_recovery(shost) || scsi_host_is_busy(shost) || +- scsi_target_is_busy(starget) || scsi_device_is_busy(sdev)) ++ /* ++ * Ignore host/starget busy state. ++ * Since block layer does not have a concept of fairness across ++ * multiple queues, congestion of host/starget needs to be handled ++ * in SCSI layer. ++ */ ++ if (scsi_host_in_recovery(shost) || scsi_device_is_busy(sdev)) + return 1; + + return 0; +diff --git a/drivers/scsi/scsi_wait_scan.c b/drivers/scsi/scsi_wait_scan.c +index 74708fc..ae78148 100644 +--- a/drivers/scsi/scsi_wait_scan.c ++++ b/drivers/scsi/scsi_wait_scan.c +@@ -12,7 +12,7 @@ + + #include <linux/module.h> + #include <linux/device.h> +-#include <scsi/scsi_scan.h> ++#include "scsi_priv.h" + + static int __init wait_scan_init(void) + { +diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c +index cad8b92..455a251 100644 +--- a/drivers/target/target_core_file.c ++++ b/drivers/target/target_core_file.c +@@ -134,21 +134,11 @@ static struct se_device *fd_create_virtdevice( + ret = PTR_ERR(dev_p); + goto fail; + } +-#if 0 +- if (di->no_create_file) +- flags = O_RDWR | O_LARGEFILE; +- else +- flags = O_RDWR | O_CREAT | O_LARGEFILE; +-#else +- flags = O_RDWR | O_CREAT | O_LARGEFILE; +-#endif +-/* flags |= O_DIRECT; */ + /* +- * If fd_buffered_io=1 has not been set explicitly (the default), +- * use O_SYNC to force FILEIO writes to disk. ++ * Use O_DSYNC by default instead of O_SYNC to forgo syncing ++ * of pure timestamp updates. + */ +- if (!(fd_dev->fbd_flags & FDBD_USE_BUFFERED_IO)) +- flags |= O_SYNC; ++ flags = O_RDWR | O_CREAT | O_LARGEFILE | O_DSYNC; + + file = filp_open(dev_p, flags, 0600); + if (IS_ERR(file)) { +@@ -400,26 +390,6 @@ static void fd_emulate_sync_cache(struct se_task *task) + transport_complete_sync_cache(cmd, ret == 0); + } + +-/* +- * WRITE Force Unit Access (FUA) emulation on a per struct se_task +- * LBA range basis.. +- */ +-static void fd_emulate_write_fua(struct se_cmd *cmd, struct se_task *task) +-{ +- struct se_device *dev = cmd->se_dev; +- struct fd_dev *fd_dev = dev->dev_ptr; +- loff_t start = task->task_lba * dev->se_sub_dev->se_dev_attrib.block_size; +- loff_t end = start + task->task_size; +- int ret; +- +- pr_debug("FILEIO: FUA WRITE LBA: %llu, bytes: %u\n", +- task->task_lba, task->task_size); +- +- ret = vfs_fsync_range(fd_dev->fd_file, start, end, 1); +- if (ret != 0) +- pr_err("FILEIO: vfs_fsync_range() failed: %d\n", ret); +-} +- + static int fd_do_task(struct se_task *task) + { + struct se_cmd *cmd = task->task_se_cmd; +@@ -434,19 +404,21 @@ static int fd_do_task(struct se_task *task) + ret = fd_do_readv(task); + } else { + ret = fd_do_writev(task); +- ++ /* ++ * Perform implict vfs_fsync_range() for fd_do_writev() ops ++ * for SCSI WRITEs with Forced Unit Access (FUA) set. ++ * Allow this to happen independent of WCE=0 setting. ++ */ + if (ret > 0 && +- dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0 && + dev->se_sub_dev->se_dev_attrib.emulate_fua_write > 0 && + (cmd->se_cmd_flags & SCF_FUA)) { +- /* +- * We might need to be a bit smarter here +- * and return some sense data to let the initiator +- * know the FUA WRITE cache sync failed..? +- */ +- fd_emulate_write_fua(cmd, task); +- } ++ struct fd_dev *fd_dev = dev->dev_ptr; ++ loff_t start = task->task_lba * ++ dev->se_sub_dev->se_dev_attrib.block_size; ++ loff_t end = start + task->task_size; + ++ vfs_fsync_range(fd_dev->fd_file, start, end, 1); ++ } + } + + if (ret < 0) { +@@ -478,7 +450,6 @@ enum { + static match_table_t tokens = { + {Opt_fd_dev_name, "fd_dev_name=%s"}, + {Opt_fd_dev_size, "fd_dev_size=%s"}, +- {Opt_fd_buffered_io, "fd_buffered_io=%d"}, + {Opt_err, NULL} + }; + +@@ -490,7 +461,7 @@ static ssize_t fd_set_configfs_dev_params( + struct fd_dev *fd_dev = se_dev->se_dev_su_ptr; + char *orig, *ptr, *arg_p, *opts; + substring_t args[MAX_OPT_ARGS]; +- int ret = 0, arg, token; ++ int ret = 0, token; + + opts = kstrdup(page, GFP_KERNEL); + if (!opts) +@@ -534,19 +505,6 @@ static ssize_t fd_set_configfs_dev_params( + " bytes\n", fd_dev->fd_dev_size); + fd_dev->fbd_flags |= FBDF_HAS_SIZE; + break; +- case Opt_fd_buffered_io: +- match_int(args, &arg); +- if (arg != 1) { +- pr_err("bogus fd_buffered_io=%d value\n", arg); +- ret = -EINVAL; +- goto out; +- } +- +- pr_debug("FILEIO: Using buffered I/O" +- " operations for struct fd_dev\n"); +- +- fd_dev->fbd_flags |= FDBD_USE_BUFFERED_IO; +- break; + default: + break; + } +@@ -578,10 +536,8 @@ static ssize_t fd_show_configfs_dev_params( + ssize_t bl = 0; + + bl = sprintf(b + bl, "TCM FILEIO ID: %u", fd_dev->fd_dev_id); +- bl += sprintf(b + bl, " File: %s Size: %llu Mode: %s\n", +- fd_dev->fd_dev_name, fd_dev->fd_dev_size, +- (fd_dev->fbd_flags & FDBD_USE_BUFFERED_IO) ? +- "Buffered" : "Synchronous"); ++ bl += sprintf(b + bl, " File: %s Size: %llu Mode: O_DSYNC\n", ++ fd_dev->fd_dev_name, fd_dev->fd_dev_size); + return bl; + } + +diff --git a/drivers/target/target_core_file.h b/drivers/target/target_core_file.h +index 59e6e73..53ece69 100644 +--- a/drivers/target/target_core_file.h ++++ b/drivers/target/target_core_file.h +@@ -18,7 +18,6 @@ struct fd_request { + + #define FBDF_HAS_PATH 0x01 + #define FBDF_HAS_SIZE 0x02 +-#define FDBD_USE_BUFFERED_IO 0x04 + + struct fd_dev { + u32 fbd_flags; +diff --git a/fs/attr.c b/fs/attr.c +index 7ee7ba4..b8f55c4 100644 +--- a/fs/attr.c ++++ b/fs/attr.c +@@ -176,6 +176,11 @@ int notify_change(struct dentry * dentry, struct iattr * attr) + return -EPERM; + } + ++ if ((ia_valid & ATTR_SIZE) && IS_I_VERSION(inode)) { ++ if (attr->ia_size != inode->i_size) ++ inode_inc_iversion(inode); ++ } ++ + if ((ia_valid & ATTR_MODE)) { + mode_t amode = attr->ia_mode; + /* Flag setting protected by i_mutex */ +diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h +index c467ac8..2f3ff59 100644 +--- a/fs/cifs/cifsglob.h ++++ b/fs/cifs/cifsglob.h +@@ -43,6 +43,7 @@ + + #define CIFS_MIN_RCV_POOL 4 + ++#define MAX_REOPEN_ATT 5 /* these many maximum attempts to reopen a file */ + /* + * default attribute cache timeout (jiffies) + */ +diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h +index 6f4e243..26917d3 100644 +--- a/fs/cifs/cifsproto.h ++++ b/fs/cifs/cifsproto.h +@@ -184,11 +184,13 @@ extern int CIFSTCon(unsigned int xid, struct cifs_ses *ses, + + extern int CIFSFindFirst(const int xid, struct cifs_tcon *tcon, + const char *searchName, const struct nls_table *nls_codepage, +- __u16 *searchHandle, struct cifs_search_info *psrch_inf, ++ __u16 *searchHandle, __u16 search_flags, ++ struct cifs_search_info *psrch_inf, + int map, const char dirsep); + + extern int CIFSFindNext(const int xid, struct cifs_tcon *tcon, +- __u16 searchHandle, struct cifs_search_info *psrch_inf); ++ __u16 searchHandle, __u16 search_flags, ++ struct cifs_search_info *psrch_inf); + + extern int CIFSFindClose(const int, struct cifs_tcon *tcon, + const __u16 search_handle); +diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c +index e89803b..6aa7457 100644 +--- a/fs/cifs/cifssmb.c ++++ b/fs/cifs/cifssmb.c +@@ -4327,7 +4327,7 @@ int + CIFSFindFirst(const int xid, struct cifs_tcon *tcon, + const char *searchName, + const struct nls_table *nls_codepage, +- __u16 *pnetfid, ++ __u16 *pnetfid, __u16 search_flags, + struct cifs_search_info *psrch_inf, int remap, const char dirsep) + { + /* level 257 SMB_ */ +@@ -4399,8 +4399,7 @@ findFirstRetry: + cpu_to_le16(ATTR_READONLY | ATTR_HIDDEN | ATTR_SYSTEM | + ATTR_DIRECTORY); + pSMB->SearchCount = cpu_to_le16(CIFSMaxBufSize/sizeof(FILE_UNIX_INFO)); +- pSMB->SearchFlags = cpu_to_le16(CIFS_SEARCH_CLOSE_AT_END | +- CIFS_SEARCH_RETURN_RESUME); ++ pSMB->SearchFlags = cpu_to_le16(search_flags); + pSMB->InformationLevel = cpu_to_le16(psrch_inf->info_level); + + /* BB what should we set StorageType to? Does it matter? BB */ +@@ -4470,8 +4469,8 @@ findFirstRetry: + return rc; + } + +-int CIFSFindNext(const int xid, struct cifs_tcon *tcon, +- __u16 searchHandle, struct cifs_search_info *psrch_inf) ++int CIFSFindNext(const int xid, struct cifs_tcon *tcon, __u16 searchHandle, ++ __u16 search_flags, struct cifs_search_info *psrch_inf) + { + TRANSACTION2_FNEXT_REQ *pSMB = NULL; + TRANSACTION2_FNEXT_RSP *pSMBr = NULL; +@@ -4514,8 +4513,7 @@ int CIFSFindNext(const int xid, struct cifs_tcon *tcon, + cpu_to_le16(CIFSMaxBufSize / sizeof(FILE_UNIX_INFO)); + pSMB->InformationLevel = cpu_to_le16(psrch_inf->info_level); + pSMB->ResumeKey = psrch_inf->resume_key; +- pSMB->SearchFlags = +- cpu_to_le16(CIFS_SEARCH_CLOSE_AT_END | CIFS_SEARCH_RETURN_RESUME); ++ pSMB->SearchFlags = cpu_to_le16(search_flags); + + name_len = psrch_inf->resume_name_len; + params += name_len; +diff --git a/fs/cifs/file.c b/fs/cifs/file.c +index 0f7dc22..0bb785f 100644 +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -1534,10 +1534,11 @@ struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *cifs_inode, + struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *cifs_inode, + bool fsuid_only) + { +- struct cifsFileInfo *open_file; ++ struct cifsFileInfo *open_file, *inv_file = NULL; + struct cifs_sb_info *cifs_sb; + bool any_available = false; + int rc; ++ unsigned int refind = 0; + + /* Having a null inode here (because mapping->host was set to zero by + the VFS or MM) should not happen but we had reports of on oops (due to +@@ -1557,40 +1558,25 @@ struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *cifs_inode, + + spin_lock(&cifs_file_list_lock); + refind_writable: ++ if (refind > MAX_REOPEN_ATT) { ++ spin_unlock(&cifs_file_list_lock); ++ return NULL; ++ } + list_for_each_entry(open_file, &cifs_inode->openFileList, flist) { + if (!any_available && open_file->pid != current->tgid) + continue; + if (fsuid_only && open_file->uid != current_fsuid()) + continue; + if (OPEN_FMODE(open_file->f_flags) & FMODE_WRITE) { +- cifsFileInfo_get(open_file); +- + if (!open_file->invalidHandle) { + /* found a good writable file */ ++ cifsFileInfo_get(open_file); + spin_unlock(&cifs_file_list_lock); + return open_file; ++ } else { ++ if (!inv_file) ++ inv_file = open_file; + } +- +- spin_unlock(&cifs_file_list_lock); +- +- /* Had to unlock since following call can block */ +- rc = cifs_reopen_file(open_file, false); +- if (!rc) +- return open_file; +- +- /* if it fails, try another handle if possible */ +- cFYI(1, "wp failed on reopen file"); +- cifsFileInfo_put(open_file); +- +- spin_lock(&cifs_file_list_lock); +- +- /* else we simply continue to the next entry. Thus +- we do not loop on reopen errors. If we +- can not reopen the file, for example if we +- reconnected to a server with another client +- racing to delete or lock the file we would not +- make progress if we restarted before the beginning +- of the loop here. */ + } + } + /* couldn't find useable FH with same pid, try any available */ +@@ -1598,7 +1584,30 @@ refind_writable: + any_available = true; + goto refind_writable; + } ++ ++ if (inv_file) { ++ any_available = false; ++ cifsFileInfo_get(inv_file); ++ } ++ + spin_unlock(&cifs_file_list_lock); ++ ++ if (inv_file) { ++ rc = cifs_reopen_file(inv_file, false); ++ if (!rc) ++ return inv_file; ++ else { ++ spin_lock(&cifs_file_list_lock); ++ list_move_tail(&inv_file->flist, ++ &cifs_inode->openFileList); ++ spin_unlock(&cifs_file_list_lock); ++ cifsFileInfo_put(inv_file); ++ spin_lock(&cifs_file_list_lock); ++ ++refind; ++ goto refind_writable; ++ } ++ } ++ + return NULL; + } + +diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c +index a090bbe..db4a138 100644 +--- a/fs/cifs/readdir.c ++++ b/fs/cifs/readdir.c +@@ -219,6 +219,7 @@ int get_symlink_reparse_path(char *full_path, struct cifs_sb_info *cifs_sb, + + static int initiate_cifs_search(const int xid, struct file *file) + { ++ __u16 search_flags; + int rc = 0; + char *full_path = NULL; + struct cifsFileInfo *cifsFile; +@@ -270,8 +271,12 @@ ffirst_retry: + cifsFile->srch_inf.info_level = SMB_FIND_FILE_DIRECTORY_INFO; + } + ++ search_flags = CIFS_SEARCH_CLOSE_AT_END | CIFS_SEARCH_RETURN_RESUME; ++ if (backup_cred(cifs_sb)) ++ search_flags |= CIFS_SEARCH_BACKUP_SEARCH; ++ + rc = CIFSFindFirst(xid, pTcon, full_path, cifs_sb->local_nls, +- &cifsFile->netfid, &cifsFile->srch_inf, ++ &cifsFile->netfid, search_flags, &cifsFile->srch_inf, + cifs_sb->mnt_cifs_flags & + CIFS_MOUNT_MAP_SPECIAL_CHR, CIFS_DIR_SEP(cifs_sb)); + if (rc == 0) +@@ -502,11 +507,13 @@ static int cifs_save_resume_key(const char *current_entry, + static int find_cifs_entry(const int xid, struct cifs_tcon *pTcon, + struct file *file, char **ppCurrentEntry, int *num_to_ret) + { ++ __u16 search_flags; + int rc = 0; + int pos_in_buf = 0; + loff_t first_entry_in_buffer; + loff_t index_to_find = file->f_pos; + struct cifsFileInfo *cifsFile = file->private_data; ++ struct cifs_sb_info *cifs_sb = CIFS_SB(file->f_path.dentry->d_sb); + /* check if index in the buffer */ + + if ((cifsFile == NULL) || (ppCurrentEntry == NULL) || +@@ -560,10 +567,14 @@ static int find_cifs_entry(const int xid, struct cifs_tcon *pTcon, + cifsFile); + } + ++ search_flags = CIFS_SEARCH_CLOSE_AT_END | CIFS_SEARCH_RETURN_RESUME; ++ if (backup_cred(cifs_sb)) ++ search_flags |= CIFS_SEARCH_BACKUP_SEARCH; ++ + while ((index_to_find >= cifsFile->srch_inf.index_of_last_entry) && + (rc == 0) && !cifsFile->srch_inf.endOfSearch) { + cFYI(1, "calling findnext2"); +- rc = CIFSFindNext(xid, pTcon, cifsFile->netfid, ++ rc = CIFSFindNext(xid, pTcon, cifsFile->netfid, search_flags, + &cifsFile->srch_inf); + /* FindFirst/Next set last_entry to NULL on malformed reply */ + if (cifsFile->srch_inf.last_entry) +diff --git a/fs/exofs/super.c b/fs/exofs/super.c +index e6085ec..7ed5000 100644 +--- a/fs/exofs/super.c ++++ b/fs/exofs/super.c +@@ -745,7 +745,6 @@ static int exofs_fill_super(struct super_block *sb, void *data, int silent) + sbi->one_comp.obj.partition = opts->pid; + sbi->one_comp.obj.id = 0; + exofs_make_credential(sbi->one_comp.cred, &sbi->one_comp.obj); +- sbi->oc.numdevs = 1; + sbi->oc.single_comp = EC_SINGLE_COMP; + sbi->oc.comps = &sbi->one_comp; + +@@ -803,6 +802,7 @@ static int exofs_fill_super(struct super_block *sb, void *data, int silent) + goto free_sbi; + + ore_comp_set_dev(&sbi->oc, 0, od); ++ sbi->oc.numdevs = 1; + } + + __sbi_read_stats(sbi); +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c +index 12ccacd..914bf9e 100644 +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -88,8 +88,8 @@ unsigned ext4_num_overhead_clusters(struct super_block *sb, + * unusual file system layouts. + */ + if (ext4_block_in_group(sb, ext4_block_bitmap(sb, gdp), block_group)) { +- block_cluster = EXT4_B2C(sbi, (start - +- ext4_block_bitmap(sb, gdp))); ++ block_cluster = EXT4_B2C(sbi, ++ ext4_block_bitmap(sb, gdp) - start); + if (block_cluster < num_clusters) + block_cluster = -1; + else if (block_cluster == num_clusters) { +@@ -100,7 +100,7 @@ unsigned ext4_num_overhead_clusters(struct super_block *sb, + + if (ext4_block_in_group(sb, ext4_inode_bitmap(sb, gdp), block_group)) { + inode_cluster = EXT4_B2C(sbi, +- start - ext4_inode_bitmap(sb, gdp)); ++ ext4_inode_bitmap(sb, gdp) - start); + if (inode_cluster < num_clusters) + inode_cluster = -1; + else if (inode_cluster == num_clusters) { +@@ -112,7 +112,7 @@ unsigned ext4_num_overhead_clusters(struct super_block *sb, + itbl_blk = ext4_inode_table(sb, gdp); + for (i = 0; i < sbi->s_itb_per_group; i++) { + if (ext4_block_in_group(sb, itbl_blk + i, block_group)) { +- c = EXT4_B2C(sbi, start - itbl_blk + i); ++ c = EXT4_B2C(sbi, itbl_blk + i - start); + if ((c < num_clusters) || (c == inode_cluster) || + (c == block_cluster) || (c == itbl_cluster)) + continue; +diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c +index ab25f57..76a6e3b 100644 +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -36,7 +36,7 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + handle_t *handle = NULL; + int err, migrate = 0; + struct ext4_iloc iloc; +- unsigned int oldflags; ++ unsigned int oldflags, mask, i; + unsigned int jflag; + + if (!inode_owner_or_capable(inode)) +@@ -113,9 +113,14 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + if (err) + goto flags_err; + +- flags = flags & EXT4_FL_USER_MODIFIABLE; +- flags |= oldflags & ~EXT4_FL_USER_MODIFIABLE; +- ei->i_flags = flags; ++ for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { ++ if (!(mask & EXT4_FL_USER_MODIFIABLE)) ++ continue; ++ if (mask & flags) ++ ext4_set_inode_flag(inode, i); ++ else ++ ext4_clear_inode_flag(inode, i); ++ } + + ext4_set_inode_flags(inode); + inode->i_ctime = ext4_current_time(inode); +diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c +index e2d8be8..1d07c12 100644 +--- a/fs/ext4/mballoc.c ++++ b/fs/ext4/mballoc.c +@@ -2567,6 +2567,9 @@ int ext4_mb_release(struct super_block *sb) + struct ext4_sb_info *sbi = EXT4_SB(sb); + struct kmem_cache *cachep = get_groupinfo_cache(sb->s_blocksize_bits); + ++ if (sbi->s_proc) ++ remove_proc_entry("mb_groups", sbi->s_proc); ++ + if (sbi->s_group_info) { + for (i = 0; i < ngroups; i++) { + grinfo = ext4_get_group_info(sb, i); +@@ -2614,8 +2617,6 @@ int ext4_mb_release(struct super_block *sb) + } + + free_percpu(sbi->s_locality_groups); +- if (sbi->s_proc) +- remove_proc_entry("mb_groups", sbi->s_proc); + + return 0; + } +@@ -4693,6 +4694,7 @@ do_more: + */ + new_entry = kmem_cache_alloc(ext4_free_ext_cachep, GFP_NOFS); + if (!new_entry) { ++ ext4_mb_unload_buddy(&e4b); + err = -ENOMEM; + goto error_return; + } +diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c +index aa4c782..4dd0890 100644 +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -1037,6 +1037,12 @@ static struct dentry *ext4_lookup(struct inode *dir, struct dentry *dentry, stru + EXT4_ERROR_INODE(dir, "bad inode number: %u", ino); + return ERR_PTR(-EIO); + } ++ if (unlikely(ino == dir->i_ino)) { ++ EXT4_ERROR_INODE(dir, "'%.*s' linked to parent dir", ++ dentry->d_name.len, ++ dentry->d_name.name); ++ return ERR_PTR(-EIO); ++ } + inode = ext4_iget(dir->i_sb, ino); + if (inode == ERR_PTR(-ESTALE)) { + EXT4_ERROR_INODE(dir, +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 961059b..ab7aa3f 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -480,6 +480,7 @@ void __ext4_error(struct super_block *sb, const char *function, + printk(KERN_CRIT "EXT4-fs error (device %s): %s:%d: comm %s: %pV\n", + sb->s_id, function, line, current->comm, &vaf); + va_end(args); ++ save_error_info(sb, function, line); + + ext4_handle_error(sb); + } +@@ -3727,7 +3728,8 @@ no_journal: + goto failed_mount4; + } + +- ext4_setup_super(sb, es, sb->s_flags & MS_RDONLY); ++ if (ext4_setup_super(sb, es, sb->s_flags & MS_RDONLY)) ++ sb->s_flags |= MS_RDONLY; + + /* determine the minimum size of new large inodes, if present */ + if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) { +diff --git a/fs/namespace.c b/fs/namespace.c +index cfc6d44..ca4913a 100644 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -1244,8 +1244,9 @@ void umount_tree(struct vfsmount *mnt, int propagate, struct list_head *kill) + list_del_init(&p->mnt_expire); + list_del_init(&p->mnt_list); + __touch_mnt_namespace(p->mnt_ns); ++ if (p->mnt_ns) ++ __mnt_make_shortterm(p); + p->mnt_ns = NULL; +- __mnt_make_shortterm(p); + list_del_init(&p->mnt_child); + if (p->mnt_parent != p) { + p->mnt_parent->mnt_ghosts++; +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 03d9b90..a3cae5d 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -96,6 +96,8 @@ static int nfs4_map_errors(int err) + case -NFS4ERR_BADOWNER: + case -NFS4ERR_BADNAME: + return -EINVAL; ++ case -NFS4ERR_SHARE_DENIED: ++ return -EACCES; + default: + dprintk("%s could not handle NFSv4 error %d\n", + __func__, -err); +diff --git a/include/drm/drm_pciids.h b/include/drm/drm_pciids.h +index 14b6cd0..def807c 100644 +--- a/include/drm/drm_pciids.h ++++ b/include/drm/drm_pciids.h +@@ -181,6 +181,7 @@ + {0x1002, 0x6747, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6748, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6749, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ ++ {0x1002, 0x674A, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6750, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6751, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6758, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ +@@ -198,6 +199,7 @@ + {0x1002, 0x6767, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6768, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6770, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ ++ {0x1002, 0x6771, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6772, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6778, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ + {0x1002, 0x6779, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ +@@ -493,6 +495,7 @@ + {0x1002, 0x9645, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO2|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ + {0x1002, 0x9647, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP},\ + {0x1002, 0x9648, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP},\ ++ {0x1002, 0x9649, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP},\ + {0x1002, 0x964a, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ + {0x1002, 0x964b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ + {0x1002, 0x964c, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ +@@ -512,6 +515,7 @@ + {0x1002, 0x9807, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ + {0x1002, 0x9808, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ + {0x1002, 0x9809, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ ++ {0x1002, 0x980A, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ + {0, 0, 0} + + #define r128_PCI_IDS \ +diff --git a/include/linux/Kbuild b/include/linux/Kbuild +index 619b565..bd21ecd 100644 +--- a/include/linux/Kbuild ++++ b/include/linux/Kbuild +@@ -224,6 +224,7 @@ header-y += kd.h + header-y += kdev_t.h + header-y += kernel.h + header-y += kernelcapi.h ++header-y += kernel-page-flags.h + header-y += keyboard.h + header-y += keyctl.h + header-y += l2tp.h +diff --git a/include/linux/kernel-page-flags.h b/include/linux/kernel-page-flags.h +index bd92a89..096b05d 100644 +--- a/include/linux/kernel-page-flags.h ++++ b/include/linux/kernel-page-flags.h +@@ -31,6 +31,8 @@ + + #define KPF_KSM 21 + ++#ifdef __KERNEL__ ++ + /* kernel hacking assistances + * WARNING: subject to change, never rely on them! + */ +@@ -43,4 +45,6 @@ + #define KPF_ARCH 38 + #define KPF_UNCACHED 39 + ++#endif /* __KERNEL__ */ ++ + #endif /* LINUX_KERNEL_PAGE_FLAGS_H */ +diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h +index cbeb586..cb52340 100644 +--- a/include/linux/netdevice.h ++++ b/include/linux/netdevice.h +@@ -1420,15 +1420,6 @@ static inline bool netdev_uses_dsa_tags(struct net_device *dev) + return 0; + } + +-#ifndef CONFIG_NET_NS +-static inline void skb_set_dev(struct sk_buff *skb, struct net_device *dev) +-{ +- skb->dev = dev; +-} +-#else /* CONFIG_NET_NS */ +-void skb_set_dev(struct sk_buff *skb, struct net_device *dev); +-#endif +- + static inline bool netdev_uses_trailer_tags(struct net_device *dev) + { + #ifdef CONFIG_NET_DSA_TAG_TRAILER +diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h +index 0ddd161..31d2844 100644 +--- a/include/linux/netfilter_bridge.h ++++ b/include/linux/netfilter_bridge.h +@@ -104,9 +104,18 @@ struct bridge_skb_cb { + } daddr; + }; + ++static inline void br_drop_fake_rtable(struct sk_buff *skb) ++{ ++ struct dst_entry *dst = skb_dst(skb); ++ ++ if (dst && (dst->flags & DST_FAKE_RTABLE)) ++ skb_dst_drop(skb); ++} ++ + #else + #define nf_bridge_maybe_copy_header(skb) (0) + #define nf_bridge_pad(skb) (0) ++#define br_drop_fake_rtable(skb) do { } while (0) + #endif /* CONFIG_BRIDGE_NETFILTER */ + + #endif /* __KERNEL__ */ +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index e689b47..bdb4590 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -1866,8 +1866,6 @@ static inline int __skb_cow(struct sk_buff *skb, unsigned int headroom, + { + int delta = 0; + +- if (headroom < NET_SKB_PAD) +- headroom = NET_SKB_PAD; + if (headroom > skb_headroom(skb)) + delta = headroom - skb_headroom(skb); + +diff --git a/include/net/dst.h b/include/net/dst.h +index 75766b4..16010d1 100644 +--- a/include/net/dst.h ++++ b/include/net/dst.h +@@ -54,6 +54,8 @@ struct dst_entry { + #define DST_NOCACHE 0x0010 + #define DST_NOCOUNT 0x0020 + #define DST_NOPEER 0x0040 ++#define DST_FAKE_RTABLE 0x0080 ++#define DST_XFRM_TUNNEL 0x0100 + + short error; + short obsolete; +diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h +index 6a72a58..ad03988 100644 +--- a/include/net/sctp/sctp.h ++++ b/include/net/sctp/sctp.h +@@ -703,4 +703,17 @@ static inline void sctp_v4_map_v6(union sctp_addr *addr) + addr->v6.sin6_addr.s6_addr32[2] = htonl(0x0000ffff); + } + ++/* The cookie is always 0 since this is how it's used in the ++ * pmtu code. ++ */ ++static inline struct dst_entry *sctp_transport_dst_check(struct sctp_transport *t) ++{ ++ if (t->dst && !dst_check(t->dst, 0)) { ++ dst_release(t->dst); ++ t->dst = NULL; ++ } ++ ++ return t->dst; ++} ++ + #endif /* __net_sctp_h__ */ +diff --git a/kernel/fork.c b/kernel/fork.c +index 26f1ab0..79ee71f 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -352,7 +352,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) + } + charge = 0; + if (mpnt->vm_flags & VM_ACCOUNT) { +- unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; ++ unsigned long len; ++ len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + if (security_vm_enough_memory(len)) + goto fail_nomem; + charge = len; +diff --git a/lib/btree.c b/lib/btree.c +index 2a34392..297124d 100644 +--- a/lib/btree.c ++++ b/lib/btree.c +@@ -319,8 +319,8 @@ void *btree_get_prev(struct btree_head *head, struct btree_geo *geo, + + if (head->height == 0) + return NULL; +-retry: + longcpy(key, __key, geo->keylen); ++retry: + dec_key(geo, key); + + node = head->node; +@@ -351,7 +351,7 @@ retry: + } + miss: + if (retry_key) { +- __key = retry_key; ++ longcpy(key, retry_key, geo->keylen); + retry_key = NULL; + goto retry; + } +diff --git a/mm/hugetlb.c b/mm/hugetlb.c +index 7120c2e..5f5c545 100644 +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -2068,6 +2068,15 @@ static void hugetlb_vm_op_open(struct vm_area_struct *vma) + kref_get(&reservations->refs); + } + ++static void resv_map_put(struct vm_area_struct *vma) ++{ ++ struct resv_map *reservations = vma_resv_map(vma); ++ ++ if (!reservations) ++ return; ++ kref_put(&reservations->refs, resv_map_release); ++} ++ + static void hugetlb_vm_op_close(struct vm_area_struct *vma) + { + struct hstate *h = hstate_vma(vma); +@@ -2083,7 +2092,7 @@ static void hugetlb_vm_op_close(struct vm_area_struct *vma) + reserve = (end - start) - + region_count(&reservations->regions, start, end); + +- kref_put(&reservations->refs, resv_map_release); ++ resv_map_put(vma); + + if (reserve) { + hugetlb_acct_memory(h, -reserve); +@@ -2884,12 +2893,16 @@ int hugetlb_reserve_pages(struct inode *inode, + set_vma_resv_flags(vma, HPAGE_RESV_OWNER); + } + +- if (chg < 0) +- return chg; ++ if (chg < 0) { ++ ret = chg; ++ goto out_err; ++ } + + /* There must be enough filesystem quota for the mapping */ +- if (hugetlb_get_quota(inode->i_mapping, chg)) +- return -ENOSPC; ++ if (hugetlb_get_quota(inode->i_mapping, chg)) { ++ ret = -ENOSPC; ++ goto out_err; ++ } + + /* + * Check enough hugepages are available for the reservation. +@@ -2898,7 +2911,7 @@ int hugetlb_reserve_pages(struct inode *inode, + ret = hugetlb_acct_memory(h, chg); + if (ret < 0) { + hugetlb_put_quota(inode->i_mapping, chg); +- return ret; ++ goto out_err; + } + + /* +@@ -2915,6 +2928,10 @@ int hugetlb_reserve_pages(struct inode *inode, + if (!vma || vma->vm_flags & VM_MAYSHARE) + region_add(&inode->i_mapping->private_list, from, to); + return 0; ++out_err: ++ if (vma) ++ resv_map_put(vma); ++ return ret; + } + + void hugetlb_unreserve_pages(struct inode *inode, long offset, long freed) +diff --git a/mm/slub.c b/mm/slub.c +index a99c785..af47188 100644 +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -1506,15 +1506,19 @@ static inline void *acquire_slab(struct kmem_cache *s, + freelist = page->freelist; + counters = page->counters; + new.counters = counters; +- if (mode) ++ if (mode) { + new.inuse = page->objects; ++ new.freelist = NULL; ++ } else { ++ new.freelist = freelist; ++ } + + VM_BUG_ON(new.frozen); + new.frozen = 1; + + } while (!__cmpxchg_double_slab(s, page, + freelist, counters, +- NULL, new.counters, ++ new.freelist, new.counters, + "lock and freeze")); + + remove_partial(n, page); +@@ -1556,7 +1560,6 @@ static void *get_partial_node(struct kmem_cache *s, + object = t; + available = page->objects - page->inuse; + } else { +- page->freelist = t; + available = put_cpu_partial(s, page, 0); + } + if (kmem_cache_debug(s) || available > s->cpu_partial / 2) +diff --git a/mm/vmalloc.c b/mm/vmalloc.c +index 27be2f0..eeba3bb 100644 +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -256,7 +256,7 @@ struct vmap_area { + struct rb_node rb_node; /* address sorted rbtree */ + struct list_head list; /* address sorted list */ + struct list_head purge_list; /* "lazy purge" list */ +- void *private; ++ struct vm_struct *vm; + struct rcu_head rcu_head; + }; + +@@ -1160,9 +1160,10 @@ void __init vmalloc_init(void) + /* Import existing vmlist entries. */ + for (tmp = vmlist; tmp; tmp = tmp->next) { + va = kzalloc(sizeof(struct vmap_area), GFP_NOWAIT); +- va->flags = tmp->flags | VM_VM_AREA; ++ va->flags = VM_VM_AREA; + va->va_start = (unsigned long)tmp->addr; + va->va_end = va->va_start + tmp->size; ++ va->vm = tmp; + __insert_vmap_area(va); + } + +@@ -1260,7 +1261,7 @@ static void setup_vmalloc_vm(struct vm_struct *vm, struct vmap_area *va, + vm->addr = (void *)va->va_start; + vm->size = va->va_end - va->va_start; + vm->caller = caller; +- va->private = vm; ++ va->vm = vm; + va->flags |= VM_VM_AREA; + } + +@@ -1383,7 +1384,7 @@ static struct vm_struct *find_vm_area(const void *addr) + + va = find_vmap_area((unsigned long)addr); + if (va && va->flags & VM_VM_AREA) +- return va->private; ++ return va->vm; + + return NULL; + } +@@ -1402,7 +1403,7 @@ struct vm_struct *remove_vm_area(const void *addr) + + va = find_vmap_area((unsigned long)addr); + if (va && va->flags & VM_VM_AREA) { +- struct vm_struct *vm = va->private; ++ struct vm_struct *vm = va->vm; + + if (!(vm->flags & VM_UNLIST)) { + struct vm_struct *tmp, **p; +diff --git a/mm/vmscan.c b/mm/vmscan.c +index cb33d9c..fbe2d2c 100644 +--- a/mm/vmscan.c ++++ b/mm/vmscan.c +@@ -697,7 +697,7 @@ static enum page_references page_check_references(struct page *page, + return PAGEREF_RECLAIM; + + if (referenced_ptes) { +- if (PageAnon(page)) ++ if (PageSwapBacked(page)) + return PAGEREF_ACTIVATE; + /* + * All mapped pages start out with page table +diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c +index bc25286..0cccca8 100644 +--- a/net/8021q/vlan_dev.c ++++ b/net/8021q/vlan_dev.c +@@ -156,7 +156,7 @@ static netdev_tx_t vlan_dev_hard_start_xmit(struct sk_buff *skb, + skb = __vlan_hwaccel_put_tag(skb, vlan_tci); + } + +- skb_set_dev(skb, vlan_dev_info(dev)->real_dev); ++ skb->dev = vlan_dev_info(dev)->real_dev; + len = skb->len; + ret = dev_queue_xmit(skb); + +diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c +index ee64287..e221f88 100644 +--- a/net/bridge/br_forward.c ++++ b/net/bridge/br_forward.c +@@ -47,6 +47,7 @@ int br_dev_queue_push_xmit(struct sk_buff *skb) + kfree_skb(skb); + } else { + skb_push(skb, ETH_HLEN); ++ br_drop_fake_rtable(skb); + dev_queue_xmit(skb); + } + +diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c +index fa8b8f7..577ea5d 100644 +--- a/net/bridge/br_netfilter.c ++++ b/net/bridge/br_netfilter.c +@@ -147,7 +147,7 @@ void br_netfilter_rtable_init(struct net_bridge *br) + rt->dst.dev = br->dev; + rt->dst.path = &rt->dst; + dst_init_metrics(&rt->dst, br_dst_default_metrics, true); +- rt->dst.flags = DST_NOXFRM | DST_NOPEER; ++ rt->dst.flags = DST_NOXFRM | DST_NOPEER | DST_FAKE_RTABLE; + rt->dst.ops = &fake_dst_ops; + } + +@@ -687,11 +687,7 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) + { +- struct rtable *rt = skb_rtable(skb); +- +- if (rt && rt == bridge_parent_rtable(in)) +- skb_dst_drop(skb); +- ++ br_drop_fake_rtable(skb); + return NF_ACCEPT; + } + +diff --git a/net/core/dev.c b/net/core/dev.c +index 61a7baa..1cbddc9 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -1607,10 +1607,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) + kfree_skb(skb); + return NET_RX_DROP; + } +- skb_set_dev(skb, dev); ++ skb->dev = dev; ++ skb_dst_drop(skb); + skb->tstamp.tv64 = 0; + skb->pkt_type = PACKET_HOST; + skb->protocol = eth_type_trans(skb, dev); ++ skb->mark = 0; ++ secpath_reset(skb); ++ nf_reset(skb); + return netif_rx(skb); + } + EXPORT_SYMBOL_GPL(dev_forward_skb); +@@ -1865,36 +1869,6 @@ void netif_device_attach(struct net_device *dev) + } + EXPORT_SYMBOL(netif_device_attach); + +-/** +- * skb_dev_set -- assign a new device to a buffer +- * @skb: buffer for the new device +- * @dev: network device +- * +- * If an skb is owned by a device already, we have to reset +- * all data private to the namespace a device belongs to +- * before assigning it a new device. +- */ +-#ifdef CONFIG_NET_NS +-void skb_set_dev(struct sk_buff *skb, struct net_device *dev) +-{ +- skb_dst_drop(skb); +- if (skb->dev && !net_eq(dev_net(skb->dev), dev_net(dev))) { +- secpath_reset(skb); +- nf_reset(skb); +- skb_init_secmark(skb); +- skb->mark = 0; +- skb->priority = 0; +- skb->nf_trace = 0; +- skb->ipvs_property = 0; +-#ifdef CONFIG_NET_SCHED +- skb->tc_index = 0; +-#endif +- } +- skb->dev = dev; +-} +-EXPORT_SYMBOL(skb_set_dev); +-#endif /* CONFIG_NET_NS */ +- + /* + * Invalidate hardware checksum when packet is to be mangled, and + * complete checksum manually on outgoing path. +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index a5b4134..530787b 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -457,28 +457,22 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) + struct esp_data *esp = x->data; + u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); + u32 align = max_t(u32, blksize, esp->padlen); +- u32 rem; +- +- mtu -= x->props.header_len + crypto_aead_authsize(esp->aead); +- rem = mtu & (align - 1); +- mtu &= ~(align - 1); ++ unsigned int net_adj; + + switch (x->props.mode) { +- case XFRM_MODE_TUNNEL: +- break; +- default: + case XFRM_MODE_TRANSPORT: +- /* The worst case */ +- mtu -= blksize - 4; +- mtu += min_t(u32, blksize - 4, rem); +- break; + case XFRM_MODE_BEET: +- /* The worst case. */ +- mtu += min_t(u32, IPV4_BEET_PHMAXLEN, rem); ++ net_adj = sizeof(struct iphdr); + break; ++ case XFRM_MODE_TUNNEL: ++ net_adj = 0; ++ break; ++ default: ++ BUG(); + } + +- return mtu - 2; ++ return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - ++ net_adj) & ~(align - 1)) + (net_adj - 2); + } + + static void esp4_err(struct sk_buff *skb, u32 info) +diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c +index 80106d8..d01f9c6 100644 +--- a/net/ipv4/fib_semantics.c ++++ b/net/ipv4/fib_semantics.c +@@ -146,6 +146,12 @@ static void free_fib_info_rcu(struct rcu_head *head) + { + struct fib_info *fi = container_of(head, struct fib_info, rcu); + ++ change_nexthops(fi) { ++ if (nexthop_nh->nh_dev) ++ dev_put(nexthop_nh->nh_dev); ++ } endfor_nexthops(fi); ++ ++ release_net(fi->fib_net); + if (fi->fib_metrics != (u32 *) dst_default_metrics) + kfree(fi->fib_metrics); + kfree(fi); +@@ -157,13 +163,7 @@ void free_fib_info(struct fib_info *fi) + pr_warning("Freeing alive fib_info %p\n", fi); + return; + } +- change_nexthops(fi) { +- if (nexthop_nh->nh_dev) +- dev_put(nexthop_nh->nh_dev); +- nexthop_nh->nh_dev = NULL; +- } endfor_nexthops(fi); + fib_info_cnt--; +- release_net(fi->fib_net); + call_rcu(&fi->rcu, free_fib_info_rcu); + } + +diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c +index 3ce23f9..cd2d639 100644 +--- a/net/ipv4/fib_trie.c ++++ b/net/ipv4/fib_trie.c +@@ -1372,6 +1372,8 @@ static int check_leaf(struct fib_table *tb, struct trie *t, struct leaf *l, + + if (fa->fa_tos && fa->fa_tos != flp->flowi4_tos) + continue; ++ if (fi->fib_dead) ++ continue; + if (fa->fa_info->fib_scope < flp->flowi4_scope) + continue; + fib_alias_accessed(fa); +diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c +index 1ac7938..65dd543 100644 +--- a/net/ipv6/esp6.c ++++ b/net/ipv6/esp6.c +@@ -411,19 +411,15 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) + struct esp_data *esp = x->data; + u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); + u32 align = max_t(u32, blksize, esp->padlen); +- u32 rem; ++ unsigned int net_adj; + +- mtu -= x->props.header_len + crypto_aead_authsize(esp->aead); +- rem = mtu & (align - 1); +- mtu &= ~(align - 1); +- +- if (x->props.mode != XFRM_MODE_TUNNEL) { +- u32 padsize = ((blksize - 1) & 7) + 1; +- mtu -= blksize - padsize; +- mtu += min_t(u32, blksize - padsize, rem); +- } ++ if (x->props.mode != XFRM_MODE_TUNNEL) ++ net_adj = sizeof(struct ipv6hdr); ++ else ++ net_adj = 0; + +- return mtu - 2; ++ return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - ++ net_adj) & ~(align - 1)) + (net_adj - 2); + } + + static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index f7f07e2..ae98e09 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1178,6 +1178,29 @@ static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src, + return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; + } + ++static void ip6_append_data_mtu(int *mtu, ++ int *maxfraglen, ++ unsigned int fragheaderlen, ++ struct sk_buff *skb, ++ struct rt6_info *rt) ++{ ++ if (!(rt->dst.flags & DST_XFRM_TUNNEL)) { ++ if (skb == NULL) { ++ /* first fragment, reserve header_len */ ++ *mtu = *mtu - rt->dst.header_len; ++ ++ } else { ++ /* ++ * this fragment is not first, the headers ++ * space is regarded as data space. ++ */ ++ *mtu = dst_mtu(rt->dst.path); ++ } ++ *maxfraglen = ((*mtu - fragheaderlen) & ~7) ++ + fragheaderlen - sizeof(struct frag_hdr); ++ } ++} ++ + int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + int offset, int len, int odd, struct sk_buff *skb), + void *from, int length, int transhdrlen, +@@ -1187,7 +1210,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + struct inet_sock *inet = inet_sk(sk); + struct ipv6_pinfo *np = inet6_sk(sk); + struct inet_cork *cork; +- struct sk_buff *skb; ++ struct sk_buff *skb, *skb_prev = NULL; + unsigned int maxfraglen, fragheaderlen; + int exthdrlen; + int dst_exthdrlen; +@@ -1245,8 +1268,12 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + inet->cork.fl.u.ip6 = *fl6; + np->cork.hop_limit = hlimit; + np->cork.tclass = tclass; +- mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? +- rt->dst.dev->mtu : dst_mtu(&rt->dst); ++ if (rt->dst.flags & DST_XFRM_TUNNEL) ++ mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? ++ rt->dst.dev->mtu : dst_mtu(&rt->dst); ++ else ++ mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? ++ rt->dst.dev->mtu : dst_mtu(rt->dst.path); + if (np->frag_size < mtu) { + if (np->frag_size) + mtu = np->frag_size; +@@ -1342,25 +1369,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + unsigned int fraglen; + unsigned int fraggap; + unsigned int alloclen; +- struct sk_buff *skb_prev; + alloc_new_skb: +- skb_prev = skb; +- + /* There's no room in the current skb */ +- if (skb_prev) +- fraggap = skb_prev->len - maxfraglen; ++ if (skb) ++ fraggap = skb->len - maxfraglen; + else + fraggap = 0; ++ /* update mtu and maxfraglen if necessary */ ++ if (skb == NULL || skb_prev == NULL) ++ ip6_append_data_mtu(&mtu, &maxfraglen, ++ fragheaderlen, skb, rt); ++ ++ skb_prev = skb; + + /* + * If remaining data exceeds the mtu, + * we know we need more fragment(s). + */ + datalen = length + fraggap; +- if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) +- datalen = maxfraglen - fragheaderlen; + +- fraglen = datalen + fragheaderlen; ++ if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) ++ datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len; + if ((flags & MSG_MORE) && + !(rt->dst.dev->features&NETIF_F_SG)) + alloclen = mtu; +@@ -1369,13 +1398,16 @@ alloc_new_skb: + + alloclen += dst_exthdrlen; + +- /* +- * The last fragment gets additional space at tail. +- * Note: we overallocate on fragments with MSG_MODE +- * because we have no idea if we're the last one. +- */ +- if (datalen == length + fraggap) +- alloclen += rt->dst.trailer_len; ++ if (datalen != length + fraggap) { ++ /* ++ * this is not the last fragment, the trailer ++ * space is regarded as data space. ++ */ ++ datalen += rt->dst.trailer_len; ++ } ++ ++ alloclen += rt->dst.trailer_len; ++ fraglen = datalen + fragheaderlen; + + /* + * We just reserve space for fragment header. +diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c +index 2a2a3e7..2fbbe1f 100644 +--- a/net/l2tp/l2tp_ip.c ++++ b/net/l2tp/l2tp_ip.c +@@ -251,9 +251,16 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) + { + struct inet_sock *inet = inet_sk(sk); + struct sockaddr_l2tpip *addr = (struct sockaddr_l2tpip *) uaddr; +- int ret = -EINVAL; ++ int ret; + int chk_addr_ret; + ++ if (!sock_flag(sk, SOCK_ZAPPED)) ++ return -EINVAL; ++ if (addr_len < sizeof(struct sockaddr_l2tpip)) ++ return -EINVAL; ++ if (addr->l2tp_family != AF_INET) ++ return -EINVAL; ++ + ret = -EADDRINUSE; + read_lock_bh(&l2tp_ip_lock); + if (__l2tp_ip_bind_lookup(&init_net, addr->l2tp_addr.s_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id)) +@@ -283,6 +290,8 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) + sk_del_node_init(sk); + write_unlock_bh(&l2tp_ip_lock); + ret = 0; ++ sock_reset_flag(sk, SOCK_ZAPPED); ++ + out: + release_sock(sk); + +@@ -303,13 +312,14 @@ static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len + __be32 saddr; + int oif, rc; + +- rc = -EINVAL; ++ if (sock_flag(sk, SOCK_ZAPPED)) /* Must bind first - autobinding does not work */ ++ return -EINVAL; ++ + if (addr_len < sizeof(*lsa)) +- goto out; ++ return -EINVAL; + +- rc = -EAFNOSUPPORT; + if (lsa->l2tp_family != AF_INET) +- goto out; ++ return -EAFNOSUPPORT; + + lock_sock(sk); + +@@ -363,6 +373,14 @@ out: + return rc; + } + ++static int l2tp_ip_disconnect(struct sock *sk, int flags) ++{ ++ if (sock_flag(sk, SOCK_ZAPPED)) ++ return 0; ++ ++ return udp_disconnect(sk, flags); ++} ++ + static int l2tp_ip_getname(struct socket *sock, struct sockaddr *uaddr, + int *uaddr_len, int peer) + { +@@ -598,7 +616,7 @@ static struct proto l2tp_ip_prot = { + .close = l2tp_ip_close, + .bind = l2tp_ip_bind, + .connect = l2tp_ip_connect, +- .disconnect = udp_disconnect, ++ .disconnect = l2tp_ip_disconnect, + .ioctl = udp_ioctl, + .destroy = l2tp_ip_destroy_sock, + .setsockopt = ip_setsockopt, +diff --git a/net/mac80211/util.c b/net/mac80211/util.c +index d5230ec..7095ae5 100644 +--- a/net/mac80211/util.c ++++ b/net/mac80211/util.c +@@ -1111,6 +1111,12 @@ int ieee80211_reconfig(struct ieee80211_local *local) + } + } + ++ /* add back keys */ ++ list_for_each_entry(sdata, &local->interfaces, list) ++ if (ieee80211_sdata_running(sdata)) ++ ieee80211_enable_keys(sdata); ++ ++ wake_up: + /* + * Clear the WLAN_STA_BLOCK_BA flag so new aggregation + * sessions can be established after a resume. +@@ -1132,12 +1138,6 @@ int ieee80211_reconfig(struct ieee80211_local *local) + mutex_unlock(&local->sta_mtx); + } + +- /* add back keys */ +- list_for_each_entry(sdata, &local->interfaces, list) +- if (ieee80211_sdata_running(sdata)) +- ieee80211_enable_keys(sdata); +- +- wake_up: + ieee80211_wake_queues_by_reason(hw, + IEEE80211_QUEUE_STOP_REASON_SUSPEND); + +diff --git a/net/sctp/output.c b/net/sctp/output.c +index 817174e..8fc4dcd 100644 +--- a/net/sctp/output.c ++++ b/net/sctp/output.c +@@ -377,9 +377,7 @@ int sctp_packet_transmit(struct sctp_packet *packet) + */ + skb_set_owner_w(nskb, sk); + +- /* The 'obsolete' field of dst is set to 2 when a dst is freed. */ +- if (!dst || (dst->obsolete > 1)) { +- dst_release(dst); ++ if (!sctp_transport_dst_check(tp)) { + sctp_transport_route(tp, NULL, sctp_sk(sk)); + if (asoc && (asoc->param_flags & SPP_PMTUD_ENABLE)) { + sctp_assoc_sync_pmtu(asoc); +diff --git a/net/sctp/transport.c b/net/sctp/transport.c +index 394c57c..8da4481 100644 +--- a/net/sctp/transport.c ++++ b/net/sctp/transport.c +@@ -226,23 +226,6 @@ void sctp_transport_pmtu(struct sctp_transport *transport, struct sock *sk) + transport->pathmtu = SCTP_DEFAULT_MAXSEGMENT; + } + +-/* this is a complete rip-off from __sk_dst_check +- * the cookie is always 0 since this is how it's used in the +- * pmtu code +- */ +-static struct dst_entry *sctp_transport_dst_check(struct sctp_transport *t) +-{ +- struct dst_entry *dst = t->dst; +- +- if (dst && dst->obsolete && dst->ops->check(dst, 0) == NULL) { +- dst_release(t->dst); +- t->dst = NULL; +- return NULL; +- } +- +- return dst; +-} +- + void sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu) + { + struct dst_entry *dst; +diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c +index f0268ea..b2250da 100644 +--- a/net/sunrpc/clnt.c ++++ b/net/sunrpc/clnt.c +@@ -959,6 +959,8 @@ call_reserveresult(struct rpc_task *task) + } + + switch (status) { ++ case -ENOMEM: ++ rpc_delay(task, HZ >> 2); + case -EAGAIN: /* woken up; retry */ + task->tk_action = call_reserve; + return; +diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c +index c64c0ef..3ac9789 100644 +--- a/net/sunrpc/xprt.c ++++ b/net/sunrpc/xprt.c +@@ -977,15 +977,16 @@ static void xprt_alloc_slot(struct rpc_task *task) + goto out_init_req; + switch (PTR_ERR(req)) { + case -ENOMEM: +- rpc_delay(task, HZ >> 2); + dprintk("RPC: dynamic allocation of request slot " + "failed! Retrying\n"); ++ task->tk_status = -ENOMEM; + break; + case -EAGAIN: + rpc_sleep_on(&xprt->backlog, task, NULL); + dprintk("RPC: waiting for request slot\n"); ++ default: ++ task->tk_status = -EAGAIN; + } +- task->tk_status = -EAGAIN; + return; + out_init_req: + task->tk_status = 0; +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 9049a5c..0174034 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1919,6 +1919,9 @@ no_transform: + } + ok: + xfrm_pols_put(pols, drop_pols); ++ if (dst && dst->xfrm && ++ dst->xfrm->props.mode == XFRM_MODE_TUNNEL) ++ dst->flags |= DST_XFRM_TUNNEL; + return dst; + + nopol: +diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c +index 0220b0f..839165f 100644 +--- a/sound/usb/pcm.c ++++ b/sound/usb/pcm.c +@@ -698,6 +698,9 @@ static int snd_usb_pcm_check_knot(struct snd_pcm_runtime *runtime, + int count = 0, needs_knot = 0; + int err; + ++ kfree(subs->rate_list.list); ++ subs->rate_list.list = NULL; ++ + list_for_each_entry(fp, &subs->fmt_list, list) { + if (fp->rates & SNDRV_PCM_RATE_CONTINUOUS) + return 0; diff --git a/3.2.19/4420_grsecurity-2.9.1-3.2.19-201206091539.patch b/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206111836.patch index 4b5f163..6f0a6d2 100644 --- a/3.2.19/4420_grsecurity-2.9.1-3.2.19-201206091539.patch +++ b/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206111836.patch @@ -195,7 +195,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index c291184..347a3de 100644 +index c7e9cc4..8448a0f 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -26710,27 +26710,24 @@ index f10c0af..3ec1f95 100644 syscall_init(); /* This sets MSR_*STAR and related */ #endif diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c -index e529730..dccc321 100644 +index e529730..33ded53 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c -@@ -13,8 +13,16 @@ - - static void die(char *fmt, ...); +@@ -11,10 +11,13 @@ + #include <endian.h> + #include <regex.h> +#include "../../../include/generated/autoconf.h" -+#ifdef CONFIG_X86_32 -+#define __PAGE_OFFSET CONFIG_PAGE_OFFSET -+#else -+#define __PAGE_OFFSET 0 -+#endif + + static void die(char *fmt, ...); + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) static Elf32_Ehdr ehdr; +static Elf32_Phdr *phdr; static unsigned long reloc_count, reloc_idx; static unsigned long *relocs; static unsigned long reloc16_count, reloc16_idx; -@@ -322,9 +330,39 @@ static void read_ehdr(FILE *fp) +@@ -322,9 +325,39 @@ static void read_ehdr(FILE *fp) } } @@ -26771,7 +26768,7 @@ index e529730..dccc321 100644 Elf32_Shdr shdr; secs = calloc(ehdr.e_shnum, sizeof(struct section)); -@@ -359,7 +397,7 @@ static void read_shdrs(FILE *fp) +@@ -359,7 +392,7 @@ static void read_shdrs(FILE *fp) static void read_strtabs(FILE *fp) { @@ -26780,7 +26777,7 @@ index e529730..dccc321 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_STRTAB) { -@@ -384,7 +422,7 @@ static void read_strtabs(FILE *fp) +@@ -384,7 +417,7 @@ static void read_strtabs(FILE *fp) static void read_symtabs(FILE *fp) { @@ -26789,7 +26786,7 @@ index e529730..dccc321 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_SYMTAB) { -@@ -417,7 +455,9 @@ static void read_symtabs(FILE *fp) +@@ -417,7 +450,9 @@ static void read_symtabs(FILE *fp) static void read_relocs(FILE *fp) { @@ -26800,19 +26797,23 @@ index e529730..dccc321 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_REL) { -@@ -437,9 +477,18 @@ static void read_relocs(FILE *fp) +@@ -437,9 +472,22 @@ static void read_relocs(FILE *fp) die("Cannot read symbol table: %s\n", strerror(errno)); } + base = 0; ++ ++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) + for (j = 0; j < ehdr.e_phnum; j++) { + if (phdr[j].p_type != PT_LOAD ) + continue; + if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz) + continue; -+ base = __PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr; ++ base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr; + break; + } ++#endif ++ for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) { Elf32_Rel *rel = &sec->reltab[j]; - rel->r_offset = elf32_to_cpu(rel->r_offset); @@ -26820,7 +26821,7 @@ index e529730..dccc321 100644 rel->r_info = elf32_to_cpu(rel->r_info); } } -@@ -448,13 +497,13 @@ static void read_relocs(FILE *fp) +@@ -448,13 +496,13 @@ static void read_relocs(FILE *fp) static void print_absolute_symbols(void) { @@ -26836,7 +26837,7 @@ index e529730..dccc321 100644 if (sec->shdr.sh_type != SHT_SYMTAB) { continue; -@@ -481,14 +530,14 @@ static void print_absolute_symbols(void) +@@ -481,7 +529,7 @@ static void print_absolute_symbols(void) static void print_absolute_relocs(void) { @@ -26845,15 +26846,7 @@ index e529730..dccc321 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; - struct section *sec_applies, *sec_symtab; - char *sym_strtab; - Elf32_Sym *sh_symtab; -- int j; -+ unsigned int j; - if (sec->shdr.sh_type != SHT_REL) { - continue; - } -@@ -550,13 +599,13 @@ static void print_absolute_relocs(void) +@@ -550,7 +598,7 @@ static void print_absolute_relocs(void) static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), int use_real_mode) { @@ -26862,16 +26855,9 @@ index e529730..dccc321 100644 /* Walk through the relocations */ for (i = 0; i < ehdr.e_shnum; i++) { char *sym_strtab; - Elf32_Sym *sh_symtab; - struct section *sec_applies, *sec_symtab; -- int j; -+ unsigned int j; - struct section *sec = &secs[i]; - - if (sec->shdr.sh_type != SHT_REL) { -@@ -582,6 +631,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), - - shn_abs = sym->st_shndx == SHN_ABS; +@@ -580,6 +628,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), + sym = &sh_symtab[ELF32_R_SYM(rel->r_info)]; + r_type = ELF32_R_TYPE(rel->r_info); + /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ + if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) @@ -26889,10 +26875,10 @@ index e529730..dccc321 100644 + continue; +#endif + + shn_abs = sym->st_shndx == SHN_ABS; + switch (r_type) { - case R_386_NONE: - case R_386_PC32: -@@ -676,7 +741,7 @@ static int write32(unsigned int v, FILE *f) +@@ -676,7 +740,7 @@ static int write32(unsigned int v, FILE *f) static void emit_relocs(int as_text, int use_real_mode) { @@ -26901,7 +26887,7 @@ index e529730..dccc321 100644 /* Count how many relocations I have and allocate space for them. */ reloc_count = 0; walk_relocs(count_reloc, use_real_mode); -@@ -803,6 +868,7 @@ int main(int argc, char **argv) +@@ -803,6 +867,7 @@ int main(int argc, char **argv) fname, strerror(errno)); } read_ehdr(fp); @@ -27082,7 +27068,7 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index e7c920b..4413fbf 100644 +index cca659e..4413fbf 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -27094,18 +27080,7 @@ index e7c920b..4413fbf 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -982,7 +980,10 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = { - .wbinvd = native_wbinvd, - - .read_msr = native_read_msr_safe, -+ .rdmsr_regs = native_rdmsr_safe_regs, - .write_msr = xen_write_msr_safe, -+ .wrmsr_regs = native_wrmsr_safe_regs, -+ - .read_tsc = native_read_tsc, - .read_pmc = native_read_pmc, - -@@ -1030,7 +1031,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1033,7 +1031,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -27114,7 +27089,7 @@ index e7c920b..4413fbf 100644 { struct sched_shutdown r = { .reason = reason }; -@@ -1038,17 +1039,17 @@ static void xen_reboot(int reason) +@@ -1041,17 +1039,17 @@ static void xen_reboot(int reason) BUG(); } @@ -27135,7 +27110,7 @@ index e7c920b..4413fbf 100644 { xen_reboot(SHUTDOWN_poweroff); } -@@ -1154,7 +1155,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1157,7 +1155,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -27154,7 +27129,7 @@ index e7c920b..4413fbf 100644 xen_setup_features(); -@@ -1185,13 +1196,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1188,13 +1196,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -28610,7 +28585,7 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 5d1d076..12fbca4 100644 +index d452592..09c1797 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) @@ -28622,7 +28597,7 @@ index 5d1d076..12fbca4 100644 break; case PKT_STATUS: -@@ -1008,7 +1008,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1009,7 +1009,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { @@ -30837,7 +30812,7 @@ index d3820c2..23c575f 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 3ff980d..6efde22 100644 +index 4720397..0741114 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, @@ -35477,10 +35452,10 @@ index 4a518a3..936b334 100644 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 697cae3..580b636 100644 +index cc2565c..7325c3c 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -698,17 +698,17 @@ struct rtl8169_private { +@@ -702,17 +702,17 @@ struct rtl8169_private { struct mdio_ops { void (*write)(void __iomem *, int, int); int (*read)(void __iomem *, int); @@ -37481,10 +37456,10 @@ index 2aeb2e9..46e3925 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index f85cfa6..a57c9e8 100644 +index f0ab58e..6146a3e 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1416,7 +1416,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1419,7 +1419,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -37493,7 +37468,7 @@ index f85cfa6..a57c9e8 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1442,9 +1442,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1445,9 +1445,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -42254,7 +42229,7 @@ index 79e2ca7..5828ad1 100644 A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used diff --git a/fs/aio.c b/fs/aio.c -index 3b65ee7..aa6ec34 100644 +index 3b65ee7..0e57d2e 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -119,7 +119,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -42288,7 +42263,7 @@ index 3b65ee7..aa6ec34 100644 &kiocb->ki_iovec, 1); if (ret < 0) goto out; -@@ -1481,6 +1482,11 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) +@@ -1481,6 +1482,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) if (ret < 0) goto out; @@ -42296,12 +42271,11 @@ index 3b65ee7..aa6ec34 100644 + kiocb->ki_inline_vec = iovstack; + kiocb->ki_iovec = &kiocb->ki_inline_vec; + } -+ kiocb->ki_nr_segs = kiocb->ki_nbytes; kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ diff --git a/fs/attr.c b/fs/attr.c -index 7ee7ba4..0c61a60 100644 +index b8f55c4..4c2b80c 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) @@ -43839,10 +43813,10 @@ index b1451af..9a30647 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index c467ac8..6449e07 100644 +index 2f3ff59..719f1cd 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -388,28 +388,28 @@ struct cifs_tcon { +@@ -389,28 +389,28 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -43893,7 +43867,7 @@ index c467ac8..6449e07 100644 #ifdef CONFIG_CIFS_STATS2 unsigned long long time_writes; unsigned long long time_reads; -@@ -624,7 +624,7 @@ convert_delimiter(char *path, char delim) +@@ -625,7 +625,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -43902,7 +43876,7 @@ index c467ac8..6449e07 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -981,8 +981,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -982,8 +982,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -44318,10 +44292,10 @@ index 608c1c3..7d040a8 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 160cd2f..e74d2a6 100644 +index 160cd2f..cdc44f1 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,12 +55,28 @@ +@@ -55,12 +55,30 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> @@ -44332,6 +44306,8 @@ index 160cd2f..e74d2a6 100644 +#include <linux/kallsyms.h> +#include <linux/kdebug.h> +#endif ++ ++#include <trace/events/fs.h> #include <asm/uaccess.h> #include <asm/mmu_context.h> @@ -44350,7 +44326,7 @@ index 160cd2f..e74d2a6 100644 int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] = "core"; unsigned int core_pipe_limit; -@@ -70,7 +86,7 @@ struct core_name { +@@ -70,7 +88,7 @@ struct core_name { char *corename; int used, size; }; @@ -44359,7 +44335,7 @@ index 160cd2f..e74d2a6 100644 /* The maximal length of core_pattern is also specified in sysctl.c */ -@@ -188,18 +204,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -188,18 +206,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -44381,7 +44357,7 @@ index 160cd2f..e74d2a6 100644 return NULL; if (write) { -@@ -215,6 +223,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -215,6 +225,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -44399,7 +44375,7 @@ index 160cd2f..e74d2a6 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -274,6 +293,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -274,6 +295,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -44411,7 +44387,7 @@ index 160cd2f..e74d2a6 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -288,6 +312,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -288,6 +314,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -44424,7 +44400,7 @@ index 160cd2f..e74d2a6 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -396,19 +426,7 @@ err: +@@ -396,19 +428,7 @@ err: return err; } @@ -44445,7 +44421,7 @@ index 160cd2f..e74d2a6 100644 { const char __user *native; -@@ -417,14 +435,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -417,14 +437,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -44462,7 +44438,7 @@ index 160cd2f..e74d2a6 100644 return native; } -@@ -443,7 +461,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -443,7 +463,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -44471,7 +44447,7 @@ index 160cd2f..e74d2a6 100644 return -EFAULT; if (i++ >= max) -@@ -477,7 +495,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -477,7 +497,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -44480,7 +44456,7 @@ index 160cd2f..e74d2a6 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -559,7 +577,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -559,7 +579,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -44489,7 +44465,7 @@ index 160cd2f..e74d2a6 100644 }; set_fs(KERNEL_DS); -@@ -594,7 +612,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -594,7 +614,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -44499,7 +44475,7 @@ index 160cd2f..e74d2a6 100644 /* * ensure there are no vmas between where we want to go -@@ -603,6 +622,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -603,6 +624,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -44510,7 +44486,7 @@ index 160cd2f..e74d2a6 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -683,10 +706,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -683,10 +708,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -44521,7 +44497,7 @@ index 160cd2f..e74d2a6 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -698,8 +717,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -698,8 +719,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -44550,7 +44526,7 @@ index 160cd2f..e74d2a6 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -718,13 +757,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -718,13 +759,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -44564,7 +44540,16 @@ index 160cd2f..e74d2a6 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -805,7 +837,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -782,6 +816,8 @@ struct file *open_exec(const char *name) + + fsnotify_open(file); + ++ trace_open_exec(name); ++ + err = deny_write_access(file); + if (err) + goto exit; +@@ -805,7 +841,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -44573,7 +44558,7 @@ index 160cd2f..e74d2a6 100644 set_fs(old_fs); return result; } -@@ -1070,6 +1102,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) +@@ -1070,6 +1106,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) perf_event_comm(tsk); } @@ -44595,7 +44580,7 @@ index 160cd2f..e74d2a6 100644 int flush_old_exec(struct linux_binprm * bprm) { int retval; -@@ -1084,6 +1131,7 @@ int flush_old_exec(struct linux_binprm * bprm) +@@ -1084,6 +1135,7 @@ int flush_old_exec(struct linux_binprm * bprm) set_mm_exe_file(bprm->mm, bprm->file); @@ -44603,7 +44588,7 @@ index 160cd2f..e74d2a6 100644 /* * Release all of the old mmap stuff */ -@@ -1115,10 +1163,6 @@ EXPORT_SYMBOL(would_dump); +@@ -1115,10 +1167,6 @@ EXPORT_SYMBOL(would_dump); void setup_new_exec(struct linux_binprm * bprm) { @@ -44614,7 +44599,7 @@ index 160cd2f..e74d2a6 100644 arch_pick_mmap_layout(current->mm); /* This is the point of no return */ -@@ -1129,18 +1173,7 @@ void setup_new_exec(struct linux_binprm * bprm) +@@ -1129,18 +1177,7 @@ void setup_new_exec(struct linux_binprm * bprm) else set_dumpable(current->mm, suid_dumpable); @@ -44634,7 +44619,7 @@ index 160cd2f..e74d2a6 100644 /* Set the new mm task size. We have to do that late because it may * depend on TIF_32BIT which is only updated in flush_thread() on -@@ -1250,7 +1283,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1250,7 +1287,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -44643,7 +44628,7 @@ index 160cd2f..e74d2a6 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1445,6 +1478,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1445,6 +1482,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -44672,7 +44657,7 @@ index 160cd2f..e74d2a6 100644 /* * sys_execve() executes a new program. */ -@@ -1453,6 +1508,11 @@ static int do_execve_common(const char *filename, +@@ -1453,6 +1512,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -44684,7 +44669,7 @@ index 160cd2f..e74d2a6 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1460,6 +1520,8 @@ static int do_execve_common(const char *filename, +@@ -1460,6 +1524,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -44693,7 +44678,7 @@ index 160cd2f..e74d2a6 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1500,12 +1562,27 @@ static int do_execve_common(const char *filename, +@@ -1500,12 +1566,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -44721,7 +44706,7 @@ index 160cd2f..e74d2a6 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1522,24 +1599,65 @@ static int do_execve_common(const char *filename, +@@ -1522,24 +1603,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -44791,7 +44776,7 @@ index 160cd2f..e74d2a6 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1548,6 +1666,14 @@ static int do_execve_common(const char *filename, +@@ -1548,6 +1670,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -44806,7 +44791,7 @@ index 160cd2f..e74d2a6 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1621,7 +1747,7 @@ static int expand_corename(struct core_name *cn) +@@ -1621,7 +1751,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -44815,7 +44800,7 @@ index 160cd2f..e74d2a6 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1718,7 +1844,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1718,7 +1848,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -44824,7 +44809,7 @@ index 160cd2f..e74d2a6 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1815,6 +1941,228 @@ out: +@@ -1815,6 +1945,228 @@ out: return ispipe; } @@ -45053,7 +45038,7 @@ index 160cd2f..e74d2a6 100644 static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2026,17 +2374,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2026,17 +2378,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -45076,7 +45061,7 @@ index 160cd2f..e74d2a6 100644 pipe_unlock(pipe); } -@@ -2097,7 +2445,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2097,7 +2449,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -45085,7 +45070,7 @@ index 160cd2f..e74d2a6 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2112,6 +2460,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2112,6 +2464,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -45095,7 +45080,7 @@ index 160cd2f..e74d2a6 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2179,7 +2530,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2179,7 +2534,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -45104,7 +45089,7 @@ index 160cd2f..e74d2a6 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2206,6 +2557,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2206,6 +2561,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -45113,7 +45098,7 @@ index 160cd2f..e74d2a6 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -2249,7 +2602,7 @@ close_fail: +@@ -2249,7 +2606,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -45122,7 +45107,7 @@ index 160cd2f..e74d2a6 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2268,7 +2621,7 @@ fail: +@@ -2268,7 +2625,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -45162,7 +45147,7 @@ index a203892..4e64db5 100644 } return 1; diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index 12ccacd..a6035fce0 100644 +index 914bf9e..531c3dd 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -436,8 +436,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, @@ -45211,7 +45196,7 @@ index 7b1cd5c..6f5b317 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index e2d8be8..c7f0ce9 100644 +index 1d07c12..9965aec 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1794,7 +1794,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -45232,7 +45217,7 @@ index e2d8be8..c7f0ce9 100644 goto repeat; } } -@@ -2592,25 +2592,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2595,25 +2595,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -45268,7 +45253,7 @@ index e2d8be8..c7f0ce9 100644 } free_percpu(sbi->s_locality_groups); -@@ -3096,16 +3096,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3097,16 +3097,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -45291,7 +45276,7 @@ index e2d8be8..c7f0ce9 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3509,7 +3509,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3510,7 +3510,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -45300,7 +45285,7 @@ index e2d8be8..c7f0ce9 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3569,7 +3569,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3570,7 +3570,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -45309,7 +45294,7 @@ index e2d8be8..c7f0ce9 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3658,7 +3658,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3659,7 +3659,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -45318,7 +45303,7 @@ index e2d8be8..c7f0ce9 100644 return err; } -@@ -3676,7 +3676,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3677,7 +3677,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -47592,10 +47577,10 @@ index 9680cef..a19f203 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index cfc6d44..b4632a5 100644 +index ca4913a..8d4cf9e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags) +@@ -1327,6 +1327,9 @@ static int do_umount(struct vfsmount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -47605,7 +47590,7 @@ index cfc6d44..b4632a5 100644 return retval; } -@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int flags) +@@ -1346,6 +1349,9 @@ static int do_umount(struct vfsmount *mnt, int flags) br_write_unlock(vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -47615,7 +47600,7 @@ index cfc6d44..b4632a5 100644 return retval; } -@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2337,6 +2343,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -47632,7 +47617,7 @@ index cfc6d44..b4632a5 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2351,6 +2367,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, dev_name, data_page); dput_out: path_put(&path); @@ -47642,7 +47627,7 @@ index cfc6d44..b4632a5 100644 return retval; } -@@ -2605,6 +2624,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2606,6 +2625,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -47954,10 +47939,19 @@ index 5d22872..523db20 100644 kfree(link); } diff --git a/fs/open.c b/fs/open.c -index 22c41b5..78894cf 100644 +index 22c41b5..070cb15 100644 --- a/fs/open.c +++ b/fs/open.c -@@ -112,6 +112,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) +@@ -31,6 +31,8 @@ + #include <linux/ima.h> + #include <linux/dnotify.h> + ++#define CREATE_TRACE_POINTS ++#include <trace/events/fs.h> + #include "internal.h" + + int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, +@@ -112,6 +114,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) error = locks_verify_truncate(inode, NULL, length); if (!error) error = security_path_truncate(&path); @@ -47968,7 +47962,7 @@ index 22c41b5..78894cf 100644 if (!error) error = do_truncate(path.dentry, length, 0, NULL); -@@ -358,6 +362,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) +@@ -358,6 +364,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -47978,7 +47972,7 @@ index 22c41b5..78894cf 100644 out_path_release: path_put(&path); out: -@@ -384,6 +391,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) +@@ -384,6 +393,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) if (error) goto dput_and_out; @@ -47987,7 +47981,7 @@ index 22c41b5..78894cf 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -410,6 +419,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -410,6 +421,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); @@ -48001,7 +47995,7 @@ index 22c41b5..78894cf 100644 if (!error) set_fs_pwd(current->fs, &file->f_path); out_putf: -@@ -438,7 +454,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) +@@ -438,7 +456,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) if (error) goto dput_and_out; @@ -48015,7 +48009,7 @@ index 22c41b5..78894cf 100644 error = 0; dput_and_out: path_put(&path); -@@ -456,6 +478,16 @@ static int chmod_common(struct path *path, umode_t mode) +@@ -456,6 +480,16 @@ static int chmod_common(struct path *path, umode_t mode) if (error) return error; mutex_lock(&inode->i_mutex); @@ -48032,7 +48026,7 @@ index 22c41b5..78894cf 100644 error = security_path_chmod(path->dentry, path->mnt, mode); if (error) goto out_unlock; -@@ -506,6 +538,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) +@@ -506,6 +540,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) int error; struct iattr newattrs; @@ -48042,6 +48036,14 @@ index 22c41b5..78894cf 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { newattrs.ia_valid |= ATTR_UID; +@@ -987,6 +1024,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, int mode) + } else { + fsnotify_open(f); + fd_install(fd, f); ++ trace_do_sys_open(tmp, flags, mode); + } + } + putname(tmp); diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c index 6296b40..417c00f 100644 --- a/fs/partitions/efi.c @@ -63196,7 +63198,7 @@ index ffc0213..2c1f2cb 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index cbeb586..eba9b27 100644 +index cb52340..0761265 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -949,6 +949,7 @@ struct net_device_ops { @@ -63919,7 +63921,7 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index e689b47..3404939 100644 +index bdb4590..961638c 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -643,7 +643,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) @@ -64930,7 +64932,7 @@ index d786b4f..4c3dd41 100644 #ifdef CONFIG_IP_MROUTE #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h -index 6a72a58..e6a127d 100644 +index ad03988..0c5a964 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -318,9 +318,9 @@ do { \ @@ -65194,6 +65196,65 @@ index 94bbec3..3a8c6b0 100644 atomic_t execute_tasks; atomic_t dev_ordered_sync; atomic_t dev_qf_count; +diff --git a/include/trace/events/fs.h b/include/trace/events/fs.h +new file mode 100644 +index 0000000..2efe49d +--- /dev/null ++++ b/include/trace/events/fs.h +@@ -0,0 +1,53 @@ ++#undef TRACE_SYSTEM ++#define TRACE_SYSTEM fs ++ ++#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ) ++#define _TRACE_FS_H ++ ++#include <linux/fs.h> ++#include <linux/tracepoint.h> ++ ++TRACE_EVENT(do_sys_open, ++ ++ TP_PROTO(char *filename, int flags, int mode), ++ ++ TP_ARGS(filename, flags, mode), ++ ++ TP_STRUCT__entry( ++ __string( filename, filename ) ++ __field( int, flags ) ++ __field( int, mode ) ++ ), ++ ++ TP_fast_assign( ++ __assign_str(filename, filename); ++ __entry->flags = flags; ++ __entry->mode = mode; ++ ), ++ ++ TP_printk("\"%s\" %x %o", ++ __get_str(filename), __entry->flags, __entry->mode) ++); ++ ++TRACE_EVENT(open_exec, ++ ++ TP_PROTO(const char *filename), ++ ++ TP_ARGS(filename), ++ ++ TP_STRUCT__entry( ++ __string( filename, filename ) ++ ), ++ ++ TP_fast_assign( ++ __assign_str(filename, filename); ++ ), ++ ++ TP_printk("\"%s\"", ++ __get_str(filename)) ++); ++ ++#endif /* _TRACE_FS_H */ ++ ++/* This part must be outside protection */ ++#include <trace/define_trace.h> diff --git a/include/trace/events/irq.h b/include/trace/events/irq.h index 1c09820..7f5ec79 100644 --- a/include/trace/events/irq.h @@ -66607,7 +66668,7 @@ index 5a8a66e..ded4680 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 26f1ab0..30d564b 100644 +index 79ee71f..94d79d4 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -282,7 +282,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -66619,7 +66680,7 @@ index 26f1ab0..30d564b 100644 #endif /* -@@ -306,13 +306,77 @@ out: +@@ -306,13 +306,78 @@ out: } #ifdef CONFIG_MMU @@ -66632,7 +66693,8 @@ index 26f1ab0..30d564b 100644 + + charge = 0; + if (mpnt->vm_flags & VM_ACCOUNT) { -+ unsigned long len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; ++ unsigned long len; ++ len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + if (security_vm_enough_memory(len)) + goto fail_nomem; + charge = len; @@ -66699,7 +66761,7 @@ index 26f1ab0..30d564b 100644 down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); -@@ -324,8 +388,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -324,8 +389,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -66710,7 +66772,7 @@ index 26f1ab0..30d564b 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -341,8 +405,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -341,8 +406,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -66719,13 +66781,14 @@ index 26f1ab0..30d564b 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -350,53 +412,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -350,54 +413,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } - charge = 0; - if (mpnt->vm_flags & VM_ACCOUNT) { -- unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; +- unsigned long len; +- len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - if (security_vm_enough_memory(len)) - goto fail_nomem; - charge = len; @@ -66777,7 +66840,7 @@ index 26f1ab0..30d564b 100644 /* * Link in the new vma and copy the page table entries. -@@ -419,6 +439,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -420,6 +440,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -66809,7 +66872,7 @@ index 26f1ab0..30d564b 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -427,14 +472,6 @@ out: +@@ -428,14 +473,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -66824,7 +66887,7 @@ index 26f1ab0..30d564b 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -646,6 +683,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) +@@ -647,6 +684,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) } EXPORT_SYMBOL_GPL(get_task_mm); @@ -66851,7 +66914,7 @@ index 26f1ab0..30d564b 100644 /* Please note the differences between mmput and mm_release. * mmput is called whenever we stop holding onto a mm_struct, * error success whatever. -@@ -831,13 +888,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -832,13 +889,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -66867,7 +66930,7 @@ index 26f1ab0..30d564b 100644 return 0; } -@@ -1101,6 +1159,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1102,6 +1160,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -66877,7 +66940,7 @@ index 26f1ab0..30d564b 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1260,6 +1321,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1261,6 +1322,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; @@ -66886,7 +66949,7 @@ index 26f1ab0..30d564b 100644 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; /* * Clear TID on mm_release()? -@@ -1424,6 +1487,8 @@ bad_fork_cleanup_count: +@@ -1425,6 +1488,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -66895,7 +66958,7 @@ index 26f1ab0..30d564b 100644 return ERR_PTR(retval); } -@@ -1524,6 +1589,8 @@ long do_fork(unsigned long clone_flags, +@@ -1525,6 +1590,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -66904,7 +66967,7 @@ index 26f1ab0..30d564b 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1633,7 +1700,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1634,7 +1701,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -66913,7 +66976,7 @@ index 26f1ab0..30d564b 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1722,7 +1789,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1723,7 +1790,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -70926,35 +70989,10 @@ index 8f005e9..1cb1036 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 7120c2e..c8312c8 100644 +index 5f5c545..c8312c8 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2068,6 +2068,15 @@ static void hugetlb_vm_op_open(struct vm_area_struct *vma) - kref_get(&reservations->refs); - } - -+static void resv_map_put(struct vm_area_struct *vma) -+{ -+ struct resv_map *reservations = vma_resv_map(vma); -+ -+ if (!reservations) -+ return; -+ kref_put(&reservations->refs, resv_map_release); -+} -+ - static void hugetlb_vm_op_close(struct vm_area_struct *vma) - { - struct hstate *h = hstate_vma(vma); -@@ -2083,7 +2092,7 @@ static void hugetlb_vm_op_close(struct vm_area_struct *vma) - reserve = (end - start) - - region_count(&reservations->regions, start, end); - -- kref_put(&reservations->refs, resv_map_release); -+ resv_map_put(vma); - - if (reserve) { - hugetlb_acct_memory(h, -reserve); -@@ -2347,6 +2356,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2356,6 +2356,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -70982,7 +71020,7 @@ index 7120c2e..c8312c8 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. */ -@@ -2449,6 +2479,11 @@ retry_avoidcopy: +@@ -2458,6 +2479,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -70994,7 +71032,7 @@ index 7120c2e..c8312c8 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2600,6 +2635,10 @@ retry: +@@ -2609,6 +2635,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -71005,7 +71043,7 @@ index 7120c2e..c8312c8 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2629,6 +2668,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2638,6 +2668,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -71016,7 +71054,7 @@ index 7120c2e..c8312c8 100644 ptep = huge_pte_offset(mm, address); if (ptep) { entry = huge_ptep_get(ptep); -@@ -2640,6 +2683,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2649,6 +2683,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -71043,47 +71081,6 @@ index 7120c2e..c8312c8 100644 ptep = huge_pte_alloc(mm, address, huge_page_size(h)); if (!ptep) return VM_FAULT_OOM; -@@ -2884,12 +2947,16 @@ int hugetlb_reserve_pages(struct inode *inode, - set_vma_resv_flags(vma, HPAGE_RESV_OWNER); - } - -- if (chg < 0) -- return chg; -+ if (chg < 0) { -+ ret = chg; -+ goto out_err; -+ } - - /* There must be enough filesystem quota for the mapping */ -- if (hugetlb_get_quota(inode->i_mapping, chg)) -- return -ENOSPC; -+ if (hugetlb_get_quota(inode->i_mapping, chg)) { -+ ret = -ENOSPC; -+ goto out_err; -+ } - - /* - * Check enough hugepages are available for the reservation. -@@ -2898,7 +2965,7 @@ int hugetlb_reserve_pages(struct inode *inode, - ret = hugetlb_acct_memory(h, chg); - if (ret < 0) { - hugetlb_put_quota(inode->i_mapping, chg); -- return ret; -+ goto out_err; - } - - /* -@@ -2915,6 +2982,10 @@ int hugetlb_reserve_pages(struct inode *inode, - if (!vma || vma->vm_flags & VM_MAYSHARE) - region_add(&inode->i_mapping->private_list, from, to); - return 0; -+out_err: -+ if (vma) -+ resv_map_put(vma); -+ return ret; - } - - void hugetlb_unreserve_pages(struct inode *inode, long offset, long freed) diff --git a/mm/internal.h b/mm/internal.h index 2189af4..f2ca332 100644 --- a/mm/internal.h @@ -74665,7 +74662,7 @@ index 8105be4..e045f96 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index a99c785..3010083 100644 +index af47188..ff84aee 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -208,7 +208,7 @@ struct track { @@ -74686,7 +74683,7 @@ index a99c785..3010083 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2559,6 +2559,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) +@@ -2562,6 +2562,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) page = virt_to_head_page(x); @@ -74695,7 +74692,7 @@ index a99c785..3010083 100644 slab_free(s, page, x, _RET_IP_); trace_kmem_cache_free(_RET_IP_, x); -@@ -2592,7 +2594,7 @@ static int slub_min_objects; +@@ -2595,7 +2597,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -74704,7 +74701,7 @@ index a99c785..3010083 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3042,7 +3044,7 @@ static int kmem_cache_open(struct kmem_cache *s, +@@ -3045,7 +3047,7 @@ static int kmem_cache_open(struct kmem_cache *s, else s->cpu_partial = 30; @@ -74713,7 +74710,7 @@ index a99c785..3010083 100644 #ifdef CONFIG_NUMA s->remote_node_defrag_ratio = 1000; #endif -@@ -3146,8 +3148,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) +@@ -3149,8 +3151,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) void kmem_cache_destroy(struct kmem_cache *s) { down_write(&slub_lock); @@ -74723,7 +74720,7 @@ index a99c785..3010083 100644 list_del(&s->list); up_write(&slub_lock); if (kmem_cache_close(s)) { -@@ -3358,6 +3359,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3361,6 +3362,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -74774,7 +74771,7 @@ index a99c785..3010083 100644 size_t ksize(const void *object) { struct page *page; -@@ -3632,7 +3677,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) +@@ -3635,7 +3680,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) int node; list_add(&s->list, &slab_caches); @@ -74783,7 +74780,7 @@ index a99c785..3010083 100644 for_each_node_state(node, N_NORMAL_MEMORY) { struct kmem_cache_node *n = get_node(s, node); -@@ -3749,17 +3794,17 @@ void __init kmem_cache_init(void) +@@ -3752,17 +3797,17 @@ void __init kmem_cache_init(void) /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <= 32) { @@ -74804,7 +74801,7 @@ index a99c785..3010083 100644 caches++; } -@@ -3827,7 +3872,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3830,7 +3875,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -74813,7 +74810,7 @@ index a99c785..3010083 100644 return 1; return 0; -@@ -3886,7 +3931,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3889,7 +3934,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, down_write(&slub_lock); s = find_mergeable(size, align, flags, name, ctor); if (s) { @@ -74822,7 +74819,7 @@ index a99c785..3010083 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3895,7 +3940,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3898,7 +3943,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -74831,7 +74828,7 @@ index a99c785..3010083 100644 goto err; } up_write(&slub_lock); -@@ -4024,7 +4069,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -4027,7 +4072,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -74840,7 +74837,7 @@ index a99c785..3010083 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4411,12 +4456,12 @@ static void resiliency_test(void) +@@ -4414,12 +4459,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -74855,7 +74852,7 @@ index a99c785..3010083 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4657,7 +4702,7 @@ SLAB_ATTR_RO(ctor); +@@ -4660,7 +4705,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -74864,7 +74861,7 @@ index a99c785..3010083 100644 } SLAB_ATTR_RO(aliases); -@@ -5224,6 +5269,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5227,6 +5272,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -74872,7 +74869,7 @@ index a99c785..3010083 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5286,6 +5332,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5289,6 +5335,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -74880,7 +74877,7 @@ index a99c785..3010083 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5299,6 +5346,7 @@ struct saved_alias { +@@ -5302,6 +5349,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -74888,7 +74885,7 @@ index a99c785..3010083 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5321,6 +5369,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5324,6 +5372,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -75008,7 +75005,7 @@ index 136ac4f..f917fa9 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 27be2f0..879f150 100644 +index eeba3bb..820e22e 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -75132,7 +75129,7 @@ index 27be2f0..879f150 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -1294,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1295,6 +1335,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); @@ -75149,7 +75146,7 @@ index 27be2f0..879f150 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1526,6 +1576,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1527,6 +1577,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -75161,7 +75158,7 @@ index 27be2f0..879f150 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1627,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1628,6 +1683,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; @@ -75175,7 +75172,7 @@ index 27be2f0..879f150 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1800,10 +1862,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1801,10 +1863,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -75187,7 +75184,7 @@ index 27be2f0..879f150 100644 -1, __builtin_return_address(0)); } -@@ -2098,6 +2159,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2099,6 +2160,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -75196,7 +75193,7 @@ index 27be2f0..879f150 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2350,8 +2413,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, +@@ -2351,8 +2414,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, return NULL; } @@ -75903,7 +75900,7 @@ index 68bbf9f..5ef0d12 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 61a7baa..0c7799c 100644 +index 1cbddc9..e52e698 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name) @@ -75939,7 +75936,7 @@ index 61a7baa..0c7799c 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2056,7 +2060,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2030,7 +2034,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -75948,7 +75945,7 @@ index 61a7baa..0c7799c 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2990,7 +2994,7 @@ enqueue: +@@ -2964,7 +2968,7 @@ enqueue: local_irq_restore(flags); @@ -75957,7 +75954,7 @@ index 61a7baa..0c7799c 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3064,7 +3068,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3038,7 +3042,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -75966,7 +75963,7 @@ index 61a7baa..0c7799c 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3353,7 +3357,7 @@ ncls: +@@ -3327,7 +3331,7 @@ ncls: if (pt_prev) { ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { @@ -75975,7 +75972,7 @@ index 61a7baa..0c7799c 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3918,7 +3922,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3892,7 +3896,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -75984,7 +75981,7 @@ index 61a7baa..0c7799c 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -5944,7 +5948,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5918,7 +5922,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -76257,7 +76254,7 @@ index 92fc5f6..b790d91 100644 break; case NETDEV_DOWN: diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c -index 80106d8..232e898 100644 +index d01f9c6..284c56c 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -699,7 +699,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) @@ -77465,7 +77462,7 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index d5230ec..c604b21 100644 +index 7095ae5..85ba5e9 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -1000,7 +1000,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) @@ -79030,7 +79027,7 @@ index 0af7f54..c916d2f 100644 iwp->length += essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 9049a5c..cfa6f5c 100644 +index 0174034..65eaf78 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -299,7 +299,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) @@ -79087,7 +79084,7 @@ index 9049a5c..cfa6f5c 100644 return xdst; } -@@ -2345,7 +2345,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2348,7 +2348,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -79096,7 +79093,7 @@ index 9049a5c..cfa6f5c 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2882,7 +2882,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -2885,7 +2885,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -79132,6 +79129,48 @@ index 686cb0d..9d653bf 100644 __clean-files := $(filter-out $(no-clean-files), $(__clean-files)) +diff --git a/scripts/Makefile.headersinst b/scripts/Makefile.headersinst +index a57f5bd..d3bae5e 100644 +--- a/scripts/Makefile.headersinst ++++ b/scripts/Makefile.headersinst +@@ -4,12 +4,16 @@ + # header-y - list files to be installed. They are preprocessed + # to remove __KERNEL__ section of the file + # objhdr-y - Same as header-y but for generated files ++# genhdr-y - Same as objhdr-y but in a generated/ directory + # + # ========================================================================== + + # called may set destination dir (when installing to asm/) + _dst := $(if $(dst),$(dst),$(obj)) + ++# generated header directory ++gen := $(if $(gen),$(gen),$(subst include/,include/generated/,$(obj))) ++ + kbuild-file := $(srctree)/$(obj)/Kbuild + include $(kbuild-file) + +@@ -33,9 +37,10 @@ wrapper-files := $(filter $(header-y), $(generic-y)) + + # all headers files for this dir + header-y := $(filter-out $(generic-y), $(header-y)) +-all-files := $(header-y) $(objhdr-y) $(wrapper-files) ++all-files := $(header-y) $(objhdr-y) $(genhdr-y) $(wrapper-files) + input-files := $(addprefix $(srctree)/$(obj)/,$(header-y)) \ +- $(addprefix $(objtree)/$(obj)/,$(objhdr-y)) ++ $(addprefix $(objtree)/$(obj)/,$(objhdr-y)) \ ++ $(addprefix $(objtree)/$(gen)/,$(genhdr-y)) + output-files := $(addprefix $(install)/, $(all-files)) + + # Work out what needs to be removed +@@ -52,6 +57,7 @@ quiet_cmd_install = INSTALL $(printdir) ($(words $(all-files))\ + cmd_install = \ + $(PERL) $< $(srctree)/$(obj) $(install) $(SRCARCH) $(header-y); \ + $(PERL) $< $(objtree)/$(obj) $(install) $(SRCARCH) $(objhdr-y); \ ++ $(PERL) $< $(objtree)/$(gen) $(install) $(SRCARCH) $(genhdr-y); \ + for F in $(wrapper-files); do \ + echo "\#include <asm-generic/$$F>" > $(install)/$$F; \ + done; \ diff --git a/scripts/Makefile.host b/scripts/Makefile.host index 1ac414f..a1c1451 100644 --- a/scripts/Makefile.host diff --git a/3.2.19/4430_grsec-remove-localversion-grsec.patch b/3.2.20/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.19/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.20/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.19/4435_grsec-mute-warnings.patch b/3.2.20/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.2.19/4435_grsec-mute-warnings.patch +++ b/3.2.20/4435_grsec-mute-warnings.patch diff --git a/3.2.19/4440_grsec-remove-protected-paths.patch b/3.2.20/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.2.19/4440_grsec-remove-protected-paths.patch +++ b/3.2.20/4440_grsec-remove-protected-paths.patch diff --git a/3.2.19/4445_grsec-pax-without-grsec.patch b/3.2.20/4445_grsec-pax-without-grsec.patch index 58301c0..58301c0 100644 --- a/3.2.19/4445_grsec-pax-without-grsec.patch +++ b/3.2.20/4445_grsec-pax-without-grsec.patch diff --git a/3.2.19/4450_grsec-kconfig-default-gids.patch b/3.2.20/4450_grsec-kconfig-default-gids.patch index 123f877..123f877 100644 --- a/3.2.19/4450_grsec-kconfig-default-gids.patch +++ b/3.2.20/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.19/4455_grsec-kconfig-gentoo.patch b/3.2.20/4455_grsec-kconfig-gentoo.patch index 87b5454..87b5454 100644 --- a/3.2.19/4455_grsec-kconfig-gentoo.patch +++ b/3.2.20/4455_grsec-kconfig-gentoo.patch diff --git a/3.2.19/4460-grsec-kconfig-proc-user.patch b/3.2.20/4460-grsec-kconfig-proc-user.patch index b2b3188..b2b3188 100644 --- a/3.2.19/4460-grsec-kconfig-proc-user.patch +++ b/3.2.20/4460-grsec-kconfig-proc-user.patch diff --git a/3.2.19/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.20/4465_selinux-avc_audit-log-curr_ip.patch index 5a9d80c..5a9d80c 100644 --- a/3.2.19/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.20/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.19/4470_disable-compat_vdso.patch b/3.2.20/4470_disable-compat_vdso.patch index 4742d01..4742d01 100644 --- a/3.2.19/4470_disable-compat_vdso.patch +++ b/3.2.20/4470_disable-compat_vdso.patch diff --git a/3.4.1/1000_linux-3.4.1.patch b/3.4.1/1000_linux-3.4.1.patch deleted file mode 100644 index 209c25a..0000000 --- a/3.4.1/1000_linux-3.4.1.patch +++ /dev/null @@ -1,2647 +0,0 @@ -diff --git a/Documentation/HOWTO b/Documentation/HOWTO -index f7ade3b..59c080f 100644 ---- a/Documentation/HOWTO -+++ b/Documentation/HOWTO -@@ -218,16 +218,16 @@ The development process - Linux kernel development process currently consists of a few different - main kernel "branches" and lots of different subsystem-specific kernel - branches. These different branches are: -- - main 2.6.x kernel tree -- - 2.6.x.y -stable kernel tree -- - 2.6.x -git kernel patches -+ - main 3.x kernel tree -+ - 3.x.y -stable kernel tree -+ - 3.x -git kernel patches - - subsystem specific kernel trees and patches -- - the 2.6.x -next kernel tree for integration tests -+ - the 3.x -next kernel tree for integration tests - --2.6.x kernel tree -+3.x kernel tree - ----------------- --2.6.x kernels are maintained by Linus Torvalds, and can be found on --kernel.org in the pub/linux/kernel/v2.6/ directory. Its development -+3.x kernels are maintained by Linus Torvalds, and can be found on -+kernel.org in the pub/linux/kernel/v3.x/ directory. Its development - process is as follows: - - As soon as a new kernel is released a two weeks window is open, - during this period of time maintainers can submit big diffs to -@@ -262,20 +262,20 @@ mailing list about kernel releases: - released according to perceived bug status, not according to a - preconceived timeline." - --2.6.x.y -stable kernel tree -+3.x.y -stable kernel tree - --------------------------- --Kernels with 4-part versions are -stable kernels. They contain -+Kernels with 3-part versions are -stable kernels. They contain - relatively small and critical fixes for security problems or significant --regressions discovered in a given 2.6.x kernel. -+regressions discovered in a given 3.x kernel. - - This is the recommended branch for users who want the most recent stable - kernel and are not interested in helping test development/experimental - versions. - --If no 2.6.x.y kernel is available, then the highest numbered 2.6.x -+If no 3.x.y kernel is available, then the highest numbered 3.x - kernel is the current stable kernel. - --2.6.x.y are maintained by the "stable" team <stable@vger.kernel.org>, and -+3.x.y are maintained by the "stable" team <stable@vger.kernel.org>, and - are released as needs dictate. The normal release period is approximately - two weeks, but it can be longer if there are no pressing problems. A - security-related problem, instead, can cause a release to happen almost -@@ -285,7 +285,7 @@ The file Documentation/stable_kernel_rules.txt in the kernel tree - documents what kinds of changes are acceptable for the -stable tree, and - how the release process works. - --2.6.x -git patches -+3.x -git patches - ------------------ - These are daily snapshots of Linus' kernel tree which are managed in a - git repository (hence the name.) These patches are usually released -@@ -317,13 +317,13 @@ revisions to it, and maintainers can mark patches as under review, - accepted, or rejected. Most of these patchwork sites are listed at - http://patchwork.kernel.org/. - --2.6.x -next kernel tree for integration tests -+3.x -next kernel tree for integration tests - --------------------------------------------- --Before updates from subsystem trees are merged into the mainline 2.6.x -+Before updates from subsystem trees are merged into the mainline 3.x - tree, they need to be integration-tested. For this purpose, a special - testing repository exists into which virtually all subsystem trees are - pulled on an almost daily basis: -- http://git.kernel.org/?p=linux/kernel/git/sfr/linux-next.git -+ http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git - http://linux.f-seidel.de/linux-next/pmwiki/ - - This way, the -next kernel gives a summary outlook onto what will be -diff --git a/Makefile b/Makefile -index a687963..0bd1554 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 4 --SUBLEVEL = 0 -+SUBLEVEL = 1 - EXTRAVERSION = - NAME = Saber-toothed Squirrel - -diff --git a/arch/arm/boot/dts/tegra-cardhu.dts b/arch/arm/boot/dts/tegra-cardhu.dts -index ac3fb75..631a86c 100644 ---- a/arch/arm/boot/dts/tegra-cardhu.dts -+++ b/arch/arm/boot/dts/tegra-cardhu.dts -@@ -64,7 +64,7 @@ - status = "disable"; - }; - -- sdhci@78000400 { -+ sdhci@78000600 { - support-8bit; - }; - }; -diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h -index d5d8d5c..1252a26 100644 ---- a/arch/arm/include/asm/cacheflush.h -+++ b/arch/arm/include/asm/cacheflush.h -@@ -249,7 +249,7 @@ extern void flush_cache_page(struct vm_area_struct *vma, unsigned long user_addr - * Harvard caches are synchronised for the user space address range. - * This is used for the ARM private sys_cacheflush system call. - */ --#define flush_cache_user_range(vma,start,end) \ -+#define flush_cache_user_range(start,end) \ - __cpuc_coherent_user_range((start) & PAGE_MASK, PAGE_ALIGN(end)) - - /* -diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 7784547..63d402f 100644 ---- a/arch/arm/kernel/traps.c -+++ b/arch/arm/kernel/traps.c -@@ -496,7 +496,9 @@ do_cache_op(unsigned long start, unsigned long end, int flags) - if (end > vma->vm_end) - end = vma->vm_end; - -- flush_cache_user_range(vma, start, end); -+ up_read(&mm->mmap_sem); -+ flush_cache_user_range(start, end); -+ return; - } - up_read(&mm->mmap_sem); - } -diff --git a/arch/powerpc/kernel/idle.c b/arch/powerpc/kernel/idle.c -index 6d2209a..04d7909 100644 ---- a/arch/powerpc/kernel/idle.c -+++ b/arch/powerpc/kernel/idle.c -@@ -113,6 +113,9 @@ void cpu_idle(void) - } - } - -+static void do_nothing(void *unused) -+{ -+} - - /* - * cpu_idle_wait - Used to ensure that all the CPUs come out of the old -@@ -123,16 +126,9 @@ void cpu_idle(void) - */ - void cpu_idle_wait(void) - { -- int cpu; - smp_mb(); -- -- /* kick all the CPUs so that they exit out of old idle routine */ -- get_online_cpus(); -- for_each_online_cpu(cpu) { -- if (cpu != smp_processor_id()) -- smp_send_reschedule(cpu); -- } -- put_online_cpus(); -+ /* kick all the CPUs so that they exit out of pm_idle */ -+ smp_call_function(do_nothing, NULL, 1); - } - EXPORT_SYMBOL_GPL(cpu_idle_wait); - -diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c -index 46ef3fd..4e66860 100644 ---- a/arch/s390/mm/fault.c -+++ b/arch/s390/mm/fault.c -@@ -574,6 +574,7 @@ static void pfault_interrupt(struct ext_code ext_code, - tsk->thread.pfault_wait = 0; - list_del(&tsk->thread.list); - wake_up_process(tsk); -+ put_task_struct(tsk); - } else { - /* Completion interrupt was faster than initial - * interrupt. Set pfault_wait to -1 so the initial -@@ -588,14 +589,22 @@ static void pfault_interrupt(struct ext_code ext_code, - put_task_struct(tsk); - } else { - /* signal bit not set -> a real page is missing. */ -- if (tsk->thread.pfault_wait == -1) { -+ if (tsk->thread.pfault_wait == 1) { -+ /* Already on the list with a reference: put to sleep */ -+ set_task_state(tsk, TASK_UNINTERRUPTIBLE); -+ set_tsk_need_resched(tsk); -+ } else if (tsk->thread.pfault_wait == -1) { - /* Completion interrupt was faster than the initial - * interrupt (pfault_wait == -1). Set pfault_wait - * back to zero and exit. */ - tsk->thread.pfault_wait = 0; - } else { - /* Initial interrupt arrived before completion -- * interrupt. Let the task sleep. */ -+ * interrupt. Let the task sleep. -+ * An extra task reference is needed since a different -+ * cpu may set the task state to TASK_RUNNING again -+ * before the scheduler is reached. */ -+ get_task_struct(tsk); - tsk->thread.pfault_wait = 1; - list_add(&tsk->thread.list, &pfault_list); - set_task_state(tsk, TASK_UNINTERRUPTIBLE); -@@ -620,6 +629,7 @@ static int __cpuinit pfault_cpu_notify(struct notifier_block *self, - list_del(&thread->list); - tsk = container_of(thread, struct task_struct, thread); - wake_up_process(tsk); -+ put_task_struct(tsk); - } - spin_unlock_irq(&pfault_lock); - break; -diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig -index 6c0683d..76c7ccf 100644 ---- a/arch/sparc/Kconfig -+++ b/arch/sparc/Kconfig -@@ -584,6 +584,9 @@ config SYSVIPC_COMPAT - depends on COMPAT && SYSVIPC - default y - -+config KEYS_COMPAT -+ def_bool y if COMPAT && KEYS -+ - endmenu - - source "net/Kconfig" -diff --git a/arch/sparc/kernel/systbls_64.S b/arch/sparc/kernel/systbls_64.S -index db86b1a..3a58e0d 100644 ---- a/arch/sparc/kernel/systbls_64.S -+++ b/arch/sparc/kernel/systbls_64.S -@@ -74,7 +74,7 @@ sys_call_table32: - .word sys_timer_delete, compat_sys_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy - /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink - .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid --/*280*/ .word sys32_tee, sys_add_key, sys_request_key, sys_keyctl, compat_sys_openat -+/*280*/ .word sys32_tee, sys_add_key, sys_request_key, compat_sys_keyctl, compat_sys_openat - .word sys_mkdirat, sys_mknodat, sys_fchownat, compat_sys_futimesat, compat_sys_fstatat64 - /*290*/ .word sys_unlinkat, sys_renameat, sys_linkat, sys_symlinkat, sys_readlinkat - .word sys_fchmodat, sys_faccessat, compat_sys_pselect6, compat_sys_ppoll, sys_unshare -diff --git a/arch/tile/include/asm/bitops.h b/arch/tile/include/asm/bitops.h -index 16f1fa5..bd186c4 100644 ---- a/arch/tile/include/asm/bitops.h -+++ b/arch/tile/include/asm/bitops.h -@@ -77,6 +77,11 @@ static inline int ffs(int x) - return __builtin_ffs(x); - } - -+static inline int fls64(__u64 w) -+{ -+ return (sizeof(__u64) * 8) - __builtin_clzll(w); -+} -+ - /** - * fls - find last set bit in word - * @x: the word to search -@@ -90,12 +95,7 @@ static inline int ffs(int x) - */ - static inline int fls(int x) - { -- return (sizeof(int) * 8) - __builtin_clz(x); --} -- --static inline int fls64(__u64 w) --{ -- return (sizeof(__u64) * 8) - __builtin_clzll(w); -+ return fls64((unsigned int) x); - } - - static inline unsigned int __arch_hweight32(unsigned int w) -diff --git a/arch/um/include/asm/pgtable.h b/arch/um/include/asm/pgtable.h -index 6a3f984..5888f1b 100644 ---- a/arch/um/include/asm/pgtable.h -+++ b/arch/um/include/asm/pgtable.h -@@ -273,6 +273,12 @@ static inline void set_pte(pte_t *pteptr, pte_t pteval) - } - #define set_pte_at(mm,addr,ptep,pteval) set_pte(ptep,pteval) - -+#define __HAVE_ARCH_PTE_SAME -+static inline int pte_same(pte_t pte_a, pte_t pte_b) -+{ -+ return !((pte_val(pte_a) ^ pte_val(pte_b)) & ~_PAGE_NEWPAGE); -+} -+ - /* - * Conversion functions: convert a page and protection to a page entry, - * and a page entry and page directory to the page they refer to. -@@ -348,11 +354,11 @@ extern pte_t *virt_to_pte(struct mm_struct *mm, unsigned long addr); - #define update_mmu_cache(vma,address,ptep) do ; while (0) - - /* Encode and de-code a swap entry */ --#define __swp_type(x) (((x).val >> 4) & 0x3f) -+#define __swp_type(x) (((x).val >> 5) & 0x1f) - #define __swp_offset(x) ((x).val >> 11) - - #define __swp_entry(type, offset) \ -- ((swp_entry_t) { ((type) << 4) | ((offset) << 11) }) -+ ((swp_entry_t) { ((type) << 5) | ((offset) << 11) }) - #define __pte_to_swp_entry(pte) \ - ((swp_entry_t) { pte_val(pte_mkuptodate(pte)) }) - #define __swp_entry_to_pte(x) ((pte_t) { (x).val }) -diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 94e91e4..b1c611e 100644 ---- a/arch/x86/Makefile -+++ b/arch/x86/Makefile -@@ -206,6 +206,7 @@ archclean: - $(Q)rm -rf $(objtree)/arch/i386 - $(Q)rm -rf $(objtree)/arch/x86_64 - $(Q)$(MAKE) $(clean)=$(boot) -+ $(Q)$(MAKE) $(clean)=arch/x86/tools - - define archhelp - echo '* bzImage - Compressed kernel image (arch/x86/boot/bzImage)' -diff --git a/arch/x86/kernel/cpu/mcheck/mce-severity.c b/arch/x86/kernel/cpu/mcheck/mce-severity.c -index 0c82091..1ccd453 100644 ---- a/arch/x86/kernel/cpu/mcheck/mce-severity.c -+++ b/arch/x86/kernel/cpu/mcheck/mce-severity.c -@@ -165,15 +165,19 @@ static struct severity { - }; - - /* -- * If the EIPV bit is set, it means the saved IP is the -- * instruction which caused the MCE. -+ * If mcgstatus indicated that ip/cs on the stack were -+ * no good, then "m->cs" will be zero and we will have -+ * to assume the worst case (IN_KERNEL) as we actually -+ * have no idea what we were executing when the machine -+ * check hit. -+ * If we do have a good "m->cs" (or a faked one in the -+ * case we were executing in VM86 mode) we can use it to -+ * distinguish an exception taken in user from from one -+ * taken in the kernel. - */ - static int error_context(struct mce *m) - { -- if (m->mcgstatus & MCG_STATUS_EIPV) -- return (m->ip && (m->cs & 3) == 3) ? IN_USER : IN_KERNEL; -- /* Unknown, assume kernel */ -- return IN_KERNEL; -+ return ((m->cs & 3) == 3) ? IN_USER : IN_KERNEL; - } - - int mce_severity(struct mce *m, int tolerant, char **msg) -diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 11c9166..61604ae 100644 ---- a/arch/x86/kernel/cpu/mcheck/mce.c -+++ b/arch/x86/kernel/cpu/mcheck/mce.c -@@ -437,6 +437,14 @@ static inline void mce_gather_info(struct mce *m, struct pt_regs *regs) - if (m->mcgstatus & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) { - m->ip = regs->ip; - m->cs = regs->cs; -+ -+ /* -+ * When in VM86 mode make the cs look like ring 3 -+ * always. This is a lie, but it's better than passing -+ * the additional vm86 bit around everywhere. -+ */ -+ if (v8086_mode(regs)) -+ m->cs |= 3; - } - /* Use accurate RIP reporting if available. */ - if (rip_msr) -diff --git a/arch/x86/kernel/cpu/perf_event_amd.c b/arch/x86/kernel/cpu/perf_event_amd.c -index 95e7fe1..9edc786 100644 ---- a/arch/x86/kernel/cpu/perf_event_amd.c -+++ b/arch/x86/kernel/cpu/perf_event_amd.c -@@ -493,6 +493,7 @@ static __initconst const struct x86_pmu amd_pmu = { - * 0x023 DE PERF_CTL[2:0] - * 0x02D LS PERF_CTL[3] - * 0x02E LS PERF_CTL[3,0] -+ * 0x031 LS PERF_CTL[2:0] (**) - * 0x043 CU PERF_CTL[2:0] - * 0x045 CU PERF_CTL[2:0] - * 0x046 CU PERF_CTL[2:0] -@@ -506,10 +507,12 @@ static __initconst const struct x86_pmu amd_pmu = { - * 0x0DD LS PERF_CTL[5:0] - * 0x0DE LS PERF_CTL[5:0] - * 0x0DF LS PERF_CTL[5:0] -+ * 0x1C0 EX PERF_CTL[5:3] - * 0x1D6 EX PERF_CTL[5:0] - * 0x1D8 EX PERF_CTL[5:0] - * -- * (*) depending on the umask all FPU counters may be used -+ * (*) depending on the umask all FPU counters may be used -+ * (**) only one unitmask enabled at a time - */ - - static struct event_constraint amd_f15_PMC0 = EVENT_CONSTRAINT(0, 0x01, 0); -@@ -559,6 +562,12 @@ amd_get_event_constraints_f15h(struct cpu_hw_events *cpuc, struct perf_event *ev - return &amd_f15_PMC3; - case 0x02E: - return &amd_f15_PMC30; -+ case 0x031: -+ if (hweight_long(hwc->config & ARCH_PERFMON_EVENTSEL_UMASK) <= 1) -+ return &amd_f15_PMC20; -+ return &emptyconstraint; -+ case 0x1C0: -+ return &amd_f15_PMC53; - default: - return &amd_f15_PMC50; - } -diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c -index 7415aa9..56ab749 100644 ---- a/arch/x86/pci/xen.c -+++ b/arch/x86/pci/xen.c -@@ -64,6 +64,10 @@ static int xen_register_pirq(u32 gsi, int gsi_override, int triggering, - int shareable = 0; - char *name; - -+ irq = xen_irq_from_gsi(gsi); -+ if (irq > 0) -+ return irq; -+ - if (set_pirq) - pirq = gsi; - -diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c -index b43cfcd..b685296 100644 ---- a/arch/x86/tools/relocs.c -+++ b/arch/x86/tools/relocs.c -@@ -60,6 +60,18 @@ static const char * const sym_regex_kernel[S_NSYMTYPES] = { - "__x86_cpu_dev_(start|end)|" - "(__parainstructions|__alt_instructions)(|_end)|" - "(__iommu_table|__apicdrivers|__smp_locks)(|_end)|" -+ "__(start|end)_pci_.*|" -+ "__(start|end)_builtin_fw|" -+ "__(start|stop)___ksymtab(|_gpl|_unused|_unused_gpl|_gpl_future)|" -+ "__(start|stop)___kcrctab(|_gpl|_unused|_unused_gpl|_gpl_future)|" -+ "__(start|stop)___param|" -+ "__(start|stop)___modver|" -+ "__(start|stop)___bug_table|" -+ "__tracedata_(start|end)|" -+ "__(start|stop)_notes|" -+ "__end_rodata|" -+ "__initramfs_start|" -+ "(jiffies|jiffies_64)|" - "_end)$" - }; - -diff --git a/drivers/gpio/gpio-mpc8xxx.c b/drivers/gpio/gpio-mpc8xxx.c -index e6568c1..5a1817e 100644 ---- a/drivers/gpio/gpio-mpc8xxx.c -+++ b/drivers/gpio/gpio-mpc8xxx.c -@@ -163,7 +163,8 @@ static void mpc8xxx_gpio_irq_cascade(unsigned int irq, struct irq_desc *desc) - if (mask) - generic_handle_irq(irq_linear_revmap(mpc8xxx_gc->irq, - 32 - ffs(mask))); -- chip->irq_eoi(&desc->irq_data); -+ if (chip->irq_eoi) -+ chip->irq_eoi(&desc->irq_data); - } - - static void mpc8xxx_irq_unmask(struct irq_data *d) -diff --git a/drivers/gpu/drm/gma500/psb_device.c b/drivers/gpu/drm/gma500/psb_device.c -index 95d163e..328a193 100644 ---- a/drivers/gpu/drm/gma500/psb_device.c -+++ b/drivers/gpu/drm/gma500/psb_device.c -@@ -197,7 +197,8 @@ static int psb_save_display_registers(struct drm_device *dev) - } - - list_for_each_entry(connector, &dev->mode_config.connector_list, head) -- connector->funcs->save(connector); -+ if (connector->funcs->save) -+ connector->funcs->save(connector); - - mutex_unlock(&dev->mode_config.mutex); - return 0; -@@ -235,7 +236,8 @@ static int psb_restore_display_registers(struct drm_device *dev) - crtc->funcs->restore(crtc); - - list_for_each_entry(connector, &dev->mode_config.connector_list, head) -- connector->funcs->restore(connector); -+ if (connector->funcs->restore) -+ connector->funcs->restore(connector); - - mutex_unlock(&dev->mode_config.mutex); - return 0; -diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index afd4e03..f57e5cf 100644 ---- a/drivers/gpu/drm/i915/i915_irq.c -+++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -424,14 +424,11 @@ static void gen6_pm_rps_work(struct work_struct *work) - mutex_unlock(&dev_priv->dev->struct_mutex); - } - --static void pch_irq_handler(struct drm_device *dev) -+static void pch_irq_handler(struct drm_device *dev, u32 pch_iir) - { - drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; -- u32 pch_iir; - int pipe; - -- pch_iir = I915_READ(SDEIIR); -- - if (pch_iir & SDE_AUDIO_POWER_MASK) - DRM_DEBUG_DRIVER("PCH audio power change on port %d\n", - (pch_iir & SDE_AUDIO_POWER_MASK) >> -@@ -529,7 +526,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) - if (de_iir & DE_PCH_EVENT_IVB) { - if (pch_iir & SDE_HOTPLUG_MASK_CPT) - queue_work(dev_priv->wq, &dev_priv->hotplug_work); -- pch_irq_handler(dev); -+ pch_irq_handler(dev, pch_iir); - } - - if (pm_iir & GEN6_PM_DEFERRED_EVENTS) { -@@ -629,7 +626,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) - if (de_iir & DE_PCH_EVENT) { - if (pch_iir & hotplug_mask) - queue_work(dev_priv->wq, &dev_priv->hotplug_work); -- pch_irq_handler(dev); -+ pch_irq_handler(dev, pch_iir); - } - - if (de_iir & DE_PCU_EVENT) { -diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h -index 9d24d65..29bfd89 100644 ---- a/drivers/gpu/drm/i915/i915_reg.h -+++ b/drivers/gpu/drm/i915/i915_reg.h -@@ -615,6 +615,21 @@ - - #define GEN6_BSD_RNCID 0x12198 - -+#define GEN7_FF_THREAD_MODE 0x20a0 -+#define GEN7_FF_SCHED_MASK 0x0077070 -+#define GEN7_FF_TS_SCHED_HS1 (0x5<<16) -+#define GEN7_FF_TS_SCHED_HS0 (0x3<<16) -+#define GEN7_FF_TS_SCHED_LOAD_BALANCE (0x1<<16) -+#define GEN7_FF_TS_SCHED_HW (0x0<<16) /* Default */ -+#define GEN7_FF_VS_SCHED_HS1 (0x5<<12) -+#define GEN7_FF_VS_SCHED_HS0 (0x3<<12) -+#define GEN7_FF_VS_SCHED_LOAD_BALANCE (0x1<<12) /* Default */ -+#define GEN7_FF_VS_SCHED_HW (0x0<<12) -+#define GEN7_FF_DS_SCHED_HS1 (0x5<<4) -+#define GEN7_FF_DS_SCHED_HS0 (0x3<<4) -+#define GEN7_FF_DS_SCHED_LOAD_BALANCE (0x1<<4) /* Default */ -+#define GEN7_FF_DS_SCHED_HW (0x0<<4) -+ - /* - * Framebuffer compression (915+ only) - */ -diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 1b1cf3b..79a7de1 100644 ---- a/drivers/gpu/drm/i915/intel_display.c -+++ b/drivers/gpu/drm/i915/intel_display.c -@@ -7617,10 +7617,11 @@ static void intel_sanitize_modesetting(struct drm_device *dev, - { - struct drm_i915_private *dev_priv = dev->dev_private; - u32 reg, val; -+ int i; - - /* Clear any frame start delays used for debugging left by the BIOS */ -- for_each_pipe(pipe) { -- reg = PIPECONF(pipe); -+ for_each_pipe(i) { -+ reg = PIPECONF(i); - I915_WRITE(reg, I915_READ(reg) & ~PIPECONF_FRAME_START_DELAY_MASK); - } - -@@ -8612,6 +8613,18 @@ static void gen6_init_clock_gating(struct drm_device *dev) - } - } - -+static void gen7_setup_fixed_func_scheduler(struct drm_i915_private *dev_priv) -+{ -+ uint32_t reg = I915_READ(GEN7_FF_THREAD_MODE); -+ -+ reg &= ~GEN7_FF_SCHED_MASK; -+ reg |= GEN7_FF_TS_SCHED_HW; -+ reg |= GEN7_FF_VS_SCHED_HW; -+ reg |= GEN7_FF_DS_SCHED_HW; -+ -+ I915_WRITE(GEN7_FF_THREAD_MODE, reg); -+} -+ - static void ivybridge_init_clock_gating(struct drm_device *dev) - { - struct drm_i915_private *dev_priv = dev->dev_private; -@@ -8656,6 +8669,8 @@ static void ivybridge_init_clock_gating(struct drm_device *dev) - DISPPLANE_TRICKLE_FEED_DISABLE); - intel_flush_display_plane(dev_priv, pipe); - } -+ -+ gen7_setup_fixed_func_scheduler(dev_priv); - } - - static void g4x_init_clock_gating(struct drm_device *dev) -diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c -index 7d15a77..12ce044 100644 ---- a/drivers/gpu/drm/nouveau/nouveau_bo.c -+++ b/drivers/gpu/drm/nouveau/nouveau_bo.c -@@ -1030,7 +1030,7 @@ nouveau_ttm_fault_reserve_notify(struct ttm_buffer_object *bo) - - nvbo->placement.fpfn = 0; - nvbo->placement.lpfn = dev_priv->fb_mappable_pages; -- nouveau_bo_placement_set(nvbo, TTM_PL_VRAM, 0); -+ nouveau_bo_placement_set(nvbo, TTM_PL_FLAG_VRAM, 0); - return nouveau_bo_validate(nvbo, false, true, false); - } - -diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c -index 2b56efc..d44ea58 100644 ---- a/drivers/hid/hid-logitech-dj.c -+++ b/drivers/hid/hid-logitech-dj.c -@@ -26,6 +26,7 @@ - #include <linux/hid.h> - #include <linux/module.h> - #include <linux/usb.h> -+#include <asm/unaligned.h> - #include "usbhid/usbhid.h" - #include "hid-ids.h" - #include "hid-logitech-dj.h" -@@ -265,8 +266,8 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev, - goto dj_device_allocate_fail; - } - -- dj_dev->reports_supported = le32_to_cpu( -- dj_report->report_params[DEVICE_PAIRED_RF_REPORT_TYPE]); -+ dj_dev->reports_supported = get_unaligned_le32( -+ dj_report->report_params + DEVICE_PAIRED_RF_REPORT_TYPE); - dj_dev->hdev = dj_hiddev; - dj_dev->dj_receiver_dev = djrcv_dev; - dj_dev->device_index = dj_report->device_index; -diff --git a/drivers/hid/hid-wiimote-core.c b/drivers/hid/hid-wiimote-core.c -index cac3589..84e2fbe 100644 ---- a/drivers/hid/hid-wiimote-core.c -+++ b/drivers/hid/hid-wiimote-core.c -@@ -769,7 +769,7 @@ static void __ir_to_input(struct wiimote_data *wdata, const __u8 *ir, - - /* - * Basic IR data is encoded into 3 bytes. The first two bytes are the -- * upper 8 bit of the X/Y data, the 3rd byte contains the lower 2 bits -+ * lower 8 bit of the X/Y data, the 3rd byte contains the upper 2 bits - * of both. - * If data is packed, then the 3rd byte is put first and slightly - * reordered. This allows to interleave packed and non-packed data to -@@ -778,17 +778,11 @@ static void __ir_to_input(struct wiimote_data *wdata, const __u8 *ir, - */ - - if (packed) { -- x = ir[1] << 2; -- y = ir[2] << 2; -- -- x |= ir[0] & 0x3; -- y |= (ir[0] >> 2) & 0x3; -+ x = ir[1] | ((ir[0] & 0x03) << 8); -+ y = ir[2] | ((ir[0] & 0x0c) << 6); - } else { -- x = ir[0] << 2; -- y = ir[1] << 2; -- -- x |= (ir[2] >> 4) & 0x3; -- y |= (ir[2] >> 6) & 0x3; -+ x = ir[0] | ((ir[2] & 0x30) << 4); -+ y = ir[1] | ((ir[2] & 0xc0) << 2); - } - - input_report_abs(wdata->ir, xid, x); -diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c -index 5bf91db..4bbb883 100644 ---- a/drivers/hid/usbhid/hid-core.c -+++ b/drivers/hid/usbhid/hid-core.c -@@ -399,6 +399,16 @@ static int hid_submit_ctrl(struct hid_device *hid) - * Output interrupt completion handler. - */ - -+static int irq_out_pump_restart(struct hid_device *hid) -+{ -+ struct usbhid_device *usbhid = hid->driver_data; -+ -+ if (usbhid->outhead != usbhid->outtail) -+ return hid_submit_out(hid); -+ else -+ return -1; -+} -+ - static void hid_irq_out(struct urb *urb) - { - struct hid_device *hid = urb->context; -@@ -428,7 +438,7 @@ static void hid_irq_out(struct urb *urb) - else - usbhid->outtail = (usbhid->outtail + 1) & (HID_OUTPUT_FIFO_SIZE - 1); - -- if (usbhid->outhead != usbhid->outtail && !hid_submit_out(hid)) { -+ if (!irq_out_pump_restart(hid)) { - /* Successfully submitted next urb in queue */ - spin_unlock_irqrestore(&usbhid->lock, flags); - return; -@@ -443,6 +453,15 @@ static void hid_irq_out(struct urb *urb) - /* - * Control pipe completion handler. - */ -+static int ctrl_pump_restart(struct hid_device *hid) -+{ -+ struct usbhid_device *usbhid = hid->driver_data; -+ -+ if (usbhid->ctrlhead != usbhid->ctrltail) -+ return hid_submit_ctrl(hid); -+ else -+ return -1; -+} - - static void hid_ctrl(struct urb *urb) - { -@@ -476,7 +495,7 @@ static void hid_ctrl(struct urb *urb) - else - usbhid->ctrltail = (usbhid->ctrltail + 1) & (HID_CONTROL_FIFO_SIZE - 1); - -- if (usbhid->ctrlhead != usbhid->ctrltail && !hid_submit_ctrl(hid)) { -+ if (!ctrl_pump_restart(hid)) { - /* Successfully submitted next urb in queue */ - spin_unlock(&usbhid->lock); - return; -@@ -535,11 +554,27 @@ static void __usbhid_submit_report(struct hid_device *hid, struct hid_report *re - * the queue is known to run - * but an earlier request may be stuck - * we may need to time out -- * no race because this is called under -+ * no race because the URB is blocked under - * spinlock - */ -- if (time_after(jiffies, usbhid->last_out + HZ * 5)) -+ if (time_after(jiffies, usbhid->last_out + HZ * 5)) { -+ usb_block_urb(usbhid->urbout); -+ /* drop lock to not deadlock if the callback is called */ -+ spin_unlock(&usbhid->lock); - usb_unlink_urb(usbhid->urbout); -+ spin_lock(&usbhid->lock); -+ usb_unblock_urb(usbhid->urbout); -+ /* -+ * if the unlinking has already completed -+ * the pump will have been stopped -+ * it must be restarted now -+ */ -+ if (!test_bit(HID_OUT_RUNNING, &usbhid->iofl)) -+ if (!irq_out_pump_restart(hid)) -+ set_bit(HID_OUT_RUNNING, &usbhid->iofl); -+ -+ -+ } - } - return; - } -@@ -583,11 +618,25 @@ static void __usbhid_submit_report(struct hid_device *hid, struct hid_report *re - * the queue is known to run - * but an earlier request may be stuck - * we may need to time out -- * no race because this is called under -+ * no race because the URB is blocked under - * spinlock - */ -- if (time_after(jiffies, usbhid->last_ctrl + HZ * 5)) -+ if (time_after(jiffies, usbhid->last_ctrl + HZ * 5)) { -+ usb_block_urb(usbhid->urbctrl); -+ /* drop lock to not deadlock if the callback is called */ -+ spin_unlock(&usbhid->lock); - usb_unlink_urb(usbhid->urbctrl); -+ spin_lock(&usbhid->lock); -+ usb_unblock_urb(usbhid->urbctrl); -+ /* -+ * if the unlinking has already completed -+ * the pump will have been stopped -+ * it must be restarted now -+ */ -+ if (!test_bit(HID_CTRL_RUNNING, &usbhid->iofl)) -+ if (!ctrl_pump_restart(hid)) -+ set_bit(HID_CTRL_RUNNING, &usbhid->iofl); -+ } - } - } - -diff --git a/drivers/i2c/busses/i2c-davinci.c b/drivers/i2c/busses/i2c-davinci.c -index a76d85f..79b4bcb 100644 ---- a/drivers/i2c/busses/i2c-davinci.c -+++ b/drivers/i2c/busses/i2c-davinci.c -@@ -755,7 +755,7 @@ static int davinci_i2c_remove(struct platform_device *pdev) - dev->clk = NULL; - - davinci_i2c_write_reg(dev, DAVINCI_I2C_MDR_REG, 0); -- free_irq(IRQ_I2C, dev); -+ free_irq(dev->irq, dev); - iounmap(dev->base); - kfree(dev); - -diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c -index 55e5ea6..df19f3d 100644 ---- a/drivers/i2c/busses/i2c-tegra.c -+++ b/drivers/i2c/busses/i2c-tegra.c -@@ -401,8 +401,6 @@ static irqreturn_t tegra_i2c_isr(int irq, void *dev_id) - disable_irq_nosync(i2c_dev->irq); - i2c_dev->irq_disabled = 1; - } -- -- complete(&i2c_dev->msg_complete); - goto err; - } - -@@ -411,7 +409,6 @@ static irqreturn_t tegra_i2c_isr(int irq, void *dev_id) - i2c_dev->msg_err |= I2C_ERR_NO_ACK; - if (status & I2C_INT_ARBITRATION_LOST) - i2c_dev->msg_err |= I2C_ERR_ARBITRATION_LOST; -- complete(&i2c_dev->msg_complete); - goto err; - } - -@@ -429,14 +426,14 @@ static irqreturn_t tegra_i2c_isr(int irq, void *dev_id) - tegra_i2c_mask_irq(i2c_dev, I2C_INT_TX_FIFO_DATA_REQ); - } - -+ i2c_writel(i2c_dev, status, I2C_INT_STATUS); -+ if (i2c_dev->is_dvc) -+ dvc_writel(i2c_dev, DVC_STATUS_I2C_DONE_INTR, DVC_STATUS); -+ - if (status & I2C_INT_PACKET_XFER_COMPLETE) { - BUG_ON(i2c_dev->msg_buf_remaining); - complete(&i2c_dev->msg_complete); - } -- -- i2c_writel(i2c_dev, status, I2C_INT_STATUS); -- if (i2c_dev->is_dvc) -- dvc_writel(i2c_dev, DVC_STATUS_I2C_DONE_INTR, DVC_STATUS); - return IRQ_HANDLED; - err: - /* An error occurred, mask all interrupts */ -@@ -446,6 +443,8 @@ err: - i2c_writel(i2c_dev, status, I2C_INT_STATUS); - if (i2c_dev->is_dvc) - dvc_writel(i2c_dev, DVC_STATUS_I2C_DONE_INTR, DVC_STATUS); -+ -+ complete(&i2c_dev->msg_complete); - return IRQ_HANDLED; - } - -diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c -index 71f0c0f..a841123 100644 ---- a/drivers/infiniband/core/umem.c -+++ b/drivers/infiniband/core/umem.c -@@ -269,7 +269,7 @@ void ib_umem_release(struct ib_umem *umem) - } else - down_write(&mm->mmap_sem); - -- current->mm->locked_vm -= diff; -+ current->mm->pinned_vm -= diff; - up_write(&mm->mmap_sem); - mmput(mm); - kfree(umem); -diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c -index 92b4c2b..4c7c62f 100644 ---- a/drivers/infiniband/hw/cxgb4/cm.c -+++ b/drivers/infiniband/hw/cxgb4/cm.c -@@ -1593,7 +1593,7 @@ static int import_ep(struct c4iw_ep *ep, __be32 peer_ip, struct dst_entry *dst, - n, n->dev, 0); - if (!ep->l2t) - goto out; -- ep->mtu = dst_mtu(ep->dst); -+ ep->mtu = dst_mtu(dst); - ep->tx_chan = cxgb4_port_chan(n->dev); - ep->smac_idx = (cxgb4_port_viid(n->dev) & 0x7F) << 1; - step = cdev->rdev.lldi.ntxq / -@@ -2656,6 +2656,12 @@ static int peer_abort_intr(struct c4iw_dev *dev, struct sk_buff *skb) - unsigned int tid = GET_TID(req); - - ep = lookup_tid(t, tid); -+ if (!ep) { -+ printk(KERN_WARNING MOD -+ "Abort on non-existent endpoint, tid %d\n", tid); -+ kfree_skb(skb); -+ return 0; -+ } - if (is_neg_adv_abort(req->status)) { - PDBG("%s neg_adv_abort ep %p tid %u\n", __func__, ep, - ep->hwtid); -@@ -2667,11 +2673,8 @@ static int peer_abort_intr(struct c4iw_dev *dev, struct sk_buff *skb) - - /* - * Wake up any threads in rdma_init() or rdma_fini(). -- * However, this is not needed if com state is just -- * MPA_REQ_SENT - */ -- if (ep->com.state != MPA_REQ_SENT) -- c4iw_wake_up(&ep->com.wr_wait, -ECONNRESET); -+ c4iw_wake_up(&ep->com.wr_wait, -ECONNRESET); - sched(dev, skb); - return 0; - } -diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c -index 35c1e17..97b2e21 100644 ---- a/drivers/iommu/dmar.c -+++ b/drivers/iommu/dmar.c -@@ -1056,8 +1056,8 @@ static const char *intr_remap_fault_reasons[] = - - const char *dmar_get_fault_reason(u8 fault_reason, int *fault_type) - { -- if (fault_reason >= 0x20 && (fault_reason <= 0x20 + -- ARRAY_SIZE(intr_remap_fault_reasons))) { -+ if (fault_reason >= 0x20 && (fault_reason - 0x20 < -+ ARRAY_SIZE(intr_remap_fault_reasons))) { - *fault_type = INTR_REMAP; - return intr_remap_fault_reasons[fault_reason - 0x20]; - } else if (fault_reason < ARRAY_SIZE(dma_remap_fault_reasons)) { -diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c -index f93d5ac..5fda348 100644 ---- a/drivers/iommu/intel-iommu.c -+++ b/drivers/iommu/intel-iommu.c -@@ -2286,12 +2286,6 @@ static int domain_add_dev_info(struct dmar_domain *domain, - if (!info) - return -ENOMEM; - -- ret = domain_context_mapping(domain, pdev, translation); -- if (ret) { -- free_devinfo_mem(info); -- return ret; -- } -- - info->segment = pci_domain_nr(pdev->bus); - info->bus = pdev->bus->number; - info->devfn = pdev->devfn; -@@ -2304,6 +2298,17 @@ static int domain_add_dev_info(struct dmar_domain *domain, - pdev->dev.archdata.iommu = info; - spin_unlock_irqrestore(&device_domain_lock, flags); - -+ ret = domain_context_mapping(domain, pdev, translation); -+ if (ret) { -+ spin_lock_irqsave(&device_domain_lock, flags); -+ list_del(&info->link); -+ list_del(&info->global); -+ pdev->dev.archdata.iommu = NULL; -+ spin_unlock_irqrestore(&device_domain_lock, flags); -+ free_devinfo_mem(info); -+ return ret; -+ } -+ - return 0; - } - -diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c -index 343b5c8..579aa02 100644 ---- a/drivers/isdn/gigaset/capi.c -+++ b/drivers/isdn/gigaset/capi.c -@@ -14,6 +14,7 @@ - #include "gigaset.h" - #include <linux/proc_fs.h> - #include <linux/seq_file.h> -+#include <linux/ratelimit.h> - #include <linux/isdn/capilli.h> - #include <linux/isdn/capicmd.h> - #include <linux/isdn/capiutil.h> -@@ -223,10 +224,14 @@ get_appl(struct gigaset_capi_ctr *iif, u16 appl) - static inline void dump_cmsg(enum debuglevel level, const char *tag, _cmsg *p) - { - #ifdef CONFIG_GIGASET_DEBUG -+ /* dump at most 20 messages in 20 secs */ -+ static DEFINE_RATELIMIT_STATE(msg_dump_ratelimit, 20 * HZ, 20); - _cdebbuf *cdb; - - if (!(gigaset_debuglevel & level)) - return; -+ if (!___ratelimit(&msg_dump_ratelimit, tag)) -+ return; - - cdb = capi_cmsg2str(p); - if (cdb) { -@@ -1882,6 +1887,9 @@ static void do_disconnect_req(struct gigaset_capi_ctr *iif, - - /* check for active logical connection */ - if (bcs->apconnstate >= APCONN_ACTIVE) { -+ /* clear it */ -+ bcs->apconnstate = APCONN_SETUP; -+ - /* - * emit DISCONNECT_B3_IND with cause 0x3301 - * use separate cmsg structure, as the content of iif->acmsg -@@ -1906,6 +1914,7 @@ static void do_disconnect_req(struct gigaset_capi_ctr *iif, - } - capi_cmsg2message(b3cmsg, - __skb_put(b3skb, CAPI_DISCONNECT_B3_IND_BASELEN)); -+ dump_cmsg(DEBUG_CMD, __func__, b3cmsg); - kfree(b3cmsg); - capi_ctr_handle_message(&iif->ctr, ap->id, b3skb); - } -@@ -2059,12 +2068,6 @@ static void do_reset_b3_req(struct gigaset_capi_ctr *iif, - } - - /* -- * dump unsupported/ignored messages at most twice per minute, -- * some apps send those very frequently -- */ --static unsigned long ignored_msg_dump_time; -- --/* - * unsupported CAPI message handler - */ - static void do_unsupported(struct gigaset_capi_ctr *iif, -@@ -2073,8 +2076,7 @@ static void do_unsupported(struct gigaset_capi_ctr *iif, - { - /* decode message */ - capi_message2cmsg(&iif->acmsg, skb->data); -- if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000)) -- dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); -+ dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); - send_conf(iif, ap, skb, CapiMessageNotSupportedInCurrentState); - } - -@@ -2085,11 +2087,9 @@ static void do_nothing(struct gigaset_capi_ctr *iif, - struct gigaset_capi_appl *ap, - struct sk_buff *skb) - { -- if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000)) { -- /* decode message */ -- capi_message2cmsg(&iif->acmsg, skb->data); -- dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); -- } -+ /* decode message */ -+ capi_message2cmsg(&iif->acmsg, skb->data); -+ dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg); - dev_kfree_skb_any(skb); - } - -diff --git a/drivers/isdn/gigaset/ev-layer.c b/drivers/isdn/gigaset/ev-layer.c -index 624a825..685638a 100644 ---- a/drivers/isdn/gigaset/ev-layer.c -+++ b/drivers/isdn/gigaset/ev-layer.c -@@ -190,6 +190,7 @@ struct reply_t gigaset_tab_nocid[] = - ACT_INIT} }, - {RSP_OK, 121, 121, -1, 0, 0, {ACT_GOTVER, - ACT_INIT} }, -+ {RSP_NONE, 121, 121, -1, 120, 0, {ACT_GETSTRING} }, - - /* leave dle mode */ - {RSP_INIT, 0, 0, SEQ_DLE0, 201, 5, {0}, "^SDLE=0\r"}, -@@ -1314,8 +1315,9 @@ static void do_action(int action, struct cardstate *cs, - s = ev->ptr; - - if (!strcmp(s, "OK")) { -+ /* OK without version string: assume old response */ - *p_genresp = 1; -- *p_resp_code = RSP_ERROR; -+ *p_resp_code = RSP_NONE; - break; - } - -diff --git a/drivers/md/md.c b/drivers/md/md.c -index 01233d8..2b30ffd 100644 ---- a/drivers/md/md.c -+++ b/drivers/md/md.c -@@ -452,7 +452,7 @@ static void submit_flushes(struct work_struct *ws) - atomic_inc(&rdev->nr_pending); - atomic_inc(&rdev->nr_pending); - rcu_read_unlock(); -- bi = bio_alloc_mddev(GFP_KERNEL, 0, mddev); -+ bi = bio_alloc_mddev(GFP_NOIO, 0, mddev); - bi->bi_end_io = md_end_flush; - bi->bi_private = rdev; - bi->bi_bdev = rdev->bdev; -diff --git a/drivers/media/dvb/siano/smsusb.c b/drivers/media/dvb/siano/smsusb.c -index b1fe513..63c004a 100644 ---- a/drivers/media/dvb/siano/smsusb.c -+++ b/drivers/media/dvb/siano/smsusb.c -@@ -542,6 +542,8 @@ static const struct usb_device_id smsusb_id_table[] __devinitconst = { - .driver_info = SMS1XXX_BOARD_HAUPPAUGE_WINDHAM }, - { USB_DEVICE(0x2040, 0xc090), - .driver_info = SMS1XXX_BOARD_HAUPPAUGE_WINDHAM }, -+ { USB_DEVICE(0x2040, 0xc0a0), -+ .driver_info = SMS1XXX_BOARD_HAUPPAUGE_WINDHAM }, - { } /* Terminating entry */ - }; - -diff --git a/drivers/media/video/uvc/uvc_v4l2.c b/drivers/media/video/uvc/uvc_v4l2.c -index ff2cddd..53ab972 100644 ---- a/drivers/media/video/uvc/uvc_v4l2.c -+++ b/drivers/media/video/uvc/uvc_v4l2.c -@@ -687,7 +687,7 @@ static long uvc_v4l2_do_ioctl(struct file *file, unsigned int cmd, void *arg) - break; - } - pin = iterm->id; -- } else if (pin < selector->bNrInPins) { -+ } else if (index < selector->bNrInPins) { - pin = selector->baSourceID[index]; - list_for_each_entry(iterm, &chain->entities, chain) { - if (!UVC_ENTITY_IS_ITERM(iterm)) -diff --git a/drivers/mmc/core/cd-gpio.c b/drivers/mmc/core/cd-gpio.c -index 2c14be7..f13e38d 100644 ---- a/drivers/mmc/core/cd-gpio.c -+++ b/drivers/mmc/core/cd-gpio.c -@@ -73,6 +73,9 @@ void mmc_cd_gpio_free(struct mmc_host *host) - { - struct mmc_cd_gpio *cd = host->hotplug.handler_priv; - -+ if (!cd) -+ return; -+ - free_irq(host->hotplug.irq, host); - gpio_free(cd->gpio); - kfree(cd); -diff --git a/drivers/mmc/core/sdio.c b/drivers/mmc/core/sdio.c -index 2c7c83f..13d0e95 100644 ---- a/drivers/mmc/core/sdio.c -+++ b/drivers/mmc/core/sdio.c -@@ -947,7 +947,7 @@ static int mmc_sdio_resume(struct mmc_host *host) - } - - if (!err && host->sdio_irqs) -- mmc_signal_sdio_irq(host); -+ wake_up_process(host->sdio_irq_thread); - mmc_release_host(host); - - /* -diff --git a/drivers/mmc/core/sdio_irq.c b/drivers/mmc/core/sdio_irq.c -index f573e7f..3d8ceb4 100644 ---- a/drivers/mmc/core/sdio_irq.c -+++ b/drivers/mmc/core/sdio_irq.c -@@ -28,18 +28,20 @@ - - #include "sdio_ops.h" - --static int process_sdio_pending_irqs(struct mmc_card *card) -+static int process_sdio_pending_irqs(struct mmc_host *host) - { -+ struct mmc_card *card = host->card; - int i, ret, count; - unsigned char pending; - struct sdio_func *func; - - /* - * Optimization, if there is only 1 function interrupt registered -- * call irq handler directly -+ * and we know an IRQ was signaled then call irq handler directly. -+ * Otherwise do the full probe. - */ - func = card->sdio_single_irq; -- if (func) { -+ if (func && host->sdio_irq_pending) { - func->irq_handler(func); - return 1; - } -@@ -116,7 +118,8 @@ static int sdio_irq_thread(void *_host) - ret = __mmc_claim_host(host, &host->sdio_irq_thread_abort); - if (ret) - break; -- ret = process_sdio_pending_irqs(host->card); -+ ret = process_sdio_pending_irqs(host); -+ host->sdio_irq_pending = false; - mmc_release_host(host); - - /* -diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c -index 56d4499..71a0c4e 100644 ---- a/drivers/mmc/host/omap_hsmmc.c -+++ b/drivers/mmc/host/omap_hsmmc.c -@@ -1969,7 +1969,7 @@ static int __devinit omap_hsmmc_probe(struct platform_device *pdev) - ret = request_threaded_irq(mmc_slot(host).card_detect_irq, - NULL, - omap_hsmmc_detect, -- IRQF_TRIGGER_RISING | IRQF_TRIGGER_FALLING, -+ IRQF_TRIGGER_RISING | IRQF_TRIGGER_FALLING | IRQF_ONESHOT, - mmc_hostname(mmc), host); - if (ret) { - dev_dbg(mmc_dev(host->mmc), -diff --git a/drivers/net/wireless/b43legacy/main.c b/drivers/net/wireless/b43legacy/main.c -index df7e16d..a98db30 100644 ---- a/drivers/net/wireless/b43legacy/main.c -+++ b/drivers/net/wireless/b43legacy/main.c -@@ -1571,8 +1571,6 @@ static void b43legacy_request_firmware(struct work_struct *work) - const char *filename; - int err; - -- /* do dummy read */ -- ssb_read32(dev->dev, SSB_TMSHIGH); - if (!fw->ucode) { - if (rev == 2) - filename = "ucode2"; -diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index 046fb1b..c18f0fd 100644 ---- a/drivers/regulator/core.c -+++ b/drivers/regulator/core.c -@@ -2971,6 +2971,8 @@ unset_supplies: - unset_regulator_supplies(rdev); - - scrub: -+ if (rdev->supply) -+ regulator_put(rdev->supply); - kfree(rdev->constraints); - device_unregister(&rdev->dev); - /* device core frees rdev */ -diff --git a/drivers/scsi/isci/init.c b/drivers/scsi/isci/init.c -index 5137db5..bc6cf88 100644 ---- a/drivers/scsi/isci/init.c -+++ b/drivers/scsi/isci/init.c -@@ -476,7 +476,7 @@ static int __devinit isci_pci_probe(struct pci_dev *pdev, const struct pci_devic - if (!orom) - orom = isci_request_oprom(pdev); - -- for (i = 0; orom && i < ARRAY_SIZE(orom->ctrl); i++) { -+ for (i = 0; orom && i < num_controllers(pdev); i++) { - if (sci_oem_parameters_validate(&orom->ctrl[i], - orom->hdr.version)) { - dev_warn(&pdev->dev, -diff --git a/drivers/scsi/mpt2sas/mpt2sas_base.c b/drivers/scsi/mpt2sas/mpt2sas_base.c -index 8a59a77..1808478 100644 ---- a/drivers/scsi/mpt2sas/mpt2sas_base.c -+++ b/drivers/scsi/mpt2sas/mpt2sas_base.c -@@ -3343,7 +3343,7 @@ _base_get_port_facts(struct MPT2SAS_ADAPTER *ioc, int port, int sleep_flag) - } - - pfacts = &ioc->pfacts[port]; -- memset(pfacts, 0, sizeof(Mpi2PortFactsReply_t)); -+ memset(pfacts, 0, sizeof(struct mpt2sas_port_facts)); - pfacts->PortNumber = mpi_reply.PortNumber; - pfacts->VP_ID = mpi_reply.VP_ID; - pfacts->VF_ID = mpi_reply.VF_ID; -@@ -3385,7 +3385,7 @@ _base_get_ioc_facts(struct MPT2SAS_ADAPTER *ioc, int sleep_flag) - } - - facts = &ioc->facts; -- memset(facts, 0, sizeof(Mpi2IOCFactsReply_t)); -+ memset(facts, 0, sizeof(struct mpt2sas_facts)); - facts->MsgVersion = le16_to_cpu(mpi_reply.MsgVersion); - facts->HeaderVersion = le16_to_cpu(mpi_reply.HeaderVersion); - facts->VP_ID = mpi_reply.VP_ID; -@@ -4262,7 +4262,7 @@ mpt2sas_base_attach(struct MPT2SAS_ADAPTER *ioc) - goto out_free_resources; - - ioc->pfacts = kcalloc(ioc->facts.NumberOfPorts, -- sizeof(Mpi2PortFactsReply_t), GFP_KERNEL); -+ sizeof(struct mpt2sas_port_facts), GFP_KERNEL); - if (!ioc->pfacts) { - r = -ENOMEM; - goto out_free_resources; -diff --git a/drivers/spi/spi-fsl-spi.c b/drivers/spi/spi-fsl-spi.c -index 5f748c0..6a62934 100644 ---- a/drivers/spi/spi-fsl-spi.c -+++ b/drivers/spi/spi-fsl-spi.c -@@ -933,7 +933,7 @@ err: - - static void fsl_spi_cs_control(struct spi_device *spi, bool on) - { -- struct device *dev = spi->dev.parent; -+ struct device *dev = spi->dev.parent->parent; - struct mpc8xxx_spi_probe_info *pinfo = to_of_pinfo(dev->platform_data); - u16 cs = spi->chip_select; - int gpio = pinfo->gpios[cs]; -diff --git a/drivers/staging/android/persistent_ram.c b/drivers/staging/android/persistent_ram.c -index 8d8c1e3..3d986ce 100644 ---- a/drivers/staging/android/persistent_ram.c -+++ b/drivers/staging/android/persistent_ram.c -@@ -79,23 +79,6 @@ static inline void buffer_size_add(struct persistent_ram_zone *prz, size_t a) - } while (atomic_cmpxchg(&prz->buffer->size, old, new) != old); - } - --/* increase the size counter, retuning an error if it hits the max size */ --static inline ssize_t buffer_size_add_clamp(struct persistent_ram_zone *prz, -- size_t a) --{ -- size_t old; -- size_t new; -- -- do { -- old = atomic_read(&prz->buffer->size); -- new = old + a; -- if (new > prz->buffer_size) -- return -ENOMEM; -- } while (atomic_cmpxchg(&prz->buffer->size, old, new) != old); -- -- return 0; --} -- - static void notrace persistent_ram_encode_rs8(struct persistent_ram_zone *prz, - uint8_t *data, size_t len, uint8_t *ecc) - { -@@ -300,7 +283,7 @@ int notrace persistent_ram_write(struct persistent_ram_zone *prz, - c = prz->buffer_size; - } - -- buffer_size_add_clamp(prz, c); -+ buffer_size_add(prz, c); - - start = buffer_start_add(prz, c); - -diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c -index 9bcf87a..a796964 100644 ---- a/drivers/staging/comedi/comedi_fops.c -+++ b/drivers/staging/comedi/comedi_fops.c -@@ -280,7 +280,7 @@ static int do_devconfig_ioctl(struct comedi_device *dev, - if (ret == 0) { - if (!try_module_get(dev->driver->module)) { - comedi_device_detach(dev); -- return -ENOSYS; -+ ret = -ENOSYS; - } - } - -diff --git a/drivers/tty/hvc/hvc_xen.c b/drivers/tty/hvc/hvc_xen.c -index 83d5c88..d3d91da 100644 ---- a/drivers/tty/hvc/hvc_xen.c -+++ b/drivers/tty/hvc/hvc_xen.c -@@ -430,9 +430,9 @@ static int __devinit xencons_probe(struct xenbus_device *dev, - if (devid == 0) - return -ENODEV; - -- info = kzalloc(sizeof(struct xencons_info), GFP_KERNEL | __GFP_ZERO); -+ info = kzalloc(sizeof(struct xencons_info), GFP_KERNEL); - if (!info) -- goto error_nomem; -+ return -ENOMEM; - dev_set_drvdata(&dev->dev, info); - info->xbdev = dev; - info->vtermno = xenbus_devid_to_vtermno(devid); -diff --git a/drivers/tty/serial/8250/8250.c b/drivers/tty/serial/8250/8250.c -index 5c27f7e..d537431 100644 ---- a/drivers/tty/serial/8250/8250.c -+++ b/drivers/tty/serial/8250/8250.c -@@ -2280,10 +2280,11 @@ serial8250_do_set_termios(struct uart_port *port, struct ktermios *termios, - quot++; - - if (up->capabilities & UART_CAP_FIFO && port->fifosize > 1) { -- if (baud < 2400) -- fcr = UART_FCR_ENABLE_FIFO | UART_FCR_TRIGGER_1; -- else -- fcr = uart_config[port->type].fcr; -+ fcr = uart_config[port->type].fcr; -+ if (baud < 2400) { -+ fcr &= ~UART_FCR_TRIGGER_MASK; -+ fcr |= UART_FCR_TRIGGER_1; -+ } - } - - /* -diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c -index 858dca8..3614973 100644 ---- a/drivers/tty/serial/8250/8250_pci.c -+++ b/drivers/tty/serial/8250/8250_pci.c -@@ -1609,54 +1609,72 @@ static struct pci_serial_quirk pci_serial_quirks[] __refdata = { - { - .vendor = PCI_VENDOR_ID_INTEL, - .device = 0x8811, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, - { - .vendor = PCI_VENDOR_ID_INTEL, - .device = 0x8812, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, - { - .vendor = PCI_VENDOR_ID_INTEL, - .device = 0x8813, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, - { - .vendor = PCI_VENDOR_ID_INTEL, - .device = 0x8814, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, - { - .vendor = 0x10DB, - .device = 0x8027, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, - { - .vendor = 0x10DB, - .device = 0x8028, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, - { - .vendor = 0x10DB, - .device = 0x8029, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, - { - .vendor = 0x10DB, - .device = 0x800C, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, - { - .vendor = 0x10DB, - .device = 0x800D, -+ .subvendor = PCI_ANY_ID, -+ .subdevice = PCI_ANY_ID, - .init = pci_eg20t_init, - .setup = pci_default_setup, - }, -diff --git a/drivers/tty/serial/mxs-auart.c b/drivers/tty/serial/mxs-auart.c -index 55fd362..039c054 100644 ---- a/drivers/tty/serial/mxs-auart.c -+++ b/drivers/tty/serial/mxs-auart.c -@@ -369,6 +369,8 @@ static void mxs_auart_settermios(struct uart_port *u, - - writel(ctrl, u->membase + AUART_LINECTRL); - writel(ctrl2, u->membase + AUART_CTRL2); -+ -+ uart_update_timeout(u, termios->c_cflag, baud); - } - - static irqreturn_t mxs_auart_irq_handle(int irq, void *context) -diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 9c4c05b..246b823 100644 ---- a/drivers/tty/serial/serial_core.c -+++ b/drivers/tty/serial/serial_core.c -@@ -2282,6 +2282,7 @@ void uart_unregister_driver(struct uart_driver *drv) - tty_unregister_driver(p); - put_tty_driver(p); - kfree(drv->state); -+ drv->state = NULL; - drv->tty_driver = NULL; - } - -diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c -index 0bb2b32..4c8321e 100644 ---- a/drivers/usb/class/cdc-wdm.c -+++ b/drivers/usb/class/cdc-wdm.c -@@ -309,9 +309,6 @@ static void free_urbs(struct wdm_device *desc) - - static void cleanup(struct wdm_device *desc) - { -- spin_lock(&wdm_device_list_lock); -- list_del(&desc->device_list); -- spin_unlock(&wdm_device_list_lock); - kfree(desc->sbuf); - kfree(desc->inbuf); - kfree(desc->orq); -@@ -530,11 +527,13 @@ static int wdm_flush(struct file *file, fl_owner_t id) - struct wdm_device *desc = file->private_data; - - wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags)); -- if (desc->werr < 0) -+ -+ /* cannot dereference desc->intf if WDM_DISCONNECTING */ -+ if (desc->werr < 0 && !test_bit(WDM_DISCONNECTING, &desc->flags)) - dev_err(&desc->intf->dev, "Error in flush path: %d\n", - desc->werr); - -- return desc->werr; -+ return usb_translate_errors(desc->werr); - } - - static unsigned int wdm_poll(struct file *file, struct poll_table_struct *wait) -@@ -545,7 +544,7 @@ static unsigned int wdm_poll(struct file *file, struct poll_table_struct *wait) - - spin_lock_irqsave(&desc->iuspin, flags); - if (test_bit(WDM_DISCONNECTING, &desc->flags)) { -- mask = POLLERR; -+ mask = POLLHUP | POLLERR; - spin_unlock_irqrestore(&desc->iuspin, flags); - goto desc_out; - } -@@ -621,10 +620,15 @@ static int wdm_release(struct inode *inode, struct file *file) - mutex_unlock(&desc->wlock); - - if (!desc->count) { -- dev_dbg(&desc->intf->dev, "wdm_release: cleanup"); -- kill_urbs(desc); -- if (!test_bit(WDM_DISCONNECTING, &desc->flags)) -+ if (!test_bit(WDM_DISCONNECTING, &desc->flags)) { -+ dev_dbg(&desc->intf->dev, "wdm_release: cleanup"); -+ kill_urbs(desc); - desc->manage_power(desc->intf, 0); -+ } else { -+ /* must avoid dev_printk here as desc->intf is invalid */ -+ pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__); -+ cleanup(desc); -+ } - } - mutex_unlock(&wdm_mutex); - return 0; -@@ -771,6 +775,9 @@ static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor - out: - return rv; - err: -+ spin_lock(&wdm_device_list_lock); -+ list_del(&desc->device_list); -+ spin_unlock(&wdm_device_list_lock); - cleanup(desc); - return rv; - } -@@ -896,6 +903,12 @@ static void wdm_disconnect(struct usb_interface *intf) - cancel_work_sync(&desc->rxwork); - mutex_unlock(&desc->wlock); - mutex_unlock(&desc->rlock); -+ -+ /* the desc->intf pointer used as list key is now invalid */ -+ spin_lock(&wdm_device_list_lock); -+ list_del(&desc->device_list); -+ spin_unlock(&wdm_device_list_lock); -+ - if (!desc->count) - cleanup(desc); - mutex_unlock(&wdm_mutex); -diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index 8df4b76..4e57772 100644 ---- a/drivers/usb/core/devio.c -+++ b/drivers/usb/core/devio.c -@@ -333,17 +333,14 @@ static struct async *async_getcompleted(struct dev_state *ps) - static struct async *async_getpending(struct dev_state *ps, - void __user *userurb) - { -- unsigned long flags; - struct async *as; - -- spin_lock_irqsave(&ps->lock, flags); - list_for_each_entry(as, &ps->async_pending, asynclist) - if (as->userurb == userurb) { - list_del_init(&as->asynclist); -- spin_unlock_irqrestore(&ps->lock, flags); - return as; - } -- spin_unlock_irqrestore(&ps->lock, flags); -+ - return NULL; - } - -@@ -398,6 +395,7 @@ static void cancel_bulk_urbs(struct dev_state *ps, unsigned bulk_addr) - __releases(ps->lock) - __acquires(ps->lock) - { -+ struct urb *urb; - struct async *as; - - /* Mark all the pending URBs that match bulk_addr, up to but not -@@ -420,8 +418,11 @@ __acquires(ps->lock) - list_for_each_entry(as, &ps->async_pending, asynclist) { - if (as->bulk_status == AS_UNLINK) { - as->bulk_status = 0; /* Only once */ -+ urb = as->urb; -+ usb_get_urb(urb); - spin_unlock(&ps->lock); /* Allow completions */ -- usb_unlink_urb(as->urb); -+ usb_unlink_urb(urb); -+ usb_put_urb(urb); - spin_lock(&ps->lock); - goto rescan; - } -@@ -472,6 +473,7 @@ static void async_completed(struct urb *urb) - - static void destroy_async(struct dev_state *ps, struct list_head *list) - { -+ struct urb *urb; - struct async *as; - unsigned long flags; - -@@ -479,10 +481,13 @@ static void destroy_async(struct dev_state *ps, struct list_head *list) - while (!list_empty(list)) { - as = list_entry(list->next, struct async, asynclist); - list_del_init(&as->asynclist); -+ urb = as->urb; -+ usb_get_urb(urb); - - /* drop the spinlock so the completion handler can run */ - spin_unlock_irqrestore(&ps->lock, flags); -- usb_kill_urb(as->urb); -+ usb_kill_urb(urb); -+ usb_put_urb(urb); - spin_lock_irqsave(&ps->lock, flags); - } - spin_unlock_irqrestore(&ps->lock, flags); -@@ -1410,12 +1415,24 @@ static int proc_submiturb(struct dev_state *ps, void __user *arg) - - static int proc_unlinkurb(struct dev_state *ps, void __user *arg) - { -+ struct urb *urb; - struct async *as; -+ unsigned long flags; - -+ spin_lock_irqsave(&ps->lock, flags); - as = async_getpending(ps, arg); -- if (!as) -+ if (!as) { -+ spin_unlock_irqrestore(&ps->lock, flags); - return -EINVAL; -- usb_kill_urb(as->urb); -+ } -+ -+ urb = as->urb; -+ usb_get_urb(urb); -+ spin_unlock_irqrestore(&ps->lock, flags); -+ -+ usb_kill_urb(urb); -+ usb_put_urb(urb); -+ - return 0; - } - -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index ec6c97d..c8e0704 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -2499,6 +2499,10 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) - NULL, 0, - USB_CTRL_SET_TIMEOUT); - -+ /* Try to enable USB2 hardware LPM again */ -+ if (udev->usb2_hw_lpm_capable == 1) -+ usb_set_usb2_hardware_lpm(udev, 1); -+ - /* System sleep transitions should never fail */ - if (!PMSG_IS_AUTO(msg)) - status = 0; -diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c -index 4c65eb6..32d3adc 100644 ---- a/drivers/usb/core/quirks.c -+++ b/drivers/usb/core/quirks.c -@@ -123,6 +123,9 @@ static const struct usb_device_id usb_quirk_list[] = { - /* Guillemot Webcam Hercules Dualpix Exchange*/ - { USB_DEVICE(0x06f8, 0x3005), .driver_info = USB_QUIRK_RESET_RESUME }, - -+ /* Midiman M-Audio Keystation 88es */ -+ { USB_DEVICE(0x0763, 0x0192), .driver_info = USB_QUIRK_RESET_RESUME }, -+ - /* M-Systems Flash Disk Pioneers */ - { USB_DEVICE(0x08ec, 0x1000), .driver_info = USB_QUIRK_RESET_RESUME }, - -diff --git a/drivers/usb/core/urb.c b/drivers/usb/core/urb.c -index cd9b3a2..9d912bf 100644 ---- a/drivers/usb/core/urb.c -+++ b/drivers/usb/core/urb.c -@@ -681,6 +681,27 @@ void usb_unpoison_urb(struct urb *urb) - EXPORT_SYMBOL_GPL(usb_unpoison_urb); - - /** -+ * usb_block_urb - reliably prevent further use of an URB -+ * @urb: pointer to URB to be blocked, may be NULL -+ * -+ * After the routine has run, attempts to resubmit the URB will fail -+ * with error -EPERM. Thus even if the URB's completion handler always -+ * tries to resubmit, it will not succeed and the URB will become idle. -+ * -+ * The URB must not be deallocated while this routine is running. In -+ * particular, when a driver calls this routine, it must insure that the -+ * completion handler cannot deallocate the URB. -+ */ -+void usb_block_urb(struct urb *urb) -+{ -+ if (!urb) -+ return; -+ -+ atomic_inc(&urb->reject); -+} -+EXPORT_SYMBOL_GPL(usb_block_urb); -+ -+/** - * usb_kill_anchored_urbs - cancel transfer requests en masse - * @anchor: anchor the requests are bound to - * -diff --git a/drivers/usb/gadget/fsl_udc_core.c b/drivers/usb/gadget/fsl_udc_core.c -index 55abfb6..188a89f 100644 ---- a/drivers/usb/gadget/fsl_udc_core.c -+++ b/drivers/usb/gadget/fsl_udc_core.c -@@ -736,6 +736,8 @@ static void fsl_queue_td(struct fsl_ep *ep, struct fsl_req *req) - lastreq = list_entry(ep->queue.prev, struct fsl_req, queue); - lastreq->tail->next_td_ptr = - cpu_to_hc32(req->head->td_dma & DTD_ADDR_MASK); -+ /* Ensure dTD's next dtd pointer to be updated */ -+ wmb(); - /* Read prime bit, if 1 goto done */ - if (fsl_readl(&dr_regs->endpointprime) & bitmask) - return; -diff --git a/drivers/usb/host/ehci-omap.c b/drivers/usb/host/ehci-omap.c -index 5c78f9e..e669c6a 100644 ---- a/drivers/usb/host/ehci-omap.c -+++ b/drivers/usb/host/ehci-omap.c -@@ -242,15 +242,6 @@ static int ehci_hcd_omap_probe(struct platform_device *pdev) - - ehci_reset(omap_ehci); - -- ret = usb_add_hcd(hcd, irq, IRQF_SHARED); -- if (ret) { -- dev_err(dev, "failed to add hcd with err %d\n", ret); -- goto err_add_hcd; -- } -- -- /* root ports should always stay powered */ -- ehci_port_power(omap_ehci, 1); -- - if (pdata->phy_reset) { - /* Hold the PHY in RESET for enough time till - * PHY is settled and ready -@@ -264,6 +255,15 @@ static int ehci_hcd_omap_probe(struct platform_device *pdev) - gpio_set_value(pdata->reset_gpio_port[1], 1); - } - -+ ret = usb_add_hcd(hcd, irq, IRQF_SHARED); -+ if (ret) { -+ dev_err(dev, "failed to add hcd with err %d\n", ret); -+ goto err_add_hcd; -+ } -+ -+ /* root ports should always stay powered */ -+ ehci_port_power(omap_ehci, 1); -+ - return 0; - - err_add_hcd: -diff --git a/drivers/usb/host/ehci-pci.c b/drivers/usb/host/ehci-pci.c -index fe8dc06..bc94d7b 100644 ---- a/drivers/usb/host/ehci-pci.c -+++ b/drivers/usb/host/ehci-pci.c -@@ -368,7 +368,9 @@ static bool usb_is_intel_switchable_ehci(struct pci_dev *pdev) - { - return pdev->class == PCI_CLASS_SERIAL_USB_EHCI && - pdev->vendor == PCI_VENDOR_ID_INTEL && -- pdev->device == 0x1E26; -+ (pdev->device == 0x1E26 || -+ pdev->device == 0x8C2D || -+ pdev->device == 0x8C26); - } - - static void ehci_enable_xhci_companion(void) -diff --git a/drivers/usb/host/ehci-platform.c b/drivers/usb/host/ehci-platform.c -index d238b4e2..82c1eb8 100644 ---- a/drivers/usb/host/ehci-platform.c -+++ b/drivers/usb/host/ehci-platform.c -@@ -75,8 +75,6 @@ static const struct hc_driver ehci_platform_hc_driver = { - .relinquish_port = ehci_relinquish_port, - .port_handed_over = ehci_port_handed_over, - -- .update_device = ehci_update_device, -- - .clear_tt_buffer_complete = ehci_clear_tt_buffer_complete, - }; - -diff --git a/drivers/usb/host/ohci-at91.c b/drivers/usb/host/ohci-at91.c -index 13ebeca..55d3d64 100644 ---- a/drivers/usb/host/ohci-at91.c -+++ b/drivers/usb/host/ohci-at91.c -@@ -223,7 +223,7 @@ static void __devexit usb_hcd_at91_remove(struct usb_hcd *hcd, - /*-------------------------------------------------------------------------*/ - - static int __devinit --ohci_at91_start (struct usb_hcd *hcd) -+ohci_at91_reset (struct usb_hcd *hcd) - { - struct at91_usbh_data *board = hcd->self.controller->platform_data; - struct ohci_hcd *ohci = hcd_to_ohci (hcd); -@@ -233,6 +233,14 @@ ohci_at91_start (struct usb_hcd *hcd) - return ret; - - ohci->num_ports = board->ports; -+ return 0; -+} -+ -+static int __devinit -+ohci_at91_start (struct usb_hcd *hcd) -+{ -+ struct ohci_hcd *ohci = hcd_to_ohci (hcd); -+ int ret; - - if ((ret = ohci_run(ohci)) < 0) { - err("can't start %s", hcd->self.bus_name); -@@ -418,6 +426,7 @@ static const struct hc_driver ohci_at91_hc_driver = { - /* - * basic lifecycle operations - */ -+ .reset = ohci_at91_reset, - .start = ohci_at91_start, - .stop = ohci_stop, - .shutdown = ohci_shutdown, -diff --git a/drivers/usb/host/pci-quirks.c b/drivers/usb/host/pci-quirks.c -index 32dada8..df0828c 100644 ---- a/drivers/usb/host/pci-quirks.c -+++ b/drivers/usb/host/pci-quirks.c -@@ -9,6 +9,7 @@ - */ - - #include <linux/types.h> -+#include <linux/kconfig.h> - #include <linux/kernel.h> - #include <linux/pci.h> - #include <linux/init.h> -@@ -712,12 +713,28 @@ static int handshake(void __iomem *ptr, u32 mask, u32 done, - return -ETIMEDOUT; - } - --bool usb_is_intel_switchable_xhci(struct pci_dev *pdev) -+#define PCI_DEVICE_ID_INTEL_LYNX_POINT_XHCI 0x8C31 -+ -+bool usb_is_intel_ppt_switchable_xhci(struct pci_dev *pdev) - { - return pdev->class == PCI_CLASS_SERIAL_USB_XHCI && - pdev->vendor == PCI_VENDOR_ID_INTEL && - pdev->device == PCI_DEVICE_ID_INTEL_PANTHERPOINT_XHCI; - } -+ -+/* The Intel Lynx Point chipset also has switchable ports. */ -+bool usb_is_intel_lpt_switchable_xhci(struct pci_dev *pdev) -+{ -+ return pdev->class == PCI_CLASS_SERIAL_USB_XHCI && -+ pdev->vendor == PCI_VENDOR_ID_INTEL && -+ pdev->device == PCI_DEVICE_ID_INTEL_LYNX_POINT_XHCI; -+} -+ -+bool usb_is_intel_switchable_xhci(struct pci_dev *pdev) -+{ -+ return usb_is_intel_ppt_switchable_xhci(pdev) || -+ usb_is_intel_lpt_switchable_xhci(pdev); -+} - EXPORT_SYMBOL_GPL(usb_is_intel_switchable_xhci); - - /* -@@ -742,6 +759,19 @@ void usb_enable_xhci_ports(struct pci_dev *xhci_pdev) - { - u32 ports_available; - -+ /* Don't switchover the ports if the user hasn't compiled the xHCI -+ * driver. Otherwise they will see "dead" USB ports that don't power -+ * the devices. -+ */ -+ if (!IS_ENABLED(CONFIG_USB_XHCI_HCD)) { -+ dev_warn(&xhci_pdev->dev, -+ "CONFIG_USB_XHCI_HCD is turned off, " -+ "defaulting to EHCI.\n"); -+ dev_warn(&xhci_pdev->dev, -+ "USB 3.0 devices will work at USB 2.0 speeds.\n"); -+ return; -+ } -+ - ports_available = 0xffffffff; - /* Write USB3_PSSEN, the USB 3.0 Port SuperSpeed Enable - * Register, to turn on SuperSpeed terminations for all -diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c -index 673ad12..89850a8 100644 ---- a/drivers/usb/host/xhci-hub.c -+++ b/drivers/usb/host/xhci-hub.c -@@ -558,6 +558,7 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, - xhci_dbg(xhci, "Resume USB2 port %d\n", - wIndex + 1); - bus_state->resume_done[wIndex] = 0; -+ clear_bit(wIndex, &bus_state->resuming_ports); - xhci_set_link_state(xhci, port_array, wIndex, - XDEV_U0); - xhci_dbg(xhci, "set port %d resume\n", -@@ -845,7 +846,12 @@ int xhci_hub_status_data(struct usb_hcd *hcd, char *buf) - /* Initial status is no changes */ - retval = (max_ports + 8) / 8; - memset(buf, 0, retval); -- status = 0; -+ -+ /* -+ * Inform the usbcore about resume-in-progress by returning -+ * a non-zero value even if there are no status changes. -+ */ -+ status = bus_state->resuming_ports; - - mask = PORT_CSC | PORT_PEC | PORT_OCC | PORT_PLC | PORT_WRC; - -@@ -885,15 +891,11 @@ int xhci_bus_suspend(struct usb_hcd *hcd) - spin_lock_irqsave(&xhci->lock, flags); - - if (hcd->self.root_hub->do_remote_wakeup) { -- port_index = max_ports; -- while (port_index--) { -- if (bus_state->resume_done[port_index] != 0) { -- spin_unlock_irqrestore(&xhci->lock, flags); -- xhci_dbg(xhci, "suspend failed because " -- "port %d is resuming\n", -- port_index + 1); -- return -EBUSY; -- } -+ if (bus_state->resuming_ports) { -+ spin_unlock_irqrestore(&xhci->lock, flags); -+ xhci_dbg(xhci, "suspend failed because " -+ "a port is resuming\n"); -+ return -EBUSY; - } - } - -diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c -index 68eaa90..497ed77 100644 ---- a/drivers/usb/host/xhci-mem.c -+++ b/drivers/usb/host/xhci-mem.c -@@ -1791,6 +1791,14 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci) - { - struct pci_dev *pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller); - struct dev_info *dev_info, *next; -+ struct list_head *tt_list_head; -+ struct list_head *tt; -+ struct list_head *endpoints; -+ struct list_head *ep, *q; -+ struct xhci_tt_bw_info *tt_info; -+ struct xhci_interval_bw_table *bwt; -+ struct xhci_virt_ep *virt_ep; -+ - unsigned long flags; - int size; - int i; -@@ -1807,6 +1815,7 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci) - xhci->event_ring = NULL; - xhci_dbg(xhci, "Freed event ring\n"); - -+ xhci->cmd_ring_reserved_trbs = 0; - if (xhci->cmd_ring) - xhci_ring_free(xhci, xhci->cmd_ring); - xhci->cmd_ring = NULL; -@@ -1849,8 +1858,26 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci) - } - spin_unlock_irqrestore(&xhci->lock, flags); - -+ bwt = &xhci->rh_bw->bw_table; -+ for (i = 0; i < XHCI_MAX_INTERVAL; i++) { -+ endpoints = &bwt->interval_bw[i].endpoints; -+ list_for_each_safe(ep, q, endpoints) { -+ virt_ep = list_entry(ep, struct xhci_virt_ep, bw_endpoint_list); -+ list_del(&virt_ep->bw_endpoint_list); -+ kfree(virt_ep); -+ } -+ } -+ -+ tt_list_head = &xhci->rh_bw->tts; -+ list_for_each_safe(tt, q, tt_list_head) { -+ tt_info = list_entry(tt, struct xhci_tt_bw_info, tt_list); -+ list_del(tt); -+ kfree(tt_info); -+ } -+ - xhci->num_usb2_ports = 0; - xhci->num_usb3_ports = 0; -+ xhci->num_active_eps = 0; - kfree(xhci->usb2_ports); - kfree(xhci->usb3_ports); - kfree(xhci->port_array); -diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c -index 7a856a7..19e8921 100644 ---- a/drivers/usb/host/xhci-pci.c -+++ b/drivers/usb/host/xhci-pci.c -@@ -72,6 +72,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) - xhci_dbg(xhci, "QUIRK: Fresco Logic revision %u " - "has broken MSI implementation\n", - pdev->revision); -+ xhci->quirks |= XHCI_TRUST_TX_LENGTH; - } - - if (pdev->vendor == PCI_VENDOR_ID_NEC) -diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c -index 3d9422f..525a1ee 100644 ---- a/drivers/usb/host/xhci-ring.c -+++ b/drivers/usb/host/xhci-ring.c -@@ -1377,6 +1377,7 @@ static void handle_port_status(struct xhci_hcd *xhci, - xhci_dbg(xhci, "resume HS port %d\n", port_id); - bus_state->resume_done[faked_port_index] = jiffies + - msecs_to_jiffies(20); -+ set_bit(faked_port_index, &bus_state->resuming_ports); - mod_timer(&hcd->rh_timer, - bus_state->resume_done[faked_port_index]); - /* Do the rest in GetPortStatus */ -@@ -1786,8 +1787,12 @@ static int process_isoc_td(struct xhci_hcd *xhci, struct xhci_td *td, - /* handle completion code */ - switch (trb_comp_code) { - case COMP_SUCCESS: -- frame->status = 0; -- break; -+ if (TRB_LEN(le32_to_cpu(event->transfer_len)) == 0) { -+ frame->status = 0; -+ break; -+ } -+ if ((xhci->quirks & XHCI_TRUST_TX_LENGTH)) -+ trb_comp_code = COMP_SHORT_TX; - case COMP_SHORT_TX: - frame->status = td->urb->transfer_flags & URB_SHORT_NOT_OK ? - -EREMOTEIO : 0; -@@ -1803,6 +1808,7 @@ static int process_isoc_td(struct xhci_hcd *xhci, struct xhci_td *td, - break; - case COMP_DEV_ERR: - case COMP_STALL: -+ case COMP_TX_ERR: - frame->status = -EPROTO; - skip_td = true; - break; -@@ -1883,13 +1889,16 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td, - switch (trb_comp_code) { - case COMP_SUCCESS: - /* Double check that the HW transferred everything. */ -- if (event_trb != td->last_trb) { -+ if (event_trb != td->last_trb || -+ TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) { - xhci_warn(xhci, "WARN Successful completion " - "on short TX\n"); - if (td->urb->transfer_flags & URB_SHORT_NOT_OK) - *status = -EREMOTEIO; - else - *status = 0; -+ if ((xhci->quirks & XHCI_TRUST_TX_LENGTH)) -+ trb_comp_code = COMP_SHORT_TX; - } else { - *status = 0; - } -@@ -2048,6 +2057,13 @@ static int handle_tx_event(struct xhci_hcd *xhci, - * transfer type - */ - case COMP_SUCCESS: -+ if (TRB_LEN(le32_to_cpu(event->transfer_len)) == 0) -+ break; -+ if (xhci->quirks & XHCI_TRUST_TX_LENGTH) -+ trb_comp_code = COMP_SHORT_TX; -+ else -+ xhci_warn(xhci, "WARN Successful completion on short TX: " -+ "needs XHCI_TRUST_TX_LENGTH quirk?\n"); - case COMP_SHORT_TX: - break; - case COMP_STOP: -diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c -index 36641a7..5910048 100644 ---- a/drivers/usb/host/xhci.c -+++ b/drivers/usb/host/xhci.c -@@ -152,7 +152,7 @@ int xhci_reset(struct xhci_hcd *xhci) - { - u32 command; - u32 state; -- int ret; -+ int ret, i; - - state = xhci_readl(xhci, &xhci->op_regs->status); - if ((state & STS_HALT) == 0) { -@@ -175,7 +175,15 @@ int xhci_reset(struct xhci_hcd *xhci) - * xHCI cannot write to any doorbells or operational registers other - * than status until the "Controller Not Ready" flag is cleared. - */ -- return handshake(xhci, &xhci->op_regs->status, STS_CNR, 0, 250 * 1000); -+ ret = handshake(xhci, &xhci->op_regs->status, STS_CNR, 0, 250 * 1000); -+ -+ for (i = 0; i < 2; ++i) { -+ xhci->bus_state[i].port_c_suspend = 0; -+ xhci->bus_state[i].suspended_ports = 0; -+ xhci->bus_state[i].resuming_ports = 0; -+ } -+ -+ return ret; - } - - #ifdef CONFIG_PCI -diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h -index 3d69c4b..ac14276 100644 ---- a/drivers/usb/host/xhci.h -+++ b/drivers/usb/host/xhci.h -@@ -1362,6 +1362,8 @@ struct xhci_bus_state { - u32 suspended_ports; - u32 port_remote_wakeup; - unsigned long resume_done[USB_MAXCHILDREN]; -+ /* which ports have started to resume */ -+ unsigned long resuming_ports; - }; - - static inline unsigned int hcd_index(struct usb_hcd *hcd) -@@ -1479,6 +1481,7 @@ struct xhci_hcd { - #define XHCI_RESET_ON_RESUME (1 << 7) - #define XHCI_SW_BW_CHECKING (1 << 8) - #define XHCI_AMD_0x96_HOST (1 << 9) -+#define XHCI_TRUST_TX_LENGTH (1 << 10) - unsigned int num_active_eps; - unsigned int limit_active_eps; - /* There are two roothubs to keep track of bus suspend info for */ -diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c -index 9dcb68f..055b84a 100644 ---- a/drivers/usb/misc/usbtest.c -+++ b/drivers/usb/misc/usbtest.c -@@ -1028,7 +1028,10 @@ test_ctrl_queue(struct usbtest_dev *dev, struct usbtest_param *param) - case 13: /* short read, resembling case 10 */ - req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); - /* last data packet "should" be DATA1, not DATA0 */ -- len = 1024 - udev->descriptor.bMaxPacketSize0; -+ if (udev->speed == USB_SPEED_SUPER) -+ len = 1024 - 512; -+ else -+ len = 1024 - udev->descriptor.bMaxPacketSize0; - expected = -EREMOTEIO; - break; - case 14: /* short read; try to fill the last packet */ -@@ -1387,11 +1390,15 @@ static int test_halt(struct usbtest_dev *tdev, int ep, struct urb *urb) - - static int halt_simple(struct usbtest_dev *dev) - { -- int ep; -- int retval = 0; -- struct urb *urb; -+ int ep; -+ int retval = 0; -+ struct urb *urb; -+ struct usb_device *udev = testdev_to_usbdev(dev); - -- urb = simple_alloc_urb(testdev_to_usbdev(dev), 0, 512); -+ if (udev->speed == USB_SPEED_SUPER) -+ urb = simple_alloc_urb(udev, 0, 1024); -+ else -+ urb = simple_alloc_urb(udev, 0, 512); - if (urb == NULL) - return -ENOMEM; - -diff --git a/drivers/usb/otg/gpio_vbus.c b/drivers/usb/otg/gpio_vbus.c -index a0a2178..fe20864 100644 ---- a/drivers/usb/otg/gpio_vbus.c -+++ b/drivers/usb/otg/gpio_vbus.c -@@ -37,7 +37,7 @@ struct gpio_vbus_data { - struct regulator *vbus_draw; - int vbus_draw_enabled; - unsigned mA; -- struct work_struct work; -+ struct delayed_work work; - }; - - -@@ -94,7 +94,7 @@ static int is_vbus_powered(struct gpio_vbus_mach_info *pdata) - static void gpio_vbus_work(struct work_struct *work) - { - struct gpio_vbus_data *gpio_vbus = -- container_of(work, struct gpio_vbus_data, work); -+ container_of(work, struct gpio_vbus_data, work.work); - struct gpio_vbus_mach_info *pdata = gpio_vbus->dev->platform_data; - int gpio, status; - -@@ -152,7 +152,7 @@ static irqreturn_t gpio_vbus_irq(int irq, void *data) - otg->gadget ? otg->gadget->name : "none"); - - if (otg->gadget) -- schedule_work(&gpio_vbus->work); -+ schedule_delayed_work(&gpio_vbus->work, msecs_to_jiffies(100)); - - return IRQ_HANDLED; - } -@@ -300,7 +300,7 @@ static int __init gpio_vbus_probe(struct platform_device *pdev) - - ATOMIC_INIT_NOTIFIER_HEAD(&gpio_vbus->phy.notifier); - -- INIT_WORK(&gpio_vbus->work, gpio_vbus_work); -+ INIT_DELAYED_WORK(&gpio_vbus->work, gpio_vbus_work); - - gpio_vbus->vbus_draw = regulator_get(&pdev->dev, "vbus_draw"); - if (IS_ERR(gpio_vbus->vbus_draw)) { -diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c -index 02e7f2d..95bba99 100644 ---- a/drivers/usb/serial/ftdi_sio.c -+++ b/drivers/usb/serial/ftdi_sio.c -@@ -809,6 +809,7 @@ static struct usb_device_id id_table_combined [] = { - .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, - { USB_DEVICE(LARSENBRUSGAARD_VID, LB_ALTITRACK_PID) }, - { USB_DEVICE(GN_OTOMETRICS_VID, AURICAL_USB_PID) }, -+ { USB_DEVICE(PI_VID, PI_E861_PID) }, - { USB_DEVICE(BAYER_VID, BAYER_CONTOUR_CABLE_PID) }, - { USB_DEVICE(FTDI_VID, MARVELL_OPENRD_PID), - .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, -diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h -index 0838baf8..f3c7c78 100644 ---- a/drivers/usb/serial/ftdi_sio_ids.h -+++ b/drivers/usb/serial/ftdi_sio_ids.h -@@ -785,6 +785,14 @@ - #define RTSYSTEMS_SERIAL_VX7_PID 0x9e52 /* Serial converter for VX-7 Radios using FT232RL */ - #define RTSYSTEMS_CT29B_PID 0x9e54 /* CT29B Radio Cable */ - -+ -+/* -+ * Physik Instrumente -+ * http://www.physikinstrumente.com/en/products/ -+ */ -+#define PI_VID 0x1a72 /* Vendor ID */ -+#define PI_E861_PID 0x1008 /* E-861 piezo controller USB connection */ -+ - /* - * Bayer Ascensia Contour blood glucose meter USB-converter cable. - * http://winglucofacts.com/cables/ -diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c -index ab74123..3377437 100644 ---- a/drivers/usb/serial/ti_usb_3410_5052.c -+++ b/drivers/usb/serial/ti_usb_3410_5052.c -@@ -165,7 +165,7 @@ static unsigned int product_5052_count; - /* the array dimension is the number of default entries plus */ - /* TI_EXTRA_VID_PID_COUNT user defined entries plus 1 terminating */ - /* null entry */ --static struct usb_device_id ti_id_table_3410[14+TI_EXTRA_VID_PID_COUNT+1] = { -+static struct usb_device_id ti_id_table_3410[15+TI_EXTRA_VID_PID_COUNT+1] = { - { USB_DEVICE(TI_VENDOR_ID, TI_3410_PRODUCT_ID) }, - { USB_DEVICE(TI_VENDOR_ID, TI_3410_EZ430_ID) }, - { USB_DEVICE(MTS_VENDOR_ID, MTS_GSM_NO_FW_PRODUCT_ID) }, -@@ -180,6 +180,7 @@ static struct usb_device_id ti_id_table_3410[14+TI_EXTRA_VID_PID_COUNT+1] = { - { USB_DEVICE(IBM_VENDOR_ID, IBM_454B_PRODUCT_ID) }, - { USB_DEVICE(IBM_VENDOR_ID, IBM_454C_PRODUCT_ID) }, - { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_PRODUCT_ID) }, -+ { USB_DEVICE(TI_VENDOR_ID, FRI2_PRODUCT_ID) }, - }; - - static struct usb_device_id ti_id_table_5052[5+TI_EXTRA_VID_PID_COUNT+1] = { -@@ -189,7 +190,7 @@ static struct usb_device_id ti_id_table_5052[5+TI_EXTRA_VID_PID_COUNT+1] = { - { USB_DEVICE(TI_VENDOR_ID, TI_5052_FIRMWARE_PRODUCT_ID) }, - }; - --static struct usb_device_id ti_id_table_combined[18+2*TI_EXTRA_VID_PID_COUNT+1] = { -+static struct usb_device_id ti_id_table_combined[19+2*TI_EXTRA_VID_PID_COUNT+1] = { - { USB_DEVICE(TI_VENDOR_ID, TI_3410_PRODUCT_ID) }, - { USB_DEVICE(TI_VENDOR_ID, TI_3410_EZ430_ID) }, - { USB_DEVICE(MTS_VENDOR_ID, MTS_GSM_NO_FW_PRODUCT_ID) }, -@@ -208,6 +209,7 @@ static struct usb_device_id ti_id_table_combined[18+2*TI_EXTRA_VID_PID_COUNT+1] - { USB_DEVICE(IBM_VENDOR_ID, IBM_454B_PRODUCT_ID) }, - { USB_DEVICE(IBM_VENDOR_ID, IBM_454C_PRODUCT_ID) }, - { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_PRODUCT_ID) }, -+ { USB_DEVICE(TI_VENDOR_ID, FRI2_PRODUCT_ID) }, - { } - }; - -diff --git a/drivers/usb/serial/ti_usb_3410_5052.h b/drivers/usb/serial/ti_usb_3410_5052.h -index f140f1b..b353e7e 100644 ---- a/drivers/usb/serial/ti_usb_3410_5052.h -+++ b/drivers/usb/serial/ti_usb_3410_5052.h -@@ -37,6 +37,7 @@ - #define TI_5152_BOOT_PRODUCT_ID 0x5152 /* no EEPROM, no firmware */ - #define TI_5052_EEPROM_PRODUCT_ID 0x505A /* EEPROM, no firmware */ - #define TI_5052_FIRMWARE_PRODUCT_ID 0x505F /* firmware is running */ -+#define FRI2_PRODUCT_ID 0x5053 /* Fish River Island II */ - - /* Multi-Tech vendor and product ids */ - #define MTS_VENDOR_ID 0x06E0 -diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c -index 97355a1..6933355 100644 ---- a/drivers/usb/serial/usb-serial.c -+++ b/drivers/usb/serial/usb-serial.c -@@ -1338,7 +1338,6 @@ static int usb_serial_register(struct usb_serial_driver *driver) - driver->description); - return -EINVAL; - } -- driver->usb_driver->supports_autosuspend = 1; - - /* Add this device to our list of devices */ - mutex_lock(&table_lock); -@@ -1373,7 +1372,7 @@ static void usb_serial_deregister(struct usb_serial_driver *device) - * @serial_drivers: NULL-terminated array of pointers to drivers to be registered - * - * Registers @udriver and all the drivers in the @serial_drivers array. -- * Automatically fills in the .no_dynamic_id field in @udriver and -+ * Automatically fills in the .no_dynamic_id and PM fields in @udriver and - * the .usb_driver field in each serial driver. - */ - int usb_serial_register_drivers(struct usb_driver *udriver, -@@ -1392,11 +1391,17 @@ int usb_serial_register_drivers(struct usb_driver *udriver, - * the serial drivers are registered, because the probe would - * simply fail for lack of a matching serial driver. - * Therefore save off udriver's id_table until we are all set. -+ * -+ * Suspend/resume support is implemented in the usb-serial core, -+ * so fill in the PM-related fields in udriver. - */ - saved_id_table = udriver->id_table; - udriver->id_table = NULL; - - udriver->no_dynamic_id = 1; -+ udriver->supports_autosuspend = 1; -+ udriver->suspend = usb_serial_suspend; -+ udriver->resume = usb_serial_resume; - rc = usb_register(udriver); - if (rc) - return rc; -diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h -index 856ad92..8f3cbb8 100644 ---- a/drivers/usb/storage/unusual_devs.h -+++ b/drivers/usb/storage/unusual_devs.h -@@ -1885,6 +1885,13 @@ UNUSUAL_DEV( 0x1652, 0x6600, 0x0201, 0x0201, - USB_SC_DEVICE, USB_PR_DEVICE, NULL, - US_FL_IGNORE_RESIDUE ), - -+/* Reported by Jesse Feddema <jdfeddema@gmail.com> */ -+UNUSUAL_DEV( 0x177f, 0x0400, 0x0000, 0x0000, -+ "Yarvik", -+ "PMP400", -+ USB_SC_DEVICE, USB_PR_DEVICE, NULL, -+ US_FL_BULK_IGNORE_TAG | US_FL_MAX_SECTORS_64 ), -+ - /* Reported by Hans de Goede <hdegoede@redhat.com> - * These Appotech controllers are found in Picture Frames, they provide a - * (buggy) emulation of a cdrom drive which contains the windows software -diff --git a/drivers/video/sh_mobile_lcdcfb.c b/drivers/video/sh_mobile_lcdcfb.c -index 7a0b301..e672698 100644 ---- a/drivers/video/sh_mobile_lcdcfb.c -+++ b/drivers/video/sh_mobile_lcdcfb.c -@@ -758,7 +758,7 @@ static void __sh_mobile_lcdc_start(struct sh_mobile_lcdc_priv *priv) - } - - lcdc_write_chan(ch, LDDFR, tmp); -- lcdc_write_chan(ch, LDMLSR, ch->pitch); -+ lcdc_write_chan(ch, LDMLSR, ch->line_size); - lcdc_write_chan(ch, LDSA1R, ch->base_addr_y); - if (ch->format->yuv) - lcdc_write_chan(ch, LDSA2R, ch->base_addr_c); -@@ -847,6 +847,7 @@ static int sh_mobile_lcdc_start(struct sh_mobile_lcdc_priv *priv) - - ch->base_addr_y = ch->dma_handle; - ch->base_addr_c = ch->base_addr_y + ch->xres * ch->yres_virtual; -+ ch->line_size = ch->pitch; - - /* Enable MERAM if possible. */ - if (mdev == NULL || mdev->ops == NULL || -@@ -882,7 +883,7 @@ static int sh_mobile_lcdc_start(struct sh_mobile_lcdc_priv *priv) - - meram = mdev->ops->meram_register(mdev, ch->cfg->meram_cfg, - ch->pitch, ch->yres, pixelformat, -- &ch->pitch); -+ &ch->line_size); - if (!IS_ERR(meram)) { - mdev->ops->meram_update(mdev, meram, - ch->base_addr_y, ch->base_addr_c, -diff --git a/drivers/video/sh_mobile_lcdcfb.h b/drivers/video/sh_mobile_lcdcfb.h -index da1c26e..5c3bddd 100644 ---- a/drivers/video/sh_mobile_lcdcfb.h -+++ b/drivers/video/sh_mobile_lcdcfb.h -@@ -84,6 +84,7 @@ struct sh_mobile_lcdc_chan { - - unsigned long base_addr_y; - unsigned long base_addr_c; -+ unsigned int line_size; - - int (*notify)(struct sh_mobile_lcdc_chan *ch, - enum sh_mobile_lcdc_entity_event event, -diff --git a/drivers/xen/events.c b/drivers/xen/events.c -index 0a8a17c..6908e4c 100644 ---- a/drivers/xen/events.c -+++ b/drivers/xen/events.c -@@ -611,7 +611,7 @@ static void disable_pirq(struct irq_data *data) - disable_dynirq(data); - } - --static int find_irq_by_gsi(unsigned gsi) -+int xen_irq_from_gsi(unsigned gsi) - { - struct irq_info *info; - -@@ -625,6 +625,7 @@ static int find_irq_by_gsi(unsigned gsi) - - return -1; - } -+EXPORT_SYMBOL_GPL(xen_irq_from_gsi); - - /* - * Do not make any assumptions regarding the relationship between the -@@ -644,7 +645,7 @@ int xen_bind_pirq_gsi_to_irq(unsigned gsi, - - mutex_lock(&irq_mapping_update_lock); - -- irq = find_irq_by_gsi(gsi); -+ irq = xen_irq_from_gsi(gsi); - if (irq != -1) { - printk(KERN_INFO "xen_map_pirq_gsi: returning irq %d for gsi %u\n", - irq, gsi); -diff --git a/fs/aio.c b/fs/aio.c -index 67a6db3..e7f2fad 100644 ---- a/fs/aio.c -+++ b/fs/aio.c -@@ -1456,6 +1456,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) - if (ret < 0) - goto out; - -+ ret = rw_verify_area(type, kiocb->ki_filp, &kiocb->ki_pos, ret); -+ if (ret < 0) -+ goto out; -+ - kiocb->ki_nr_segs = kiocb->ki_nbytes; - kiocb->ki_cur_seg = 0; - /* ki_nbytes/left now reflect bytes instead of segs */ -@@ -1467,11 +1471,17 @@ out: - return ret; - } - --static ssize_t aio_setup_single_vector(struct kiocb *kiocb) -+static ssize_t aio_setup_single_vector(int type, struct file * file, struct kiocb *kiocb) - { -+ int bytes; -+ -+ bytes = rw_verify_area(type, file, &kiocb->ki_pos, kiocb->ki_left); -+ if (bytes < 0) -+ return bytes; -+ - kiocb->ki_iovec = &kiocb->ki_inline_vec; - kiocb->ki_iovec->iov_base = kiocb->ki_buf; -- kiocb->ki_iovec->iov_len = kiocb->ki_left; -+ kiocb->ki_iovec->iov_len = bytes; - kiocb->ki_nr_segs = 1; - kiocb->ki_cur_seg = 0; - return 0; -@@ -1496,10 +1506,7 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb, bool compat) - if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf, - kiocb->ki_left))) - break; -- ret = security_file_permission(file, MAY_READ); -- if (unlikely(ret)) -- break; -- ret = aio_setup_single_vector(kiocb); -+ ret = aio_setup_single_vector(READ, file, kiocb); - if (ret) - break; - ret = -EINVAL; -@@ -1514,10 +1521,7 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb, bool compat) - if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf, - kiocb->ki_left))) - break; -- ret = security_file_permission(file, MAY_WRITE); -- if (unlikely(ret)) -- break; -- ret = aio_setup_single_vector(kiocb); -+ ret = aio_setup_single_vector(WRITE, file, kiocb); - if (ret) - break; - ret = -EINVAL; -@@ -1528,9 +1532,6 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb, bool compat) - ret = -EBADF; - if (unlikely(!(file->f_mode & FMODE_READ))) - break; -- ret = security_file_permission(file, MAY_READ); -- if (unlikely(ret)) -- break; - ret = aio_setup_vectored_rw(READ, kiocb, compat); - if (ret) - break; -@@ -1542,9 +1543,6 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb, bool compat) - ret = -EBADF; - if (unlikely(!(file->f_mode & FMODE_WRITE))) - break; -- ret = security_file_permission(file, MAY_WRITE); -- if (unlikely(ret)) -- break; - ret = aio_setup_vectored_rw(WRITE, kiocb, compat); - if (ret) - break; -diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h -index cbde4b7..0707d22 100644 ---- a/include/linux/mmc/host.h -+++ b/include/linux/mmc/host.h -@@ -297,6 +297,7 @@ struct mmc_host { - - unsigned int sdio_irqs; - struct task_struct *sdio_irq_thread; -+ bool sdio_irq_pending; - atomic_t sdio_irq_thread_abort; - - mmc_pm_flag_t pm_flags; /* requested pm features */ -@@ -352,6 +353,7 @@ extern int mmc_cache_ctrl(struct mmc_host *, u8); - static inline void mmc_signal_sdio_irq(struct mmc_host *host) - { - host->ops->enable_sdio_irq(host, 0); -+ host->sdio_irq_pending = true; - wake_up_process(host->sdio_irq_thread); - } - -diff --git a/include/linux/usb.h b/include/linux/usb.h -index 73b68d1..26229fd 100644 ---- a/include/linux/usb.h -+++ b/include/linux/usb.h -@@ -1379,6 +1379,7 @@ extern int usb_unlink_urb(struct urb *urb); - extern void usb_kill_urb(struct urb *urb); - extern void usb_poison_urb(struct urb *urb); - extern void usb_unpoison_urb(struct urb *urb); -+extern void usb_block_urb(struct urb *urb); - extern void usb_kill_anchored_urbs(struct usb_anchor *anchor); - extern void usb_poison_anchored_urbs(struct usb_anchor *anchor); - extern void usb_unpoison_anchored_urbs(struct usb_anchor *anchor); -@@ -1391,6 +1392,8 @@ extern struct urb *usb_get_from_anchor(struct usb_anchor *anchor); - extern void usb_scuttle_anchored_urbs(struct usb_anchor *anchor); - extern int usb_anchor_empty(struct usb_anchor *anchor); - -+#define usb_unblock_urb usb_unpoison_urb -+ - /** - * usb_urb_dir_in - check if an URB describes an IN transfer - * @urb: URB to be checked -diff --git a/include/xen/events.h b/include/xen/events.h -index 0f77370..04399b2 100644 ---- a/include/xen/events.h -+++ b/include/xen/events.h -@@ -103,6 +103,9 @@ int xen_irq_from_pirq(unsigned pirq); - /* Return the pirq allocated to the irq. */ - int xen_pirq_from_irq(unsigned irq); - -+/* Return the irq allocated to the gsi */ -+int xen_irq_from_gsi(unsigned gsi); -+ - /* Determine whether to ignore this IRQ if it is passed to a guest. */ - int xen_test_irq_shared(int irq); - -diff --git a/init/main.c b/init/main.c -index 44b2433..cb54cd3 100644 ---- a/init/main.c -+++ b/init/main.c -@@ -560,9 +560,6 @@ asmlinkage void __init start_kernel(void) - early_boot_irqs_disabled = false; - local_irq_enable(); - -- /* Interrupts are enabled now so all GFP allocations are safe. */ -- gfp_allowed_mask = __GFP_BITS_MASK; -- - kmem_cache_init_late(); - - /* -@@ -842,6 +839,10 @@ static int __init kernel_init(void * unused) - * Wait until kthreadd is all set-up. - */ - wait_for_completion(&kthreadd_done); -+ -+ /* Now the scheduler is fully set up and can do blocking allocations */ -+ gfp_allowed_mask = __GFP_BITS_MASK; -+ - /* - * init can allocate pages on any node - */ -diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index 5abf42f..7da267c 100644 ---- a/kernel/workqueue.c -+++ b/kernel/workqueue.c -@@ -1210,8 +1210,13 @@ static void worker_enter_idle(struct worker *worker) - } else - wake_up_all(&gcwq->trustee_wait); - -- /* sanity check nr_running */ -- WARN_ON_ONCE(gcwq->nr_workers == gcwq->nr_idle && -+ /* -+ * Sanity check nr_running. Because trustee releases gcwq->lock -+ * between setting %WORKER_ROGUE and zapping nr_running, the -+ * warning may trigger spuriously. Check iff trustee is idle. -+ */ -+ WARN_ON_ONCE(gcwq->trustee_state == TRUSTEE_DONE && -+ gcwq->nr_workers == gcwq->nr_idle && - atomic_read(get_gcwq_nr_running(gcwq->cpu))); - } - -diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index b195691..bf5b485 100644 ---- a/mm/mempolicy.c -+++ b/mm/mempolicy.c -@@ -607,27 +607,6 @@ check_range(struct mm_struct *mm, unsigned long start, unsigned long end, - return first; - } - --/* Apply policy to a single VMA */ --static int policy_vma(struct vm_area_struct *vma, struct mempolicy *new) --{ -- int err = 0; -- struct mempolicy *old = vma->vm_policy; -- -- pr_debug("vma %lx-%lx/%lx vm_ops %p vm_file %p set_policy %p\n", -- vma->vm_start, vma->vm_end, vma->vm_pgoff, -- vma->vm_ops, vma->vm_file, -- vma->vm_ops ? vma->vm_ops->set_policy : NULL); -- -- if (vma->vm_ops && vma->vm_ops->set_policy) -- err = vma->vm_ops->set_policy(vma, new); -- if (!err) { -- mpol_get(new); -- vma->vm_policy = new; -- mpol_put(old); -- } -- return err; --} -- - /* Step 2: apply policy to a range and do splits. */ - static int mbind_range(struct mm_struct *mm, unsigned long start, - unsigned long end, struct mempolicy *new_pol) -@@ -676,9 +655,23 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, - if (err) - goto out; - } -- err = policy_vma(vma, new_pol); -- if (err) -- goto out; -+ -+ /* -+ * Apply policy to a single VMA. The reference counting of -+ * policy for vma_policy linkages has already been handled by -+ * vma_merge and split_vma as necessary. If this is a shared -+ * policy then ->set_policy will increment the reference count -+ * for an sp node. -+ */ -+ pr_debug("vma %lx-%lx/%lx vm_ops %p vm_file %p set_policy %p\n", -+ vma->vm_start, vma->vm_end, vma->vm_pgoff, -+ vma->vm_ops, vma->vm_file, -+ vma->vm_ops ? vma->vm_ops->set_policy : NULL); -+ if (vma->vm_ops && vma->vm_ops->set_policy) { -+ err = vma->vm_ops->set_policy(vma, new_pol); -+ if (err) -+ goto out; -+ } - } - - out: -diff --git a/net/wireless/reg.c b/net/wireless/reg.c -index e9a0ac8..15f3474 100644 ---- a/net/wireless/reg.c -+++ b/net/wireless/reg.c -@@ -388,7 +388,15 @@ static void reg_regdb_query(const char *alpha2) - - schedule_work(®_regdb_work); - } -+ -+/* Feel free to add any other sanity checks here */ -+static void reg_regdb_size_check(void) -+{ -+ /* We should ideally BUILD_BUG_ON() but then random builds would fail */ -+ WARN_ONCE(!reg_regdb_size, "db.txt is empty, you should update it..."); -+} - #else -+static inline void reg_regdb_size_check(void) {} - static inline void reg_regdb_query(const char *alpha2) {} - #endif /* CONFIG_CFG80211_INTERNAL_REGDB */ - -@@ -2322,6 +2330,8 @@ int __init regulatory_init(void) - spin_lock_init(®_requests_lock); - spin_lock_init(®_pending_beacons_lock); - -+ reg_regdb_size_check(); -+ - cfg80211_regdomain = cfg80211_world_regdom; - - user_alpha2[0] = '9'; -diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c -index d7018bf..3068d16 100644 ---- a/security/selinux/selinuxfs.c -+++ b/security/selinux/selinuxfs.c -@@ -1232,6 +1232,7 @@ static int sel_make_bools(void) - kfree(bool_pending_names[i]); - kfree(bool_pending_names); - kfree(bool_pending_values); -+ bool_num = 0; - bool_pending_names = NULL; - bool_pending_values = NULL; - -diff --git a/tools/usb/ffs-test.c b/tools/usb/ffs-test.c -index 4b107b5..8674b9e 100644 ---- a/tools/usb/ffs-test.c -+++ b/tools/usb/ffs-test.c -@@ -297,7 +297,7 @@ static void *start_thread_helper(void *arg) - - ret = t->in(t, t->buf, t->buf_size); - if (ret > 0) { -- ret = t->out(t, t->buf, t->buf_size); -+ ret = t->out(t, t->buf, ret); - name = out_name; - op = "write"; - } else { diff --git a/3.2.19/0000_README b/3.4.2/0000_README index 249fc70..d213666 100644 --- a/3.2.19/0000_README +++ b/3.4.2/0000_README @@ -2,15 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1016_linux-3.2.17.patch -From: http://www.kernel.org -Desc: Linux 3.2.17 - -Patch: 1017_linux-3.2.18.patch -From: http://www.kernel.org -Desc: Linux 3.2.18 - -Patch: 4420_grsecurity-2.9.1-3.2.19-201206091539.patch +Patch: 4420_grsecurity-2.9.1-3.4.2-201206111838.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.4.1/4420_grsecurity-2.9.1-3.4.1-201206091540.patch b/3.4.2/4420_grsecurity-2.9.1-3.4.2-201206111838.patch index 4332d0b..974b9ed 100644 --- a/3.4.1/4420_grsecurity-2.9.1-3.4.1-201206091540.patch +++ b/3.4.2/4420_grsecurity-2.9.1-3.4.2-201206111838.patch @@ -219,7 +219,7 @@ index c1601e5..08557ce 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 0bd1554..808b0e5 100644 +index 901a955..8277cb4 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -18190,10 +18190,10 @@ index f21fd94..61565cd 100644 if ((s64)val != *(s32 *)loc) goto overflow; diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c -index 47acaf3..ec48ab6 100644 +index 32856fa..ce95eaa 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c -@@ -505,6 +505,17 @@ static inline void nmi_nesting_postprocess(void) +@@ -507,6 +507,17 @@ static inline void nmi_nesting_postprocess(void) dotraplinkage notrace __kprobes void do_nmi(struct pt_regs *regs, long error_code) { @@ -18672,7 +18672,7 @@ index 43d8b48..c45d566 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 685845c..c8ac2fd 100644 +index cf11783..e7ce551 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -824,7 +824,7 @@ long arch_ptrace(struct task_struct *child, long request, @@ -18701,7 +18701,7 @@ index 685845c..c8ac2fd 100644 break; #endif -@@ -1432,7 +1432,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1426,7 +1426,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -18710,7 +18710,7 @@ index 685845c..c8ac2fd 100644 } void user_single_step_siginfo(struct task_struct *tsk, -@@ -1461,6 +1461,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, +@@ -1455,6 +1455,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, # define IS_IA32 0 #endif @@ -18721,7 +18721,7 @@ index 685845c..c8ac2fd 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1469,6 +1473,11 @@ long syscall_trace_enter(struct pt_regs *regs) +@@ -1463,6 +1467,11 @@ long syscall_trace_enter(struct pt_regs *regs) { long ret = 0; @@ -18733,7 +18733,7 @@ index 685845c..c8ac2fd 100644 /* * If we stepped into a sysenter/syscall insn, it trapped in * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. -@@ -1512,6 +1521,11 @@ void syscall_trace_leave(struct pt_regs *regs) +@@ -1506,6 +1515,11 @@ void syscall_trace_leave(struct pt_regs *regs) { bool step; @@ -26982,7 +26982,7 @@ index 00aaf04..4a26505 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 95dccce..de96944 100644 +index 6c7f1e8..de96944 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -95,8 +95,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -26994,18 +26994,7 @@ index 95dccce..de96944 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1106,7 +1104,10 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = { - .wbinvd = native_wbinvd, - - .read_msr = native_read_msr_safe, -+ .rdmsr_regs = native_rdmsr_safe_regs, - .write_msr = xen_write_msr_safe, -+ .wrmsr_regs = native_wrmsr_safe_regs, -+ - .read_tsc = native_read_tsc, - .read_pmc = native_read_pmc, - -@@ -1154,30 +1155,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1157,30 +1155,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -27043,7 +27032,7 @@ index 95dccce..de96944 100644 { if (pm_power_off) pm_power_off(); -@@ -1280,7 +1281,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1283,7 +1281,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -27062,7 +27051,7 @@ index 95dccce..de96944 100644 xen_setup_features(); -@@ -1311,13 +1322,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1314,13 +1322,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -28543,7 +28532,7 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index e8cd652..bbbd1fc 100644 +index 9851093..adb2b1e 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) @@ -28555,7 +28544,7 @@ index e8cd652..bbbd1fc 100644 break; case PKT_STATUS: -@@ -1008,7 +1008,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1009,7 +1009,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { @@ -30371,7 +30360,7 @@ index f57e5cf..c82f79d 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 79a7de1..56f2f3e 100644 +index d4d162f..e80037c 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2254,7 +2254,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) @@ -33377,7 +33366,7 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 15dd59b..662bb39 100644 +index d7e9577..faa512f2 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1688,7 +1688,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) @@ -33399,7 +33388,7 @@ index 15dd59b..662bb39 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 3f91c2e..e1f37bd 100644 +index d037adb..ed17dc9 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c @@ -1684,7 +1684,7 @@ static void end_sync_read(struct bio *bio, int error) @@ -36740,10 +36729,10 @@ index 07322ec..91ccc23 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 5dfd749..e86bf7e 100644 +index 4037fd5..a19fcc7 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1412,7 +1412,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1415,7 +1415,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -36752,7 +36741,7 @@ index 5dfd749..e86bf7e 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1438,9 +1438,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1441,9 +1441,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -41344,7 +41333,7 @@ index e7f2fad..15ad8a4 100644 kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ diff --git a/fs/attr.c b/fs/attr.c -index 73f69a6..cc501ba 100644 +index d94d1b6..f9bccd6 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) @@ -42871,10 +42860,10 @@ index 541ef81..a78deb8 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 4ff6313..815d7fc 100644 +index 73fea28..b996b84 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -438,28 +438,28 @@ struct cifs_tcon { +@@ -439,28 +439,28 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -42925,7 +42914,7 @@ index 4ff6313..815d7fc 100644 #ifdef CONFIG_CIFS_STATS2 unsigned long long time_writes; unsigned long long time_reads; -@@ -676,7 +676,7 @@ convert_delimiter(char *path, char delim) +@@ -677,7 +677,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -42934,7 +42923,7 @@ index 4ff6313..815d7fc 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1035,8 +1035,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1036,8 +1036,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -43323,10 +43312,10 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index b1fd202..9d037f3 100644 +index b1fd202..ba60b98 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,6 +55,13 @@ +@@ -55,6 +55,15 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> @@ -43337,10 +43326,12 @@ index b1fd202..9d037f3 100644 +#include <linux/kallsyms.h> +#include <linux/kdebug.h> +#endif ++ ++#include <trace/events/fs.h> #include <asm/uaccess.h> #include <asm/mmu_context.h> -@@ -66,6 +73,15 @@ +@@ -66,6 +75,15 @@ #include <trace/events/sched.h> @@ -43356,7 +43347,7 @@ index b1fd202..9d037f3 100644 int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] = "core"; unsigned int core_pipe_limit; -@@ -75,7 +91,7 @@ struct core_name { +@@ -75,7 +93,7 @@ struct core_name { char *corename; int used, size; }; @@ -43365,7 +43356,7 @@ index b1fd202..9d037f3 100644 /* The maximal length of core_pattern is also specified in sysctl.c */ -@@ -191,18 +207,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -191,18 +209,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -43387,7 +43378,7 @@ index b1fd202..9d037f3 100644 return NULL; if (write) { -@@ -218,6 +226,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -218,6 +228,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -43405,7 +43396,7 @@ index b1fd202..9d037f3 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -277,6 +296,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -277,6 +298,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -43417,7 +43408,7 @@ index b1fd202..9d037f3 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -291,6 +315,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -291,6 +317,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -43430,7 +43421,7 @@ index b1fd202..9d037f3 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -399,19 +429,7 @@ err: +@@ -399,19 +431,7 @@ err: return err; } @@ -43451,7 +43442,7 @@ index b1fd202..9d037f3 100644 { const char __user *native; -@@ -420,14 +438,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -420,14 +440,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -43468,7 +43459,7 @@ index b1fd202..9d037f3 100644 return native; } -@@ -446,7 +464,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -446,7 +466,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -43477,7 +43468,7 @@ index b1fd202..9d037f3 100644 return -EFAULT; if (i++ >= max) -@@ -480,7 +498,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -480,7 +500,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -43486,7 +43477,7 @@ index b1fd202..9d037f3 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -562,7 +580,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -562,7 +582,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -43495,7 +43486,7 @@ index b1fd202..9d037f3 100644 }; set_fs(KERNEL_DS); -@@ -597,7 +615,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -597,7 +617,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -43505,7 +43496,7 @@ index b1fd202..9d037f3 100644 /* * ensure there are no vmas between where we want to go -@@ -606,6 +625,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -606,6 +627,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -43516,7 +43507,7 @@ index b1fd202..9d037f3 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -686,10 +709,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -686,10 +711,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -43527,7 +43518,7 @@ index b1fd202..9d037f3 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -701,8 +720,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -701,8 +722,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -43556,7 +43547,7 @@ index b1fd202..9d037f3 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -721,13 +760,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -721,13 +762,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -43570,7 +43561,16 @@ index b1fd202..9d037f3 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -808,7 +840,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -785,6 +819,8 @@ struct file *open_exec(const char *name) + + fsnotify_open(file); + ++ trace_open_exec(name); ++ + err = deny_write_access(file); + if (err) + goto exit; +@@ -808,7 +844,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -43579,7 +43579,7 @@ index b1fd202..9d037f3 100644 set_fs(old_fs); return result; } -@@ -1254,7 +1286,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1254,7 +1290,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -43588,7 +43588,7 @@ index b1fd202..9d037f3 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1451,6 +1483,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1451,6 +1487,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -43617,7 +43617,7 @@ index b1fd202..9d037f3 100644 /* * sys_execve() executes a new program. */ -@@ -1459,6 +1513,11 @@ static int do_execve_common(const char *filename, +@@ -1459,6 +1517,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -43629,7 +43629,7 @@ index b1fd202..9d037f3 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1466,6 +1525,8 @@ static int do_execve_common(const char *filename, +@@ -1466,6 +1529,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -43638,7 +43638,7 @@ index b1fd202..9d037f3 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1506,12 +1567,27 @@ static int do_execve_common(const char *filename, +@@ -1506,12 +1571,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -43666,7 +43666,7 @@ index b1fd202..9d037f3 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1528,24 +1604,65 @@ static int do_execve_common(const char *filename, +@@ -1528,24 +1608,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -43736,7 +43736,7 @@ index b1fd202..9d037f3 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1554,6 +1671,14 @@ static int do_execve_common(const char *filename, +@@ -1554,6 +1675,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -43751,7 +43751,7 @@ index b1fd202..9d037f3 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1627,7 +1752,7 @@ static int expand_corename(struct core_name *cn) +@@ -1627,7 +1756,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -43760,7 +43760,7 @@ index b1fd202..9d037f3 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1724,7 +1849,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1724,7 +1853,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -43769,7 +43769,7 @@ index b1fd202..9d037f3 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1821,6 +1946,228 @@ out: +@@ -1821,6 +1950,228 @@ out: return ispipe; } @@ -43998,7 +43998,7 @@ index b1fd202..9d037f3 100644 static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2018,17 +2365,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2018,17 +2369,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -44021,7 +44021,7 @@ index b1fd202..9d037f3 100644 pipe_unlock(pipe); } -@@ -2089,7 +2436,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2089,7 +2440,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -44030,7 +44030,7 @@ index b1fd202..9d037f3 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2104,6 +2451,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2104,6 +2455,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -44040,7 +44040,7 @@ index b1fd202..9d037f3 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2171,7 +2521,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2171,7 +2525,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -44049,7 +44049,7 @@ index b1fd202..9d037f3 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2198,6 +2548,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2198,6 +2552,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -44058,7 +44058,7 @@ index b1fd202..9d037f3 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -2241,7 +2593,7 @@ close_fail: +@@ -2241,7 +2597,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -44067,7 +44067,7 @@ index b1fd202..9d037f3 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2260,7 +2612,7 @@ fail: +@@ -2260,7 +2616,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -44156,7 +44156,7 @@ index 0e01e90..ae2bd5e 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 99ab428..7b65ba1 100644 +index 6b0a57e..1955a44 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -44177,7 +44177,7 @@ index 99ab428..7b65ba1 100644 goto repeat; } } -@@ -2542,25 +2542,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2545,25 +2545,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -44213,7 +44213,7 @@ index 99ab428..7b65ba1 100644 } free_percpu(sbi->s_locality_groups); -@@ -3044,16 +3044,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3045,16 +3045,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -44236,7 +44236,7 @@ index 99ab428..7b65ba1 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3457,7 +3457,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3458,7 +3458,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -44245,7 +44245,7 @@ index 99ab428..7b65ba1 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3517,7 +3517,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3518,7 +3518,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -44254,7 +44254,7 @@ index 99ab428..7b65ba1 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3606,7 +3606,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3607,7 +3607,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -44263,7 +44263,7 @@ index 99ab428..7b65ba1 100644 return err; } -@@ -3624,7 +3624,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3625,7 +3625,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -44272,19 +44272,6 @@ index 99ab428..7b65ba1 100644 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len); return 0; -diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c -index 59fa0be..53589ff 100644 ---- a/fs/ext4/resize.c -+++ b/fs/ext4/resize.c -@@ -161,6 +161,8 @@ static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned long flexbg_size) - if (flex_gd == NULL) - goto out3; - -+ if (flexbg_size >= UINT_MAX / sizeof(struct ext4_new_flex_group_data)) -+ goto out2; - flex_gd->count = flexbg_size; - - flex_gd->groups = kmalloc(sizeof(struct ext4_new_group_data) * diff --git a/fs/fcntl.c b/fs/fcntl.c index 75e7c1f..1eb3e4d 100644 --- a/fs/fcntl.c @@ -46551,10 +46538,10 @@ index c427919..e37fd3f 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index e608199..9609cb9 100644 +index 4e46539..b28253c 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1155,6 +1155,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1156,6 +1156,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -46564,7 +46551,7 @@ index e608199..9609cb9 100644 return retval; } -@@ -1174,6 +1177,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1175,6 +1178,9 @@ static int do_umount(struct mount *mnt, int flags) br_write_unlock(vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -46574,7 +46561,7 @@ index e608199..9609cb9 100644 return retval; } -@@ -2175,6 +2181,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2176,6 +2182,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -46591,7 +46578,7 @@ index e608199..9609cb9 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2189,6 +2205,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2190,6 +2206,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, dev_name, data_page); dput_out: path_put(&path); @@ -46601,7 +46588,7 @@ index e608199..9609cb9 100644 return retval; } -@@ -2470,6 +2489,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2471,6 +2490,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -46883,10 +46870,19 @@ index 5d22872..523db20 100644 kfree(link); } diff --git a/fs/open.c b/fs/open.c -index 5720854..2707e82 100644 +index 5720854..ccfe124 100644 --- a/fs/open.c +++ b/fs/open.c -@@ -112,6 +112,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) +@@ -31,6 +31,8 @@ + #include <linux/ima.h> + #include <linux/dnotify.h> + ++#define CREATE_TRACE_POINTS ++#include <trace/events/fs.h> + #include "internal.h" + + int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, +@@ -112,6 +114,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) error = locks_verify_truncate(inode, NULL, length); if (!error) error = security_path_truncate(&path); @@ -46897,7 +46893,7 @@ index 5720854..2707e82 100644 if (!error) error = do_truncate(path.dentry, length, 0, NULL); -@@ -358,6 +362,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) +@@ -358,6 +364,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -46907,7 +46903,7 @@ index 5720854..2707e82 100644 out_path_release: path_put(&path); out: -@@ -384,6 +391,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) +@@ -384,6 +393,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) if (error) goto dput_and_out; @@ -46916,7 +46912,7 @@ index 5720854..2707e82 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -410,6 +419,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -410,6 +421,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); @@ -46930,7 +46926,7 @@ index 5720854..2707e82 100644 if (!error) set_fs_pwd(current->fs, &file->f_path); out_putf: -@@ -438,7 +454,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) +@@ -438,7 +456,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) if (error) goto dput_and_out; @@ -46944,7 +46940,7 @@ index 5720854..2707e82 100644 error = 0; dput_and_out: path_put(&path); -@@ -456,6 +478,16 @@ static int chmod_common(struct path *path, umode_t mode) +@@ -456,6 +480,16 @@ static int chmod_common(struct path *path, umode_t mode) if (error) return error; mutex_lock(&inode->i_mutex); @@ -46961,7 +46957,7 @@ index 5720854..2707e82 100644 error = security_path_chmod(path, mode); if (error) goto out_unlock; -@@ -506,6 +538,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) +@@ -506,6 +540,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) int error; struct iattr newattrs; @@ -46971,6 +46967,14 @@ index 5720854..2707e82 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { newattrs.ia_valid |= ATTR_UID; +@@ -987,6 +1024,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) + } else { + fsnotify_open(f); + fd_install(fd, f); ++ trace_do_sys_open(tmp, flags, mode); + } + } + putname(tmp); diff --git a/fs/pipe.c b/fs/pipe.c index fec5e4a..f4210f9 100644 --- a/fs/pipe.c @@ -47291,7 +47295,7 @@ index f9bd395..acb7847 100644 +} +#endif diff --git a/fs/proc/base.c b/fs/proc/base.c -index 57b8159..7a08ad5 100644 +index 9fc77b4..04761b8 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -109,6 +109,14 @@ struct pid_entry { @@ -47576,7 +47580,7 @@ index 57b8159..7a08ad5 100644 put_task_struct(task); } if (files) { -@@ -2335,11 +2445,21 @@ static const struct file_operations proc_map_files_operations = { +@@ -2338,11 +2448,21 @@ static const struct file_operations proc_map_files_operations = { */ static int proc_fd_permission(struct inode *inode, int mask) { @@ -47600,7 +47604,7 @@ index 57b8159..7a08ad5 100644 return rv; } -@@ -2449,6 +2569,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2452,6 +2572,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -47610,7 +47614,7 @@ index 57b8159..7a08ad5 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2493,6 +2616,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2496,6 +2619,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -47620,7 +47624,7 @@ index 57b8159..7a08ad5 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2763,7 +2889,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -2766,7 +2892,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { @@ -47629,7 +47633,7 @@ index 57b8159..7a08ad5 100644 if (!IS_ERR(s)) __putname(s); } -@@ -2964,7 +3090,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2967,7 +3093,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -47638,7 +47642,7 @@ index 57b8159..7a08ad5 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2989,10 +3115,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2992,10 +3118,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -47651,7 +47655,7 @@ index 57b8159..7a08ad5 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -3026,6 +3152,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -3029,6 +3155,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -47661,7 +47665,7 @@ index 57b8159..7a08ad5 100644 }; static int proc_tgid_base_readdir(struct file * filp, -@@ -3152,7 +3281,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, +@@ -3155,7 +3284,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -47676,7 +47680,7 @@ index 57b8159..7a08ad5 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -3194,7 +3330,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct +@@ -3197,7 +3333,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct if (!task) goto out; @@ -47688,7 +47692,7 @@ index 57b8159..7a08ad5 100644 put_task_struct(task); out: return result; -@@ -3257,6 +3397,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi +@@ -3260,6 +3400,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi static int fake_filldir(void *buf, const char *name, int namelen, loff_t offset, u64 ino, unsigned d_type) { @@ -47697,7 +47701,7 @@ index 57b8159..7a08ad5 100644 return 0; } -@@ -3323,7 +3465,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3326,7 +3468,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -47706,7 +47710,7 @@ index 57b8159..7a08ad5 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3347,10 +3489,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3350,10 +3492,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -48072,7 +48076,7 @@ index eed44bf..abeb499 100644 } diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 1030a71..096c28b 100644 +index 7faaf2a..096c28b 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -11,12 +11,19 @@ @@ -48239,15 +48243,6 @@ index 1030a71..096c28b 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -784,7 +835,7 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, - - /* find the first VMA at or above 'addr' */ - vma = find_vma(walk->mm, addr); -- if (pmd_trans_huge_lock(pmd, vma) == 1) { -+ if (vma && pmd_trans_huge_lock(pmd, vma) == 1) { - for (; addr != end; addr += PAGE_SIZE) { - unsigned long offset; - @@ -1138,6 +1189,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) int n; char buffer[50]; @@ -62603,7 +62598,7 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 111f26b..1b1a2e5 100644 +index c168907..c7756db 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -666,7 +666,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) @@ -63747,6 +63742,65 @@ index aaccc5f..092d568 100644 atomic_t execute_tasks; atomic_t dev_ordered_sync; atomic_t dev_qf_count; +diff --git a/include/trace/events/fs.h b/include/trace/events/fs.h +new file mode 100644 +index 0000000..2efe49d +--- /dev/null ++++ b/include/trace/events/fs.h +@@ -0,0 +1,53 @@ ++#undef TRACE_SYSTEM ++#define TRACE_SYSTEM fs ++ ++#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ) ++#define _TRACE_FS_H ++ ++#include <linux/fs.h> ++#include <linux/tracepoint.h> ++ ++TRACE_EVENT(do_sys_open, ++ ++ TP_PROTO(char *filename, int flags, int mode), ++ ++ TP_ARGS(filename, flags, mode), ++ ++ TP_STRUCT__entry( ++ __string( filename, filename ) ++ __field( int, flags ) ++ __field( int, mode ) ++ ), ++ ++ TP_fast_assign( ++ __assign_str(filename, filename); ++ __entry->flags = flags; ++ __entry->mode = mode; ++ ), ++ ++ TP_printk("\"%s\" %x %o", ++ __get_str(filename), __entry->flags, __entry->mode) ++); ++ ++TRACE_EVENT(open_exec, ++ ++ TP_PROTO(const char *filename), ++ ++ TP_ARGS(filename), ++ ++ TP_STRUCT__entry( ++ __string( filename, filename ) ++ ), ++ ++ TP_fast_assign( ++ __assign_str(filename, filename); ++ ), ++ ++ TP_printk("\"%s\"", ++ __get_str(filename)) ++); ++ ++#endif /* _TRACE_FS_H */ ++ ++/* This part must be outside protection */ ++#include <trace/define_trace.h> diff --git a/include/trace/events/irq.h b/include/trace/events/irq.h index 1c09820..7f5ec79 100644 --- a/include/trace/events/irq.h @@ -65162,7 +65216,7 @@ index d8bd3b42..26bd8dc 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 687a15d..efb4692 100644 +index 8163333..efb4692 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -286,7 +286,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -65275,13 +65329,14 @@ index 687a15d..efb4692 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -354,53 +417,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -354,54 +417,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } - charge = 0; - if (mpnt->vm_flags & VM_ACCOUNT) { -- unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; +- unsigned long len; +- len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - if (security_vm_enough_memory_mm(oldmm, len)) /* sic */ - goto fail_nomem; - charge = len; @@ -65333,7 +65388,7 @@ index 687a15d..efb4692 100644 /* * Link in the new vma and copy the page table entries. -@@ -423,6 +444,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -424,6 +444,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -65365,7 +65420,7 @@ index 687a15d..efb4692 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -431,14 +477,6 @@ out: +@@ -432,14 +477,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -65380,7 +65435,7 @@ index 687a15d..efb4692 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -675,8 +713,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -676,8 +713,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -65391,7 +65446,7 @@ index 687a15d..efb4692 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -898,13 +936,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -899,13 +936,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -65407,7 +65462,7 @@ index 687a15d..efb4692 100644 return 0; } -@@ -1171,6 +1210,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1172,6 +1210,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -65417,7 +65472,7 @@ index 687a15d..efb4692 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1327,6 +1369,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1328,6 +1369,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; @@ -65426,7 +65481,7 @@ index 687a15d..efb4692 100644 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; /* * Clear TID on mm_release()? -@@ -1501,6 +1545,8 @@ bad_fork_cleanup_count: +@@ -1502,6 +1545,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -65435,7 +65490,7 @@ index 687a15d..efb4692 100644 return ERR_PTR(retval); } -@@ -1601,6 +1647,8 @@ long do_fork(unsigned long clone_flags, +@@ -1602,6 +1647,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -65444,7 +65499,7 @@ index 687a15d..efb4692 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1699,7 +1747,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1700,7 +1747,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -65453,7 +65508,7 @@ index 687a15d..efb4692 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1788,7 +1836,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1789,7 +1836,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -69144,7 +69199,7 @@ index bd2bea9..6b3c95e 100644 return false; diff --git a/lib/radix-tree.c b/lib/radix-tree.c -index 86516f5..73395ca 100644 +index 3ac50dc..240bb7e 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -79,7 +79,7 @@ struct radix_tree_preload { @@ -69367,35 +69422,10 @@ index f0e5306..cb9398e 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index ae8f708..3f36aec 100644 +index 263e177..3f36aec 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2157,6 +2157,15 @@ static void hugetlb_vm_op_open(struct vm_area_struct *vma) - kref_get(&reservations->refs); - } - -+static void resv_map_put(struct vm_area_struct *vma) -+{ -+ struct resv_map *reservations = vma_resv_map(vma); -+ -+ if (!reservations) -+ return; -+ kref_put(&reservations->refs, resv_map_release); -+} -+ - static void hugetlb_vm_op_close(struct vm_area_struct *vma) - { - struct hstate *h = hstate_vma(vma); -@@ -2173,7 +2182,7 @@ static void hugetlb_vm_op_close(struct vm_area_struct *vma) - reserve = (end - start) - - region_count(&reservations->regions, start, end); - -- kref_put(&reservations->refs, resv_map_release); -+ resv_map_put(vma); - - if (reserve) { - hugetlb_acct_memory(h, -reserve); -@@ -2437,6 +2446,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2446,6 +2446,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -69423,7 +69453,7 @@ index ae8f708..3f36aec 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2549,6 +2579,11 @@ retry_avoidcopy: +@@ -2558,6 +2579,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -69435,7 +69465,7 @@ index ae8f708..3f36aec 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2703,6 +2738,10 @@ retry: +@@ -2712,6 +2738,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -69446,7 +69476,7 @@ index ae8f708..3f36aec 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2732,6 +2771,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2741,6 +2771,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -69457,7 +69487,7 @@ index ae8f708..3f36aec 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2745,6 +2788,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2754,6 +2788,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -69484,47 +69514,6 @@ index ae8f708..3f36aec 100644 ptep = huge_pte_alloc(mm, address, huge_page_size(h)); if (!ptep) return VM_FAULT_OOM; -@@ -2990,12 +3053,16 @@ int hugetlb_reserve_pages(struct inode *inode, - set_vma_resv_flags(vma, HPAGE_RESV_OWNER); - } - -- if (chg < 0) -- return chg; -+ if (chg < 0) { -+ ret = chg; -+ goto out_err; -+ } - - /* There must be enough pages in the subpool for the mapping */ -- if (hugepage_subpool_get_pages(spool, chg)) -- return -ENOSPC; -+ if (hugepage_subpool_get_pages(spool, chg)) { -+ ret = -ENOSPC; -+ goto out_err; -+ } - - /* - * Check enough hugepages are available for the reservation. -@@ -3004,7 +3071,7 @@ int hugetlb_reserve_pages(struct inode *inode, - ret = hugetlb_acct_memory(h, chg); - if (ret < 0) { - hugepage_subpool_put_pages(spool, chg); -- return ret; -+ goto out_err; - } - - /* -@@ -3021,6 +3088,10 @@ int hugetlb_reserve_pages(struct inode *inode, - if (!vma || vma->vm_flags & VM_MAYSHARE) - region_add(&inode->i_mapping->private_list, from, to); - return 0; -+out_err: -+ if (vma) -+ resv_map_put(vma); -+ return ret; - } - - void hugetlb_unreserve_pages(struct inode *inode, long offset, long freed) diff --git a/mm/internal.h b/mm/internal.h index 2189af4..f2ca332 100644 --- a/mm/internal.h @@ -70382,7 +70371,7 @@ index 6105f47..3363489 100644 return 0; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index bf5b485..088e1e5 100644 +index bf5b485..e44c2cb 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -619,6 +619,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -70404,7 +70393,7 @@ index bf5b485..088e1e5 100644 +#ifdef CONFIG_PAX_SEGMEXEC + vma_m = pax_find_mirror_vma(vma); + if (vma_m && vma_m->vm_ops && vma_m->vm_ops->set_policy) { -+ err = vma->vm_ops->set_policy(vma_m, new_pol); ++ err = vma_m->vm_ops->set_policy(vma_m, new_pol); + if (err) + goto out; + } @@ -72944,7 +72933,7 @@ index 8105be4..e045f96 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 80848cd..14cd19c 100644 +index 71de9b5..dd263c5 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -209,7 +209,7 @@ struct track { @@ -72965,7 +72954,7 @@ index 80848cd..14cd19c 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2600,6 +2600,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) +@@ -2603,6 +2603,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) page = virt_to_head_page(x); @@ -72974,7 +72963,7 @@ index 80848cd..14cd19c 100644 slab_free(s, page, x, _RET_IP_); trace_kmem_cache_free(_RET_IP_, x); -@@ -2633,7 +2635,7 @@ static int slub_min_objects; +@@ -2636,7 +2638,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -72983,7 +72972,7 @@ index 80848cd..14cd19c 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3086,7 +3088,7 @@ static int kmem_cache_open(struct kmem_cache *s, +@@ -3089,7 +3091,7 @@ static int kmem_cache_open(struct kmem_cache *s, else s->cpu_partial = 30; @@ -72992,7 +72981,7 @@ index 80848cd..14cd19c 100644 #ifdef CONFIG_NUMA s->remote_node_defrag_ratio = 1000; #endif -@@ -3190,8 +3192,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) +@@ -3193,8 +3195,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) void kmem_cache_destroy(struct kmem_cache *s) { down_write(&slub_lock); @@ -73002,7 +72991,7 @@ index 80848cd..14cd19c 100644 list_del(&s->list); up_write(&slub_lock); if (kmem_cache_close(s)) { -@@ -3402,6 +3403,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3405,6 +3406,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -73053,7 +73042,7 @@ index 80848cd..14cd19c 100644 size_t ksize(const void *object) { struct page *page; -@@ -3676,7 +3721,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) +@@ -3679,7 +3724,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) int node; list_add(&s->list, &slab_caches); @@ -73062,7 +73051,7 @@ index 80848cd..14cd19c 100644 for_each_node_state(node, N_NORMAL_MEMORY) { struct kmem_cache_node *n = get_node(s, node); -@@ -3796,17 +3841,17 @@ void __init kmem_cache_init(void) +@@ -3799,17 +3844,17 @@ void __init kmem_cache_init(void) /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <= 32) { @@ -73083,7 +73072,7 @@ index 80848cd..14cd19c 100644 caches++; } -@@ -3874,7 +3919,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3877,7 +3922,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -73092,7 +73081,7 @@ index 80848cd..14cd19c 100644 return 1; return 0; -@@ -3933,7 +3978,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3936,7 +3981,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, down_write(&slub_lock); s = find_mergeable(size, align, flags, name, ctor); if (s) { @@ -73101,7 +73090,7 @@ index 80848cd..14cd19c 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3942,7 +3987,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3945,7 +3990,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -73110,7 +73099,7 @@ index 80848cd..14cd19c 100644 goto err; } up_write(&slub_lock); -@@ -4071,7 +4116,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -4074,7 +4119,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -73119,7 +73108,7 @@ index 80848cd..14cd19c 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4458,12 +4503,12 @@ static void resiliency_test(void) +@@ -4461,12 +4506,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -73134,7 +73123,7 @@ index 80848cd..14cd19c 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4706,7 +4751,7 @@ SLAB_ATTR_RO(ctor); +@@ -4709,7 +4754,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -73143,7 +73132,7 @@ index 80848cd..14cd19c 100644 } SLAB_ATTR_RO(aliases); -@@ -5277,6 +5322,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5280,6 +5325,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -73151,7 +73140,7 @@ index 80848cd..14cd19c 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5339,6 +5385,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5342,6 +5388,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -73159,7 +73148,7 @@ index 80848cd..14cd19c 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5352,6 +5399,7 @@ struct saved_alias { +@@ -5355,6 +5402,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -73167,7 +73156,7 @@ index 80848cd..14cd19c 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5374,6 +5422,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5377,6 +5425,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -73287,7 +73276,7 @@ index ae962b3..0bba886 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 94dff88..7d25ed1 100644 +index 1196c77..2e608e8 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -73422,7 +73411,7 @@ index 94dff88..7d25ed1 100644 int node, gfp_t gfp_mask) { struct vmap_area *va; -@@ -1319,6 +1363,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1320,6 +1364,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); @@ -73439,7 +73428,7 @@ index 94dff88..7d25ed1 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1551,6 +1605,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1552,6 +1606,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -73451,7 +73440,7 @@ index 94dff88..7d25ed1 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1652,6 +1711,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1653,6 +1712,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; @@ -73465,7 +73454,7 @@ index 94dff88..7d25ed1 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1825,10 +1891,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1826,10 +1892,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -73477,7 +73466,7 @@ index 94dff88..7d25ed1 100644 -1, __builtin_return_address(0)); } -@@ -2123,6 +2188,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2124,6 +2189,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -73486,7 +73475,7 @@ index 94dff88..7d25ed1 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2375,8 +2442,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, +@@ -2376,8 +2443,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, return NULL; } @@ -74446,7 +74435,7 @@ index cbe3a68..a879b75 100644 break; case NETDEV_DOWN: diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c -index 5063fa3..9dd4a69 100644 +index 8861f91..ab1e3c1 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -698,7 +698,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) @@ -75577,7 +75566,7 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index 32f7a3b..2b52a0d 100644 +index 3862c96..3258ddc 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -1179,7 +1179,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) @@ -77129,7 +77118,7 @@ index af648e0..6185d3a 100644 iwp->length += essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 7661576..80f7627 100644 +index a15d2a0..12142af 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -299,7 +299,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) @@ -77186,7 +77175,7 @@ index 7661576..80f7627 100644 return xdst; } -@@ -2345,7 +2345,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2348,7 +2348,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -77195,7 +77184,7 @@ index 7661576..80f7627 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2882,7 +2882,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -2885,7 +2885,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ diff --git a/3.4.1/4430_grsec-remove-localversion-grsec.patch b/3.4.2/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.4.1/4430_grsec-remove-localversion-grsec.patch +++ b/3.4.2/4430_grsec-remove-localversion-grsec.patch diff --git a/3.4.1/4435_grsec-mute-warnings.patch b/3.4.2/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.4.1/4435_grsec-mute-warnings.patch +++ b/3.4.2/4435_grsec-mute-warnings.patch diff --git a/3.4.1/4440_grsec-remove-protected-paths.patch b/3.4.2/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.4.1/4440_grsec-remove-protected-paths.patch +++ b/3.4.2/4440_grsec-remove-protected-paths.patch diff --git a/3.4.1/4445_grsec-pax-without-grsec.patch b/3.4.2/4445_grsec-pax-without-grsec.patch index 35255c2..35255c2 100644 --- a/3.4.1/4445_grsec-pax-without-grsec.patch +++ b/3.4.2/4445_grsec-pax-without-grsec.patch diff --git a/3.4.1/4450_grsec-kconfig-default-gids.patch b/3.4.2/4450_grsec-kconfig-default-gids.patch index 123f877..123f877 100644 --- a/3.4.1/4450_grsec-kconfig-default-gids.patch +++ b/3.4.2/4450_grsec-kconfig-default-gids.patch diff --git a/3.4.1/4455_grsec-kconfig-gentoo.patch b/3.4.2/4455_grsec-kconfig-gentoo.patch index b9dc3e5..b9dc3e5 100644 --- a/3.4.1/4455_grsec-kconfig-gentoo.patch +++ b/3.4.2/4455_grsec-kconfig-gentoo.patch diff --git a/3.4.1/4460-grsec-kconfig-proc-user.patch b/3.4.2/4460-grsec-kconfig-proc-user.patch index b2b3188..b2b3188 100644 --- a/3.4.1/4460-grsec-kconfig-proc-user.patch +++ b/3.4.2/4460-grsec-kconfig-proc-user.patch diff --git a/3.4.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.4.2/4465_selinux-avc_audit-log-curr_ip.patch index 5a9d80c..5a9d80c 100644 --- a/3.4.1/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.4.2/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.4.1/4470_disable-compat_vdso.patch b/3.4.2/4470_disable-compat_vdso.patch index c40f44f..c40f44f 100644 --- a/3.4.1/4470_disable-compat_vdso.patch +++ b/3.4.2/4470_disable-compat_vdso.patch |