[ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.kernel.org / patch-2.6.27.36-37

From: Greg Kroah-Hartman <gregkh@suse.de>
Subject: Linux 2.6.27.37

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/Makefile b/Makefile
index e7046ea..e063536 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 VERSION = 2
 PATCHLEVEL = 6
 SUBLEVEL = 27
-EXTRAVERSION = .36
+EXTRAVERSION = .37
 NAME = Trembling Tortoise
 
 # *DOCUMENTATION*
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 5e65290..09b59b2 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -21,8 +21,8 @@
 #define __AUDIT_ARCH_LE	   0x40000000
 
 #ifndef CONFIG_AUDITSYSCALL
-#define sysexit_audit int_ret_from_sys_call
-#define sysretl_audit int_ret_from_sys_call
+#define sysexit_audit ia32_ret_from_sys_call
+#define sysretl_audit ia32_ret_from_sys_call
 #endif
 
 #define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8)
@@ -39,12 +39,12 @@
 	.endm 
 
 	/* clobbers %eax */	
-	.macro  CLEAR_RREGS
+	.macro  CLEAR_RREGS offset=0, _r9=rax
 	xorl 	%eax,%eax
-	movq	%rax,R11(%rsp)
-	movq	%rax,R10(%rsp)
-	movq	%rax,R9(%rsp)
-	movq	%rax,R8(%rsp)
+	movq	%rax,\offset+R11(%rsp)
+	movq	%rax,\offset+R10(%rsp)
+	movq	%\_r9,\offset+R9(%rsp)
+	movq	%rax,\offset+R8(%rsp)
 	.endm
 
 	/*
@@ -52,11 +52,10 @@
 	 * We don't reload %eax because syscall_trace_enter() returned
 	 * the value it wants us to use in the table lookup.
 	 */
-	.macro LOAD_ARGS32 offset
-	movl \offset(%rsp),%r11d
-	movl \offset+8(%rsp),%r10d
+	.macro LOAD_ARGS32 offset, _r9=0
+	.if \_r9
 	movl \offset+16(%rsp),%r9d
-	movl \offset+24(%rsp),%r8d
+	.endif
 	movl \offset+40(%rsp),%ecx
 	movl \offset+48(%rsp),%edx
 	movl \offset+56(%rsp),%esi
@@ -145,7 +144,7 @@ ENTRY(ia32_sysenter_target)
 	SAVE_ARGS 0,0,1
  	/* no need to do an access_ok check here because rbp has been
  	   32bit zero extended */ 
-1:	movl	(%rbp),%r9d
+1:	movl	(%rbp),%ebp
  	.section __ex_table,"a"
  	.quad 1b,ia32_badarg
  	.previous	
@@ -157,7 +156,7 @@ ENTRY(ia32_sysenter_target)
 	cmpl	$(IA32_NR_syscalls-1),%eax
 	ja	ia32_badsys
 sysenter_do_call:
-	IA32_ARG_FIXUP 1
+	IA32_ARG_FIXUP
 sysenter_dispatch:
 	call	*ia32_sys_call_table(,%rax,8)
 	movq	%rax,RAX-ARGOFFSET(%rsp)
@@ -173,6 +172,10 @@ sysexit_from_sys_call:
 	movl	RIP-R11(%rsp),%edx		/* User %eip */
 	CFI_REGISTER rip,rdx
 	RESTORE_ARGS 1,24,1,1,1,1
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
 	popfq
 	CFI_ADJUST_CFA_OFFSET -8
 	/*CFI_RESTORE rflags*/
@@ -203,7 +206,7 @@ sysexit_from_sys_call:
 
 	.macro auditsys_exit exit,ebpsave=RBP
 	testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
-	jnz int_ret_from_sys_call
+	jnz ia32_ret_from_sys_call
 	TRACE_IRQS_ON
 	sti
 	movl %eax,%esi		/* second arg, syscall return value */
@@ -219,8 +222,9 @@ sysexit_from_sys_call:
 	cli
 	TRACE_IRQS_OFF
 	testl %edi,TI_flags(%r10)
-	jnz int_with_check
-	jmp \exit
+	jz \exit
+	CLEAR_RREGS -ARGOFFSET
+	jmp int_with_check
 	.endm
 
 sysenter_auditsys:
@@ -234,20 +238,17 @@ sysexit_audit:
 #endif
 
 sysenter_tracesys:
-	xchgl	%r9d,%ebp
 #ifdef CONFIG_AUDITSYSCALL
 	testl	$(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
 	jz	sysenter_auditsys
 #endif
 	SAVE_REST
 	CLEAR_RREGS
-	movq	%r9,R9(%rsp)
 	movq	$-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
 	movq	%rsp,%rdi        /* &pt_regs -> arg1 */
 	call	syscall_trace_enter
 	LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
 	RESTORE_REST
-	xchgl	%ebp,%r9d
 	cmpl	$(IA32_NR_syscalls-1),%eax
 	ja	int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
 	jmp	sysenter_do_call
@@ -314,9 +315,9 @@ ENTRY(ia32_cstar_target)
 	testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
 	CFI_REMEMBER_STATE
 	jnz   cstar_tracesys
-cstar_do_call:	
 	cmpl $IA32_NR_syscalls-1,%eax
 	ja  ia32_badsys
+cstar_do_call:
 	IA32_ARG_FIXUP 1
 cstar_dispatch:
 	call *ia32_sys_call_table(,%rax,8)
@@ -333,6 +334,9 @@ sysretl_from_sys_call:
 	CFI_REGISTER rip,rcx
 	movl EFLAGS-ARGOFFSET(%rsp),%r11d	
 	/*CFI_REGISTER rflags,r11*/
+	xorq	%r10,%r10
+	xorq	%r9,%r9
+	xorq	%r8,%r8
 	TRACE_IRQS_ON
 	movl RSP-ARGOFFSET(%rsp),%esp
 	CFI_RESTORE rsp
@@ -357,15 +361,13 @@ cstar_tracesys:
 #endif
 	xchgl %r9d,%ebp
 	SAVE_REST
-	CLEAR_RREGS
-	movq %r9,R9(%rsp)
+	CLEAR_RREGS 0, r9
 	movq $-ENOSYS,RAX(%rsp)	/* ptrace can change this for a bad syscall */
 	movq %rsp,%rdi        /* &pt_regs -> arg1 */
 	call syscall_trace_enter
-	LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
+	LOAD_ARGS32 ARGOFFSET, 1  /* reload args from stack in case ptrace changed it */
 	RESTORE_REST
 	xchgl %ebp,%r9d
-	movl RSP-ARGOFFSET(%rsp), %r8d
 	cmpl $(IA32_NR_syscalls-1),%eax
 	ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
 	jmp cstar_do_call
@@ -431,6 +433,8 @@ ia32_do_call:
 	call *ia32_sys_call_table(,%rax,8) # xxx: rip relative
 ia32_sysret:
 	movq %rax,RAX-ARGOFFSET(%rsp)
+ia32_ret_from_sys_call:
+	CLEAR_RREGS -ARGOFFSET
 	jmp int_ret_from_sys_call 
 
 ia32_tracesys:			 
@@ -448,8 +452,8 @@ END(ia32_syscall)
 
 ia32_badsys:
 	movq $0,ORIG_RAX-ARGOFFSET(%rsp)
-	movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
-	jmp int_ret_from_sys_call
+	movq $-ENOSYS,%rax
+	jmp ia32_sysret
 
 quiet_ni_syscall:
 	movq $-ENOSYS,%rax
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index f7c7142..60ebfd7 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2571,6 +2571,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
 		a3 &= 0xFFFFFFFF;
 	}
 
+	if (kvm_x86_ops->get_cpl(vcpu) != 0) {
+		ret = -KVM_EPERM;
+		goto out;
+	}
+
 	switch (nr) {
 	case KVM_HC_VAPIC_POLL_IRQ:
 		ret = 0;
@@ -2582,6 +2587,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
 		ret = -KVM_ENOSYS;
 		break;
 	}
+out:
 	vcpu->arch.regs[VCPU_REGS_RAX] = ret;
 	kvm_x86_ops->decache_regs(vcpu);
 	++vcpu->stat.hypercalls;
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 56fe712..47dd8f5 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -29,13 +29,26 @@
 #include <linux/random.h>
 #include <linux/limits.h>
 #include <linux/sched.h>
+#include <asm/elf.h>
+
+static unsigned int stack_maxrandom_size(void)
+{
+	unsigned int max = 0;
+	if ((current->flags & PF_RANDOMIZE) &&
+		!(current->personality & ADDR_NO_RANDOMIZE)) {
+		max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
+	}
+
+	return max;
+}
+
 
 /*
  * Top of mmap area (just below the process stack).
  *
- * Leave an at least ~128 MB hole.
+ * Leave an at least ~128 MB hole with possible stack randomization.
  */
-#define MIN_GAP (128*1024*1024)
+#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
 #define MAX_GAP (TASK_SIZE/6*5)
 
 /*
diff --git a/drivers/net/iseries_veth.c b/drivers/net/iseries_veth.c
index c46864d..e1db78a 100644
--- a/drivers/net/iseries_veth.c
+++ b/drivers/net/iseries_veth.c
@@ -495,7 +495,7 @@ static void veth_take_cap_ack(struct veth_lpar_connection *cnx,
 			   cnx->remote_lp);
 	} else {
 		memcpy(&cnx->cap_ack_event, event,
-		       sizeof(&cnx->cap_ack_event));
+		       sizeof(cnx->cap_ack_event));
 		cnx->state |= VETH_STATE_GOTCAPACK;
 		veth_kick_statemachine(cnx);
 	}
diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
index 763c1ea..dad4fe6 100644
--- a/drivers/watchdog/hpwdt.c
+++ b/drivers/watchdog/hpwdt.c
@@ -47,6 +47,7 @@
 #define PCI_BIOS32_PARAGRAPH_LEN	16
 #define PCI_ROM_BASE1			0x000F0000
 #define ROM_SIZE			0x10000
+#define HPWDT_VERSION			"1.01"
 
 struct bios32_service_dir {
 	u32 signature;
@@ -130,12 +131,8 @@ static void *cru_rom_addr;
 static struct cmn_registers cmn_regs;
 
 static struct pci_device_id hpwdt_devices[] = {
-	{
-	 .vendor = PCI_VENDOR_ID_COMPAQ,
-	 .device = 0xB203,
-	 .subvendor = PCI_ANY_ID,
-	 .subdevice = PCI_ANY_ID,
-	},
+	{ PCI_DEVICE(PCI_VENDOR_ID_COMPAQ, 0xB203) },
+	{ PCI_DEVICE(PCI_VENDOR_ID_HP, 0x3306) },
 	{0},			/* terminate list */
 };
 MODULE_DEVICE_TABLE(pci, hpwdt_devices);
@@ -704,10 +701,11 @@ static int __devinit hpwdt_init_one(struct pci_dev *dev,
 	}
 
 	printk(KERN_INFO
-		"hp Watchdog Timer Driver: 1.00"
+		"hp Watchdog Timer Driver: %s"
 		", timer margin: %d seconds (nowayout=%d)"
 		", allow kernel dump: %s (default = 0/OFF).\n",
-		soft_margin, nowayout, (allow_kdump == 0) ? "OFF" : "ON");
+		HPWDT_VERSION, soft_margin, nowayout,
+		(allow_kdump == 0) ? "OFF" : "ON");
 
 	return 0;
 
@@ -757,6 +755,7 @@ static int __init hpwdt_init(void)
 MODULE_AUTHOR("Tom Mingarelli");
 MODULE_DESCRIPTION("hp watchdog driver");
 MODULE_LICENSE("GPL");
+MODULE_VERSION(HPWDT_VERSION);
 MODULE_ALIAS_MISCDEV(WATCHDOG_MINOR);
 
 module_param(soft_margin, int, 0);
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 5e78fc1..1c1220e 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -443,6 +443,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
 	struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
 	struct dentry *lower_dir_dentry;
 
+	dget(lower_dentry);
 	lower_dir_dentry = lock_parent(lower_dentry);
 	rc = vfs_unlink(lower_dir_inode, lower_dentry);
 	if (rc) {
@@ -456,6 +457,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
 	d_drop(dentry);
 out_unlock:
 	unlock_dir(lower_dir_dentry);
+	dput(lower_dentry);
 	return rc;
 }
 
diff --git a/include/asm-x86/elf.h b/include/asm-x86/elf.h
index 7be4733..36343b6 100644
--- a/include/asm-x86/elf.h
+++ b/include/asm-x86/elf.h
@@ -287,6 +287,8 @@ do {									\
 
 #ifdef CONFIG_X86_32
 
+#define STACK_RND_MASK (0x7ff)
+
 #define VDSO_HIGH_BASE		(__fix_to_virt(FIX_VDSO))
 
 #define ARCH_DLINFO		ARCH_DLINFO_IA32(vdso_enabled)
diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h
index 3ddce03..d731092 100644
--- a/include/linux/kvm_para.h
+++ b/include/linux/kvm_para.h
@@ -13,6 +13,7 @@
 #define KVM_ENOSYS		1000
 #define KVM_EFAULT		EFAULT
 #define KVM_E2BIG		E2BIG
+#define KVM_EPERM		EPERM
 
 #define KVM_HC_VAPIC_POLL_IRQ		1
 #define KVM_HC_MMU_OP			2
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 521960b..6e22c16 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -477,6 +477,28 @@ void update_wall_time(void)
 	/* correct the clock when NTP error is too big */
 	clocksource_adjust(offset);
 
+	/*
+	 * Since in the loop above, we accumulate any amount of time
+	 * in xtime_nsec over a second into xtime.tv_sec, its possible for
+	 * xtime_nsec to be fairly small after the loop. Further, if we're
+	 * slightly speeding the clocksource up in clocksource_adjust(),
+	 * its possible the required corrective factor to xtime_nsec could
+	 * cause it to underflow.
+	 *
+	 * Now, we cannot simply roll the accumulated second back, since
+	 * the NTP subsystem has been notified via second_overflow. So
+	 * instead we push xtime_nsec forward by the amount we underflowed,
+	 * and add that amount into the error.
+	 *
+	 * We'll correct this error next time through this function, when
+ 	 * xtime_nsec is not as small.
+	 */
+	if (unlikely((s64)clock->xtime_nsec < 0)) {
+		s64 neg = -(s64)clock->xtime_nsec;
+		clock->xtime_nsec = 0;
+		clock->error += neg << (NTP_SCALE_SHIFT - clock->shift);
+	}
+
 	/* store full nanoseconds into xtime */
 	xtime.tv_nsec = (s64)clock->xtime_nsec >> clock->shift;
 	clock->xtime_nsec -= (s64)xtime.tv_nsec << clock->shift;
Commit	Line	Data
82094b55 AF	1	From: Greg Kroah-Hartman <gregkh@suse.de>
	2	Subject: Linux 2.6.27.37
	3
	4	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	5
	6	diff --git a/Makefile b/Makefile
	7	index e7046ea..e063536 100644
	8	--- a/Makefile
	9	+++ b/Makefile
	10	@@ -1,7 +1,7 @@
	11	VERSION = 2
	12	PATCHLEVEL = 6
	13	SUBLEVEL = 27
	14	-EXTRAVERSION = .36
	15	+EXTRAVERSION = .37
	16	NAME = Trembling Tortoise
	17
	18	# DOCUMENTATION
	19	diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
	20	index 5e65290..09b59b2 100644
	21	--- a/arch/x86/ia32/ia32entry.S
	22	+++ b/arch/x86/ia32/ia32entry.S
	23	@@ -21,8 +21,8 @@
	24	#define __AUDIT_ARCH_LE 0x40000000
	25
	26	#ifndef CONFIG_AUDITSYSCALL
	27	-#define sysexit_audit int_ret_from_sys_call
	28	-#define sysretl_audit int_ret_from_sys_call
	29	+#define sysexit_audit ia32_ret_from_sys_call
	30	+#define sysretl_audit ia32_ret_from_sys_call
	31	#endif
	32
	33	#define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8)
	34	@@ -39,12 +39,12 @@
	35	.endm
	36
	37	/* clobbers %eax */
	38	- .macro CLEAR_RREGS
	39	+ .macro CLEAR_RREGS offset=0, _r9=rax
	40	xorl %eax,%eax
	41	- movq %rax,R11(%rsp)
	42	- movq %rax,R10(%rsp)
	43	- movq %rax,R9(%rsp)
	44	- movq %rax,R8(%rsp)
	45	+ movq %rax,\offset+R11(%rsp)
	46	+ movq %rax,\offset+R10(%rsp)
	47	+ movq %\_r9,\offset+R9(%rsp)
	48	+ movq %rax,\offset+R8(%rsp)
	49	.endm
	50
	51	/*
	52	@@ -52,11 +52,10 @@
	53	* We don't reload %eax because syscall_trace_enter() returned
	54	* the value it wants us to use in the table lookup.
	55	*/
	56	- .macro LOAD_ARGS32 offset
	57	- movl \offset(%rsp),%r11d
	58	- movl \offset+8(%rsp),%r10d
	59	+ .macro LOAD_ARGS32 offset, _r9=0
	60	+ .if \_r9
	61	movl \offset+16(%rsp),%r9d
	62	- movl \offset+24(%rsp),%r8d
	63	+ .endif
	64	movl \offset+40(%rsp),%ecx
65	movl \offset+48(%rsp),%edx
66	movl \offset+56(%rsp),%esi
67	@@ -145,7 +144,7 @@ ENTRY(ia32_sysenter_target)
68	SAVE_ARGS 0,0,1
69	/* no need to do an access_ok check here because rbp has been
70	32bit zero extended */
71	-1: movl (%rbp),%r9d
72	+1: movl (%rbp),%ebp
73	.section __ex_table,"a"
74	.quad 1b,ia32_badarg
75	.previous
76	@@ -157,7 +156,7 @@ ENTRY(ia32_sysenter_target)
77	cmpl $(IA32_NR_syscalls-1),%eax
78	ja ia32_badsys
79	sysenter_do_call:
80	- IA32_ARG_FIXUP 1
81	+ IA32_ARG_FIXUP
82	sysenter_dispatch:
83	call *ia32_sys_call_table(,%rax,8)
84	movq %rax,RAX-ARGOFFSET(%rsp)
85	@@ -173,6 +172,10 @@ sysexit_from_sys_call:
86	movl RIP-R11(%rsp),%edx /* User %eip */
87	CFI_REGISTER rip,rdx
88	RESTORE_ARGS 1,24,1,1,1,1
89	+ xorq %r8,%r8
90	+ xorq %r9,%r9
91	+ xorq %r10,%r10
92	+ xorq %r11,%r11
93	popfq
94	CFI_ADJUST_CFA_OFFSET -8
95	/CFI_RESTORE rflags/
96	@@ -203,7 +206,7 @@ sysexit_from_sys_call:
97
98	.macro auditsys_exit exit,ebpsave=RBP
99	testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
100	- jnz int_ret_from_sys_call
101	+ jnz ia32_ret_from_sys_call
102	TRACE_IRQS_ON
103	sti
104	movl %eax,%esi /* second arg, syscall return value */
105	@@ -219,8 +222,9 @@ sysexit_from_sys_call:
106	cli
107	TRACE_IRQS_OFF
108	testl %edi,TI_flags(%r10)
109	- jnz int_with_check
110	- jmp \exit
111	+ jz \exit
112	+ CLEAR_RREGS -ARGOFFSET
113	+ jmp int_with_check
114	.endm
115
116	sysenter_auditsys:
117	@@ -234,20 +238,17 @@ sysexit_audit:
118	#endif
119
120	sysenter_tracesys:
121	- xchgl %r9d,%ebp
122	#ifdef CONFIG_AUDITSYSCALL
123	testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
124	jz sysenter_auditsys
125	#endif
126	SAVE_REST
127	CLEAR_RREGS
128	- movq %r9,R9(%rsp)
129	movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
130	movq %rsp,%rdi /* &pt_regs -> arg1 */
131	call syscall_trace_enter
132	LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
133	RESTORE_REST
134	- xchgl %ebp,%r9d
135	cmpl $(IA32_NR_syscalls-1),%eax
136	ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
137	jmp sysenter_do_call
138	@@ -314,9 +315,9 @@ ENTRY(ia32_cstar_target)
139	testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
140	CFI_REMEMBER_STATE
141	jnz cstar_tracesys
142	-cstar_do_call:
143	cmpl $IA32_NR_syscalls-1,%eax
144	ja ia32_badsys
145	+cstar_do_call:
146	IA32_ARG_FIXUP 1
147	cstar_dispatch:
148	call *ia32_sys_call_table(,%rax,8)
149	@@ -333,6 +334,9 @@ sysretl_from_sys_call:
150	CFI_REGISTER rip,rcx
151	movl EFLAGS-ARGOFFSET(%rsp),%r11d
152	/CFI_REGISTER rflags,r11/
153	+ xorq %r10,%r10
154	+ xorq %r9,%r9
155	+ xorq %r8,%r8
156	TRACE_IRQS_ON
157	movl RSP-ARGOFFSET(%rsp),%esp
158	CFI_RESTORE rsp
159	@@ -357,15 +361,13 @@ cstar_tracesys:
160	#endif
161	xchgl %r9d,%ebp
162	SAVE_REST
163	- CLEAR_RREGS
164	- movq %r9,R9(%rsp)
165	+ CLEAR_RREGS 0, r9
166	movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
167	movq %rsp,%rdi /* &pt_regs -> arg1 */
168	call syscall_trace_enter
169	- LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
170	+ LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */
171	RESTORE_REST
172	xchgl %ebp,%r9d
173	- movl RSP-ARGOFFSET(%rsp), %r8d
174	cmpl $(IA32_NR_syscalls-1),%eax
175	ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
176	jmp cstar_do_call
177	@@ -431,6 +433,8 @@ ia32_do_call:
178	call *ia32_sys_call_table(,%rax,8) # xxx: rip relative
179	ia32_sysret:
180	movq %rax,RAX-ARGOFFSET(%rsp)
181	+ia32_ret_from_sys_call:
182	+ CLEAR_RREGS -ARGOFFSET
183	jmp int_ret_from_sys_call
184
185	ia32_tracesys:
186	@@ -448,8 +452,8 @@ END(ia32_syscall)
187
188	ia32_badsys:
189	movq $0,ORIG_RAX-ARGOFFSET(%rsp)
190	- movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
191	- jmp int_ret_from_sys_call
192	+ movq $-ENOSYS,%rax
193	+ jmp ia32_sysret
194
195	quiet_ni_syscall:
196	movq $-ENOSYS,%rax
197	diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
198	index f7c7142..60ebfd7 100644
199	--- a/arch/x86/kvm/x86.c
200	+++ b/arch/x86/kvm/x86.c
201	@@ -2571,6 +2571,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
202	a3 &= 0xFFFFFFFF;
203	}
204
205	+ if (kvm_x86_ops->get_cpl(vcpu) != 0) {
206	+ ret = -KVM_EPERM;
207	+ goto out;
208	+ }
209	+
210	switch (nr) {
211	case KVM_HC_VAPIC_POLL_IRQ:
212	ret = 0;
213	@@ -2582,6 +2587,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
214	ret = -KVM_ENOSYS;
215	break;
216	}
217	+out:
218	vcpu->arch.regs[VCPU_REGS_RAX] = ret;
219	kvm_x86_ops->decache_regs(vcpu);
220	++vcpu->stat.hypercalls;
221	diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
222	index 56fe712..47dd8f5 100644
223	--- a/arch/x86/mm/mmap.c
224	+++ b/arch/x86/mm/mmap.c
225	@@ -29,13 +29,26 @@
226	#include <linux/random.h>
227	#include <linux/limits.h>
228	#include <linux/sched.h>
229	+#include <asm/elf.h>
230	+
231	+static unsigned int stack_maxrandom_size(void)
232	+{
233	+ unsigned int max = 0;
234	+ if ((current->flags & PF_RANDOMIZE) &&
235	+ !(current->personality & ADDR_NO_RANDOMIZE)) {
236	+ max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
237	+ }
238	+
239	+ return max;
240	+}
241	+
242
243	/*
244	* Top of mmap area (just below the process stack).
245	*
246	- * Leave an at least ~128 MB hole.
247	+ * Leave an at least ~128 MB hole with possible stack randomization.
248	*/
249	-#define MIN_GAP (12810241024)
250	+#define MIN_GAP (12810241024UL + stack_maxrandom_size())
251	#define MAX_GAP (TASK_SIZE/6*5)
252
253	/*
254	diff --git a/drivers/net/iseries_veth.c b/drivers/net/iseries_veth.c
255	index c46864d..e1db78a 100644
256	--- a/drivers/net/iseries_veth.c
257	+++ b/drivers/net/iseries_veth.c
258	@@ -495,7 +495,7 @@ static void veth_take_cap_ack(struct veth_lpar_connection *cnx,
259	cnx->remote_lp);
260	} else {
261	memcpy(&cnx->cap_ack_event, event,
262	- sizeof(&cnx->cap_ack_event));
263	+ sizeof(cnx->cap_ack_event));
264	cnx->state \|= VETH_STATE_GOTCAPACK;
265	veth_kick_statemachine(cnx);
266	}
267	diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
268	index 763c1ea..dad4fe6 100644
269	--- a/drivers/watchdog/hpwdt.c
270	+++ b/drivers/watchdog/hpwdt.c
271	@@ -47,6 +47,7 @@
272	#define PCI_BIOS32_PARAGRAPH_LEN 16
273	#define PCI_ROM_BASE1 0x000F0000
274	#define ROM_SIZE 0x10000
275	+#define HPWDT_VERSION "1.01"
276
277	struct bios32_service_dir {
278	u32 signature;
279	@@ -130,12 +131,8 @@ static void *cru_rom_addr;
280	static struct cmn_registers cmn_regs;
281
282	static struct pci_device_id hpwdt_devices[] = {
283	- {
284	- .vendor = PCI_VENDOR_ID_COMPAQ,
285	- .device = 0xB203,
286	- .subvendor = PCI_ANY_ID,
287	- .subdevice = PCI_ANY_ID,
288	- },
289	+ { PCI_DEVICE(PCI_VENDOR_ID_COMPAQ, 0xB203) },
290	+ { PCI_DEVICE(PCI_VENDOR_ID_HP, 0x3306) },
291	{0}, /* terminate list */
292	};
293	MODULE_DEVICE_TABLE(pci, hpwdt_devices);
294	@@ -704,10 +701,11 @@ static int __devinit hpwdt_init_one(struct pci_dev *dev,
295	}
296
297	printk(KERN_INFO
298	- "hp Watchdog Timer Driver: 1.00"
299	+ "hp Watchdog Timer Driver: %s"
300	", timer margin: %d seconds (nowayout=%d)"
301	", allow kernel dump: %s (default = 0/OFF).\n",
302	- soft_margin, nowayout, (allow_kdump == 0) ? "OFF" : "ON");
303	+ HPWDT_VERSION, soft_margin, nowayout,
304	+ (allow_kdump == 0) ? "OFF" : "ON");
305
306	return 0;
307
308	@@ -757,6 +755,7 @@ static int __init hpwdt_init(void)
309	MODULE_AUTHOR("Tom Mingarelli");
310	MODULE_DESCRIPTION("hp watchdog driver");
311	MODULE_LICENSE("GPL");
312	+MODULE_VERSION(HPWDT_VERSION);
313	MODULE_ALIAS_MISCDEV(WATCHDOG_MINOR);
314
315	module_param(soft_margin, int, 0);
316	diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
317	index 5e78fc1..1c1220e 100644
318	--- a/fs/ecryptfs/inode.c
319	+++ b/fs/ecryptfs/inode.c
320	@@ -443,6 +443,7 @@ static int ecryptfs_unlink(struct inode dir, struct dentry dentry)
321	struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
322	struct dentry *lower_dir_dentry;
323
324	+ dget(lower_dentry);
325	lower_dir_dentry = lock_parent(lower_dentry);
326	rc = vfs_unlink(lower_dir_inode, lower_dentry);
327	if (rc) {
328	@@ -456,6 +457,7 @@ static int ecryptfs_unlink(struct inode dir, struct dentry dentry)
329	d_drop(dentry);
330	out_unlock:
331	unlock_dir(lower_dir_dentry);
332	+ dput(lower_dentry);
333	return rc;
334	}
335
336	diff --git a/include/asm-x86/elf.h b/include/asm-x86/elf.h
337	index 7be4733..36343b6 100644
338	--- a/include/asm-x86/elf.h
339	+++ b/include/asm-x86/elf.h
340	@@ -287,6 +287,8 @@ do { \
341
342	#ifdef CONFIG_X86_32
343
344	+#define STACK_RND_MASK (0x7ff)
345	+
346	#define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO))
347
348	#define ARCH_DLINFO ARCH_DLINFO_IA32(vdso_enabled)
349	diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h
350	index 3ddce03..d731092 100644
351	--- a/include/linux/kvm_para.h
352	+++ b/include/linux/kvm_para.h
353	@@ -13,6 +13,7 @@
354	#define KVM_ENOSYS 1000
355	#define KVM_EFAULT EFAULT
356	#define KVM_E2BIG E2BIG
357	+#define KVM_EPERM EPERM
358
359	#define KVM_HC_VAPIC_POLL_IRQ 1
360	#define KVM_HC_MMU_OP 2
361	diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
362	index 521960b..6e22c16 100644
363	--- a/kernel/time/timekeeping.c
364	+++ b/kernel/time/timekeeping.c
365	@@ -477,6 +477,28 @@ void update_wall_time(void)
366	/* correct the clock when NTP error is too big */
367	clocksource_adjust(offset);
368
369	+ /*
370	+ * Since in the loop above, we accumulate any amount of time
371	+ * in xtime_nsec over a second into xtime.tv_sec, its possible for
372	+ * xtime_nsec to be fairly small after the loop. Further, if we're
373	+ * slightly speeding the clocksource up in clocksource_adjust(),
374	+ * its possible the required corrective factor to xtime_nsec could
375	+ * cause it to underflow.
376	+ *
377	+ * Now, we cannot simply roll the accumulated second back, since
378	+ * the NTP subsystem has been notified via second_overflow. So
379	+ * instead we push xtime_nsec forward by the amount we underflowed,
380	+ * and add that amount into the error.
381	+ *
382	+ * We'll correct this error next time through this function, when
383	+ * xtime_nsec is not as small.
384	+ */
385	+ if (unlikely((s64)clock->xtime_nsec < 0)) {
386	+ s64 neg = -(s64)clock->xtime_nsec;
387	+ clock->xtime_nsec = 0;
388	+ clock->error += neg << (NTP_SCALE_SHIFT - clock->shift);
389	+ }
390	+
391	/* store full nanoseconds into xtime */
392	xtime.tv_nsec = (s64)clock->xtime_nsec >> clock->shift;
393	clock->xtime_nsec -= (s64)xtime.tv_nsec << clock->shift;