--- /dev/null
+From 897f1acbb6702ddaa953e8d8436eee3b12016c7e Mon Sep 17 00:00:00 2001
+From: Richard Guy Briggs <rgb@redhat.com>
+Date: Thu, 30 Oct 2014 11:22:53 -0400
+Subject: audit: AUDIT_FEATURE_CHANGE message format missing delimiting space
+
+From: Richard Guy Briggs <rgb@redhat.com>
+
+commit 897f1acbb6702ddaa953e8d8436eee3b12016c7e upstream.
+
+Add a space between subj= and feature= fields to make them parsable.
+
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -702,7 +702,7 @@ static void audit_log_feature_change(int
+
+ ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
+ audit_log_task_info(ab, current);
+- audit_log_format(ab, "feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d",
++ audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d",
+ audit_feature_names[which], !!old_feature, !!new_feature,
+ !!old_lock, !!new_lock, res);
+ audit_log_end(ab);
--- /dev/null
+From 9ef91514774a140e468f99d73d7593521e6d25dc Mon Sep 17 00:00:00 2001
+From: Richard Guy Briggs <rgb@redhat.com>
+Date: Sun, 24 Aug 2014 20:37:52 -0400
+Subject: audit: correct AUDIT_GET_FEATURE return message type
+
+From: Richard Guy Briggs <rgb@redhat.com>
+
+commit 9ef91514774a140e468f99d73d7593521e6d25dc upstream.
+
+When an AUDIT_GET_FEATURE message is sent from userspace to the kernel, it
+should reply with a message tagged as an AUDIT_GET_FEATURE type with a struct
+audit_feature. The current reply is a message tagged as an AUDIT_GET
+type with a struct audit_feature.
+
+This appears to have been a cut-and-paste-eo in commit b0fed40.
+
+Reported-by: Steve Grubb <sgrubb@redhat.com>
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -687,7 +687,7 @@ static int audit_get_feature(struct sk_b
+
+ seq = nlmsg_hdr(skb)->nlmsg_seq;
+
+- audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &af, sizeof(af));
++ audit_send_reply(skb, seq, AUDIT_GET_FEATURE, 0, 0, &af, sizeof(af));
+
+ return 0;
+ }
--- /dev/null
+From 799b601451b21ebe7af0e6e8f6e2ccd4683c5064 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@suse.cz>
+Date: Tue, 4 Nov 2014 11:27:12 +0100
+Subject: audit: keep inode pinned
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit 799b601451b21ebe7af0e6e8f6e2ccd4683c5064 upstream.
+
+Audit rules disappear when an inode they watch is evicted from the cache.
+This is likely not what we want.
+
+The guilty commit is "fsnotify: allow marks to not pin inodes in core",
+which didn't take into account that audit_tree adds watches with a zero
+mask.
+
+Adding any mask should fix this.
+
+Fixes: 90b1e7a57880 ("fsnotify: allow marks to not pin inodes in core")
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit_tree.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/kernel/audit_tree.c
++++ b/kernel/audit_tree.c
+@@ -154,6 +154,7 @@ static struct audit_chunk *alloc_chunk(i
+ chunk->owners[i].index = i;
+ }
+ fsnotify_init_mark(&chunk->mark, audit_tree_destroy_watch);
++ chunk->mark.mask = FS_IN_IGNORED;
+ return chunk;
+ }
+
--- /dev/null
+From 738459e3f88538f2ece263424dafe5d91799e46b Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 30 Oct 2014 14:40:22 +0200
+Subject: crypto: caam - fix missing dma unmap on error path
+
+From: Cristian Stoica <cristian.stoica@freescale.com>
+
+commit 738459e3f88538f2ece263424dafe5d91799e46b upstream.
+
+If dma mapping for dma_addr_out fails, the descriptor memory is freed
+but the previous dma mapping for dma_addr_in remains.
+This patch resolves the missing dma unmap and groups resource
+allocations at function start.
+
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/caam/key_gen.c | 29 ++++++++++++++---------------
+ 1 file changed, 14 insertions(+), 15 deletions(-)
+
+--- a/drivers/crypto/caam/key_gen.c
++++ b/drivers/crypto/caam/key_gen.c
+@@ -51,23 +51,29 @@ int gen_split_key(struct device *jrdev,
+ u32 *desc;
+ struct split_key_result result;
+ dma_addr_t dma_addr_in, dma_addr_out;
+- int ret = 0;
++ int ret = -ENOMEM;
+
+ desc = kmalloc(CAAM_CMD_SZ * 6 + CAAM_PTR_SZ * 2, GFP_KERNEL | GFP_DMA);
+ if (!desc) {
+ dev_err(jrdev, "unable to allocate key input memory\n");
+- return -ENOMEM;
++ return ret;
+ }
+
+- init_job_desc(desc, 0);
+-
+ dma_addr_in = dma_map_single(jrdev, (void *)key_in, keylen,
+ DMA_TO_DEVICE);
+ if (dma_mapping_error(jrdev, dma_addr_in)) {
+ dev_err(jrdev, "unable to map key input memory\n");
+- kfree(desc);
+- return -ENOMEM;
++ goto out_free;
+ }
++
++ dma_addr_out = dma_map_single(jrdev, key_out, split_key_pad_len,
++ DMA_FROM_DEVICE);
++ if (dma_mapping_error(jrdev, dma_addr_out)) {
++ dev_err(jrdev, "unable to map key output memory\n");
++ goto out_unmap_in;
++ }
++
++ init_job_desc(desc, 0);
+ append_key(desc, dma_addr_in, keylen, CLASS_2 | KEY_DEST_CLASS_REG);
+
+ /* Sets MDHA up into an HMAC-INIT */
+@@ -84,13 +90,6 @@ int gen_split_key(struct device *jrdev,
+ * FIFO_STORE with the explicit split-key content store
+ * (0x26 output type)
+ */
+- dma_addr_out = dma_map_single(jrdev, key_out, split_key_pad_len,
+- DMA_FROM_DEVICE);
+- if (dma_mapping_error(jrdev, dma_addr_out)) {
+- dev_err(jrdev, "unable to map key output memory\n");
+- kfree(desc);
+- return -ENOMEM;
+- }
+ append_fifo_store(desc, dma_addr_out, split_key_len,
+ LDST_CLASS_2_CCB | FIFOST_TYPE_SPLIT_KEK);
+
+@@ -118,10 +117,10 @@ int gen_split_key(struct device *jrdev,
+
+ dma_unmap_single(jrdev, dma_addr_out, split_key_pad_len,
+ DMA_FROM_DEVICE);
++out_unmap_in:
+ dma_unmap_single(jrdev, dma_addr_in, keylen, DMA_TO_DEVICE);
+-
++out_free:
+ kfree(desc);
+-
+ return ret;
+ }
+ EXPORT_SYMBOL(gen_split_key);
--- /dev/null
+From 307fd543f3d23f8f56850eca1b27b1be2fe71017 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 14 Aug 2014 13:51:56 +0300
+Subject: crypto: caam - remove duplicated sg copy functions
+
+From: Cristian Stoica <cristian.stoica@freescale.com>
+
+commit 307fd543f3d23f8f56850eca1b27b1be2fe71017 upstream.
+
+Replace equivalent (and partially incorrect) scatter-gather functions
+with ones from crypto-API.
+
+The replacement is motivated by page-faults in sg_copy_part triggered
+by successive calls to crypto_hash_update. The following fault appears
+after calling crypto_ahash_update twice, first with 13 and then
+with 285 bytes:
+
+Unable to handle kernel paging request for data at address 0x00000008
+Faulting instruction address: 0xf9bf9a8c
+Oops: Kernel access of bad area, sig: 11 [#1]
+SMP NR_CPUS=8 CoreNet Generic
+Modules linked in: tcrypt(+) caamhash caam_jr caam tls
+CPU: 6 PID: 1497 Comm: cryptomgr_test Not tainted
+3.12.19-rt30-QorIQ-SDK-V1.6+g9fda9f2 #75
+task: e9308530 ti: e700e000 task.ti: e700e000
+NIP: f9bf9a8c LR: f9bfcf28 CTR: c0019ea0
+REGS: e700fb80 TRAP: 0300 Not tainted
+(3.12.19-rt30-QorIQ-SDK-V1.6+g9fda9f2)
+MSR: 00029002 <CE,EE,ME> CR: 44f92024 XER: 20000000
+DEAR: 00000008, ESR: 00000000
+
+GPR00: f9bfcf28 e700fc30 e9308530 e70b1e55 00000000 ffffffdd e70b1e54 0bebf888
+GPR08: 902c7ef5 c0e771e2 00000002 00000888 c0019ea0 00000000 00000000 c07a4154
+GPR16: c08d0000 e91a8f9c 00000001 e98fb400 00000100 e9c83028 e70b1e08 e70b1d48
+GPR24: e992ce10 e70b1dc8 f9bfe4f4 e70b1e55 ffffffdd e70b1ce0 00000000 00000000
+NIP [f9bf9a8c] sg_copy+0x1c/0x100 [caamhash]
+LR [f9bfcf28] ahash_update_no_ctx+0x628/0x660 [caamhash]
+Call Trace:
+[e700fc30] [f9bf9c50] sg_copy_part+0xe0/0x160 [caamhash] (unreliable)
+[e700fc50] [f9bfcf28] ahash_update_no_ctx+0x628/0x660 [caamhash]
+[e700fcb0] [f954e19c] crypto_tls_genicv+0x13c/0x300 [tls]
+[e700fd10] [f954e65c] crypto_tls_encrypt+0x5c/0x260 [tls]
+[e700fd40] [c02250ec] __test_aead.constprop.9+0x2bc/0xb70
+[e700fe40] [c02259f0] alg_test_aead+0x50/0xc0
+[e700fe60] [c02241e4] alg_test+0x114/0x2e0
+[e700fee0] [c022276c] cryptomgr_test+0x4c/0x60
+[e700fef0] [c004f658] kthread+0x98/0xa0
+[e700ff40] [c000fd04] ret_from_kernel_thread+0x5c/0x64
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Cristian Stoica <cristian.stoica@freescale.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/caam/caamhash.c | 22 ++++++++++-----
+ drivers/crypto/caam/sg_sw_sec4.h | 54 ---------------------------------------
+ 2 files changed, 14 insertions(+), 62 deletions(-)
+
+--- a/drivers/crypto/caam/caamhash.c
++++ b/drivers/crypto/caam/caamhash.c
+@@ -835,8 +835,9 @@ static int ahash_update_ctx(struct ahash
+ edesc->sec4_sg + sec4_sg_src_index,
+ chained);
+ if (*next_buflen) {
+- sg_copy_part(next_buf, req->src, to_hash -
+- *buflen, req->nbytes);
++ scatterwalk_map_and_copy(next_buf, req->src,
++ to_hash - *buflen,
++ *next_buflen, 0);
+ state->current_buf = !state->current_buf;
+ }
+ } else {
+@@ -869,7 +870,8 @@ static int ahash_update_ctx(struct ahash
+ kfree(edesc);
+ }
+ } else if (*next_buflen) {
+- sg_copy(buf + *buflen, req->src, req->nbytes);
++ scatterwalk_map_and_copy(buf + *buflen, req->src, 0,
++ req->nbytes, 0);
+ *buflen = *next_buflen;
+ *next_buflen = last_buflen;
+ }
+@@ -1216,8 +1218,9 @@ static int ahash_update_no_ctx(struct ah
+ src_map_to_sec4_sg(jrdev, req->src, src_nents,
+ edesc->sec4_sg + 1, chained);
+ if (*next_buflen) {
+- sg_copy_part(next_buf, req->src, to_hash - *buflen,
+- req->nbytes);
++ scatterwalk_map_and_copy(next_buf, req->src,
++ to_hash - *buflen,
++ *next_buflen, 0);
+ state->current_buf = !state->current_buf;
+ }
+
+@@ -1248,7 +1251,8 @@ static int ahash_update_no_ctx(struct ah
+ kfree(edesc);
+ }
+ } else if (*next_buflen) {
+- sg_copy(buf + *buflen, req->src, req->nbytes);
++ scatterwalk_map_and_copy(buf + *buflen, req->src, 0,
++ req->nbytes, 0);
+ *buflen = *next_buflen;
+ *next_buflen = 0;
+ }
+@@ -1405,7 +1409,8 @@ static int ahash_update_first(struct aha
+ }
+
+ if (*next_buflen)
+- sg_copy_part(next_buf, req->src, to_hash, req->nbytes);
++ scatterwalk_map_and_copy(next_buf, req->src, to_hash,
++ *next_buflen, 0);
+
+ sh_len = desc_len(sh_desc);
+ desc = edesc->hw_desc;
+@@ -1438,7 +1443,8 @@ static int ahash_update_first(struct aha
+ state->update = ahash_update_no_ctx;
+ state->finup = ahash_finup_no_ctx;
+ state->final = ahash_final_no_ctx;
+- sg_copy(next_buf, req->src, req->nbytes);
++ scatterwalk_map_and_copy(next_buf, req->src, 0,
++ req->nbytes, 0);
+ }
+ #ifdef DEBUG
+ print_hex_dump(KERN_ERR, "next buf@"__stringify(__LINE__)": ",
+--- a/drivers/crypto/caam/sg_sw_sec4.h
++++ b/drivers/crypto/caam/sg_sw_sec4.h
+@@ -116,57 +116,3 @@ static int dma_unmap_sg_chained(struct d
+ }
+ return nents;
+ }
+-
+-/* Map SG page in kernel virtual address space and copy */
+-static inline void sg_map_copy(u8 *dest, struct scatterlist *sg,
+- int len, int offset)
+-{
+- u8 *mapped_addr;
+-
+- /*
+- * Page here can be user-space pinned using get_user_pages
+- * Same must be kmapped before use and kunmapped subsequently
+- */
+- mapped_addr = kmap_atomic(sg_page(sg));
+- memcpy(dest, mapped_addr + offset, len);
+- kunmap_atomic(mapped_addr);
+-}
+-
+-/* Copy from len bytes of sg to dest, starting from beginning */
+-static inline void sg_copy(u8 *dest, struct scatterlist *sg, unsigned int len)
+-{
+- struct scatterlist *current_sg = sg;
+- int cpy_index = 0, next_cpy_index = current_sg->length;
+-
+- while (next_cpy_index < len) {
+- sg_map_copy(dest + cpy_index, current_sg, current_sg->length,
+- current_sg->offset);
+- current_sg = scatterwalk_sg_next(current_sg);
+- cpy_index = next_cpy_index;
+- next_cpy_index += current_sg->length;
+- }
+- if (cpy_index < len)
+- sg_map_copy(dest + cpy_index, current_sg, len-cpy_index,
+- current_sg->offset);
+-}
+-
+-/* Copy sg data, from to_skip to end, to dest */
+-static inline void sg_copy_part(u8 *dest, struct scatterlist *sg,
+- int to_skip, unsigned int end)
+-{
+- struct scatterlist *current_sg = sg;
+- int sg_index, cpy_index, offset;
+-
+- sg_index = current_sg->length;
+- while (sg_index <= to_skip) {
+- current_sg = scatterwalk_sg_next(current_sg);
+- sg_index += current_sg->length;
+- }
+- cpy_index = sg_index - to_skip;
+- offset = current_sg->offset + current_sg->length - cpy_index;
+- sg_map_copy(dest, current_sg, cpy_index, offset);
+- if (end - sg_index) {
+- current_sg = scatterwalk_sg_next(current_sg);
+- sg_copy(dest + cpy_index, current_sg, end - sg_index);
+- }
+-}
--- /dev/null
+From 24c65bc7037e7d0f362c0df70d17dd72ee64b8b9 Mon Sep 17 00:00:00 2001
+From: Greg Kurz <gkurz@linux.vnet.ibm.com>
+Date: Fri, 31 Oct 2014 07:50:11 +0100
+Subject: hwrng: pseries - port to new read API and fix stack corruption
+
+From: Greg Kurz <gkurz@linux.vnet.ibm.com>
+
+commit 24c65bc7037e7d0f362c0df70d17dd72ee64b8b9 upstream.
+
+The add_early_randomness() function in drivers/char/hw_random/core.c passes
+a 16-byte buffer to pseries_rng_data_read(). Unfortunately, plpar_hcall()
+returns four 64-bit values and trashes 16 bytes on the stack.
+
+This bug has been lying around for a long time. It got unveiled by:
+
+commit d3cc7996473a7bdd33256029988ea690754e4e2a
+Author: Amit Shah <amit.shah@redhat.com>
+Date: Thu Jul 10 15:42:34 2014 +0530
+
+ hwrng: fetch randomness only after device init
+
+It may trig a oops while loading or unloading the pseries-rng module for both
+PowerVM and PowerKVM guests.
+
+This patch does two things:
+- pass an intermediate well sized buffer to plpar_hcall(). This is acceptalbe
+ since we're not on a hot path.
+- move to the new read API so that we know the return buffer size for sure.
+
+Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/hw_random/pseries-rng.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/drivers/char/hw_random/pseries-rng.c
++++ b/drivers/char/hw_random/pseries-rng.c
+@@ -25,18 +25,21 @@
+ #include <asm/vio.h>
+
+
+-static int pseries_rng_data_read(struct hwrng *rng, u32 *data)
++static int pseries_rng_read(struct hwrng *rng, void *data, size_t max, bool wait)
+ {
++ u64 buffer[PLPAR_HCALL_BUFSIZE];
++ size_t size = max < 8 ? max : 8;
+ int rc;
+
+- rc = plpar_hcall(H_RANDOM, (unsigned long *)data);
++ rc = plpar_hcall(H_RANDOM, (unsigned long *)buffer);
+ if (rc != H_SUCCESS) {
+ pr_err_ratelimited("H_RANDOM call failed %d\n", rc);
+ return -EIO;
+ }
++ memcpy(data, buffer, size);
+
+ /* The hypervisor interface returns 64 bits */
+- return 8;
++ return size;
+ }
+
+ /**
+@@ -55,7 +58,7 @@ static unsigned long pseries_rng_get_des
+
+ static struct hwrng pseries_rng = {
+ .name = KBUILD_MODNAME,
+- .data_read = pseries_rng_data_read,
++ .read = pseries_rng_read,
+ };
+
+ static int __init pseries_rng_probe(struct vio_dev *dev,
sparc64-do-irq_-enter-exit-around-generic_smp_call_function.patch
sparc32-implement-xchg-and-atomic_xchg-using-atomic_hash-locks.patch
zram-avoid-kunmap_atomic-of-a-null-pointer.patch
+crypto-caam-fix-missing-dma-unmap-on-error-path.patch
+crypto-caam-remove-duplicated-sg-copy-functions.patch
+hwrng-pseries-port-to-new-read-api-and-fix-stack-corruption.patch
+tun-fix-csum_start-with-vlan-acceleration.patch
+x86-x32-audit-fix-x32-s-audit_arch-wrt-audit.patch
+audit-correct-audit_get_feature-return-message-type.patch
+audit-audit_feature_change-message-format-missing-delimiting-space.patch
+audit-keep-inode-pinned.patch
--- /dev/null
+From a8f9bfdf982e2b1fb9f094e4de9ab08c57f3d2fd Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Mon, 3 Nov 2014 04:30:13 +0800
+Subject: tun: Fix csum_start with VLAN acceleration
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit a8f9bfdf982e2b1fb9f094e4de9ab08c57f3d2fd upstream.
+
+When VLAN acceleration is in use on the xmit path, we end up
+setting csum_start to the wrong place. The result is that the
+whoever ends up doing the checksum setting will corrupt the packet
+instead of writing the checksum to the expected location, usually
+this means writing the checksum with an offset of -4.
+
+This patch fixes this by adjusting csum_start when VLAN acceleration
+is detected.
+
+Fixes: 6680ec68eff4 ("tuntap: hardware vlan tx support")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/tun.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+--- a/drivers/net/tun.c
++++ b/drivers/net/tun.c
+@@ -1226,6 +1226,10 @@ static ssize_t tun_put_user(struct tun_s
+ struct tun_pi pi = { 0, skb->protocol };
+ ssize_t total = 0;
+ int vlan_offset = 0, copied;
++ int vlan_hlen = 0;
++
++ if (vlan_tx_tag_present(skb))
++ vlan_hlen = VLAN_HLEN;
+
+ if (!(tun->flags & TUN_NO_PI)) {
+ if ((len -= sizeof(pi)) < 0)
+@@ -1277,7 +1281,8 @@ static ssize_t tun_put_user(struct tun_s
+
+ if (skb->ip_summed == CHECKSUM_PARTIAL) {
+ gso.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM;
+- gso.csum_start = skb_checksum_start_offset(skb);
++ gso.csum_start = skb_checksum_start_offset(skb) +
++ vlan_hlen;
+ gso.csum_offset = skb->csum_offset;
+ } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) {
+ gso.flags = VIRTIO_NET_HDR_F_DATA_VALID;
+@@ -1290,10 +1295,9 @@ static ssize_t tun_put_user(struct tun_s
+ }
+
+ copied = total;
+- total += skb->len;
+- if (!vlan_tx_tag_present(skb)) {
+- len = min_t(int, skb->len, len);
+- } else {
++ len = min_t(int, skb->len + vlan_hlen, len);
++ total += skb->len + vlan_hlen;
++ if (vlan_hlen) {
+ int copy, ret;
+ struct {
+ __be16 h_vlan_proto;
+@@ -1304,8 +1308,6 @@ static ssize_t tun_put_user(struct tun_s
+ veth.h_vlan_TCI = htons(vlan_tx_tag_get(skb));
+
+ vlan_offset = offsetof(struct vlan_ethhdr, h_vlan_proto);
+- len = min_t(int, skb->len + VLAN_HLEN, len);
+- total += VLAN_HLEN;
+
+ copy = min_t(int, vlan_offset, len);
+ ret = skb_copy_datagram_const_iovec(skb, 0, iv, copied, copy);
--- /dev/null
+From 81f49a8fd7088cfcb588d182eeede862c0e3303e Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@amacapital.net>
+Date: Fri, 5 Sep 2014 15:13:52 -0700
+Subject: x86, x32, audit: Fix x32's AUDIT_ARCH wrt audit
+
+From: Andy Lutomirski <luto@amacapital.net>
+
+commit 81f49a8fd7088cfcb588d182eeede862c0e3303e upstream.
+
+is_compat_task() is the wrong check for audit arch; the check should
+be is_ia32_task(): x32 syscalls should be AUDIT_ARCH_X86_64, not
+AUDIT_ARCH_I386.
+
+CONFIG_AUDITSYSCALL is currently incompatible with x32, so this has
+no visible effect.
+
+Signed-off-by: Andy Lutomirski <luto@amacapital.net>
+Link: http://lkml.kernel.org/r/a0138ed8c709882aec06e4acc30bfa9b623b8717.1409954077.git.luto@amacapital.net
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/ptrace.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+--- a/arch/x86/kernel/ptrace.c
++++ b/arch/x86/kernel/ptrace.c
+@@ -1441,15 +1441,6 @@ void send_sigtrap(struct task_struct *ts
+ force_sig_info(SIGTRAP, &info, tsk);
+ }
+
+-
+-#ifdef CONFIG_X86_32
+-# define IS_IA32 1
+-#elif defined CONFIG_IA32_EMULATION
+-# define IS_IA32 is_compat_task()
+-#else
+-# define IS_IA32 0
+-#endif
+-
+ /*
+ * We must return the syscall number to actually look up in the table.
+ * This can be -1L to skip running any syscall at all.
+@@ -1487,7 +1478,7 @@ long syscall_trace_enter(struct pt_regs
+ if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
+ trace_sys_enter(regs, regs->orig_ax);
+
+- if (IS_IA32)
++ if (is_ia32_task())
+ audit_syscall_entry(AUDIT_ARCH_I386,
+ regs->orig_ax,
+ regs->bx, regs->cx,
projects / thirdparty / kernel / stable-queue.git / commitdiff
