--- /dev/null
+From 1e0ad2881d50becaeea70ec696a80afeadf944d2 Mon Sep 17 00:00:00 2001
+From: Graham Gower <graham.gower@gmail.com>
+Date: Wed, 27 Oct 2010 15:33:00 -0700
+Subject: drivers/char/vt_ioctl.c: fix VT_OPENQRY error value
+
+From: Graham Gower <graham.gower@gmail.com>
+
+commit 1e0ad2881d50becaeea70ec696a80afeadf944d2 upstream.
+
+When all VT's are in use, VT_OPENQRY casts -1 to unsigned char before
+returning it to userspace as an int. VT255 is not the next available
+console.
+
+Signed-off-by: Graham Gower <graham.gower@gmail.com>
+Cc: Greg KH <greg@kroah.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/vt_ioctl.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/drivers/char/vt_ioctl.c
++++ b/drivers/char/vt_ioctl.c
+@@ -371,6 +371,7 @@ int vt_ioctl(struct tty_struct *tty, str
+ struct kbd_struct * kbd;
+ unsigned int console;
+ unsigned char ucval;
++ unsigned int uival;
+ void __user *up = (void __user *)arg;
+ int i, perm;
+ int ret = 0;
+@@ -516,7 +517,7 @@ int vt_ioctl(struct tty_struct *tty, str
+ break;
+
+ case KDGETMODE:
+- ucval = vc->vc_mode;
++ uival = vc->vc_mode;
+ goto setint;
+
+ case KDMAPDISP:
+@@ -554,7 +555,7 @@ int vt_ioctl(struct tty_struct *tty, str
+ break;
+
+ case KDGKBMODE:
+- ucval = ((kbd->kbdmode == VC_RAW) ? K_RAW :
++ uival = ((kbd->kbdmode == VC_RAW) ? K_RAW :
+ (kbd->kbdmode == VC_MEDIUMRAW) ? K_MEDIUMRAW :
+ (kbd->kbdmode == VC_UNICODE) ? K_UNICODE :
+ K_XLATE);
+@@ -576,9 +577,9 @@ int vt_ioctl(struct tty_struct *tty, str
+ break;
+
+ case KDGKBMETA:
+- ucval = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT);
++ uival = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT);
+ setint:
+- ret = put_user(ucval, (int __user *)arg);
++ ret = put_user(uival, (int __user *)arg);
+ break;
+
+ case KDGETKEYCODE:
+@@ -808,7 +809,7 @@ int vt_ioctl(struct tty_struct *tty, str
+ for (i = 0; i < MAX_NR_CONSOLES; ++i)
+ if (! VT_IS_IN_USE(i))
+ break;
+- ucval = i < MAX_NR_CONSOLES ? (i+1) : -1;
++ uival = i < MAX_NR_CONSOLES ? (i+1) : -1;
+ goto setint;
+
+ /*
--- /dev/null
+From 2e21b3f124eceb6ab5a07c8a061adce14ac94e14 Mon Sep 17 00:00:00 2001
+From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Date: Thu, 23 Sep 2010 02:35:04 -0500
+Subject: eCryptfs: Clear LOOKUP_OPEN flag when creating lower file
+
+From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+
+commit 2e21b3f124eceb6ab5a07c8a061adce14ac94e14 upstream.
+
+eCryptfs was passing the LOOKUP_OPEN flag through to the lower file
+system, even though ecryptfs_create() doesn't support the flag. A valid
+filp for the lower filesystem could be returned in the nameidata if the
+lower file system's create() function supported LOOKUP_OPEN, possibly
+resulting in unencrypted writes to the lower file.
+
+However, this is only a potential problem in filesystems (FUSE, NFS,
+CIFS, CEPH, 9p) that eCryptfs isn't known to support today.
+
+https://bugs.launchpad.net/ecryptfs/+bug/641703
+
+Reported-by: Kevin Buhr
+Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/inode.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/ecryptfs/inode.c
++++ b/fs/ecryptfs/inode.c
+@@ -70,15 +70,19 @@ ecryptfs_create_underlying_file(struct i
+ struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
+ struct dentry *dentry_save;
+ struct vfsmount *vfsmount_save;
++ unsigned int flags_save;
+ int rc;
+
+ dentry_save = nd->path.dentry;
+ vfsmount_save = nd->path.mnt;
++ flags_save = nd->flags;
+ nd->path.dentry = lower_dentry;
+ nd->path.mnt = lower_mnt;
++ nd->flags &= ~LOOKUP_OPEN;
+ rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
+ nd->path.dentry = dentry_save;
+ nd->path.mnt = vfsmount_save;
++ nd->flags = flags_save;
+ return rc;
+ }
+
--- /dev/null
+From 03145beb455cf5c20a761e8451e30b8a74ba58d9 Mon Sep 17 00:00:00 2001
+From: Dan Rosenberg <drosenberg@vsecurity.com>
+Date: Wed, 27 Oct 2010 15:34:17 -0700
+Subject: ipc: initialize structure memory to zero for compat functions
+
+From: Dan Rosenberg <drosenberg@vsecurity.com>
+
+commit 03145beb455cf5c20a761e8451e30b8a74ba58d9 upstream.
+
+This takes care of leaking uninitialized kernel stack memory to
+userspace from non-zeroed fields in structs in compat ipc functions.
+
+Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
+Cc: Manfred Spraul <manfred@colorfullife.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ ipc/compat.c | 6 ++++++
+ ipc/compat_mq.c | 5 +++++
+ 2 files changed, 11 insertions(+)
+
+--- a/ipc/compat.c
++++ b/ipc/compat.c
+@@ -242,6 +242,8 @@ long compat_sys_semctl(int first, int se
+ struct semid64_ds __user *up64;
+ int version = compat_ipc_parse_version(&third);
+
++ memset(&s64, 0, sizeof(s64));
++
+ if (!uptr)
+ return -EINVAL;
+ if (get_user(pad, (u32 __user *) uptr))
+@@ -422,6 +424,8 @@ long compat_sys_msgctl(int first, int se
+ int version = compat_ipc_parse_version(&second);
+ void __user *p;
+
++ memset(&m64, 0, sizeof(m64));
++
+ switch (second & (~IPC_64)) {
+ case IPC_INFO:
+ case IPC_RMID:
+@@ -595,6 +599,8 @@ long compat_sys_shmctl(int first, int se
+ int err, err2;
+ int version = compat_ipc_parse_version(&second);
+
++ memset(&s64, 0, sizeof(s64));
++
+ switch (second & (~IPC_64)) {
+ case IPC_RMID:
+ case SHM_LOCK:
+--- a/ipc/compat_mq.c
++++ b/ipc/compat_mq.c
+@@ -53,6 +53,9 @@ asmlinkage long compat_sys_mq_open(const
+ void __user *p = NULL;
+ if (u_attr && oflag & O_CREAT) {
+ struct mq_attr attr;
++
++ memset(&attr, 0, sizeof(attr));
++
+ p = compat_alloc_user_space(sizeof(attr));
+ if (get_compat_mq_attr(&attr, u_attr) ||
+ copy_to_user(p, &attr, sizeof(attr)))
+@@ -127,6 +130,8 @@ asmlinkage long compat_sys_mq_getsetattr
+ struct mq_attr __user *p = compat_alloc_user_space(2 * sizeof(*p));
+ long ret;
+
++ memset(&mqstat, 0, sizeof(mqstat));
++
+ if (u_mqstat) {
+ if (get_compat_mq_attr(&mqstat, u_mqstat) ||
+ copy_to_user(p, &mqstat, sizeof(mqstat)))
--- /dev/null
+From 3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 Mon Sep 17 00:00:00 2001
+From: Vasiliy Kulikov <segooon@gmail.com>
+Date: Sat, 30 Oct 2010 18:22:49 +0400
+Subject: ipc: shm: fix information leak to userland
+
+From: Vasiliy Kulikov <segooon@gmail.com>
+
+commit 3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 upstream.
+
+The shmid_ds structure is copied to userland with shm_unused{,2,3}
+fields unitialized. It leads to leaking of contents of kernel stack
+memory.
+
+Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
+Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ ipc/shm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -469,6 +469,7 @@ static inline unsigned long copy_shmid_t
+ {
+ struct shmid_ds out;
+
++ memset(&out, 0, sizeof(out));
+ ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
+ out.shm_segsz = in->shm_segsz;
+ out.shm_atime = in->shm_atime;
--- /dev/null
+From 572438f9b52236bd8938b1647cc15e027d27ef55 Mon Sep 17 00:00:00 2001
+From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+Date: Tue, 26 Oct 2010 14:22:08 -0700
+Subject: mm: fix is_mem_section_removable() page_order BUG_ON check
+
+From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+
+commit 572438f9b52236bd8938b1647cc15e027d27ef55 upstream.
+
+page_order() is called by memory hotplug's user interface to check the
+section is removable or not. (is_mem_section_removable())
+
+It calls page_order() withoug holding zone->lock.
+So, even if the caller does
+
+ if (PageBuddy(page))
+ ret = page_order(page) ...
+The caller may hit BUG_ON().
+
+For fixing this, there are 2 choices.
+ 1. add zone->lock.
+ 2. remove BUG_ON().
+
+is_mem_section_removable() is used for some "advice" and doesn't need to
+be 100% accurate. This is_removable() can be called via user program..
+We don't want to take this important lock for long by user's request. So,
+this patch removes BUG_ON().
+
+Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+Acked-by: Wu Fengguang <fengguang.wu@intel.com>
+Acked-by: Michal Hocko <mhocko@suse.cz>
+Acked-by: Mel Gorman <mel@csn.ul.ie>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/internal.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/internal.h
++++ b/mm/internal.h
+@@ -49,7 +49,7 @@ extern void __free_pages_bootmem(struct
+ */
+ static inline unsigned long page_order(struct page *page)
+ {
+- VM_BUG_ON(!PageBuddy(page));
++ /* PageBuddy() must be checked by the caller */
+ return page_private(page);
+ }
+
--- /dev/null
+From f8f72ad5396987e05a42cf7eff826fb2a15ff148 Mon Sep 17 00:00:00 2001
+From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+Date: Tue, 26 Oct 2010 14:21:10 -0700
+Subject: mm: fix return value of scan_lru_pages in memory unplug
+
+From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+
+commit f8f72ad5396987e05a42cf7eff826fb2a15ff148 upstream.
+
+scan_lru_pages returns pfn. So, it's type should be "unsigned long"
+not "int".
+
+Note: I guess this has been work until now because memory hotplug tester's
+ machine has not very big memory....
+ physical address < 32bit << PAGE_SHIFT.
+
+Reported-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/memory_hotplug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/memory_hotplug.c
++++ b/mm/memory_hotplug.c
+@@ -612,7 +612,7 @@ static int test_pages_in_a_zone(unsigned
+ * Scanning pfn is much easier than scanning lru list.
+ * Scan pfn from start to end and Find LRU page.
+ */
+-int scan_lru_pages(unsigned long start, unsigned long end)
++unsigned long scan_lru_pages(unsigned long start, unsigned long end)
+ {
+ unsigned long pfn;
+ struct page *page;
--- /dev/null
+From 800416f799e0723635ac2d720ad4449917a1481c Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <eric.dumazet@gmail.com>
+Date: Wed, 27 Oct 2010 19:33:43 +0200
+Subject: numa: fix slab_node(MPOL_BIND)
+
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+commit 800416f799e0723635ac2d720ad4449917a1481c upstream.
+
+When a node contains only HighMem memory, slab_node(MPOL_BIND)
+dereferences a NULL pointer.
+
+[ This code seems to go back all the way to commit 19770b32609b: "mm:
+ filter based on a nodemask as well as a gfp_mask". Which was back in
+ April 2008, and it got merged into 2.6.26. - Linus ]
+
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Cc: Mel Gorman <mel@csn.ul.ie>
+Cc: Christoph Lameter <cl@linux.com>
+Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/mempolicy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -1404,7 +1404,7 @@ unsigned slab_node(struct mempolicy *pol
+ (void)first_zones_zonelist(zonelist, highest_zoneidx,
+ &policy->v.nodes,
+ &zone);
+- return zone->node;
++ return zone ? zone->node : numa_node_id();
+ }
+
+ default:
--- /dev/null
+From 8474b591faf3bb0a1e08a60d21d6baac498f15e4 Mon Sep 17 00:00:00 2001
+From: Masanori ITOH <itoumsn@nttdata.co.jp>
+Date: Tue, 26 Oct 2010 14:21:20 -0700
+Subject: percpu: fix list_head init bug in __percpu_counter_init()
+
+From: Masanori ITOH <itoumsn@nttdata.co.jp>
+
+commit 8474b591faf3bb0a1e08a60d21d6baac498f15e4 upstream.
+
+WARNING: at lib/list_debug.c:26 __list_add+0x3f/0x81()
+Hardware name: Express5800/B120a [N8400-085]
+list_add corruption. next->prev should be prev (ffffffff81a7ea00), but was dead000000200200. (next=ffff88080b872d58).
+Modules linked in: aoe ipt_MASQUERADE iptable_nat nf_nat autofs4 sunrpc bridge 8021q garp stp llc ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_round_robin dm_multipath kvm_intel kvm uinput lpfc scsi_transport_fc igb ioatdma scsi_tgt i2c_i801 i2c_core dca iTCO_wdt iTCO_vendor_support pcspkr shpchp megaraid_sas [last unloaded: aoe]
+Pid: 54, comm: events/3 Tainted: G W 2.6.34-vanilla1 #1
+Call Trace:
+[<ffffffff8104bd77>] warn_slowpath_common+0x7c/0x94
+[<ffffffff8104bde6>] warn_slowpath_fmt+0x41/0x43
+[<ffffffff8120fd2e>] __list_add+0x3f/0x81
+[<ffffffff81212a12>] __percpu_counter_init+0x59/0x6b
+[<ffffffff810d8499>] bdi_init+0x118/0x17e
+[<ffffffff811f2c50>] blk_alloc_queue_node+0x79/0x143
+[<ffffffff811f2d2b>] blk_alloc_queue+0x11/0x13
+[<ffffffffa02a931d>] aoeblk_gdalloc+0x8e/0x1c9 [aoe]
+[<ffffffffa02aa655>] aoecmd_sleepwork+0x25/0xa8 [aoe]
+[<ffffffff8106186c>] worker_thread+0x1a9/0x237
+[<ffffffffa02aa630>] ? aoecmd_sleepwork+0x0/0xa8 [aoe]
+[<ffffffff81065827>] ? autoremove_wake_function+0x0/0x39
+[<ffffffff810616c3>] ? worker_thread+0x0/0x237
+[<ffffffff810653ad>] kthread+0x7f/0x87
+[<ffffffff8100aa24>] kernel_thread_helper+0x4/0x10
+[<ffffffff8106532e>] ? kthread+0x0/0x87
+[<ffffffff8100aa20>] ? kernel_thread_helper+0x0/0x10
+
+It's because there is no initialization code for a list_head contained in
+the struct backing_dev_info under CONFIG_HOTPLUG_CPU, and the bug comes up
+when block device drivers calling blk_alloc_queue() are used. In case of
+me, I got them by using aoe.
+
+Signed-off-by: Masanori Itoh <itoumsn@nttdata.co.jp>
+Cc: Tejun Heo <tj@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ lib/percpu_counter.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/lib/percpu_counter.c
++++ b/lib/percpu_counter.c
+@@ -81,6 +81,7 @@ int percpu_counter_init(struct percpu_co
+ if (!fbc->counters)
+ return -ENOMEM;
+ #ifdef CONFIG_HOTPLUG_CPU
++ INIT_LIST_HEAD(&fbc->list);
+ mutex_lock(&percpu_counters_lock);
+ list_add(&fbc->list, &percpu_counters);
+ mutex_unlock(&percpu_counters_lock);
block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch
irda-fix-parameter-extraction-stack-overflow.patch
irda-fix-heap-memory-corruption-in-iriap.c.patch
+percpu-fix-list_head-init-bug-in-__percpu_counter_init.patch
+um-fix-global-timer-issue-when-using-config_no_hz.patch
+numa-fix-slab_node-mpol_bind.patch
+mm-fix-return-value-of-scan_lru_pages-in-memory-unplug.patch
+mm-fix-is_mem_section_removable-page_order-bug_on-check.patch
+ipc-initialize-structure-memory-to-zero-for-compat-functions.patch
+ipc-shm-fix-information-leak-to-userland.patch
+sys_semctl-fix-kernel-stack-leakage.patch
+drivers-char-vt_ioctl.c-fix-vt_openqry-error-value.patch
+ecryptfs-clear-lookup_open-flag-when-creating-lower-file.patch
--- /dev/null
+From 982f7c2b2e6a28f8f266e075d92e19c0dd4c6e56 Mon Sep 17 00:00:00 2001
+From: Dan Rosenberg <drosenberg@vsecurity.com>
+Date: Thu, 30 Sep 2010 15:15:31 -0700
+Subject: sys_semctl: fix kernel stack leakage
+
+From: Dan Rosenberg <drosenberg@vsecurity.com>
+
+commit 982f7c2b2e6a28f8f266e075d92e19c0dd4c6e56 upstream.
+
+The semctl syscall has several code paths that lead to the leakage of
+uninitialized kernel stack memory (namely the IPC_INFO, SEM_INFO,
+IPC_STAT, and SEM_STAT commands) during the use of the older, obsolete
+version of the semid_ds struct.
+
+The copy_semid_to_user() function declares a semid_ds struct on the stack
+and copies it back to the user without initializing or zeroing the
+"sem_base", "sem_pending", "sem_pending_last", and "undo" pointers,
+allowing the leakage of 16 bytes of kernel stack memory.
+
+The code is still reachable on 32-bit systems - when calling semctl()
+newer glibc's automatically OR the IPC command with the IPC_64 flag, but
+invoking the syscall directly allows users to use the older versions of
+the struct.
+
+Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
+Cc: Manfred Spraul <manfred@colorfullife.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ ipc/sem.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/ipc/sem.c
++++ b/ipc/sem.c
+@@ -560,6 +560,8 @@ static unsigned long copy_semid_to_user(
+ {
+ struct semid_ds out;
+
++ memset(&out, 0, sizeof(out));
++
+ ipc64_perm_to_ipc_perm(&in->sem_perm, &out.sem_perm);
+
+ out.sem_otime = in->sem_otime;
--- /dev/null
+From 482db6df1746c4fa7d64a2441d4cb2610249c679 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Tue, 26 Oct 2010 14:21:13 -0700
+Subject: um: fix global timer issue when using CONFIG_NO_HZ
+
+From: Richard Weinberger <richard@nod.at>
+
+commit 482db6df1746c4fa7d64a2441d4cb2610249c679 upstream.
+
+This fixes a issue which was introduced by fe2cc53e ("uml: track and make
+up lost ticks").
+
+timeval_to_ns() returns long long and not int. Due to that UML's timer
+did not work properlt and caused timer freezes.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Acked-by: Pekka Enberg <penberg@kernel.org>
+Cc: Jeff Dike <jdike@addtoit.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/um/os-Linux/time.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/um/os-Linux/time.c
++++ b/arch/um/os-Linux/time.c
+@@ -60,7 +60,7 @@ static inline long long timeval_to_ns(co
+ long long disable_timer(void)
+ {
+ struct itimerval time = ((struct itimerval) { { 0, 0 }, { 0, 0 } });
+- int remain, max = UM_NSEC_PER_SEC / UM_HZ;
++ long long remain, max = UM_NSEC_PER_SEC / UM_HZ;
+
+ if (setitimer(ITIMER_VIRTUAL, &time, &time) < 0)
+ printk(UM_KERN_ERR "disable_timer - setitimer failed, "
projects / thirdparty / kernel / stable-queue.git / commitdiff
