This reverts commit 8113a8d8.

The patch causes a stack overflow on my system during boot.
Signed-off-by: James Morris <jmorris@namei.org>

We have found that the current PER_CLEAR_ON_SETID mask on Linux
doesn't include neither ADDR_COMPAT_LAYOUT, nor MMAP_PAGE_ZERO.

The current mask is READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE.

We believe it is important to add MMAP_PAGE_ZERO, because by using
this personality it is possible to have the first page mapped inside a
process running as setuid root. This could be used in those scenarios:

- Exploiting a NULL pointer dereference issue in a setuid root binary
- Bypassing the mmap_min_addr restrictions of the Linux kernel: by
running a setuid binary that would drop privileges before giving us
control back (for instance by loading a user-supplied library), we
could get the first page mapped in a process we control. By further
using mremap and mprotect on this mapping, we can then completely
bypass the mmap_min_addr restrictions.

Less importantly, we believe ADDR_COMPAT_LAYOUT should also be added
since on x86 32bits it will in practice disable most of the address
space layout randomization (only the stack will remain randomized).
Signed-off-by: Julien Tinnes <jt@cr0.org>
Signed-off-by: Tavis Ormandy <taviso@sdf.lonestar.org>
Acked-by: Christoph Hellwig <hch@infradead.org>
Acked-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>

Convert avc_audit in security/selinux/avc.c to use lsm_audit.h,
for better maintainability and for less code duplication.

 - changed selinux to use common_audit_data instead of
   avc_audit_data
 - eliminated code in avc.c and used code from lsm_audit.h instead.

I have tested to make sure that the avcs look the same before and
after this patch.
Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

Wrapped the smack_audit_data and selinux_audit_data
structs in include/linux/lsm_audit.h in ifdefs so that the
union will always be the correct size.
Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

Made the lsm_priv union in include/linux/lsm_audit.h
anonymous.
Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

Moved variable function in include/linux/lsm_audit.h into the
smack_audit_data struct since it is never used outside of it.

Also removed setting of function in the COMMON_AUDIT_DATA_INIT
macro because that variable is now private to SMACK.
Signed-off-by: Thomas Liu <tliu@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
I-dont-see-any-problems-with-it: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  sound: OSS: mpu401, fix deadlock
  ALSA: hda - Add missing initializations for ALC268 and ALC269
  ALSA: cmi8330: fix MPU-401 PnP init copy&paste bug
  ALSA: hda - Line In for Acer Inspire 6530G model
  sound: oxygen: make mic volume control mono
  MAINTAINERS: Add entry for twl4030 series soc codec driver
  ALSA: lx6464es - configure ethersound io channels
  sound: Use PCI_VDEVICE for CREATIVE and ECTIVA
  sound: Use PCI_VDEVICE
  ALSA: hda - Use model=acer-aspire-6530g for Acer Aspire 6930G
  ALSA: hda - Fix acer-aspire-6530g model quirk
  ALSA: hda - Add pin-sense trigger when needed for Realtek codecs
  ALSA: hda - Fix support for Samsung P50 with AD1986A codec
  ALSA: hda - Generalize the pin-detect quirk for Lenovo N100
  ALSA: hda - Simplify AD1986A mixer definitions

Merge branch 'bugfixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'bugfixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  integrity: add ima_counts_put (updated)
  integrity: ima audit hash_exists fix
  integrity: ima mq_open imbalance msg fix

Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  Revert "x86: cap iomem_resource to addressable physical memory"

* 'for-linus' of git://git.o-hand.com/linux-rpurdie-backlight:
  backlight: Fix tdo24m crash on kmalloc

FYI, there's a post-rc1 build regression with certain configs:

 drivers/built-in.o: In function `pci_hp_deregister':
 (.text+0xb166): undefined reference to `pci_hp_remove_module_link'
 drivers/built-in.o: In function `pci_hp_deregister':
 (.text+0xb19f): undefined reference to `pci_destroy_slot'
 drivers/built-in.o: In function `__pci_hp_register':
 (.text+0xb583): undefined reference to `pci_create_slot'
 drivers/built-in.o: In function `__pci_hp_register':
 (.text+0xb5b1): undefined reference to `pci_hp_create_module_link'
 make: *** [.tmp_vmlinux1] Error 1

Caused by:

| 2b121bc2 is first bad commit
| commit 2b121bc2
| Date:   Thu Jun 25 13:25:36 2009 +0200
|
|     eeepc-laptop: Register as a pci-hotplug device

which changed the driver to use the PCI hotplug infrastructure, but
didn't do a good job on the Kconfig rules.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
Acked-by: Len Brown <len.brown@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Currently we reinit the ldisc on final tty close which is what the old code
did to ensure that if the device retained its termios settings then it had the
right ldisc. tty_ldisc_reinit does that but also leaves us with the reset
ldisc reference which is then leaked.

At this point we know the port will be recycled so we can kill the ldisc
off completely rather than try and add another ldisc free up when the kref
count hits zero.

At this point it is safe to keep the ldisc closed as tty_ldisc waiting
methods are only used from the user side, and as the final close we are
the last such reference. Interrupt/driver side methods will always use the
non wait version and get back a NULL.

Found with kmemleak and investigated/identified by Catalin Marinas.
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

mpu401_chk_version is called with a spin lock already held. Don't take it
again.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

* fix/pci-vdevice:
  sound: Use PCI_VDEVICE for CREATIVE and ECTIVA
  sound: Use PCI_VDEVICE

* fix/oxygen:
  sound: oxygen: make mic volume control mono

* fix/misc:
  ALSA: cmi8330: fix MPU-401 PnP init copy&paste bug

* fix/lx6464es:
  ALSA: lx6464es - configure ethersound io channels

* fix/hda-samsung-p50:
  ALSA: hda - Fix support for Samsung P50 with AD1986A codec
  ALSA: hda - Generalize the pin-detect quirk for Lenovo N100
  ALSA: hda - Simplify AD1986A mixer definitions

* fix/hda:
  ALSA: hda - Add missing initializations for ALC268 and ALC269
  ALSA: hda - Line In for Acer Inspire 6530G model
  ALSA: hda - Use model=acer-aspire-6530g for Acer Aspire 6930G
  ALSA: hda - Fix acer-aspire-6530g model quirk
  ALSA: hda - Add pin-sense trigger when needed for Realtek codecs

During the changes to clean up / fix the realtek codec initialization
routines in commit 4a79ba34,
I forgot to add the check for ALC268 and ALC269.
This resulted in the missing EAPD and COEF setup for these codecs.

This patch adds the missing checks for these codecs.

Reference: bko#13633
	http://bugzilla.kernel.org/show_bug.cgi?id=13633Signed-off-by: Takashi Iwai <tiwai@suse.de>

Fix copy&paste bug in PnP MPU-401 initialization.
Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

The Line In connector is set up as PIN_IN by default, using
VREF_HIZ. It is connected to both ADCs, so add it to both
input selectors.
Also add the ability to use the input mix (on a SoundBlaster
one would call this "What You Hear").
Signed-off-by: Tony Vroon <tony@linx.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  be2net: Fix to avoid a crash seen on PPC with LRO and Jumbo frames.
  gro: Flush GRO packets in napi_disable_pending path
  inet: Call skb_orphan before tproxy activates
  mac80211: Use rcu_barrier() on unload.
  sunrpc: Use rcu_barrier() on unload.
  bridge: Use rcu_barrier() instead of syncronize_net() on unload.
  ipv6: Use rcu_barrier() on module unload.
  decnet: Use rcu_barrier() on module unload.
  sky2: Fix checksum endianness
  mdio add missing GPL flag
  sh_eth: remove redundant test on unsigned
  fsl_pq_mdio: Fix fsl_pq_mdio to work with modules
  ipv6: avoid wraparound for expired preferred lifetime
  tcp: missing check ACK flag of received segment in FIN-WAIT-2 state
  atl1*: add device_set_wakeup_enable to atl1*_set_wol
  Phonet: generate Netlink RTM_DELADDR when destroying a device
  Phonet: publicize the Netlink notification function
  Revert "veth: prevent oops caused by netdev destructor"
  cpmac: fix compilation failure introduced with netdev_ops conversion
  ipsec: Fix name of CAST algorithm

While testing the driver on PPC, we ran into a crash with LRO, Jumbo frames.
With CONFIG_PPC_64K_PAGES configured (a default in PPC), MAX_SKB_FRAGS drops to 3 and we were crossing the array limits on skb_shinfo(skb)->frags[].
Now we coalesce the frags from the same physical page into one slot in
skb_shinfo(skb)->frags[] and go to the next index when the frag is from

different physical page.

This patch is against the net-2.6 tree.
Signed-off-by: Ajit Khaparde <ajitk@serverengines.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

This patch fixes an imbalance message as reported by J.R. Okajima.
The IMA file counters are incremented in ima_path_check. If the
actual open fails, such as ETXTBSY, decrement the counters to
prevent unnecessary imbalance messages.
Reported-by: J.R. Okajima <hooanon05@yahoo.co.jp>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

Audit the file name, not the template name.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

This patch fixes an imbalance message as reported by Sanchin Sant.
As we don't need to measure the message queue, just increment the
counters.
Reported-by: Sanchin Sant <sanchinp@in.ibm.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

* 'kvm-updates/2.6.31' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: shut up uninit compiler warning in paging_tmpl.h
  KVM: Ignore reads to K7 EVNTSEL MSRs
  KVM: VMX: Handle vmx instruction vmexits
  KVM: s390: Allow stfle instruction in the guest
  KVM: kvm/x86_emulate.c toggle_interruptibility() should be static
  KVM: ia64: fix ia64 build due to missing kallsyms_lookup() and double export
  KVM: protect concurrent make_all_cpus_request
  KVM: MMU: Allow 4K ptes with bit 7 (PAT) set
  KVM: Fix dirty bit tracking for slots with large pages

* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  cifs: fix fh_mutex locking in cifs_reopen_file

* git://git.infradead.org/iommu-2.6:
  intel-iommu: fix Identity Mapping to be arch independent

Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86, delay: tsc based udelay should have rdtsc_barrier
  x86, setup: correct include file in <asm/boot.h>
  x86, setup: Fix typo "CONFIG_x86_64" in <asm/boot.h>
  x86, mce: percpu mcheck_timer should be pinned
  x86: Add sysctl to allow panic on IOCK NMI error
  x86: Fix uv bau sending buffer initialization
  x86, mce: Fix mce resume on 32bit
  x86: Move init_gbpages() to setup_arch()
  x86: ensure percpu lpage doesn't consume too much vmalloc space
  x86: implement percpu_alloc kernel parameter
  x86: fix pageattr handling for lpage percpu allocator and re-enable it
  x86: reorganize cpa_process_alias()
  x86: prepare setup_pcpu_lpage() for pageattr fix
  x86: rename remap percpu first chunk allocator to lpage
  x86: fix duplicate free in setup_pcpu_remap() failure path
  percpu: fix too lazy vunmap cache flushing
  x86: Set cpu_llc_id on AMD CPUs

Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  timer stats: Optimize by adding quick check to avoid function calls
  timers: Fix timer_migration interface which accepts any number as input

Merge branch 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  ftrace: Fix the output of profile
  ring-buffer: Make it generally available
  ftrace: Remove duplicate newline
  tracing: Fix trace_buf_size boot option
  ftrace: Fix t_hash_start()
  ftrace: Don't manipulate @pos in t_start()
  ftrace: Don't increment @pos in g_start()
  tracing: Reset iterator in t_start()
  trace_stat: Don't increment @pos in seq start()
  tracing_bprintk: Don't increment @pos in t_start()
  tracing/events: Don't increment @pos in s_start()

* 'for-linus' of git://git.o-hand.com/linux-rpurdie-leds:
  leds: Futher document blink_set
  leds: Add options to have GPIO LEDs start on or keep their state
  leds: LED driver for National Semiconductor LP3944 Funlight Chip
  leds: pca9532 - Indent using tabs, not spaces.
  leds: Remove an orphan Kconfig entry
  leds: Further document parameters for blink_set()
  leds: alix-leds2 fixed for Award BIOS
  leds: leds-gpio - fix a section mismatch
  leds: add the sysfs interface into the leds-bd2802 driver for changing wave pattern and led current.
  leds: change the license information
  leds: fix led-bd2802 errors while resuming

Dixes compilation warning:
  CC      arch/x86/kernel/io_delay.o
 arch/x86/kvm/paging_tmpl.h: In function ‘paging64_fetch’:
 arch/x86/kvm/paging_tmpl.h:279: warning: ‘sptep’ may be used uninitialized in this function
 arch/x86/kvm/paging_tmpl.h: In function ‘paging32_fetch’:
 arch/x86/kvm/paging_tmpl.h:279: warning: ‘sptep’ may be used uninitialized in this function

warning is bogus (always have a least one level), but need to shut the compiler
up.
Signed-off-by: Jaswinder Singh Rajput <jaswinderrajput@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

In commit 7fe29e0f we ignored the
reads to the P6 EVNTSEL MSRs. That fixed crashes on Intel machines.

Ignore the reads to K7 EVNTSEL MSRs as well to fix this on AMD
hosts.

This fixes Kaspersky antivirus crashing Windows guests on AMD hosts.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

IF a guest tries to use vmx instructions, inject a #UD to let it know the
instruction is not implemented, rather than crashing.

This prevents guest userspace from crashing the guest kernel.

Cc: stable@kernel.org
Signed-off-by: Avi Kivity <avi@redhat.com>

2.6.31-rc introduced an architecture level set checker based on facility
bits. e.g. if the kernel is compiled to run only on z9, several facility
bits are checked very early and the kernel refuses to boot if a z9 specific
facility is missing.
Until now kvm on s390 did not implement the store facility extended (STFLE)
instruction. A 2.6.31-rc kernel that was compiled for z9 or higher did not
boot in kvm. This patch implements stfle.

This patch should go in before 2.6.31.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

toggle_interruptibility() is used only by same file, it should be static.

Fixed following sparse warning :

  arch/x86/kvm/x86_emulate.c:1364:6: warning: symbol 'toggle_interruptibility' was not declared. Should it be static?
Signed-off-by: Jaswinder Singh Rajput <jaswinderrajput@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>