summaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-10-03 08:56:46 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-10-03 09:47:34 +0000
commit180068fed1b09ed0e8dcaa485a65dfc0f0eb5265 (patch)
tree35f20f344a044cf52fd0222f13d5a2f9e4c073c0 /main/linux-grsec
parent77575ac25e1e1c68fe881f2aa0f144703aabc867 (diff)
downloadaports-180068fed1b09ed0e8dcaa485a65dfc0f0eb5265.tar.bz2
aports-180068fed1b09ed0e8dcaa485a65dfc0f0eb5265.tar.xz
main/linux-grsec: upgrade to 3.10.14 and fix pie patch
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD20
-rw-r--r--main/linux-grsec/fix-memory-map-for-PIE-applications.patch2
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.10.13-unofficial.patch)389
3 files changed, 37 insertions, 374 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 926baa84c..ced3d2387 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.10.13
+pkgver=3.10.14
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -150,38 +150,38 @@ dev() {
}
md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz
-573f2c972015880ba5d52e5b123b37d7 patch-3.10.13.xz
-da8e2ebd1ebc0d1e17e7312851d53727 grsecurity-2.9.1-3.10.13-unofficial.patch
+3c2ce4933f210fef16664dfa16028de1 patch-3.10.14.xz
+8a8f3b99d0072aa72681711dab25848b grsecurity-2.9.1-3.10.14-unofficial.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-6564cb3165cdf3d0dc0910251d62fd62 fix-memory-map-for-PIE-applications.patch
+c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86
272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64"
sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
-cf8ec5b47c904f66f715e7ccd5051e15fe9f931fec03847a86d552caf8848be8 patch-3.10.13.xz
-f011a28165e304933cb2254e095af73be7dced6c2d066a06480a9fe1529d9d8f grsecurity-2.9.1-3.10.13-unofficial.patch
+fd5fac477f69b5e3c6506fa04f81157aa753538dca017ef23b26ca36e65df38e patch-3.10.14.xz
+4e61ce7226f2424999e26ccdbdb806f60c6941b63f5be82fc586fa5b8a863107 grsecurity-2.9.1-3.10.14-unofficial.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-090e3e8ebcf0f8649042e1b8411722c9ee77e2da111ff84a2ed1d379f0266415 fix-memory-map-for-PIE-applications.patch
+500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86
f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64"
sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
-482b143ba25e4dc5e73f1ffb40194ba7863215ef5a83743a2a37d74d76f7e9267faa92fa92da441b10973be2156b80afdfa64a00ba24b0fd80dec7e223b0c6bc patch-3.10.13.xz
-9121b6c40e92e3df4418d050bb525f0c5e1df201b5ff225c7568844179eb87a221af4e7431abfa2eeec0e149094042c30b2a8aca60b3cba369b099b6d69e472f grsecurity-2.9.1-3.10.13-unofficial.patch
+8bd9af04acec2998d5a6d99e63a84c35802e4affeead51d15cf024020bc326507fee7c59179157b5bd42f5e0633c39ea8f123f02c0262aa50042fea57ed7390d patch-3.10.14.xz
+7d17742f5dcce1975dfa9d24fa9e665e9e48dcb3acc962a7699923bdb92477f1b2e352b0e946de664e76ab72798cad77e1d2eafc2e6dc167e3dee2bf91d866e5 grsecurity-2.9.1-3.10.14-unofficial.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-101aec800e6390f2dee26b496a033b325fb00108e72fc01b3cf6719b1d256526fbc8e7448b3a06b03ce02233b86703f1f2f31267c8e1a7f28a8f47235eaa0b4a fix-memory-map-for-PIE-applications.patch
+4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86
d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64"
diff --git a/main/linux-grsec/fix-memory-map-for-PIE-applications.patch b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch
index 0ef81cf93..e38716f77 100644
--- a/main/linux-grsec/fix-memory-map-for-PIE-applications.patch
+++ b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch
@@ -58,7 +58,7 @@ index 6f036ed..06419af 100644
- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+ load_bias = (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT;
#endif
-+ load_bias = ELF_PAGESTART(vaddr + load_bias);
++ load_bias = ELF_PAGESTART(load_bias - vaddr);
#ifdef CONFIG_PAX_RANDMMAP
/* PaX: randomize base address at the default exe base if requested */
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.10.13-unofficial.patch b/main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch
index 53756c632..386c1a525 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.10.13-unofficial.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch
@@ -281,7 +281,7 @@ index 2fe6e76..889ee23 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 25d38b7..7582631 100644
+index 129c49f..643835b 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -38926,7 +38926,7 @@ index 3c59584..500f2e9 100644
return ret;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index e5e32869..1678f36 100644
+index c8d16a6..ca71b5e 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -670,7 +670,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
@@ -38956,7 +38956,7 @@ index e5e32869..1678f36 100644
/* disable master interrupt before clearing iir */
de_ier = I915_READ(DEIER);
-@@ -2089,7 +2089,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -2135,7 +2135,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
@@ -38965,7 +38965,7 @@ index e5e32869..1678f36 100644
I915_WRITE(HWSTAM, 0xeffe);
-@@ -2124,7 +2124,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
+@@ -2170,7 +2170,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -38974,7 +38974,7 @@ index e5e32869..1678f36 100644
/* VLV magic */
I915_WRITE(VLV_IMR, 0);
-@@ -2411,7 +2411,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -2457,7 +2457,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -38983,7 +38983,7 @@ index e5e32869..1678f36 100644
for_each_pipe(pipe)
I915_WRITE(PIPESTAT(pipe), 0);
-@@ -2490,7 +2490,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
+@@ -2536,7 +2536,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -38992,7 +38992,7 @@ index e5e32869..1678f36 100644
iir = I915_READ16(IIR);
if (iir == 0)
-@@ -2565,7 +2565,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -2611,7 +2611,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -39001,7 +39001,7 @@ index e5e32869..1678f36 100644
if (I915_HAS_HOTPLUG(dev)) {
I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -2664,7 +2664,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
+@@ -2710,7 +2710,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
int pipe, ret = IRQ_NONE;
@@ -39010,7 +39010,7 @@ index e5e32869..1678f36 100644
iir = I915_READ(IIR);
do {
-@@ -2791,7 +2791,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -2837,7 +2837,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -39019,7 +39019,7 @@ index e5e32869..1678f36 100644
I915_WRITE(PORT_HOTPLUG_EN, 0);
I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -2898,7 +2898,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
+@@ -2944,7 +2944,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -39929,67 +39929,10 @@ index 8c04943..4370ed9 100644
err = drm_debugfs_create_files(dc->debugfs_files,
ARRAY_SIZE(debugfs_files),
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index ed626e0..5340852 100644
+index ca959cf..f6c5f7d 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -759,6 +759,56 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
- }
- EXPORT_SYMBOL_GPL(hid_parse_report);
-
-+static const char * const hid_report_names[] = {
-+ "HID_INPUT_REPORT",
-+ "HID_OUTPUT_REPORT",
-+ "HID_FEATURE_REPORT",
-+};
-+/**
-+ * hid_validate_report - validate existing device report
-+ *
-+ * @device: hid device
-+ * @type: which report type to examine
-+ * @id: which report ID to examine (0 for first)
-+ * @fields: expected number of fields
-+ * @report_counts: expected number of values per field
-+ *
-+ * Validate the report details after parsing.
-+ */
-+struct hid_report *hid_validate_report(struct hid_device *hid,
-+ unsigned int type, unsigned int id,
-+ unsigned int fields,
-+ unsigned int report_counts)
-+{
-+ struct hid_report *report;
-+ unsigned int i;
-+
-+ if (type > HID_FEATURE_REPORT) {
-+ hid_err(hid, "invalid HID report %u\n", type);
-+ return NULL;
-+ }
-+
-+ report = hid->report_enum[type].report_id_hash[id];
-+ if (!report) {
-+ hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
-+ return NULL;
-+ }
-+ if (report->maxfield < fields) {
-+ hid_err(hid, "not enough fields in %s %u\n",
-+ hid_report_names[type], id);
-+ return NULL;
-+ }
-+ for (i = 0; i < fields; i++) {
-+ if (report->field[i]->report_count < report_counts) {
-+ hid_err(hid, "not enough values in %s %u fields\n",
-+ hid_report_names[type], id);
-+ return NULL;
-+ }
-+ }
-+ return report;
-+}
-+EXPORT_SYMBOL_GPL(hid_validate_report);
-+
- /**
- * hid_open_report - open a driver-specific device report
- *
-@@ -2284,7 +2334,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2340,7 +2340,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
@@ -39998,7 +39941,7 @@ index ed626e0..5340852 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2318,7 +2368,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2374,7 +2374,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -40007,228 +39950,13 @@ index ed626e0..5340852 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
-diff --git a/drivers/hid/hid-lenovo-tpkbd.c b/drivers/hid/hid-lenovo-tpkbd.c
-index 07837f5..b697ada 100644
---- a/drivers/hid/hid-lenovo-tpkbd.c
-+++ b/drivers/hid/hid-lenovo-tpkbd.c
-@@ -341,6 +341,11 @@ static int tpkbd_probe_tp(struct hid_device *hdev)
- char *name_mute, *name_micmute;
- int ret;
-
-+ /* Validate required reports. */
-+ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, 4, 4, 1) ||
-+ !hid_validate_report(hdev, HID_OUTPUT_REPORT, 3, 1, 2))
-+ return -ENODEV;
-+
- if (sysfs_create_group(&hdev->dev.kobj,
- &tpkbd_attr_group_pointer)) {
- hid_warn(hdev, "Could not create sysfs group\n");
-diff --git a/drivers/hid/hid-lg2ff.c b/drivers/hid/hid-lg2ff.c
-index b3cd150..9805197 100644
---- a/drivers/hid/hid-lg2ff.c
-+++ b/drivers/hid/hid-lg2ff.c
-@@ -64,26 +64,13 @@ int lg2ff_init(struct hid_device *hid)
- struct hid_report *report;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
-- struct list_head *report_list =
-- &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
- int error;
-
-- if (list_empty(report_list)) {
-- hid_err(hid, "no output report found\n");
-+ /* Check that the report looks ok */
-+ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7);
-+ if (!report)
- return -ENODEV;
-- }
--
-- report = list_entry(report_list->next, struct hid_report, list);
--
-- if (report->maxfield < 1) {
-- hid_err(hid, "output report is empty\n");
-- return -ENODEV;
-- }
-- if (report->field[0]->report_count < 7) {
-- hid_err(hid, "not enough values in the field\n");
-- return -ENODEV;
-- }
-
- lg2ff = kmalloc(sizeof(struct lg2ff_device), GFP_KERNEL);
- if (!lg2ff)
-diff --git a/drivers/hid/hid-lg3ff.c b/drivers/hid/hid-lg3ff.c
-index e52f181..53ac79b 100644
---- a/drivers/hid/hid-lg3ff.c
-+++ b/drivers/hid/hid-lg3ff.c
-@@ -66,10 +66,11 @@ static int hid_lg3ff_play(struct input_dev *dev, void *data,
- int x, y;
-
- /*
-- * Maxusage should always be 63 (maximum fields)
-- * likely a better way to ensure this data is clean
-+ * Available values in the field should always be 63, but we only use up to
-+ * 35. Instead, clear the entire area, however big it is.
- */
-- memset(report->field[0]->value, 0, sizeof(__s32)*report->field[0]->maxusage);
-+ memset(report->field[0]->value, 0,
-+ sizeof(__s32) * report->field[0]->report_count);
-
- switch (effect->type) {
- case FF_CONSTANT:
-@@ -129,32 +130,14 @@ static const signed short ff3_joystick_ac[] = {
- int lg3ff_init(struct hid_device *hid)
- {
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
-- struct hid_report *report;
-- struct hid_field *field;
- const signed short *ff_bits = ff3_joystick_ac;
- int error;
- int i;
-
-- /* Find the report to use */
-- if (list_empty(report_list)) {
-- hid_err(hid, "No output report found\n");
-- return -1;
-- }
--
- /* Check that the report looks ok */
-- report = list_entry(report_list->next, struct hid_report, list);
-- if (!report) {
-- hid_err(hid, "NULL output report\n");
-- return -1;
-- }
--
-- field = report->field[0];
-- if (!field) {
-- hid_err(hid, "NULL field\n");
-- return -1;
-- }
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 35))
-+ return -ENODEV;
-
- /* Assume single fixed device G940 */
- for (i = 0; ff_bits[i] >= 0; i++)
-diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c
-index 0ddae2a..8b89f0f 100644
---- a/drivers/hid/hid-lg4ff.c
-+++ b/drivers/hid/hid-lg4ff.c
-@@ -484,34 +484,16 @@ static enum led_brightness lg4ff_led_get_brightness(struct led_classdev *led_cde
- int lg4ff_init(struct hid_device *hid)
- {
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
-- struct hid_report *report;
-- struct hid_field *field;
- struct lg4ff_device_entry *entry;
- struct lg_drv_data *drv_data;
- struct usb_device_descriptor *udesc;
- int error, i, j;
- __u16 bcdDevice, rev_maj, rev_min;
-
-- /* Find the report to use */
-- if (list_empty(report_list)) {
-- hid_err(hid, "No output report found\n");
-- return -1;
-- }
--
- /* Check that the report looks ok */
-- report = list_entry(report_list->next, struct hid_report, list);
-- if (!report) {
-- hid_err(hid, "NULL output report\n");
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7))
- return -1;
-- }
--
-- field = report->field[0];
-- if (!field) {
-- hid_err(hid, "NULL field\n");
-- return -1;
-- }
-
- /* Check what wheel has been connected */
- for (i = 0; i < ARRAY_SIZE(lg4ff_devices); i++) {
-diff --git a/drivers/hid/hid-lgff.c b/drivers/hid/hid-lgff.c
-index d7ea8c8..a84fb40 100644
---- a/drivers/hid/hid-lgff.c
-+++ b/drivers/hid/hid-lgff.c
-@@ -128,27 +128,14 @@ static void hid_lgff_set_autocenter(struct input_dev *dev, u16 magnitude)
- int lgff_init(struct hid_device* hid)
- {
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
-- struct hid_report *report;
-- struct hid_field *field;
- const signed short *ff_bits = ff_joystick;
- int error;
- int i;
-
-- /* Find the report to use */
-- if (list_empty(report_list)) {
-- hid_err(hid, "No output report found\n");
-- return -1;
-- }
--
- /* Check that the report looks ok */
-- report = list_entry(report_list->next, struct hid_report, list);
-- field = report->field[0];
-- if (!field) {
-- hid_err(hid, "NULL field\n");
-- return -1;
-- }
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7))
-+ return -ENODEV;
-
- for (i = 0; i < ARRAY_SIZE(devices); i++) {
- if (dev->id.vendor == devices[i].idVendor &&
-diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
-index 5207591a..6c9197f 100644
---- a/drivers/hid/hid-logitech-dj.c
-+++ b/drivers/hid/hid-logitech-dj.c
-@@ -421,7 +421,7 @@ static int logi_dj_recv_send_report(struct dj_receiver_dev *djrcv_dev,
- struct hid_report *report;
- struct hid_report_enum *output_report_enum;
- u8 *data = (u8 *)(&dj_report->device_index);
-- int i;
-+ unsigned int i, length;
-
- output_report_enum = &hdev->report_enum[HID_OUTPUT_REPORT];
- report = output_report_enum->report_id_hash[REPORT_ID_DJ_SHORT];
-@@ -431,7 +431,9 @@ static int logi_dj_recv_send_report(struct dj_receiver_dev *djrcv_dev,
- return -ENODEV;
- }
-
-- for (i = 0; i < report->field[0]->report_count; i++)
-+ length = min_t(size_t, sizeof(*dj_report) - 1,
-+ report->field[0]->report_count);
-+ for (i = 0; i < length; i++)
- report->field[0]->value[i] = data[i];
-
- hid_hw_request(hdev, report, HID_REQ_SET_REPORT);
-@@ -738,6 +740,12 @@ static int logi_dj_probe(struct hid_device *hdev,
- goto hid_parse_fail;
- }
-
-+ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, REPORT_ID_DJ_SHORT,
-+ 1, 3)) {
-+ retval = -ENODEV;
-+ goto hid_parse_fail;
-+ }
-+
- /* Starts the usb device and connects to upper interfaces hiddev and
- * hidraw */
- retval = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
-index d39a5ce..4892dfc 100644
+index b6701ce..720a166 100644
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
-@@ -330,9 +330,18 @@ static void mt_feature_mapping(struct hid_device *hdev,
- break;
- }
+@@ -325,12 +325,21 @@ static void mt_feature_mapping(struct hid_device *hdev,
+ dev_err(&hdev->dev, "HID_DG_INPUTMODE out of range\n");
+ break;
}
+ /* Ignore if value index is out of bounds. */
+ if (td->inputmode_index < 0 ||
@@ -40237,6 +39965,9 @@ index d39a5ce..4892dfc 100644
+ td->inputmode = -1;
+ }
+ td->inputmode = field->report->id;
+ td->inputmode_index = usage->usage_index;
+
break;
case HID_DG_CONTACTMAX:
+ /* Ignore if value count is out of bounds. */
@@ -40245,7 +39976,7 @@ index d39a5ce..4892dfc 100644
td->maxcontact_report_id = field->report->id;
td->maxcontacts = field->value[0];
if (!td->maxcontacts &&
-@@ -743,15 +752,21 @@ static void mt_touch_report(struct hid_device *hid, struct hid_report *report)
+@@ -745,15 +754,21 @@ static void mt_touch_report(struct hid_device *hid, struct hid_report *report)
unsigned count;
int r, n;
@@ -40272,22 +40003,6 @@ index d39a5ce..4892dfc 100644
}
for (r = 0; r < report->maxfield; r++) {
-diff --git a/drivers/hid/hid-steelseries.c b/drivers/hid/hid-steelseries.c
-index d164911..ef42e86 100644
---- a/drivers/hid/hid-steelseries.c
-+++ b/drivers/hid/hid-steelseries.c
-@@ -249,6 +249,11 @@ static int steelseries_srws1_probe(struct hid_device *hdev,
- goto err_free;
- }
-
-+ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, 0, 1, 16)) {
-+ ret = -ENODEV;
-+ goto err_free;
-+ }
-+
- ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
- if (ret) {
- hid_err(hdev, "hw start failed\n");
diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
index 90124ff..3761764 100644
--- a/drivers/hid/hid-wiimote-debug.c
@@ -40301,35 +40016,6 @@ index 90124ff..3761764 100644
return -EFAULT;
*off += size;
-diff --git a/drivers/hid/hid-zpff.c b/drivers/hid/hid-zpff.c
-index 6ec28a3..b124991 100644
---- a/drivers/hid/hid-zpff.c
-+++ b/drivers/hid/hid-zpff.c
-@@ -68,22 +68,12 @@ static int zpff_init(struct hid_device *hid)
- struct hid_report *report;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
-- struct list_head *report_list =
-- &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
- int error;
-
-- if (list_empty(report_list)) {
-- hid_err(hid, "no output report found\n");
-+ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 4, 1);
-+ if (!report)
- return -ENODEV;
-- }
--
-- report = list_entry(report_list->next, struct hid_report, list);
--
-- if (report->maxfield < 4) {
-- hid_err(hid, "not enough fields in report\n");
-- return -ENODEV;
-- }
-
- zpff = kzalloc(sizeof(struct zpff_device), GFP_KERNEL);
- if (!zpff)
diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c
index fc307e0..2b255e8 100644
--- a/drivers/hid/uhid.c
@@ -75576,21 +75262,6 @@ index 0000000..e7ffaaf
+ const int protocol);
+
+#endif
-diff --git a/include/linux/hid.h b/include/linux/hid.h
-index ff545cc..76e41d8 100644
---- a/include/linux/hid.h
-+++ b/include/linux/hid.h
-@@ -749,6 +749,10 @@ void hid_output_report(struct hid_report *report, __u8 *data);
- struct hid_device *hid_allocate_device(void);
- struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id);
- int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size);
-+struct hid_report *hid_validate_report(struct hid_device *hid,
-+ unsigned int type, unsigned int id,
-+ unsigned int fields,
-+ unsigned int report_counts);
- int hid_open_report(struct hid_device *device);
- int hid_check_keys_pressed(struct hid_device *hid);
- int hid_connect(struct hid_device *hid, unsigned int connect_mask);
diff --git a/include/linux/highmem.h b/include/linux/highmem.h
index 7fb31da..08b5114 100644
--- a/include/linux/highmem.h
@@ -80612,7 +80283,7 @@ index 8d6e145..33e0b1e 100644
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index 91e53d0..d9e3ec4 100644
+index 7b0e23a..861041e 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -118,7 +118,7 @@ u32 audit_sig_sid = 0;
@@ -84778,7 +84449,7 @@ index e8b3350..d83d44e 100644
.priority = CPU_PRI_MIGRATION,
};
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 03b73be..9422b9f 100644
+index 009a62b..ae011f8 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -831,7 +831,7 @@ void task_numa_fault(int node, int pages, bool migrated)
@@ -85561,7 +85232,7 @@ index f11d83b..d016d91 100644
.clock_get = alarm_clock_get,
.timer_create = alarm_timer_create,
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index baeeb5c..c22704a 100644
+index fcc261c..119dc3b 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -15,6 +15,7 @@
@@ -91535,18 +91206,10 @@ index 1c91f0d3..485470a 100644
}
}
diff --git a/mm/swap.c b/mm/swap.c
-index dfd7d71..ccdf688 100644
+index 9f2225f..393d519 100644
--- a/mm/swap.c
+++ b/mm/swap.c
-@@ -31,6 +31,7 @@
- #include <linux/memcontrol.h>
- #include <linux/gfp.h>
- #include <linux/uio.h>
-+#include <linux/hugetlb.h>
-
- #include "internal.h"
-
-@@ -73,6 +74,8 @@ static void __put_compound_page(struct page *page)
+@@ -74,6 +74,8 @@ static void __put_compound_page(struct page *page)
__page_cache_release(page);
dtor = get_compound_page_dtor(page);