Merge changes from sid up to 3.2.20-1

svn path=/dists/trunk/linux/; revision=19128
2012-06-11 05:21:50 +00:00 · 2012-06-11 05:21:50 +00:00 · f9d7178138
parent 39d70141e7 c216062874
commit f9d7178138
37 changed files with 1571 additions and 495 deletions
--- a/debian/README.source
+++ b/debian/README.source
@ -23,41 +23,20 @@ Updating the upstream source
 Applying patches to the Debian kernel tree
 ==========================================

-The Debian kernel packaging uses a custom patching system:
+The Debian kernel packaging uses the quilt patch system, but with
+multiple series to allow for featuresets.

 Patches are stored below debian/patches, loosely sorted in bugfix/,
 features/ and debian/. Patches are in the standard kernel patch
 format (unified diff to be applied with patch -p1) and generally have
 DEP-3 headers.

-The order and the selection of patches which are applied during build
-time are specified in the series/ subdirectory. The series file 'base'
-is used for all configurations and the series file 'base-extra' is
-additionally used for optional featuresets.
-
-Let's look at the actual series file for 2.6.26-12:
-
-+ bugfix/all/net-unix-gc-fix-soft-lockups-oom-issues.patch
-+ bugfix/all/inotify-watch-removal-umount-races.patch
-+ bugfix/all/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch
-+ bugfix/all/ata-pata_marvell-vs-ahci.patch
-+ features/sparc/video-sunxvr500-intergraph.patch
-
-The patches to be applied are specified relative to debian/patches
-and must be preceded by a "+". The series files may be arbitrarily
-documented with comments starting with "#".
-
-Let's now have a look at the series file for the addon kernel flavours
-of 2.6.26-12:
-
-+ features/all/xen/dom0-fix-processor-throttling-when-pr-id-is-minus-1.patch featureset=xen
-
-The same syntax applies for specifing the patches, but an additional
-argument is needed which specifies the featureset the patch applies to.
-
+The series file 'series-all' is used for all configurations and a
+series file 'series-<featureset>' is used for each optional
+featureset.

 If you want to generate a source tree with all patches applied, run
-make -f debian/rules source-all
+make -f debian/rules source

 The resulting source can be found below debian/build.

--- a/debian/bin/check-patches.sh
+++ b/debian/bin/check-patches.sh
@ -2,7 +2,7 @@

 TMPDIR=$(mktemp -d)
 trap "rm -rf $TMPDIR" EXIT
-grep -v "^#"  debian/patches/series/* | awk '{if (NF >= 2) print "debian/patches/" $2}' | sort -u > $TMPDIR/used
+sed '/^#/d; /^[[:space:]]*$/d; s/^[+X] //; s,^,debian/patches/,' debian/patches/series* | sort -u > $TMPDIR/used
 find debian/patches ! -path '*/series*' -type f -name "*.diff" -o -name "*.patch" -printf "%p\n" | sort > $TMPDIR/avail
 echo "Used patches"
 echo "=============="
--- a/debian/bin/genorig.py
+++ b/debian/bin/genorig.py
@ -33,7 +33,7 @@ class Main(object):
        self.log('Using source name %s, version %s, dfsg %s\n' % (source, version.upstream, self.version_dfsg))

        self.orig = '%s-%s' % (source, version.upstream)
-        self.orig_tar = '%s_%s.orig.tar.gz' % (source, version.upstream)
+        self.orig_tar = '%s_%s.orig.tar.xz' % (source, version.upstream)
        self.tag = 'v' + version.linux_upstream_full

    def __call__(self):
@ -117,7 +117,7 @@ class Main(object):
        except OSError:
            pass
        self.log("Generate tarball %s\n" % out)
-        cmdline = ['tar -czf', out, '-C', self.dir, self.orig]
+        cmdline = ['tar -caf', out, '-C', self.dir, self.orig]
        try:
            if os.spawnv(os.P_WAIT, '/bin/sh', ['sh', '-c', ' '.join(cmdline)]):
                raise RuntimeError("Can't patch source")
--- a/debian/bin/patch.apply
+++ b/debian/bin/patch.apply
@ -1,50 +0,0 @@
-#!/usr/bin/env python
-
-import os, os.path, re, sys
-from warnings import warn
-from debian_linux.patches import PatchSeries
-
-def main():
-    options, args = parse_options()
-
-    if len(args) > 1:
-        print "Too much arguments"
-        return
-
-    home = options.home
-    name = options.featureset or "all"
-    fp = file(os.path.join(home, "series-%s" % name))
-    PatchSeries(name, home, fp)()
-
-def parse_options():
-    from optparse import OptionParser
-    parser = OptionParser(
-        usage = "%prog [OPTION]... [TARGET]",
-    )
-    parser.add_option(
-        '-f', '--featureset',
-        dest = 'featureset',
-        help = "featureset",
-    )
-    parser.add_option(
-        '-H', '--overwrite-home',
-        dest = 'home',
-        help = "overwrite home [no default]",
-    )
-
-    options, args = parser.parse_args()
-
-    return options, args
-
-if __name__ == '__main__':
-    def showwarning(message, category, filename, lineno,
-                    file=sys.stderr, line=''):
-        file.write("Warning: %s\n" % message)
-    import warnings
-    warnings.showwarning = showwarning
-    try:
-        main()
-    except RuntimeError, e:
-        sys.stderr.write("Error: %s\n" % e)
-        raise SystemExit, 1
-
--- a/debian/bin/test-patches
+++ b/debian/bin/test-patches
@ -8,7 +8,7 @@ arch="$(dpkg --print-architecture)"
 kernelabi="$(uname -r)"
 ff="${kernelabi#+([^-])-@(trunk|+([0-9]))-}"
 if [ "x$ff" != "x$kernelabi" ]; then
-    flavour="${ff#@(openvz|vserver|xen)-}"
+    flavour="${ff#@(openvz|rt|vserver|xen)-}"
    if [ "x$flavour" != "x$ff" ]; then
 	featureset="${ff%-$flavour}"
    else
@ -33,9 +33,9 @@ if [ $# -lt 1 ]; then
    echo >&2 "Usage: $0 [<options>] <patch>..."
    cat >&2 <<EOF
 Options:
-     -f <flavour>     specify the 'flavour' of kernel to build, e.g. 686
+     -f <flavour>     specify the 'flavour' of kernel to build, e.g. 686-pae
     -j <jobs>        specify number of compiler jobs to run in parallel
-     -s <featureset>  specify an optional featureset to apply, e.g. xen
+     -s <featureset>  specify an optional featureset to apply, e.g. rt
 EOF
    exit 2
 fi
@ -55,23 +55,24 @@ if [ "${version%a~test}" = "$version" ]; then
    dch -v "$version" --distribution UNRELEASED "Testing patches $*"
 fi

-restrictfeature=
-series="${version##*-}"
-if [ "$featureset" != none ]; then
-    restrictfeature=" featureset=$featureset"
-    series="${series}-extra"
+# Make new directory for patches
+mkdir -p debian/patches/test
+
+# Ignore user's .quiltrc
+alias quilt='quilt --quiltrc -'
+
+# Try to clean up any previous test patches
+if [ "$featureset" = none ]; then
+    while quilt top 2>/dev/null | grep -q ^test/; do
+        quilt delete
+    done
+else
+    sed -i '/^test\//d' debian/patches/series-${featureset}
 fi

-# Copy all patches into a new directory
+# Prepare a new directory for the patches
 rm -rf debian/patches/test/
 mkdir debian/patches/test
-cp -t debian/patches/test/ "$@"
-
-# Generate patch series for the new version
->debian/patches/series/"$series"
-for patch in "$@"; do
-    echo "+ test/$(basename "$patch")${restrictfeature}" >>debian/patches/series/"$series"
-done

 # Regenerate control and included rules
 rm debian/control debian/rules.gen
@ -79,9 +80,17 @@ debian/rules debian/control-real && exit 1 || true
 test -f debian/control
 test -f debian/rules.gen

-# Clean and patch source
+# Clean up old build; apply existing patches for featureset
 debian/rules clean
 debian/rules source

+# Apply the additional patches
+for patch in "$@"; do
+    patch_abs="$(readlink -f "$patch")"
+    (cd "debian/build/source_${featureset}" && \
+     quilt import -P "test/$(basename "$patch")" "$patch_abs" && \
+     quilt push --fuzz=0)
+done
+
 # Build selected binaries
 fakeroot make -f debian/rules.gen binary-arch_"$arch"_"$featureset"_"$flavour"
--- a/debian/changelog
+++ b/debian/changelog
@ -6,6 +6,7 @@ linux-2.6 (3.4.2-1~experimental.1) UNRELEASED; urgency=low
  [ Ben Hutchings ]
  * [ia64] Export <asm/cmpxchg.h> to userland (fixes FTBFS)
  * [x86] Enable BATTERY_SBS as module (Closes: #662902)
+  * team: Enable NET_TEAM_MODE_LOADBALANCE as module

 -- Ben Hutchings <ben@decadent.org.uk>  Thu, 07 Jun 2012 04:45:03 +0100

@ -102,25 +103,71 @@ linux-2.6 (3.3~rc6-1~experimental.1) experimental; urgency=low

 -- Ben Hutchings <ben@decadent.org.uk>  Sun, 04 Mar 2012 20:27:42 +0000

-linux (3.2.19-2) UNRELEASED; urgency=low
+linux (3.2.20-1) unstable; urgency=low

-  * The "Not Quite So Many Different Version Numbers" release
+  * The "Confused? You Won't Be" release
+
+  * New upstream stable update:
+    http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.20
+   - cifs: fix oops while traversing open file list (try #4)
+   - mm/fork: fix overflow in vma length when copying mmap on clone
+   - mm: fix faulty initialization in vmalloc_init()
+   - x86, amd, xen: Avoid NULL pointer paravirt references
+   - ext4: force ro mount if ext4_setup_super() fails
+   - ext4: disallow hard-linked directory in ext4_lookup
+   - ext4: add missing save_error_info() to ext4_error()
+   - ALSA: usb-audio: fix rate_list memory leak
+   - Bluetooth: btusb: typo in Broadcom SoftSailing id (Closes: #674565)
+   - ipv4: Do not use dead fib_info entries.
+   - ipv4: fix the rcu race between free_fib_info and ip_route_output_slow
+   - l2tp: fix oops in L2TP IP sockets for connect() AF_UNSPEC case
+   - btree: fix tree corruption in btree_get_prev()
+   - asix: allow full size 8021Q frames to be received (Closes: #676545)
+   - ext4: don't trash state flags in EXT4_IOC_SETFLAGS
+   - ext4: fix the free blocks calculation for ext3 file systems w/ uninit_bg

  [ Ben Hutchings ]
  * Rename source package to 'linux' (Closes: #636010)
+  * Convert source package format to 3.0 (quilt)
+    - Convert patch system to quilt, except for the 'orig' patch series
+    - Use xz compression for upstream and Debian tarballs
+    - README.source: Update description of patch system to match current
+      usage
+    - linux-patch-debian: Remove; it is no longer necessary for GPL
+      compliance and does not work with our current patch management
  * linux-image: Change package name for bugs to 'src:linux' (Closes: #644198)
  * DFSG: video: Remove nvidiafb and rivafb, which include apparently
-    obfuscated code (Closes: #383481).  The nouveau driver supports all
-    the same hardware, aside from RIVA 128 (NV3).
+    obfuscated code (Closes: #383481, #609615).  The nouveau driver supports
+    all the same hardware, aside from RIVA 128 (NV3).
  * udeb: Add udf-modules containing UDF filesystem module (Closes: #613972)
  * [mipsel/loongson2f] linux-image: Recommend libc6-loongson2f
    (Closes: #629410)
  * Build-Depend on kmod or module-init-tools, not just the latter
-  * README.source: Update description of patch system to match current usage
-  * linux-patch-debian: Remove; it is no longer necessary for GPL compliance
-    and does not work with our current patch management
+  * test-patches: Recognise the rt featureset automatically
+  * udeb: Build-Depend on kernel-wedge >= 2.84; this allows us to list
+    modules as required even if they are built-in in some configurations
+  * filter: Allow to create sk-unattached filters
+  * proc: Backport hidepid mount option from Linux 3.4 (Closes: #669028)
+  * NFSv4: Reduce the footprint of the idmapper (Closes: #657078)
+  * [i386] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE
+    (Closes: #676360)
+  * linux-source: Add single patch for each featureset
+  * [x86] Enable CRASH_DUMP, PROC_VMCORE (Closes: #623177)
+  * media/dvb: Enable DVB_DDBRIDGE as module (Closes: #676952)
+  * net: sock: validate data_len before allocating skb in
+    sock_alloc_send_pskb() (CVE-2012-2136)
+  * macvtap: zerocopy: fix offset calculation when building skb
+  * macvtap: zerocopy: fix truesize underestimation
+  * macvtap: zerocopy: put page when fail to get all requested user pages
+  * macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is built
+    successfully
+  * macvtap: zerocopy: validate vectors before building skb (CVE-2012-2119)
+  * KVM: Fix buffer overflow in kvm_set_irq() (CVE-2012-2137)

- -- Ben Hutchings <ben@decadent.org.uk>  Sat, 02 Jun 2012 20:31:53 +0100
+  [ Bastian Blank ]
+  * [s390/s390x,s390x/s390x] Build debugging symbols.
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Mon, 11 Jun 2012 02:46:34 +0100

 linux-2.6 (3.2.19-1) unstable; urgency=low

--- a/debian/config/config
+++ b/debian/config/config
@ -955,6 +955,11 @@ CONFIG_DVB_B2C2_FLEXCOP_USB=m
 ##
 CONFIG_DVB_BT8XX=m

+##
+## file: drivers/media/dvb/ddbridge/Kconfig
+##
+CONFIG_DVB_DDBRIDGE=m
+
 ##
 ## file: drivers/media/dvb/dm1105/Kconfig
 ##
@ -2096,6 +2101,7 @@ CONFIG_SLIP_MODE_SLIP6=y
 CONFIG_NET_TEAM=m
 CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
 CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
+CONFIG_NET_TEAM_MODE_LOADBALANCE=m

 ##
 ## file: drivers/net/tokenring/Kconfig
--- a/debian/config/kernelarch-x86/config
+++ b/debian/config/kernelarch-x86/config
@ -48,7 +48,7 @@ CONFIG_EFI_STUB=y
 CONFIG_SECCOMP=y
 CONFIG_CC_STACKPROTECTOR=y
 CONFIG_KEXEC=y
-# CONFIG_CRASH_DUMP is not set
+CONFIG_CRASH_DUMP=y
 # CONFIG_KEXEC_JUMP is not set
 CONFIG_RELOCATABLE=y
 CONFIG_HOTPLUG_CPU=y
@ -1571,6 +1571,11 @@ CONFIG_SGI_PARTITION=y
 CONFIG_ULTRIX_PARTITION=y
 CONFIG_SUN_PARTITION=y

+##
+## file: fs/proc/Kconfig
+##
+CONFIG_PROC_VMCORE=y
+
 ##
 ## file: kernel/irq/Kconfig
 ##
--- a/debian/config/s390/defines
+++ b/debian/config/s390/defines
@ -28,6 +28,9 @@ initramfs: false
 override-localversion: s390
 type: plain-s390-tape

+[s390x_build]
+debug-info: true
+
 [s390x_description]
 hardware: IBM zSeries
 parts: reader
--- a/debian/config/s390x/defines
+++ b/debian/config/s390x/defines
@ -13,6 +13,9 @@ part-short-tape: IPL from tape
 bootloaders: s390-tools
 configs: s390/config

+[s390x_build]
+debug-info: true
+
 [s390x_description]
 hardware: IBM zSeries
 parts: reader
--- a/debian/lib/python/debian_linux/gencontrol.py
+++ b/debian/lib/python/debian_linux/gencontrol.py
@ -114,6 +114,8 @@ class Gencontrol(object):
        pass

    def do_main_makefile(self, makefile, makeflags, extra):
+        makeflags = makeflags.copy()
+        makeflags['ALL_FEATURESETS'] = ' '.join(self.config['base', ]['featuresets'])
        makefile.add('binary-indep', cmds=["$(MAKE) -f debian/rules.real binary-indep %s" % makeflags])

    def do_main_packages(self, packages, vars, makeflags, extra):
--- a/debian/patches/bugfix/all/KVM-Fix-buffer-overflow-in-kvm_set_irq.patch
+++ b/debian/patches/bugfix/all/KVM-Fix-buffer-overflow-in-kvm_set_irq.patch
@ -0,0 +1,33 @@
+From: Avi Kivity <avi@redhat.com>
+Date: Sun, 22 Apr 2012 17:02:11 +0300
+Subject: [PATCH] KVM: Fix buffer overflow in kvm_set_irq()
+
+commit f2ebd422f71cda9c791f76f85d2ca102ae34a1ed upstream.
+
+kvm_set_irq() has an internal buffer of three irq routing entries, allowing
+connecting a GSI to three IRQ chips or on MSI.  However setup_routing_entry()
+does not properly enforce this, allowing three irqchip routes followed by
+an MSI route to overflow the buffer.
+
+Fix by ensuring that an MSI entry is added to an empty list.
+
+Signed-off-by: Avi Kivity <avi@redhat.com>
+---
+ virt/kvm/irq_comm.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/virt/kvm/irq_comm.c b/virt/kvm/irq_comm.c
+index a6a0365..5afb431 100644
+--- a/virt/kvm/irq_comm.c
+++ b/virt/kvm/irq_comm.c
+@@ -332,6 +332,7 @@ static int setup_routing_entry(struct kvm_irq_routing_table *rt,
+ 	 */
+ 	hlist_for_each_entry(ei, n, &rt->map[ue->gsi], link)
+ 		if (ei->type == KVM_IRQ_ROUTING_MSI ||
+		    ue->type == KVM_IRQ_ROUTING_MSI ||
+ 		    ue->u.irqchip.irqchip == ei->irqchip.irqchip)
+ 			return r;
+ 
+-- 
+1.7.10
+
--- a/debian/patches/bugfix/all/macvtap-zerocopy-fix-offset-calculation-when-buildin.patch
+++ b/debian/patches/bugfix/all/macvtap-zerocopy-fix-offset-calculation-when-buildin.patch
@ -0,0 +1,61 @@
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 2 May 2012 11:41:30 +0800
+Subject: [1/5] macvtap: zerocopy: fix offset calculation when building skb
+
+commit 3afc9621f15701c557e60f61eba9242bac2771dd upstream.
+
+This patch fixes the offset calculation when building skb:
+
+- offset1 were used as skb data offset not vector offset
+- reset offset to zero only when we advance to next vector
+
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ drivers/net/macvtap.c |   13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
+index 0427c65..bd4a70d 100644
+--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
+@@ -505,10 +505,11 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
+ 		if (copy > size) {
+ 			++from;
+ 			--count;
+-		}
+			offset = 0;
+		} else
+			offset += size;
+ 		copy -= size;
+ 		offset1 += size;
+-		offset = 0;
+ 	}
+ 
+ 	if (len == offset1)
+@@ -519,13 +520,13 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
+ 		int num_pages;
+ 		unsigned long base;
+ 
+-		len = from->iov_len - offset1;
+		len = from->iov_len - offset;
+ 		if (!len) {
+-			offset1 = 0;
+			offset = 0;
+ 			++from;
+ 			continue;
+ 		}
+-		base = (unsigned long)from->iov_base + offset1;
+		base = (unsigned long)from->iov_base + offset;
+ 		size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT;
+ 		num_pages = get_user_pages_fast(base, size, 0, &page[i]);
+ 		if ((num_pages != size) ||
+@@ -546,7 +547,7 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
+ 			len -= size;
+ 			i++;
+ 		}
+-		offset1 = 0;
+		offset = 0;
+ 		++from;
+ 	}
+ 	return 0;
--- a/debian/patches/bugfix/all/macvtap-zerocopy-fix-truesize-underestimation.patch
+++ b/debian/patches/bugfix/all/macvtap-zerocopy-fix-truesize-underestimation.patch
@ -0,0 +1,41 @@
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 2 May 2012 11:41:44 +0800
+Subject: [2/5] macvtap: zerocopy: fix truesize underestimation
+
+commit 4ef67ebedffa44ed9939b34708ac2fee06d2f65f upstream.
+
+As the skb fragment were pinned/built from user pages, we should
+account the page instead of length for truesize.
+
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ drivers/net/macvtap.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
+index bd4a70d..7cb2684 100644
+--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
+@@ -519,6 +519,7 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
+ 		struct page *page[MAX_SKB_FRAGS];
+ 		int num_pages;
+ 		unsigned long base;
+		unsigned long truesize;
+ 
+ 		len = from->iov_len - offset;
+ 		if (!len) {
+@@ -533,10 +534,11 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
+ 		    (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags))
+ 			/* put_page is in skb free */
+ 			return -EFAULT;
+		truesize = size * PAGE_SIZE;
+ 		skb->data_len += len;
+ 		skb->len += len;
+-		skb->truesize += len;
+-		atomic_add(len, &skb->sk->sk_wmem_alloc);
+		skb->truesize += truesize;
+		atomic_add(truesize, &skb->sk->sk_wmem_alloc);
+ 		while (len) {
+ 			int off = base & ~PAGE_MASK;
+ 			int size = min_t(int, len, PAGE_SIZE - off);
--- a/debian/patches/bugfix/all/macvtap-zerocopy-put-page-when-fail-to-get-all-reque.patch
+++ b/debian/patches/bugfix/all/macvtap-zerocopy-put-page-when-fail-to-get-all-reque.patch
@ -0,0 +1,35 @@
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 2 May 2012 11:41:58 +0800
+Subject: [3/5] macvtap: zerocopy: put page when fail to get all requested
+ user pages
+
+commit 02ce04bb3d28c3333231f43bca677228dbc686fe upstream.
+
+When get_user_pages_fast() fails to get all requested pages, we could not use
+kfree_skb() to free it as it has not been put in the skb fragments. So we need
+to call put_page() instead.
+
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ drivers/net/macvtap.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
+index 7cb2684..9ab182a 100644
+--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
+@@ -531,9 +531,11 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
+ 		size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT;
+ 		num_pages = get_user_pages_fast(base, size, 0, &page[i]);
+ 		if ((num_pages != size) ||
+-		    (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags))
+-			/* put_page is in skb free */
+		    (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags)) {
+			for (i = 0; i < num_pages; i++)
+				put_page(page[i]);
+ 			return -EFAULT;
+		}
+ 		truesize = size * PAGE_SIZE;
+ 		skb->data_len += len;
+ 		skb->len += len;
--- a/debian/patches/bugfix/all/macvtap-zerocopy-set-SKBTX_DEV_ZEROCOPY-only-when-sk.patch
+++ b/debian/patches/bugfix/all/macvtap-zerocopy-set-SKBTX_DEV_ZEROCOPY-only-when-sk.patch
@ -0,0 +1,48 @@
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 2 May 2012 11:42:06 +0800
+Subject: [4/5] macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is
+ built successfully
+
+commit 01d6657b388438def19c8baaea28e742b6ed32ec upstream.
+
+Current the SKBTX_DEV_ZEROCOPY is set unconditionally after
+zerocopy_sg_from_iovec(), this would lead NULL pointer when macvtap
+fails to build zerocopy skb because destructor_arg was not
+initialized. Solve this by set this flag after the skb were built
+successfully.
+
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ drivers/net/macvtap.c |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
+index 9ab182a..a4ff694 100644
+--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
+@@ -699,10 +699,9 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
+ 	if (!skb)
+ 		goto err;
+ 
+-	if (zerocopy) {
+	if (zerocopy)
+ 		err = zerocopy_sg_from_iovec(skb, iv, vnet_hdr_len, count);
+-		skb_shinfo(skb)->tx_flags |= SKBTX_DEV_ZEROCOPY;
+-	} else
+	else
+ 		err = skb_copy_datagram_from_iovec(skb, 0, iv, vnet_hdr_len,
+ 						   len);
+ 	if (err)
+@@ -721,8 +720,10 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
+ 	rcu_read_lock_bh();
+ 	vlan = rcu_dereference_bh(q->vlan);
+ 	/* copy skb_ubuf_info for callback when skb has no error */
+-	if (zerocopy)
+	if (zerocopy) {
+ 		skb_shinfo(skb)->destructor_arg = m->msg_control;
+		skb_shinfo(skb)->tx_flags |= SKBTX_DEV_ZEROCOPY;
+	}
+ 	if (vlan)
+ 		macvlan_start_xmit(skb, vlan->dev);
+ 	else
--- a/debian/patches/bugfix/all/macvtap-zerocopy-validate-vectors-before-building-sk.patch
+++ b/debian/patches/bugfix/all/macvtap-zerocopy-validate-vectors-before-building-sk.patch
@ -0,0 +1,78 @@
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 2 May 2012 11:42:15 +0800
+Subject: macvtap: zerocopy: validate vectors before building skb
+
+commit b92946e2919134ebe2a4083e4302236295ea2a73 upstream.
+
+There're several reasons that the vectors need to be validated:
+
+- Return error when caller provides vectors whose num is greater than UIO_MAXIOV.
+- Linearize part of skb when userspace provides vectors grater than MAX_SKB_FRAGS.
+- Return error when userspace provides vectors whose total length may exceed
+- MAX_SKB_FRAGS * PAGE_SIZE.
+
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ drivers/net/macvtap.c |   25 +++++++++++++++++++++----
+ 1 file changed, 21 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
+index a4ff694..163559c 100644
+--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
+@@ -529,9 +529,10 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
+ 		}
+ 		base = (unsigned long)from->iov_base + offset;
+ 		size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT;
+		if (i + size > MAX_SKB_FRAGS)
+			return -EMSGSIZE;
+ 		num_pages = get_user_pages_fast(base, size, 0, &page[i]);
+-		if ((num_pages != size) ||
+-		    (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags)) {
+		if (num_pages != size) {
+ 			for (i = 0; i < num_pages; i++)
+ 				put_page(page[i]);
+ 			return -EFAULT;
+@@ -651,7 +652,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
+ 	int err;
+ 	struct virtio_net_hdr vnet_hdr = { 0 };
+ 	int vnet_hdr_len = 0;
+-	int copylen;
+	int copylen = 0;
+ 	bool zerocopy = false;
+ 
+ 	if (q->flags & IFF_VNET_HDR) {
+@@ -680,15 +681,31 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
+ 	if (unlikely(len < ETH_HLEN))
+ 		goto err;
+ 
+	err = -EMSGSIZE;
+	if (unlikely(count > UIO_MAXIOV))
+		goto err;
+
+ 	if (m && m->msg_control && sock_flag(&q->sk, SOCK_ZEROCOPY))
+ 		zerocopy = true;
+ 
+ 	if (zerocopy) {
+		/* Userspace may produce vectors with count greater than
+		 * MAX_SKB_FRAGS, so we need to linearize parts of the skb
+		 * to let the rest of data to be fit in the frags.
+		 */
+		if (count > MAX_SKB_FRAGS) {
+			copylen = iov_length(iv, count - MAX_SKB_FRAGS);
+			if (copylen < vnet_hdr_len)
+				copylen = 0;
+			else
+				copylen -= vnet_hdr_len;
+		}
+ 		/* There are 256 bytes to be copied in skb, so there is enough
+ 		 * room for skb expand head in case it is used.
+ 		 * The rest buffer is mapped from userspace.
+ 		 */
+-		copylen = vnet_hdr.hdr_len;
+		if (copylen < vnet_hdr.hdr_len)
+			copylen = vnet_hdr.hdr_len;
+ 		if (!copylen)
+ 			copylen = GOODCOPY_LEN;
+ 	} else
--- a/debian/patches/bugfix/all/net-sock-validate-data_len-before-allocating-skb-in-.patch
+++ b/debian/patches/bugfix/all/net-sock-validate-data_len-before-allocating-skb-in-.patch
@ -0,0 +1,48 @@
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 30 May 2012 21:18:10 +0000
+Subject: net: sock: validate data_len before allocating skb in
+ sock_alloc_send_pskb()
+
+commit cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc upstream.
+
+We need to validate the number of pages consumed by data_len, otherwise frags
+array could be overflowed by userspace. So this patch validate data_len and
+return -EMSGSIZE when data_len may occupies more frags than MAX_SKB_FRAGS.
+
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/core/sock.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/net/core/sock.c b/net/core/sock.c
+index 653f8c0..9e5b71f 100644
+--- a/net/core/sock.c
+++ b/net/core/sock.c
+@@ -1592,6 +1592,11 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
+ 	gfp_t gfp_mask;
+ 	long timeo;
+ 	int err;
+	int npages = (data_len + (PAGE_SIZE - 1)) >> PAGE_SHIFT;
+
+	err = -EMSGSIZE;
+	if (npages > MAX_SKB_FRAGS)
+		goto failure;
+ 
+ 	gfp_mask = sk->sk_allocation;
+ 	if (gfp_mask & __GFP_WAIT)
+@@ -1610,14 +1615,12 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
+ 		if (atomic_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf) {
+ 			skb = alloc_skb(header_len, gfp_mask);
+ 			if (skb) {
+-				int npages;
+ 				int i;
+ 
+ 				/* No pages, we're done... */
+ 				if (!data_len)
+ 					break;
+ 
+-				npages = (data_len + (PAGE_SIZE - 1)) >> PAGE_SHIFT;
+ 				skb->truesize += data_len;
+ 				skb_shinfo(skb)->nr_frags = npages;
+ 				for (i = 0; i < npages; i++) {
--- a/debian/patches/bugfix/x86/thp-avoid-atomic64_read-in-pmd_read_atomic-for-32bit-pae.patch
+++ b/debian/patches/bugfix/x86/thp-avoid-atomic64_read-in-pmd_read_atomic-for-32bit-pae.patch
@ -0,0 +1,112 @@
+From: Andrea Arcangeli <aarcange@redhat.com>
+Subject: thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE
+
+In the x86 32bit PAE CONFIG_TRANSPARENT_HUGEPAGE=y case while holding the
+mmap_sem for reading, cmpxchg8b cannot be used to read pmd contents under
+Xen.
+
+So instead of dealing only with "consistent" pmdvals in
+pmd_none_or_trans_huge_or_clear_bad() (which would be conceptually
+simpler) we let pmd_none_or_trans_huge_or_clear_bad() deal with pmdvals
+where the low 32bit and high 32bit could be inconsistent (to avoid having
+to use cmpxchg8b).
+
+The only guarantee we get from pmd_read_atomic is that if the low part of
+the pmd was found null, the high part will be null too (so the pmd will be
+considered unstable).  And if the low part of the pmd is found "stable"
+later, then it means the whole pmd was read atomically (because after a
+pmd is stable, neither MADV_DONTNEED nor page faults can alter it anymore,
+and we read the high part after the low part).
+
+In the 32bit PAE x86 case, it is enough to read the low part of the pmdval
+atomically to declare the pmd as "stable" and that's true for THP and no
+THP, furthermore in the THP case we also have a barrier() that will
+prevent any inconsistent pmdvals to be cached by a later re-read of the
+*pmd.
+
+Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
+Cc: Jonathan Nieder <jrnieder@gmail.com>
+Cc: Ulrich Obergfell <uobergfe@redhat.com>
+Cc: Mel Gorman <mgorman@suse.de>
+Cc: Hugh Dickins <hughd@google.com>
+Cc: Larry Woodman <lwoodman@redhat.com>
+Cc: Petr Matousek <pmatouse@redhat.com>
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Jan Beulich <jbeulich@suse.com>
+Cc: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+---
+
+ arch/x86/include/asm/pgtable-3level.h |   30 +++++++++++++-----------
+ include/asm-generic/pgtable.h         |   10 ++++++++
+ 2 files changed, 27 insertions(+), 13 deletions(-)
+
+--- a/arch/x86/include/asm/pgtable-3level.h
+++ b/arch/x86/include/asm/pgtable-3level.h
+@@ -47,16 +47,26 @@
+  * they can run pmd_offset_map_lock or pmd_trans_huge or other pmd
+  * operations.
+  *
+- * Without THP if the mmap_sem is hold for reading, the
+- * pmd can only transition from null to not null while pmd_read_atomic runs.
+- * So there's no need of literally reading it atomically.
+ * Without THP if the mmap_sem is hold for reading, the pmd can only
+ * transition from null to not null while pmd_read_atomic runs. So
+ * we can always return atomic pmd values with this function.
+  *
+  * With THP if the mmap_sem is hold for reading, the pmd can become
+- * THP or null or point to a pte (and in turn become "stable") at any
+- * time under pmd_read_atomic, so it's mandatory to read it atomically
+- * with cmpxchg8b.
+ * trans_huge or none or point to a pte (and in turn become "stable")
+ * at any time under pmd_read_atomic. We could read it really
+ * atomically here with a atomic64_read for the THP enabled case (and
+ * it would be a whole lot simpler), but to avoid using cmpxchg8b we
+ * only return an atomic pmdval if the low part of the pmdval is later
+ * found stable (i.e. pointing to a pte). And we're returning a none
+ * pmdval if the low part of the pmd is none. In some cases the high
+ * and low part of the pmdval returned may not be consistent if THP is
+ * enabled (the low part may point to previously mapped hugepage,
+ * while the high part may point to a more recently mapped hugepage),
+ * but pmd_none_or_trans_huge_or_clear_bad() only needs the low part
+ * of the pmd to be read atomically to decide if the pmd is unstable
+ * or not, with the only exception of when the low part of the pmd is
+ * zero in which case we return a none pmd.
+  */
+-#ifndef CONFIG_TRANSPARENT_HUGEPAGE
+ static inline pmd_t pmd_read_atomic(pmd_t *pmdp)
+ {
+ 	pmdval_t ret;
+@@ -74,12 +84,6 @@
+ 
+ 	return (pmd_t) { ret };
+ }
+-#else /* CONFIG_TRANSPARENT_HUGEPAGE */
+-static inline pmd_t pmd_read_atomic(pmd_t *pmdp)
+-{
+-	return (pmd_t) { atomic64_read((atomic64_t *)pmdp) };
+-}
+-#endif /* CONFIG_TRANSPARENT_HUGEPAGE */
+ 
+ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
+ {
+--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
+@@ -484,6 +484,16 @@
+ 	/*
+ 	 * The barrier will stabilize the pmdval in a register or on
+ 	 * the stack so that it will stop changing under the code.
+	 *
+	 * When CONFIG_TRANSPARENT_HUGEPAGE=y on x86 32bit PAE,
+	 * pmd_read_atomic is allowed to return a not atomic pmdval
+	 * (for example pointing to an hugepage that has never been
+	 * mapped in the pmd). The below checks will only care about
+	 * the low part of the pmd with 32bit PAE x86 anyway, with the
+	 * exception of pmd_none(). So the important thing is that if
+	 * the low part of the pmd is found null, the high part will
+	 * be also null or the pmd_none() check below would be
+	 * confused.
+ 	 */
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ 	barrier();
--- a/debian/patches/debian/arch-sh4-fix-uimage-build.patch
+++ b/debian/patches/debian/arch-sh4-fix-uimage-build.patch
@ -1,5 +1,5 @@
--- a/arch/sh/Makefile	2009-12-03 12:51:21.000000000 +0900
-+++ b/arch/sh/Makefile	2010-02-04 15:47:57.000000000 +0900
+--- a/arch/sh/Makefile
+++ b/arch/sh/Makefile
@@ -75,7 +75,6 @@
 
 # Give the various platforms the opportunity to set default image types
@ -7,4 +7,4 @@
 -defaultimage-$(CONFIG_SH_SH7785LCR)		:= uImage
 defaultimage-$(CONFIG_SH_RSK)			:= uImage
 defaultimage-$(CONFIG_SH_URQUELL)		:= uImage
- defaultimage-$(CONFIG_SH_7206_SOLUTION_ENGINE)	:= vmlinux
+ defaultimage-$(CONFIG_SH_MIGOR)			:= uImage
--- a/debian/patches/debian/kernelvariables.patch
+++ b/debian/patches/debian/kernelvariables.patch
@ -13,8 +13,8 @@ use of $(ARCH) needs to be moved after this.

 --- a/Makefile
 +++ b/Makefile
-@@ -198,46 +198,6 @@
- CROSS_COMPILE	?=
+@@ -195,46 +195,6 @@
+ ARCH		?= $(SUBARCH)
 CROSS_COMPILE	?= $(CONFIG_CROSS_COMPILE:"%"=%)
 
 -# Architecture as present in compile.h
@ -60,7 +60,7 @@ use of $(ARCH) needs to be moved after this.
 KCONFIG_CONFIG	?= .config
 export KCONFIG_CONFIG
 
-@@ -354,6 +314,44 @@ LDFLAGS_MODULE  =
+@@ -354,6 +314,44 @@
 AFLAGS_KERNEL	=
 CFLAGS_GCOV	= -fprofile-arcs -ftest-coverage
 
--- a/debian/patches/debian/version.patch
+++ b/debian/patches/debian/version.patch
@ -22,7 +22,7 @@ the kernel version string.

 --- a/init/version.c
 +++ b/init/version.c
-@@ -36,12 +36,31 @@ struct uts_namespace init_uts_ns = {
+@@ -37,12 +37,31 @@
 };
 EXPORT_SYMBOL_GPL(init_uts_ns);
 
@ -59,7 +59,7 @@ the kernel version string.
 	" (" LINUX_COMPILER ") %s\n";
 --- a/scripts/mkcompile_h
 +++ b/scripts/mkcompile_h
-@@ -73,7 +73,25 @@ UTS_TRUNCATE="sed -e s/\(.\{1,$UTS_LEN\}\).*/\1/"
+@@ -73,8 +73,26 @@
 
   echo \#define UTS_VERSION \"`echo $UTS_VERSION | $UTS_TRUNCATE`\"
 
@ -87,3 +87,4 @@ the kernel version string.
 +  fi
 
   echo \#define LINUX_COMPILER \"`$CC -v 2>&1 | tail -n 1`\"
+ ) > .tmpcompile
--- a/debian/patches/features/all/hidepid/0001-procfs-parse-mount-options.patch
+++ b/debian/patches/features/all/hidepid/0001-procfs-parse-mount-options.patch
@ -0,0 +1,167 @@
+From: Vasiliy Kulikov <segooon@gmail.com>
+Date: Tue, 10 Jan 2012 15:11:27 -0800
+Subject: procfs: parse mount options
+
+commit 97412950b10e64f347aec4a9b759395c2465adf6 upstream.
+
+Add support for procfs mount options.  Actual mount options are coming in
+the next patches.
+
+Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
+Cc: Alexey Dobriyan <adobriyan@gmail.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Randy Dunlap <rdunlap@xenotime.net>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Greg KH <greg@kroah.com>
+Cc: Theodore Tso <tytso@MIT.EDU>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Cc: James Morris <jmorris@namei.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+[bwh: Backported to 3.2: super_operations::show_options takes a
+ struct vfsmount *, not struct dentry *]
+---
+ fs/proc/inode.c    |   10 ++++++++++
+ fs/proc/internal.h |    1 +
+ fs/proc/root.c     |   55 ++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 3 files changed, 64 insertions(+), 2 deletions(-)
+
+--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
+@@ -7,6 +7,7 @@
+ #include <linux/time.h>
+ #include <linux/proc_fs.h>
+ #include <linux/kernel.h>
+#include <linux/pid_namespace.h>
+ #include <linux/mm.h>
+ #include <linux/string.h>
+ #include <linux/stat.h>
+@@ -17,7 +18,9 @@
+ #include <linux/init.h>
+ #include <linux/module.h>
+ #include <linux/sysctl.h>
+#include <linux/seq_file.h>
+ #include <linux/slab.h>
+#include <linux/mount.h>
+ 
+ #include <asm/system.h>
+ #include <asm/uaccess.h>
+@@ -102,12 +105,19 @@
+ 					     init_once);
+ }
+ 
+static int proc_show_options(struct seq_file *seq, struct vfsmount *vfs)
+{
+	return 0;
+}
+
+ static const struct super_operations proc_sops = {
+ 	.alloc_inode	= proc_alloc_inode,
+ 	.destroy_inode	= proc_destroy_inode,
+ 	.drop_inode	= generic_delete_inode,
+ 	.evict_inode	= proc_evict_inode,
+ 	.statfs		= simple_statfs,
+	.remount_fs	= proc_remount,
+	.show_options	= proc_show_options,
+ };
+ 
+ static void __pde_users_dec(struct proc_dir_entry *pde)
+--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
+@@ -117,6 +117,7 @@
+ 
+ int proc_fill_super(struct super_block *);
+ struct inode *proc_get_inode(struct super_block *, struct proc_dir_entry *);
+int proc_remount(struct super_block *sb, int *flags, char *data);
+ 
+ /*
+  * These are generic /proc routines that use the internal
+--- a/fs/proc/root.c
+++ b/fs/proc/root.c
+@@ -18,6 +18,7 @@
+ #include <linux/bitops.h>
+ #include <linux/mount.h>
+ #include <linux/pid_namespace.h>
+#include <linux/parser.h>
+ 
+ #include "internal.h"
+ 
+@@ -36,6 +37,48 @@
+ 	return err;
+ }
+ 
+enum {
+	Opt_err,
+};
+
+static const match_table_t tokens = {
+	{Opt_err, NULL},
+};
+
+static int proc_parse_options(char *options, struct pid_namespace *pid)
+{
+	char *p;
+	substring_t args[MAX_OPT_ARGS];
+
+	pr_debug("proc: options = %s\n", options);
+
+	if (!options)
+		return 1;
+
+	while ((p = strsep(&options, ",")) != NULL) {
+		int token;
+		if (!*p)
+			continue;
+
+		args[0].to = args[0].from = 0;
+		token = match_token(p, tokens, args);
+		switch (token) {
+		default:
+			pr_err("proc: unrecognized mount option \"%s\" "
+			       "or missing value\n", p);
+			return 0;
+		}
+	}
+
+	return 1;
+}
+
+int proc_remount(struct super_block *sb, int *flags, char *data)
+{
+	struct pid_namespace *pid = sb->s_fs_info;
+	return !proc_parse_options(data, pid);
+}
+
+ static struct dentry *proc_mount(struct file_system_type *fs_type,
+ 	int flags, const char *dev_name, void *data)
+ {
+@@ -43,11 +86,15 @@
+ 	struct super_block *sb;
+ 	struct pid_namespace *ns;
+ 	struct proc_inode *ei;
+	char *options;
+ 
+-	if (flags & MS_KERNMOUNT)
+	if (flags & MS_KERNMOUNT) {
+ 		ns = (struct pid_namespace *)data;
+-	else
+		options = NULL;
+	} else {
+ 		ns = current->nsproxy->pid_ns;
+		options = data;
+	}
+ 
+ 	sb = sget(fs_type, proc_test_super, proc_set_super, ns);
+ 	if (IS_ERR(sb))
+@@ -55,6 +102,10 @@
+ 
+ 	if (!sb->s_root) {
+ 		sb->s_flags = flags;
+		if (!proc_parse_options(options, ns)) {
+			deactivate_locked_super(sb);
+			return ERR_PTR(-EINVAL);
+		}
+ 		err = proc_fill_super(sb);
+ 		if (err) {
+ 			deactivate_locked_super(sb);
--- a/debian/patches/features/all/hidepid/0002-procfs-add-hidepid-and-gid-mount-options.patch
+++ b/debian/patches/features/all/hidepid/0002-procfs-add-hidepid-and-gid-mount-options.patch
@ -0,0 +1,332 @@
+From: Vasiliy Kulikov <segooon@gmail.com>
+Date: Tue, 10 Jan 2012 15:11:31 -0800
+Subject: procfs: add hidepid= and gid= mount options
+
+commit 0499680a42141d86417a8fbaa8c8db806bea1201 upstream.
+
+Add support for mount options to restrict access to /proc/PID/
+directories.  The default backward-compatible "relaxed" behaviour is left
+untouched.
+
+The first mount option is called "hidepid" and its value defines how much
+info about processes we want to be available for non-owners:
+
+hidepid=0 (default) means the old behavior - anybody may read all
+world-readable /proc/PID/* files.
+
+hidepid=1 means users may not access any /proc/<pid>/ directories, but
+their own.  Sensitive files like cmdline, sched*, status are now protected
+against other users.  As permission checking done in proc_pid_permission()
+and files' permissions are left untouched, programs expecting specific
+files' modes are not confused.
+
+hidepid=2 means hidepid=1 plus all /proc/PID/ will be invisible to other
+users.  It doesn't mean that it hides whether a process exists (it can be
+learned by other means, e.g.  by kill -0 $PID), but it hides process' euid
+and egid.  It compicates intruder's task of gathering info about running
+processes, whether some daemon runs with elevated privileges, whether
+another user runs some sensitive program, whether other users run any
+program at all, etc.
+
+gid=XXX defines a group that will be able to gather all processes' info
+(as in hidepid=0 mode).  This group should be used instead of putting
+nonroot user in sudoers file or something.  However, untrusted users (like
+daemons, etc.) which are not supposed to monitor the tasks in the whole
+system should not be added to the group.
+
+hidepid=1 or higher is designed to restrict access to procfs files, which
+might reveal some sensitive private information like precise keystrokes
+timings:
+
+http://www.openwall.com/lists/oss-security/2011/11/05/3
+
+hidepid=1/2 doesn't break monitoring userspace tools.  ps, top, pgrep, and
+conky gracefully handle EPERM/ENOENT and behave as if the current user is
+the only user running processes.  pstree shows the process subtree which
+contains "pstree" process.
+
+Note: the patch doesn't deal with setuid/setgid issues of keeping
+preopened descriptors of procfs files (like
+https://lkml.org/lkml/2011/2/7/368).  We rely on that the leaked
+information like the scheduling counters of setuid apps doesn't threaten
+anybody's privacy - only the user started the setuid program may read the
+counters.
+
+Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
+Cc: Alexey Dobriyan <adobriyan@gmail.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Randy Dunlap <rdunlap@xenotime.net>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Greg KH <greg@kroah.com>
+Cc: Theodore Tso <tytso@MIT.EDU>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Cc: James Morris <jmorris@namei.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: Hugh Dickins <hughd@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+[bwh: Backported to 3.2: super_operations::show_options takes a
+ struct vfsmount *, not struct dentry *]
+---
+ Documentation/filesystems/proc.txt |   39 ++++++++++++++++++++
+ fs/proc/base.c                     |   69 +++++++++++++++++++++++++++++++++++-
+ fs/proc/inode.c                    |    8 +++++
+ fs/proc/root.c                     |   21 +++++++++--
+ include/linux/pid_namespace.h      |    2 ++
+ 5 files changed, 135 insertions(+), 4 deletions(-)
+
+--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt
+@@ -41,6 +41,8 @@
+   3.5	/proc/<pid>/mountinfo - Information about mounts
+   3.6	/proc/<pid>/comm  & /proc/<pid>/task/<tid>/comm
+ 
+  4	Configuring procfs
+  4.1	Mount options
+ 
+ ------------------------------------------------------------------------------
+ Preface
+@@ -1542,3 +1544,40 @@
+ is limited in size compared to the cmdline value, so writing anything longer
+ then the kernel's TASK_COMM_LEN (currently 16 chars) will result in a truncated
+ comm value.
+
+
+------------------------------------------------------------------------------
+Configuring procfs
+------------------------------------------------------------------------------
+
+4.1	Mount options
+---------------------
+
+The following mount options are supported:
+
+	hidepid=	Set /proc/<pid>/ access mode.
+	gid=		Set the group authorized to learn processes information.
+
+hidepid=0 means classic mode - everybody may access all /proc/<pid>/ directories
+(default).
+
+hidepid=1 means users may not access any /proc/<pid>/ directories but their
+own.  Sensitive files like cmdline, sched*, status are now protected against
+other users.  This makes it impossible to learn whether any user runs
+specific program (given the program doesn't reveal itself by its behaviour).
+As an additional bonus, as /proc/<pid>/cmdline is unaccessible for other users,
+poorly written programs passing sensitive information via program arguments are
+now protected against local eavesdroppers.
+
+hidepid=2 means hidepid=1 plus all /proc/<pid>/ will be fully invisible to other
+users.  It doesn't mean that it hides a fact whether a process with a specific
+pid value exists (it can be learned by other means, e.g. by "kill -0 $PID"),
+but it hides process' uid and gid, which may be learned by stat()'ing
+/proc/<pid>/ otherwise.  It greatly complicates an intruder's task of gathering
+information about running processes, whether some daemon runs with elevated
+privileges, whether other user runs some sensitive program, whether other users
+run any program at all, etc.
+
+gid= defines a group authorized to learn processes information otherwise
+prohibited by hidepid=.  If you use some daemon like identd which needs to learn
+information about processes information, just add identd to this group.
+--- a/fs/proc/base.c
+++ b/fs/proc/base.c
+@@ -574,6 +574,50 @@
+ 	return 0;
+ }
+ 
+/*
+ * May current process learn task's sched/cmdline info (for hide_pid_min=1)
+ * or euid/egid (for hide_pid_min=2)?
+ */
+static bool has_pid_permissions(struct pid_namespace *pid,
+				 struct task_struct *task,
+				 int hide_pid_min)
+{
+	if (pid->hide_pid < hide_pid_min)
+		return true;
+	if (in_group_p(pid->pid_gid))
+		return true;
+	return ptrace_may_access(task, PTRACE_MODE_READ);
+}
+
+
+static int proc_pid_permission(struct inode *inode, int mask)
+{
+	struct pid_namespace *pid = inode->i_sb->s_fs_info;
+	struct task_struct *task;
+	bool has_perms;
+
+	task = get_proc_task(inode);
+	has_perms = has_pid_permissions(pid, task, 1);
+	put_task_struct(task);
+
+	if (!has_perms) {
+		if (pid->hide_pid == 2) {
+			/*
+			 * Let's make getdents(), stat(), and open()
+			 * consistent with each other.  If a process
+			 * may not stat() a file, it shouldn't be seen
+			 * in procfs at all.
+			 */
+			return -ENOENT;
+		}
+
+		return -EPERM;
+	}
+	return generic_permission(inode, mask);
+}
+
+
+
+ static const struct inode_operations proc_def_inode_operations = {
+ 	.setattr	= proc_setattr,
+ };
+@@ -1642,6 +1686,7 @@
+ 	struct inode *inode = dentry->d_inode;
+ 	struct task_struct *task;
+ 	const struct cred *cred;
+	struct pid_namespace *pid = dentry->d_sb->s_fs_info;
+ 
+ 	generic_fillattr(inode, stat);
+ 
+@@ -1650,6 +1695,14 @@
+ 	stat->gid = 0;
+ 	task = pid_task(proc_pid(inode), PIDTYPE_PID);
+ 	if (task) {
+		if (!has_pid_permissions(pid, task, 2)) {
+			rcu_read_unlock();
+			/*
+			 * This doesn't prevent learning whether PID exists,
+			 * it only makes getattr() consistent with readdir().
+			 */
+			return -ENOENT;
+		}
+ 		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
+ 		    task_dumpable(task)) {
+ 			cred = __task_cred(task);
+@@ -2794,6 +2847,7 @@
+ 	.lookup		= proc_tgid_base_lookup,
+ 	.getattr	= pid_getattr,
+ 	.setattr	= proc_setattr,
+	.permission	= proc_pid_permission,
+ };
+ 
+ static void proc_flush_task_mnt(struct vfsmount *mnt, pid_t pid, pid_t tgid)
+@@ -2997,6 +3051,12 @@
+ 				proc_pid_instantiate, iter.task, NULL);
+ }
+ 
+static int fake_filldir(void *buf, const char *name, int namelen,
+			loff_t offset, u64 ino, unsigned d_type)
+{
+	return 0;
+}
+
+ /* for the /proc/ directory itself, after non-process stuff has been done */
+ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
+ {
+@@ -3004,6 +3064,7 @@
+ 	struct task_struct *reaper;
+ 	struct tgid_iter iter;
+ 	struct pid_namespace *ns;
+	filldir_t __filldir;
+ 
+ 	if (filp->f_pos >= PID_MAX_LIMIT + TGID_OFFSET)
+ 		goto out_no_task;
+@@ -3025,8 +3086,13 @@
+ 	for (iter = next_tgid(ns, iter);
+ 	     iter.task;
+ 	     iter.tgid += 1, iter = next_tgid(ns, iter)) {
+		if (has_pid_permissions(ns, iter.task, 2))
+			__filldir = filldir;
+		else
+			__filldir = fake_filldir;
+
+ 		filp->f_pos = iter.tgid + TGID_OFFSET;
+-		if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
+		if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) {
+ 			put_task_struct(iter.task);
+ 			goto out;
+ 		}
+@@ -3361,6 +3427,7 @@
+ 	.lookup		= proc_task_lookup,
+ 	.getattr	= proc_task_getattr,
+ 	.setattr	= proc_setattr,
+	.permission	= proc_pid_permission,
+ };
+ 
+ static const struct file_operations proc_task_operations = {
+--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
+@@ -107,6 +107,14 @@
+ 
+ static int proc_show_options(struct seq_file *seq, struct vfsmount *vfs)
+ {
+	struct super_block *sb = vfs->mnt_sb;
+	struct pid_namespace *pid = sb->s_fs_info;
+
+	if (pid->pid_gid)
+		seq_printf(seq, ",gid=%lu", (unsigned long)pid->pid_gid);
+	if (pid->hide_pid != 0)
+		seq_printf(seq, ",hidepid=%u", pid->hide_pid);
+
+ 	return 0;
+ }
+ 
+--- a/fs/proc/root.c
+++ b/fs/proc/root.c
+@@ -38,10 +38,12 @@
+ }
+ 
+ enum {
+-	Opt_err,
+	Opt_gid, Opt_hidepid, Opt_err,
+ };
+ 
+ static const match_table_t tokens = {
+	{Opt_hidepid, "hidepid=%u"},
+	{Opt_gid, "gid=%u"},
+ 	{Opt_err, NULL},
+ };
+ 
+@@ -49,8 +51,7 @@
+ {
+ 	char *p;
+ 	substring_t args[MAX_OPT_ARGS];
+-
+-	pr_debug("proc: options = %s\n", options);
+	int option;
+ 
+ 	if (!options)
+ 		return 1;
+@@ -63,6 +64,20 @@
+ 		args[0].to = args[0].from = 0;
+ 		token = match_token(p, tokens, args);
+ 		switch (token) {
+		case Opt_gid:
+			if (match_int(&args[0], &option))
+				return 0;
+			pid->pid_gid = option;
+			break;
+		case Opt_hidepid:
+			if (match_int(&args[0], &option))
+				return 0;
+			if (option < 0 || option > 2) {
+				pr_err("proc: hidepid value must be between 0 and 2.\n");
+				return 0;
+			}
+			pid->hide_pid = option;
+			break;
+ 		default:
+ 			pr_err("proc: unrecognized mount option \"%s\" "
+ 			       "or missing value\n", p);
+--- a/include/linux/pid_namespace.h
+++ b/include/linux/pid_namespace.h
+@@ -30,6 +30,8 @@
+ #ifdef CONFIG_BSD_PROCESS_ACCT
+ 	struct bsd_acct_struct *bacct;
+ #endif
+	gid_t pid_gid;
+	int hide_pid;
+ };
+ 
+ extern struct pid_namespace init_pid_ns;
--- a/debian/patches/features/all/hidepid/0003-proc-fix-null-pointer-deref-in-proc_pid_permission.patch
+++ b/debian/patches/features/all/hidepid/0003-proc-fix-null-pointer-deref-in-proc_pid_permission.patch
@ -0,0 +1,42 @@
+From: Xiaotian Feng <xtfeng@gmail.com>
+Date: Thu, 12 Jan 2012 17:17:08 -0800
+Subject: proc: fix null pointer deref in proc_pid_permission()
+
+commit a2ef990ab5a6705a356d146dd773a3b359787497 upstream.
+
+get_proc_task() can fail to search the task and return NULL,
+put_task_struct() will then bomb the kernel with following oops:
+
+  BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
+  IP: [<ffffffff81217d34>] proc_pid_permission+0x64/0xe0
+  PGD 112075067 PUD 112814067 PMD 0
+  Oops: 0002 [#1] PREEMPT SMP
+
+This is a regression introduced by commit 0499680a ("procfs: add hidepid=
+and gid= mount options").  The kernel should return -ESRCH if
+get_proc_task() failed.
+
+Signed-off-by: Xiaotian Feng <dannyfeng@tencent.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Vasiliy Kulikov <segoon@openwall.com>
+Cc: Stephen Wilson <wilsons@start.ca>
+Acked-by: David Rientjes <rientjes@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ fs/proc/base.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/fs/proc/base.c b/fs/proc/base.c
+index 8173dfd..5485a53 100644
+--- a/fs/proc/base.c
+++ b/fs/proc/base.c
+@@ -654,6 +654,8 @@ static int proc_pid_permission(struct inode *inode, int mask)
+ 	bool has_perms;
+ 
+ 	task = get_proc_task(inode);
+	if (!task)
+		return -ESRCH;
+ 	has_perms = has_pid_permissions(pid, task, 1);
+ 	put_task_struct(task);
+ 
--- a/debian/patches/features/all/hidepid/0004-proc-fix-mount-t-proc-o-AAA.patch
+++ b/debian/patches/features/all/hidepid/0004-proc-fix-mount-t-proc-o-AAA.patch
@ -0,0 +1,49 @@
+From: Vasiliy Kulikov <segoon@openwall.com>
+Date: Thu, 5 Apr 2012 14:25:04 -0700
+Subject: proc: fix mount -t proc -o AAA
+
+commit 99663be772c827b8f5f594fe87eb4807be1994e5 upstream.
+
+The proc_parse_options() call from proc_mount() runs only once at boot
+time.  So on any later mount attempt, any mount options are ignored
+because ->s_root is already initialized.
+
+As a consequence, "mount -o <options>" will ignore the options.  The
+only way to change mount options is "mount -o remount,<options>".
+
+To fix this, parse the mount options unconditionally.
+
+Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
+Reported-by: Arkadiusz Miskiewicz <a.miskiewicz@gmail.com>
+Tested-by: Arkadiusz Miskiewicz <a.miskiewicz@gmail.com>
+Cc: Alexey Dobriyan <adobriyan@gmail.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ fs/proc/root.c |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/fs/proc/root.c b/fs/proc/root.c
+index 46a15d8..eed44bf 100644
+--- a/fs/proc/root.c
+++ b/fs/proc/root.c
+@@ -115,12 +115,13 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
+ 	if (IS_ERR(sb))
+ 		return ERR_CAST(sb);
+ 
+	if (!proc_parse_options(options, ns)) {
+		deactivate_locked_super(sb);
+		return ERR_PTR(-EINVAL);
+	}
+
+ 	if (!sb->s_root) {
+ 		sb->s_flags = flags;
+-		if (!proc_parse_options(options, ns)) {
+-			deactivate_locked_super(sb);
+-			return ERR_PTR(-EINVAL);
+-		}
+ 		err = proc_fill_super(sb);
+ 		if (err) {
+ 			deactivate_locked_super(sb);
--- a/debian/patches/features/all/rt/check-series
+++ b/debian/patches/features/all/rt/check-series
@ -1,16 +1,13 @@
 #! /bin/sh

-debian_series="$(mktemp)"
+debian_series=debian/patches/series-rt
 rt_series="$(mktemp)"

-trap 'rm "$debian_series" "$rt_series"' INT QUIT EXIT
-
-# Pick all featureset=rt patches
-grep "featureset=rt$" debian/patches/series/base-extra > "$debian_series"
+trap 'rm "$rt_series"' INT QUIT EXIT

 # Remove comments and empty lines. Drop localversion patch as uname version
 # shouldn't be touched. Reformat to match series format.
-sed -r -e 's/ *#.*//; /^$/d; /^....-(localversion\.patch|Linux-.*-REBASE)\.patch$/d; s,.*,+ features/all/rt/& featureset=rt,' "debian/patches/features/all/rt/series" > "$rt_series"
+sed -r -e 's/ *#.*//; /^$/d; /^....-(localversion\.patch|Linux-.*-REBASE)\.patch$/d; s,.*,features/all/rt/&,' "debian/patches/features/all/rt/series" > "$rt_series"

 # removed lines are OK if the rt patch contains fixes that are applied on
 # featureset=none kernels, too.
--- a/debian/patches/series
+++ b/debian/patches/series
@ -0,0 +1,100 @@
+debian/version.patch
+debian/kernelvariables.patch
+debian/doc-build-parallel.patch
+
+features/all/drivers-media-dvb-usb-af9005-request_firmware.patch
+
+features/all/sound-pci-cs46xx-request_firmware.patch
+
+# Patches and source files from aufs3 repository, imported with
+# debian/patches/features/all/aufs3/gen-patch.
+features/all/aufs3/aufs3-base.patch
+features/all/aufs3/aufs3-standalone.patch
+features/all/aufs3/aufs3-kbuild.patch
+features/all/aufs3/aufs3-add.patch
+# mark as staging/crap
+features/all/aufs3/mark-as-staging.patch
+# fix added exports from security/device_cgroup.c
+features/all/aufs3/aufs3-fix-export-__devcgroup_inode_permission.patch
+
+bugfix/ia64/hardcode-arch-script-output.patch
+bugfix/mips/disable-advansys.patch
+bugfix/arm/disable-scsi_acard.patch
+debian/mips-disable-werror.patch
+bugfix/powerpc/lpar-console.patch
+
+debian/sysrq-mask.patch
+
+debian/arch-sh4-fix-uimage-build.patch
+
+debian/af_802154-Disable-auto-loading-as-mitigation-against.patch
+debian/rds-Disable-auto-loading-as-mitigation-against-local.patch
+debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch
+
+bugfix/all/dm-Deal-with-merge_bvec_fn-in-component-devices-bett.patch
+features/all/Kbuild-kconfig-Verbose-version-of-listnewconfig.patch
+
+debian/sched-autogroup-disabled.patch
+#+ bugfix/all/rt2800-disable-powersaving-as-default.patch
+features/all/cgroups-Allow-memory-cgroup-support-to-be-included-b.patch
+debian/cgroups-Document-the-Debian-memory-resource-controll.patch
+bugfix/ia64/nouveau-ACPI-support-is-dependent-on-X86.patch
+bugfix/arm/ixp4xx_iobe.patch
+debian/x86-memtest-WARN-if-bad-RAM-found.patch
+bugfix/alpha/alpha-add-io-read-write-16-32-be-functions.patch
+
+features/all/fs-symlink-restrictions-on-sticky-directories.patch
+features/all/fs-symlink-restrictions-on-sticky-directories-fix-2.patch
+features/all/fs-hardlink-creation-restrictions.patch
+features/all/fs-hardlink-creation-restrictions-fix.patch
+features/all/fs-hardlink-creation-restriction-cleanup.patch
+
+# Update wacom driver to 3.5ish
+features/all/wacom/0020-Input-wacom-add-basic-Intuos5-support.patch
+features/all/wacom/0021-Input-wacom-add-Intuos5-Touch-Ring-ExpressKey-suppor.patch
+features/all/wacom/0022-Input-wacom-add-Intuos5-Touch-Ring-LED-support.patch
+features/all/wacom/0023-Input-wacom-add-Intuos5-multitouch-sensor-support.patch
+features/all/wacom/0024-Input-wacom-retrieve-maximum-number-of-touch-points.patch
+features/all/wacom/0025-Input-wacom-add-0xE5-MT-device-support.patch
+features/all/wacom/0026-Input-wacom-return-proper-error-if-usb_get_extra_des.patch
+
+# Update be2net driver to 3.5ish
+features/all/be2net/0043-be2net-fix-ethtool-get-settings.patch
+features/all/be2net/0044-be2net-Fix-VLAN-multicast-packet-reception.patch
+features/all/be2net/0045-be2net-Fix-FW-download-in-Lancer.patch
+features/all/be2net/0046-be2net-Fix-ethtool-self-test-for-Lancer.patch
+features/all/be2net/0047-be2net-Fix-traffic-stall-INTx-mode.patch
+features/all/be2net/0048-be2net-Fix-Lancer-statistics.patch
+features/all/be2net/0049-be2net-Fix-wrong-status-getting-returned-for-MCC-com.patch
+features/all/be2net/0050-be2net-Fix-FW-download-for-BE.patch
+features/all/be2net/0051-be2net-Ignore-status-of-some-ioctls-during-driver-lo.patch
+features/all/be2net/0052-be2net-fix-speed-displayed-by-ethtool-on-certain-SKU.patch
+features/all/be2net/0053-be2net-update-the-driver-version.patch
+features/all/be2net/0054-be2net-Fix-to-not-set-link-speed-for-disabled-functi.patch
+features/all/be2net/0055-be2net-Fix-to-apply-duplex-value-as-unknown-when-lin.patch
+features/all/be2net/0056-be2net-Record-receive-queue-index-in-skb-to-aid-RPS.patch
+features/all/be2net/0057-be2net-Fix-EEH-error-reset-before-a-flash-dump-compl.patch
+features/all/be2net/0058-be2net-avoid-disabling-sriov-while-VFs-are-assigned.patch
+
+# Add CoDel from 3.5, and prerequisites
+features/all/codel/0001-codel-Controlled-Delay-AQM.patch
+features/all/codel/0002-codel-use-Newton-method-instead-of-sqrt-and-divides.patch
+features/all/codel/0003-fq_codel-Fair-Queue-Codel-AQM.patch
+features/all/codel/0004-net-codel-Add-missing-include-linux-prefetch.h.patch
+features/all/codel/0005-net-codel-fix-build-errors.patch
+features/all/codel/0006-codel-use-u16-field-instead-of-31bits-for-rec_inv_sq.patch
+features/all/codel/0007-fq_codel-should-use-qdisc-backlog-as-threshold.patch
+
+bugfix/x86/mm-pmd_read_atomic-fix-32bit-pae-pmd-walk-vs-pmd_populate-smp-race.patch
+bugfix/x86/thp-avoid-atomic64_read-in-pmd_read_atomic-for-32bit-pae.patch
+
+bugfix/ia64/IA64-Export-asm-cmpxchg.h-to-userland.patch
+bugfix/all/net-sock-validate-data_len-before-allocating-skb-in-.patch
+
+bugfix/all/macvtap-zerocopy-fix-offset-calculation-when-buildin.patch
+bugfix/all/macvtap-zerocopy-fix-truesize-underestimation.patch
+bugfix/all/macvtap-zerocopy-put-page-when-fail-to-get-all-reque.patch
+bugfix/all/macvtap-zerocopy-set-SKBTX_DEV_ZEROCOPY-only-when-sk.patch
+bugfix/all/macvtap-zerocopy-validate-vectors-before-building-sk.patch
+
+bugfix/all/KVM-Fix-buffer-overflow-in-kvm_set_irq.patch
--- a/debian/patches/series-all
+++ b/debian/patches/series-all
@ -1,90 +0,0 @@
-+ debian/version.patch
-+ debian/kernelvariables.patch
-+ debian/doc-build-parallel.patch
-
-+ features/all/drivers-media-dvb-usb-af9005-request_firmware.patch
-
-+ features/all/sound-pci-cs46xx-request_firmware.patch
-
-# Patches and source files from aufs3 repository, imported with
-# debian/patches/features/all/aufs3/gen-patch.
-+ features/all/aufs3/aufs3-base.patch
-+ features/all/aufs3/aufs3-standalone.patch
-+ features/all/aufs3/aufs3-kbuild.patch
-+ features/all/aufs3/aufs3-add.patch
-# mark as staging/crap
-+ features/all/aufs3/mark-as-staging.patch
-# fix added exports from security/device_cgroup.c
-+ features/all/aufs3/aufs3-fix-export-__devcgroup_inode_permission.patch
-
-+ bugfix/ia64/hardcode-arch-script-output.patch
-+ bugfix/mips/disable-advansys.patch
-+ bugfix/arm/disable-scsi_acard.patch
-+ debian/mips-disable-werror.patch
-+ bugfix/powerpc/lpar-console.patch
-
-+ debian/sysrq-mask.patch
-
-+ debian/arch-sh4-fix-uimage-build.patch
-
-+ debian/af_802154-Disable-auto-loading-as-mitigation-against.patch
-+ debian/rds-Disable-auto-loading-as-mitigation-against-local.patch
-+ debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch
-
-+ bugfix/all/dm-Deal-with-merge_bvec_fn-in-component-devices-bett.patch
-+ features/all/Kbuild-kconfig-Verbose-version-of-listnewconfig.patch
-
-+ debian/sched-autogroup-disabled.patch
-#+ bugfix/all/rt2800-disable-powersaving-as-default.patch
-+ features/all/cgroups-Allow-memory-cgroup-support-to-be-included-b.patch
-+ debian/cgroups-Document-the-Debian-memory-resource-controll.patch
-+ bugfix/ia64/nouveau-ACPI-support-is-dependent-on-X86.patch
-+ bugfix/arm/ixp4xx_iobe.patch
-+ debian/x86-memtest-WARN-if-bad-RAM-found.patch
-+ bugfix/alpha/alpha-add-io-read-write-16-32-be-functions.patch
-
-+ features/all/fs-symlink-restrictions-on-sticky-directories.patch
-+ features/all/fs-symlink-restrictions-on-sticky-directories-fix-2.patch
-+ features/all/fs-hardlink-creation-restrictions.patch
-+ features/all/fs-hardlink-creation-restrictions-fix.patch
-+ features/all/fs-hardlink-creation-restriction-cleanup.patch
-
-# Update wacom driver to 3.5ish
-+ features/all/wacom/0020-Input-wacom-add-basic-Intuos5-support.patch
-+ features/all/wacom/0021-Input-wacom-add-Intuos5-Touch-Ring-ExpressKey-suppor.patch
-+ features/all/wacom/0022-Input-wacom-add-Intuos5-Touch-Ring-LED-support.patch
-+ features/all/wacom/0023-Input-wacom-add-Intuos5-multitouch-sensor-support.patch
-+ features/all/wacom/0024-Input-wacom-retrieve-maximum-number-of-touch-points.patch
-+ features/all/wacom/0025-Input-wacom-add-0xE5-MT-device-support.patch
-+ features/all/wacom/0026-Input-wacom-return-proper-error-if-usb_get_extra_des.patch
-
-# Update be2net driver to 3.5ish
-+ features/all/be2net/0043-be2net-fix-ethtool-get-settings.patch
-+ features/all/be2net/0044-be2net-Fix-VLAN-multicast-packet-reception.patch
-+ features/all/be2net/0045-be2net-Fix-FW-download-in-Lancer.patch
-+ features/all/be2net/0046-be2net-Fix-ethtool-self-test-for-Lancer.patch
-+ features/all/be2net/0047-be2net-Fix-traffic-stall-INTx-mode.patch
-+ features/all/be2net/0048-be2net-Fix-Lancer-statistics.patch
-+ features/all/be2net/0049-be2net-Fix-wrong-status-getting-returned-for-MCC-com.patch
-+ features/all/be2net/0050-be2net-Fix-FW-download-for-BE.patch
-+ features/all/be2net/0051-be2net-Ignore-status-of-some-ioctls-during-driver-lo.patch
-+ features/all/be2net/0052-be2net-fix-speed-displayed-by-ethtool-on-certain-SKU.patch
-+ features/all/be2net/0053-be2net-update-the-driver-version.patch
-+ features/all/be2net/0054-be2net-Fix-to-not-set-link-speed-for-disabled-functi.patch
-+ features/all/be2net/0055-be2net-Fix-to-apply-duplex-value-as-unknown-when-lin.patch
-+ features/all/be2net/0056-be2net-Record-receive-queue-index-in-skb-to-aid-RPS.patch
-+ features/all/be2net/0057-be2net-Fix-EEH-error-reset-before-a-flash-dump-compl.patch
-+ features/all/be2net/0058-be2net-avoid-disabling-sriov-while-VFs-are-assigned.patch
-
-# Add CoDel from 3.5, and prerequisites
-+ features/all/codel/0001-codel-Controlled-Delay-AQM.patch
-+ features/all/codel/0002-codel-use-Newton-method-instead-of-sqrt-and-divides.patch
-+ features/all/codel/0003-fq_codel-Fair-Queue-Codel-AQM.patch
-+ features/all/codel/0004-net-codel-Add-missing-include-linux-prefetch.h.patch
-+ features/all/codel/0005-net-codel-fix-build-errors.patch
-+ features/all/codel/0006-codel-use-u16-field-instead-of-31bits-for-rec_inv_sq.patch
-+ features/all/codel/0007-fq_codel-should-use-qdisc-backlog-as-threshold.patch
-
-+ bugfix/x86/mm-pmd_read_atomic-fix-32bit-pae-pmd-walk-vs-pmd_populate-smp-race.patch
-
-+ bugfix/ia64/IA64-Export-asm-cmpxchg.h-to-userland.patch
--- a/debian/patches/series-none
+++ b/debian/patches/series-none
@ -1 +0,0 @@
-# dummy file
--- a/debian/patches/series-rt
+++ b/debian/patches/series-rt
@ -1,253 +1,253 @@
-+ features/all/rt/re-possible-slab-deadlock-while-doing-ifenslave-1.patch
-+ features/all/rt/x86-kprobes-remove-bogus-preempt-enable.patch
-+ features/all/rt/tick-skew.patch
-+ features/all/rt/x86-hpet-disable-msi-on-lenovo-w510.patch
-+ features/all/rt/block-shorten-interrupt-disabled-regions.patch
-+ features/all/rt/sched-distangle-worker-accounting-from-rq-3elock.patch
-+ features/all/rt/mips-enable-interrupts-in-signal.patch
-+ features/all/rt/arm-enable-interrupts-in-signal-code.patch
-+ features/all/rt/seqlock-remove-unused-functions.patch
-+ features/all/rt/seqlock-use-seqcount.patch
-+ features/all/rt/timekeeping-split-xtime-lock.patch
-+ features/all/rt/intel_idle-convert-i7300_idle_lock-to-raw-spinlock.patch
-+ features/all/rt/tracing-account-for-preempt-off-in-preempt_schedule.patch
-+ features/all/rt/signal-revert-ptrace-preempt-magic.patch
-+ features/all/rt/arm-mark-pmu-interupt-no-thread.patch
-+ features/all/rt/arm-allow-irq-threading.patch
-+ features/all/rt/arm-convert-boot-lock-to-raw.patch
-+ features/all/rt/arm-omap-make-wakeupgen_lock-raw.patch
-+ features/all/rt/signals-do-not-wake-self.patch
-+ features/all/rt/posix-timers-no-broadcast.patch
-+ features/all/rt/signals-allow-rt-tasks-to-cache-one-sigqueue-struct.patch
-+ features/all/rt/oleg-signal-rt-fix.patch
-+ features/all/rt/generic-cmpxchg-use-raw-local-irq.patch
-+ features/all/rt/drivers-random-reduce-preempt-disabled-region.patch
-+ features/all/rt/arm-at91-pit-remove-irq-handler-when-clock-is-unused.patch
-+ features/all/rt/clocksource-tclib-allow-higher-clockrates.patch
-+ features/all/rt/drivers-net-tulip-add-missing-pci-disable.patch
-+ features/all/rt/drivers-net-8139-disable-irq-nosync.patch
-+ features/all/rt/drivers-net-ehea-mark-rx-irq-no-thread.patch
-+ features/all/rt/drivers-net-at91-make-mdio-protection-rt-safe.patch
-+ features/all/rt/mm-prepare-pf-disable-discoupling.patch
-+ features/all/rt/arch-use-pagefault-disabled.patch
-+ features/all/rt/peter_zijlstra-frob-pagefault_disable.patch
-+ features/all/rt/peterz-raw_pagefault_disable.patch
-+ features/all/rt/filemap-fix-up.patch
-+ features/all/rt/mm-remove-preempt-count-from-pf.patch
-+ features/all/rt/x86-highmem-warn.patch
-+ features/all/rt/suspend-prevernt-might-sleep-splats.patch
-+ features/all/rt/of-fixup-recursive-locking.patch
-+ features/all/rt/of-convert-devtree-lock.patch
-+ features/all/rt/list-add-list-last-entry.patch
-+ features/all/rt/mm-page-alloc-use-list-last-entry.patch
-+ features/all/rt/mm-slab-move-debug-out.patch
-+ features/all/rt/pid-h-include-atomic-h.patch
-+ features/all/rt/sysctl-include-atomic-h.patch
-+ features/all/rt/net-flip-lock-dep-thingy.patch
-+ features/all/rt/softirq-thread-do-softirq.patch
-+ features/all/rt/softirq-split-out-code.patch
-+ features/all/rt/x86-io-apic-migra-no-unmask.patch
-+ features/all/rt/fix-rt-int3-x86_32-3.2-rt.patch
-+ features/all/rt/locking-various-init-fixes.patch
-+ features/all/rt/pci-access-use-__wake_up_all_locked.patch
-+ features/all/rt/latency-hist.patch
-+ features/all/rt/hwlatdetect.patch
-+ features/all/rt/localversion.patch
-+ features/all/rt/early-printk-consolidate.patch
-+ features/all/rt/printk-kill.patch
-+ features/all/rt/printk-27force_early_printk-27-boot-param-to-help-with-debugging.patch
-+ features/all/rt/rt-preempt-base-config.patch
-+ features/all/rt/bug-rt-dependend-variants.patch
-+ features/all/rt/local-irq-rt-depending-variants.patch
-+ features/all/rt/preempt-nort-rt-variants.patch
-+ features/all/rt/ata-disable-interrupts-if-non-rt.patch
-+ features/all/rt/ide-use-nort-local-irq-variants.patch
-+ features/all/rt/infiniband-mellanox-ib-use-nort-irq.patch
-+ features/all/rt/inpt-gameport-use-local-irq-nort.patch
-+ features/all/rt/acpi-use-local-irq-nort.patch
-+ features/all/rt/user-use-local-irq-nort.patch
-+ features/all/rt/resource-counters-use-localirq-nort.patch
-+ features/all/rt/usb-hcd-use-local-irq-nort.patch
-+ features/all/rt/tty-use-local-irq-nort.patch
-+ features/all/rt/mm-scatterlist-dont-disable-irqs-on-RT.patch
-+ features/all/rt/signal-fix-up-rcu-wreckage.patch
-+ features/all/rt/net-wireless-warn-nort.patch
-+ features/all/rt/mm-cgroup-page-bit-spinlock.patch
-+ features/all/rt/fs-replace-bh_uptodate_lock-for-rt.patch
-+ features/all/rt/fs-jbd-replace-bh_state-lock.patch
-+ features/all/rt/genirq-nodebug-shirq.patch
-+ features/all/rt/genirq-disable-random-call-on-preempt-rt.patch
-+ features/all/rt/genirq-disable-irqpoll-on-rt.patch
-+ features/all/rt/genirq-force-threading.patch
-+ features/all/rt/drivers-net-fix-livelock-issues.patch
-+ features/all/rt/drivers-net-vortex-fix-locking-issues.patch
-+ features/all/rt/drivers-net-gianfar-make-rt-aware.patch
-+ features/all/rt/usb-fix-mouse-problem-copying-large-data.patch
-+ features/all/rt/local-var.patch
-+ features/all/rt/rt-local-irq-lock.patch
-+ features/all/rt/cpu-rt-variants.patch
-+ features/all/rt/mm-slab-wrap-functions.patch
-+ features/all/rt/rt-slab-fix-__do_drain-to-use-the-right-array-cache.patch
-+ features/all/rt/mm-slab-more-lock-breaks.patch
-+ features/all/rt/mm-page_alloc-rt-friendly-per-cpu-pages.patch
-+ features/all/rt/mm-page_alloc-reduce-lock-sections-further.patch
-+ features/all/rt/mm-page-alloc-fix.patch
-+ features/all/rt/mm-convert-swap-to-percpu-locked.patch
-+ features/all/rt/mm-make-vmstat-rt-aware.patch
-+ features/all/rt/mm-shrink-the-page-frame-to-rt-size.patch
-+ features/all/rt/re-preempt_rt_full-arm-coredump-fails-for-cpu-3e-3d-4.patch
-+ features/all/rt/mm-allow-slab-rt.patch
-+ features/all/rt/radix-tree-rt-aware.patch
-+ features/all/rt/panic-disable-random-on-rt.patch
-+ features/all/rt/ipc-make-rt-aware.patch
-+ features/all/rt/ipc-mqueue-add-a-critical-section-to-avoid-a-deadlock.patch
-+ features/all/rt/relay-fix-timer-madness.patch
-+ features/all/rt/net-ipv4-route-use-locks-on-up-rt.patch
-+ features/all/rt/workqueue-avoid-the-lock-in-cpu-dying.patch
-+ features/all/rt/timers-prepare-for-full-preemption.patch
-+ features/all/rt/timers-preempt-rt-support.patch
-+ features/all/rt/timers-fix-timer-hotplug-on-rt.patch
-+ features/all/rt/timers-mov-printk_tick-to-soft-interrupt.patch
-+ features/all/rt/timer-delay-waking-softirqs-from-the-jiffy-tick.patch
-+ features/all/rt/timers-avoid-the-base-null-otptimization-on-rt.patch
-+ features/all/rt/rfc-printk-don-27t-call-printk_tick-in-printk_needs_cpu.patch
-+ features/all/rt/hrtimers-prepare-full-preemption.patch
-+ features/all/rt/hrtimer-fixup-hrtimer-callback-changes-for-preempt-r.patch
-+ features/all/rt/peter_zijlstra-frob-hrtimer.patch
-+ features/all/rt/hrtimer-add-missing-debug_activate-aid-was-re-announce-3-0-6-rt17.patch
-+ features/all/rt/hrtimer-fix-reprogram-madness.patch
-+ features/all/rt/timer-fd-avoid-live-lock.patch
-+ features/all/rt/posix-timers-thread-posix-cpu-timers-on-rt.patch
-+ features/all/rt/posix-timers-shorten-cpu-timers-thread.patch
-+ features/all/rt/posix-timers-avoid-wakeups-when-no-timers-are-active.patch
-+ features/all/rt/sched-delay-put-task.patch
-+ features/all/rt/sched-limit-nr-migrate.patch
-+ features/all/rt/sched-mmdrop-delayed.patch
-+ features/all/rt/sched-rt-mutex-wakeup.patch
-+ features/all/rt/sched-might-sleep-do-not-account-rcu-depth.patch
-+ features/all/rt/sched-cond-resched.patch
-+ features/all/rt/cond-resched-softirq-rt.patch
-+ features/all/rt/cond-resched-lock-rt-tweak.patch
-+ features/all/rt/sched-disable-ttwu-queue.patch
-+ features/all/rt/sched-disable-rt-group-sched-on-rt.patch
-+ features/all/rt/sched-ttwu-ensure-success-return-is-correct.patch
-+ features/all/rt/stop_machine-convert-stop_machine_run-to-PREEMPT_RT.patch
-+ features/all/rt/stomp-machine-mark-stomper-thread.patch
-+ features/all/rt/stomp-machine-raw-lock.patch
-+ features/all/rt/hotplug-light-get-online-cpus.patch
-+ features/all/rt/hotplug-sync_unplug-no-27-5cn-27-in-task-name.patch
-+ features/all/rt/re-migrate_disable-race-with-cpu-hotplug-3f.patch
-+ features/all/rt/sched-migrate-disable.patch
-+ features/all/rt/hotplug-use-migrate-disable.patch
-+ features/all/rt/hotplug-call-cpu_unplug_begin-a-little-early.patch
-+ features/all/rt/ftrace-migrate-disable-tracing.patch
-+ features/all/rt/rt-tracing-show-padding-as-unsigned-short.patch
-+ features/all/rt/migrate-disable-rt-variant.patch
-+ features/all/rt/peter_zijlstra-frob-migrate_disable.patch
-+ features/all/rt/peter_zijlstra-frob-migrate_disable-2.patch
-+ features/all/rt/sched-rt-fix-migrate_enable-thinko.patch
-+ features/all/rt/sched-teach-migrate_disable-about-atomic-contexts.patch
-+ features/all/rt/rt-sched-postpone-actual-migration-disalbe-to-schedule.patch
-+ features/all/rt/rt-sched-do-not-compare-cpu-masks-in-scheduler.patch
-+ features/all/rt/rt-sched-have-migrate_disable-ignore-bounded-threads.patch
-+ features/all/rt/sched-clear-pf-thread-bound-on-fallback-rq.patch
-+ features/all/rt/ftrace-crap.patch
-+ features/all/rt/rt-ring-buffer-convert-reader_lock-from-raw_spin_lock-into-spin_lock.patch
-+ features/all/rt/net-netif_rx_ni-migrate-disable.patch
-+ features/all/rt/softirq-sanitize-softirq-pending.patch
-+ features/all/rt/lockdep-no-softirq-accounting-on-rt.patch
-+ features/all/rt/mutex-no-spin-on-rt.patch
-+ features/all/rt/softirq-local-lock.patch
-+ features/all/rt/softirq-export-in-serving-softirq.patch
-+ features/all/rt/harirq-h-define-softirq_count-as-oul-to-kill-build-warning.patch
-+ features/all/rt/softirq-fix-unplug-deadlock.patch
-+ features/all/rt/softirq-disable-softirq-stacks-for-rt.patch
-+ features/all/rt/softirq-make-fifo.patch
-+ features/all/rt/tasklet-rt-prevent-tasklets-from-going-into-infinite-spin-in-rt.patch
-+ features/all/rt/irq-allow-disabling-of-softirq-processing-in-irq-thread-context.patch
-+ features/all/rt/local-vars-migrate-disable.patch
-+ features/all/rt/md-raid5-percpu-handling-rt-aware.patch
-+ features/all/rt/rtmutex-lock-killable.patch
-+ features/all/rt/rtmutex-futex-prepare-rt.patch
-+ features/all/rt/futex-requeue-pi-fix.patch
-+ features/all/rt/rt-mutex-add-sleeping-spinlocks-support.patch
-+ features/all/rt/spinlock-types-separate-raw.patch
-+ features/all/rt/rtmutex-avoid-include-hell.patch
-+ features/all/rt/rt-add-rt-spinlock-to-headers.patch
-+ features/all/rt/rt-add-rt-to-mutex-headers.patch
-+ features/all/rt/rwsem-add-rt-variant.patch
-+ features/all/rt/rt-add-rt-locks.patch
-+ features/all/rt/tasklist-lock-fix-section-conflict.patch
-+ features/all/rt/timer-handle-idle-trylock-in-get-next-timer-irq.patch
-+ features/all/rt/rcu-force-preempt-rcu-for-rt.patch
-+ features/all/rt/peter_zijlstra-frob-rcu.patch
-+ features/all/rt/rcu-merge-rcu-bh-into-rcu-preempt-for-rt.patch
-+ features/all/rt/rcu-fix-macro-substitution.patch
-+ features/all/rt/rcu-tiny-merge-bh.patch
-+ features/all/rt/patch-to-introduce-rcu-bh-qs-where-safe-from-softirq.patch
-+ features/all/rt/rcu-fix-build-break.patch
-+ features/all/rt/rt-rcutree-warn-fix.patch
-+ features/all/rt/lglocks-rt.patch
-+ features/all/rt/drivers-serial-cleanup-locking-for-rt.patch
-+ features/all/rt/drivers-serial-call-flush_to_ldisc-when-the-irq-is-t.patch
-+ features/all/rt/drivers-tty-fix-omap-lock-crap.patch
-+ features/all/rt/rt-serial-warn-fix.patch
-+ features/all/rt/fs-namespace-preemption-fix.patch
-+ features/all/rt/mm-protect-activate-switch-mm.patch
-+ features/all/rt/mm-protect-activate_mm-by-preempt_-disable-7cenable-_rt.patch
-+ features/all/rt/fs-block-rt-support.patch
-+ features/all/rt/fs-ntfs-disable-interrupt-non-rt.patch
-+ features/all/rt/x86-mce-timer-hrtimer.patch
-+ features/all/rt/x86-stackprot-no-random-on-rt.patch
-+ features/all/rt/x86-use-gen-rwsem-spinlocks-rt.patch
-+ features/all/rt/x86-disable-debug-stack.patch
-+ features/all/rt/workqueue-use-get-cpu-light.patch
-+ features/all/rt/epoll-use-get-cpu-light.patch
-+ features/all/rt/mm-vmalloc-use-get-cpu-light.patch
-+ features/all/rt/revert-workqueue-skip-nr_running-sanity-check-in-wor.patch
-+ features/all/rt/workqueue-sanity.patch
-+ features/all/rt/workqueue-fix-PF_THREAD_BOUND.patch
-+ features/all/rt/workqueue-hotplug-fix.patch
-+ features/all/rt/workqueue-more-hotplug-fallout.patch
-+ features/all/rt/debugobjects-rt.patch
-+ features/all/rt/jump-label-rt.patch
-+ features/all/rt/skbufhead-raw-lock.patch
-+ features/all/rt/perf-move-irq-work-to-softirq-in-rt.patch
-+ features/all/rt/console-make-rt-friendly.patch
-+ features/all/rt/fix-printk-flush-of-messages-1.patch
-+ features/all/rt/power-use-generic-rwsem-on-rt.patch
-+ features/all/rt/power-disable-highmem-on-rt.patch
-+ features/all/rt/arm-disable-highmem-on-rt.patch
-+ features/all/rt/arm-at91-tclib-default-to-tclib-timer-for-rt.patch
-+ features/all/rt/mips-disable-highmem-on-rt.patch
-+ features/all/rt/net-tx-action-avoid-livelock-on-rt.patch
-+ features/all/rt/ping-sysrq.patch
-+ features/all/rt/kgb-serial-hackaround.patch
-+ features/all/rt/sysfs-realtime-entry.patch
-+ features/all/rt/peter_zijlstra-re-_3_0-rt4.patch
-+ features/all/rt/ipc-sem-rework-semaphore-wakeups.patch
-+ features/all/rt/x86-kvm-require-const-tsc-for-rt.patch
-+ features/all/rt/scsi-fcoe-rt-aware.patch
-+ features/all/rt/x86-crypto-reduce-preempt-disabled-regions.patch
-+ features/all/rt/dm-make-rt-aware.patch
-+ features/all/rt/cpumask-disable-offstack-on-rt.patch
-+ features/all/rt/seqlock-prevent-rt-starvation.patch
-+ features/all/rt/rfc-timer-fix-hotplug-for-rt.patch
-+ features/all/rt/rfc-futex-rt-fix-possible-lockup-when-taking-pi_lock-in-proxy-handler.patch
-+ features/all/rt/rfc-ring-buffer-rt-check-for-irqs-disabled-before-grabbing-reader-lock.patch
-+ features/all/rt/rfc-sched-rt-fix-wait_task_interactive-to-test-rt_spin_lock-state.patch
-+ features/all/rt/rfc-lglock-rt-use-non-rt-for_each_cpu-in-rt-code.patch
-+ features/all/rt/cpu-rt-make-hotplug-lock-a-sleeping-spinlock-on-rt.patch
-+ features/all/rt/softirq-preempt-fix-3-re.txt
-+ features/all/rt/scsi-qla2xxx-fix-bug-sleeping-function-called-from-invalid-context.patch
-+ features/all/rt/upstream-net-rt-remove-preemption-disabling-in-netif_rx.patch
-+ features/all/rt/rt-introduce-cpu-chill.patch
-+ features/all/rt/fs-dcache-use-cpu-chill-in-trylock-loops.patch
-+ features/all/rt/net-use-cpu-chill.patch
-+ features/all/rt/ntp-make-ntp-lock-raw-sigh.patch
-+ features/all/rt/mips-remove-smp-reserve-lock.patch
-+ features/all/rt/lockdep-selftest-convert-spinlock-to-raw-spinlock.patch
-+ features/all/rt/lockdep-selftest-only-do-hardirq-context-test-for-raw-spinlock.patch
-+ features/all/rt/genirq-add-default-mask-cmdline-option.patch
-+ features/all/rt/kconfig-disable-a-few-options-rt.patch
-+ features/all/rt/kconfig-preempt-rt-full.patch
+features/all/rt/re-possible-slab-deadlock-while-doing-ifenslave-1.patch
+features/all/rt/x86-kprobes-remove-bogus-preempt-enable.patch
+features/all/rt/tick-skew.patch
+features/all/rt/x86-hpet-disable-msi-on-lenovo-w510.patch
+features/all/rt/block-shorten-interrupt-disabled-regions.patch
+features/all/rt/sched-distangle-worker-accounting-from-rq-3elock.patch
+features/all/rt/mips-enable-interrupts-in-signal.patch
+features/all/rt/arm-enable-interrupts-in-signal-code.patch
+features/all/rt/seqlock-remove-unused-functions.patch
+features/all/rt/seqlock-use-seqcount.patch
+features/all/rt/timekeeping-split-xtime-lock.patch
+features/all/rt/intel_idle-convert-i7300_idle_lock-to-raw-spinlock.patch
+features/all/rt/tracing-account-for-preempt-off-in-preempt_schedule.patch
+features/all/rt/signal-revert-ptrace-preempt-magic.patch
+features/all/rt/arm-mark-pmu-interupt-no-thread.patch
+features/all/rt/arm-allow-irq-threading.patch
+features/all/rt/arm-convert-boot-lock-to-raw.patch
+features/all/rt/arm-omap-make-wakeupgen_lock-raw.patch
+features/all/rt/signals-do-not-wake-self.patch
+features/all/rt/posix-timers-no-broadcast.patch
+features/all/rt/signals-allow-rt-tasks-to-cache-one-sigqueue-struct.patch
+features/all/rt/oleg-signal-rt-fix.patch
+features/all/rt/generic-cmpxchg-use-raw-local-irq.patch
+features/all/rt/drivers-random-reduce-preempt-disabled-region.patch
+features/all/rt/arm-at91-pit-remove-irq-handler-when-clock-is-unused.patch
+features/all/rt/clocksource-tclib-allow-higher-clockrates.patch
+features/all/rt/drivers-net-tulip-add-missing-pci-disable.patch
+features/all/rt/drivers-net-8139-disable-irq-nosync.patch
+features/all/rt/drivers-net-ehea-mark-rx-irq-no-thread.patch
+features/all/rt/drivers-net-at91-make-mdio-protection-rt-safe.patch
+features/all/rt/mm-prepare-pf-disable-discoupling.patch
+features/all/rt/arch-use-pagefault-disabled.patch
+features/all/rt/peter_zijlstra-frob-pagefault_disable.patch
+features/all/rt/peterz-raw_pagefault_disable.patch
+features/all/rt/filemap-fix-up.patch
+features/all/rt/mm-remove-preempt-count-from-pf.patch
+features/all/rt/x86-highmem-warn.patch
+features/all/rt/suspend-prevernt-might-sleep-splats.patch
+features/all/rt/of-fixup-recursive-locking.patch
+features/all/rt/of-convert-devtree-lock.patch
+features/all/rt/list-add-list-last-entry.patch
+features/all/rt/mm-page-alloc-use-list-last-entry.patch
+features/all/rt/mm-slab-move-debug-out.patch
+features/all/rt/pid-h-include-atomic-h.patch
+features/all/rt/sysctl-include-atomic-h.patch
+features/all/rt/net-flip-lock-dep-thingy.patch
+features/all/rt/softirq-thread-do-softirq.patch
+features/all/rt/softirq-split-out-code.patch
+features/all/rt/x86-io-apic-migra-no-unmask.patch
+features/all/rt/fix-rt-int3-x86_32-3.2-rt.patch
+features/all/rt/locking-various-init-fixes.patch
+features/all/rt/pci-access-use-__wake_up_all_locked.patch
+features/all/rt/latency-hist.patch
+features/all/rt/hwlatdetect.patch
+features/all/rt/localversion.patch
+features/all/rt/early-printk-consolidate.patch
+features/all/rt/printk-kill.patch
+features/all/rt/printk-27force_early_printk-27-boot-param-to-help-with-debugging.patch
+features/all/rt/rt-preempt-base-config.patch
+features/all/rt/bug-rt-dependend-variants.patch
+features/all/rt/local-irq-rt-depending-variants.patch
+features/all/rt/preempt-nort-rt-variants.patch
+features/all/rt/ata-disable-interrupts-if-non-rt.patch
+features/all/rt/ide-use-nort-local-irq-variants.patch
+features/all/rt/infiniband-mellanox-ib-use-nort-irq.patch
+features/all/rt/inpt-gameport-use-local-irq-nort.patch
+features/all/rt/acpi-use-local-irq-nort.patch
+features/all/rt/user-use-local-irq-nort.patch
+features/all/rt/resource-counters-use-localirq-nort.patch
+features/all/rt/usb-hcd-use-local-irq-nort.patch
+features/all/rt/tty-use-local-irq-nort.patch
+features/all/rt/mm-scatterlist-dont-disable-irqs-on-RT.patch
+features/all/rt/signal-fix-up-rcu-wreckage.patch
+features/all/rt/net-wireless-warn-nort.patch
+features/all/rt/mm-cgroup-page-bit-spinlock.patch
+features/all/rt/fs-replace-bh_uptodate_lock-for-rt.patch
+features/all/rt/fs-jbd-replace-bh_state-lock.patch
+features/all/rt/genirq-nodebug-shirq.patch
+features/all/rt/genirq-disable-random-call-on-preempt-rt.patch
+features/all/rt/genirq-disable-irqpoll-on-rt.patch
+features/all/rt/genirq-force-threading.patch
+features/all/rt/drivers-net-fix-livelock-issues.patch
+features/all/rt/drivers-net-vortex-fix-locking-issues.patch
+features/all/rt/drivers-net-gianfar-make-rt-aware.patch
+features/all/rt/usb-fix-mouse-problem-copying-large-data.patch
+features/all/rt/local-var.patch
+features/all/rt/rt-local-irq-lock.patch
+features/all/rt/cpu-rt-variants.patch
+features/all/rt/mm-slab-wrap-functions.patch
+features/all/rt/rt-slab-fix-__do_drain-to-use-the-right-array-cache.patch
+features/all/rt/mm-slab-more-lock-breaks.patch
+features/all/rt/mm-page_alloc-rt-friendly-per-cpu-pages.patch
+features/all/rt/mm-page_alloc-reduce-lock-sections-further.patch
+features/all/rt/mm-page-alloc-fix.patch
+features/all/rt/mm-convert-swap-to-percpu-locked.patch
+features/all/rt/mm-make-vmstat-rt-aware.patch
+features/all/rt/mm-shrink-the-page-frame-to-rt-size.patch
+features/all/rt/re-preempt_rt_full-arm-coredump-fails-for-cpu-3e-3d-4.patch
+features/all/rt/mm-allow-slab-rt.patch
+features/all/rt/radix-tree-rt-aware.patch
+features/all/rt/panic-disable-random-on-rt.patch
+features/all/rt/ipc-make-rt-aware.patch
+features/all/rt/ipc-mqueue-add-a-critical-section-to-avoid-a-deadlock.patch
+features/all/rt/relay-fix-timer-madness.patch
+features/all/rt/net-ipv4-route-use-locks-on-up-rt.patch
+features/all/rt/workqueue-avoid-the-lock-in-cpu-dying.patch
+features/all/rt/timers-prepare-for-full-preemption.patch
+features/all/rt/timers-preempt-rt-support.patch
+features/all/rt/timers-fix-timer-hotplug-on-rt.patch
+features/all/rt/timers-mov-printk_tick-to-soft-interrupt.patch
+features/all/rt/timer-delay-waking-softirqs-from-the-jiffy-tick.patch
+features/all/rt/timers-avoid-the-base-null-otptimization-on-rt.patch
+features/all/rt/rfc-printk-don-27t-call-printk_tick-in-printk_needs_cpu.patch
+features/all/rt/hrtimers-prepare-full-preemption.patch
+features/all/rt/hrtimer-fixup-hrtimer-callback-changes-for-preempt-r.patch
+features/all/rt/peter_zijlstra-frob-hrtimer.patch
+features/all/rt/hrtimer-add-missing-debug_activate-aid-was-re-announce-3-0-6-rt17.patch
+features/all/rt/hrtimer-fix-reprogram-madness.patch
+features/all/rt/timer-fd-avoid-live-lock.patch
+features/all/rt/posix-timers-thread-posix-cpu-timers-on-rt.patch
+features/all/rt/posix-timers-shorten-cpu-timers-thread.patch
+features/all/rt/posix-timers-avoid-wakeups-when-no-timers-are-active.patch
+features/all/rt/sched-delay-put-task.patch
+features/all/rt/sched-limit-nr-migrate.patch
+features/all/rt/sched-mmdrop-delayed.patch
+features/all/rt/sched-rt-mutex-wakeup.patch
+features/all/rt/sched-might-sleep-do-not-account-rcu-depth.patch
+features/all/rt/sched-cond-resched.patch
+features/all/rt/cond-resched-softirq-rt.patch
+features/all/rt/cond-resched-lock-rt-tweak.patch
+features/all/rt/sched-disable-ttwu-queue.patch
+features/all/rt/sched-disable-rt-group-sched-on-rt.patch
+features/all/rt/sched-ttwu-ensure-success-return-is-correct.patch
+features/all/rt/stop_machine-convert-stop_machine_run-to-PREEMPT_RT.patch
+features/all/rt/stomp-machine-mark-stomper-thread.patch
+features/all/rt/stomp-machine-raw-lock.patch
+features/all/rt/hotplug-light-get-online-cpus.patch
+features/all/rt/hotplug-sync_unplug-no-27-5cn-27-in-task-name.patch
+features/all/rt/re-migrate_disable-race-with-cpu-hotplug-3f.patch
+features/all/rt/sched-migrate-disable.patch
+features/all/rt/hotplug-use-migrate-disable.patch
+features/all/rt/hotplug-call-cpu_unplug_begin-a-little-early.patch
+features/all/rt/ftrace-migrate-disable-tracing.patch
+features/all/rt/rt-tracing-show-padding-as-unsigned-short.patch
+features/all/rt/migrate-disable-rt-variant.patch
+features/all/rt/peter_zijlstra-frob-migrate_disable.patch
+features/all/rt/peter_zijlstra-frob-migrate_disable-2.patch
+features/all/rt/sched-rt-fix-migrate_enable-thinko.patch
+features/all/rt/sched-teach-migrate_disable-about-atomic-contexts.patch
+features/all/rt/rt-sched-postpone-actual-migration-disalbe-to-schedule.patch
+features/all/rt/rt-sched-do-not-compare-cpu-masks-in-scheduler.patch
+features/all/rt/rt-sched-have-migrate_disable-ignore-bounded-threads.patch
+features/all/rt/sched-clear-pf-thread-bound-on-fallback-rq.patch
+features/all/rt/ftrace-crap.patch
+features/all/rt/rt-ring-buffer-convert-reader_lock-from-raw_spin_lock-into-spin_lock.patch
+features/all/rt/net-netif_rx_ni-migrate-disable.patch
+features/all/rt/softirq-sanitize-softirq-pending.patch
+features/all/rt/lockdep-no-softirq-accounting-on-rt.patch
+features/all/rt/mutex-no-spin-on-rt.patch
+features/all/rt/softirq-local-lock.patch
+features/all/rt/softirq-export-in-serving-softirq.patch
+features/all/rt/harirq-h-define-softirq_count-as-oul-to-kill-build-warning.patch
+features/all/rt/softirq-fix-unplug-deadlock.patch
+features/all/rt/softirq-disable-softirq-stacks-for-rt.patch
+features/all/rt/softirq-make-fifo.patch
+features/all/rt/tasklet-rt-prevent-tasklets-from-going-into-infinite-spin-in-rt.patch
+features/all/rt/irq-allow-disabling-of-softirq-processing-in-irq-thread-context.patch
+features/all/rt/local-vars-migrate-disable.patch
+features/all/rt/md-raid5-percpu-handling-rt-aware.patch
+features/all/rt/rtmutex-lock-killable.patch
+features/all/rt/rtmutex-futex-prepare-rt.patch
+features/all/rt/futex-requeue-pi-fix.patch
+features/all/rt/rt-mutex-add-sleeping-spinlocks-support.patch
+features/all/rt/spinlock-types-separate-raw.patch
+features/all/rt/rtmutex-avoid-include-hell.patch
+features/all/rt/rt-add-rt-spinlock-to-headers.patch
+features/all/rt/rt-add-rt-to-mutex-headers.patch
+features/all/rt/rwsem-add-rt-variant.patch
+features/all/rt/rt-add-rt-locks.patch
+features/all/rt/tasklist-lock-fix-section-conflict.patch
+features/all/rt/timer-handle-idle-trylock-in-get-next-timer-irq.patch
+features/all/rt/rcu-force-preempt-rcu-for-rt.patch
+features/all/rt/peter_zijlstra-frob-rcu.patch
+features/all/rt/rcu-merge-rcu-bh-into-rcu-preempt-for-rt.patch
+features/all/rt/rcu-fix-macro-substitution.patch
+features/all/rt/rcu-tiny-merge-bh.patch
+features/all/rt/patch-to-introduce-rcu-bh-qs-where-safe-from-softirq.patch
+features/all/rt/rcu-fix-build-break.patch
+features/all/rt/rt-rcutree-warn-fix.patch
+features/all/rt/lglocks-rt.patch
+features/all/rt/drivers-serial-cleanup-locking-for-rt.patch
+features/all/rt/drivers-serial-call-flush_to_ldisc-when-the-irq-is-t.patch
+features/all/rt/drivers-tty-fix-omap-lock-crap.patch
+features/all/rt/rt-serial-warn-fix.patch
+features/all/rt/fs-namespace-preemption-fix.patch
+features/all/rt/mm-protect-activate-switch-mm.patch
+features/all/rt/mm-protect-activate_mm-by-preempt_-disable-7cenable-_rt.patch
+features/all/rt/fs-block-rt-support.patch
+features/all/rt/fs-ntfs-disable-interrupt-non-rt.patch
+features/all/rt/x86-mce-timer-hrtimer.patch
+features/all/rt/x86-stackprot-no-random-on-rt.patch
+features/all/rt/x86-use-gen-rwsem-spinlocks-rt.patch
+features/all/rt/x86-disable-debug-stack.patch
+features/all/rt/workqueue-use-get-cpu-light.patch
+features/all/rt/epoll-use-get-cpu-light.patch
+features/all/rt/mm-vmalloc-use-get-cpu-light.patch
+features/all/rt/revert-workqueue-skip-nr_running-sanity-check-in-wor.patch
+features/all/rt/workqueue-sanity.patch
+features/all/rt/workqueue-fix-PF_THREAD_BOUND.patch
+features/all/rt/workqueue-hotplug-fix.patch
+features/all/rt/workqueue-more-hotplug-fallout.patch
+features/all/rt/debugobjects-rt.patch
+features/all/rt/jump-label-rt.patch
+features/all/rt/skbufhead-raw-lock.patch
+features/all/rt/perf-move-irq-work-to-softirq-in-rt.patch
+features/all/rt/console-make-rt-friendly.patch
+features/all/rt/fix-printk-flush-of-messages-1.patch
+features/all/rt/power-use-generic-rwsem-on-rt.patch
+features/all/rt/power-disable-highmem-on-rt.patch
+features/all/rt/arm-disable-highmem-on-rt.patch
+features/all/rt/arm-at91-tclib-default-to-tclib-timer-for-rt.patch
+features/all/rt/mips-disable-highmem-on-rt.patch
+features/all/rt/net-tx-action-avoid-livelock-on-rt.patch
+features/all/rt/ping-sysrq.patch
+features/all/rt/kgb-serial-hackaround.patch
+features/all/rt/sysfs-realtime-entry.patch
+features/all/rt/peter_zijlstra-re-_3_0-rt4.patch
+features/all/rt/ipc-sem-rework-semaphore-wakeups.patch
+features/all/rt/x86-kvm-require-const-tsc-for-rt.patch
+features/all/rt/scsi-fcoe-rt-aware.patch
+features/all/rt/x86-crypto-reduce-preempt-disabled-regions.patch
+features/all/rt/dm-make-rt-aware.patch
+features/all/rt/cpumask-disable-offstack-on-rt.patch
+features/all/rt/seqlock-prevent-rt-starvation.patch
+features/all/rt/rfc-timer-fix-hotplug-for-rt.patch
+features/all/rt/rfc-futex-rt-fix-possible-lockup-when-taking-pi_lock-in-proxy-handler.patch
+features/all/rt/rfc-ring-buffer-rt-check-for-irqs-disabled-before-grabbing-reader-lock.patch
+features/all/rt/rfc-sched-rt-fix-wait_task_interactive-to-test-rt_spin_lock-state.patch
+features/all/rt/rfc-lglock-rt-use-non-rt-for_each_cpu-in-rt-code.patch
+features/all/rt/cpu-rt-make-hotplug-lock-a-sleeping-spinlock-on-rt.patch
+features/all/rt/softirq-preempt-fix-3-re.txt
+features/all/rt/scsi-qla2xxx-fix-bug-sleeping-function-called-from-invalid-context.patch
+features/all/rt/upstream-net-rt-remove-preemption-disabling-in-netif_rx.patch
+features/all/rt/rt-introduce-cpu-chill.patch
+features/all/rt/fs-dcache-use-cpu-chill-in-trylock-loops.patch
+features/all/rt/net-use-cpu-chill.patch
+features/all/rt/ntp-make-ntp-lock-raw-sigh.patch
+features/all/rt/mips-remove-smp-reserve-lock.patch
+features/all/rt/lockdep-selftest-convert-spinlock-to-raw-spinlock.patch
+features/all/rt/lockdep-selftest-only-do-hardirq-context-test-for-raw-spinlock.patch
+features/all/rt/genirq-add-default-mask-cmdline-option.patch
+features/all/rt/kconfig-disable-a-few-options-rt.patch
+features/all/rt/kconfig-preempt-rt-full.patch
--- a/debian/rules
+++ b/debian/rules
@ -39,18 +39,19 @@ $(STAMPS_DIR)/build-base: $(STAMPS_DIR)/setup-base
 	@$(stamp)

 DIR_ORIG = ../orig/$(SOURCE)-$(VERSION_UPSTREAM)
-TAR_ORIG_NAME = $(SOURCE)_$(VERSION_UPSTREAM).orig.tar.gz
+TAR_ORIG_NAME = $(SOURCE)_$(VERSION_UPSTREAM).orig.tar.xz
 TAR_ORIG = $(firstword $(wildcard ../$(TAR_ORIG_NAME)) $(wildcard ../orig/$(TAR_ORIG_NAME)))

 orig: $(DIR_ORIG)
-	rsync --delete --exclude debian --exclude .svk --exclude .svn --link-dest=$(DIR_ORIG)/ -a $(DIR_ORIG)/ .
+	rsync --delete --exclude /debian --exclude .svk --exclude .svn --link-dest=$(DIR_ORIG)/ -a $(DIR_ORIG)/ .
+	QUILT_PATCHES='$(CURDIR)/debian/patches' quilt push --quiltrc - -a -q --fuzz=0

 $(DIR_ORIG):
 ifeq ($(TAR_ORIG),)
 	$(error Cannot find orig tarball $(TAR_ORIG_NAME))
 else
 	mkdir -p ../orig
-	tar -C ../orig -xzf $(TAR_ORIG)
+	tar -C ../orig -xaf $(TAR_ORIG)
 endif

 maintainerclean:
--- a/debian/rules.real
+++ b/debian/rules.real
@ -60,34 +60,53 @@ source-featureset: $(STAMPS_DIR)/source_$(FEATURESET)
 $(BUILD_DIR)/config.$(ARCH)_$(FEATURESET)_$(FLAVOUR): $(KCONFIG)
 	python debian/bin/kconfig.py '$@' $(KCONFIG) $(KCONFIG_OPTIONS)

-$(BUILD_DIR)/linux-source-$(UPSTREAMVERSION).tar.bz2: SOURCE_DIR=$(BUILD_DIR)/source
+define copy_source
+mkdir -p '$(1)'
+cp -al $(filter-out debian .pc .svk .svn, $(wildcard * .[^.]*)) '$(1)'
+endef
+
 $(BUILD_DIR)/linux-source-$(UPSTREAMVERSION).tar.bz2: DIR = $(BUILD_DIR)/linux-source-$(UPSTREAMVERSION)
 $(BUILD_DIR)/linux-source-$(UPSTREAMVERSION).tar.bz2: $(STAMPS_DIR)/source
 	rm -rf '$@' '$(DIR)'
-	cp -al '$(SOURCE_DIR)' '$(DIR)'
+	$(call copy_source,$(DIR))
 	chmod -R u+rw,go=rX '$(DIR)'
 	cd '$(BUILD_DIR)'; tar -cjf 'linux-source-$(UPSTREAMVERSION).tar.bz2' 'linux-source-$(UPSTREAMVERSION)'
 	rm -rf '$(DIR)'

+$(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-%.patch.bz2: $(STAMPS_DIR)/source_none $(STAMPS_DIR)/source_%
+	set -o pipefail;						\
+	(cd '$(BUILD_DIR)';						\
+	 set +e;							\
+         diff -urN -p -x debian -x .pc -x .svk -x .svn source_none source_$*; \
+	 test $$? -eq 1) |						\
+	filterdiff --remove-timestamps --strip=1 --addoldprefix=a/ --addnewprefix=b/ | \
+	bzip2 -c >$@ ||							\
+	(rm -f $@; exit 1)
+
 define patch_cmd
-cd '$(DIR)'; python '$(CURDIR)/debian/bin/patch.apply' --overwrite-home='$(CURDIR)/debian/patches'
+cd '$(DIR)' && QUILT_PATCHES='$(CURDIR)/debian/patches' QUILT_SERIES=series-$(1) quilt push --quiltrc - -a -q --fuzz=0
 endef

-$(STAMPS_DIR)/source: SOURCE_FILES = $(filter-out debian, $(wildcard * .[^.]*))
-$(STAMPS_DIR)/source: DIR = $(BUILD_DIR)/source
 $(STAMPS_DIR)/source:
-	rm -rf '$(DIR)'
-	mkdir -p '$(DIR)'
-	cp -al $(SOURCE_FILES) '$(DIR)'
-	$(patch_cmd)
+	test -d .pc
+	set +e; quilt unapplied --quiltrc - >/dev/null && echo 'Patch series not fully applied'; test $$? -eq 1
 	@$(stamp)

-$(STAMPS_DIR)/source_$(FEATURESET): SOURCE_DIR=$(BUILD_DIR)/source
-$(STAMPS_DIR)/source_$(FEATURESET): DIR=$(BUILD_DIR)/source_$(FEATURESET)
-$(STAMPS_DIR)/source_$(FEATURESET): $(STAMPS_DIR)/source
+$(STAMPS_DIR)/source_%: SOURCE_DIR=$(BUILD_DIR)/source
+$(STAMPS_DIR)/source_%: DIR=$(BUILD_DIR)/source_$*
+$(STAMPS_DIR)/source_%: $(STAMPS_DIR)/source
+	mkdir -p '$(BUILD_DIR)'
 	rm -rf '$(DIR)'
-	cp -al '$(SOURCE_DIR)' '$(DIR)'
-	$(patch_cmd) -f $(FEATURESET)
+	$(call copy_source,$(DIR))
+	$(call patch_cmd,$*)
+	@$(stamp)
+.PRECIOUS: $(STAMPS_DIR)/source_%
+
+$(STAMPS_DIR)/source_none: DIR=$(BUILD_DIR)/source_none
+$(STAMPS_DIR)/source_none: $(STAMPS_DIR)/source
+	mkdir -p '$(BUILD_DIR)'
+	rm -f '$(DIR)'
+	ln -s '$(CURDIR)' '$(DIR)'
 	@$(stamp)

 $(STAMPS_DIR)/setup_$(ARCH)_$(FEATURESET)_$(FLAVOUR): CONFIG=$(BUILD_DIR)/config.$(ARCH)_$(FEATURESET)_$(FLAVOUR)
@ -131,13 +150,12 @@ $(STAMPS_DIR)/build_$(ARCH)_$(FEATURESET)_$(FLAVOUR)_plain-s390x-tape:
 	python debian/bin/buildcheck.py $(DIR) $(ARCH) $(FEATURESET) $(FLAVOUR)
 	@$(stamp)

-$(STAMPS_DIR)/build-doc: SOURCE_DIR=$(BUILD_DIR)/source
 $(STAMPS_DIR)/build-doc: DIR=$(BUILD_DIR)/build-doc
 $(STAMPS_DIR)/build-doc: $(STAMPS_DIR)/source
 	rm -rf $(DIR)
-	mkdir $(DIR)
-	+$(MAKE_CLEAN) -C $(SOURCE_DIR) O='$(CURDIR)/$(DIR)' xmldocs
-	+$(MAKE_CLEAN) -C $(SOURCE_DIR) O='$(CURDIR)/$(DIR)' htmldocs mandocs
+	mkdir -p $(DIR)
+	+$(MAKE_CLEAN) O='$(CURDIR)/$(DIR)' xmldocs
+	+$(MAKE_CLEAN) O='$(CURDIR)/$(DIR)' htmldocs mandocs
 	@$(stamp)

 install-base:
@ -159,14 +177,13 @@ install-dummy:

 install-doc: PACKAGE_NAME = linux-doc-$(VERSION)
 install-doc: DIR = $(BUILD_DIR)/build-doc
-install-doc: SOURCE_DIR = $(BUILD_DIR)/source
 install-doc: PACKAGE_DIR = debian/$(PACKAGE_NAME)
 install-doc: OUT_DIR = $(PACKAGE_DIR)/usr/share/doc/$(PACKAGE_NAME)
 install-doc: DH_OPTIONS = -p$(PACKAGE_NAME)
 install-doc: $(STAMPS_DIR)/build-doc
 	dh_prep
 	mkdir -p $(OUT_DIR)
-	cp -a $(addprefix $(SOURCE_DIR)/, CREDITS MAINTAINERS README REPORTING-BUGS Documentation) $(OUT_DIR)
+	cp -a CREDITS MAINTAINERS README REPORTING-BUGS Documentation $(OUT_DIR)
 	rm -rf $(OUT_DIR)/Documentation/DocBook
 	cd $(DIR)/Documentation/DocBook; \
 	find * -name '*.html' -print \
@ -273,7 +290,6 @@ install-headers_$(ARCH)_$(FEATURESET)_$(FLAVOUR): $(STAMPS_DIR)/build_$(ARCH)_$(

 install-libc-dev_$(ARCH): PACKAGE_NAME = linux-libc-dev
 install-libc-dev_$(ARCH): DH_OPTIONS = -p$(PACKAGE_NAME)
-install-libc-dev_$(ARCH): SOURCE_DIR = $(BUILD_DIR)/source
 install-libc-dev_$(ARCH): DIR = $(BUILD_DIR)/build-libc-dev
 install-libc-dev_$(ARCH): OUT_DIR = debian/$(PACKAGE_NAME)/usr
 install-libc-dev_$(ARCH):
@ -281,9 +297,9 @@ install-libc-dev_$(ARCH):
 	dh_testroot
 	dh_prep
 	rm -rf '$(DIR)'
-	mkdir $(DIR)
-	+$(MAKE_CLEAN) -C $(SOURCE_DIR) O='$(CURDIR)/$(DIR)' headers_check ARCH=$(KERNEL_ARCH)
-	+$(MAKE_CLEAN) -C $(SOURCE_DIR) O='$(CURDIR)/$(DIR)' headers_install ARCH=$(KERNEL_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR)
+	mkdir -p $(DIR)
+	+$(MAKE_CLEAN) O='$(CURDIR)/$(DIR)' headers_check ARCH=$(KERNEL_ARCH)
+	+$(MAKE_CLEAN) O='$(CURDIR)/$(DIR)' headers_install ARCH=$(KERNEL_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR)

 	rm -rf $(OUT_DIR)/include/drm $(OUT_DIR)/include/scsi
 	find $(OUT_DIR)/include \( -name .install -o -name ..install.cmd \) -execdir rm {} +
@ -470,10 +486,10 @@ install-udeb_$(ARCH):
 	dh_builddeb

 install-source: DH_OPTIONS = -plinux-source-$(VERSION)
-install-source: $(BUILD_DIR)/linux-source-$(UPSTREAMVERSION).tar.bz2
+install-source: $(BUILD_DIR)/linux-source-$(UPSTREAMVERSION).tar.bz2 $(foreach FEATURESET,$(filter-out none,$(ALL_FEATURESETS)),$(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-$(FEATURESET).patch.bz2)
 	dh_testdir
 	dh_testroot
-	dh_install '$<' /usr/src
+	dh_install '$^' /usr/src
 	+$(MAKE_SELF) install-base

 # vim: filetype=make
--- a/debian/source/format
+++ b/debian/source/format
@ -1,2 +1,2 @@
-1.0
+3.0 (quilt)

--- a/debian/source/local-options
+++ b/debian/source/local-options
@ -0,0 +1 @@
+abort-on-upstream-changes
--- a/debian/source/options
+++ b/debian/source/options
@ -0,0 +1 @@
+compression = "xz"
--- a/debian/templates/control.source.in
+++ b/debian/templates/control.source.in
@ -3,7 +3,7 @@ Priority: optional
 Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
 Uploaders: Bastian Blank <waldi@debian.org>, Frederik Schüler <fs@debian.org>, maximilian attems <maks@debian.org>, Ben Hutchings <ben@decadent.org.uk>
 Standards-Version: 3.9.2
-Build-Depends: debhelper (>> 7), cpio, kmod | module-init-tools, python (>= 2.6.6-3~), lzma [armel], kernel-wedge (>= 2.83)
+Build-Depends: debhelper (>> 7), cpio, kmod | module-init-tools, python (>= 2.6.6-3~), lzma [armel], kernel-wedge (>= 2.84), quilt, patchutils
 Build-Depends-Indep: bzip2, xmlto
 Vcs-Svn: svn://svn.debian.org/svn/kernel/dists/trunk/linux/
 Vcs-Browser: http://anonscm.debian.org/viewvc/kernel/dists/trunk/linux/