diff -u linux-2.6.10/drivers/block/scsi_ioctl.c linux-2.6.10/drivers/block/scsi_ioctl.c
--- linux-2.6.10/drivers/block/scsi_ioctl.c	2004-12-26 17:27:50.000000000 +0000
+++ linux-2.6.10/drivers/block/scsi_ioctl.c	2005-01-07 23:12:02.267014976 +0000
@@ -339,7 +339,8 @@
 			 struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic)
 {
 	struct request *rq;
-	int err, in_len, out_len, bytes, opcode, cmdlen;
+	unsigned int bytes, opcode, cmdlen, in_len, out_len;
+	int err;
 	char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
 
 	/*
diff -u linux-2.6.10/drivers/char/moxa.c linux-2.6.10/drivers/char/moxa.c
--- linux-2.6.10/drivers/char/moxa.c	2004-12-28 16:52:06.000000000 +0000
+++ linux-2.6.10/drivers/char/moxa.c	2005-01-07 23:08:12.600929528 +0000
@@ -807,6 +807,8 @@
 	case TIOCSSERIAL:
 		return moxa_set_serial_info(ch, argp);
 	default:
+		if(!capable(CAP_SYS_RAWIO))
+			return -EPERM;
 		retval = MoxaDriverIoctl(cmd, arg, port);
 	}
 	return (retval);
diff -u linux-2.6.10/mm/mmap.c linux-2.6.10/mm/mmap.c
--- linux-2.6.10/mm/mmap.c	2005-01-07 15:31:43.000000000 +0000
+++ linux-2.6.10/mm/mmap.c	2005-01-07 23:10:52.419633392 +0000
@@ -1360,6 +1360,13 @@
 		vm_unacct_memory(grow);
 		return -ENOMEM;
 	}
+	if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) &&
+			((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) >
+			current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) {
+		anon_vma_unlock(vma);
+		vm_unacct_memory(grow);
+		return -ENOMEM;
+	}
 	vma->vm_end = address;
 	vma->vm_mm->total_vm += grow;
 	if (vma->vm_flags & VM_LOCKED)
@@ -1422,6 +1429,13 @@
 		vm_unacct_memory(grow);
 		return -ENOMEM;
 	}
+	if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) &&
+			((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) >
+			current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) {
+		anon_vma_unlock(vma);
+		vm_unacct_memory(grow);
+		return -ENOMEM;
+	}
 	vma->vm_start = address;
 	vma->vm_pgoff -= grow;
 	vma->vm_mm->total_vm += grow;
@@ -1833,6 +1847,7 @@
 	down_write(&current->mm->mmap_sem);
 	ret = __do_brk(addr, len);
 	up_write(&current->mm->mmap_sem);
+	return ret;
 }
 
 EXPORT_SYMBOL(do_brk);
only in patch2:
unchanged:
--- linux.vanilla-2.6.10/drivers/char/random.c	2004-12-25 21:15:34.000000000 +0000
+++ linux-2.6.10/drivers/char/random.c	2005-01-07 23:04:55.454900280 +0000
@@ -1906,7 +1906,7 @@
 			     void __user *oldval, size_t __user *oldlenp,
 			     void __user *newval, size_t newlen, void **context)
 {
-	int	len;
+	unsigned int	len;
 	
 	sysctl_poolsize = random_state->poolinfo.POOLBYTES;