From c65ff857436490237f4dbada82cf368122751a28 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 1 Mar 2015 18:49:59 +0100 Subject: [PATCH] kernel: Update to version 3.18.7 Disables CONFIG_XEN on all architectures. It conflicts a lot with features from grsec/PaX and we cannot support this at this point. --- kernel/config-arm-generic | 3 +- kernel/config-arm32-generic | 2 + kernel/config-arm64-generic | 10 +- kernel/config-armv5tel-default | 16 +- kernel/config-armv7hl-default | 49 +- kernel/config-armv7hl-lpae | 10 + kernel/config-generic | 14 +- kernel/config-i686-default | 3 +- kernel/config-i686-legacy | 13 - kernel/config-x86-generic | 61 +- kernel/config-x86_64-default | 19 +- kernel/kernel.nm | 4 +- ... grsecurity-3.1-3.18.7-201502222138.patch} | 2600 ++++++++++++----- 13 files changed, 1978 insertions(+), 826 deletions(-) rename kernel/patches/{grsecurity-3.0-3.18.2-201501120821.patch => grsecurity-3.1-3.18.7-201502222138.patch} (98%) diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic index 69c063131..1fcc85bf1 100644 --- a/kernel/config-arm-generic +++ b/kernel/config-arm-generic @@ -1,3 +1,5 @@ +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y # # IRQ subsystem @@ -305,7 +307,6 @@ CONFIG_GPIO_ADNP=m # CONFIG_CHARGER_TWL4030 is not set # CONFIG_CHARGER_MAX8997 is not set # CONFIG_CHARGER_MAX8998 is not set -# CONFIG_CHARGER_TPS65090 is not set CONFIG_POWER_RESET_AS3722=y CONFIG_POWER_RESET_GPIO=y CONFIG_POWER_RESET_GPIO_RESTART=y diff --git a/kernel/config-arm32-generic b/kernel/config-arm32-generic index 2219bb6a8..a86e14a1c 100644 --- a/kernel/config-arm32-generic +++ b/kernel/config-arm32-generic @@ -521,6 +521,8 @@ CONFIG_CRYPTO_AES_ARM=m # # Random Number Generation # +CONFIG_CRYPTO_DEV_HIFN_795X=m +CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y CONFIG_CRYPTO_DEV_SAHARA=m # diff --git a/kernel/config-arm64-generic b/kernel/config-arm64-generic index 09ee53100..63d59f6fe 100644 --- a/kernel/config-arm64-generic +++ b/kernel/config-arm64-generic @@ -153,7 +153,6 @@ CONFIG_NET_FLOW_LIMIT=y # # Generic Driver Options # -# CONFIG_SYS_HYPERVISOR is not set CONFIG_GENERIC_CPU_AUTOPROBE=y # @@ -273,7 +272,6 @@ CONFIG_ARM_SP805_WATCHDOG=m CONFIG_FB_SYS_FILLRECT=m CONFIG_FB_SYS_COPYAREA=m CONFIG_FB_SYS_IMAGEBLIT=m -CONFIG_FB_SYS_FOPS=m # CONFIG_FB_MODE_HELPERS is not set # @@ -416,6 +414,14 @@ CONFIG_FRAME_POINTER=y # # CONFIG_DEBUG_PER_CPU_MAPS is not set +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set + # # RCU Debugging # diff --git a/kernel/config-armv5tel-default b/kernel/config-armv5tel-default index 86727b0b2..3c29997b0 100644 --- a/kernel/config-armv5tel-default +++ b/kernel/config-armv5tel-default @@ -127,11 +127,6 @@ CONFIG_ARM_KIRKWOOD_CPUFREQ=y # CONFIG_ARM_MVEBU_V7_CPUIDLE is not set # CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set -# -# Generic Driver Options -# -# CONFIG_SYS_HYPERVISOR is not set - # # Bus devices # @@ -256,7 +251,6 @@ CONFIG_DRM_PANEL_S6E8AA0=m # # Frame buffer Devices # -CONFIG_FB_SYS_FOPS=m CONFIG_FB_MODE_HELPERS=y # @@ -392,6 +386,14 @@ CONFIG_PHY_MVEBU_SATA=y # CONFIG_FRAME_POINTER=y +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set + # # RCU Debugging # @@ -408,8 +410,6 @@ CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S" # Random Number Generation # CONFIG_CRYPTO_DEV_MV_CESA=m -CONFIG_CRYPTO_DEV_HIFN_795X=m -CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y # # Library routines diff --git a/kernel/config-armv7hl-default b/kernel/config-armv7hl-default index 1ee849754..a9398fc1a 100644 --- a/kernel/config-armv7hl-default +++ b/kernel/config-armv7hl-default @@ -276,7 +276,6 @@ CONFIG_CPU_HAS_ASID=y # Processor Features # # CONFIG_ARM_LPAE is not set -CONFIG_ARCH_DMA_ADDR_T_64BIT=y # CONFIG_ARM_THUMBEE is not set CONFIG_ARM_VIRT_EXT=y CONFIG_SWP_EMULATE=y @@ -345,11 +344,9 @@ CONFIG_THUMB2_AVOID_R_ARM_THM_JUMP11=y CONFIG_ARM_ASM_UNIFIED=y CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y CONFIG_SPLIT_PTLOCK_CPUS=4 -CONFIG_MMU_NOTIFIER=y CONFIG_FORCE_MAX_ZONEORDER=12 # CONFIG_UACCESS_WITH_MEMCPY is not set -CONFIG_XEN_DOM0=y -CONFIG_XEN=y +# CONFIG_XEN is not set # # Boot options @@ -411,7 +408,6 @@ CONFIG_NET_FLOW_LIMIT=y # # Generic Driver Options # -CONFIG_SYS_HYPERVISOR=y CONFIG_REGMAP_SPMI=m # @@ -422,12 +418,6 @@ CONFIG_REGMAP_SPMI=m CONFIG_OMAP_INTERCONNECT=y CONFIG_ARM_CCI=y -# -# Device Tree and Open Firmware support -# -CONFIG_XEN_BLKDEV_FRONTEND=y -# CONFIG_XEN_BLKDEV_BACKEND is not set - # # Misc devices # @@ -438,11 +428,6 @@ CONFIG_XEN_BLKDEV_FRONTEND=y # # CONFIG_EEPROM_SUNXI_SID is not set -# -# SCSI Transports -# -CONFIG_XEN_SCSI_FRONTEND=m - # # Controllers with non-SFF native interface # @@ -482,12 +467,6 @@ CONFIG_NET_VENDOR_XILINX=y # CONFIG_MDIO_SUN4I=m -# -# Enable WiMAX (Networking options) to see the WiMAX drivers -# -CONFIG_XEN_NETDEV_FRONTEND=m -CONFIG_XEN_NETDEV_BACKEND=m - # # Input device support # @@ -502,7 +481,6 @@ CONFIG_KEYBOARD_SAMSUNG=y # CONFIG_KEYBOARD_ST_KEYSCAN is not set CONFIG_KEYBOARD_SH_KEYSC=m # CONFIG_INPUT_AB8500_PONKEY is not set -CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y CONFIG_INPUT_SIRFSOC_ONKEY=y # @@ -531,9 +509,6 @@ CONFIG_SERIAL_SH_SCI_NR_UARTS=2 # CONFIG_SERIAL_MSM is not set # CONFIG_SERIAL_VT8500 is not set CONFIG_SERIAL_OMAP=m -CONFIG_HVC_IRQ=y -CONFIG_HVC_XEN=y -CONFIG_HVC_XEN_FRONTEND=y CONFIG_HW_RANDOM_OMAP=y CONFIG_HW_RANDOM_OMAP3_ROM=y CONFIG_HW_RANDOM_EXYNOS=y @@ -700,7 +675,6 @@ CONFIG_SIRFSOC_WATCHDOG=y CONFIG_TEGRA_WATCHDOG=m CONFIG_QCOM_WDT=m CONFIG_MESON_WATCHDOG=m -# CONFIG_XEN_WDT is not set # # Multifunction device drivers @@ -788,7 +762,6 @@ CONFIG_DRM_TEGRA_FBDEV=y # # Frame buffer Devices # -CONFIG_FB_SYS_FOPS=y # CONFIG_FB_MODE_HELPERS is not set # @@ -802,7 +775,6 @@ CONFIG_FB_SYS_FOPS=y # CONFIG_FB_S3C is not set # CONFIG_FB_XILINX is not set # CONFIG_FB_DA8XX is not set -CONFIG_XEN_FBDEV_FRONTEND=y # CONFIG_FB_MX3 is not set # CONFIG_OMAP2_DSS is not set CONFIG_EXYNOS_VIDEO=y @@ -977,22 +949,6 @@ CONFIG_DMA_SUN6I=m # CONFIG_UIO_MF624 is not set # CONFIG_VFIO is not set -# -# Xen driver support -# -CONFIG_XEN_BALLOON=y -CONFIG_XEN_SCRUB_PAGES=y -CONFIG_XEN_DEV_EVTCHN=y -CONFIG_XEN_BACKEND=y -CONFIG_XENFS=y -CONFIG_XEN_COMPAT_XENFS=y -CONFIG_XEN_SYS_HYPERVISOR=y -CONFIG_XEN_XENBUS_FRONTEND=y -CONFIG_XEN_GNTDEV=m -CONFIG_XEN_GRANT_DEV_ALLOC=m -CONFIG_SWIOTLB_XEN=y -CONFIG_XEN_PRIVCMD=y - # # Speakup console speech # @@ -1179,11 +1135,14 @@ CONFIG_PAX_PAGEEXEC=y CONFIG_PAX_MPROTECT=y # CONFIG_PAX_MPROTECT_COMPAT is not set CONFIG_PAX_ELFRELOCS=y +CONFIG_PAX_KERNEXEC=y # # Miscellaneous hardening features # +# CONFIG_PAX_MEMORY_UDEREF is not set CONFIG_PAX_REFCOUNT=y +CONFIG_PAX_CONSTIFY_PLUGIN=y # # Memory Protections diff --git a/kernel/config-armv7hl-lpae b/kernel/config-armv7hl-lpae index 449f34635..7ecb6282e 100644 --- a/kernel/config-armv7hl-lpae +++ b/kernel/config-armv7hl-lpae @@ -19,12 +19,14 @@ CONFIG_ARCH_AXXIA=y # CONFIG_ARM_LPAE=y CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y # # Kernel Features # CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_MMU_NOTIFIER=y # CONFIG_TRANSPARENT_HUGEPAGE is not set # @@ -65,6 +67,14 @@ CONFIG_ROCKCHIP_IODOMAIN=m # # CONFIG_HUGETLBFS is not set +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set + # # Library routines # diff --git a/kernel/config-generic b/kernel/config-generic index 541c1cb7b..8ffbd92b2 100644 --- a/kernel/config-generic +++ b/kernel/config-generic @@ -240,8 +240,6 @@ CONFIG_FREEZER=y # CONFIG_ZONE_DMA=y CONFIG_NO_BOOTMEM=y -CONFIG_SWIOTLB=y -CONFIG_IOMMU_HELPER=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set @@ -989,6 +987,7 @@ CONFIG_EXTRA_FIRMWARE="" # CONFIG_ALLOW_DEV_COREDUMP is not set # CONFIG_DEBUG_DRIVER is not set # CONFIG_DEBUG_DEVRES is not set +# CONFIG_SYS_HYPERVISOR is not set # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y @@ -2318,6 +2317,7 @@ CONFIG_CHARGER_MAX14577=m # CONFIG_CHARGER_BQ24190 is not set # CONFIG_CHARGER_BQ24735 is not set # CONFIG_CHARGER_SMB347 is not set +# CONFIG_CHARGER_TPS65090 is not set CONFIG_POWER_RESET=y CONFIG_POWER_AVS=y CONFIG_HWMON=y @@ -3211,6 +3211,7 @@ CONFIG_FB_CFB_COPYAREA=m CONFIG_FB_CFB_IMAGEBLIT=m # CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set # CONFIG_FB_FOREIGN_ENDIAN is not set +CONFIG_FB_SYS_FOPS=m CONFIG_FB_DEFERRED_IO=y # CONFIG_FB_SVGALIB is not set # CONFIG_FB_MACMODES is not set @@ -3983,10 +3984,6 @@ CONFIG_VIRTIO_MMIO=m # # Microsoft Hyper-V guest support # - -# -# Xen driver support -# CONFIG_STAGING=y # CONFIG_PRISM2_USB is not set # CONFIG_COMEDI is not set @@ -4620,10 +4617,6 @@ CONFIG_TIMER_STATS=y # CONFIG_DEBUG_RT_MUTEXES is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_PROVE_LOCKING is not set -# CONFIG_LOCK_STAT is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set # CONFIG_LOCK_TORTURE_TEST is not set @@ -4791,6 +4784,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +# CONFIG_GRKERNSEC_CHROOT_RENAME is not set # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y diff --git a/kernel/config-i686-default b/kernel/config-i686-default index 0ef67602b..cf70da15a 100644 --- a/kernel/config-i686-default +++ b/kernel/config-i686-default @@ -45,7 +45,6 @@ CONFIG_X86_BIGSMP=y CONFIG_X86_32_NON_STANDARD=y # CONFIG_STA2X11 is not set CONFIG_X86_32_IRIS=m -CONFIG_XEN_MAX_DOMAIN_MEMORY=64 # CONFIG_LGUEST_GUEST is not set # CONFIG_M486 is not set # CONFIG_M586 is not set @@ -326,6 +325,8 @@ CONFIG_ARCH_TRACK_EXEC_LIMIT=y # Non-executable pages # CONFIG_PAX_SEGMEXEC=y +CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="" +CONFIG_PAX_KERNEXEC_MODULE_TEXT=8 # # Memory Protections diff --git a/kernel/config-i686-legacy b/kernel/config-i686-legacy index 388fbff08..170c7a2b6 100644 --- a/kernel/config-i686-legacy +++ b/kernel/config-i686-legacy @@ -1,9 +1,4 @@ -# -# Kernel Performance Events And Counters -# -# CONFIG_CC_STACKPROTECTOR is not set - # # Processor type and features # @@ -41,7 +36,6 @@ CONFIG_OLPC_XO15_SCI=y # # Generic Driver Options # -# CONFIG_SYS_HYPERVISOR is not set CONFIG_DMA_CMA=y # @@ -318,15 +312,8 @@ CONFIG_IRQCHIP=y # # Non-executable pages # -CONFIG_PAX_KERNEXEC=y CONFIG_PAX_KERNEXEC_MODULE_TEXT=4 -# -# Miscellaneous hardening features -# -CONFIG_PAX_MEMORY_UDEREF=y -CONFIG_PAX_CONSTIFY_PLUGIN=y - # # Random Number Generation # diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic index 6b51910f8..9cfcdfdcc 100644 --- a/kernel/config-x86-generic +++ b/kernel/config-x86-generic @@ -98,11 +98,7 @@ CONFIG_HYPERVISOR_GUEST=y CONFIG_PARAVIRT=y # CONFIG_PARAVIRT_DEBUG is not set # CONFIG_PARAVIRT_SPINLOCKS is not set -CONFIG_XEN=y -CONFIG_XEN_DOM0=y -CONFIG_XEN_PVHVM=y -CONFIG_XEN_SAVE_RESTORE=y -CONFIG_XEN_DEBUG_FS=y +# CONFIG_XEN is not set CONFIG_KVM_GUEST=y # CONFIG_KVM_DEBUG_FS is not set CONFIG_PARAVIRT_TIME_ACCOUNTING=y @@ -127,6 +123,7 @@ CONFIG_DMI=y CONFIG_NR_CPUS=64 CONFIG_SCHED_SMT=y CONFIG_SCHED_MC=y +CONFIG_X86_UP_APIC_MSI=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y @@ -196,7 +193,6 @@ CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y # # Power management and ACPI options # -CONFIG_HIBERNATE_CALLBACKS=y CONFIG_PM_SLEEP_SMP=y CONFIG_ACPI=y CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y @@ -269,7 +265,6 @@ CONFIG_INTEL_IDLE=y # CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y -CONFIG_PCI_XEN=y CONFIG_PCI_DOMAINS=y # CONFIG_PCI_CNB20LE_QUIRK is not set CONFIG_HOTPLUG_PCI_PCIE=y @@ -279,7 +274,6 @@ CONFIG_PCIEAER_INJECT=m CONFIG_PCIEASPM_POWERSAVE=y CONFIG_PCI_MSI=y CONFIG_PCI_STUB=y -CONFIG_XEN_PCIDEV_FRONTEND=m CONFIG_HT_IRQ=y CONFIG_PCI_ATS=y CONFIG_PCI_IOV=y @@ -338,7 +332,6 @@ CONFIG_RFKILL_GPIO=m # # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_SYS_HYPERVISOR=y CONFIG_GENERIC_CPU_AUTOPROBE=y # CONFIG_DMA_CMA is not set @@ -372,8 +365,6 @@ CONFIG_BLK_DEV_UMEM=m CONFIG_BLK_DEV_NVME=m CONFIG_BLK_DEV_SX8=m CONFIG_BLK_DEV_RAM_SIZE=16384 -CONFIG_XEN_BLKDEV_FRONTEND=m -CONFIG_XEN_BLKDEV_BACKEND=m # CONFIG_BLK_DEV_HD is not set CONFIG_BLK_DEV_RSXX=m @@ -414,7 +405,6 @@ CONFIG_MEGARAID_MM=m CONFIG_MEGARAID_MAILBOX=m CONFIG_SCSI_BUSLOGIC=m CONFIG_VMWARE_PVSCSI=m -CONFIG_XEN_SCSI_FRONTEND=m CONFIG_FCOE_FNIC=m CONFIG_SCSI_EATA=m CONFIG_SCSI_EATA_TAGGED_QUEUE=y @@ -521,12 +511,6 @@ CONFIG_IPW2200_RADIOTAP=y CONFIG_IPW2200_PROMISCUOUS=y CONFIG_IPW2200_QOS=y -# -# Enable WiMAX (Networking options) to see the WiMAX drivers -# -CONFIG_XEN_NETDEV_FRONTEND=m -CONFIG_XEN_NETDEV_BACKEND=m - # # HiSax supported cards # @@ -552,7 +536,6 @@ CONFIG_INPUT_ATLAS_BTNS=m CONFIG_INPUT_TWL4030_PWRBUTTON=m CONFIG_INPUT_TWL4030_VIBRA=m CONFIG_INPUT_TWL6040_VIBRA=m -CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y CONFIG_INPUT_IDEAPAD_SLIDEBAR=m # @@ -592,9 +575,6 @@ CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_PRINTER=m CONFIG_LP_CONSOLE=y CONFIG_PPDEV=m -CONFIG_HVC_IRQ=y -CONFIG_HVC_XEN=y -CONFIG_HVC_XEN_FRONTEND=y CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_VIA=m @@ -698,7 +678,6 @@ CONFIG_CHARGER_TWL4030=m CONFIG_CHARGER_LP8788=m CONFIG_CHARGER_MAX8997=m CONFIG_CHARGER_MAX8998=m -CONFIG_CHARGER_TPS65090=m # # Native drivers @@ -758,7 +737,6 @@ CONFIG_W83877F_WDT=m CONFIG_W83977F_WDT=m CONFIG_MACHZ_WDT=m # CONFIG_SBC_EPX_C3_WATCHDOG is not set -CONFIG_XEN_WDT=m # # PCI-based Watchdog Cards @@ -978,7 +956,6 @@ CONFIG_DRM_GMA3600=y CONFIG_FB_SYS_FILLRECT=m CONFIG_FB_SYS_COPYAREA=m CONFIG_FB_SYS_IMAGEBLIT=m -CONFIG_FB_SYS_FOPS=m CONFIG_FB_BACKLIGHT=y # CONFIG_FB_MODE_HELPERS is not set @@ -994,7 +971,6 @@ CONFIG_FB_BACKLIGHT=y # CONFIG_FB_LE80578 is not set # CONFIG_FB_INTEL is not set # CONFIG_FB_VIA is not set -CONFIG_XEN_FBDEV_FRONTEND=m CONFIG_LCD_PLATFORM=m CONFIG_BACKLIGHT_APPLE=m # CONFIG_BACKLIGHT_SAHARA is not set @@ -1107,27 +1083,6 @@ CONFIG_UIO_MF624=m # Microsoft Hyper-V guest support # # CONFIG_HYPERV is not set - -# -# Xen driver support -# -CONFIG_XEN_BALLOON=y -CONFIG_XEN_SELFBALLOONING=y -CONFIG_XEN_SCRUB_PAGES=y -CONFIG_XEN_DEV_EVTCHN=m -CONFIG_XEN_BACKEND=y -CONFIG_XENFS=m -CONFIG_XEN_COMPAT_XENFS=y -CONFIG_XEN_SYS_HYPERVISOR=y -CONFIG_XEN_XENBUS_FRONTEND=y -CONFIG_XEN_GNTDEV=m -CONFIG_XEN_GRANT_DEV_ALLOC=m -CONFIG_SWIOTLB_XEN=y -CONFIG_XEN_TMEM=m -CONFIG_XEN_PCIDEV_BACKEND=m -CONFIG_XEN_PRIVCMD=m -CONFIG_XEN_ACPI_PROCESSOR=m -CONFIG_XEN_HAVE_PVMMU=y # CONFIG_SLICOSS is not set # CONFIG_PANEL is not set @@ -1289,7 +1244,6 @@ CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0 CONFIG_RCU_CPU_STALL_TIMEOUT=60 # CONFIG_RCU_CPU_STALL_INFO is not set CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y -# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set CONFIG_USER_STACKTRACE_SUPPORT=y CONFIG_FUNCTION_GRAPH_TRACER=y CONFIG_FTRACE_SYSCALLS=y @@ -1324,6 +1278,11 @@ CONFIG_OPTIMIZE_INLINING=y # CONFIG_DEBUG_NMI_SELFTEST is not set # CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set +# +# Grsecurity +# +CONFIG_PAX_PER_CPU_PGD=y + # # PaX # @@ -1349,7 +1308,7 @@ CONFIG_PAX_EMUTRAMP=y CONFIG_PAX_MPROTECT=y # CONFIG_PAX_MPROTECT_COMPAT is not set CONFIG_PAX_ELFRELOCS=y -CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="" +CONFIG_PAX_KERNEXEC=y # # Address Space Layout Randomization @@ -1363,10 +1322,12 @@ CONFIG_PAX_RANDMMAP=y # Miscellaneous hardening features # CONFIG_PAX_MEMORY_STACKLEAK=y +# CONFIG_PAX_MEMORY_UDEREF is not set CONFIG_PAX_REFCOUNT=y +CONFIG_PAX_CONSTIFY_PLUGIN=y CONFIG_PAX_USERCOPY=y # CONFIG_PAX_USERCOPY_DEBUG is not set -# CONFIG_PAX_SIZE_OVERFLOW is not set +CONFIG_PAX_SIZE_OVERFLOW=y # # Memory Protections diff --git a/kernel/config-x86_64-default b/kernel/config-x86_64-default index 197b5a76d..a398a6a08 100644 --- a/kernel/config-x86_64-default +++ b/kernel/config-x86_64-default @@ -53,13 +53,13 @@ CONFIG_X86_X2APIC=y CONFIG_X86_NUMACHIP=y # CONFIG_X86_VSMP is not set # CONFIG_X86_UV is not set -CONFIG_XEN_MAX_DOMAIN_MEMORY=500 -# CONFIG_XEN_PVH is not set # CONFIG_MPSC is not set CONFIG_GENERIC_CPU=y CONFIG_X86_MINIMUM_CPU_FAMILY=64 CONFIG_GART_IOMMU=y # CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y # CONFIG_MAXSMP is not set CONFIG_DIRECT_GBPAGES=y CONFIG_NUMA=y @@ -184,12 +184,6 @@ CONFIG_EDAC_SBRIDGE=m # CONFIG_INTEL_MIC_X100_DMA=m -# -# Xen driver support -# -# CONFIG_XEN_MCE_LOG is not set -CONFIG_XEN_EFI=y - # # Android # @@ -218,7 +212,14 @@ CONFIG_QUOTACTL_COMPAT=y # # Grsecurity # -CONFIG_TASK_SIZE_MAX_SHIFT=47 +CONFIG_PAX_KERNEXEC_PLUGIN=y +CONFIG_TASK_SIZE_MAX_SHIFT=42 + +# +# Non-executable pages +# +CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y +CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="bts" # # Memory Protections diff --git a/kernel/kernel.nm b/kernel/kernel.nm index ee1e06f93..c4f130863 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -4,8 +4,8 @@ ############################################################################### name = kernel -version = 3.18.2 -release = 2 +version = 3.18.7 +release = 1 thisapp = linux-%{version} maintainer = Arne Fitzenreiter diff --git a/kernel/patches/grsecurity-3.0-3.18.2-201501120821.patch b/kernel/patches/grsecurity-3.1-3.18.7-201502222138.patch similarity index 98% rename from kernel/patches/grsecurity-3.0-3.18.2-201501120821.patch rename to kernel/patches/grsecurity-3.1-3.18.7-201502222138.patch index 34d077be6..1db1bc35e 100644 --- a/kernel/patches/grsecurity-3.0-3.18.2-201501120821.patch +++ b/kernel/patches/grsecurity-3.1-3.18.7-201502222138.patch @@ -313,7 +313,7 @@ index a311db8..415b28c 100644 A typical pattern in a Kbuild file looks like this: diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 479f332..2475ac2 100644 +index f4c71d4..66811b1 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -1182,6 +1182,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. @@ -327,7 +327,7 @@ index 479f332..2475ac2 100644 hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2259,6 +2263,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2260,6 +2264,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. noexec=on: enable non-executable mappings (default) noexec=off: disable non-executable mappings @@ -338,7 +338,7 @@ index 479f332..2475ac2 100644 nosmap [X86] Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor. -@@ -2551,6 +2559,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2552,6 +2560,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -370,7 +370,7 @@ index 479f332..2475ac2 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 8f73b41..320950a 100644 +index 0efae22..380e711 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -781,7 +781,7 @@ index f9c732e..78fbb0f 100644 return addr; } diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c -index 98838a0..b304fb4 100644 +index 9d0ac09..479a962 100644 --- a/arch/alpha/mm/fault.c +++ b/arch/alpha/mm/fault.c @@ -53,6 +53,124 @@ __load_new_mm_context(struct mm_struct *next_mm) @@ -962,7 +962,7 @@ index 89c4b5c..847a7be 100644 kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index e22c119..8fa9957 100644 +index e22c119..eaa807d 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -18,17 +18,41 @@ @@ -1363,7 +1363,7 @@ index e22c119..8fa9957 100644 +#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, , op1, op2, , ) \ + __ATOMIC64_OP(op, _unchecked, op1, op2##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE) + -+#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2, post_op, extable) \ ++#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2, post_op, extable) \ +static inline long long atomic64_##op##_return##suffix(long long i, atomic64##suffix##_t *v) \ { \ long long result; \ @@ -3047,7 +3047,7 @@ index ef9119f..31995a3 100644 #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER if (secure_computing() == -1) diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index c031063..e277ab8 100644 +index 306e1ac..1b477ed 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c @@ -104,21 +104,23 @@ EXPORT_SYMBOL(elf_hwcap); @@ -3153,7 +3153,7 @@ index bd19834..e4d8c66 100644 - return page; -} diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c -index 13396d3..589d615 100644 +index a8e32aa..b2f7198 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c @@ -76,7 +76,7 @@ enum ipi_msg_type { @@ -3525,7 +3525,7 @@ index 7f352de..6dc0929 100644 static int keystone_platform_notifier(struct notifier_block *nb, diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c -index c31f4c0..c86224d 100644 +index 2ffccd4..69ffe115 100644 --- a/arch/arm/mach-mvebu/coherency.c +++ b/arch/arm/mach-mvebu/coherency.c @@ -316,7 +316,7 @@ static void __init armada_370_coherency_init(struct device_node *np) @@ -3894,7 +3894,7 @@ index 5e65ca8..879e7b3 100644 #define CACHE_LINE_SIZE 32 diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c -index 6eb97b3..ac509f6 100644 +index 4370933..e77848e 100644 --- a/arch/arm/mm/context.c +++ b/arch/arm/mm/context.c @@ -43,7 +43,7 @@ @@ -3906,7 +3906,7 @@ index 6eb97b3..ac509f6 100644 static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS); static DEFINE_PER_CPU(atomic64_t, active_asids); -@@ -182,7 +182,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) +@@ -178,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) { static u32 cur_idx = 1; u64 asid = atomic64_read(&mm->context.id); @@ -3915,7 +3915,7 @@ index 6eb97b3..ac509f6 100644 if (asid != 0 && is_reserved_asid(asid)) { /* -@@ -203,7 +203,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) +@@ -199,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) */ asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx); if (asid == NUM_USER_ASIDS) { @@ -3924,7 +3924,7 @@ index 6eb97b3..ac509f6 100644 &asid_generation); flush_context(cpu); asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1); -@@ -234,14 +234,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) +@@ -230,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) cpu_set_reserved_ttbr0(); asid = atomic64_read(&mm->context.id); @@ -4914,7 +4914,7 @@ index 479330b..53717a8 100644 #endif /* __ASM_AVR32_KMAP_TYPES_H */ diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c -index 0eca933..eb78c7b 100644 +index d223a8b..69c5210 100644 --- a/arch/avr32/mm/fault.c +++ b/arch/avr32/mm/fault.c @@ -41,6 +41,23 @@ static inline int notify_page_fault(struct pt_regs *regs, int trap) @@ -4941,7 +4941,7 @@ index 0eca933..eb78c7b 100644 /* * This routine handles page faults. It determines the address and the * problem, and then passes it off to one of the appropriate routines. -@@ -176,6 +193,16 @@ bad_area: +@@ -178,6 +195,16 @@ bad_area: up_read(&mm->mmap_sem); if (user_mode(regs)) { @@ -5501,7 +5501,7 @@ index 84f8a52..7c76178 100644 * ensure percpu data fits * into percpu page size diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c -index 7225dad..2a7c8256 100644 +index ba5ba7a..36e9d3a 100644 --- a/arch/ia64/mm/fault.c +++ b/arch/ia64/mm/fault.c @@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned long address) @@ -6845,7 +6845,7 @@ index 2242bdd..b284048 100644 } /* Arrange for an interrupt in a short while */ diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c -index 22b19c2..c5cc8c4 100644 +index d255a2a..916271c 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -688,7 +688,18 @@ asmlinkage void do_ov(struct pt_regs *regs) @@ -6882,7 +6882,7 @@ index e3b21e5..ea5ff7c 100644 if (kvm_mips_callbacks) { kvm_err("kvm: module already exists\n"); diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index becc42b..9e43d4b 100644 +index 70ab5d6..62940fe 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -28,6 +28,23 @@ @@ -6909,7 +6909,7 @@ index becc42b..9e43d4b 100644 /* * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate -@@ -199,6 +216,14 @@ bad_area: +@@ -201,6 +218,14 @@ bad_area: bad_area_nosemaphore: /* User mode accesses just cause a SIGSEGV */ if (user_mode(regs)) { @@ -7535,7 +7535,7 @@ index 47ee620..1107387 100644 fault_space = regs->iasq[0]; diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c -index 3ca9c11..d163ef7 100644 +index e5120e6..8ddb5cc 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -15,6 +15,7 @@ @@ -8528,10 +8528,10 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index c998279..d13a9f8 100644 +index a68ee15..552d213 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h -@@ -251,6 +251,7 @@ +@@ -253,6 +253,7 @@ #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */ #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */ #define DSISR_NOHPTE 0x40000000 /* no translation found */ @@ -9236,7 +9236,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 08d659a..ab329f4 100644 +index f06b56b..ffb2fb4 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -33,6 +33,10 @@ @@ -9311,7 +9311,7 @@ index 08d659a..ab329f4 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -495,6 +526,23 @@ bad_area: +@@ -497,6 +528,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -11351,7 +11351,7 @@ index 30c3ecc..736f015 100644 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o obj-y += fault_$(BITS).o diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c -index 908e8c1..1524793 100644 +index 70d8171..274c6c0 100644 --- a/arch/sparc/mm/fault_32.c +++ b/arch/sparc/mm/fault_32.c @@ -21,6 +21,9 @@ @@ -11668,7 +11668,7 @@ index 908e8c1..1524793 100644 if (!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c -index 18fcd71..e4fe821 100644 +index 4798232..f76e3aa 100644 --- a/arch/sparc/mm/fault_64.c +++ b/arch/sparc/mm/fault_64.c @@ -22,6 +22,9 @@ @@ -12536,7 +12536,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 41a503c..cf98b04 100644 +index 3635fff..c1f9fab 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -129,7 +129,7 @@ config X86 @@ -12565,7 +12565,7 @@ index 41a503c..cf98b04 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -973,6 +974,7 @@ config VM86 +@@ -977,6 +978,7 @@ config VM86 config X86_16BIT bool "Enable support for 16-bit segments" if EXPERT @@ -12573,7 +12573,7 @@ index 41a503c..cf98b04 100644 default y ---help--- This option is required by programs like Wine to run 16-bit -@@ -1128,6 +1130,7 @@ choice +@@ -1132,6 +1134,7 @@ choice config NOHIGHMEM bool "off" @@ -12581,7 +12581,7 @@ index 41a503c..cf98b04 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1164,6 +1167,7 @@ config NOHIGHMEM +@@ -1168,6 +1171,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12589,7 +12589,7 @@ index 41a503c..cf98b04 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1216,7 +1220,7 @@ config PAGE_OFFSET +@@ -1220,7 +1224,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12598,7 +12598,7 @@ index 41a503c..cf98b04 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1631,6 +1635,7 @@ source kernel/Kconfig.hz +@@ -1635,6 +1639,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12606,7 +12606,7 @@ index 41a503c..cf98b04 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1816,7 +1821,9 @@ config X86_NEED_RELOCS +@@ -1820,7 +1825,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12617,7 +12617,7 @@ index 41a503c..cf98b04 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1899,6 +1906,7 @@ config COMPAT_VDSO +@@ -1903,6 +1910,7 @@ config COMPAT_VDSO def_bool n prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" depends on X86_32 || IA32_EMULATION @@ -12721,10 +12721,10 @@ index 920e616..ac3d4df 100644 +*** Please upgrade your binutils to 2.18 or newer +endef diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile -index 5b016e2..04ef69c 100644 +index 3db07f3..9d81d0f 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile -@@ -55,6 +55,9 @@ endif +@@ -56,6 +56,9 @@ clean-files += cpustr.h # --------------------------------------------------------------------------- KBUILD_CFLAGS := $(USERINCLUDE) $(REALMODE_CFLAGS) -D_SETUP @@ -12770,7 +12770,7 @@ index bd49ec6..94c7f58 100644 } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 45abc36..97bea2d 100644 +index 6a1a845..0ad2dae 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y) @@ -12884,7 +12884,7 @@ index 6b1766c..ad465c9 100644 .quad 0x0000000000000000 /* TS continued */ gdt_end: diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 30dd59a..cd9edc3 100644 +index 0c33a7c..be226ed 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -242,7 +242,7 @@ static void handle_relocations(void *output, unsigned long output_len) @@ -12923,7 +12923,7 @@ index 30dd59a..cd9edc3 100644 break; default: /* Ignore other PT_* */ break; } -@@ -402,7 +405,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap, +@@ -404,7 +407,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -16544,7 +16544,7 @@ index 0bb1335..8f1aec7 100644 "6:\n" ".previous\n" diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index 50d033a..37deb26 100644 +index a94b82e..59ecefa 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -4,6 +4,7 @@ @@ -16652,8 +16652,8 @@ index 50d033a..37deb26 100644 + pax_close_kernel(); } - #define _LDT_empty(info) \ -@@ -287,7 +300,7 @@ static inline void load_LDT(mm_context_t *pc) + /* This intentionally ignores lm, since 32-bit apps don't have that field. */ +@@ -295,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc) preempt_enable(); } @@ -16662,7 +16662,7 @@ index 50d033a..37deb26 100644 { return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24)); } -@@ -311,7 +324,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) +@@ -319,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) } #ifdef CONFIG_X86_64 @@ -16671,7 +16671,7 @@ index 50d033a..37deb26 100644 { gate_desc s; -@@ -321,14 +334,14 @@ static inline void set_nmi_gate(int gate, void *addr) +@@ -329,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr) #endif #ifdef CONFIG_TRACING @@ -16689,7 +16689,7 @@ index 50d033a..37deb26 100644 unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -348,7 +361,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate) +@@ -356,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate) #define _trace_set_gate(gate, type, addr, dpl, ist, seg) #endif @@ -16698,7 +16698,7 @@ index 50d033a..37deb26 100644 unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -371,9 +384,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr, +@@ -379,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr, #define set_intr_gate(n, addr) \ do { \ BUG_ON((unsigned)n > 0xFF); \ @@ -16710,7 +16710,7 @@ index 50d033a..37deb26 100644 0, 0, __KERNEL_CS); \ } while (0) -@@ -401,19 +414,19 @@ static inline void alloc_system_vector(int vector) +@@ -409,19 +422,19 @@ static inline void alloc_system_vector(int vector) /* * This routine sets up an interrupt gate at directory privilege level 3. */ @@ -16733,7 +16733,7 @@ index 50d033a..37deb26 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -422,16 +435,16 @@ static inline void set_trap_gate(unsigned int n, void *addr) +@@ -430,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr) static inline void set_task_gate(unsigned int n, unsigned int gdt_entry) { BUG_ON((unsigned)n > 0xFF); @@ -16753,7 +16753,7 @@ index 50d033a..37deb26 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS); -@@ -503,4 +516,17 @@ static inline void load_current_idt(void) +@@ -511,4 +524,17 @@ static inline void load_current_idt(void) else load_idt((const struct desc_ptr *)&idt_descr); } @@ -20495,7 +20495,7 @@ index e45e4da..44e8572 100644 extern struct x86_init_ops x86_init; extern struct x86_cpuinit_ops x86_cpuinit; diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h -index c949923..c22bfa4 100644 +index f58ef6c..a2abc78 100644 --- a/arch/x86/include/asm/xen/page.h +++ b/arch/x86/include/asm/xen/page.h @@ -63,7 +63,7 @@ extern int m2p_remove_override(struct page *page, @@ -21115,7 +21115,7 @@ index e7c798b..2b2019b 100644 BLANK(); diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile -index e27b49d..85b106c 100644 +index 80091ae..0c5184f 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg @@ -21633,7 +21633,7 @@ index 7dc5564..1273569 100644 wmb(); diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c -index 15c2909..2cef20c 100644 +index 36a8361..e7058c2 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -518,7 +518,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) @@ -21745,7 +21745,7 @@ index 639d128..e92d7e5 100644 while (amd_iommu_v2_event_descs[i].attr.attr.name) diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c -index 944bf01..4a4392f 100644 +index 498b6d9..4126515 100644 --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c @@ -2353,10 +2353,10 @@ __init int intel_pmu_init(void) @@ -21763,7 +21763,7 @@ index 944bf01..4a4392f 100644 intel_ds_init(); diff --git a/arch/x86/kernel/cpu/perf_event_intel_rapl.c b/arch/x86/kernel/cpu/perf_event_intel_rapl.c -index d64f275..26522ff 100644 +index 8c25674..30aa32e 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_rapl.c +++ b/arch/x86/kernel/cpu/perf_event_intel_rapl.c @@ -449,7 +449,7 @@ static struct attribute *rapl_events_hsw_attr[] = { @@ -21776,10 +21776,10 @@ index d64f275..26522ff 100644 .attrs = NULL, /* patched at runtime */ }; diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c -index 9762dbd..53d5d21 100644 +index e98f68c..1992b15 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c -@@ -721,7 +721,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) +@@ -737,7 +737,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) static int __init uncore_type_init(struct intel_uncore_type *type) { struct intel_uncore_pmu *pmus; @@ -21789,7 +21789,7 @@ index 9762dbd..53d5d21 100644 int i, j; diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.h b/arch/x86/kernel/cpu/perf_event_intel_uncore.h -index 18eb78b..18747cc 100644 +index 863d9b0..6289b63 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.h +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.h @@ -114,7 +114,7 @@ struct intel_uncore_box { @@ -22126,7 +22126,7 @@ index 5abd4cd..c65733b 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index ff86f19..a20c62c 100644 +index ff86f19..73eabf4 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -153,12 +153,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -22189,7 +22189,13 @@ index ff86f19..a20c62c 100644 put_cpu(); } EXPORT_SYMBOL(dump_trace); -@@ -349,3 +352,50 @@ int is_valid_bugaddr(unsigned long ip) +@@ -344,8 +347,55 @@ int is_valid_bugaddr(unsigned long ip) + { + unsigned short ud2; + +- if (__copy_from_user(&ud2, (const void __user *) ip, sizeof(ud2))) ++ if (probe_kernel_address((unsigned short *)ip, ud2)) + return 0; return ud2 == 0x0b0f; } @@ -22268,10 +22274,10 @@ index 01d1c18..8073693 100644 #include #include diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 344b63f..ccdac7a 100644 +index 344b63f..55adf14 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S -@@ -177,13 +177,153 @@ +@@ -177,13 +177,154 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -22400,6 +22406,7 @@ index 344b63f..ccdac7a 100644 + jne 1b + +2: cld ++ or $2*4, %edi + mov %esp, %ecx + sub %edi, %ecx + @@ -22426,7 +22433,7 @@ index 344b63f..ccdac7a 100644 cld PUSH_GS pushl_cfi %fs -@@ -206,7 +346,7 @@ +@@ -206,7 +347,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -22435,7 +22442,7 @@ index 344b63f..ccdac7a 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -214,6 +354,15 @@ +@@ -214,6 +355,15 @@ SET_KERNEL_GS %edx .endm @@ -22451,7 +22458,7 @@ index 344b63f..ccdac7a 100644 .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -297,7 +446,7 @@ ENTRY(ret_from_fork) +@@ -297,7 +447,7 @@ ENTRY(ret_from_fork) popfl_cfi jmp syscall_exit CFI_ENDPROC @@ -22460,7 +22467,7 @@ index 344b63f..ccdac7a 100644 ENTRY(ret_from_kernel_thread) CFI_STARTPROC -@@ -340,7 +489,15 @@ ret_from_intr: +@@ -340,7 +490,15 @@ ret_from_intr: andl $SEGMENT_RPL_MASK, %eax #endif cmpl $USER_RPL, %eax @@ -22476,7 +22483,7 @@ index 344b63f..ccdac7a 100644 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -352,8 +509,8 @@ ENTRY(resume_userspace) +@@ -352,8 +510,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -22487,7 +22494,7 @@ index 344b63f..ccdac7a 100644 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -365,7 +522,7 @@ need_resched: +@@ -365,7 +523,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -22496,7 +22503,7 @@ index 344b63f..ccdac7a 100644 #endif CFI_ENDPROC -@@ -395,30 +552,45 @@ sysenter_past_esp: +@@ -395,30 +553,45 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -22545,7 +22552,7 @@ index 344b63f..ccdac7a 100644 testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz sysenter_audit sysenter_do_call: -@@ -434,12 +606,24 @@ sysenter_after_call: +@@ -434,12 +607,24 @@ sysenter_after_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -22570,7 +22577,7 @@ index 344b63f..ccdac7a 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT -@@ -453,6 +637,9 @@ sysenter_audit: +@@ -453,6 +638,9 @@ sysenter_audit: pushl_cfi PT_ESI(%esp) /* a3: 5th arg */ pushl_cfi PT_EDX+4(%esp) /* a2: 4th arg */ call __audit_syscall_entry @@ -22580,7 +22587,7 @@ index 344b63f..ccdac7a 100644 popl_cfi %ecx /* get that remapped edx off the stack */ popl_cfi %ecx /* get that remapped esi off the stack */ movl PT_EAX(%esp),%eax /* reload syscall number */ -@@ -479,10 +666,16 @@ sysexit_audit: +@@ -479,10 +667,16 @@ sysexit_audit: CFI_ENDPROC .pushsection .fixup,"ax" @@ -22599,7 +22606,7 @@ index 344b63f..ccdac7a 100644 PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -493,6 +686,11 @@ ENTRY(system_call) +@@ -493,6 +687,11 @@ ENTRY(system_call) pushl_cfi %eax # save orig_eax SAVE_ALL GET_THREAD_INFO(%ebp) @@ -22611,7 +22618,7 @@ index 344b63f..ccdac7a 100644 # system call tracing in operation / emulation testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz syscall_trace_entry -@@ -512,6 +710,15 @@ syscall_exit: +@@ -512,6 +711,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -22627,7 +22634,7 @@ index 344b63f..ccdac7a 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -566,14 +773,34 @@ ldt_ss: +@@ -566,14 +774,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -22665,7 +22672,7 @@ index 344b63f..ccdac7a 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -603,20 +830,18 @@ work_resched: +@@ -603,20 +831,18 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -22688,7 +22695,7 @@ index 344b63f..ccdac7a 100644 #endif TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -637,7 +862,7 @@ work_notifysig_v86: +@@ -637,7 +863,7 @@ work_notifysig_v86: movl %eax, %esp jmp 1b #endif @@ -22697,7 +22704,7 @@ index 344b63f..ccdac7a 100644 # perform syscall exit tracing ALIGN -@@ -645,11 +870,14 @@ syscall_trace_entry: +@@ -645,11 +871,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -22713,7 +22720,7 @@ index 344b63f..ccdac7a 100644 # perform syscall exit tracing ALIGN -@@ -662,26 +890,30 @@ syscall_exit_work: +@@ -662,26 +891,30 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -22748,7 +22755,7 @@ index 344b63f..ccdac7a 100644 CFI_ENDPROC .macro FIXUP_ESPFIX_STACK -@@ -694,8 +926,15 @@ END(sysenter_badsys) +@@ -694,8 +927,15 @@ END(sysenter_badsys) */ #ifdef CONFIG_X86_ESPFIX32 /* fixup the stack */ @@ -22766,7 +22773,7 @@ index 344b63f..ccdac7a 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -751,7 +990,7 @@ vector=vector+1 +@@ -751,7 +991,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -22775,7 +22782,7 @@ index 344b63f..ccdac7a 100644 .previous END(interrupt) -@@ -808,7 +1047,7 @@ ENTRY(coprocessor_error) +@@ -808,7 +1048,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -22784,7 +22791,7 @@ index 344b63f..ccdac7a 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -821,7 +1060,7 @@ ENTRY(simd_coprocessor_error) +@@ -821,7 +1061,7 @@ ENTRY(simd_coprocessor_error) .section .altinstructions,"a" altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f .previous @@ -22793,7 +22800,7 @@ index 344b63f..ccdac7a 100644 663: pushl $do_simd_coprocessor_error 664: .previous -@@ -830,7 +1069,7 @@ ENTRY(simd_coprocessor_error) +@@ -830,7 +1070,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -22802,7 +22809,7 @@ index 344b63f..ccdac7a 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -839,18 +1078,18 @@ ENTRY(device_not_available) +@@ -839,18 +1079,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -22824,7 +22831,7 @@ index 344b63f..ccdac7a 100644 #endif ENTRY(overflow) -@@ -860,7 +1099,7 @@ ENTRY(overflow) +@@ -860,7 +1100,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -22833,7 +22840,7 @@ index 344b63f..ccdac7a 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -869,7 +1108,7 @@ ENTRY(bounds) +@@ -869,7 +1109,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -22842,7 +22849,7 @@ index 344b63f..ccdac7a 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -878,7 +1117,7 @@ ENTRY(invalid_op) +@@ -878,7 +1118,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -22851,7 +22858,7 @@ index 344b63f..ccdac7a 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -887,7 +1126,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -887,7 +1127,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -22860,7 +22867,7 @@ index 344b63f..ccdac7a 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -895,7 +1134,7 @@ ENTRY(invalid_TSS) +@@ -895,7 +1135,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -22869,7 +22876,7 @@ index 344b63f..ccdac7a 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -903,7 +1142,7 @@ ENTRY(segment_not_present) +@@ -903,7 +1143,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -22878,7 +22885,7 @@ index 344b63f..ccdac7a 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -911,7 +1150,7 @@ ENTRY(stack_segment) +@@ -911,7 +1151,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -22887,7 +22894,7 @@ index 344b63f..ccdac7a 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -919,7 +1158,7 @@ ENTRY(alignment_check) +@@ -919,7 +1159,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -22896,7 +22903,7 @@ index 344b63f..ccdac7a 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -928,7 +1167,7 @@ ENTRY(divide_error) +@@ -928,7 +1168,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -22905,7 +22912,7 @@ index 344b63f..ccdac7a 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -938,7 +1177,7 @@ ENTRY(machine_check) +@@ -938,7 +1178,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -22914,7 +22921,7 @@ index 344b63f..ccdac7a 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -948,7 +1187,7 @@ ENTRY(spurious_interrupt_bug) +@@ -948,7 +1188,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -22923,7 +22930,7 @@ index 344b63f..ccdac7a 100644 #ifdef CONFIG_XEN /* Xen doesn't set %esp to be precisely what the normal sysenter -@@ -1054,7 +1293,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, +@@ -1054,7 +1294,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, ENTRY(mcount) ret @@ -22932,7 +22939,7 @@ index 344b63f..ccdac7a 100644 ENTRY(ftrace_caller) pushl %eax -@@ -1084,7 +1323,7 @@ ftrace_graph_call: +@@ -1084,7 +1324,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -22941,7 +22948,7 @@ index 344b63f..ccdac7a 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1182,7 +1421,7 @@ trace: +@@ -1182,7 +1422,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -22950,7 +22957,7 @@ index 344b63f..ccdac7a 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1200,7 +1439,7 @@ ENTRY(ftrace_graph_caller) +@@ -1200,7 +1440,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -22959,7 +22966,7 @@ index 344b63f..ccdac7a 100644 .globl return_to_handler return_to_handler: -@@ -1261,15 +1500,18 @@ error_code: +@@ -1261,15 +1501,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -22980,7 +22987,7 @@ index 344b63f..ccdac7a 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1312,7 +1554,7 @@ debug_stack_correct: +@@ -1312,7 +1555,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -22989,7 +22996,7 @@ index 344b63f..ccdac7a 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1352,6 +1594,9 @@ nmi_stack_correct: +@@ -1352,6 +1595,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -22999,7 +23006,7 @@ index 344b63f..ccdac7a 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1389,13 +1634,16 @@ nmi_espfix_stack: +@@ -1389,13 +1635,16 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -23017,7 +23024,7 @@ index 344b63f..ccdac7a 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1408,14 +1656,14 @@ ENTRY(int3) +@@ -1408,14 +1657,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -23034,7 +23041,7 @@ index 344b63f..ccdac7a 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1424,6 +1672,6 @@ ENTRY(async_page_fault) +@@ -1424,6 +1673,6 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -23043,7 +23050,7 @@ index 344b63f..ccdac7a 100644 #endif diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index c0226ab..96a8ab7 100644 +index c0226ab..0d1dc48 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -23055,7 +23062,7 @@ index c0226ab..96a8ab7 100644 /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -81,6 +83,430 @@ ENTRY(native_usergs_sysret64) +@@ -81,6 +83,431 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -23460,6 +23467,7 @@ index c0226ab..96a8ab7 100644 + jne 1b + +2: cld ++ or $2*8, %rdi + mov %esp, %ecx + sub %edi, %ecx + @@ -23486,7 +23494,7 @@ index c0226ab..96a8ab7 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -117,7 +543,7 @@ ENDPROC(native_usergs_sysret64) +@@ -117,7 +544,7 @@ ENDPROC(native_usergs_sysret64) .endm .macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET @@ -23495,7 +23503,7 @@ index c0226ab..96a8ab7 100644 jnc 1f TRACE_IRQS_ON_DEBUG 1: -@@ -155,27 +581,6 @@ ENDPROC(native_usergs_sysret64) +@@ -155,27 +582,6 @@ ENDPROC(native_usergs_sysret64) movq \tmp,R11+\offset(%rsp) .endm @@ -23523,7 +23531,7 @@ index c0226ab..96a8ab7 100644 /* * initial frame state for interrupts (and exceptions without error code) */ -@@ -241,25 +646,26 @@ ENDPROC(native_usergs_sysret64) +@@ -241,25 +647,26 @@ ENDPROC(native_usergs_sysret64) /* save partial stack frame */ .macro SAVE_ARGS_IRQ cld @@ -23563,7 +23571,7 @@ index c0226ab..96a8ab7 100644 je 1f SWAPGS /* -@@ -279,6 +685,18 @@ ENDPROC(native_usergs_sysret64) +@@ -279,6 +686,18 @@ ENDPROC(native_usergs_sysret64) 0x06 /* DW_OP_deref */, \ 0x08 /* DW_OP_const1u */, SS+8-RBP, \ 0x22 /* DW_OP_plus */ @@ -23582,7 +23590,7 @@ index c0226ab..96a8ab7 100644 /* We entered an interrupt context - irqs are off: */ TRACE_IRQS_OFF .endm -@@ -308,9 +726,52 @@ ENTRY(save_paranoid) +@@ -308,9 +727,52 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -23637,7 +23645,7 @@ index c0226ab..96a8ab7 100644 /* * A newly forked process directly context switches into this address. -@@ -331,7 +792,7 @@ ENTRY(ret_from_fork) +@@ -331,7 +793,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23646,7 +23654,7 @@ index c0226ab..96a8ab7 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -341,15 +802,13 @@ ENTRY(ret_from_fork) +@@ -341,15 +803,13 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath 1: @@ -23663,7 +23671,7 @@ index c0226ab..96a8ab7 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -386,7 +845,7 @@ END(ret_from_fork) +@@ -386,7 +846,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23672,7 +23680,7 @@ index c0226ab..96a8ab7 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -399,16 +858,23 @@ GLOBAL(system_call_after_swapgs) +@@ -399,16 +859,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -23698,7 +23706,7 @@ index c0226ab..96a8ab7 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -432,10 +898,13 @@ sysret_check: +@@ -432,10 +899,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -23713,7 +23721,7 @@ index c0226ab..96a8ab7 100644 /* * sysretq will re-enable interrupts: */ -@@ -494,12 +963,15 @@ sysret_audit: +@@ -494,12 +964,15 @@ sysret_audit: /* Do syscall tracing */ tracesys: @@ -23731,7 +23739,7 @@ index c0226ab..96a8ab7 100644 jmp system_call_fastpath /* and return to the fast path */ tracesys_phase2: -@@ -510,12 +982,14 @@ tracesys_phase2: +@@ -510,12 +983,14 @@ tracesys_phase2: movq %rax,%rdx call syscall_trace_enter_phase2 @@ -23747,7 +23755,7 @@ index c0226ab..96a8ab7 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -545,7 +1019,9 @@ GLOBAL(int_with_check) +@@ -545,7 +1020,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -23758,7 +23766,7 @@ index c0226ab..96a8ab7 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -591,7 +1067,7 @@ int_restore_rest: +@@ -591,7 +1068,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -23767,7 +23775,7 @@ index c0226ab..96a8ab7 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -604,9 +1080,10 @@ ENTRY(stub_\func) +@@ -604,9 +1081,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -23780,7 +23788,7 @@ index c0226ab..96a8ab7 100644 .endm .macro FIXED_FRAME label,func -@@ -616,9 +1093,10 @@ ENTRY(\label) +@@ -616,9 +1094,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -23792,7 +23800,7 @@ index c0226ab..96a8ab7 100644 .endm FORK_LIKE clone -@@ -626,19 +1104,6 @@ END(\label) +@@ -626,19 +1105,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -23812,7 +23820,7 @@ index c0226ab..96a8ab7 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -650,7 +1115,7 @@ ENTRY(stub_execve) +@@ -650,7 +1116,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23821,7 +23829,7 @@ index c0226ab..96a8ab7 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -667,7 +1132,7 @@ ENTRY(stub_rt_sigreturn) +@@ -667,7 +1133,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23830,7 +23838,7 @@ index c0226ab..96a8ab7 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -681,7 +1146,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -681,7 +1147,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23839,7 +23847,7 @@ index c0226ab..96a8ab7 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -695,7 +1160,7 @@ ENTRY(stub_x32_execve) +@@ -695,7 +1161,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23848,7 +23856,7 @@ index c0226ab..96a8ab7 100644 #endif -@@ -732,7 +1197,7 @@ vector=vector+1 +@@ -732,7 +1198,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -23857,7 +23865,7 @@ index c0226ab..96a8ab7 100644 .previous END(interrupt) -@@ -749,8 +1214,8 @@ END(interrupt) +@@ -749,8 +1215,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -23868,7 +23876,7 @@ index c0226ab..96a8ab7 100644 SAVE_ARGS_IRQ call \func .endm -@@ -773,14 +1238,14 @@ ret_from_intr: +@@ -773,14 +1239,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -23887,7 +23895,7 @@ index c0226ab..96a8ab7 100644 je retint_kernel /* Interrupt came from user space */ -@@ -802,12 +1267,35 @@ retint_swapgs: /* return to user-space */ +@@ -802,12 +1268,35 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -23923,7 +23931,7 @@ index c0226ab..96a8ab7 100644 /* * The iretq could re-enable interrupts: */ -@@ -845,15 +1333,15 @@ native_irq_return_ldt: +@@ -845,15 +1334,15 @@ native_irq_return_ldt: SWAPGS movq PER_CPU_VAR(espfix_waddr),%rdi movq %rax,(0*8)(%rdi) /* RAX */ @@ -23944,7 +23952,7 @@ index c0226ab..96a8ab7 100644 movq %rax,(4*8)(%rdi) andl $0xffff0000,%eax popq_cfi %rdi -@@ -907,7 +1395,7 @@ ENTRY(retint_kernel) +@@ -907,7 +1396,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -23953,7 +23961,7 @@ index c0226ab..96a8ab7 100644 /* * APIC interrupts. -@@ -921,7 +1409,7 @@ ENTRY(\sym) +@@ -921,7 +1410,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -23962,7 +23970,7 @@ index c0226ab..96a8ab7 100644 .endm #ifdef CONFIG_TRACING -@@ -994,7 +1482,7 @@ apicinterrupt IRQ_WORK_VECTOR \ +@@ -994,7 +1483,7 @@ apicinterrupt IRQ_WORK_VECTOR \ /* * Exception entry points. */ @@ -23971,7 +23979,7 @@ index c0226ab..96a8ab7 100644 .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1 ENTRY(\sym) -@@ -1045,6 +1533,12 @@ ENTRY(\sym) +@@ -1045,6 +1534,12 @@ ENTRY(\sym) .endif .if \shift_ist != -1 @@ -23984,7 +23992,7 @@ index c0226ab..96a8ab7 100644 subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist) .endif -@@ -1061,7 +1555,7 @@ ENTRY(\sym) +@@ -1061,7 +1556,7 @@ ENTRY(\sym) .endif CFI_ENDPROC @@ -23993,7 +24001,7 @@ index c0226ab..96a8ab7 100644 .endm #ifdef CONFIG_TRACING -@@ -1102,9 +1596,10 @@ gs_change: +@@ -1102,9 +1597,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24005,7 +24013,7 @@ index c0226ab..96a8ab7 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1132,9 +1627,10 @@ ENTRY(do_softirq_own_stack) +@@ -1132,9 +1628,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24017,7 +24025,7 @@ index c0226ab..96a8ab7 100644 #ifdef CONFIG_XEN idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0 -@@ -1172,7 +1668,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1172,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24026,7 +24034,7 @@ index c0226ab..96a8ab7 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1231,7 +1727,7 @@ ENTRY(xen_failsafe_callback) +@@ -1231,7 +1728,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24035,7 +24043,7 @@ index c0226ab..96a8ab7 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1278,18 +1774,33 @@ ENTRY(paranoid_exit) +@@ -1278,18 +1775,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24071,7 +24079,7 @@ index c0226ab..96a8ab7 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1318,7 +1829,7 @@ paranoid_schedule: +@@ -1318,7 +1830,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24080,7 +24088,7 @@ index c0226ab..96a8ab7 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1345,12 +1856,23 @@ ENTRY(error_entry) +@@ -1345,12 +1857,23 @@ ENTRY(error_entry) movq %r14, R14+8(%rsp) movq %r15, R15+8(%rsp) xorl %ebx,%ebx @@ -24105,7 +24113,7 @@ index c0226ab..96a8ab7 100644 ret /* -@@ -1385,7 +1907,7 @@ error_bad_iret: +@@ -1385,7 +1908,7 @@ error_bad_iret: decl %ebx /* Return to usergs */ jmp error_sti CFI_ENDPROC @@ -24114,7 +24122,7 @@ index c0226ab..96a8ab7 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1396,7 +1918,7 @@ ENTRY(error_exit) +@@ -1396,7 +1919,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24123,7 +24131,7 @@ index c0226ab..96a8ab7 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1405,7 +1927,7 @@ ENTRY(error_exit) +@@ -1405,7 +1928,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24132,7 +24140,7 @@ index c0226ab..96a8ab7 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1463,9 +1985,11 @@ ENTRY(nmi) +@@ -1463,9 +1986,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24145,7 +24153,7 @@ index c0226ab..96a8ab7 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1499,8 +2023,7 @@ nested_nmi: +@@ -1499,8 +2024,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24155,7 +24163,7 @@ index c0226ab..96a8ab7 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1518,6 +2041,7 @@ nested_nmi_out: +@@ -1518,6 +2042,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24163,7 +24171,7 @@ index c0226ab..96a8ab7 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1614,13 +2138,13 @@ end_repeat_nmi: +@@ -1614,13 +2139,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24179,7 +24187,7 @@ index c0226ab..96a8ab7 100644 DEFAULT_FRAME 0 /* -@@ -1630,9 +2154,9 @@ end_repeat_nmi: +@@ -1630,9 +2155,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24191,7 +24199,7 @@ index c0226ab..96a8ab7 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1641,29 +2165,34 @@ end_repeat_nmi: +@@ -1641,29 +2166,34 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -25202,7 +25210,7 @@ index 4ddaf66..49d5c18 100644 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); t->iopl = level << 12; diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index 922d285..6d20692 100644 +index 3790775..53717dc 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c @@ -22,7 +22,7 @@ @@ -25534,7 +25542,7 @@ index 7ec1d5f..5a7d130 100644 } diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c -index 67e6d19..731ed28 100644 +index 93d2c04..36d0e94 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -120,9 +120,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op) @@ -26555,7 +26563,7 @@ index e127dda..94e384d 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 8f3ebfe..e6ced5a 100644 +index 8f3ebfe..cbc731b 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -64,6 +64,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread"); @@ -26600,7 +26608,7 @@ index 8f3ebfe..e6ced5a 100644 p->thread.sp = (unsigned long) childregs; p->thread.sp0 = (unsigned long) (childregs+1); -+ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p); ++ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long); memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps)); if (unlikely(p->flags & PF_KTHREAD)) { @@ -26664,7 +26672,7 @@ index 8f3ebfe..e6ced5a 100644 } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 5a2c029..a7f67d3 100644 +index 5a2c029..ec8611d 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -158,10 +158,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, @@ -26676,7 +26684,7 @@ index 5a2c029..a7f67d3 100644 childregs = task_pt_regs(p); p->thread.sp = (unsigned long) childregs; p->thread.usersp = me->thread.usersp; -+ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p); ++ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long); set_tsk_thread_flag(p, TIF_FORK); p->thread.io_bitmap_ptr = NULL; @@ -27814,10 +27822,10 @@ index 0fa2960..91eabbe 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index 4e942f3..d0f623f 100644 +index 7fc5e84..c6e445a 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c -@@ -118,6 +118,11 @@ int do_set_thread_area(struct task_struct *p, int idx, +@@ -139,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx, if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; @@ -27829,7 +27837,7 @@ index 4e942f3..d0f623f 100644 set_tls_desc(p, idx, &info, 1); return 0; -@@ -235,7 +240,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, +@@ -256,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, if (kbuf) info = kbuf; @@ -28048,7 +28056,7 @@ index 07ab8e9..99c8456 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c -index b7e50bb..f4a93ae 100644 +index 5054497..139f8f8 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data) @@ -28163,7 +28171,7 @@ index e8edcf5..27f9344 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 49edf2d..c0d1362 100644 +index 49edf2d..df596b1 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -28344,7 +28352,6 @@ index 49edf2d..c0d1362 100644 + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) { + VMLINUX_SYMBOL(_sinittext) = .; + INIT_TEXT -+ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(PAGE_SIZE); + } :text.init @@ -28355,6 +28362,7 @@ index 49edf2d..c0d1362 100644 + */ + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { + EXIT_TEXT ++ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(16); + } :text.exit + . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text); @@ -28522,7 +28530,7 @@ index e48b674..a451dd9 100644 .read = native_io_apic_read, .write = native_io_apic_write, diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index 4c540c4..0b985b0 100644 +index 0de1fae..298d037 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c @@ -167,18 +167,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame) @@ -28573,7 +28581,7 @@ index 4c540c4..0b985b0 100644 if ((unsigned long)buf % 64 || fx_only) { u64 init_bv = pcntxt_mask & ~XSTATE_FPSSE; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index 976e3a5..8bb998c 100644 +index 88f9201..0e7f1a3 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -175,15 +175,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, @@ -28624,10 +28632,10 @@ index 976e3a5..8bb998c 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 9f8a2fa..2df3c3f 100644 +index c7327a7..c3e2419 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -3519,7 +3519,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) +@@ -3508,7 +3508,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) int cr = ctxt->modrm_reg; u64 efer = 0; @@ -28636,7 +28644,7 @@ index 9f8a2fa..2df3c3f 100644 0xffffffff00000000ULL, 0, 0, 0, /* CR3 checked later */ CR4_RESERVED_BITS, -@@ -3554,7 +3554,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) +@@ -3543,7 +3543,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) ctxt->ops->get_msr(ctxt, MSR_EFER, &efer); if (efer & EFER_LMA) @@ -28699,7 +28707,7 @@ index 7527cef..c63a838e 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 3e556c6..08bbf7f 100644 +index ed70394..c629a68 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1366,12 +1366,12 @@ static void vmcs_write64(unsigned long field, u64 value) @@ -28865,7 +28873,7 @@ index 3e556c6..08bbf7f 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 0033df3..db6236d 100644 +index 506488c..f8df17e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -732,6 +732,8 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4); @@ -28897,7 +28905,7 @@ index 0033df3..db6236d 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -5670,7 +5674,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5743,7 +5747,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -31704,7 +31712,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index d973e61..fb868e9 100644 +index 4d8ee82..ffc1011 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,12 +13,19 @@ @@ -31960,7 +31968,7 @@ index d973e61..fb868e9 100644 /* Kernel addresses are always protection faults: */ if (address >= TASK_SIZE) error_code |= PF_PROT; -@@ -867,7 +979,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -864,7 +976,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -31969,7 +31977,7 @@ index d973e61..fb868e9 100644 code = BUS_MCEERR_AR; } #endif -@@ -921,6 +1033,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -916,6 +1028,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -32069,7 +32077,7 @@ index d973e61..fb868e9 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -1006,6 +1211,9 @@ int show_unhandled_signals = 1; +@@ -1001,6 +1206,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -32079,7 +32087,7 @@ index d973e61..fb868e9 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1040,7 +1248,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -1035,7 +1243,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -32088,7 +32096,7 @@ index d973e61..fb868e9 100644 return false; return true; -@@ -1068,6 +1276,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1063,6 +1271,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, tsk = current; mm = tsk->mm; @@ -32111,7 +32119,7 @@ index d973e61..fb868e9 100644 /* * Detect and handle instructions that would cause a page fault for * both a tracked kernel page and a userspace page. -@@ -1145,7 +1369,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1140,7 +1364,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -32120,7 +32128,7 @@ index d973e61..fb868e9 100644 local_irq_enable(); error_code |= PF_USER; flags |= FAULT_FLAG_USER; -@@ -1192,6 +1416,11 @@ retry: +@@ -1187,6 +1411,11 @@ retry: might_sleep(); } @@ -32132,7 +32140,7 @@ index d973e61..fb868e9 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1203,18 +1432,24 @@ retry: +@@ -1198,18 +1427,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -32168,7 +32176,7 @@ index d973e61..fb868e9 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1331,3 +1566,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1327,3 +1562,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) } NOKPROBE_SYMBOL(trace_do_page_fault); #endif /* CONFIG_TRACING */ @@ -33218,7 +33226,7 @@ index 7b179b49..6bd17777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index af78e50..0790b03 100644 +index af78e50..4f1fe56 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, @@ -33241,17 +33249,29 @@ index af78e50..0790b03 100644 { struct vm_struct *p, *o; -@@ -334,6 +334,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) - +@@ -329,30 +329,29 @@ EXPORT_SYMBOL(iounmap); + */ + void *xlate_dev_mem_ptr(unsigned long phys) + { +- void *addr; +- unsigned long start = phys & PAGE_MASK; +- /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ - if (page_is_ram(start >> PAGE_SHIFT)) +- if (page_is_ram(start >> PAGE_SHIFT)) ++ if (page_is_ram(phys >> PAGE_SHIFT)) +#ifdef CONFIG_HIGHMEM -+ if ((start >> PAGE_SHIFT) < max_low_pfn) ++ if ((phys >> PAGE_SHIFT) < max_low_pfn) +#endif return __va(phys); - addr = (void __force *)ioremap_cache(start, PAGE_SIZE); -@@ -346,13 +349,16 @@ void *xlate_dev_mem_ptr(unsigned long phys) +- addr = (void __force *)ioremap_cache(start, PAGE_SIZE); +- if (addr) +- addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK)); +- +- return addr; ++ return (void __force *)ioremap_cache(phys, PAGE_SIZE); + } + void unxlate_dev_mem_ptr(unsigned long phys, void *addr) { if (page_is_ram(phys >> PAGE_SHIFT)) @@ -33269,7 +33289,7 @@ index af78e50..0790b03 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -388,8 +394,7 @@ void __init early_ioremap_init(void) +@@ -388,8 +387,7 @@ void __init early_ioremap_init(void) early_ioremap_setup(); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -35466,7 +35486,7 @@ index e904c27..b9eaa03 100644 #ifdef CONFIG_COMPAT_VDSO #define VDSO_DEFAULT 0 diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 970463b..da82d3e 100644 +index 208c220..54f1447 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,10 +16,9 @@ @@ -35481,7 +35501,7 @@ index 970463b..da82d3e 100644 extern unsigned short vdso_sync_cpuid; #endif -@@ -101,6 +100,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) +@@ -114,6 +113,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) .pages = no_pages, }; @@ -35493,7 +35513,7 @@ index 970463b..da82d3e 100644 if (calculate_addr) { addr = vdso_addr(current->mm->start_stack, image->size - image->sym_vvar_start); -@@ -111,14 +115,14 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) +@@ -124,14 +128,14 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) down_write(&mm->mmap_sem); addr = get_unmapped_area(NULL, addr, @@ -35510,7 +35530,7 @@ index 970463b..da82d3e 100644 /* * MAYWRITE to allow gdb to COW and set breakpoints -@@ -163,15 +167,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) +@@ -176,15 +180,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) hpet_address >> PAGE_SHIFT, PAGE_SIZE, pgprot_noncached(PAGE_READONLY)); @@ -35527,7 +35547,7 @@ index 970463b..da82d3e 100644 up_write(&mm->mmap_sem); return ret; -@@ -191,8 +192,8 @@ static int load_vdso32(void) +@@ -204,8 +205,8 @@ static int load_vdso32(void) if (selected_vdso32->sym_VDSO32_SYSENTER_RETURN) current_thread_info()->sysenter_return = @@ -35538,7 +35558,7 @@ index 970463b..da82d3e 100644 return 0; } -@@ -201,9 +202,6 @@ static int load_vdso32(void) +@@ -214,9 +215,6 @@ static int load_vdso32(void) #ifdef CONFIG_X86_64 int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { @@ -35548,7 +35568,7 @@ index 970463b..da82d3e 100644 return map_vdso(&vdso_image_64, true); } -@@ -212,12 +210,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -225,12 +223,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { #ifdef CONFIG_X86_X32_ABI @@ -35562,7 +35582,7 @@ index 970463b..da82d3e 100644 #endif return load_vdso32(); -@@ -229,12 +223,3 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -242,12 +236,3 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) return load_vdso32(); } #endif @@ -35588,7 +35608,7 @@ index e88fda8..76ce7ce 100644 This is the Linux Xen port. Enabling this will allow the kernel to boot in a paravirtualized environment under the diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index fac5e4f..5b5cf4f 100644 +index fac5e4f..89c3525 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -123,8 +123,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -35676,7 +35696,21 @@ index fac5e4f..5b5cf4f 100644 { if (pm_power_off) pm_power_off(); -@@ -1573,7 +1569,17 @@ asmlinkage __visible void __init xen_start_kernel(void) +@@ -1456,8 +1452,11 @@ static void __ref xen_setup_gdt(int cpu) + pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot; + pv_cpu_ops.load_gdt = xen_load_gdt_boot; + +- setup_stack_canary_segment(0); +- switch_to_new_gdt(0); ++ setup_stack_canary_segment(cpu); ++#ifdef CONFIG_X86_64 ++ load_percpu_segment(cpu); ++#endif ++ switch_to_new_gdt(cpu); + + pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry; + pv_cpu_ops.load_gdt = xen_load_gdt; +@@ -1573,7 +1572,17 @@ asmlinkage __visible void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -35695,7 +35729,7 @@ index fac5e4f..5b5cf4f 100644 /* Get mfn list */ xen_build_dynamic_phys_to_machine(); -@@ -1601,13 +1607,6 @@ asmlinkage __visible void __init xen_start_kernel(void) +@@ -1601,13 +1610,6 @@ asmlinkage __visible void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -36070,7 +36104,7 @@ index f678c73..f35aa18 100644 err = -EFAULT; goto out; diff --git a/block/genhd.c b/block/genhd.c -index bd30606..bbc9b90 100644 +index 0a536dc..b8f7aca 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -469,21 +469,24 @@ static char *bdevt_str(dev_t devt, char *buf) @@ -36191,7 +36225,7 @@ index b0c2a61..10bb6ec 100644 goto error; diff --git a/crypto/cryptd.c b/crypto/cryptd.c -index e592c90..c566114 100644 +index 650afac1..f3307de 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx { @@ -36213,7 +36247,7 @@ index e592c90..c566114 100644 static void cryptd_queue_worker(struct work_struct *work); diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c -index 309d345..1632720 100644 +index c305d41..a96de79 100644 --- a/crypto/pcrypt.c +++ b/crypto/pcrypt.c @@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name) @@ -36337,10 +36371,10 @@ index c68e724..e863008 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c -index 7db1931..302dd5f 100644 +index 6341e66..ebcf59c 100644 --- a/drivers/acpi/device_pm.c +++ b/drivers/acpi/device_pm.c -@@ -1021,6 +1021,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze); +@@ -1029,6 +1029,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze); #endif /* CONFIG_PM_SLEEP */ @@ -36349,7 +36383,7 @@ index 7db1931..302dd5f 100644 static struct dev_pm_domain acpi_general_pm_domain = { .ops = { #ifdef CONFIG_PM_RUNTIME -@@ -1039,6 +1041,7 @@ static struct dev_pm_domain acpi_general_pm_domain = { +@@ -1047,6 +1049,7 @@ static struct dev_pm_domain acpi_general_pm_domain = { .restore_early = acpi_subsys_resume_early, #endif }, @@ -36357,7 +36391,7 @@ index 7db1931..302dd5f 100644 }; /** -@@ -1108,7 +1111,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on) +@@ -1116,7 +1119,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on) acpi_device_wakeup(adev, ACPI_STATE_S0, false); } @@ -36410,7 +36444,7 @@ index 97683e4..655f6ba 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index c5ba15a..75ec7a8 100644 +index 485f7ea..9a8df4a 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -99,7 +99,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -36422,7 +36456,7 @@ index c5ba15a..75ec7a8 100644 struct ata_force_param { const char *name; -@@ -4797,7 +4797,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4800,7 +4800,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -36431,7 +36465,7 @@ index c5ba15a..75ec7a8 100644 ap = qc->ap; qc->flags = 0; -@@ -4813,7 +4813,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4816,7 +4816,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -36440,7 +36474,7 @@ index c5ba15a..75ec7a8 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5917,6 +5917,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5920,6 +5920,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -36448,7 +36482,7 @@ index c5ba15a..75ec7a8 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5930,8 +5931,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5933,8 +5934,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -36459,7 +36493,7 @@ index c5ba15a..75ec7a8 100644 spin_unlock(&lock); } -@@ -6127,7 +6129,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) +@@ -6130,7 +6132,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) /* give ports names and add SCSI hosts */ for (i = 0; i < host->n_ports; i++) { @@ -37506,10 +37540,10 @@ index 969c3c2..9b72956 100644 } diff --git a/drivers/base/bus.c b/drivers/base/bus.c -index 83e910a..b224a73 100644 +index 876bae5..8978785 100644 --- a/drivers/base/bus.c +++ b/drivers/base/bus.c -@@ -1124,7 +1124,7 @@ int subsys_interface_register(struct subsys_interface *sif) +@@ -1126,7 +1126,7 @@ int subsys_interface_register(struct subsys_interface *sif) return -EINVAL; mutex_lock(&subsys->p->mutex); @@ -37518,7 +37552,7 @@ index 83e910a..b224a73 100644 if (sif->add_dev) { subsys_dev_iter_init(&iter, subsys, NULL, NULL); while ((dev = subsys_dev_iter_next(&iter))) -@@ -1149,7 +1149,7 @@ void subsys_interface_unregister(struct subsys_interface *sif) +@@ -1151,7 +1151,7 @@ void subsys_interface_unregister(struct subsys_interface *sif) subsys = sif->subsys; mutex_lock(&subsys->p->mutex); @@ -37569,7 +37603,7 @@ index 472168c..4af587e 100644 static ssize_t show_node_state(struct device *dev, struct device_attribute *attr, char *buf) diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c -index fb83d4a..4aa50ec 100644 +index fb83d4a..e1797b3 100644 --- a/drivers/base/power/domain.c +++ b/drivers/base/power/domain.c @@ -1725,7 +1725,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state) @@ -37590,6 +37624,17 @@ index fb83d4a..4aa50ec 100644 int ret = 0; if (IS_ERR_OR_NULL(genpd)) +@@ -2215,7 +2215,9 @@ int genpd_dev_pm_attach(struct device *dev) + return ret; + } + +- dev->pm_domain->detach = genpd_dev_pm_detach; ++ pax_open_kernel(); ++ *(void **)&dev->pm_domain->detach = genpd_dev_pm_detach; ++ pax_close_kernel(); + + return 0; + } diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c index a9d26ed..74b8405 100644 --- a/drivers/base/power/sysfs.c @@ -38640,7 +38685,7 @@ index 5c4e1f6..0ea58f9 100644 new_smi->interrupt_disabled = true; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 524b707..29d07c1 100644 +index 524b707..62a3d70 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -38688,15 +38733,17 @@ index 524b707..29d07c1 100644 #else static inline int range_is_allowed(unsigned long pfn, unsigned long size) { -@@ -122,6 +136,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -121,7 +135,8 @@ static ssize_t read_mem(struct file *file, char __user *buf, + #endif while (count > 0) { - unsigned long remaining; +- unsigned long remaining; ++ unsigned long remaining = 0; + char *temp; sz = size_inside_page(p, count); -@@ -137,7 +152,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -137,7 +152,24 @@ static ssize_t read_mem(struct file *file, char __user *buf, if (!ptr) return -EFAULT; @@ -38707,12 +38754,13 @@ index 524b707..29d07c1 100644 + unxlate_dev_mem_ptr(p, ptr); + return -ENOMEM; + } -+ memcpy(temp, ptr, sz); ++ remaining = probe_kernel_read(temp, ptr, sz); +#else + temp = ptr; +#endif + -+ remaining = copy_to_user(buf, temp, sz); ++ if (!remaining) ++ remaining = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -38721,7 +38769,7 @@ index 524b707..29d07c1 100644 unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; -@@ -369,9 +400,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -369,9 +401,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { unsigned long p = *ppos; @@ -38732,7 +38780,7 @@ index 524b707..29d07c1 100644 read = 0; if (p < (unsigned long) high_memory) { -@@ -393,6 +423,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -393,6 +424,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } #endif while (low_count > 0) { @@ -38741,7 +38789,7 @@ index 524b707..29d07c1 100644 sz = size_inside_page(p, low_count); /* -@@ -402,7 +434,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -402,7 +435,23 @@ static ssize_t read_kmem(struct file *file, char __user *buf, */ kbuf = xlate_dev_kmem_ptr((char *)p); @@ -38750,12 +38798,13 @@ index 524b707..29d07c1 100644 + temp = kmalloc(sz, GFP_KERNEL|GFP_USERCOPY); + if (!temp) + return -ENOMEM; -+ memcpy(temp, kbuf, sz); ++ err = probe_kernel_read(temp, kbuf, sz); +#else + temp = kbuf; +#endif + -+ err = copy_to_user(buf, temp, sz); ++ if (!err) ++ err = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -38765,7 +38814,7 @@ index 524b707..29d07c1 100644 return -EFAULT; buf += sz; p += sz; -@@ -797,6 +844,9 @@ static const struct memdev { +@@ -797,6 +846,9 @@ static const struct memdev { #ifdef CONFIG_PRINTK [11] = { "kmsg", 0644, &kmsg_fops, NULL }, #endif @@ -38775,7 +38824,7 @@ index 524b707..29d07c1 100644 }; static int memory_open(struct inode *inode, struct file *filp) -@@ -868,7 +918,7 @@ static int __init chr_dev_init(void) +@@ -868,7 +920,7 @@ static int __init chr_dev_init(void) continue; device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), @@ -38870,7 +38919,7 @@ index 0ea9986..e7b07e4 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 04645c0..560e350 100644 +index 04645c0..6416f00 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -289,9 +289,6 @@ @@ -38896,6 +38945,30 @@ index 04645c0..560e350 100644 static struct entropy_store input_pool = { .poolinfo = &poolinfo_table[0], +@@ -569,19 +566,19 @@ static void fast_mix(struct fast_pool *f) + __u32 c = f->pool[2], d = f->pool[3]; + + a += b; c += d; +- b = rol32(a, 6); d = rol32(c, 27); ++ b = rol32(b, 6); d = rol32(d, 27); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 16); d = rol32(c, 14); ++ b = rol32(b, 16); d = rol32(d, 14); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 6); d = rol32(c, 27); ++ b = rol32(b, 6); d = rol32(d, 27); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 16); d = rol32(c, 14); ++ b = rol32(b, 16); d = rol32(d, 14); + d ^= a; b ^= c; + + f->pool[0] = a; f->pool[1] = b; @@ -635,7 +632,7 @@ retry: /* The +2 corresponds to the /4 in the denominator */ @@ -40090,6 +40163,19 @@ index 3784e81..73637b5 100644 static struct { spinlock_t lock; +diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c +index 415682f..08438b8 100644 +--- a/drivers/gpio/gpio-omap.c ++++ b/drivers/gpio/gpio-omap.c +@@ -1162,7 +1162,7 @@ static int omap_gpio_probe(struct platform_device *pdev) + const struct omap_gpio_platform_data *pdata; + struct resource *res; + struct gpio_bank *bank; +- struct irq_chip *irqc; ++ irq_chip_no_const *irqc; + int ret; + + match = of_match_device(of_match_ptr(omap_gpio_match), dev); diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c index bf6c094..6573caf 100644 --- a/drivers/gpio/gpio-rcar.c @@ -40117,10 +40203,10 @@ index dbf28fa..04dad4e 100644 return -EINVAL; } diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c -index e8e98ca..10f416e 100644 +index c81bda0..a8ccd9f 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c -@@ -537,8 +537,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip) +@@ -539,8 +539,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip) } if (gpiochip->irqchip) { @@ -40133,7 +40219,7 @@ index e8e98ca..10f416e 100644 gpiochip->irqchip = NULL; } } -@@ -604,8 +606,11 @@ int gpiochip_irqchip_add(struct gpio_chip *gpiochip, +@@ -606,8 +608,11 @@ int gpiochip_irqchip_add(struct gpio_chip *gpiochip, gpiochip->irqchip = NULL; return -EINVAL; } @@ -40173,6 +40259,32 @@ index bc3da32..7289357 100644 drm_put_dev(dev); } mutex_unlock(&drm_global_mutex); +diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c +index e9a2827..5df4716 100644 +--- a/drivers/gpu/drm/drm_fb_helper.c ++++ b/drivers/gpu/drm/drm_fb_helper.c +@@ -771,7 +771,9 @@ int drm_fb_helper_setcmap(struct fb_cmap *cmap, struct fb_info *info) + int i, j, rc = 0; + int start; + +- drm_modeset_lock_all(dev); ++ if (__drm_modeset_lock_all(dev, !!oops_in_progress)) { ++ return -EBUSY; ++ } + if (!drm_fb_helper_is_bound(fb_helper)) { + drm_modeset_unlock_all(dev); + return -EBUSY; +@@ -945,7 +947,9 @@ int drm_fb_helper_pan_display(struct fb_var_screeninfo *var, + int ret = 0; + int i; + +- drm_modeset_lock_all(dev); ++ if (__drm_modeset_lock_all(dev, !!oops_in_progress)) { ++ return -EBUSY; ++ } + if (!drm_fb_helper_is_bound(fb_helper)) { + drm_modeset_unlock_all(dev); + return -EBUSY; diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c index ed7bc68..0d536af 100644 --- a/drivers/gpu/drm/drm_fops.c @@ -40466,7 +40578,7 @@ index 2e0613e..a8b94d9 100644 return ret; diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 9cb5c95..9228666 100644 +index 31b9664..5d478d3 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -12811,13 +12811,13 @@ struct intel_quirk { @@ -40646,10 +40758,10 @@ index 462679a..88e32a7 100644 if (nr < DRM_COMMAND_BASE) diff --git a/drivers/gpu/drm/nouveau/nouveau_ttm.c b/drivers/gpu/drm/nouveau/nouveau_ttm.c -index 753a6de..dd66b98 100644 +index 3d1cfcb..0542700 100644 --- a/drivers/gpu/drm/nouveau/nouveau_ttm.c +++ b/drivers/gpu/drm/nouveau/nouveau_ttm.c -@@ -126,11 +126,11 @@ nouveau_vram_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) +@@ -127,11 +127,11 @@ nouveau_vram_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) } const struct ttm_mem_type_manager_func nouveau_vram_manager = { @@ -40666,7 +40778,7 @@ index 753a6de..dd66b98 100644 }; static int -@@ -194,11 +194,11 @@ nouveau_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) +@@ -195,11 +195,11 @@ nouveau_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) } const struct ttm_mem_type_manager_func nouveau_gart_manager = { @@ -40683,7 +40795,7 @@ index 753a6de..dd66b98 100644 }; /*XXX*/ -@@ -267,11 +267,11 @@ nv04_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) +@@ -268,11 +268,11 @@ nv04_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) } const struct ttm_mem_type_manager_func nv04_gart_manager = { @@ -41063,10 +41175,10 @@ index 4a85bb6..aaea819 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 995a8b1..b7cb898 100644 +index bdf263a..0305446 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -1214,7 +1214,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1216,7 +1216,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) * locking inversion with the driver load path. And the access here is * completely racy anyway. So don't bother with locking for now. */ @@ -41179,7 +41291,7 @@ index 535403e..5dd655b 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 8624979..65e5243 100644 +index d2510cf..63bd4ed 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c @@ -936,7 +936,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) @@ -41284,7 +41396,7 @@ index a1803fb..c53f6b0 100644 kobject_put(&zone->kobj); return ret; diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c -index 09874d6..d6da1de 100644 +index 025c429..314062f 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -54,7 +54,7 @@ @@ -41296,14 +41408,15 @@ index 09874d6..d6da1de 100644 /* times are in msecs */ #define PAGE_FREE_INTERVAL 1000 -@@ -299,14 +299,13 @@ static void ttm_pool_update_free_locked(struct ttm_page_pool *pool, +@@ -299,15 +299,14 @@ static void ttm_pool_update_free_locked(struct ttm_page_pool *pool, * @free_all: If set to true will free all pages in pool - * @gfp: GFP flags. + * @use_static: Safe to use static buffer **/ -static int ttm_page_pool_free(struct ttm_page_pool *pool, unsigned nr_free, +static unsigned long ttm_page_pool_free(struct ttm_page_pool *pool, unsigned long nr_free, - gfp_t gfp) + bool use_static) { + static struct page *static_buf[NUM_PAGES_TO_ALLOC]; unsigned long irq_flags; struct page *p; struct page **pages_to_free; @@ -41313,7 +41426,7 @@ index 09874d6..d6da1de 100644 if (NUM_PAGES_TO_ALLOC < nr_free) npages_to_free = NUM_PAGES_TO_ALLOC; -@@ -366,7 +365,8 @@ restart: +@@ -371,7 +370,8 @@ restart: __list_del(&p->lru, &pool->list); ttm_pool_update_free_locked(pool, freed_pages); @@ -41323,7 +41436,7 @@ index 09874d6..d6da1de 100644 } spin_unlock_irqrestore(&pool->lock, irq_flags); -@@ -395,7 +395,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) +@@ -399,7 +399,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) unsigned i; unsigned pool_offset; struct ttm_page_pool *pool; @@ -41332,7 +41445,7 @@ index 09874d6..d6da1de 100644 unsigned long freed = 0; if (!mutex_trylock(&lock)) -@@ -403,7 +403,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) +@@ -407,7 +407,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) pool_offset = ++start_pool % NUM_POOLS; /* select start pool in round robin fashion */ for (i = 0; i < NUM_POOLS; ++i) { @@ -41341,7 +41454,7 @@ index 09874d6..d6da1de 100644 if (shrink_pages == 0) break; pool = &_manager->pools[(i + pool_offset)%NUM_POOLS]; -@@ -669,7 +669,7 @@ out: +@@ -673,7 +673,7 @@ out: } /* Put all pages in pages list to correct pool to wait for reuse */ @@ -41350,7 +41463,7 @@ index 09874d6..d6da1de 100644 enum ttm_caching_state cstate) { unsigned long irq_flags; -@@ -724,7 +724,7 @@ static int ttm_get_pages(struct page **pages, unsigned npages, int flags, +@@ -728,7 +728,7 @@ static int ttm_get_pages(struct page **pages, unsigned npages, int flags, struct list_head plist; struct page *p = NULL; gfp_t gfp_flags = GFP_USER; @@ -41360,7 +41473,7 @@ index 09874d6..d6da1de 100644 /* set zero flag for page allocation if required */ diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c -index c96db43..c367557 100644 +index 01e1d27..aaa018a 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c @@ -56,7 +56,7 @@ @@ -41372,15 +41485,16 @@ index c96db43..c367557 100644 /* times are in msecs */ #define IS_UNDEFINED (0) #define IS_WC (1<<1) -@@ -413,15 +413,14 @@ static void ttm_dma_page_put(struct dma_pool *pool, struct dma_page *d_page) +@@ -413,7 +413,7 @@ static void ttm_dma_page_put(struct dma_pool *pool, struct dma_page *d_page) * @nr_free: If set to true will free all pages in pool - * @gfp: GFP flags. + * @use_static: Safe to use static buffer **/ -static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free, +static unsigned long ttm_dma_page_pool_free(struct dma_pool *pool, unsigned long nr_free, - gfp_t gfp) + bool use_static) { - unsigned long irq_flags; + static struct page *static_buf[NUM_PAGES_TO_ALLOC]; +@@ -421,8 +421,7 @@ static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free, struct dma_page *dma_p, *tmp; struct page **pages_to_free; struct list_head d_pages; @@ -41390,7 +41504,7 @@ index c96db43..c367557 100644 if (NUM_PAGES_TO_ALLOC < nr_free) npages_to_free = NUM_PAGES_TO_ALLOC; -@@ -494,7 +493,8 @@ restart: +@@ -499,7 +498,8 @@ restart: /* remove range of pages from the pool */ if (freed_pages) { ttm_pool_update_free_locked(pool, freed_pages); @@ -41400,7 +41514,7 @@ index c96db43..c367557 100644 } spin_unlock_irqrestore(&pool->lock, irq_flags); -@@ -929,7 +929,7 @@ void ttm_dma_unpopulate(struct ttm_dma_tt *ttm_dma, struct device *dev) +@@ -936,7 +936,7 @@ void ttm_dma_unpopulate(struct ttm_dma_tt *ttm_dma, struct device *dev) struct dma_page *d_page, *next; enum pool_type type; bool is_cached = false; @@ -41409,7 +41523,7 @@ index c96db43..c367557 100644 unsigned long irq_flags; type = ttm_to_type(ttm->page_flags, ttm->caching_state); -@@ -1007,7 +1007,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) +@@ -1012,7 +1012,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) static unsigned start_pool; unsigned idx = 0; unsigned pool_offset; @@ -41418,7 +41532,7 @@ index c96db43..c367557 100644 struct device_pools *p; unsigned long freed = 0; -@@ -1020,7 +1020,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) +@@ -1025,7 +1025,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) goto out; pool_offset = ++start_pool % _manager->npools; list_for_each_entry(p, &_manager->pools, pools) { @@ -41427,8 +41541,8 @@ index c96db43..c367557 100644 if (!p->dev) continue; -@@ -1034,7 +1034,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) - sc->gfp_mask); +@@ -1039,7 +1039,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) + shrink_pages = ttm_dma_page_pool_free(p->pool, nr_free, true); freed += nr_free - shrink_pages; - pr_debug("%s: (%s:%d) Asked to shrink %d, have %d more to go\n", @@ -41545,10 +41659,10 @@ index 1319433..a993b0c 100644 case VIA_IRQ_ABSOLUTE: break; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index 4ee799b..69fc0d1 100644 +index d26a6da..5fa41ed 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -@@ -446,7 +446,7 @@ struct vmw_private { +@@ -447,7 +447,7 @@ struct vmw_private { * Fencing and IRQs. */ @@ -41556,12 +41670,12 @@ index 4ee799b..69fc0d1 100644 + atomic_unchecked_t marker_seq; wait_queue_head_t fence_queue; wait_queue_head_t fifo_queue; - int fence_queue_waiters; /* Protected by hw_mutex */ + spinlock_t waiter_lock; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c -index 09e10ae..cb76c60 100644 +index 39f2b03..d1b0a64 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c -@@ -154,7 +154,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo) +@@ -152,7 +152,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo) (unsigned int) min, (unsigned int) fifo->capabilities); @@ -41570,7 +41684,7 @@ index 09e10ae..cb76c60 100644 iowrite32(dev_priv->last_read_seqno, fifo_mem + SVGA_FIFO_FENCE); vmw_marker_queue_init(&fifo->marker_queue); return vmw_fifo_send_fence(dev_priv, &dummy); -@@ -378,7 +378,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes) +@@ -372,7 +372,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes) if (reserveable) iowrite32(bytes, fifo_mem + SVGA_FIFO_RESERVED); @@ -41579,7 +41693,7 @@ index 09e10ae..cb76c60 100644 } else { need_bounce = true; } -@@ -498,7 +498,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) +@@ -492,7 +492,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) fm = vmw_fifo_reserve(dev_priv, bytes); if (unlikely(fm == NULL)) { @@ -41588,7 +41702,7 @@ index 09e10ae..cb76c60 100644 ret = -ENOMEM; (void)vmw_fallback_wait(dev_priv, false, true, *seqno, false, 3*HZ); -@@ -506,7 +506,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) +@@ -500,7 +500,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) } do { @@ -41617,7 +41731,7 @@ index 170b61b..fec7348 100644 + .debug = vmw_gmrid_man_debug }; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c -index 37881ec..319065d 100644 +index 69c8ce2..cacb0ab 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c @@ -235,7 +235,7 @@ int vmw_present_ioctl(struct drm_device *dev, void *data, @@ -41639,10 +41753,10 @@ index 37881ec..319065d 100644 if (unlikely(num_clips == 0)) return 0; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c -index 0c42376..6febe77 100644 +index 9fe9827..0aa2fc0 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c -@@ -107,7 +107,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv, +@@ -102,7 +102,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv, * emitted. Then the fence is stale and signaled. */ @@ -41651,7 +41765,7 @@ index 0c42376..6febe77 100644 > VMW_FENCE_WRAP); return ret; -@@ -138,7 +138,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv, +@@ -133,7 +133,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv, if (fifo_idle) down_read(&fifo_state->rwsem); @@ -41696,10 +41810,10 @@ index 37ac7b5..d52a5c9 100644 /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 3402033..50b562c 100644 +index dfaccfc..bfea740 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2506,7 +2506,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2507,7 +2507,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -41708,7 +41822,7 @@ index 3402033..50b562c 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2548,7 +2548,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2549,7 +2549,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -43693,6 +43807,19 @@ index 38493ff..001538b 100644 .name = "GIC", .irq_mask = gic_mask_irq, .irq_unmask = gic_unmask_irq, +diff --git a/drivers/irqchip/irq-renesas-intc-irqpin.c b/drivers/irqchip/irq-renesas-intc-irqpin.c +index 542e850..1bb094c 100644 +--- a/drivers/irqchip/irq-renesas-intc-irqpin.c ++++ b/drivers/irqchip/irq-renesas-intc-irqpin.c +@@ -353,7 +353,7 @@ static int intc_irqpin_probe(struct platform_device *pdev) + struct intc_irqpin_iomem *i; + struct resource *io[INTC_IRQPIN_REG_NR]; + struct resource *irq; +- struct irq_chip *irq_chip; ++ irq_chip_no_const *irq_chip; + void (*enable_fn)(struct irq_data *d); + void (*disable_fn)(struct irq_data *d); + const char *name = dev_name(dev); diff --git a/drivers/irqchip/irq-renesas-irqc.c b/drivers/irqchip/irq-renesas-irqc.c index 8777065..a4a9967 100644 --- a/drivers/irqchip/irq-renesas-irqc.c @@ -43935,6 +44062,19 @@ index 4d9b195..455075c 100644 return -EFAULT; } else { memcpy(buf, dp, left); +diff --git a/drivers/isdn/hardware/eicon/message.c b/drivers/isdn/hardware/eicon/message.c +index a82e542..f766a79 100644 +--- a/drivers/isdn/hardware/eicon/message.c ++++ b/drivers/isdn/hardware/eicon/message.c +@@ -1474,7 +1474,7 @@ static byte connect_res(dword Id, word Number, DIVA_CAPI_ADAPTER *a, + add_ai(plci, &parms[5]); + sig_req(plci, REJECT, 0); + } +- else if (Reject == 1 || Reject > 9) ++ else if (Reject == 1 || Reject >= 9) + { + add_ai(plci, &parms[5]); + sig_req(plci, HANGUP, 0); diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c index 9b856e1..fa03c92 100644 --- a/drivers/isdn/i4l/isdn_common.c @@ -44477,7 +44617,7 @@ index e9d33ad..dae9880d 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 58f3927..bfbad3e 100644 +index 62c5136..aede7f1 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -183,9 +183,9 @@ struct mapped_device { @@ -44792,7 +44932,7 @@ index 32e282f..5cec803 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 9c66e59..42a8eac 100644 +index b98765f..09e86d5 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1730,6 +1730,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -47098,10 +47238,10 @@ index 98d73aa..63ef9da 100644 Say Y here if you want to support for Freescale FlexCAN. diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c -index 2cfe501..477d4b5 100644 +index 4b008c9..2b1151f 100644 --- a/drivers/net/can/dev.c +++ b/drivers/net/can/dev.c -@@ -868,7 +868,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, +@@ -872,7 +872,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, return -EOPNOTSUPP; } @@ -47976,7 +48116,7 @@ index cf8b6ff..274271e 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 597c463..5cc1a7f 100644 +index d2975fa..8aaec07 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -537,7 +537,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) @@ -48014,6 +48154,19 @@ index 4ff1adc..0ea6bf4 100644 #include "ftmac100.h" +diff --git a/drivers/net/ethernet/freescale/gianfar_ethtool.c b/drivers/net/ethernet/freescale/gianfar_ethtool.c +index 76d7070..f6971182 100644 +--- a/drivers/net/ethernet/freescale/gianfar_ethtool.c ++++ b/drivers/net/ethernet/freescale/gianfar_ethtool.c +@@ -1581,7 +1581,7 @@ static int gfar_write_filer_table(struct gfar_private *priv, + return -EBUSY; + + /* Fill regular entries */ +- for (; i < MAX_FILER_IDX - 1 && (tab->fe[i].ctrl | tab->fe[i].ctrl); ++ for (; i < MAX_FILER_IDX - 1 && (tab->fe[i].ctrl | tab->fe[i].prop); + i++) + gfar_write_filer(priv, i, tab->fe[i].ctrl, tab->fe[i].prop); + /* Fill the rest with fall-troughs */ diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c b/drivers/net/ethernet/intel/i40e/i40e_ptp.c index 537b621..07f87ce 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c @@ -48041,7 +48194,7 @@ index 5fd4b52..87aa34b 100644 /* need lock to prevent incorrect read while modifying cyclecounter */ diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c -index 454d9fe..59f0f0b 100644 +index 11ff28b..375d659 100644 --- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c @@ -458,8 +458,8 @@ static bool mlx4_en_process_tx_cq(struct net_device *dev, @@ -48055,6 +48208,56 @@ index 454d9fe..59f0f0b 100644 netdev_tx_completed_queue(ring->tx_queue, packets, bytes); +diff --git a/drivers/net/ethernet/mellanox/mlx4/mlx4.h b/drivers/net/ethernet/mellanox/mlx4/mlx4.h +index de10dbb..8b54f29 100644 +--- a/drivers/net/ethernet/mellanox/mlx4/mlx4.h ++++ b/drivers/net/ethernet/mellanox/mlx4/mlx4.h +@@ -233,7 +233,8 @@ do { \ + extern int mlx4_log_num_mgm_entry_size; + extern int log_mtts_per_seg; + +-#define MLX4_MAX_NUM_SLAVES (MLX4_MAX_NUM_PF + MLX4_MAX_NUM_VF) ++#define MLX4_MAX_NUM_SLAVES (min(MLX4_MAX_NUM_PF + MLX4_MAX_NUM_VF, \ ++ MLX4_MFUNC_MAX)) + #define ALL_SLAVES 0xff + + struct mlx4_bitmap { +diff --git a/drivers/net/ethernet/neterion/s2io.c b/drivers/net/ethernet/neterion/s2io.c +index f5e4b82..db0c7a9 100644 +--- a/drivers/net/ethernet/neterion/s2io.c ++++ b/drivers/net/ethernet/neterion/s2io.c +@@ -6987,7 +6987,9 @@ static int s2io_add_isr(struct s2io_nic *sp) + if (sp->s2io_entries[i].in_use == MSIX_FLG) { + if (sp->s2io_entries[i].type == + MSIX_RING_TYPE) { +- sprintf(sp->desc[i], "%s:MSI-X-%d-RX", ++ snprintf(sp->desc[i], ++ sizeof(sp->desc[i]), ++ "%s:MSI-X-%d-RX", + dev->name, i); + err = request_irq(sp->entries[i].vector, + s2io_msix_ring_handle, +@@ -6996,7 +6998,9 @@ static int s2io_add_isr(struct s2io_nic *sp) + sp->s2io_entries[i].arg); + } else if (sp->s2io_entries[i].type == + MSIX_ALARM_TYPE) { +- sprintf(sp->desc[i], "%s:MSI-X-%d-TX", ++ snprintf(sp->desc[i], ++ sizeof(sp->desc[i]), ++ "%s:MSI-X-%d-TX", + dev->name, i); + err = request_irq(sp->entries[i].vector, + s2io_msix_fifo_handle, +@@ -8154,7 +8158,8 @@ s2io_init_nic(struct pci_dev *pdev, const struct pci_device_id *pre) + "%s: UDP Fragmentation Offload(UFO) enabled\n", + dev->name); + /* Initialize device name */ +- sprintf(sp->name, "%s Neterion %s", dev->name, sp->product_name); ++ snprintf(sp->name, sizeof(sp->name), "%s Neterion %s", dev->name, ++ sp->product_name); + + if (vlan_tag_strip) + sp->vlan_strip_flag = 1; diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c index 2bbd01f..e8baa64 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -48211,6 +48414,42 @@ index 2f48f79..8ae1a1a 100644 spinlock_t request_lock; struct list_head req_list; +diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c +index 7d76c95..63d7a64 100644 +--- a/drivers/net/hyperv/netvsc.c ++++ b/drivers/net/hyperv/netvsc.c +@@ -716,7 +716,7 @@ int netvsc_send(struct hv_device *device, + u64 req_id; + unsigned int section_index = NETVSC_INVALID_INDEX; + u32 msg_size = 0; +- struct sk_buff *skb; ++ struct sk_buff *skb = NULL; + u16 q_idx = packet->q_idx; + + +@@ -743,8 +743,6 @@ int netvsc_send(struct hv_device *device, + packet); + skb = (struct sk_buff *) + (unsigned long)packet->send_completion_tid; +- if (skb) +- dev_kfree_skb_any(skb); + packet->page_buf_cnt = 0; + } + } +@@ -807,6 +805,13 @@ int netvsc_send(struct hv_device *device, + packet, ret); + } + ++ if (ret != 0) { ++ if (section_index != NETVSC_INVALID_INDEX) ++ netvsc_free_send_slot(net_device, section_index); ++ } else if (skb) { ++ dev_kfree_skb_any(skb); ++ } ++ + return ret; + } + diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c index 2b86f0b..ecc996f 100644 --- a/drivers/net/hyperv/rndis_filter.c @@ -48348,6 +48587,19 @@ index 34924df..a747360 100644 .kind = "nlmon", .priv_size = sizeof(struct nlmon), .setup = nlmon_setup, +diff --git a/drivers/net/ppp/ppp_deflate.c b/drivers/net/ppp/ppp_deflate.c +index 602c625..b5edc7f 100644 +--- a/drivers/net/ppp/ppp_deflate.c ++++ b/drivers/net/ppp/ppp_deflate.c +@@ -246,7 +246,7 @@ static int z_compress(void *arg, unsigned char *rptr, unsigned char *obuf, + /* + * See if we managed to reduce the size of the packet. + */ +- if (olen < isize) { ++ if (olen < isize && olen <= osize) { + state->stats.comp_bytes += olen; + state->stats.comp_packets++; + } else { diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 794a473..9fd437b 100644 --- a/drivers/net/ppp/ppp_generic.c @@ -48384,10 +48636,10 @@ index 079f7ad..b2a2bfa7 100644 /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index 2368395..bf6fe96 100644 +index 9c505c4..5d0c879 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c -@@ -2090,7 +2090,7 @@ static unsigned int team_get_num_rx_queues(void) +@@ -2102,7 +2102,7 @@ static unsigned int team_get_num_rx_queues(void) return TEAM_DEFAULT_NUM_RX_QUEUES; } @@ -48396,7 +48648,7 @@ index 2368395..bf6fe96 100644 .kind = DRV_NAME, .priv_size = sizeof(struct team), .setup = team_setup, -@@ -2880,7 +2880,7 @@ static int team_device_event(struct notifier_block *unused, +@@ -2892,7 +2892,7 @@ static int team_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -49074,7 +49326,7 @@ index 057b165..98ae88f 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index 975074f..e9440da 100644 +index e8e8dd2..030f80e 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h @@ -630,7 +630,7 @@ struct ath_hw_private_ops { @@ -49477,6 +49729,40 @@ index a912dc0..a8225ba 100644 u16 int_num; ZD_ASSERT(in_interrupt()); +diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c +index d752d1c..23e3203 100644 +--- a/drivers/net/xen-netback/interface.c ++++ b/drivers/net/xen-netback/interface.c +@@ -578,6 +578,7 @@ int xenvif_connect(struct xenvif_queue *queue, unsigned long tx_ring_ref, + goto err_rx_unbind; + } + queue->task = task; ++ get_task_struct(task); + + task = kthread_create(xenvif_dealloc_kthread, + (void *)queue, "%s-dealloc", queue->name); +@@ -634,6 +635,7 @@ void xenvif_disconnect(struct xenvif *vif) + + if (queue->task) { + kthread_stop(queue->task); ++ put_task_struct(queue->task); + queue->task = NULL; + } + +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index c39aace..e18728d 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -2111,8 +2111,7 @@ int xenvif_kthread_guest_rx(void *data) + */ + if (unlikely(vif->disabled && queue->id == 0)) { + xenvif_carrier_off(vif); +- xenvif_rx_queue_purge(queue); +- continue; ++ break; + } + + if (!skb_queue_empty(&queue->rx_queue)) diff --git a/drivers/nfc/nfcwilink.c b/drivers/nfc/nfcwilink.c index 683671a..4519fc2 100644 --- a/drivers/nfc/nfcwilink.c @@ -49861,7 +50147,7 @@ index 2c6643f..3a6d8e0 100644 if (!sysfs_initialized) return -EACCES; diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h -index 4a3902d..7f1fc42 100644 +index b5defca..e3664cc 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -93,7 +93,7 @@ struct pci_vpd_ops { @@ -49891,7 +50177,7 @@ index e1e7026..d28dd33 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index c8ca98c..b1bc005 100644 +index 3010ffc..5e2e133 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -177,7 +177,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -50486,10 +50772,10 @@ index 302e626..12579af 100644 da->attr.name = info->pin_config[i].name; da->attr.mode = 0644; diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index cd87c0c..715ecbe 100644 +index fc6fb54..b8c794ba 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c -@@ -3567,7 +3567,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3569,7 +3569,7 @@ regulator_register(const struct regulator_desc *regulator_desc, { const struct regulation_constraints *constraints = NULL; const struct regulator_init_data *init_data; @@ -50498,7 +50784,7 @@ index cd87c0c..715ecbe 100644 struct regulator_dev *rdev; struct device *dev; int ret, i; -@@ -3641,7 +3641,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3643,7 +3643,7 @@ regulator_register(const struct regulator_desc *regulator_desc, rdev->dev.class = ®ulator_class; rdev->dev.parent = dev; dev_set_name(&rdev->dev, "regulator.%d", @@ -50544,15 +50830,16 @@ index dbedf17..18ff6b7 100644 if (pdata) { diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 793b662..85f74cd 100644 +index 793b662..01c20fc 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c @@ -584,10 +584,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) mc13xxx_unlock(mc13892); /* update mc13892_vcam ops */ +- memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, + pax_open_kernel(); - memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, ++ memcpy((void *)&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, sizeof(struct regulator_ops)); - mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode, - mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode, @@ -51639,7 +51926,7 @@ index 79c77b4..ef6ec0b 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 50a6e1a..de5252e 100644 +index 17fb051..937fbbd 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1583,7 +1583,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) @@ -51779,10 +52066,10 @@ index ae45bd9..c32a586 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index cfba74c..415f09b 100644 +index dd8c8d6..4cdf6a1 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -3022,7 +3022,7 @@ static int sd_probe(struct device *dev) +@@ -3024,7 +3024,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -51888,7 +52175,7 @@ index 9cb222e..8766f26 100644 imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL); diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c -index 503b2d7..c918745 100644 +index 503b2d7..c904931 100644 --- a/drivers/staging/line6/driver.c +++ b/drivers/staging/line6/driver.c @@ -463,7 +463,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data, @@ -51939,6 +52226,89 @@ index 503b2d7..c918745 100644 /* receive the result: */ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, +@@ -520,7 +527,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data, + { + struct usb_device *usbdev = line6->usbdev; + int ret; +- unsigned char status; ++ unsigned char *status; + + ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, +@@ -533,26 +540,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data, + return ret; + } + ++ status = kmalloc(1, GFP_KERNEL); ++ if (status == NULL) ++ return -ENOMEM; ++ + do { + ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), + 0x67, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | + USB_DIR_IN, + 0x0012, 0x0000, +- &status, 1, LINE6_TIMEOUT * HZ); ++ status, 1, LINE6_TIMEOUT * HZ); + + if (ret < 0) { + dev_err(line6->ifcdev, + "receiving status failed (error %d)\n", ret); ++ kfree(status); + return ret; + } +- } while (status == 0xff); ++ } while (*status == 0xff); + +- if (status != 0) { ++ if (*status != 0) { + dev_err(line6->ifcdev, "write failed (error %d)\n", ret); ++ kfree(status); + return -EINVAL; + } + ++ kfree(status); ++ + return 0; + } + +diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c +index 6943715..0a93632 100644 +--- a/drivers/staging/line6/toneport.c ++++ b/drivers/staging/line6/toneport.c +@@ -11,6 +11,7 @@ + */ + + #include ++#include + #include + + #include "audio.h" +@@ -307,14 +308,20 @@ static void toneport_destruct(struct usb_interface *interface) + */ + static void toneport_setup(struct usb_line6_toneport *toneport) + { +- int ticks; ++ int *ticks; + struct usb_line6 *line6 = &toneport->line6; + struct usb_device *usbdev = line6->usbdev; + u16 idProduct = le16_to_cpu(usbdev->descriptor.idProduct); + ++ ticks = kmalloc(sizeof(int), GFP_KERNEL); ++ if (ticks == NULL) ++ return; ++ + /* sync time on device with host: */ +- ticks = (int)get_seconds(); +- line6_write_data(line6, 0x80c6, &ticks, 4); ++ *ticks = (int)get_seconds(); ++ line6_write_data(line6, 0x80c6, ticks, sizeof(int)); ++ ++ kfree(ticks); + + /* enable device: */ + toneport_send_cmd(usbdev, 0x0301, 0x0000); diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c index a94f336..6a1924d 100644 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c @@ -52274,7 +52644,7 @@ index e7e9372..161f530 100644 login->tgt_agt = sbp_target_agent_register(login); if (IS_ERR(login->tgt_agt)) { diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index c45f9e9..00e85f0 100644 +index 24fa5d1..fae56f1 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c @@ -1532,7 +1532,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) @@ -52807,7 +53177,7 @@ index c434376..114ce13 100644 dlci->modem_rx = 0; diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 2e900a9..576d216 100644 +index 47ca0f3..3c0b803 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -115,7 +115,7 @@ struct n_tty_data { @@ -52819,7 +53189,7 @@ index 2e900a9..576d216 100644 size_t line_start; /* protected by output lock */ -@@ -2522,6 +2522,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2523,6 +2523,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -53050,7 +53420,7 @@ index 4b6c783..9a19db3 100644 if (unlikely(pdev->id < 0 || pdev->id >= UART_NR)) return -ENXIO; diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c -index c78f43a..22b1dab 100644 +index 587d63b..48423a6 100644 --- a/drivers/tty/serial/samsung.c +++ b/drivers/tty/serial/samsung.c @@ -478,11 +478,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) @@ -53070,7 +53440,7 @@ index c78f43a..22b1dab 100644 dbg("s3c24xx_serial_startup: port=%p (%08llx,%p)\n", port, (unsigned long long)port->mapbase, port->membase); -@@ -1155,10 +1160,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, +@@ -1159,10 +1164,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, /* setup info for port */ port->dev = &platdev->dev; @@ -53082,7 +53452,7 @@ index c78f43a..22b1dab 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index eaeb9a0..01a238c 100644 +index a28dee9..168ba47 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1339,7 +1339,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp) @@ -54275,10 +54645,10 @@ index b3d245e..99549ed 100644 props.type = BACKLIGHT_RAW; props.max_brightness = 0xff; diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c -index 8d7fc48..01c4986 100644 +index 29fa1c3..a57b08e 100644 --- a/drivers/usb/serial/console.c +++ b/drivers/usb/serial/console.c -@@ -123,7 +123,7 @@ static int usb_console_setup(struct console *co, char *options) +@@ -125,7 +125,7 @@ static int usb_console_setup(struct console *co, char *options) info->port = port; @@ -54287,7 +54657,7 @@ index 8d7fc48..01c4986 100644 if (!test_bit(ASYNCB_INITIALIZED, &port->port.flags)) { if (serial->type->set_termios) { /* -@@ -167,7 +167,7 @@ static int usb_console_setup(struct console *co, char *options) +@@ -173,7 +173,7 @@ static int usb_console_setup(struct console *co, char *options) } /* Now that any required fake tty operations are completed restore * the tty port count */ @@ -54296,16 +54666,16 @@ index 8d7fc48..01c4986 100644 /* The console is special in terms of closing the device so * indicate this port is now acting as a system console. */ port->port.console = 1; -@@ -180,7 +180,7 @@ static int usb_console_setup(struct console *co, char *options) - free_tty: - kfree(tty); +@@ -186,7 +186,7 @@ static int usb_console_setup(struct console *co, char *options) + put_tty: + tty_kref_put(tty); reset_open_count: - port->port.count = 0; + atomic_set(&port->port.count, 0); usb_autopm_put_interface(serial->interface); error_get_interface: usb_serial_put(serial); -@@ -191,7 +191,7 @@ static int usb_console_setup(struct console *co, char *options) +@@ -197,7 +197,7 @@ static int usb_console_setup(struct console *co, char *options) static void usb_console_write(struct console *co, const char *buf, unsigned count) { @@ -54586,10 +54956,10 @@ index 2fa0317..4983f2a 100644 return 0; } diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c -index 900aa4e..6d49418 100644 +index d6cab1f..112f680 100644 --- a/drivers/video/fbdev/core/fb_defio.c +++ b/drivers/video/fbdev/core/fb_defio.c -@@ -206,7 +206,9 @@ void fb_deferred_io_init(struct fb_info *info) +@@ -207,7 +207,9 @@ void fb_deferred_io_init(struct fb_info *info) BUG_ON(!fbdefio); mutex_init(&fbdefio->lock); @@ -54600,7 +54970,7 @@ index 900aa4e..6d49418 100644 INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work); INIT_LIST_HEAD(&fbdefio->pagelist); if (fbdefio->delay == 0) /* set a default of 1 s */ -@@ -237,7 +239,7 @@ void fb_deferred_io_cleanup(struct fb_info *info) +@@ -238,7 +240,7 @@ void fb_deferred_io_cleanup(struct fb_info *info) page->mapping = NULL; } @@ -59164,7 +59534,7 @@ index 150822e..75bb326 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c -index 054577b..9b342cc 100644 +index de4e70f..b41dc45 100644 --- a/fs/btrfs/delayed-inode.c +++ b/fs/btrfs/delayed-inode.c @@ -462,7 +462,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node, @@ -59522,7 +59892,7 @@ index f6e1237..796ffd1 100644 sb->s_bdi = &fsc->backing_dev_info; return err; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c -index 44ec726..bcb06a3 100644 +index 44ec726..11a056f 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -286,8 +286,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, @@ -59565,6 +59935,20 @@ index 44ec726..bcb06a3 100644 if (server->ops->print_stats) server->ops->print_stats(m, tcon); } +@@ -615,9 +615,11 @@ cifs_security_flags_handle_must_flags(unsigned int *flags) + *flags = CIFSSEC_MUST_NTLMV2; + else if ((*flags & CIFSSEC_MUST_NTLM) == CIFSSEC_MUST_NTLM) + *flags = CIFSSEC_MUST_NTLM; +- else if ((*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN) ++ else if (CIFSSEC_MUST_LANMAN && ++ (*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN) + *flags = CIFSSEC_MUST_LANMAN; +- else if ((*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT) ++ else if (CIFSSEC_MUST_PLNTXT && ++ (*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT) + *flags = CIFSSEC_MUST_PLNTXT; + + *flags |= signflags; diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 9d7996e..35ad5cf4 100644 --- a/fs/cifs/cifsfs.c @@ -59683,10 +60067,10 @@ index 02a33e5..3a28b5a 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 3e4d00a..38a122d 100644 +index 9a7b6947..4132187 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c -@@ -2056,10 +2056,14 @@ static int cifs_writepages(struct address_space *mapping, +@@ -2060,10 +2060,14 @@ static int cifs_writepages(struct address_space *mapping, index = mapping->writeback_index; /* Start from prev offset */ end = -1; } else { @@ -59970,6 +60354,19 @@ index 8f1672b..af339c07 100644 } req->FileIndex = cpu_to_le32(index); +diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c +index 6c15663..a4232ec 100644 +--- a/fs/cifs/smbencrypt.c ++++ b/fs/cifs/smbencrypt.c +@@ -221,7 +221,7 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16, + } + + rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16)); +- memset(wpwd, 0, 129 * sizeof(__le16)); ++ memzero_explicit(wpwd, sizeof(wpwd)); + + return rc; + } diff --git a/fs/coda/cache.c b/fs/coda/cache.c index 46ee6f2..89a9e7f 100644 --- a/fs/coda/cache.c @@ -60327,7 +60724,7 @@ index b5c86ff..0dac262 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index 03dca3c..f66c622 100644 +index 03dca3c..15f326d 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -508,7 +508,7 @@ static void __dentry_kill(struct dentry *dentry) @@ -60463,7 +60860,17 @@ index 03dca3c..f66c622 100644 dentry->d_flags = 0; spin_lock_init(&dentry->d_lock); seqcount_init(&dentry->d_seq); -@@ -2183,7 +2183,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) +@@ -1452,6 +1452,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) + dentry->d_sb = sb; + dentry->d_op = NULL; + dentry->d_fsdata = NULL; ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ atomic_set(&dentry->chroot_refcnt, 0); ++#endif + INIT_HLIST_BL_NODE(&dentry->d_hash); + INIT_LIST_HEAD(&dentry->d_lru); + INIT_LIST_HEAD(&dentry->d_subdirs); +@@ -2183,7 +2186,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) goto next; } @@ -60472,7 +60879,7 @@ index 03dca3c..f66c622 100644 found = dentry; spin_unlock(&dentry->d_lock); break; -@@ -2282,7 +2282,7 @@ again: +@@ -2282,7 +2285,7 @@ again: spin_lock(&dentry->d_lock); inode = dentry->d_inode; isdir = S_ISDIR(inode->i_mode); @@ -60481,7 +60888,7 @@ index 03dca3c..f66c622 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -3308,7 +3308,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3308,7 +3311,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -60490,7 +60897,7 @@ index 03dca3c..f66c622 100644 } } return D_WALK_CONTINUE; -@@ -3424,7 +3424,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3424,7 +3427,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -60543,7 +60950,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 7302b75..7d61d19 100644 +index 7302b75..b917171 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -61330,7 +61737,7 @@ index 7302b75..7d61d19 100644 +{ + unsigned long sp = (unsigned long)&sp; + if (sp < current_thread_info()->lowest_stack && -+ sp > (unsigned long)task_stack_page(current)) ++ sp >= (unsigned long)task_stack_page(current) + 2 * sizeof(unsigned long)) + current_thread_info()->lowest_stack = sp; + if (unlikely((sp & ~(THREAD_SIZE - 1)) < (THREAD_SIZE/16))) + BUG(); @@ -61727,7 +62134,7 @@ index 99d440a..eb979d1 100644 } EXPORT_SYMBOL(__f_setown); diff --git a/fs/fhandle.c b/fs/fhandle.c -index 999ff5c..ac037c9 100644 +index 999ff5c..2281df9 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c @@ -8,6 +8,7 @@ @@ -61757,6 +62164,18 @@ index 999ff5c..ac037c9 100644 retval = -EPERM; goto out_err; } +@@ -195,8 +195,9 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, + goto out_err; + } + /* copy the full handle */ +- if (copy_from_user(handle, ufh, +- sizeof(struct file_handle) + ++ *handle = f_handle; ++ if (copy_from_user(&handle->f_handle, ++ &ufh->f_handle, + f_handle.handle_bytes)) { + retval = -EFAULT; + goto out_handle; diff --git a/fs/file.c b/fs/file.c index ab3eb6a..8de2392 100644 --- a/fs/file.c @@ -61828,7 +62247,7 @@ index 5797d45..7d7d79a 100644 if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) { diff --git a/fs/fs_struct.c b/fs/fs_struct.c -index 7dca743..543d620 100644 +index 7dca743..2f2786d 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ @@ -61839,15 +62258,27 @@ index 7dca743..543d620 100644 #include "internal.h" /* -@@ -19,6 +20,7 @@ void set_fs_root(struct fs_struct *fs, const struct path *path) +@@ -15,14 +16,18 @@ void set_fs_root(struct fs_struct *fs, const struct path *path) + struct path old_root; + + path_get(path); ++ gr_inc_chroot_refcnts(path->dentry, path->mnt); + spin_lock(&fs->lock); write_seqcount_begin(&fs->seq); old_root = fs->root; fs->root = *path; + gr_set_chroot_entries(current, path); write_seqcount_end(&fs->seq); spin_unlock(&fs->lock); - if (old_root.dentry) -@@ -67,6 +69,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root) +- if (old_root.dentry) ++ if (old_root.dentry) { ++ gr_dec_chroot_refcnts(old_root.dentry, old_root.mnt); + path_put(&old_root); ++ } + } + + /* +@@ -67,6 +72,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root) int hits = 0; spin_lock(&fs->lock); write_seqcount_begin(&fs->seq); @@ -61858,7 +62289,15 @@ index 7dca743..543d620 100644 hits += replace_path(&fs->root, old_root, new_root); hits += replace_path(&fs->pwd, old_root, new_root); write_seqcount_end(&fs->seq); -@@ -99,7 +105,8 @@ void exit_fs(struct task_struct *tsk) +@@ -85,6 +94,7 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root) + + void free_fs_struct(struct fs_struct *fs) + { ++ gr_dec_chroot_refcnts(fs->root.dentry, fs->root.mnt); + path_put(&fs->root); + path_put(&fs->pwd); + kmem_cache_free(fs_cachep, fs); +@@ -99,7 +109,8 @@ void exit_fs(struct task_struct *tsk) task_lock(tsk); spin_lock(&fs->lock); tsk->fs = NULL; @@ -61868,7 +62307,7 @@ index 7dca743..543d620 100644 spin_unlock(&fs->lock); task_unlock(tsk); if (kill) -@@ -112,7 +119,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -112,7 +123,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL); /* We don't need to lock fs - think why ;-) */ if (fs) { @@ -61877,7 +62316,7 @@ index 7dca743..543d620 100644 fs->in_exec = 0; spin_lock_init(&fs->lock); seqcount_init(&fs->seq); -@@ -121,6 +128,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -121,6 +132,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) spin_lock(&old->lock); fs->root = old->root; path_get(&fs->root); @@ -61887,7 +62326,7 @@ index 7dca743..543d620 100644 fs->pwd = old->pwd; path_get(&fs->pwd); spin_unlock(&old->lock); -@@ -139,8 +149,9 @@ int unshare_fs_struct(void) +@@ -139,8 +153,9 @@ int unshare_fs_struct(void) task_lock(current); spin_lock(&fs->lock); @@ -61898,7 +62337,7 @@ index 7dca743..543d620 100644 spin_unlock(&fs->lock); task_unlock(current); -@@ -153,13 +164,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); +@@ -153,13 +168,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); int current_umask(void) { @@ -63648,7 +64087,7 @@ index acd3947..1f896e2 100644 memcpy(c->data, &cookie, 4); c->len=4; diff --git a/fs/locks.c b/fs/locks.c -index 735b8d3..dfc44a2 100644 +index 59e2f90..bd69071 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2374,7 +2374,7 @@ void locks_remove_file(struct file *filp) @@ -63696,7 +64135,7 @@ index f82c628..9492b99 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index db5fe86..d3dcc14 100644 +index db5fe86..8bce5f0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask) @@ -64077,7 +64516,7 @@ index db5fe86..d3dcc14 100644 struct filename *name; struct dentry *dentry; struct nameidata nd; -+ ino_t saved_ino = 0; ++ u64 saved_ino = 0; + dev_t saved_dev = 0; unsigned int lookup_flags = 0; retry: @@ -64087,7 +64526,7 @@ index db5fe86..d3dcc14 100644 goto exit3; } + -+ saved_ino = dentry->d_inode->i_ino; ++ saved_ino = gr_get_ino_from_dentry(dentry); + saved_dev = gr_get_dev_from_dentry(dentry); + + if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) { @@ -64108,7 +64547,7 @@ index db5fe86..d3dcc14 100644 struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; -+ ino_t saved_ino = 0; ++ u64 saved_ino = 0; + dev_t saved_dev = 0; unsigned int lookup_flags = 0; retry: @@ -64119,7 +64558,7 @@ index db5fe86..d3dcc14 100644 ihold(inode); + + if (inode->i_nlink <= 1) { -+ saved_ino = inode->i_ino; ++ saved_ino = gr_get_ino_from_dentry(dentry); + saved_dev = gr_get_dev_from_dentry(dentry); + } + if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) { @@ -64200,10 +64639,18 @@ index db5fe86..d3dcc14 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4304,6 +4486,12 @@ retry_deleg: +@@ -4304,6 +4486,20 @@ retry_deleg: if (new_dentry == trap) goto exit5; ++ if (gr_bad_chroot_rename(old_dentry, oldnd.path.mnt, new_dentry, newnd.path.mnt)) { ++ /* use EXDEV error to cause 'mv' to switch to an alternative ++ * method for usability ++ */ ++ error = -EXDEV; ++ goto exit5; ++ } ++ + error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt, + old_dentry, old_dir->d_inode, oldnd.path.mnt, + to, flags); @@ -64213,7 +64660,7 @@ index db5fe86..d3dcc14 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry, flags); if (error) -@@ -4311,6 +4499,9 @@ retry_deleg: +@@ -4311,6 +4507,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode, flags); @@ -64223,7 +64670,7 @@ index db5fe86..d3dcc14 100644 exit5: dput(new_dentry); exit4: -@@ -4367,14 +4558,24 @@ EXPORT_SYMBOL(vfs_whiteout); +@@ -4367,14 +4566,24 @@ EXPORT_SYMBOL(vfs_whiteout); int readlink_copy(char __user *buffer, int buflen, const char *link) { @@ -64429,7 +64876,7 @@ index 0beb023..3f685ec 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index eeea7a9..f3ba422 100644 +index 2a77603..68e0e37 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -1543,7 +1543,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) @@ -65441,7 +65888,7 @@ index cd3653e..9b9b79a 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 7dc3ea8..4cfe92f 100644 +index 7dc3ea8..a08077e 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -113,6 +113,14 @@ struct pid_entry { @@ -65584,16 +66031,18 @@ index 7dc3ea8..4cfe92f 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -609,6 +665,8 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) +@@ -609,6 +665,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) if (task) { mm = mm_access(task, mode); -+ if (gr_acl_handle_procpidmem(task)) ++ if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) { ++ mmput(mm); + mm = ERR_PTR(-EPERM); ++ } put_task_struct(task); if (!IS_ERR_OR_NULL(mm)) { -@@ -630,6 +688,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -630,6 +690,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) return PTR_ERR(mm); file->private_data = mm; @@ -65605,7 +66054,7 @@ index 7dc3ea8..4cfe92f 100644 return 0; } -@@ -651,6 +714,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -651,6 +716,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -65623,7 +66072,7 @@ index 7dc3ea8..4cfe92f 100644 if (!mm) return 0; -@@ -663,7 +737,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -663,7 +739,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, goto free; while (count > 0) { @@ -65632,7 +66081,7 @@ index 7dc3ea8..4cfe92f 100644 if (write && copy_from_user(page, buf, this_len)) { copied = -EFAULT; -@@ -755,6 +829,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -755,6 +831,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -65646,7 +66095,7 @@ index 7dc3ea8..4cfe92f 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; -@@ -764,7 +845,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -764,7 +847,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, goto free; while (count > 0) { size_t this_len, max_len; @@ -65655,7 +66104,7 @@ index 7dc3ea8..4cfe92f 100644 if (src >= (mm->env_end - mm->env_start)) break; -@@ -1378,7 +1459,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1378,7 +1461,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) int error = -EACCES; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -65664,7 +66113,7 @@ index 7dc3ea8..4cfe92f 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &path); -@@ -1422,8 +1503,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1422,8 +1505,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -65685,7 +66134,7 @@ index 7dc3ea8..4cfe92f 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1473,7 +1564,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1473,7 +1566,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -65697,7 +66146,7 @@ index 7dc3ea8..4cfe92f 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1509,10 +1604,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1509,10 +1606,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -65717,7 +66166,7 @@ index 7dc3ea8..4cfe92f 100644 } } rcu_read_unlock(); -@@ -1550,11 +1654,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) +@@ -1550,11 +1656,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -65738,7 +66187,7 @@ index 7dc3ea8..4cfe92f 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -2085,6 +2198,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2085,6 +2200,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -65748,7 +66197,7 @@ index 7dc3ea8..4cfe92f 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc// without very good reasons. -@@ -2115,6 +2231,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, +@@ -2115,6 +2233,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, if (!task) return -ENOENT; @@ -65758,7 +66207,7 @@ index 7dc3ea8..4cfe92f 100644 if (!dir_emit_dots(file, ctx)) goto out; -@@ -2557,7 +2676,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2557,7 +2678,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -65767,7 +66216,7 @@ index 7dc3ea8..4cfe92f 100644 ONE("syscall", S_IRUSR, proc_pid_syscall), #endif ONE("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2582,10 +2701,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2582,10 +2703,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -65780,7 +66229,7 @@ index 7dc3ea8..4cfe92f 100644 ONE("stack", S_IRUSR, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2619,6 +2738,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2619,6 +2740,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL ONE("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -65790,7 +66239,7 @@ index 7dc3ea8..4cfe92f 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2748,7 +2870,14 @@ static int proc_pid_instantiate(struct inode *dir, +@@ -2748,7 +2872,14 @@ static int proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -65805,7 +66254,7 @@ index 7dc3ea8..4cfe92f 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2786,7 +2915,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2786,7 +2917,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -65817,7 +66266,7 @@ index 7dc3ea8..4cfe92f 100644 put_task_struct(task); out: return ERR_PTR(result); -@@ -2900,7 +3033,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2900,7 +3035,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -65826,7 +66275,7 @@ index 7dc3ea8..4cfe92f 100644 ONE("syscall", S_IRUSR, proc_pid_syscall), #endif ONE("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2927,10 +3060,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2927,10 +3062,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -66523,7 +66972,7 @@ index 094e44d..085a877 100644 } diff --git a/fs/proc/stat.c b/fs/proc/stat.c -index bf2d03f..f058f9c 100644 +index 510413eb..34d9a8c 100644 --- a/fs/proc/stat.c +++ b/fs/proc/stat.c @@ -11,6 +11,7 @@ @@ -66618,8 +67067,8 @@ index bf2d03f..f058f9c 100644 /* sum again ? it could be updated? */ for_each_irq_nr(j) -- seq_put_decimal_ull(p, ' ', kstat_irqs(j)); -+ seq_put_decimal_ull(p, ' ', unrestricted ? kstat_irqs(j) : 0ULL); +- seq_put_decimal_ull(p, ' ', kstat_irqs_usr(j)); ++ seq_put_decimal_ull(p, ' ', unrestricted ? kstat_irqs_usr(j) : 0ULL); seq_printf(p, "\nctxt %llu\n" @@ -67140,7 +67589,7 @@ index 1894d96..1dfd1c2 100644 #define __fs_changed(gen,s) (gen != get_generation (s)) #define fs_changed(gen,s) \ diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c -index f1376c9..f9378e9 100644 +index b27ef35..d9c6c18 100644 --- a/fs/reiserfs/super.c +++ b/fs/reiserfs/super.c @@ -1857,6 +1857,10 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent) @@ -67815,10 +68264,10 @@ index 6a51619..9592e1b 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..f27264e +index 0000000..31f8fe4 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1166 @@ +@@ -0,0 +1,1182 @@ +# +# grecurity configuration +# @@ -68459,6 +68908,22 @@ index 0000000..f27264e + sysctl option is enabled, a sysctl option with name + "chroot_deny_sysctl" is created. + ++config GRKERNSEC_CHROOT_RENAME ++ bool "Deny bad renames" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on GRKERNSEC_CHROOT ++ help ++ If you say Y here, an attacker in a chroot will not be able to ++ abuse the ability to create double chroots to break out of the ++ chroot by exploiting a race condition between a rename of a directory ++ within a chroot against an open of a symlink with relative path ++ components. This feature will likewise prevent an accomplice outside ++ a chroot from enabling a user inside the chroot to break out and make ++ use of their credentials on the global filesystem. Enabling this ++ feature is essential to prevent root users from breaking out of a ++ chroot. If the sysctl option is enabled, a sysctl option with name ++ "chroot_deny_bad_rename" is created. ++ +config GRKERNSEC_CHROOT_CAPS + bool "Capability restrictions" + default y if GRKERNSEC_CONFIG_AUTO @@ -69047,10 +69512,10 @@ index 0000000..30ababb +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..6ae3aa0 +index 0000000..6c1e154 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,2703 @@ +@@ -0,0 +1,2749 @@ +#include +#include +#include @@ -69158,11 +69623,26 @@ index 0000000..6ae3aa0 + return dentry->d_sb->s_dev; +} + ++static inline u64 __get_ino(const struct dentry *dentry) ++{ ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return btrfs_ino(dentry->d_inode); ++ else ++#endif ++ return dentry->d_inode->i_ino; ++} ++ +dev_t gr_get_dev_from_dentry(struct dentry *dentry) +{ + return __get_dev(dentry); +} + ++u64 gr_get_ino_from_dentry(struct dentry *dentry) ++{ ++ return __get_ino(dentry); ++} ++ +static char gr_task_roletype_to_char(struct task_struct *task) +{ + switch (task->role->roletype & @@ -69501,7 +69981,7 @@ index 0000000..6ae3aa0 +} + +struct acl_subject_label * -+lookup_acl_subj_label(const ino_t ino, const dev_t dev, ++lookup_acl_subj_label(const u64 ino, const dev_t dev, + const struct acl_role_label *role) +{ + unsigned int index = gr_fhash(ino, dev, role->subj_hash_size); @@ -69521,7 +70001,7 @@ index 0000000..6ae3aa0 +} + +struct acl_subject_label * -+lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, ++lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev, + const struct acl_role_label *role) +{ + unsigned int index = gr_fhash(ino, dev, role->subj_hash_size); @@ -69541,7 +70021,7 @@ index 0000000..6ae3aa0 +} + +static struct acl_object_label * -+lookup_acl_obj_label(const ino_t ino, const dev_t dev, ++lookup_acl_obj_label(const u64 ino, const dev_t dev, + const struct acl_subject_label *subj) +{ + unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size); @@ -69561,7 +70041,7 @@ index 0000000..6ae3aa0 +} + +static struct acl_object_label * -+lookup_acl_obj_label_create(const ino_t ino, const dev_t dev, ++lookup_acl_obj_label_create(const u64 ino, const dev_t dev, + const struct acl_subject_label *subj) +{ + unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size); @@ -69642,7 +70122,7 @@ index 0000000..6ae3aa0 +} + +static struct inodev_entry * -+lookup_inodev_entry(const ino_t ino, const dev_t dev) ++lookup_inodev_entry(const u64 ino, const dev_t dev) +{ + unsigned int index = gr_fhash(ino, dev, running_polstate.inodev_set.i_size); + struct inodev_entry *match; @@ -69867,7 +70347,7 @@ index 0000000..6ae3aa0 + +static struct acl_object_label * +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt, -+ const ino_t curr_ino, const dev_t curr_dev, ++ const u64 curr_ino, const dev_t curr_dev, + const struct acl_subject_label *subj, char **path, const int checkglob) +{ + struct acl_subject_label *tmpsubj; @@ -69898,7 +70378,7 @@ index 0000000..6ae3aa0 + const struct acl_subject_label *subj, char **path, const int checkglob) +{ + int newglob = checkglob; -+ ino_t inode; ++ u64 inode; + dev_t device; + + /* if we aren't checking a subdirectory of the original path yet, don't do glob checking @@ -69910,7 +70390,7 @@ index 0000000..6ae3aa0 + newglob = GR_NO_GLOB; + + spin_lock(&curr_dentry->d_lock); -+ inode = curr_dentry->d_inode->i_ino; ++ inode = __get_ino(curr_dentry); + device = __get_dev(curr_dentry); + spin_unlock(&curr_dentry->d_lock); + @@ -70043,7 +70523,7 @@ index 0000000..6ae3aa0 + spin_lock(&dentry->d_lock); + read_lock(&gr_inode_lock); + retval = -+ lookup_acl_subj_label(dentry->d_inode->i_ino, ++ lookup_acl_subj_label(__get_ino(dentry), + __get_dev(dentry), role); + read_unlock(&gr_inode_lock); + spin_unlock(&dentry->d_lock); @@ -70058,7 +70538,7 @@ index 0000000..6ae3aa0 + + spin_lock(&dentry->d_lock); + read_lock(&gr_inode_lock); -+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino, ++ retval = lookup_acl_subj_label(__get_ino(dentry), + __get_dev(dentry), role); + read_unlock(&gr_inode_lock); + parent = dentry->d_parent; @@ -70072,7 +70552,7 @@ index 0000000..6ae3aa0 + + spin_lock(&dentry->d_lock); + read_lock(&gr_inode_lock); -+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino, ++ retval = lookup_acl_subj_label(__get_ino(dentry), + __get_dev(dentry), role); + read_unlock(&gr_inode_lock); + spin_unlock(&dentry->d_lock); @@ -70080,7 +70560,7 @@ index 0000000..6ae3aa0 + if (unlikely(retval == NULL)) { + /* gr_real_root is pinned, we don't need to hold a reference */ + read_lock(&gr_inode_lock); -+ retval = lookup_acl_subj_label(gr_real_root.dentry->d_inode->i_ino, ++ retval = lookup_acl_subj_label(__get_ino(gr_real_root.dentry), + __get_dev(gr_real_root.dentry), role); + read_unlock(&gr_inode_lock); + } @@ -70207,14 +70687,27 @@ index 0000000..6ae3aa0 + return; + + for (i = 0; i < RLIM_NLIMITS; i++) { ++ unsigned long rlim_cur, rlim_max; ++ + if (!(proc->resmask & (1U << i))) + continue; + -+ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur; -+ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max; ++ rlim_cur = proc->res[i].rlim_cur; ++ rlim_max = proc->res[i].rlim_max; ++ ++ if (i == RLIMIT_NOFILE) { ++ unsigned long saved_sysctl_nr_open = sysctl_nr_open; ++ if (rlim_cur > saved_sysctl_nr_open) ++ rlim_cur = saved_sysctl_nr_open; ++ if (rlim_max > saved_sysctl_nr_open) ++ rlim_max = saved_sysctl_nr_open; ++ } ++ ++ task->signal->rlim[i].rlim_cur = rlim_cur; ++ task->signal->rlim[i].rlim_max = rlim_max; + + if (i == RLIMIT_CPU) -+ update_rlimit_cpu(task, proc->res[i].rlim_cur); ++ update_rlimit_cpu(task, rlim_cur); + } + + return; @@ -70224,9 +70717,10 @@ index 0000000..6ae3aa0 + rcu_read_lock(); + read_lock(&tasklist_lock); + read_lock(&grsec_exec_file_lock); ++ except in the case of gr_set_role_label() (for __gr_get_subject_for_task) +*/ + -+struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename) ++struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename, int fallback) +{ + char *tmpname; + struct acl_subject_label *tmpsubj; @@ -70268,15 +70762,15 @@ index 0000000..6ae3aa0 + /* this also works for the reload case -- if we don't match a potentially inherited subject + then we fall back to a normal lookup based on the binary's ino/dev + */ -+ if (tmpsubj == NULL) ++ if (tmpsubj == NULL && fallback) + tmpsubj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, task->role); + + return tmpsubj; +} + -+static struct acl_subject_label *gr_get_subject_for_task(struct task_struct *task, const char *filename) ++static struct acl_subject_label *gr_get_subject_for_task(struct task_struct *task, const char *filename, int fallback) +{ -+ return __gr_get_subject_for_task(&running_polstate, task, filename); ++ return __gr_get_subject_for_task(&running_polstate, task, filename, fallback); +} + +void __gr_apply_subject_to_task(const struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj) @@ -70340,7 +70834,7 @@ index 0000000..6ae3aa0 + task->role = current->role; + rcu_read_lock(); + read_lock(&grsec_exec_file_lock); -+ subj = gr_get_subject_for_task(task, NULL); ++ subj = gr_get_subject_for_task(task, NULL, 1); + gr_apply_subject_to_task(task, subj); + read_unlock(&grsec_exec_file_lock); + rcu_read_unlock(); @@ -70750,6 +71244,7 @@ index 0000000..6ae3aa0 +gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid) +{ + struct acl_role_label *role = task->role; ++ struct acl_role_label *origrole = role; + struct acl_subject_label *subj = NULL; + struct acl_object_label *obj; + struct file *filp; @@ -70782,10 +71277,28 @@ index 0000000..6ae3aa0 + ((role->roletype & GR_ROLE_GROUP) && !gr_acl_is_capable(CAP_SETGID)))) + return; + -+ /* perform subject lookup in possibly new role -+ we can use this result below in the case where role == task->role -+ */ -+ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role); ++ task->role = role; ++ ++ if (task->inherited) { ++ /* if we reached our subject through inheritance, then first see ++ if there's a subject of the same name in the new role that has ++ an object that would result in the same inherited subject ++ */ ++ subj = gr_get_subject_for_task(task, task->acl->filename, 0); ++ if (subj) { ++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, subj); ++ if (!(obj->mode & GR_INHERIT)) ++ subj = NULL; ++ } ++ ++ } ++ if (subj == NULL) { ++ /* otherwise: ++ perform subject lookup in possibly new role ++ we can use this result below in the case where role == task->role ++ */ ++ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role); ++ } + + /* if we changed uid/gid, but result in the same role + and are using inheritance, don't lose the inherited subject @@ -70793,14 +71306,12 @@ index 0000000..6ae3aa0 + would result in, we arrived via inheritance, don't + lose subject + */ -+ if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) && ++ if (role != origrole || (!(task->acl->mode & GR_INHERITLEARN) && + (subj == task->acl))) + task->acl = subj; + + /* leave task->inherited unaffected */ + -+ task->role = role; -+ + task->is_writable = 0; + + /* ignore additional mmap checks for processes that are writable @@ -70899,7 +71410,7 @@ index 0000000..6ae3aa0 + +/* always called with valid inodev ptr */ +static void -+do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev) ++do_handle_delete(struct inodev_entry *inodev, const u64 ino, const dev_t dev) +{ + struct acl_object_label *matchpo; + struct acl_subject_label *matchps; @@ -70927,7 +71438,7 @@ index 0000000..6ae3aa0 +} + +void -+gr_handle_delete(const ino_t ino, const dev_t dev) ++gr_handle_delete(const u64 ino, const dev_t dev) +{ + struct inodev_entry *inodev; + @@ -70944,8 +71455,8 @@ index 0000000..6ae3aa0 +} + +static void -+update_acl_obj_label(const ino_t oldinode, const dev_t olddevice, -+ const ino_t newinode, const dev_t newdevice, ++update_acl_obj_label(const u64 oldinode, const dev_t olddevice, ++ const u64 newinode, const dev_t newdevice, + struct acl_subject_label *subj) +{ + unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size); @@ -70983,8 +71494,8 @@ index 0000000..6ae3aa0 +} + +static void -+update_acl_subj_label(const ino_t oldinode, const dev_t olddevice, -+ const ino_t newinode, const dev_t newdevice, ++update_acl_subj_label(const u64 oldinode, const dev_t olddevice, ++ const u64 newinode, const dev_t newdevice, + struct acl_role_label *role) +{ + unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size); @@ -71022,8 +71533,8 @@ index 0000000..6ae3aa0 +} + +static void -+update_inodev_entry(const ino_t oldinode, const dev_t olddevice, -+ const ino_t newinode, const dev_t newdevice) ++update_inodev_entry(const u64 oldinode, const dev_t olddevice, ++ const u64 newinode, const dev_t newdevice) +{ + unsigned int index = gr_fhash(oldinode, olddevice, running_polstate.inodev_set.i_size); + struct inodev_entry *match; @@ -71059,7 +71570,7 @@ index 0000000..6ae3aa0 +} + +static void -+__do_handle_create(const struct name_entry *matchn, ino_t ino, dev_t dev) ++__do_handle_create(const struct name_entry *matchn, u64 ino, dev_t dev) +{ + struct acl_subject_label *subj; + struct acl_role_label *role; @@ -71092,7 +71603,7 @@ index 0000000..6ae3aa0 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry, + const struct vfsmount *mnt) +{ -+ ino_t ino = dentry->d_inode->i_ino; ++ u64 ino = __get_ino(dentry); + dev_t dev = __get_dev(dentry); + + __do_handle_create(matchn, ino, dev); @@ -71152,7 +71663,7 @@ index 0000000..6ae3aa0 + struct name_entry *matchn2 = NULL; + struct inodev_entry *inodev; + struct inode *inode = new_dentry->d_inode; -+ ino_t old_ino = old_dentry->d_inode->i_ino; ++ u64 old_ino = __get_ino(old_dentry); + dev_t old_dev = __get_dev(old_dentry); + unsigned int exchange = flags & RENAME_EXCHANGE; + @@ -71194,7 +71705,7 @@ index 0000000..6ae3aa0 + + write_lock(&gr_inode_lock); + if (unlikely((replace || exchange) && inode)) { -+ ino_t new_ino = inode->i_ino; ++ u64 new_ino = __get_ino(new_dentry); + dev_t new_dev = __get_dev(new_dentry); + + inodev = lookup_inodev_entry(new_ino, new_dev); @@ -71655,7 +72166,7 @@ index 0000000..6ae3aa0 + return 0; +} + -+int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino) ++int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const u64 ino) +{ + struct task_struct *task = current; + struct dentry *dentry = file->f_path.dentry; @@ -72000,10 +72511,10 @@ index 0000000..1a94c11 + diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c new file mode 100644 -index 0000000..ca25605 +index 0000000..a43dd06 --- /dev/null +++ b/grsecurity/gracl_compat.c -@@ -0,0 +1,270 @@ +@@ -0,0 +1,269 @@ +#include +#include +#include @@ -72018,8 +72529,7 @@ index 0000000..ca25605 + if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat))) + return -EFAULT; + -+ if (((uwrapcompat.version != GRSECURITY_VERSION) && -+ (uwrapcompat.version != 0x2901)) || ++ if ((uwrapcompat.version != GRSECURITY_VERSION) || + (uwrapcompat.size != sizeof(struct gr_arg_compat))) + return -EINVAL; + @@ -72276,10 +72786,10 @@ index 0000000..ca25605 + diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c new file mode 100644 -index 0000000..4008fdc +index 0000000..8ee8e4f --- /dev/null +++ b/grsecurity/gracl_fs.c -@@ -0,0 +1,445 @@ +@@ -0,0 +1,447 @@ +#include +#include +#include @@ -72720,7 +73230,9 @@ index 0000000..4008fdc + if (unlikely(!gr_acl_is_enabled())) + return 0; + -+ if (task != current && task->acl->mode & GR_PROTPROCFD) ++ if (task != current && (task->acl->mode & GR_PROTPROCFD) && ++ !(current->acl->mode & GR_POVERRIDE) && ++ !(current->role->roletype & GR_ROLE_GOD)) + return -EACCES; + + return 0; @@ -73332,10 +73844,10 @@ index 0000000..25f54ef +}; diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c new file mode 100644 -index 0000000..3f8ade0 +index 0000000..fd26052 --- /dev/null +++ b/grsecurity/gracl_policy.c -@@ -0,0 +1,1782 @@ +@@ -0,0 +1,1781 @@ +#include +#include +#include @@ -73406,7 +73918,7 @@ index 0000000..3f8ade0 +extern void gr_remove_uid(uid_t uid); +extern int gr_find_uid(uid_t uid); + -+extern struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename); ++extern struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename, int fallback); +extern void __gr_apply_subject_to_task(struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj); +extern int gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb); +extern void __insert_inodev_entry(const struct gr_policy_state *state, struct inodev_entry *entry); @@ -73415,8 +73927,8 @@ index 0000000..3f8ade0 +extern void insert_acl_subj_label(struct acl_subject_label *obj, struct acl_role_label *role); +extern struct name_entry * __lookup_name_entry(const struct gr_policy_state *state, const char *name); +extern char *gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt); -+extern struct acl_subject_label *lookup_acl_subj_label(const ino_t ino, const dev_t dev, const struct acl_role_label *role); -+extern struct acl_subject_label *lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, const struct acl_role_label *role); ++extern struct acl_subject_label *lookup_acl_subj_label(const u64 ino, const dev_t dev, const struct acl_role_label *role); ++extern struct acl_subject_label *lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev, const struct acl_role_label *role); +extern void assign_special_role(const char *rolename); +extern struct acl_subject_label *chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, const struct acl_role_label *role); +extern int gr_rbac_disable(void *unused); @@ -73499,8 +74011,7 @@ index 0000000..3f8ade0 + if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper))) + return -EFAULT; + -+ if (((uwrap->version != GRSECURITY_VERSION) && -+ (uwrap->version != 0x2901)) || ++ if ((uwrap->version != GRSECURITY_VERSION) || + (uwrap->size != sizeof(struct gr_arg))) + return -EINVAL; + @@ -73685,7 +74196,7 @@ index 0000000..3f8ade0 +} + +static int -+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted) ++insert_name_entry(char *name, const u64 inode, const dev_t device, __u8 deleted) +{ + struct name_entry **curr, *nentry; + struct inodev_entry *ientry; @@ -74511,8 +75022,8 @@ index 0000000..3f8ade0 + } + /* this handles non-nested inherited subjects, nested subjects will still + be dropped currently */ -+ subj = __gr_get_subject_for_task(polstate, task, task->acl->filename); -+ task->tmpacl = __gr_get_subject_for_task(polstate, task, NULL); ++ subj = __gr_get_subject_for_task(polstate, task, task->acl->filename, 1); ++ task->tmpacl = __gr_get_subject_for_task(polstate, task, NULL, 1); + /* change the role back so that we've made no modifications to the policy */ + task->role = rtmp; + @@ -74544,7 +75055,7 @@ index 0000000..3f8ade0 + /* this handles non-nested inherited subjects, nested subjects will still + be dropped currently */ + if (!reload_state->oldmode && task->inherited) -+ subj = __gr_get_subject_for_task(polstate, task, task->acl->filename); ++ subj = __gr_get_subject_for_task(polstate, task, task->acl->filename, 1); + else { + /* looked up and tagged to the task previously */ + subj = task->tmpacl; @@ -75093,7 +75604,7 @@ index 0000000..3f8ade0 + if (task->exec_file) { + cred = __task_cred(task); + task->role = __lookup_acl_role_label(polstate, task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid)); -+ subj = __gr_get_subject_for_task(polstate, task, NULL); ++ subj = __gr_get_subject_for_task(polstate, task, NULL, 1); + if (subj == NULL) { + ret = -EINVAL; + read_unlock(&grsec_exec_file_lock); @@ -75194,10 +75705,10 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..2040e61 +index 0000000..218b66b --- /dev/null +++ b/grsecurity/gracl_segv.c -@@ -0,0 +1,313 @@ +@@ -0,0 +1,324 @@ +#include +#include +#include @@ -75228,7 +75739,7 @@ index 0000000..2040e61 +static DEFINE_SPINLOCK(gr_uid_lock); +extern rwlock_t gr_inode_lock; +extern struct acl_subject_label * -+ lookup_acl_subj_label(const ino_t inode, const dev_t dev, ++ lookup_acl_subj_label(const u64 inode, const dev_t dev, + struct acl_role_label *role); + +static inline dev_t __get_dev(const struct dentry *dentry) @@ -75241,6 +75752,16 @@ index 0000000..2040e61 + return dentry->d_sb->s_dev; +} + ++static inline u64 __get_ino(const struct dentry *dentry) ++{ ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return btrfs_ino(dentry->d_inode); ++ else ++#endif ++ return dentry->d_inode->i_ino; ++} ++ +int +gr_init_uidset(void) +{ @@ -75461,13 +75982,14 @@ index 0000000..2040e61 +gr_check_crash_exec(const struct file *filp) +{ + struct acl_subject_label *curr; ++ struct dentry *dentry; + + if (unlikely(!gr_acl_is_enabled())) + return 0; + + read_lock(&gr_inode_lock); -+ curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino, -+ __get_dev(filp->f_path.dentry), ++ dentry = filp->f_path.dentry; ++ curr = lookup_acl_subj_label(__get_ino(dentry), __get_dev(dentry), + current->role); + read_unlock(&gr_inode_lock); + @@ -75584,10 +76106,10 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..6d99cec +index 0000000..114ea4f --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,385 @@ +@@ -0,0 +1,467 @@ +#include +#include +#include @@ -75603,6 +76125,88 @@ index 0000000..6d99cec +int gr_init_ran; +#endif + ++void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *tmpd = dentry; ++ ++ read_seqlock_excl(&mount_lock); ++ write_seqlock(&rename_lock); ++ ++ while (tmpd != mnt->mnt_root) { ++ atomic_inc(&tmpd->chroot_refcnt); ++ tmpd = tmpd->d_parent; ++ } ++ atomic_inc(&tmpd->chroot_refcnt); ++ ++ write_sequnlock(&rename_lock); ++ read_sequnlock_excl(&mount_lock); ++#endif ++} ++ ++void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *tmpd = dentry; ++ ++ read_seqlock_excl(&mount_lock); ++ write_seqlock(&rename_lock); ++ ++ while (tmpd != mnt->mnt_root) { ++ atomic_dec(&tmpd->chroot_refcnt); ++ tmpd = tmpd->d_parent; ++ } ++ atomic_dec(&tmpd->chroot_refcnt); ++ ++ write_sequnlock(&rename_lock); ++ read_sequnlock_excl(&mount_lock); ++#endif ++} ++ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++static struct dentry *get_closest_chroot(struct dentry *dentry) ++{ ++ write_seqlock(&rename_lock); ++ do { ++ if (atomic_read(&dentry->chroot_refcnt)) { ++ write_sequnlock(&rename_lock); ++ return dentry; ++ } ++ dentry = dentry->d_parent; ++ } while (!IS_ROOT(dentry)); ++ write_sequnlock(&rename_lock); ++ return NULL; ++} ++#endif ++ ++int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt, ++ struct dentry *newdentry, struct vfsmount *newmnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *chroot; ++ ++ if (unlikely(!grsec_enable_chroot_rename)) ++ return 0; ++ ++ if (likely(!proc_is_chrooted(current) && gr_is_global_root(current_uid()))) ++ return 0; ++ ++ chroot = get_closest_chroot(olddentry); ++ ++ if (chroot == NULL) ++ return 0; ++ ++ if (is_subdir(newdentry, chroot)) ++ return 0; ++ ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_RENAME_MSG, olddentry, oldmnt); ++ ++ return 1; ++#else ++ return 0; ++#endif ++} ++ +void gr_set_chroot_entries(struct task_struct *task, const struct path *path) +{ +#ifdef CONFIG_GRKERNSEC @@ -75975,10 +76579,10 @@ index 0000000..6d99cec +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..0f9ac91 +index 0000000..946f750 --- /dev/null +++ b/grsecurity/grsec_disabled.c -@@ -0,0 +1,440 @@ +@@ -0,0 +1,445 @@ +#include +#include +#include @@ -76100,7 +76704,7 @@ index 0000000..0f9ac91 +} + +void -+gr_handle_delete(const ino_t ino, const dev_t dev) ++gr_handle_delete(const u64 ino, const dev_t dev) +{ + return; +} @@ -76301,7 +76905,7 @@ index 0000000..0f9ac91 + +int +gr_acl_handle_filldir(const struct file *file, const char *name, -+ const int namelen, const ino_t ino) ++ const int namelen, const u64 ino) +{ + return 1; +} @@ -76410,6 +77014,11 @@ index 0000000..0f9ac91 + return dentry->d_sb->s_dev; +} + ++u64 gr_get_ino_from_dentry(struct dentry *dentry) ++{ ++ return dentry->d_inode->i_ino; ++} ++ +void gr_put_exec_file(struct task_struct *task) +{ + return; @@ -76674,10 +77283,10 @@ index 0000000..8ca18bf +} diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c new file mode 100644 -index 0000000..b7cb191 +index 0000000..4ed9e7d --- /dev/null +++ b/grsecurity/grsec_init.c -@@ -0,0 +1,286 @@ +@@ -0,0 +1,290 @@ +#include +#include +#include @@ -76720,6 +77329,7 @@ index 0000000..b7cb191 +int grsec_enable_chroot_nice; +int grsec_enable_chroot_execlog; +int grsec_enable_chroot_caps; ++int grsec_enable_chroot_rename; +int grsec_enable_chroot_sysctl; +int grsec_enable_chroot_unix; +int grsec_enable_tpe; @@ -76931,6 +77541,9 @@ index 0000000..b7cb191 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS + grsec_enable_chroot_caps = 1; +#endif ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ grsec_enable_chroot_rename = 1; ++#endif +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL + grsec_enable_chroot_sysctl = 1; +#endif @@ -78161,10 +78774,10 @@ index 0000000..e3650b6 +} diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c new file mode 100644 -index 0000000..8159888 +index 0000000..cce889e --- /dev/null +++ b/grsecurity/grsec_sysctl.c -@@ -0,0 +1,479 @@ +@@ -0,0 +1,488 @@ +#include +#include +#include @@ -78434,6 +79047,15 @@ index 0000000..8159888 + .proc_handler = &proc_dointvec, + }, +#endif ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ { ++ .procname = "chroot_deny_bad_rename", ++ .data = &grsec_enable_chroot_rename, ++ .maxlen = sizeof(int), ++ .mode = 0600, ++ .proc_handler = &proc_dointvec, ++ }, ++#endif +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL + { + .procname = "chroot_deny_sysctl", @@ -79958,6 +80580,39 @@ index d1a5582..4424efa 100644 +#ifdef LATENT_ENTROPY_PLUGIN +#define __latent_entropy __attribute__((latent_entropy)) +#endif ++ + /* + * Mark a position in code as unreachable. This can be used to + * suppress control flow warnings after asm blocks that transfer +diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h +index c8c5659..d09f2ad 100644 +--- a/include/linux/compiler-gcc5.h ++++ b/include/linux/compiler-gcc5.h +@@ -28,6 +28,28 @@ + # define __compiletime_error(message) __attribute__((error(message))) + #endif /* __CHECKER__ */ + ++#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__))) ++#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) ++#define __bos0(ptr) __bos((ptr), 0) ++#define __bos1(ptr) __bos((ptr), 1) ++ ++#ifdef CONSTIFY_PLUGIN ++#error not yet ++#define __no_const __attribute__((no_const)) ++#define __do_const __attribute__((do_const)) ++#endif ++ ++#ifdef SIZE_OVERFLOW_PLUGIN ++#error not yet ++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__))) ++#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__))) ++#endif ++ ++#ifdef LATENT_ENTROPY_PLUGIN ++#error not yet ++#define __latent_entropy __attribute__((latent_entropy)) ++#endif + /* * Mark a position in code as unreachable. This can be used to @@ -80276,10 +80931,10 @@ index 2fb2ca2..d6a3340 100644 #define current_cred_xxx(xxx) \ ({ \ diff --git a/include/linux/crypto.h b/include/linux/crypto.h -index d45e949..51cf5ea 100644 +index dc34dfc..bdf9b5d 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h -@@ -373,7 +373,7 @@ struct cipher_tfm { +@@ -386,7 +386,7 @@ struct cipher_tfm { const u8 *key, unsigned int keylen); void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); @@ -80288,7 +80943,7 @@ index d45e949..51cf5ea 100644 struct hash_tfm { int (*init)(struct hash_desc *desc); -@@ -394,13 +394,13 @@ struct compress_tfm { +@@ -407,13 +407,13 @@ struct compress_tfm { int (*cot_decompress)(struct crypto_tfm *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int *dlen); @@ -80318,10 +80973,20 @@ index 653589e..4ef254a 100644 return c | 0x20; } diff --git a/include/linux/dcache.h b/include/linux/dcache.h -index 1c2f1b8..c67151e 100644 +index 1c2f1b8..7b9f50c 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h -@@ -133,7 +133,7 @@ struct dentry { +@@ -123,6 +123,9 @@ struct dentry { + unsigned long d_time; /* used by d_revalidate */ + void *d_fsdata; /* fs-specific data */ + ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ atomic_t chroot_refcnt; /* tracks use of directory in chroot */ ++#endif + struct list_head d_lru; /* LRU list */ + struct list_head d_child; /* child of parent list */ + struct list_head d_subdirs; /* our children */ +@@ -133,7 +136,7 @@ struct dentry { struct hlist_node d_alias; /* inode alias list */ struct rcu_head d_rcu; } d_u; @@ -80776,10 +81441,10 @@ index 41b30fd..a3718cf 100644 { diff --git a/include/linux/gracl.h b/include/linux/gracl.h new file mode 100644 -index 0000000..edb2cb6 +index 0000000..91858e4 --- /dev/null +++ b/include/linux/gracl.h -@@ -0,0 +1,340 @@ +@@ -0,0 +1,342 @@ +#ifndef GR_ACL_H +#define GR_ACL_H + @@ -80791,8 +81456,8 @@ index 0000000..edb2cb6 + +/* Major status information */ + -+#define GR_VERSION "grsecurity 3.0" -+#define GRSECURITY_VERSION 0x3000 ++#define GR_VERSION "grsecurity 3.1" ++#define GRSECURITY_VERSION 0x3100 + +enum { + GR_SHUTDOWN = 0, @@ -80837,7 +81502,7 @@ index 0000000..edb2cb6 + +struct name_entry { + __u32 key; -+ ino_t inode; ++ u64 inode; + dev_t device; + char *name; + __u16 len; @@ -80885,7 +81550,7 @@ index 0000000..edb2cb6 + +struct acl_subject_label { + char *filename; -+ ino_t inode; ++ u64 inode; + dev_t device; + __u32 mode; + kernel_cap_t cap_mask; @@ -80973,7 +81638,7 @@ index 0000000..edb2cb6 + +struct acl_object_label { + char *filename; -+ ino_t inode; ++ u64 inode; + dev_t device; + __u32 mode; + @@ -81009,7 +81674,7 @@ index 0000000..edb2cb6 + unsigned char sp_role[GR_SPROLE_LEN]; + struct sprole_pw *sprole_pws; + dev_t segv_device; -+ ino_t segv_inode; ++ u64 segv_inode; + uid_t segv_uid; + __u16 num_sprole_pws; + __u16 mode; @@ -81081,9 +81746,11 @@ index 0000000..edb2cb6 +} + +static __inline__ unsigned int -+gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz) ++gr_fhash(const u64 ino, const dev_t dev, const unsigned int sz) +{ -+ return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz); ++ unsigned int rem; ++ div_u64_rem((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9)), sz, &rem); ++ return rem; +} + +static __inline__ unsigned int @@ -81122,7 +81789,7 @@ index 0000000..edb2cb6 + diff --git a/include/linux/gracl_compat.h b/include/linux/gracl_compat.h new file mode 100644 -index 0000000..33ebd1f +index 0000000..af64092 --- /dev/null +++ b/include/linux/gracl_compat.h @@ -0,0 +1,156 @@ @@ -81149,7 +81816,7 @@ index 0000000..33ebd1f + +struct acl_subject_label_compat { + compat_uptr_t filename; -+ compat_ino_t inode; ++ compat_u64 inode; + __u32 device; + __u32 mode; + kernel_cap_t cap_mask; @@ -81237,7 +81904,7 @@ index 0000000..33ebd1f + +struct acl_object_label_compat { + compat_uptr_t filename; -+ compat_ino_t inode; ++ compat_u64 inode; + __u32 device; + __u32 mode; + @@ -81269,7 +81936,7 @@ index 0000000..33ebd1f + unsigned char sp_role[GR_SPROLE_LEN]; + compat_uptr_t sprole_pws; + __u32 segv_device; -+ compat_ino_t segv_inode; ++ compat_u64 segv_inode; + uid_t segv_uid; + __u16 num_sprole_pws; + __u16 mode; @@ -81445,10 +82112,10 @@ index 0000000..be66033 +#endif diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h new file mode 100644 -index 0000000..d25522e +index 0000000..fb1de5d --- /dev/null +++ b/include/linux/grinternal.h -@@ -0,0 +1,229 @@ +@@ -0,0 +1,230 @@ +#ifndef __GRINTERNAL_H +#define __GRINTERNAL_H + @@ -81508,6 +82175,7 @@ index 0000000..d25522e +extern int grsec_enable_chroot_nice; +extern int grsec_enable_chroot_execlog; +extern int grsec_enable_chroot_caps; ++extern int grsec_enable_chroot_rename; +extern int grsec_enable_chroot_sysctl; +extern int grsec_enable_chroot_unix; +extern int grsec_enable_symlinkown; @@ -81680,10 +82348,10 @@ index 0000000..d25522e +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..b02ba9d +index 0000000..26ef560 --- /dev/null +++ b/include/linux/grmsg.h -@@ -0,0 +1,117 @@ +@@ -0,0 +1,118 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -81727,6 +82395,7 @@ index 0000000..b02ba9d +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by " ++#define GR_CHROOT_RENAME_MSG "denied bad rename of %.950s out of a chroot by " +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by " +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " @@ -81803,10 +82472,10 @@ index 0000000..b02ba9d +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..c3b0738 +index 0000000..63c1850 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,244 @@ +@@ -0,0 +1,250 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include @@ -81974,7 +82643,7 @@ index 0000000..c3b0738 + const struct vfsmount *parent_mnt); +__u32 gr_acl_handle_rmdir(const struct dentry *dentry, + const struct vfsmount *mnt); -+void gr_handle_delete(const ino_t ino, const dev_t dev); ++void gr_handle_delete(const u64 ino, const dev_t dev); +__u32 gr_acl_handle_unlink(const struct dentry *dentry, + const struct vfsmount *mnt); +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry, @@ -82003,7 +82672,7 @@ index 0000000..c3b0738 + const struct dentry *old_dentry, + const struct vfsmount *old_mnt); +int gr_acl_handle_filldir(const struct file *file, const char *name, -+ const unsigned int namelen, const ino_t ino); ++ const unsigned int namelen, const u64 ino); + +__u32 gr_acl_handle_unix(const struct dentry *dentry, + const struct vfsmount *mnt); @@ -82014,10 +82683,16 @@ index 0000000..c3b0738 +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode); +void gr_audit_ptrace(struct task_struct *task); +dev_t gr_get_dev_from_dentry(struct dentry *dentry); ++u64 gr_get_ino_from_dentry(struct dentry *dentry); +void gr_put_exec_file(struct task_struct *task); + +int gr_ptrace_readexec(struct file *file, int unsafe_flags); + ++void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt); ++void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt); ++int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt, ++ struct dentry *newdentry, struct vfsmount *newmnt); ++ +#ifdef CONFIG_GRKERNSEC_RESLOG +extern void gr_log_resource(const struct task_struct *task, const int res, + const unsigned long wanted, const int gt); @@ -82407,7 +83082,7 @@ index ff9f1d3..6712be5 100644 extern struct key_type key_type_keyring; diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index e465bb1..19f605f 100644 +index e465bb1..19f605fd 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -52,7 +52,7 @@ extern int kgdb_connected; @@ -82539,10 +83214,10 @@ index a6059bd..8126d5c 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index bd5fefe..2a8a8d2 100644 +index fe0bf8d..c511ca6 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -976,7 +976,7 @@ struct ata_port_operations { +@@ -977,7 +977,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -82711,8 +83386,21 @@ index 3d385c8..deacb6a 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) +diff --git a/include/linux/mlx4/device.h b/include/linux/mlx4/device.h +index 37e4404..26ebbd0 100644 +--- a/include/linux/mlx4/device.h ++++ b/include/linux/mlx4/device.h +@@ -97,7 +97,7 @@ enum { + MLX4_MAX_NUM_PF = 16, + MLX4_MAX_NUM_VF = 64, + MLX4_MAX_NUM_VF_P_PORT = 64, +- MLX4_MFUNC_MAX = 80, ++ MLX4_MFUNC_MAX = 128, + MLX4_MAX_EQ_NUM = 1024, + MLX4_MFUNC_EQ_NUM = 4, + MLX4_MFUNC_MAX_EQES = 8, diff --git a/include/linux/mm.h b/include/linux/mm.h -index b464611..77cbfc1 100644 +index 86a977b..8122960 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -128,6 +128,11 @@ extern unsigned int kobjsize(const void *objp); @@ -82746,7 +83434,7 @@ index b464611..77cbfc1 100644 struct mmu_gather; struct inode; -@@ -1165,8 +1171,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -1167,8 +1173,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -82757,7 +83445,7 @@ index b464611..77cbfc1 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1206,9 +1212,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1208,9 +1214,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -82770,7 +83458,7 @@ index b464611..77cbfc1 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1240,34 +1246,6 @@ int set_page_dirty_lock(struct page *page); +@@ -1242,34 +1248,6 @@ int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); int get_cmdline(struct task_struct *task, char *buffer, int buflen); @@ -82805,7 +83493,7 @@ index b464611..77cbfc1 100644 extern struct task_struct *task_of_stack(struct task_struct *task, struct vm_area_struct *vma, bool in_group); -@@ -1385,8 +1363,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1387,8 +1365,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -82821,7 +83509,7 @@ index b464611..77cbfc1 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1395,8 +1380,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1397,8 +1382,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -82837,7 +83525,7 @@ index b464611..77cbfc1 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1414,11 +1406,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1416,11 +1408,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -82861,7 +83549,7 @@ index b464611..77cbfc1 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTE_PTLOCKS -@@ -1801,12 +1805,23 @@ extern struct vm_area_struct *copy_vma(struct vm_area_struct **, +@@ -1803,12 +1807,23 @@ extern struct vm_area_struct *copy_vma(struct vm_area_struct **, bool *need_rmap_locks); extern void exit_mmap(struct mm_struct *); @@ -82885,7 +83573,7 @@ index b464611..77cbfc1 100644 if (rlim < RLIM_INFINITY) { if (((new - start) + (end_data - start_data)) > rlim) return -ENOSPC; -@@ -1831,7 +1846,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1833,7 +1848,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -82894,7 +83582,7 @@ index b464611..77cbfc1 100644 extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); -@@ -1839,6 +1854,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1841,6 +1856,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -82902,7 +83590,7 @@ index b464611..77cbfc1 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1867,10 +1883,11 @@ struct vm_unmapped_area_info { +@@ -1869,10 +1885,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; @@ -82916,7 +83604,7 @@ index b464611..77cbfc1 100644 /* * Search for an unmapped address range. -@@ -1882,7 +1899,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); +@@ -1884,7 +1901,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) */ static inline unsigned long @@ -82925,7 +83613,7 @@ index b464611..77cbfc1 100644 { if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) return unmapped_area(info); -@@ -1944,6 +1961,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1946,6 +1963,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -82936,7 +83624,7 @@ index b464611..77cbfc1 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1973,10 +1994,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1975,10 +1996,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, } #ifdef CONFIG_MMU @@ -82949,7 +83637,7 @@ index b464611..77cbfc1 100644 { return __pgprot(0); } -@@ -2038,6 +2059,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -2040,6 +2061,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -82961,7 +83649,7 @@ index b464611..77cbfc1 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -2126,7 +2152,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -2128,7 +2154,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -82970,7 +83658,7 @@ index b464611..77cbfc1 100644 extern int soft_offline_page(struct page *page, int flags); #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS) -@@ -2161,5 +2187,11 @@ void __init setup_nr_node_ids(void); +@@ -2163,5 +2189,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -83352,18 +84040,18 @@ index 17d8339..81656c0 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 74fd5d3..86a1e4f 100644 +index 22339b4..4b4d5b3 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1156,6 +1156,7 @@ struct net_device_ops { - bool (*ndo_gso_check) (struct sk_buff *skb, - struct net_device *dev); +@@ -1160,6 +1160,7 @@ struct net_device_ops { + struct net_device *dev, + netdev_features_t features); }; +typedef struct net_device_ops __no_const net_device_ops_no_const; /** * enum net_device_priv_flags - &struct net_device priv_flags -@@ -1498,10 +1499,10 @@ struct net_device { +@@ -1502,10 +1503,10 @@ struct net_device { struct net_device_stats stats; @@ -83884,7 +84572,7 @@ index 34a1e10..70f6bde 100644 struct proc_ns { void *ns; diff --git a/include/linux/quota.h b/include/linux/quota.h -index 80d345a..9e89a9a 100644 +index 224fb81..9d85c41 100644 --- a/include/linux/quota.h +++ b/include/linux/quota.h @@ -70,7 +70,7 @@ struct kqid { /* Type in which we store the quota identifier */ @@ -85687,6 +86375,23 @@ index 8109a15..504466d 100644 +extern atomic_unchecked_t flow_cache_genid; #endif +diff --git a/include/net/flow_keys.h b/include/net/flow_keys.h +index 7ee2df0..dc8fd81 100644 +--- a/include/net/flow_keys.h ++++ b/include/net/flow_keys.h +@@ -22,9 +22,9 @@ struct flow_keys { + __be32 ports; + __be16 port16[2]; + }; +- u16 thoff; +- u16 n_proto; +- u8 ip_proto; ++ u16 thoff; ++ __be16 n_proto; ++ u8 ip_proto; + }; + + bool __skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow, diff --git a/include/net/genetlink.h b/include/net/genetlink.h index af10c2c..a431cc5 100644 --- a/include/net/genetlink.h @@ -85740,10 +86445,28 @@ index 80479ab..0c3f647 100644 struct rcu_head rcu; struct inet_peer *gc_next; diff --git a/include/net/ip.h b/include/net/ip.h -index 0bb6207..a8878af 100644 +index 0bb6207..1f38247 100644 --- a/include/net/ip.h +++ b/include/net/ip.h -@@ -316,7 +316,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) +@@ -39,11 +39,12 @@ struct inet_skb_parm { + struct ip_options opt; /* Compiled IP options */ + unsigned char flags; + +-#define IPSKB_FORWARDED 1 +-#define IPSKB_XFRM_TUNNEL_SIZE 2 +-#define IPSKB_XFRM_TRANSFORMED 4 +-#define IPSKB_FRAG_COMPLETE 8 +-#define IPSKB_REROUTED 16 ++#define IPSKB_FORWARDED BIT(0) ++#define IPSKB_XFRM_TUNNEL_SIZE BIT(1) ++#define IPSKB_XFRM_TRANSFORMED BIT(2) ++#define IPSKB_FRAG_COMPLETE BIT(3) ++#define IPSKB_REROUTED BIT(4) ++#define IPSKB_DOREDIRECT BIT(5) + + u16 frag_max_size; + }; +@@ -316,7 +317,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) } } @@ -85801,6 +86524,28 @@ index 615b20b..fd4cbd8 100644 /* ip_vs_est */ struct list_head est_list; /* estimator list */ spinlock_t est_lock; +diff --git a/include/net/ipv6.h b/include/net/ipv6.h +index 4292929..7e21d2e 100644 +--- a/include/net/ipv6.h ++++ b/include/net/ipv6.h +@@ -708,7 +708,7 @@ static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb, + __be32 flowlabel, bool autolabel) + { + if (!flowlabel && (autolabel || net->ipv6.sysctl.auto_flowlabels)) { +- __be32 hash; ++ u32 hash; + + hash = skb_get_hash(skb); + +@@ -718,7 +718,7 @@ static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb, + */ + hash ^= hash >> 12; + +- flowlabel = hash & IPV6_FLOWLABEL_MASK; ++ flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK; + } + + return flowlabel; diff --git a/include/net/irda/ircomm_tty.h b/include/net/irda/ircomm_tty.h index 8d4f588..2e37ad2 100644 --- a/include/net/irda/ircomm_tty.h @@ -85894,10 +86639,10 @@ index 567c681..cd73ac02 100644 struct llc_sap_state { u8 curr_state; diff --git a/include/net/mac80211.h b/include/net/mac80211.h -index 0ad1f47..aaea45b 100644 +index a9de1da..df72057 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h -@@ -4648,7 +4648,7 @@ struct rate_control_ops { +@@ -4645,7 +4645,7 @@ struct rate_control_ops { void (*remove_sta_debugfs)(void *priv, void *priv_sta); u32 (*get_expected_throughput)(void *priv_sta); @@ -88211,7 +88956,7 @@ index 379650b..30c5180 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 1cd5eef..e8b5af9 100644 +index 2ab0238..bf89262f5 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -170,8 +170,15 @@ static struct srcu_struct pmus_srcu; @@ -88399,7 +89144,7 @@ index ed8f2cd..fe8030c 100644 pagefault_disable(); result = __copy_from_user_inatomic(&opcode, (void __user*)vaddr, diff --git a/kernel/exit.c b/kernel/exit.c -index 5d30019..934add5 100644 +index 2116aac..d95df2a 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -174,6 +174,10 @@ void release_task(struct task_struct *p) @@ -90975,6 +91720,28 @@ index 54e7522..5b82dd6 100644 goto out_put_task_struct; } +diff --git a/kernel/range.c b/kernel/range.c +index 322ea8e..82cfc28 100644 +--- a/kernel/range.c ++++ b/kernel/range.c +@@ -113,12 +113,12 @@ static int cmp_range(const void *x1, const void *x2) + { + const struct range *r1 = x1; + const struct range *r2 = x2; +- s64 start1, start2; + +- start1 = r1->start; +- start2 = r2->start; +- +- return start1 - start2; ++ if (r1->start < r2->start) ++ return -1; ++ if (r1->start > r2->start) ++ return 1; ++ return 0; + } + + int clean_sort_range(struct range *range, int az) diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c index 240fa90..5fa56bd 100644 --- a/kernel/rcu/rcutorture.c @@ -92002,10 +92769,10 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 89e7283..072bc26 100644 +index efdca2f..e361dfb 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -1885,7 +1885,7 @@ void set_numabalancing_state(bool enabled) +@@ -1890,7 +1890,7 @@ void set_numabalancing_state(bool enabled) int sysctl_numa_balancing(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -92014,7 +92781,7 @@ index 89e7283..072bc26 100644 int err; int state = numabalancing_enabled; -@@ -2348,8 +2348,10 @@ context_switch(struct rq *rq, struct task_struct *prev, +@@ -2353,8 +2353,10 @@ context_switch(struct rq *rq, struct task_struct *prev, next->active_mm = oldmm; atomic_inc(&oldmm->mm_count); enter_lazy_tlb(oldmm, next); @@ -92026,7 +92793,7 @@ index 89e7283..072bc26 100644 if (!prev->mm) { prev->active_mm = NULL; -@@ -3160,6 +3162,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3165,6 +3167,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = nice_to_rlimit(nice); @@ -92035,7 +92802,7 @@ index 89e7283..072bc26 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3186,7 +3190,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3191,7 +3195,8 @@ SYSCALL_DEFINE1(nice, int, increment) nice = task_nice(current) + increment; nice = clamp_val(nice, MIN_NICE, MAX_NICE); @@ -92045,7 +92812,7 @@ index 89e7283..072bc26 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3465,6 +3470,7 @@ recheck: +@@ -3470,6 +3475,7 @@ recheck: if (policy != p->policy && !rlim_rtprio) return -EPERM; @@ -92053,7 +92820,7 @@ index 89e7283..072bc26 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4885,6 +4891,7 @@ void idle_task_exit(void) +@@ -4890,6 +4896,7 @@ void idle_task_exit(void) if (mm != &init_mm) { switch_mm(mm, &init_mm, current); @@ -92061,7 +92828,7 @@ index 89e7283..072bc26 100644 finish_arch_post_lock_switch(); } mmdrop(mm); -@@ -4980,7 +4987,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4985,7 +4992,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -92070,7 +92837,7 @@ index 89e7283..072bc26 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4997,17 +5004,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -5002,17 +5009,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -92092,7 +92859,7 @@ index 89e7283..072bc26 100644 /* * In the intermediate directories, both the child directory and -@@ -5015,22 +5022,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -5020,22 +5027,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -92124,7 +92891,7 @@ index 89e7283..072bc26 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -5050,7 +5060,7 @@ set_table_entry(struct ctl_table *entry, +@@ -5055,7 +5065,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -92133,7 +92900,7 @@ index 89e7283..072bc26 100644 if (table == NULL) return NULL; -@@ -5088,9 +5098,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -5093,9 +5103,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -92145,7 +92912,7 @@ index 89e7283..072bc26 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -5117,11 +5127,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -5122,11 +5132,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -92160,7 +92927,7 @@ index 89e7283..072bc26 100644 if (entry == NULL) return; -@@ -5144,8 +5156,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -5149,8 +5161,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -92210,6 +92977,21 @@ index 2df8ef0..aae070f 100644 static inline void put_prev_task(struct rq *rq, struct task_struct *prev) { +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index 4ef9687..4f44028 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -629,7 +629,9 @@ static u32 __seccomp_phase1_filter(int this_syscall, struct seccomp_data *sd) + + switch (action) { + case SECCOMP_RET_ERRNO: +- /* Set the low-order 16-bits as a errno. */ ++ /* Set low-order bits as an errno, capped at MAX_ERRNO. */ ++ if (data > MAX_ERRNO) ++ data = MAX_ERRNO; + syscall_set_return_value(current, task_pt_regs(current), + -data, 0); + goto skip; diff --git a/kernel/signal.c b/kernel/signal.c index 8f0876f..1153a5a 100644 --- a/kernel/signal.c @@ -92349,10 +93131,10 @@ index 8f0876f..1153a5a 100644 set_fs(seg); if (ret >= 0 && uoss_ptr) { diff --git a/kernel/smpboot.c b/kernel/smpboot.c -index eb89e18..a4e6792 100644 +index 60d35ac5..59d289f 100644 --- a/kernel/smpboot.c +++ b/kernel/smpboot.c -@@ -288,7 +288,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) +@@ -289,7 +289,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) } smpboot_unpark_thread(plug_thread, cpu); } @@ -92360,8 +93142,8 @@ index eb89e18..a4e6792 100644 + pax_list_add(&plug_thread->list, &hotplug_threads); out: mutex_unlock(&smpboot_threads_lock); - return ret; -@@ -305,7 +305,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) + put_online_cpus(); +@@ -307,7 +307,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) { get_online_cpus(); mutex_lock(&smpboot_threads_lock); @@ -92895,7 +93677,7 @@ index a7077d3..dd48a49 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c -index 37e50aa..57a9501 100644 +index d8c724c..6b331a4 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -1399,7 +1399,7 @@ void hrtimer_peek_ahead_timers(void) @@ -93045,7 +93827,7 @@ index 31ea01f..7fc61ef 100644 } diff --git a/kernel/time/time.c b/kernel/time/time.c -index a9ae20f..d3fbde7 100644 +index 22d5d3b..70caeb2 100644 --- a/kernel/time/time.c +++ b/kernel/time/time.c @@ -173,6 +173,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -93292,7 +94074,7 @@ index c1bd4ad..4b861dc 100644 ret = -EIO; diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 31c90fe..051ce98 100644 +index 124e2c7..762ca29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -2183,12 +2183,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) @@ -93315,7 +94097,7 @@ index 31c90fe..051ce98 100644 } /* -@@ -4492,8 +4497,10 @@ static int ftrace_process_locs(struct module *mod, +@@ -4529,8 +4534,10 @@ static int ftrace_process_locs(struct module *mod, if (!count) return 0; @@ -93326,7 +94108,7 @@ index 31c90fe..051ce98 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) -@@ -5340,7 +5347,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list) +@@ -5377,7 +5384,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list) if (t->ret_stack == NULL) { atomic_set(&t->tracing_graph_pause, 0); @@ -93335,7 +94117,7 @@ index 31c90fe..051ce98 100644 t->curr_ret_stack = -1; /* Make sure the tasks see the -1 first: */ smp_wmb(); -@@ -5553,7 +5560,7 @@ static void +@@ -5590,7 +5597,7 @@ static void graph_init_task(struct task_struct *t, struct ftrace_ret_stack *ret_stack) { atomic_set(&t->tracing_graph_pause, 0); @@ -93895,10 +94677,10 @@ index 70bf118..4be3c37 100644 .thread_should_run = watchdog_should_run, .thread_fn = watchdog, diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index 09b685d..d3565e3 100644 +index 66940a5..a44fed0 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -4508,7 +4508,7 @@ static void rebind_workers(struct worker_pool *pool) +@@ -4499,7 +4499,7 @@ static void rebind_workers(struct worker_pool *pool) WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); worker_flags |= WORKER_REBOUND; worker_flags &= ~WORKER_UNBOUND; @@ -94809,10 +95591,10 @@ index 0ae0df5..82ac56b 100644 bdi_destroy(bdi); return err; diff --git a/mm/filemap.c b/mm/filemap.c -index 14b4642..d71ba82 100644 +index 37beab9..2c55a85 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -2101,7 +2101,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -2097,7 +2097,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -94821,7 +95603,7 @@ index 14b4642..d71ba82 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -2279,6 +2279,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2275,6 +2275,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -94846,7 +95628,7 @@ index 72b8fa3..c5b39f1 100644 * Make sure the vma is shared, that it supports prefaulting, * and that the remapped range is valid and fully within diff --git a/mm/gup.c b/mm/gup.c -index cd62c8c..3bb2053 100644 +index a0d57ec..79d469ce 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -274,11 +274,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, @@ -95368,7 +96150,7 @@ index 8639f6b..b623882a 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index d5f2ae9..4d678b2 100644 +index d442584..0600e22 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -95668,7 +96450,7 @@ index d5f2ae9..4d678b2 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2218,6 +2425,12 @@ gotten: +@@ -2225,6 +2432,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -95681,7 +96463,7 @@ index d5f2ae9..4d678b2 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2271,6 +2484,10 @@ gotten: +@@ -2278,6 +2491,10 @@ gotten: page_remove_rmap(old_page); } @@ -95692,7 +96474,7 @@ index d5f2ae9..4d678b2 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -2545,6 +2762,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2552,6 +2769,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -95704,7 +96486,7 @@ index d5f2ae9..4d678b2 100644 unlock_page(page); if (page != swapcache) { /* -@@ -2568,6 +2790,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2575,6 +2797,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -95716,7 +96498,7 @@ index d5f2ae9..4d678b2 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -2587,40 +2814,6 @@ out_release: +@@ -2594,40 +2821,6 @@ out_release: } /* @@ -95739,7 +96521,7 @@ index d5f2ae9..4d678b2 100644 - if (prev && prev->vm_end == address) - return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM; - -- expand_downwards(vma, address - PAGE_SIZE); +- return expand_downwards(vma, address - PAGE_SIZE); - } - if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) { - struct vm_area_struct *next = vma->vm_next; @@ -95748,7 +96530,7 @@ index d5f2ae9..4d678b2 100644 - if (next && next->vm_start == address + PAGE_SIZE) - return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM; - -- expand_upwards(vma, address + PAGE_SIZE); +- return expand_upwards(vma, address + PAGE_SIZE); - } - return 0; -} @@ -95757,7 +96539,7 @@ index d5f2ae9..4d678b2 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -2630,27 +2823,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2637,27 +2830,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned int flags) { struct mem_cgroup *memcg; @@ -95770,7 +96552,7 @@ index d5f2ae9..4d678b2 100644 - - /* Check if we need to add a guard page to the stack */ - if (check_stack_guard_page(vma, address) < 0) -- return VM_FAULT_SIGBUS; +- return VM_FAULT_SIGSEGV; - - /* Use the zero-page for reads */ if (!(flags & FAULT_FLAG_WRITE)) { @@ -95790,7 +96572,7 @@ index d5f2ae9..4d678b2 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -2674,6 +2863,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2681,6 +2870,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -95802,7 +96584,7 @@ index d5f2ae9..4d678b2 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); mem_cgroup_commit_charge(page, memcg, false); -@@ -2683,6 +2877,12 @@ setpte: +@@ -2690,6 +2884,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -95815,7 +96597,7 @@ index d5f2ae9..4d678b2 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -2913,6 +3113,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2920,6 +3120,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, return ret; } do_set_pte(vma, address, fault_page, pte, false, false); @@ -95827,7 +96609,7 @@ index d5f2ae9..4d678b2 100644 unlock_page(fault_page); unlock_out: pte_unmap_unlock(pte, ptl); -@@ -2955,7 +3160,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2962,7 +3167,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, page_cache_release(fault_page); goto uncharge_out; } @@ -95846,7 +96628,7 @@ index d5f2ae9..4d678b2 100644 mem_cgroup_commit_charge(new_page, memcg, false); lru_cache_add_active_or_unevictable(new_page, vma); pte_unmap_unlock(pte, ptl); -@@ -3005,6 +3221,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3012,6 +3228,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, return ret; } do_set_pte(vma, address, fault_page, pte, true, false); @@ -95858,7 +96640,7 @@ index d5f2ae9..4d678b2 100644 pte_unmap_unlock(pte, ptl); if (set_page_dirty(fault_page)) -@@ -3246,6 +3467,12 @@ static int handle_pte_fault(struct mm_struct *mm, +@@ -3253,6 +3474,12 @@ static int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -95871,7 +96653,7 @@ index d5f2ae9..4d678b2 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3265,9 +3492,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3272,9 +3499,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -95913,7 +96695,7 @@ index d5f2ae9..4d678b2 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3401,6 +3660,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3408,6 +3667,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -95937,7 +96719,7 @@ index d5f2ae9..4d678b2 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3431,6 +3707,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3438,6 +3714,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -95968,7 +96750,7 @@ index d5f2ae9..4d678b2 100644 #endif /* __PAGETABLE_PMD_FOLDED */ static int __follow_pte(struct mm_struct *mm, unsigned long address, -@@ -3540,8 +3840,8 @@ out: +@@ -3547,8 +3847,8 @@ out: return ret; } @@ -95979,7 +96761,7 @@ index d5f2ae9..4d678b2 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -3567,8 +3867,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); +@@ -3574,8 +3874,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -95990,7 +96772,7 @@ index d5f2ae9..4d678b2 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -3576,7 +3876,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3583,7 +3883,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -95999,7 +96781,7 @@ index d5f2ae9..4d678b2 100644 void *maddr; struct page *page = NULL; -@@ -3637,8 +3937,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3644,8 +3944,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -96010,7 +96792,7 @@ index d5f2ae9..4d678b2 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -3648,11 +3948,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -3655,11 +3955,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -96191,7 +96973,7 @@ index 73cf098..ab547c7 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index ae91989..d8308c7 100644 +index 1620adb..6b35ac8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -41,6 +41,7 @@ @@ -96256,6 +97038,24 @@ index ae91989..d8308c7 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. +@@ -152,7 +173,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed); + */ + int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + { +- unsigned long free, allowed, reserve; ++ long free, allowed, reserve; + + VM_WARN_ONCE(percpu_counter_read(&vm_committed_as) < + -(s64)vm_committed_as_batch * num_online_cpus(), +@@ -220,7 +241,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + */ + if (mm) { + reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); +- allowed -= min(mm->total_vm / 32, reserve); ++ allowed -= min_t(long, mm->total_vm / 32, reserve); + } + + if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -274,6 +295,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; @@ -96850,15 +97650,17 @@ index ae91989..d8308c7 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2106,6 +2412,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns - return -ENOMEM; +@@ -2107,8 +2413,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns /* Stack limit test */ -+ gr_learn_resource(current, RLIMIT_STACK, size, 1); - if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) + actual_size = size; +- if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN))) +- actual_size -= PAGE_SIZE; ++ gr_learn_resource(current, RLIMIT_STACK, actual_size, 1); + if (actual_size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2116,6 +2423,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2119,6 +2424,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -96866,7 +97668,7 @@ index ae91989..d8308c7 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2145,37 +2453,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2148,37 +2454,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -96924,7 +97726,7 @@ index ae91989..d8308c7 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2210,6 +2529,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2213,6 +2530,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -96933,7 +97735,7 @@ index ae91989..d8308c7 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma, vma->vm_flags); validate_mm(vma->vm_mm); -@@ -2224,6 +2545,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2227,6 +2546,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -96942,7 +97744,7 @@ index ae91989..d8308c7 100644 /* * We must make sure the anon_vma is allocated -@@ -2237,6 +2560,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2240,6 +2561,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -96958,7 +97760,7 @@ index ae91989..d8308c7 100644 vma_lock_anon_vma(vma); /* -@@ -2246,9 +2578,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2249,9 +2579,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -96977,7 +97779,7 @@ index ae91989..d8308c7 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2273,13 +2613,27 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2276,13 +2614,27 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -97005,7 +97807,7 @@ index ae91989..d8308c7 100644 khugepaged_enter_vma_merge(vma, vma->vm_flags); validate_mm(vma->vm_mm); return error; -@@ -2377,6 +2731,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2380,6 +2732,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -97019,7 +97821,7 @@ index ae91989..d8308c7 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2421,6 +2782,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2424,6 +2783,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -97036,7 +97838,7 @@ index ae91989..d8308c7 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2448,14 +2819,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2451,14 +2820,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -97070,7 +97872,7 @@ index ae91989..d8308c7 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2468,6 +2858,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2471,6 +2859,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -97093,7 +97895,7 @@ index ae91989..d8308c7 100644 err = vma_dup_policy(vma, new); if (err) goto out_free_vma; -@@ -2488,6 +2894,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2491,6 +2895,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -97132,7 +97934,7 @@ index ae91989..d8308c7 100644 /* Success. */ if (!err) return 0; -@@ -2497,10 +2935,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2500,10 +2936,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -97152,7 +97954,7 @@ index ae91989..d8308c7 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2513,6 +2959,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2516,6 +2960,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -97168,7 +97970,7 @@ index ae91989..d8308c7 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2524,11 +2979,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2527,11 +2980,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge */ @@ -97199,7 +98001,7 @@ index ae91989..d8308c7 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2604,6 +3078,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2607,6 +3079,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -97208,7 +98010,7 @@ index ae91989..d8308c7 100644 return 0; } -@@ -2612,6 +3088,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2615,6 +3089,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -97222,7 +98024,7 @@ index ae91989..d8308c7 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2625,16 +3108,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2628,16 +3109,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -97239,7 +98041,7 @@ index ae91989..d8308c7 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2648,6 +3121,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2651,6 +3122,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node **rb_link, *rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -97247,7 +98049,7 @@ index ae91989..d8308c7 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2655,10 +3129,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2658,10 +3130,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -97272,7 +98074,7 @@ index ae91989..d8308c7 100644 error = mlock_future_check(mm, mm->def_flags, len); if (error) return error; -@@ -2672,21 +3160,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2675,21 +3161,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -97297,7 +98099,7 @@ index ae91989..d8308c7 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2700,7 +3187,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2703,7 +3188,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -97306,7 +98108,7 @@ index ae91989..d8308c7 100644 return -ENOMEM; } -@@ -2714,10 +3201,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2717,10 +3202,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -97320,7 +98122,7 @@ index ae91989..d8308c7 100644 return addr; } -@@ -2779,6 +3267,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2782,6 +3268,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -97328,7 +98130,7 @@ index ae91989..d8308c7 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2796,6 +3285,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2799,6 +3286,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -97342,7 +98144,7 @@ index ae91989..d8308c7 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2819,7 +3315,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2822,7 +3316,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -97364,7 +98166,7 @@ index ae91989..d8308c7 100644 return 0; } -@@ -2838,6 +3348,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2841,6 +3349,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; bool faulted_in_anon_vma = true; @@ -97373,7 +98175,7 @@ index ae91989..d8308c7 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2902,6 +3414,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2905,6 +3415,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -97413,7 +98215,7 @@ index ae91989..d8308c7 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2913,6 +3458,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2916,6 +3459,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -97421,7 +98223,7 @@ index ae91989..d8308c7 100644 if (cur + npages > lim) return 0; return 1; -@@ -2995,6 +3541,22 @@ static struct vm_area_struct *__install_special_mapping( +@@ -2998,6 +3542,22 @@ static struct vm_area_struct *__install_special_mapping( vma->vm_start = addr; vma->vm_end = addr + len; @@ -97674,7 +98476,7 @@ index ace9345..63320dc 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index b147f66..98a695a 100644 +index b147f66..98a695ab 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -144,6 +144,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, @@ -97781,7 +98583,7 @@ index b147f66..98a695a 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index bd1808e..b63d87c 100644 +index bd1808e..22cbc6a 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -70,7 +70,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; @@ -97816,6 +98618,24 @@ index bd1808e..b63d87c 100644 *region = *vma->vm_region; new->vm_region = region; +@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range); + */ + int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + { +- unsigned long free, allowed, reserve; ++ long free, allowed, reserve; + + vm_acct_memory(pages); + +@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + */ + if (mm) { + reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); +- allowed -= min(mm->total_vm / 32, reserve); ++ allowed -= min_t(long, mm->total_vm / 32, reserve); + } + + if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -2002,8 +1993,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -97848,7 +98668,7 @@ index bd1808e..b63d87c 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index 19ceae8..70848ee 100644 +index 437174a..8b86707 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -664,7 +664,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, @@ -98152,7 +98972,7 @@ index 3e4c721..a5e3e39 100644 /* diff --git a/mm/shmem.c b/mm/shmem.c -index 185836b..d7255a1 100644 +index 0b4ba55..bcef4ae 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -33,7 +33,7 @@ @@ -100163,18 +100983,9 @@ index 1e80539..676c37a 100644 if (ogm_packet->flags & BATADV_DIRECTLINK) has_directlink_flag = true; diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c -index fc1835c..42f2c2f 100644 +index 00f9e14..e1c7203 100644 --- a/net/batman-adv/fragmentation.c +++ b/net/batman-adv/fragmentation.c -@@ -251,7 +251,7 @@ batadv_frag_merge_packets(struct hlist_head *chain, struct sk_buff *skb) - kfree(entry); - - /* Make room for the rest of the fragments. */ -- if (pskb_expand_head(skb_out, 0, size - skb->len, GFP_ATOMIC) < 0) { -+ if (pskb_expand_head(skb_out, 0, size - skb_out->len, GFP_ATOMIC) < 0) { - kfree_skb(skb_out); - skb_out = NULL; - goto free; @@ -450,7 +450,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb, frag_header.packet_type = BATADV_UNICAST_FRAG; frag_header.version = BATADV_COMPAT_VERSION; @@ -100256,7 +101067,7 @@ index 8854c05..ee5d5497 100644 atomic_t batman_queue_left; char num_ifaces; diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c -index c2e0d14..bfa852b 100644 +index cfbb39e..0bbfc9d 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -367,7 +367,6 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, @@ -100786,7 +101597,7 @@ index fdbc9a8..cd6972c 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 945bbd0..8b1a370 100644 +index 8440968..e14d2b7 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1683,14 +1683,14 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -100806,7 +101617,7 @@ index 945bbd0..8b1a370 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2985,7 +2985,7 @@ recursion_alert: +@@ -2994,7 +2994,7 @@ recursion_alert: drop: rcu_read_unlock_bh(); @@ -100815,7 +101626,7 @@ index 945bbd0..8b1a370 100644 kfree_skb_list(skb); return rc; out: -@@ -3328,7 +3328,7 @@ enqueue: +@@ -3337,7 +3337,7 @@ enqueue: local_irq_restore(flags); @@ -100824,7 +101635,7 @@ index 945bbd0..8b1a370 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3405,7 +3405,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3414,7 +3414,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -100833,7 +101644,7 @@ index 945bbd0..8b1a370 100644 { struct softnet_data *sd = this_cpu_ptr(&softnet_data); -@@ -3738,7 +3738,7 @@ ncls: +@@ -3747,7 +3747,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -100842,7 +101653,7 @@ index 945bbd0..8b1a370 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -4502,7 +4502,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4511,7 +4511,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -100851,7 +101662,25 @@ index 945bbd0..8b1a370 100644 { struct softnet_data *sd = this_cpu_ptr(&softnet_data); unsigned long time_limit = jiffies + 2; -@@ -6548,8 +6548,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5247,7 +5247,7 @@ void netdev_upper_dev_unlink(struct net_device *dev, + } + EXPORT_SYMBOL(netdev_upper_dev_unlink); + +-void netdev_adjacent_add_links(struct net_device *dev) ++static void netdev_adjacent_add_links(struct net_device *dev) + { + struct netdev_adjacent *iter; + +@@ -5272,7 +5272,7 @@ void netdev_adjacent_add_links(struct net_device *dev) + } + } + +-void netdev_adjacent_del_links(struct net_device *dev) ++static void netdev_adjacent_del_links(struct net_device *dev) + { + struct netdev_adjacent *iter; + +@@ -6557,8 +6557,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -100862,6 +101691,15 @@ index 945bbd0..8b1a370 100644 return storage; } EXPORT_SYMBOL(dev_get_stats); +@@ -6574,7 +6574,7 @@ struct netdev_queue *dev_ingress_queue_create(struct net_device *dev) + if (!queue) + return NULL; + netdev_init_one_queue(dev, queue, NULL); +- queue->qdisc = &noop_qdisc; ++ RCU_INIT_POINTER(queue->qdisc, &noop_qdisc); + queue->qdisc_sleeping = &noop_qdisc; + rcu_assign_pointer(dev->ingress_queue, queue); + #endif diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c index 72e899a..79a9409 100644 --- a/net/core/dev_ioctl.c @@ -100917,7 +101755,7 @@ index 647b122..18a7ff6 100644 fp->len = fprog->len; /* Since unattached filters are not copied back to user diff --git a/net/core/flow.c b/net/core/flow.c -index a0348fd..6951c76 100644 +index a0348fd..340f65d 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -65,7 +65,7 @@ static void flow_cache_new_hashrnd(unsigned long arg) @@ -100947,6 +101785,15 @@ index a0348fd..6951c76 100644 if (!IS_ERR(flo)) fle->object = flo; else +@@ -379,7 +379,7 @@ done: + static void flow_cache_flush_task(struct work_struct *work) + { + struct netns_xfrm *xfrm = container_of(work, struct netns_xfrm, +- flow_cache_gc_work); ++ flow_cache_flush_work); + struct net *net = container_of(xfrm, struct net, xfrm); + + flow_cache_flush(net); diff --git a/net/core/iovec.c b/net/core/iovec.c index e1ec45a..e5c6f16 100644 --- a/net/core/iovec.c @@ -101219,7 +102066,7 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 32e31c2..e981248 100644 +index d7543d0..ff96aec 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -2025,7 +2025,7 @@ EXPORT_SYMBOL(__skb_checksum); @@ -101808,6 +102655,20 @@ index 241afd7..31b95d5 100644 p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW; p->rate_tokens = 0; /* 60*HZ is arbitrary, but chosen enough high so that the first +diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c +index 3a83ce5..787b3c2 100644 +--- a/net/ipv4/ip_forward.c ++++ b/net/ipv4/ip_forward.c +@@ -129,7 +129,8 @@ int ip_forward(struct sk_buff *skb) + * We now generate an ICMP HOST REDIRECT giving the route + * we calculated. + */ +- if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb_sec_path(skb)) ++ if (IPCB(skb)->flags & IPSKB_DOREDIRECT && !opt->srr && ++ !skb_sec_path(skb)) + ip_rt_send_redirect(skb); + + skb->priority = rt_tos2priority(iph->tos); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 2811cc1..ad5a534 100644 --- a/net/ipv4/ip_fragment.c @@ -101860,7 +102721,7 @@ index 2811cc1..ad5a534 100644 return -ENOMEM; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c -index 12055fd..df852c4 100644 +index 69aaf0a..8298c029 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -115,7 +115,7 @@ static bool log_ecn_error = true; @@ -101872,7 +102733,7 @@ index 12055fd..df852c4 100644 static int ipgre_tunnel_init(struct net_device *dev); static int ipgre_net_id __read_mostly; -@@ -815,7 +815,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { +@@ -816,7 +816,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_ENCAP_DPORT] = { .type = NLA_U16 }, }; @@ -101881,7 +102742,7 @@ index 12055fd..df852c4 100644 .kind = "gre", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, -@@ -829,7 +829,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { +@@ -830,7 +830,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { .fill_info = ipgre_fill_info, }; @@ -101915,11 +102776,42 @@ index 3d4da2c..40f9c29 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); } +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index bc6471d..c5e8a0c 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -1517,6 +1517,7 @@ static DEFINE_PER_CPU(struct inet_sock, unicast_sock) = { + .sk_wmem_alloc = ATOMIC_INIT(1), + .sk_allocation = GFP_ATOMIC, + .sk_flags = (1UL << SOCK_USE_WRITE_QUEUE), ++ .sk_pacing_rate = ~0U, + }, + .pmtudisc = IP_PMTUDISC_WANT, + .uc_ttl = -1, diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 9daf217..dc6972d 100644 +index 9daf217..373d454 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -1177,7 +1177,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -443,15 +443,12 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) + + memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); + sin = &errhdr.offender; +- sin->sin_family = AF_UNSPEC; ++ memset(sin, 0, sizeof(*sin)); ++ + if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) { +- struct inet_sock *inet = inet_sk(sk); +- + sin->sin_family = AF_INET; + sin->sin_addr.s_addr = ip_hdr(skb)->saddr; +- sin->sin_port = 0; +- memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); +- if (inet->cmsg_flags) ++ if (inet_sk(sk)->cmsg_flags) + ip_cmsg_recv(msg, skb); + } + +@@ -1177,7 +1174,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -101929,7 +102821,7 @@ index 9daf217..dc6972d 100644 return -EFAULT; return 0; } -@@ -1308,7 +1309,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1308,7 +1306,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -102125,7 +103017,7 @@ index e90f83a..3e6acca 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 5d740cc..b2842b9 100644 +index 5d740cc..22c8e65 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -102177,7 +103069,20 @@ index 5d740cc..b2842b9 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1105,7 +1105,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -965,8 +965,11 @@ void ping_rcv(struct sk_buff *skb) + + sk = ping_lookup(net, skb, ntohs(icmph->un.echo.id)); + if (sk != NULL) { ++ struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); ++ + pr_debug("rcv on socket %p\n", sk); +- ping_queue_rcv_skb(sk, skb_get(skb)); ++ if (skb2) ++ ping_queue_rcv_skb(sk, skb2); + sock_put(sk); + return; + } +@@ -1105,7 +1108,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -102242,7 +103147,7 @@ index 739db31..74f0210 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 6a2155b..d426880 100644 +index 6a2155b..47de388 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -102295,7 +103200,31 @@ index 6a2155b..d426880 100644 } EXPORT_SYMBOL(ip_idents_reserve); -@@ -2624,34 +2624,34 @@ static struct ctl_table ipv4_route_flush_table[] = { +@@ -1554,11 +1554,10 @@ static int __mkroute_input(struct sk_buff *skb, + + do_cache = res->fi && !itag; + if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) && ++ skb->protocol == htons(ETH_P_IP) && + (IN_DEV_SHARED_MEDIA(out_dev) || +- inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) { +- flags |= RTCF_DOREDIRECT; +- do_cache = false; +- } ++ inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) ++ IPCB(skb)->flags |= IPSKB_DOREDIRECT; + + if (skb->protocol != htons(ETH_P_IP)) { + /* Not IP (i.e. ARP). Do not create route, if it is +@@ -2303,6 +2302,8 @@ static int rt_fill_info(struct net *net, __be32 dst, __be32 src, + r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED; + if (rt->rt_flags & RTCF_NOTIFY) + r->rtm_flags |= RTM_F_NOTIFY; ++ if (IPCB(skb)->flags & IPSKB_DOREDIRECT) ++ r->rtm_flags |= RTCF_DOREDIRECT; + + if (nla_put_be32(skb, RTA_DST, dst)) + goto nla_put_failure; +@@ -2624,34 +2625,34 @@ static struct ctl_table ipv4_route_flush_table[] = { .maxlen = sizeof(int), .mode = 0200, .proc_handler = ipv4_sysctl_rtcache_flush, @@ -102338,7 +103267,7 @@ index 6a2155b..d426880 100644 err_dup: return -ENOMEM; } -@@ -2674,8 +2674,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2674,8 +2675,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -102349,7 +103278,7 @@ index 6a2155b..d426880 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; -@@ -2718,11 +2718,7 @@ int __init ip_rt_init(void) +@@ -2718,11 +2719,7 @@ int __init ip_rt_init(void) { int rc = 0; @@ -102795,7 +103724,7 @@ index 6156f68..d6ab46d 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 0169ccf..50d7b04 100644 +index 0169ccf..6f14338 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -171,7 +171,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { @@ -102868,7 +103797,30 @@ index 0169ccf..50d7b04 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4788,7 +4795,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4536,6 +4543,22 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token) + return 0; + } + ++static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = { ++ [IFLA_INET6_ADDR_GEN_MODE] = { .type = NLA_U8 }, ++ [IFLA_INET6_TOKEN] = { .len = sizeof(struct in6_addr) }, ++}; ++ ++static int inet6_validate_link_af(const struct net_device *dev, ++ const struct nlattr *nla) ++{ ++ struct nlattr *tb[IFLA_INET6_MAX + 1]; ++ ++ if (dev && !__in6_dev_get(dev)) ++ return -EAFNOSUPPORT; ++ ++ return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy); ++} ++ + static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla) + { + int err = -EINVAL; +@@ -4788,7 +4811,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) rt_genid_bump_ipv6(net); break; } @@ -102877,7 +103829,7 @@ index 0169ccf..50d7b04 100644 } static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) -@@ -4808,7 +4815,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4808,7 +4831,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -102886,7 +103838,7 @@ index 0169ccf..50d7b04 100644 int ret; /* -@@ -4893,7 +4900,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4893,7 +4916,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -102895,6 +103847,14 @@ index 0169ccf..50d7b04 100644 int ret; /* +@@ -5351,6 +5374,7 @@ static struct rtnl_af_ops inet6_ops = { + .family = AF_INET6, + .fill_link_af = inet6_fill_link_af, + .get_link_af_size = inet6_get_link_af_size, ++ .validate_link_af = inet6_validate_link_af, + .set_link_af = inet6_set_link_af, + }; + diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index e8c4400..a4cd5da 100644 --- a/net/ipv6/af_inet6.c @@ -102909,10 +103869,38 @@ index e8c4400..a4cd5da 100644 err = ipv6_init_mibs(net); if (err) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c -index 2cdc383..09cffb8 100644 +index 2cdc383..4f1b785 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c -@@ -928,5 +928,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, +@@ -383,11 +383,10 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) + + memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); + sin = &errhdr.offender; +- sin->sin6_family = AF_UNSPEC; ++ memset(sin, 0, sizeof(*sin)); ++ + if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL) { + sin->sin6_family = AF_INET6; +- sin->sin6_flowinfo = 0; +- sin->sin6_port = 0; + if (np->rxopt.all) + ip6_datagram_recv_common_ctl(sk, msg, skb); + if (skb->protocol == htons(ETH_P_IPV6)) { +@@ -398,12 +397,9 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) + ipv6_iface_scope_id(&sin->sin6_addr, + IP6CB(skb)->iif); + } else { +- struct inet_sock *inet = inet_sk(sk); +- + ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, + &sin->sin6_addr); +- sin->sin6_scope_id = 0; +- if (inet->cmsg_flags) ++ if (inet_sk(sk)->cmsg_flags) + ip_cmsg_recv(msg, skb); + } + } +@@ -928,5 +924,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -102949,7 +103937,7 @@ index b2d1838..0194c04 100644 return new; } diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index 0e32d2e..98cbe65 100644 +index 0e32d2e..dd45cdc 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -71,8 +71,8 @@ struct ip6gre_net { @@ -102963,6 +103951,24 @@ index 0e32d2e..98cbe65 100644 static int ip6gre_tunnel_init(struct net_device *dev); static void ip6gre_tunnel_setup(struct net_device *dev); static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); +@@ -417,7 +417,7 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + if (code == ICMPV6_HDR_FIELD) + teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data); + +- if (teli && teli == info - 2) { ++ if (teli && teli == be32_to_cpu(info) - 2) { + tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli]; + if (tel->encap_limit == 0) { + net_warn_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n", +@@ -429,7 +429,7 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + } + break; + case ICMPV6_PKT_TOOBIG: +- mtu = info - offset; ++ mtu = be32_to_cpu(info) - offset; + if (mtu < IPV6_MIN_MTU) + mtu = IPV6_MIN_MTU; + t->dev->mtu = mtu; @@ -1289,7 +1289,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) } @@ -103329,10 +104335,25 @@ index 1a157ca..9fc05f4 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index a318dd89..7ecfea6 100644 +index a318dd89..42a612c 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -2965,7 +2965,7 @@ struct ctl_table ipv6_route_table_template[] = { +@@ -1150,12 +1150,9 @@ static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, + struct net *net = dev_net(dst->dev); + + rt6->rt6i_flags |= RTF_MODIFIED; +- if (mtu < IPV6_MIN_MTU) { +- u32 features = dst_metric(dst, RTAX_FEATURES); ++ if (mtu < IPV6_MIN_MTU) + mtu = IPV6_MIN_MTU; +- features |= RTAX_FEATURE_ALLFRAG; +- dst_metric_set(dst, RTAX_FEATURES, features); +- } ++ + dst_metric_set(dst, RTAX_MTU, mtu); + rt6_update_expires(rt6, net->ipv6.sysctl.ip6_rt_mtu_expires); + } +@@ -2965,7 +2962,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -103342,7 +104363,7 @@ index a318dd89..7ecfea6 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index a24557a..00a9ed1 100644 +index a24557a..ade77d3 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -103354,6 +104375,33 @@ index a24557a..00a9ed1 100644 static int sit_net_id __read_mostly; struct sit_net { +@@ -1505,12 +1505,12 @@ static bool ipip6_netlink_encap_parms(struct nlattr *data[], + + if (data[IFLA_IPTUN_ENCAP_SPORT]) { + ret = true; +- ipencap->sport = nla_get_u16(data[IFLA_IPTUN_ENCAP_SPORT]); ++ ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]); + } + + if (data[IFLA_IPTUN_ENCAP_DPORT]) { + ret = true; +- ipencap->dport = nla_get_u16(data[IFLA_IPTUN_ENCAP_DPORT]); ++ ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]); + } + + return ret; +@@ -1706,9 +1706,9 @@ static int ipip6_fill_info(struct sk_buff *skb, const struct net_device *dev) + + if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE, + tunnel->encap.type) || +- nla_put_u16(skb, IFLA_IPTUN_ENCAP_SPORT, ++ nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT, + tunnel->encap.sport) || +- nla_put_u16(skb, IFLA_IPTUN_ENCAP_DPORT, ++ nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT, + tunnel->encap.dport) || + nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS, + tunnel->encap.dport)) @@ -1750,7 +1750,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) unregister_netdevice_queue(dev, head); } @@ -103377,7 +104425,7 @@ index c5c10fa..2577d51 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index c277951..c7ee5bf 100644 +index c113602..0cccb46 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -103401,10 +104449,10 @@ index c277951..c7ee5bf 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1434,12 +1441,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1441,12 +1448,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest, - tcp_v6_iif(skb)); + inet6_iif(skb)); - if (!sk) + if (!sk) { +#ifdef CONFIG_GRKERNSEC_BLACKHOLE @@ -103424,7 +104472,7 @@ index c277951..c7ee5bf 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1486,6 +1501,10 @@ csum_error: +@@ -1497,6 +1512,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -103488,10 +104536,10 @@ index f6ba535..b41033f 100644 kfree_skb(skb); diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c -index 5f98364..5ca982a 100644 +index 5f98364..691985a 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c -@@ -130,8 +130,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) +@@ -130,12 +130,18 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) { struct flowi6 *fl6 = &fl->u.ip6; int onlyproto = 0; @@ -103500,8 +104548,19 @@ index 5f98364..5ca982a 100644 + u16 offset = sizeof(*hdr); struct ipv6_opt_hdr *exthdr; const unsigned char *nh = skb_network_header(skb); - u8 nexthdr = nh[IP6CB(skb)->nhoff]; -@@ -217,11 +217,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) +- u8 nexthdr = nh[IP6CB(skb)->nhoff]; ++ u16 nhoff = IP6CB(skb)->nhoff; + int oif = 0; ++ u8 nexthdr; ++ ++ if (!nhoff) ++ nhoff = offsetof(struct ipv6hdr, nexthdr); ++ ++ nexthdr = nh[nhoff]; + + if (skb_dst(skb)) + oif = skb_dst(skb)->dev->ifindex; +@@ -217,11 +223,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) } } @@ -103515,7 +104574,7 @@ index 5f98364..5ca982a 100644 return dst_entries_get_fast(ops) > ops->gc_thresh * 2; } -@@ -334,19 +334,19 @@ static struct ctl_table xfrm6_policy_table[] = { +@@ -334,19 +340,19 @@ static struct ctl_table xfrm6_policy_table[] = { static int __net_init xfrm6_net_init(struct net *net) { @@ -103540,7 +104599,7 @@ index 5f98364..5ca982a 100644 if (!hdr) goto err_reg; -@@ -354,8 +354,7 @@ static int __net_init xfrm6_net_init(struct net *net) +@@ -354,8 +360,7 @@ static int __net_init xfrm6_net_init(struct net *net) return 0; err_reg: @@ -103930,7 +104989,7 @@ index 0de7c93..884b2ca 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 4c5192e..04cc0d8 100644 +index 4a95fe3..0bfd713 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c @@ -12,7 +12,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) @@ -103951,7 +105010,7 @@ index 4c5192e..04cc0d8 100644 if (local->wowlan) { int err = drv_suspend(local, wowlan); if (err < 0) { -@@ -125,7 +125,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -126,7 +126,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) WARN_ON(!list_empty(&local->chanctx_list)); /* stop hardware - this must stop RX */ @@ -104254,10 +105313,10 @@ index a4b5e2a..13b1de3 100644 table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index 5016a69..594f8e9 100644 +index c588012..b0d4ef8 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -1739,6 +1739,10 @@ void nf_conntrack_init_end(void) +@@ -1737,6 +1737,10 @@ void nf_conntrack_init_end(void) #define DYING_NULLS_VAL ((1<<30)+1) #define TEMPLATE_NULLS_VAL ((1<<30)+2) @@ -104268,7 +105327,7 @@ index 5016a69..594f8e9 100644 int nf_conntrack_init_net(struct net *net) { int ret = -ENOMEM; -@@ -1764,7 +1768,11 @@ int nf_conntrack_init_net(struct net *net) +@@ -1762,7 +1766,11 @@ int nf_conntrack_init_net(struct net *net) if (!net->ct.stat) goto err_pcpu_lists; @@ -104400,6 +105459,22 @@ index c68c1e5..8b5d670 100644 mutex_unlock(&nf_sockopt_mutex); } EXPORT_SYMBOL(nf_unregister_sockopt); +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index 71b574c..d319e8b 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -1134,9 +1134,11 @@ static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr) + /* Restore old counters on this cpu, no problem. Per-cpu statistics + * are not exposed to userspace. + */ ++ preempt_disable(); + stats = this_cpu_ptr(newstats); + stats->bytes = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES])); + stats->pkts = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS])); ++ preempt_enable(); + + return newstats; + } diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 5f1be5b..2cba8cd 100644 --- a/net/netfilter/nfnetlink_log.c @@ -104545,7 +105620,7 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index b6bf8e8..7884ddf 100644 +index 79c965a..ee2b76d 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -273,7 +273,7 @@ static void netlink_overrun(struct sock *sk) @@ -104557,7 +105632,7 @@ index b6bf8e8..7884ddf 100644 } static void netlink_rcv_wake(struct sock *sk) -@@ -3010,7 +3010,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -2990,7 +2990,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, atomic_read(&s->sk_refcnt), @@ -104887,6 +105962,27 @@ index 48f8ffc..0ef3eec 100644 struct rds_sock { struct sock rs_sk; +diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c +index c3b0cd4..c173f69 100644 +--- a/net/rds/sysctl.c ++++ b/net/rds/sysctl.c +@@ -71,14 +71,14 @@ static struct ctl_table rds_sysctl_rds_table[] = { + { + .procname = "max_unacked_packets", + .data = &rds_sysctl_max_unacked_packets, +- .maxlen = sizeof(unsigned long), ++ .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, + { + .procname = "max_unacked_bytes", + .data = &rds_sysctl_max_unacked_bytes, +- .maxlen = sizeof(unsigned long), ++ .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, diff --git a/net/rds/tcp.c b/net/rds/tcp.c index edac9ef..16bcb98 100644 --- a/net/rds/tcp.c @@ -105178,6 +106274,71 @@ index f226709..0e735a8 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c +index aad6a67..baef987 100644 +--- a/net/sched/cls_api.c ++++ b/net/sched/cls_api.c +@@ -556,8 +556,9 @@ void tcf_exts_change(struct tcf_proto *tp, struct tcf_exts *dst, + } + EXPORT_SYMBOL(tcf_exts_change); + +-#define tcf_exts_first_act(ext) \ +- list_first_entry(&(exts)->actions, struct tc_action, list) ++#define tcf_exts_first_act(ext) \ ++ list_first_entry_or_null(&(exts)->actions, \ ++ struct tc_action, list) + + int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts) + { +@@ -603,7 +604,7 @@ int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts) + { + #ifdef CONFIG_NET_CLS_ACT + struct tc_action *a = tcf_exts_first_act(exts); +- if (tcf_action_copy_stats(skb, a, 1) < 0) ++ if (a != NULL && tcf_action_copy_stats(skb, a, 1) < 0) + return -1; + #endif + return 0; +diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c +index eed49d1..ce22514 100644 +--- a/net/sched/cls_bpf.c ++++ b/net/sched/cls_bpf.c +@@ -191,6 +191,11 @@ static int cls_bpf_modify_existing(struct net *net, struct tcf_proto *tp, + } + + bpf_size = bpf_len * sizeof(*bpf_ops); ++ if (bpf_size != nla_len(tb[TCA_BPF_OPS])) { ++ ret = -EINVAL; ++ goto errout; ++ } ++ + bpf_ops = kzalloc(bpf_size, GFP_KERNEL); + if (bpf_ops == NULL) { + ret = -ENOMEM; +@@ -226,15 +231,21 @@ static u32 cls_bpf_grab_new_handle(struct tcf_proto *tp, + struct cls_bpf_head *head) + { + unsigned int i = 0x80000000; ++ u32 handle; + + do { + if (++head->hgen == 0x7FFFFFFF) + head->hgen = 1; + } while (--i > 0 && cls_bpf_get(tp, head->hgen)); +- if (i == 0) ++ ++ if (unlikely(i == 0)) { + pr_err("Insufficient number of handles\n"); ++ handle = 0; ++ } else { ++ handle = head->hgen; ++ } + +- return i; ++ return handle; + } + + static int cls_bpf_change(struct net *net, struct sk_buff *in_skb, diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c index 6efca30..1259f82 100644 --- a/net/sched/sch_generic.c @@ -105200,6 +106361,18 @@ index 6efca30..1259f82 100644 linkwatch_fire_event(dev); } } +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index f791edd..26d06db 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -1182,7 +1182,6 @@ void sctp_assoc_update(struct sctp_association *asoc, + asoc->peer.peer_hmacs = new->peer.peer_hmacs; + new->peer.peer_hmacs = NULL; + +- sctp_auth_key_put(asoc->asoc_shared_key); + sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC); + } + diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 0e4198e..f94193e 100644 --- a/net/sctp/ipv6.c @@ -105288,10 +106461,39 @@ index fef2acd..c705c4f 100644 sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 634a2ab..8e93929 100644 +index 634a2ab..dfdaf9b 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -2199,11 +2199,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, +@@ -1603,7 +1603,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + sctp_assoc_t associd = 0; + sctp_cmsgs_t cmsgs = { NULL }; + sctp_scope_t scope; +- bool fill_sinfo_ttl = false; ++ bool fill_sinfo_ttl = false, wait_connect = false; + struct sctp_datamsg *datamsg; + int msg_flags = msg->msg_flags; + __u16 sinfo_flags = 0; +@@ -1943,6 +1943,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + if (err < 0) + goto out_free; + ++ wait_connect = true; + pr_debug("%s: we associated primitively\n", __func__); + } + +@@ -1980,6 +1981,11 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + sctp_datamsg_put(datamsg); + err = msg_len; + ++ if (unlikely(wait_connect)) { ++ timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT); ++ sctp_wait_for_connect(asoc, &timeo); ++ } ++ + /* If we are already past ASSOCIATE, the lower + * layers are responsible for association cleanup. + */ +@@ -2199,11 +2205,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, { struct sctp_association *asoc; struct sctp_ulpevent *event; @@ -105306,7 +106508,7 @@ index 634a2ab..8e93929 100644 if (sctp_sk(sk)->subscribe.sctp_data_io_event) pr_warn_ratelimited(DEPRECATED "%s (pid %d) " -@@ -4372,13 +4374,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, +@@ -4372,13 +4380,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -105324,7 +106526,7 @@ index 634a2ab..8e93929 100644 return -EFAULT; return 0; } -@@ -4396,6 +4401,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, +@@ -4396,6 +4407,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, */ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -105333,7 +106535,7 @@ index 634a2ab..8e93929 100644 /* Applicable to UDP-style socket only */ if (sctp_style(sk, TCP)) return -EOPNOTSUPP; -@@ -4404,7 +4411,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv +@@ -4404,7 +4417,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; @@ -105343,7 +106545,7 @@ index 634a2ab..8e93929 100644 return -EFAULT; return 0; } -@@ -4778,12 +4786,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, +@@ -4778,12 +4792,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, */ static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -105360,7 +106562,7 @@ index 634a2ab..8e93929 100644 return -EFAULT; return 0; } -@@ -4824,6 +4835,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4824,6 +4841,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, ->addr_to_user(sp, &temp); if (space_left < addrlen) return -ENOMEM; @@ -106473,6 +107675,19 @@ index 05a6e3d..6716ec9 100644 __xfrm_sysctl_init(net); +diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include +index 65e7b08..1b868d5 100644 +--- a/scripts/Kbuild.include ++++ b/scripts/Kbuild.include +@@ -144,7 +144,7 @@ cc-ifversion = $(shell [ $(call cc-version, $(CC)) $(1) $(2) ] && echo $(3)) + # cc-ldoption + # Usage: ldflags += $(call cc-ldoption, -Wl$(comma)--hash-style=both) + cc-ldoption = $(call try-run,\ +- $(CC) $(1) -nostdlib -x c /dev/null -o "$$TMP",$(1),$(2)) ++ $(CC) $(1) -Wl,-r -nostdlib -x c /dev/null -o "$$TMP",$(1),$(2)) + + # ld-option + # Usage: LDFLAGS += $(call ld-option, -X) diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 649ce68..f6bc05c 100644 --- a/scripts/Makefile.build @@ -106487,7 +107702,7 @@ index 649ce68..f6bc05c 100644 endif diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean -index b1c668d..638055f 100644 +index a609552..fde19cd 100644 --- a/scripts/Makefile.clean +++ b/scripts/Makefile.clean @@ -41,7 +41,8 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn)) @@ -106643,14 +107858,14 @@ index b304068..462d24e 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..42018ed +index 0000000..822fa9e --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,51 @@ +#!/bin/sh +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) -+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <&1 <= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 CXX @@ -106681,7 +107896,7 @@ index 0000000..42018ed +esac + +# we need a c++ compiler that supports the designated initializer GNU extension -+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <&1 <cons_lock); ++ key_put(key); + kleave(" = %d [prelink]", ret); + return ret; + diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c @@ -109281,10 +110508,10 @@ index 4c41c90..37f3631 100644 return snd_seq_device_register_driver(SNDRV_SEQ_DEV_ID_EMU10K1_SYNTH, &ops, sizeof(struct snd_emu10k1_synth_arg)); diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c -index 15e0089..ad6bc9b 100644 +index e708368..764dffe 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c -@@ -966,14 +966,10 @@ find_codec_preset(struct hda_codec *codec) +@@ -968,14 +968,10 @@ find_codec_preset(struct hda_codec *codec) mutex_unlock(&preset_mutex); if (mod_requested < HDA_MODREQ_MAX_COUNT) { @@ -109301,7 +110528,7 @@ index 15e0089..ad6bc9b 100644 mod_requested++; goto again; } -@@ -2800,7 +2796,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec, +@@ -2802,7 +2798,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec, /* FIXME: set_fs() hack for obtaining user-space TLV data */ mm_segment_t fs = get_fs(); set_fs(get_ds()); @@ -109848,10 +111075,10 @@ index 0000000..54461af +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..82bc5a8 +index 0000000..3b5af59 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,557 @@ +@@ -0,0 +1,558 @@ +/* + * Copyright 2011 by Emese Revfy + * Copyright 2011-2014 by PaX Team @@ -110285,7 +111512,8 @@ index 0000000..82bc5a8 +#if BUILDING_GCC_VERSION >= 4008 + .optinfo_flags = OPTGROUP_NONE, +#endif -+#if BUILDING_GCC_VERSION >= 4009 ++#if BUILDING_GCC_VERSION >= 5000 ++#elif BUILDING_GCC_VERSION >= 4009 + .has_gate = false, + .has_execute = true, +#else @@ -110393,8 +111621,8 @@ index 0000000..82bc5a8 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + -+ if (strcmp(lang_hooks.name, "GNU C")) { -+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); ++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { ++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); + constify = false; + } + @@ -117179,10 +118407,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..f38f762 +index 0000000..f2bd55d --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,6029 @@ +@@ -0,0 +1,6031 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -118158,6 +119386,7 @@ index 0000000..f38f762 +rd_build_prot_space_10761 rd_build_prot_space 2-3 10761 NULL +kvm_read_guest_atomic_10765 kvm_read_guest_atomic 4 10765 NULL +__qp_memcpy_to_queue_10779 __qp_memcpy_to_queue 2-4 10779 NULL ++ttm_dma_page_pool_free_10796 ttm_dma_page_pool_free 2-0 10796 NULL +diva_set_trace_filter_10820 diva_set_trace_filter 0-1 10820 NULL +lbs_sleepparams_read_10840 lbs_sleepparams_read 3 10840 NULL +ext4_direct_IO_10843 ext4_direct_IO 4 10843 NULL @@ -119448,6 +120677,7 @@ index 0000000..f38f762 +evdev_do_ioctl_24459 evdev_do_ioctl 2 24459 NULL +lbs_highsnr_write_24460 lbs_highsnr_write 3 24460 NULL +skb_copy_and_csum_datagram_iovec_24466 skb_copy_and_csum_datagram_iovec 2 24466 NULL ++ttm_page_pool_free_24486 ttm_page_pool_free 2-0 24486 NULL +dut_mode_read_24489 dut_mode_read 3 24489 NULL +read_file_spec_scan_ctl_24491 read_file_spec_scan_ctl 3 24491 NULL +pd_video_read_24510 pd_video_read 3 24510 NULL -- 2.39.2