A typical pattern in a Kbuild file looks like this:
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 479f332..2475ac2 100644
+index f4c71d4..66811b1 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1182,6 +1182,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
hashdist= [KNL,NUMA] Large hashes allocated during boot
are distributed across NUMA nodes. Defaults on
for 64-bit NUMA, off otherwise.
-@@ -2259,6 +2263,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2260,6 +2264,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
noexec=on: enable non-executable mappings (default)
noexec=off: disable non-executable mappings
nosmap [X86]
Disable SMAP (Supervisor Mode Access Prevention)
even if it is supported by processor.
-@@ -2551,6 +2559,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2552,6 +2560,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 8f73b41..320950a 100644
+index 0efae22..380e711 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
return addr;
}
diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c
-index 98838a0..b304fb4 100644
+index 9d0ac09..479a962 100644
--- a/arch/alpha/mm/fault.c
+++ b/arch/alpha/mm/fault.c
@@ -53,6 +53,124 @@ __load_new_mm_context(struct mm_struct *next_mm)
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index e22c119..8fa9957 100644
+index e22c119..eaa807d 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -18,17 +18,41 @@
+#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, , op1, op2, , ) \
+ __ATOMIC64_OP(op, _unchecked, op1, op2##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
+
-+#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2, post_op, extable) \
++#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2, post_op, extable) \
+static inline long long atomic64_##op##_return##suffix(long long i, atomic64##suffix##_t *v) \
{ \
long long result; \
#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
if (secure_computing() == -1)
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index c031063..e277ab8 100644
+index 306e1ac..1b477ed 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -104,21 +104,23 @@ EXPORT_SYMBOL(elf_hwcap);
- return page;
-}
diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
-index 13396d3..589d615 100644
+index a8e32aa..b2f7198 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -76,7 +76,7 @@ enum ipi_msg_type {
static int keystone_platform_notifier(struct notifier_block *nb,
diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
-index c31f4c0..c86224d 100644
+index 2ffccd4..69ffe115 100644
--- a/arch/arm/mach-mvebu/coherency.c
+++ b/arch/arm/mach-mvebu/coherency.c
@@ -316,7 +316,7 @@ static void __init armada_370_coherency_init(struct device_node *np)
#define CACHE_LINE_SIZE 32
diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c
-index 6eb97b3..ac509f6 100644
+index 4370933..e77848e 100644
--- a/arch/arm/mm/context.c
+++ b/arch/arm/mm/context.c
@@ -43,7 +43,7 @@
static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS);
static DEFINE_PER_CPU(atomic64_t, active_asids);
-@@ -182,7 +182,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
+@@ -178,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
{
static u32 cur_idx = 1;
u64 asid = atomic64_read(&mm->context.id);
if (asid != 0 && is_reserved_asid(asid)) {
/*
-@@ -203,7 +203,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
+@@ -199,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
*/
asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx);
if (asid == NUM_USER_ASIDS) {
&asid_generation);
flush_context(cpu);
asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1);
-@@ -234,14 +234,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
+@@ -230,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
cpu_set_reserved_ttbr0();
asid = atomic64_read(&mm->context.id);
#endif /* __ASM_AVR32_KMAP_TYPES_H */
diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c
-index 0eca933..eb78c7b 100644
+index d223a8b..69c5210 100644
--- a/arch/avr32/mm/fault.c
+++ b/arch/avr32/mm/fault.c
@@ -41,6 +41,23 @@ static inline int notify_page_fault(struct pt_regs *regs, int trap)
/*
* This routine handles page faults. It determines the address and the
* problem, and then passes it off to one of the appropriate routines.
-@@ -176,6 +193,16 @@ bad_area:
+@@ -178,6 +195,16 @@ bad_area:
up_read(&mm->mmap_sem);
if (user_mode(regs)) {
* ensure percpu data fits
* into percpu page size
diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c
-index 7225dad..2a7c8256 100644
+index ba5ba7a..36e9d3a 100644
--- a/arch/ia64/mm/fault.c
+++ b/arch/ia64/mm/fault.c
@@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned long address)
}
/* Arrange for an interrupt in a short while */
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
-index 22b19c2..c5cc8c4 100644
+index d255a2a..916271c 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -688,7 +688,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
if (kvm_mips_callbacks) {
kvm_err("kvm: module already exists\n");
diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c
-index becc42b..9e43d4b 100644
+index 70ab5d6..62940fe 100644
--- a/arch/mips/mm/fault.c
+++ b/arch/mips/mm/fault.c
@@ -28,6 +28,23 @@
/*
* This routine handles page faults. It determines the address,
* and the problem, and then passes it off to one of the appropriate
-@@ -199,6 +216,14 @@ bad_area:
+@@ -201,6 +218,14 @@ bad_area:
bad_area_nosemaphore:
/* User mode accesses just cause a SIGSEGV */
if (user_mode(regs)) {
fault_space = regs->iasq[0];
diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
-index 3ca9c11..d163ef7 100644
+index e5120e6..8ddb5cc 100644
--- a/arch/parisc/mm/fault.c
+++ b/arch/parisc/mm/fault.c
@@ -15,6 +15,7 @@
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index c998279..d13a9f8 100644
+index a68ee15..552d213 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
-@@ -251,6 +251,7 @@
+@@ -253,6 +253,7 @@
#define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */
#define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */
#define DSISR_NOHPTE 0x40000000 /* no translation found */
EXPORT_SYMBOL(copy_in_user);
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
-index 08d659a..ab329f4 100644
+index f06b56b..ffb2fb4 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -33,6 +33,10 @@
goto bad_area;
#endif /* CONFIG_PPC_STD_MMU */
-@@ -495,6 +526,23 @@ bad_area:
+@@ -497,6 +528,23 @@ bad_area:
bad_area_nosemaphore:
/* User mode accesses cause a SIGSEGV */
if (user_mode(regs)) {
obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o
obj-y += fault_$(BITS).o
diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c
-index 908e8c1..1524793 100644
+index 70d8171..274c6c0 100644
--- a/arch/sparc/mm/fault_32.c
+++ b/arch/sparc/mm/fault_32.c
@@ -21,6 +21,9 @@
if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
goto bad_area;
diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
-index 18fcd71..e4fe821 100644
+index 4798232..f76e3aa 100644
--- a/arch/sparc/mm/fault_64.c
+++ b/arch/sparc/mm/fault_64.c
@@ -22,6 +22,9 @@
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 41a503c..cf98b04 100644
+index 3635fff..c1f9fab 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -129,7 +129,7 @@ config X86
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -973,6 +974,7 @@ config VM86
+@@ -977,6 +978,7 @@ config VM86
config X86_16BIT
bool "Enable support for 16-bit segments" if EXPERT
default y
---help---
This option is required by programs like Wine to run 16-bit
-@@ -1128,6 +1130,7 @@ choice
+@@ -1132,6 +1134,7 @@ choice
config NOHIGHMEM
bool "off"
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1164,6 +1167,7 @@ config NOHIGHMEM
+@@ -1168,6 +1171,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1216,7 +1220,7 @@ config PAGE_OFFSET
+@@ -1220,7 +1224,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1631,6 +1635,7 @@ source kernel/Kconfig.hz
+@@ -1635,6 +1639,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1816,7 +1821,9 @@ config X86_NEED_RELOCS
+@@ -1820,7 +1825,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -1899,6 +1906,7 @@ config COMPAT_VDSO
+@@ -1903,6 +1910,7 @@ config COMPAT_VDSO
def_bool n
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
depends on X86_32 || IA32_EMULATION
+*** Please upgrade your binutils to 2.18 or newer
+endef
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
-index 5b016e2..04ef69c 100644
+index 3db07f3..9d81d0f 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
-@@ -55,6 +55,9 @@ endif
+@@ -56,6 +56,9 @@ clean-files += cpustr.h
# ---------------------------------------------------------------------------
KBUILD_CFLAGS := $(USERINCLUDE) $(REALMODE_CFLAGS) -D_SETUP
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index 45abc36..97bea2d 100644
+index 6a1a845..0ad2dae 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)
.quad 0x0000000000000000 /* TS continued */
gdt_end:
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
-index 30dd59a..cd9edc3 100644
+index 0c33a7c..be226ed 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -242,7 +242,7 @@ static void handle_relocations(void *output, unsigned long output_len)
break;
default: /* Ignore other PT_* */ break;
}
-@@ -402,7 +405,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
+@@ -404,7 +407,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
error("Destination address too large");
#endif
#ifndef CONFIG_RELOCATABLE
"6:\n"
".previous\n"
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
-index 50d033a..37deb26 100644
+index a94b82e..59ecefa 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -4,6 +4,7 @@
+ pax_close_kernel();
}
- #define _LDT_empty(info) \
-@@ -287,7 +300,7 @@ static inline void load_LDT(mm_context_t *pc)
+ /* This intentionally ignores lm, since 32-bit apps don't have that field. */
+@@ -295,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc)
preempt_enable();
}
{
return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
}
-@@ -311,7 +324,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
+@@ -319,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
}
#ifdef CONFIG_X86_64
{
gate_desc s;
-@@ -321,14 +334,14 @@ static inline void set_nmi_gate(int gate, void *addr)
+@@ -329,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr)
#endif
#ifdef CONFIG_TRACING
unsigned dpl, unsigned ist, unsigned seg)
{
gate_desc s;
-@@ -348,7 +361,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate)
+@@ -356,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate)
#define _trace_set_gate(gate, type, addr, dpl, ist, seg)
#endif
unsigned dpl, unsigned ist, unsigned seg)
{
gate_desc s;
-@@ -371,9 +384,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
+@@ -379,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
#define set_intr_gate(n, addr) \
do { \
BUG_ON((unsigned)n > 0xFF); \
0, 0, __KERNEL_CS); \
} while (0)
-@@ -401,19 +414,19 @@ static inline void alloc_system_vector(int vector)
+@@ -409,19 +422,19 @@ static inline void alloc_system_vector(int vector)
/*
* This routine sets up an interrupt gate at directory privilege level 3.
*/
{
BUG_ON((unsigned)n > 0xFF);
_set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS);
-@@ -422,16 +435,16 @@ static inline void set_trap_gate(unsigned int n, void *addr)
+@@ -430,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr)
static inline void set_task_gate(unsigned int n, unsigned int gdt_entry)
{
BUG_ON((unsigned)n > 0xFF);
{
BUG_ON((unsigned)n > 0xFF);
_set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
-@@ -503,4 +516,17 @@ static inline void load_current_idt(void)
+@@ -511,4 +524,17 @@ static inline void load_current_idt(void)
else
load_idt((const struct desc_ptr *)&idt_descr);
}
extern struct x86_init_ops x86_init;
extern struct x86_cpuinit_ops x86_cpuinit;
diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h
-index c949923..c22bfa4 100644
+index f58ef6c..a2abc78 100644
--- a/arch/x86/include/asm/xen/page.h
+++ b/arch/x86/include/asm/xen/page.h
@@ -63,7 +63,7 @@ extern int m2p_remove_override(struct page *page,
BLANK();
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
-index e27b49d..85b106c 100644
+index 80091ae..0c5184f 100644
--- a/arch/x86/kernel/cpu/Makefile
+++ b/arch/x86/kernel/cpu/Makefile
@@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg
wmb();
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
-index 15c2909..2cef20c 100644
+index 36a8361..e7058c2 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -518,7 +518,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
while (amd_iommu_v2_event_descs[i].attr.attr.name)
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
-index 944bf01..4a4392f 100644
+index 498b6d9..4126515 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -2353,10 +2353,10 @@ __init int intel_pmu_init(void)
intel_ds_init();
diff --git a/arch/x86/kernel/cpu/perf_event_intel_rapl.c b/arch/x86/kernel/cpu/perf_event_intel_rapl.c
-index d64f275..26522ff 100644
+index 8c25674..30aa32e 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_rapl.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_rapl.c
@@ -449,7 +449,7 @@ static struct attribute *rapl_events_hsw_attr[] = {
.attrs = NULL, /* patched at runtime */
};
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-index 9762dbd..53d5d21 100644
+index e98f68c..1992b15 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-@@ -721,7 +721,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
+@@ -737,7 +737,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
static int __init uncore_type_init(struct intel_uncore_type *type)
{
struct intel_uncore_pmu *pmus;
int i, j;
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.h b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
-index 18eb78b..18747cc 100644
+index 863d9b0..6289b63 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.h
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
@@ -114,7 +114,7 @@ struct intel_uncore_box {
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index ff86f19..a20c62c 100644
+index ff86f19..73eabf4 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -153,12 +153,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
put_cpu();
}
EXPORT_SYMBOL(dump_trace);
-@@ -349,3 +352,50 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -344,8 +347,55 @@ int is_valid_bugaddr(unsigned long ip)
+ {
+ unsigned short ud2;
+
+- if (__copy_from_user(&ud2, (const void __user *) ip, sizeof(ud2)))
++ if (probe_kernel_address((unsigned short *)ip, ud2))
+ return 0;
return ud2 == 0x0b0f;
}
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index 344b63f..ccdac7a 100644
+index 344b63f..55adf14 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
-@@ -177,13 +177,153 @@
+@@ -177,13 +177,154 @@
/*CFI_REL_OFFSET gs, PT_GS*/
.endm
.macro SET_KERNEL_GS reg
+ jne 1b
+
+2: cld
++ or $2*4, %edi
+ mov %esp, %ecx
+ sub %edi, %ecx
+
cld
PUSH_GS
pushl_cfi %fs
-@@ -206,7 +346,7 @@
+@@ -206,7 +347,7 @@
CFI_REL_OFFSET ecx, 0
pushl_cfi %ebx
CFI_REL_OFFSET ebx, 0
movl %edx, %ds
movl %edx, %es
movl $(__KERNEL_PERCPU), %edx
-@@ -214,6 +354,15 @@
+@@ -214,6 +355,15 @@
SET_KERNEL_GS %edx
.endm
.macro RESTORE_INT_REGS
popl_cfi %ebx
CFI_RESTORE ebx
-@@ -297,7 +446,7 @@ ENTRY(ret_from_fork)
+@@ -297,7 +447,7 @@ ENTRY(ret_from_fork)
popfl_cfi
jmp syscall_exit
CFI_ENDPROC
ENTRY(ret_from_kernel_thread)
CFI_STARTPROC
-@@ -340,7 +489,15 @@ ret_from_intr:
+@@ -340,7 +490,15 @@ ret_from_intr:
andl $SEGMENT_RPL_MASK, %eax
#endif
cmpl $USER_RPL, %eax
ENTRY(resume_userspace)
LOCKDEP_SYS_EXIT
-@@ -352,8 +509,8 @@ ENTRY(resume_userspace)
+@@ -352,8 +510,8 @@ ENTRY(resume_userspace)
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
# int/exception return?
jne work_pending
#ifdef CONFIG_PREEMPT
ENTRY(resume_kernel)
-@@ -365,7 +522,7 @@ need_resched:
+@@ -365,7 +523,7 @@ need_resched:
jz restore_all
call preempt_schedule_irq
jmp need_resched
#endif
CFI_ENDPROC
-@@ -395,30 +552,45 @@ sysenter_past_esp:
+@@ -395,30 +553,45 @@ sysenter_past_esp:
/*CFI_REL_OFFSET cs, 0*/
/*
* Push current_thread_info()->sysenter_return to the stack.
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz sysenter_audit
sysenter_do_call:
-@@ -434,12 +606,24 @@ sysenter_after_call:
+@@ -434,12 +607,24 @@ sysenter_after_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
sysenter_exit:
PTGS_TO_GS
ENABLE_INTERRUPTS_SYSEXIT
-@@ -453,6 +637,9 @@ sysenter_audit:
+@@ -453,6 +638,9 @@ sysenter_audit:
pushl_cfi PT_ESI(%esp) /* a3: 5th arg */
pushl_cfi PT_EDX+4(%esp) /* a2: 4th arg */
call __audit_syscall_entry
popl_cfi %ecx /* get that remapped edx off the stack */
popl_cfi %ecx /* get that remapped esi off the stack */
movl PT_EAX(%esp),%eax /* reload syscall number */
-@@ -479,10 +666,16 @@ sysexit_audit:
+@@ -479,10 +667,16 @@ sysexit_audit:
CFI_ENDPROC
.pushsection .fixup,"ax"
PTGS_TO_GS_EX
ENDPROC(ia32_sysenter_target)
-@@ -493,6 +686,11 @@ ENTRY(system_call)
+@@ -493,6 +687,11 @@ ENTRY(system_call)
pushl_cfi %eax # save orig_eax
SAVE_ALL
GET_THREAD_INFO(%ebp)
# system call tracing in operation / emulation
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz syscall_trace_entry
-@@ -512,6 +710,15 @@ syscall_exit:
+@@ -512,6 +711,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -566,14 +773,34 @@ ldt_ss:
+@@ -566,14 +774,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -603,20 +830,18 @@ work_resched:
+@@ -603,20 +831,18 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
#endif
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -637,7 +862,7 @@ work_notifysig_v86:
+@@ -637,7 +863,7 @@ work_notifysig_v86:
movl %eax, %esp
jmp 1b
#endif
# perform syscall exit tracing
ALIGN
-@@ -645,11 +870,14 @@ syscall_trace_entry:
+@@ -645,11 +871,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
# perform syscall exit tracing
ALIGN
-@@ -662,26 +890,30 @@ syscall_exit_work:
+@@ -662,26 +891,30 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
CFI_ENDPROC
.macro FIXUP_ESPFIX_STACK
-@@ -694,8 +926,15 @@ END(sysenter_badsys)
+@@ -694,8 +927,15 @@ END(sysenter_badsys)
*/
#ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -751,7 +990,7 @@ vector=vector+1
+@@ -751,7 +991,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
.previous
END(interrupt)
-@@ -808,7 +1047,7 @@ ENTRY(coprocessor_error)
+@@ -808,7 +1048,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -821,7 +1060,7 @@ ENTRY(simd_coprocessor_error)
+@@ -821,7 +1061,7 @@ ENTRY(simd_coprocessor_error)
.section .altinstructions,"a"
altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
.previous
663: pushl $do_simd_coprocessor_error
664:
.previous
-@@ -830,7 +1069,7 @@ ENTRY(simd_coprocessor_error)
+@@ -830,7 +1070,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -839,18 +1078,18 @@ ENTRY(device_not_available)
+@@ -839,18 +1079,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
#endif
ENTRY(overflow)
-@@ -860,7 +1099,7 @@ ENTRY(overflow)
+@@ -860,7 +1100,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
ENTRY(bounds)
RING0_INT_FRAME
-@@ -869,7 +1108,7 @@ ENTRY(bounds)
+@@ -869,7 +1109,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -878,7 +1117,7 @@ ENTRY(invalid_op)
+@@ -878,7 +1118,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -887,7 +1126,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -887,7 +1127,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -895,7 +1134,7 @@ ENTRY(invalid_TSS)
+@@ -895,7 +1135,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -903,7 +1142,7 @@ ENTRY(segment_not_present)
+@@ -903,7 +1143,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -911,7 +1150,7 @@ ENTRY(stack_segment)
+@@ -911,7 +1151,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -919,7 +1158,7 @@ ENTRY(alignment_check)
+@@ -919,7 +1159,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -928,7 +1167,7 @@ ENTRY(divide_error)
+@@ -928,7 +1168,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -938,7 +1177,7 @@ ENTRY(machine_check)
+@@ -938,7 +1178,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
#endif
ENTRY(spurious_interrupt_bug)
-@@ -948,7 +1187,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -948,7 +1188,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
#ifdef CONFIG_XEN
/* Xen doesn't set %esp to be precisely what the normal sysenter
-@@ -1054,7 +1293,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1054,7 +1294,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
ENTRY(ftrace_caller)
pushl %eax
-@@ -1084,7 +1323,7 @@ ftrace_graph_call:
+@@ -1084,7 +1324,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1182,7 +1421,7 @@ trace:
+@@ -1182,7 +1422,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1200,7 +1439,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1200,7 +1440,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
.globl return_to_handler
return_to_handler:
-@@ -1261,15 +1500,18 @@ error_code:
+@@ -1261,15 +1501,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1312,7 +1554,7 @@ debug_stack_correct:
+@@ -1312,7 +1555,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1352,6 +1594,9 @@ nmi_stack_correct:
+@@ -1352,6 +1595,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1389,13 +1634,16 @@ nmi_espfix_stack:
+@@ -1389,13 +1635,16 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
ENTRY(int3)
RING0_INT_FRAME
-@@ -1408,14 +1656,14 @@ ENTRY(int3)
+@@ -1408,14 +1657,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1424,6 +1672,6 @@ ENTRY(async_page_fault)
+@@ -1424,6 +1673,6 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
#endif
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index c0226ab..96a8ab7 100644
+index c0226ab..0d1dc48 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -81,6 +83,430 @@ ENTRY(native_usergs_sysret64)
+@@ -81,6 +83,431 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
+ jne 1b
+
+2: cld
++ or $2*8, %rdi
+ mov %esp, %ecx
+ sub %edi, %ecx
+
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -117,7 +543,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -117,7 +544,7 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
jnc 1f
TRACE_IRQS_ON_DEBUG
1:
-@@ -155,27 +581,6 @@ ENDPROC(native_usergs_sysret64)
+@@ -155,27 +582,6 @@ ENDPROC(native_usergs_sysret64)
movq \tmp,R11+\offset(%rsp)
.endm
/*
* initial frame state for interrupts (and exceptions without error code)
*/
-@@ -241,25 +646,26 @@ ENDPROC(native_usergs_sysret64)
+@@ -241,25 +647,26 @@ ENDPROC(native_usergs_sysret64)
/* save partial stack frame */
.macro SAVE_ARGS_IRQ
cld
je 1f
SWAPGS
/*
-@@ -279,6 +685,18 @@ ENDPROC(native_usergs_sysret64)
+@@ -279,6 +686,18 @@ ENDPROC(native_usergs_sysret64)
0x06 /* DW_OP_deref */, \
0x08 /* DW_OP_const1u */, SS+8-RBP, \
0x22 /* DW_OP_plus */
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
.endm
-@@ -308,9 +726,52 @@ ENTRY(save_paranoid)
+@@ -308,9 +727,52 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
/*
* A newly forked process directly context switches into this address.
-@@ -331,7 +792,7 @@ ENTRY(ret_from_fork)
+@@ -331,7 +793,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -341,15 +802,13 @@ ENTRY(ret_from_fork)
+@@ -341,15 +803,13 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
1:
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -386,7 +845,7 @@ END(ret_from_fork)
+@@ -386,7 +846,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -399,16 +858,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -399,16 +859,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -432,10 +898,13 @@ sysret_check:
+@@ -432,10 +899,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
/*
* sysretq will re-enable interrupts:
*/
-@@ -494,12 +963,15 @@ sysret_audit:
+@@ -494,12 +964,15 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
jmp system_call_fastpath /* and return to the fast path */
tracesys_phase2:
-@@ -510,12 +982,14 @@ tracesys_phase2:
+@@ -510,12 +983,14 @@ tracesys_phase2:
movq %rax,%rdx
call syscall_trace_enter_phase2
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -545,7 +1019,9 @@ GLOBAL(int_with_check)
+@@ -545,7 +1020,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -591,7 +1067,7 @@ int_restore_rest:
+@@ -591,7 +1068,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -604,9 +1080,10 @@ ENTRY(stub_\func)
+@@ -604,9 +1081,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
.endm
.macro FIXED_FRAME label,func
-@@ -616,9 +1093,10 @@ ENTRY(\label)
+@@ -616,9 +1094,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
.endm
FORK_LIKE clone
-@@ -626,19 +1104,6 @@ END(\label)
+@@ -626,19 +1105,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -650,7 +1115,7 @@ ENTRY(stub_execve)
+@@ -650,7 +1116,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -667,7 +1132,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -667,7 +1133,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -681,7 +1146,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -681,7 +1147,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -695,7 +1160,7 @@ ENTRY(stub_x32_execve)
+@@ -695,7 +1161,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
#endif
-@@ -732,7 +1197,7 @@ vector=vector+1
+@@ -732,7 +1198,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
.previous
END(interrupt)
-@@ -749,8 +1214,8 @@ END(interrupt)
+@@ -749,8 +1215,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
SAVE_ARGS_IRQ
call \func
.endm
-@@ -773,14 +1238,14 @@ ret_from_intr:
+@@ -773,14 +1239,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
je retint_kernel
/* Interrupt came from user space */
-@@ -802,12 +1267,35 @@ retint_swapgs: /* return to user-space */
+@@ -802,12 +1268,35 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
/*
* The iretq could re-enable interrupts:
*/
-@@ -845,15 +1333,15 @@ native_irq_return_ldt:
+@@ -845,15 +1334,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr),%rdi
movq %rax,(0*8)(%rdi) /* RAX */
movq %rax,(4*8)(%rdi)
andl $0xffff0000,%eax
popq_cfi %rdi
-@@ -907,7 +1395,7 @@ ENTRY(retint_kernel)
+@@ -907,7 +1396,7 @@ ENTRY(retint_kernel)
jmp exit_intr
#endif
CFI_ENDPROC
/*
* APIC interrupts.
-@@ -921,7 +1409,7 @@ ENTRY(\sym)
+@@ -921,7 +1410,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
.endm
#ifdef CONFIG_TRACING
-@@ -994,7 +1482,7 @@ apicinterrupt IRQ_WORK_VECTOR \
+@@ -994,7 +1483,7 @@ apicinterrupt IRQ_WORK_VECTOR \
/*
* Exception entry points.
*/
.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
ENTRY(\sym)
-@@ -1045,6 +1533,12 @@ ENTRY(\sym)
+@@ -1045,6 +1534,12 @@ ENTRY(\sym)
.endif
.if \shift_ist != -1
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist)
.endif
-@@ -1061,7 +1555,7 @@ ENTRY(\sym)
+@@ -1061,7 +1556,7 @@ ENTRY(\sym)
.endif
CFI_ENDPROC
.endm
#ifdef CONFIG_TRACING
-@@ -1102,9 +1596,10 @@ gs_change:
+@@ -1102,9 +1597,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1132,9 +1627,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1132,9 +1628,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
#ifdef CONFIG_XEN
idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
-@@ -1172,7 +1668,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1172,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1231,7 +1727,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1231,7 +1728,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1278,18 +1774,33 @@ ENTRY(paranoid_exit)
+@@ -1278,18 +1775,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1318,7 +1829,7 @@ paranoid_schedule:
+@@ -1318,7 +1830,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1345,12 +1856,23 @@ ENTRY(error_entry)
+@@ -1345,12 +1857,23 @@ ENTRY(error_entry)
movq %r14, R14+8(%rsp)
movq %r15, R15+8(%rsp)
xorl %ebx,%ebx
ret
/*
-@@ -1385,7 +1907,7 @@ error_bad_iret:
+@@ -1385,7 +1908,7 @@ error_bad_iret:
decl %ebx /* Return to usergs */
jmp error_sti
CFI_ENDPROC
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1396,7 +1918,7 @@ ENTRY(error_exit)
+@@ -1396,7 +1919,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1405,7 +1927,7 @@ ENTRY(error_exit)
+@@ -1405,7 +1928,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
/*
* Test if a given stack is an NMI stack or not.
-@@ -1463,9 +1985,11 @@ ENTRY(nmi)
+@@ -1463,9 +1986,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1499,8 +2023,7 @@ nested_nmi:
+@@ -1499,8 +2024,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1518,6 +2041,7 @@ nested_nmi_out:
+@@ -1518,6 +2042,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1614,13 +2138,13 @@ end_repeat_nmi:
+@@ -1614,13 +2139,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
DEFAULT_FRAME 0
/*
-@@ -1630,9 +2154,9 @@ end_repeat_nmi:
+@@ -1630,9 +2155,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1641,29 +2165,34 @@ end_repeat_nmi:
+@@ -1641,29 +2166,34 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
t->iopl = level << 12;
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
-index 922d285..6d20692 100644
+index 3790775..53717dc 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -22,7 +22,7 @@
}
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
-index 67e6d19..731ed28 100644
+index 93d2c04..36d0e94 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -120,9 +120,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op)
+}
+#endif
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index 8f3ebfe..e6ced5a 100644
+index 8f3ebfe..cbc731b 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -64,6 +64,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread");
p->thread.sp = (unsigned long) childregs;
p->thread.sp0 = (unsigned long) (childregs+1);
-+ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p);
++ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long);
memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
if (unlikely(p->flags & PF_KTHREAD)) {
}
-
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 5a2c029..a7f67d3 100644
+index 5a2c029..ec8611d 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -158,10 +158,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
childregs = task_pt_regs(p);
p->thread.sp = (unsigned long) childregs;
p->thread.usersp = me->thread.usersp;
-+ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p);
++ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long);
set_tsk_thread_flag(p, TIF_FORK);
p->thread.io_bitmap_ptr = NULL;
return pc;
}
diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
-index 4e942f3..d0f623f 100644
+index 7fc5e84..c6e445a 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
-@@ -118,6 +118,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
+@@ -139,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
return -EINVAL;
set_tls_desc(p, idx, &info, 1);
return 0;
-@@ -235,7 +240,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
+@@ -256,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
if (kbuf)
info = kbuf;
if (!fixup_exception(regs)) {
task->thread.error_code = error_code;
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
-index b7e50bb..f4a93ae 100644
+index 5054497..139f8f8 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
goto cannot_handle;
if ((segoffs >> 16) == BIOSSEG)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 49edf2d..c0d1362 100644
+index 49edf2d..df596b1 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -26,6 +26,13 @@
+ .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) {
+ VMLINUX_SYMBOL(_sinittext) = .;
+ INIT_TEXT
-+ VMLINUX_SYMBOL(_einittext) = .;
+ . = ALIGN(PAGE_SIZE);
+ } :text.init
+ */
+ .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
+ EXIT_TEXT
++ VMLINUX_SYMBOL(_einittext) = .;
+ . = ALIGN(16);
+ } :text.exit
+ . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text);
.read = native_io_apic_read,
.write = native_io_apic_write,
diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
-index 4c540c4..0b985b0 100644
+index 0de1fae..298d037 100644
--- a/arch/x86/kernel/xsave.c
+++ b/arch/x86/kernel/xsave.c
@@ -167,18 +167,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
if ((unsigned long)buf % 64 || fx_only) {
u64 init_bv = pcntxt_mask & ~XSTATE_FPSSE;
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index 976e3a5..8bb998c 100644
+index 88f9201..0e7f1a3 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -175,15 +175,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 9f8a2fa..2df3c3f 100644
+index c7327a7..c3e2419 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
-@@ -3519,7 +3519,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
+@@ -3508,7 +3508,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
int cr = ctxt->modrm_reg;
u64 efer = 0;
0xffffffff00000000ULL,
0, 0, 0, /* CR3 checked later */
CR4_RESERVED_BITS,
-@@ -3554,7 +3554,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
+@@ -3543,7 +3543,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
ctxt->ops->get_msr(ctxt, MSR_EFER, &efer);
if (efer & EFER_LMA)
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 3e556c6..08bbf7f 100644
+index ed70394..c629a68 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1366,12 +1366,12 @@ static void vmcs_write64(unsigned long field, u64 value)
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 0033df3..db6236d 100644
+index 506488c..f8df17e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -732,6 +732,8 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4);
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -5670,7 +5674,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5743,7 +5747,7 @@ static struct notifier_block pvclock_gtod_notifier = {
};
#endif
}
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index d973e61..fb868e9 100644
+index 4d8ee82..ffc1011 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -13,12 +13,19 @@
/* Kernel addresses are always protection faults: */
if (address >= TASK_SIZE)
error_code |= PF_PROT;
-@@ -867,7 +979,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+@@ -864,7 +976,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
printk(KERN_ERR
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
code = BUS_MCEERR_AR;
}
#endif
-@@ -921,6 +1033,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -916,6 +1028,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
return 1;
}
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -1006,6 +1211,9 @@ int show_unhandled_signals = 1;
+@@ -1001,6 +1206,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, struct vm_area_struct *vma)
{
if (error_code & PF_WRITE) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -1040,7 +1248,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
+@@ -1035,7 +1243,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
if (error_code & PF_USER)
return false;
return false;
return true;
-@@ -1068,6 +1276,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
+@@ -1063,6 +1271,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
tsk = current;
mm = tsk->mm;
/*
* Detect and handle instructions that would cause a page fault for
* both a tracked kernel page and a userspace page.
-@@ -1145,7 +1369,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
+@@ -1140,7 +1364,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
local_irq_enable();
error_code |= PF_USER;
flags |= FAULT_FLAG_USER;
-@@ -1192,6 +1416,11 @@ retry:
+@@ -1187,6 +1411,11 @@ retry:
might_sleep();
}
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1203,18 +1432,24 @@ retry:
+@@ -1198,18 +1427,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1331,3 +1566,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1327,3 +1562,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
}
NOKPROBE_SYMBOL(trace_do_page_fault);
#endif /* CONFIG_TRACING */
return (void *)vaddr;
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
-index af78e50..0790b03 100644
+index af78e50..4f1fe56 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
{
struct vm_struct *p, *o;
-@@ -334,6 +334,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
-
+@@ -329,30 +329,29 @@ EXPORT_SYMBOL(iounmap);
+ */
+ void *xlate_dev_mem_ptr(unsigned long phys)
+ {
+- void *addr;
+- unsigned long start = phys & PAGE_MASK;
+-
/* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
- if (page_is_ram(start >> PAGE_SHIFT))
+- if (page_is_ram(start >> PAGE_SHIFT))
++ if (page_is_ram(phys >> PAGE_SHIFT))
+#ifdef CONFIG_HIGHMEM
-+ if ((start >> PAGE_SHIFT) < max_low_pfn)
++ if ((phys >> PAGE_SHIFT) < max_low_pfn)
+#endif
return __va(phys);
- addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
-@@ -346,13 +349,16 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+- addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
+- if (addr)
+- addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK));
+-
+- return addr;
++ return (void __force *)ioremap_cache(phys, PAGE_SIZE);
+ }
+
void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
{
if (page_is_ram(phys >> PAGE_SHIFT))
static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
{
-@@ -388,8 +394,7 @@ void __init early_ioremap_init(void)
+@@ -388,8 +387,7 @@ void __init early_ioremap_init(void)
early_ioremap_setup();
pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
#ifdef CONFIG_COMPAT_VDSO
#define VDSO_DEFAULT 0
diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c
-index 970463b..da82d3e 100644
+index 208c220..54f1447 100644
--- a/arch/x86/vdso/vma.c
+++ b/arch/x86/vdso/vma.c
@@ -16,10 +16,9 @@
extern unsigned short vdso_sync_cpuid;
#endif
-@@ -101,6 +100,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+@@ -114,6 +113,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
.pages = no_pages,
};
if (calculate_addr) {
addr = vdso_addr(current->mm->start_stack,
image->size - image->sym_vvar_start);
-@@ -111,14 +115,14 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+@@ -124,14 +128,14 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
down_write(&mm->mmap_sem);
addr = get_unmapped_area(NULL, addr,
/*
* MAYWRITE to allow gdb to COW and set breakpoints
-@@ -163,15 +167,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+@@ -176,15 +180,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
hpet_address >> PAGE_SHIFT,
PAGE_SIZE,
pgprot_noncached(PAGE_READONLY));
up_write(&mm->mmap_sem);
return ret;
-@@ -191,8 +192,8 @@ static int load_vdso32(void)
+@@ -204,8 +205,8 @@ static int load_vdso32(void)
if (selected_vdso32->sym_VDSO32_SYSENTER_RETURN)
current_thread_info()->sysenter_return =
return 0;
}
-@@ -201,9 +202,6 @@ static int load_vdso32(void)
+@@ -214,9 +215,6 @@ static int load_vdso32(void)
#ifdef CONFIG_X86_64
int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
{
return map_vdso(&vdso_image_64, true);
}
-@@ -212,12 +210,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
+@@ -225,12 +223,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
int uses_interp)
{
#ifdef CONFIG_X86_X32_ABI
#endif
return load_vdso32();
-@@ -229,12 +223,3 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -242,12 +236,3 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
return load_vdso32();
}
#endif
This is the Linux Xen port. Enabling this will allow the
kernel to boot in a paravirtualized environment under the
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index fac5e4f..5b5cf4f 100644
+index fac5e4f..89c3525 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -123,8 +123,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
{
if (pm_power_off)
pm_power_off();
-@@ -1573,7 +1569,17 @@ asmlinkage __visible void __init xen_start_kernel(void)
+@@ -1456,8 +1452,11 @@ static void __ref xen_setup_gdt(int cpu)
+ pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
+ pv_cpu_ops.load_gdt = xen_load_gdt_boot;
+
+- setup_stack_canary_segment(0);
+- switch_to_new_gdt(0);
++ setup_stack_canary_segment(cpu);
++#ifdef CONFIG_X86_64
++ load_percpu_segment(cpu);
++#endif
++ switch_to_new_gdt(cpu);
+
+ pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry;
+ pv_cpu_ops.load_gdt = xen_load_gdt;
+@@ -1573,7 +1572,17 @@ asmlinkage __visible void __init xen_start_kernel(void)
__userpte_alloc_gfp &= ~__GFP_HIGHMEM;
/* Work out if we support NX */
/* Get mfn list */
xen_build_dynamic_phys_to_machine();
-@@ -1601,13 +1607,6 @@ asmlinkage __visible void __init xen_start_kernel(void)
+@@ -1601,13 +1610,6 @@ asmlinkage __visible void __init xen_start_kernel(void)
machine_ops = xen_machine_ops;
err = -EFAULT;
goto out;
diff --git a/block/genhd.c b/block/genhd.c
-index bd30606..bbc9b90 100644
+index 0a536dc..b8f7aca 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -469,21 +469,24 @@ static char *bdevt_str(dev_t devt, char *buf)
goto error;
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
-index e592c90..c566114 100644
+index 650afac1..f3307de 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx {
static void cryptd_queue_worker(struct work_struct *work);
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
-index 309d345..1632720 100644
+index c305d41..a96de79 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
/* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header))
diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c
-index 7db1931..302dd5f 100644
+index 6341e66..ebcf59c 100644
--- a/drivers/acpi/device_pm.c
+++ b/drivers/acpi/device_pm.c
-@@ -1021,6 +1021,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
+@@ -1029,6 +1029,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
#endif /* CONFIG_PM_SLEEP */
static struct dev_pm_domain acpi_general_pm_domain = {
.ops = {
#ifdef CONFIG_PM_RUNTIME
-@@ -1039,6 +1041,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
+@@ -1047,6 +1049,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
.restore_early = acpi_subsys_resume_early,
#endif
},
};
/**
-@@ -1108,7 +1111,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
+@@ -1116,7 +1119,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
acpi_device_wakeup(adev, ACPI_STATE_S0, false);
}
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index c5ba15a..75ec7a8 100644
+index 485f7ea..9a8df4a 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -99,7 +99,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
struct ata_force_param {
const char *name;
-@@ -4797,7 +4797,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4800,7 +4800,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
ap = qc->ap;
qc->flags = 0;
-@@ -4813,7 +4813,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4816,7 +4816,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5917,6 +5917,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5920,6 +5920,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5930,8 +5931,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5933,8 +5934,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
spin_unlock(&lock);
}
-@@ -6127,7 +6129,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+@@ -6130,7 +6132,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
/* give ports names and add SCSI hosts */
for (i = 0; i < host->n_ports; i++) {
}
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
-index 83e910a..b224a73 100644
+index 876bae5..8978785 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
-@@ -1124,7 +1124,7 @@ int subsys_interface_register(struct subsys_interface *sif)
+@@ -1126,7 +1126,7 @@ int subsys_interface_register(struct subsys_interface *sif)
return -EINVAL;
mutex_lock(&subsys->p->mutex);
if (sif->add_dev) {
subsys_dev_iter_init(&iter, subsys, NULL, NULL);
while ((dev = subsys_dev_iter_next(&iter)))
-@@ -1149,7 +1149,7 @@ void subsys_interface_unregister(struct subsys_interface *sif)
+@@ -1151,7 +1151,7 @@ void subsys_interface_unregister(struct subsys_interface *sif)
subsys = sif->subsys;
mutex_lock(&subsys->p->mutex);
static ssize_t show_node_state(struct device *dev,
struct device_attribute *attr, char *buf)
diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
-index fb83d4a..4aa50ec 100644
+index fb83d4a..e1797b3 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -1725,7 +1725,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state)
int ret = 0;
if (IS_ERR_OR_NULL(genpd))
+@@ -2215,7 +2215,9 @@ int genpd_dev_pm_attach(struct device *dev)
+ return ret;
+ }
+
+- dev->pm_domain->detach = genpd_dev_pm_detach;
++ pax_open_kernel();
++ *(void **)&dev->pm_domain->detach = genpd_dev_pm_detach;
++ pax_close_kernel();
+
+ return 0;
+ }
diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
index a9d26ed..74b8405 100644
--- a/drivers/base/power/sysfs.c
new_smi->interrupt_disabled = true;
atomic_set(&new_smi->stop_operation, 0);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 524b707..29d07c1 100644
+index 524b707..62a3d70 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
#else
static inline int range_is_allowed(unsigned long pfn, unsigned long size)
{
-@@ -122,6 +136,7 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+@@ -121,7 +135,8 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+ #endif
while (count > 0) {
- unsigned long remaining;
+- unsigned long remaining;
++ unsigned long remaining = 0;
+ char *temp;
sz = size_inside_page(p, count);
-@@ -137,7 +152,23 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+@@ -137,7 +152,24 @@ static ssize_t read_mem(struct file *file, char __user *buf,
if (!ptr)
return -EFAULT;
+ unxlate_dev_mem_ptr(p, ptr);
+ return -ENOMEM;
+ }
-+ memcpy(temp, ptr, sz);
++ remaining = probe_kernel_read(temp, ptr, sz);
+#else
+ temp = ptr;
+#endif
+
-+ remaining = copy_to_user(buf, temp, sz);
++ if (!remaining)
++ remaining = copy_to_user(buf, temp, sz);
+
+#ifdef CONFIG_PAX_USERCOPY
+ kfree(temp);
unxlate_dev_mem_ptr(p, ptr);
if (remaining)
return -EFAULT;
-@@ -369,9 +400,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -369,9 +401,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
unsigned long p = *ppos;
read = 0;
if (p < (unsigned long) high_memory) {
-@@ -393,6 +423,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -393,6 +424,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
}
#endif
while (low_count > 0) {
sz = size_inside_page(p, low_count);
/*
-@@ -402,7 +434,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -402,7 +435,23 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
*/
kbuf = xlate_dev_kmem_ptr((char *)p);
+ temp = kmalloc(sz, GFP_KERNEL|GFP_USERCOPY);
+ if (!temp)
+ return -ENOMEM;
-+ memcpy(temp, kbuf, sz);
++ err = probe_kernel_read(temp, kbuf, sz);
+#else
+ temp = kbuf;
+#endif
+
-+ err = copy_to_user(buf, temp, sz);
++ if (!err)
++ err = copy_to_user(buf, temp, sz);
+
+#ifdef CONFIG_PAX_USERCOPY
+ kfree(temp);
return -EFAULT;
buf += sz;
p += sz;
-@@ -797,6 +844,9 @@ static const struct memdev {
+@@ -797,6 +846,9 @@ static const struct memdev {
#ifdef CONFIG_PRINTK
[11] = { "kmsg", 0644, &kmsg_fops, NULL },
#endif
};
static int memory_open(struct inode *inode, struct file *filp)
-@@ -868,7 +918,7 @@ static int __init chr_dev_init(void)
+@@ -868,7 +920,7 @@ static int __init chr_dev_init(void)
continue;
device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 04645c0..560e350 100644
+index 04645c0..6416f00 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -289,9 +289,6 @@
static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
+@@ -569,19 +566,19 @@ static void fast_mix(struct fast_pool *f)
+ __u32 c = f->pool[2], d = f->pool[3];
+
+ a += b; c += d;
+- b = rol32(a, 6); d = rol32(c, 27);
++ b = rol32(b, 6); d = rol32(d, 27);
+ d ^= a; b ^= c;
+
+ a += b; c += d;
+- b = rol32(a, 16); d = rol32(c, 14);
++ b = rol32(b, 16); d = rol32(d, 14);
+ d ^= a; b ^= c;
+
+ a += b; c += d;
+- b = rol32(a, 6); d = rol32(c, 27);
++ b = rol32(b, 6); d = rol32(d, 27);
+ d ^= a; b ^= c;
+
+ a += b; c += d;
+- b = rol32(a, 16); d = rol32(c, 14);
++ b = rol32(b, 16); d = rol32(d, 14);
+ d ^= a; b ^= c;
+
+ f->pool[0] = a; f->pool[1] = b;
@@ -635,7 +632,7 @@ retry:
/* The +2 corresponds to the /4 in the denominator */
static struct {
spinlock_t lock;
+diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
+index 415682f..08438b8 100644
+--- a/drivers/gpio/gpio-omap.c
++++ b/drivers/gpio/gpio-omap.c
+@@ -1162,7 +1162,7 @@ static int omap_gpio_probe(struct platform_device *pdev)
+ const struct omap_gpio_platform_data *pdata;
+ struct resource *res;
+ struct gpio_bank *bank;
+- struct irq_chip *irqc;
++ irq_chip_no_const *irqc;
+ int ret;
+
+ match = of_match_device(of_match_ptr(omap_gpio_match), dev);
diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c
index bf6c094..6573caf 100644
--- a/drivers/gpio/gpio-rcar.c
return -EINVAL;
}
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
-index e8e98ca..10f416e 100644
+index c81bda0..a8ccd9f 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
-@@ -537,8 +537,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip)
+@@ -539,8 +539,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip)
}
if (gpiochip->irqchip) {
gpiochip->irqchip = NULL;
}
}
-@@ -604,8 +606,11 @@ int gpiochip_irqchip_add(struct gpio_chip *gpiochip,
+@@ -606,8 +608,11 @@ int gpiochip_irqchip_add(struct gpio_chip *gpiochip,
gpiochip->irqchip = NULL;
return -EINVAL;
}
drm_put_dev(dev);
}
mutex_unlock(&drm_global_mutex);
+diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
+index e9a2827..5df4716 100644
+--- a/drivers/gpu/drm/drm_fb_helper.c
++++ b/drivers/gpu/drm/drm_fb_helper.c
+@@ -771,7 +771,9 @@ int drm_fb_helper_setcmap(struct fb_cmap *cmap, struct fb_info *info)
+ int i, j, rc = 0;
+ int start;
+
+- drm_modeset_lock_all(dev);
++ if (__drm_modeset_lock_all(dev, !!oops_in_progress)) {
++ return -EBUSY;
++ }
+ if (!drm_fb_helper_is_bound(fb_helper)) {
+ drm_modeset_unlock_all(dev);
+ return -EBUSY;
+@@ -945,7 +947,9 @@ int drm_fb_helper_pan_display(struct fb_var_screeninfo *var,
+ int ret = 0;
+ int i;
+
+- drm_modeset_lock_all(dev);
++ if (__drm_modeset_lock_all(dev, !!oops_in_progress)) {
++ return -EBUSY;
++ }
+ if (!drm_fb_helper_is_bound(fb_helper)) {
+ drm_modeset_unlock_all(dev);
+ return -EBUSY;
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
index ed7bc68..0d536af 100644
--- a/drivers/gpu/drm/drm_fops.c
return ret;
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 9cb5c95..9228666 100644
+index 31b9664..5d478d3 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -12811,13 +12811,13 @@ struct intel_quirk {
if (nr < DRM_COMMAND_BASE)
diff --git a/drivers/gpu/drm/nouveau/nouveau_ttm.c b/drivers/gpu/drm/nouveau/nouveau_ttm.c
-index 753a6de..dd66b98 100644
+index 3d1cfcb..0542700 100644
--- a/drivers/gpu/drm/nouveau/nouveau_ttm.c
+++ b/drivers/gpu/drm/nouveau/nouveau_ttm.c
-@@ -126,11 +126,11 @@ nouveau_vram_manager_debug(struct ttm_mem_type_manager *man, const char *prefix)
+@@ -127,11 +127,11 @@ nouveau_vram_manager_debug(struct ttm_mem_type_manager *man, const char *prefix)
}
const struct ttm_mem_type_manager_func nouveau_vram_manager = {
};
static int
-@@ -194,11 +194,11 @@ nouveau_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix)
+@@ -195,11 +195,11 @@ nouveau_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix)
}
const struct ttm_mem_type_manager_func nouveau_gart_manager = {
};
/*XXX*/
-@@ -267,11 +267,11 @@ nv04_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix)
+@@ -268,11 +268,11 @@ nv04_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix)
}
const struct ttm_mem_type_manager_func nv04_gart_manager = {
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 995a8b1..b7cb898 100644
+index bdf263a..0305446 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
-@@ -1214,7 +1214,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1216,7 +1216,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
* locking inversion with the driver load path. And the access here is
* completely racy anyway. So don't bother with locking for now.
*/
DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
-index 8624979..65e5243 100644
+index d2510cf..63bd4ed 100644
--- a/drivers/gpu/drm/radeon/radeon_ttm.c
+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
@@ -936,7 +936,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size)
kobject_put(&zone->kobj);
return ret;
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
-index 09874d6..d6da1de 100644
+index 025c429..314062f 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -54,7 +54,7 @@
/* times are in msecs */
#define PAGE_FREE_INTERVAL 1000
-@@ -299,14 +299,13 @@ static void ttm_pool_update_free_locked(struct ttm_page_pool *pool,
+@@ -299,15 +299,14 @@ static void ttm_pool_update_free_locked(struct ttm_page_pool *pool,
* @free_all: If set to true will free all pages in pool
- * @gfp: GFP flags.
+ * @use_static: Safe to use static buffer
**/
-static int ttm_page_pool_free(struct ttm_page_pool *pool, unsigned nr_free,
+static unsigned long ttm_page_pool_free(struct ttm_page_pool *pool, unsigned long nr_free,
- gfp_t gfp)
+ bool use_static)
{
+ static struct page *static_buf[NUM_PAGES_TO_ALLOC];
unsigned long irq_flags;
struct page *p;
struct page **pages_to_free;
if (NUM_PAGES_TO_ALLOC < nr_free)
npages_to_free = NUM_PAGES_TO_ALLOC;
-@@ -366,7 +365,8 @@ restart:
+@@ -371,7 +370,8 @@ restart:
__list_del(&p->lru, &pool->list);
ttm_pool_update_free_locked(pool, freed_pages);
}
spin_unlock_irqrestore(&pool->lock, irq_flags);
-@@ -395,7 +395,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
+@@ -399,7 +399,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
unsigned i;
unsigned pool_offset;
struct ttm_page_pool *pool;
unsigned long freed = 0;
if (!mutex_trylock(&lock))
-@@ -403,7 +403,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
+@@ -407,7 +407,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
pool_offset = ++start_pool % NUM_POOLS;
/* select start pool in round robin fashion */
for (i = 0; i < NUM_POOLS; ++i) {
if (shrink_pages == 0)
break;
pool = &_manager->pools[(i + pool_offset)%NUM_POOLS];
-@@ -669,7 +669,7 @@ out:
+@@ -673,7 +673,7 @@ out:
}
/* Put all pages in pages list to correct pool to wait for reuse */
enum ttm_caching_state cstate)
{
unsigned long irq_flags;
-@@ -724,7 +724,7 @@ static int ttm_get_pages(struct page **pages, unsigned npages, int flags,
+@@ -728,7 +728,7 @@ static int ttm_get_pages(struct page **pages, unsigned npages, int flags,
struct list_head plist;
struct page *p = NULL;
gfp_t gfp_flags = GFP_USER;
/* set zero flag for page allocation if required */
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
-index c96db43..c367557 100644
+index 01e1d27..aaa018a 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
@@ -56,7 +56,7 @@
/* times are in msecs */
#define IS_UNDEFINED (0)
#define IS_WC (1<<1)
-@@ -413,15 +413,14 @@ static void ttm_dma_page_put(struct dma_pool *pool, struct dma_page *d_page)
+@@ -413,7 +413,7 @@ static void ttm_dma_page_put(struct dma_pool *pool, struct dma_page *d_page)
* @nr_free: If set to true will free all pages in pool
- * @gfp: GFP flags.
+ * @use_static: Safe to use static buffer
**/
-static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free,
+static unsigned long ttm_dma_page_pool_free(struct dma_pool *pool, unsigned long nr_free,
- gfp_t gfp)
+ bool use_static)
{
- unsigned long irq_flags;
+ static struct page *static_buf[NUM_PAGES_TO_ALLOC];
+@@ -421,8 +421,7 @@ static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free,
struct dma_page *dma_p, *tmp;
struct page **pages_to_free;
struct list_head d_pages;
if (NUM_PAGES_TO_ALLOC < nr_free)
npages_to_free = NUM_PAGES_TO_ALLOC;
-@@ -494,7 +493,8 @@ restart:
+@@ -499,7 +498,8 @@ restart:
/* remove range of pages from the pool */
if (freed_pages) {
ttm_pool_update_free_locked(pool, freed_pages);
}
spin_unlock_irqrestore(&pool->lock, irq_flags);
-@@ -929,7 +929,7 @@ void ttm_dma_unpopulate(struct ttm_dma_tt *ttm_dma, struct device *dev)
+@@ -936,7 +936,7 @@ void ttm_dma_unpopulate(struct ttm_dma_tt *ttm_dma, struct device *dev)
struct dma_page *d_page, *next;
enum pool_type type;
bool is_cached = false;
unsigned long irq_flags;
type = ttm_to_type(ttm->page_flags, ttm->caching_state);
-@@ -1007,7 +1007,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
+@@ -1012,7 +1012,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
static unsigned start_pool;
unsigned idx = 0;
unsigned pool_offset;
struct device_pools *p;
unsigned long freed = 0;
-@@ -1020,7 +1020,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
+@@ -1025,7 +1025,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
goto out;
pool_offset = ++start_pool % _manager->npools;
list_for_each_entry(p, &_manager->pools, pools) {
if (!p->dev)
continue;
-@@ -1034,7 +1034,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
- sc->gfp_mask);
+@@ -1039,7 +1039,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
+ shrink_pages = ttm_dma_page_pool_free(p->pool, nr_free, true);
freed += nr_free - shrink_pages;
- pr_debug("%s: (%s:%d) Asked to shrink %d, have %d more to go\n",
case VIA_IRQ_ABSOLUTE:
break;
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
-index 4ee799b..69fc0d1 100644
+index d26a6da..5fa41ed 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
-@@ -446,7 +446,7 @@ struct vmw_private {
+@@ -447,7 +447,7 @@ struct vmw_private {
* Fencing and IRQs.
*/
+ atomic_unchecked_t marker_seq;
wait_queue_head_t fence_queue;
wait_queue_head_t fifo_queue;
- int fence_queue_waiters; /* Protected by hw_mutex */
+ spinlock_t waiter_lock;
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
-index 09e10ae..cb76c60 100644
+index 39f2b03..d1b0a64 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
-@@ -154,7 +154,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo)
+@@ -152,7 +152,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo)
(unsigned int) min,
(unsigned int) fifo->capabilities);
iowrite32(dev_priv->last_read_seqno, fifo_mem + SVGA_FIFO_FENCE);
vmw_marker_queue_init(&fifo->marker_queue);
return vmw_fifo_send_fence(dev_priv, &dummy);
-@@ -378,7 +378,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes)
+@@ -372,7 +372,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes)
if (reserveable)
iowrite32(bytes, fifo_mem +
SVGA_FIFO_RESERVED);
} else {
need_bounce = true;
}
-@@ -498,7 +498,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno)
+@@ -492,7 +492,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno)
fm = vmw_fifo_reserve(dev_priv, bytes);
if (unlikely(fm == NULL)) {
ret = -ENOMEM;
(void)vmw_fallback_wait(dev_priv, false, true, *seqno,
false, 3*HZ);
-@@ -506,7 +506,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno)
+@@ -500,7 +500,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno)
}
do {
+ .debug = vmw_gmrid_man_debug
};
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
-index 37881ec..319065d 100644
+index 69c8ce2..cacb0ab 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
@@ -235,7 +235,7 @@ int vmw_present_ioctl(struct drm_device *dev, void *data,
if (unlikely(num_clips == 0))
return 0;
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
-index 0c42376..6febe77 100644
+index 9fe9827..0aa2fc0 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
-@@ -107,7 +107,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv,
+@@ -102,7 +102,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv,
* emitted. Then the fence is stale and signaled.
*/
> VMW_FENCE_WRAP);
return ret;
-@@ -138,7 +138,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv,
+@@ -133,7 +133,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv,
if (fifo_idle)
down_read(&fifo_state->rwsem);
/* copy over all the bus versions */
if (dev->bus && dev->bus->pm) {
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index 3402033..50b562c 100644
+index dfaccfc..bfea740 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2506,7 +2506,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2507,7 +2507,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2548,7 +2548,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2549,7 +2549,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
.name = "GIC",
.irq_mask = gic_mask_irq,
.irq_unmask = gic_unmask_irq,
+diff --git a/drivers/irqchip/irq-renesas-intc-irqpin.c b/drivers/irqchip/irq-renesas-intc-irqpin.c
+index 542e850..1bb094c 100644
+--- a/drivers/irqchip/irq-renesas-intc-irqpin.c
++++ b/drivers/irqchip/irq-renesas-intc-irqpin.c
+@@ -353,7 +353,7 @@ static int intc_irqpin_probe(struct platform_device *pdev)
+ struct intc_irqpin_iomem *i;
+ struct resource *io[INTC_IRQPIN_REG_NR];
+ struct resource *irq;
+- struct irq_chip *irq_chip;
++ irq_chip_no_const *irq_chip;
+ void (*enable_fn)(struct irq_data *d);
+ void (*disable_fn)(struct irq_data *d);
+ const char *name = dev_name(dev);
diff --git a/drivers/irqchip/irq-renesas-irqc.c b/drivers/irqchip/irq-renesas-irqc.c
index 8777065..a4a9967 100644
--- a/drivers/irqchip/irq-renesas-irqc.c
return -EFAULT;
} else {
memcpy(buf, dp, left);
+diff --git a/drivers/isdn/hardware/eicon/message.c b/drivers/isdn/hardware/eicon/message.c
+index a82e542..f766a79 100644
+--- a/drivers/isdn/hardware/eicon/message.c
++++ b/drivers/isdn/hardware/eicon/message.c
+@@ -1474,7 +1474,7 @@ static byte connect_res(dword Id, word Number, DIVA_CAPI_ADAPTER *a,
+ add_ai(plci, &parms[5]);
+ sig_req(plci, REJECT, 0);
+ }
+- else if (Reject == 1 || Reject > 9)
++ else if (Reject == 1 || Reject >= 9)
+ {
+ add_ai(plci, &parms[5]);
+ sig_req(plci, HANGUP, 0);
diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c
index 9b856e1..fa03c92 100644
--- a/drivers/isdn/i4l/isdn_common.c
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 58f3927..bfbad3e 100644
+index 62c5136..aede7f1 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -183,9 +183,9 @@ struct mapped_device {
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 9c66e59..42a8eac 100644
+index b98765f..09e86d5 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1730,6 +1730,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash)
Say Y here if you want to support for Freescale FlexCAN.
diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
-index 2cfe501..477d4b5 100644
+index 4b008c9..2b1151f 100644
--- a/drivers/net/can/dev.c
+++ b/drivers/net/can/dev.c
-@@ -868,7 +868,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
+@@ -872,7 +872,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
return -EOPNOTSUPP;
}
break;
}
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
-index 597c463..5cc1a7f 100644
+index d2975fa..8aaec07 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
@@ -537,7 +537,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
#include "ftmac100.h"
+diff --git a/drivers/net/ethernet/freescale/gianfar_ethtool.c b/drivers/net/ethernet/freescale/gianfar_ethtool.c
+index 76d7070..f6971182 100644
+--- a/drivers/net/ethernet/freescale/gianfar_ethtool.c
++++ b/drivers/net/ethernet/freescale/gianfar_ethtool.c
+@@ -1581,7 +1581,7 @@ static int gfar_write_filer_table(struct gfar_private *priv,
+ return -EBUSY;
+
+ /* Fill regular entries */
+- for (; i < MAX_FILER_IDX - 1 && (tab->fe[i].ctrl | tab->fe[i].ctrl);
++ for (; i < MAX_FILER_IDX - 1 && (tab->fe[i].ctrl | tab->fe[i].prop);
+ i++)
+ gfar_write_filer(priv, i, tab->fe[i].ctrl, tab->fe[i].prop);
+ /* Fill the rest with fall-troughs */
diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c b/drivers/net/ethernet/intel/i40e/i40e_ptp.c
index 537b621..07f87ce 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c
/* need lock to prevent incorrect read while modifying cyclecounter */
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
-index 454d9fe..59f0f0b 100644
+index 11ff28b..375d659 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
@@ -458,8 +458,8 @@ static bool mlx4_en_process_tx_cq(struct net_device *dev,
netdev_tx_completed_queue(ring->tx_queue, packets, bytes);
+diff --git a/drivers/net/ethernet/mellanox/mlx4/mlx4.h b/drivers/net/ethernet/mellanox/mlx4/mlx4.h
+index de10dbb..8b54f29 100644
+--- a/drivers/net/ethernet/mellanox/mlx4/mlx4.h
++++ b/drivers/net/ethernet/mellanox/mlx4/mlx4.h
+@@ -233,7 +233,8 @@ do { \
+ extern int mlx4_log_num_mgm_entry_size;
+ extern int log_mtts_per_seg;
+
+-#define MLX4_MAX_NUM_SLAVES (MLX4_MAX_NUM_PF + MLX4_MAX_NUM_VF)
++#define MLX4_MAX_NUM_SLAVES (min(MLX4_MAX_NUM_PF + MLX4_MAX_NUM_VF, \
++ MLX4_MFUNC_MAX))
+ #define ALL_SLAVES 0xff
+
+ struct mlx4_bitmap {
+diff --git a/drivers/net/ethernet/neterion/s2io.c b/drivers/net/ethernet/neterion/s2io.c
+index f5e4b82..db0c7a9 100644
+--- a/drivers/net/ethernet/neterion/s2io.c
++++ b/drivers/net/ethernet/neterion/s2io.c
+@@ -6987,7 +6987,9 @@ static int s2io_add_isr(struct s2io_nic *sp)
+ if (sp->s2io_entries[i].in_use == MSIX_FLG) {
+ if (sp->s2io_entries[i].type ==
+ MSIX_RING_TYPE) {
+- sprintf(sp->desc[i], "%s:MSI-X-%d-RX",
++ snprintf(sp->desc[i],
++ sizeof(sp->desc[i]),
++ "%s:MSI-X-%d-RX",
+ dev->name, i);
+ err = request_irq(sp->entries[i].vector,
+ s2io_msix_ring_handle,
+@@ -6996,7 +6998,9 @@ static int s2io_add_isr(struct s2io_nic *sp)
+ sp->s2io_entries[i].arg);
+ } else if (sp->s2io_entries[i].type ==
+ MSIX_ALARM_TYPE) {
+- sprintf(sp->desc[i], "%s:MSI-X-%d-TX",
++ snprintf(sp->desc[i],
++ sizeof(sp->desc[i]),
++ "%s:MSI-X-%d-TX",
+ dev->name, i);
+ err = request_irq(sp->entries[i].vector,
+ s2io_msix_fifo_handle,
+@@ -8154,7 +8158,8 @@ s2io_init_nic(struct pci_dev *pdev, const struct pci_device_id *pre)
+ "%s: UDP Fragmentation Offload(UFO) enabled\n",
+ dev->name);
+ /* Initialize device name */
+- sprintf(sp->name, "%s Neterion %s", dev->name, sp->product_name);
++ snprintf(sp->name, sizeof(sp->name), "%s Neterion %s", dev->name,
++ sp->product_name);
+
+ if (vlan_tag_strip)
+ sp->vlan_strip_flag = 1;
diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c
index 2bbd01f..e8baa64 100644
--- a/drivers/net/ethernet/neterion/vxge/vxge-config.c
spinlock_t request_lock;
struct list_head req_list;
+diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c
+index 7d76c95..63d7a64 100644
+--- a/drivers/net/hyperv/netvsc.c
++++ b/drivers/net/hyperv/netvsc.c
+@@ -716,7 +716,7 @@ int netvsc_send(struct hv_device *device,
+ u64 req_id;
+ unsigned int section_index = NETVSC_INVALID_INDEX;
+ u32 msg_size = 0;
+- struct sk_buff *skb;
++ struct sk_buff *skb = NULL;
+ u16 q_idx = packet->q_idx;
+
+
+@@ -743,8 +743,6 @@ int netvsc_send(struct hv_device *device,
+ packet);
+ skb = (struct sk_buff *)
+ (unsigned long)packet->send_completion_tid;
+- if (skb)
+- dev_kfree_skb_any(skb);
+ packet->page_buf_cnt = 0;
+ }
+ }
+@@ -807,6 +805,13 @@ int netvsc_send(struct hv_device *device,
+ packet, ret);
+ }
+
++ if (ret != 0) {
++ if (section_index != NETVSC_INVALID_INDEX)
++ netvsc_free_send_slot(net_device, section_index);
++ } else if (skb) {
++ dev_kfree_skb_any(skb);
++ }
++
+ return ret;
+ }
+
diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
index 2b86f0b..ecc996f 100644
--- a/drivers/net/hyperv/rndis_filter.c
.kind = "nlmon",
.priv_size = sizeof(struct nlmon),
.setup = nlmon_setup,
+diff --git a/drivers/net/ppp/ppp_deflate.c b/drivers/net/ppp/ppp_deflate.c
+index 602c625..b5edc7f 100644
+--- a/drivers/net/ppp/ppp_deflate.c
++++ b/drivers/net/ppp/ppp_deflate.c
+@@ -246,7 +246,7 @@ static int z_compress(void *arg, unsigned char *rptr, unsigned char *obuf,
+ /*
+ * See if we managed to reduce the size of the packet.
+ */
+- if (olen < isize) {
++ if (olen < isize && olen <= osize) {
+ state->stats.comp_bytes += olen;
+ state->stats.comp_packets++;
+ } else {
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 794a473..9fd437b 100644
--- a/drivers/net/ppp/ppp_generic.c
/* We've got a compressed packet; read the change byte */
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
-index 2368395..bf6fe96 100644
+index 9c505c4..5d0c879 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
-@@ -2090,7 +2090,7 @@ static unsigned int team_get_num_rx_queues(void)
+@@ -2102,7 +2102,7 @@ static unsigned int team_get_num_rx_queues(void)
return TEAM_DEFAULT_NUM_RX_QUEUES;
}
.kind = DRV_NAME,
.priv_size = sizeof(struct team),
.setup = team_setup,
-@@ -2880,7 +2880,7 @@ static int team_device_event(struct notifier_block *unused,
+@@ -2892,7 +2892,7 @@ static int team_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
-index 975074f..e9440da 100644
+index e8e8dd2..030f80e 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
@@ -630,7 +630,7 @@ struct ath_hw_private_ops {
u16 int_num;
ZD_ASSERT(in_interrupt());
+diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
+index d752d1c..23e3203 100644
+--- a/drivers/net/xen-netback/interface.c
++++ b/drivers/net/xen-netback/interface.c
+@@ -578,6 +578,7 @@ int xenvif_connect(struct xenvif_queue *queue, unsigned long tx_ring_ref,
+ goto err_rx_unbind;
+ }
+ queue->task = task;
++ get_task_struct(task);
+
+ task = kthread_create(xenvif_dealloc_kthread,
+ (void *)queue, "%s-dealloc", queue->name);
+@@ -634,6 +635,7 @@ void xenvif_disconnect(struct xenvif *vif)
+
+ if (queue->task) {
+ kthread_stop(queue->task);
++ put_task_struct(queue->task);
+ queue->task = NULL;
+ }
+
+diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
+index c39aace..e18728d 100644
+--- a/drivers/net/xen-netback/netback.c
++++ b/drivers/net/xen-netback/netback.c
+@@ -2111,8 +2111,7 @@ int xenvif_kthread_guest_rx(void *data)
+ */
+ if (unlikely(vif->disabled && queue->id == 0)) {
+ xenvif_carrier_off(vif);
+- xenvif_rx_queue_purge(queue);
+- continue;
++ break;
+ }
+
+ if (!skb_queue_empty(&queue->rx_queue))
diff --git a/drivers/nfc/nfcwilink.c b/drivers/nfc/nfcwilink.c
index 683671a..4519fc2 100644
--- a/drivers/nfc/nfcwilink.c
if (!sysfs_initialized)
return -EACCES;
diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
-index 4a3902d..7f1fc42 100644
+index b5defca..e3664cc 100644
--- a/drivers/pci/pci.h
+++ b/drivers/pci/pci.h
@@ -93,7 +93,7 @@ struct pci_vpd_ops {
#define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index c8ca98c..b1bc005 100644
+index 3010ffc..5e2e133 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -177,7 +177,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
da->attr.name = info->pin_config[i].name;
da->attr.mode = 0644;
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
-index cd87c0c..715ecbe 100644
+index fc6fb54..b8c794ba 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
-@@ -3567,7 +3567,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3569,7 +3569,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
{
const struct regulation_constraints *constraints = NULL;
const struct regulator_init_data *init_data;
struct regulator_dev *rdev;
struct device *dev;
int ret, i;
-@@ -3641,7 +3641,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3643,7 +3643,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
rdev->dev.class = ®ulator_class;
rdev->dev.parent = dev;
dev_set_name(&rdev->dev, "regulator.%d",
if (pdata) {
diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
-index 793b662..85f74cd 100644
+index 793b662..01c20fc 100644
--- a/drivers/regulator/mc13892-regulator.c
+++ b/drivers/regulator/mc13892-regulator.c
@@ -584,10 +584,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
mc13xxx_unlock(mc13892);
/* update mc13892_vcam ops */
+- memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops,
+ pax_open_kernel();
- memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops,
++ memcpy((void *)&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops,
sizeof(struct regulator_ops));
- mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode,
- mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode,
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index 50a6e1a..de5252e 100644
+index 17fb051..937fbbd 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1583,7 +1583,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index cfba74c..415f09b 100644
+index dd8c8d6..4cdf6a1 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
-@@ -3022,7 +3022,7 @@ static int sd_probe(struct device *dev)
+@@ -3024,7 +3024,7 @@ static int sd_probe(struct device *dev)
sdkp->disk = gd;
sdkp->index = index;
atomic_set(&sdkp->openers, 0);
imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL);
diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
-index 503b2d7..c918745 100644
+index 503b2d7..c904931 100644
--- a/drivers/staging/line6/driver.c
+++ b/drivers/staging/line6/driver.c
@@ -463,7 +463,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
/* receive the result: */
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+@@ -520,7 +527,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ {
+ struct usb_device *usbdev = line6->usbdev;
+ int ret;
+- unsigned char status;
++ unsigned char *status;
+
+ ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
+@@ -533,26 +540,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ return ret;
+ }
+
++ status = kmalloc(1, GFP_KERNEL);
++ if (status == NULL)
++ return -ENOMEM;
++
+ do {
+ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_IN,
+ 0x0012, 0x0000,
+- &status, 1, LINE6_TIMEOUT * HZ);
++ status, 1, LINE6_TIMEOUT * HZ);
+
+ if (ret < 0) {
+ dev_err(line6->ifcdev,
+ "receiving status failed (error %d)\n", ret);
++ kfree(status);
+ return ret;
+ }
+- } while (status == 0xff);
++ } while (*status == 0xff);
+
+- if (status != 0) {
++ if (*status != 0) {
+ dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
++ kfree(status);
+ return -EINVAL;
+ }
+
++ kfree(status);
++
+ return 0;
+ }
+
+diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
+index 6943715..0a93632 100644
+--- a/drivers/staging/line6/toneport.c
++++ b/drivers/staging/line6/toneport.c
+@@ -11,6 +11,7 @@
+ */
+
+ #include <linux/wait.h>
++#include <linux/slab.h>
+ #include <sound/control.h>
+
+ #include "audio.h"
+@@ -307,14 +308,20 @@ static void toneport_destruct(struct usb_interface *interface)
+ */
+ static void toneport_setup(struct usb_line6_toneport *toneport)
+ {
+- int ticks;
++ int *ticks;
+ struct usb_line6 *line6 = &toneport->line6;
+ struct usb_device *usbdev = line6->usbdev;
+ u16 idProduct = le16_to_cpu(usbdev->descriptor.idProduct);
+
++ ticks = kmalloc(sizeof(int), GFP_KERNEL);
++ if (ticks == NULL)
++ return;
++
+ /* sync time on device with host: */
+- ticks = (int)get_seconds();
+- line6_write_data(line6, 0x80c6, &ticks, 4);
++ *ticks = (int)get_seconds();
++ line6_write_data(line6, 0x80c6, ticks, sizeof(int));
++
++ kfree(ticks);
+
+ /* enable device: */
+ toneport_send_cmd(usbdev, 0x0301, 0x0000);
diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
index a94f336..6a1924d 100644
--- a/drivers/staging/lustre/lnet/selftest/brw_test.c
login->tgt_agt = sbp_target_agent_register(login);
if (IS_ERR(login->tgt_agt)) {
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index c45f9e9..00e85f0 100644
+index 24fa5d1..fae56f1 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -1532,7 +1532,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
dlci->modem_rx = 0;
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 2e900a9..576d216 100644
+index 47ca0f3..3c0b803 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -115,7 +115,7 @@ struct n_tty_data {
size_t line_start;
/* protected by output lock */
-@@ -2522,6 +2522,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2523,6 +2523,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
if (unlikely(pdev->id < 0 || pdev->id >= UART_NR))
return -ENXIO;
diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
-index c78f43a..22b1dab 100644
+index 587d63b..48423a6 100644
--- a/drivers/tty/serial/samsung.c
+++ b/drivers/tty/serial/samsung.c
@@ -478,11 +478,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
dbg("s3c24xx_serial_startup: port=%p (%08llx,%p)\n",
port, (unsigned long long)port->mapbase, port->membase);
-@@ -1155,10 +1160,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
+@@ -1159,10 +1164,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
/* setup info for port */
port->dev = &platdev->dev;
if (cfg->uart_flags & UPF_CONS_FLOW) {
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index eaeb9a0..01a238c 100644
+index a28dee9..168ba47 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -1339,7 +1339,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp)
props.type = BACKLIGHT_RAW;
props.max_brightness = 0xff;
diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
-index 8d7fc48..01c4986 100644
+index 29fa1c3..a57b08e 100644
--- a/drivers/usb/serial/console.c
+++ b/drivers/usb/serial/console.c
-@@ -123,7 +123,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -125,7 +125,7 @@ static int usb_console_setup(struct console *co, char *options)
info->port = port;
if (!test_bit(ASYNCB_INITIALIZED, &port->port.flags)) {
if (serial->type->set_termios) {
/*
-@@ -167,7 +167,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -173,7 +173,7 @@ static int usb_console_setup(struct console *co, char *options)
}
/* Now that any required fake tty operations are completed restore
* the tty port count */
/* The console is special in terms of closing the device so
* indicate this port is now acting as a system console. */
port->port.console = 1;
-@@ -180,7 +180,7 @@ static int usb_console_setup(struct console *co, char *options)
- free_tty:
- kfree(tty);
+@@ -186,7 +186,7 @@ static int usb_console_setup(struct console *co, char *options)
+ put_tty:
+ tty_kref_put(tty);
reset_open_count:
- port->port.count = 0;
+ atomic_set(&port->port.count, 0);
usb_autopm_put_interface(serial->interface);
error_get_interface:
usb_serial_put(serial);
-@@ -191,7 +191,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -197,7 +197,7 @@ static int usb_console_setup(struct console *co, char *options)
static void usb_console_write(struct console *co,
const char *buf, unsigned count)
{
return 0;
}
diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
-index 900aa4e..6d49418 100644
+index d6cab1f..112f680 100644
--- a/drivers/video/fbdev/core/fb_defio.c
+++ b/drivers/video/fbdev/core/fb_defio.c
-@@ -206,7 +206,9 @@ void fb_deferred_io_init(struct fb_info *info)
+@@ -207,7 +207,9 @@ void fb_deferred_io_init(struct fb_info *info)
BUG_ON(!fbdefio);
mutex_init(&fbdefio->lock);
INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work);
INIT_LIST_HEAD(&fbdefio->pagelist);
if (fbdefio->delay == 0) /* set a default of 1 s */
-@@ -237,7 +239,7 @@ void fb_deferred_io_cleanup(struct fb_info *info)
+@@ -238,7 +240,7 @@ void fb_deferred_io_cleanup(struct fb_info *info)
page->mapping = NULL;
}
WARN_ON(trans->transid != btrfs_header_generation(parent));
diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c
-index 054577b..9b342cc 100644
+index de4e70f..b41dc45 100644
--- a/fs/btrfs/delayed-inode.c
+++ b/fs/btrfs/delayed-inode.c
@@ -462,7 +462,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node,
sb->s_bdi = &fsc->backing_dev_info;
return err;
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
-index 44ec726..bcb06a3 100644
+index 44ec726..11a056f 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -286,8 +286,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
if (server->ops->print_stats)
server->ops->print_stats(m, tcon);
}
+@@ -615,9 +615,11 @@ cifs_security_flags_handle_must_flags(unsigned int *flags)
+ *flags = CIFSSEC_MUST_NTLMV2;
+ else if ((*flags & CIFSSEC_MUST_NTLM) == CIFSSEC_MUST_NTLM)
+ *flags = CIFSSEC_MUST_NTLM;
+- else if ((*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN)
++ else if (CIFSSEC_MUST_LANMAN &&
++ (*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN)
+ *flags = CIFSSEC_MUST_LANMAN;
+- else if ((*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT)
++ else if (CIFSSEC_MUST_PLNTXT &&
++ (*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT)
+ *flags = CIFSSEC_MUST_PLNTXT;
+
+ *flags |= signflags;
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 9d7996e..35ad5cf4 100644
--- a/fs/cifs/cifsfs.c
GLOBAL_EXTERN atomic_t smBufAllocCount;
GLOBAL_EXTERN atomic_t midCount;
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
-index 3e4d00a..38a122d 100644
+index 9a7b6947..4132187 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
-@@ -2056,10 +2056,14 @@ static int cifs_writepages(struct address_space *mapping,
+@@ -2060,10 +2060,14 @@ static int cifs_writepages(struct address_space *mapping,
index = mapping->writeback_index; /* Start from prev offset */
end = -1;
} else {
}
req->FileIndex = cpu_to_le32(index);
+diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
+index 6c15663..a4232ec 100644
+--- a/fs/cifs/smbencrypt.c
++++ b/fs/cifs/smbencrypt.c
+@@ -221,7 +221,7 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16,
+ }
+
+ rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16));
+- memset(wpwd, 0, 129 * sizeof(__le16));
++ memzero_explicit(wpwd, sizeof(wpwd));
+
+ return rc;
+ }
diff --git a/fs/coda/cache.c b/fs/coda/cache.c
index 46ee6f2..89a9e7f 100644
--- a/fs/coda/cache.c
return 0;
while (nr) {
diff --git a/fs/dcache.c b/fs/dcache.c
-index 03dca3c..f66c622 100644
+index 03dca3c..15f326d 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -508,7 +508,7 @@ static void __dentry_kill(struct dentry *dentry)
dentry->d_flags = 0;
spin_lock_init(&dentry->d_lock);
seqcount_init(&dentry->d_seq);
-@@ -2183,7 +2183,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
+@@ -1452,6 +1452,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
+ dentry->d_sb = sb;
+ dentry->d_op = NULL;
+ dentry->d_fsdata = NULL;
++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
++ atomic_set(&dentry->chroot_refcnt, 0);
++#endif
+ INIT_HLIST_BL_NODE(&dentry->d_hash);
+ INIT_LIST_HEAD(&dentry->d_lru);
+ INIT_LIST_HEAD(&dentry->d_subdirs);
+@@ -2183,7 +2186,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
goto next;
}
found = dentry;
spin_unlock(&dentry->d_lock);
break;
-@@ -2282,7 +2282,7 @@ again:
+@@ -2282,7 +2285,7 @@ again:
spin_lock(&dentry->d_lock);
inode = dentry->d_inode;
isdir = S_ISDIR(inode->i_mode);
if (!spin_trylock(&inode->i_lock)) {
spin_unlock(&dentry->d_lock);
cpu_relax();
-@@ -3308,7 +3308,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
+@@ -3308,7 +3311,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
if (!(dentry->d_flags & DCACHE_GENOCIDE)) {
dentry->d_flags |= DCACHE_GENOCIDE;
}
}
return D_WALK_CONTINUE;
-@@ -3424,7 +3424,8 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3424,7 +3427,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 7302b75..7d61d19 100644
+index 7302b75..b917171 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
+{
+ unsigned long sp = (unsigned long)&sp;
+ if (sp < current_thread_info()->lowest_stack &&
-+ sp > (unsigned long)task_stack_page(current))
++ sp >= (unsigned long)task_stack_page(current) + 2 * sizeof(unsigned long))
+ current_thread_info()->lowest_stack = sp;
+ if (unlikely((sp & ~(THREAD_SIZE - 1)) < (THREAD_SIZE/16)))
+ BUG();
}
EXPORT_SYMBOL(__f_setown);
diff --git a/fs/fhandle.c b/fs/fhandle.c
-index 999ff5c..ac037c9 100644
+index 999ff5c..2281df9 100644
--- a/fs/fhandle.c
+++ b/fs/fhandle.c
@@ -8,6 +8,7 @@
retval = -EPERM;
goto out_err;
}
+@@ -195,8 +195,9 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
+ goto out_err;
+ }
+ /* copy the full handle */
+- if (copy_from_user(handle, ufh,
+- sizeof(struct file_handle) +
++ *handle = f_handle;
++ if (copy_from_user(&handle->f_handle,
++ &ufh->f_handle,
+ f_handle.handle_bytes)) {
+ retval = -EFAULT;
+ goto out_handle;
diff --git a/fs/file.c b/fs/file.c
index ab3eb6a..8de2392 100644
--- a/fs/file.c
if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) {
diff --git a/fs/fs_struct.c b/fs/fs_struct.c
-index 7dca743..543d620 100644
+index 7dca743..2f2786d 100644
--- a/fs/fs_struct.c
+++ b/fs/fs_struct.c
@@ -4,6 +4,7 @@
#include "internal.h"
/*
-@@ -19,6 +20,7 @@ void set_fs_root(struct fs_struct *fs, const struct path *path)
+@@ -15,14 +16,18 @@ void set_fs_root(struct fs_struct *fs, const struct path *path)
+ struct path old_root;
+
+ path_get(path);
++ gr_inc_chroot_refcnts(path->dentry, path->mnt);
+ spin_lock(&fs->lock);
write_seqcount_begin(&fs->seq);
old_root = fs->root;
fs->root = *path;
+ gr_set_chroot_entries(current, path);
write_seqcount_end(&fs->seq);
spin_unlock(&fs->lock);
- if (old_root.dentry)
-@@ -67,6 +69,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root)
+- if (old_root.dentry)
++ if (old_root.dentry) {
++ gr_dec_chroot_refcnts(old_root.dentry, old_root.mnt);
+ path_put(&old_root);
++ }
+ }
+
+ /*
+@@ -67,6 +72,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root)
int hits = 0;
spin_lock(&fs->lock);
write_seqcount_begin(&fs->seq);
hits += replace_path(&fs->root, old_root, new_root);
hits += replace_path(&fs->pwd, old_root, new_root);
write_seqcount_end(&fs->seq);
-@@ -99,7 +105,8 @@ void exit_fs(struct task_struct *tsk)
+@@ -85,6 +94,7 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root)
+
+ void free_fs_struct(struct fs_struct *fs)
+ {
++ gr_dec_chroot_refcnts(fs->root.dentry, fs->root.mnt);
+ path_put(&fs->root);
+ path_put(&fs->pwd);
+ kmem_cache_free(fs_cachep, fs);
+@@ -99,7 +109,8 @@ void exit_fs(struct task_struct *tsk)
task_lock(tsk);
spin_lock(&fs->lock);
tsk->fs = NULL;
spin_unlock(&fs->lock);
task_unlock(tsk);
if (kill)
-@@ -112,7 +119,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
+@@ -112,7 +123,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
/* We don't need to lock fs - think why ;-) */
if (fs) {
fs->in_exec = 0;
spin_lock_init(&fs->lock);
seqcount_init(&fs->seq);
-@@ -121,6 +128,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
+@@ -121,6 +132,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
spin_lock(&old->lock);
fs->root = old->root;
path_get(&fs->root);
fs->pwd = old->pwd;
path_get(&fs->pwd);
spin_unlock(&old->lock);
-@@ -139,8 +149,9 @@ int unshare_fs_struct(void)
+@@ -139,8 +153,9 @@ int unshare_fs_struct(void)
task_lock(current);
spin_lock(&fs->lock);
spin_unlock(&fs->lock);
task_unlock(current);
-@@ -153,13 +164,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct);
+@@ -153,13 +168,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct);
int current_umask(void)
{
memcpy(c->data, &cookie, 4);
c->len=4;
diff --git a/fs/locks.c b/fs/locks.c
-index 735b8d3..dfc44a2 100644
+index 59e2f90..bd69071 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -2374,7 +2374,7 @@ void locks_remove_file(struct file *filp)
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index db5fe86..d3dcc14 100644
+index db5fe86..8bce5f0 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask)
struct filename *name;
struct dentry *dentry;
struct nameidata nd;
-+ ino_t saved_ino = 0;
++ u64 saved_ino = 0;
+ dev_t saved_dev = 0;
unsigned int lookup_flags = 0;
retry:
goto exit3;
}
+
-+ saved_ino = dentry->d_inode->i_ino;
++ saved_ino = gr_get_ino_from_dentry(dentry);
+ saved_dev = gr_get_dev_from_dentry(dentry);
+
+ if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) {
struct nameidata nd;
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
-+ ino_t saved_ino = 0;
++ u64 saved_ino = 0;
+ dev_t saved_dev = 0;
unsigned int lookup_flags = 0;
retry:
ihold(inode);
+
+ if (inode->i_nlink <= 1) {
-+ saved_ino = inode->i_ino;
++ saved_ino = gr_get_ino_from_dentry(dentry);
+ saved_dev = gr_get_dev_from_dentry(dentry);
+ }
+ if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) {
done_path_create(&new_path, new_dentry);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
-@@ -4304,6 +4486,12 @@ retry_deleg:
+@@ -4304,6 +4486,20 @@ retry_deleg:
if (new_dentry == trap)
goto exit5;
++ if (gr_bad_chroot_rename(old_dentry, oldnd.path.mnt, new_dentry, newnd.path.mnt)) {
++ /* use EXDEV error to cause 'mv' to switch to an alternative
++ * method for usability
++ */
++ error = -EXDEV;
++ goto exit5;
++ }
++
+ error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt,
+ old_dentry, old_dir->d_inode, oldnd.path.mnt,
+ to, flags);
error = security_path_rename(&oldnd.path, old_dentry,
&newnd.path, new_dentry, flags);
if (error)
-@@ -4311,6 +4499,9 @@ retry_deleg:
+@@ -4311,6 +4507,9 @@ retry_deleg:
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry,
&delegated_inode, flags);
exit5:
dput(new_dentry);
exit4:
-@@ -4367,14 +4558,24 @@ EXPORT_SYMBOL(vfs_whiteout);
+@@ -4367,14 +4566,24 @@ EXPORT_SYMBOL(vfs_whiteout);
int readlink_copy(char __user *buffer, int buflen, const char *link)
{
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index eeea7a9..f3ba422 100644
+index 2a77603..68e0e37 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1543,7 +1543,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
static struct pid *
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 7dc3ea8..4cfe92f 100644
+index 7dc3ea8..a08077e 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -113,6 +113,14 @@ struct pid_entry {
/*
* Let's make getdents(), stat(), and open()
* consistent with each other. If a process
-@@ -609,6 +665,8 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
+@@ -609,6 +665,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
if (task) {
mm = mm_access(task, mode);
-+ if (gr_acl_handle_procpidmem(task))
++ if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) {
++ mmput(mm);
+ mm = ERR_PTR(-EPERM);
++ }
put_task_struct(task);
if (!IS_ERR_OR_NULL(mm)) {
-@@ -630,6 +688,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -630,6 +690,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
return PTR_ERR(mm);
file->private_data = mm;
return 0;
}
-@@ -651,6 +714,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -651,6 +716,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
ssize_t copied;
char *page;
if (!mm)
return 0;
-@@ -663,7 +737,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -663,7 +739,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
goto free;
while (count > 0) {
if (write && copy_from_user(page, buf, this_len)) {
copied = -EFAULT;
-@@ -755,6 +829,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -755,6 +831,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
if (!mm)
return 0;
page = (char *)__get_free_page(GFP_TEMPORARY);
if (!page)
return -ENOMEM;
-@@ -764,7 +845,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -764,7 +847,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
goto free;
while (count > 0) {
size_t this_len, max_len;
if (src >= (mm->env_end - mm->env_start))
break;
-@@ -1378,7 +1459,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1378,7 +1461,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
int error = -EACCES;
/* Are we allowed to snoop on the tasks file descriptors? */
goto out;
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
-@@ -1422,8 +1503,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+@@ -1422,8 +1505,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
struct path path;
/* Are we allowed to snoop on the tasks file descriptors? */
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
if (error)
-@@ -1473,7 +1564,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1473,7 +1566,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
rcu_read_unlock();
}
security_task_to_inode(task, inode);
-@@ -1509,10 +1604,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1509,10 +1606,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
return -ENOENT;
}
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
}
}
rcu_read_unlock();
-@@ -1550,11 +1654,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
+@@ -1550,11 +1656,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
rcu_read_unlock();
} else {
inode->i_uid = GLOBAL_ROOT_UID;
-@@ -2085,6 +2198,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2085,6 +2200,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2115,6 +2231,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
+@@ -2115,6 +2233,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
if (!task)
return -ENOENT;
if (!dir_emit_dots(file, ctx))
goto out;
-@@ -2557,7 +2676,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2557,7 +2678,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
ONE("syscall", S_IRUSR, proc_pid_syscall),
#endif
ONE("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2582,10 +2701,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2582,10 +2703,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
ONE("stack", S_IRUSR, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2619,6 +2738,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2619,6 +2740,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
ONE("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
#ifdef CONFIG_USER_NS
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
-@@ -2748,7 +2870,14 @@ static int proc_pid_instantiate(struct inode *dir,
+@@ -2748,7 +2872,14 @@ static int proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2786,7 +2915,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
+@@ -2786,7 +2917,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
if (!task)
goto out;
put_task_struct(task);
out:
return ERR_PTR(result);
-@@ -2900,7 +3033,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -2900,7 +3035,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
ONE("syscall", S_IRUSR, proc_pid_syscall),
#endif
ONE("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2927,10 +3060,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -2927,10 +3062,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
}
diff --git a/fs/proc/stat.c b/fs/proc/stat.c
-index bf2d03f..f058f9c 100644
+index 510413eb..34d9a8c 100644
--- a/fs/proc/stat.c
+++ b/fs/proc/stat.c
@@ -11,6 +11,7 @@
/* sum again ? it could be updated? */
for_each_irq_nr(j)
-- seq_put_decimal_ull(p, ' ', kstat_irqs(j));
-+ seq_put_decimal_ull(p, ' ', unrestricted ? kstat_irqs(j) : 0ULL);
+- seq_put_decimal_ull(p, ' ', kstat_irqs_usr(j));
++ seq_put_decimal_ull(p, ' ', unrestricted ? kstat_irqs_usr(j) : 0ULL);
seq_printf(p,
"\nctxt %llu\n"
#define __fs_changed(gen,s) (gen != get_generation (s))
#define fs_changed(gen,s) \
diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
-index f1376c9..f9378e9 100644
+index b27ef35..d9c6c18 100644
--- a/fs/reiserfs/super.c
+++ b/fs/reiserfs/super.c
@@ -1857,6 +1857,10 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent)
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..f27264e
+index 0000000..31f8fe4
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1166 @@
+@@ -0,0 +1,1182 @@
+#
+# grecurity configuration
+#
+ sysctl option is enabled, a sysctl option with name
+ "chroot_deny_sysctl" is created.
+
++config GRKERNSEC_CHROOT_RENAME
++ bool "Deny bad renames"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on GRKERNSEC_CHROOT
++ help
++ If you say Y here, an attacker in a chroot will not be able to
++ abuse the ability to create double chroots to break out of the
++ chroot by exploiting a race condition between a rename of a directory
++ within a chroot against an open of a symlink with relative path
++ components. This feature will likewise prevent an accomplice outside
++ a chroot from enabling a user inside the chroot to break out and make
++ use of their credentials on the global filesystem. Enabling this
++ feature is essential to prevent root users from breaking out of a
++ chroot. If the sysctl option is enabled, a sysctl option with name
++ "chroot_deny_bad_rename" is created.
++
+config GRKERNSEC_CHROOT_CAPS
+ bool "Capability restrictions"
+ default y if GRKERNSEC_CONFIG_AUTO
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..6ae3aa0
+index 0000000..6c1e154
--- /dev/null
+++ b/grsecurity/gracl.c
-@@ -0,0 +1,2703 @@
+@@ -0,0 +1,2749 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+ return dentry->d_sb->s_dev;
+}
+
++static inline u64 __get_ino(const struct dentry *dentry)
++{
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++ return btrfs_ino(dentry->d_inode);
++ else
++#endif
++ return dentry->d_inode->i_ino;
++}
++
+dev_t gr_get_dev_from_dentry(struct dentry *dentry)
+{
+ return __get_dev(dentry);
+}
+
++u64 gr_get_ino_from_dentry(struct dentry *dentry)
++{
++ return __get_ino(dentry);
++}
++
+static char gr_task_roletype_to_char(struct task_struct *task)
+{
+ switch (task->role->roletype &
+}
+
+struct acl_subject_label *
-+lookup_acl_subj_label(const ino_t ino, const dev_t dev,
++lookup_acl_subj_label(const u64 ino, const dev_t dev,
+ const struct acl_role_label *role)
+{
+ unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
+}
+
+struct acl_subject_label *
-+lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
++lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev,
+ const struct acl_role_label *role)
+{
+ unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
+}
+
+static struct acl_object_label *
-+lookup_acl_obj_label(const ino_t ino, const dev_t dev,
++lookup_acl_obj_label(const u64 ino, const dev_t dev,
+ const struct acl_subject_label *subj)
+{
+ unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
+}
+
+static struct acl_object_label *
-+lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
++lookup_acl_obj_label_create(const u64 ino, const dev_t dev,
+ const struct acl_subject_label *subj)
+{
+ unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
+}
+
+static struct inodev_entry *
-+lookup_inodev_entry(const ino_t ino, const dev_t dev)
++lookup_inodev_entry(const u64 ino, const dev_t dev)
+{
+ unsigned int index = gr_fhash(ino, dev, running_polstate.inodev_set.i_size);
+ struct inodev_entry *match;
+
+static struct acl_object_label *
+__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
-+ const ino_t curr_ino, const dev_t curr_dev,
++ const u64 curr_ino, const dev_t curr_dev,
+ const struct acl_subject_label *subj, char **path, const int checkglob)
+{
+ struct acl_subject_label *tmpsubj;
+ const struct acl_subject_label *subj, char **path, const int checkglob)
+{
+ int newglob = checkglob;
-+ ino_t inode;
++ u64 inode;
+ dev_t device;
+
+ /* if we aren't checking a subdirectory of the original path yet, don't do glob checking
+ newglob = GR_NO_GLOB;
+
+ spin_lock(&curr_dentry->d_lock);
-+ inode = curr_dentry->d_inode->i_ino;
++ inode = __get_ino(curr_dentry);
+ device = __get_dev(curr_dentry);
+ spin_unlock(&curr_dentry->d_lock);
+
+ spin_lock(&dentry->d_lock);
+ read_lock(&gr_inode_lock);
+ retval =
-+ lookup_acl_subj_label(dentry->d_inode->i_ino,
++ lookup_acl_subj_label(__get_ino(dentry),
+ __get_dev(dentry), role);
+ read_unlock(&gr_inode_lock);
+ spin_unlock(&dentry->d_lock);
+
+ spin_lock(&dentry->d_lock);
+ read_lock(&gr_inode_lock);
-+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
++ retval = lookup_acl_subj_label(__get_ino(dentry),
+ __get_dev(dentry), role);
+ read_unlock(&gr_inode_lock);
+ parent = dentry->d_parent;
+
+ spin_lock(&dentry->d_lock);
+ read_lock(&gr_inode_lock);
-+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
++ retval = lookup_acl_subj_label(__get_ino(dentry),
+ __get_dev(dentry), role);
+ read_unlock(&gr_inode_lock);
+ spin_unlock(&dentry->d_lock);
+ if (unlikely(retval == NULL)) {
+ /* gr_real_root is pinned, we don't need to hold a reference */
+ read_lock(&gr_inode_lock);
-+ retval = lookup_acl_subj_label(gr_real_root.dentry->d_inode->i_ino,
++ retval = lookup_acl_subj_label(__get_ino(gr_real_root.dentry),
+ __get_dev(gr_real_root.dentry), role);
+ read_unlock(&gr_inode_lock);
+ }
+ return;
+
+ for (i = 0; i < RLIM_NLIMITS; i++) {
++ unsigned long rlim_cur, rlim_max;
++
+ if (!(proc->resmask & (1U << i)))
+ continue;
+
-+ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
-+ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
++ rlim_cur = proc->res[i].rlim_cur;
++ rlim_max = proc->res[i].rlim_max;
++
++ if (i == RLIMIT_NOFILE) {
++ unsigned long saved_sysctl_nr_open = sysctl_nr_open;
++ if (rlim_cur > saved_sysctl_nr_open)
++ rlim_cur = saved_sysctl_nr_open;
++ if (rlim_max > saved_sysctl_nr_open)
++ rlim_max = saved_sysctl_nr_open;
++ }
++
++ task->signal->rlim[i].rlim_cur = rlim_cur;
++ task->signal->rlim[i].rlim_max = rlim_max;
+
+ if (i == RLIMIT_CPU)
-+ update_rlimit_cpu(task, proc->res[i].rlim_cur);
++ update_rlimit_cpu(task, rlim_cur);
+ }
+
+ return;
+ rcu_read_lock();
+ read_lock(&tasklist_lock);
+ read_lock(&grsec_exec_file_lock);
++ except in the case of gr_set_role_label() (for __gr_get_subject_for_task)
+*/
+
-+struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename)
++struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename, int fallback)
+{
+ char *tmpname;
+ struct acl_subject_label *tmpsubj;
+ /* this also works for the reload case -- if we don't match a potentially inherited subject
+ then we fall back to a normal lookup based on the binary's ino/dev
+ */
-+ if (tmpsubj == NULL)
++ if (tmpsubj == NULL && fallback)
+ tmpsubj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, task->role);
+
+ return tmpsubj;
+}
+
-+static struct acl_subject_label *gr_get_subject_for_task(struct task_struct *task, const char *filename)
++static struct acl_subject_label *gr_get_subject_for_task(struct task_struct *task, const char *filename, int fallback)
+{
-+ return __gr_get_subject_for_task(&running_polstate, task, filename);
++ return __gr_get_subject_for_task(&running_polstate, task, filename, fallback);
+}
+
+void __gr_apply_subject_to_task(const struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj)
+ task->role = current->role;
+ rcu_read_lock();
+ read_lock(&grsec_exec_file_lock);
-+ subj = gr_get_subject_for_task(task, NULL);
++ subj = gr_get_subject_for_task(task, NULL, 1);
+ gr_apply_subject_to_task(task, subj);
+ read_unlock(&grsec_exec_file_lock);
+ rcu_read_unlock();
+gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid)
+{
+ struct acl_role_label *role = task->role;
++ struct acl_role_label *origrole = role;
+ struct acl_subject_label *subj = NULL;
+ struct acl_object_label *obj;
+ struct file *filp;
+ ((role->roletype & GR_ROLE_GROUP) && !gr_acl_is_capable(CAP_SETGID))))
+ return;
+
-+ /* perform subject lookup in possibly new role
-+ we can use this result below in the case where role == task->role
-+ */
-+ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
++ task->role = role;
++
++ if (task->inherited) {
++ /* if we reached our subject through inheritance, then first see
++ if there's a subject of the same name in the new role that has
++ an object that would result in the same inherited subject
++ */
++ subj = gr_get_subject_for_task(task, task->acl->filename, 0);
++ if (subj) {
++ obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, subj);
++ if (!(obj->mode & GR_INHERIT))
++ subj = NULL;
++ }
++
++ }
++ if (subj == NULL) {
++ /* otherwise:
++ perform subject lookup in possibly new role
++ we can use this result below in the case where role == task->role
++ */
++ subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
++ }
+
+ /* if we changed uid/gid, but result in the same role
+ and are using inheritance, don't lose the inherited subject
+ would result in, we arrived via inheritance, don't
+ lose subject
+ */
-+ if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
++ if (role != origrole || (!(task->acl->mode & GR_INHERITLEARN) &&
+ (subj == task->acl)))
+ task->acl = subj;
+
+ /* leave task->inherited unaffected */
+
-+ task->role = role;
-+
+ task->is_writable = 0;
+
+ /* ignore additional mmap checks for processes that are writable
+
+/* always called with valid inodev ptr */
+static void
-+do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
++do_handle_delete(struct inodev_entry *inodev, const u64 ino, const dev_t dev)
+{
+ struct acl_object_label *matchpo;
+ struct acl_subject_label *matchps;
+}
+
+void
-+gr_handle_delete(const ino_t ino, const dev_t dev)
++gr_handle_delete(const u64 ino, const dev_t dev)
+{
+ struct inodev_entry *inodev;
+
+}
+
+static void
-+update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
-+ const ino_t newinode, const dev_t newdevice,
++update_acl_obj_label(const u64 oldinode, const dev_t olddevice,
++ const u64 newinode, const dev_t newdevice,
+ struct acl_subject_label *subj)
+{
+ unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
+}
+
+static void
-+update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
-+ const ino_t newinode, const dev_t newdevice,
++update_acl_subj_label(const u64 oldinode, const dev_t olddevice,
++ const u64 newinode, const dev_t newdevice,
+ struct acl_role_label *role)
+{
+ unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
+}
+
+static void
-+update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
-+ const ino_t newinode, const dev_t newdevice)
++update_inodev_entry(const u64 oldinode, const dev_t olddevice,
++ const u64 newinode, const dev_t newdevice)
+{
+ unsigned int index = gr_fhash(oldinode, olddevice, running_polstate.inodev_set.i_size);
+ struct inodev_entry *match;
+}
+
+static void
-+__do_handle_create(const struct name_entry *matchn, ino_t ino, dev_t dev)
++__do_handle_create(const struct name_entry *matchn, u64 ino, dev_t dev)
+{
+ struct acl_subject_label *subj;
+ struct acl_role_label *role;
+do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
+ const struct vfsmount *mnt)
+{
-+ ino_t ino = dentry->d_inode->i_ino;
++ u64 ino = __get_ino(dentry);
+ dev_t dev = __get_dev(dentry);
+
+ __do_handle_create(matchn, ino, dev);
+ struct name_entry *matchn2 = NULL;
+ struct inodev_entry *inodev;
+ struct inode *inode = new_dentry->d_inode;
-+ ino_t old_ino = old_dentry->d_inode->i_ino;
++ u64 old_ino = __get_ino(old_dentry);
+ dev_t old_dev = __get_dev(old_dentry);
+ unsigned int exchange = flags & RENAME_EXCHANGE;
+
+
+ write_lock(&gr_inode_lock);
+ if (unlikely((replace || exchange) && inode)) {
-+ ino_t new_ino = inode->i_ino;
++ u64 new_ino = __get_ino(new_dentry);
+ dev_t new_dev = __get_dev(new_dentry);
+
+ inodev = lookup_inodev_entry(new_ino, new_dev);
+ return 0;
+}
+
-+int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
++int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const u64 ino)
+{
+ struct task_struct *task = current;
+ struct dentry *dentry = file->f_path.dentry;
+
diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c
new file mode 100644
-index 0000000..ca25605
+index 0000000..a43dd06
--- /dev/null
+++ b/grsecurity/gracl_compat.c
-@@ -0,0 +1,270 @@
+@@ -0,0 +1,269 @@
+#include <linux/kernel.h>
+#include <linux/gracl.h>
+#include <linux/compat.h>
+ if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat)))
+ return -EFAULT;
+
-+ if (((uwrapcompat.version != GRSECURITY_VERSION) &&
-+ (uwrapcompat.version != 0x2901)) ||
++ if ((uwrapcompat.version != GRSECURITY_VERSION) ||
+ (uwrapcompat.size != sizeof(struct gr_arg_compat)))
+ return -EINVAL;
+
+
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
-index 0000000..4008fdc
+index 0000000..8ee8e4f
--- /dev/null
+++ b/grsecurity/gracl_fs.c
-@@ -0,0 +1,445 @@
+@@ -0,0 +1,447 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/types.h>
+ if (unlikely(!gr_acl_is_enabled()))
+ return 0;
+
-+ if (task != current && task->acl->mode & GR_PROTPROCFD)
++ if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
++ !(current->acl->mode & GR_POVERRIDE) &&
++ !(current->role->roletype & GR_ROLE_GOD))
+ return -EACCES;
+
+ return 0;
+};
diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
new file mode 100644
-index 0000000..3f8ade0
+index 0000000..fd26052
--- /dev/null
+++ b/grsecurity/gracl_policy.c
-@@ -0,0 +1,1782 @@
+@@ -0,0 +1,1781 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+extern void gr_remove_uid(uid_t uid);
+extern int gr_find_uid(uid_t uid);
+
-+extern struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename);
++extern struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename, int fallback);
+extern void __gr_apply_subject_to_task(struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj);
+extern int gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb);
+extern void __insert_inodev_entry(const struct gr_policy_state *state, struct inodev_entry *entry);
+extern void insert_acl_subj_label(struct acl_subject_label *obj, struct acl_role_label *role);
+extern struct name_entry * __lookup_name_entry(const struct gr_policy_state *state, const char *name);
+extern char *gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt);
-+extern struct acl_subject_label *lookup_acl_subj_label(const ino_t ino, const dev_t dev, const struct acl_role_label *role);
-+extern struct acl_subject_label *lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, const struct acl_role_label *role);
++extern struct acl_subject_label *lookup_acl_subj_label(const u64 ino, const dev_t dev, const struct acl_role_label *role);
++extern struct acl_subject_label *lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev, const struct acl_role_label *role);
+extern void assign_special_role(const char *rolename);
+extern struct acl_subject_label *chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, const struct acl_role_label *role);
+extern int gr_rbac_disable(void *unused);
+ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper)))
+ return -EFAULT;
+
-+ if (((uwrap->version != GRSECURITY_VERSION) &&
-+ (uwrap->version != 0x2901)) ||
++ if ((uwrap->version != GRSECURITY_VERSION) ||
+ (uwrap->size != sizeof(struct gr_arg)))
+ return -EINVAL;
+
+}
+
+static int
-+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
++insert_name_entry(char *name, const u64 inode, const dev_t device, __u8 deleted)
+{
+ struct name_entry **curr, *nentry;
+ struct inodev_entry *ientry;
+ }
+ /* this handles non-nested inherited subjects, nested subjects will still
+ be dropped currently */
-+ subj = __gr_get_subject_for_task(polstate, task, task->acl->filename);
-+ task->tmpacl = __gr_get_subject_for_task(polstate, task, NULL);
++ subj = __gr_get_subject_for_task(polstate, task, task->acl->filename, 1);
++ task->tmpacl = __gr_get_subject_for_task(polstate, task, NULL, 1);
+ /* change the role back so that we've made no modifications to the policy */
+ task->role = rtmp;
+
+ /* this handles non-nested inherited subjects, nested subjects will still
+ be dropped currently */
+ if (!reload_state->oldmode && task->inherited)
-+ subj = __gr_get_subject_for_task(polstate, task, task->acl->filename);
++ subj = __gr_get_subject_for_task(polstate, task, task->acl->filename, 1);
+ else {
+ /* looked up and tagged to the task previously */
+ subj = task->tmpacl;
+ if (task->exec_file) {
+ cred = __task_cred(task);
+ task->role = __lookup_acl_role_label(polstate, task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
-+ subj = __gr_get_subject_for_task(polstate, task, NULL);
++ subj = __gr_get_subject_for_task(polstate, task, NULL, 1);
+ if (subj == NULL) {
+ ret = -EINVAL;
+ read_unlock(&grsec_exec_file_lock);
+}
diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
new file mode 100644
-index 0000000..2040e61
+index 0000000..218b66b
--- /dev/null
+++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,313 @@
+@@ -0,0 +1,324 @@
+#include <linux/kernel.h>
+#include <linux/mm.h>
+#include <asm/uaccess.h>
+static DEFINE_SPINLOCK(gr_uid_lock);
+extern rwlock_t gr_inode_lock;
+extern struct acl_subject_label *
-+ lookup_acl_subj_label(const ino_t inode, const dev_t dev,
++ lookup_acl_subj_label(const u64 inode, const dev_t dev,
+ struct acl_role_label *role);
+
+static inline dev_t __get_dev(const struct dentry *dentry)
+ return dentry->d_sb->s_dev;
+}
+
++static inline u64 __get_ino(const struct dentry *dentry)
++{
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++ return btrfs_ino(dentry->d_inode);
++ else
++#endif
++ return dentry->d_inode->i_ino;
++}
++
+int
+gr_init_uidset(void)
+{
+gr_check_crash_exec(const struct file *filp)
+{
+ struct acl_subject_label *curr;
++ struct dentry *dentry;
+
+ if (unlikely(!gr_acl_is_enabled()))
+ return 0;
+
+ read_lock(&gr_inode_lock);
-+ curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
-+ __get_dev(filp->f_path.dentry),
++ dentry = filp->f_path.dentry;
++ curr = lookup_acl_subj_label(__get_ino(dentry), __get_dev(dentry),
+ current->role);
+ read_unlock(&gr_inode_lock);
+
+}
diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
new file mode 100644
-index 0000000..6d99cec
+index 0000000..114ea4f
--- /dev/null
+++ b/grsecurity/grsec_chroot.c
-@@ -0,0 +1,385 @@
+@@ -0,0 +1,467 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+int gr_init_ran;
+#endif
+
++void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
++ struct dentry *tmpd = dentry;
++
++ read_seqlock_excl(&mount_lock);
++ write_seqlock(&rename_lock);
++
++ while (tmpd != mnt->mnt_root) {
++ atomic_inc(&tmpd->chroot_refcnt);
++ tmpd = tmpd->d_parent;
++ }
++ atomic_inc(&tmpd->chroot_refcnt);
++
++ write_sequnlock(&rename_lock);
++ read_sequnlock_excl(&mount_lock);
++#endif
++}
++
++void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
++ struct dentry *tmpd = dentry;
++
++ read_seqlock_excl(&mount_lock);
++ write_seqlock(&rename_lock);
++
++ while (tmpd != mnt->mnt_root) {
++ atomic_dec(&tmpd->chroot_refcnt);
++ tmpd = tmpd->d_parent;
++ }
++ atomic_dec(&tmpd->chroot_refcnt);
++
++ write_sequnlock(&rename_lock);
++ read_sequnlock_excl(&mount_lock);
++#endif
++}
++
++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
++static struct dentry *get_closest_chroot(struct dentry *dentry)
++{
++ write_seqlock(&rename_lock);
++ do {
++ if (atomic_read(&dentry->chroot_refcnt)) {
++ write_sequnlock(&rename_lock);
++ return dentry;
++ }
++ dentry = dentry->d_parent;
++ } while (!IS_ROOT(dentry));
++ write_sequnlock(&rename_lock);
++ return NULL;
++}
++#endif
++
++int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt,
++ struct dentry *newdentry, struct vfsmount *newmnt)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
++ struct dentry *chroot;
++
++ if (unlikely(!grsec_enable_chroot_rename))
++ return 0;
++
++ if (likely(!proc_is_chrooted(current) && gr_is_global_root(current_uid())))
++ return 0;
++
++ chroot = get_closest_chroot(olddentry);
++
++ if (chroot == NULL)
++ return 0;
++
++ if (is_subdir(newdentry, chroot))
++ return 0;
++
++ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_RENAME_MSG, olddentry, oldmnt);
++
++ return 1;
++#else
++ return 0;
++#endif
++}
++
+void gr_set_chroot_entries(struct task_struct *task, const struct path *path)
+{
+#ifdef CONFIG_GRKERNSEC
+}
diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
new file mode 100644
-index 0000000..0f9ac91
+index 0000000..946f750
--- /dev/null
+++ b/grsecurity/grsec_disabled.c
-@@ -0,0 +1,440 @@
+@@ -0,0 +1,445 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+}
+
+void
-+gr_handle_delete(const ino_t ino, const dev_t dev)
++gr_handle_delete(const u64 ino, const dev_t dev)
+{
+ return;
+}
+
+int
+gr_acl_handle_filldir(const struct file *file, const char *name,
-+ const int namelen, const ino_t ino)
++ const int namelen, const u64 ino)
+{
+ return 1;
+}
+ return dentry->d_sb->s_dev;
+}
+
++u64 gr_get_ino_from_dentry(struct dentry *dentry)
++{
++ return dentry->d_inode->i_ino;
++}
++
+void gr_put_exec_file(struct task_struct *task)
+{
+ return;
+}
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
new file mode 100644
-index 0000000..b7cb191
+index 0000000..4ed9e7d
--- /dev/null
+++ b/grsecurity/grsec_init.c
-@@ -0,0 +1,286 @@
+@@ -0,0 +1,290 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
+int grsec_enable_chroot_nice;
+int grsec_enable_chroot_execlog;
+int grsec_enable_chroot_caps;
++int grsec_enable_chroot_rename;
+int grsec_enable_chroot_sysctl;
+int grsec_enable_chroot_unix;
+int grsec_enable_tpe;
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
+ grsec_enable_chroot_caps = 1;
+#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
++ grsec_enable_chroot_rename = 1;
++#endif
+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
+ grsec_enable_chroot_sysctl = 1;
+#endif
+}
diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c
new file mode 100644
-index 0000000..8159888
+index 0000000..cce889e
--- /dev/null
+++ b/grsecurity/grsec_sysctl.c
-@@ -0,0 +1,479 @@
+@@ -0,0 +1,488 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/sysctl.h>
+ .proc_handler = &proc_dointvec,
+ },
+#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
++ {
++ .procname = "chroot_deny_bad_rename",
++ .data = &grsec_enable_chroot_rename,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
+ {
+ .procname = "chroot_deny_sysctl",
+#ifdef LATENT_ENTROPY_PLUGIN
+#define __latent_entropy __attribute__((latent_entropy))
+#endif
++
+ /*
+ * Mark a position in code as unreachable. This can be used to
+ * suppress control flow warnings after asm blocks that transfer
+diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
+index c8c5659..d09f2ad 100644
+--- a/include/linux/compiler-gcc5.h
++++ b/include/linux/compiler-gcc5.h
+@@ -28,6 +28,28 @@
+ # define __compiletime_error(message) __attribute__((error(message)))
+ #endif /* __CHECKER__ */
+
++#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__)))
++#define __bos(ptr, arg) __builtin_object_size((ptr), (arg))
++#define __bos0(ptr) __bos((ptr), 0)
++#define __bos1(ptr) __bos((ptr), 1)
++
++#ifdef CONSTIFY_PLUGIN
++#error not yet
++#define __no_const __attribute__((no_const))
++#define __do_const __attribute__((do_const))
++#endif
++
++#ifdef SIZE_OVERFLOW_PLUGIN
++#error not yet
++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__)))
++#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__)))
++#endif
++
++#ifdef LATENT_ENTROPY_PLUGIN
++#error not yet
++#define __latent_entropy __attribute__((latent_entropy))
++#endif
+
/*
* Mark a position in code as unreachable. This can be used to
#define current_cred_xxx(xxx) \
({ \
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
-index d45e949..51cf5ea 100644
+index dc34dfc..bdf9b5d 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
-@@ -373,7 +373,7 @@ struct cipher_tfm {
+@@ -386,7 +386,7 @@ struct cipher_tfm {
const u8 *key, unsigned int keylen);
void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
struct hash_tfm {
int (*init)(struct hash_desc *desc);
-@@ -394,13 +394,13 @@ struct compress_tfm {
+@@ -407,13 +407,13 @@ struct compress_tfm {
int (*cot_decompress)(struct crypto_tfm *tfm,
const u8 *src, unsigned int slen,
u8 *dst, unsigned int *dlen);
return c | 0x20;
}
diff --git a/include/linux/dcache.h b/include/linux/dcache.h
-index 1c2f1b8..c67151e 100644
+index 1c2f1b8..7b9f50c 100644
--- a/include/linux/dcache.h
+++ b/include/linux/dcache.h
-@@ -133,7 +133,7 @@ struct dentry {
+@@ -123,6 +123,9 @@ struct dentry {
+ unsigned long d_time; /* used by d_revalidate */
+ void *d_fsdata; /* fs-specific data */
+
++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
++ atomic_t chroot_refcnt; /* tracks use of directory in chroot */
++#endif
+ struct list_head d_lru; /* LRU list */
+ struct list_head d_child; /* child of parent list */
+ struct list_head d_subdirs; /* our children */
+@@ -133,7 +136,7 @@ struct dentry {
struct hlist_node d_alias; /* inode alias list */
struct rcu_head d_rcu;
} d_u;
{
diff --git a/include/linux/gracl.h b/include/linux/gracl.h
new file mode 100644
-index 0000000..edb2cb6
+index 0000000..91858e4
--- /dev/null
+++ b/include/linux/gracl.h
-@@ -0,0 +1,340 @@
+@@ -0,0 +1,342 @@
+#ifndef GR_ACL_H
+#define GR_ACL_H
+
+
+/* Major status information */
+
-+#define GR_VERSION "grsecurity 3.0"
-+#define GRSECURITY_VERSION 0x3000
++#define GR_VERSION "grsecurity 3.1"
++#define GRSECURITY_VERSION 0x3100
+
+enum {
+ GR_SHUTDOWN = 0,
+
+struct name_entry {
+ __u32 key;
-+ ino_t inode;
++ u64 inode;
+ dev_t device;
+ char *name;
+ __u16 len;
+
+struct acl_subject_label {
+ char *filename;
-+ ino_t inode;
++ u64 inode;
+ dev_t device;
+ __u32 mode;
+ kernel_cap_t cap_mask;
+
+struct acl_object_label {
+ char *filename;
-+ ino_t inode;
++ u64 inode;
+ dev_t device;
+ __u32 mode;
+
+ unsigned char sp_role[GR_SPROLE_LEN];
+ struct sprole_pw *sprole_pws;
+ dev_t segv_device;
-+ ino_t segv_inode;
++ u64 segv_inode;
+ uid_t segv_uid;
+ __u16 num_sprole_pws;
+ __u16 mode;
+}
+
+static __inline__ unsigned int
-+gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
++gr_fhash(const u64 ino, const dev_t dev, const unsigned int sz)
+{
-+ return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
++ unsigned int rem;
++ div_u64_rem((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9)), sz, &rem);
++ return rem;
+}
+
+static __inline__ unsigned int
+
diff --git a/include/linux/gracl_compat.h b/include/linux/gracl_compat.h
new file mode 100644
-index 0000000..33ebd1f
+index 0000000..af64092
--- /dev/null
+++ b/include/linux/gracl_compat.h
@@ -0,0 +1,156 @@
+
+struct acl_subject_label_compat {
+ compat_uptr_t filename;
-+ compat_ino_t inode;
++ compat_u64 inode;
+ __u32 device;
+ __u32 mode;
+ kernel_cap_t cap_mask;
+
+struct acl_object_label_compat {
+ compat_uptr_t filename;
-+ compat_ino_t inode;
++ compat_u64 inode;
+ __u32 device;
+ __u32 mode;
+
+ unsigned char sp_role[GR_SPROLE_LEN];
+ compat_uptr_t sprole_pws;
+ __u32 segv_device;
-+ compat_ino_t segv_inode;
++ compat_u64 segv_inode;
+ uid_t segv_uid;
+ __u16 num_sprole_pws;
+ __u16 mode;
+#endif
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
new file mode 100644
-index 0000000..d25522e
+index 0000000..fb1de5d
--- /dev/null
+++ b/include/linux/grinternal.h
-@@ -0,0 +1,229 @@
+@@ -0,0 +1,230 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
+
+extern int grsec_enable_chroot_nice;
+extern int grsec_enable_chroot_execlog;
+extern int grsec_enable_chroot_caps;
++extern int grsec_enable_chroot_rename;
+extern int grsec_enable_chroot_sysctl;
+extern int grsec_enable_chroot_unix;
+extern int grsec_enable_symlinkown;
+#endif
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
new file mode 100644
-index 0000000..b02ba9d
+index 0000000..26ef560
--- /dev/null
+++ b/include/linux/grmsg.h
-@@ -0,0 +1,117 @@
+@@ -0,0 +1,118 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
+#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
+#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
+#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
++#define GR_CHROOT_RENAME_MSG "denied bad rename of %.950s out of a chroot by "
+#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
+#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
+#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..c3b0738
+index 0000000..63c1850
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,244 @@
+@@ -0,0 +1,250 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
+ const struct vfsmount *parent_mnt);
+__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
+ const struct vfsmount *mnt);
-+void gr_handle_delete(const ino_t ino, const dev_t dev);
++void gr_handle_delete(const u64 ino, const dev_t dev);
+__u32 gr_acl_handle_unlink(const struct dentry *dentry,
+ const struct vfsmount *mnt);
+__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
+ const struct dentry *old_dentry,
+ const struct vfsmount *old_mnt);
+int gr_acl_handle_filldir(const struct file *file, const char *name,
-+ const unsigned int namelen, const ino_t ino);
++ const unsigned int namelen, const u64 ino);
+
+__u32 gr_acl_handle_unix(const struct dentry *dentry,
+ const struct vfsmount *mnt);
+int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
+void gr_audit_ptrace(struct task_struct *task);
+dev_t gr_get_dev_from_dentry(struct dentry *dentry);
++u64 gr_get_ino_from_dentry(struct dentry *dentry);
+void gr_put_exec_file(struct task_struct *task);
+
+int gr_ptrace_readexec(struct file *file, int unsafe_flags);
+
++void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt);
++void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt);
++int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt,
++ struct dentry *newdentry, struct vfsmount *newmnt);
++
+#ifdef CONFIG_GRKERNSEC_RESLOG
+extern void gr_log_resource(const struct task_struct *task, const int res,
+ const unsigned long wanted, const int gt);
extern struct key_type key_type_keyring;
diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
-index e465bb1..19f605f 100644
+index e465bb1..19f605fd 100644
--- a/include/linux/kgdb.h
+++ b/include/linux/kgdb.h
@@ -52,7 +52,7 @@ extern int kgdb_connected;
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
diff --git a/include/linux/libata.h b/include/linux/libata.h
-index bd5fefe..2a8a8d2 100644
+index fe0bf8d..c511ca6 100644
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
-@@ -976,7 +976,7 @@ struct ata_port_operations {
+@@ -977,7 +977,7 @@ struct ata_port_operations {
* fields must be pointers.
*/
const struct ata_port_operations *inherits;
static inline int
vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
+diff --git a/include/linux/mlx4/device.h b/include/linux/mlx4/device.h
+index 37e4404..26ebbd0 100644
+--- a/include/linux/mlx4/device.h
++++ b/include/linux/mlx4/device.h
+@@ -97,7 +97,7 @@ enum {
+ MLX4_MAX_NUM_PF = 16,
+ MLX4_MAX_NUM_VF = 64,
+ MLX4_MAX_NUM_VF_P_PORT = 64,
+- MLX4_MFUNC_MAX = 80,
++ MLX4_MFUNC_MAX = 128,
+ MLX4_MAX_EQ_NUM = 1024,
+ MLX4_MFUNC_EQ_NUM = 4,
+ MLX4_MFUNC_MAX_EQES = 8,
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index b464611..77cbfc1 100644
+index 86a977b..8122960 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -128,6 +128,11 @@ extern unsigned int kobjsize(const void *objp);
struct mmu_gather;
struct inode;
-@@ -1165,8 +1171,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
+@@ -1167,8 +1173,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
unsigned long *pfn);
int follow_phys(struct vm_area_struct *vma, unsigned long address,
unsigned int flags, unsigned long *prot, resource_size_t *phys);
static inline void unmap_shared_mapping_range(struct address_space *mapping,
loff_t const holebegin, loff_t const holelen)
-@@ -1206,9 +1212,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
+@@ -1208,9 +1214,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
}
#endif
long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
unsigned long start, unsigned long nr_pages,
-@@ -1240,34 +1246,6 @@ int set_page_dirty_lock(struct page *page);
+@@ -1242,34 +1248,6 @@ int set_page_dirty_lock(struct page *page);
int clear_page_dirty_for_io(struct page *page);
int get_cmdline(struct task_struct *task, char *buffer, int buflen);
extern struct task_struct *task_of_stack(struct task_struct *task,
struct vm_area_struct *vma, bool in_group);
-@@ -1385,8 +1363,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
+@@ -1387,8 +1365,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
{
return 0;
}
#endif
#ifdef __PAGETABLE_PMD_FOLDED
-@@ -1395,8 +1380,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
+@@ -1397,8 +1382,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
{
return 0;
}
#endif
int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
-@@ -1414,11 +1406,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
+@@ -1416,11 +1408,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
NULL: pud_offset(pgd, address);
}
#endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
#if USE_SPLIT_PTE_PTLOCKS
-@@ -1801,12 +1805,23 @@ extern struct vm_area_struct *copy_vma(struct vm_area_struct **,
+@@ -1803,12 +1807,23 @@ extern struct vm_area_struct *copy_vma(struct vm_area_struct **,
bool *need_rmap_locks);
extern void exit_mmap(struct mm_struct *);
if (rlim < RLIM_INFINITY) {
if (((new - start) + (end_data - start_data)) > rlim)
return -ENOSPC;
-@@ -1831,7 +1846,7 @@ extern int install_special_mapping(struct mm_struct *mm,
+@@ -1833,7 +1848,7 @@ extern int install_special_mapping(struct mm_struct *mm,
unsigned long addr, unsigned long len,
unsigned long flags, struct page **pages);
extern unsigned long mmap_region(struct file *file, unsigned long addr,
unsigned long len, vm_flags_t vm_flags, unsigned long pgoff);
-@@ -1839,6 +1854,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1841,6 +1856,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
unsigned long len, unsigned long prot, unsigned long flags,
unsigned long pgoff, unsigned long *populate);
extern int do_munmap(struct mm_struct *, unsigned long, size_t);
#ifdef CONFIG_MMU
extern int __mm_populate(unsigned long addr, unsigned long len,
-@@ -1867,10 +1883,11 @@ struct vm_unmapped_area_info {
+@@ -1869,10 +1885,11 @@ struct vm_unmapped_area_info {
unsigned long high_limit;
unsigned long align_mask;
unsigned long align_offset;
/*
* Search for an unmapped address range.
-@@ -1882,7 +1899,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
+@@ -1884,7 +1901,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
* - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
*/
static inline unsigned long
{
if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
return unmapped_area(info);
-@@ -1944,6 +1961,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+@@ -1946,6 +1963,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
struct vm_area_struct **pprev);
/* Look up the first VMA which intersects the interval start_addr..end_addr-1,
NULL if none. Assume start_addr < end_addr. */
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
-@@ -1973,10 +1994,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+@@ -1975,10 +1996,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
}
#ifdef CONFIG_MMU
{
return __pgprot(0);
}
-@@ -2038,6 +2059,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
+@@ -2040,6 +2061,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
static inline void vm_stat_account(struct mm_struct *mm,
unsigned long flags, struct file *file, long pages)
{
mm->total_vm += pages;
}
#endif /* CONFIG_PROC_FS */
-@@ -2126,7 +2152,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -2128,7 +2154,7 @@ extern int unpoison_memory(unsigned long pfn);
extern int sysctl_memory_failure_early_kill;
extern int sysctl_memory_failure_recovery;
extern void shake_page(struct page *p, int access);
extern int soft_offline_page(struct page *page, int flags);
#if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS)
-@@ -2161,5 +2187,11 @@ void __init setup_nr_node_ids(void);
+@@ -2163,5 +2189,11 @@ void __init setup_nr_node_ids(void);
static inline void setup_nr_node_ids(void) {}
#endif
struct iovec;
struct kvec;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 74fd5d3..86a1e4f 100644
+index 22339b4..4b4d5b3 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -1156,6 +1156,7 @@ struct net_device_ops {
- bool (*ndo_gso_check) (struct sk_buff *skb,
- struct net_device *dev);
+@@ -1160,6 +1160,7 @@ struct net_device_ops {
+ struct net_device *dev,
+ netdev_features_t features);
};
+typedef struct net_device_ops __no_const net_device_ops_no_const;
/**
* enum net_device_priv_flags - &struct net_device priv_flags
-@@ -1498,10 +1499,10 @@ struct net_device {
+@@ -1502,10 +1503,10 @@ struct net_device {
struct net_device_stats stats;
struct proc_ns {
void *ns;
diff --git a/include/linux/quota.h b/include/linux/quota.h
-index 80d345a..9e89a9a 100644
+index 224fb81..9d85c41 100644
--- a/include/linux/quota.h
+++ b/include/linux/quota.h
@@ -70,7 +70,7 @@ struct kqid { /* Type in which we store the quota identifier */
+extern atomic_unchecked_t flow_cache_genid;
#endif
+diff --git a/include/net/flow_keys.h b/include/net/flow_keys.h
+index 7ee2df0..dc8fd81 100644
+--- a/include/net/flow_keys.h
++++ b/include/net/flow_keys.h
+@@ -22,9 +22,9 @@ struct flow_keys {
+ __be32 ports;
+ __be16 port16[2];
+ };
+- u16 thoff;
+- u16 n_proto;
+- u8 ip_proto;
++ u16 thoff;
++ __be16 n_proto;
++ u8 ip_proto;
+ };
+
+ bool __skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow,
diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index af10c2c..a431cc5 100644
--- a/include/net/genetlink.h
struct rcu_head rcu;
struct inet_peer *gc_next;
diff --git a/include/net/ip.h b/include/net/ip.h
-index 0bb6207..a8878af 100644
+index 0bb6207..1f38247 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
-@@ -316,7 +316,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb)
+@@ -39,11 +39,12 @@ struct inet_skb_parm {
+ struct ip_options opt; /* Compiled IP options */
+ unsigned char flags;
+
+-#define IPSKB_FORWARDED 1
+-#define IPSKB_XFRM_TUNNEL_SIZE 2
+-#define IPSKB_XFRM_TRANSFORMED 4
+-#define IPSKB_FRAG_COMPLETE 8
+-#define IPSKB_REROUTED 16
++#define IPSKB_FORWARDED BIT(0)
++#define IPSKB_XFRM_TUNNEL_SIZE BIT(1)
++#define IPSKB_XFRM_TRANSFORMED BIT(2)
++#define IPSKB_FRAG_COMPLETE BIT(3)
++#define IPSKB_REROUTED BIT(4)
++#define IPSKB_DOREDIRECT BIT(5)
+
+ u16 frag_max_size;
+ };
+@@ -316,7 +317,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb)
}
}
/* ip_vs_est */
struct list_head est_list; /* estimator list */
spinlock_t est_lock;
+diff --git a/include/net/ipv6.h b/include/net/ipv6.h
+index 4292929..7e21d2e 100644
+--- a/include/net/ipv6.h
++++ b/include/net/ipv6.h
+@@ -708,7 +708,7 @@ static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
+ __be32 flowlabel, bool autolabel)
+ {
+ if (!flowlabel && (autolabel || net->ipv6.sysctl.auto_flowlabels)) {
+- __be32 hash;
++ u32 hash;
+
+ hash = skb_get_hash(skb);
+
+@@ -718,7 +718,7 @@ static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
+ */
+ hash ^= hash >> 12;
+
+- flowlabel = hash & IPV6_FLOWLABEL_MASK;
++ flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK;
+ }
+
+ return flowlabel;
diff --git a/include/net/irda/ircomm_tty.h b/include/net/irda/ircomm_tty.h
index 8d4f588..2e37ad2 100644
--- a/include/net/irda/ircomm_tty.h
struct llc_sap_state {
u8 curr_state;
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
-index 0ad1f47..aaea45b 100644
+index a9de1da..df72057 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
-@@ -4648,7 +4648,7 @@ struct rate_control_ops {
+@@ -4645,7 +4645,7 @@ struct rate_control_ops {
void (*remove_sta_debugfs)(void *priv, void *priv_sta);
u32 (*get_expected_throughput)(void *priv_sta);
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 1cd5eef..e8b5af9 100644
+index 2ab0238..bf89262f5 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -170,8 +170,15 @@ static struct srcu_struct pmus_srcu;
pagefault_disable();
result = __copy_from_user_inatomic(&opcode, (void __user*)vaddr,
diff --git a/kernel/exit.c b/kernel/exit.c
-index 5d30019..934add5 100644
+index 2116aac..d95df2a 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -174,6 +174,10 @@ void release_task(struct task_struct *p)
goto out_put_task_struct;
}
+diff --git a/kernel/range.c b/kernel/range.c
+index 322ea8e..82cfc28 100644
+--- a/kernel/range.c
++++ b/kernel/range.c
+@@ -113,12 +113,12 @@ static int cmp_range(const void *x1, const void *x2)
+ {
+ const struct range *r1 = x1;
+ const struct range *r2 = x2;
+- s64 start1, start2;
+
+- start1 = r1->start;
+- start2 = r2->start;
+-
+- return start1 - start2;
++ if (r1->start < r2->start)
++ return -1;
++ if (r1->start > r2->start)
++ return 1;
++ return 0;
+ }
+
+ int clean_sort_range(struct range *range, int az)
diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c
index 240fa90..5fa56bd 100644
--- a/kernel/rcu/rcutorture.c
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 89e7283..072bc26 100644
+index efdca2f..e361dfb 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
-@@ -1885,7 +1885,7 @@ void set_numabalancing_state(bool enabled)
+@@ -1890,7 +1890,7 @@ void set_numabalancing_state(bool enabled)
int sysctl_numa_balancing(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
int err;
int state = numabalancing_enabled;
-@@ -2348,8 +2348,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
+@@ -2353,8 +2353,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
next->active_mm = oldmm;
atomic_inc(&oldmm->mm_count);
enter_lazy_tlb(oldmm, next);
if (!prev->mm) {
prev->active_mm = NULL;
-@@ -3160,6 +3162,8 @@ int can_nice(const struct task_struct *p, const int nice)
+@@ -3165,6 +3167,8 @@ int can_nice(const struct task_struct *p, const int nice)
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = nice_to_rlimit(nice);
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
capable(CAP_SYS_NICE));
}
-@@ -3186,7 +3190,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3191,7 +3195,8 @@ SYSCALL_DEFINE1(nice, int, increment)
nice = task_nice(current) + increment;
nice = clamp_val(nice, MIN_NICE, MAX_NICE);
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -3465,6 +3470,7 @@ recheck:
+@@ -3470,6 +3475,7 @@ recheck:
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
/* can't increase priority */
if (attr->sched_priority > p->rt_priority &&
attr->sched_priority > rlim_rtprio)
-@@ -4885,6 +4891,7 @@ void idle_task_exit(void)
+@@ -4890,6 +4896,7 @@ void idle_task_exit(void)
if (mm != &init_mm) {
switch_mm(mm, &init_mm, current);
finish_arch_post_lock_switch();
}
mmdrop(mm);
-@@ -4980,7 +4987,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -4985,7 +4992,7 @@ static void migrate_tasks(unsigned int dead_cpu)
#if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
{
.procname = "sched_domain",
.mode = 0555,
-@@ -4997,17 +5004,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -5002,17 +5009,17 @@ static struct ctl_table sd_ctl_root[] = {
{}
};
/*
* In the intermediate directories, both the child directory and
-@@ -5015,22 +5022,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -5020,22 +5027,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
* will always be set. In the lowest directory the names are
* static strings and all have proc handlers.
*/
const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler,
bool load_idx)
-@@ -5050,7 +5060,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -5055,7 +5065,7 @@ set_table_entry(struct ctl_table *entry,
static struct ctl_table *
sd_alloc_ctl_domain_table(struct sched_domain *sd)
{
if (table == NULL)
return NULL;
-@@ -5088,9 +5098,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -5093,9 +5103,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return table;
}
struct sched_domain *sd;
int domain_num = 0, i;
char buf[32];
-@@ -5117,11 +5127,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5122,11 +5132,13 @@ static struct ctl_table_header *sd_sysctl_header;
static void register_sched_domain_sysctl(void)
{
int i, cpu_num = num_possible_cpus();
if (entry == NULL)
return;
-@@ -5144,8 +5156,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5149,8 +5161,12 @@ static void unregister_sched_domain_sysctl(void)
if (sd_sysctl_header)
unregister_sysctl_table(sd_sysctl_header);
sd_sysctl_header = NULL;
static inline void put_prev_task(struct rq *rq, struct task_struct *prev)
{
+diff --git a/kernel/seccomp.c b/kernel/seccomp.c
+index 4ef9687..4f44028 100644
+--- a/kernel/seccomp.c
++++ b/kernel/seccomp.c
+@@ -629,7 +629,9 @@ static u32 __seccomp_phase1_filter(int this_syscall, struct seccomp_data *sd)
+
+ switch (action) {
+ case SECCOMP_RET_ERRNO:
+- /* Set the low-order 16-bits as a errno. */
++ /* Set low-order bits as an errno, capped at MAX_ERRNO. */
++ if (data > MAX_ERRNO)
++ data = MAX_ERRNO;
+ syscall_set_return_value(current, task_pt_regs(current),
+ -data, 0);
+ goto skip;
diff --git a/kernel/signal.c b/kernel/signal.c
index 8f0876f..1153a5a 100644
--- a/kernel/signal.c
set_fs(seg);
if (ret >= 0 && uoss_ptr) {
diff --git a/kernel/smpboot.c b/kernel/smpboot.c
-index eb89e18..a4e6792 100644
+index 60d35ac5..59d289f 100644
--- a/kernel/smpboot.c
+++ b/kernel/smpboot.c
-@@ -288,7 +288,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread)
+@@ -289,7 +289,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread)
}
smpboot_unpark_thread(plug_thread, cpu);
}
+ pax_list_add(&plug_thread->list, &hotplug_threads);
out:
mutex_unlock(&smpboot_threads_lock);
- return ret;
-@@ -305,7 +305,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
+ put_online_cpus();
+@@ -307,7 +307,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
{
get_online_cpus();
mutex_lock(&smpboot_threads_lock);
.clock_get = alarm_clock_get,
.timer_create = alarm_timer_create,
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
-index 37e50aa..57a9501 100644
+index d8c724c..6b331a4 100644
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
@@ -1399,7 +1399,7 @@ void hrtimer_peek_ahead_timers(void)
}
diff --git a/kernel/time/time.c b/kernel/time/time.c
-index a9ae20f..d3fbde7 100644
+index 22d5d3b..70caeb2 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -173,6 +173,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
ret = -EIO;
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 31c90fe..051ce98 100644
+index 124e2c7..762ca29 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -2183,12 +2183,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
}
/*
-@@ -4492,8 +4497,10 @@ static int ftrace_process_locs(struct module *mod,
+@@ -4529,8 +4534,10 @@ static int ftrace_process_locs(struct module *mod,
if (!count)
return 0;
start_pg = ftrace_allocate_pages(count);
if (!start_pg)
-@@ -5340,7 +5347,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list)
+@@ -5377,7 +5384,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list)
if (t->ret_stack == NULL) {
atomic_set(&t->tracing_graph_pause, 0);
t->curr_ret_stack = -1;
/* Make sure the tasks see the -1 first: */
smp_wmb();
-@@ -5553,7 +5560,7 @@ static void
+@@ -5590,7 +5597,7 @@ static void
graph_init_task(struct task_struct *t, struct ftrace_ret_stack *ret_stack)
{
atomic_set(&t->tracing_graph_pause, 0);
.thread_should_run = watchdog_should_run,
.thread_fn = watchdog,
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
-index 09b685d..d3565e3 100644
+index 66940a5..a44fed0 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
-@@ -4508,7 +4508,7 @@ static void rebind_workers(struct worker_pool *pool)
+@@ -4499,7 +4499,7 @@ static void rebind_workers(struct worker_pool *pool)
WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
worker_flags |= WORKER_REBOUND;
worker_flags &= ~WORKER_UNBOUND;
bdi_destroy(bdi);
return err;
diff --git a/mm/filemap.c b/mm/filemap.c
-index 14b4642..d71ba82 100644
+index 37beab9..2c55a85 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
-@@ -2101,7 +2101,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
+@@ -2097,7 +2097,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
struct address_space *mapping = file->f_mapping;
if (!mapping->a_ops->readpage)
file_accessed(file);
vma->vm_ops = &generic_file_vm_ops;
return 0;
-@@ -2279,6 +2279,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
+@@ -2275,6 +2275,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
*pos = i_size_read(inode);
if (limit != RLIM_INFINITY) {
* Make sure the vma is shared, that it supports prefaulting,
* and that the remapped range is valid and fully within
diff --git a/mm/gup.c b/mm/gup.c
-index cd62c8c..3bb2053 100644
+index a0d57ec..79d469ce 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -274,11 +274,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma,
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index d5f2ae9..4d678b2 100644
+index d442584..0600e22 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2218,6 +2425,12 @@ gotten:
+@@ -2225,6 +2432,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2271,6 +2484,10 @@ gotten:
+@@ -2278,6 +2491,10 @@ gotten:
page_remove_rmap(old_page);
}
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -2545,6 +2762,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2552,6 +2769,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
unlock_page(page);
if (page != swapcache) {
/*
-@@ -2568,6 +2790,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2575,6 +2797,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -2587,40 +2814,6 @@ out_release:
+@@ -2594,40 +2821,6 @@ out_release:
}
/*
- if (prev && prev->vm_end == address)
- return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM;
-
-- expand_downwards(vma, address - PAGE_SIZE);
+- return expand_downwards(vma, address - PAGE_SIZE);
- }
- if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) {
- struct vm_area_struct *next = vma->vm_next;
- if (next && next->vm_start == address + PAGE_SIZE)
- return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM;
-
-- expand_upwards(vma, address + PAGE_SIZE);
+- return expand_upwards(vma, address + PAGE_SIZE);
- }
- return 0;
-}
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -2630,27 +2823,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2637,27 +2830,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned int flags)
{
struct mem_cgroup *memcg;
-
- /* Check if we need to add a guard page to the stack */
- if (check_stack_guard_page(vma, address) < 0)
-- return VM_FAULT_SIGBUS;
+- return VM_FAULT_SIGSEGV;
-
- /* Use the zero-page for reads */
if (!(flags & FAULT_FLAG_WRITE)) {
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -2674,6 +2863,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2681,6 +2870,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
mem_cgroup_commit_charge(page, memcg, false);
-@@ -2683,6 +2877,12 @@ setpte:
+@@ -2690,6 +2884,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -2913,6 +3113,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2920,6 +3120,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
return ret;
}
do_set_pte(vma, address, fault_page, pte, false, false);
unlock_page(fault_page);
unlock_out:
pte_unmap_unlock(pte, ptl);
-@@ -2955,7 +3160,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2962,7 +3167,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
page_cache_release(fault_page);
goto uncharge_out;
}
mem_cgroup_commit_charge(new_page, memcg, false);
lru_cache_add_active_or_unevictable(new_page, vma);
pte_unmap_unlock(pte, ptl);
-@@ -3005,6 +3221,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3012,6 +3228,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
return ret;
}
do_set_pte(vma, address, fault_page, pte, true, false);
pte_unmap_unlock(pte, ptl);
if (set_page_dirty(fault_page))
-@@ -3246,6 +3467,12 @@ static int handle_pte_fault(struct mm_struct *mm,
+@@ -3253,6 +3474,12 @@ static int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3265,9 +3492,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3272,9 +3499,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3401,6 +3660,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3408,6 +3667,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3431,6 +3707,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3438,6 +3714,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
#endif /* __PAGETABLE_PMD_FOLDED */
static int __follow_pte(struct mm_struct *mm, unsigned long address,
-@@ -3540,8 +3840,8 @@ out:
+@@ -3547,8 +3847,8 @@ out:
return ret;
}
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -3567,8 +3867,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
+@@ -3574,8 +3874,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -3576,7 +3876,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3583,7 +3883,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
void *maddr;
struct page *page = NULL;
-@@ -3637,8 +3937,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3644,8 +3944,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -3648,11 +3948,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -3655,11 +3955,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index ae91989..d8308c7 100644
+index 1620adb..6b35ac8 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -41,6 +41,7 @@
/*
* Make sure vm_committed_as in one cacheline and not cacheline shared with
* other variables. It can be updated by several CPUs frequently.
+@@ -152,7 +173,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed);
+ */
+ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
+ {
+- unsigned long free, allowed, reserve;
++ long free, allowed, reserve;
+
+ VM_WARN_ONCE(percpu_counter_read(&vm_committed_as) <
+ -(s64)vm_committed_as_batch * num_online_cpus(),
+@@ -220,7 +241,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
+ */
+ if (mm) {
+ reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
+- allowed -= min(mm->total_vm / 32, reserve);
++ allowed -= min_t(long, mm->total_vm / 32, reserve);
+ }
+
+ if (percpu_counter_read_positive(&vm_committed_as) < allowed)
@@ -274,6 +295,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
struct vm_area_struct *next = vma->vm_next;
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -2106,6 +2412,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
- return -ENOMEM;
+@@ -2107,8 +2413,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
/* Stack limit test */
-+ gr_learn_resource(current, RLIMIT_STACK, size, 1);
- if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
+ actual_size = size;
+- if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN)))
+- actual_size -= PAGE_SIZE;
++ gr_learn_resource(current, RLIMIT_STACK, actual_size, 1);
+ if (actual_size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -2116,6 +2423,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2119,6 +2424,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
locked = mm->locked_vm + grow;
limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -2145,37 +2453,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2148,37 +2454,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -2210,6 +2529,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+@@ -2213,6 +2530,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
}
}
}
vma_unlock_anon_vma(vma);
khugepaged_enter_vma_merge(vma, vma->vm_flags);
validate_mm(vma->vm_mm);
-@@ -2224,6 +2545,8 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2227,6 +2546,8 @@ int expand_downwards(struct vm_area_struct *vma,
unsigned long address)
{
int error;
/*
* We must make sure the anon_vma is allocated
-@@ -2237,6 +2560,15 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2240,6 +2561,15 @@ int expand_downwards(struct vm_area_struct *vma,
if (error)
return error;
vma_lock_anon_vma(vma);
/*
-@@ -2246,9 +2578,17 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2249,9 +2579,17 @@ int expand_downwards(struct vm_area_struct *vma,
*/
/* Somebody else might have raced and expanded it already */
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -2273,13 +2613,27 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2276,13 +2614,27 @@ int expand_downwards(struct vm_area_struct *vma,
vma->vm_pgoff -= grow;
anon_vma_interval_tree_post_update_vma(vma);
vma_gap_update(vma);
khugepaged_enter_vma_merge(vma, vma->vm_flags);
validate_mm(vma->vm_mm);
return error;
-@@ -2377,6 +2731,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2380,6 +2732,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
do {
long nrpages = vma_pages(vma);
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
-@@ -2421,6 +2782,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2424,6 +2783,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
do {
vma_rb_erase(vma, &mm->mm_rb);
mm->map_count--;
tail_vma = vma;
-@@ -2448,14 +2819,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2451,14 +2820,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
struct vm_area_struct *new;
int err = -ENOMEM;
/* most fields are the same, copy all, and then fixup */
*new = *vma;
-@@ -2468,6 +2858,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2471,6 +2859,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
}
err = vma_dup_policy(vma, new);
if (err)
goto out_free_vma;
-@@ -2488,6 +2894,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2491,6 +2895,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
else
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
/* Success. */
if (!err)
return 0;
-@@ -2497,10 +2935,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2500,10 +2936,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
new->vm_ops->close(new);
if (new->vm_file)
fput(new->vm_file);
kmem_cache_free(vm_area_cachep, new);
out_err:
return err;
-@@ -2513,6 +2959,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2516,6 +2960,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, int new_below)
{
if (mm->map_count >= sysctl_max_map_count)
return -ENOMEM;
-@@ -2524,11 +2979,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2527,11 +2980,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
return -EINVAL;
-@@ -2604,6 +3078,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+@@ -2607,6 +3079,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
/* Fix up all other VM information */
remove_vma_list(mm, vma);
return 0;
}
-@@ -2612,6 +3088,13 @@ int vm_munmap(unsigned long start, size_t len)
+@@ -2615,6 +3089,13 @@ int vm_munmap(unsigned long start, size_t len)
int ret;
struct mm_struct *mm = current->mm;
down_write(&mm->mmap_sem);
ret = do_munmap(mm, start, len);
up_write(&mm->mmap_sem);
-@@ -2625,16 +3108,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
+@@ -2628,16 +3109,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
return vm_munmap(addr, len);
}
/*
* this is really a simplified "do_mmap". it only handles
* anonymous maps. eventually we may be able to do some
-@@ -2648,6 +3121,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2651,6 +3122,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
struct rb_node **rb_link, *rb_parent;
pgoff_t pgoff = addr >> PAGE_SHIFT;
int error;
len = PAGE_ALIGN(len);
if (!len)
-@@ -2655,10 +3129,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2658,10 +3130,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
error = mlock_future_check(mm, mm->def_flags, len);
if (error)
return error;
-@@ -2672,21 +3160,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2675,21 +3161,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
/*
* Clear old maps. this also does some error checking for us
*/
return -ENOMEM;
/* Can we just expand an old private anonymous mapping? */
-@@ -2700,7 +3187,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2703,7 +3188,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
*/
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
if (!vma) {
return -ENOMEM;
}
-@@ -2714,10 +3201,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2717,10 +3202,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
vma_link(mm, vma, prev, rb_link, rb_parent);
out:
perf_event_mmap(vma);
return addr;
}
-@@ -2779,6 +3267,7 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2782,6 +3268,7 @@ void exit_mmap(struct mm_struct *mm)
while (vma) {
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += vma_pages(vma);
vma = remove_vma(vma);
}
vm_unacct_memory(nr_accounted);
-@@ -2796,6 +3285,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2799,6 +3286,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
struct vm_area_struct *prev;
struct rb_node **rb_link, *rb_parent;
/*
* The vm_pgoff of a purely anonymous vma should be irrelevant
* until its first write fault, when page's anon_vma and index
-@@ -2819,7 +3315,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2822,7 +3316,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
return 0;
}
-@@ -2838,6 +3348,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2841,6 +3349,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct rb_node **rb_link, *rb_parent;
bool faulted_in_anon_vma = true;
/*
* If anonymous vma has not yet been faulted, update new pgoff
* to match new location, to increase its chance of merging.
-@@ -2902,6 +3414,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2905,6 +3415,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
return NULL;
}
/*
* Return true if the calling process may expand its vm space by the passed
* number of pages
-@@ -2913,6 +3458,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
+@@ -2916,6 +3459,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
if (cur + npages > lim)
return 0;
return 1;
-@@ -2995,6 +3541,22 @@ static struct vm_area_struct *__install_special_mapping(
+@@ -2998,6 +3542,22 @@ static struct vm_area_struct *__install_special_mapping(
vma->vm_start = addr;
vma->vm_end = addr + len;
if (nstart < prev->vm_end)
diff --git a/mm/mremap.c b/mm/mremap.c
-index b147f66..98a695a 100644
+index b147f66..98a695ab 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -144,6 +144,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
out:
if (ret & ~PAGE_MASK)
diff --git a/mm/nommu.c b/mm/nommu.c
-index bd1808e..b63d87c 100644
+index bd1808e..22cbc6a 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -70,7 +70,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
*region = *vma->vm_region;
new->vm_region = region;
+@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range);
+ */
+ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
+ {
+- unsigned long free, allowed, reserve;
++ long free, allowed, reserve;
+
+ vm_acct_memory(pages);
+
+@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
+ */
+ if (mm) {
+ reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
+- allowed -= min(mm->total_vm / 32, reserve);
++ allowed -= min_t(long, mm->total_vm / 32, reserve);
+ }
+
+ if (percpu_counter_read_positive(&vm_committed_as) < allowed)
@@ -2002,8 +1993,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
}
EXPORT_SYMBOL(generic_file_remap_pages);
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 19ceae8..70848ee 100644
+index 437174a..8b86707 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -664,7 +664,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
/*
diff --git a/mm/shmem.c b/mm/shmem.c
-index 185836b..d7255a1 100644
+index 0b4ba55..bcef4ae 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -33,7 +33,7 @@
if (ogm_packet->flags & BATADV_DIRECTLINK)
has_directlink_flag = true;
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
-index fc1835c..42f2c2f 100644
+index 00f9e14..e1c7203 100644
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
-@@ -251,7 +251,7 @@ batadv_frag_merge_packets(struct hlist_head *chain, struct sk_buff *skb)
- kfree(entry);
-
- /* Make room for the rest of the fragments. */
-- if (pskb_expand_head(skb_out, 0, size - skb->len, GFP_ATOMIC) < 0) {
-+ if (pskb_expand_head(skb_out, 0, size - skb_out->len, GFP_ATOMIC) < 0) {
- kfree_skb(skb_out);
- skb_out = NULL;
- goto free;
@@ -450,7 +450,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
frag_header.packet_type = BATADV_UNICAST_FRAG;
frag_header.version = BATADV_COMPAT_VERSION;
atomic_t batman_queue_left;
char num_ifaces;
diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
-index c2e0d14..bfa852b 100644
+index cfbb39e..0bbfc9d 100644
--- a/net/bluetooth/6lowpan.c
+++ b/net/bluetooth/6lowpan.c
@@ -367,7 +367,6 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev,
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 945bbd0..8b1a370 100644
+index 8440968..e14d2b7 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1683,14 +1683,14 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2985,7 +2985,7 @@ recursion_alert:
+@@ -2994,7 +2994,7 @@ recursion_alert:
drop:
rcu_read_unlock_bh();
kfree_skb_list(skb);
return rc;
out:
-@@ -3328,7 +3328,7 @@ enqueue:
+@@ -3337,7 +3337,7 @@ enqueue:
local_irq_restore(flags);
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -3405,7 +3405,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -3414,7 +3414,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
{
struct softnet_data *sd = this_cpu_ptr(&softnet_data);
-@@ -3738,7 +3738,7 @@ ncls:
+@@ -3747,7 +3747,7 @@ ncls:
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
drop:
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -4502,7 +4502,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -4511,7 +4511,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
{
struct softnet_data *sd = this_cpu_ptr(&softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -6548,8 +6548,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5247,7 +5247,7 @@ void netdev_upper_dev_unlink(struct net_device *dev,
+ }
+ EXPORT_SYMBOL(netdev_upper_dev_unlink);
+
+-void netdev_adjacent_add_links(struct net_device *dev)
++static void netdev_adjacent_add_links(struct net_device *dev)
+ {
+ struct netdev_adjacent *iter;
+
+@@ -5272,7 +5272,7 @@ void netdev_adjacent_add_links(struct net_device *dev)
+ }
+ }
+
+-void netdev_adjacent_del_links(struct net_device *dev)
++static void netdev_adjacent_del_links(struct net_device *dev)
+ {
+ struct netdev_adjacent *iter;
+
+@@ -6557,8 +6557,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
return storage;
}
EXPORT_SYMBOL(dev_get_stats);
+@@ -6574,7 +6574,7 @@ struct netdev_queue *dev_ingress_queue_create(struct net_device *dev)
+ if (!queue)
+ return NULL;
+ netdev_init_one_queue(dev, queue, NULL);
+- queue->qdisc = &noop_qdisc;
++ RCU_INIT_POINTER(queue->qdisc, &noop_qdisc);
+ queue->qdisc_sleeping = &noop_qdisc;
+ rcu_assign_pointer(dev->ingress_queue, queue);
+ #endif
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 72e899a..79a9409 100644
--- a/net/core/dev_ioctl.c
fp->len = fprog->len;
/* Since unattached filters are not copied back to user
diff --git a/net/core/flow.c b/net/core/flow.c
-index a0348fd..6951c76 100644
+index a0348fd..340f65d 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -65,7 +65,7 @@ static void flow_cache_new_hashrnd(unsigned long arg)
if (!IS_ERR(flo))
fle->object = flo;
else
+@@ -379,7 +379,7 @@ done:
+ static void flow_cache_flush_task(struct work_struct *work)
+ {
+ struct netns_xfrm *xfrm = container_of(work, struct netns_xfrm,
+- flow_cache_gc_work);
++ flow_cache_flush_work);
+ struct net *net = container_of(xfrm, struct net, xfrm);
+
+ flow_cache_flush(net);
diff --git a/net/core/iovec.c b/net/core/iovec.c
index e1ec45a..e5c6f16 100644
--- a/net/core/iovec.c
{
struct socket *sock;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index 32e31c2..e981248 100644
+index d7543d0..ff96aec 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2025,7 +2025,7 @@ EXPORT_SYMBOL(__skb_checksum);
p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW;
p->rate_tokens = 0;
/* 60*HZ is arbitrary, but chosen enough high so that the first
+diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
+index 3a83ce5..787b3c2 100644
+--- a/net/ipv4/ip_forward.c
++++ b/net/ipv4/ip_forward.c
+@@ -129,7 +129,8 @@ int ip_forward(struct sk_buff *skb)
+ * We now generate an ICMP HOST REDIRECT giving the route
+ * we calculated.
+ */
+- if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb_sec_path(skb))
++ if (IPCB(skb)->flags & IPSKB_DOREDIRECT && !opt->srr &&
++ !skb_sec_path(skb))
+ ip_rt_send_redirect(skb);
+
+ skb->priority = rt_tos2priority(iph->tos);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 2811cc1..ad5a534 100644
--- a/net/ipv4/ip_fragment.c
return -ENOMEM;
}
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
-index 12055fd..df852c4 100644
+index 69aaf0a..8298c029 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -115,7 +115,7 @@ static bool log_ecn_error = true;
static int ipgre_tunnel_init(struct net_device *dev);
static int ipgre_net_id __read_mostly;
-@@ -815,7 +815,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
+@@ -816,7 +816,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
[IFLA_GRE_ENCAP_DPORT] = { .type = NLA_U16 },
};
.kind = "gre",
.maxtype = IFLA_GRE_MAX,
.policy = ipgre_policy,
-@@ -829,7 +829,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
+@@ -830,7 +830,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
.fill_info = ipgre_fill_info,
};
icmp_send(skb, ICMP_DEST_UNREACH,
ICMP_PROT_UNREACH, 0);
}
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
+index bc6471d..c5e8a0c 100644
+--- a/net/ipv4/ip_output.c
++++ b/net/ipv4/ip_output.c
+@@ -1517,6 +1517,7 @@ static DEFINE_PER_CPU(struct inet_sock, unicast_sock) = {
+ .sk_wmem_alloc = ATOMIC_INIT(1),
+ .sk_allocation = GFP_ATOMIC,
+ .sk_flags = (1UL << SOCK_USE_WRITE_QUEUE),
++ .sk_pacing_rate = ~0U,
+ },
+ .pmtudisc = IP_PMTUDISC_WANT,
+ .uc_ttl = -1,
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 9daf217..dc6972d 100644
+index 9daf217..373d454 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
-@@ -1177,7 +1177,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -443,15 +443,12 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
+
+ memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
+ sin = &errhdr.offender;
+- sin->sin_family = AF_UNSPEC;
++ memset(sin, 0, sizeof(*sin));
++
+ if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) {
+- struct inet_sock *inet = inet_sk(sk);
+-
+ sin->sin_family = AF_INET;
+ sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
+- sin->sin_port = 0;
+- memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
+- if (inet->cmsg_flags)
++ if (inet_sk(sk)->cmsg_flags)
+ ip_cmsg_recv(msg, skb);
+ }
+
+@@ -1177,7 +1174,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
len = min_t(unsigned int, len, opt->optlen);
if (put_user(len, optlen))
return -EFAULT;
return -EFAULT;
return 0;
}
-@@ -1308,7 +1309,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -1308,7 +1306,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
if (sk->sk_type != SOCK_STREAM)
return -ENOPROTOOPT;
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 5d740cc..b2842b9 100644
+index 5d740cc..22c8e65 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1105,7 +1105,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -965,8 +965,11 @@ void ping_rcv(struct sk_buff *skb)
+
+ sk = ping_lookup(net, skb, ntohs(icmph->un.echo.id));
+ if (sk != NULL) {
++ struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
++
+ pr_debug("rcv on socket %p\n", sk);
+- ping_queue_rcv_skb(sk, skb_get(skb));
++ if (skb2)
++ ping_queue_rcv_skb(sk, skb2);
+ sock_put(sk);
+ return;
+ }
+@@ -1105,7 +1108,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index 6a2155b..d426880 100644
+index 6a2155b..47de388 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = {
}
EXPORT_SYMBOL(ip_idents_reserve);
-@@ -2624,34 +2624,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
+@@ -1554,11 +1554,10 @@ static int __mkroute_input(struct sk_buff *skb,
+
+ do_cache = res->fi && !itag;
+ if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
++ skb->protocol == htons(ETH_P_IP) &&
+ (IN_DEV_SHARED_MEDIA(out_dev) ||
+- inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) {
+- flags |= RTCF_DOREDIRECT;
+- do_cache = false;
+- }
++ inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
++ IPCB(skb)->flags |= IPSKB_DOREDIRECT;
+
+ if (skb->protocol != htons(ETH_P_IP)) {
+ /* Not IP (i.e. ARP). Do not create route, if it is
+@@ -2303,6 +2302,8 @@ static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
+ r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED;
+ if (rt->rt_flags & RTCF_NOTIFY)
+ r->rtm_flags |= RTM_F_NOTIFY;
++ if (IPCB(skb)->flags & IPSKB_DOREDIRECT)
++ r->rtm_flags |= RTCF_DOREDIRECT;
+
+ if (nla_put_be32(skb, RTA_DST, dst))
+ goto nla_put_failure;
+@@ -2624,34 +2625,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
.maxlen = sizeof(int),
.mode = 0200,
.proc_handler = ipv4_sysctl_rtcache_flush,
err_dup:
return -ENOMEM;
}
-@@ -2674,8 +2674,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2674,8 +2675,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
static __net_init int rt_genid_init(struct net *net)
{
get_random_bytes(&net->ipv4.dev_addr_genid,
sizeof(net->ipv4.dev_addr_genid));
return 0;
-@@ -2718,11 +2718,7 @@ int __init ip_rt_init(void)
+@@ -2718,11 +2719,7 @@ int __init ip_rt_init(void)
{
int rc = 0;
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 0169ccf..50d7b04 100644
+index 0169ccf..6f14338 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -171,7 +171,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
head = &net->dev_index_head[h];
-@@ -4788,7 +4795,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4536,6 +4543,22 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
+ return 0;
+ }
+
++static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = {
++ [IFLA_INET6_ADDR_GEN_MODE] = { .type = NLA_U8 },
++ [IFLA_INET6_TOKEN] = { .len = sizeof(struct in6_addr) },
++};
++
++static int inet6_validate_link_af(const struct net_device *dev,
++ const struct nlattr *nla)
++{
++ struct nlattr *tb[IFLA_INET6_MAX + 1];
++
++ if (dev && !__in6_dev_get(dev))
++ return -EAFNOSUPPORT;
++
++ return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy);
++}
++
+ static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
+ {
+ int err = -EINVAL;
+@@ -4788,7 +4811,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
rt_genid_bump_ipv6(net);
break;
}
}
static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
-@@ -4808,7 +4815,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+@@ -4808,7 +4831,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
int ret;
/*
-@@ -4893,7 +4900,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+@@ -4893,7 +4916,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
int ret;
/*
+@@ -5351,6 +5374,7 @@ static struct rtnl_af_ops inet6_ops = {
+ .family = AF_INET6,
+ .fill_link_af = inet6_fill_link_af,
+ .get_link_af_size = inet6_get_link_af_size,
++ .validate_link_af = inet6_validate_link_af,
+ .set_link_af = inet6_set_link_af,
+ };
+
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index e8c4400..a4cd5da 100644
--- a/net/ipv6/af_inet6.c
err = ipv6_init_mibs(net);
if (err)
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
-index 2cdc383..09cffb8 100644
+index 2cdc383..4f1b785 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
-@@ -928,5 +928,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp,
+@@ -383,11 +383,10 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
+
+ memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
+ sin = &errhdr.offender;
+- sin->sin6_family = AF_UNSPEC;
++ memset(sin, 0, sizeof(*sin));
++
+ if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL) {
+ sin->sin6_family = AF_INET6;
+- sin->sin6_flowinfo = 0;
+- sin->sin6_port = 0;
+ if (np->rxopt.all)
+ ip6_datagram_recv_common_ctl(sk, msg, skb);
+ if (skb->protocol == htons(ETH_P_IPV6)) {
+@@ -398,12 +397,9 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
+ ipv6_iface_scope_id(&sin->sin6_addr,
+ IP6CB(skb)->iif);
+ } else {
+- struct inet_sock *inet = inet_sk(sk);
+-
+ ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr,
+ &sin->sin6_addr);
+- sin->sin6_scope_id = 0;
+- if (inet->cmsg_flags)
++ if (inet_sk(sk)->cmsg_flags)
+ ip_cmsg_recv(msg, skb);
+ }
+ }
+@@ -928,5 +924,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp,
0,
sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
return new;
}
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index 0e32d2e..98cbe65 100644
+index 0e32d2e..dd45cdc 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -71,8 +71,8 @@ struct ip6gre_net {
static int ip6gre_tunnel_init(struct net_device *dev);
static void ip6gre_tunnel_setup(struct net_device *dev);
static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
+@@ -417,7 +417,7 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ if (code == ICMPV6_HDR_FIELD)
+ teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data);
+
+- if (teli && teli == info - 2) {
++ if (teli && teli == be32_to_cpu(info) - 2) {
+ tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
+ if (tel->encap_limit == 0) {
+ net_warn_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n",
+@@ -429,7 +429,7 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ }
+ break;
+ case ICMPV6_PKT_TOOBIG:
+- mtu = info - offset;
++ mtu = be32_to_cpu(info) - offset;
+ if (mtu < IPV6_MIN_MTU)
+ mtu = IPV6_MIN_MTU;
+ t->dev->mtu = mtu;
@@ -1289,7 +1289,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
}
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index a318dd89..7ecfea6 100644
+index a318dd89..42a612c 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -2965,7 +2965,7 @@ struct ctl_table ipv6_route_table_template[] = {
+@@ -1150,12 +1150,9 @@ static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
+ struct net *net = dev_net(dst->dev);
+
+ rt6->rt6i_flags |= RTF_MODIFIED;
+- if (mtu < IPV6_MIN_MTU) {
+- u32 features = dst_metric(dst, RTAX_FEATURES);
++ if (mtu < IPV6_MIN_MTU)
+ mtu = IPV6_MIN_MTU;
+- features |= RTAX_FEATURE_ALLFRAG;
+- dst_metric_set(dst, RTAX_FEATURES, features);
+- }
++
+ dst_metric_set(dst, RTAX_MTU, mtu);
+ rt6_update_expires(rt6, net->ipv6.sysctl.ip6_rt_mtu_expires);
+ }
+@@ -2965,7 +2962,7 @@ struct ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
{
table = kmemdup(ipv6_route_table_template,
sizeof(ipv6_route_table_template),
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
-index a24557a..00a9ed1 100644
+index a24557a..ade77d3 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
static int sit_net_id __read_mostly;
struct sit_net {
+@@ -1505,12 +1505,12 @@ static bool ipip6_netlink_encap_parms(struct nlattr *data[],
+
+ if (data[IFLA_IPTUN_ENCAP_SPORT]) {
+ ret = true;
+- ipencap->sport = nla_get_u16(data[IFLA_IPTUN_ENCAP_SPORT]);
++ ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
+ }
+
+ if (data[IFLA_IPTUN_ENCAP_DPORT]) {
+ ret = true;
+- ipencap->dport = nla_get_u16(data[IFLA_IPTUN_ENCAP_DPORT]);
++ ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
+ }
+
+ return ret;
+@@ -1706,9 +1706,9 @@ static int ipip6_fill_info(struct sk_buff *skb, const struct net_device *dev)
+
+ if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
+ tunnel->encap.type) ||
+- nla_put_u16(skb, IFLA_IPTUN_ENCAP_SPORT,
++ nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
+ tunnel->encap.sport) ||
+- nla_put_u16(skb, IFLA_IPTUN_ENCAP_DPORT,
++ nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
+ tunnel->encap.dport) ||
+ nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
+ tunnel->encap.dport))
@@ -1750,7 +1750,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head)
unregister_netdevice_queue(dev, head);
}
struct ctl_table *ipv6_icmp_table;
int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index c277951..c7ee5bf 100644
+index c113602..0cccb46 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1434,12 +1441,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1441,12 +1448,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest,
- tcp_v6_iif(skb));
+ inet6_iif(skb));
- if (!sk)
+ if (!sk) {
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1486,6 +1501,10 @@ csum_error:
+@@ -1497,6 +1512,10 @@ csum_error:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
kfree_skb(skb);
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
-index 5f98364..5ca982a 100644
+index 5f98364..691985a 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
-@@ -130,8 +130,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+@@ -130,12 +130,18 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
{
struct flowi6 *fl6 = &fl->u.ip6;
int onlyproto = 0;
+ u16 offset = sizeof(*hdr);
struct ipv6_opt_hdr *exthdr;
const unsigned char *nh = skb_network_header(skb);
- u8 nexthdr = nh[IP6CB(skb)->nhoff];
-@@ -217,11 +217,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+- u8 nexthdr = nh[IP6CB(skb)->nhoff];
++ u16 nhoff = IP6CB(skb)->nhoff;
+ int oif = 0;
++ u8 nexthdr;
++
++ if (!nhoff)
++ nhoff = offsetof(struct ipv6hdr, nexthdr);
++
++ nexthdr = nh[nhoff];
+
+ if (skb_dst(skb))
+ oif = skb_dst(skb)->dev->ifindex;
+@@ -217,11 +223,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
}
}
return dst_entries_get_fast(ops) > ops->gc_thresh * 2;
}
-@@ -334,19 +334,19 @@ static struct ctl_table xfrm6_policy_table[] = {
+@@ -334,19 +340,19 @@ static struct ctl_table xfrm6_policy_table[] = {
static int __net_init xfrm6_net_init(struct net *net)
{
if (!hdr)
goto err_reg;
-@@ -354,8 +354,7 @@ static int __net_init xfrm6_net_init(struct net *net)
+@@ -354,8 +360,7 @@ static int __net_init xfrm6_net_init(struct net *net)
return 0;
err_reg:
/*
* Goal:
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
-index 4c5192e..04cc0d8 100644
+index 4a95fe3..0bfd713 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -12,7 +12,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
if (local->wowlan) {
int err = drv_suspend(local, wowlan);
if (err < 0) {
-@@ -125,7 +125,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+@@ -126,7 +126,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
WARN_ON(!list_empty(&local->chanctx_list));
/* stop hardware - this must stop RX */
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 5016a69..594f8e9 100644
+index c588012..b0d4ef8 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
-@@ -1739,6 +1739,10 @@ void nf_conntrack_init_end(void)
+@@ -1737,6 +1737,10 @@ void nf_conntrack_init_end(void)
#define DYING_NULLS_VAL ((1<<30)+1)
#define TEMPLATE_NULLS_VAL ((1<<30)+2)
int nf_conntrack_init_net(struct net *net)
{
int ret = -ENOMEM;
-@@ -1764,7 +1768,11 @@ int nf_conntrack_init_net(struct net *net)
+@@ -1762,7 +1766,11 @@ int nf_conntrack_init_net(struct net *net)
if (!net->ct.stat)
goto err_pcpu_lists;
mutex_unlock(&nf_sockopt_mutex);
}
EXPORT_SYMBOL(nf_unregister_sockopt);
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
+index 71b574c..d319e8b 100644
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -1134,9 +1134,11 @@ static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr)
+ /* Restore old counters on this cpu, no problem. Per-cpu statistics
+ * are not exposed to userspace.
+ */
++ preempt_disable();
+ stats = this_cpu_ptr(newstats);
+ stats->bytes = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES]));
+ stats->pkts = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS]));
++ preempt_enable();
+
+ return newstats;
+ }
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 5f1be5b..2cba8cd 100644
--- a/net/netfilter/nfnetlink_log.c
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index b6bf8e8..7884ddf 100644
+index 79c965a..ee2b76d 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -273,7 +273,7 @@ static void netlink_overrun(struct sock *sk)
}
static void netlink_rcv_wake(struct sock *sk)
-@@ -3010,7 +3010,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -2990,7 +2990,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb_running,
atomic_read(&s->sk_refcnt),
struct rds_sock {
struct sock rs_sk;
+diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c
+index c3b0cd4..c173f69 100644
+--- a/net/rds/sysctl.c
++++ b/net/rds/sysctl.c
+@@ -71,14 +71,14 @@ static struct ctl_table rds_sysctl_rds_table[] = {
+ {
+ .procname = "max_unacked_packets",
+ .data = &rds_sysctl_max_unacked_packets,
+- .maxlen = sizeof(unsigned long),
++ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+ {
+ .procname = "max_unacked_bytes",
+ .data = &rds_sysctl_max_unacked_bytes,
+- .maxlen = sizeof(unsigned long),
++ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index edac9ef..16bcb98 100644
--- a/net/rds/tcp.c
_proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
+diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
+index aad6a67..baef987 100644
+--- a/net/sched/cls_api.c
++++ b/net/sched/cls_api.c
+@@ -556,8 +556,9 @@ void tcf_exts_change(struct tcf_proto *tp, struct tcf_exts *dst,
+ }
+ EXPORT_SYMBOL(tcf_exts_change);
+
+-#define tcf_exts_first_act(ext) \
+- list_first_entry(&(exts)->actions, struct tc_action, list)
++#define tcf_exts_first_act(ext) \
++ list_first_entry_or_null(&(exts)->actions, \
++ struct tc_action, list)
+
+ int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts)
+ {
+@@ -603,7 +604,7 @@ int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts)
+ {
+ #ifdef CONFIG_NET_CLS_ACT
+ struct tc_action *a = tcf_exts_first_act(exts);
+- if (tcf_action_copy_stats(skb, a, 1) < 0)
++ if (a != NULL && tcf_action_copy_stats(skb, a, 1) < 0)
+ return -1;
+ #endif
+ return 0;
+diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c
+index eed49d1..ce22514 100644
+--- a/net/sched/cls_bpf.c
++++ b/net/sched/cls_bpf.c
+@@ -191,6 +191,11 @@ static int cls_bpf_modify_existing(struct net *net, struct tcf_proto *tp,
+ }
+
+ bpf_size = bpf_len * sizeof(*bpf_ops);
++ if (bpf_size != nla_len(tb[TCA_BPF_OPS])) {
++ ret = -EINVAL;
++ goto errout;
++ }
++
+ bpf_ops = kzalloc(bpf_size, GFP_KERNEL);
+ if (bpf_ops == NULL) {
+ ret = -ENOMEM;
+@@ -226,15 +231,21 @@ static u32 cls_bpf_grab_new_handle(struct tcf_proto *tp,
+ struct cls_bpf_head *head)
+ {
+ unsigned int i = 0x80000000;
++ u32 handle;
+
+ do {
+ if (++head->hgen == 0x7FFFFFFF)
+ head->hgen = 1;
+ } while (--i > 0 && cls_bpf_get(tp, head->hgen));
+- if (i == 0)
++
++ if (unlikely(i == 0)) {
+ pr_err("Insufficient number of handles\n");
++ handle = 0;
++ } else {
++ handle = head->hgen;
++ }
+
+- return i;
++ return handle;
+ }
+
+ static int cls_bpf_change(struct net *net, struct sk_buff *in_skb,
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index 6efca30..1259f82 100644
--- a/net/sched/sch_generic.c
linkwatch_fire_event(dev);
}
}
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index f791edd..26d06db 100644
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -1182,7 +1182,6 @@ void sctp_assoc_update(struct sctp_association *asoc,
+ asoc->peer.peer_hmacs = new->peer.peer_hmacs;
+ new->peer.peer_hmacs = NULL;
+
+- sctp_auth_key_put(asoc->asoc_shared_key);
+ sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC);
+ }
+
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 0e4198e..f94193e 100644
--- a/net/sctp/ipv6.c
sctp_generate_t1_cookie_event,
sctp_generate_t1_init_event,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 634a2ab..8e93929 100644
+index 634a2ab..dfdaf9b 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -2199,11 +2199,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
+@@ -1603,7 +1603,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ sctp_assoc_t associd = 0;
+ sctp_cmsgs_t cmsgs = { NULL };
+ sctp_scope_t scope;
+- bool fill_sinfo_ttl = false;
++ bool fill_sinfo_ttl = false, wait_connect = false;
+ struct sctp_datamsg *datamsg;
+ int msg_flags = msg->msg_flags;
+ __u16 sinfo_flags = 0;
+@@ -1943,6 +1943,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ if (err < 0)
+ goto out_free;
+
++ wait_connect = true;
+ pr_debug("%s: we associated primitively\n", __func__);
+ }
+
+@@ -1980,6 +1981,11 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ sctp_datamsg_put(datamsg);
+ err = msg_len;
+
++ if (unlikely(wait_connect)) {
++ timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT);
++ sctp_wait_for_connect(asoc, &timeo);
++ }
++
+ /* If we are already past ASSOCIATE, the lower
+ * layers are responsible for association cleanup.
+ */
+@@ -2199,11 +2205,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
{
struct sctp_association *asoc;
struct sctp_ulpevent *event;
if (sctp_sk(sk)->subscribe.sctp_data_io_event)
pr_warn_ratelimited(DEPRECATED "%s (pid %d) "
-@@ -4372,13 +4374,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
+@@ -4372,13 +4380,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
int __user *optlen)
{
return -EFAULT;
return 0;
}
-@@ -4396,6 +4401,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
+@@ -4396,6 +4407,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
*/
static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
/* Applicable to UDP-style socket only */
if (sctp_style(sk, TCP))
return -EOPNOTSUPP;
-@@ -4404,7 +4411,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
+@@ -4404,7 +4417,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
len = sizeof(int);
if (put_user(len, optlen))
return -EFAULT;
return -EFAULT;
return 0;
}
-@@ -4778,12 +4786,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
+@@ -4778,12 +4792,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
*/
static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
return -EFAULT;
return 0;
}
-@@ -4824,6 +4835,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4824,6 +4841,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
->addr_to_user(sp, &temp);
if (space_left < addrlen)
return -ENOMEM;
__xfrm_sysctl_init(net);
+diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
+index 65e7b08..1b868d5 100644
+--- a/scripts/Kbuild.include
++++ b/scripts/Kbuild.include
+@@ -144,7 +144,7 @@ cc-ifversion = $(shell [ $(call cc-version, $(CC)) $(1) $(2) ] && echo $(3))
+ # cc-ldoption
+ # Usage: ldflags += $(call cc-ldoption, -Wl$(comma)--hash-style=both)
+ cc-ldoption = $(call try-run,\
+- $(CC) $(1) -nostdlib -x c /dev/null -o "$$TMP",$(1),$(2))
++ $(CC) $(1) -Wl,-r -nostdlib -x c /dev/null -o "$$TMP",$(1),$(2))
+
+ # ld-option
+ # Usage: LDFLAGS += $(call ld-option, -X)
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 649ce68..f6bc05c 100644
--- a/scripts/Makefile.build
endif
diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean
-index b1c668d..638055f 100644
+index a609552..fde19cd 100644
--- a/scripts/Makefile.clean
+++ b/scripts/Makefile.clean
@@ -41,7 +41,8 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn))
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..42018ed
+index 0000000..822fa9e
--- /dev/null
+++ b/scripts/gcc-plugin.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+srctree=$(dirname "$0")
+gccplugins_dir=$($3 -print-file-name=plugin)
-+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++plugincc=$($1 -E - -o /dev/null -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
+#include "gcc-common.h"
+#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
+#warning $2 CXX
+esac
+
+# we need a c++ compiler that supports the designated initializer GNU extension
-+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
+#include "gcc-common.h"
+class test {
+public:
err:
if (iov != iovstack)
kfree(iov);
+diff --git a/security/keys/request_key.c b/security/keys/request_key.c
+index 0c7aea4..486ef6f 100644
+--- a/security/keys/request_key.c
++++ b/security/keys/request_key.c
+@@ -414,6 +414,7 @@ link_check_failed:
+
+ link_prealloc_failed:
+ mutex_unlock(&user->cons_lock);
++ key_put(key);
+ kleave(" = %d [prelink]", ret);
+ return ret;
+
diff --git a/security/min_addr.c b/security/min_addr.c
index f728728..6457a0c 100644
--- a/security/min_addr.c
return snd_seq_device_register_driver(SNDRV_SEQ_DEV_ID_EMU10K1_SYNTH, &ops,
sizeof(struct snd_emu10k1_synth_arg));
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
-index 15e0089..ad6bc9b 100644
+index e708368..764dffe 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
-@@ -966,14 +966,10 @@ find_codec_preset(struct hda_codec *codec)
+@@ -968,14 +968,10 @@ find_codec_preset(struct hda_codec *codec)
mutex_unlock(&preset_mutex);
if (mod_requested < HDA_MODREQ_MAX_COUNT) {
mod_requested++;
goto again;
}
-@@ -2800,7 +2796,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec,
+@@ -2802,7 +2798,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec,
/* FIXME: set_fs() hack for obtaining user-space TLV data */
mm_segment_t fs = get_fs();
set_fs(get_ds());
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..82bc5a8
+index 0000000..3b5af59
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,557 @@
+@@ -0,0 +1,558 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
+ * Copyright 2011-2014 by PaX Team <pageexec@freemail.hu>
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION >= 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
+ }
+
-+ if (strcmp(lang_hooks.name, "GNU C")) {
-+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) {
++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name);
+ constify = false;
+ }
+
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..f38f762
+index 0000000..f2bd55d
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,6029 @@
+@@ -0,0 +1,6031 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
+compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
+rd_build_prot_space_10761 rd_build_prot_space 2-3 10761 NULL
+kvm_read_guest_atomic_10765 kvm_read_guest_atomic 4 10765 NULL
+__qp_memcpy_to_queue_10779 __qp_memcpy_to_queue 2-4 10779 NULL
++ttm_dma_page_pool_free_10796 ttm_dma_page_pool_free 2-0 10796 NULL
+diva_set_trace_filter_10820 diva_set_trace_filter 0-1 10820 NULL
+lbs_sleepparams_read_10840 lbs_sleepparams_read 3 10840 NULL
+ext4_direct_IO_10843 ext4_direct_IO 4 10843 NULL
+evdev_do_ioctl_24459 evdev_do_ioctl 2 24459 NULL
+lbs_highsnr_write_24460 lbs_highsnr_write 3 24460 NULL
+skb_copy_and_csum_datagram_iovec_24466 skb_copy_and_csum_datagram_iovec 2 24466 NULL
++ttm_page_pool_free_24486 ttm_page_pool_free 2-0 24486 NULL
+dut_mode_read_24489 dut_mode_read 3 24489 NULL
+read_file_spec_scan_ctl_24491 read_file_spec_scan_ctl 3 24491 NULL
+pd_video_read_24510 pd_video_read 3 24510 NULL