From 347339c485d103d2ea8df330a41497b2bbd82a31 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 5 Dec 2014 23:46:29 +0100 Subject: [PATCH] kernel: Update to 3.17.4 Enable using THUMB2 for the ARMv7 default kernel --- kernel/config-armv7hl-default | 2 +- kernel/kernel.nm | 2 +- ... grsecurity-3.0-3.17.4-201411220955.patch} | 4004 ++++++++--------- kernel/patches/grsecurity-fix.patch | 12 - 4 files changed, 1821 insertions(+), 2199 deletions(-) rename kernel/patches/{grsecurity-3.0-3.17.1-201410281754.patch => grsecurity-3.0-3.17.4-201411220955.patch} (98%) delete mode 100644 kernel/patches/grsecurity-fix.patch diff --git a/kernel/config-armv7hl-default b/kernel/config-armv7hl-default index 91a94c7fc..f1c0b366f 100644 --- a/kernel/config-armv7hl-default +++ b/kernel/config-armv7hl-default @@ -337,7 +337,7 @@ CONFIG_ARM_PSCI=y CONFIG_ARCH_NR_GPIO=1024 CONFIG_HZ_FIXED=200 CONFIG_HZ=200 -# CONFIG_THUMB2_KERNEL is not set +CONFIG_THUMB2_KERNEL=y CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_MMU_NOTIFIER=y diff --git a/kernel/kernel.nm b/kernel/kernel.nm index ced42fd75..9ad757878 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -4,7 +4,7 @@ ############################################################################### name = kernel -version = 3.17.1 +version = 3.17.4 release = 1 thisapp = linux-%{version} diff --git a/kernel/patches/grsecurity-3.0-3.17.1-201410281754.patch b/kernel/patches/grsecurity-3.0-3.17.4-201411220955.patch similarity index 98% rename from kernel/patches/grsecurity-3.0-3.17.1-201410281754.patch rename to kernel/patches/grsecurity-3.0-3.17.4-201411220955.patch index ee9b62b5a..8d9a2849b 100644 --- a/kernel/patches/grsecurity-3.0-3.17.1-201410281754.patch +++ b/kernel/patches/grsecurity-3.0-3.17.4-201411220955.patch @@ -313,7 +313,7 @@ index 764f599..c600e2f 100644 A typical pattern in a Kbuild file looks like this: diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 1edd5fd..84fd32e 100644 +index 1edd5fd..107ff46 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -1155,6 +1155,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. @@ -338,7 +338,7 @@ index 1edd5fd..84fd32e 100644 nosmap [X86] Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor. -@@ -2467,6 +2475,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2467,6 +2475,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -348,8 +348,13 @@ index 1edd5fd..84fd32e 100644 + page table updates on X86-64. + + pax_sanitize_slab= -+ 0/1 to disable/enable slab object sanitization (enabled by -+ default). ++ Format: { 0 | 1 | off | fast | full } ++ Options '0' and '1' are only provided for backward ++ compatibility, 'off' or 'fast' should be used instead. ++ 0|off : disable slab object sanitization ++ 1|fast: enable slab object sanitization excluding ++ whitelisted slabs (default) ++ full : sanitize all slabs, even the whitelisted ones + + pax_softmode= 0/1 to disable/enable PaX softmode on boot already. + @@ -365,7 +370,7 @@ index 1edd5fd..84fd32e 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 4669409..95d8745 100644 +index b60b64d..33b7ec8 100644 --- a/Makefile +++ b/Makefile @@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -974,10 +979,10 @@ index 32cbbd5..c102df9 100644 kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index 3040359..cf3bab0 100644 +index 3040359..a494fa3 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h -@@ -18,17 +18,35 @@ +@@ -18,17 +18,41 @@ #include #include @@ -989,6 +994,12 @@ index 3040359..cf3bab0 100644 #ifdef __KERNEL__ ++#ifdef CONFIG_THUMB2_KERNEL ++#define REFCOUNT_TRAP_INSN "bkpt 0xf1" ++#else ++#define REFCOUNT_TRAP_INSN "bkpt 0xf103" ++#endif ++ +#define _ASM_EXTABLE(from, to) \ +" .pushsection __ex_table,\"a\"\n"\ +" .align 3\n" \ @@ -1013,7 +1024,7 @@ index 3040359..cf3bab0 100644 #if __LINUX_ARM_ARCH__ >= 6 -@@ -44,6 +62,36 @@ static inline void atomic_add(int i, atomic_t *v) +@@ -44,6 +68,36 @@ static inline void atomic_add(int i, atomic_t *v) prefetchw(&v->counter); __asm__ __volatile__("@ atomic_add\n" @@ -1022,7 +1033,7 @@ index 3040359..cf3bab0 100644 + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1050,7 +1061,7 @@ index 3040359..cf3bab0 100644 "1: ldrex %0, [%3]\n" " add %0, %0, %4\n" " strex %1, %0, [%3]\n" -@@ -63,6 +111,43 @@ static inline int atomic_add_return(int i, atomic_t *v) +@@ -63,6 +117,43 @@ static inline int atomic_add_return(int i, atomic_t *v) prefetchw(&v->counter); __asm__ __volatile__("@ atomic_add_return\n" @@ -1060,7 +1071,7 @@ index 3040359..cf3bab0 100644 +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" +" mov %0, %1\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1094,7 +1105,7 @@ index 3040359..cf3bab0 100644 "1: ldrex %0, [%3]\n" " add %0, %0, %4\n" " strex %1, %0, [%3]\n" -@@ -84,6 +169,36 @@ static inline void atomic_sub(int i, atomic_t *v) +@@ -84,6 +175,36 @@ static inline void atomic_sub(int i, atomic_t *v) prefetchw(&v->counter); __asm__ __volatile__("@ atomic_sub\n" @@ -1103,7 +1114,7 @@ index 3040359..cf3bab0 100644 + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1131,7 +1142,7 @@ index 3040359..cf3bab0 100644 "1: ldrex %0, [%3]\n" " sub %0, %0, %4\n" " strex %1, %0, [%3]\n" -@@ -103,11 +218,25 @@ static inline int atomic_sub_return(int i, atomic_t *v) +@@ -103,11 +224,25 @@ static inline int atomic_sub_return(int i, atomic_t *v) prefetchw(&v->counter); __asm__ __volatile__("@ atomic_sub_return\n" @@ -1143,7 +1154,7 @@ index 3040359..cf3bab0 100644 +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" +" mov %0, %1\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1159,7 +1170,7 @@ index 3040359..cf3bab0 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "Ir" (i) : "cc"); -@@ -152,12 +281,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -152,12 +287,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) __asm__ __volatile__ ("@ atomic_add_unless\n" "1: ldrex %0, [%4]\n" " teq %0, %5\n" @@ -1170,7 +1181,7 @@ index 3040359..cf3bab0 100644 + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1187,7 +1198,7 @@ index 3040359..cf3bab0 100644 : "=&r" (oldval), "=&r" (newval), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -168,6 +309,28 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -168,6 +315,28 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) return oldval; } @@ -1216,7 +1227,7 @@ index 3040359..cf3bab0 100644 #else /* ARM_ARCH_6 */ #ifdef CONFIG_SMP -@@ -186,7 +349,17 @@ static inline int atomic_add_return(int i, atomic_t *v) +@@ -186,7 +355,17 @@ static inline int atomic_add_return(int i, atomic_t *v) return val; } @@ -1234,7 +1245,7 @@ index 3040359..cf3bab0 100644 static inline int atomic_sub_return(int i, atomic_t *v) { -@@ -201,6 +374,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) +@@ -201,6 +380,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) return val; } #define atomic_sub(i, v) (void) atomic_sub_return(i, v) @@ -1245,7 +1256,7 @@ index 3040359..cf3bab0 100644 static inline int atomic_cmpxchg(atomic_t *v, int old, int new) { -@@ -216,6 +393,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) +@@ -216,6 +399,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) return ret; } @@ -1257,7 +1268,7 @@ index 3040359..cf3bab0 100644 static inline int __atomic_add_unless(atomic_t *v, int a, int u) { int c, old; -@@ -229,13 +411,33 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -229,13 +417,33 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) #endif /* __LINUX_ARM_ARCH__ */ #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) @@ -1291,7 +1302,7 @@ index 3040359..cf3bab0 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0) -@@ -246,6 +448,14 @@ typedef struct { +@@ -246,6 +454,14 @@ typedef struct { long long counter; } atomic64_t; @@ -1306,7 +1317,7 @@ index 3040359..cf3bab0 100644 #define ATOMIC64_INIT(i) { (i) } #ifdef CONFIG_ARM_LPAE -@@ -262,6 +472,19 @@ static inline long long atomic64_read(const atomic64_t *v) +@@ -262,6 +478,19 @@ static inline long long atomic64_read(const atomic64_t *v) return result; } @@ -1326,7 +1337,7 @@ index 3040359..cf3bab0 100644 static inline void atomic64_set(atomic64_t *v, long long i) { __asm__ __volatile__("@ atomic64_set\n" -@@ -270,6 +493,15 @@ static inline void atomic64_set(atomic64_t *v, long long i) +@@ -270,6 +499,15 @@ static inline void atomic64_set(atomic64_t *v, long long i) : "r" (&v->counter), "r" (i) ); } @@ -1342,7 +1353,7 @@ index 3040359..cf3bab0 100644 #else static inline long long atomic64_read(const atomic64_t *v) { -@@ -284,6 +516,19 @@ static inline long long atomic64_read(const atomic64_t *v) +@@ -284,6 +522,19 @@ static inline long long atomic64_read(const atomic64_t *v) return result; } @@ -1362,7 +1373,7 @@ index 3040359..cf3bab0 100644 static inline void atomic64_set(atomic64_t *v, long long i) { long long tmp; -@@ -298,6 +543,21 @@ static inline void atomic64_set(atomic64_t *v, long long i) +@@ -298,6 +549,21 @@ static inline void atomic64_set(atomic64_t *v, long long i) : "r" (&v->counter), "r" (i) : "cc"); } @@ -1384,7 +1395,7 @@ index 3040359..cf3bab0 100644 #endif static inline void atomic64_add(long long i, atomic64_t *v) -@@ -309,6 +569,37 @@ static inline void atomic64_add(long long i, atomic64_t *v) +@@ -309,6 +575,37 @@ static inline void atomic64_add(long long i, atomic64_t *v) __asm__ __volatile__("@ atomic64_add\n" "1: ldrexd %0, %H0, [%3]\n" " adds %Q0, %Q0, %Q4\n" @@ -1392,7 +1403,7 @@ index 3040359..cf3bab0 100644 + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1422,7 +1433,7 @@ index 3040359..cf3bab0 100644 " adc %R0, %R0, %R4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -329,6 +620,44 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v) +@@ -329,6 +626,44 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v) __asm__ __volatile__("@ atomic64_add_return\n" "1: ldrexd %0, %H0, [%3]\n" " adds %Q0, %Q0, %Q4\n" @@ -1432,7 +1443,7 @@ index 3040359..cf3bab0 100644 +" bvc 3f\n" +" mov %0, %1\n" +" mov %H0, %H1\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1467,7 +1478,7 @@ index 3040359..cf3bab0 100644 " adc %R0, %R0, %R4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -351,6 +680,37 @@ static inline void atomic64_sub(long long i, atomic64_t *v) +@@ -351,6 +686,37 @@ static inline void atomic64_sub(long long i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %Q0, %Q0, %Q4\n" @@ -1475,7 +1486,7 @@ index 3040359..cf3bab0 100644 + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1505,7 +1516,7 @@ index 3040359..cf3bab0 100644 " sbc %R0, %R0, %R4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -371,10 +731,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v) +@@ -371,10 +737,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub_return\n" "1: ldrexd %0, %H0, [%3]\n" " subs %Q0, %Q0, %Q4\n" @@ -1516,7 +1527,7 @@ index 3040359..cf3bab0 100644 +" bvc 3f\n" +" mov %0, %1\n" +" mov %H0, %H1\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1532,7 +1543,7 @@ index 3040359..cf3bab0 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (i) : "cc"); -@@ -410,6 +785,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old, +@@ -410,6 +791,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old, return oldval; } @@ -1564,7 +1575,7 @@ index 3040359..cf3bab0 100644 static inline long long atomic64_xchg(atomic64_t *ptr, long long new) { long long result; -@@ -435,21 +835,35 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new) +@@ -435,21 +841,35 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new) static inline long long atomic64_dec_if_positive(atomic64_t *v) { long long result; @@ -1586,7 +1597,7 @@ index 3040359..cf3bab0 100644 +" bvc 3f\n" +" mov %Q0, %Q1\n" +" mov %R0, %R1\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1606,7 +1617,7 @@ index 3040359..cf3bab0 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -473,13 +887,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) +@@ -473,13 +893,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1618,7 +1629,7 @@ index 3040359..cf3bab0 100644 + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" -+"2: bkpt 0xf103\n" ++"2: " REFCOUNT_TRAP_INSN "\n" +"3:\n" +#endif + @@ -1635,7 +1646,7 @@ index 3040359..cf3bab0 100644 : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -492,10 +918,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) +@@ -492,10 +924,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -2112,7 +2123,7 @@ index 9fd61c7..f8f1cff 100644 /* diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h -index 06e0bc0..e60c2d3 100644 +index 06e0bc0..c65bca8 100644 --- a/arch/arm/include/asm/pgtable-3level.h +++ b/arch/arm/include/asm/pgtable-3level.h @@ -81,6 +81,7 @@ @@ -2123,7 +2134,12 @@ index 06e0bc0..e60c2d3 100644 #define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */ #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) -@@ -96,6 +97,7 @@ +@@ -92,10 +93,12 @@ + #define L_PMD_SECT_SPLITTING (_AT(pmdval_t, 1) << 56) + #define L_PMD_SECT_NONE (_AT(pmdval_t, 1) << 57) + #define L_PMD_SECT_RDONLY (_AT(pteval_t, 1) << 58) ++#define PMD_SECT_RDONLY PMD_SECT_AP2 + /* * To be used in assembly code with the upper page attributes. */ @@ -3590,6 +3606,19 @@ index f7a07a5..258e1f7 100644 pr_info("AT91: sram at 0x%lx of 0x%x mapped at 0x%lx\n", base, length, desc->virtual); +diff --git a/arch/arm/mach-keystone/keystone.c b/arch/arm/mach-keystone/keystone.c +index 7f352de..6dc0929 100644 +--- a/arch/arm/mach-keystone/keystone.c ++++ b/arch/arm/mach-keystone/keystone.c +@@ -27,7 +27,7 @@ + + #include "keystone.h" + +-static struct notifier_block platform_nb; ++static notifier_block_no_const platform_nb; + static unsigned long keystone_dma_pfn_offset __read_mostly; + + static int keystone_platform_notifier(struct notifier_block *nb, diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c index 2bdc323..cf1c607 100644 --- a/arch/arm/mach-mvebu/coherency.c @@ -3844,7 +3873,7 @@ index 2dea8b5..6499da2 100644 extern void ux500_cpu_die(unsigned int cpu); diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig -index ae69809..2665202 100644 +index 7eb94e6..799ad3e 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -446,6 +446,7 @@ config CPU_32v5 @@ -3863,15 +3892,16 @@ index ae69809..2665202 100644 help This option enables or disables the use of domain switching via the set_fs() function. -@@ -799,6 +801,7 @@ config NEED_KUSER_HELPERS +@@ -798,7 +800,7 @@ config NEED_KUSER_HELPERS + config KUSER_HELPERS bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS +- depends on MMU ++ depends on MMU && (!(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND) default y -+ depends on !(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND help Warning: disabling this option may break user programs. - -@@ -811,7 +814,7 @@ config KUSER_HELPERS +@@ -812,7 +814,7 @@ config KUSER_HELPERS See Documentation/arm/kernel_user_helpers.txt for details. However, the fixed address nature of these helpers can be used @@ -4007,7 +4037,7 @@ index 6eb97b3..ac509f6 100644 atomic64_set(&mm->context.id, asid); } diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index eb8830a..5360ce7 100644 +index eb8830a..e8ff52e 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -25,6 +25,7 @@ @@ -4121,7 +4151,7 @@ index eb8830a..5360ce7 100644 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", inf->name, fsr, addr); -@@ -574,15 +647,98 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs * +@@ -574,15 +647,104 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs * ifsr_info[nr].name = name; } @@ -4201,9 +4231,15 @@ index eb8830a..5360ce7 100644 + +#ifdef CONFIG_PAX_REFCOUNT + if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) { ++#ifdef CONFIG_THUMB2_KERNEL ++ unsigned short bkpt; ++ ++ if (!probe_kernel_address(pc, bkpt) && cpu_to_le16(bkpt) == 0xbef1) { ++#else + unsigned int bkpt; + + if (!probe_kernel_address(pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) { ++#endif + current->thread.error_code = ifsr; + current->thread.trap_no = 0; + pax_report_refcount_overflow(regs); @@ -5082,7 +5118,7 @@ index f6c3a16..cd422a4 100644 { int c, old; diff --git a/arch/frv/include/asm/cache.h b/arch/frv/include/asm/cache.h -index 2797163..c2a401d 100644 +index 2797163..c2a401df9 100644 --- a/arch/frv/include/asm/cache.h +++ b/arch/frv/include/asm/cache.h @@ -12,10 +12,11 @@ @@ -6941,7 +6977,7 @@ index 7de8658..c109224 100644 /* * We stash processor id into a COP0 register to retrieve it fast diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h -index a109510..94ee3f6 100644 +index a109510..0a764f7 100644 --- a/arch/mips/include/asm/uaccess.h +++ b/arch/mips/include/asm/uaccess.h @@ -130,6 +130,7 @@ extern u64 __ua_limit; @@ -6952,6 +6988,32 @@ index a109510..94ee3f6 100644 #define access_ok(type, addr, size) \ likely(__access_ok((addr), (size), __access_mask)) +@@ -301,7 +302,8 @@ do { \ + __get_kernel_common((x), size, __gu_ptr); \ + else \ + __get_user_common((x), size, __gu_ptr); \ +- } \ ++ } else \ ++ (x) = 0; \ + \ + __gu_err; \ + }) +@@ -316,6 +318,7 @@ do { \ + " .insn \n" \ + " .section .fixup,\"ax\" \n" \ + "3: li %0, %4 \n" \ ++ " move %1, $0 \n" \ + " j 2b \n" \ + " .previous \n" \ + " .section __ex_table,\"a\" \n" \ +@@ -630,6 +633,7 @@ do { \ + " .insn \n" \ + " .section .fixup,\"ax\" \n" \ + "3: li %0, %4 \n" \ ++ " move %1, $0 \n" \ + " j 2b \n" \ + " .previous \n" \ + " .section __ex_table,\"a\" \n" \ diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c index 1188e00..41cf144 100644 --- a/arch/mips/kernel/binfmt_elfn32.c @@ -8107,26 +8169,648 @@ index 4bc7b62..107e0b2 100644 kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h -index 28992d0..c797b20 100644 +index 28992d0..434c881 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h -@@ -519,6 +519,16 @@ static __inline__ long atomic64_inc_not_zero(atomic64_t *v) - return t1; +@@ -12,6 +12,11 @@ + + #define ATOMIC_INIT(i) { (i) } + ++#define _ASM_EXTABLE(from, to) \ ++" .section __ex_table,\"a\"\n" \ ++ PPC_LONG" " #from ", " #to"\n" \ ++" .previous\n" ++ + static __inline__ int atomic_read(const atomic_t *v) + { + int t; +@@ -21,16 +26,61 @@ static __inline__ int atomic_read(const atomic_t *v) + return t; } -+#define atomic64_read_unchecked(v) atomic64_read(v) -+#define atomic64_set_unchecked(v, i) atomic64_set((v), (i)) -+#define atomic64_add_unchecked(a, v) atomic64_add((a), (v)) -+#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v)) -+#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v)) -+#define atomic64_inc_unchecked(v) atomic64_inc(v) -+#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v) -+#define atomic64_dec_unchecked(v) atomic64_dec(v) -+#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n)) ++static __inline__ int atomic_read_unchecked(const atomic_unchecked_t *v) ++{ ++ int t; ++ ++ __asm__ __volatile__("lwz%U1%X1 %0,%1" : "=r"(t) : "m"(v->counter)); + - #endif /* __powerpc64__ */ ++ return t; ++} ++ + static __inline__ void atomic_set(atomic_t *v, int i) + { + __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i)); + } - #endif /* __KERNEL__ */ ++static __inline__ void atomic_set_unchecked(atomic_unchecked_t *v, int i) ++{ ++ __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i)); ++} ++ + static __inline__ void atomic_add(int a, atomic_t *v) + { + int t; + + __asm__ __volatile__( ++"1: lwarx %0,0,%3 # atomic_add\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" addo. %0,%2,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" add %0,%2,%0\n" ++#endif ++ ++"3:\n" ++ PPC405_ERR77(0,%3) ++" stwcx. %0,0,%3 \n\ ++ bne- 1b" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++"\n4:\n" ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ : "=&r" (t), "+m" (v->counter) ++ : "r" (a), "r" (&v->counter) ++ : "cc"); ++} ++ ++static __inline__ void atomic_add_unchecked(int a, atomic_unchecked_t *v) ++{ ++ int t; ++ ++ __asm__ __volatile__( + "1: lwarx %0,0,%3 # atomic_add\n\ + add %0,%2,%0\n" + PPC405_ERR77(0,%3) +@@ -41,12 +91,49 @@ static __inline__ void atomic_add(int a, atomic_t *v) + : "cc"); + } + ++/* Same as atomic_add but return the value */ + static __inline__ int atomic_add_return(int a, atomic_t *v) + { + int t; + + __asm__ __volatile__( + PPC_ATOMIC_ENTRY_BARRIER ++"1: lwarx %0,0,%2 # atomic_add_return\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" addo. %0,%1,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" add %0,%1,%0\n" ++#endif ++ ++"3:\n" ++ PPC405_ERR77(0,%2) ++" stwcx. %0,0,%2 \n\ ++ bne- 1b\n" ++"4:" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ PPC_ATOMIC_EXIT_BARRIER ++ : "=&r" (t) ++ : "r" (a), "r" (&v->counter) ++ : "cc", "memory"); ++ ++ return t; ++} ++ ++/* Same as atomic_add_unchecked but return the value */ ++static __inline__ int atomic_add_return_unchecked(int a, atomic_unchecked_t *v) ++{ ++ int t; ++ ++ __asm__ __volatile__( ++ PPC_ATOMIC_ENTRY_BARRIER + "1: lwarx %0,0,%2 # atomic_add_return\n\ + add %0,%1,%0\n" + PPC405_ERR77(0,%2) +@@ -67,6 +154,37 @@ static __inline__ void atomic_sub(int a, atomic_t *v) + int t; + + __asm__ __volatile__( ++"1: lwarx %0,0,%3 # atomic_sub\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" subfo. %0,%2,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" subf %0,%2,%0\n" ++#endif ++ ++"3:\n" ++ PPC405_ERR77(0,%3) ++" stwcx. %0,0,%3 \n\ ++ bne- 1b\n" ++"4:" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ : "=&r" (t), "+m" (v->counter) ++ : "r" (a), "r" (&v->counter) ++ : "cc"); ++} ++ ++static __inline__ void atomic_sub_unchecked(int a, atomic_unchecked_t *v) ++{ ++ int t; ++ ++ __asm__ __volatile__( + "1: lwarx %0,0,%3 # atomic_sub\n\ + subf %0,%2,%0\n" + PPC405_ERR77(0,%3) +@@ -77,12 +195,49 @@ static __inline__ void atomic_sub(int a, atomic_t *v) + : "cc"); + } + ++/* Same as atomic_sub but return the value */ + static __inline__ int atomic_sub_return(int a, atomic_t *v) + { + int t; + + __asm__ __volatile__( + PPC_ATOMIC_ENTRY_BARRIER ++"1: lwarx %0,0,%2 # atomic_sub_return\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" subfo. %0,%1,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" subf %0,%1,%0\n" ++#endif ++ ++"3:\n" ++ PPC405_ERR77(0,%2) ++" stwcx. %0,0,%2 \n\ ++ bne- 1b\n" ++ PPC_ATOMIC_EXIT_BARRIER ++"4:" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ : "=&r" (t) ++ : "r" (a), "r" (&v->counter) ++ : "cc", "memory"); ++ ++ return t; ++} ++ ++/* Same as atomic_sub_unchecked but return the value */ ++static __inline__ int atomic_sub_return_unchecked(int a, atomic_unchecked_t *v) ++{ ++ int t; ++ ++ __asm__ __volatile__( ++ PPC_ATOMIC_ENTRY_BARRIER + "1: lwarx %0,0,%2 # atomic_sub_return\n\ + subf %0,%1,%0\n" + PPC405_ERR77(0,%2) +@@ -96,38 +251,23 @@ static __inline__ int atomic_sub_return(int a, atomic_t *v) + return t; + } + +-static __inline__ void atomic_inc(atomic_t *v) +-{ +- int t; ++/* ++ * atomic_inc - increment atomic variable ++ * @v: pointer of type atomic_t ++ * ++ * Automatically increments @v by 1 ++ */ ++#define atomic_inc(v) atomic_add(1, (v)) ++#define atomic_inc_return(v) atomic_add_return(1, (v)) + +- __asm__ __volatile__( +-"1: lwarx %0,0,%2 # atomic_inc\n\ +- addic %0,%0,1\n" +- PPC405_ERR77(0,%2) +-" stwcx. %0,0,%2 \n\ +- bne- 1b" +- : "=&r" (t), "+m" (v->counter) +- : "r" (&v->counter) +- : "cc", "xer"); ++static __inline__ void atomic_inc_unchecked(atomic_unchecked_t *v) ++{ ++ atomic_add_unchecked(1, v); + } + +-static __inline__ int atomic_inc_return(atomic_t *v) ++static __inline__ int atomic_inc_return_unchecked(atomic_unchecked_t *v) + { +- int t; +- +- __asm__ __volatile__( +- PPC_ATOMIC_ENTRY_BARRIER +-"1: lwarx %0,0,%1 # atomic_inc_return\n\ +- addic %0,%0,1\n" +- PPC405_ERR77(0,%1) +-" stwcx. %0,0,%1 \n\ +- bne- 1b" +- PPC_ATOMIC_EXIT_BARRIER +- : "=&r" (t) +- : "r" (&v->counter) +- : "cc", "xer", "memory"); +- +- return t; ++ return atomic_add_return_unchecked(1, v); + } + + /* +@@ -140,43 +280,38 @@ static __inline__ int atomic_inc_return(atomic_t *v) + */ + #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0) + +-static __inline__ void atomic_dec(atomic_t *v) ++static __inline__ int atomic_inc_and_test_unchecked(atomic_unchecked_t *v) + { +- int t; +- +- __asm__ __volatile__( +-"1: lwarx %0,0,%2 # atomic_dec\n\ +- addic %0,%0,-1\n" +- PPC405_ERR77(0,%2)\ +-" stwcx. %0,0,%2\n\ +- bne- 1b" +- : "=&r" (t), "+m" (v->counter) +- : "r" (&v->counter) +- : "cc", "xer"); ++ return atomic_add_return_unchecked(1, v) == 0; + } + +-static __inline__ int atomic_dec_return(atomic_t *v) ++/* ++ * atomic_dec - decrement atomic variable ++ * @v: pointer of type atomic_t ++ * ++ * Atomically decrements @v by 1 ++ */ ++#define atomic_dec(v) atomic_sub(1, (v)) ++#define atomic_dec_return(v) atomic_sub_return(1, (v)) ++ ++static __inline__ void atomic_dec_unchecked(atomic_unchecked_t *v) + { +- int t; +- +- __asm__ __volatile__( +- PPC_ATOMIC_ENTRY_BARRIER +-"1: lwarx %0,0,%1 # atomic_dec_return\n\ +- addic %0,%0,-1\n" +- PPC405_ERR77(0,%1) +-" stwcx. %0,0,%1\n\ +- bne- 1b" +- PPC_ATOMIC_EXIT_BARRIER +- : "=&r" (t) +- : "r" (&v->counter) +- : "cc", "xer", "memory"); +- +- return t; ++ atomic_sub_unchecked(1, v); + } + + #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n))) + #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) + ++static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new) ++{ ++ return cmpxchg(&(v->counter), old, new); ++} ++ ++static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new) ++{ ++ return xchg(&(v->counter), new); ++} ++ + /** + * __atomic_add_unless - add unless the number is a given value + * @v: pointer of type atomic_t +@@ -271,6 +406,11 @@ static __inline__ int atomic_dec_if_positive(atomic_t *v) + } + #define atomic_dec_if_positive atomic_dec_if_positive + ++#define smp_mb__before_atomic_dec() smp_mb() ++#define smp_mb__after_atomic_dec() smp_mb() ++#define smp_mb__before_atomic_inc() smp_mb() ++#define smp_mb__after_atomic_inc() smp_mb() ++ + #ifdef __powerpc64__ + + #define ATOMIC64_INIT(i) { (i) } +@@ -284,11 +424,25 @@ static __inline__ long atomic64_read(const atomic64_t *v) + return t; + } + ++static __inline__ long atomic64_read_unchecked(const atomic64_unchecked_t *v) ++{ ++ long t; ++ ++ __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m"(v->counter)); ++ ++ return t; ++} ++ + static __inline__ void atomic64_set(atomic64_t *v, long i) + { + __asm__ __volatile__("std%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i)); + } + ++static __inline__ void atomic64_set_unchecked(atomic64_unchecked_t *v, long i) ++{ ++ __asm__ __volatile__("std%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i)); ++} ++ + static __inline__ void atomic64_add(long a, atomic64_t *v) + { + long t; +@@ -303,12 +457,76 @@ static __inline__ void atomic64_add(long a, atomic64_t *v) + : "cc"); + } + ++static __inline__ void atomic64_add_unchecked(long a, atomic64_unchecked_t *v) ++{ ++ long t; ++ ++ __asm__ __volatile__( ++"1: ldarx %0,0,%3 # atomic64_add\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" addo. %0,%2,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" add %0,%2,%0\n" ++#endif ++ ++"3:\n" ++" stdcx. %0,0,%3 \n\ ++ bne- 1b\n" ++"4:" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ : "=&r" (t), "+m" (v->counter) ++ : "r" (a), "r" (&v->counter) ++ : "cc"); ++} ++ + static __inline__ long atomic64_add_return(long a, atomic64_t *v) + { + long t; + + __asm__ __volatile__( + PPC_ATOMIC_ENTRY_BARRIER ++"1: ldarx %0,0,%2 # atomic64_add_return\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" addo. %0,%1,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" add %0,%1,%0\n" ++#endif ++ ++"3:\n" ++" stdcx. %0,0,%2 \n\ ++ bne- 1b\n" ++ PPC_ATOMIC_EXIT_BARRIER ++"4:" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ : "=&r" (t) ++ : "r" (a), "r" (&v->counter) ++ : "cc", "memory"); ++ ++ return t; ++} ++ ++static __inline__ long atomic64_add_return_unchecked(long a, atomic64_unchecked_t *v) ++{ ++ long t; ++ ++ __asm__ __volatile__( ++ PPC_ATOMIC_ENTRY_BARRIER + "1: ldarx %0,0,%2 # atomic64_add_return\n\ + add %0,%1,%0\n\ + stdcx. %0,0,%2 \n\ +@@ -328,6 +546,36 @@ static __inline__ void atomic64_sub(long a, atomic64_t *v) + long t; + + __asm__ __volatile__( ++"1: ldarx %0,0,%3 # atomic64_sub\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" subfo. %0,%2,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" subf %0,%2,%0\n" ++#endif ++ ++"3:\n" ++" stdcx. %0,0,%3 \n\ ++ bne- 1b" ++"4:" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ : "=&r" (t), "+m" (v->counter) ++ : "r" (a), "r" (&v->counter) ++ : "cc"); ++} ++ ++static __inline__ void atomic64_sub_unchecked(long a, atomic64_unchecked_t *v) ++{ ++ long t; ++ ++ __asm__ __volatile__( + "1: ldarx %0,0,%3 # atomic64_sub\n\ + subf %0,%2,%0\n\ + stdcx. %0,0,%3 \n\ +@@ -343,6 +591,40 @@ static __inline__ long atomic64_sub_return(long a, atomic64_t *v) + + __asm__ __volatile__( + PPC_ATOMIC_ENTRY_BARRIER ++"1: ldarx %0,0,%2 # atomic64_sub_return\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" subfo. %0,%1,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" subf %0,%1,%0\n" ++#endif ++ ++"3:\n" ++" stdcx. %0,0,%2 \n\ ++ bne- 1b\n" ++ PPC_ATOMIC_EXIT_BARRIER ++"4:" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ : "=&r" (t) ++ : "r" (a), "r" (&v->counter) ++ : "cc", "memory"); ++ ++ return t; ++} ++ ++static __inline__ long atomic64_sub_return_unchecked(long a, atomic64_unchecked_t *v) ++{ ++ long t; ++ ++ __asm__ __volatile__( ++ PPC_ATOMIC_ENTRY_BARRIER + "1: ldarx %0,0,%2 # atomic64_sub_return\n\ + subf %0,%1,%0\n\ + stdcx. %0,0,%2 \n\ +@@ -355,36 +637,23 @@ static __inline__ long atomic64_sub_return(long a, atomic64_t *v) + return t; + } + +-static __inline__ void atomic64_inc(atomic64_t *v) +-{ +- long t; ++/* ++ * atomic64_inc - increment atomic variable ++ * @v: pointer of type atomic64_t ++ * ++ * Automatically increments @v by 1 ++ */ ++#define atomic64_inc(v) atomic64_add(1, (v)) ++#define atomic64_inc_return(v) atomic64_add_return(1, (v)) + +- __asm__ __volatile__( +-"1: ldarx %0,0,%2 # atomic64_inc\n\ +- addic %0,%0,1\n\ +- stdcx. %0,0,%2 \n\ +- bne- 1b" +- : "=&r" (t), "+m" (v->counter) +- : "r" (&v->counter) +- : "cc", "xer"); ++static __inline__ void atomic64_inc_unchecked(atomic64_unchecked_t *v) ++{ ++ atomic64_add_unchecked(1, v); + } + +-static __inline__ long atomic64_inc_return(atomic64_t *v) ++static __inline__ int atomic64_inc_return_unchecked(atomic64_unchecked_t *v) + { +- long t; +- +- __asm__ __volatile__( +- PPC_ATOMIC_ENTRY_BARRIER +-"1: ldarx %0,0,%1 # atomic64_inc_return\n\ +- addic %0,%0,1\n\ +- stdcx. %0,0,%1 \n\ +- bne- 1b" +- PPC_ATOMIC_EXIT_BARRIER +- : "=&r" (t) +- : "r" (&v->counter) +- : "cc", "xer", "memory"); +- +- return t; ++ return atomic64_add_return_unchecked(1, v); + } + + /* +@@ -397,36 +666,18 @@ static __inline__ long atomic64_inc_return(atomic64_t *v) + */ + #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0) + +-static __inline__ void atomic64_dec(atomic64_t *v) ++/* ++ * atomic64_dec - decrement atomic variable ++ * @v: pointer of type atomic64_t ++ * ++ * Atomically decrements @v by 1 ++ */ ++#define atomic64_dec(v) atomic64_sub(1, (v)) ++#define atomic64_dec_return(v) atomic64_sub_return(1, (v)) ++ ++static __inline__ void atomic64_dec_unchecked(atomic64_unchecked_t *v) + { +- long t; +- +- __asm__ __volatile__( +-"1: ldarx %0,0,%2 # atomic64_dec\n\ +- addic %0,%0,-1\n\ +- stdcx. %0,0,%2\n\ +- bne- 1b" +- : "=&r" (t), "+m" (v->counter) +- : "r" (&v->counter) +- : "cc", "xer"); +-} +- +-static __inline__ long atomic64_dec_return(atomic64_t *v) +-{ +- long t; +- +- __asm__ __volatile__( +- PPC_ATOMIC_ENTRY_BARRIER +-"1: ldarx %0,0,%1 # atomic64_dec_return\n\ +- addic %0,%0,-1\n\ +- stdcx. %0,0,%1\n\ +- bne- 1b" +- PPC_ATOMIC_EXIT_BARRIER +- : "=&r" (t) +- : "r" (&v->counter) +- : "cc", "xer", "memory"); +- +- return t; ++ atomic64_sub_unchecked(1, v); + } + + #define atomic64_sub_and_test(a, v) (atomic64_sub_return((a), (v)) == 0) +@@ -459,6 +710,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v) + #define atomic64_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n))) + #define atomic64_xchg(v, new) (xchg(&((v)->counter), new)) + ++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new) ++{ ++ return cmpxchg(&(v->counter), old, new); ++} ++ ++static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new) ++{ ++ return xchg(&(v->counter), new); ++} ++ + /** + * atomic64_add_unless - add unless the number is a given value + * @v: pointer of type atomic64_t diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h index bab79a1..4a3eabc 100644 --- a/arch/powerpc/include/asm/barrier.h @@ -8224,10 +8908,10 @@ index 5acabbd..7ea14fa 100644 #endif /* __KERNEL__ */ #endif /* _ASM_POWERPC_KMAP_TYPES_H */ diff --git a/arch/powerpc/include/asm/local.h b/arch/powerpc/include/asm/local.h -index b8da913..60b608a 100644 +index b8da913..c02b593 100644 --- a/arch/powerpc/include/asm/local.h +++ b/arch/powerpc/include/asm/local.h -@@ -9,15 +9,26 @@ typedef struct +@@ -9,21 +9,65 @@ typedef struct atomic_long_t a; } local_t; @@ -8254,23 +8938,46 @@ index b8da913..60b608a 100644 static __inline__ long local_add_return(long a, local_t *l) { -@@ -35,6 +46,7 @@ static __inline__ long local_add_return(long a, local_t *l) + long t; - return t; - } -+#define local_add_return_unchecked(i, l) atomic_long_add_return_unchecked((i), (&(l)->a)) - - #define local_add_negative(a, l) (local_add_return((a), (l)) < 0) - -@@ -54,6 +66,7 @@ static __inline__ long local_sub_return(long a, local_t *l) - - return t; - } -+#define local_sub_return_unchecked(i, l) atomic_long_sub_return_unchecked((i), (&(l)->a)) - - static __inline__ long local_inc_return(local_t *l) - { -@@ -101,6 +114,8 @@ static __inline__ long local_dec_return(local_t *l) + __asm__ __volatile__( ++"1:" PPC_LLARX(%0,0,%2,0) " # local_add_return\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" addo. %0,%1,%0\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" add %0,%1,%0\n" ++#endif ++ ++"3:\n" ++ PPC405_ERR77(0,%2) ++ PPC_STLCX "%0,0,%2 \n\ ++ bne- 1b" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++"\n4:\n" ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ ++ : "=&r" (t) ++ : "r" (a), "r" (&(l->a.counter)) ++ : "cc", "memory"); ++ ++ return t; ++} ++ ++static __inline__ long local_add_return_unchecked(long a, local_unchecked_t *l) ++{ ++ long t; ++ ++ __asm__ __volatile__( + "1:" PPC_LLARX(%0,0,%2,0) " # local_add_return\n\ + add %0,%1,%0\n" + PPC405_ERR77(0,%2) +@@ -101,6 +145,8 @@ static __inline__ long local_dec_return(local_t *l) #define local_cmpxchg(l, o, n) \ (cmpxchg_local(&((l)->a.counter), (o), (n))) @@ -8424,6 +9131,73 @@ index 5a6614a..d89995d1 100644 extern void smp_send_debugger_break(void); extern void start_secondary_resume(void); +diff --git a/arch/powerpc/include/asm/spinlock.h b/arch/powerpc/include/asm/spinlock.h +index 4dbe072..b803275 100644 +--- a/arch/powerpc/include/asm/spinlock.h ++++ b/arch/powerpc/include/asm/spinlock.h +@@ -204,13 +204,29 @@ static inline long __arch_read_trylock(arch_rwlock_t *rw) + __asm__ __volatile__( + "1: " PPC_LWARX(%0,0,%1,1) "\n" + __DO_SIGN_EXTEND +-" addic. %0,%0,1\n\ +- ble- 2f\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" addico. %0,%0,1\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" addic. %0,%0,1\n" ++#endif ++ ++"3:\n" ++ "ble- 4f\n" + PPC405_ERR77(0,%1) + " stwcx. %0,0,%1\n\ + bne- 1b\n" + PPC_ACQUIRE_BARRIER +-"2:" : "=&r" (tmp) ++"4:" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ _ASM_EXTABLE(2b,4b) ++#endif ++ ++ : "=&r" (tmp) + : "r" (&rw->lock) + : "cr0", "xer", "memory"); + +@@ -286,11 +302,27 @@ static inline void arch_read_unlock(arch_rwlock_t *rw) + __asm__ __volatile__( + "# read_unlock\n\t" + PPC_RELEASE_BARRIER +-"1: lwarx %0,0,%1\n\ +- addic %0,%0,-1\n" ++"1: lwarx %0,0,%1\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++" mcrxr cr0\n" ++" addico. %0,%0,-1\n" ++" bf 4*cr0+so, 3f\n" ++"2:.long " "0x00c00b00""\n" ++#else ++" addic. %0,%0,-1\n" ++#endif ++ ++"3:\n" + PPC405_ERR77(0,%1) + " stwcx. %0,0,%1\n\ + bne- 1b" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++"\n4:\n" ++ _ASM_EXTABLE(2b, 4b) ++#endif ++ + : "=&r"(tmp) + : "r"(&rw->lock) + : "cr0", "xer", "memory"); diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h index b034ecd..af7e31f 100644 --- a/arch/powerpc/include/asm/thread_info.h @@ -8905,10 +9679,18 @@ index 2cb0c94..c0c0bc9 100644 } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 0dc43f9..7893068 100644 +index 0dc43f9..a885d33 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c -@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -142,6 +143,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) return flags; } @@ -8917,7 +9699,7 @@ index 0dc43f9..7893068 100644 static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) { -@@ -191,6 +193,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, +@@ -191,6 +194,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -8927,6 +9709,33 @@ index 0dc43f9..7893068 100644 do_exit(signr); } +@@ -1137,6 +1143,26 @@ void __kprobes program_check_exception(struct pt_regs *regs) + enum ctx_state prev_state = exception_enter(); + unsigned int reason = get_reason(regs); + ++#ifdef CONFIG_PAX_REFCOUNT ++ unsigned int bkpt; ++ const struct exception_table_entry *entry; ++ ++ if (reason & REASON_ILLEGAL) { ++ /* Check if PaX bad instruction */ ++ if (!probe_kernel_address(regs->nip, bkpt) && bkpt == 0xc00b00) { ++ current->thread.trap_nr = 0; ++ pax_report_refcount_overflow(regs); ++ /* fixup_exception() for PowerPC does not exist, simulate its job */ ++ if ((entry = search_exception_tables(regs->nip)) != NULL) { ++ regs->nip = entry->fixup; ++ return; ++ } ++ /* fixup_exception() could not handle */ ++ goto bail; ++ } ++ } ++#endif ++ + /* We can now get here via a FP Unavailable exception if the core + * has no FPU, in that case the reason flags will be 0 */ + diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c index f174351..5722009 100644 --- a/arch/powerpc/kernel/vdso.c @@ -9950,20 +10759,6 @@ index 370ca1e..d4f4a98 100644 extern unsigned long sparc64_elf_hwcap; #define ELF_HWCAP sparc64_elf_hwcap -diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h -index f346824..2e3a4ad 100644 ---- a/arch/sparc/include/asm/oplib_64.h -+++ b/arch/sparc/include/asm/oplib_64.h -@@ -62,7 +62,8 @@ struct linux_mem_p1275 { - /* You must call prom_init() before using any of the library services, - * preferably as early as possible. Pass it the romvec pointer. - */ --void prom_init(void *cif_handler, void *cif_stack); -+void prom_init(void *cif_handler); -+void prom_init_report(void); - - /* Boot argument acquisition, returns the boot command line string. */ - char *prom_getbootargs(void); diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h index a3890da..f6a408e 100644 --- a/arch/sparc/include/asm/pgalloc_32.h @@ -9977,16 +10772,16 @@ index a3890da..f6a408e 100644 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address) diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h -index 39a7ac4..2c9b586 100644 +index 5e31871..b71c9d7 100644 --- a/arch/sparc/include/asm/pgalloc_64.h +++ b/arch/sparc/include/asm/pgalloc_64.h -@@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) +@@ -38,6 +38,7 @@ static inline void __pud_populate(pud_t *pud, pmd_t *pmd) } - #define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD) + #define pud_populate(MM, PUD, PMD) __pud_populate(PUD, PMD) +#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD)) - static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) { diff --git a/arch/sparc/include/asm/pgtable.h b/arch/sparc/include/asm/pgtable.h index 59ba6f6..4518128 100644 @@ -10057,17 +10852,10 @@ index 79da178..c2eede8 100644 SRMMU_DIRTY | SRMMU_REF) diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h -index f5fffd8..4272fe8 100644 +index 29d64b1..4272fe8 100644 --- a/arch/sparc/include/asm/setup.h +++ b/arch/sparc/include/asm/setup.h -@@ -48,13 +48,15 @@ unsigned long safe_compute_effective_address(struct pt_regs *, unsigned int); - #endif - - #ifdef CONFIG_SPARC64 -+void __init start_early_boot(void); -+ - /* unaligned_64.c */ - int handle_ldf_stq(u32 insn, struct pt_regs *regs); +@@ -55,8 +55,8 @@ int handle_ldf_stq(u32 insn, struct pt_regs *regs); void handle_ld_nf(u32 insn, struct pt_regs *regs); /* init_64.c */ @@ -10193,22 +10981,19 @@ index 96efa7a..16858bf 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index a5f01ac..a8811dd 100644 +index cc6275c..7eb8e21 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h -@@ -63,7 +63,10 @@ struct thread_info { +@@ -63,6 +63,8 @@ struct thread_info { struct pt_regs *kern_una_regs; unsigned int kern_una_insn; -- unsigned long fpregs[0] __attribute__ ((aligned(64))); + unsigned long lowest_stack; + -+ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)] -+ __attribute__ ((aligned(64))); + unsigned long fpregs[(7 * 256) / sizeof(unsigned long)] + __attribute__ ((aligned(64))); }; - - #endif /* !(__ASSEMBLY__) */ -@@ -188,12 +191,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -190,12 +192,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ /* flag bit 4 is available */ #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ @@ -10223,7 +11008,7 @@ index a5f01ac..a8811dd 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -213,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1<cpu as early as possible. -- * In order to do that accurately we have to patch up the get_cpuid() -- * assembler sequences. And that, in turn, requires that we know -- * if we are on a Starfire box or not. While we're here, patch up -- * the sun4v sequences as well. -+ /* To create a one-register-window buffer between the kernel's -+ * initial stack and the last stack frame we use from the firmware, -+ * do the rest of the boot from a C helper function. - */ -- call check_if_starfire -- nop -- call per_cpu_patch -- nop -- call sun4v_patch -- nop -- --#ifdef CONFIG_SMP -- call hard_smp_processor_id -- nop -- cmp %o0, NR_CPUS -- blu,pt %xcc, 1f -- nop -- call boot_cpu_id_too_large -- nop -- /* Not reached... */ -- --1: --#else -- mov 0, %o0 --#endif -- sth %o0, [%g6 + TI_CPU] -- -- call prom_init_report -- nop -- -- /* Off we go.... */ -- call start_kernel -+ call start_early_boot - nop - /* Not reached... */ - -diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S -index b7ddcdd..cdbfec2 100644 ---- a/arch/sparc/kernel/hvtramp.S -+++ b/arch/sparc/kernel/hvtramp.S -@@ -109,7 +109,6 @@ hv_cpu_startup: - sllx %g5, THREAD_SHIFT, %g5 - sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5 - add %g6, %g5, %sp -- mov 0, %fp - - call init_irqwork_curcpu - nop diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c index 50e7b62..79fae35 100644 --- a/arch/sparc/kernel/process_32.c @@ -10587,73 +11274,11 @@ index c13c9f2..d572c34 100644 audit_syscall_exit(regs); if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) -diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c -index 3fdb455..949f773 100644 ---- a/arch/sparc/kernel/setup_64.c -+++ b/arch/sparc/kernel/setup_64.c -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE]; - - static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 }; - --void __init per_cpu_patch(void) -+static void __init per_cpu_patch(void) - { - struct cpuid_patch_entry *p; - unsigned long ver; -@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start, - } - } - --void __init sun4v_patch(void) -+static void __init sun4v_patch(void) - { - extern void sun4v_hvapi_init(void); - -@@ -335,14 +336,25 @@ static void __init pause_patch(void) - } - } - --#ifdef CONFIG_SMP --void __init boot_cpu_id_too_large(int cpu) -+void __init start_early_boot(void) - { -- prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n", -- cpu, NR_CPUS); -- prom_halt(); -+ int cpu; -+ -+ check_if_starfire(); -+ per_cpu_patch(); -+ sun4v_patch(); -+ -+ cpu = hard_smp_processor_id(); -+ if (cpu >= NR_CPUS) { -+ prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n", -+ cpu, NR_CPUS); -+ prom_halt(); -+ } -+ current_thread_info()->cpu = cpu; -+ -+ prom_init_report(); -+ start_kernel(); - } --#endif - - /* On Ultra, we support all of the v8 capabilities. */ - unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c -index f7ba875..b65677e 100644 +index 81954ee..6cfaa98 100644 --- a/arch/sparc/kernel/smp_64.c +++ b/arch/sparc/kernel/smp_64.c -@@ -883,7 +883,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) +@@ -887,7 +887,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) return; #ifdef CONFIG_DEBUG_DCFLUSH @@ -10662,7 +11287,7 @@ index f7ba875..b65677e 100644 #endif this_cpu = get_cpu(); -@@ -907,7 +907,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) +@@ -911,7 +911,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) xcall_deliver(data0, __pa(pg_addr), (u64) pg_addr, cpumask_of(cpu)); #ifdef CONFIG_DEBUG_DCFLUSH @@ -10671,7 +11296,7 @@ index f7ba875..b65677e 100644 #endif } } -@@ -926,7 +926,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page) +@@ -930,7 +930,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page) preempt_disable(); #ifdef CONFIG_DEBUG_DCFLUSH @@ -10680,7 +11305,7 @@ index f7ba875..b65677e 100644 #endif data0 = 0; pg_addr = page_address(page); -@@ -943,7 +943,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page) +@@ -947,7 +947,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page) xcall_deliver(data0, __pa(pg_addr), (u64) pg_addr, cpu_online_mask); #ifdef CONFIG_DEBUG_DCFLUSH @@ -10915,36 +11540,6 @@ index 33a17e7..d87fb1f 100644 ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc 2: -diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S -index 737f8cb..88ede1d 100644 ---- a/arch/sparc/kernel/trampoline_64.S -+++ b/arch/sparc/kernel/trampoline_64.S -@@ -109,10 +109,13 @@ startup_continue: - brnz,pn %g1, 1b - nop - -- sethi %hi(p1275buf), %g2 -- or %g2, %lo(p1275buf), %g2 -- ldx [%g2 + 0x10], %l2 -- add %l2, -(192 + 128), %sp -+ /* Get onto temporary stack which will be in the locked -+ * kernel image. -+ */ -+ sethi %hi(tramp_stack), %g1 -+ or %g1, %lo(tramp_stack), %g1 -+ add %g1, TRAMP_STACK_SIZE, %g1 -+ sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp - flushw - - /* Setup the loop variables: -@@ -394,7 +397,6 @@ after_lock_tlb: - sllx %g5, THREAD_SHIFT, %g5 - sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5 - add %g6, %g5, %sp -- mov 0, %fp - - rdpr %pstate, %o1 - or %o1, PSTATE_IE, %o1 diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index 6fd386c5..6907d81 100644 --- a/arch/sparc/kernel/traps_32.c @@ -10979,7 +11574,7 @@ index 6fd386c5..6907d81 100644 } diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c -index fb6640e..2daada8 100644 +index 981a769..d906eda 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c @@ -79,7 +79,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) @@ -11097,8 +11692,8 @@ index fb6640e..2daada8 100644 + atomic_inc_unchecked(&sun4v_nonresum_oflow_cnt); } - unsigned long sun4v_err_itlb_vaddr; -@@ -2116,9 +2127,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl) + static void sun4v_tlb_error(struct pt_regs *regs) +@@ -2120,9 +2131,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl) printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n", regs->tpc, tl); @@ -11110,7 +11705,7 @@ index fb6640e..2daada8 100644 (void *) regs->u_regs[UREG_I7]); printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] " "pte[%lx] error[%lx]\n", -@@ -2140,9 +2151,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl) +@@ -2143,9 +2154,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl) printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n", regs->tpc, tl); @@ -11122,7 +11717,7 @@ index fb6640e..2daada8 100644 (void *) regs->u_regs[UREG_I7]); printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] " "pte[%lx] error[%lx]\n", -@@ -2359,13 +2370,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) +@@ -2362,13 +2373,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) fp = (unsigned long)sf->fp + STACK_BIAS; } @@ -11138,7 +11733,7 @@ index fb6640e..2daada8 100644 graph++; } } -@@ -2383,6 +2394,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw) +@@ -2386,6 +2397,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw) return (struct reg_window *) (fp + STACK_BIAS); } @@ -11147,7 +11742,7 @@ index fb6640e..2daada8 100644 void __noreturn die_if_kernel(char *str, struct pt_regs *regs) { static int die_counter; -@@ -2411,7 +2424,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs) +@@ -2414,7 +2427,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs) while (rw && count++ < 30 && kstack_valid(tp, (unsigned long) rw)) { @@ -11156,7 +11751,7 @@ index fb6640e..2daada8 100644 (void *) rw->ins[7]); rw = kernel_stack_up(rw); -@@ -2424,8 +2437,10 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs) +@@ -2427,8 +2440,10 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs) } user_instruction_dump ((unsigned int __user *) regs->tpc); } @@ -11762,7 +12357,7 @@ index 908e8c1..1524793 100644 if (!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c -index 587cd05..fbdf17a 100644 +index 18fcd71..e4fe821 100644 --- a/arch/sparc/mm/fault_64.c +++ b/arch/sparc/mm/fault_64.c @@ -22,6 +22,9 @@ @@ -12251,7 +12846,7 @@ index 587cd05..fbdf17a 100644 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) { enum ctx_state prev_state = exception_enter(); -@@ -350,6 +813,29 @@ retry: +@@ -353,6 +816,29 @@ retry: if (!vma) goto bad_area; @@ -12281,47 +12876,6 @@ index 587cd05..fbdf17a 100644 /* Pure DTLB misses do not tell us whether the fault causing * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the -diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c -index 1aed043..ae6ce38 100644 ---- a/arch/sparc/mm/gup.c -+++ b/arch/sparc/mm/gup.c -@@ -160,6 +160,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end, - return 1; - } - -+int __get_user_pages_fast(unsigned long start, int nr_pages, int write, -+ struct page **pages) -+{ -+ struct mm_struct *mm = current->mm; -+ unsigned long addr, len, end; -+ unsigned long next, flags; -+ pgd_t *pgdp; -+ int nr = 0; -+ -+ start &= PAGE_MASK; -+ addr = start; -+ len = (unsigned long) nr_pages << PAGE_SHIFT; -+ end = start + len; -+ -+ local_irq_save(flags); -+ pgdp = pgd_offset(mm, addr); -+ do { -+ pgd_t pgd = *pgdp; -+ -+ next = pgd_addr_end(addr, end); -+ if (pgd_none(pgd)) -+ break; -+ if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) -+ break; -+ } while (pgdp++, addr = next, addr != end); -+ local_irq_restore(flags); -+ -+ return nr; -+} -+ - int get_user_pages_fast(unsigned long start, int nr_pages, int write, - struct page **pages) - { diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index d329537..2c3746a 100644 --- a/arch/sparc/mm/hugetlbpage.c @@ -12429,10 +12983,10 @@ index d329537..2c3746a 100644 pte_t *huge_pte_alloc(struct mm_struct *mm, diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c -index 98ac8e8..ba7dd39 100644 +index 04bc826..0fefab9 100644 --- a/arch/sparc/mm/init_64.c +++ b/arch/sparc/mm/init_64.c -@@ -190,9 +190,9 @@ unsigned long sparc64_kern_sec_context __read_mostly; +@@ -186,9 +186,9 @@ unsigned long sparc64_kern_sec_context __read_mostly; int num_kernel_image_mappings; #ifdef CONFIG_DEBUG_DCFLUSH @@ -12444,7 +12998,7 @@ index 98ac8e8..ba7dd39 100644 #endif #endif -@@ -200,7 +200,7 @@ inline void flush_dcache_page_impl(struct page *page) +@@ -196,7 +196,7 @@ inline void flush_dcache_page_impl(struct page *page) { BUG_ON(tlb_type == hypervisor); #ifdef CONFIG_DEBUG_DCFLUSH @@ -12453,7 +13007,7 @@ index 98ac8e8..ba7dd39 100644 #endif #ifdef DCACHE_ALIASING_POSSIBLE -@@ -472,10 +472,10 @@ void mmu_info(struct seq_file *m) +@@ -468,10 +468,10 @@ void mmu_info(struct seq_file *m) #ifdef CONFIG_DEBUG_DCFLUSH seq_printf(m, "DCPageFlushes\t: %d\n", @@ -12478,63 +13032,6 @@ index ece4af0..f04b862 100644 + + bpf_prog_unlock_free(fp); } -diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S -index 9c86b4b..8050f38 100644 ---- a/arch/sparc/prom/cif.S -+++ b/arch/sparc/prom/cif.S -@@ -11,11 +11,10 @@ - .text - .globl prom_cif_direct - prom_cif_direct: -+ save %sp, -192, %sp - sethi %hi(p1275buf), %o1 - or %o1, %lo(p1275buf), %o1 -- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack -- save %o2, -192, %sp -- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler -+ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler - mov %g4, %l0 - mov %g5, %l1 - mov %g6, %l3 -diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c -index d95db75..110b0d7 100644 ---- a/arch/sparc/prom/init_64.c -+++ b/arch/sparc/prom/init_64.c -@@ -26,13 +26,13 @@ phandle prom_chosen_node; - * It gets passed the pointer to the PROM vector. - */ - --extern void prom_cif_init(void *, void *); -+extern void prom_cif_init(void *); - --void __init prom_init(void *cif_handler, void *cif_stack) -+void __init prom_init(void *cif_handler) - { - phandle node; - -- prom_cif_init(cif_handler, cif_stack); -+ prom_cif_init(cif_handler); - - prom_chosen_node = prom_finddevice(prom_chosen_path); - if (!prom_chosen_node || (s32)prom_chosen_node == -1) -diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c -index e58b817..c27c30e4 100644 ---- a/arch/sparc/prom/p1275.c -+++ b/arch/sparc/prom/p1275.c -@@ -19,7 +19,6 @@ - struct { - long prom_callback; /* 0x00 */ - void (*prom_cif_handler)(long *); /* 0x08 */ -- unsigned long prom_cif_stack; /* 0x10 */ - } p1275buf; - - extern void prom_world(int); -@@ -51,5 +50,4 @@ void p1275_cmd_direct(unsigned long *args) - void prom_cif_init(void *cif_handler, void *cif_stack) - { - p1275buf.prom_cif_handler = (void (*)(long *))cif_handler; -- p1275buf.prom_cif_stack = (unsigned long)cif_stack; - } diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig index 7fcd492..1311074 100644 --- a/arch/tile/Kconfig @@ -12966,7 +13463,7 @@ index bd49ec6..94c7f58 100644 } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 0fcd913..3bb5c42 100644 +index 14fe7cb..829b962 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y) @@ -13022,7 +13519,7 @@ index a53440e..c3dbf1e 100644 .previous diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S -index cbed140..5f2ca57 100644 +index 1d7fbbc..36ecd58 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -140,10 +140,10 @@ preferred_addr: @@ -13039,7 +13536,7 @@ index cbed140..5f2ca57 100644 /* Target address to relocate to for decompression */ diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 2884e0c..904a2f7 100644 +index 6b1766c..ad465c9 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -94,10 +94,10 @@ ENTRY(startup_32) @@ -13068,7 +13565,7 @@ index 2884e0c..904a2f7 100644 1: /* Target address to relocate to for decompression */ -@@ -431,8 +431,8 @@ gdt: +@@ -434,8 +434,8 @@ gdt: .long gdt .word 0 .quad 0x0000000000000000 /* NULL descriptor */ @@ -13080,7 +13577,7 @@ index 2884e0c..904a2f7 100644 .quad 0x0000000000000000 /* TS continued */ gdt_end: diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 57ab74d..7c52182 100644 +index 30dd59a..cd9edc3 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -242,7 +242,7 @@ static void handle_relocations(void *output, unsigned long output_len) @@ -13119,7 +13616,7 @@ index 57ab74d..7c52182 100644 break; default: /* Ignore other PT_* */ break; } -@@ -395,7 +398,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap, +@@ -402,7 +405,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -14877,7 +15374,7 @@ index f9e181a..db313b5 100644 err |= copy_siginfo_to_user32(&frame->info, &ksig->info); diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index 4299eb0..fefe70e 100644 +index 92a2e93..cd4d95f 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -15,8 +15,10 @@ @@ -14955,7 +15452,7 @@ index 4299eb0..fefe70e 100644 movl %ebp,%ebp /* zero extension */ pushq_cfi $__USER32_DS /*CFI_REL_OFFSET ss,0*/ -@@ -135,24 +157,49 @@ ENTRY(ia32_sysenter_target) +@@ -135,23 +157,46 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ @@ -14997,20 +15494,27 @@ index 4299eb0..fefe70e 100644 1: movl (%rbp),%ebp _ASM_EXTABLE(1b,ia32_badarg) ASM_CLAC -- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) -+ + +#ifdef CONFIG_PAX_MEMORY_UDEREF + ASM_PAX_CLOSE_USERLAND +#endif + + /* + * Sysenter doesn't filter flags, so we need to clear NT + * ourselves. To save a few cycles, we can check whether +@@ -161,8 +206,9 @@ ENTRY(ia32_sysenter_target) + jnz sysenter_fix_flags + sysenter_flags_fixed: + +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -162,15 +209,18 @@ sysenter_do_call: +@@ -172,15 +218,18 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -15033,7 +15537,7 @@ index 4299eb0..fefe70e 100644 CFI_REGISTER rip,rdx RESTORE_ARGS 0,24,0,0,0,0 xorq %r8,%r8 -@@ -193,6 +243,9 @@ sysexit_from_sys_call: +@@ -205,6 +254,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -15043,7 +15547,7 @@ index 4299eb0..fefe70e 100644 movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -204,7 +257,7 @@ sysexit_from_sys_call: +@@ -216,7 +268,7 @@ sysexit_from_sys_call: .endm .macro auditsys_exit exit @@ -15052,7 +15556,7 @@ index 4299eb0..fefe70e 100644 jnz ia32_ret_from_sys_call TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -215,11 +268,12 @@ sysexit_from_sys_call: +@@ -227,11 +279,12 @@ sysexit_from_sys_call: 1: setbe %al /* 1 if error, 0 if not */ movzbl %al,%edi /* zero-extend that into %edi */ call __audit_syscall_exit @@ -15066,7 +15570,7 @@ index 4299eb0..fefe70e 100644 jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -237,7 +291,7 @@ sysexit_audit: +@@ -253,7 +306,7 @@ sysenter_fix_flags: sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -15075,7 +15579,7 @@ index 4299eb0..fefe70e 100644 jz sysenter_auditsys #endif SAVE_REST -@@ -249,6 +303,9 @@ sysenter_tracesys: +@@ -265,6 +318,9 @@ sysenter_tracesys: RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ @@ -15085,7 +15589,7 @@ index 4299eb0..fefe70e 100644 jmp sysenter_do_call CFI_ENDPROC ENDPROC(ia32_sysenter_target) -@@ -276,19 +333,25 @@ ENDPROC(ia32_sysenter_target) +@@ -292,19 +348,25 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -15113,7 +15617,7 @@ index 4299eb0..fefe70e 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -304,12 +367,25 @@ ENTRY(ia32_cstar_target) +@@ -320,12 +382,25 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -15141,7 +15645,7 @@ index 4299eb0..fefe70e 100644 CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -319,13 +395,16 @@ cstar_do_call: +@@ -335,13 +410,16 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -15161,7 +15665,7 @@ index 4299eb0..fefe70e 100644 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx movl EFLAGS-ARGOFFSET(%rsp),%r11d -@@ -352,7 +431,7 @@ sysretl_audit: +@@ -368,7 +446,7 @@ sysretl_audit: cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -15170,7 +15674,7 @@ index 4299eb0..fefe70e 100644 jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -366,11 +445,19 @@ cstar_tracesys: +@@ -382,11 +460,19 @@ cstar_tracesys: xchgl %ebp,%r9d cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ @@ -15190,7 +15694,7 @@ index 4299eb0..fefe70e 100644 movq $-EFAULT,%rax jmp ia32_sysret CFI_ENDPROC -@@ -407,19 +494,26 @@ ENTRY(ia32_syscall) +@@ -423,19 +509,26 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -15224,7 +15728,7 @@ index 4299eb0..fefe70e 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -442,6 +536,9 @@ ia32_tracesys: +@@ -458,6 +551,9 @@ ia32_tracesys: RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ @@ -16979,7 +17483,7 @@ index ced283a..ffe04cc 100644 union { u64 v64; diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 1a055c8..1a5082a 100644 +index ca3347a..1a5082a 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t; @@ -16992,19 +17496,7 @@ index 1a055c8..1a5082a 100644 #if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT) extern unsigned int vdso32_enabled; #endif -@@ -160,8 +157,9 @@ do { \ - #define elf_check_arch(x) \ - ((x)->e_machine == EM_X86_64) - --#define compat_elf_check_arch(x) \ -- (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64) -+#define compat_elf_check_arch(x) \ -+ (elf_check_arch_ia32(x) || \ -+ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) - - #if __USER32_DS != __USER_DS - # error "The following code assumes __USER32_DS == __USER_DS" -@@ -248,7 +246,25 @@ extern int force_personality32; +@@ -249,7 +246,25 @@ extern int force_personality32; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -17030,7 +17522,7 @@ index 1a055c8..1a5082a 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -297,17 +313,13 @@ do { \ +@@ -298,17 +313,13 @@ do { \ #define ARCH_DLINFO \ do { \ @@ -17050,7 +17542,7 @@ index 1a055c8..1a5082a 100644 } while (0) #define AT_SYSINFO 32 -@@ -322,10 +334,10 @@ else \ +@@ -323,10 +334,10 @@ else \ #endif /* !CONFIG_X86_32 */ @@ -17063,7 +17555,7 @@ index 1a055c8..1a5082a 100644 selected_vdso32->sym___kernel_vsyscall) struct linux_binprm; -@@ -337,9 +349,6 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -338,9 +349,6 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp); #define compat_arch_setup_additional_pages compat_arch_setup_additional_pages @@ -17337,40 +17829,6 @@ index 53cdfb2..d1369e6 100644 #define flush_insn_slot(p) do { } while (0) -diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index 7c492ed..d16311f 100644 ---- a/arch/x86/include/asm/kvm_host.h -+++ b/arch/x86/include/asm/kvm_host.h -@@ -990,6 +990,20 @@ static inline void kvm_inject_gp(struct kvm_vcpu *vcpu, u32 error_code) - kvm_queue_exception_e(vcpu, GP_VECTOR, error_code); - } - -+static inline u64 get_canonical(u64 la) -+{ -+ return ((int64_t)la << 16) >> 16; -+} -+ -+static inline bool is_noncanonical_address(u64 la) -+{ -+#ifdef CONFIG_X86_64 -+ return get_canonical(la) != la; -+#else -+ return false; -+#endif -+} -+ - #define TSS_IOPB_BASE_OFFSET 0x66 - #define TSS_BASE_SIZE 0x68 - #define TSS_IOPB_SIZE (65536 / 8) -@@ -1048,7 +1062,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcpu *v); - void kvm_vcpu_reset(struct kvm_vcpu *vcpu); - - void kvm_define_shared_msr(unsigned index, u32 msr); --void kvm_set_shared_msr(unsigned index, u64 val, u64 mask); -+int kvm_set_shared_msr(unsigned index, u64 val, u64 mask); - - bool kvm_is_linear_rip(struct kvm_vcpu *vcpu, unsigned long linear_rip); - diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h index 4ad6560..75c7bdd 100644 --- a/arch/x86/include/asm/local.h @@ -20854,26 +21312,6 @@ index 7b0a55a..ad115bf 100644 #endif /* __ASSEMBLY__ */ /* top of stack page */ -diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h -index 0e79420..990a2fe 100644 ---- a/arch/x86/include/uapi/asm/vmx.h -+++ b/arch/x86/include/uapi/asm/vmx.h -@@ -67,6 +67,7 @@ - #define EXIT_REASON_EPT_MISCONFIG 49 - #define EXIT_REASON_INVEPT 50 - #define EXIT_REASON_PREEMPTION_TIMER 52 -+#define EXIT_REASON_INVVPID 53 - #define EXIT_REASON_WBINVD 54 - #define EXIT_REASON_XSETBV 55 - #define EXIT_REASON_APIC_WRITE 56 -@@ -114,6 +115,7 @@ - { EXIT_REASON_EOI_INDUCED, "EOI_INDUCED" }, \ - { EXIT_REASON_INVALID_STATE, "INVALID_STATE" }, \ - { EXIT_REASON_INVD, "INVD" }, \ -+ { EXIT_REASON_INVVPID, "INVVPID" }, \ - { EXIT_REASON_INVPCID, "INVPCID" } - - #endif /* _UAPIVMX_H */ diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index ada2e2d..ca69e16 100644 --- a/arch/x86/kernel/Makefile @@ -20888,10 +21326,10 @@ index ada2e2d..ca69e16 100644 obj-$(CONFIG_X86_64) += mcount_64.o obj-y += syscall_$(BITS).o vsyscall_gtod.o diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c -index b436fc7..1ba7044 100644 +index a142e77..6222cdd 100644 --- a/arch/x86/kernel/acpi/boot.c +++ b/arch/x86/kernel/acpi/boot.c -@@ -1272,7 +1272,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) +@@ -1276,7 +1276,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) * If your system is blacklisted here, but you find that acpi=force * works for you, please contact linux-acpi@vger.kernel.org */ @@ -20900,7 +21338,7 @@ index b436fc7..1ba7044 100644 /* * Boxes that need ACPI disabled */ -@@ -1347,7 +1347,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { +@@ -1351,7 +1351,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { }; /* second table for DMI checks that should run after early-quirks */ @@ -21114,7 +21552,7 @@ index 703130f..27a155d 100644 bp_int3_handler = handler; bp_int3_addr = (u8 *)addr + sizeof(int3); diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index 6776027..972266c 100644 +index 24b5894..6d9701b 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -201,7 +201,7 @@ int first_system_vector = 0xfe; @@ -21440,7 +21878,7 @@ index 60e5497..8efbd2f 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index e4ab2b4..d487ba5 100644 +index 3126558..a1028f6 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -90,60 +90,6 @@ static const struct cpu_dev default_cpu = { @@ -27003,7 +27441,7 @@ index ca5b02d..c0b2f6a 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 678c0ad..2fc2a7b 100644 +index b1a5dfa..ed94526 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -186,10 +186,10 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) @@ -27111,9 +27549,9 @@ index 678c0ad..2fc2a7b 100644 } void user_single_step_siginfo(struct task_struct *tsk, -@@ -1450,6 +1464,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, - # define IS_IA32 0 - #endif +@@ -1441,6 +1455,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, + force_sig_info(SIGTRAP, &info, tsk); + } +#ifdef CONFIG_GRKERNSEC_SETXID +extern void gr_delayed_cred_worker(void); @@ -27122,7 +27560,7 @@ index 678c0ad..2fc2a7b 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1460,6 +1478,11 @@ long syscall_trace_enter(struct pt_regs *regs) +@@ -1451,6 +1469,11 @@ long syscall_trace_enter(struct pt_regs *regs) user_exit(); @@ -27134,7 +27572,7 @@ index 678c0ad..2fc2a7b 100644 /* * If we stepped into a sysenter/syscall insn, it trapped in * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. -@@ -1515,6 +1538,11 @@ void syscall_trace_leave(struct pt_regs *regs) +@@ -1506,6 +1529,11 @@ void syscall_trace_leave(struct pt_regs *regs) */ user_exit(); @@ -27501,7 +27939,7 @@ index 5cdff03..80fa283 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 2851d63..83bf567 100644 +index ed37a76..39f936e 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -28289,7 +28727,7 @@ index 0d0e922..0886373 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c -index b6025f9..0cc6a1d 100644 +index b7e50bb..f4a93ae 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data) @@ -28763,7 +29201,7 @@ index e48b674..a451dd9 100644 .read = native_io_apic_read, .write = native_io_apic_write, diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index 940b142..0ad3a10 100644 +index 4c540c4..0b985b0 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c @@ -167,18 +167,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame) @@ -28805,7 +29243,7 @@ index 940b142..0ad3a10 100644 if (use_xsave()) err = xsave_user(buf); else if (use_fxsr()) -@@ -314,6 +315,7 @@ sanitize_restored_xstate(struct task_struct *tsk, +@@ -312,6 +313,7 @@ sanitize_restored_xstate(struct task_struct *tsk, */ static inline int restore_user_xstate(void __user *buf, u64 xbv, int fx_only) { @@ -28864,543 +29302,6 @@ index 38a0afe..94421a9 100644 return 0; out: -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 03954f7..48daa1a 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -504,11 +504,6 @@ static void rsp_increment(struct x86_emulate_ctxt *ctxt, int inc) - masked_increment(reg_rmw(ctxt, VCPU_REGS_RSP), stack_mask(ctxt), inc); - } - --static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) --{ -- register_address_increment(ctxt, &ctxt->_eip, rel); --} -- - static u32 desc_limit_scaled(struct desc_struct *desc) - { - u32 limit = get_desc_limit(desc); -@@ -568,6 +563,38 @@ static int emulate_nm(struct x86_emulate_ctxt *ctxt) - return emulate_exception(ctxt, NM_VECTOR, 0, false); - } - -+static inline int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst, -+ int cs_l) -+{ -+ switch (ctxt->op_bytes) { -+ case 2: -+ ctxt->_eip = (u16)dst; -+ break; -+ case 4: -+ ctxt->_eip = (u32)dst; -+ break; -+ case 8: -+ if ((cs_l && is_noncanonical_address(dst)) || -+ (!cs_l && (dst & ~(u32)-1))) -+ return emulate_gp(ctxt, 0); -+ ctxt->_eip = dst; -+ break; -+ default: -+ WARN(1, "unsupported eip assignment size\n"); -+ } -+ return X86EMUL_CONTINUE; -+} -+ -+static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst) -+{ -+ return assign_eip_far(ctxt, dst, ctxt->mode == X86EMUL_MODE_PROT64); -+} -+ -+static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) -+{ -+ return assign_eip_near(ctxt, ctxt->_eip + rel); -+} -+ - static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg) - { - u16 selector; -@@ -750,8 +777,10 @@ static int __do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, int op_size) - static __always_inline int do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, - unsigned size) - { -- if (unlikely(ctxt->fetch.end - ctxt->fetch.ptr < size)) -- return __do_insn_fetch_bytes(ctxt, size); -+ unsigned done_size = ctxt->fetch.end - ctxt->fetch.ptr; -+ -+ if (unlikely(done_size < size)) -+ return __do_insn_fetch_bytes(ctxt, size - done_size); - else - return X86EMUL_CONTINUE; - } -@@ -1415,7 +1444,9 @@ static int write_segment_descriptor(struct x86_emulate_ctxt *ctxt, - - /* Does not support long mode */ - static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt, -- u16 selector, int seg, u8 cpl, bool in_task_switch) -+ u16 selector, int seg, u8 cpl, -+ bool in_task_switch, -+ struct desc_struct *desc) - { - struct desc_struct seg_desc, old_desc; - u8 dpl, rpl; -@@ -1547,6 +1578,8 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt, - } - load: - ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg); -+ if (desc) -+ *desc = seg_desc; - return X86EMUL_CONTINUE; - exception: - emulate_exception(ctxt, err_vec, err_code, true); -@@ -1557,7 +1590,7 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt, - u16 selector, int seg) - { - u8 cpl = ctxt->ops->cpl(ctxt); -- return __load_segment_descriptor(ctxt, selector, seg, cpl, false); -+ return __load_segment_descriptor(ctxt, selector, seg, cpl, false, NULL); - } - - static void write_register_operand(struct operand *op) -@@ -1951,17 +1984,31 @@ static int em_iret(struct x86_emulate_ctxt *ctxt) - static int em_jmp_far(struct x86_emulate_ctxt *ctxt) - { - int rc; -- unsigned short sel; -+ unsigned short sel, old_sel; -+ struct desc_struct old_desc, new_desc; -+ const struct x86_emulate_ops *ops = ctxt->ops; -+ u8 cpl = ctxt->ops->cpl(ctxt); -+ -+ /* Assignment of RIP may only fail in 64-bit mode */ -+ if (ctxt->mode == X86EMUL_MODE_PROT64) -+ ops->get_segment(ctxt, &old_sel, &old_desc, NULL, -+ VCPU_SREG_CS); - - memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2); - -- rc = load_segment_descriptor(ctxt, sel, VCPU_SREG_CS); -+ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false, -+ &new_desc); - if (rc != X86EMUL_CONTINUE) - return rc; - -- ctxt->_eip = 0; -- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes); -- return X86EMUL_CONTINUE; -+ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l); -+ if (rc != X86EMUL_CONTINUE) { -+ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64); -+ /* assigning eip failed; restore the old cs */ -+ ops->set_segment(ctxt, old_sel, &old_desc, 0, VCPU_SREG_CS); -+ return rc; -+ } -+ return rc; - } - - static int em_grp45(struct x86_emulate_ctxt *ctxt) -@@ -1972,13 +2019,15 @@ static int em_grp45(struct x86_emulate_ctxt *ctxt) - case 2: /* call near abs */ { - long int old_eip; - old_eip = ctxt->_eip; -- ctxt->_eip = ctxt->src.val; -+ rc = assign_eip_near(ctxt, ctxt->src.val); -+ if (rc != X86EMUL_CONTINUE) -+ break; - ctxt->src.val = old_eip; - rc = em_push(ctxt); - break; - } - case 4: /* jmp abs */ -- ctxt->_eip = ctxt->src.val; -+ rc = assign_eip_near(ctxt, ctxt->src.val); - break; - case 5: /* jmp far */ - rc = em_jmp_far(ctxt); -@@ -2013,30 +2062,47 @@ static int em_cmpxchg8b(struct x86_emulate_ctxt *ctxt) - - static int em_ret(struct x86_emulate_ctxt *ctxt) - { -- ctxt->dst.type = OP_REG; -- ctxt->dst.addr.reg = &ctxt->_eip; -- ctxt->dst.bytes = ctxt->op_bytes; -- return em_pop(ctxt); -+ int rc; -+ unsigned long eip; -+ -+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes); -+ if (rc != X86EMUL_CONTINUE) -+ return rc; -+ -+ return assign_eip_near(ctxt, eip); - } - - static int em_ret_far(struct x86_emulate_ctxt *ctxt) - { - int rc; -- unsigned long cs; -+ unsigned long eip, cs; -+ u16 old_cs; - int cpl = ctxt->ops->cpl(ctxt); -+ struct desc_struct old_desc, new_desc; -+ const struct x86_emulate_ops *ops = ctxt->ops; - -- rc = emulate_pop(ctxt, &ctxt->_eip, ctxt->op_bytes); -+ if (ctxt->mode == X86EMUL_MODE_PROT64) -+ ops->get_segment(ctxt, &old_cs, &old_desc, NULL, -+ VCPU_SREG_CS); -+ -+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes); - if (rc != X86EMUL_CONTINUE) - return rc; -- if (ctxt->op_bytes == 4) -- ctxt->_eip = (u32)ctxt->_eip; - rc = emulate_pop(ctxt, &cs, ctxt->op_bytes); - if (rc != X86EMUL_CONTINUE) - return rc; - /* Outer-privilege level return is not implemented */ - if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl) - return X86EMUL_UNHANDLEABLE; -- rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS); -+ rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, 0, false, -+ &new_desc); -+ if (rc != X86EMUL_CONTINUE) -+ return rc; -+ rc = assign_eip_far(ctxt, eip, new_desc.l); -+ if (rc != X86EMUL_CONTINUE) { -+ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64); -+ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS); -+ } - return rc; - } - -@@ -2297,7 +2363,7 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt) - { - const struct x86_emulate_ops *ops = ctxt->ops; - struct desc_struct cs, ss; -- u64 msr_data; -+ u64 msr_data, rcx, rdx; - int usermode; - u16 cs_sel = 0, ss_sel = 0; - -@@ -2313,6 +2379,9 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt) - else - usermode = X86EMUL_MODE_PROT32; - -+ rcx = reg_read(ctxt, VCPU_REGS_RCX); -+ rdx = reg_read(ctxt, VCPU_REGS_RDX); -+ - cs.dpl = 3; - ss.dpl = 3; - ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data); -@@ -2330,6 +2399,9 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt) - ss_sel = cs_sel + 8; - cs.d = 0; - cs.l = 1; -+ if (is_noncanonical_address(rcx) || -+ is_noncanonical_address(rdx)) -+ return emulate_gp(ctxt, 0); - break; - } - cs_sel |= SELECTOR_RPL_MASK; -@@ -2338,8 +2410,8 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt) - ops->set_segment(ctxt, cs_sel, &cs, 0, VCPU_SREG_CS); - ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS); - -- ctxt->_eip = reg_read(ctxt, VCPU_REGS_RDX); -- *reg_write(ctxt, VCPU_REGS_RSP) = reg_read(ctxt, VCPU_REGS_RCX); -+ ctxt->_eip = rdx; -+ *reg_write(ctxt, VCPU_REGS_RSP) = rcx; - - return X86EMUL_CONTINUE; - } -@@ -2457,19 +2529,24 @@ static int load_state_from_tss16(struct x86_emulate_ctxt *ctxt, - * Now load segment descriptors. If fault happens at this stage - * it is handled in a context of new task - */ -- ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; - -@@ -2594,25 +2671,32 @@ static int load_state_from_tss32(struct x86_emulate_ctxt *ctxt, - * Now load segment descriptors. If fault happenes at this stage - * it is handled in a context of new task - */ -- ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR, -+ cpl, true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; -- ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl, true); -+ ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl, -+ true, NULL); - if (ret != X86EMUL_CONTINUE) - return ret; - -@@ -2880,10 +2964,13 @@ static int em_aad(struct x86_emulate_ctxt *ctxt) - - static int em_call(struct x86_emulate_ctxt *ctxt) - { -+ int rc; - long rel = ctxt->src.val; - - ctxt->src.val = (unsigned long)ctxt->_eip; -- jmp_rel(ctxt, rel); -+ rc = jmp_rel(ctxt, rel); -+ if (rc != X86EMUL_CONTINUE) -+ return rc; - return em_push(ctxt); - } - -@@ -2892,34 +2979,50 @@ static int em_call_far(struct x86_emulate_ctxt *ctxt) - u16 sel, old_cs; - ulong old_eip; - int rc; -+ struct desc_struct old_desc, new_desc; -+ const struct x86_emulate_ops *ops = ctxt->ops; -+ int cpl = ctxt->ops->cpl(ctxt); - -- old_cs = get_segment_selector(ctxt, VCPU_SREG_CS); - old_eip = ctxt->_eip; -+ ops->get_segment(ctxt, &old_cs, &old_desc, NULL, VCPU_SREG_CS); - - memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2); -- if (load_segment_descriptor(ctxt, sel, VCPU_SREG_CS)) -+ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false, -+ &new_desc); -+ if (rc != X86EMUL_CONTINUE) - return X86EMUL_CONTINUE; - -- ctxt->_eip = 0; -- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes); -+ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l); -+ if (rc != X86EMUL_CONTINUE) -+ goto fail; - - ctxt->src.val = old_cs; - rc = em_push(ctxt); - if (rc != X86EMUL_CONTINUE) -- return rc; -+ goto fail; - - ctxt->src.val = old_eip; -- return em_push(ctxt); -+ rc = em_push(ctxt); -+ /* If we failed, we tainted the memory, but the very least we should -+ restore cs */ -+ if (rc != X86EMUL_CONTINUE) -+ goto fail; -+ return rc; -+fail: -+ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS); -+ return rc; -+ - } - - static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt) - { - int rc; -+ unsigned long eip; - -- ctxt->dst.type = OP_REG; -- ctxt->dst.addr.reg = &ctxt->_eip; -- ctxt->dst.bytes = ctxt->op_bytes; -- rc = emulate_pop(ctxt, &ctxt->dst.val, ctxt->op_bytes); -+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes); -+ if (rc != X86EMUL_CONTINUE) -+ return rc; -+ rc = assign_eip_near(ctxt, eip); - if (rc != X86EMUL_CONTINUE) - return rc; - rsp_increment(ctxt, ctxt->src.val); -@@ -3250,20 +3353,24 @@ static int em_lmsw(struct x86_emulate_ctxt *ctxt) - - static int em_loop(struct x86_emulate_ctxt *ctxt) - { -+ int rc = X86EMUL_CONTINUE; -+ - register_address_increment(ctxt, reg_rmw(ctxt, VCPU_REGS_RCX), -1); - if ((address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) != 0) && - (ctxt->b == 0xe2 || test_cc(ctxt->b ^ 0x5, ctxt->eflags))) -- jmp_rel(ctxt, ctxt->src.val); -+ rc = jmp_rel(ctxt, ctxt->src.val); - -- return X86EMUL_CONTINUE; -+ return rc; - } - - static int em_jcxz(struct x86_emulate_ctxt *ctxt) - { -+ int rc = X86EMUL_CONTINUE; -+ - if (address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) == 0) -- jmp_rel(ctxt, ctxt->src.val); -+ rc = jmp_rel(ctxt, ctxt->src.val); - -- return X86EMUL_CONTINUE; -+ return rc; - } - - static int em_in(struct x86_emulate_ctxt *ctxt) -@@ -3351,6 +3458,12 @@ static int em_bswap(struct x86_emulate_ctxt *ctxt) - return X86EMUL_CONTINUE; - } - -+static int em_clflush(struct x86_emulate_ctxt *ctxt) -+{ -+ /* emulating clflush regardless of cpuid */ -+ return X86EMUL_CONTINUE; -+} -+ - static bool valid_cr(int nr) - { - switch (nr) { -@@ -3683,6 +3796,16 @@ static const struct opcode group11[] = { - X7(D(Undefined)), - }; - -+static const struct gprefix pfx_0f_ae_7 = { -+ I(SrcMem | ByteOp, em_clflush), N, N, N, -+}; -+ -+static const struct group_dual group15 = { { -+ N, N, N, N, N, N, N, GP(0, &pfx_0f_ae_7), -+}, { -+ N, N, N, N, N, N, N, N, -+} }; -+ - static const struct gprefix pfx_0f_6f_0f_7f = { - I(Mmx, em_mov), I(Sse | Aligned, em_mov), N, I(Sse | Unaligned, em_mov), - }; -@@ -3887,10 +4010,11 @@ static const struct opcode twobyte_table[256] = { - N, I(ImplicitOps | EmulateOnUD, em_syscall), - II(ImplicitOps | Priv, em_clts, clts), N, - DI(ImplicitOps | Priv, invd), DI(ImplicitOps | Priv, wbinvd), N, N, -- N, D(ImplicitOps | ModRM), N, N, -+ N, D(ImplicitOps | ModRM | SrcMem | NoAccess), N, N, - /* 0x10 - 0x1F */ - N, N, N, N, N, N, N, N, -- D(ImplicitOps | ModRM), N, N, N, N, N, N, D(ImplicitOps | ModRM), -+ D(ImplicitOps | ModRM | SrcMem | NoAccess), -+ N, N, N, N, N, N, D(ImplicitOps | ModRM | SrcMem | NoAccess), - /* 0x20 - 0x2F */ - DIP(ModRM | DstMem | Priv | Op3264 | NoMod, cr_read, check_cr_read), - DIP(ModRM | DstMem | Priv | Op3264 | NoMod, dr_read, check_dr_read), -@@ -3942,7 +4066,7 @@ static const struct opcode twobyte_table[256] = { - F(DstMem | SrcReg | ModRM | BitOp | Lock | PageTable, em_bts), - F(DstMem | SrcReg | Src2ImmByte | ModRM, em_shrd), - F(DstMem | SrcReg | Src2CL | ModRM, em_shrd), -- D(ModRM), F(DstReg | SrcMem | ModRM, em_imul), -+ GD(0, &group15), F(DstReg | SrcMem | ModRM, em_imul), - /* 0xB0 - 0xB7 */ - I2bv(DstMem | SrcReg | ModRM | Lock | PageTable, em_cmpxchg), - I(DstReg | SrcMemFAddr | ModRM | Src2SS, em_lseg), -@@ -4458,10 +4582,10 @@ done_prefixes: - /* Decode and fetch the destination operand: register or memory. */ - rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask); - --done: - if (ctxt->rip_relative) - ctxt->memopp->addr.mem.ea += ctxt->_eip; - -+done: - return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK; - } - -@@ -4711,7 +4835,7 @@ special_insn: - break; - case 0x70 ... 0x7f: /* jcc (short) */ - if (test_cc(ctxt->b, ctxt->eflags)) -- jmp_rel(ctxt, ctxt->src.val); -+ rc = jmp_rel(ctxt, ctxt->src.val); - break; - case 0x8d: /* lea r16/r32, m */ - ctxt->dst.val = ctxt->src.addr.mem.ea; -@@ -4741,7 +4865,7 @@ special_insn: - break; - case 0xe9: /* jmp rel */ - case 0xeb: /* jmp rel short */ -- jmp_rel(ctxt, ctxt->src.val); -+ rc = jmp_rel(ctxt, ctxt->src.val); - ctxt->dst.type = OP_NONE; /* Disable writeback. */ - break; - case 0xf4: /* hlt */ -@@ -4864,13 +4988,11 @@ twobyte_insn: - break; - case 0x80 ... 0x8f: /* jnz rel, etc*/ - if (test_cc(ctxt->b, ctxt->eflags)) -- jmp_rel(ctxt, ctxt->src.val); -+ rc = jmp_rel(ctxt, ctxt->src.val); - break; - case 0x90 ... 0x9f: /* setcc r/m8 */ - ctxt->dst.val = test_cc(ctxt->b, ctxt->eflags); - break; -- case 0xae: /* clflush */ -- break; - case 0xb6 ... 0xb7: /* movzx */ - ctxt->dst.bytes = ctxt->op_bytes; - ctxt->dst.val = (ctxt->src.bytes == 1) ? (u8) ctxt->src.val -diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c -index 518d864..298781d 100644 ---- a/arch/x86/kvm/i8254.c -+++ b/arch/x86/kvm/i8254.c -@@ -262,8 +262,10 @@ void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu) - return; - - timer = &pit->pit_state.timer; -+ mutex_lock(&pit->pit_state.lock); - if (hrtimer_cancel(timer)) - hrtimer_start_expires(timer, HRTIMER_MODE_ABS); -+ mutex_unlock(&pit->pit_state.lock); - } - - static void destroy_pit_timer(struct kvm_pit *pit) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 08e8a89..0e9183e 100644 --- a/arch/x86/kvm/lapic.c @@ -29428,31 +29329,9 @@ index 4107765..d9eb358 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index ddf7427..fd84599 100644 +index 78dadc3..fd84599 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3234,7 +3234,7 @@ static int wrmsr_interception(struct vcpu_svm *svm) - msr.host_initiated = false; - - svm->next_rip = kvm_rip_read(&svm->vcpu) + 2; -- if (svm_set_msr(&svm->vcpu, &msr)) { -+ if (kvm_set_msr(&svm->vcpu, &msr)) { - trace_kvm_msr_write_ex(ecx, data); - kvm_inject_gp(&svm->vcpu, 0); - } else { -@@ -3534,9 +3534,9 @@ static int handle_exit(struct kvm_vcpu *vcpu) - - if (exit_code >= ARRAY_SIZE(svm_exit_handlers) - || !svm_exit_handlers[exit_code]) { -- kvm_run->exit_reason = KVM_EXIT_UNKNOWN; -- kvm_run->hw.hardware_exit_reason = exit_code; -- return 0; -+ WARN_ONCE(1, "vmx: unexpected exit reason 0x%x\n", exit_code); -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; - } - - return svm_exit_handlers[exit_code](svm); @@ -3547,7 +3547,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); @@ -29477,18 +29356,10 @@ index ddf7427..fd84599 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index bfe11cf..deb3959 100644 +index 41a5426..c0b3c00 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -453,6 +453,7 @@ struct vcpu_vmx { - int gs_ldt_reload_needed; - int fs_reload_needed; - u64 msr_host_bndcfgs; -+ unsigned long vmcs_host_cr4; /* May not match real cr4 */ - } host_state; - struct { - int vm86_active; -@@ -1340,12 +1341,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -1341,12 +1341,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -29503,7 +29374,7 @@ index bfe11cf..deb3959 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1605,7 +1606,11 @@ static void reload_tss(void) +@@ -1606,7 +1606,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -29515,7 +29386,7 @@ index bfe11cf..deb3959 100644 load_TR_desc(); } -@@ -1833,6 +1838,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1834,6 +1838,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -29526,7 +29397,7 @@ index bfe11cf..deb3959 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2122,7 +2131,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) +@@ -2123,7 +2131,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) * reads and returns guest's timestamp counter "register" * guest_tsc = host_tsc + tsc_offset -- 21.3 */ @@ -29535,25 +29406,7 @@ index bfe11cf..deb3959 100644 { u64 host_tsc, tsc_offset; -@@ -2631,12 +2640,15 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) - default: - msr = find_msr_entry(vmx, msr_index); - if (msr) { -+ u64 old_msr_data = msr->data; - msr->data = data; - if (msr - vmx->guest_msrs < vmx->save_nmsrs) { - preempt_disable(); -- kvm_set_shared_msr(msr->index, msr->data, -- msr->mask); -+ ret = kvm_set_shared_msr(msr->index, msr->data, -+ msr->mask); - preempt_enable(); -+ if (ret) -+ msr->data = old_msr_data; - } - break; - } -@@ -3110,8 +3122,11 @@ static __init int hardware_setup(void) +@@ -3114,8 +3122,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -29567,7 +29420,7 @@ index bfe11cf..deb3959 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3122,13 +3137,15 @@ static __init int hardware_setup(void) +@@ -3126,13 +3137,15 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_apicv()) enable_apicv = 0; @@ -29587,26 +29440,18 @@ index bfe11cf..deb3959 100644 if (nested) nested_vmx_setup_ctls_msrs(); -@@ -4235,10 +4252,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) - u32 low32, high32; - unsigned long tmpl; - struct desc_ptr dt; -+ unsigned long cr4; +@@ -4242,7 +4255,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) + unsigned long cr4; vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ -- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ ++ +#ifndef CONFIG_PAX_PER_CPU_PGD vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ +#endif -+ -+ /* Save the most likely value for this task's CR4 in the VMCS. */ -+ cr4 = read_cr4(); -+ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ -+ vmx->host_state.vmcs_host_cr4 = cr4; - vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ - #ifdef CONFIG_X86_64 -@@ -4260,7 +4284,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) + /* Save the most likely value for this task's CR4 in the VMCS. */ + cr4 = read_cr4(); +@@ -4269,7 +4285,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ vmx->host_idt_base = dt.address; @@ -29615,82 +29460,7 @@ index bfe11cf..deb3959 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -5257,7 +5281,7 @@ static int handle_wrmsr(struct kvm_vcpu *vcpu) - msr.data = data; - msr.index = ecx; - msr.host_initiated = false; -- if (vmx_set_msr(vcpu, &msr) != 0) { -+ if (kvm_set_msr(vcpu, &msr) != 0) { - trace_kvm_msr_write_ex(ecx, data); - kvm_inject_gp(vcpu, 0); - return 1; -@@ -6630,6 +6654,12 @@ static int handle_invept(struct kvm_vcpu *vcpu) - return 1; - } - -+static int handle_invvpid(struct kvm_vcpu *vcpu) -+{ -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; -+} -+ - /* - * The exit handlers return 1 if the exit was handled fully and guest execution - * may resume. Otherwise they set the kvm_run parameter to indicate what needs -@@ -6675,6 +6705,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { - [EXIT_REASON_MWAIT_INSTRUCTION] = handle_mwait, - [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, - [EXIT_REASON_INVEPT] = handle_invept, -+ [EXIT_REASON_INVVPID] = handle_invvpid, - }; - - static const int kvm_vmx_max_exit_handlers = -@@ -6908,7 +6939,7 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu) - case EXIT_REASON_VMPTRST: case EXIT_REASON_VMREAD: - case EXIT_REASON_VMRESUME: case EXIT_REASON_VMWRITE: - case EXIT_REASON_VMOFF: case EXIT_REASON_VMON: -- case EXIT_REASON_INVEPT: -+ case EXIT_REASON_INVEPT: case EXIT_REASON_INVVPID: - /* - * VMX instructions trap unconditionally. This allows L1 to - * emulate them for its L2 guest, i.e., allows 3-level nesting! -@@ -7049,10 +7080,10 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu) - && kvm_vmx_exit_handlers[exit_reason]) - return kvm_vmx_exit_handlers[exit_reason](vcpu); - else { -- vcpu->run->exit_reason = KVM_EXIT_UNKNOWN; -- vcpu->run->hw.hardware_exit_reason = exit_reason; -+ WARN_ONCE(1, "vmx: unexpected exit reason 0x%x\n", exit_reason); -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; - } -- return 0; - } - - static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr) -@@ -7376,7 +7407,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) - static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) - { - struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long debugctlmsr; -+ unsigned long debugctlmsr, cr4; - - /* Record the guest's net vcpu time for enforced NMI injections. */ - if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) -@@ -7397,6 +7428,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) - if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) - vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); - -+ cr4 = read_cr4(); -+ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) { -+ vmcs_writel(HOST_CR4, cr4); -+ vmx->host_state.vmcs_host_cr4 = cr4; -+ } -+ - /* When single-stepping over STI and MOV SS, we must clear the - * corresponding interruptibility bits in the guest state. Otherwise - * vmentry fails as it then expects bit 14 (BS) in pending debug -@@ -7453,6 +7490,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7475,6 +7491,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -29703,7 +29473,7 @@ index bfe11cf..deb3959 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -7505,6 +7548,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7527,6 +7549,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -29715,7 +29485,7 @@ index bfe11cf..deb3959 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -7518,7 +7566,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7540,7 +7567,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -29724,7 +29494,7 @@ index bfe11cf..deb3959 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -7527,8 +7575,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7549,8 +7576,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -29746,82 +29516,10 @@ index bfe11cf..deb3959 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 8f1e22d..c23d3c5 100644 +index d6aeccf..cea125a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -229,20 +229,25 @@ static void kvm_shared_msr_cpu_online(void) - shared_msr_update(i, shared_msrs_global.msrs[i]); - } - --void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask) -+int kvm_set_shared_msr(unsigned slot, u64 value, u64 mask) - { - unsigned int cpu = smp_processor_id(); - struct kvm_shared_msrs *smsr = per_cpu_ptr(shared_msrs, cpu); -+ int err; - - if (((value ^ smsr->values[slot].curr) & mask) == 0) -- return; -+ return 0; - smsr->values[slot].curr = value; -- wrmsrl(shared_msrs_global.msrs[slot], value); -+ err = wrmsrl_safe(shared_msrs_global.msrs[slot], value); -+ if (err) -+ return 1; -+ - if (!smsr->registered) { - smsr->urn.on_user_return = kvm_on_user_return; - user_return_notifier_register(&smsr->urn); - smsr->registered = true; - } -+ return 0; - } - EXPORT_SYMBOL_GPL(kvm_set_shared_msr); - -@@ -984,7 +989,6 @@ void kvm_enable_efer_bits(u64 mask) - } - EXPORT_SYMBOL_GPL(kvm_enable_efer_bits); - -- - /* - * Writes msr value into into the appropriate "register". - * Returns 0 on success, non-0 otherwise. -@@ -992,8 +996,34 @@ EXPORT_SYMBOL_GPL(kvm_enable_efer_bits); - */ - int kvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) - { -+ switch (msr->index) { -+ case MSR_FS_BASE: -+ case MSR_GS_BASE: -+ case MSR_KERNEL_GS_BASE: -+ case MSR_CSTAR: -+ case MSR_LSTAR: -+ if (is_noncanonical_address(msr->data)) -+ return 1; -+ break; -+ case MSR_IA32_SYSENTER_EIP: -+ case MSR_IA32_SYSENTER_ESP: -+ /* -+ * IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if -+ * non-canonical address is written on Intel but not on -+ * AMD (which ignores the top 32-bits, because it does -+ * not implement 64-bit SYSENTER). -+ * -+ * 64-bit code should hence be able to write a non-canonical -+ * value on AMD. Making the address canonical ensures that -+ * vmentry does not fail on Intel after writing a non-canonical -+ * value, and that something deterministic happens if the guest -+ * invokes 64-bit SYSENTER. -+ */ -+ msr->data = get_canonical(msr->data); -+ } - return kvm_x86_ops->set_msr(vcpu, msr); - } -+EXPORT_SYMBOL_GPL(kvm_set_msr); - - /* - * Adapt set_msr() to msr_io()'s calling convention -@@ -1827,8 +1857,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1857,8 +1857,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -29832,7 +29530,7 @@ index 8f1e22d..c23d3c5 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2749,6 +2779,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2779,6 +2779,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -29841,7 +29539,7 @@ index 8f1e22d..c23d3c5 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -5609,7 +5641,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5639,7 +5641,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -34435,7 +34133,7 @@ index a32b706..efb308b 100644 unsigned long uninitialized_var(pfn_align); int i, nid; diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index ae242a7..1c7998f 100644 +index 36de293..b820ddc 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -262,7 +262,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, @@ -35133,7 +34831,7 @@ index 6440221..f84b5c7 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 5c8cb80..728d0cd 100644 +index c881ba8..71aca2e 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -15,7 +15,11 @@ @@ -35196,7 +34894,7 @@ index 5c8cb80..728d0cd 100644 return header; } -@@ -853,7 +853,9 @@ common_load: ctx->seen_ld_abs = true; +@@ -864,7 +864,9 @@ common_load: pr_err("bpf_jit_compile fatal error\n"); return -EFAULT; } @@ -35206,7 +34904,7 @@ index 5c8cb80..728d0cd 100644 } proglen += ilen; addrs[i] = proglen; -@@ -868,7 +870,7 @@ void bpf_jit_compile(struct bpf_prog *prog) +@@ -879,7 +881,7 @@ void bpf_jit_compile(struct bpf_prog *prog) void bpf_int_jit_compile(struct bpf_prog *prog) { @@ -35215,7 +34913,7 @@ index 5c8cb80..728d0cd 100644 int proglen, oldproglen = 0; struct jit_context ctx = {}; u8 *image = NULL; -@@ -900,7 +902,7 @@ void bpf_int_jit_compile(struct bpf_prog *prog) +@@ -911,7 +913,7 @@ void bpf_int_jit_compile(struct bpf_prog *prog) if (proglen <= 0) { image = NULL; if (header) @@ -35224,7 +34922,7 @@ index 5c8cb80..728d0cd 100644 goto out; } if (image) { -@@ -922,7 +924,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog) +@@ -935,7 +937,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog) if (image) { bpf_flush_icache(header, image + proglen); @@ -35232,7 +34930,7 @@ index 5c8cb80..728d0cd 100644 prog->bpf_func = (void *)image; prog->jited = 1; } -@@ -930,23 +931,16 @@ out: +@@ -943,23 +944,15 @@ out: kfree(addrs); } @@ -35260,7 +34958,6 @@ index 5c8cb80..728d0cd 100644 + if (!fp->jited) + goto free_filter; + -+ set_memory_rw(addr, 1); + module_free_exec(NULL, (void *)addr); + +free_filter: @@ -37215,7 +36912,7 @@ index 56d08fd..2e07090 100644 (u8 *) pte, count) < count) { kfree(pte); diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 9b8eaec..c20279a 100644 +index a6d6270..c4bb72f 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -67,7 +67,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p) @@ -39224,7 +38921,7 @@ index 1a00001..c0d4253 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/drivers/block/drbd/drbd_interval.c b/drivers/block/drbd/drbd_interval.c -index 89c497c..9c736ae 100644 +index 04a14e0..5b8f0aa 100644 --- a/drivers/block/drbd/drbd_interval.c +++ b/drivers/block/drbd/drbd_interval.c @@ -67,9 +67,9 @@ static void augment_rotate(struct rb_node *rb_old, struct rb_node *rb_new) @@ -40097,7 +39794,7 @@ index 0ea9986..e7b07e4 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index c18d41d..7c499f3 100644 +index 8c86a95..7c499f3 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -289,9 +289,6 @@ @@ -40132,33 +39829,6 @@ index c18d41d..7c499f3 100644 unsigned int add = ((pool_size - entropy_count)*anfrac*3) >> s; -@@ -1106,7 +1103,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out) - __mix_pool_bytes(r, hash.w, sizeof(hash.w)); - spin_unlock_irqrestore(&r->lock, flags); - -- memset(workspace, 0, sizeof(workspace)); -+ memzero_explicit(workspace, sizeof(workspace)); - - /* - * In case the hash function has some recognizable output -@@ -1118,7 +1115,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out) - hash.w[2] ^= rol32(hash.w[2], 16); - - memcpy(out, &hash, EXTRACT_SIZE); -- memset(&hash, 0, sizeof(hash)); -+ memzero_explicit(&hash, sizeof(hash)); - } - - /* -@@ -1175,7 +1172,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, - } - - /* Wipe data just returned from memory */ -- memset(tmp, 0, sizeof(tmp)); -+ memzero_explicit(tmp, sizeof(tmp)); - - return ret; - } @@ -1207,7 +1204,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); @@ -40168,15 +39838,6 @@ index c18d41d..7c499f3 100644 ret = -EFAULT; break; } -@@ -1218,7 +1215,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, - } - - /* Wipe data just returned from memory */ -- memset(tmp, 0, sizeof(tmp)); -+ memzero_explicit(tmp, sizeof(tmp)); - - return ret; - } @@ -1590,7 +1587,7 @@ static char sysctl_bootid[16]; static int proc_do_uuid(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) @@ -40433,10 +40094,10 @@ index b0c18ed..1713a80 100644 cpu_notifier_register_begin(); diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 61190f6..fcd899a 100644 +index 07c8276..38bd07c 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -2095,7 +2095,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) +@@ -2107,7 +2107,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) } mutex_lock(&cpufreq_governor_mutex); @@ -40445,7 +40106,7 @@ index 61190f6..fcd899a 100644 mutex_unlock(&cpufreq_governor_mutex); return; } -@@ -2311,7 +2311,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -2323,7 +2323,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -40454,7 +40115,7 @@ index 61190f6..fcd899a 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -2351,13 +2351,17 @@ int cpufreq_boost_trigger_state(int state) +@@ -2363,13 +2363,17 @@ int cpufreq_boost_trigger_state(int state) return 0; write_lock_irqsave(&cpufreq_driver_lock, flags); @@ -40474,7 +40135,7 @@ index 61190f6..fcd899a 100644 write_unlock_irqrestore(&cpufreq_driver_lock, flags); pr_err("%s: Cannot %s BOOST\n", -@@ -2414,8 +2418,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2426,8 +2430,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -40488,7 +40149,7 @@ index 61190f6..fcd899a 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { -@@ -2430,8 +2437,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2442,8 +2449,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) * Check if driver provides function to enable boost - * if not, use cpufreq_boost_set_sw as default */ @@ -40590,10 +40251,10 @@ index ad3f38f..8f086cd 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index 0668b38..2f3ea18 100644 +index 27bb6d3..4cf595c 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c -@@ -120,10 +120,10 @@ struct pstate_funcs { +@@ -133,10 +133,10 @@ struct pstate_funcs { struct cpu_defaults { struct pstate_adjust_policy pid_policy; struct pstate_funcs funcs; @@ -40606,7 +40267,7 @@ index 0668b38..2f3ea18 100644 struct perf_limits { int no_turbo; -@@ -527,17 +527,17 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -594,18 +594,18 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; @@ -40619,9 +40280,11 @@ index 0668b38..2f3ea18 100644 - cpu->pstate.min_pstate = pstate_funcs.get_min(); - cpu->pstate.max_pstate = pstate_funcs.get_max(); - cpu->pstate.turbo_pstate = pstate_funcs.get_turbo(); +- cpu->pstate.scaling = pstate_funcs.get_scaling(); + cpu->pstate.min_pstate = pstate_funcs->get_min(); + cpu->pstate.max_pstate = pstate_funcs->get_max(); + cpu->pstate.turbo_pstate = pstate_funcs->get_turbo(); ++ cpu->pstate.scaling = pstate_funcs->get_scaling(); - if (pstate_funcs.get_vid) - pstate_funcs.get_vid(cpu); @@ -40630,7 +40293,7 @@ index 0668b38..2f3ea18 100644 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); } -@@ -810,9 +810,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -875,9 +875,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); @@ -40643,7 +40306,7 @@ index 0668b38..2f3ea18 100644 return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -826,7 +826,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -891,7 +891,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -40652,13 +40315,14 @@ index 0668b38..2f3ea18 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -838,11 +838,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -903,12 +903,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { - pstate_funcs.get_max = funcs->get_max; - pstate_funcs.get_min = funcs->get_min; - pstate_funcs.get_turbo = funcs->get_turbo; +- pstate_funcs.get_scaling = funcs->get_scaling; - pstate_funcs.set = funcs->set; - pstate_funcs.get_vid = funcs->get_vid; + pstate_funcs = funcs; @@ -41720,7 +41384,7 @@ index 2e0613e..a8b94d9 100644 return ret; diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index d8324c6..fc9b704 100644 +index b71a026..8b6cc10 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -12437,13 +12437,13 @@ struct intel_quirk { @@ -42317,10 +41981,10 @@ index 4a85bb6..aaea819 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 12c8329..a69e2e8 100644 +index 5d4416f..80b7fc4 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -1213,7 +1213,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1214,7 +1214,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) * locking inversion with the driver load path. And the access here is * completely racy anyway. So don't bother with locking for now. */ @@ -42880,12 +42544,12 @@ index 0cb92e3..c7d453d 100644 if (atomic_read(&uhid->report_done)) goto unlock; diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index 531a593..0b43a69 100644 +index 19bad59..ca24eaf 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c -@@ -365,8 +365,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, +@@ -366,8 +366,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, + unsigned long flags; int ret = 0; - int t; - next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle); - atomic_inc(&vmbus_connection.next_gpadl_handle); @@ -42895,7 +42559,7 @@ index 531a593..0b43a69 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index edfc848..d83e195 100644 +index 3e4235c..877d0e5 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) @@ -42907,7 +42571,7 @@ index edfc848..d83e195 100644 __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), -@@ -154,7 +154,7 @@ int hv_init(void) +@@ -156,7 +156,7 @@ int hv_init(void) /* See if the hypercall page is already set */ rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64); @@ -43002,10 +42666,10 @@ index 5e90c5d..d8fcefb 100644 cap_msg.caps.cap_bits.balloon = 1; cap_msg.caps.cap_bits.hot_add = 1; diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 22b7507..fc2fc47 100644 +index c386d8d..d6004c4 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h -@@ -607,7 +607,7 @@ enum vmbus_connect_state { +@@ -611,7 +611,7 @@ enum vmbus_connect_state { struct vmbus_connection { enum vmbus_connect_state conn_state; @@ -45324,7 +44988,7 @@ index 32b958d..34011e8 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 1294238..a442227 100644 +index b7f603c..723d2bd 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -45396,7 +45060,7 @@ index 1294238..a442227 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -7068,7 +7068,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -7072,7 +7072,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -45405,7 +45069,7 @@ index 1294238..a442227 100644 return 0; } if (v == (void*)2) { -@@ -7171,7 +7171,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7175,7 +7175,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -45414,7 +45078,7 @@ index 1294238..a442227 100644 return error; } -@@ -7188,7 +7188,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7192,7 +7192,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -45423,7 +45087,7 @@ index 1294238..a442227 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -7232,7 +7232,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7236,7 +7236,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -47759,7 +47423,7 @@ index ccec0e3..199f9ce 100644 if (imx_data->socdata->flags & ESDHC_FLAG_STD_TUNING) writel(readl(host->ioaddr + ESDHC_TUNING_CTRL) | diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c -index fa5954a..56840e5 100644 +index 1e47903..7683916 100644 --- a/drivers/mmc/host/sdhci-s3c.c +++ b/drivers/mmc/host/sdhci-s3c.c @@ -584,9 +584,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) @@ -48012,7 +47676,7 @@ index 1c5d62e..8e14d54 100644 + .wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init, +}; diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c -index ea27383..d695e45 100644 +index ea27383..faa8936 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c @@ -2463,7 +2463,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata) @@ -48197,7 +47861,7 @@ index ea27383..d695e45 100644 - DBGPR("<--xgbe_init_function_ptrs\n"); -} + .config_dcb_tc = xgbe_config_dcb_tc, -+ .config_dcb_pfc = xgbe_config_dcb_pfc ++ .config_dcb_pfc = xgbe_config_dcb_pfc, +}; diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c index b26d758..b0d1c3b 100644 @@ -48691,10 +48355,10 @@ index 8cffcdf..aadf043 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c -index e5be511..16cb55c 100644 +index 9f5f3c3..86d21a6 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c -@@ -2355,7 +2355,7 @@ static void get_regs(struct net_device *dev, struct ethtool_regs *regs, +@@ -2359,7 +2359,7 @@ static void get_regs(struct net_device *dev, struct ethtool_regs *regs, int i; struct adapter *ap = netdev2adap(dev); @@ -48960,18 +48624,6 @@ index d5e07de..e3bf20a 100644 spinlock_t request_lock; struct list_head req_list; -diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c -index 0fcb5e7..148fda3 100644 ---- a/drivers/net/hyperv/netvsc_drv.c -+++ b/drivers/net/hyperv/netvsc_drv.c -@@ -556,6 +556,7 @@ do_lso: - do_send: - /* Start filling in the page buffers with the rndis hdr */ - rndis_msg->msg_len += rndis_msg_size; -+ packet->total_data_buflen = rndis_msg->msg_len; - packet->page_buf_cnt = init_page_array(rndis_msg, rndis_msg_size, - skb, &packet->page_buf[0]); - diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c index 2b86f0b..ecc996f 100644 --- a/drivers/net/hyperv/rndis_filter.c @@ -49008,7 +48660,7 @@ index 9ce854f..e43fa17 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 726edab..8939092 100644 +index 5f17ad0..e0463c8 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -264,7 +264,7 @@ static void macvlan_broadcast_enqueue(struct macvlan_port *port, @@ -49020,7 +48672,7 @@ index 726edab..8939092 100644 } /* called under rcu_read_lock() from netif_receive_skb */ -@@ -1144,13 +1144,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -1150,13 +1150,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -49043,7 +48695,7 @@ index 726edab..8939092 100644 return rtnl_link_register(ops); }; -@@ -1230,7 +1232,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -1236,7 +1238,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -49053,10 +48705,10 @@ index 726edab..8939092 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 0c6adaa..0784e3f 100644 +index 07c942b..2d8b073 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -1023,7 +1023,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -49065,7 +48717,7 @@ index 0c6adaa..0784e3f 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1188,7 +1188,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1193,7 +1193,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -49075,18 +48727,9 @@ index 0c6adaa..0784e3f 100644 }; diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index fa0d717..bab8c01 100644 +index 17ecdd6..79ad848 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c -@@ -594,7 +594,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - if (file == ppp->owner) - ppp_shutdown_interface(ppp); - } -- if (atomic_long_read(&file->f_count) <= 2) { -+ if (atomic_long_read(&file->f_count) < 2) { - ppp_release(NULL, file); - err = 0; - } else @@ -1020,7 +1020,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; struct ppp_stats stats; @@ -49105,6 +48748,21 @@ index fa0d717..bab8c01 100644 break; err = 0; break; +diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c +index 1aff970..cc2ee29 100644 +--- a/drivers/net/ppp/pptp.c ++++ b/drivers/net/ppp/pptp.c +@@ -506,7 +506,9 @@ static int pptp_getname(struct socket *sock, struct sockaddr *uaddr, + int len = sizeof(struct sockaddr_pppox); + struct sockaddr_pppox sp; + +- sp.sa_family = AF_PPPOX; ++ memset(&sp.sa_addr, 0, sizeof(sp.sa_addr)); ++ ++ sp.sa_family = AF_PPPOX; + sp.sa_protocol = PX_PROTO_PPTP; + sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr; + diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c index 079f7ad..b2a2bfa7 100644 --- a/drivers/net/slip/slhc.c @@ -49132,10 +48790,10 @@ index 1f76c2ea..9681171 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index acaaf67..a33483d 100644 +index d965e8a..f119e64 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1855,7 +1855,7 @@ unlock: +@@ -1861,7 +1861,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -49144,7 +48802,7 @@ index acaaf67..a33483d 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1868,6 +1868,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1874,6 +1874,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, unsigned int ifindex; int ret; @@ -49294,59 +48952,10 @@ index 59caa06..de191b3 100644 #define VIRTNET_DRIVER_VERSION "1.0.0" diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index beb377b..b5bbf08 100644 +index 81a8a29..ae60a58 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c -@@ -1440,9 +1440,6 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb) - if (!in6_dev) - goto out; - -- if (!pskb_may_pull(skb, skb->len)) -- goto out; -- - iphdr = ipv6_hdr(skb); - saddr = &iphdr->saddr; - daddr = &iphdr->daddr; -@@ -1717,6 +1714,8 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, - struct pcpu_sw_netstats *tx_stats, *rx_stats; - union vxlan_addr loopback; - union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip; -+ struct net_device *dev = skb->dev; -+ int len = skb->len; - - tx_stats = this_cpu_ptr(src_vxlan->dev->tstats); - rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats); -@@ -1740,16 +1739,16 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, - - u64_stats_update_begin(&tx_stats->syncp); - tx_stats->tx_packets++; -- tx_stats->tx_bytes += skb->len; -+ tx_stats->tx_bytes += len; - u64_stats_update_end(&tx_stats->syncp); - - if (netif_rx(skb) == NET_RX_SUCCESS) { - u64_stats_update_begin(&rx_stats->syncp); - rx_stats->rx_packets++; -- rx_stats->rx_bytes += skb->len; -+ rx_stats->rx_bytes += len; - u64_stats_update_end(&rx_stats->syncp); - } else { -- skb->dev->stats.rx_dropped++; -+ dev->stats.rx_dropped++; - } - } - -@@ -1927,7 +1926,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) - return arp_reduce(dev, skb); - #if IS_ENABLED(CONFIG_IPV6) - else if (ntohs(eth->h_proto) == ETH_P_IPV6 && -- skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) && -+ pskb_may_pull(skb, sizeof(struct ipv6hdr) -+ + sizeof(struct nd_msg)) && - ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { - struct nd_msg *msg; - -@@ -2750,7 +2750,7 @@ nla_put_failure: +@@ -2762,7 +2762,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -49355,7 +48964,7 @@ index beb377b..b5bbf08 100644 .kind = "vxlan", .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, -@@ -2797,7 +2797,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, +@@ -2809,7 +2809,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -50059,10 +49668,10 @@ index 0ffb6ff..c0b7f0e 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index 06e04aa..d5e1f0d 100644 +index 6c02467..771bb8a 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1684,7 +1684,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1686,7 +1686,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -50071,7 +49680,7 @@ index 06e04aa..d5e1f0d 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1705,7 +1705,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1707,7 +1707,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -50081,10 +49690,10 @@ index 06e04aa..d5e1f0d 100644 memset(buf, 0, sizeof(buf)); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 1326f61..9e56010f 100644 +index 6b48c865..19646a7 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -2575,20 +2575,20 @@ static int __init init_mac80211_hwsim(void) +@@ -2577,20 +2577,20 @@ static int __init init_mac80211_hwsim(void) if (channels < 1) return -EINVAL; @@ -50599,7 +50208,7 @@ index 5a40516..136d5a7 100644 kfree(msi_dev_attr); ++count; diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 9ff0a90..e819dda 100644 +index 6d04771..4126004 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -1134,7 +1134,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) @@ -51332,7 +50941,7 @@ index f374fa5..26f0683 100644 mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators, ARRAY_SIZE(mc13892_regulators)); diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c -index b0e4a3e..e5dc11e 100644 +index 5b2e761..c8c8a4a 100644 --- a/drivers/rtc/rtc-cmos.c +++ b/drivers/rtc/rtc-cmos.c @@ -789,7 +789,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq) @@ -52337,7 +51946,7 @@ index d646540..5b13554 100644 extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool); extern void qla2x00_init_host_attr(scsi_qla_host_t *); diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index be9698d..a328a41 100644 +index 8252c0e..613adad 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1493,8 +1493,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) @@ -52408,7 +52017,7 @@ index d81f3cc..0093e5b 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index aaea4b9..c64408d 100644 +index 7cb8c73..14561b5 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1581,7 +1581,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) @@ -52573,6 +52182,19 @@ index 01cf888..59e0475 100644 case BLKTRACESTART: return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: +diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c +index 11a5043..e36f04c 100644 +--- a/drivers/soc/tegra/fuse/fuse-tegra.c ++++ b/drivers/soc/tegra/fuse/fuse-tegra.c +@@ -70,7 +70,7 @@ static ssize_t fuse_read(struct file *fd, struct kobject *kobj, + return i; + } + +-static struct bin_attribute fuse_bin_attr = { ++static bin_attribute_no_const fuse_bin_attr = { + .attr = { .name = "fuse", .mode = S_IRUGO, }, + .read = fuse_read, + }; diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index ca935df..ae8a3dc 100644 --- a/drivers/spi/spi.c @@ -52643,6 +52265,58 @@ index 6b22106..6c6e641 100644 return -EBUSY; imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL); +diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c +index 503b2d7..c918745 100644 +--- a/drivers/staging/line6/driver.c ++++ b/drivers/staging/line6/driver.c +@@ -463,7 +463,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data, + { + struct usb_device *usbdev = line6->usbdev; + int ret; +- unsigned char len; ++ unsigned char *plen; + + /* query the serial number: */ + ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67, +@@ -476,27 +476,34 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data, + return ret; + } + ++ plen = kmalloc(1, GFP_KERNEL); ++ if (plen == NULL) ++ return -ENOMEM; ++ + /* Wait for data length. We'll get 0xff until length arrives. */ + do { + ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | + USB_DIR_IN, +- 0x0012, 0x0000, &len, 1, ++ 0x0012, 0x0000, plen, 1, + LINE6_TIMEOUT * HZ); + if (ret < 0) { + dev_err(line6->ifcdev, + "receive length failed (error %d)\n", ret); ++ kfree(plen); + return ret; + } +- } while (len == 0xff); ++ } while (*plen == 0xff); + +- if (len != datalen) { ++ if (*plen != datalen) { + /* should be equal or something went wrong */ + dev_err(line6->ifcdev, + "length mismatch (expected %d, got %d)\n", +- (int)datalen, (int)len); ++ (int)datalen, (int)*plen); ++ kfree(plen); + return -EINVAL; + } ++ kfree(plen); + + /* receive the result: */ + ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c index bcce919..f30fcf9 100644 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c @@ -52903,6 +52577,28 @@ index dc23395..cf7e9b1 100644 struct io_req { struct list_head list; +diff --git a/drivers/staging/unisys/visorchipset/visorchipset.h b/drivers/staging/unisys/visorchipset/visorchipset.h +index 2bf2e2f..84421c9 100644 +--- a/drivers/staging/unisys/visorchipset/visorchipset.h ++++ b/drivers/staging/unisys/visorchipset/visorchipset.h +@@ -228,7 +228,7 @@ typedef struct { + void (*device_resume)(ulong busNo, ulong devNo); + int (*get_channel_info)(uuid_le typeGuid, ulong *minSize, + ulong *maxSize); +-} VISORCHIPSET_BUSDEV_NOTIFIERS; ++} __no_const VISORCHIPSET_BUSDEV_NOTIFIERS; + + /* These functions live inside visorchipset, and will be called to indicate + * responses to specific events (by code outside of visorchipset). +@@ -243,7 +243,7 @@ typedef struct { + void (*device_destroy)(ulong busNo, ulong devNo, int response); + void (*device_pause)(ulong busNo, ulong devNo, int response); + void (*device_resume)(ulong busNo, ulong devNo, int response); +-} VISORCHIPSET_BUSDEV_RESPONDERS; ++} __no_const VISORCHIPSET_BUSDEV_RESPONDERS; + + /** Register functions (in the bus driver) to get called by visorchipset + * whenever a bus or device appears for which this service partition is diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c index 164136b..7244df5 100644 --- a/drivers/staging/vt6655/hostap.c @@ -52956,10 +52652,10 @@ index e7e9372..161f530 100644 login->tgt_agt = sbp_target_agent_register(login); if (IS_ERR(login->tgt_agt)) { diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 98da901..bb443e8 100644 +index 15a1c13..6c9b96b 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c -@@ -1525,7 +1525,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) +@@ -1526,7 +1526,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); sema_init(&dev->caw_sem, 1); @@ -52969,7 +52665,7 @@ index 98da901..bb443e8 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 7fa62fc..abdd041 100644 +index ab61014..8f1116e 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1165,7 +1165,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) @@ -53693,10 +53389,10 @@ index a260cde..6b2b5ce 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c -index 0da0b54..80ae306 100644 +index 077570a..12550a9 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c -@@ -989,7 +989,7 @@ static struct uart_driver msm_uart_driver = { +@@ -981,7 +981,7 @@ static struct uart_driver msm_uart_driver = { .cons = MSM_CONSOLE, }; @@ -53705,7 +53401,7 @@ index 0da0b54..80ae306 100644 static const struct of_device_id msm_uartdm_table[] = { { .compatible = "qcom,msm-uartdm-v1.1", .data = (void *)UARTDM_1P1 }, -@@ -1008,7 +1008,7 @@ static int msm_serial_probe(struct platform_device *pdev) +@@ -1000,7 +1000,7 @@ static int msm_serial_probe(struct platform_device *pdev) int irq; if (pdev->id == -1) @@ -53747,7 +53443,7 @@ index c78f43a..22b1dab 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 29a7be4..0144e62 100644 +index 0f03988..8a8038d 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1343,7 +1343,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp) @@ -54185,10 +53881,10 @@ index 42bad18..447d7a2 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 8fbad34..0db0a39 100644 +index 848c17a..e930437 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3464,7 +3464,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3469,7 +3469,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -54623,7 +54319,7 @@ index 0b59731..46ee7d1 100644 dev->rawdescriptors[i] + (*ppos - pos), min(len, alloclen))) { diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index 487abcf..06226dc 100644 +index 258e6fe..9ea48d7 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) @@ -54645,7 +54341,7 @@ index 487abcf..06226dc 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index dc84915..cdb6624 100644 +index 674c262..71fdd90 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -54656,7 +54352,7 @@ index dc84915..cdb6624 100644 #include #include -@@ -4662,6 +4663,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, +@@ -4665,6 +4666,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, goto done; return; } @@ -54724,19 +54420,6 @@ index 2dd2362..1135437 100644 INIT_LIST_HEAD(&dev->ep0.urb_list); dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; -diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c -index 490a6ca..1f8364d 100644 ---- a/drivers/usb/dwc3/gadget.c -+++ b/drivers/usb/dwc3/gadget.c -@@ -615,8 +615,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, - if (!usb_endpoint_xfer_isoc(desc)) - return 0; - -- memset(&trb_link, 0, sizeof(trb_link)); -- - /* Link TRB for ISOC. The HWO bit is never reset */ - trb_st_hw = &dep->trb_pool[0]; - diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c index 8cfc319..4868255 100644 --- a/drivers/usb/early/ehci-dbgp.c @@ -59907,10 +59590,10 @@ index f70119f..ab5894d 100644 spin_lock_init(&delayed_root->lock); init_waitqueue_head(&delayed_root->wait); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index 8a8e298..9f904ad 100644 +index b765d41..5a8b0c3 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -3939,9 +3939,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3975,9 +3975,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -59923,7 +59606,7 @@ index 8a8e298..9f904ad 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -3963,10 +3966,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3999,10 +4002,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -59974,22 +59657,10 @@ index e2e798a..f454c18 100644 static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info, diff --git a/fs/buffer.c b/fs/buffer.c -index 3588a80..3d038a9 100644 +index 72daaa5..60ffeb9 100644 --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -2318,6 +2318,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping, - err = 0; - - balance_dirty_pages_ratelimited(mapping); -+ -+ if (unlikely(fatal_signal_pending(current))) { -+ err = -EINTR; -+ goto out; -+ } - } - - /* page covers the boundary, find the boundary offset */ -@@ -3424,7 +3429,7 @@ void __init buffer_init(void) +@@ -3432,7 +3432,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -61029,7 +60700,7 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index cb25a1a..8060de0 100644 +index 34b40be8..2003532 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -478,7 +478,7 @@ static void __dentry_kill(struct dentry *dentry) @@ -61126,7 +60797,15 @@ index cb25a1a..8060de0 100644 d_lru_isolate(dentry); spin_unlock(&dentry->d_lock); return LRU_REMOVED; -@@ -1255,7 +1255,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) +@@ -1149,6 +1149,7 @@ out_unlock: + return; + + rename_retry: ++ done_seqretry(&rename_lock, seq); + if (!retry) + return; + seq = 1; +@@ -1255,7 +1256,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) } else { if (dentry->d_flags & DCACHE_LRU_LIST) d_lru_del(dentry); @@ -61135,7 +60814,7 @@ index cb25a1a..8060de0 100644 d_shrink_add(dentry, &data->dispose); data->found++; } -@@ -1303,7 +1303,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) +@@ -1303,7 +1304,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) return D_WALK_CONTINUE; /* root with refcount 1 is fine */ @@ -61144,7 +60823,7 @@ index cb25a1a..8060de0 100644 return D_WALK_CONTINUE; printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} " -@@ -1312,7 +1312,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) +@@ -1312,7 +1313,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) dentry->d_inode ? dentry->d_inode->i_ino : 0UL, dentry, @@ -61153,7 +60832,7 @@ index cb25a1a..8060de0 100644 dentry->d_sb->s_type->name, dentry->d_sb->s_id); WARN_ON(1); -@@ -1438,7 +1438,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1438,7 +1439,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) */ dentry->d_iname[DNAME_INLINE_LEN-1] = 0; if (name->len > DNAME_INLINE_LEN-1) { @@ -61162,7 +60841,7 @@ index cb25a1a..8060de0 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -1456,7 +1456,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1456,7 +1457,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) smp_wmb(); dentry->d_name.name = dname; @@ -61171,7 +60850,7 @@ index cb25a1a..8060de0 100644 dentry->d_flags = 0; spin_lock_init(&dentry->d_lock); seqcount_init(&dentry->d_seq); -@@ -2196,7 +2196,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) +@@ -2196,7 +2197,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) goto next; } @@ -61180,7 +60859,7 @@ index cb25a1a..8060de0 100644 found = dentry; spin_unlock(&dentry->d_lock); break; -@@ -2295,7 +2295,7 @@ again: +@@ -2295,7 +2296,7 @@ again: spin_lock(&dentry->d_lock); inode = dentry->d_inode; isdir = S_ISDIR(inode->i_mode); @@ -61189,21 +60868,7 @@ index cb25a1a..8060de0 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -2675,11 +2675,13 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry) - if (!IS_ROOT(new)) { - spin_unlock(&inode->i_lock); - dput(new); -+ iput(inode); - return ERR_PTR(-EIO); - } - if (d_ancestor(new, dentry)) { - spin_unlock(&inode->i_lock); - dput(new); -+ iput(inode); - return ERR_PTR(-EIO); - } - write_seqlock(&rename_lock); -@@ -3300,7 +3302,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3307,7 +3308,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -61212,7 +60877,7 @@ index cb25a1a..8060de0 100644 } } return D_WALK_CONTINUE; -@@ -3416,7 +3418,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3423,7 +3424,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -61239,7 +60904,7 @@ index 1e3b99d..6512101 100644 } EXPORT_SYMBOL_GPL(debugfs_create_dir); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index d4a9431..77f9b2e 100644 +index 57ee4c5..ecb13b0 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -673,7 +673,7 @@ static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz) @@ -62154,10 +61819,10 @@ index c6874be..f8a6ae8 100644 static int diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index 581ef40..cec52d7 100644 +index e069155..b825b08 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c -@@ -553,8 +553,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, +@@ -557,8 +557,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, /* Hm, nope. Are (enough) root reserved clusters available? */ if (uid_eq(sbi->s_resuid, current_fsuid()) || (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) || @@ -62169,7 +61834,7 @@ index 581ef40..cec52d7 100644 if (free_clusters >= (nclusters + dirty_clusters + resv_clusters)) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index b0c225c..0e69bd7 100644 +index 96ac9d3..1c30e7e6 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1275,19 +1275,19 @@ struct ext4_sb_info { @@ -62320,10 +61985,10 @@ index 8b0f9ef..cb9f620 100644 return 0; diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c -index 32bce84..112d969 100644 +index 8313ca3..8a37d08 100644 --- a/fs/ext4/mmp.c +++ b/fs/ext4/mmp.c -@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, +@@ -111,7 +111,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp, const char *function, unsigned int line, const char *msg) { @@ -62333,10 +61998,10 @@ index 32bce84..112d969 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 0b28b36..b85d0f53 100644 +index b1f0ac7..77e9a05 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c -@@ -1276,7 +1276,7 @@ static ext4_fsblk_t get_sb_block(void **data) +@@ -1274,7 +1274,7 @@ static ext4_fsblk_t get_sb_block(void **data) } #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3)) @@ -62345,7 +62010,7 @@ index 0b28b36..b85d0f53 100644 "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; #ifdef CONFIG_QUOTA -@@ -2460,7 +2460,7 @@ struct ext4_attr { +@@ -2454,7 +2454,7 @@ struct ext4_attr { int offset; int deprecated_val; } u; @@ -62355,10 +62020,10 @@ index 0b28b36..b85d0f53 100644 static int parse_strtoull(const char *buf, unsigned long long max, unsigned long long *value) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c -index e738733..9843a6c 100644 +index 2d1e5803..1b082d415 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c -@@ -386,7 +386,7 @@ static int +@@ -399,7 +399,7 @@ static int ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry, char *buffer, size_t buffer_size) { @@ -62367,7 +62032,7 @@ index e738733..9843a6c 100644 for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) { const struct xattr_handler *handler = -@@ -403,9 +403,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry, +@@ -416,9 +416,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry, buffer += size; } rest -= size; @@ -64131,7 +63796,7 @@ index 4a6cf28..d3a29d3 100644 jffs2_prealloc_raw_node_refs(c, jeb, 1); diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c -index a6597d6..41b30ec 100644 +index 09ed551..45684f8 100644 --- a/fs/jffs2/wbuf.c +++ b/fs/jffs2/wbuf.c @@ -1023,7 +1023,8 @@ static const struct jffs2_unknown_node oob_cleanmarker = @@ -64352,7 +64017,7 @@ index 6740a62..ccb472f 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index a7b05bf..9b251d4 100644 +index bb02687..79cba2c 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask) @@ -64640,7 +64305,7 @@ index a7b05bf..9b251d4 100644 error = -EISDIR; if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) goto out; -@@ -3206,7 +3298,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3207,7 +3299,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -64649,7 +64314,7 @@ index a7b05bf..9b251d4 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3224,7 +3316,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3225,7 +3317,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -64658,7 +64323,7 @@ index a7b05bf..9b251d4 100644 put_link(nd, &link, cookie); } out: -@@ -3324,9 +3416,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3325,9 +3417,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -64672,7 +64337,7 @@ index a7b05bf..9b251d4 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3378,6 +3472,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3379,6 +3473,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -64693,7 +64358,7 @@ index a7b05bf..9b251d4 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3441,6 +3549,17 @@ retry: +@@ -3442,6 +3550,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -64711,7 +64376,7 @@ index a7b05bf..9b251d4 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3456,6 +3575,8 @@ retry: +@@ -3457,6 +3576,8 @@ retry: error = vfs_mknod(path.dentry->d_inode,dentry,mode,0); break; } @@ -64720,7 +64385,7 @@ index a7b05bf..9b251d4 100644 out: done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { -@@ -3510,9 +3631,16 @@ retry: +@@ -3511,9 +3632,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -64737,7 +64402,7 @@ index a7b05bf..9b251d4 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3595,6 +3723,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3596,6 +3724,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -64746,7 +64411,7 @@ index a7b05bf..9b251d4 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3627,10 +3757,21 @@ retry: +@@ -3628,10 +3758,21 @@ retry: error = -ENOENT; goto exit3; } @@ -64768,7 +64433,7 @@ index a7b05bf..9b251d4 100644 exit3: dput(dentry); exit2: -@@ -3721,6 +3862,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3722,6 +3863,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -64777,7 +64442,7 @@ index a7b05bf..9b251d4 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3747,10 +3890,22 @@ retry_deleg: +@@ -3748,10 +3891,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -64800,7 +64465,7 @@ index a7b05bf..9b251d4 100644 exit2: dput(dentry); } -@@ -3839,9 +3994,17 @@ retry: +@@ -3840,9 +3995,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -64818,7 +64483,7 @@ index a7b05bf..9b251d4 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3945,6 +4108,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3946,6 +4109,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -64826,7 +64491,7 @@ index a7b05bf..9b251d4 100644 int how = 0; int error; -@@ -3968,7 +4132,7 @@ retry: +@@ -3969,7 +4133,7 @@ retry: if (error) return error; @@ -64835,7 +64500,7 @@ index a7b05bf..9b251d4 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3980,11 +4144,28 @@ retry: +@@ -3981,11 +4145,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -64864,7 +64529,7 @@ index a7b05bf..9b251d4 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4295,6 +4476,12 @@ retry_deleg: +@@ -4296,6 +4477,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -64877,7 +64542,7 @@ index a7b05bf..9b251d4 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry, flags); if (error) -@@ -4302,6 +4489,9 @@ retry_deleg: +@@ -4303,6 +4490,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode, flags); @@ -64887,7 +64552,7 @@ index a7b05bf..9b251d4 100644 exit5: dput(new_dentry); exit4: -@@ -4344,14 +4534,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4345,14 +4535,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int readlink_copy(char __user *buffer, int buflen, const char *link) { @@ -64914,10 +64579,10 @@ index a7b05bf..9b251d4 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index ef42d9b..b8dfe4f 100644 +index 550dbff..c4ad324 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1360,6 +1360,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1362,6 +1362,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -64927,7 +64592,7 @@ index ef42d9b..b8dfe4f 100644 return retval; } -@@ -1382,6 +1385,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1384,6 +1387,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -64937,7 +64602,7 @@ index ef42d9b..b8dfe4f 100644 return retval; } -@@ -1401,7 +1407,7 @@ static inline bool may_mount(void) +@@ -1403,7 +1409,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -64946,7 +64611,7 @@ index ef42d9b..b8dfe4f 100644 { struct path path; struct mount *mnt; -@@ -1443,7 +1449,7 @@ out: +@@ -1445,7 +1451,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -64955,7 +64620,7 @@ index ef42d9b..b8dfe4f 100644 { return sys_umount(name, 0); } -@@ -2492,6 +2498,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2494,6 +2500,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -64972,7 +64637,7 @@ index ef42d9b..b8dfe4f 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2506,6 +2522,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2508,6 +2524,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -64982,7 +64647,7 @@ index ef42d9b..b8dfe4f 100644 return retval; } -@@ -2523,7 +2542,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2525,7 +2544,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -64991,7 +64656,7 @@ index ef42d9b..b8dfe4f 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2538,7 +2557,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2540,7 +2559,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -65000,7 +64665,7 @@ index ef42d9b..b8dfe4f 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2548,7 +2567,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2550,7 +2569,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -65009,7 +64674,7 @@ index ef42d9b..b8dfe4f 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2669,8 +2688,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2671,8 +2690,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -65020,7 +64685,7 @@ index ef42d9b..b8dfe4f 100644 { int ret; char *kernel_type; -@@ -2783,6 +2802,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2785,6 +2804,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -65032,17 +64697,7 @@ index ef42d9b..b8dfe4f 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -2820,6 +2844,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, - /* make sure we can reach put_old from new_root */ - if (!is_path_reachable(old_mnt, old.dentry, &new)) - goto out4; -+ /* make certain new is below the root */ -+ if (!is_path_reachable(new_mnt, new.dentry, &root)) -+ goto out4; - root_mp->m_count++; /* pin it so it won't go away */ - lock_mount_hash(); - detach_mnt(new_mnt, &parent_path); -@@ -3051,7 +3078,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -3056,7 +3080,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -65065,7 +64720,7 @@ index f4ccfe6..a5cf064 100644 static struct callback_op callback_ops[]; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 577a36f..1cde799 100644 +index 0689aa5..299386e 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1228,16 +1228,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt @@ -65089,7 +64744,7 @@ index 577a36f..1cde799 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index 5e0dc52..64681bc 100644 +index 1d3cb47..2b8ed89 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1155,7 +1155,7 @@ struct nfsd4_operation { @@ -65102,7 +64757,7 @@ index 5e0dc52..64681bc 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index b01f6e1..4aab09a 100644 +index 353aac8..32035ee 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -1534,7 +1534,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) @@ -65153,7 +64808,7 @@ index ff95676..96cf3f62 100644 break; case RC_REPLBUFF: diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index f501a9b..8155556 100644 +index 6ab077b..5ac7f0b 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -855,7 +855,7 @@ __be32 nfsd_readv(struct file *file, loff_t offset, struct kvec *vec, int vlen, @@ -65289,7 +64944,7 @@ index a80a741..7b96e1b 100644 } diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index b13992a..536c8d8 100644 +index c991616..5ae51af 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -216,8 +216,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, @@ -65412,6 +65067,19 @@ index 0440134..d52c93a 100644 bail: if (handle) +diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c +index 8add6f1..b931e04 100644 +--- a/fs/ocfs2/namei.c ++++ b/fs/ocfs2/namei.c +@@ -158,7 +158,7 @@ bail_add: + * NOTE: This dentry already has ->d_op set from + * ocfs2_get_parent() and ocfs2_get_dentry() + */ +- if (ret) ++ if (!IS_ERR_OR_NULL(ret)) + dentry = ret; + + status = ocfs2_dentry_attach_lock(dentry, inode, diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h index bbec539..7b266d5 100644 --- a/fs/ocfs2/ocfs2.h @@ -68156,19 +67824,6 @@ index ae0c3ce..9ee641c 100644 generic_fillattr(inode, stat); return 0; -diff --git a/fs/super.c b/fs/super.c -index b9a214d..6f8c954 100644 ---- a/fs/super.c -+++ b/fs/super.c -@@ -80,6 +80,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink, - inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid); - dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid); - total_objects = dentries + inodes + fs_objects + 1; -+ if (!total_objects) -+ total_objects = 1; - - /* proportion the scan between the caches */ - dentries = mult_frac(sc->nr_to_scan, dentries, total_objects); diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index 0b45ff4..847de5b 100644 --- a/fs/sysfs/dir.c @@ -68498,6 +68153,28 @@ index 3799695..0ddc953 100644 copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32))) goto out_put; +diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h +index d10dc8f..56b3430 100644 +--- a/fs/xfs/xfs_linux.h ++++ b/fs/xfs/xfs_linux.h +@@ -230,7 +230,7 @@ static inline kgid_t xfs_gid_to_kgid(__uint32_t gid) + * of the compiler which do not like us using do_div in the middle + * of large functions. + */ +-static inline __u32 xfs_do_div(void *a, __u32 b, int n) ++static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n) + { + __u32 mod; + +@@ -286,7 +286,7 @@ static inline __u32 xfs_do_mod(void *a, __u32 b, int n) + return 0; + } + #else +-static inline __u32 xfs_do_div(void *a, __u32 b, int n) ++static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n) + { + __u32 mod; + diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 index 0000000..f27264e @@ -80500,10 +80177,10 @@ index cbc5833..8123ebc 100644 if (sizeof(l) == 4) return fls(l); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 518b465..11953e6 100644 +index f2057ff8..59dfa2d 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1627,7 +1627,7 @@ struct block_device_operations { +@@ -1625,7 +1625,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -80600,19 +80277,6 @@ index 411dd7e..ee38878 100644 /** * struct clk_init_data - holds init data that's common to all clocks and is -diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h -index 653f0e2..abcafaa 100644 ---- a/include/linux/clocksource.h -+++ b/include/linux/clocksource.h -@@ -287,7 +287,7 @@ extern struct clocksource* clocksource_get_next(void); - extern void clocksource_change_rating(struct clocksource *cs, int rating); - extern void clocksource_suspend(void); - extern void clocksource_resume(void); --extern struct clocksource * __init __weak clocksource_default_clock(void); -+extern struct clocksource * __init clocksource_default_clock(void); - extern void clocksource_mark_unstable(struct clocksource *cs); - - extern u64 diff --git a/include/linux/compat.h b/include/linux/compat.h index e649426..a74047b 100644 --- a/include/linux/compat.h @@ -80947,32 +80611,6 @@ index 2997af6..424ddc1 100644 int cpumask_any_but(const struct cpumask *mask, unsigned int cpu); int cpumask_set_cpu_local_first(int i, int numa_node, cpumask_t *dstp); -diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h -index 72ab536..3849fce 100644 ---- a/include/linux/crash_dump.h -+++ b/include/linux/crash_dump.h -@@ -14,14 +14,13 @@ - extern unsigned long long elfcorehdr_addr; - extern unsigned long long elfcorehdr_size; - --extern int __weak elfcorehdr_alloc(unsigned long long *addr, -- unsigned long long *size); --extern void __weak elfcorehdr_free(unsigned long long addr); --extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos); --extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos); --extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma, -- unsigned long from, unsigned long pfn, -- unsigned long size, pgprot_t prot); -+extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size); -+extern void elfcorehdr_free(unsigned long long addr); -+extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos); -+extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos); -+extern int remap_oldmem_pfn_range(struct vm_area_struct *vma, -+ unsigned long from, unsigned long pfn, -+ unsigned long size, pgprot_t prot); - - extern ssize_t copy_oldmem_page(unsigned long, char *, size_t, - unsigned long, int); diff --git a/include/linux/cred.h b/include/linux/cred.h index b2d0820..2ecafd3 100644 --- a/include/linux/cred.h @@ -83253,7 +82891,7 @@ index 44792ee..6172f2a 100644 extern struct key_type key_type_keyring; diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index 6b06d37..19f605f 100644 +index e465bb1..19f605f 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -52,7 +52,7 @@ extern int kgdb_connected; @@ -83274,7 +82912,7 @@ index 6b06d37..19f605f 100644 /** * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB. -@@ -279,11 +279,11 @@ struct kgdb_io { +@@ -279,7 +279,7 @@ struct kgdb_io { void (*pre_exception) (void); void (*post_exception) (void); int is_console; @@ -83283,11 +82921,6 @@ index 6b06d37..19f605f 100644 extern struct kgdb_arch arch_kgdb_ops; --extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs); -+extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs); - - #ifdef CONFIG_SERIAL_KGDB_NMI - extern int kgdb_register_nmi_console(void); diff --git a/include/linux/kmod.h b/include/linux/kmod.h index 0555cc6..40116ce 100644 --- a/include/linux/kmod.h @@ -83537,19 +83170,6 @@ index c45c089..298841c 100644 { u32 remainder; return div_u64_rem(dividend, divisor, &remainder); -diff --git a/include/linux/memory.h b/include/linux/memory.h -index bb7384e..8b8d8d1 100644 ---- a/include/linux/memory.h -+++ b/include/linux/memory.h -@@ -35,7 +35,7 @@ struct memory_block { - }; - - int arch_get_memory_phys_device(unsigned long start_pfn); --unsigned long __weak memory_block_size_bytes(void); -+unsigned long memory_block_size_bytes(void); - - /* These states are exposed to userspace as text strings in sysfs */ - #define MEM_ONLINE (1<<0) /* exposed to userspace */ diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h index f230a97..714c006 100644 --- a/include/linux/mempolicy.h @@ -83576,7 +83196,7 @@ index f230a97..714c006 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) diff --git a/include/linux/mm.h b/include/linux/mm.h -index 8981cc8..76fd8c2 100644 +index f952cc8..b9f6135 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp); @@ -83610,7 +83230,7 @@ index 8981cc8..76fd8c2 100644 struct mmu_gather; struct inode; -@@ -1144,8 +1150,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -1163,8 +1169,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -83621,7 +83241,7 @@ index 8981cc8..76fd8c2 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1184,9 +1190,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1204,9 +1210,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -83634,7 +83254,7 @@ index 8981cc8..76fd8c2 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1219,34 +1225,6 @@ int set_page_dirty_lock(struct page *page); +@@ -1238,34 +1244,6 @@ int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); int get_cmdline(struct task_struct *task, char *buffer, int buflen); @@ -83669,7 +83289,7 @@ index 8981cc8..76fd8c2 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1346,6 +1324,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1365,6 +1343,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -83685,7 +83305,7 @@ index 8981cc8..76fd8c2 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1364,8 +1351,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1383,8 +1370,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -83701,7 +83321,7 @@ index 8981cc8..76fd8c2 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1374,8 +1368,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1393,8 +1387,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -83717,7 +83337,7 @@ index 8981cc8..76fd8c2 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1393,11 +1394,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1412,11 +1413,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -83741,7 +83361,7 @@ index 8981cc8..76fd8c2 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTE_PTLOCKS -@@ -1796,7 +1809,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1815,7 +1828,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -83750,7 +83370,7 @@ index 8981cc8..76fd8c2 100644 extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); -@@ -1804,6 +1817,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1823,6 +1836,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -83758,7 +83378,7 @@ index 8981cc8..76fd8c2 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1832,10 +1846,11 @@ struct vm_unmapped_area_info { +@@ -1851,10 +1865,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; @@ -83772,7 +83392,7 @@ index 8981cc8..76fd8c2 100644 /* * Search for an unmapped address range. -@@ -1847,7 +1862,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); +@@ -1866,7 +1881,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) */ static inline unsigned long @@ -83781,7 +83401,7 @@ index 8981cc8..76fd8c2 100644 { if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) return unmapped_area(info); -@@ -1909,6 +1924,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1928,6 +1943,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -83792,7 +83412,7 @@ index 8981cc8..76fd8c2 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1937,15 +1956,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1956,15 +1975,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -83808,7 +83428,7 @@ index 8981cc8..76fd8c2 100644 #ifdef CONFIG_NUMA_BALANCING unsigned long change_prot_numa(struct vm_area_struct *vma, unsigned long start, unsigned long end); -@@ -1997,6 +2007,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -2016,6 +2026,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -83820,7 +83440,7 @@ index 8981cc8..76fd8c2 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -2085,7 +2100,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -2104,7 +2119,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -83829,7 +83449,7 @@ index 8981cc8..76fd8c2 100644 extern int soft_offline_page(struct page *page, int flags); #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS) -@@ -2120,5 +2135,11 @@ void __init setup_nr_node_ids(void); +@@ -2139,5 +2154,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -83906,10 +83526,10 @@ index c5d5278..f0b68c8 100644 } diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 318df70..b74ec01 100644 +index b21bac4..94142ca 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -518,7 +518,7 @@ struct zone { +@@ -527,7 +527,7 @@ struct zone { ZONE_PADDING(_pad3_) /* Zone statistics */ @@ -85009,7 +84629,7 @@ index ed8f9e7..999bc96 100644 } diff --git a/include/linux/sched.h b/include/linux/sched.h -index b867a4d..84f03ad 100644 +index 2b1d9e9..10ba706 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -132,6 +132,7 @@ struct fs_struct; @@ -85255,7 +84875,7 @@ index b867a4d..84f03ad 100644 { return tsk->pid; } -@@ -2095,6 +2209,25 @@ extern u64 sched_clock_cpu(int cpu); +@@ -2097,6 +2211,25 @@ extern u64 sched_clock_cpu(int cpu); extern void sched_clock_init(void); @@ -85281,7 +84901,7 @@ index b867a4d..84f03ad 100644 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK static inline void sched_clock_tick(void) { -@@ -2228,7 +2361,9 @@ void yield(void); +@@ -2230,7 +2363,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -85291,7 +84911,7 @@ index b867a4d..84f03ad 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2261,6 +2396,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2263,6 +2398,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -85299,7 +84919,7 @@ index b867a4d..84f03ad 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2425,7 +2561,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2427,7 +2563,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -85308,7 +84928,7 @@ index b867a4d..84f03ad 100644 extern int do_execve(struct filename *, const char __user * const __user *, -@@ -2640,9 +2776,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2642,9 +2778,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -85680,29 +85300,6 @@ index 680f9a3..f13aeb0 100644 __SONET_ITEMS #undef __HANDLE_ITEM }; -diff --git a/include/linux/string.h b/include/linux/string.h -index d36977e..3b42b37 100644 ---- a/include/linux/string.h -+++ b/include/linux/string.h -@@ -132,7 +132,7 @@ int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4); - #endif - - extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos, -- const void *from, size_t available); -+ const void *from, size_t available); - - /** - * strstarts - does @str start with @prefix? -@@ -144,7 +144,8 @@ static inline bool strstarts(const char *str, const char *prefix) - return strncmp(str, prefix, strlen(prefix)) == 0; - } - --extern size_t memweight(const void *ptr, size_t bytes); -+size_t memweight(const void *ptr, size_t bytes); -+void memzero_explicit(void *s, size_t count); - - /** - * kbasename - return the last part of a pathname. diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h index 07d8e53..dc934c9 100644 --- a/include/linux/sunrpc/addr.h @@ -87047,7 +86644,7 @@ index 4a5b9a3..ca27d73 100644 .combine = sctp_csum_combine, }; diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h -index 7f4eeb3..37e8fe1 100644 +index 72a31db..aaa63d9 100644 --- a/include/net/sctp/sm.h +++ b/include/net/sctp/sm.h @@ -80,7 +80,7 @@ typedef void (sctp_timer_event_t) (unsigned long); @@ -88102,7 +87699,7 @@ index bece48c..e911bd8 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index bb1aed9..64f9745 100644 +index d0f4b59..0c4b184 100644 --- a/init/main.c +++ b/init/main.c @@ -98,6 +98,8 @@ extern void radix_tree_init(void); @@ -88303,7 +87900,7 @@ index b5ef4f7..ff31d87 100644 case SHMDT: return sys_shmdt(compat_ptr(ptr)); diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c -index c3f0326..d4e0579 100644 +index e8075b2..76f2c6a 100644 --- a/ipc/ipc_sysctl.c +++ b/ipc/ipc_sysctl.c @@ -30,7 +30,7 @@ static void *get_ipc(struct ctl_table *table) @@ -88348,9 +87945,9 @@ index c3f0326..d4e0579 100644 { - struct ctl_table ipc_table; + ctl_table_no_const ipc_table; - size_t lenp_bef = *lenp; int oldval; int rc; + diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c index 68d4e95..1477ded 100644 --- a/ipc/mq_sysctl.c @@ -88478,7 +88075,7 @@ index 27d74e6..8be0be2 100644 if ((requested_mode & ~granted_mode & 0007) && !ns_capable(ns->user_ns, CAP_IPC_OWNER)) diff --git a/kernel/audit.c b/kernel/audit.c -index ba2ff5a..c6c0deb 100644 +index 6726aa6..bb864a9 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -122,7 +122,7 @@ u32 audit_sig_sid = 0; @@ -89185,7 +88782,7 @@ index 379650b..30c5180 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 963bf13..a78dd3e 100644 +index 658f232..32e9595 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -161,8 +161,15 @@ static struct srcu_struct pmus_srcu; @@ -89223,7 +88820,7 @@ index 963bf13..a78dd3e 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -3034,7 +3041,7 @@ static void __perf_event_read(void *info) +@@ -3051,7 +3058,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -89232,7 +88829,7 @@ index 963bf13..a78dd3e 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3410,9 +3417,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3430,9 +3437,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -89244,7 +88841,7 @@ index 963bf13..a78dd3e 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3861,10 +3868,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3881,10 +3888,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -89257,7 +88854,7 @@ index 963bf13..a78dd3e 100644 arch_perf_update_userpage(userpg, now); -@@ -4428,7 +4435,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, +@@ -4448,7 +4455,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, /* Data. */ sp = perf_user_stack_pointer(regs); @@ -89266,7 +88863,7 @@ index 963bf13..a78dd3e 100644 dyn_size = dump_size - rem; perf_output_skip(handle, rem); -@@ -4519,11 +4526,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -4539,11 +4546,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -89280,7 +88877,7 @@ index 963bf13..a78dd3e 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -6838,7 +6845,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6858,7 +6865,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(task_active_pid_ns(current)); @@ -89289,7 +88886,7 @@ index 963bf13..a78dd3e 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -7117,6 +7124,11 @@ SYSCALL_DEFINE5(perf_event_open, +@@ -7137,6 +7144,11 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; @@ -89301,7 +88898,7 @@ index 963bf13..a78dd3e 100644 err = perf_copy_attr(attr_uptr, &attr); if (err) return err; -@@ -7469,10 +7481,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -7489,10 +7501,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -89861,7 +89458,7 @@ index a91e47d..71c9064 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 815d7af..3d0743b 100644 +index 22b3f1b..6820bc0 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -202,7 +202,7 @@ struct futex_pi_state { @@ -89882,16 +89479,7 @@ index 815d7af..3d0743b 100644 static const struct futex_q futex_q_init = { /* list gets initialized in queue_me()*/ -@@ -343,6 +343,8 @@ static void get_futex_key_refs(union futex_key *key) - case FUT_OFF_MMSHARED: - futex_get_mm(key); /* implies MB (B) */ - break; -+ default: -+ smp_mb(); /* explicit MB (B) */ - } - } - -@@ -394,6 +396,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -396,6 +396,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -89903,7 +89491,7 @@ index 815d7af..3d0743b 100644 /* * The futex address must be "naturally" aligned. */ -@@ -593,7 +600,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, +@@ -595,7 +600,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, static int get_futex_value_locked(u32 *dest, u32 __user *from) { @@ -89912,7 +89500,7 @@ index 815d7af..3d0743b 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -2998,6 +3005,7 @@ static void __init futex_detect_cmpxchg(void) +@@ -3000,6 +3005,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; @@ -89920,7 +89508,7 @@ index 815d7af..3d0743b 100644 /* * This will fail and we want it. Some arch implementations do -@@ -3009,8 +3017,11 @@ static void __init futex_detect_cmpxchg(void) +@@ -3011,8 +3017,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -90724,7 +90312,7 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index 03214bd2..6242887 100644 +index 1c47139..6242887 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -60,6 +60,7 @@ @@ -90919,17 +90507,7 @@ index 03214bd2..6242887 100644 set_memory_ro); } } -@@ -1842,7 +1861,9 @@ static void free_module(struct module *mod) - - /* We leave it in list to prevent duplicate loads, but make sure - * that noone uses it while it's being deconstructed. */ -+ mutex_lock(&module_mutex); - mod->state = MODULE_STATE_UNFORMED; -+ mutex_unlock(&module_mutex); - - /* Remove dynamic debug info */ - ddebug_remove_module(mod->name); -@@ -1863,16 +1884,19 @@ static void free_module(struct module *mod) +@@ -1865,16 +1884,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -90952,7 +90530,7 @@ index 03214bd2..6242887 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1941,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1943,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -90984,7 +90562,7 @@ index 03214bd2..6242887 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* Ignore common symbols */ -@@ -1968,7 +2014,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1970,7 +2014,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -90994,7 +90572,7 @@ index 03214bd2..6242887 100644 break; } -@@ -1987,11 +2035,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1989,11 +2035,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -91015,7 +90593,7 @@ index 03214bd2..6242887 100644 return ret; } -@@ -2075,22 +2132,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2077,22 +2132,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -91042,7 +90620,7 @@ index 03214bd2..6242887 100644 } pr_debug("Init section allocation order:\n"); -@@ -2104,23 +2151,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2106,23 +2151,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -91071,7 +90649,7 @@ index 03214bd2..6242887 100644 } } -@@ -2293,7 +2330,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2295,7 +2330,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -91080,7 +90658,7 @@ index 03214bd2..6242887 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2310,13 +2347,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2312,13 +2347,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -91098,7 +90676,7 @@ index 03214bd2..6242887 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2334,12 +2371,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2336,12 +2371,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -91115,7 +90693,7 @@ index 03214bd2..6242887 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2351,6 +2390,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2353,6 +2390,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -91124,7 +90702,7 @@ index 03214bd2..6242887 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2384,17 +2425,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2386,17 +2425,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -91163,7 +90741,7 @@ index 03214bd2..6242887 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2648,7 +2705,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2650,7 +2705,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) mod = (void *)info->sechdrs[info->index.mod].sh_addr; if (info->index.sym == 0) { @@ -91179,7 +90757,7 @@ index 03214bd2..6242887 100644 return ERR_PTR(-ENOEXEC); } -@@ -2664,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2666,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -91194,7 +90772,7 @@ index 03214bd2..6242887 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2690,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2692,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -91203,7 +90781,7 @@ index 03214bd2..6242887 100644 return 0; } -@@ -2784,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2786,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -91212,7 +90790,7 @@ index 03214bd2..6242887 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2794,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2796,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -91228,7 +90806,7 @@ index 03214bd2..6242887 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2807,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2809,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -91278,7 +90856,7 @@ index 03214bd2..6242887 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2824,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2826,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -91331,7 +90909,7 @@ index 03214bd2..6242887 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2890,12 +3022,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2892,12 +3022,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -91350,7 +90928,7 @@ index 03214bd2..6242887 100644 set_fs(old_fs); } -@@ -2952,8 +3084,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) +@@ -2954,8 +3084,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -91363,7 +90941,7 @@ index 03214bd2..6242887 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2966,7 +3100,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2968,7 +3100,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -91373,7 +90951,7 @@ index 03214bd2..6242887 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3075,11 +3211,12 @@ static int do_init_module(struct module *mod) +@@ -3077,11 +3211,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -91391,7 +90969,7 @@ index 03214bd2..6242887 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3147,16 +3284,16 @@ static int complete_formation(struct module *mod, struct load_info *info) +@@ -3149,16 +3284,16 @@ static int complete_formation(struct module *mod, struct load_info *info) module_bug_finalize(info->hdr, info->sechdrs, mod); /* Set RO and NX regions for core */ @@ -91416,7 +90994,7 @@ index 03214bd2..6242887 100644 /* Mark state as coming so strong_try_module_get() ignores us, * but kallsyms etc. can see us. */ -@@ -3240,9 +3377,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3242,9 +3377,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -91455,7 +91033,7 @@ index 03214bd2..6242887 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3258,13 +3424,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3260,13 +3424,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -91469,7 +91047,7 @@ index 03214bd2..6242887 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ -@@ -3312,11 +3471,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3314,11 +3471,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -91482,7 +91060,7 @@ index 03214bd2..6242887 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3401,10 +3559,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3403,10 +3559,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -91502,7 +91080,7 @@ index 03214bd2..6242887 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3652,7 +3816,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3654,7 +3816,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -91511,7 +91089,7 @@ index 03214bd2..6242887 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3661,7 +3825,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3663,7 +3825,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -91520,7 +91098,7 @@ index 03214bd2..6242887 100644 /* Taints info */ if (mod->taints) -@@ -3697,7 +3861,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3699,7 +3861,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -91538,7 +91116,7 @@ index 03214bd2..6242887 100644 return 0; } module_init(proc_modules_init); -@@ -3758,7 +3932,8 @@ struct module *__module_address(unsigned long addr) +@@ -3760,7 +3932,8 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -91548,7 +91126,7 @@ index 03214bd2..6242887 100644 return NULL; list_for_each_entry_rcu(mod, &modules, list) { -@@ -3799,11 +3974,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3801,11 +3974,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -91765,7 +91343,7 @@ index e4e4121..71faf14 100644 select LZO_COMPRESS select LZO_DECOMPRESS diff --git a/kernel/power/process.c b/kernel/power/process.c -index 4ee194e..925778f 100644 +index 7a37cf3..3e4c1c8 100644 --- a/kernel/power/process.c +++ b/kernel/power/process.c @@ -35,6 +35,7 @@ static int try_to_freeze_tasks(bool user_only) @@ -92190,7 +91768,7 @@ index 858c565..7efd915 100644 static void check_cpu_stalls(void) diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c -index 1b70cb6..ea62b0a 100644 +index 89a404a..f42a019 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -263,7 +263,7 @@ static void rcu_momentary_dyntick_idle(void) @@ -92423,7 +92001,7 @@ index 1b70cb6..ea62b0a 100644 - ACCESS_ONCE(rsp->gp_flags) |= RCU_GP_FLAG_FQS; + ACCESS_ONCE_RW(rsp->gp_flags) |= RCU_GP_FLAG_FQS; raw_spin_unlock_irqrestore(&rnp_old->lock, flags); - wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */ + rcu_gp_kthread_wake(rsp); } @@ -2550,7 +2550,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) /* @@ -92935,7 +92513,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index ec1a286..6b516b8 100644 +index 6d7cb91..420f2d2 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1857,7 +1857,7 @@ void set_numabalancing_state(bool enabled) @@ -92947,7 +92525,7 @@ index ec1a286..6b516b8 100644 int err; int state = numabalancing_enabled; -@@ -2320,8 +2320,10 @@ context_switch(struct rq *rq, struct task_struct *prev, +@@ -2324,8 +2324,10 @@ context_switch(struct rq *rq, struct task_struct *prev, next->active_mm = oldmm; atomic_inc(&oldmm->mm_count); enter_lazy_tlb(oldmm, next); @@ -92959,7 +92537,7 @@ index ec1a286..6b516b8 100644 if (!prev->mm) { prev->active_mm = NULL; -@@ -3103,6 +3105,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3107,6 +3109,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = nice_to_rlimit(nice); @@ -92968,7 +92546,7 @@ index ec1a286..6b516b8 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3129,7 +3133,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3133,7 +3137,8 @@ SYSCALL_DEFINE1(nice, int, increment) nice = task_nice(current) + increment; nice = clamp_val(nice, MIN_NICE, MAX_NICE); @@ -92978,7 +92556,7 @@ index ec1a286..6b516b8 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3408,6 +3413,7 @@ recheck: +@@ -3412,6 +3417,7 @@ recheck: if (policy != p->policy && !rlim_rtprio) return -EPERM; @@ -92986,7 +92564,7 @@ index ec1a286..6b516b8 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4797,6 +4803,7 @@ void idle_task_exit(void) +@@ -4802,6 +4808,7 @@ void idle_task_exit(void) if (mm != &init_mm) { switch_mm(mm, &init_mm, current); @@ -92994,7 +92572,7 @@ index ec1a286..6b516b8 100644 finish_arch_post_lock_switch(); } mmdrop(mm); -@@ -4892,7 +4899,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4897,7 +4904,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -93003,7 +92581,7 @@ index ec1a286..6b516b8 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4909,17 +4916,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4914,17 +4921,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -93025,7 +92603,7 @@ index ec1a286..6b516b8 100644 /* * In the intermediate directories, both the child directory and -@@ -4927,22 +4934,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4932,22 +4939,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -93057,7 +92635,7 @@ index ec1a286..6b516b8 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4962,7 +4972,7 @@ set_table_entry(struct ctl_table *entry, +@@ -4967,7 +4977,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -93066,7 +92644,7 @@ index ec1a286..6b516b8 100644 if (table == NULL) return NULL; -@@ -5000,9 +5010,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -5005,9 +5015,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -93078,7 +92656,7 @@ index ec1a286..6b516b8 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -5029,11 +5039,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -5034,11 +5044,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -93093,7 +92671,7 @@ index ec1a286..6b516b8 100644 if (entry == NULL) return; -@@ -5056,8 +5068,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -5061,8 +5073,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -93894,7 +93472,7 @@ index 3b89464..5e38379 100644 .clock_get = thread_cpu_clock_get, .timer_create = thread_cpu_timer_create, diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c -index 42b463a..a6b008f 100644 +index 31ea01f..7fc61ef 100644 --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -43,6 +43,7 @@ @@ -93995,7 +93573,7 @@ index 42b463a..a6b008f 100644 int it_id_set = IT_ID_NOT_SET; if (!kc) -@@ -1013,6 +1014,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, +@@ -1014,6 +1015,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; @@ -94292,7 +93870,7 @@ index 5916a8e..5cd3b1f 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 2d75c94..5ef6d32 100644 +index a56e07c..d46f0ba 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -94318,7 +93896,7 @@ index 2d75c94..5ef6d32 100644 local_t dropped_events; local_t committing; local_t commits; -@@ -1005,8 +1005,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1032,8 +1032,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -94329,7 +93907,7 @@ index 2d75c94..5ef6d32 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -1034,8 +1034,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1061,8 +1061,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -94340,7 +93918,7 @@ index 2d75c94..5ef6d32 100644 /* * No need to worry about races with clearing out the commit. -@@ -1402,12 +1402,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1429,12 +1429,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -94355,7 +93933,7 @@ index 2d75c94..5ef6d32 100644 } static int -@@ -1502,7 +1502,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1529,7 +1529,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -94364,7 +93942,7 @@ index 2d75c94..5ef6d32 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -2064,7 +2064,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2091,7 +2091,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -94373,7 +93951,7 @@ index 2d75c94..5ef6d32 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2214,7 +2214,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2241,7 +2241,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -94382,7 +93960,7 @@ index 2d75c94..5ef6d32 100644 return; } -@@ -2249,7 +2249,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2276,7 +2276,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -94391,7 +93969,7 @@ index 2d75c94..5ef6d32 100644 return; } -@@ -2261,7 +2261,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2288,7 +2288,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -94400,7 +93978,7 @@ index 2d75c94..5ef6d32 100644 } /* -@@ -2287,7 +2287,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2314,7 +2314,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -94409,7 +93987,7 @@ index 2d75c94..5ef6d32 100644 goto out_reset; } -@@ -2343,7 +2343,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2370,7 +2370,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -94418,7 +93996,7 @@ index 2d75c94..5ef6d32 100644 goto out_reset; } } -@@ -2391,7 +2391,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -94427,7 +94005,7 @@ index 2d75c94..5ef6d32 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2442,7 +2442,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -94436,7 +94014,7 @@ index 2d75c94..5ef6d32 100644 /* * If this is the first commit on the page, then update -@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2475,7 +2475,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -94445,7 +94023,7 @@ index 2d75c94..5ef6d32 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2485,7 +2485,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -94454,7 +94032,7 @@ index 2d75c94..5ef6d32 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2877,7 +2877,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -94463,7 +94041,7 @@ index 2d75c94..5ef6d32 100644 return; } -@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2889,7 +2889,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -94472,7 +94050,7 @@ index 2d75c94..5ef6d32 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -3146,7 +3146,7 @@ static inline unsigned long +@@ -3173,7 +3173,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -94481,7 +94059,7 @@ index 2d75c94..5ef6d32 100644 } /** -@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3262,7 +3262,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -94490,7 +94068,7 @@ index 2d75c94..5ef6d32 100644 return ret; } -@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3285,7 +3285,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -94499,7 +94077,7 @@ index 2d75c94..5ef6d32 100644 return ret; } -@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3370,7 +3370,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -94508,7 +94086,7 @@ index 2d75c94..5ef6d32 100644 } return overruns; -@@ -3514,8 +3514,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3541,8 +3541,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -94519,7 +94097,7 @@ index 2d75c94..5ef6d32 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3549,7 +3549,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3576,7 +3576,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -94528,7 +94106,7 @@ index 2d75c94..5ef6d32 100644 /* * Here's the tricky part. -@@ -4121,8 +4121,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4148,8 +4148,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -94539,7 +94117,7 @@ index 2d75c94..5ef6d32 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4132,14 +4132,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4159,14 +4159,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -94558,7 +94136,7 @@ index 2d75c94..5ef6d32 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4544,8 +4544,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4571,8 +4571,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -94570,10 +94148,10 @@ index 2d75c94..5ef6d32 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 8a52839..dd6d7c8 100644 +index 1520933..c651ebc 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -3487,7 +3487,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) +@@ -3488,7 +3488,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) return 0; } @@ -94718,6 +94296,46 @@ index 8a4e5cb..64f270d 100644 return; local_irq_save(flags); +diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c +index 7e3cd7a..5156a5fe 100644 +--- a/kernel/trace/trace_syscalls.c ++++ b/kernel/trace/trace_syscalls.c +@@ -602,6 +602,8 @@ static int perf_sysenter_enable(struct ftrace_event_call *call) + int num; + + num = ((struct syscall_metadata *)call->data)->syscall_nr; ++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls)) ++ return -EINVAL; + + mutex_lock(&syscall_trace_lock); + if (!sys_perf_refcount_enter) +@@ -622,6 +624,8 @@ static void perf_sysenter_disable(struct ftrace_event_call *call) + int num; + + num = ((struct syscall_metadata *)call->data)->syscall_nr; ++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls)) ++ return; + + mutex_lock(&syscall_trace_lock); + sys_perf_refcount_enter--; +@@ -674,6 +678,8 @@ static int perf_sysexit_enable(struct ftrace_event_call *call) + int num; + + num = ((struct syscall_metadata *)call->data)->syscall_nr; ++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls)) ++ return -EINVAL; + + mutex_lock(&syscall_trace_lock); + if (!sys_perf_refcount_exit) +@@ -694,6 +700,8 @@ static void perf_sysexit_disable(struct ftrace_event_call *call) + int num; + + num = ((struct syscall_metadata *)call->data)->syscall_nr; ++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls)) ++ return; + + mutex_lock(&syscall_trace_lock); + sys_perf_refcount_exit--; diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index aa312b0..395f343 100644 --- a/kernel/user_namespace.c @@ -94885,10 +94503,10 @@ index 114d1be..ab0350c 100644 (val << avg->factor)) >> avg->weight : (val << avg->factor); diff --git a/lib/bitmap.c b/lib/bitmap.c -index 1e031f2..a53eb90 100644 +index 33ce011..89e3d6f 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c -@@ -429,7 +429,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, +@@ -433,7 +433,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, { int c, old_c, totaldigits, ndigits, nchunks, nbits; u32 chunk; @@ -94897,7 +94515,7 @@ index 1e031f2..a53eb90 100644 bitmap_zero(maskp, nmaskbits); -@@ -514,7 +514,7 @@ int bitmap_parse_user(const char __user *ubuf, +@@ -518,7 +518,7 @@ int bitmap_parse_user(const char __user *ubuf, { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; @@ -94906,7 +94524,7 @@ index 1e031f2..a53eb90 100644 ulen, 1, maskp, nmaskbits); } -@@ -605,7 +605,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, +@@ -609,7 +609,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, { unsigned a, b; int c, old_c, totaldigits; @@ -94915,7 +94533,7 @@ index 1e031f2..a53eb90 100644 int exp_digit, in_range; totaldigits = c = 0; -@@ -700,7 +700,7 @@ int bitmap_parselist_user(const char __user *ubuf, +@@ -704,7 +704,7 @@ int bitmap_parselist_user(const char __user *ubuf, { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; @@ -95451,33 +95069,6 @@ index 0922579..9d7adb9 100644 + printk("%lu pages hwpoisoned\n", atomic_long_read_unchecked(&num_poisoned_pages)); #endif } -diff --git a/lib/string.c b/lib/string.c -index f3c6ff5..70db57a 100644 ---- a/lib/string.c -+++ b/lib/string.c -@@ -604,6 +604,22 @@ void *memset(void *s, int c, size_t count) - EXPORT_SYMBOL(memset); - #endif - -+/** -+ * memzero_explicit - Fill a region of memory (e.g. sensitive -+ * keying data) with 0s. -+ * @s: Pointer to the start of the area. -+ * @count: The size of the area. -+ * -+ * memzero_explicit() doesn't need an arch-specific version as -+ * it just invokes the one of memset() implicitly. -+ */ -+void memzero_explicit(void *s, size_t count) -+{ -+ memset(s, 0, count); -+ OPTIMIZER_HIDE_VAR(s); -+} -+EXPORT_SYMBOL(memzero_explicit); -+ - #ifndef __HAVE_ARCH_MEMCPY - /** - * memcpy - Copy one area of memory to another diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index bb2b201..46abaf9 100644 --- a/lib/strncpy_from_user.c @@ -95987,18 +95578,18 @@ index eeceeeb..a209d58 100644 if (!ptep) return VM_FAULT_OOM; diff --git a/mm/internal.h b/mm/internal.h -index a1b651b..f688570 100644 +index 5f2772f..4c3882c 100644 --- a/mm/internal.h +++ b/mm/internal.h -@@ -109,6 +109,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); - * in mm/page_alloc.c - */ +@@ -134,6 +134,7 @@ __find_buddy_index(unsigned long page_idx, unsigned int order) + + extern int __isolate_free_page(struct page *page, unsigned int order); extern void __free_pages_bootmem(struct page *page, unsigned int order); +extern void free_compound_page(struct page *page); extern void prep_compound_page(struct page *page, unsigned long order); #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); -@@ -351,7 +352,7 @@ extern u32 hwpoison_filter_enable; +@@ -376,7 +377,7 @@ extern u32 hwpoison_filter_enable; extern unsigned long vm_mmap_pgoff(struct file *, unsigned long, unsigned long, unsigned long, @@ -96008,7 +95599,7 @@ index a1b651b..f688570 100644 extern void set_pageblock_order(void); unsigned long reclaim_clean_pages_from_list(struct zone *zone, diff --git a/mm/iov_iter.c b/mm/iov_iter.c -index 9a09f20..6ef0515 100644 +index 141dcf7..7327fd3 100644 --- a/mm/iov_iter.c +++ b/mm/iov_iter.c @@ -173,7 +173,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, @@ -96293,7 +95884,7 @@ index 44c6bd2..60369dc3 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index e229970..68218aa 100644 +index 37b80fc..68218aa 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -96343,15 +95934,7 @@ index e229970..68218aa 100644 vma->vm_file->f_op->mmap); dump_stack(); add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); -@@ -1147,6 +1153,7 @@ again: - print_bad_pte(vma, addr, ptent, page); - if (unlikely(!__tlb_remove_page(tlb, page))) { - force_flush = 1; -+ addr += PAGE_SIZE; - break; - } - continue; -@@ -1500,6 +1507,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -1501,6 +1507,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -96362,7 +95945,7 @@ index e229970..68218aa 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -1544,9 +1555,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -1545,9 +1555,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, if (!page_count(page)) return -EINVAL; if (!(vma->vm_flags & VM_MIXEDMAP)) { @@ -96384,7 +95967,7 @@ index e229970..68218aa 100644 } return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -1629,6 +1652,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -1630,6 +1652,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -96392,7 +95975,7 @@ index e229970..68218aa 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -1876,7 +1900,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -1877,7 +1900,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -96403,7 +95986,7 @@ index e229970..68218aa 100644 if (!pmd) return -ENOMEM; do { -@@ -1896,7 +1922,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -1897,7 +1922,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -96414,7 +95997,7 @@ index e229970..68218aa 100644 if (!pud) return -ENOMEM; do { -@@ -2018,6 +2046,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page, +@@ -2019,6 +2046,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page, return ret; } @@ -96601,7 +96184,7 @@ index e229970..68218aa 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2216,6 +2424,12 @@ gotten: +@@ -2217,6 +2424,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -96614,7 +96197,7 @@ index e229970..68218aa 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2269,6 +2483,10 @@ gotten: +@@ -2270,6 +2483,10 @@ gotten: page_remove_rmap(old_page); } @@ -96625,7 +96208,7 @@ index e229970..68218aa 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -2543,6 +2761,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2544,6 +2761,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -96637,7 +96220,7 @@ index e229970..68218aa 100644 unlock_page(page); if (page != swapcache) { /* -@@ -2566,6 +2789,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2567,6 +2789,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -96649,7 +96232,7 @@ index e229970..68218aa 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -2585,40 +2813,6 @@ out_release: +@@ -2586,40 +2813,6 @@ out_release: } /* @@ -96690,7 +96273,7 @@ index e229970..68218aa 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -2628,27 +2822,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2629,27 +2822,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned int flags) { struct mem_cgroup *memcg; @@ -96723,7 +96306,7 @@ index e229970..68218aa 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -2672,6 +2862,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2673,6 +2862,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -96735,7 +96318,7 @@ index e229970..68218aa 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); mem_cgroup_commit_charge(page, memcg, false); -@@ -2681,6 +2876,12 @@ setpte: +@@ -2682,6 +2876,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -96748,7 +96331,7 @@ index e229970..68218aa 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -2911,6 +3112,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2912,6 +3112,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, return ret; } do_set_pte(vma, address, fault_page, pte, false, false); @@ -96760,7 +96343,7 @@ index e229970..68218aa 100644 unlock_page(fault_page); unlock_out: pte_unmap_unlock(pte, ptl); -@@ -2953,7 +3159,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2954,7 +3159,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, page_cache_release(fault_page); goto uncharge_out; } @@ -96779,7 +96362,7 @@ index e229970..68218aa 100644 mem_cgroup_commit_charge(new_page, memcg, false); lru_cache_add_active_or_unevictable(new_page, vma); pte_unmap_unlock(pte, ptl); -@@ -3003,6 +3220,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3004,6 +3220,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, return ret; } do_set_pte(vma, address, fault_page, pte, true, false); @@ -96791,7 +96374,7 @@ index e229970..68218aa 100644 pte_unmap_unlock(pte, ptl); if (set_page_dirty(fault_page)) -@@ -3244,6 +3466,12 @@ static int handle_pte_fault(struct mm_struct *mm, +@@ -3245,6 +3466,12 @@ static int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -96804,7 +96387,7 @@ index e229970..68218aa 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3263,9 +3491,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3264,9 +3491,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -96846,7 +96429,7 @@ index e229970..68218aa 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3399,6 +3659,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3400,6 +3659,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -96870,7 +96453,7 @@ index e229970..68218aa 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3429,6 +3706,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3430,6 +3706,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -96901,7 +96484,7 @@ index e229970..68218aa 100644 #endif /* __PAGETABLE_PMD_FOLDED */ static int __follow_pte(struct mm_struct *mm, unsigned long address, -@@ -3538,8 +3839,8 @@ out: +@@ -3539,8 +3839,8 @@ out: return ret; } @@ -96912,7 +96495,7 @@ index e229970..68218aa 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -3565,8 +3866,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); +@@ -3566,8 +3866,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -96923,7 +96506,7 @@ index e229970..68218aa 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -3574,7 +3875,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3575,7 +3875,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -96932,7 +96515,7 @@ index e229970..68218aa 100644 void *maddr; struct page *page = NULL; -@@ -3635,8 +3936,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3636,8 +3936,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -96943,7 +96526,7 @@ index e229970..68218aa 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -3646,11 +3947,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -3647,11 +3947,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -97035,10 +96618,10 @@ index 8f5330d..b41914b 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 2740360..d20a37d 100644 +index 0143995..b294728 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1503,8 +1503,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1495,8 +1495,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -97124,7 +96707,7 @@ index ce84cb0..6d5a9aa 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index c0a3637..c760814 100644 +index ebc25fa..0ef0db0 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -41,6 +41,7 @@ @@ -97299,7 +96882,7 @@ index c0a3637..c760814 100644 + } if (err) return NULL; - khugepaged_enter_vma_merge(prev); + khugepaged_enter_vma_merge(prev, vm_flags); @@ -1067,12 +1138,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, @@ -97329,7 +96912,7 @@ index c0a3637..c760814 100644 + } if (err) return NULL; - khugepaged_enter_vma_merge(area); + khugepaged_enter_vma_merge(area, vm_flags); @@ -1181,8 +1267,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) @@ -97862,7 +97445,7 @@ index c0a3637..c760814 100644 + if (locknext) + vma_unlock_anon_vma(vma->vm_next); vma_unlock_anon_vma(vma); - khugepaged_enter_vma_merge(vma); + khugepaged_enter_vma_merge(vma, vma->vm_flags); validate_mm(vma->vm_mm); @@ -2205,6 +2525,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) @@ -97933,7 +97516,7 @@ index c0a3637..c760814 100644 vma_unlock_anon_vma(vma); + if (lockprev) + vma_unlock_anon_vma(prev); - khugepaged_enter_vma_merge(vma); + khugepaged_enter_vma_merge(vma, vma->vm_flags); validate_mm(vma->vm_mm); return error; @@ -2358,6 +2711,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) @@ -98782,7 +98365,7 @@ index a881d96..e5932cd 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index 91d73ef..0e564d2 100644 +index ba5fd97..5a95869 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -664,7 +664,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, @@ -98795,7 +98378,7 @@ index 91d73ef..0e564d2 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index eee9619..155d328 100644 +index c5fe124..2cf7f17 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -98815,7 +98398,7 @@ index eee9619..155d328 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -751,6 +752,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -740,6 +741,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -98826,7 +98409,7 @@ index eee9619..155d328 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -767,6 +772,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -756,6 +761,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -98839,7 +98422,7 @@ index eee9619..155d328 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -790,6 +801,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -779,6 +790,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -98860,7 +98443,7 @@ index eee9619..155d328 100644 void __init __free_pages_bootmem(struct page *page, unsigned int order) { unsigned int nr_pages = 1 << order; -@@ -805,6 +830,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) +@@ -794,6 +819,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -98880,7 +98463,7 @@ index eee9619..155d328 100644 page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -933,8 +971,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags) +@@ -922,8 +960,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -98891,7 +98474,7 @@ index eee9619..155d328 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -1612,7 +1652,7 @@ again: +@@ -1601,7 +1641,7 @@ again: } __mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order)); @@ -98900,7 +98483,7 @@ index eee9619..155d328 100644 !zone_is_fair_depleted(zone)) zone_set_flag(zone, ZONE_FAIR_DEPLETED); -@@ -1933,7 +1973,7 @@ static void reset_alloc_batches(struct zone *preferred_zone) +@@ -1922,7 +1962,7 @@ static void reset_alloc_batches(struct zone *preferred_zone) do { mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - @@ -98909,7 +98492,7 @@ index eee9619..155d328 100644 zone_clear_flag(zone, ZONE_FAIR_DEPLETED); } while (zone++ != preferred_zone); } -@@ -5702,7 +5742,7 @@ static void __setup_per_zone_wmarks(void) +@@ -5699,7 +5739,7 @@ static void __setup_per_zone_wmarks(void) __mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - @@ -98919,7 +98502,7 @@ index eee9619..155d328 100644 setup_zone_migrate_reserve(zone); spin_unlock_irqrestore(&zone->lock, flags); diff --git a/mm/percpu.c b/mm/percpu.c -index da997f9..19040e9 100644 +index 2139e30..1d45bce 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -123,7 +123,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; @@ -98983,7 +98566,7 @@ index 5077afc..846c9ef 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index 3e8491c..02abccc 100644 +index e01318d..25117ca 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -99146,7 +98729,7 @@ index 469f90d..34a09ee 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 7c52b38..dc55dcb 100644 +index 7c52b38..3ccc17e 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -316,10 +316,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) @@ -99199,29 +98782,28 @@ index 7c52b38..dc55dcb 100644 slab_early_init = 0; -@@ -3384,6 +3388,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, +@@ -3384,6 +3388,20 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, struct array_cache *ac = cpu_cache_get(cachep); check_irq_off(); + +#ifdef CONFIG_PAX_MEMORY_SANITIZE -+ if (pax_sanitize_slab) { -+ if (!(cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))) { -+ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size); ++ if (cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE)) ++ STATS_INC_NOT_SANITIZED(cachep); ++ else { ++ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size); + -+ if (cachep->ctor) -+ cachep->ctor(objp); ++ if (cachep->ctor) ++ cachep->ctor(objp); + -+ STATS_INC_SANITIZED(cachep); -+ } else -+ STATS_INC_NOT_SANITIZED(cachep); ++ STATS_INC_SANITIZED(cachep); + } +#endif + kmemleak_free_recursive(objp, cachep->flags); objp = cache_free_debugcheck(cachep, objp, caller); -@@ -3607,6 +3626,7 @@ void kfree(const void *objp) +@@ -3607,6 +3625,7 @@ void kfree(const void *objp) if (unlikely(ZERO_OR_NULL_PTR(objp))) return; @@ -99229,7 +98811,7 @@ index 7c52b38..dc55dcb 100644 local_irq_save(flags); kfree_debugcheck(objp); c = virt_to_cache(objp); -@@ -4056,14 +4076,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) +@@ -4056,14 +4075,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) } /* cpu stats */ { @@ -99256,7 +98838,7 @@ index 7c52b38..dc55dcb 100644 #endif } -@@ -4281,13 +4309,69 @@ static const struct file_operations proc_slabstats_operations = { +@@ -4281,13 +4308,69 @@ static const struct file_operations proc_slabstats_operations = { static int __init slab_proc_init(void) { #ifdef CONFIG_DEBUG_SLAB_LEAK @@ -99328,10 +98910,10 @@ index 7c52b38..dc55dcb 100644 * ksize - get the actual amount of memory allocated for a given object * @objp: Pointer to the object diff --git a/mm/slab.h b/mm/slab.h -index 0e0fdd3..c61c735 100644 +index 0e0fdd3..d0fd761 100644 --- a/mm/slab.h +++ b/mm/slab.h -@@ -32,6 +32,15 @@ extern struct list_head slab_caches; +@@ -32,6 +32,20 @@ extern struct list_head slab_caches; /* The slab cache that manages slab cache information */ extern struct kmem_cache *kmem_cache; @@ -99341,13 +98923,18 @@ index 0e0fdd3..c61c735 100644 +#else +#define PAX_MEMORY_SANITIZE_VALUE '\xff' +#endif -+extern bool pax_sanitize_slab; ++enum pax_sanitize_mode { ++ PAX_SANITIZE_SLAB_OFF = 0, ++ PAX_SANITIZE_SLAB_FAST, ++ PAX_SANITIZE_SLAB_FULL, ++}; ++extern enum pax_sanitize_mode pax_sanitize_slab; +#endif + unsigned long calculate_alignment(unsigned long flags, unsigned long align, unsigned long size); -@@ -67,7 +76,8 @@ __kmem_cache_alias(const char *name, size_t size, size_t align, +@@ -67,7 +81,8 @@ __kmem_cache_alias(const char *name, size_t size, size_t align, /* Legal flag mask for kmem_cache_create(), for various configurations */ #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \ @@ -99357,7 +98944,7 @@ index 0e0fdd3..c61c735 100644 #if defined(CONFIG_DEBUG_SLAB) #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER) -@@ -251,6 +261,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) +@@ -251,6 +266,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) return s; page = virt_to_head_page(x); @@ -99368,10 +98955,10 @@ index 0e0fdd3..c61c735 100644 if (slab_equal_or_root(cachep, s)) return cachep; diff --git a/mm/slab_common.c b/mm/slab_common.c -index d319502..9eb3eb5 100644 +index d319502..da7714e 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c -@@ -25,11 +25,22 @@ +@@ -25,11 +25,35 @@ #include "slab.h" @@ -99382,20 +98969,33 @@ index d319502..9eb3eb5 100644 struct kmem_cache *kmem_cache; +#ifdef CONFIG_PAX_MEMORY_SANITIZE -+bool pax_sanitize_slab __read_only = true; ++enum pax_sanitize_mode pax_sanitize_slab __read_only = PAX_SANITIZE_SLAB_FAST; +static int __init pax_sanitize_slab_setup(char *str) +{ -+ pax_sanitize_slab = !!simple_strtol(str, NULL, 0); -+ printk("%sabled PaX slab sanitization\n", pax_sanitize_slab ? "En" : "Dis"); -+ return 1; ++ if (!str) ++ return 0; ++ ++ if (!strcmp(str, "0") || !strcmp(str, "off")) { ++ pr_info("PaX slab sanitization: %s\n", "disabled"); ++ pax_sanitize_slab = PAX_SANITIZE_SLAB_OFF; ++ } else if (!strcmp(str, "1") || !strcmp(str, "fast")) { ++ pr_info("PaX slab sanitization: %s\n", "fast"); ++ pax_sanitize_slab = PAX_SANITIZE_SLAB_FAST; ++ } else if (!strcmp(str, "full")) { ++ pr_info("PaX slab sanitization: %s\n", "full"); ++ pax_sanitize_slab = PAX_SANITIZE_SLAB_FULL; ++ } else ++ pr_err("PaX slab sanitization: unsupported option '%s'\n", str); ++ ++ return 0; +} -+__setup("pax_sanitize_slab=", pax_sanitize_slab_setup); ++early_param("pax_sanitize_slab", pax_sanitize_slab_setup); +#endif + #ifdef CONFIG_DEBUG_VM static int kmem_cache_sanity_check(const char *name, size_t size) { -@@ -160,7 +171,7 @@ do_kmem_cache_create(char *name, size_t object_size, size_t size, size_t align, +@@ -160,7 +184,7 @@ do_kmem_cache_create(char *name, size_t object_size, size_t size, size_t align, if (err) goto out_free_cache; @@ -99404,7 +99004,21 @@ index d319502..9eb3eb5 100644 list_add(&s->list, &slab_caches); out: if (err) -@@ -341,8 +352,7 @@ void kmem_cache_destroy(struct kmem_cache *s) +@@ -222,6 +246,13 @@ kmem_cache_create(const char *name, size_t size, size_t align, + */ + flags &= CACHE_CREATE_MASK; + ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU)) ++ flags |= SLAB_NO_SANITIZE; ++ else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL) ++ flags &= ~SLAB_NO_SANITIZE; ++#endif ++ + s = __kmem_cache_alias(name, size, align, flags, ctor); + if (s) + goto out_unlock; +@@ -341,8 +372,7 @@ void kmem_cache_destroy(struct kmem_cache *s) mutex_lock(&slab_mutex); @@ -99414,7 +99028,7 @@ index d319502..9eb3eb5 100644 goto out_unlock; if (memcg_cleanup_cache_params(s) != 0) -@@ -362,7 +372,7 @@ void kmem_cache_destroy(struct kmem_cache *s) +@@ -362,7 +392,7 @@ void kmem_cache_destroy(struct kmem_cache *s) rcu_barrier(); memcg_free_cache_params(s); @@ -99423,7 +99037,7 @@ index d319502..9eb3eb5 100644 sysfs_slab_remove(s); #else slab_kmem_cache_release(s); -@@ -418,7 +428,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz +@@ -418,7 +448,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n", name, size, err); @@ -99432,7 +99046,7 @@ index d319502..9eb3eb5 100644 } struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, -@@ -431,7 +441,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, +@@ -431,7 +461,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, create_boot_cache(s, name, size, flags); list_add(&s->list, &slab_caches); @@ -99441,7 +99055,7 @@ index d319502..9eb3eb5 100644 return s; } -@@ -443,6 +453,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1]; +@@ -443,6 +473,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1]; EXPORT_SYMBOL(kmalloc_dma_caches); #endif @@ -99453,7 +99067,7 @@ index d319502..9eb3eb5 100644 /* * Conversion table for small slabs sizes / 8 to the index in the * kmalloc array. This is necessary for slabs < 192 since we have non power -@@ -507,6 +522,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags) +@@ -507,6 +542,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags) return kmalloc_dma_caches[index]; #endif @@ -99467,7 +99081,7 @@ index d319502..9eb3eb5 100644 return kmalloc_caches[index]; } -@@ -563,7 +585,7 @@ void __init create_kmalloc_caches(unsigned long flags) +@@ -563,7 +605,7 @@ void __init create_kmalloc_caches(unsigned long flags) for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) { if (!kmalloc_caches[i]) { kmalloc_caches[i] = create_kmalloc_cache(NULL, @@ -99476,7 +99090,7 @@ index d319502..9eb3eb5 100644 } /* -@@ -572,10 +594,10 @@ void __init create_kmalloc_caches(unsigned long flags) +@@ -572,10 +614,10 @@ void __init create_kmalloc_caches(unsigned long flags) * earlier power of two caches */ if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6) @@ -99489,7 +99103,7 @@ index d319502..9eb3eb5 100644 } /* Kmalloc array is now usable */ -@@ -608,6 +630,23 @@ void __init create_kmalloc_caches(unsigned long flags) +@@ -608,6 +650,23 @@ void __init create_kmalloc_caches(unsigned long flags) } } #endif @@ -99513,7 +99127,7 @@ index d319502..9eb3eb5 100644 } #endif /* !CONFIG_SLOB */ -@@ -666,6 +705,9 @@ void print_slabinfo_header(struct seq_file *m) +@@ -666,6 +725,9 @@ void print_slabinfo_header(struct seq_file *m) seq_puts(m, " : globalstat " " "); seq_puts(m, " : cpustat "); @@ -99524,7 +99138,7 @@ index d319502..9eb3eb5 100644 seq_putc(m, '\n'); } diff --git a/mm/slob.c b/mm/slob.c -index 21980e0..ed9a648 100644 +index 21980e0..975f1bf 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next) @@ -99605,6 +99219,15 @@ index 21980e0..ed9a648 100644 INIT_LIST_HEAD(&sp->lru); set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE)); set_slob_page_free(sp, slob_list); +@@ -337,7 +341,7 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node) + /* + * slob_free: entry point into the slob allocator. + */ +-static void slob_free(void *block, int size) ++static void slob_free(struct kmem_cache *c, void *block, int size) + { + struct page *sp; + slob_t *prev, *next, *b = (slob_t *)block; @@ -359,12 +363,15 @@ static void slob_free(void *block, int size) if (slob_page_free(sp)) clear_slob_page_free(sp); @@ -99617,7 +99240,7 @@ index 21980e0..ed9a648 100644 } +#ifdef CONFIG_PAX_MEMORY_SANITIZE -+ if (pax_sanitize_slab) ++ if (pax_sanitize_slab && !(c && (c->flags & SLAB_NO_SANITIZE))) + memset(block, PAX_MEMORY_SANITIZE_VALUE, size); +#endif + @@ -99698,7 +99321,7 @@ index 21980e0..ed9a648 100644 - slob_free(m, *m + align); - } else + slob_t *m = (slob_t *)(block - align); -+ slob_free(m, m[0].units + align); ++ slob_free(NULL, m, m[0].units + align); + } else { + __ClearPageSlab(sp); + page_mapcount_reset(sp); @@ -99842,24 +99465,34 @@ index 21980e0..ed9a648 100644 if (b && c->ctor) c->ctor(b); -@@ -584,10 +696,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); +@@ -582,12 +694,16 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node) + EXPORT_SYMBOL(kmem_cache_alloc_node); + #endif - static void __kmem_cache_free(void *b, int size) +-static void __kmem_cache_free(void *b, int size) ++static void __kmem_cache_free(struct kmem_cache *c, void *b, int size) { - if (size < PAGE_SIZE) +- slob_free(b, size); + struct page *sp; + + sp = virt_to_page(b); + BUG_ON(!PageSlab(sp)); + if (!sp->private) - slob_free(b, size); ++ slob_free(c, b, size); else - slob_free_pages(b, get_order(size)); + slob_free_pages(sp, get_order(size)); } static void kmem_rcu_free(struct rcu_head *head) -@@ -600,17 +716,31 @@ static void kmem_rcu_free(struct rcu_head *head) +@@ -595,22 +711,36 @@ static void kmem_rcu_free(struct rcu_head *head) + struct slob_rcu *slob_rcu = (struct slob_rcu *)head; + void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu)); + +- __kmem_cache_free(b, slob_rcu->size); ++ __kmem_cache_free(NULL, b, slob_rcu->size); + } void kmem_cache_free(struct kmem_cache *c, void *b) { @@ -99882,7 +99515,7 @@ index 21980e0..ed9a648 100644 call_rcu(&slob_rcu->head, kmem_rcu_free); } else { - __kmem_cache_free(b, c->size); -+ __kmem_cache_free(b, size); ++ __kmem_cache_free(c, b, size); } +#ifdef CONFIG_PAX_USERCOPY_SLABS @@ -99895,7 +99528,7 @@ index 21980e0..ed9a648 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 3e8afcc..68c99031 100644 +index 3e8afcc..d6e2c89 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -207,7 +207,7 @@ struct track { @@ -99921,7 +99554,7 @@ index 3e8afcc..68c99031 100644 slab_free_hook(s, x); +#ifdef CONFIG_PAX_MEMORY_SANITIZE -+ if (pax_sanitize_slab && !(s->flags & SLAB_NO_SANITIZE)) { ++ if (!(s->flags & SLAB_NO_SANITIZE)) { + memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size); + if (s->ctor) + s->ctor(x); @@ -99945,7 +99578,7 @@ index 3e8afcc..68c99031 100644 if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) || +#ifdef CONFIG_PAX_MEMORY_SANITIZE -+ (pax_sanitize_slab && !(flags & SLAB_NO_SANITIZE)) || ++ (!(flags & SLAB_NO_SANITIZE)) || +#endif s->ctor)) { /* @@ -100100,7 +99733,7 @@ index 3e8afcc..68c99031 100644 } SLAB_ATTR_RO(aliases); -@@ -4554,6 +4627,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) +@@ -4554,6 +4627,22 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) SLAB_ATTR_RO(cache_dma); #endif @@ -100111,21 +99744,32 @@ index 3e8afcc..68c99031 100644 +} +SLAB_ATTR_RO(usercopy); +#endif ++ ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++static ssize_t sanitize_show(struct kmem_cache *s, char *buf) ++{ ++ return sprintf(buf, "%d\n", !(s->flags & SLAB_NO_SANITIZE)); ++} ++SLAB_ATTR_RO(sanitize); ++#endif + static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf) { return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU)); -@@ -4888,6 +4969,9 @@ static struct attribute *slab_attrs[] = { +@@ -4888,6 +4977,12 @@ static struct attribute *slab_attrs[] = { #ifdef CONFIG_ZONE_DMA &cache_dma_attr.attr, #endif +#ifdef CONFIG_PAX_USERCOPY_SLABS + &usercopy_attr.attr, ++#endif ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ &sanitize_attr.attr, +#endif #ifdef CONFIG_NUMA &remote_node_defrag_ratio_attr.attr, #endif -@@ -5132,6 +5216,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5132,6 +5227,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -100133,7 +99777,7 @@ index 3e8afcc..68c99031 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5205,6 +5290,7 @@ void sysfs_slab_remove(struct kmem_cache *s) +@@ -5205,6 +5301,7 @@ void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -100141,7 +99785,7 @@ index 3e8afcc..68c99031 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5218,6 +5304,7 @@ struct saved_alias { +@@ -5218,6 +5315,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -100149,7 +99793,7 @@ index 3e8afcc..68c99031 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5240,6 +5327,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5240,6 +5338,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -101081,10 +100725,10 @@ index 115f149..f0ba286 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 46547b9..f5defc1 100644 +index 14ca8ae..262d49a 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -3569,8 +3569,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, +@@ -3565,8 +3565,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, break; case L2CAP_CONF_RFC: @@ -101337,7 +100981,7 @@ index 1a19b98..df2b4ec 100644 if (!can_dir) { printk(KERN_INFO "can: failed to create /proc/net/can . " diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index b2f571d..b584643 100644 +index 9f02369..e6160e9 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -188,7 +188,7 @@ static void con_fault(struct ceph_connection *con); @@ -101598,7 +101242,7 @@ index cf8a95f..2837211 100644 } EXPORT_SYMBOL(dev_get_stats); diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c -index cf999e0..c59a975 100644 +index cf999e0..c59a9754 100644 --- a/net/core/dev_ioctl.c +++ b/net/core/dev_ioctl.c @@ -366,9 +366,13 @@ void dev_load(struct net *net, const char *name) @@ -102513,7 +102157,7 @@ index 255aa99..45c78f8 100644 break; case NETDEV_DOWN: diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c -index b10cd43a..22327f9 100644 +index 4a74ea8..32335a7 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -768,7 +768,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) @@ -102526,7 +102170,7 @@ index b10cd43a..22327f9 100644 return nh->nh_saddr; } diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c -index 6556263..db77807 100644 +index dd73bea..a2eec02 100644 --- a/net/ipv4/gre_offload.c +++ b/net/ipv4/gre_offload.c @@ -59,13 +59,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb, @@ -102697,7 +102341,7 @@ index 3d4da2c..40f9c29 100644 ICMP_PROT_UNREACH, 0); } diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c -index 215af2b..73cbbe1 100644 +index c43a1e2..73cbbe1 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -231,7 +231,7 @@ static int ip_finish_output_gso(struct sk_buff *skb) @@ -102709,41 +102353,8 @@ index 215af2b..73cbbe1 100644 kfree_skb(skb); return -ENOMEM; } -@@ -1533,6 +1533,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, - struct sk_buff *nskb; - struct sock *sk; - struct inet_sock *inet; -+ int err; - - if (ip_options_echo(&replyopts.opt.opt, skb)) - return; -@@ -1572,8 +1573,13 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, - sock_net_set(sk, net); - __skb_queue_head_init(&sk->sk_write_queue); - sk->sk_sndbuf = sysctl_wmem_default; -- ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0, -- &ipc, &rt, MSG_DONTWAIT); -+ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, -+ len, 0, &ipc, &rt, MSG_DONTWAIT); -+ if (unlikely(err)) { -+ ip_flush_pending_frames(sk); -+ goto out; -+ } -+ - nskb = skb_peek(&sk->sk_write_queue); - if (nskb) { - if (arg->csumoffset >= 0) -@@ -1585,7 +1591,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, - skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb)); - ip_push_pending_frames(sk, &fl4); - } -- -+out: - put_cpu_var(unicast_sock); - - ip_rt_put(rt); diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 5cb830c..81a7a56 100644 +index 2407e5d..edc2f1a 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -1188,7 +1188,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, @@ -102765,24 +102376,6 @@ index 5cb830c..81a7a56 100644 msg.msg_controllen = len; msg.msg_flags = flags; -diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c -index f4c987b..88c386c 100644 ---- a/net/ipv4/ip_tunnel_core.c -+++ b/net/ipv4/ip_tunnel_core.c -@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto) - skb_pull_rcsum(skb, hdr_len); - - if (inner_proto == htons(ETH_P_TEB)) { -- struct ethhdr *eh = (struct ethhdr *)skb->data; -+ struct ethhdr *eh; - - if (unlikely(!pskb_may_pull(skb, ETH_HLEN))) - return -ENOMEM; - -+ eh = (struct ethhdr *)skb->data; - if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN)) - skb->protocol = eh->h_proto; - else diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e453cb7..3c8d952 100644 --- a/net/ipv4/ip_vti.c @@ -103096,7 +102689,7 @@ index 739db31..74f0210 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index cbadb94..691f99e 100644 +index 29836f8..bd1e2ba 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -103149,7 +102742,7 @@ index cbadb94..691f99e 100644 } EXPORT_SYMBOL(ip_idents_reserve); -@@ -2623,34 +2623,34 @@ static struct ctl_table ipv4_route_flush_table[] = { +@@ -2624,34 +2624,34 @@ static struct ctl_table ipv4_route_flush_table[] = { .maxlen = sizeof(int), .mode = 0200, .proc_handler = ipv4_sysctl_rtcache_flush, @@ -103192,7 +102785,7 @@ index cbadb94..691f99e 100644 err_dup: return -ENOMEM; } -@@ -2673,8 +2673,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2674,8 +2674,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -103203,7 +102796,7 @@ index cbadb94..691f99e 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; -@@ -2717,11 +2717,7 @@ int __init ip_rt_init(void) +@@ -2718,11 +2718,7 @@ int __init ip_rt_init(void) { int rc = 0; @@ -103350,7 +102943,7 @@ index a906e02..f3b6a0f 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index cd17f00..1e1f252 100644 +index 3f49eae..bde687a 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -103769,7 +103362,7 @@ index 06ba3e5..5c08d38 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index 97299d7..c8e6894 100644 +index cacb493..3cae894 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -71,8 +71,8 @@ struct ip6gre_net { @@ -103783,7 +103376,7 @@ index 97299d7..c8e6894 100644 static int ip6gre_tunnel_init(struct net_device *dev); static void ip6gre_tunnel_setup(struct net_device *dev); static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); -@@ -1286,7 +1286,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) +@@ -1285,7 +1285,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) } @@ -103792,7 +103385,7 @@ index 97299d7..c8e6894 100644 .handler = ip6gre_rcv, .err_handler = ip6gre_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, -@@ -1645,7 +1645,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { +@@ -1646,7 +1646,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_FLAGS] = { .type = NLA_U32 }, }; @@ -103801,7 +103394,7 @@ index 97299d7..c8e6894 100644 .kind = "ip6gre", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, -@@ -1659,7 +1659,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { +@@ -1660,7 +1660,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { .fill_info = ip6gre_fill_info, }; @@ -103823,7 +103416,7 @@ index 65eda2a..620a102 100644 __skb_pull(skb, len); } diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index 69a84b4..881c319 100644 +index d2eeb3b..c186e9a 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) @@ -103835,7 +103428,7 @@ index 69a84b4..881c319 100644 static int ip6_tnl_net_id __read_mostly; struct ip6_tnl_net { -@@ -1714,7 +1714,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { +@@ -1706,7 +1706,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, }; @@ -103845,7 +103438,7 @@ index 69a84b4..881c319 100644 .maxtype = IFLA_IPTUN_MAX, .policy = ip6_tnl_policy, diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c -index 5833a22..6631377 100644 +index 99c9487..63f4d92 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -62,7 +62,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) @@ -103857,7 +103450,7 @@ index 5833a22..6631377 100644 static int vti6_net_id __read_mostly; struct vti6_net { -@@ -981,7 +981,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = { +@@ -972,7 +972,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = { [IFLA_VTI_OKEY] = { .type = NLA_U32 }, }; @@ -104174,7 +103767,7 @@ index bafde82..af2c91f 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index 6163f85..0070823 100644 +index ca1c7c4..37fba59 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -104186,7 +103779,7 @@ index 6163f85..0070823 100644 static int sit_net_id __read_mostly; struct sit_net { -@@ -485,11 +485,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev) +@@ -484,11 +484,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev) */ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) { @@ -104200,7 +103793,7 @@ index 6163f85..0070823 100644 return 1; skb2 = skb_clone(skb, GFP_ATOMIC); -@@ -498,7 +498,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) +@@ -497,7 +497,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) return 1; skb_dst_drop(skb2); @@ -104209,7 +103802,7 @@ index 6163f85..0070823 100644 skb_reset_network_header(skb2); rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0); -@@ -1662,7 +1662,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) +@@ -1659,7 +1659,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) unregister_netdevice_queue(dev, head); } @@ -104232,7 +103825,7 @@ index 0c56c93..ece50df 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 29964c3..b8caecf 100644 +index 264c0f2..b6512c6 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -102,6 +102,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -104700,7 +104293,7 @@ index 927b4ea..88a30e2 100644 if (local->use_chanctx) *chandef = local->monitor_chandef; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index ef7a089..fe1caf7 100644 +index 5d102b5..6199fca 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -104721,7 +104314,7 @@ index ef7a089..fe1caf7 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index f75e5f1..3d9ad4f 100644 +index 3538e5e..0aa7879 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -531,7 +531,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) @@ -104760,7 +104353,7 @@ index f75e5f1..3d9ad4f 100644 drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -889,7 +889,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -891,7 +891,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -104769,7 +104362,7 @@ index f75e5f1..3d9ad4f 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -950,7 +950,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -952,7 +952,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); @@ -104778,16 +104371,16 @@ index f75e5f1..3d9ad4f 100644 ieee80211_clear_tx_pending(local); /* -@@ -990,7 +990,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, - - ieee80211_recalc_ps(local, -1); +@@ -995,7 +995,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, + if (cancel_scan) + flush_delayed_work(&local->scan_work); - if (local->open_count == 0) { + if (local_read(&local->open_count) == 0) { ieee80211_stop_device(local); /* no reconfiguring after stop! */ -@@ -1001,7 +1001,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -1006,7 +1006,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_configure_filter(local); ieee80211_hw_config(local, hw_reconf_flags); @@ -104841,7 +104434,7 @@ index 4c5192e..04cc0d8 100644 suspend: diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c -index 8fdadfd..a4f72b8 100644 +index 6081329..ab23834 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -720,7 +720,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, @@ -104909,7 +104502,7 @@ index fad5fdb..ba3672a 100644 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c -index ec8114f..6b2bfba 100644 +index 6582dce..a911da7 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1921,7 +1921,7 @@ done: @@ -105281,10 +104874,10 @@ index c68c1e5..8b5d670 100644 } EXPORT_SYMBOL(nf_unregister_sockopt); diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c -index a11c5ff..aa413a7 100644 +index 3250735..1fac969 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c -@@ -79,7 +79,7 @@ static int nfnl_log_net_id __read_mostly; +@@ -80,7 +80,7 @@ static int nfnl_log_net_id __read_mostly; struct nfnl_log_net { spinlock_t instances_lock; struct hlist_head instance_table[INSTANCE_BUCKETS]; @@ -105293,7 +104886,7 @@ index a11c5ff..aa413a7 100644 }; static struct nfnl_log_net *nfnl_log_pernet(struct net *net) -@@ -561,7 +561,7 @@ __build_packet_message(struct nfnl_log_net *log, +@@ -563,7 +563,7 @@ __build_packet_message(struct nfnl_log_net *log, /* global sequence number */ if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) && nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL, @@ -105316,7 +104909,7 @@ index 108120f..5b169db 100644 queued = 0; err = 0; diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c -index 1840989..6895744 100644 +index 5b5ab9e..fc1015c 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c @@ -225,7 +225,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in) @@ -105460,10 +105053,10 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index c416725..bd22eea 100644 +index 0007b81..cb08369 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -265,7 +265,7 @@ static void netlink_overrun(struct sock *sk) +@@ -273,7 +273,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -105472,16 +105065,7 @@ index c416725..bd22eea 100644 } static void netlink_rcv_wake(struct sock *sk) -@@ -715,7 +715,7 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg, - * after validation, the socket and the ring may only be used by a - * single process, otherwise we fall back to copying. - */ -- if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 || -+ if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 || - atomic_read(&nlk->mapped) > 1) - excl = false; - -@@ -2996,7 +2996,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -3010,7 +3010,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, atomic_read(&s->sk_refcnt), @@ -106657,10 +106241,10 @@ index 0663621..c4928d4 100644 goto out_nomem; cd->u.procfs.channel_ent = NULL; diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 488ddee..1b31487 100644 +index e0b94ce..6135813 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -1425,7 +1425,9 @@ call_start(struct rpc_task *task) +@@ -1428,7 +1428,9 @@ call_start(struct rpc_task *task) (RPC_IS_ASYNC(task) ? "async" : "sync")); /* Increment call count */ @@ -107888,10 +107472,10 @@ index 0865b3e..7235dd4 100644 __ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) } __ksymtab_unused : { *(SORT(___ksymtab_unused+*)) } diff --git a/scripts/package/builddeb b/scripts/package/builddeb -index 35d5a58..9e04789 100644 +index 7c0e6e4..bf2c90e 100644 --- a/scripts/package/builddeb +++ b/scripts/package/builddeb -@@ -295,6 +295,7 @@ fi +@@ -293,6 +293,7 @@ fi (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles" (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles" (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles" @@ -107899,6 +107483,45 @@ index 35d5a58..9e04789 100644 destdir=$kernel_headers_dir/usr/src/linux-headers-$version mkdir -p "$destdir" (cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -) +diff --git a/scripts/package/mkspec b/scripts/package/mkspec +index 1395760..e4f4ac4 100755 +--- a/scripts/package/mkspec ++++ b/scripts/package/mkspec +@@ -82,6 +82,16 @@ echo "" + fi + + echo "%install" ++echo 'chmod -f 0500 /boot' ++echo 'if [ -d /lib/modules ]; then' ++echo 'chmod -f 0500 /lib/modules' ++echo 'fi' ++echo 'if [ -d /lib32/modules ]; then' ++echo 'chmod -f 0500 /lib32/modules' ++echo 'fi' ++echo 'if [ -d /lib64/modules ]; then' ++echo 'chmod -f 0500 /lib64/modules' ++echo 'fi' + echo 'KBUILD_IMAGE=$(make image_name)' + echo "%ifarch ia64" + echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules' +@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm + echo "fi" + echo "" + echo "%files" +-echo '%defattr (-, root, root)' ++echo '%defattr (400, root, root, 500)' + echo "%dir /lib/modules" + echo "/lib/modules/$KERNELRELEASE" + echo "%exclude /lib/modules/$KERNELRELEASE/build" +@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)' + echo "/usr/include" + echo "" + echo "%files devel" +-echo '%defattr (-, root, root)' ++echo '%defattr (400, root, root, 500)' + echo "/usr/src/kernels/$KERNELRELEASE" + echo "/lib/modules/$KERNELRELEASE/build" + echo "/lib/modules/$KERNELRELEASE/source" diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c index 4718d78..9220d58 100644 --- a/scripts/pnmtologo.c @@ -107960,10 +107583,10 @@ index 293828b..9fbe696 100755 # Find all available archs find_all_archs() diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..9becb4a 100644 +index beb86b5..00daaca 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,965 @@ +@@ -4,6 +4,969 @@ menu "Security options" @@ -108594,7 +108217,7 @@ index beb86b5..9becb4a 100644 + +config PAX_KERNEXEC_MODULE_TEXT + int "Minimum amount of memory reserved for module code" -+ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) ++ default "8" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) + default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) + depends on PAX_KERNEXEC && X86_32 + help @@ -108726,10 +108349,14 @@ index beb86b5..9becb4a 100644 + and you are advised to test this feature on your expected workload + before deploying it. + ++ The slab sanitization feature excludes a few slab caches per default ++ for performance reasons. To extend the feature to cover those as ++ well, pass "pax_sanitize_slab=full" as kernel command line parameter. ++ + To reduce the performance penalty by sanitizing pages only, albeit + limiting the effectiveness of this feature at the same time, slab -+ sanitization can be disabled with the kernel commandline parameter -+ "pax_sanitize_slab=0". ++ sanitization can be disabled with the kernel command line parameter ++ "pax_sanitize_slab=off". + + Note that this feature does not protect data stored in live pages, + e.g., process memory swapped to disk may stay there for a long time. @@ -108805,7 +108432,7 @@ index beb86b5..9becb4a 100644 +config PAX_REFCOUNT + bool "Prevent various kernel object reference counter overflows" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || SPARC64 || X86) ++ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || PPC || SPARC64 || X86) + help + By saying Y here the kernel will detect and prevent overflowing + various (but not all) kinds of object reference counters. Such @@ -108929,7 +108556,7 @@ index beb86b5..9becb4a 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1062,7 @@ config INTEL_TXT +@@ -103,7 +1066,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -109043,7 +108670,7 @@ index bab0611..f9a0ff5 100644 if (bprm->cap_effective) return 1; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h -index 57da4bd..db453a2 100644 +index 0fb456c..83711f9 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -118,8 +118,8 @@ int ima_init_template(void); @@ -109186,10 +108813,10 @@ index 6d0cad1..8f957df 100644 /* record the root user tracking */ rb_link_node(&root_key_user.node, diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c -index e26f860..dcbe7ea 100644 +index eff88a5..51d35ef 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c -@@ -1002,7 +1002,7 @@ static int keyctl_change_reqkey_auth(struct key *key) +@@ -1004,7 +1004,7 @@ static int keyctl_change_reqkey_auth(struct key *key) /* * Copy the iovec data from userspace */ @@ -109198,7 +108825,7 @@ index e26f860..dcbe7ea 100644 unsigned ioc) { for (; ioc > 0; ioc--) { -@@ -1024,7 +1024,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, +@@ -1026,7 +1026,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, * If successful, 0 will be returned. */ long keyctl_instantiate_key_common(key_serial_t id, @@ -109207,7 +108834,7 @@ index e26f860..dcbe7ea 100644 unsigned ioc, size_t plen, key_serial_t ringid) -@@ -1119,7 +1119,7 @@ long keyctl_instantiate_key(key_serial_t id, +@@ -1121,7 +1121,7 @@ long keyctl_instantiate_key(key_serial_t id, [0].iov_len = plen }; @@ -109216,7 +108843,7 @@ index e26f860..dcbe7ea 100644 } return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); -@@ -1152,7 +1152,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, +@@ -1154,7 +1154,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, if (ret == 0) goto no_payload_free; @@ -109304,7 +108931,7 @@ index a18f1fa..c9b9fc4 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index b0e9404..b15da09 100644 +index e03bad5..b15da09 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -109316,22 +108943,6 @@ index b0e9404..b15da09 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -481,6 +479,7 @@ next_inode: - list_entry(sbsec->isec_head.next, - struct inode_security_struct, list); - struct inode *inode = isec->inode; -+ list_del_init(&isec->list); - spin_unlock(&sbsec->isec_lock); - inode = igrab(inode); - if (inode) { -@@ -489,7 +488,6 @@ next_inode: - iput(inode); - } - spin_lock(&sbsec->isec_lock); -- list_del_init(&isec->list); - goto next_inode; - } - spin_unlock(&sbsec->isec_lock); @@ -5772,7 +5770,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -109734,7 +109345,7 @@ index ada69d7..5f65386 100644 } } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) { diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c -index 102e8fd..7263bb8 100644 +index 2d957ba..fda022c 100644 --- a/sound/core/pcm_compat.c +++ b/sound/core/pcm_compat.c @@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream, @@ -109747,7 +109358,7 @@ index 102e8fd..7263bb8 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index 8cd2f93..8412c57 100644 +index a95356f..0f5eabf 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -2815,11 +2815,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, @@ -110261,7 +109872,7 @@ index 81c916a..516f0bf 100644 chip->pci = pci; chip->irq = -1; diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c -index d074aa9..ce3cc44 100644 +index a3e0a0d..ab98399 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -2286,8 +2286,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops, @@ -118072,10 +117683,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..4dc6368 +index 0000000..f527934 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5850 @@ +@@ -0,0 +1,5911 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -118426,6 +118037,7 @@ index 0000000..4dc6368 +SyS_move_pages_3920 SyS_move_pages 2 3920 NULL +hdlc_irq_one_3944 hdlc_irq_one 2 3944 NULL +brcmf_debugfs_fws_stats_read_3947 brcmf_debugfs_fws_stats_read 3 3947 NULL ++mite_bytes_written_to_memory_lb_3987 mite_bytes_written_to_memory_lb 0 3987 NULL +copy_from_user_atomic_iovec_3990 copy_from_user_atomic_iovec 0-4 3990 NULL +do_add_counters_3992 do_add_counters 3 3992 NULL +userspace_status_4004 userspace_status 4 4004 NULL @@ -118496,6 +118108,7 @@ index 0000000..4dc6368 +C_SYSC_setsockopt_4806 C_SYSC_setsockopt 5 4806 NULL +repair_io_failure_4815 repair_io_failure 4-3 4815 NULL +scsi_end_request_4839 scsi_end_request 3-4 4839 NULL ++comedi_buf_write_free_4847 comedi_buf_write_free 2 4847 NULL +gigaset_if_receive_4861 gigaset_if_receive 3 4861 NULL +key_tx_spec_read_4862 key_tx_spec_read 3 4862 NULL +ocfs2_defrag_extent_4873 ocfs2_defrag_extent 2 4873 NULL @@ -118632,6 +118245,7 @@ index 0000000..4dc6368 +fb_alloc_cmap_6554 fb_alloc_cmap 2 6554 NULL +SyS_semtimedop_6563 SyS_semtimedop 3 6563 NULL +ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL ++xfs_do_div_6649 xfs_do_div 0-2 6649 NULL +process_rcvd_data_6679 process_rcvd_data 3 6679 NULL +btrfs_lookup_csums_range_6696 btrfs_lookup_csums_range 2-3 6696 NULL +ps_pspoll_max_apturn_read_6699 ps_pspoll_max_apturn_read 3 6699 NULL @@ -118661,6 +118275,7 @@ index 0000000..4dc6368 +spi_show_regs_6911 spi_show_regs 3 6911 &proc_sessionid_read_6911 nohasharray +acm_alloc_minor_6911 acm_alloc_minor 0 6911 &spi_show_regs_6911 +__kfifo_dma_in_finish_r_6913 __kfifo_dma_in_finish_r 2-3 6913 NULL ++do_msgrcv_6921 do_msgrcv 3 6921 NULL +cache_do_downcall_6926 cache_do_downcall 3 6926 NULL +ipath_verbs_send_dma_6929 ipath_verbs_send_dma 6 6929 NULL +qsfp_cks_6945 qsfp_cks 2-0 6945 NULL @@ -118689,7 +118304,8 @@ index 0000000..4dc6368 +kvm_mmu_notifier_test_young_7139 kvm_mmu_notifier_test_young 3 7139 NULL +__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL +hdlc_loop_7255 hdlc_loop 0 7255 NULL -+rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL ++rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL nohasharray ++kimage_alloc_init_7282 kimage_alloc_init 3 7282 &rx_rate_rx_frames_per_rates_read_7282 +get_string_7302 get_string 0 7302 NULL +pci_vpd_info_field_size_7324 pci_vpd_info_field_size 0 7324 NULL +mgmt_control_7349 mgmt_control 3 7349 NULL @@ -118752,6 +118368,7 @@ index 0000000..4dc6368 +qla4xxx_post_ping_evt_work_8074 qla4xxx_post_ping_evt_work 4 8074 NULL +venus_lookup_8121 venus_lookup 4 8121 NULL +ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL ++xfs_file_fallocate_8150 xfs_file_fallocate 3-4 8150 NULL +ufshcd_wait_for_dev_cmd_8168 ufshcd_wait_for_dev_cmd 0 8168 NULL +__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL +ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL @@ -118798,6 +118415,7 @@ index 0000000..4dc6368 +mlx5_vzalloc_8663 mlx5_vzalloc 1 8663 NULL +dio_bio_alloc_8677 dio_bio_alloc 5 8677 NULL +lbs_bcnmiss_read_8678 lbs_bcnmiss_read 3 8678 NULL ++bpf_prog_size_8685 bpf_prog_size 0 8685 NULL +rproc_trace_read_8686 rproc_trace_read 3 8686 NULL +skb_frag_size_8695 skb_frag_size 0 8695 NULL +arcfb_write_8702 arcfb_write 3 8702 NULL @@ -119044,12 +118662,14 @@ index 0000000..4dc6368 +nouveau_gpio_create__11048 nouveau_gpio_create_ 4 11048 NULL +tda10048_writeregbulk_11050 tda10048_writeregbulk 4 11050 NULL +insert_inline_extent_backref_11063 insert_inline_extent_backref 8 11063 NULL ++xfs_collapse_file_space_11075 xfs_collapse_file_space 2-3 11075 NULL +tcp_send_mss_11079 tcp_send_mss 0 11079 NULL +count_argc_11083 count_argc 0 11083 NULL +kvm_write_guest_cached_11106 kvm_write_guest_cached 4 11106 NULL +tw_change_queue_depth_11116 tw_change_queue_depth 2 11116 NULL +page_offset_11120 page_offset 0 11120 NULL +tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL ++alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL +snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 NULL +il_dbgfs_rx_queue_read_11221 il_dbgfs_rx_queue_read 3 11221 NULL +comedi_alloc_spriv_11234 comedi_alloc_spriv 2 11234 NULL @@ -119234,6 +118854,7 @@ index 0000000..4dc6368 +ufshcd_compose_upiu_13076 ufshcd_compose_upiu 0 13076 NULL +xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL +ttm_dma_pool_alloc_new_pages_13105 ttm_dma_pool_alloc_new_pages 3 13105 NULL ++SyS_msgrcv_13109 SyS_msgrcv 3 13109 NULL +snd_rme96_playback_copy_13111 snd_rme96_playback_copy 5 13111 NULL +bfad_debugfs_read_13119 bfad_debugfs_read 3 13119 NULL +blk_update_request_13146 blk_update_request 3 13146 NULL @@ -119273,6 +118894,7 @@ index 0000000..4dc6368 +sb_init_dio_done_wq_13482 sb_init_dio_done_wq 0 13482 NULL +data_read_13494 data_read 3 13494 NULL nohasharray +ext_prop_data_store_13494 ext_prop_data_store 3 13494 &data_read_13494 ++ocfs2_align_bytes_to_blocks_13512 ocfs2_align_bytes_to_blocks 0-2 13512 NULL +core_status_13515 core_status 4 13515 NULL +smk_write_mapped_13519 smk_write_mapped 3 13519 NULL +bm_init_13529 bm_init 2 13529 NULL @@ -119361,6 +118983,7 @@ index 0000000..4dc6368 +snd_emu10k1_proc_spdif_status_14457 snd_emu10k1_proc_spdif_status 4-5 14457 NULL +ath10k_write_htt_stats_mask_14458 ath10k_write_htt_stats_mask 3 14458 NULL +lustre_msg_size_v2_14470 lustre_msg_size_v2 0-1 14470 NULL ++dma_transfer_size_14473 dma_transfer_size 0 14473 NULL +udplite_getfrag_14479 udplite_getfrag 3-4 14479 NULL +ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 NULL +ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL @@ -119397,6 +119020,7 @@ index 0000000..4dc6368 +ttm_page_pool_free_14797 ttm_page_pool_free 2-0 14797 &__kfifo_in_14797 +hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray +snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801 ++do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL +mrp_attr_create_14853 mrp_attr_create 3 14853 NULL +lcd_write_14857 lcd_write 3 14857 NULL +get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL @@ -119488,6 +119112,7 @@ index 0000000..4dc6368 +viafb_vt1636_proc_write_16018 viafb_vt1636_proc_write 3 16018 NULL +dccp_recvmsg_16056 dccp_recvmsg 4 16056 NULL +read_file_spectral_period_16057 read_file_spectral_period 3 16057 NULL ++SYSC_kexec_file_load_16058 SYSC_kexec_file_load 3 16058 NULL +si5351_msynth_params_address_16062 si5351_msynth_params_address 0-1 16062 NULL +isr_tx_exch_complete_read_16103 isr_tx_exch_complete_read 3 16103 NULL +isr_hw_pm_mode_changes_read_16110 isr_hw_pm_mode_changes_read 3 16110 NULL nohasharray @@ -119714,7 +119339,8 @@ index 0000000..4dc6368 +snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL +fuse_perform_write_18457 fuse_perform_write 4 18457 NULL +regset_tls_set_18459 regset_tls_set 4 18459 NULL -+pci_vpd_lrdt_size_18479 pci_vpd_lrdt_size 0 18479 NULL ++pci_vpd_lrdt_size_18479 pci_vpd_lrdt_size 0 18479 NULL nohasharray ++mite_bytes_in_transit_18479 mite_bytes_in_transit 0 18479 &pci_vpd_lrdt_size_18479 +udpv6_setsockopt_18487 udpv6_setsockopt 5 18487 NULL +btrfs_fiemap_18501 btrfs_fiemap 3 18501 NULL +__copy_user_zeroing_intel_18510 __copy_user_zeroing_intel 0-3 18510 NULL @@ -119726,7 +119352,8 @@ index 0000000..4dc6368 +sas_change_queue_depth_18555 sas_change_queue_depth 2 18555 NULL +smk_write_rules_list_18565 smk_write_rules_list 3 18565 NULL +debug_output_18575 debug_output 3 18575 NULL -+filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL ++filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL nohasharray ++slabinfo_write_18600 slabinfo_write 3 18600 &filemap_fdatawait_range_18600 +iowarrior_write_18604 iowarrior_write 3 18604 NULL +from_buffer_18625 from_buffer 3 18625 NULL +kmalloc_kernel_18641 kmalloc_kernel 1 18641 NULL @@ -119811,6 +119438,7 @@ index 0000000..4dc6368 +ext4_add_new_descs_19509 ext4_add_new_descs 3 19509 NULL +batadv_tvlv_container_register_19520 batadv_tvlv_container_register 5 19520 NULL +ttm_dma_page_pool_free_19527 ttm_dma_page_pool_free 2-0 19527 NULL ++cfc_write_array_to_buffer_19529 cfc_write_array_to_buffer 3 19529 NULL +nfc_llcp_build_tlv_19536 nfc_llcp_build_tlv 3 19536 NULL +gfn_to_index_19558 gfn_to_index 0-1-3-2 19558 NULL +ocfs2_control_message_19564 ocfs2_control_message 3 19564 NULL @@ -119980,6 +119608,7 @@ index 0000000..4dc6368 +cfg80211_notify_new_peer_candidate_21242 cfg80211_notify_new_peer_candidate 4 21242 NULL +fru_length_21257 fru_length 0 21257 NULL +rtw_set_wps_beacon_21262 rtw_set_wps_beacon 3 21262 NULL ++ocfs2_blocks_for_bytes_21268 ocfs2_blocks_for_bytes 0-2 21268 NULL +drm_universal_plane_init_21296 drm_universal_plane_init 6 21296 NULL +do_msg_fill_21307 do_msg_fill 3 21307 NULL +add_res_range_21310 add_res_range 4 21310 NULL @@ -120012,6 +119641,7 @@ index 0000000..4dc6368 +snd_es18xx_mixer_read_21586 snd_es18xx_mixer_read 0 21586 NULL +ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL +filemap_get_page_21606 filemap_get_page 2 21606 NULL ++ocfs2_refcount_cow_hunk_21630 ocfs2_refcount_cow_hunk 3-4 21630 NULL +__jfs_getxattr_21631 __jfs_getxattr 0 21631 NULL +atalk_sendmsg_21677 atalk_sendmsg 4 21677 NULL +ocfs2_xattr_get_nolock_21678 ocfs2_xattr_get_nolock 0 21678 NULL @@ -120066,6 +119696,7 @@ index 0000000..4dc6368 +mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL +lov_setstripe_22307 lov_setstripe 2 22307 NULL +udpv6_sendmsg_22316 udpv6_sendmsg 4 22316 NULL ++C_SYSC_msgrcv_22320 C_SYSC_msgrcv 3 22320 NULL +atomic_read_22342 atomic_read 0 22342 NULL +ll_lazystatfs_seq_write_22353 ll_lazystatfs_seq_write 3 22353 NULL +snd_pcm_alsa_frames_22363 snd_pcm_alsa_frames 2 22363 NULL @@ -120091,6 +119722,7 @@ index 0000000..4dc6368 +wl1271_rx_filter_get_fields_size_22638 wl1271_rx_filter_get_fields_size 0 22638 NULL +pwr_wake_on_timer_exp_read_22640 pwr_wake_on_timer_exp_read 3 22640 NULL +iwl_dbgfs_calib_disabled_read_22649 iwl_dbgfs_calib_disabled_read 3 22649 NULL ++compat_SyS_msgrcv_22661 compat_SyS_msgrcv 3 22661 NULL +l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL +bch_dump_read_22685 bch_dump_read 3 22685 NULL +reg_umr_22686 reg_umr 5 22686 NULL @@ -120126,8 +119758,10 @@ index 0000000..4dc6368 +remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL +viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL +cifs_local_to_utf16_bytes_23025 cifs_local_to_utf16_bytes 0 23025 NULL ++ocfs2_refcount_cow_xattr_23029 ocfs2_refcount_cow_xattr 6-7 23029 NULL +st_status_23032 st_status 5 23032 NULL +nv50_disp_chan_create__23056 nv50_disp_chan_create_ 5 23056 NULL ++comedi_buf_write_n_available_23057 comedi_buf_write_n_available 0 23057 NULL +reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL nohasharray +unix_seqpacket_recvmsg_23062 unix_seqpacket_recvmsg 4 23062 &reiserfs_add_entry_23062 +mei_cl_send_23068 mei_cl_send 3 23068 NULL @@ -120238,6 +119872,7 @@ index 0000000..4dc6368 +trim_bitmaps_24158 trim_bitmaps 3 24158 NULL +adu_read_24177 adu_read 3 24177 NULL +safe_prepare_write_buffer_24187 safe_prepare_write_buffer 3 24187 NULL ++nv94_aux_24197 nv94_aux 3-6 24197 NULL +ieee80211_if_read_dot11MeshHWMPpreqMinInterval_24208 ieee80211_if_read_dot11MeshHWMPpreqMinInterval 3 24208 NULL +tcpprobe_sprint_24222 tcpprobe_sprint 0-2 24222 NULL +pcpu_embed_first_chunk_24224 pcpu_embed_first_chunk 3-2-1 24224 NULL nohasharray @@ -120292,6 +119927,7 @@ index 0000000..4dc6368 +simple_attr_read_24738 simple_attr_read 3 24738 NULL +qla2x00_change_queue_depth_24742 qla2x00_change_queue_depth 2 24742 NULL +get_dma_residue_24749 get_dma_residue 0 24749 NULL ++ocfs2_cow_file_pos_24751 ocfs2_cow_file_pos 3 24751 NULL +kgdb_hex2mem_24755 kgdb_hex2mem 3 24755 NULL +ocfs2_read_blocks_24777 ocfs2_read_blocks 0 24777 NULL +datablob_hmac_verify_24786 datablob_hmac_verify 4 24786 NULL @@ -120504,6 +120140,7 @@ index 0000000..4dc6368 +seq_read_27411 seq_read 3 27411 NULL +ib_dma_map_sg_27413 ib_dma_map_sg 0 27413 NULL +ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 NULL ++ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 3-4 27422 NULL +cypress_write_27423 cypress_write 4 27423 NULL +sddr09_read_data_27447 sddr09_read_data 3 27447 NULL +v4l2_ctrl_new_std_menu_items_27487 v4l2_ctrl_new_std_menu_items 4 27487 NULL @@ -120598,6 +120235,7 @@ index 0000000..4dc6368 +subdev_ioctl_28417 subdev_ioctl 2 28417 NULL +__videobuf_mmap_setup_28421 __videobuf_mmap_setup 0 28421 NULL +ksocknal_alloc_tx_28426 ksocknal_alloc_tx 2 28426 NULL ++hid_hw_output_report_28429 hid_hw_output_report 0 28429 NULL +mpage_readpages_28436 mpage_readpages 3 28436 NULL +snd_emu10k1_efx_read_28452 snd_emu10k1_efx_read 2 28452 NULL +key_mic_failures_read_28457 key_mic_failures_read 3 28457 NULL @@ -120729,6 +120367,7 @@ index 0000000..4dc6368 +ipv6_setsockopt_29871 ipv6_setsockopt 5 29871 NULL +crypto_aead_alignmask_29885 crypto_aead_alignmask 0 29885 NULL +rtw_cfg80211_indicate_sta_assoc_29897 rtw_cfg80211_indicate_sta_assoc 3 29897 NULL ++nv94_gpio_intr_mask_29907 nv94_gpio_intr_mask 4-3 29907 NULL +lov_ost_pool_extend_29914 lov_ost_pool_extend 2 29914 NULL +write_file_queue_29922 write_file_queue 3 29922 NULL +__btrfs_getxattr_29947 __btrfs_getxattr 0 29947 NULL nohasharray @@ -120741,6 +120380,7 @@ index 0000000..4dc6368 +cxgbi_ddp_reserve_30091 cxgbi_ddp_reserve 4 30091 NULL +snd_midi_channel_init_set_30092 snd_midi_channel_init_set 1 30092 NULL +rx_filter_data_filter_read_30098 rx_filter_data_filter_read 3 30098 NULL ++defragment_dma_buffer_30113 defragment_dma_buffer 0 30113 NULL +spi_async_locked_30117 spi_async_locked 0 30117 NULL +u_memcpya_30139 u_memcpya 3-2 30139 NULL +dbg_port_buf_30145 dbg_port_buf 2 30145 NULL @@ -120761,6 +120401,7 @@ index 0000000..4dc6368 +tcp_sendmsg_30296 tcp_sendmsg 4 30296 NULL +osc_contention_seconds_seq_write_30305 osc_contention_seconds_seq_write 3 30305 NULL +ext4_acl_from_disk_30320 ext4_acl_from_disk 2 30320 NULL ++i8254_read_30330 i8254_read 0 30330 NULL +resource_from_user_30341 resource_from_user 3 30341 NULL +o2nm_this_node_30342 o2nm_this_node 0 30342 NULL +kstrtou32_from_user_30361 kstrtou32_from_user 2 30361 NULL @@ -120787,12 +120428,14 @@ index 0000000..4dc6368 +set_le_30581 set_le 4 30581 NULL +blk_init_tags_30592 blk_init_tags 1 30592 NULL +sgl_map_user_pages_30610 sgl_map_user_pages 2 30610 NULL ++SyS_msgrcv_30611 SyS_msgrcv 3 30611 NULL +macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL +ieee80211_if_read_dot11MeshAwakeWindowDuration_30631 ieee80211_if_read_dot11MeshAwakeWindowDuration 3 30631 NULL +compat_raw_setsockopt_30634 compat_raw_setsockopt 5 30634 NULL +mlx5_ib_alloc_fast_reg_page_list_30638 mlx5_ib_alloc_fast_reg_page_list 2 30638 NULL +SyS_listxattr_30647 SyS_listxattr 3 30647 NULL +jffs2_flash_read_30667 jffs2_flash_read 0 30667 NULL ++ni_ai_fifo_read_30681 ni_ai_fifo_read 3 30681 NULL +sst_hsw_get_dsp_position_30691 sst_hsw_get_dsp_position 0 30691 NULL +get_pages_alloc_iovec_30699 get_pages_alloc_iovec 3-0 30699 NULL +dccp_setsockopt_ccid_30701 dccp_setsockopt_ccid 4 30701 NULL @@ -121180,6 +120823,7 @@ index 0000000..4dc6368 +__inode_permission_34925 __inode_permission 0 34925 &btrfs_super_chunk_root_34925 +sec_flags2str_34933 sec_flags2str 3 34933 NULL +snd_info_entry_read_34938 snd_info_entry_read 3 34938 NULL ++compat_SyS_kexec_load_34947 compat_SyS_kexec_load 2 34947 NULL +do_add_page_to_bio_34974 do_add_page_to_bio 2-10 34974 NULL +sdebug_change_qdepth_34994 sdebug_change_qdepth 2 34994 NULL +rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL @@ -121202,6 +120846,7 @@ index 0000000..4dc6368 +striped_read_35218 striped_read 0-2 35218 NULL nohasharray +security_key_getsecurity_35218 security_key_getsecurity 0 35218 &striped_read_35218 +rx_rx_cmplt_task_read_35226 rx_rx_cmplt_task_read 3 35226 NULL ++kimage_file_prepare_segments_35232 kimage_file_prepare_segments 5 35232 NULL +set_fd_set_35249 set_fd_set 1 35249 NULL +ioapic_setup_resources_35255 ioapic_setup_resources 1 35255 NULL +dis_disc_write_35265 dis_disc_write 3 35265 NULL @@ -121234,6 +120879,7 @@ index 0000000..4dc6368 +ocfs2_write_zero_page_35539 ocfs2_write_zero_page 3 35539 NULL +ibnl_put_attr_35541 ibnl_put_attr 3 35541 NULL +ieee80211_if_write_smps_35550 ieee80211_if_write_smps 3 35550 NULL ++C_SYSC_kexec_load_35565 C_SYSC_kexec_load 2 35565 NULL +ext4_blocks_for_truncate_35579 ext4_blocks_for_truncate 0 35579 NULL +ext2_acl_from_disk_35580 ext2_acl_from_disk 2 35580 NULL +spk_msg_set_35586 spk_msg_set 3 35586 NULL @@ -121484,7 +121130,8 @@ index 0000000..4dc6368 +_ipw_read_reg32_38245 _ipw_read_reg32 0 38245 NULL +nvkm_dmaobj_create__38250 nvkm_dmaobj_create_ 6 38250 NULL +mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 NULL nohasharray -+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268 ++ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268 nohasharray ++SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 &ieee80211_if_read_auto_open_plinks_38268 +xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray +xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275 +ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL @@ -121495,6 +121142,7 @@ index 0000000..4dc6368 +__snd_gf1_look8_38333 __snd_gf1_look8 0 38333 NULL +usb_ext_prop_put_name_38352 usb_ext_prop_put_name 0-3 38352 NULL +btrfs_file_extent_disk_num_bytes_38363 btrfs_file_extent_disk_num_bytes 0 38363 NULL ++xfs_free_file_space_38383 xfs_free_file_space 2-3 38383 NULL +dn_sendmsg_38390 dn_sendmsg 4 38390 NULL +ieee80211_if_read_dtim_count_38419 ieee80211_if_read_dtim_count 3 38419 NULL +pmcraid_copy_sglist_38431 pmcraid_copy_sglist 3 38431 NULL @@ -121651,7 +121299,7 @@ index 0000000..4dc6368 +ocrdma_dbgfs_ops_read_40232 ocrdma_dbgfs_ops_read 3 40232 NULL +osst_read_40237 osst_read 3 40237 NULL +lpage_info_slot_40243 lpage_info_slot 1-3 40243 NULL -+ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4 40248 NULL ++ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4-3 40248 NULL +of_get_child_count_40254 of_get_child_count 0 40254 NULL nohasharray +fsl_edma_prep_dma_cyclic_40254 fsl_edma_prep_dma_cyclic 3-4 40254 &of_get_child_count_40254 +rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL @@ -121717,6 +121365,7 @@ index 0000000..4dc6368 +vol_cdev_write_40915 vol_cdev_write 3 40915 NULL +snd_vx_create_40948 snd_vx_create 4 40948 NULL +rds_sendmsg_40976 rds_sendmsg 4 40976 NULL ++ima_appraise_measurement_40978 ima_appraise_measurement 6 40978 NULL +il_dbgfs_fh_reg_read_40993 il_dbgfs_fh_reg_read 3 40993 NULL +iwl_dbgfs_scan_ant_rxchain_read_40999 iwl_dbgfs_scan_ant_rxchain_read 3 40999 NULL +mac80211_format_buffer_41010 mac80211_format_buffer 2 41010 NULL @@ -121796,12 +121445,14 @@ index 0000000..4dc6368 +ptlrpc_new_bulk_41804 ptlrpc_new_bulk 1 41804 NULL +rtw_android_get_macaddr_41812 rtw_android_get_macaddr 0 41812 NULL +sco_send_frame_41815 sco_send_frame 3 41815 NULL ++kimage_file_alloc_init_41827 kimage_file_alloc_init 5 41827 NULL +copy_page_to_iter_bvec_41830 copy_page_to_iter_bvec 0-3 41830 NULL +ixgbe_dbg_netdev_ops_read_41839 ixgbe_dbg_netdev_ops_read 3 41839 NULL +do_ip_setsockopt_41852 do_ip_setsockopt 5 41852 NULL +keyctl_instantiate_key_41855 keyctl_instantiate_key 3 41855 NULL +pci_map_single_41869 pci_map_single 0 41869 NULL +usb_gadget_get_string_41871 usb_gadget_get_string 0 41871 NULL ++v_APCI3120_InterruptDmaMoveBlock16bit_41914 v_APCI3120_InterruptDmaMoveBlock16bit 4 41914 NULL +get_fdb_entries_41916 get_fdb_entries 3 41916 NULL +ext4_da_write_inline_data_begin_41935 ext4_da_write_inline_data_begin 4-3 41935 NULL +sci_rxfill_41945 sci_rxfill 0 41945 NULL @@ -121856,6 +121507,7 @@ index 0000000..4dc6368 +snd_pcm_action_group_42452 snd_pcm_action_group 0 42452 NULL +tcm_loop_change_queue_depth_42454 tcm_loop_change_queue_depth 2 42454 NULL +kuc_free_42455 kuc_free 2 42455 NULL ++cp2112_gpio_get_42467 cp2112_gpio_get 2 42467 NULL +__simple_xattr_set_42474 __simple_xattr_set 4 42474 NULL +omfs_readpages_42490 omfs_readpages 4 42490 NULL +bypass_write_42498 bypass_write 3 42498 NULL @@ -121934,6 +121586,7 @@ index 0000000..4dc6368 +mmu_set_spte_43327 mmu_set_spte 7-6 43327 NULL +__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL +xenfb_write_43412 xenfb_write 3 43412 NULL ++ext4_xattr_check_names_43422 ext4_xattr_check_names 0 43422 NULL +__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL +ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL @@ -121954,6 +121607,7 @@ index 0000000..4dc6368 +handle_frequent_errors_43599 handle_frequent_errors 4 43599 NULL +lpfc_idiag_drbacc_read_reg_43606 lpfc_idiag_drbacc_read_reg 0-3 43606 NULL +proc_read_43614 proc_read 3 43614 NULL ++disable_dma_on_even_43618 disable_dma_on_even 0 43618 NULL +alloc_thread_groups_43625 alloc_thread_groups 2 43625 NULL +random_write_43656 random_write 3 43656 NULL +bio_integrity_tag_43658 bio_integrity_tag 3 43658 NULL @@ -121965,6 +121619,7 @@ index 0000000..4dc6368 +fuse_send_read_43725 fuse_send_read 4-0 43725 NULL +drbd_md_first_sector_43729 drbd_md_first_sector 0 43729 NULL +snd_rme32_playback_copy_43732 snd_rme32_playback_copy 5 43732 NULL ++__alloc_alien_cache_43734 __alloc_alien_cache 2 43734 NULL +fuse_conn_congestion_threshold_write_43736 fuse_conn_congestion_threshold_write 3 43736 NULL +gigaset_initcs_43753 gigaset_initcs 2 43753 NULL +sctp_setsockopt_active_key_43755 sctp_setsockopt_active_key 3 43755 NULL @@ -122088,7 +121743,7 @@ index 0000000..4dc6368 +cfs_trace_daemon_command_usrstr_45147 cfs_trace_daemon_command_usrstr 2 45147 NULL +gen_bitmask_string_45149 gen_bitmask_string 6 45149 NULL +device_write_45156 device_write 3 45156 NULL nohasharray -+ocfs2_remove_inode_range_45156 ocfs2_remove_inode_range 3 45156 &device_write_45156 ++ocfs2_remove_inode_range_45156 ocfs2_remove_inode_range 3-4 45156 &device_write_45156 +tomoyo_write_self_45161 tomoyo_write_self 3 45161 NULL +sta_agg_status_write_45164 sta_agg_status_write 3 45164 NULL +snd_sb_csp_load_user_45190 snd_sb_csp_load_user 3 45190 NULL nohasharray @@ -122290,6 +121945,7 @@ index 0000000..4dc6368 +mcp23s17_read_regs_47491 mcp23s17_read_regs 4 47491 NULL +core_sys_select_47494 core_sys_select 1 47494 NULL +as3722_block_write_47503 as3722_block_write 2-3 47503 NULL ++alloc_arraycache_47505 alloc_arraycache 2 47505 NULL +unlink_simple_47506 unlink_simple 3 47506 NULL +pstore_decompress_47510 pstore_decompress 0 47510 NULL +ec_i2c_count_response_47518 ec_i2c_count_response 0 47518 NULL @@ -122390,6 +122046,7 @@ index 0000000..4dc6368 +_iwl_dbgfs_bt_tx_prio_write_48473 _iwl_dbgfs_bt_tx_prio_write 3 48473 NULL +ipath_format_hwerrors_48487 ipath_format_hwerrors 5 48487 NULL +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL ++ocfs2_refcount_cow_48495 ocfs2_refcount_cow 3 48495 NULL +send_control_msg_48498 send_control_msg 6 48498 NULL +count_masked_bytes_48507 count_masked_bytes 0-1 48507 NULL +diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL @@ -122418,6 +122075,7 @@ index 0000000..4dc6368 +atomic_counters_read_48827 atomic_counters_read 3 48827 NULL +azx_get_position_48841 azx_get_position 0 48841 NULL +vc_do_resize_48842 vc_do_resize 3-4 48842 NULL ++comedi_buf_write_alloc_48846 comedi_buf_write_alloc 0-2 48846 NULL +suspend_dtim_interval_write_48854 suspend_dtim_interval_write 3 48854 NULL +viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL nohasharray +C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 &viafb_dvp1_proc_write_48864 @@ -122825,6 +122483,7 @@ index 0000000..4dc6368 +verity_status_53120 verity_status 5 53120 NULL +brcmf_usb_dl_cmd_53130 brcmf_usb_dl_cmd 4 53130 NULL +ps_poll_ps_poll_max_ap_turn_read_53140 ps_poll_ps_poll_max_ap_turn_read 3 53140 NULL ++copy_user_segment_list_53150 copy_user_segment_list 2 53150 NULL +ieee80211_bss_info_update_53170 ieee80211_bss_info_update 4 53170 NULL +btrfs_io_bio_alloc_53179 btrfs_io_bio_alloc 2 53179 NULL +clear_capture_buf_53192 clear_capture_buf 2 53192 NULL @@ -122900,6 +122559,7 @@ index 0000000..4dc6368 +bitmap_bitremap_54096 bitmap_bitremap 4 54096 NULL +altera_set_ir_pre_54103 altera_set_ir_pre 2 54103 NULL nohasharray +lustre_posix_acl_xattr_filter_54103 lustre_posix_acl_xattr_filter 2 54103 &altera_set_ir_pre_54103 ++__comedi_buf_write_alloc_54112 __comedi_buf_write_alloc 0-2 54112 NULL +strn_len_54122 strn_len 0 54122 NULL +isku_receive_54130 isku_receive 4 54130 NULL +isr_host_acknowledges_read_54136 isr_host_acknowledges_read 3 54136 NULL @@ -123117,6 +122777,7 @@ index 0000000..4dc6368 +journal_init_revoke_table_56331 journal_init_revoke_table 1 56331 NULL +snd_rawmidi_read_56337 snd_rawmidi_read 3 56337 NULL +vxge_os_dma_malloc_async_56348 vxge_os_dma_malloc_async 3 56348 NULL ++mite_device_bytes_transferred_56355 mite_device_bytes_transferred 0 56355 NULL +iov_iter_copy_from_user_atomic_56368 iov_iter_copy_from_user_atomic 0-4 56368 NULL +dev_read_56369 dev_read 3 56369 NULL +ath10k_read_simulate_fw_crash_56371 ath10k_read_simulate_fw_crash 3 56371 NULL @@ -123227,6 +122888,7 @@ index 0000000..4dc6368 +dio_send_cur_page_57348 dio_send_cur_page 0 57348 NULL +tipc_bclink_stats_57372 tipc_bclink_stats 2 57372 NULL +tty_register_device_attr_57381 tty_register_device_attr 2 57381 NULL ++bzImage64_load_57388 bzImage64_load 7 57388 NULL +read_file_blob_57406 read_file_blob 3 57406 NULL +enclosure_register_57412 enclosure_register 3 57412 NULL +compat_keyctl_instantiate_key_iov_57431 compat_keyctl_instantiate_key_iov 3 57431 NULL @@ -123287,6 +122949,7 @@ index 0000000..4dc6368 +ip_set_alloc_57953 ip_set_alloc 1 57953 NULL nohasharray +ioat3_dca_count_dca_slots_57953 ioat3_dca_count_dca_slots 0 57953 &ip_set_alloc_57953 +iov_iter_npages_57979 iov_iter_npages 0-2 57979 NULL ++do_rx_dma_57996 do_rx_dma 5 57996 NULL +rx_reset_counter_read_58001 rx_reset_counter_read 3 58001 NULL +iwl_dbgfs_ucode_rx_stats_read_58023 iwl_dbgfs_ucode_rx_stats_read 3 58023 NULL +io_playback_transfer_58030 io_playback_transfer 4 58030 NULL @@ -123315,6 +122978,7 @@ index 0000000..4dc6368 +lstcon_rpc_prep_58325 lstcon_rpc_prep 4 58325 NULL +ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3 58331 NULL +__copy_from_user_swizzled_58337 __copy_from_user_swizzled 2-4 58337 NULL ++ec_i2c_parse_response_58347 ec_i2c_parse_response 0 58347 NULL +brcmf_debugfs_sdio_counter_read_58369 brcmf_debugfs_sdio_counter_read 3 58369 NULL +il_dbgfs_status_read_58388 il_dbgfs_status_read 3 58388 NULL +_drbd_md_sync_page_io_58403 _drbd_md_sync_page_io 6 58403 NULL @@ -123432,7 +123096,8 @@ index 0000000..4dc6368 +mic_calc_failure_read_59700 mic_calc_failure_read 3 59700 NULL +ioperm_get_59701 ioperm_get 4-3 59701 NULL +prism2_info_scanresults_59729 prism2_info_scanresults 3 59729 NULL -+ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 NULL ++ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 NULL nohasharray ++nv94_aux_mask_59740 nv94_aux_mask 2 59740 &ieee80211_if_read_fwded_unicast_59740 +qib_decode_7220_sdma_errs_59745 qib_decode_7220_sdma_errs 4 59745 NULL +strnlen_59746 strnlen 0 59746 NULL +ext3_acl_count_59754 ext3_acl_count 0-1 59754 NULL @@ -123576,6 +123241,7 @@ index 0000000..4dc6368 +f1x_map_sysaddr_to_csrow_61344 f1x_map_sysaddr_to_csrow 2 61344 NULL +debug_debug4_read_61367 debug_debug4_read 3 61367 NULL +system_enable_write_61396 system_enable_write 3 61396 NULL ++xfs_zero_remaining_bytes_61423 xfs_zero_remaining_bytes 3 61423 NULL +unix_stream_sendmsg_61455 unix_stream_sendmsg 4 61455 NULL +snd_pcm_lib_writev_transfer_61483 snd_pcm_lib_writev_transfer 5-4-2 61483 NULL +btrfs_item_size_61485 btrfs_item_size 0 61485 NULL @@ -123602,7 +123268,9 @@ index 0000000..4dc6368 +insert_one_name_61668 insert_one_name 7 61668 NULL +qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL +lock_loop_61681 lock_loop 1 61681 NULL ++__do_tune_cpucache_61684 __do_tune_cpucache 2 61684 NULL +filter_read_61692 filter_read 3 61692 NULL ++SyS_kexec_file_load_61715 SyS_kexec_file_load 3 61715 NULL +iov_length_61716 iov_length 0 61716 NULL +fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL +null_alloc_reqbuf_61719 null_alloc_reqbuf 3 61719 NULL @@ -123623,10 +123291,12 @@ index 0000000..4dc6368 +rx_filter_arp_filter_read_61914 rx_filter_arp_filter_read 3 61914 NULL +au0828_init_isoc_61917 au0828_init_isoc 3-2-4 61917 NULL +sctp_sendmsg_61919 sctp_sendmsg 4 61919 NULL ++efi_get_runtime_map_size_61927 efi_get_runtime_map_size 0 61927 NULL +SyS_kexec_load_61946 SyS_kexec_load 2 61946 NULL +il4965_ucode_rx_stats_read_61948 il4965_ucode_rx_stats_read 3 61948 NULL +squashfs_read_id_index_table_61961 squashfs_read_id_index_table 4 61961 NULL +fix_read_error_61965 fix_read_error 4 61965 NULL ++ocfs2_quota_write_61972 ocfs2_quota_write 4-5 61972 NULL +fd_locked_ioctl_61978 fd_locked_ioctl 3 61978 NULL +cow_file_range_61979 cow_file_range 3 61979 NULL +dequeue_event_62000 dequeue_event 3 62000 NULL @@ -123773,7 +123443,8 @@ index 0000000..4dc6368 +mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL +copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL +C_SYSC_process_vm_readv_63811 C_SYSC_process_vm_readv 3-5 63811 NULL -+regmap_multi_reg_write_63826 regmap_multi_reg_write 3 63826 NULL ++regmap_multi_reg_write_63826 regmap_multi_reg_write 3 63826 NULL nohasharray ++prepare_copy_63826 prepare_copy 2 63826 ®map_multi_reg_write_63826 +sel_write_load_63830 sel_write_load 3 63830 NULL +proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL +nv10_gpio_intr_mask_63862 nv10_gpio_intr_mask 4-3 63862 NULL @@ -123875,7 +123546,8 @@ index 0000000..4dc6368 +isr_low_rssi_read_64789 isr_low_rssi_read 3 64789 NULL +regmap_reg_ranges_read_file_64798 regmap_reg_ranges_read_file 3 64798 NULL +nfsctl_transaction_write_64800 nfsctl_transaction_write 3 64800 NULL -+rfkill_fop_write_64808 rfkill_fop_write 3 64808 NULL ++rfkill_fop_write_64808 rfkill_fop_write 3 64808 NULL nohasharray ++nv_mask_64808 nv_mask 0 64808 &rfkill_fop_write_64808 +proc_projid_map_write_64810 proc_projid_map_write 3 64810 NULL +megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL +ecryptfs_send_miscdev_64816 ecryptfs_send_miscdev 2 64816 NULL @@ -125397,49 +125069,11 @@ index 0a578fe..b81f62d 100644 0; \ }) -diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c -index 714b949..1f0dc1e 100644 ---- a/virt/kvm/iommu.c -+++ b/virt/kvm/iommu.c -@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm, - gfn_t base_gfn, unsigned long npages); - - static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn, -- unsigned long size) -+ unsigned long npages) - { - gfn_t end_gfn; - pfn_t pfn; - - pfn = gfn_to_pfn_memslot(slot, gfn); -- end_gfn = gfn + (size >> PAGE_SHIFT); -+ end_gfn = gfn + npages; - gfn += 1; - - if (is_error_noslot_pfn(pfn)) -@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) - * Pin all pages we are about to map in memory. This is - * important because we unmap and unpin in 4kb steps later. - */ -- pfn = kvm_pin_pages(slot, gfn, page_size); -+ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT); - if (is_error_noslot_pfn(pfn)) { - gfn += 1; - continue; -@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) - if (r) { - printk(KERN_ERR "kvm_iommu_map_address:" - "iommu failed to map pfn=%llx\n", pfn); -- kvm_unpin_pages(kvm, pfn, page_size); -+ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT); - goto unmap_pages; - } - diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 95519bc..43f5d42 100644 +index 6a3f29b..a1d2e93 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c -@@ -76,12 +76,17 @@ LIST_HEAD(vm_list); +@@ -77,12 +77,17 @@ LIST_HEAD(vm_list); static cpumask_var_t cpus_hardware_enabled; static int kvm_usage_count = 0; @@ -125459,7 +125093,7 @@ index 95519bc..43f5d42 100644 struct dentry *kvm_debugfs_dir; -@@ -763,7 +768,7 @@ int __kvm_set_memory_region(struct kvm *kvm, +@@ -780,7 +785,7 @@ int __kvm_set_memory_region(struct kvm *kvm, /* We can read the guest memory with __xxx_user() later on. */ if ((mem->slot < KVM_USER_MEM_SLOTS) && ((mem->userspace_addr & (PAGE_SIZE - 1)) || @@ -125468,7 +125102,7 @@ index 95519bc..43f5d42 100644 (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; -@@ -1620,9 +1625,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached); +@@ -1637,9 +1642,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached); int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len) { @@ -125488,7 +125122,7 @@ index 95519bc..43f5d42 100644 } EXPORT_SYMBOL_GPL(kvm_clear_guest_page); -@@ -1872,7 +1885,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) +@@ -1889,7 +1902,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) return 0; } @@ -125497,7 +125131,7 @@ index 95519bc..43f5d42 100644 .release = kvm_vcpu_release, .unlocked_ioctl = kvm_vcpu_ioctl, #ifdef CONFIG_COMPAT -@@ -2573,7 +2586,7 @@ out: +@@ -2593,7 +2606,7 @@ out: } #endif @@ -125506,7 +125140,7 @@ index 95519bc..43f5d42 100644 .release = kvm_vm_release, .unlocked_ioctl = kvm_vm_ioctl, #ifdef CONFIG_COMPAT -@@ -2646,7 +2659,7 @@ out: +@@ -2666,7 +2679,7 @@ out: return r; } @@ -125515,7 +125149,7 @@ index 95519bc..43f5d42 100644 .unlocked_ioctl = kvm_dev_ioctl, .compat_ioctl = kvm_dev_ioctl, .llseek = noop_llseek, -@@ -2672,7 +2685,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2692,7 +2705,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -125524,7 +125158,7 @@ index 95519bc..43f5d42 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2728,10 +2741,10 @@ static int hardware_enable_all(void) +@@ -2748,10 +2761,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -125537,7 +125171,7 @@ index 95519bc..43f5d42 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -3136,7 +3149,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -3156,7 +3169,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -125546,7 +125180,7 @@ index 95519bc..43f5d42 100644 struct module *module) { int r; -@@ -3183,7 +3196,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3203,7 +3216,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -125555,7 +125189,7 @@ index 95519bc..43f5d42 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -3193,9 +3206,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3213,9 +3226,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; @@ -125567,7 +125201,7 @@ index 95519bc..43f5d42 100644 r = misc_register(&kvm_dev); if (r) { -@@ -3205,9 +3220,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3225,9 +3240,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, register_syscore_ops(&kvm_syscore_ops); diff --git a/kernel/patches/grsecurity-fix.patch b/kernel/patches/grsecurity-fix.patch deleted file mode 100644 index 61d431309..000000000 --- a/kernel/patches/grsecurity-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h -index a31ecdad4b59..71bea3118348 100644 ---- a/arch/arm/include/asm/pgtable-3level.h -+++ b/arch/arm/include/asm/pgtable-3level.h -@@ -92,6 +92,7 @@ - #define L_PMD_SECT_SPLITTING (_AT(pmdval_t, 1) << 56) - #define L_PMD_SECT_NONE (_AT(pmdval_t, 1) << 57) - #define L_PMD_SECT_RDONLY (_AT(pteval_t, 1) << 58) -+#define PMD_SECT_RDONLY L_PMD_SECT_RDONLY - - /* - * To be used in assembly code with the upper page attributes. -- 2.39.2