diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2014-08-11 18:37:16 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2014-08-11 18:37:16 -0400 |
| commit | 57f18994252ed101648a261f83f589f64b29504f (patch) | |
| tree | c7b06527dfdc1562fc717c5dff6bcfb3201ca248 | |
| parent | Grsec/PaX: 3.0-{3.2.61,3.14.15,3.15.8}-201408040708 (diff) | |
| download | hardened-patchset-57f18994252ed101648a261f83f589f64b29504f.tar.gz hardened-patchset-57f18994252ed101648a261f83f589f64b29504f.tar.bz2 hardened-patchset-57f18994252ed101648a261f83f589f64b29504f.zip | |
Grsec/PaX: 3.0-{3.2.62,3.14.16,3.15.9}-20140811002520140811
| -rw-r--r-- | 3.14.16/0000_README (renamed from 3.14.15/0000_README) | 2 | ||||
| -rw-r--r-- | 3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch (renamed from 3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch) | 462 | ||||
| -rw-r--r-- | 3.14.16/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.15/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.16/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.15/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.14.16/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.15/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.16/4435_grsec-mute-warnings.patch (renamed from 3.14.15/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.14.16/4440_grsec-remove-protected-paths.patch (renamed from 3.14.15/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.16/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.15/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.14.16/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.15/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.14.16/4470_disable-compat_vdso.patch (renamed from 3.2.61/4470_disable-compat_vdso.patch) | 2 | ||||
| -rw-r--r-- | 3.14.16/4475_emutramp_default_on.patch (renamed from 3.14.15/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.15.9/0000_README (renamed from 3.15.8/0000_README) | 2 | ||||
| -rw-r--r-- | 3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch (renamed from 3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch) | 464 | ||||
| -rw-r--r-- | 3.15.9/4425_grsec_remove_EI_PAX.patch (renamed from 3.15.8/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.15.9/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.15.8/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.15.9/4430_grsec-remove-localversion-grsec.patch (renamed from 3.15.8/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.15.9/4435_grsec-mute-warnings.patch (renamed from 3.15.8/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.15.9/4440_grsec-remove-protected-paths.patch (renamed from 3.15.8/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.15.9/4450_grsec-kconfig-default-gids.patch (renamed from 3.15.8/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.15.9/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.15.8/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.15.9/4470_disable-compat_vdso.patch (renamed from 3.15.8/4470_disable-compat_vdso.patch) | 2 | ||||
| -rw-r--r-- | 3.15.9/4475_emutramp_default_on.patch (renamed from 3.15.8/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/0000_README (renamed from 3.2.61/0000_README) | 6 | ||||
| -rw-r--r-- | 3.2.62/1021_linux-3.2.22.patch (renamed from 3.2.61/1021_linux-3.2.22.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1022_linux-3.2.23.patch (renamed from 3.2.61/1022_linux-3.2.23.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1023_linux-3.2.24.patch (renamed from 3.2.61/1023_linux-3.2.24.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1024_linux-3.2.25.patch (renamed from 3.2.61/1024_linux-3.2.25.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1025_linux-3.2.26.patch (renamed from 3.2.61/1025_linux-3.2.26.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1026_linux-3.2.27.patch (renamed from 3.2.61/1026_linux-3.2.27.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1027_linux-3.2.28.patch (renamed from 3.2.61/1027_linux-3.2.28.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1028_linux-3.2.29.patch (renamed from 3.2.61/1028_linux-3.2.29.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1029_linux-3.2.30.patch (renamed from 3.2.61/1029_linux-3.2.30.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1030_linux-3.2.31.patch (renamed from 3.2.61/1030_linux-3.2.31.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1031_linux-3.2.32.patch (renamed from 3.2.61/1031_linux-3.2.32.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1032_linux-3.2.33.patch (renamed from 3.2.61/1032_linux-3.2.33.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1033_linux-3.2.34.patch (renamed from 3.2.61/1033_linux-3.2.34.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1034_linux-3.2.35.patch (renamed from 3.2.61/1034_linux-3.2.35.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1035_linux-3.2.36.patch (renamed from 3.2.61/1035_linux-3.2.36.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1036_linux-3.2.37.patch (renamed from 3.2.61/1036_linux-3.2.37.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1037_linux-3.2.38.patch (renamed from 3.2.61/1037_linux-3.2.38.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1038_linux-3.2.39.patch (renamed from 3.2.61/1038_linux-3.2.39.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1039_linux-3.2.40.patch (renamed from 3.2.61/1039_linux-3.2.40.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1040_linux-3.2.41.patch (renamed from 3.2.61/1040_linux-3.2.41.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1041_linux-3.2.42.patch (renamed from 3.2.61/1041_linux-3.2.42.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1042_linux-3.2.43.patch (renamed from 3.2.61/1042_linux-3.2.43.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1043_linux-3.2.44.patch (renamed from 3.2.61/1043_linux-3.2.44.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1044_linux-3.2.45.patch (renamed from 3.2.61/1044_linux-3.2.45.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1045_linux-3.2.46.patch (renamed from 3.2.61/1045_linux-3.2.46.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1046_linux-3.2.47.patch (renamed from 3.2.61/1046_linux-3.2.47.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1047_linux-3.2.48.patch (renamed from 3.2.61/1047_linux-3.2.48.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1048_linux-3.2.49.patch (renamed from 3.2.61/1048_linux-3.2.49.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1049_linux-3.2.50.patch (renamed from 3.2.61/1049_linux-3.2.50.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1050_linux-3.2.51.patch (renamed from 3.2.61/1050_linux-3.2.51.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1051_linux-3.2.52.patch (renamed from 3.2.61/1051_linux-3.2.52.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1052_linux-3.2.53.patch (renamed from 3.2.61/1052_linux-3.2.53.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1053_linux-3.2.54.patch (renamed from 3.2.61/1053_linux-3.2.54.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1054_linux-3.2.55.patch (renamed from 3.2.61/1054_linux-3.2.55.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1055_linux-3.2.56.patch (renamed from 3.2.61/1055_linux-3.2.56.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1056_linux-3.2.57.patch (renamed from 3.2.61/1056_linux-3.2.57.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1057_linux-3.2.58.patch (renamed from 3.2.61/1057_linux-3.2.58.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1058_linux-3.2.59.patch (renamed from 3.2.61/1058_linux-3.2.59.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1059_linux-3.2.60.patch (renamed from 3.2.61/1059_linux-3.2.60.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1060_linux-3.2.61.patch (renamed from 3.2.61/1060_linux-3.2.61.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/1061_linux-3.2.62.patch | 3129 | ||||
| -rw-r--r-- | 3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch (renamed from 3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch) | 472 | ||||
| -rw-r--r-- | 3.2.62/4425_grsec_remove_EI_PAX.patch (renamed from 3.2.61/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.2.61/4427_force_XATTR_PAX_tmpfs.patch) | 4 | ||||
| -rw-r--r-- | 3.2.62/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.61/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/4435_grsec-mute-warnings.patch (renamed from 3.2.61/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/4440_grsec-remove-protected-paths.patch (renamed from 3.2.61/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.61/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.61/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.2.62/4470_disable-compat_vdso.patch (renamed from 3.14.15/4470_disable-compat_vdso.patch) | 2 | ||||
| -rw-r--r-- | 3.2.62/4475_emutramp_default_on.patch (renamed from 3.2.61/4475_emutramp_default_on.patch) | 0 |
74 files changed, 3751 insertions, 796 deletions
diff --git a/3.14.15/0000_README b/3.14.16/0000_README index d7dc469..c6cf3fc 100644 --- a/3.14.15/0000_README +++ b/3.14.16/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.15-201408032014.patch +Patch: 4420_grsecurity-3.0-3.14.16-201408110024.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch b/3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch index 96db0fa..cd58a6f 100644 --- a/3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch +++ b/3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 188523e..5c8d8ee 100644 +index 8b22e24..7f4d29b 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -313,10 +313,13 @@ index 188523e..5c8d8ee 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -585,6 +586,72 @@ else +@@ -585,6 +586,75 @@ else KBUILD_CFLAGS += -O2 endif ++# Tell gcc to never replace conditional load with a non-conditional one ++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) ++ +ifndef DISABLE_PAX_PLUGINS +ifeq ($(call cc-ifversion, -ge, 0408, y), y) +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") @@ -386,7 +389,7 @@ index 188523e..5c8d8ee 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -781,7 +848,7 @@ export mod_sign_cmd +@@ -781,7 +851,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -395,7 +398,7 @@ index 188523e..5c8d8ee 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -830,6 +897,8 @@ endif +@@ -830,6 +900,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -404,7 +407,7 @@ index 188523e..5c8d8ee 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -839,7 +908,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -839,7 +911,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -413,7 +416,7 @@ index 188523e..5c8d8ee 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -882,10 +951,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ +@@ -882,10 +954,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ archprepare: archheaders archscripts prepare1 scripts_basic @@ -427,7 +430,7 @@ index 188523e..5c8d8ee 100644 prepare: prepare0 # Generate some files -@@ -993,6 +1065,8 @@ all: modules +@@ -993,6 +1068,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -436,7 +439,7 @@ index 188523e..5c8d8ee 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1008,7 +1082,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1008,7 +1085,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -445,7 +448,7 @@ index 188523e..5c8d8ee 100644 # Target to install modules PHONY += modules_install -@@ -1074,7 +1148,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1074,7 +1151,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -457,7 +460,7 @@ index 188523e..5c8d8ee 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1113,7 +1190,7 @@ distclean: mrproper +@@ -1113,7 +1193,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -466,7 +469,7 @@ index 188523e..5c8d8ee 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1275,6 +1352,8 @@ PHONY += $(module-dirs) modules +@@ -1275,6 +1355,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -475,7 +478,7 @@ index 188523e..5c8d8ee 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1414,17 +1493,21 @@ else +@@ -1414,17 +1496,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -501,7 +504,7 @@ index 188523e..5c8d8ee 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1434,11 +1517,15 @@ endif +@@ -1434,11 +1520,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -4329,7 +4332,7 @@ index 5e85ed3..b10a7ed 100644 } } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index b68c6b2..f66c492 100644 +index f15c22e..d830561 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -39,6 +39,22 @@ @@ -12643,7 +12646,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 7324107..a63fd9f 100644 +index c718d9f..511e6fa 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -126,7 +126,7 @@ config X86 @@ -12672,7 +12675,7 @@ index 7324107..a63fd9f 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -1112,7 +1113,7 @@ choice +@@ -1129,7 +1130,7 @@ choice config NOHIGHMEM bool "off" @@ -12681,7 +12684,7 @@ index 7324107..a63fd9f 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1149,7 +1150,7 @@ config NOHIGHMEM +@@ -1166,7 +1167,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12690,7 +12693,7 @@ index 7324107..a63fd9f 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1202,7 +1203,7 @@ config PAGE_OFFSET +@@ -1219,7 +1220,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12699,7 +12702,7 @@ index 7324107..a63fd9f 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1606,6 +1607,7 @@ source kernel/Kconfig.hz +@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12707,7 +12710,7 @@ index 7324107..a63fd9f 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1757,7 +1759,9 @@ config X86_NEED_RELOCS +@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12718,7 +12721,7 @@ index 7324107..a63fd9f 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1837,9 +1841,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -17184,7 +17187,7 @@ index 91d9c69..dfae7d0 100644 * Convert a virtual cached pointer to an uncached pointer */ diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h -index bba3cf8..06bc8da 100644 +index 0a8b519..80e7d5b 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void) @@ -18395,21 +18398,24 @@ index e22c1db..23a625a 100644 } diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h -index c883bf7..19970b3 100644 +index 7166e25..baaa6fe 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h -@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t; +@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t; #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) #define MODULES_END _AC(0xffffffffff000000, UL) #define MODULES_LEN (MODULES_END - MODULES_VADDR) +#define MODULES_EXEC_VADDR MODULES_VADDR +#define MODULES_EXEC_END MODULES_END -+ + #define ESPFIX_PGD_ENTRY _AC(-2, UL) + #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT) + +#define ktla_ktva(addr) (addr) +#define ktva_ktla(addr) (addr) - ++ #define EARLY_DYNAMIC_PAGE_TABLES 64 + #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 94e40f1..ebd03e4 100644 --- a/arch/x86/include/asm/pgtable_types.h @@ -20768,7 +20774,7 @@ index 7b0a55a..ad115bf 100644 /* top of stack page */ diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile -index cb648c8..91cb07e 100644 +index 56bac86..9d8df82 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o @@ -22489,7 +22495,7 @@ index 01d1c18..8073693 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index c87810b..413d83f 100644 +index c5a9cb9..228d280 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -22848,7 +22854,7 @@ index c87810b..413d83f 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -577,14 +784,34 @@ ldt_ss: +@@ -580,14 +787,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -22886,7 +22892,7 @@ index c87810b..413d83f 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -613,20 +840,18 @@ work_resched: +@@ -617,20 +844,18 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -22909,7 +22915,7 @@ index c87810b..413d83f 100644 #endif TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -647,7 +872,7 @@ work_notifysig_v86: +@@ -651,7 +876,7 @@ work_notifysig_v86: movl %eax, %esp jmp 1b #endif @@ -22918,7 +22924,7 @@ index c87810b..413d83f 100644 # perform syscall exit tracing ALIGN -@@ -655,11 +880,14 @@ syscall_trace_entry: +@@ -659,11 +884,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -22934,7 +22940,7 @@ index c87810b..413d83f 100644 # perform syscall exit tracing ALIGN -@@ -672,26 +900,30 @@ syscall_exit_work: +@@ -676,26 +904,30 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -22969,9 +22975,9 @@ index c87810b..413d83f 100644 CFI_ENDPROC /* * End of kprobes section -@@ -707,8 +939,15 @@ END(syscall_badsys) - * normal stack and adjusts ESP with the matching offset. +@@ -712,8 +944,15 @@ END(syscall_badsys) */ + #ifdef CONFIG_X86_ESPFIX32 /* fixup the stack */ - mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */ - mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */ @@ -22987,7 +22993,7 @@ index c87810b..413d83f 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -761,7 +1000,7 @@ vector=vector+1 +@@ -769,7 +1008,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -22996,7 +23002,7 @@ index c87810b..413d83f 100644 .previous END(interrupt) -@@ -822,7 +1061,7 @@ ENTRY(coprocessor_error) +@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -23005,7 +23011,7 @@ index c87810b..413d83f 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error) +@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error) .section .altinstructions,"a" altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f .previous @@ -23014,7 +23020,7 @@ index c87810b..413d83f 100644 663: pushl $do_simd_coprocessor_error 664: .previous -@@ -844,7 +1083,7 @@ ENTRY(simd_coprocessor_error) +@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -23023,7 +23029,7 @@ index c87810b..413d83f 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -853,18 +1092,18 @@ ENTRY(device_not_available) +@@ -861,18 +1100,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -23045,7 +23051,7 @@ index c87810b..413d83f 100644 #endif ENTRY(overflow) -@@ -874,7 +1113,7 @@ ENTRY(overflow) +@@ -882,7 +1121,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -23054,7 +23060,7 @@ index c87810b..413d83f 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -883,7 +1122,7 @@ ENTRY(bounds) +@@ -891,7 +1130,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -23063,7 +23069,7 @@ index c87810b..413d83f 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -892,7 +1131,7 @@ ENTRY(invalid_op) +@@ -900,7 +1139,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -23072,7 +23078,7 @@ index c87810b..413d83f 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -901,7 +1140,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -23081,7 +23087,7 @@ index c87810b..413d83f 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -909,7 +1148,7 @@ ENTRY(invalid_TSS) +@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -23090,7 +23096,7 @@ index c87810b..413d83f 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -917,7 +1156,7 @@ ENTRY(segment_not_present) +@@ -925,7 +1164,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -23099,7 +23105,7 @@ index c87810b..413d83f 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -925,7 +1164,7 @@ ENTRY(stack_segment) +@@ -933,7 +1172,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -23108,7 +23114,7 @@ index c87810b..413d83f 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -933,7 +1172,7 @@ ENTRY(alignment_check) +@@ -941,7 +1180,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -23117,7 +23123,7 @@ index c87810b..413d83f 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -942,7 +1181,7 @@ ENTRY(divide_error) +@@ -950,7 +1189,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -23126,7 +23132,7 @@ index c87810b..413d83f 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -952,7 +1191,7 @@ ENTRY(machine_check) +@@ -960,7 +1199,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -23135,7 +23141,7 @@ index c87810b..413d83f 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -962,7 +1201,7 @@ ENTRY(spurious_interrupt_bug) +@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -23144,7 +23150,7 @@ index c87810b..413d83f 100644 /* * End of kprobes section */ -@@ -1072,7 +1311,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, +@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, ENTRY(mcount) ret @@ -23153,7 +23159,7 @@ index c87810b..413d83f 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1105,7 +1344,7 @@ ftrace_graph_call: +@@ -1113,7 +1352,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -23162,7 +23168,7 @@ index c87810b..413d83f 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1209,7 +1448,7 @@ trace: +@@ -1217,7 +1456,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -23171,7 +23177,7 @@ index c87810b..413d83f 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1227,7 +1466,7 @@ ENTRY(ftrace_graph_caller) +@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -23180,7 +23186,7 @@ index c87810b..413d83f 100644 .globl return_to_handler return_to_handler: -@@ -1293,15 +1532,18 @@ error_code: +@@ -1301,15 +1540,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -23201,7 +23207,7 @@ index c87810b..413d83f 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1344,7 +1586,7 @@ debug_stack_correct: +@@ -1352,7 +1594,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -23210,7 +23216,7 @@ index c87810b..413d83f 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1382,6 +1624,9 @@ nmi_stack_correct: +@@ -1392,6 +1634,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -23220,7 +23226,7 @@ index c87810b..413d83f 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1418,12 +1663,15 @@ nmi_espfix_stack: +@@ -1429,13 +1674,16 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -23231,13 +23237,14 @@ index c87810b..413d83f 100644 lss 12+4(%esp), %esp # back to espfix stack CFI_ADJUST_CFA_OFFSET -24 jmp irq_return + #endif CFI_ENDPROC -END(nmi) +ENDPROC(nmi) ENTRY(int3) RING0_INT_FRAME -@@ -1436,14 +1684,14 @@ ENTRY(int3) +@@ -1448,14 +1696,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -23254,7 +23261,7 @@ index c87810b..413d83f 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1452,7 +1700,7 @@ ENTRY(async_page_fault) +@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -23264,19 +23271,19 @@ index c87810b..413d83f 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 1e96c36..3ff710a 100644 +index 03cd2a8..05a9aed 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -59,6 +59,8 @@ - #include <asm/context_tracking.h> +@@ -60,6 +60,8 @@ #include <asm/smap.h> + #include <asm/pgtable_types.h> #include <linux/err.h> +#include <asm/pgtable.h> +#include <asm/alternative-asm.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -80,8 +82,9 @@ +@@ -81,8 +83,9 @@ #ifdef CONFIG_DYNAMIC_FTRACE ENTRY(function_hook) @@ -23287,7 +23294,7 @@ index 1e96c36..3ff710a 100644 /* skip is set if stack has been adjusted */ .macro ftrace_caller_setup skip=0 -@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call) +@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -23298,7 +23305,7 @@ index 1e96c36..3ff710a 100644 ENTRY(ftrace_regs_caller) /* Save the current flags before compare (in SS location)*/ -@@ -191,7 +195,7 @@ ftrace_restore_flags: +@@ -192,7 +196,7 @@ ftrace_restore_flags: popfq jmp ftrace_stub @@ -23307,7 +23314,7 @@ index 1e96c36..3ff710a 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -212,6 +216,7 @@ ENTRY(function_hook) +@@ -213,6 +217,7 @@ ENTRY(function_hook) #endif GLOBAL(ftrace_stub) @@ -23315,7 +23322,7 @@ index 1e96c36..3ff710a 100644 retq trace: -@@ -225,12 +230,13 @@ trace: +@@ -226,12 +231,13 @@ trace: #endif subq $MCOUNT_INSN_SIZE, %rdi @@ -23330,7 +23337,7 @@ index 1e96c36..3ff710a 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller) +@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -23341,7 +23348,7 @@ index 1e96c36..3ff710a 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -269,7 +276,9 @@ GLOBAL(return_to_handler) +@@ -270,7 +277,9 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -23351,7 +23358,7 @@ index 1e96c36..3ff710a 100644 #endif -@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64) +@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -23782,7 +23789,7 @@ index 1e96c36..3ff710a 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64) +@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64) .endm .macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET @@ -23791,7 +23798,7 @@ index 1e96c36..3ff710a 100644 jnc 1f TRACE_IRQS_ON_DEBUG 1: -@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64) +@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64) movq \tmp,R11+\offset(%rsp) .endm @@ -23819,7 +23826,7 @@ index 1e96c36..3ff710a 100644 /* * initial frame state for interrupts (and exceptions without error code) */ -@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64) +@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64) /* save partial stack frame */ .macro SAVE_ARGS_IRQ cld @@ -23859,7 +23866,7 @@ index 1e96c36..3ff710a 100644 je 1f SWAPGS /* -@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64) +@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64) 0x06 /* DW_OP_deref */, \ 0x08 /* DW_OP_const1u */, SS+8-RBP, \ 0x22 /* DW_OP_plus */ @@ -23878,7 +23885,7 @@ index 1e96c36..3ff710a 100644 /* We entered an interrupt context - irqs are off: */ TRACE_IRQS_OFF .endm -@@ -514,9 +939,52 @@ ENTRY(save_paranoid) +@@ -515,9 +940,52 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -23933,7 +23940,7 @@ index 1e96c36..3ff710a 100644 .popsection /* -@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork) +@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23942,7 +23949,7 @@ index 1e96c36..3ff710a 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork) +@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath 1: @@ -23959,7 +23966,7 @@ index 1e96c36..3ff710a 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -593,7 +1059,7 @@ END(ret_from_fork) +@@ -594,7 +1060,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23968,7 +23975,7 @@ index 1e96c36..3ff710a 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs) +@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -23994,7 +24001,7 @@ index 1e96c36..3ff710a 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -639,10 +1112,13 @@ sysret_check: +@@ -640,10 +1113,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -24009,7 +24016,7 @@ index 1e96c36..3ff710a 100644 /* * sysretq will re-enable interrupts: */ -@@ -701,6 +1177,9 @@ auditsys: +@@ -702,6 +1178,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -24019,7 +24026,7 @@ index 1e96c36..3ff710a 100644 LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -722,7 +1201,7 @@ sysret_audit: +@@ -723,7 +1202,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -24028,7 +24035,7 @@ index 1e96c36..3ff710a 100644 jz auditsys #endif SAVE_REST -@@ -730,12 +1209,15 @@ tracesys: +@@ -731,12 +1210,15 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -24045,7 +24052,7 @@ index 1e96c36..3ff710a 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -765,7 +1247,9 @@ GLOBAL(int_with_check) +@@ -766,7 +1248,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -24056,7 +24063,7 @@ index 1e96c36..3ff710a 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -811,7 +1295,7 @@ int_restore_rest: +@@ -812,7 +1296,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -24065,7 +24072,7 @@ index 1e96c36..3ff710a 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -824,9 +1308,10 @@ ENTRY(stub_\func) +@@ -825,9 +1309,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -24078,7 +24085,7 @@ index 1e96c36..3ff710a 100644 .endm .macro FIXED_FRAME label,func -@@ -836,9 +1321,10 @@ ENTRY(\label) +@@ -837,9 +1322,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -24090,7 +24097,7 @@ index 1e96c36..3ff710a 100644 .endm FORK_LIKE clone -@@ -846,19 +1332,6 @@ END(\label) +@@ -847,19 +1333,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -24110,7 +24117,7 @@ index 1e96c36..3ff710a 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -870,7 +1343,7 @@ ENTRY(stub_execve) +@@ -871,7 +1344,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24119,7 +24126,7 @@ index 1e96c36..3ff710a 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn) +@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24128,7 +24135,7 @@ index 1e96c36..3ff710a 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24137,7 +24144,7 @@ index 1e96c36..3ff710a 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve) +@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24146,7 +24153,7 @@ index 1e96c36..3ff710a 100644 #endif -@@ -952,7 +1425,7 @@ vector=vector+1 +@@ -953,7 +1426,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -24155,7 +24162,7 @@ index 1e96c36..3ff710a 100644 .previous END(interrupt) -@@ -969,8 +1442,8 @@ END(interrupt) +@@ -970,8 +1443,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -24166,7 +24173,7 @@ index 1e96c36..3ff710a 100644 SAVE_ARGS_IRQ call \func .endm -@@ -997,14 +1470,14 @@ ret_from_intr: +@@ -998,14 +1471,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -24185,7 +24192,7 @@ index 1e96c36..3ff710a 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */ +@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -24202,16 +24209,32 @@ index 1e96c36..3ff710a 100644 /* * The iretq could re-enable interrupts: */ -@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel) +@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel) + jmp exit_intr #endif - CFI_ENDPROC -END(common_interrupt) +ENDPROC(common_interrupt) - /* - * End of kprobes section - */ -@@ -1130,7 +1607,7 @@ ENTRY(\sym) + + /* + * If IRET takes a fault on the espfix stack, then we +@@ -1167,13 +1644,13 @@ __do_double_fault: + cmpq $native_irq_return_iret,%rax + jne do_double_fault /* This shouldn't happen... */ + movq PER_CPU_VAR(kernel_stack),%rax +- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ ++ subq $(6*8),%rax /* Reset to original stack */ + movq %rax,RSP(%rdi) + movq $0,(%rax) /* Missing (lost) #GP error code */ + movq $general_protection,RIP(%rdi) + retq + CFI_ENDPROC +-END(__do_double_fault) ++ENDPROC(__do_double_fault) + #else + # define __do_double_fault do_double_fault + #endif +@@ -1195,7 +1672,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -24220,7 +24243,7 @@ index 1e96c36..3ff710a 100644 .endm #ifdef CONFIG_TRACING -@@ -1218,7 +1695,7 @@ ENTRY(\sym) +@@ -1283,7 +1760,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24229,7 +24252,7 @@ index 1e96c36..3ff710a 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1236,10 +1713,10 @@ ENTRY(\sym) +@@ -1301,10 +1778,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24242,7 +24265,7 @@ index 1e96c36..3ff710a 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1252,12 +1729,18 @@ ENTRY(\sym) +@@ -1317,12 +1794,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -24262,7 +24285,7 @@ index 1e96c36..3ff710a 100644 .endm .macro errorentry sym do_sym -@@ -1275,7 +1758,7 @@ ENTRY(\sym) +@@ -1340,7 +1823,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24271,7 +24294,7 @@ index 1e96c36..3ff710a 100644 .endm #ifdef CONFIG_TRACING -@@ -1306,7 +1789,7 @@ ENTRY(\sym) +@@ -1371,7 +1854,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24280,7 +24303,7 @@ index 1e96c36..3ff710a 100644 .endm zeroentry divide_error do_divide_error -@@ -1336,9 +1819,10 @@ gs_change: +@@ -1401,9 +1884,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24292,7 +24315,7 @@ index 1e96c36..3ff710a 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack) +@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24304,7 +24327,7 @@ index 1e96c36..3ff710a 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24313,7 +24336,7 @@ index 1e96c36..3ff710a 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback) +@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24322,7 +24345,7 @@ index 1e96c36..3ff710a 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit) +@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24358,7 +24381,7 @@ index 1e96c36..3ff710a 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1557,7 +2057,7 @@ paranoid_schedule: +@@ -1622,7 +2122,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24367,7 +24390,7 @@ index 1e96c36..3ff710a 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1584,12 +2084,23 @@ ENTRY(error_entry) +@@ -1649,12 +2149,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -24392,7 +24415,7 @@ index 1e96c36..3ff710a 100644 ret /* -@@ -1616,7 +2127,7 @@ bstep_iret: +@@ -1681,7 +2192,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -24401,7 +24424,7 @@ index 1e96c36..3ff710a 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1627,7 +2138,7 @@ ENTRY(error_exit) +@@ -1692,7 +2203,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24410,7 +24433,7 @@ index 1e96c36..3ff710a 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1636,7 +2147,7 @@ ENTRY(error_exit) +@@ -1701,7 +2212,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24419,7 +24442,7 @@ index 1e96c36..3ff710a 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1694,9 +2205,11 @@ ENTRY(nmi) +@@ -1759,9 +2270,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24432,7 +24455,7 @@ index 1e96c36..3ff710a 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1730,8 +2243,7 @@ nested_nmi: +@@ -1795,8 +2308,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24442,7 +24465,7 @@ index 1e96c36..3ff710a 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1749,6 +2261,7 @@ nested_nmi_out: +@@ -1814,6 +2326,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24450,7 +24473,7 @@ index 1e96c36..3ff710a 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1845,13 +2358,13 @@ end_repeat_nmi: +@@ -1910,13 +2423,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24466,7 +24489,7 @@ index 1e96c36..3ff710a 100644 DEFAULT_FRAME 0 /* -@@ -1861,9 +2374,9 @@ end_repeat_nmi: +@@ -1926,9 +2439,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24478,7 +24501,7 @@ index 1e96c36..3ff710a 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1872,31 +2385,36 @@ end_repeat_nmi: +@@ -1937,31 +2450,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -24520,6 +24543,19 @@ index 1e96c36..3ff710a 100644 /* * End of kprobes section +diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c +index 94d857f..bf1f0bf 100644 +--- a/arch/x86/kernel/espfix_64.c ++++ b/arch/x86/kernel/espfix_64.c +@@ -197,7 +197,7 @@ void init_espfix_ap(void) + set_pte(&pte_p[n*PTE_STRIDE], pte); + + /* Job is done for this CPU and any CPU which shares this page */ +- ACCESS_ONCE(espfix_pages[page]) = stack_page; ++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page; + + unlock_done: + mutex_unlock(&espfix_init_mutex); diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c index 1ffc32d..e52c745 100644 --- a/arch/x86/kernel/ftrace.c @@ -26002,10 +26038,10 @@ index c2bedae..25e7ab60 100644 .name = "data", .mode = S_IRUGO, diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index dcbbaa1..81ae763 100644 +index c37886d..d851d32 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c -@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) +@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) if (reload) { #ifdef CONFIG_SMP preempt_disable(); @@ -26021,7 +26057,7 @@ index dcbbaa1..81ae763 100644 #endif } if (oldsize) { -@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) +@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) return err; for (i = 0; i < old->size; i++) @@ -26030,7 +26066,7 @@ index dcbbaa1..81ae763 100644 return 0; } -@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) +@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) retval = copy_ldt(&mm->context, &old_mm->context); mutex_unlock(&old_mm->context.lock); } @@ -26055,7 +26091,7 @@ index dcbbaa1..81ae763 100644 return retval; } -@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -26066,9 +26102,9 @@ index dcbbaa1..81ae763 100644 + } +#endif + - /* - * On x86-64 we do not support 16-bit segments due to - * IRET leaking the high bits of the kernel stack address. + if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) { + error = -EINVAL; + goto out_unlock; diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c index 1667b1d..16492c5 100644 --- a/arch/x86/kernel/machine_kexec_32.c @@ -27459,7 +27495,7 @@ index 7c3a5a6..f0a8961 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index a32da80..041a4ff 100644 +index 395be6d..11665af 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused) @@ -27484,7 +27520,7 @@ index a32da80..041a4ff 100644 /* * Check TSC synchronization with the BP: */ -@@ -749,8 +752,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -756,8 +759,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) alternatives_enable_smp(); idle->thread.sp = (unsigned long) (((struct pt_regs *) @@ -27495,7 +27531,7 @@ index a32da80..041a4ff 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -758,11 +762,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -765,11 +769,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); @@ -27512,7 +27548,7 @@ index a32da80..041a4ff 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -911,6 +917,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -918,6 +924,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -35813,7 +35849,7 @@ index fd14be1..e3c79c0 100644 # diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c -index f1d633a..a75c5f7 100644 +index d6bfb87..876ee18 100644 --- a/arch/x86/vdso/vdso32-setup.c +++ b/arch/x86/vdso/vdso32-setup.c @@ -25,6 +25,7 @@ @@ -35824,7 +35860,7 @@ index f1d633a..a75c5f7 100644 enum { VDSO_DISABLED = 0, -@@ -227,7 +228,7 @@ static inline void map_compat_vdso(int map) +@@ -226,7 +227,7 @@ static inline void map_compat_vdso(int map) void enable_sep_cpu(void) { int cpu = get_cpu(); @@ -35833,7 +35869,7 @@ index f1d633a..a75c5f7 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); -@@ -250,7 +251,7 @@ static int __init gate_vma_init(void) +@@ -249,7 +250,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -35842,7 +35878,7 @@ index f1d633a..a75c5f7 100644 return 0; } -@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -330,14 +331,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (compat) addr = VDSO_HIGH_BASE; else { @@ -35859,7 +35895,7 @@ index f1d633a..a75c5f7 100644 if (compat_uses_vma || !compat) { /* -@@ -354,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -353,11 +354,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) } current_thread_info()->sysenter_return = @@ -35873,7 +35909,7 @@ index f1d633a..a75c5f7 100644 up_write(&mm->mmap_sem); -@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init); +@@ -404,8 +405,14 @@ __initcall(ia32_binfmt_init); const char *arch_vma_name(struct vm_area_struct *vma) { @@ -35889,7 +35925,7 @@ index f1d633a..a75c5f7 100644 return NULL; } -@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) +@@ -415,7 +422,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) * Check to see if the corresponding task was created in compat vdso * mode. */ @@ -36582,26 +36618,6 @@ index 2648797..92ed21f 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index 966f893..6a3ad80 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -21,6 +21,7 @@ - #include <linux/module.h> - #include <linux/net.h> - #include <linux/rwsem.h> -+#include <linux/security.h> - - struct alg_type_list { - const struct af_alg_type *type; -@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) - - sock_init_data(newsock, sk2); - sock_graft(sk2, newsock); -+ security_sk_clone(sk, sk2); - - err = type->accept(ask->private, sk2); - if (err) { diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -39529,10 +39545,10 @@ index 18448a7..d5fad43 100644 /* Force all MSRs to the same value */ diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 199b52b..e3503bb 100644 +index 153f4b9..d47054a 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -1970,7 +1970,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) +@@ -1972,7 +1972,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) #endif mutex_lock(&cpufreq_governor_mutex); @@ -39541,7 +39557,7 @@ index 199b52b..e3503bb 100644 mutex_unlock(&cpufreq_governor_mutex); return; } -@@ -2200,7 +2200,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -2202,7 +2202,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -39550,7 +39566,7 @@ index 199b52b..e3503bb 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -2240,13 +2240,17 @@ int cpufreq_boost_trigger_state(int state) +@@ -2242,13 +2242,17 @@ int cpufreq_boost_trigger_state(int state) return 0; write_lock_irqsave(&cpufreq_driver_lock, flags); @@ -39570,7 +39586,7 @@ index 199b52b..e3503bb 100644 write_unlock_irqrestore(&cpufreq_driver_lock, flags); pr_err("%s: Cannot %s BOOST\n", __func__, -@@ -2300,8 +2304,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2302,8 +2306,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -39584,7 +39600,7 @@ index 199b52b..e3503bb 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { -@@ -2316,8 +2323,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2318,8 +2325,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) * Check if driver provides function to enable boost - * if not, use cpufreq_boost_set_sw as default */ @@ -50470,25 +50486,10 @@ index d8afec8..3ec7152 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 62ec84b..384f684 100644 +index 64e487a..384f684 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -831,6 +831,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes) - scsi_next_command(cmd); - return; - } -+ } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) { -+ /* -+ * Certain non BLOCK_PC requests are commands that don't -+ * actually transfer anything (FLUSH), so cannot use -+ * good_bytes != blk_rq_bytes(req) as the signal for an error. -+ * This sets the error explicitly for the problem case. -+ */ -+ error = __scsi_error_from_host_byte(cmd, result); - } - - /* no bidi support for !REQ_TYPE_BLOCK_PC yet */ -@@ -1474,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1482,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -50497,7 +50498,7 @@ index 62ec84b..384f684 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1500,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1508,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -63137,6 +63138,19 @@ index 15f9d98..082c625 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) +diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c +index 8f854dd..d0fec26 100644 +--- a/fs/nfs/nfs3acl.c ++++ b/fs/nfs/nfs3acl.c +@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data, + char *p = data + *result; + + acl = get_acl(inode, type); +- if (!acl) ++ if (IS_ERR_OR_NULL(acl)) + return 0; + + posix_acl_release(acl); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index f23a6ca..730ddcc 100644 --- a/fs/nfsd/nfs4proc.c @@ -80441,10 +80455,10 @@ index 0000000..b02ba9d +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..5c4bdee +index 0000000..b87dd26 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,249 @@ +@@ -0,0 +1,252 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -80456,6 +80470,9 @@ index 0000000..5c4bdee +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP) +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled." +#endif ++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled" ++#endif +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC) +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled." +#endif @@ -82371,7 +82388,7 @@ index 1841b58..fbeebf8 100644 #define preempt_set_need_resched() \ do { \ diff --git a/include/linux/printk.h b/include/linux/printk.h -index fa47e27..c08e034 100644 +index cbf094f..86007b7 100644 --- a/include/linux/printk.h +++ b/include/linux/printk.h @@ -114,6 +114,8 @@ static inline __printf(1, 2) __cold @@ -85877,7 +85894,7 @@ index 93b6139..8d628b7 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 9c7fd4c..650b4f1 100644 +index 58c132d..ac3f3b0 100644 --- a/init/main.c +++ b/init/main.c @@ -97,6 +97,8 @@ extern void radix_tree_init(void); @@ -85965,7 +85982,7 @@ index 9c7fd4c..650b4f1 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -85996,7 +86013,7 @@ index 9c7fd4c..650b4f1 100644 return ret; } -@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename) +@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(getname_kernel(init_filename), @@ -86007,7 +86024,7 @@ index 9c7fd4c..650b4f1 100644 } static int try_to_run_init_process(const char *init_filename) -@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename) +@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename) return ret; } @@ -86018,7 +86035,7 @@ index 9c7fd4c..650b4f1 100644 static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) -@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused) +@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused) ramdisk_execute_command, ret); } @@ -86030,7 +86047,7 @@ index 9c7fd4c..650b4f1 100644 /* * We try each of these until one succeeds. * -@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -86039,7 +86056,7 @@ index 9c7fd4c..650b4f1 100644 pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -89701,7 +89718,7 @@ index 14f9a8d..98ee610 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c -index 4dae9cb..039ffbb 100644 +index 8c086e6..a52bc51 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file) @@ -90706,7 +90723,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 0aae0fc..2ba2b81 100644 +index 515e212..268a828 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -93559,23 +93576,6 @@ index 539eeb9..e24a987 100644 error = 0; if (end == start) return error; -diff --git a/mm/memcontrol.c b/mm/memcontrol.c -index 5b6b003..9b35da2 100644 ---- a/mm/memcontrol.c -+++ b/mm/memcontrol.c -@@ -5670,8 +5670,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg) - { - struct mem_cgroup_eventfd_list *ev; - -+ spin_lock(&memcg_oom_lock); -+ - list_for_each_entry(ev, &memcg->oom_notify, list) - eventfd_signal(ev->eventfd, 1); -+ -+ spin_unlock(&memcg_oom_lock); - return 0; - } - diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 33365e9..2234ef9 100644 --- a/mm/memory-failure.c @@ -96220,7 +96220,7 @@ index 8740213..f87e25b 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index d013dba..d5ae30d 100644 +index 9f45f87..749bfd8 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, @@ -96233,7 +96233,7 @@ index d013dba..d5ae30d 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 7e7f947..254d009 100644 +index 62e400d..2072e4e 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -98241,7 +98241,7 @@ index 876fbe8..8bbea9f 100644 #undef __HANDLE_ITEM } diff --git a/net/atm/lec.c b/net/atm/lec.c -index 5a2f602..9396143 100644 +index 5a2f602..93961433 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -111,9 +111,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry) @@ -102123,28 +102123,6 @@ index 7932697..a13d158 100644 } while (!res); return res; } -diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c -index ec66063..1e05bbd 100644 ---- a/net/l2tp/l2tp_ppp.c -+++ b/net/l2tp/l2tp_ppp.c -@@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, - int err; - - if (level != SOL_PPPOL2TP) -- return udp_prot.setsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (optlen < sizeof(int)) - return -EINVAL; -@@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, - struct pppol2tp_session *ps; - - if (level != SOL_PPPOL2TP) -- return udp_prot.getsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (get_user(len, optlen)) - return -EFAULT; diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c index 1a3c7e0..80f8b0c 100644 --- a/net/llc/llc_proc.c diff --git a/3.14.15/4425_grsec_remove_EI_PAX.patch b/3.14.16/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.14.15/4425_grsec_remove_EI_PAX.patch +++ b/3.14.16/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.15/4427_force_XATTR_PAX_tmpfs.patch b/3.14.16/4427_force_XATTR_PAX_tmpfs.patch index 11a7d2c..11a7d2c 100644 --- a/3.14.15/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.16/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.15/4430_grsec-remove-localversion-grsec.patch b/3.14.16/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.15/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.16/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.15/4435_grsec-mute-warnings.patch b/3.14.16/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.15/4435_grsec-mute-warnings.patch +++ b/3.14.16/4435_grsec-mute-warnings.patch diff --git a/3.14.15/4440_grsec-remove-protected-paths.patch b/3.14.16/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.15/4440_grsec-remove-protected-paths.patch +++ b/3.14.16/4440_grsec-remove-protected-paths.patch diff --git a/3.14.15/4450_grsec-kconfig-default-gids.patch b/3.14.16/4450_grsec-kconfig-default-gids.patch index af218a8..af218a8 100644 --- a/3.14.15/4450_grsec-kconfig-default-gids.patch +++ b/3.14.16/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.15/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.16/4465_selinux-avc_audit-log-curr_ip.patch index fb528d0..fb528d0 100644 --- a/3.14.15/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.16/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.61/4470_disable-compat_vdso.patch b/3.14.16/4470_disable-compat_vdso.patch index f6eb9f7..35a4840 100644 --- a/3.2.61/4470_disable-compat_vdso.patch +++ b/3.14.16/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1654,17 +1654,8 @@ +@@ -1859,17 +1859,8 @@ config COMPAT_VDSO def_bool n diff --git a/3.14.15/4475_emutramp_default_on.patch b/3.14.16/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.14.15/4475_emutramp_default_on.patch +++ b/3.14.16/4475_emutramp_default_on.patch diff --git a/3.15.8/0000_README b/3.15.9/0000_README index e6666ca..1b914bb 100644 --- a/3.15.8/0000_README +++ b/3.15.9/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.15.8-201408040708.patch +Patch: 4420_grsecurity-3.0-3.15.9-201408110025.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch b/3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch index 923c63e..eb185bb 100644 --- a/3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch +++ b/3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch @@ -287,7 +287,7 @@ index 30a8ad0d..2ed9efd 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index d5d9a22..998d19e 100644 +index 25b85ab..131efa3 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -313,10 +313,13 @@ index d5d9a22..998d19e 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -600,6 +601,72 @@ else +@@ -600,6 +601,75 @@ else KBUILD_CFLAGS += -O2 endif ++# Tell gcc to never replace conditional load with a non-conditional one ++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) ++ +ifndef DISABLE_PAX_PLUGINS +ifeq ($(call cc-ifversion, -ge, 0408, y), y) +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") @@ -386,7 +389,7 @@ index d5d9a22..998d19e 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -818,7 +885,7 @@ export mod_sign_cmd +@@ -818,7 +888,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -395,7 +398,7 @@ index d5d9a22..998d19e 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -867,6 +934,8 @@ endif +@@ -867,6 +937,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -404,7 +407,7 @@ index d5d9a22..998d19e 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -876,7 +945,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -876,7 +948,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -413,7 +416,7 @@ index d5d9a22..998d19e 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -919,10 +988,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ +@@ -919,10 +991,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ archprepare: archheaders archscripts prepare1 scripts_basic @@ -427,7 +430,7 @@ index d5d9a22..998d19e 100644 prepare: prepare0 # Generate some files -@@ -1030,6 +1102,8 @@ all: modules +@@ -1030,6 +1105,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -436,7 +439,7 @@ index d5d9a22..998d19e 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1045,7 +1119,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1045,7 +1122,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -445,7 +448,7 @@ index d5d9a22..998d19e 100644 # Target to install modules PHONY += modules_install -@@ -1111,7 +1185,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1111,7 +1188,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -457,7 +460,7 @@ index d5d9a22..998d19e 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1150,7 +1227,7 @@ distclean: mrproper +@@ -1150,7 +1230,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -466,7 +469,7 @@ index d5d9a22..998d19e 100644 -type f -print | xargs rm -f -@@ -1311,6 +1388,8 @@ PHONY += $(module-dirs) modules +@@ -1311,6 +1391,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -475,7 +478,7 @@ index d5d9a22..998d19e 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1450,17 +1529,21 @@ else +@@ -1450,17 +1532,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -501,7 +504,7 @@ index d5d9a22..998d19e 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1470,11 +1553,15 @@ endif +@@ -1470,11 +1556,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -4367,7 +4370,7 @@ index 5e85ed3..b10a7ed 100644 } } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index b68c6b2..f66c492 100644 +index f15c22e..d830561 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -39,6 +39,22 @@ @@ -12309,7 +12312,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 512e45f..2d49d9d 100644 +index 1dd1408..be4ce12 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -127,7 +127,7 @@ config X86 @@ -12338,7 +12341,7 @@ index 512e45f..2d49d9d 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -1055,6 +1056,7 @@ choice +@@ -1072,6 +1073,7 @@ choice config NOHIGHMEM bool "off" @@ -12346,7 +12349,7 @@ index 512e45f..2d49d9d 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1091,6 +1093,7 @@ config NOHIGHMEM +@@ -1108,6 +1110,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12354,7 +12357,7 @@ index 512e45f..2d49d9d 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1143,7 +1146,7 @@ config PAGE_OFFSET +@@ -1160,7 +1163,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12363,7 +12366,7 @@ index 512e45f..2d49d9d 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1556,6 +1559,7 @@ source kernel/Kconfig.hz +@@ -1573,6 +1576,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12371,7 +12374,7 @@ index 512e45f..2d49d9d 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1707,7 +1711,9 @@ config X86_NEED_RELOCS +@@ -1724,7 +1728,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12382,7 +12385,7 @@ index 512e45f..2d49d9d 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1790,6 +1796,7 @@ config COMPAT_VDSO +@@ -1807,6 +1813,7 @@ config COMPAT_VDSO def_bool n prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" depends on X86_32 || IA32_EMULATION @@ -16835,7 +16838,7 @@ index b8237d8..3e8864e 100644 * Convert a virtual cached pointer to an uncached pointer */ diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h -index bba3cf8..06bc8da 100644 +index 0a8b519..80e7d5b 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void) @@ -18051,21 +18054,24 @@ index e22c1db..23a625a 100644 } diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h -index c883bf7..19970b3 100644 +index 7166e25..baaa6fe 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h -@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t; +@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t; #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) #define MODULES_END _AC(0xffffffffff000000, UL) #define MODULES_LEN (MODULES_END - MODULES_VADDR) +#define MODULES_EXEC_VADDR MODULES_VADDR +#define MODULES_EXEC_END MODULES_END -+ + #define ESPFIX_PGD_ENTRY _AC(-2, UL) + #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT) + +#define ktla_ktva(addr) (addr) +#define ktva_ktla(addr) (addr) - ++ #define EARLY_DYNAMIC_PAGE_TABLES 64 + #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index eb3d449..8d95316 100644 --- a/arch/x86/include/asm/pgtable_types.h @@ -20361,7 +20367,7 @@ index 7b0a55a..ad115bf 100644 /* top of stack page */ diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile -index f4d9600..b45af01 100644 +index 491ef3e..7da98ce 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o @@ -22034,7 +22040,7 @@ index 01d1c18..8073693 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index c87810b..413d83f 100644 +index c5a9cb9..228d280 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -22393,7 +22399,7 @@ index c87810b..413d83f 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -577,14 +784,34 @@ ldt_ss: +@@ -580,14 +787,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -22431,7 +22437,7 @@ index c87810b..413d83f 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -613,20 +840,18 @@ work_resched: +@@ -617,20 +844,18 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -22454,7 +22460,7 @@ index c87810b..413d83f 100644 #endif TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -647,7 +872,7 @@ work_notifysig_v86: +@@ -651,7 +876,7 @@ work_notifysig_v86: movl %eax, %esp jmp 1b #endif @@ -22463,7 +22469,7 @@ index c87810b..413d83f 100644 # perform syscall exit tracing ALIGN -@@ -655,11 +880,14 @@ syscall_trace_entry: +@@ -659,11 +884,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -22479,7 +22485,7 @@ index c87810b..413d83f 100644 # perform syscall exit tracing ALIGN -@@ -672,26 +900,30 @@ syscall_exit_work: +@@ -676,26 +904,30 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -22514,9 +22520,9 @@ index c87810b..413d83f 100644 CFI_ENDPROC /* * End of kprobes section -@@ -707,8 +939,15 @@ END(syscall_badsys) - * normal stack and adjusts ESP with the matching offset. +@@ -712,8 +944,15 @@ END(syscall_badsys) */ + #ifdef CONFIG_X86_ESPFIX32 /* fixup the stack */ - mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */ - mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */ @@ -22532,7 +22538,7 @@ index c87810b..413d83f 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -761,7 +1000,7 @@ vector=vector+1 +@@ -769,7 +1008,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -22541,7 +22547,7 @@ index c87810b..413d83f 100644 .previous END(interrupt) -@@ -822,7 +1061,7 @@ ENTRY(coprocessor_error) +@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -22550,7 +22556,7 @@ index c87810b..413d83f 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error) +@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error) .section .altinstructions,"a" altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f .previous @@ -22559,7 +22565,7 @@ index c87810b..413d83f 100644 663: pushl $do_simd_coprocessor_error 664: .previous -@@ -844,7 +1083,7 @@ ENTRY(simd_coprocessor_error) +@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -22568,7 +22574,7 @@ index c87810b..413d83f 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -853,18 +1092,18 @@ ENTRY(device_not_available) +@@ -861,18 +1100,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -22590,7 +22596,7 @@ index c87810b..413d83f 100644 #endif ENTRY(overflow) -@@ -874,7 +1113,7 @@ ENTRY(overflow) +@@ -882,7 +1121,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -22599,7 +22605,7 @@ index c87810b..413d83f 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -883,7 +1122,7 @@ ENTRY(bounds) +@@ -891,7 +1130,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -22608,7 +22614,7 @@ index c87810b..413d83f 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -892,7 +1131,7 @@ ENTRY(invalid_op) +@@ -900,7 +1139,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -22617,7 +22623,7 @@ index c87810b..413d83f 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -901,7 +1140,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -22626,7 +22632,7 @@ index c87810b..413d83f 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -909,7 +1148,7 @@ ENTRY(invalid_TSS) +@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -22635,7 +22641,7 @@ index c87810b..413d83f 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -917,7 +1156,7 @@ ENTRY(segment_not_present) +@@ -925,7 +1164,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -22644,7 +22650,7 @@ index c87810b..413d83f 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -925,7 +1164,7 @@ ENTRY(stack_segment) +@@ -933,7 +1172,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -22653,7 +22659,7 @@ index c87810b..413d83f 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -933,7 +1172,7 @@ ENTRY(alignment_check) +@@ -941,7 +1180,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -22662,7 +22668,7 @@ index c87810b..413d83f 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -942,7 +1181,7 @@ ENTRY(divide_error) +@@ -950,7 +1189,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -22671,7 +22677,7 @@ index c87810b..413d83f 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -952,7 +1191,7 @@ ENTRY(machine_check) +@@ -960,7 +1199,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -22680,7 +22686,7 @@ index c87810b..413d83f 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -962,7 +1201,7 @@ ENTRY(spurious_interrupt_bug) +@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -22689,7 +22695,7 @@ index c87810b..413d83f 100644 /* * End of kprobes section */ -@@ -1072,7 +1311,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, +@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, ENTRY(mcount) ret @@ -22698,7 +22704,7 @@ index c87810b..413d83f 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1105,7 +1344,7 @@ ftrace_graph_call: +@@ -1113,7 +1352,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -22707,7 +22713,7 @@ index c87810b..413d83f 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1209,7 +1448,7 @@ trace: +@@ -1217,7 +1456,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -22716,7 +22722,7 @@ index c87810b..413d83f 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1227,7 +1466,7 @@ ENTRY(ftrace_graph_caller) +@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -22725,7 +22731,7 @@ index c87810b..413d83f 100644 .globl return_to_handler return_to_handler: -@@ -1293,15 +1532,18 @@ error_code: +@@ -1301,15 +1540,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -22746,7 +22752,7 @@ index c87810b..413d83f 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1344,7 +1586,7 @@ debug_stack_correct: +@@ -1352,7 +1594,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -22755,7 +22761,7 @@ index c87810b..413d83f 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1382,6 +1624,9 @@ nmi_stack_correct: +@@ -1392,6 +1634,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -22765,7 +22771,7 @@ index c87810b..413d83f 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1418,12 +1663,15 @@ nmi_espfix_stack: +@@ -1429,13 +1674,16 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -22776,13 +22782,14 @@ index c87810b..413d83f 100644 lss 12+4(%esp), %esp # back to espfix stack CFI_ADJUST_CFA_OFFSET -24 jmp irq_return + #endif CFI_ENDPROC -END(nmi) +ENDPROC(nmi) ENTRY(int3) RING0_INT_FRAME -@@ -1436,14 +1684,14 @@ ENTRY(int3) +@@ -1448,14 +1696,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -22799,7 +22806,7 @@ index c87810b..413d83f 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1452,7 +1700,7 @@ ENTRY(async_page_fault) +@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -22809,19 +22816,19 @@ index c87810b..413d83f 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 1e96c36..3ff710a 100644 +index 03cd2a8..05a9aed 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -59,6 +59,8 @@ - #include <asm/context_tracking.h> +@@ -60,6 +60,8 @@ #include <asm/smap.h> + #include <asm/pgtable_types.h> #include <linux/err.h> +#include <asm/pgtable.h> +#include <asm/alternative-asm.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -80,8 +82,9 @@ +@@ -81,8 +83,9 @@ #ifdef CONFIG_DYNAMIC_FTRACE ENTRY(function_hook) @@ -22832,7 +22839,7 @@ index 1e96c36..3ff710a 100644 /* skip is set if stack has been adjusted */ .macro ftrace_caller_setup skip=0 -@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call) +@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -22843,7 +22850,7 @@ index 1e96c36..3ff710a 100644 ENTRY(ftrace_regs_caller) /* Save the current flags before compare (in SS location)*/ -@@ -191,7 +195,7 @@ ftrace_restore_flags: +@@ -192,7 +196,7 @@ ftrace_restore_flags: popfq jmp ftrace_stub @@ -22852,7 +22859,7 @@ index 1e96c36..3ff710a 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -212,6 +216,7 @@ ENTRY(function_hook) +@@ -213,6 +217,7 @@ ENTRY(function_hook) #endif GLOBAL(ftrace_stub) @@ -22860,7 +22867,7 @@ index 1e96c36..3ff710a 100644 retq trace: -@@ -225,12 +230,13 @@ trace: +@@ -226,12 +231,13 @@ trace: #endif subq $MCOUNT_INSN_SIZE, %rdi @@ -22875,7 +22882,7 @@ index 1e96c36..3ff710a 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller) +@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -22886,7 +22893,7 @@ index 1e96c36..3ff710a 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -269,7 +276,9 @@ GLOBAL(return_to_handler) +@@ -270,7 +277,9 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -22896,7 +22903,7 @@ index 1e96c36..3ff710a 100644 #endif -@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64) +@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -23327,7 +23334,7 @@ index 1e96c36..3ff710a 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64) +@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64) .endm .macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET @@ -23336,7 +23343,7 @@ index 1e96c36..3ff710a 100644 jnc 1f TRACE_IRQS_ON_DEBUG 1: -@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64) +@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64) movq \tmp,R11+\offset(%rsp) .endm @@ -23364,7 +23371,7 @@ index 1e96c36..3ff710a 100644 /* * initial frame state for interrupts (and exceptions without error code) */ -@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64) +@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64) /* save partial stack frame */ .macro SAVE_ARGS_IRQ cld @@ -23404,7 +23411,7 @@ index 1e96c36..3ff710a 100644 je 1f SWAPGS /* -@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64) +@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64) 0x06 /* DW_OP_deref */, \ 0x08 /* DW_OP_const1u */, SS+8-RBP, \ 0x22 /* DW_OP_plus */ @@ -23423,7 +23430,7 @@ index 1e96c36..3ff710a 100644 /* We entered an interrupt context - irqs are off: */ TRACE_IRQS_OFF .endm -@@ -514,9 +939,52 @@ ENTRY(save_paranoid) +@@ -515,9 +940,52 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -23478,7 +23485,7 @@ index 1e96c36..3ff710a 100644 .popsection /* -@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork) +@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23487,7 +23494,7 @@ index 1e96c36..3ff710a 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork) +@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath 1: @@ -23504,7 +23511,7 @@ index 1e96c36..3ff710a 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -593,7 +1059,7 @@ END(ret_from_fork) +@@ -594,7 +1060,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23513,7 +23520,7 @@ index 1e96c36..3ff710a 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs) +@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -23539,7 +23546,7 @@ index 1e96c36..3ff710a 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -639,10 +1112,13 @@ sysret_check: +@@ -640,10 +1113,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -23554,7 +23561,7 @@ index 1e96c36..3ff710a 100644 /* * sysretq will re-enable interrupts: */ -@@ -701,6 +1177,9 @@ auditsys: +@@ -702,6 +1178,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -23564,7 +23571,7 @@ index 1e96c36..3ff710a 100644 LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -722,7 +1201,7 @@ sysret_audit: +@@ -723,7 +1202,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -23573,7 +23580,7 @@ index 1e96c36..3ff710a 100644 jz auditsys #endif SAVE_REST -@@ -730,12 +1209,15 @@ tracesys: +@@ -731,12 +1210,15 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -23590,7 +23597,7 @@ index 1e96c36..3ff710a 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -765,7 +1247,9 @@ GLOBAL(int_with_check) +@@ -766,7 +1248,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -23601,7 +23608,7 @@ index 1e96c36..3ff710a 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -811,7 +1295,7 @@ int_restore_rest: +@@ -812,7 +1296,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -23610,7 +23617,7 @@ index 1e96c36..3ff710a 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -824,9 +1308,10 @@ ENTRY(stub_\func) +@@ -825,9 +1309,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -23623,7 +23630,7 @@ index 1e96c36..3ff710a 100644 .endm .macro FIXED_FRAME label,func -@@ -836,9 +1321,10 @@ ENTRY(\label) +@@ -837,9 +1322,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -23635,7 +23642,7 @@ index 1e96c36..3ff710a 100644 .endm FORK_LIKE clone -@@ -846,19 +1332,6 @@ END(\label) +@@ -847,19 +1333,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -23655,7 +23662,7 @@ index 1e96c36..3ff710a 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -870,7 +1343,7 @@ ENTRY(stub_execve) +@@ -871,7 +1344,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23664,7 +23671,7 @@ index 1e96c36..3ff710a 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn) +@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23673,7 +23680,7 @@ index 1e96c36..3ff710a 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23682,7 +23689,7 @@ index 1e96c36..3ff710a 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve) +@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23691,7 +23698,7 @@ index 1e96c36..3ff710a 100644 #endif -@@ -952,7 +1425,7 @@ vector=vector+1 +@@ -953,7 +1426,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -23700,7 +23707,7 @@ index 1e96c36..3ff710a 100644 .previous END(interrupt) -@@ -969,8 +1442,8 @@ END(interrupt) +@@ -970,8 +1443,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -23711,7 +23718,7 @@ index 1e96c36..3ff710a 100644 SAVE_ARGS_IRQ call \func .endm -@@ -997,14 +1470,14 @@ ret_from_intr: +@@ -998,14 +1471,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -23730,7 +23737,7 @@ index 1e96c36..3ff710a 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */ +@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -23747,16 +23754,32 @@ index 1e96c36..3ff710a 100644 /* * The iretq could re-enable interrupts: */ -@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel) +@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel) + jmp exit_intr #endif - CFI_ENDPROC -END(common_interrupt) +ENDPROC(common_interrupt) - /* - * End of kprobes section - */ -@@ -1130,7 +1607,7 @@ ENTRY(\sym) + + /* + * If IRET takes a fault on the espfix stack, then we +@@ -1167,13 +1644,13 @@ __do_double_fault: + cmpq $native_irq_return_iret,%rax + jne do_double_fault /* This shouldn't happen... */ + movq PER_CPU_VAR(kernel_stack),%rax +- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ ++ subq $(6*8),%rax /* Reset to original stack */ + movq %rax,RSP(%rdi) + movq $0,(%rax) /* Missing (lost) #GP error code */ + movq $general_protection,RIP(%rdi) + retq + CFI_ENDPROC +-END(__do_double_fault) ++ENDPROC(__do_double_fault) + #else + # define __do_double_fault do_double_fault + #endif +@@ -1195,7 +1672,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -23765,7 +23788,7 @@ index 1e96c36..3ff710a 100644 .endm #ifdef CONFIG_TRACING -@@ -1218,7 +1695,7 @@ ENTRY(\sym) +@@ -1283,7 +1760,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23774,7 +23797,7 @@ index 1e96c36..3ff710a 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1236,10 +1713,10 @@ ENTRY(\sym) +@@ -1301,10 +1778,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23787,7 +23810,7 @@ index 1e96c36..3ff710a 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1252,12 +1729,18 @@ ENTRY(\sym) +@@ -1317,12 +1794,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -23807,7 +23830,7 @@ index 1e96c36..3ff710a 100644 .endm .macro errorentry sym do_sym -@@ -1275,7 +1758,7 @@ ENTRY(\sym) +@@ -1340,7 +1823,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23816,7 +23839,7 @@ index 1e96c36..3ff710a 100644 .endm #ifdef CONFIG_TRACING -@@ -1306,7 +1789,7 @@ ENTRY(\sym) +@@ -1371,7 +1854,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23825,7 +23848,7 @@ index 1e96c36..3ff710a 100644 .endm zeroentry divide_error do_divide_error -@@ -1336,9 +1819,10 @@ gs_change: +@@ -1401,9 +1884,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -23837,7 +23860,7 @@ index 1e96c36..3ff710a 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack) +@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -23849,7 +23872,7 @@ index 1e96c36..3ff710a 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -23858,7 +23881,7 @@ index 1e96c36..3ff710a 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback) +@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -23867,7 +23890,7 @@ index 1e96c36..3ff710a 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit) +@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -23903,7 +23926,7 @@ index 1e96c36..3ff710a 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1557,7 +2057,7 @@ paranoid_schedule: +@@ -1622,7 +2122,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -23912,7 +23935,7 @@ index 1e96c36..3ff710a 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1584,12 +2084,23 @@ ENTRY(error_entry) +@@ -1649,12 +2149,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -23937,7 +23960,7 @@ index 1e96c36..3ff710a 100644 ret /* -@@ -1616,7 +2127,7 @@ bstep_iret: +@@ -1681,7 +2192,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -23946,7 +23969,7 @@ index 1e96c36..3ff710a 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1627,7 +2138,7 @@ ENTRY(error_exit) +@@ -1692,7 +2203,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -23955,7 +23978,7 @@ index 1e96c36..3ff710a 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1636,7 +2147,7 @@ ENTRY(error_exit) +@@ -1701,7 +2212,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -23964,7 +23987,7 @@ index 1e96c36..3ff710a 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1694,9 +2205,11 @@ ENTRY(nmi) +@@ -1759,9 +2270,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -23977,7 +24000,7 @@ index 1e96c36..3ff710a 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1730,8 +2243,7 @@ nested_nmi: +@@ -1795,8 +2308,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -23987,7 +24010,7 @@ index 1e96c36..3ff710a 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1749,6 +2261,7 @@ nested_nmi_out: +@@ -1814,6 +2326,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -23995,7 +24018,7 @@ index 1e96c36..3ff710a 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1845,13 +2358,13 @@ end_repeat_nmi: +@@ -1910,13 +2423,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24011,7 +24034,7 @@ index 1e96c36..3ff710a 100644 DEFAULT_FRAME 0 /* -@@ -1861,9 +2374,9 @@ end_repeat_nmi: +@@ -1926,9 +2439,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24023,7 +24046,7 @@ index 1e96c36..3ff710a 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1872,31 +2385,36 @@ end_repeat_nmi: +@@ -1937,31 +2450,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -24065,6 +24088,19 @@ index 1e96c36..3ff710a 100644 /* * End of kprobes section +diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c +index 94d857f..bf1f0bf 100644 +--- a/arch/x86/kernel/espfix_64.c ++++ b/arch/x86/kernel/espfix_64.c +@@ -197,7 +197,7 @@ void init_espfix_ap(void) + set_pte(&pte_p[n*PTE_STRIDE], pte); + + /* Job is done for this CPU and any CPU which shares this page */ +- ACCESS_ONCE(espfix_pages[page]) = stack_page; ++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page; + + unlock_done: + mutex_unlock(&espfix_init_mutex); diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c index 52819e8..b6d1dbd 100644 --- a/arch/x86/kernel/ftrace.c @@ -25518,10 +25554,10 @@ index c2bedae..25e7ab60 100644 .name = "data", .mode = S_IRUGO, diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index dcbbaa1..81ae763 100644 +index c37886d..d851d32 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c -@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) +@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) if (reload) { #ifdef CONFIG_SMP preempt_disable(); @@ -25537,7 +25573,7 @@ index dcbbaa1..81ae763 100644 #endif } if (oldsize) { -@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) +@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) return err; for (i = 0; i < old->size; i++) @@ -25546,7 +25582,7 @@ index dcbbaa1..81ae763 100644 return 0; } -@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) +@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) retval = copy_ldt(&mm->context, &old_mm->context); mutex_unlock(&old_mm->context.lock); } @@ -25571,7 +25607,7 @@ index dcbbaa1..81ae763 100644 return retval; } -@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -25582,9 +25618,9 @@ index dcbbaa1..81ae763 100644 + } +#endif + - /* - * On x86-64 we do not support 16-bit segments due to - * IRET leaking the high bits of the kernel stack address. + if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) { + error = -EINVAL; + goto out_unlock; diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c index 1667b1d..16492c5 100644 --- a/arch/x86/kernel/machine_kexec_32.c @@ -27020,7 +27056,7 @@ index be8e1bd..a3d93fa 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index ae2fd975..c0c8d10 100644 +index 5492798..a3bd4f2 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -230,14 +230,17 @@ static void notrace start_secondary(void *unused) @@ -27045,7 +27081,7 @@ index ae2fd975..c0c8d10 100644 /* * Check TSC synchronization with the BP: */ -@@ -757,8 +760,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -764,8 +767,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) alternatives_enable_smp(); idle->thread.sp = (unsigned long) (((struct pt_regs *) @@ -27056,7 +27092,7 @@ index ae2fd975..c0c8d10 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -767,10 +771,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -774,10 +778,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); #endif @@ -27070,7 +27106,7 @@ index ae2fd975..c0c8d10 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -916,6 +920,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -923,6 +927,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -35376,7 +35412,7 @@ index c580d12..0a0ba35 100644 GCOV_PROFILE := n diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c -index 310c5f0..766d0a7 100644 +index 3adf2e6..a0b5576 100644 --- a/arch/x86/vdso/vdso32-setup.c +++ b/arch/x86/vdso/vdso32-setup.c @@ -29,6 +29,7 @@ @@ -35387,7 +35423,7 @@ index 310c5f0..766d0a7 100644 #ifdef CONFIG_COMPAT_VDSO #define VDSO_DEFAULT 0 -@@ -99,7 +100,7 @@ void syscall32_cpu_init(void) +@@ -98,7 +99,7 @@ void syscall32_cpu_init(void) void enable_sep_cpu(void) { int cpu = get_cpu(); @@ -35396,7 +35432,7 @@ index 310c5f0..766d0a7 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); -@@ -167,7 +168,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -166,7 +167,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) down_write(&mm->mmap_sem); @@ -35405,7 +35441,7 @@ index 310c5f0..766d0a7 100644 if (IS_ERR_VALUE(addr)) { ret = addr; goto up_fail; -@@ -175,7 +176,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -174,7 +175,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) addr += VDSO_OFFSET(VDSO_PREV_PAGES); @@ -35414,7 +35450,7 @@ index 310c5f0..766d0a7 100644 /* * MAYWRITE to allow gdb to COW and set breakpoints -@@ -224,11 +225,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -223,11 +224,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) #endif current_thread_info()->sysenter_return = @@ -35428,7 +35464,7 @@ index 310c5f0..766d0a7 100644 up_write(&mm->mmap_sem); -@@ -282,8 +283,14 @@ __initcall(ia32_binfmt_init); +@@ -274,8 +275,14 @@ __initcall(ia32_binfmt_init); const char *arch_vma_name(struct vm_area_struct *vma) { @@ -36118,26 +36154,6 @@ index 2648797..92ed21f 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index 966f893..6a3ad80 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -21,6 +21,7 @@ - #include <linux/module.h> - #include <linux/net.h> - #include <linux/rwsem.h> -+#include <linux/security.h> - - struct alg_type_list { - const struct af_alg_type *type; -@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) - - sock_init_data(newsock, sk2); - sock_graft(sk2, newsock); -+ security_sk_clone(sk, sk2); - - err = type->accept(ask->private, sk2); - if (err) { diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -40395,7 +40411,7 @@ index 3c59584..500f2e9 100644 return ret; diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index b91dfbe..b7fb16d 100644 +index c83eb75..d205e5b2 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -11179,13 +11179,13 @@ struct intel_quirk { @@ -49893,25 +49909,10 @@ index 88d46fe..7351be5 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 9db097a..c4ccdef 100644 +index d99ab3b..c4ccdef 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -806,6 +806,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes) - scsi_next_command(cmd); - return; - } -+ } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) { -+ /* -+ * Certain non BLOCK_PC requests are commands that don't -+ * actually transfer anything (FLUSH), so cannot use -+ * good_bytes != blk_rq_bytes(req) as the signal for an error. -+ * This sets the error explicitly for the problem case. -+ */ -+ error = __scsi_error_from_host_byte(cmd, result); - } - - /* no bidi support for !REQ_TYPE_BLOCK_PC yet */ -@@ -1464,7 +1472,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1472,7 +1472,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -49920,7 +49921,7 @@ index 9db097a..c4ccdef 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1490,9 +1498,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1498,9 +1498,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -62604,6 +62605,19 @@ index c79f3e7..d61d671 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) +diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c +index 8f854dd..d0fec26 100644 +--- a/fs/nfs/nfs3acl.c ++++ b/fs/nfs/nfs3acl.c +@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data, + char *p = data + *result; + + acl = get_acl(inode, type); +- if (!acl) ++ if (IS_ERR_OR_NULL(acl)) + return 0; + + posix_acl_release(acl); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 95e3720..46c23fa 100644 --- a/fs/nfsd/nfs4proc.c @@ -62998,7 +63012,7 @@ index a7cdd56..c583144 100644 /* Copy the blockcheck stats from the superblock probe */ osb->osb_ecc_stats = *stats; diff --git a/fs/open.c b/fs/open.c -index 9d64679..75f925c 100644 +index dd24f21..c1f4b3a 100644 --- a/fs/open.c +++ b/fs/open.c @@ -32,6 +32,8 @@ @@ -63028,7 +63042,7 @@ index 9d64679..75f925c 100644 if (!error) error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); sb_end_write(inode->i_sb); -@@ -381,6 +387,9 @@ retry: +@@ -380,6 +386,9 @@ retry: if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -63038,7 +63052,7 @@ index 9d64679..75f925c 100644 out_path_release: path_put(&path); if (retry_estale(res, lookup_flags)) { -@@ -412,6 +421,8 @@ retry: +@@ -411,6 +420,8 @@ retry: if (error) goto dput_and_out; @@ -63047,7 +63061,7 @@ index 9d64679..75f925c 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -441,6 +452,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -440,6 +451,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); @@ -63061,7 +63075,7 @@ index 9d64679..75f925c 100644 if (!error) set_fs_pwd(current->fs, &f.file->f_path); out_putf: -@@ -470,7 +488,13 @@ retry: +@@ -469,7 +487,13 @@ retry: if (error) goto dput_and_out; @@ -63075,7 +63089,7 @@ index 9d64679..75f925c 100644 error = 0; dput_and_out: path_put(&path); -@@ -494,6 +518,16 @@ static int chmod_common(struct path *path, umode_t mode) +@@ -493,6 +517,16 @@ static int chmod_common(struct path *path, umode_t mode) return error; retry_deleg: mutex_lock(&inode->i_mutex); @@ -63092,7 +63106,7 @@ index 9d64679..75f925c 100644 error = security_path_chmod(path, mode); if (error) goto out_unlock; -@@ -559,6 +593,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) +@@ -558,6 +592,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) uid = make_kuid(current_user_ns(), user); gid = make_kgid(current_user_ns(), group); @@ -63102,7 +63116,7 @@ index 9d64679..75f925c 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { if (!uid_valid(uid)) -@@ -978,6 +1015,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) +@@ -977,6 +1014,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) } else { fsnotify_open(f); fd_install(fd, f); @@ -79940,10 +79954,10 @@ index 0000000..b02ba9d +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..13ac2e2 +index 0000000..e6d120f --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,249 @@ +@@ -0,0 +1,252 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -79955,6 +79969,9 @@ index 0000000..13ac2e2 +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP) +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled." +#endif ++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled" ++#endif +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC) +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled." +#endif @@ -81876,7 +81893,7 @@ index de83b4e..c4b997d 100644 #define preempt_set_need_resched() \ do { \ diff --git a/include/linux/printk.h b/include/linux/printk.h -index 8752f75..2b80c0f 100644 +index 7847301..29cd406 100644 --- a/include/linux/printk.h +++ b/include/linux/printk.h @@ -110,6 +110,8 @@ static inline __printf(1, 2) __cold @@ -85394,7 +85411,7 @@ index a8497fa..35b3c90 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 48655ce..d0113e4 100644 +index eb0ea86..b91cd60 100644 --- a/init/main.c +++ b/init/main.c @@ -97,6 +97,8 @@ extern void radix_tree_init(void); @@ -85482,7 +85499,7 @@ index 48655ce..d0113e4 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -85513,7 +85530,7 @@ index 48655ce..d0113e4 100644 return ret; } -@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename) +@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(getname_kernel(init_filename), @@ -85524,7 +85541,7 @@ index 48655ce..d0113e4 100644 } static int try_to_run_init_process(const char *init_filename) -@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename) +@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename) return ret; } @@ -85535,7 +85552,7 @@ index 48655ce..d0113e4 100644 static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) -@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused) +@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused) ramdisk_execute_command, ret); } @@ -85547,7 +85564,7 @@ index 48655ce..d0113e4 100644 /* * We try each of these until one succeeds. * -@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -85556,7 +85573,7 @@ index 48655ce..d0113e4 100644 pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -89239,7 +89256,7 @@ index 14f9a8d..98ee610 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c -index 221229c..c76ca0a 100644 +index 63594be..8444e0f 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file) @@ -90271,7 +90288,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 084d17f..e416b9f 100644 +index 8da7e49..ef10a02 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -93127,23 +93144,6 @@ index a402f8f..f5e5daa 100644 error = 0; if (end == start) return error; -diff --git a/mm/memcontrol.c b/mm/memcontrol.c -index 67c927a..fe99d96 100644 ---- a/mm/memcontrol.c -+++ b/mm/memcontrol.c -@@ -5544,8 +5544,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg) - { - struct mem_cgroup_eventfd_list *ev; - -+ spin_lock(&memcg_oom_lock); -+ - list_for_each_entry(ev, &memcg->oom_notify, list) - eventfd_signal(ev->eventfd, 1); -+ -+ spin_unlock(&memcg_oom_lock); - return 0; - } - diff --git a/mm/memory-failure.c b/mm/memory-failure.c index eb8fb72..ae36cf3 100644 --- a/mm/memory-failure.c @@ -95813,7 +95813,7 @@ index 431fd7c..8674512 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index 154af21..86e447f 100644 +index f972182..e7f7c07 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, @@ -95826,7 +95826,7 @@ index 154af21..86e447f 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index d64f5f9..9005ab5 100644 +index e98306f..3311d5e 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -101970,28 +101970,6 @@ index 3397fe6..861fd1a 100644 } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); -diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c -index 950909f..13752d9 100644 ---- a/net/l2tp/l2tp_ppp.c -+++ b/net/l2tp/l2tp_ppp.c -@@ -1365,7 +1365,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, - int err; - - if (level != SOL_PPPOL2TP) -- return udp_prot.setsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (optlen < sizeof(int)) - return -EINVAL; -@@ -1491,7 +1491,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, - struct pppol2tp_session *ps; - - if (level != SOL_PPPOL2TP) -- return udp_prot.getsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (get_user(len, optlen)) - return -EFAULT; diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c index 1a3c7e0..80f8b0c 100644 --- a/net/llc/llc_proc.c diff --git a/3.15.8/4425_grsec_remove_EI_PAX.patch b/3.15.9/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.15.8/4425_grsec_remove_EI_PAX.patch +++ b/3.15.9/4425_grsec_remove_EI_PAX.patch diff --git a/3.15.8/4427_force_XATTR_PAX_tmpfs.patch b/3.15.9/4427_force_XATTR_PAX_tmpfs.patch index bbcef41..bbcef41 100644 --- a/3.15.8/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.15.9/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.15.8/4430_grsec-remove-localversion-grsec.patch b/3.15.9/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.15.8/4430_grsec-remove-localversion-grsec.patch +++ b/3.15.9/4430_grsec-remove-localversion-grsec.patch diff --git a/3.15.8/4435_grsec-mute-warnings.patch b/3.15.9/4435_grsec-mute-warnings.patch index 41d43d5..41d43d5 100644 --- a/3.15.8/4435_grsec-mute-warnings.patch +++ b/3.15.9/4435_grsec-mute-warnings.patch diff --git a/3.15.8/4440_grsec-remove-protected-paths.patch b/3.15.9/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.15.8/4440_grsec-remove-protected-paths.patch +++ b/3.15.9/4440_grsec-remove-protected-paths.patch diff --git a/3.15.8/4450_grsec-kconfig-default-gids.patch b/3.15.9/4450_grsec-kconfig-default-gids.patch index af218a8..af218a8 100644 --- a/3.15.8/4450_grsec-kconfig-default-gids.patch +++ b/3.15.9/4450_grsec-kconfig-default-gids.patch diff --git a/3.15.8/4465_selinux-avc_audit-log-curr_ip.patch b/3.15.9/4465_selinux-avc_audit-log-curr_ip.patch index fb528d0..fb528d0 100644 --- a/3.15.8/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.15.9/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.15.8/4470_disable-compat_vdso.patch b/3.15.9/4470_disable-compat_vdso.patch index 7852848..0215f1e 100644 --- a/3.15.8/4470_disable-compat_vdso.patch +++ b/3.15.9/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1793,29 +1793,8 @@ +@@ -1811,29 +1811,8 @@ config COMPAT_VDSO def_bool n diff --git a/3.15.8/4475_emutramp_default_on.patch b/3.15.9/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.15.8/4475_emutramp_default_on.patch +++ b/3.15.9/4475_emutramp_default_on.patch diff --git a/3.2.61/0000_README b/3.2.62/0000_README index c3587c8..aed2e0b 100644 --- a/3.2.61/0000_README +++ b/3.2.62/0000_README @@ -162,7 +162,11 @@ Patch: 1060_linux-3.2.61.patch From: http://www.kernel.org Desc: Linux 3.2.61 -Patch: 4420_grsecurity-3.0-3.2.61-201408032011.patch +Patch: 1061_linux-3.2.62.patch +From: http://www.kernel.org +Desc: Linux 3.2.62 + +Patch: 4420_grsecurity-3.0-3.2.62-201408110020.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.61/1021_linux-3.2.22.patch b/3.2.62/1021_linux-3.2.22.patch index e6ad93a..e6ad93a 100644 --- a/3.2.61/1021_linux-3.2.22.patch +++ b/3.2.62/1021_linux-3.2.22.patch diff --git a/3.2.61/1022_linux-3.2.23.patch b/3.2.62/1022_linux-3.2.23.patch index 3d796d0..3d796d0 100644 --- a/3.2.61/1022_linux-3.2.23.patch +++ b/3.2.62/1022_linux-3.2.23.patch diff --git a/3.2.61/1023_linux-3.2.24.patch b/3.2.62/1023_linux-3.2.24.patch index 4692eb4..4692eb4 100644 --- a/3.2.61/1023_linux-3.2.24.patch +++ b/3.2.62/1023_linux-3.2.24.patch diff --git a/3.2.61/1024_linux-3.2.25.patch b/3.2.62/1024_linux-3.2.25.patch index e95c213..e95c213 100644 --- a/3.2.61/1024_linux-3.2.25.patch +++ b/3.2.62/1024_linux-3.2.25.patch diff --git a/3.2.61/1025_linux-3.2.26.patch b/3.2.62/1025_linux-3.2.26.patch index 44065b9..44065b9 100644 --- a/3.2.61/1025_linux-3.2.26.patch +++ b/3.2.62/1025_linux-3.2.26.patch diff --git a/3.2.61/1026_linux-3.2.27.patch b/3.2.62/1026_linux-3.2.27.patch index 5878eb4..5878eb4 100644 --- a/3.2.61/1026_linux-3.2.27.patch +++ b/3.2.62/1026_linux-3.2.27.patch diff --git a/3.2.61/1027_linux-3.2.28.patch b/3.2.62/1027_linux-3.2.28.patch index 4dbba4b..4dbba4b 100644 --- a/3.2.61/1027_linux-3.2.28.patch +++ b/3.2.62/1027_linux-3.2.28.patch diff --git a/3.2.61/1028_linux-3.2.29.patch b/3.2.62/1028_linux-3.2.29.patch index 3c65179..3c65179 100644 --- a/3.2.61/1028_linux-3.2.29.patch +++ b/3.2.62/1028_linux-3.2.29.patch diff --git a/3.2.61/1029_linux-3.2.30.patch b/3.2.62/1029_linux-3.2.30.patch index 86aea4b..86aea4b 100644 --- a/3.2.61/1029_linux-3.2.30.patch +++ b/3.2.62/1029_linux-3.2.30.patch diff --git a/3.2.61/1030_linux-3.2.31.patch b/3.2.62/1030_linux-3.2.31.patch index c6accf5..c6accf5 100644 --- a/3.2.61/1030_linux-3.2.31.patch +++ b/3.2.62/1030_linux-3.2.31.patch diff --git a/3.2.61/1031_linux-3.2.32.patch b/3.2.62/1031_linux-3.2.32.patch index 247fc0b..247fc0b 100644 --- a/3.2.61/1031_linux-3.2.32.patch +++ b/3.2.62/1031_linux-3.2.32.patch diff --git a/3.2.61/1032_linux-3.2.33.patch b/3.2.62/1032_linux-3.2.33.patch index c32fb75..c32fb75 100644 --- a/3.2.61/1032_linux-3.2.33.patch +++ b/3.2.62/1032_linux-3.2.33.patch diff --git a/3.2.61/1033_linux-3.2.34.patch b/3.2.62/1033_linux-3.2.34.patch index d647b38..d647b38 100644 --- a/3.2.61/1033_linux-3.2.34.patch +++ b/3.2.62/1033_linux-3.2.34.patch diff --git a/3.2.61/1034_linux-3.2.35.patch b/3.2.62/1034_linux-3.2.35.patch index 76a9c19..76a9c19 100644 --- a/3.2.61/1034_linux-3.2.35.patch +++ b/3.2.62/1034_linux-3.2.35.patch diff --git a/3.2.61/1035_linux-3.2.36.patch b/3.2.62/1035_linux-3.2.36.patch index 5d192a3..5d192a3 100644 --- a/3.2.61/1035_linux-3.2.36.patch +++ b/3.2.62/1035_linux-3.2.36.patch diff --git a/3.2.61/1036_linux-3.2.37.patch b/3.2.62/1036_linux-3.2.37.patch index ad13251..ad13251 100644 --- a/3.2.61/1036_linux-3.2.37.patch +++ b/3.2.62/1036_linux-3.2.37.patch diff --git a/3.2.61/1037_linux-3.2.38.patch b/3.2.62/1037_linux-3.2.38.patch index a3c106f..a3c106f 100644 --- a/3.2.61/1037_linux-3.2.38.patch +++ b/3.2.62/1037_linux-3.2.38.patch diff --git a/3.2.61/1038_linux-3.2.39.patch b/3.2.62/1038_linux-3.2.39.patch index 5639e92..5639e92 100644 --- a/3.2.61/1038_linux-3.2.39.patch +++ b/3.2.62/1038_linux-3.2.39.patch diff --git a/3.2.61/1039_linux-3.2.40.patch b/3.2.62/1039_linux-3.2.40.patch index f26b39c..f26b39c 100644 --- a/3.2.61/1039_linux-3.2.40.patch +++ b/3.2.62/1039_linux-3.2.40.patch diff --git a/3.2.61/1040_linux-3.2.41.patch b/3.2.62/1040_linux-3.2.41.patch index 0d27fcb..0d27fcb 100644 --- a/3.2.61/1040_linux-3.2.41.patch +++ b/3.2.62/1040_linux-3.2.41.patch diff --git a/3.2.61/1041_linux-3.2.42.patch b/3.2.62/1041_linux-3.2.42.patch index 77a08ed..77a08ed 100644 --- a/3.2.61/1041_linux-3.2.42.patch +++ b/3.2.62/1041_linux-3.2.42.patch diff --git a/3.2.61/1042_linux-3.2.43.patch b/3.2.62/1042_linux-3.2.43.patch index a3f878b..a3f878b 100644 --- a/3.2.61/1042_linux-3.2.43.patch +++ b/3.2.62/1042_linux-3.2.43.patch diff --git a/3.2.61/1043_linux-3.2.44.patch b/3.2.62/1043_linux-3.2.44.patch index 3d5e6ff..3d5e6ff 100644 --- a/3.2.61/1043_linux-3.2.44.patch +++ b/3.2.62/1043_linux-3.2.44.patch diff --git a/3.2.61/1044_linux-3.2.45.patch b/3.2.62/1044_linux-3.2.45.patch index 44e1767..44e1767 100644 --- a/3.2.61/1044_linux-3.2.45.patch +++ b/3.2.62/1044_linux-3.2.45.patch diff --git a/3.2.61/1045_linux-3.2.46.patch b/3.2.62/1045_linux-3.2.46.patch index bc10efd..bc10efd 100644 --- a/3.2.61/1045_linux-3.2.46.patch +++ b/3.2.62/1045_linux-3.2.46.patch diff --git a/3.2.61/1046_linux-3.2.47.patch b/3.2.62/1046_linux-3.2.47.patch index b74563c..b74563c 100644 --- a/3.2.61/1046_linux-3.2.47.patch +++ b/3.2.62/1046_linux-3.2.47.patch diff --git a/3.2.61/1047_linux-3.2.48.patch b/3.2.62/1047_linux-3.2.48.patch index 6d55b1f..6d55b1f 100644 --- a/3.2.61/1047_linux-3.2.48.patch +++ b/3.2.62/1047_linux-3.2.48.patch diff --git a/3.2.61/1048_linux-3.2.49.patch b/3.2.62/1048_linux-3.2.49.patch index 2dab0cf..2dab0cf 100644 --- a/3.2.61/1048_linux-3.2.49.patch +++ b/3.2.62/1048_linux-3.2.49.patch diff --git a/3.2.61/1049_linux-3.2.50.patch b/3.2.62/1049_linux-3.2.50.patch index 20b3015..20b3015 100644 --- a/3.2.61/1049_linux-3.2.50.patch +++ b/3.2.62/1049_linux-3.2.50.patch diff --git a/3.2.61/1050_linux-3.2.51.patch b/3.2.62/1050_linux-3.2.51.patch index 5d5832b..5d5832b 100644 --- a/3.2.61/1050_linux-3.2.51.patch +++ b/3.2.62/1050_linux-3.2.51.patch diff --git a/3.2.61/1051_linux-3.2.52.patch b/3.2.62/1051_linux-3.2.52.patch index 94b9359..94b9359 100644 --- a/3.2.61/1051_linux-3.2.52.patch +++ b/3.2.62/1051_linux-3.2.52.patch diff --git a/3.2.61/1052_linux-3.2.53.patch b/3.2.62/1052_linux-3.2.53.patch index 986d714..986d714 100644 --- a/3.2.61/1052_linux-3.2.53.patch +++ b/3.2.62/1052_linux-3.2.53.patch diff --git a/3.2.61/1053_linux-3.2.54.patch b/3.2.62/1053_linux-3.2.54.patch index a907496..a907496 100644 --- a/3.2.61/1053_linux-3.2.54.patch +++ b/3.2.62/1053_linux-3.2.54.patch diff --git a/3.2.61/1054_linux-3.2.55.patch b/3.2.62/1054_linux-3.2.55.patch index 6071ff5..6071ff5 100644 --- a/3.2.61/1054_linux-3.2.55.patch +++ b/3.2.62/1054_linux-3.2.55.patch diff --git a/3.2.61/1055_linux-3.2.56.patch b/3.2.62/1055_linux-3.2.56.patch index 2e8239c..2e8239c 100644 --- a/3.2.61/1055_linux-3.2.56.patch +++ b/3.2.62/1055_linux-3.2.56.patch diff --git a/3.2.61/1056_linux-3.2.57.patch b/3.2.62/1056_linux-3.2.57.patch index 7b8f174..7b8f174 100644 --- a/3.2.61/1056_linux-3.2.57.patch +++ b/3.2.62/1056_linux-3.2.57.patch diff --git a/3.2.61/1057_linux-3.2.58.patch b/3.2.62/1057_linux-3.2.58.patch index db5723a..db5723a 100644 --- a/3.2.61/1057_linux-3.2.58.patch +++ b/3.2.62/1057_linux-3.2.58.patch diff --git a/3.2.61/1058_linux-3.2.59.patch b/3.2.62/1058_linux-3.2.59.patch index cd59fe9..cd59fe9 100644 --- a/3.2.61/1058_linux-3.2.59.patch +++ b/3.2.62/1058_linux-3.2.59.patch diff --git a/3.2.61/1059_linux-3.2.60.patch b/3.2.62/1059_linux-3.2.60.patch index c5a9389..c5a9389 100644 --- a/3.2.61/1059_linux-3.2.60.patch +++ b/3.2.62/1059_linux-3.2.60.patch diff --git a/3.2.61/1060_linux-3.2.61.patch b/3.2.62/1060_linux-3.2.61.patch index a1bf580..a1bf580 100644 --- a/3.2.61/1060_linux-3.2.61.patch +++ b/3.2.62/1060_linux-3.2.61.patch diff --git a/3.2.62/1061_linux-3.2.62.patch b/3.2.62/1061_linux-3.2.62.patch new file mode 100644 index 0000000..34217f0 --- /dev/null +++ b/3.2.62/1061_linux-3.2.62.patch @@ -0,0 +1,3129 @@ +diff --git a/Makefile b/Makefile +index f8b642d..30a5c65 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 2 +-SUBLEVEL = 61 ++SUBLEVEL = 62 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/alpha/include/asm/io.h b/arch/alpha/include/asm/io.h +index 56ff965..6365ef2 100644 +--- a/arch/alpha/include/asm/io.h ++++ b/arch/alpha/include/asm/io.h +@@ -490,6 +490,11 @@ extern inline void writeq(u64 b, volatile void __iomem *addr) + } + #endif + ++#define ioread16be(p) be16_to_cpu(ioread16(p)) ++#define ioread32be(p) be32_to_cpu(ioread32(p)) ++#define iowrite16be(v,p) iowrite16(cpu_to_be16(v), (p)) ++#define iowrite32be(v,p) iowrite32(cpu_to_be32(v), (p)) ++ + #define inb_p inb + #define inw_p inw + #define inl_p inl +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index 790ea68..082bd36 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -1,6 +1,7 @@ + config ARM + bool + default y ++ select ARCH_SUPPORTS_ATOMIC_RMW + select HAVE_DMA_API_DEBUG + select HAVE_IDE if PCI || ISA || PCMCIA + select HAVE_MEMBLOCK +diff --git a/arch/arm/lib/memset.S b/arch/arm/lib/memset.S +index 650d5923..94b0650 100644 +--- a/arch/arm/lib/memset.S ++++ b/arch/arm/lib/memset.S +@@ -14,27 +14,15 @@ + + .text + .align 5 +- .word 0 +- +-1: subs r2, r2, #4 @ 1 do we have enough +- blt 5f @ 1 bytes to align with? +- cmp r3, #2 @ 1 +- strltb r1, [r0], #1 @ 1 +- strleb r1, [r0], #1 @ 1 +- strb r1, [r0], #1 @ 1 +- add r2, r2, r3 @ 1 (r2 = r2 - (4 - r3)) +-/* +- * The pointer is now aligned and the length is adjusted. Try doing the +- * memset again. +- */ + + ENTRY(memset) + ands r3, r0, #3 @ 1 unaligned? +- bne 1b @ 1 ++ mov ip, r0 @ preserve r0 as return value ++ bne 6f @ 1 + /* +- * we know that the pointer in r0 is aligned to a word boundary. ++ * we know that the pointer in ip is aligned to a word boundary. + */ +- orr r1, r1, r1, lsl #8 ++1: orr r1, r1, r1, lsl #8 + orr r1, r1, r1, lsl #16 + mov r3, r1 + cmp r2, #16 +@@ -43,29 +31,28 @@ ENTRY(memset) + #if ! CALGN(1)+0 + + /* +- * We need an extra register for this loop - save the return address and +- * use the LR ++ * We need 2 extra registers for this loop - use r8 and the LR + */ +- str lr, [sp, #-4]! +- mov ip, r1 ++ stmfd sp!, {r8, lr} ++ mov r8, r1 + mov lr, r1 + + 2: subs r2, r2, #64 +- stmgeia r0!, {r1, r3, ip, lr} @ 64 bytes at a time. +- stmgeia r0!, {r1, r3, ip, lr} +- stmgeia r0!, {r1, r3, ip, lr} +- stmgeia r0!, {r1, r3, ip, lr} ++ stmgeia ip!, {r1, r3, r8, lr} @ 64 bytes at a time. ++ stmgeia ip!, {r1, r3, r8, lr} ++ stmgeia ip!, {r1, r3, r8, lr} ++ stmgeia ip!, {r1, r3, r8, lr} + bgt 2b +- ldmeqfd sp!, {pc} @ Now <64 bytes to go. ++ ldmeqfd sp!, {r8, pc} @ Now <64 bytes to go. + /* + * No need to correct the count; we're only testing bits from now on + */ + tst r2, #32 +- stmneia r0!, {r1, r3, ip, lr} +- stmneia r0!, {r1, r3, ip, lr} ++ stmneia ip!, {r1, r3, r8, lr} ++ stmneia ip!, {r1, r3, r8, lr} + tst r2, #16 +- stmneia r0!, {r1, r3, ip, lr} +- ldr lr, [sp], #4 ++ stmneia ip!, {r1, r3, r8, lr} ++ ldmfd sp!, {r8, lr} + + #else + +@@ -74,54 +61,63 @@ ENTRY(memset) + * whole cache lines at once. + */ + +- stmfd sp!, {r4-r7, lr} ++ stmfd sp!, {r4-r8, lr} + mov r4, r1 + mov r5, r1 + mov r6, r1 + mov r7, r1 +- mov ip, r1 ++ mov r8, r1 + mov lr, r1 + + cmp r2, #96 +- tstgt r0, #31 ++ tstgt ip, #31 + ble 3f + +- and ip, r0, #31 +- rsb ip, ip, #32 +- sub r2, r2, ip +- movs ip, ip, lsl #(32 - 4) +- stmcsia r0!, {r4, r5, r6, r7} +- stmmiia r0!, {r4, r5} +- tst ip, #(1 << 30) +- mov ip, r1 +- strne r1, [r0], #4 ++ and r8, ip, #31 ++ rsb r8, r8, #32 ++ sub r2, r2, r8 ++ movs r8, r8, lsl #(32 - 4) ++ stmcsia ip!, {r4, r5, r6, r7} ++ stmmiia ip!, {r4, r5} ++ tst r8, #(1 << 30) ++ mov r8, r1 ++ strne r1, [ip], #4 + + 3: subs r2, r2, #64 +- stmgeia r0!, {r1, r3-r7, ip, lr} +- stmgeia r0!, {r1, r3-r7, ip, lr} ++ stmgeia ip!, {r1, r3-r8, lr} ++ stmgeia ip!, {r1, r3-r8, lr} + bgt 3b +- ldmeqfd sp!, {r4-r7, pc} ++ ldmeqfd sp!, {r4-r8, pc} + + tst r2, #32 +- stmneia r0!, {r1, r3-r7, ip, lr} ++ stmneia ip!, {r1, r3-r8, lr} + tst r2, #16 +- stmneia r0!, {r4-r7} +- ldmfd sp!, {r4-r7, lr} ++ stmneia ip!, {r4-r7} ++ ldmfd sp!, {r4-r8, lr} + + #endif + + 4: tst r2, #8 +- stmneia r0!, {r1, r3} ++ stmneia ip!, {r1, r3} + tst r2, #4 +- strne r1, [r0], #4 ++ strne r1, [ip], #4 + /* + * When we get here, we've got less than 4 bytes to zero. We + * may have an unaligned pointer as well. + */ + 5: tst r2, #2 +- strneb r1, [r0], #1 +- strneb r1, [r0], #1 ++ strneb r1, [ip], #1 ++ strneb r1, [ip], #1 + tst r2, #1 +- strneb r1, [r0], #1 ++ strneb r1, [ip], #1 + mov pc, lr ++ ++6: subs r2, r2, #4 @ 1 do we have enough ++ blt 5b @ 1 bytes to align with? ++ cmp r3, #2 @ 1 ++ strltb r1, [ip], #1 @ 1 ++ strleb r1, [ip], #1 @ 1 ++ strb r1, [ip], #1 @ 1 ++ add r2, r2, r3 @ 1 (r2 = r2 - (4 - r3)) ++ b 1b + ENDPROC(memset) +diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c +index 655e948..449f955 100644 +--- a/arch/arm/mach-omap2/mux.c ++++ b/arch/arm/mach-omap2/mux.c +@@ -182,8 +182,10 @@ static int __init _omap_mux_get_by_name(struct omap_mux_partition *partition, + m0_entry = mux->muxnames[0]; + + /* First check for full name in mode0.muxmode format */ +- if (mode0_len && strncmp(muxname, m0_entry, mode0_len)) +- continue; ++ if (mode0_len) ++ if (strncmp(muxname, m0_entry, mode0_len) || ++ (strlen(m0_entry) != mode0_len)) ++ continue; + + /* Then check for muxmode only */ + for (i = 0; i < OMAP_MUX_NR_MODES; i++) { +diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig +index 16ef838..bec952d 100644 +--- a/arch/powerpc/Kconfig ++++ b/arch/powerpc/Kconfig +@@ -137,6 +137,7 @@ config PPC + select HAVE_BPF_JIT if (PPC64 && NET) + select HAVE_ARCH_JUMP_LABEL + select ARCH_HAVE_NMI_SAFE_CMPXCHG ++ select ARCH_SUPPORTS_ATOMIC_RMW + + config EARLY_PRINTK + bool +diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c +index afe82bc..b76230b 100644 +--- a/arch/s390/kernel/ptrace.c ++++ b/arch/s390/kernel/ptrace.c +@@ -292,7 +292,9 @@ static int __poke_user(struct task_struct *child, addr_t addr, addr_t data) + * psw and gprs are stored on the stack + */ + if (addr == (addr_t) &dummy->regs.psw.mask && +- ((data & ~PSW_MASK_USER) != psw_user_bits || ++ (((data^psw_user_bits) & ~PSW_MASK_USER) || ++ (((data^psw_user_bits) & PSW_MASK_ASC) && ++ ((data|psw_user_bits) & PSW_MASK_ASC) == PSW_MASK_ASC) || + ((data & PSW_MASK_EA) && !(data & PSW_MASK_BA)))) + /* Invalid psw mask. */ + return -EINVAL; +@@ -595,7 +597,10 @@ static int __poke_user_compat(struct task_struct *child, + */ + if (addr == (addr_t) &dummy32->regs.psw.mask) { + /* Build a 64 bit psw mask from 31 bit mask. */ +- if ((tmp & ~PSW32_MASK_USER) != psw32_user_bits) ++ if (((tmp^psw32_user_bits) & ~PSW32_MASK_USER) || ++ (((tmp^psw32_user_bits) & PSW32_MASK_ASC) && ++ ((tmp|psw32_user_bits) & PSW32_MASK_ASC) ++ == PSW32_MASK_ASC)) + /* Invalid psw mask. */ + return -EINVAL; + regs->psw.mask = (regs->psw.mask & ~PSW_MASK_USER) | +diff --git a/arch/score/Kconfig b/arch/score/Kconfig +index df169e8..beb9f21 100644 +--- a/arch/score/Kconfig ++++ b/arch/score/Kconfig +@@ -108,3 +108,6 @@ source "security/Kconfig" + source "crypto/Kconfig" + + source "lib/Kconfig" ++ ++config NO_IOMEM ++ def_bool y +diff --git a/arch/score/include/asm/io.h b/arch/score/include/asm/io.h +index fbbfd71..574c8827 100644 +--- a/arch/score/include/asm/io.h ++++ b/arch/score/include/asm/io.h +@@ -5,5 +5,4 @@ + + #define virt_to_bus virt_to_phys + #define bus_to_virt phys_to_virt +- + #endif /* _ASM_SCORE_IO_H */ +diff --git a/arch/score/include/asm/pgalloc.h b/arch/score/include/asm/pgalloc.h +index 059a61b..716b3fd 100644 +--- a/arch/score/include/asm/pgalloc.h ++++ b/arch/score/include/asm/pgalloc.h +@@ -2,7 +2,7 @@ + #define _ASM_SCORE_PGALLOC_H + + #include <linux/mm.h> +- ++#include <linux/highmem.h> + static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd, + pte_t *pte) + { +diff --git a/arch/score/kernel/entry.S b/arch/score/kernel/entry.S +index 83bb960..89702ac 100644 +--- a/arch/score/kernel/entry.S ++++ b/arch/score/kernel/entry.S +@@ -264,7 +264,7 @@ resume_kernel: + disable_irq + lw r8, [r28, TI_PRE_COUNT] + cmpz.c r8 +- bne r8, restore_all ++ bne restore_all + need_resched: + lw r8, [r28, TI_FLAGS] + andri.c r9, r8, _TIF_NEED_RESCHED +@@ -408,7 +408,7 @@ ENTRY(handle_sys) + sw r9, [r0, PT_EPC] + + cmpi.c r27, __NR_syscalls # check syscall number +- bgeu illegal_syscall ++ bcs illegal_syscall + + slli r8, r27, 2 # get syscall routine + la r11, sys_call_table +diff --git a/arch/score/kernel/init_task.c b/arch/score/kernel/init_task.c +index baa03ee..753a9f1 100644 +--- a/arch/score/kernel/init_task.c ++++ b/arch/score/kernel/init_task.c +@@ -23,6 +23,7 @@ + + #include <linux/init_task.h> + #include <linux/mqueue.h> ++#include <linux/export.h> + + static struct signal_struct init_signals = INIT_SIGNALS(init_signals); + static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); +diff --git a/arch/score/kernel/vmlinux.lds.S b/arch/score/kernel/vmlinux.lds.S +index eebcbaa..7274b5c 100644 +--- a/arch/score/kernel/vmlinux.lds.S ++++ b/arch/score/kernel/vmlinux.lds.S +@@ -49,6 +49,7 @@ SECTIONS + } + + . = ALIGN(16); ++ _sdata = .; /* Start of data section */ + RODATA + + EXCEPTION_TABLE(16) +diff --git a/arch/score/mm/init.c b/arch/score/mm/init.c +index cee6bce..150a3e6 100644 +--- a/arch/score/mm/init.c ++++ b/arch/score/mm/init.c +@@ -34,6 +34,7 @@ + #include <linux/proc_fs.h> + #include <linux/sched.h> + #include <linux/initrd.h> ++#include <linux/export.h> + + #include <asm/sections.h> + #include <asm/tlb.h> +diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig +index 88d442d..f2f3574d 100644 +--- a/arch/sparc/Kconfig ++++ b/arch/sparc/Kconfig +@@ -57,6 +57,7 @@ config SPARC64 + select IRQ_PREFLOW_FASTEOI + select ARCH_HAVE_NMI_SAFE_CMPXCHG + select HAVE_C_RECORDMCOUNT ++ select ARCH_SUPPORTS_ATOMIC_RMW + + config ARCH_DEFCONFIG + string +diff --git a/arch/unicore32/Kconfig b/arch/unicore32/Kconfig +index 942ed61..35e8ff1 100644 +--- a/arch/unicore32/Kconfig ++++ b/arch/unicore32/Kconfig +@@ -6,6 +6,7 @@ config UNICORE32 + select HAVE_DMA_ATTRS + select HAVE_KERNEL_GZIP + select HAVE_KERNEL_BZIP2 ++ select GENERIC_ATOMIC64 + select HAVE_KERNEL_LZO + select HAVE_KERNEL_LZMA + select GENERIC_FIND_FIRST_BIT +diff --git a/arch/unicore32/include/asm/io.h b/arch/unicore32/include/asm/io.h +index 1a5c5a5..499594f 100644 +--- a/arch/unicore32/include/asm/io.h ++++ b/arch/unicore32/include/asm/io.h +@@ -37,6 +37,7 @@ extern void __uc32_iounmap(volatile void __iomem *addr); + */ + #define ioremap(cookie, size) __uc32_ioremap(cookie, size) + #define ioremap_cached(cookie, size) __uc32_ioremap_cached(cookie, size) ++#define ioremap_nocache(cookie, size) __uc32_ioremap(cookie, size) + #define iounmap(cookie) __uc32_iounmap(cookie) + + /* +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index fb2e69d..901447e 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -75,6 +75,7 @@ config X86 + select HAVE_BPF_JIT if (X86_64 && NET) + select CLKEVT_I8253 + select ARCH_HAVE_NMI_SAFE_CMPXCHG ++ select ARCH_SUPPORTS_ATOMIC_RMW + + config INSTRUCTION_DECODER + def_bool (KPROBES || PERF_EVENTS) +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h +index cfb5a40..b3eb9a7 100644 +--- a/arch/x86/include/asm/kvm_host.h ++++ b/arch/x86/include/asm/kvm_host.h +@@ -98,7 +98,7 @@ + #define KVM_REFILL_PAGES 25 + #define KVM_MAX_CPUID_ENTRIES 80 + #define KVM_NR_FIXED_MTRR_REGION 88 +-#define KVM_NR_VAR_MTRR 8 ++#define KVM_NR_VAR_MTRR 10 + + #define ASYNC_PF_PER_VCPU 64 + +@@ -418,7 +418,7 @@ struct kvm_vcpu_arch { + bool nmi_injected; /* Trying to inject an NMI this entry */ + + struct mtrr_state_type mtrr_state; +- u32 pat; ++ u64 pat; + + int switch_db_regs; + unsigned long db[KVM_NR_DB_REGS]; +diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c +index 4bb12f7..cba1883 100644 +--- a/arch/x86/kernel/cpu/perf_event_intel.c ++++ b/arch/x86/kernel/cpu/perf_event_intel.c +@@ -1048,6 +1048,15 @@ again: + intel_pmu_lbr_read(); + + /* ++ * CondChgd bit 63 doesn't mean any overflow status. Ignore ++ * and clear the bit. ++ */ ++ if (__test_and_clear_bit(63, (unsigned long *)&status)) { ++ if (!status) ++ goto done; ++ } ++ ++ /* + * PEBS overflow sets bit 62 in the global status register + */ + if (__test_and_clear_bit(62, (unsigned long *)&status)) { +diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S +index db090f6..dd52355 100644 +--- a/arch/x86/kernel/entry_32.S ++++ b/arch/x86/kernel/entry_32.S +@@ -429,8 +429,8 @@ sysenter_do_call: + cmpl $(nr_syscalls), %eax + jae sysenter_badsys + call *sys_call_table(,%eax,4) +- movl %eax,PT_EAX(%esp) + sysenter_after_call: ++ movl %eax,PT_EAX(%esp) + LOCKDEP_SYS_EXIT + DISABLE_INTERRUPTS(CLBR_ANY) + TRACE_IRQS_OFF +@@ -512,6 +512,7 @@ ENTRY(system_call) + jae syscall_badsys + syscall_call: + call *sys_call_table(,%eax,4) ++syscall_after_call: + movl %eax,PT_EAX(%esp) # store the return value + syscall_exit: + LOCKDEP_SYS_EXIT +@@ -553,11 +554,6 @@ ENTRY(iret_exc) + + CFI_RESTORE_STATE + ldt_ss: +- larl PT_OLDSS(%esp), %eax +- jnz restore_nocheck +- testl $0x00400000, %eax # returning to 32bit stack? +- jnz restore_nocheck # allright, normal return +- + #ifdef CONFIG_PARAVIRT + /* + * The kernel can't run on a non-flat stack if paravirt mode +@@ -681,12 +677,12 @@ syscall_fault: + END(syscall_fault) + + syscall_badsys: +- movl $-ENOSYS,PT_EAX(%esp) +- jmp syscall_exit ++ movl $-ENOSYS,%eax ++ jmp syscall_after_call + END(syscall_badsys) + + sysenter_badsys: +- movl $-ENOSYS,PT_EAX(%esp) ++ movl $-ENOSYS,%eax + jmp sysenter_after_call + END(syscall_badsys) + CFI_ENDPROC +diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c +index be1ef57..dec49d3 100644 +--- a/arch/x86/mm/ioremap.c ++++ b/arch/x86/mm/ioremap.c +@@ -50,6 +50,21 @@ int ioremap_change_attr(unsigned long vaddr, unsigned long size, + return err; + } + ++static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, ++ void *arg) ++{ ++ unsigned long i; ++ ++ for (i = 0; i < nr_pages; ++i) ++ if (pfn_valid(start_pfn + i) && ++ !PageReserved(pfn_to_page(start_pfn + i))) ++ return 1; ++ ++ WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn); ++ ++ return 0; ++} ++ + /* + * Remap an arbitrary physical address space into the kernel virtual + * address space. Needed when the kernel wants to access high addresses +@@ -93,14 +108,11 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, + /* + * Don't allow anybody to remap normal RAM that we're using.. + */ ++ pfn = phys_addr >> PAGE_SHIFT; + last_pfn = last_addr >> PAGE_SHIFT; +- for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) { +- int is_ram = page_is_ram(pfn); +- +- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn))) +- return NULL; +- WARN_ON_ONCE(is_ram); +- } ++ if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL, ++ __ioremap_check_ram) == 1) ++ return NULL; + + /* + * Mappings have to be page-aligned +diff --git a/crypto/testmgr.h b/crypto/testmgr.h +index 37b4d8f..a4de4ae 100644 +--- a/crypto/testmgr.h ++++ b/crypto/testmgr.h +@@ -10428,38 +10428,40 @@ static struct pcomp_testvec zlib_decomp_tv_template[] = { + static struct comp_testvec lzo_comp_tv_template[] = { + { + .inlen = 70, +- .outlen = 46, ++ .outlen = 57, + .input = "Join us now and share the software " + "Join us now and share the software ", + .output = "\x00\x0d\x4a\x6f\x69\x6e\x20\x75" +- "\x73\x20\x6e\x6f\x77\x20\x61\x6e" +- "\x64\x20\x73\x68\x61\x72\x65\x20" +- "\x74\x68\x65\x20\x73\x6f\x66\x74" +- "\x77\x70\x01\x01\x4a\x6f\x69\x6e" +- "\x3d\x88\x00\x11\x00\x00", ++ "\x73\x20\x6e\x6f\x77\x20\x61\x6e" ++ "\x64\x20\x73\x68\x61\x72\x65\x20" ++ "\x74\x68\x65\x20\x73\x6f\x66\x74" ++ "\x77\x70\x01\x32\x88\x00\x0c\x65" ++ "\x20\x74\x68\x65\x20\x73\x6f\x66" ++ "\x74\x77\x61\x72\x65\x20\x11\x00" ++ "\x00", + }, { + .inlen = 159, +- .outlen = 133, ++ .outlen = 131, + .input = "This document describes a compression method based on the LZO " + "compression algorithm. This document defines the application of " + "the LZO algorithm used in UBIFS.", +- .output = "\x00\x2b\x54\x68\x69\x73\x20\x64" ++ .output = "\x00\x2c\x54\x68\x69\x73\x20\x64" + "\x6f\x63\x75\x6d\x65\x6e\x74\x20" + "\x64\x65\x73\x63\x72\x69\x62\x65" + "\x73\x20\x61\x20\x63\x6f\x6d\x70" + "\x72\x65\x73\x73\x69\x6f\x6e\x20" + "\x6d\x65\x74\x68\x6f\x64\x20\x62" + "\x61\x73\x65\x64\x20\x6f\x6e\x20" +- "\x74\x68\x65\x20\x4c\x5a\x4f\x2b" +- "\x8c\x00\x0d\x61\x6c\x67\x6f\x72" +- "\x69\x74\x68\x6d\x2e\x20\x20\x54" +- "\x68\x69\x73\x2a\x54\x01\x02\x66" +- "\x69\x6e\x65\x73\x94\x06\x05\x61" +- "\x70\x70\x6c\x69\x63\x61\x74\x76" +- "\x0a\x6f\x66\x88\x02\x60\x09\x27" +- "\xf0\x00\x0c\x20\x75\x73\x65\x64" +- "\x20\x69\x6e\x20\x55\x42\x49\x46" +- "\x53\x2e\x11\x00\x00", ++ "\x74\x68\x65\x20\x4c\x5a\x4f\x20" ++ "\x2a\x8c\x00\x09\x61\x6c\x67\x6f" ++ "\x72\x69\x74\x68\x6d\x2e\x20\x20" ++ "\x2e\x54\x01\x03\x66\x69\x6e\x65" ++ "\x73\x20\x74\x06\x05\x61\x70\x70" ++ "\x6c\x69\x63\x61\x74\x76\x0a\x6f" ++ "\x66\x88\x02\x60\x09\x27\xf0\x00" ++ "\x0c\x20\x75\x73\x65\x64\x20\x69" ++ "\x6e\x20\x55\x42\x49\x46\x53\x2e" ++ "\x11\x00\x00", + }, + }; + +diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c +index c749b93..a79332a 100644 +--- a/drivers/acpi/battery.c ++++ b/drivers/acpi/battery.c +@@ -34,6 +34,7 @@ + #include <linux/dmi.h> + #include <linux/slab.h> + #include <linux/suspend.h> ++#include <linux/delay.h> + #include <asm/unaligned.h> + + #ifdef CONFIG_ACPI_PROCFS_POWER +@@ -1055,6 +1056,28 @@ static int battery_notify(struct notifier_block *nb, + return 0; + } + ++/* ++ * Some machines'(E,G Lenovo Z480) ECs are not stable ++ * during boot up and this causes battery driver fails to be ++ * probed due to failure of getting battery information ++ * from EC sometimes. After several retries, the operation ++ * may work. So add retry code here and 20ms sleep between ++ * every retries. ++ */ ++static int acpi_battery_update_retry(struct acpi_battery *battery) ++{ ++ int retry, ret; ++ ++ for (retry = 5; retry; retry--) { ++ ret = acpi_battery_update(battery); ++ if (!ret) ++ break; ++ ++ msleep(20); ++ } ++ return ret; ++} ++ + static int acpi_battery_add(struct acpi_device *device) + { + int result = 0; +@@ -1074,9 +1097,11 @@ static int acpi_battery_add(struct acpi_device *device) + if (ACPI_SUCCESS(acpi_get_handle(battery->device->handle, + "_BIX", &handle))) + set_bit(ACPI_BATTERY_XINFO_PRESENT, &battery->flags); +- result = acpi_battery_update(battery); ++ ++ result = acpi_battery_update_retry(battery); + if (result) + goto fail; ++ + #ifdef CONFIG_ACPI_PROCFS_POWER + result = acpi_battery_add_fs(device); + #endif +diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c +index 3923064..48fd158 100644 +--- a/drivers/acpi/ec.c ++++ b/drivers/acpi/ec.c +@@ -81,6 +81,9 @@ enum { + EC_FLAGS_BLOCKED, /* Transactions are blocked */ + }; + ++#define ACPI_EC_COMMAND_POLL 0x01 /* Available for command byte */ ++#define ACPI_EC_COMMAND_COMPLETE 0x02 /* Completed last byte */ ++ + /* ec.c is compiled in acpi namespace so this shows up as acpi.ec_delay param */ + static unsigned int ec_delay __read_mostly = ACPI_EC_DELAY; + module_param(ec_delay, uint, 0644); +@@ -116,7 +119,7 @@ struct transaction { + u8 ri; + u8 wlen; + u8 rlen; +- bool done; ++ u8 flags; + }; + + struct acpi_ec *boot_ec, *first_ec; +@@ -157,53 +160,74 @@ static inline void acpi_ec_write_data(struct acpi_ec *ec, u8 data) + outb(data, ec->data_addr); + } + +-static int ec_transaction_done(struct acpi_ec *ec) ++static int ec_transaction_completed(struct acpi_ec *ec) + { + unsigned long flags; + int ret = 0; + spin_lock_irqsave(&ec->curr_lock, flags); +- if (!ec->curr || ec->curr->done) ++ if (ec->curr && (ec->curr->flags & ACPI_EC_COMMAND_COMPLETE)) + ret = 1; + spin_unlock_irqrestore(&ec->curr_lock, flags); + return ret; + } + +-static void start_transaction(struct acpi_ec *ec) ++static bool advance_transaction(struct acpi_ec *ec) + { +- ec->curr->irq_count = ec->curr->wi = ec->curr->ri = 0; +- ec->curr->done = false; +- acpi_ec_write_cmd(ec, ec->curr->command); +-} +- +-static void advance_transaction(struct acpi_ec *ec, u8 status) +-{ +- unsigned long flags; +- spin_lock_irqsave(&ec->curr_lock, flags); +- if (!ec->curr) +- goto unlock; +- if (ec->curr->wlen > ec->curr->wi) { +- if ((status & ACPI_EC_FLAG_IBF) == 0) +- acpi_ec_write_data(ec, +- ec->curr->wdata[ec->curr->wi++]); +- else +- goto err; +- } else if (ec->curr->rlen > ec->curr->ri) { +- if ((status & ACPI_EC_FLAG_OBF) == 1) { +- ec->curr->rdata[ec->curr->ri++] = acpi_ec_read_data(ec); +- if (ec->curr->rlen == ec->curr->ri) +- ec->curr->done = true; ++ struct transaction *t; ++ u8 status; ++ bool wakeup = false; ++ ++ pr_debug(PREFIX "===== %s =====\n", in_interrupt() ? "IRQ" : "TASK"); ++ status = acpi_ec_read_status(ec); ++ t = ec->curr; ++ if (!t) ++ goto err; ++ if (t->flags & ACPI_EC_COMMAND_POLL) { ++ if (t->wlen > t->wi) { ++ if ((status & ACPI_EC_FLAG_IBF) == 0) ++ acpi_ec_write_data(ec, t->wdata[t->wi++]); ++ else ++ goto err; ++ } else if (t->rlen > t->ri) { ++ if ((status & ACPI_EC_FLAG_OBF) == 1) { ++ t->rdata[t->ri++] = acpi_ec_read_data(ec); ++ if (t->rlen == t->ri) { ++ t->flags |= ACPI_EC_COMMAND_COMPLETE; ++ wakeup = true; ++ } ++ } else ++ goto err; ++ } else if (t->wlen == t->wi && ++ (status & ACPI_EC_FLAG_IBF) == 0) { ++ t->flags |= ACPI_EC_COMMAND_COMPLETE; ++ wakeup = true; ++ } ++ return wakeup; ++ } else { ++ if ((status & ACPI_EC_FLAG_IBF) == 0) { ++ acpi_ec_write_cmd(ec, t->command); ++ t->flags |= ACPI_EC_COMMAND_POLL; + } else + goto err; +- } else if (ec->curr->wlen == ec->curr->wi && +- (status & ACPI_EC_FLAG_IBF) == 0) +- ec->curr->done = true; +- goto unlock; ++ return wakeup; ++ } + err: +- /* false interrupt, state didn't change */ +- if (in_interrupt()) +- ++ec->curr->irq_count; +-unlock: +- spin_unlock_irqrestore(&ec->curr_lock, flags); ++ /* ++ * If SCI bit is set, then don't think it's a false IRQ ++ * otherwise will take a not handled IRQ as a false one. ++ */ ++ if (!(status & ACPI_EC_FLAG_SCI)) { ++ if (in_interrupt() && t) ++ ++t->irq_count; ++ } ++ return wakeup; ++} ++ ++static void start_transaction(struct acpi_ec *ec) ++{ ++ ec->curr->irq_count = ec->curr->wi = ec->curr->ri = 0; ++ ec->curr->flags = 0; ++ (void)advance_transaction(ec); + } + + static int acpi_ec_sync_query(struct acpi_ec *ec, u8 *data); +@@ -228,15 +252,17 @@ static int ec_poll(struct acpi_ec *ec) + /* don't sleep with disabled interrupts */ + if (EC_FLAGS_MSI || irqs_disabled()) { + udelay(ACPI_EC_MSI_UDELAY); +- if (ec_transaction_done(ec)) ++ if (ec_transaction_completed(ec)) + return 0; + } else { + if (wait_event_timeout(ec->wait, +- ec_transaction_done(ec), ++ ec_transaction_completed(ec), + msecs_to_jiffies(1))) + return 0; + } +- advance_transaction(ec, acpi_ec_read_status(ec)); ++ spin_lock_irqsave(&ec->curr_lock, flags); ++ (void)advance_transaction(ec); ++ spin_unlock_irqrestore(&ec->curr_lock, flags); + } while (time_before(jiffies, delay)); + pr_debug(PREFIX "controller reset, restart transaction\n"); + spin_lock_irqsave(&ec->curr_lock, flags); +@@ -268,23 +294,6 @@ static int acpi_ec_transaction_unlocked(struct acpi_ec *ec, + return ret; + } + +-static int ec_check_ibf0(struct acpi_ec *ec) +-{ +- u8 status = acpi_ec_read_status(ec); +- return (status & ACPI_EC_FLAG_IBF) == 0; +-} +- +-static int ec_wait_ibf0(struct acpi_ec *ec) +-{ +- unsigned long delay = jiffies + msecs_to_jiffies(ec_delay); +- /* interrupt wait manually if GPE mode is not active */ +- while (time_before(jiffies, delay)) +- if (wait_event_timeout(ec->wait, ec_check_ibf0(ec), +- msecs_to_jiffies(1))) +- return 0; +- return -ETIME; +-} +- + static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t) + { + int status; +@@ -305,13 +314,8 @@ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t) + goto unlock; + } + } +- if (ec_wait_ibf0(ec)) { +- pr_err(PREFIX "input buffer is not empty, " +- "aborting transaction\n"); +- status = -ETIME; +- goto end; +- } +- pr_debug(PREFIX "transaction start\n"); ++ pr_debug(PREFIX "transaction start (cmd=0x%02x, addr=0x%02x)\n", ++ t->command, t->wdata ? t->wdata[0] : 0); + /* disable GPE during transaction if storm is detected */ + if (test_bit(EC_FLAGS_GPE_STORM, &ec->flags)) { + /* It has to be disabled, so that it doesn't trigger. */ +@@ -327,12 +331,12 @@ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t) + /* It is safe to enable the GPE outside of the transaction. */ + acpi_enable_gpe(NULL, ec->gpe); + } else if (t->irq_count > ec_storm_threshold) { +- pr_info(PREFIX "GPE storm detected, " +- "transactions will use polling mode\n"); ++ pr_info(PREFIX "GPE storm detected(%d GPEs), " ++ "transactions will use polling mode\n", ++ t->irq_count); + set_bit(EC_FLAGS_GPE_STORM, &ec->flags); + } + pr_debug(PREFIX "transaction end\n"); +-end: + if (ec->global_lock) + acpi_release_global_lock(glk); + unlock: +@@ -404,7 +408,7 @@ int ec_burst_disable(void) + + EXPORT_SYMBOL(ec_burst_disable); + +-int ec_read(u8 addr, u8 * val) ++int ec_read(u8 addr, u8 *val) + { + int err; + u8 temp_data; +@@ -642,16 +646,14 @@ static int ec_check_sci(struct acpi_ec *ec, u8 state) + static u32 acpi_ec_gpe_handler(acpi_handle gpe_device, + u32 gpe_number, void *data) + { ++ unsigned long flags; + struct acpi_ec *ec = data; + +- pr_debug(PREFIX "~~~> interrupt\n"); +- +- advance_transaction(ec, acpi_ec_read_status(ec)); +- if (ec_transaction_done(ec) && +- (acpi_ec_read_status(ec) & ACPI_EC_FLAG_IBF) == 0) { ++ spin_lock_irqsave(&ec->curr_lock, flags); ++ if (advance_transaction(ec)) + wake_up(&ec->wait); +- ec_check_sci(ec, acpi_ec_read_status(ec)); +- } ++ spin_unlock_irqrestore(&ec->curr_lock, flags); ++ ec_check_sci(ec, acpi_ec_read_status(ec)); + return ACPI_INTERRUPT_HANDLED | ACPI_REENABLE_GPE; + } + +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 2b662725..2ddf736 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -4711,6 +4711,10 @@ void swap_buf_le16(u16 *buf, unsigned int buf_words) + * ata_qc_new - Request an available ATA command, for queueing + * @ap: target port + * ++ * Some ATA host controllers may implement a queue depth which is less ++ * than ATA_MAX_QUEUE. So we shouldn't allocate a tag which is beyond ++ * the hardware limitation. ++ * + * LOCKING: + * None. + */ +@@ -4718,14 +4722,15 @@ void swap_buf_le16(u16 *buf, unsigned int buf_words) + static struct ata_queued_cmd *ata_qc_new(struct ata_port *ap) + { + struct ata_queued_cmd *qc = NULL; ++ unsigned int max_queue = ap->host->n_tags; + unsigned int i, tag; + + /* no command while frozen */ + if (unlikely(ap->pflags & ATA_PFLAG_FROZEN)) + return NULL; + +- for (i = 0; i < ATA_MAX_QUEUE; i++) { +- tag = (i + ap->last_tag + 1) % ATA_MAX_QUEUE; ++ for (i = 0, tag = ap->last_tag + 1; i < max_queue; i++, tag++) { ++ tag = tag < max_queue ? tag : 0; + + /* the last tag is reserved for internal command. */ + if (tag == ATA_TAG_INTERNAL) +@@ -5918,6 +5923,7 @@ void ata_host_init(struct ata_host *host, struct device *dev, + { + spin_lock_init(&host->lock); + mutex_init(&host->eh_mutex); ++ host->n_tags = ATA_MAX_QUEUE - 1; + host->dev = dev; + host->flags = flags; + host->ops = ops; +@@ -5998,6 +6004,8 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) + { + int i, rc; + ++ host->n_tags = clamp(sht->can_queue, 1, ATA_MAX_QUEUE - 1); ++ + /* host must have been started */ + if (!(host->flags & ATA_HOST_STARTED)) { + dev_err(host->dev, "BUG: trying to register unstarted host\n"); +diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c +index 25373df..5d069c7 100644 +--- a/drivers/char/applicom.c ++++ b/drivers/char/applicom.c +@@ -345,7 +345,6 @@ out: + free_irq(apbs[i].irq, &dummy); + iounmap(apbs[i].RamIO); + } +- pci_disable_device(dev); + return ret; + } + +diff --git a/drivers/gpu/drm/radeon/atombios_dp.c b/drivers/gpu/drm/radeon/atombios_dp.c +index 3254d51e..e8a3c31 100644 +--- a/drivers/gpu/drm/radeon/atombios_dp.c ++++ b/drivers/gpu/drm/radeon/atombios_dp.c +@@ -89,7 +89,7 @@ static int radeon_process_aux_ch(struct radeon_i2c_chan *chan, + /* flags not zero */ + if (args.v1.ucReplyStatus == 2) { + DRM_DEBUG_KMS("dp_aux_ch flags not zero\n"); +- return -EBUSY; ++ return -EIO; + } + + /* error */ +diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c +index 3291ab8..ad5d774 100644 +--- a/drivers/gpu/drm/radeon/radeon_display.c ++++ b/drivers/gpu/drm/radeon/radeon_display.c +@@ -697,6 +697,10 @@ int radeon_ddc_get_modes(struct radeon_connector *radeon_connector) + struct radeon_device *rdev = dev->dev_private; + int ret = 0; + ++ /* don't leak the edid if we already fetched it in detect() */ ++ if (radeon_connector->edid) ++ goto got_edid; ++ + /* on hw with routers, select right port */ + if (radeon_connector->router.ddc_valid) + radeon_router_select_ddc_port(radeon_connector); +@@ -736,6 +740,7 @@ int radeon_ddc_get_modes(struct radeon_connector *radeon_connector) + radeon_connector->edid = radeon_bios_get_hardcoded_edid(rdev); + } + if (radeon_connector->edid) { ++got_edid: + drm_mode_connector_update_edid_property(&radeon_connector->base, radeon_connector->edid); + ret = drm_add_edid_modes(&radeon_connector->base, radeon_connector->edid); + drm_edid_to_eld(&radeon_connector->base, radeon_connector->edid); +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c +index 907c26f..7f16ff2 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c +@@ -179,7 +179,6 @@ static int vmw_fb_set_par(struct fb_info *info) + vmw_write(vmw_priv, SVGA_REG_DISPLAY_POSITION_Y, info->var.yoffset); + vmw_write(vmw_priv, SVGA_REG_DISPLAY_WIDTH, info->var.xres); + vmw_write(vmw_priv, SVGA_REG_DISPLAY_HEIGHT, info->var.yres); +- vmw_write(vmw_priv, SVGA_REG_BYTES_PER_LINE, info->fix.line_length); + vmw_write(vmw_priv, SVGA_REG_DISPLAY_ID, SVGA_ID_INVALID); + } + +diff --git a/drivers/hwmon/adm1029.c b/drivers/hwmon/adm1029.c +index 0b8a3b1..3dbf405 100644 +--- a/drivers/hwmon/adm1029.c ++++ b/drivers/hwmon/adm1029.c +@@ -228,6 +228,9 @@ static ssize_t set_fan_div(struct device *dev, + /* Update the value */ + reg = (reg & 0x3F) | (val << 6); + ++ /* Update the cache */ ++ data->fan_div[attr->index] = reg; ++ + /* Write value */ + i2c_smbus_write_byte_data(client, + ADM1029_REG_FAN_DIV[attr->index], reg); +diff --git a/drivers/hwmon/adm1031.c b/drivers/hwmon/adm1031.c +index 0683e6b..5f11e23 100644 +--- a/drivers/hwmon/adm1031.c ++++ b/drivers/hwmon/adm1031.c +@@ -352,6 +352,7 @@ set_auto_temp_min(struct device *dev, struct device_attribute *attr, + int nr = to_sensor_dev_attr(attr)->index; + int val = simple_strtol(buf, NULL, 10); + ++ val = clamp_val(val, 0, 127000); + mutex_lock(&data->update_lock); + data->auto_temp[nr] = AUTO_TEMP_MIN_TO_REG(val, data->auto_temp[nr]); + adm1031_write_value(client, ADM1031_REG_AUTO_TEMP(nr), +@@ -376,6 +377,7 @@ set_auto_temp_max(struct device *dev, struct device_attribute *attr, + int nr = to_sensor_dev_attr(attr)->index; + int val = simple_strtol(buf, NULL, 10); + ++ val = clamp_val(val, 0, 127000); + mutex_lock(&data->update_lock); + data->temp_max[nr] = AUTO_TEMP_MAX_TO_REG(val, data->auto_temp[nr], data->pwm[nr]); + adm1031_write_value(client, ADM1031_REG_AUTO_TEMP(nr), +@@ -651,7 +653,7 @@ static ssize_t set_temp_min(struct device *dev, struct device_attribute *attr, + int val; + + val = simple_strtol(buf, NULL, 10); +- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875); ++ val = clamp_val(val, -55000, 127000); + mutex_lock(&data->update_lock); + data->temp_min[nr] = TEMP_TO_REG(val); + adm1031_write_value(client, ADM1031_REG_TEMP_MIN(nr), +@@ -668,7 +670,7 @@ static ssize_t set_temp_max(struct device *dev, struct device_attribute *attr, + int val; + + val = simple_strtol(buf, NULL, 10); +- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875); ++ val = clamp_val(val, -55000, 127000); + mutex_lock(&data->update_lock); + data->temp_max[nr] = TEMP_TO_REG(val); + adm1031_write_value(client, ADM1031_REG_TEMP_MAX(nr), +@@ -685,7 +687,7 @@ static ssize_t set_temp_crit(struct device *dev, struct device_attribute *attr, + int val; + + val = simple_strtol(buf, NULL, 10); +- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875); ++ val = clamp_val(val, -55000, 127000); + mutex_lock(&data->update_lock); + data->temp_crit[nr] = TEMP_TO_REG(val); + adm1031_write_value(client, ADM1031_REG_TEMP_CRIT(nr), +diff --git a/drivers/hwmon/adt7470.c b/drivers/hwmon/adt7470.c +index a9726c1..3a15fd6 100644 +--- a/drivers/hwmon/adt7470.c ++++ b/drivers/hwmon/adt7470.c +@@ -515,7 +515,7 @@ static ssize_t set_temp_min(struct device *dev, + return -EINVAL; + + temp = DIV_ROUND_CLOSEST(temp, 1000); +- temp = SENSORS_LIMIT(temp, 0, 255); ++ temp = clamp_val(temp, -128, 127); + + mutex_lock(&data->lock); + data->temp_min[attr->index] = temp; +@@ -549,7 +549,7 @@ static ssize_t set_temp_max(struct device *dev, + return -EINVAL; + + temp = DIV_ROUND_CLOSEST(temp, 1000); +- temp = SENSORS_LIMIT(temp, 0, 255); ++ temp = clamp_val(temp, -128, 127); + + mutex_lock(&data->lock); + data->temp_max[attr->index] = temp; +@@ -826,7 +826,7 @@ static ssize_t set_pwm_tmin(struct device *dev, + return -EINVAL; + + temp = DIV_ROUND_CLOSEST(temp, 1000); +- temp = SENSORS_LIMIT(temp, 0, 255); ++ temp = clamp_val(temp, -128, 127); + + mutex_lock(&data->lock); + data->pwm_tmin[attr->index] = temp; +diff --git a/drivers/hwmon/amc6821.c b/drivers/hwmon/amc6821.c +index 4033974..75be6c4 100644 +--- a/drivers/hwmon/amc6821.c ++++ b/drivers/hwmon/amc6821.c +@@ -715,7 +715,7 @@ static SENSOR_DEVICE_ATTR(temp1_max_alarm, S_IRUGO, + get_temp_alarm, NULL, IDX_TEMP1_MAX); + static SENSOR_DEVICE_ATTR(temp1_crit_alarm, S_IRUGO, + get_temp_alarm, NULL, IDX_TEMP1_CRIT); +-static SENSOR_DEVICE_ATTR(temp2_input, S_IRUGO | S_IWUSR, ++static SENSOR_DEVICE_ATTR(temp2_input, S_IRUGO, + get_temp, NULL, IDX_TEMP2_INPUT); + static SENSOR_DEVICE_ATTR(temp2_min, S_IRUGO | S_IWUSR, get_temp, + set_temp, IDX_TEMP2_MIN); +diff --git a/drivers/hwmon/emc2103.c b/drivers/hwmon/emc2103.c +index af914ad..a074d21 100644 +--- a/drivers/hwmon/emc2103.c ++++ b/drivers/hwmon/emc2103.c +@@ -248,9 +248,7 @@ static ssize_t set_temp_min(struct device *dev, struct device_attribute *da, + if (result < 0) + return -EINVAL; + +- val = DIV_ROUND_CLOSEST(val, 1000); +- if ((val < -63) || (val > 127)) +- return -EINVAL; ++ val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), -63, 127); + + mutex_lock(&data->update_lock); + data->temp_min[nr] = val; +@@ -272,9 +270,7 @@ static ssize_t set_temp_max(struct device *dev, struct device_attribute *da, + if (result < 0) + return -EINVAL; + +- val = DIV_ROUND_CLOSEST(val, 1000); +- if ((val < -63) || (val > 127)) +- return -EINVAL; ++ val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), -63, 127); + + mutex_lock(&data->update_lock); + data->temp_max[nr] = val; +@@ -386,15 +382,14 @@ static ssize_t set_fan_target(struct device *dev, struct device_attribute *da, + { + struct emc2103_data *data = emc2103_update_device(dev); + struct i2c_client *client = to_i2c_client(dev); +- long rpm_target; ++ unsigned long rpm_target; + +- int result = strict_strtol(buf, 10, &rpm_target); ++ int result = kstrtoul(buf, 10, &rpm_target); + if (result < 0) + return -EINVAL; + + /* Datasheet states 16384 as maximum RPM target (table 3.2) */ +- if ((rpm_target < 0) || (rpm_target > 16384)) +- return -EINVAL; ++ rpm_target = clamp_val(rpm_target, 0, 16384); + + mutex_lock(&data->update_lock); + +diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c +index 97b2e21..cf065df 100644 +--- a/drivers/iommu/dmar.c ++++ b/drivers/iommu/dmar.c +@@ -582,7 +582,7 @@ int alloc_iommu(struct dmar_drhd_unit *drhd) + { + struct intel_iommu *iommu; + int map_size; +- u32 ver; ++ u32 ver, sts; + static int iommu_allocated = 0; + int agaw = 0; + int msagaw = 0; +@@ -652,6 +652,15 @@ int alloc_iommu(struct dmar_drhd_unit *drhd) + (unsigned long long)iommu->cap, + (unsigned long long)iommu->ecap); + ++ /* Reflect status in gcmd */ ++ sts = readl(iommu->reg + DMAR_GSTS_REG); ++ if (sts & DMA_GSTS_IRES) ++ iommu->gcmd |= DMA_GCMD_IRE; ++ if (sts & DMA_GSTS_TES) ++ iommu->gcmd |= DMA_GCMD_TE; ++ if (sts & DMA_GSTS_QIES) ++ iommu->gcmd |= DMA_GCMD_QIE; ++ + raw_spin_lock_init(&iommu->register_lock); + + drhd->iommu = iommu; +diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c +index bb1e579..276ef38 100644 +--- a/drivers/iommu/intel-iommu.c ++++ b/drivers/iommu/intel-iommu.c +@@ -3630,6 +3630,7 @@ static struct notifier_block device_nb = { + int __init intel_iommu_init(void) + { + int ret = 0; ++ struct dmar_drhd_unit *drhd; + + /* VT-d is required for a TXT/tboot launch, so enforce that */ + force_on = tboot_force_iommu(); +@@ -3640,6 +3641,20 @@ int __init intel_iommu_init(void) + return -ENODEV; + } + ++ /* ++ * Disable translation if already enabled prior to OS handover. ++ */ ++ for_each_drhd_unit(drhd) { ++ struct intel_iommu *iommu; ++ ++ if (drhd->ignored) ++ continue; ++ ++ iommu = drhd->iommu; ++ if (iommu->gcmd & DMA_GCMD_TE) ++ iommu_disable_translation(iommu); ++ } ++ + if (dmar_dev_scope_init() < 0) { + if (force_on) + panic("tboot: Failed to initialize DMAR device scope\n"); +diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c +index ea5dd28..39a08be 100644 +--- a/drivers/md/dm-io.c ++++ b/drivers/md/dm-io.c +@@ -10,6 +10,7 @@ + #include <linux/device-mapper.h> + + #include <linux/bio.h> ++#include <linux/completion.h> + #include <linux/mempool.h> + #include <linux/module.h> + #include <linux/sched.h> +@@ -34,7 +35,7 @@ struct dm_io_client { + struct io { + unsigned long error_bits; + atomic_t count; +- struct task_struct *sleeper; ++ struct completion *wait; + struct dm_io_client *client; + io_notify_fn callback; + void *context; +@@ -122,8 +123,8 @@ static void dec_count(struct io *io, unsigned int region, int error) + invalidate_kernel_vmap_range(io->vma_invalidate_address, + io->vma_invalidate_size); + +- if (io->sleeper) +- wake_up_process(io->sleeper); ++ if (io->wait) ++ complete(io->wait); + + else { + unsigned long r = io->error_bits; +@@ -384,6 +385,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions, + */ + volatile char io_[sizeof(struct io) + __alignof__(struct io) - 1]; + struct io *io = (struct io *)PTR_ALIGN(&io_, __alignof__(struct io)); ++ DECLARE_COMPLETION_ONSTACK(wait); + + if (num_regions > 1 && (rw & RW_MASK) != WRITE) { + WARN_ON(1); +@@ -392,7 +394,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions, + + io->error_bits = 0; + atomic_set(&io->count, 1); /* see dispatch_io() */ +- io->sleeper = current; ++ io->wait = &wait; + io->client = client; + + io->vma_invalidate_address = dp->vma_invalidate_address; +@@ -400,15 +402,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions, + + dispatch_io(rw, num_regions, where, dp, io, 1); + +- while (1) { +- set_current_state(TASK_UNINTERRUPTIBLE); +- +- if (!atomic_read(&io->count)) +- break; +- +- io_schedule(); +- } +- set_current_state(TASK_RUNNING); ++ wait_for_completion(&wait); + + if (error_bits) + *error_bits = io->error_bits; +@@ -431,7 +425,7 @@ static int async_io(struct dm_io_client *client, unsigned int num_regions, + io = mempool_alloc(client->pool, GFP_NOIO); + io->error_bits = 0; + atomic_set(&io->count, 1); /* see dispatch_io() */ +- io->sleeper = NULL; ++ io->wait = NULL; + io->client = client; + io->callback = fn; + io->context = context; +diff --git a/drivers/md/md.c b/drivers/md/md.c +index 30a7b52..ea8a181 100644 +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -7144,6 +7144,19 @@ void md_do_sync(struct mddev *mddev) + rdev->recovery_offset < j) + j = rdev->recovery_offset; + rcu_read_unlock(); ++ ++ /* If there is a bitmap, we need to make sure all ++ * writes that started before we added a spare ++ * complete before we start doing a recovery. ++ * Otherwise the write might complete and (via ++ * bitmap_endwrite) set a bit in the bitmap after the ++ * recovery has checked that bit and skipped that ++ * region. ++ */ ++ if (mddev->bitmap) { ++ mddev->pers->quiesce(mddev, 1); ++ mddev->pers->quiesce(mddev, 0); ++ } + } + + printk(KERN_INFO "md: %s of RAID array %s\n", desc, mdname(mddev)); +diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c +index df5a09a..b555be0 100644 +--- a/drivers/net/ethernet/intel/igb/igb_main.c ++++ b/drivers/net/ethernet/intel/igb/igb_main.c +@@ -6610,6 +6610,8 @@ static int __igb_shutdown(struct pci_dev *pdev, bool *enable_wake) + + if (netif_running(netdev)) + igb_close(netdev); ++ else ++ igb_reset(adapter); + + igb_clear_interrupt_scheme(adapter); + +diff --git a/drivers/net/ethernet/sun/sunvnet.c b/drivers/net/ethernet/sun/sunvnet.c +index bd08919..5092148 100644 +--- a/drivers/net/ethernet/sun/sunvnet.c ++++ b/drivers/net/ethernet/sun/sunvnet.c +@@ -1089,6 +1089,24 @@ static struct vnet * __devinit vnet_find_or_create(const u64 *local_mac) + return vp; + } + ++static void vnet_cleanup(void) ++{ ++ struct vnet *vp; ++ struct net_device *dev; ++ ++ mutex_lock(&vnet_list_mutex); ++ while (!list_empty(&vnet_list)) { ++ vp = list_first_entry(&vnet_list, struct vnet, list); ++ list_del(&vp->list); ++ dev = vp->dev; ++ /* vio_unregister_driver() should have cleaned up port_list */ ++ BUG_ON(!list_empty(&vp->port_list)); ++ unregister_netdev(dev); ++ free_netdev(dev); ++ } ++ mutex_unlock(&vnet_list_mutex); ++} ++ + static const char *local_mac_prop = "local-mac-address"; + + static struct vnet * __devinit vnet_find_parent(struct mdesc_handle *hp, +@@ -1249,7 +1267,6 @@ static int vnet_port_remove(struct vio_dev *vdev) + + kfree(port); + +- unregister_netdev(vp->dev); + } + return 0; + } +@@ -1280,6 +1297,7 @@ static int __init vnet_init(void) + static void __exit vnet_exit(void) + { + vio_unregister_driver(&vnet_port_driver); ++ vnet_cleanup(); + } + + module_init(vnet_init); +diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c +index d552fa3..d696536 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c ++++ b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c +@@ -440,14 +440,6 @@ int iwlagn_commit_rxon(struct iwl_priv *priv, struct iwl_rxon_context *ctx) + /* always get timestamp with Rx frame */ + ctx->staging.flags |= RXON_FLG_TSF2HOST_MSK; + +- /* +- * force CTS-to-self frames protection if RTS-CTS is not preferred +- * one aggregation protection method +- */ +- if (!(priv->cfg->ht_params && +- priv->cfg->ht_params->use_rts_for_aggregation)) +- ctx->staging.flags |= RXON_FLG_SELF_CTS_EN; +- + if ((ctx->vif && ctx->vif->bss_conf.use_short_slot) || + !(ctx->staging.flags & RXON_FLG_BAND_24G_MSK)) + ctx->staging.flags |= RXON_FLG_SHORT_SLOT_MSK; +@@ -880,11 +872,6 @@ void iwlagn_bss_info_changed(struct ieee80211_hw *hw, + else + ctx->staging.flags &= ~RXON_FLG_TGG_PROTECT_MSK; + +- if (bss_conf->use_cts_prot) +- ctx->staging.flags |= RXON_FLG_SELF_CTS_EN; +- else +- ctx->staging.flags &= ~RXON_FLG_SELF_CTS_EN; +- + memcpy(ctx->staging.bssid_addr, bss_conf->bssid, ETH_ALEN); + + if (vif->type == NL80211_IFTYPE_AP || +diff --git a/drivers/net/wireless/mwifiex/main.c b/drivers/net/wireless/mwifiex/main.c +index 5baa12a..018276f 100644 +--- a/drivers/net/wireless/mwifiex/main.c ++++ b/drivers/net/wireless/mwifiex/main.c +@@ -458,6 +458,7 @@ mwifiex_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) + } + + tx_info = MWIFIEX_SKB_TXCB(skb); ++ memset(tx_info, 0, sizeof(*tx_info)); + tx_info->bss_index = priv->bss_index; + mwifiex_fill_buffer(skb); + +diff --git a/drivers/scsi/ibmvscsi/ibmvscsi.c b/drivers/scsi/ibmvscsi/ibmvscsi.c +index 36aca4b..4aabbdc 100644 +--- a/drivers/scsi/ibmvscsi/ibmvscsi.c ++++ b/drivers/scsi/ibmvscsi/ibmvscsi.c +@@ -490,7 +490,8 @@ static void purge_requests(struct ibmvscsi_host_data *hostdata, int error_code) + evt->hostdata->dev); + if (evt->cmnd_done) + evt->cmnd_done(evt->cmnd); +- } else if (evt->done) ++ } else if (evt->done && evt->crq.format != VIOSRP_MAD_FORMAT && ++ evt->iu.srp.login_req.opcode != SRP_LOGIN_REQ) + evt->done(evt); + free_event_struct(&evt->hostdata->pool, evt); + spin_lock_irqsave(hostdata->host->host_lock, flags); +diff --git a/drivers/scsi/ibmvscsi/rpa_vscsi.c b/drivers/scsi/ibmvscsi/rpa_vscsi.c +index f48ae01..920c02e 100644 +--- a/drivers/scsi/ibmvscsi/rpa_vscsi.c ++++ b/drivers/scsi/ibmvscsi/rpa_vscsi.c +@@ -104,6 +104,11 @@ static struct viosrp_crq *crq_queue_next_crq(struct crq_queue *queue) + if (crq->valid & 0x80) { + if (++queue->cur == queue->size) + queue->cur = 0; ++ ++ /* Ensure the read of the valid bit occurs before reading any ++ * other bits of the CRQ entry ++ */ ++ rmb(); + } else + crq = NULL; + spin_unlock_irqrestore(&queue->lock, flags); +@@ -122,6 +127,11 @@ static int rpavscsi_send_crq(struct ibmvscsi_host_data *hostdata, + { + struct vio_dev *vdev = to_vio_dev(hostdata->dev); + ++ /* ++ * Ensure the command buffer is flushed to memory before handing it ++ * over to the VIOS to prevent it from fetching any stale data. ++ */ ++ mb(); + return plpar_hcall_norets(H_SEND_CRQ, vdev->unit_address, word1, word2); + } + +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c +index f6d2b62..5c6b5f5 100644 +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -2149,7 +2149,10 @@ sd_read_cache_type(struct scsi_disk *sdkp, unsigned char *buffer) + } + + sdkp->DPOFUA = (data.device_specific & 0x10) != 0; +- if (sdkp->DPOFUA && !sdkp->device->use_10_for_rw) { ++ if (sdp->broken_fua) { ++ sd_printk(KERN_NOTICE, sdkp, "Disabling FUA\n"); ++ sdkp->DPOFUA = 0; ++ } else if (sdkp->DPOFUA && !sdkp->device->use_10_for_rw) { + sd_printk(KERN_NOTICE, sdkp, + "Uses READ/WRITE(6), disabling FUA\n"); + sdkp->DPOFUA = 0; +diff --git a/drivers/scsi/sym53c8xx_2/sym_hipd.c b/drivers/scsi/sym53c8xx_2/sym_hipd.c +index d92fe40..6b349e3 100644 +--- a/drivers/scsi/sym53c8xx_2/sym_hipd.c ++++ b/drivers/scsi/sym53c8xx_2/sym_hipd.c +@@ -3000,7 +3000,11 @@ sym_dequeue_from_squeue(struct sym_hcb *np, int i, int target, int lun, int task + if ((target == -1 || cp->target == target) && + (lun == -1 || cp->lun == lun) && + (task == -1 || cp->tag == task)) { ++#ifdef SYM_OPT_HANDLE_DEVICE_QUEUEING + sym_set_cam_status(cp->cmd, DID_SOFT_ERROR); ++#else ++ sym_set_cam_status(cp->cmd, DID_REQUEUE); ++#endif + sym_remque(&cp->link_ccbq); + sym_insque_tail(&cp->link_ccbq, &np->comp_ccbq); + } +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 12f3a37..3807294 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -655,6 +655,26 @@ static int hub_usb3_port_disable(struct usb_hub *hub, int port1) + if (!hub_is_superspeed(hub->hdev)) + return -EINVAL; + ++ ret = hub_port_status(hub, port1, &portstatus, &portchange); ++ if (ret < 0) ++ return ret; ++ ++ /* ++ * USB controller Advanced Micro Devices, Inc. [AMD] FCH USB XHCI ++ * Controller [1022:7814] will have spurious result making the following ++ * usb 3.0 device hotplugging route to the 2.0 root hub and recognized ++ * as high-speed device if we set the usb 3.0 port link state to ++ * Disabled. Since it's already in USB_SS_PORT_LS_RX_DETECT state, we ++ * check the state here to avoid the bug. ++ */ ++ if ((portstatus & USB_PORT_STAT_LINK_STATE) == ++ USB_SS_PORT_LS_RX_DETECT) { ++ dev_dbg(hub->intfdev, ++ "Not disabling port %d; link state is RxDetect\n", ++ port1); ++ return ret; ++ } ++ + ret = hub_set_port_link_state(hub, port1, USB_SS_PORT_LS_SS_DISABLED); + if (ret) { + dev_err(hub->intfdev, "cannot disable port %d (err = %d)\n", +diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c +index 0e641a1..c635c4c 100644 +--- a/drivers/usb/gadget/f_fs.c ++++ b/drivers/usb/gadget/f_fs.c +@@ -1376,11 +1376,13 @@ static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev) + ffs->ep0req->context = ffs; + + lang = ffs->stringtabs; +- for (lang = ffs->stringtabs; *lang; ++lang) { +- struct usb_string *str = (*lang)->strings; +- int id = first_id; +- for (; str->s; ++id, ++str) +- str->id = id; ++ if (lang) { ++ for (; *lang; ++lang) { ++ struct usb_string *str = (*lang)->strings; ++ int id = first_id; ++ for (; str->s; ++id, ++str) ++ str->id = id; ++ } + } + + ffs->gadget = cdev->gadget; +diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c +index 107e6b4..517cadb 100644 +--- a/drivers/usb/host/xhci-hub.c ++++ b/drivers/usb/host/xhci-hub.c +@@ -21,6 +21,7 @@ + */ + + #include <linux/gfp.h> ++#include <linux/device.h> + #include <asm/unaligned.h> + + #include "xhci.h" +@@ -993,7 +994,9 @@ int xhci_bus_suspend(struct usb_hcd *hcd) + t2 |= PORT_LINK_STROBE | XDEV_U3; + set_bit(port_index, &bus_state->bus_suspended); + } +- if (hcd->self.root_hub->do_remote_wakeup) { ++ if (hcd->self.root_hub->do_remote_wakeup ++ && device_may_wakeup(hcd->self.controller)) { ++ + if (t1 & PORT_CONNECT) { + t2 |= PORT_WKOC_E | PORT_WKDISC_E; + t2 &= ~PORT_WKCONN_E; +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c +index 1886544..bc5ee84 100644 +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -3521,7 +3521,7 @@ static unsigned int xhci_get_burst_count(struct xhci_hcd *xhci, + return 0; + + max_burst = urb->ep->ss_ep_comp.bMaxBurst; +- return roundup(total_packet_count, max_burst + 1) - 1; ++ return DIV_ROUND_UP(total_packet_count, max_burst + 1) - 1; + } + + /* +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c +index b2eac8d..457a7ac 100644 +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -946,7 +946,7 @@ int xhci_suspend(struct xhci_hcd *xhci) + */ + int xhci_resume(struct xhci_hcd *xhci, bool hibernated) + { +- u32 command, temp = 0; ++ u32 command, temp = 0, status; + struct usb_hcd *hcd = xhci_to_hcd(xhci); + struct usb_hcd *secondary_hcd; + int retval = 0; +@@ -1070,8 +1070,12 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) + + done: + if (retval == 0) { +- usb_hcd_resume_root_hub(hcd); +- usb_hcd_resume_root_hub(xhci->shared_hcd); ++ /* Resume root hubs only when have pending events. */ ++ status = readl(&xhci->op_regs->status); ++ if (status & STS_EINT) { ++ usb_hcd_resume_root_hub(hcd); ++ usb_hcd_resume_root_hub(xhci->shared_hcd); ++ } + } + + /* +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index 01fd64a..3de63f5 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -159,6 +159,7 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x1843, 0x0200) }, /* Vaisala USB Instrument Cable */ + { USB_DEVICE(0x18EF, 0xE00F) }, /* ELV USB-I2C-Interface */ + { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */ ++ { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */ + { USB_DEVICE(0x1BE3, 0x07A6) }, /* WAGO 750-923 USB Service Cable */ + { USB_DEVICE(0x1E29, 0x0102) }, /* Festo CPX-USB */ + { USB_DEVICE(0x1E29, 0x0501) }, /* Festo CMSP */ +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index 6e08639..d6e6205 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -731,7 +731,8 @@ static struct usb_device_id id_table_combined [] = { + { USB_DEVICE(FTDI_VID, FTDI_ACG_HFDUAL_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_YEI_SERVOCENTER31_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_THORLABS_PID) }, +- { USB_DEVICE(TESTO_VID, TESTO_USB_INTERFACE_PID) }, ++ { USB_DEVICE(TESTO_VID, TESTO_1_PID) }, ++ { USB_DEVICE(TESTO_VID, TESTO_3_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_GAMMA_SCOUT_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13M_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13S_PID) }, +@@ -1591,14 +1592,17 @@ static void ftdi_set_max_packet_size(struct usb_serial_port *port) + struct usb_device *udev = serial->dev; + + struct usb_interface *interface = serial->interface; +- struct usb_endpoint_descriptor *ep_desc = &interface->cur_altsetting->endpoint[1].desc; ++ struct usb_endpoint_descriptor *ep_desc; + + unsigned num_endpoints; +- int i; ++ unsigned i; + + num_endpoints = interface->cur_altsetting->desc.bNumEndpoints; + dev_info(&udev->dev, "Number of endpoints %d\n", num_endpoints); + ++ if (!num_endpoints) ++ return; ++ + /* NOTE: some customers have programmed FT232R/FT245R devices + * with an endpoint size of 0 - not good. In this case, we + * want to override the endpoint descriptor setting and use a +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index 677cf49..55af915 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -798,7 +798,8 @@ + * Submitted by Colin Leroy + */ + #define TESTO_VID 0x128D +-#define TESTO_USB_INTERFACE_PID 0x0001 ++#define TESTO_1_PID 0x0001 ++#define TESTO_3_PID 0x0003 + + /* + * Mobility Electronics products. +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index a0f47d5..7a1c91e 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -377,8 +377,12 @@ static void option_instat_callback(struct urb *urb); + /* Olivetti products */ + #define OLIVETTI_VENDOR_ID 0x0b3c + #define OLIVETTI_PRODUCT_OLICARD100 0xc000 ++#define OLIVETTI_PRODUCT_OLICARD120 0xc001 ++#define OLIVETTI_PRODUCT_OLICARD140 0xc002 + #define OLIVETTI_PRODUCT_OLICARD145 0xc003 ++#define OLIVETTI_PRODUCT_OLICARD155 0xc004 + #define OLIVETTI_PRODUCT_OLICARD200 0xc005 ++#define OLIVETTI_PRODUCT_OLICARD160 0xc00a + #define OLIVETTI_PRODUCT_OLICARD500 0xc00b + + /* Celot products */ +@@ -1494,6 +1498,8 @@ static const struct usb_device_id option_ids[] = { + .driver_info = (kernel_ulong_t)&net_intf2_blacklist }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1426, 0xff, 0xff, 0xff), /* ZTE MF91 */ + .driver_info = (kernel_ulong_t)&net_intf2_blacklist }, ++ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1428, 0xff, 0xff, 0xff), /* Telewell TW-LTE 4G v2 */ ++ .driver_info = (kernel_ulong_t)&net_intf2_blacklist }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1533, 0xff, 0xff, 0xff) }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1534, 0xff, 0xff, 0xff) }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1535, 0xff, 0xff, 0xff) }, +@@ -1631,15 +1637,21 @@ static const struct usb_device_id option_ids[] = { + { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC25_MDMNET) }, + { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) }, /* HC28 enumerates with Siemens or Cinterion VID depending on FW revision */ + { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) }, +- +- { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) }, ++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100), ++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, ++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD120), ++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, ++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD140), ++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) }, ++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD155), ++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist }, + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200), +- .driver_info = (kernel_ulong_t)&net_intf6_blacklist +- }, ++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist }, ++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD160), ++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist }, + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD500), +- .driver_info = (kernel_ulong_t)&net_intf4_blacklist +- }, ++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, + { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */ + { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/ + { USB_DEVICE(YUGA_VENDOR_ID, YUGA_PRODUCT_CEM600) }, +diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c +index eb660bb..b8dc0c5 100644 +--- a/drivers/usb/storage/scsiglue.c ++++ b/drivers/usb/storage/scsiglue.c +@@ -255,6 +255,10 @@ static int slave_configure(struct scsi_device *sdev) + US_FL_SCM_MULT_TARG)) && + us->protocol == USB_PR_BULK) + us->use_last_sector_hacks = 1; ++ ++ /* A few buggy USB-ATA bridges don't understand FUA */ ++ if (us->fflags & US_FL_BROKEN_FUA) ++ sdev->broken_fua = 1; + } else { + + /* Non-disk-type devices don't need to blacklist any pages +diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h +index 49d222d..e588a11 100644 +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -1916,6 +1916,13 @@ UNUSUAL_DEV( 0x14cd, 0x6600, 0x0201, 0x0201, + USB_SC_DEVICE, USB_PR_DEVICE, NULL, + US_FL_IGNORE_RESIDUE ), + ++/* Reported by Michael Büsch <m@bues.ch> */ ++UNUSUAL_DEV( 0x152d, 0x0567, 0x0114, 0x0114, ++ "JMicron", ++ "USB to ATA/ATAPI Bridge", ++ USB_SC_DEVICE, USB_PR_DEVICE, NULL, ++ US_FL_BROKEN_FUA ), ++ + /* Reported by Alexandre Oliva <oliva@lsd.ic.unicamp.br> + * JMicron responds to USN and several other SCSI ioctls with a + * residue that causes subsequent I/O requests to fail. */ +diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c +index ce4fa08..c8af7e5 100644 +--- a/drivers/xen/manage.c ++++ b/drivers/xen/manage.c +@@ -93,7 +93,6 @@ static int xen_suspend(void *data) + + if (!si->cancelled) { + xen_irq_resume(); +- xen_console_resume(); + xen_timer_resume(); + } + +@@ -149,6 +148,10 @@ static void do_suspend(void) + + err = stop_machine(xen_suspend, &si, cpumask_of(0)); + ++ /* Resume console as early as possible. */ ++ if (!si.cancelled) ++ xen_console_resume(); ++ + dpm_resume_noirq(si.cancelled ? PMSG_THAW : PMSG_RESTORE); + + if (err) { +diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c +index a559c80..e5206fc 100644 +--- a/fs/ceph/snap.c ++++ b/fs/ceph/snap.c +@@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm) + + /* alloc new snap context */ + err = -ENOMEM; +- if (num > ULONG_MAX / sizeof(u64) - sizeof(*snapc)) ++ if (num > (SIZE_MAX - sizeof(*snapc)) / sizeof(u64)) + goto fail; + snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS); + if (!snapc) +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index acf2baf..6581ee7 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -1663,8 +1663,6 @@ static int parse_options(char *options, struct super_block *sb, + return 0; + if (option < 0) + return 0; +- if (option == 0) +- option = EXT4_DEF_MAX_BATCH_TIME; + sbi->s_max_batch_time = option; + break; + case Opt_min_batch_time: +@@ -2726,10 +2724,11 @@ static void print_daily_error_info(unsigned long arg) + es = sbi->s_es; + + if (es->s_error_count) +- ext4_msg(sb, KERN_NOTICE, "error count: %u", ++ /* fsck newer than v1.41.13 is needed to clean this condition. */ ++ ext4_msg(sb, KERN_NOTICE, "error count since last fsck: %u", + le32_to_cpu(es->s_error_count)); + if (es->s_first_error_time) { +- printk(KERN_NOTICE "EXT4-fs (%s): initial error at %u: %.*s:%d", ++ printk(KERN_NOTICE "EXT4-fs (%s): initial error at time %u: %.*s:%d", + sb->s_id, le32_to_cpu(es->s_first_error_time), + (int) sizeof(es->s_first_error_func), + es->s_first_error_func, +@@ -2743,7 +2742,7 @@ static void print_daily_error_info(unsigned long arg) + printk("\n"); + } + if (es->s_last_error_time) { +- printk(KERN_NOTICE "EXT4-fs (%s): last error at %u: %.*s:%d", ++ printk(KERN_NOTICE "EXT4-fs (%s): last error at time %u: %.*s:%d", + sb->s_id, le32_to_cpu(es->s_last_error_time), + (int) sizeof(es->s_last_error_func), + es->s_last_error_func, +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c +index 06e2f73..e13558c 100644 +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -161,7 +161,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, struct nameidata *nd) + inode = ACCESS_ONCE(entry->d_inode); + if (inode && is_bad_inode(inode)) + return 0; +- else if (fuse_dentry_time(entry) < get_jiffies_64()) { ++ else if (time_before64(fuse_dentry_time(entry), get_jiffies_64())) { + int err; + struct fuse_entry_out outarg; + struct fuse_conn *fc; +@@ -849,7 +849,7 @@ int fuse_update_attributes(struct inode *inode, struct kstat *stat, + int err; + bool r; + +- if (fi->i_time < get_jiffies_64()) { ++ if (time_before64(fi->i_time, get_jiffies_64())) { + r = true; + err = fuse_do_getattr(inode, stat, file); + } else { +@@ -1009,7 +1009,7 @@ static int fuse_permission(struct inode *inode, int mask) + ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) { + struct fuse_inode *fi = get_fuse_inode(inode); + +- if (fi->i_time < get_jiffies_64()) { ++ if (time_before64(fi->i_time, get_jiffies_64())) { + refreshed = true; + + err = fuse_perm_getattr(inode, mask); +diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c +index 912c250..afc0f706 100644 +--- a/fs/fuse/inode.c ++++ b/fs/fuse/inode.c +@@ -437,6 +437,17 @@ static const match_table_t tokens = { + {OPT_ERR, NULL} + }; + ++static int fuse_match_uint(substring_t *s, unsigned int *res) ++{ ++ int err = -ENOMEM; ++ char *buf = match_strdup(s); ++ if (buf) { ++ err = kstrtouint(buf, 10, res); ++ kfree(buf); ++ } ++ return err; ++} ++ + static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev) + { + char *p; +@@ -447,6 +458,7 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev) + while ((p = strsep(&opt, ",")) != NULL) { + int token; + int value; ++ unsigned uv; + substring_t args[MAX_OPT_ARGS]; + if (!*p) + continue; +@@ -470,16 +482,16 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev) + break; + + case OPT_USER_ID: +- if (match_int(&args[0], &value)) ++ if (fuse_match_uint(&args[0], &uv)) + return 0; +- d->user_id = value; ++ d->user_id = uv; + d->user_id_present = 1; + break; + + case OPT_GROUP_ID: +- if (match_int(&args[0], &value)) ++ if (fuse_match_uint(&args[0], &uv)) + return 0; +- d->group_id = value; ++ d->group_id = uv; + d->group_id_present = 1; + break; + +diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c +index 18ea4d9..86dc68a 100644 +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -1388,9 +1388,12 @@ int jbd2_journal_stop(handle_t *handle) + * to perform a synchronous write. We do this to detect the + * case where a single process is doing a stream of sync + * writes. No point in waiting for joiners in that case. ++ * ++ * Setting max_batch_time to 0 disables this completely. + */ + pid = current->pid; +- if (handle->h_sync && journal->j_last_sync_writer != pid) { ++ if (handle->h_sync && journal->j_last_sync_writer != pid && ++ journal->j_max_batch_time) { + u64 commit_time, trans_time; + + journal->j_last_sync_writer = pid; +diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c +index 315a1ba..eebccfe 100644 +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -529,15 +529,6 @@ nfsd4_create(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, + + switch (create->cr_type) { + case NF4LNK: +- /* ugh! we have to null-terminate the linktext, or +- * vfs_symlink() will choke. it is always safe to +- * null-terminate by brute force, since at worst we +- * will overwrite the first byte of the create namelen +- * in the XDR buffer, which has already been extracted +- * during XDR decode. +- */ +- create->cr_linkname[create->cr_linklen] = 0; +- + status = nfsd_symlink(rqstp, &cstate->current_fh, + create->cr_name, create->cr_namelen, + create->cr_linkname, create->cr_linklen, +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c +index a7933dd..9d2c52b 100644 +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -482,7 +482,18 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create + READ_BUF(4); + READ32(create->cr_linklen); + READ_BUF(create->cr_linklen); +- SAVEMEM(create->cr_linkname, create->cr_linklen); ++ /* ++ * The VFS will want a null-terminated string, and ++ * null-terminating in place isn't safe since this might ++ * end on a page boundary: ++ */ ++ create->cr_linkname = ++ kmalloc(create->cr_linklen + 1, GFP_KERNEL); ++ if (!create->cr_linkname) ++ return nfserr_jukebox; ++ memcpy(create->cr_linkname, p, create->cr_linklen); ++ create->cr_linkname[create->cr_linklen] = '\0'; ++ defer_free(argp, kfree, create->cr_linkname); + break; + case NF4BLK: + case NF4CHR: +diff --git a/fs/xfs/xfs_alloc.c b/fs/xfs/xfs_alloc.c +index ce84ffd..896f1d9 100644 +--- a/fs/xfs/xfs_alloc.c ++++ b/fs/xfs/xfs_alloc.c +@@ -1075,12 +1075,13 @@ restart: + * If we couldn't get anything, give up. + */ + if (bno_cur_lt == NULL && bno_cur_gt == NULL) { ++ xfs_btree_del_cursor(cnt_cur, XFS_BTREE_NOERROR); ++ + if (!forced++) { + trace_xfs_alloc_near_busy(args); + xfs_log_force(args->mp, XFS_LOG_SYNC); + goto restart; + } +- + trace_xfs_alloc_size_neither(args); + args->agbno = NULLAGBLOCK; + return 0; +diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h +index 6bd325f..19a2404 100644 +--- a/include/drm/drm_mem_util.h ++++ b/include/drm/drm_mem_util.h +@@ -31,7 +31,7 @@ + + static __inline__ void *drm_calloc_large(size_t nmemb, size_t size) + { +- if (size != 0 && nmemb > ULONG_MAX / size) ++ if (size != 0 && nmemb > SIZE_MAX / size) + return NULL; + + if (size * nmemb <= PAGE_SIZE) +@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size) + /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */ + static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size) + { +- if (size != 0 && nmemb > ULONG_MAX / size) ++ if (size != 0 && nmemb > SIZE_MAX / size) + return NULL; + + if (size * nmemb <= PAGE_SIZE) +diff --git a/include/linux/kernel.h b/include/linux/kernel.h +index a70783d..0b8ca35 100644 +--- a/include/linux/kernel.h ++++ b/include/linux/kernel.h +@@ -34,6 +34,7 @@ + #define LLONG_MAX ((long long)(~0ULL>>1)) + #define LLONG_MIN (-LLONG_MAX - 1) + #define ULLONG_MAX (~0ULL) ++#define SIZE_MAX (~(size_t)0) + + #define STACK_MAGIC 0xdeadbeef + +diff --git a/include/linux/libata.h b/include/linux/libata.h +index 375dfdf..d773b21 100644 +--- a/include/linux/libata.h ++++ b/include/linux/libata.h +@@ -540,6 +540,7 @@ struct ata_host { + struct device *dev; + void __iomem * const *iomap; + unsigned int n_ports; ++ unsigned int n_tags; /* nr of NCQ tags */ + void *private_data; + struct ata_port_operations *ops; + unsigned long flags; +diff --git a/include/linux/math64.h b/include/linux/math64.h +index b8ba855..2913b86 100644 +--- a/include/linux/math64.h ++++ b/include/linux/math64.h +@@ -6,7 +6,8 @@ + + #if BITS_PER_LONG == 64 + +-#define div64_long(x,y) div64_s64((x),(y)) ++#define div64_long(x, y) div64_s64((x), (y)) ++#define div64_ul(x, y) div64_u64((x), (y)) + + /** + * div_u64_rem - unsigned 64bit divide with 32bit divisor with remainder +@@ -47,7 +48,8 @@ static inline s64 div64_s64(s64 dividend, s64 divisor) + + #elif BITS_PER_LONG == 32 + +-#define div64_long(x,y) div_s64((x),(y)) ++#define div64_long(x, y) div_s64((x), (y)) ++#define div64_ul(x, y) div_u64((x), (y)) + + #ifndef div_u64_rem + static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder) +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index 40c2726..1b4ea29 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -2583,22 +2583,5 @@ static inline bool skb_is_recycleable(const struct sk_buff *skb, int skb_size) + + return true; + } +- +-/** +- * skb_gso_network_seglen - Return length of individual segments of a gso packet +- * +- * @skb: GSO skb +- * +- * skb_gso_network_seglen is used to determine the real size of the +- * individual segments, including Layer3 (IP, IPv6) and L4 headers (TCP/UDP). +- * +- * The MAC/L2 header is not accounted for. +- */ +-static inline unsigned int skb_gso_network_seglen(const struct sk_buff *skb) +-{ +- unsigned int hdr_len = skb_transport_header(skb) - +- skb_network_header(skb); +- return hdr_len + skb_gso_transport_seglen(skb); +-} + #endif /* __KERNEL__ */ + #endif /* _LINUX_SKBUFF_H */ +diff --git a/include/linux/slab.h b/include/linux/slab.h +index a595dce..67d5d94 100644 +--- a/include/linux/slab.h ++++ b/include/linux/slab.h +@@ -242,7 +242,7 @@ size_t ksize(const void *); + */ + static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) + { +- if (size != 0 && n > ULONG_MAX / size) ++ if (size != 0 && n > SIZE_MAX / size) + return NULL; + return __kmalloc(n * size, flags); + } +diff --git a/include/linux/usb_usual.h b/include/linux/usb_usual.h +index 17df360..88413e9 100644 +--- a/include/linux/usb_usual.h ++++ b/include/linux/usb_usual.h +@@ -64,7 +64,9 @@ + US_FLAG(NO_READ_CAPACITY_16, 0x00080000) \ + /* cannot handle READ_CAPACITY_16 */ \ + US_FLAG(INITIAL_READ10, 0x00100000) \ +- /* Initial READ(10) (and others) must be retried */ ++ /* Initial READ(10) (and others) must be retried */ \ ++ US_FLAG(BROKEN_FUA, 0x01000000) \ ++ /* Cannot handle FUA in WRITE or READ CDBs */ \ + + #define US_FLAG(name, value) US_FL_##name = value , + enum { US_DO_ALL_FLAGS }; +diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h +index 3152cc3..377ba61 100644 +--- a/include/scsi/scsi_device.h ++++ b/include/scsi/scsi_device.h +@@ -151,6 +151,7 @@ struct scsi_device { + unsigned no_read_disc_info:1; /* Avoid READ_DISC_INFO cmds */ + unsigned no_read_capacity_16:1; /* Avoid READ_CAPACITY_16 cmds */ + unsigned is_visible:1; /* is the device visible in sysfs */ ++ unsigned broken_fua:1; /* Don't set FUA bit */ + + DECLARE_BITMAP(supported_events, SDEV_EVT_MAXBITS); /* supported events */ + struct list_head event_list; /* asserted events */ +diff --git a/kernel/Kconfig.locks b/kernel/Kconfig.locks +index 5068e2a..61ebb49 100644 +--- a/kernel/Kconfig.locks ++++ b/kernel/Kconfig.locks +@@ -198,5 +198,9 @@ config INLINE_WRITE_UNLOCK_IRQ + config INLINE_WRITE_UNLOCK_IRQRESTORE + def_bool !DEBUG_SPINLOCK && ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE + ++config ARCH_SUPPORTS_ATOMIC_RMW ++ bool ++ + config MUTEX_SPIN_ON_OWNER +- def_bool SMP && !DEBUG_MUTEXES ++ def_bool y ++ depends on SMP && !DEBUG_MUTEXES && ARCH_SUPPORTS_ATOMIC_RMW +diff --git a/kernel/cpuset.c b/kernel/cpuset.c +index 1e2c5f0..4346f9a 100644 +--- a/kernel/cpuset.c ++++ b/kernel/cpuset.c +@@ -1152,7 +1152,13 @@ done: + + int current_cpuset_is_being_rebound(void) + { +- return task_cs(current) == cpuset_being_rebound; ++ int ret; ++ ++ rcu_read_lock(); ++ ret = task_cs(current) == cpuset_being_rebound; ++ rcu_read_unlock(); ++ ++ return ret; + } + + static int update_relax_domain_level(struct cpuset *cs, s64 val) +diff --git a/kernel/sched_debug.c b/kernel/sched_debug.c +index f4010e2..704ffe3 100644 +--- a/kernel/sched_debug.c ++++ b/kernel/sched_debug.c +@@ -467,7 +467,7 @@ void proc_sched_show_task(struct task_struct *p, struct seq_file *m) + + avg_atom = p->se.sum_exec_runtime; + if (nr_switches) +- do_div(avg_atom, nr_switches); ++ avg_atom = div64_ul(avg_atom, nr_switches); + else + avg_atom = -1LL; + +diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c +index 0907e43..eb198a3 100644 +--- a/kernel/time/alarmtimer.c ++++ b/kernel/time/alarmtimer.c +@@ -563,9 +563,14 @@ static int alarm_timer_set(struct k_itimer *timr, int flags, + struct itimerspec *new_setting, + struct itimerspec *old_setting) + { ++ ktime_t exp; ++ + if (!rtcdev) + return -ENOTSUPP; + ++ if (flags & ~TIMER_ABSTIME) ++ return -EINVAL; ++ + if (old_setting) + alarm_timer_get(timr, old_setting); + +@@ -575,8 +580,16 @@ static int alarm_timer_set(struct k_itimer *timr, int flags, + + /* start the timer */ + timr->it.alarm.interval = timespec_to_ktime(new_setting->it_interval); +- alarm_start(&timr->it.alarm.alarmtimer, +- timespec_to_ktime(new_setting->it_value)); ++ exp = timespec_to_ktime(new_setting->it_value); ++ /* Convert (if necessary) to absolute time */ ++ if (flags != TIMER_ABSTIME) { ++ ktime_t now; ++ ++ now = alarm_bases[timr->it.alarm.alarmtimer.type].gettime(); ++ exp = ktime_add(now, exp); ++ } ++ ++ alarm_start(&timr->it.alarm.alarmtimer, exp); + return 0; + } + +@@ -708,6 +721,9 @@ static int alarm_timer_nsleep(const clockid_t which_clock, int flags, + if (!alarmtimer_get_rtcdev()) + return -ENOTSUPP; + ++ if (flags & ~TIMER_ABSTIME) ++ return -EINVAL; ++ + if (!capable(CAP_WAKE_ALARM)) + return -EPERM; + +diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c +index e9a45f1..2695d72 100644 +--- a/kernel/time/tick-sched.c ++++ b/kernel/time/tick-sched.c +@@ -325,8 +325,10 @@ void tick_nohz_stop_sched_tick(int inidle) + tick_do_timer_cpu = TICK_DO_TIMER_NONE; + } + +- if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE)) ++ if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE)) { ++ ts->sleep_length = (ktime_t) { .tv64 = NSEC_PER_SEC/HZ }; + goto end; ++ } + + if (need_resched()) + goto end; +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index c5a12a7..0c348a6 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -3244,8 +3244,6 @@ tracing_poll_pipe(struct file *filp, poll_table *poll_table) + */ + return POLLIN | POLLRDNORM; + } else { +- if (!trace_empty(iter)) +- return POLLIN | POLLRDNORM; + poll_wait(filp, &trace_wait, poll_table); + if (!trace_empty(iter)) + return POLLIN | POLLRDNORM; +diff --git a/mm/hugetlb.c b/mm/hugetlb.c +index 6f886d9..d2c43a2 100644 +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -2344,6 +2344,7 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src, + } else { + if (cow) + huge_ptep_set_wrprotect(src, addr, src_pte); ++ entry = huge_ptep_get(src_pte); + ptepage = pte_page(entry); + get_page(ptepage); + page_dup_rmap(ptepage); +diff --git a/mm/kmemleak.c b/mm/kmemleak.c +index f3b2a00..cc8cf1d 100644 +--- a/mm/kmemleak.c ++++ b/mm/kmemleak.c +@@ -744,7 +744,9 @@ static void add_scan_area(unsigned long ptr, size_t size, gfp_t gfp) + } + + spin_lock_irqsave(&object->lock, flags); +- if (ptr + size > object->pointer + object->size) { ++ if (size == SIZE_MAX) { ++ size = object->pointer + object->size - ptr; ++ } else if (ptr + size > object->pointer + object->size) { + kmemleak_warn("Scan area larger than object 0x%08lx\n", ptr); + dump_object_info(object); + kmem_cache_free(scan_area_cache, area); +diff --git a/mm/mempolicy.c b/mm/mempolicy.c +index 2b5bcc9..c9f7e6f 100644 +--- a/mm/mempolicy.c ++++ b/mm/mempolicy.c +@@ -1983,7 +1983,6 @@ struct mempolicy *__mpol_dup(struct mempolicy *old) + } else + *new = *old; + +- rcu_read_lock(); + if (current_cpuset_is_being_rebound()) { + nodemask_t mems = cpuset_mems_allowed(current); + if (new->flags & MPOL_F_REBINDING) +@@ -1991,7 +1990,6 @@ struct mempolicy *__mpol_dup(struct mempolicy *old) + else + mpol_rebind_policy(new, &mems, MPOL_REBIND_ONCE); + } +- rcu_read_unlock(); + atomic_set(&new->refcnt, 1); + return new; + } +diff --git a/mm/shmem.c b/mm/shmem.c +index a78acf0..1371021 100644 +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -76,6 +76,17 @@ static struct vfsmount *shm_mnt; + /* Symlink up to this size is kmalloc'ed instead of using a swappable page */ + #define SHORT_SYMLINK_LEN 128 + ++/* ++ * vmtruncate_range() communicates with shmem_fault via ++ * inode->i_private (with i_mutex making sure that it has only one user at ++ * a time): we would prefer not to enlarge the shmem inode just for that. ++ */ ++struct shmem_falloc { ++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */ ++ pgoff_t start; /* start of range currently being fallocated */ ++ pgoff_t next; /* the next page offset to be fallocated */ ++}; ++ + struct shmem_xattr { + struct list_head list; /* anchored by shmem_inode_info->xattr_list */ + char *name; /* xattr name */ +@@ -488,22 +499,19 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend) + } + + index = start; +- for ( ; ; ) { ++ while (index <= end) { + cond_resched(); + pvec.nr = shmem_find_get_pages_and_swap(mapping, index, + min(end - index, (pgoff_t)PAGEVEC_SIZE - 1) + 1, + pvec.pages, indices); + if (!pvec.nr) { +- if (index == start) ++ /* If all gone or hole-punch, we're done */ ++ if (index == start || end != -1) + break; ++ /* But if truncating, restart to make sure all gone */ + index = start; + continue; + } +- if (index == start && indices[0] > end) { +- shmem_deswap_pagevec(&pvec); +- pagevec_release(&pvec); +- break; +- } + mem_cgroup_uncharge_start(); + for (i = 0; i < pagevec_count(&pvec); i++) { + struct page *page = pvec.pages[i]; +@@ -513,8 +521,12 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend) + break; + + if (radix_tree_exceptional_entry(page)) { +- nr_swaps_freed += !shmem_free_swap(mapping, +- index, page); ++ if (shmem_free_swap(mapping, index, page)) { ++ /* Swap was replaced by page: retry */ ++ index--; ++ break; ++ } ++ nr_swaps_freed++; + continue; + } + +@@ -522,6 +534,11 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend) + if (page->mapping == mapping) { + VM_BUG_ON(PageWriteback(page)); + truncate_inode_page(mapping, page); ++ } else { ++ /* Page was replaced by swap: retry */ ++ unlock_page(page); ++ index--; ++ break; + } + unlock_page(page); + } +@@ -1060,6 +1077,63 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) + int error; + int ret = VM_FAULT_LOCKED; + ++ /* ++ * Trinity finds that probing a hole which tmpfs is punching can ++ * prevent the hole-punch from ever completing: which in turn ++ * locks writers out with its hold on i_mutex. So refrain from ++ * faulting pages into the hole while it's being punched. Although ++ * shmem_truncate_range() does remove the additions, it may be unable to ++ * keep up, as each new page needs its own unmap_mapping_range() call, ++ * and the i_mmap tree grows ever slower to scan if new vmas are added. ++ * ++ * It does not matter if we sometimes reach this check just before the ++ * hole-punch begins, so that one fault then races with the punch: ++ * we just need to make racing faults a rare case. ++ * ++ * The implementation below would be much simpler if we just used a ++ * standard mutex or completion: but we cannot take i_mutex in fault, ++ * and bloating every shmem inode for this unlikely case would be sad. ++ */ ++ if (unlikely(inode->i_private)) { ++ struct shmem_falloc *shmem_falloc; ++ ++ spin_lock(&inode->i_lock); ++ shmem_falloc = inode->i_private; ++ if (shmem_falloc && ++ vmf->pgoff >= shmem_falloc->start && ++ vmf->pgoff < shmem_falloc->next) { ++ wait_queue_head_t *shmem_falloc_waitq; ++ DEFINE_WAIT(shmem_fault_wait); ++ ++ ret = VM_FAULT_NOPAGE; ++ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) && ++ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) { ++ /* It's polite to up mmap_sem if we can */ ++ up_read(&vma->vm_mm->mmap_sem); ++ ret = VM_FAULT_RETRY; ++ } ++ ++ shmem_falloc_waitq = shmem_falloc->waitq; ++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait, ++ TASK_UNINTERRUPTIBLE); ++ spin_unlock(&inode->i_lock); ++ schedule(); ++ ++ /* ++ * shmem_falloc_waitq points into the vmtruncate_range() ++ * stack of the hole-punching task: shmem_falloc_waitq ++ * is usually invalid by the time we reach here, but ++ * finish_wait() does not dereference it in that case; ++ * though i_lock needed lest racing with wake_up_all(). ++ */ ++ spin_lock(&inode->i_lock); ++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait); ++ spin_unlock(&inode->i_lock); ++ return ret; ++ } ++ spin_unlock(&inode->i_lock); ++ } ++ + error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret); + if (error) + return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS); +@@ -1071,6 +1145,47 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) + return ret; + } + ++int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend) ++{ ++ /* ++ * If the underlying filesystem is not going to provide ++ * a way to truncate a range of blocks (punch a hole) - ++ * we should return failure right now. ++ * Only CONFIG_SHMEM shmem.c ever supported i_op->truncate_range(). ++ */ ++ if (inode->i_op->truncate_range != shmem_truncate_range) ++ return -ENOSYS; ++ ++ mutex_lock(&inode->i_mutex); ++ { ++ struct shmem_falloc shmem_falloc; ++ struct address_space *mapping = inode->i_mapping; ++ loff_t unmap_start = round_up(lstart, PAGE_SIZE); ++ loff_t unmap_end = round_down(1 + lend, PAGE_SIZE) - 1; ++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq); ++ ++ shmem_falloc.waitq = &shmem_falloc_waitq; ++ shmem_falloc.start = unmap_start >> PAGE_SHIFT; ++ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT; ++ spin_lock(&inode->i_lock); ++ inode->i_private = &shmem_falloc; ++ spin_unlock(&inode->i_lock); ++ ++ if ((u64)unmap_end > (u64)unmap_start) ++ unmap_mapping_range(mapping, unmap_start, ++ 1 + unmap_end - unmap_start, 0); ++ shmem_truncate_range(inode, lstart, lend); ++ /* No need to unmap again: hole-punching leaves COWed pages */ ++ ++ spin_lock(&inode->i_lock); ++ inode->i_private = NULL; ++ wake_up_all(&shmem_falloc_waitq); ++ spin_unlock(&inode->i_lock); ++ } ++ mutex_unlock(&inode->i_mutex); ++ return 0; ++} ++ + #ifdef CONFIG_NUMA + static int shmem_set_policy(struct vm_area_struct *vma, struct mempolicy *mpol) + { +@@ -2496,6 +2611,12 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend) + } + EXPORT_SYMBOL_GPL(shmem_truncate_range); + ++int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend) ++{ ++ /* Only CONFIG_SHMEM shmem.c ever supported i_op->truncate_range(). */ ++ return -ENOSYS; ++} ++ + #define shmem_vm_ops generic_file_vm_ops + #define shmem_file_operations ramfs_file_operations + #define shmem_get_inode(sb, dir, mode, dev, flags) ramfs_get_inode(sb, dir, mode, dev) +diff --git a/mm/truncate.c b/mm/truncate.c +index 00fb58a..40d186f 100644 +--- a/mm/truncate.c ++++ b/mm/truncate.c +@@ -602,28 +602,3 @@ int vmtruncate(struct inode *inode, loff_t newsize) + return 0; + } + EXPORT_SYMBOL(vmtruncate); +- +-int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend) +-{ +- struct address_space *mapping = inode->i_mapping; +- loff_t holebegin = round_up(lstart, PAGE_SIZE); +- loff_t holelen = 1 + lend - holebegin; +- +- /* +- * If the underlying filesystem is not going to provide +- * a way to truncate a range of blocks (punch a hole) - +- * we should return failure right now. +- */ +- if (!inode->i_op->truncate_range) +- return -ENOSYS; +- +- mutex_lock(&inode->i_mutex); +- inode_dio_wait(inode); +- unmap_mapping_range(mapping, holebegin, holelen, 1); +- inode->i_op->truncate_range(inode, lstart, lend); +- /* unmap again to remove racily COWed private pages */ +- unmap_mapping_range(mapping, holebegin, holelen, 1); +- mutex_unlock(&inode->i_mutex); +- +- return 0; +-} +diff --git a/mm/vmalloc.c b/mm/vmalloc.c +index eeba3bb..1431458 100644 +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -349,6 +349,12 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, + if (unlikely(!va)) + return ERR_PTR(-ENOMEM); + ++ /* ++ * Only scan the relevant parts containing pointers to other objects ++ * to avoid false negatives. ++ */ ++ kmemleak_scan_area(&va->rb_node, SIZE_MAX, gfp_mask & GFP_RECLAIM_MASK); ++ + retry: + spin_lock(&vmap_area_lock); + /* +@@ -1644,11 +1650,11 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, + insert_vmalloc_vmlist(area); + + /* +- * A ref_count = 3 is needed because the vm_struct and vmap_area +- * structures allocated in the __get_vm_area_node() function contain +- * references to the virtual address of the vmalloc'ed block. ++ * A ref_count = 2 is needed because vm_struct allocated in ++ * __get_vm_area_node() contains a reference to the virtual address of ++ * the vmalloc'ed block. + */ +- kmemleak_alloc(addr, real_size, 3, gfp_mask); ++ kmemleak_alloc(addr, real_size, 2, gfp_mask); + + return addr; + +diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c +index e860a4f..77d3532 100644 +--- a/net/8021q/vlan_core.c ++++ b/net/8021q/vlan_core.c +@@ -96,8 +96,11 @@ EXPORT_SYMBOL(vlan_dev_vlan_id); + + static struct sk_buff *vlan_reorder_header(struct sk_buff *skb) + { +- if (skb_cow(skb, skb_headroom(skb)) < 0) ++ if (skb_cow(skb, skb_headroom(skb)) < 0) { ++ kfree_skb(skb); + return NULL; ++ } ++ + memmove(skb->data - ETH_HLEN, skb->data - VLAN_ETH_HLEN, 2 * ETH_ALEN); + skb->mac_header += VLAN_HLEN; + return skb; +diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c +index 334d4cd..79aaac2 100644 +--- a/net/appletalk/ddp.c ++++ b/net/appletalk/ddp.c +@@ -1494,8 +1494,6 @@ static int atalk_rcv(struct sk_buff *skb, struct net_device *dev, + goto drop; + + /* Queue packet (standard) */ +- skb->sk = sock; +- + if (sock_queue_rcv_skb(sock, skb) < 0) + goto drop; + +@@ -1649,7 +1647,6 @@ static int atalk_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr + if (!skb) + goto out; + +- skb->sk = sk; + skb_reserve(skb, ddp_dl->header_length); + skb_reserve(skb, dev->hard_header_len); + skb->dev = dev; +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c +index 7beaf10..0900a17 100644 +--- a/net/core/rtnetlink.c ++++ b/net/core/rtnetlink.c +@@ -1062,6 +1062,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) + struct nlattr *tb[IFLA_MAX+1]; + u32 ext_filter_mask = 0; + int err; ++ int hdrlen; + + s_h = cb->args[0]; + s_idx = cb->args[1]; +@@ -1069,8 +1070,17 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) + rcu_read_lock(); + cb->seq = net->dev_base_seq; + +- if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, +- ifla_policy) >= 0) { ++ /* A hack to preserve kernel<->userspace interface. ++ * The correct header is ifinfomsg. It is consistent with rtnl_getlink. ++ * However, before Linux v3.9 the code here assumed rtgenmsg and that's ++ * what iproute2 < v3.9.0 used. ++ * We can detect the old iproute2. Even including the IFLA_EXT_MASK ++ * attribute, its netlink message is shorter than struct ifinfomsg. ++ */ ++ hdrlen = nlmsg_len(cb->nlh) < sizeof(struct ifinfomsg) ? ++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg); ++ ++ if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) { + + if (tb[IFLA_EXT_MASK]) + ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); +@@ -1917,9 +1927,13 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) + struct nlattr *tb[IFLA_MAX+1]; + u32 ext_filter_mask = 0; + u16 min_ifinfo_dump_size = 0; ++ int hdrlen; ++ ++ /* Same kernel<->userspace interface hack as in rtnl_dump_ifinfo. */ ++ hdrlen = nlmsg_len(nlh) < sizeof(struct ifinfomsg) ? ++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg); + +- if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, +- ifla_policy) >= 0) { ++ if (nlmsg_parse(nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) { + if (tb[IFLA_EXT_MASK]) + ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); + } +diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c +index c32be29..2022b46 100644 +--- a/net/dns_resolver/dns_query.c ++++ b/net/dns_resolver/dns_query.c +@@ -150,7 +150,9 @@ int dns_query(const char *type, const char *name, size_t namelen, + if (!*_result) + goto put; + +- memcpy(*_result, upayload->data, len + 1); ++ memcpy(*_result, upayload->data, len); ++ (*_result)[len] = '\0'; ++ + if (_expiry) + *_expiry = rkey->expiry; + +diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c +index 75b0860..7f7e670 100644 +--- a/net/ipv4/igmp.c ++++ b/net/ipv4/igmp.c +@@ -1862,6 +1862,10 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) + + rtnl_lock(); + in_dev = ip_mc_find_dev(net, imr); ++ if (!in_dev) { ++ ret = -ENODEV; ++ goto out; ++ } + ifindex = imr->imr_ifindex; + for (imlp = &inet->mc_list; + (iml = rtnl_dereference(*imlp)) != NULL; +@@ -1879,16 +1883,14 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) + + *imlp = iml->next_rcu; + +- if (in_dev) +- ip_mc_dec_group(in_dev, group); ++ ip_mc_dec_group(in_dev, group); + rtnl_unlock(); + /* decrease mem now to avoid the memleak warning */ + atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); + kfree_rcu(iml, rcu); + return 0; + } +- if (!in_dev) +- ret = -ENODEV; ++out: + rtnl_unlock(); + return ret; + } +diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c +index 7593f3a..29a07b6 100644 +--- a/net/ipv4/ip_forward.c ++++ b/net/ipv4/ip_forward.c +@@ -39,68 +39,6 @@ + #include <net/route.h> + #include <net/xfrm.h> + +-static bool ip_may_fragment(const struct sk_buff *skb) +-{ +- return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) || +- skb->local_df; +-} +- +-static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) +-{ +- if (skb->len <= mtu) +- return false; +- +- if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu) +- return false; +- +- return true; +-} +- +-static bool ip_gso_exceeds_dst_mtu(const struct sk_buff *skb) +-{ +- unsigned int mtu; +- +- if (skb->local_df || !skb_is_gso(skb)) +- return false; +- +- mtu = dst_mtu(skb_dst(skb)); +- +- /* if seglen > mtu, do software segmentation for IP fragmentation on +- * output. DF bit cannot be set since ip_forward would have sent +- * icmp error. +- */ +- return skb_gso_network_seglen(skb) > mtu; +-} +- +-/* called if GSO skb needs to be fragmented on forward */ +-static int ip_forward_finish_gso(struct sk_buff *skb) +-{ +- struct sk_buff *segs; +- int ret = 0; +- +- segs = skb_gso_segment(skb, 0); +- if (IS_ERR(segs)) { +- kfree_skb(skb); +- return -ENOMEM; +- } +- +- consume_skb(skb); +- +- do { +- struct sk_buff *nskb = segs->next; +- int err; +- +- segs->next = NULL; +- err = dst_output(segs); +- +- if (err && ret == 0) +- ret = err; +- segs = nskb; +- } while (segs); +- +- return ret; +-} +- + static int ip_forward_finish(struct sk_buff *skb) + { + struct ip_options * opt = &(IPCB(skb)->opt); +@@ -110,9 +48,6 @@ static int ip_forward_finish(struct sk_buff *skb) + if (unlikely(opt->optlen)) + ip_forward_options(skb); + +- if (ip_gso_exceeds_dst_mtu(skb)) +- return ip_forward_finish_gso(skb); +- + return dst_output(skb); + } + +@@ -152,7 +87,8 @@ int ip_forward(struct sk_buff *skb) + if (opt->is_strictroute && opt->nexthop != rt->rt_gateway) + goto sr_failed; + +- if (!ip_may_fragment(skb) && ip_exceeds_mtu(skb, dst_mtu(&rt->dst))) { ++ if (unlikely(skb->len > dst_mtu(&rt->dst) && !skb_is_gso(skb) && ++ (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) { + IP_INC_STATS(dev_net(rt->dst.dev), IPSTATS_MIB_FRAGFAILS); + icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, + htonl(dst_mtu(&rt->dst))); +diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c +index 40eb4fc..08623e2 100644 +--- a/net/ipv4/ip_options.c ++++ b/net/ipv4/ip_options.c +@@ -277,6 +277,10 @@ int ip_options_compile(struct net *net, + optptr++; + continue; + } ++ if (unlikely(l < 2)) { ++ pp_ptr = optptr; ++ goto error; ++ } + optlen = optptr[1]; + if (optlen<2 || optlen>l) { + pp_ptr = optptr; +diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c +index b550815..c3b44d5 100644 +--- a/net/ipv4/netfilter/ipt_ULOG.c ++++ b/net/ipv4/netfilter/ipt_ULOG.c +@@ -202,6 +202,7 @@ static void ipt_ulog_packet(unsigned int hooknum, + ub->qlen++; + + pm = NLMSG_DATA(nlh); ++ memset(pm, 0, sizeof(*pm)); + + /* We might not have a timestamp, get one */ + if (skb->tstamp.tv64 == 0) +@@ -218,8 +219,6 @@ static void ipt_ulog_packet(unsigned int hooknum, + strncpy(pm->prefix, prefix, sizeof(pm->prefix)); + else if (loginfo->prefix[0] != '\0') + strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix)); +- else +- *(pm->prefix) = '\0'; + + if (in && in->hard_header_len > 0 && + skb->mac_header != skb->network_header && +@@ -231,13 +230,9 @@ static void ipt_ulog_packet(unsigned int hooknum, + + if (in) + strncpy(pm->indev_name, in->name, sizeof(pm->indev_name)); +- else +- pm->indev_name[0] = '\0'; + + if (out) + strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name)); +- else +- pm->outdev_name[0] = '\0'; + + /* copy_len <= skb->len, so can't fail. */ + if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0) +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index c1ed01e..afe6886 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -1305,7 +1305,7 @@ static int tcp_match_skb_to_sack(struct sock *sk, struct sk_buff *skb, + unsigned int new_len = (pkt_len / mss) * mss; + if (!in_sack && new_len < pkt_len) { + new_len += mss; +- if (new_len > skb->len) ++ if (new_len >= skb->len) + return 0; + } + pkt_len = new_len; +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index 14753d3..064b5c9 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -381,17 +381,6 @@ static inline int ip6_forward_finish(struct sk_buff *skb) + return dst_output(skb); + } + +-static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu) +-{ +- if (skb->len <= mtu || skb->local_df) +- return false; +- +- if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu) +- return false; +- +- return true; +-} +- + int ip6_forward(struct sk_buff *skb) + { + struct dst_entry *dst = skb_dst(skb); +@@ -515,7 +504,7 @@ int ip6_forward(struct sk_buff *skb) + if (mtu < IPV6_MIN_MTU) + mtu = IPV6_MIN_MTU; + +- if (ip6_pkt_too_big(skb, mtu)) { ++ if (skb->len > mtu && !skb_is_gso(skb)) { + /* Again, force OUTPUT device used as source address */ + skb->dev = dst->dev; + icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); +diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c +index e0f0934..437fb59 100644 +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -1351,7 +1351,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, + int err; + + if (level != SOL_PPPOL2TP) +- return udp_prot.setsockopt(sk, level, optname, optval, optlen); ++ return -EINVAL; + + if (optlen < sizeof(int)) + return -EINVAL; +@@ -1477,7 +1477,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, + struct pppol2tp_session *ps; + + if (level != SOL_PPPOL2TP) +- return udp_prot.getsockopt(sk, level, optname, optval, optlen); ++ return -EINVAL; + + if (get_user(len, (int __user *) optlen)) + return -EFAULT; +diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c +index 72f4253..93acfa1 100644 +--- a/net/netfilter/ipvs/ip_vs_ctl.c ++++ b/net/netfilter/ipvs/ip_vs_ctl.c +@@ -3688,6 +3688,7 @@ void __net_init ip_vs_control_net_cleanup_sysctl(struct net *net) + cancel_delayed_work_sync(&ipvs->defense_work); + cancel_work_sync(&ipvs->defense_work.work); + unregister_net_sysctl_table(ipvs->sysctl_hdr); ++ ip_vs_stop_estimator(net, &ipvs->tot_stats); + } + + #else +@@ -3743,7 +3744,6 @@ void __net_exit ip_vs_control_net_cleanup(struct net *net) + struct netns_ipvs *ipvs = net_ipvs(net); + + ip_vs_trash_cleanup(net); +- ip_vs_stop_estimator(net, &ipvs->tot_stats); + ip_vs_control_net_cleanup_sysctl(net); + proc_net_remove(net, "ip_vs_stats_percpu"); + proc_net_remove(net, "ip_vs_stats"); +diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c +index 8a84017..57da447 100644 +--- a/net/sctp/ulpevent.c ++++ b/net/sctp/ulpevent.c +@@ -373,9 +373,10 @@ fail: + * specification [SCTP] and any extensions for a list of possible + * error formats. + */ +-struct sctp_ulpevent *sctp_ulpevent_make_remote_error( +- const struct sctp_association *asoc, struct sctp_chunk *chunk, +- __u16 flags, gfp_t gfp) ++struct sctp_ulpevent * ++sctp_ulpevent_make_remote_error(const struct sctp_association *asoc, ++ struct sctp_chunk *chunk, __u16 flags, ++ gfp_t gfp) + { + struct sctp_ulpevent *event; + struct sctp_remote_error *sre; +@@ -394,8 +395,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error( + /* Copy the skb to a new skb with room for us to prepend + * notification with. + */ +- skb = skb_copy_expand(chunk->skb, sizeof(struct sctp_remote_error), +- 0, gfp); ++ skb = skb_copy_expand(chunk->skb, sizeof(*sre), 0, gfp); + + /* Pull off the rest of the cause TLV from the chunk. */ + skb_pull(chunk->skb, elen); +@@ -406,62 +406,21 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error( + event = sctp_skb2event(skb); + sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize); + +- sre = (struct sctp_remote_error *) +- skb_push(skb, sizeof(struct sctp_remote_error)); ++ sre = (struct sctp_remote_error *) skb_push(skb, sizeof(*sre)); + + /* Trim the buffer to the right length. */ +- skb_trim(skb, sizeof(struct sctp_remote_error) + elen); ++ skb_trim(skb, sizeof(*sre) + elen); + +- /* Socket Extensions for SCTP +- * 5.3.1.3 SCTP_REMOTE_ERROR +- * +- * sre_type: +- * It should be SCTP_REMOTE_ERROR. +- */ ++ /* RFC6458, Section 6.1.3. SCTP_REMOTE_ERROR */ ++ memset(sre, 0, sizeof(*sre)); + sre->sre_type = SCTP_REMOTE_ERROR; +- +- /* +- * Socket Extensions for SCTP +- * 5.3.1.3 SCTP_REMOTE_ERROR +- * +- * sre_flags: 16 bits (unsigned integer) +- * Currently unused. +- */ + sre->sre_flags = 0; +- +- /* Socket Extensions for SCTP +- * 5.3.1.3 SCTP_REMOTE_ERROR +- * +- * sre_length: sizeof (__u32) +- * +- * This field is the total length of the notification data, +- * including the notification header. +- */ + sre->sre_length = skb->len; +- +- /* Socket Extensions for SCTP +- * 5.3.1.3 SCTP_REMOTE_ERROR +- * +- * sre_error: 16 bits (unsigned integer) +- * This value represents one of the Operational Error causes defined in +- * the SCTP specification, in network byte order. +- */ + sre->sre_error = cause; +- +- /* Socket Extensions for SCTP +- * 5.3.1.3 SCTP_REMOTE_ERROR +- * +- * sre_assoc_id: sizeof (sctp_assoc_t) +- * +- * The association id field, holds the identifier for the association. +- * All notifications for a given association have the same association +- * identifier. For TCP style socket, this field is ignored. +- */ + sctp_ulpevent_set_owner(event, asoc); + sre->sre_assoc_id = sctp_assoc2id(asoc); + + return event; +- + fail: + return NULL; + } +@@ -904,7 +863,9 @@ __u16 sctp_ulpevent_get_notification_type(const struct sctp_ulpevent *event) + return notification->sn_header.sn_type; + } + +-/* Copy out the sndrcvinfo into a msghdr. */ ++/* RFC6458, Section 5.3.2. SCTP Header Information Structure ++ * (SCTP_SNDRCV, DEPRECATED) ++ */ + void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event, + struct msghdr *msghdr) + { +@@ -913,74 +874,21 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event, + if (sctp_ulpevent_is_notification(event)) + return; + +- /* Sockets API Extensions for SCTP +- * Section 5.2.2 SCTP Header Information Structure (SCTP_SNDRCV) +- * +- * sinfo_stream: 16 bits (unsigned integer) +- * +- * For recvmsg() the SCTP stack places the message's stream number in +- * this value. +- */ ++ memset(&sinfo, 0, sizeof(sinfo)); + sinfo.sinfo_stream = event->stream; +- /* sinfo_ssn: 16 bits (unsigned integer) +- * +- * For recvmsg() this value contains the stream sequence number that +- * the remote endpoint placed in the DATA chunk. For fragmented +- * messages this is the same number for all deliveries of the message +- * (if more than one recvmsg() is needed to read the message). +- */ + sinfo.sinfo_ssn = event->ssn; +- /* sinfo_ppid: 32 bits (unsigned integer) +- * +- * In recvmsg() this value is +- * the same information that was passed by the upper layer in the peer +- * application. Please note that byte order issues are NOT accounted +- * for and this information is passed opaquely by the SCTP stack from +- * one end to the other. +- */ + sinfo.sinfo_ppid = event->ppid; +- /* sinfo_flags: 16 bits (unsigned integer) +- * +- * This field may contain any of the following flags and is composed of +- * a bitwise OR of these values. +- * +- * recvmsg() flags: +- * +- * SCTP_UNORDERED - This flag is present when the message was sent +- * non-ordered. +- */ + sinfo.sinfo_flags = event->flags; +- /* sinfo_tsn: 32 bit (unsigned integer) +- * +- * For the receiving side, this field holds a TSN that was +- * assigned to one of the SCTP Data Chunks. +- */ + sinfo.sinfo_tsn = event->tsn; +- /* sinfo_cumtsn: 32 bit (unsigned integer) +- * +- * This field will hold the current cumulative TSN as +- * known by the underlying SCTP layer. Note this field is +- * ignored when sending and only valid for a receive +- * operation when sinfo_flags are set to SCTP_UNORDERED. +- */ + sinfo.sinfo_cumtsn = event->cumtsn; +- /* sinfo_assoc_id: sizeof (sctp_assoc_t) +- * +- * The association handle field, sinfo_assoc_id, holds the identifier +- * for the association announced in the COMMUNICATION_UP notification. +- * All notifications for a given association have the same identifier. +- * Ignored for one-to-one style sockets. +- */ + sinfo.sinfo_assoc_id = sctp_assoc2id(event->asoc); +- +- /* context value that is set via SCTP_CONTEXT socket option. */ ++ /* Context value that is set via SCTP_CONTEXT socket option. */ + sinfo.sinfo_context = event->asoc->default_rcv_context; +- + /* These fields are not used while receiving. */ + sinfo.sinfo_timetolive = 0; + + put_cmsg(msghdr, IPPROTO_SCTP, SCTP_SNDRCV, +- sizeof(struct sctp_sndrcvinfo), (void *)&sinfo); ++ sizeof(sinfo), &sinfo); + } + + /* Do accounting for bytes received and hold a reference to the association +diff --git a/tools/usb/ffs-test.c b/tools/usb/ffs-test.c +index f17dfee..726af27 100644 +--- a/tools/usb/ffs-test.c ++++ b/tools/usb/ffs-test.c +@@ -143,8 +143,8 @@ static const struct { + .header = { + .magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC), + .length = cpu_to_le32(sizeof descriptors), +- .fs_count = 3, +- .hs_count = 3, ++ .fs_count = cpu_to_le32(3), ++ .hs_count = cpu_to_le32(3), + }, + .fs_descs = { + .intf = { diff --git a/3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch b/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch index d00d89e..0c9beb1 100644 --- a/3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch +++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch @@ -273,7 +273,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index f8b642d..8741e65 100644 +index 30a5c65..efb1be9 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -315,10 +315,13 @@ index f8b642d..8741e65 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +571,72 @@ else +@@ -564,6 +571,75 @@ else KBUILD_CFLAGS += -O2 endif ++# Tell gcc to never replace conditional load with a non-conditional one ++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) ++ +ifndef DISABLE_PAX_PLUGINS +ifeq ($(call cc-ifversion, -ge, 0408, y), y) +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") @@ -388,7 +391,7 @@ index f8b642d..8741e65 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -592,9 +665,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer +@@ -592,9 +668,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer endif endif @@ -401,7 +404,7 @@ index f8b642d..8741e65 100644 endif ifdef CONFIG_DEBUG_INFO_REDUCED -@@ -708,7 +783,7 @@ export mod_strip_cmd +@@ -708,7 +786,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -410,7 +413,7 @@ index f8b642d..8741e65 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +1007,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +1010,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -419,7 +422,7 @@ index f8b642d..8741e65 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +1018,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +1021,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -428,7 +431,7 @@ index f8b642d..8741e65 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -981,10 +1058,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \ +@@ -981,10 +1061,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \ archprepare: archscripts prepare1 scripts_basic @@ -442,7 +445,7 @@ index f8b642d..8741e65 100644 prepare: prepare0 # Generate some files -@@ -1089,6 +1169,8 @@ all: modules +@@ -1089,6 +1172,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -451,7 +454,7 @@ index f8b642d..8741e65 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1104,7 +1186,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1104,7 +1189,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -460,7 +463,7 @@ index f8b642d..8741e65 100644 # Target to install modules PHONY += modules_install -@@ -1164,6 +1246,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \ +@@ -1164,6 +1249,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \ arch/*/include/generated MRPROPER_FILES += .config .config.old .version .old_version \ include/linux/version.h \ @@ -470,7 +473,7 @@ index f8b642d..8741e65 100644 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS # clean - Delete most, but leave enough to build external modules -@@ -1200,7 +1285,7 @@ distclean: mrproper +@@ -1200,7 +1288,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -479,7 +482,7 @@ index f8b642d..8741e65 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1361,6 +1446,8 @@ PHONY += $(module-dirs) modules +@@ -1361,6 +1449,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -488,7 +491,7 @@ index f8b642d..8741e65 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1487,17 +1574,21 @@ else +@@ -1487,17 +1577,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -514,7 +517,7 @@ index f8b642d..8741e65 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1507,11 +1598,15 @@ endif +@@ -1507,11 +1601,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -897,10 +900,10 @@ index fadd5f8..904e73a 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 790ea68..e8c6879 100644 +index 082bd36..da47cc5 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -2012,6 +2012,7 @@ config XIP_PHYS_ADDR +@@ -2013,6 +2013,7 @@ config XIP_PHYS_ADDR config KEXEC bool "Kexec system call (EXPERIMENTAL)" depends on EXPERIMENTAL @@ -5124,10 +5127,10 @@ index 18162ce..94de376 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig -index 16ef838..4eac98f 100644 +index bec952d..f6dbe5d 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig -@@ -346,6 +346,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE +@@ -347,6 +347,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE config KEXEC bool "kexec system call (EXPERIMENTAL)" depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP && !PPC_47x)) && EXPERIMENTAL @@ -9978,7 +9981,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index fb2e69d..440cb91 100644 +index 901447e..38d9380 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -75,6 +75,7 @@ config X86 @@ -9986,10 +9989,10 @@ index fb2e69d..440cb91 100644 select CLKEVT_I8253 select ARCH_HAVE_NMI_SAFE_CMPXCHG + select HAVE_ARCH_SECCOMP_FILTER + select ARCH_SUPPORTS_ATOMIC_RMW config INSTRUCTION_DECODER - def_bool (KPROBES || PERF_EVENTS) -@@ -235,7 +236,7 @@ config X86_HT +@@ -236,7 +237,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -9998,7 +10001,7 @@ index fb2e69d..440cb91 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -525,6 +526,7 @@ config SCHED_OMIT_FRAME_POINTER +@@ -526,6 +527,7 @@ config SCHED_OMIT_FRAME_POINTER menuconfig PARAVIRT_GUEST bool "Paravirtualized guest support" @@ -10006,7 +10009,7 @@ index fb2e69d..440cb91 100644 ---help--- Say Y here to get to see options related to running Linux under various hypervisors. This option alone does not add any kernel code. -@@ -1022,7 +1024,7 @@ choice +@@ -1023,7 +1025,7 @@ choice config NOHIGHMEM bool "off" @@ -10015,7 +10018,7 @@ index fb2e69d..440cb91 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1059,7 +1061,7 @@ config NOHIGHMEM +@@ -1060,7 +1062,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -10024,7 +10027,7 @@ index fb2e69d..440cb91 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1113,7 +1115,7 @@ config PAGE_OFFSET +@@ -1114,7 +1116,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -10033,7 +10036,7 @@ index fb2e69d..440cb91 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1496,6 +1498,7 @@ config SECCOMP +@@ -1497,6 +1499,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" @@ -10041,7 +10044,7 @@ index fb2e69d..440cb91 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1514,6 +1517,7 @@ source kernel/Kconfig.hz +@@ -1515,6 +1518,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -10049,7 +10052,7 @@ index fb2e69d..440cb91 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1616,6 +1620,8 @@ config X86_NEED_RELOCS +@@ -1617,6 +1621,8 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -10058,7 +10061,7 @@ index fb2e69d..440cb91 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1647,9 +1653,10 @@ config HOTPLUG_CPU +@@ -1648,9 +1654,10 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. config COMPAT_VDSO @@ -13744,7 +13747,7 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index cfb5a40..fc8880d 100644 +index b3eb9a7..7c34d91 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -459,7 +459,7 @@ struct kvm_arch { @@ -18411,7 +18414,7 @@ index cd28a35..c72ed9a 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index db090f6..2886e27 100644 +index dd52355..371d3b9 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -180,13 +180,153 @@ @@ -18677,7 +18680,7 @@ index db090f6..2886e27 100644 movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -423,14 +591,18 @@ sysenter_past_esp: +@@ -423,6 +591,10 @@ sysenter_past_esp: GET_THREAD_INFO(%ebp) @@ -18688,15 +18691,6 @@ index db090f6..2886e27 100644 testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz sysenter_audit sysenter_do_call: - cmpl $(nr_syscalls), %eax - jae sysenter_badsys - call *sys_call_table(,%eax,4) -- movl %eax,PT_EAX(%esp) - sysenter_after_call: -+ movl %eax,PT_EAX(%esp) - LOCKDEP_SYS_EXIT - DISABLE_INTERRUPTS(CLBR_ANY) - TRACE_IRQS_OFF @@ -438,12 +610,24 @@ sysenter_after_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit @@ -18764,15 +18758,7 @@ index db090f6..2886e27 100644 # system call tracing in operation / emulation testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz syscall_trace_entry -@@ -512,6 +710,7 @@ ENTRY(system_call) - jae syscall_badsys - syscall_call: - call *sys_call_table(,%eax,4) -+syscall_after_call: - movl %eax,PT_EAX(%esp) # store the return value - syscall_exit: - LOCKDEP_SYS_EXIT -@@ -523,6 +722,15 @@ syscall_exit: +@@ -524,6 +722,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -18788,7 +18774,7 @@ index db090f6..2886e27 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -582,14 +790,34 @@ ldt_ss: +@@ -578,14 +785,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -18826,7 +18812,7 @@ index db090f6..2886e27 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -618,34 +846,28 @@ work_resched: +@@ -614,34 +841,28 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -18866,7 +18852,7 @@ index db090f6..2886e27 100644 # perform syscall exit tracing ALIGN -@@ -653,11 +875,14 @@ syscall_trace_entry: +@@ -649,11 +870,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -18882,7 +18868,7 @@ index db090f6..2886e27 100644 # perform syscall exit tracing ALIGN -@@ -670,25 +895,29 @@ syscall_exit_work: +@@ -666,25 +890,29 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -18903,23 +18889,20 @@ index db090f6..2886e27 100644 +ENDPROC(syscall_fault) syscall_badsys: -- movl $-ENOSYS,PT_EAX(%esp) -- jmp syscall_exit + movl $-ENOSYS,%eax + jmp syscall_after_call -END(syscall_badsys) -+ movl $-ENOSYS,%eax -+ jmp syscall_after_call +ENDPROC(syscall_badsys) sysenter_badsys: -- movl $-ENOSYS,PT_EAX(%esp) -+ movl $-ENOSYS,%eax + movl $-ENOSYS,%eax jmp sysenter_after_call -END(syscall_badsys) +ENDPROC(sysenter_badsys) CFI_ENDPROC /* * End of kprobes section -@@ -762,6 +991,36 @@ ptregs_clone: +@@ -758,6 +986,36 @@ ptregs_clone: CFI_ENDPROC ENDPROC(ptregs_clone) @@ -18956,7 +18939,7 @@ index db090f6..2886e27 100644 .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -771,8 +1030,15 @@ ENDPROC(ptregs_clone) +@@ -767,8 +1025,15 @@ ENDPROC(ptregs_clone) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -18974,7 +18957,7 @@ index db090f6..2886e27 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -825,7 +1091,7 @@ vector=vector+1 +@@ -821,7 +1086,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -18983,7 +18966,7 @@ index db090f6..2886e27 100644 .previous END(interrupt) -@@ -873,7 +1139,7 @@ ENTRY(coprocessor_error) +@@ -869,7 +1134,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -18992,7 +18975,7 @@ index db090f6..2886e27 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -894,7 +1160,7 @@ ENTRY(simd_coprocessor_error) +@@ -890,7 +1155,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -19001,7 +18984,7 @@ index db090f6..2886e27 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -902,7 +1168,7 @@ ENTRY(device_not_available) +@@ -898,7 +1163,7 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -19010,7 +18993,7 @@ index db090f6..2886e27 100644 #ifdef CONFIG_PARAVIRT ENTRY(native_iret) -@@ -911,12 +1177,12 @@ ENTRY(native_iret) +@@ -907,12 +1172,12 @@ ENTRY(native_iret) .align 4 .long native_iret, iret_exc .previous @@ -19025,7 +19008,7 @@ index db090f6..2886e27 100644 #endif ENTRY(overflow) -@@ -925,7 +1191,7 @@ ENTRY(overflow) +@@ -921,7 +1186,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -19034,7 +19017,7 @@ index db090f6..2886e27 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -933,7 +1199,7 @@ ENTRY(bounds) +@@ -929,7 +1194,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -19043,7 +19026,7 @@ index db090f6..2886e27 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -941,7 +1207,7 @@ ENTRY(invalid_op) +@@ -937,7 +1202,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -19052,7 +19035,7 @@ index db090f6..2886e27 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -949,35 +1215,35 @@ ENTRY(coprocessor_segment_overrun) +@@ -945,35 +1210,35 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -19093,7 +19076,7 @@ index db090f6..2886e27 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -985,7 +1251,7 @@ ENTRY(divide_error) +@@ -981,7 +1246,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -19102,7 +19085,7 @@ index db090f6..2886e27 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -994,7 +1260,7 @@ ENTRY(machine_check) +@@ -990,7 +1255,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -19111,7 +19094,7 @@ index db090f6..2886e27 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -1003,7 +1269,7 @@ ENTRY(spurious_interrupt_bug) +@@ -999,7 +1264,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -19120,7 +19103,7 @@ index db090f6..2886e27 100644 /* * End of kprobes section */ -@@ -1119,7 +1385,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1115,7 +1380,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, ENTRY(mcount) ret @@ -19129,7 +19112,7 @@ index db090f6..2886e27 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1148,7 +1414,7 @@ ftrace_graph_call: +@@ -1144,7 +1409,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -19138,7 +19121,7 @@ index db090f6..2886e27 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -1184,7 +1450,7 @@ trace: +@@ -1180,7 +1445,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -19147,7 +19130,7 @@ index db090f6..2886e27 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1205,7 +1471,7 @@ ENTRY(ftrace_graph_caller) +@@ -1201,7 +1466,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -19156,7 +19139,7 @@ index db090f6..2886e27 100644 .globl return_to_handler return_to_handler: -@@ -1219,7 +1485,6 @@ return_to_handler: +@@ -1215,7 +1480,6 @@ return_to_handler: jmp *%ecx #endif @@ -19164,7 +19147,7 @@ index db090f6..2886e27 100644 #include "syscall_table_32.S" syscall_table_size=(.-sys_call_table) -@@ -1265,15 +1530,18 @@ error_code: +@@ -1261,15 +1525,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -19185,7 +19168,7 @@ index db090f6..2886e27 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1315,7 +1583,7 @@ debug_stack_correct: +@@ -1311,7 +1578,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -19194,7 +19177,7 @@ index db090f6..2886e27 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1352,6 +1620,9 @@ nmi_stack_correct: +@@ -1348,6 +1615,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -19204,7 +19187,7 @@ index db090f6..2886e27 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1388,12 +1659,15 @@ nmi_espfix_stack: +@@ -1384,12 +1654,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -19221,7 +19204,7 @@ index db090f6..2886e27 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1405,14 +1679,14 @@ ENTRY(int3) +@@ -1401,14 +1674,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -19238,7 +19221,7 @@ index db090f6..2886e27 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1420,7 +1694,7 @@ ENTRY(async_page_fault) +@@ -1416,7 +1689,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -29322,19 +29305,21 @@ index 7b179b4..6bd17777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index be1ef57..406f1c2 100644 +index dec49d3..e2bd3f0 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c -@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, - for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) { - int is_ram = page_is_ram(pfn); +@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, + unsigned long i; + + for (i = 0; i < nr_pages; ++i) +- if (pfn_valid(start_pfn + i) && +- !PageReserved(pfn_to_page(start_pfn + i))) ++ if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 || ++ !PageReserved(pfn_to_page(start_pfn + i)))) + return 1; -- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn))) -+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn)))) - return NULL; - WARN_ON_ONCE(is_ram); - } -@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot); + WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn); +@@ -268,7 +268,7 @@ EXPORT_SYMBOL(ioremap_prot); * * Caller must ensure there is only one unmapping for the same pointer. */ @@ -29343,7 +29328,7 @@ index be1ef57..406f1c2 100644 { struct vm_struct *p, *o; -@@ -315,6 +315,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) +@@ -327,6 +327,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ if (page_is_ram(start >> PAGE_SHIFT)) @@ -29353,7 +29338,7 @@ index be1ef57..406f1c2 100644 return __va(phys); addr = (void __force *)ioremap_cache(start, PAGE_SIZE); -@@ -327,6 +330,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) +@@ -339,6 +342,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) void unxlate_dev_mem_ptr(unsigned long phys, void *addr) { if (page_is_ram(phys >> PAGE_SHIFT)) @@ -29363,7 +29348,7 @@ index be1ef57..406f1c2 100644 return; iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK)); -@@ -344,7 +350,7 @@ static int __init early_ioremap_debug_setup(char *str) +@@ -356,7 +362,7 @@ static int __init early_ioremap_debug_setup(char *str) early_param("early_ioremap_debug", early_ioremap_debug_setup); static __initdata int after_paging_init; @@ -29372,7 +29357,7 @@ index be1ef57..406f1c2 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -381,8 +387,7 @@ void __init early_ioremap_init(void) +@@ -393,8 +399,7 @@ void __init early_ioremap_init(void) slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -32604,10 +32589,10 @@ index de2802c..2260da9 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 2b662725..202bcc8 100644 +index 2ddf736..e60d263 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4782,7 +4782,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4787,7 +4787,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -32616,7 +32601,7 @@ index 2b662725..202bcc8 100644 ap = qc->ap; qc->flags = 0; -@@ -4798,7 +4798,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4803,7 +4803,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -32625,7 +32610,7 @@ index 2b662725..202bcc8 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5803,6 +5803,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5808,6 +5808,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -32633,7 +32618,7 @@ index 2b662725..202bcc8 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5816,8 +5817,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5821,8 +5822,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -42003,7 +41988,7 @@ index 7ead065..832d24d 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 30a7b52..a8e0833 100644 +index ea8a181..4d3faed 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -47751,10 +47736,10 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index f6d2b62..d9aa1a4 100644 +index 5c6b5f5..475317d 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2632,7 +2632,7 @@ static int sd_probe(struct device *dev) +@@ -2635,7 +2635,7 @@ static int sd_probe(struct device *dev) device_initialize(&sdkp->dev); sdkp->dev.parent = dev; sdkp->dev.class = &sd_disk_class; @@ -50312,7 +50297,7 @@ index 032e5a6..bc422e4 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 12f3a37..8802889 100644 +index 3807294..cc1fc93 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -25,6 +25,7 @@ @@ -50323,7 +50308,7 @@ index 12f3a37..8802889 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -3420,6 +3421,9 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -3440,6 +3441,9 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, return; } @@ -50432,7 +50417,7 @@ index 347bb05..63e1b73 100644 return 0; } diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c -index 0e641a1..49e6ac7 100644 +index c635c4c..dc91e75 100644 --- a/drivers/usb/gadget/f_fs.c +++ b/drivers/usb/gadget/f_fs.c @@ -1212,6 +1212,7 @@ static struct file_system_type ffs_fs_type = { @@ -58277,7 +58262,7 @@ index f3358ab..fbb1d90 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index acf2baf..31c5131 100644 +index 6581ee7..96fd5e1 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -92,6 +92,8 @@ static struct file_system_type ext2_fs_type = { @@ -58307,7 +58292,7 @@ index acf2baf..31c5131 100644 "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; #ifdef CONFIG_QUOTA -@@ -2469,7 +2473,7 @@ struct ext4_attr { +@@ -2467,7 +2471,7 @@ struct ext4_attr { ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *, const char *, size_t); int offset; @@ -58316,7 +58301,7 @@ index acf2baf..31c5131 100644 static int parse_strtoul(const char *buf, unsigned long max, unsigned long *value) -@@ -3175,7 +3179,6 @@ int ext4_calculate_overhead(struct super_block *sb) +@@ -3174,7 +3178,6 @@ int ext4_calculate_overhead(struct super_block *sb) ext4_fsblk_t overhead = 0; char *buf = (char *) get_zeroed_page(GFP_KERNEL); @@ -58324,7 +58309,7 @@ index acf2baf..31c5131 100644 if (!buf) return -ENOMEM; -@@ -5052,7 +5055,6 @@ static inline int ext2_feature_set_ok(struct super_block *sb) +@@ -5051,7 +5054,6 @@ static inline int ext2_feature_set_ok(struct super_block *sb) return 0; return 1; } @@ -58332,7 +58317,7 @@ index acf2baf..31c5131 100644 #else static inline void register_as_ext2(void) { } static inline void unregister_as_ext2(void) { } -@@ -5085,7 +5087,6 @@ static inline int ext3_feature_set_ok(struct super_block *sb) +@@ -5084,7 +5086,6 @@ static inline int ext3_feature_set_ok(struct super_block *sb) return 0; return 1; } @@ -58340,7 +58325,7 @@ index acf2baf..31c5131 100644 #else static inline void register_as_ext3(void) { } static inline void unregister_as_ext3(void) { } -@@ -5099,6 +5100,7 @@ static struct file_system_type ext4_fs_type = { +@@ -5098,6 +5099,7 @@ static struct file_system_type ext4_fs_type = { .kill_sb = kill_block_super, .fs_flags = FS_REQUIRES_DEV, }; @@ -60081,7 +60066,7 @@ index cf0098d..a849907 100644 if (!ret) ret = -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 06e2f73..e6c5fc8 100644 +index e13558c..56ca611 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1150,7 +1150,7 @@ static char *read_link(struct dentry *dentry) @@ -60094,10 +60079,10 @@ index 06e2f73..e6c5fc8 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c -index 912c250..f0aee59 100644 +index afc0f706..a5489ea 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c -@@ -1094,6 +1094,7 @@ static struct file_system_type fuse_fs_type = { +@@ -1106,6 +1106,7 @@ static struct file_system_type fuse_fs_type = { .mount = fuse_mount, .kill_sb = fuse_kill_sb_anon, }; @@ -60105,7 +60090,7 @@ index 912c250..f0aee59 100644 #ifdef CONFIG_BLOCK static struct dentry *fuse_mount_blk(struct file_system_type *fs_type, -@@ -1123,6 +1124,7 @@ static struct file_system_type fuseblk_fs_type = { +@@ -1135,6 +1136,7 @@ static struct file_system_type fuseblk_fs_type = { .kill_sb = fuse_kill_sb_blk, .fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE, }; @@ -61354,10 +61339,10 @@ index 1943898..396c460 100644 - #endif /* CONFIG_NFS_V4 */ diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index 315a1ba..aec2a5f 100644 +index eebccfe..a2ed0a1 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c -@@ -1048,7 +1048,7 @@ struct nfsd4_operation { +@@ -1039,7 +1039,7 @@ struct nfsd4_operation { char *op_name; /* Try to get response size before operation */ nfsd4op_rsize op_rsize_bop; @@ -61367,10 +61352,10 @@ index 315a1ba..aec2a5f 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index a7933dd..243e586 100644 +index 9d2c52b..c9d6c2aa 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -1445,7 +1445,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) +@@ -1456,7 +1456,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -61379,7 +61364,7 @@ index a7933dd..243e586 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1485,7 +1485,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { +@@ -1496,7 +1496,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner, }; @@ -61388,7 +61373,7 @@ index a7933dd..243e586 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1547,7 +1547,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { +@@ -1558,7 +1558,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { }; struct nfsd4_minorversion_ops { @@ -77057,28 +77042,6 @@ index 73b0712..2e581af 100644 struct drm_connector_helper_funcs { int (*get_modes)(struct drm_connector *connector); -diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h -index 6bd325f..19a2404 100644 ---- a/include/drm/drm_mem_util.h -+++ b/include/drm/drm_mem_util.h -@@ -31,7 +31,7 @@ - - static __inline__ void *drm_calloc_large(size_t nmemb, size_t size) - { -- if (size != 0 && nmemb > ULONG_MAX / size) -+ if (size != 0 && nmemb > SIZE_MAX / size) - return NULL; - - if (size * nmemb <= PAGE_SIZE) -@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size) - /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */ - static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size) - { -- if (size != 0 && nmemb > ULONG_MAX / size) -+ if (size != 0 && nmemb > SIZE_MAX / size) - return NULL; - - if (size * nmemb <= PAGE_SIZE) diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h index 26c1f78..6722682 100644 --- a/include/drm/ttm/ttm_memory.h @@ -79417,10 +79380,10 @@ index 0000000..b02ba9d +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..2a0fe35 +index 0000000..bc1de4cb --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,228 @@ +@@ -0,0 +1,231 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -79432,6 +79395,9 @@ index 0000000..2a0fe35 +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP) +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled." +#endif ++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled" ++#endif +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC) +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled." +#endif @@ -79978,18 +79944,10 @@ index 3875719..4663bc3 100644 /* This macro allows us to keep printk typechecking */ static __printf(1, 2) diff --git a/include/linux/kernel.h b/include/linux/kernel.h -index a70783d..bf1dd28 100644 +index 0b8ca35..bf1dd28 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h -@@ -34,6 +34,7 @@ - #define LLONG_MAX ((long long)(~0ULL>>1)) - #define LLONG_MIN (-LLONG_MAX - 1) - #define ULLONG_MAX (~0ULL) -+#define SIZE_MAX (~(size_t)0) - - #define STACK_MAGIC 0xdeadbeef - -@@ -696,24 +697,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { } +@@ -697,24 +697,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { } * @condition: the condition which the compiler should know is false. * * If you have some code which relies on certain constants being equal, or @@ -80165,10 +80123,10 @@ index f93d8c1..71244f6 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index 375dfdf..7dca34f 100644 +index d773b21..95a0913 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -913,7 +913,7 @@ struct ata_port_operations { +@@ -914,7 +914,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -80226,10 +80184,10 @@ index 88e78de..c63979a 100644 } apparmor_audit_data; #endif diff --git a/include/linux/math64.h b/include/linux/math64.h -index b8ba855..bfdffd0 100644 +index 2913b86..fa383945 100644 --- a/include/linux/math64.h +++ b/include/linux/math64.h -@@ -14,7 +14,7 @@ +@@ -15,7 +15,7 @@ * This is commonly provided by 32bit archs to provide an optimized 64bit * divide. */ @@ -80238,7 +80196,7 @@ index b8ba855..bfdffd0 100644 { *remainder = dividend % divisor; return dividend / divisor; -@@ -32,7 +32,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder) +@@ -33,7 +33,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder) /** * div64_u64 - unsigned 64bit divide with 64bit divisor */ @@ -80247,8 +80205,8 @@ index b8ba855..bfdffd0 100644 { return dividend / divisor; } -@@ -50,7 +50,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor) - #define div64_long(x,y) div_s64((x),(y)) +@@ -52,7 +52,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor) + #define div64_ul(x, y) div_u64((x), (y)) #ifndef div_u64_rem -static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder) @@ -80256,7 +80214,7 @@ index b8ba855..bfdffd0 100644 { *remainder = do_div(dividend, divisor); return dividend; -@@ -62,7 +62,7 @@ extern s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder); +@@ -64,7 +64,7 @@ extern s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder); #endif #ifndef div64_u64 @@ -80265,7 +80223,7 @@ index b8ba855..bfdffd0 100644 #endif #ifndef div64_s64 -@@ -79,7 +79,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor); +@@ -81,7 +81,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor); * divide. */ #ifndef div_u64 @@ -82406,7 +82364,7 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 40c2726..21dc3e2 100644 +index 1b4ea29..9347e29 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb); @@ -82483,7 +82441,7 @@ index 40c2726..21dc3e2 100644 static inline void nf_reset_trace(struct sk_buff *skb) diff --git a/include/linux/slab.h b/include/linux/slab.h -index a595dce..e710d26 100644 +index 67d5d94..51dd834 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,14 +11,29 @@ @@ -84484,10 +84442,10 @@ index 5d1a758..1dbf795 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index 3152cc3..3b3394f 100644 +index 377ba61..1b6890c 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -161,9 +161,9 @@ struct scsi_device { +@@ -162,9 +162,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -91710,10 +91668,10 @@ index 73e416d..cfc6f69 100644 sys_tz = *tz; update_vsyscall_tz(); diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index 0907e43..56a6a92 100644 +index eb198a3..45909ed 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c -@@ -773,7 +773,7 @@ static int __init alarmtimer_init(void) +@@ -789,7 +789,7 @@ static int __init alarmtimer_init(void) struct platform_device *pdev; int error = 0; int i; @@ -92270,7 +92228,7 @@ index 648f25a..5971796 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index c5a12a7..4d94416 100644 +index 0c348a6..454324b 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -2656,7 +2656,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) @@ -92282,7 +92240,7 @@ index c5a12a7..4d94416 100644 { /* do nothing if flag is already set */ if (!!(trace_flags & mask) == !!enabled) -@@ -4248,10 +4248,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4246,10 +4246,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -92294,7 +92252,7 @@ index c5a12a7..4d94416 100644 static int once; if (d_tracer) -@@ -4271,10 +4270,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4269,10 +4268,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -93952,7 +93910,7 @@ index ed0ed8a..cc835b97 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 6f886d9..7218ed0 100644 +index d2c43a2..2213df3 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2009,15 +2009,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -93997,7 +93955,7 @@ index 6f886d9..7218ed0 100644 if (ret) goto out; -@@ -2516,6 +2520,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2517,6 +2521,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -94025,7 +93983,7 @@ index 6f886d9..7218ed0 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. */ -@@ -2618,6 +2643,11 @@ retry_avoidcopy: +@@ -2619,6 +2644,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -94037,7 +93995,7 @@ index 6f886d9..7218ed0 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2769,6 +2799,10 @@ retry: +@@ -2770,6 +2800,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -94048,7 +94006,7 @@ index 6f886d9..7218ed0 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2798,6 +2832,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2799,6 +2833,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -94059,7 +94017,7 @@ index 6f886d9..7218ed0 100644 ptep = huge_pte_offset(mm, address); if (ptep) { entry = huge_ptep_get(ptep); -@@ -2809,6 +2847,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2810,6 +2848,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -94099,7 +94057,7 @@ index 0c26b5e..1cc340f 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index f3b2a00..5899e43 100644 +index cc8cf1d..677c52d 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq, @@ -94111,7 +94069,7 @@ index f3b2a00..5899e43 100644 } } -@@ -1745,7 +1745,7 @@ static int __init kmemleak_late_init(void) +@@ -1747,7 +1747,7 @@ static int __init kmemleak_late_init(void) return -ENOMEM; } @@ -95040,7 +94998,7 @@ index 483e66505..32583a0 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 2b5bcc9..7d7a6c9 100644 +index c9f7e6f..45a779e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -652,6 +652,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -97508,7 +97466,7 @@ index f3f6fd3..0d91a63 100644 /* diff --git a/mm/shmem.c b/mm/shmem.c -index a78acf0..a31df98 100644 +index 1371021..c2094c7 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ @@ -97527,9 +97485,9 @@ index a78acf0..a31df98 100644 -#define SHORT_SYMLINK_LEN 128 +#define SHORT_SYMLINK_LEN 64 - struct shmem_xattr { - struct list_head list; /* anchored by shmem_inode_info->xattr_list */ -@@ -1809,6 +1809,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { + /* + * vmtruncate_range() communicates with shmem_fault via +@@ -1924,6 +1924,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -97541,7 +97499,7 @@ index a78acf0..a31df98 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -1862,6 +1867,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -1977,6 +1982,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -97557,7 +97515,7 @@ index a78acf0..a31df98 100644 if (size == 0) value = ""; /* empty EA, do not remove */ -@@ -2195,8 +2209,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2310,8 +2324,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -98674,7 +98632,7 @@ index 136ac4f..f917fa9 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index eeba3bb..abb9ae6 100644 +index 1431458..3eef1a6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -27,10 +27,67 @@ @@ -98845,7 +98803,7 @@ index eeba3bb..abb9ae6 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -1151,10 +1244,24 @@ void __init vmalloc_init(void) +@@ -1157,10 +1250,24 @@ void __init vmalloc_init(void) for_each_possible_cpu(i) { struct vmap_block_queue *vbq; @@ -98870,7 +98828,7 @@ index eeba3bb..abb9ae6 100644 } /* Import existing vmlist entries. */ -@@ -1295,6 +1402,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1301,6 +1408,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); @@ -98887,7 +98845,7 @@ index eeba3bb..abb9ae6 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1469,7 +1586,7 @@ static void __vunmap(const void *addr, int deallocate_pages) +@@ -1475,7 +1592,7 @@ static void __vunmap(const void *addr, int deallocate_pages) kfree(area); return; } @@ -98896,7 +98854,7 @@ index eeba3bb..abb9ae6 100644 /** * vfree - release memory allocated by vmalloc() * @addr: memory base address -@@ -1478,15 +1595,26 @@ static void __vunmap(const void *addr, int deallocate_pages) +@@ -1484,15 +1601,26 @@ static void __vunmap(const void *addr, int deallocate_pages) * obtained from vmalloc(), vmalloc_32() or __vmalloc(). If @addr is * NULL, no operation is performed. * @@ -98926,7 +98884,7 @@ index eeba3bb..abb9ae6 100644 } EXPORT_SYMBOL(vfree); -@@ -1503,10 +1631,28 @@ void vunmap(const void *addr) +@@ -1509,10 +1637,28 @@ void vunmap(const void *addr) { BUG_ON(in_interrupt()); might_sleep(); @@ -98956,7 +98914,7 @@ index eeba3bb..abb9ae6 100644 /** * vmap - map an array of pages into virtually contiguous space * @pages: array of page pointers -@@ -1527,6 +1673,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1533,6 +1679,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -98968,7 +98926,7 @@ index eeba3bb..abb9ae6 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1628,6 +1779,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1634,6 +1785,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; @@ -98982,7 +98940,7 @@ index eeba3bb..abb9ae6 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1801,10 +1959,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1807,10 +1965,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -98994,7 +98952,7 @@ index eeba3bb..abb9ae6 100644 -1, __builtin_return_address(0)); } -@@ -2099,6 +2256,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2105,6 +2262,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -99003,7 +98961,7 @@ index eeba3bb..abb9ae6 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2351,8 +2510,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, +@@ -2357,8 +2516,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, return NULL; } @@ -99014,7 +98972,7 @@ index eeba3bb..abb9ae6 100644 if (!vas || !vms) goto err_free; -@@ -2536,11 +2695,15 @@ static int s_show(struct seq_file *m, void *p) +@@ -2542,11 +2701,15 @@ static int s_show(struct seq_file *m, void *p) { struct vm_struct *v = p; @@ -100720,7 +100678,7 @@ index 80aeac9..b08d0a8 100644 return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 7beaf10..3c8226d 100644 +index 0900a17..f3fb6aa 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -57,7 +57,7 @@ struct rtnl_link { @@ -101075,21 +101033,6 @@ index d50a13c..1f612ff 100644 return -EFAULT; *lenp = len; -diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c -index c32be29..2022b46 100644 ---- a/net/dns_resolver/dns_query.c -+++ b/net/dns_resolver/dns_query.c -@@ -150,7 +150,9 @@ int dns_query(const char *type, const char *name, size_t namelen, - if (!*_result) - goto put; - -- memcpy(*_result, upayload->data, len + 1); -+ memcpy(*_result, upayload->data, len); -+ (*_result)[len] = '\0'; -+ - if (_expiry) - *_expiry = rkey->expiry; - diff --git a/net/econet/Kconfig b/net/econet/Kconfig index 39a2d29..f39c0fe 100644 --- a/net/econet/Kconfig @@ -101737,41 +101680,6 @@ index a639967..8f44480 100644 if (!clusterip_procdir) { pr_err("Unable to proc dir entry\n"); ret = -ENOMEM; -diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c -index b550815..c3b44d5 100644 ---- a/net/ipv4/netfilter/ipt_ULOG.c -+++ b/net/ipv4/netfilter/ipt_ULOG.c -@@ -202,6 +202,7 @@ static void ipt_ulog_packet(unsigned int hooknum, - ub->qlen++; - - pm = NLMSG_DATA(nlh); -+ memset(pm, 0, sizeof(*pm)); - - /* We might not have a timestamp, get one */ - if (skb->tstamp.tv64 == 0) -@@ -218,8 +219,6 @@ static void ipt_ulog_packet(unsigned int hooknum, - strncpy(pm->prefix, prefix, sizeof(pm->prefix)); - else if (loginfo->prefix[0] != '\0') - strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix)); -- else -- *(pm->prefix) = '\0'; - - if (in && in->hard_header_len > 0 && - skb->mac_header != skb->network_header && -@@ -231,13 +230,9 @@ static void ipt_ulog_packet(unsigned int hooknum, - - if (in) - strncpy(pm->indev_name, in->name, sizeof(pm->indev_name)); -- else -- pm->indev_name[0] = '\0'; - - if (out) - strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name)); -- else -- pm->outdev_name[0] = '\0'; - - /* copy_len <= skb->len, so can't fail. */ - if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0) diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c index d495d4b..c95851f 100644 --- a/net/ipv4/ping.c @@ -102231,7 +102139,7 @@ index 739b073..7ac6591 100644 hdr = register_sysctl_paths(net_ipv4_ctl_path, ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index c1ed01e..bb914c3 100644 +index afe6886..297e5fb 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4739,7 +4739,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, @@ -102773,10 +102681,10 @@ index 1567fb1..29af910 100644 dst = NULL; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 14753d3..0a31044 100644 +index 064b5c9..bd9ff9d 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c -@@ -611,7 +611,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) +@@ -600,7 +600,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) { @@ -102785,7 +102693,7 @@ index 14753d3..0a31044 100644 int ident; if (rt && !(rt->dst.flags & DST_NOPEER)) { -@@ -625,7 +625,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) +@@ -614,7 +614,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) return; } } @@ -103613,28 +103521,6 @@ index 93a41a0..d4b4edb 100644 NLA_PUT_U32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id); NLA_PUT_U32(skb, L2TP_ATTR_SESSION_ID, session->session_id); -diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c -index e0f0934..437fb59 100644 ---- a/net/l2tp/l2tp_ppp.c -+++ b/net/l2tp/l2tp_ppp.c -@@ -1351,7 +1351,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, - int err; - - if (level != SOL_PPPOL2TP) -- return udp_prot.setsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (optlen < sizeof(int)) - return -EINVAL; -@@ -1477,7 +1477,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, - struct pppol2tp_session *ps; - - if (level != SOL_PPPOL2TP) -- return udp_prot.getsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (get_user(len, (int __user *) optlen)) - return -EFAULT; diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c index a1839c0..4e06b9b 100644 --- a/net/llc/llc_proc.c @@ -103936,7 +103822,7 @@ index 6dc7d7d..e45913a 100644 if ((ipvs->sync_state & IP_VS_STATE_MASTER) && cp->protocol == IPPROTO_SCTP) { diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index 72f4253..c9a3f57 100644 +index 93acfa1..e846c43 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, @@ -105500,26 +105386,6 @@ index 8da4481..d02565e 100644 tp->srtt = tp->srtt - (tp->srtt >> sctp_rto_alpha) + (rtt >> sctp_rto_alpha); } else { -diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c -index 8a84017..d4faa70 100644 ---- a/net/sctp/ulpevent.c -+++ b/net/sctp/ulpevent.c -@@ -418,6 +418,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error( - * sre_type: - * It should be SCTP_REMOTE_ERROR. - */ -+ memset(sre, 0, sizeof(*sre)); - sre->sre_type = SCTP_REMOTE_ERROR; - - /* -@@ -921,6 +922,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event, - * For recvmsg() the SCTP stack places the message's stream number in - * this value. - */ -+ memset(&sinfo, 0, sizeof(sinfo)); - sinfo.sinfo_stream = event->stream; - /* sinfo_ssn: 16 bits (unsigned integer) - * diff --git a/net/socket.c b/net/socket.c index 3faa358..3d43f20 100644 --- a/net/socket.c diff --git a/3.2.61/4425_grsec_remove_EI_PAX.patch b/3.2.62/4425_grsec_remove_EI_PAX.patch index cf65d90..cf65d90 100644 --- a/3.2.61/4425_grsec_remove_EI_PAX.patch +++ b/3.2.62/4425_grsec_remove_EI_PAX.patch diff --git a/3.2.61/4427_force_XATTR_PAX_tmpfs.patch b/3.2.62/4427_force_XATTR_PAX_tmpfs.patch index 8c7a533..a5527a5 100644 --- a/3.2.61/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.2.62/4427_force_XATTR_PAX_tmpfs.patch @@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge. diff -Naur a/mm/shmem.c b/mm/shmem.c --- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400 +++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400 -@@ -1809,11 +1809,7 @@ +@@ -1924,11 +1924,7 @@ static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -1867,14 +1863,12 @@ +@@ -1982,14 +1978,12 @@ if (err) return err; diff --git a/3.2.61/4430_grsec-remove-localversion-grsec.patch b/3.2.62/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.61/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.62/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.61/4435_grsec-mute-warnings.patch b/3.2.62/4435_grsec-mute-warnings.patch index da01ac7..da01ac7 100644 --- a/3.2.61/4435_grsec-mute-warnings.patch +++ b/3.2.62/4435_grsec-mute-warnings.patch diff --git a/3.2.61/4440_grsec-remove-protected-paths.patch b/3.2.62/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.2.61/4440_grsec-remove-protected-paths.patch +++ b/3.2.62/4440_grsec-remove-protected-paths.patch diff --git a/3.2.61/4450_grsec-kconfig-default-gids.patch b/3.2.62/4450_grsec-kconfig-default-gids.patch index e3c7c72..e3c7c72 100644 --- a/3.2.61/4450_grsec-kconfig-default-gids.patch +++ b/3.2.62/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.61/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch index 035fe2d..035fe2d 100644 --- a/3.2.61/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.15/4470_disable-compat_vdso.patch b/3.2.62/4470_disable-compat_vdso.patch index 677174c..0aedd26 100644 --- a/3.14.15/4470_disable-compat_vdso.patch +++ b/3.2.62/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1841,17 +1841,8 @@ +@@ -1655,17 +1655,8 @@ config COMPAT_VDSO def_bool n diff --git a/3.2.61/4475_emutramp_default_on.patch b/3.2.62/4475_emutramp_default_on.patch index 941870b..941870b 100644 --- a/3.2.61/4475_emutramp_default_on.patch +++ b/3.2.62/4475_emutramp_default_on.patch |