diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-04-15 06:39:01 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-04-15 06:51:10 +0000 |
| commit | 73e47de159b631f9e3a0553a7a12523d4a40e7a2 (patch) | |
| tree | 50d6a3ccf7002d6319d044be286ad1b6805c3499 | |
| parent | 589cf8744233946b999555914e2fe738d0952959 (diff) | |
| download | aports-73e47de159b631f9e3a0553a7a12523d4a40e7a2.tar.bz2 aports-73e47de159b631f9e3a0553a7a12523d4a40e7a2.tar.xz | |
main/linux-grsec: upgrade to 3.13.10
| -rw-r--r-- | main/linux-grsec/APKBUILD | 20 | ||||
| -rw-r--r-- | main/linux-grsec/ccache.patch | 10 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.13.10-201404141717.patch (renamed from main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch) | 1443 |
3 files changed, 889 insertions, 584 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 669a058fe0..daf9543aa5 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.13.8 +pkgver=3.13.10 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,8 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.13.8-201404011912.patch - ccache.patch + grsecurity-3.0-3.13.10-201404141717.patch fix-memory-map-for-PIE-applications.patch platform-introduce-OF-style-modalias-support-for-pla.patch @@ -167,9 +166,8 @@ dev() { } md5sums="0ecbaf65c00374eb4a826c2f9f37606f linux-3.13.tar.xz -72b911bfc50de88c67bd0e8732978deb patch-3.13.8.xz -8d342a525405ccd167eb95a20c0e1062 grsecurity-3.0-3.13.8-201404011912.patch -2a1bac5f61da1962dfa90dfb16895eef ccache.patch +dcf42b5013a7831d02168fd3eda5cce2 patch-3.13.10.xz +da1f46883adb65bc5282565ed6ade3ef grsecurity-3.0-3.13.10-201404141717.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-for-pla.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch @@ -177,9 +175,8 @@ f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-f 3949ef829d102d36255ff92ff76936d2 kernelconfig.x86_64 6ea461c60077b09aa75040f7672c7250 kernelconfig.armhf" sha256sums="4d5e5eee5f276424c32e9591f1b6c971baedc7b49f28ce03d1f48b1e5d6226a2 linux-3.13.tar.xz -073a392f4d156955df26a09c3236faf375da0afc49077e6b805f5788b8fffb10 patch-3.13.8.xz -9121632468387fa458326d1e05a62f855ba8c8ab49998500f56dca7768208bbb grsecurity-3.0-3.13.8-201404011912.patch -b6abce04f005314f768707a54f85d150cfde1a738f20c569ffa0d11770ff70dc ccache.patch +c323d141f02b349ac5b37c744e0689c98dc698be81c7c974b182983b8073b03d patch-3.13.10.xz +dd622dc23662c40d747efb1a7fb5ac8975f5e6d133f4c04af71aa87f5e722aef grsecurity-3.0-3.13.10-201404141717.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch e90bb651da4ff16df25565e44ca70e26367bbcbf9d27962c796c6afd5eecea96 platform-introduce-OF-style-modalias-support-for-pla.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch @@ -187,9 +184,8 @@ f8297eb16cfbe48d5202072e21fa16ebac95de26c8cfa8ec5a66610504af2f81 kernelconfig.x fd55e28d9baf330d6593453da592bcc03779694e7c3fb496fec47cdad1d7bcaa kernelconfig.x86_64 c1e583baa6694643f85b8df0924cc7c4fac0f6eef963969615e6e642db0f969a kernelconfig.armhf" sha512sums="1ba223bb4b885d691a67196d86a8aaf7b4a1c351bf2a762f50f1b0c32da00dd0c28895872a66b49e8d244498d996876609268e64861d28ac4048886ef9f79b87 linux-3.13.tar.xz -d61fc7e95e461b8f0f09ac6e3456eea160f64555bd0c78449d98a6a06e14929915dd6f739f7c7ee34512fbf9eb44ed17e2d262830f86194cb66a4760d019f8f0 patch-3.13.8.xz -0dcb393b94a36fea3698856031e165bc665b5a5f4a080dadcf6f4928e4776780fb16b23c5de8a0446c9a3766afa42f36df67f000b0b020e13c025b474fb68531 grsecurity-3.0-3.13.8-201404011912.patch -f6e36cc94cb0c06ba181362f6de6c9fd431e571fbb35acad78d8790ae107531add54f6cb87d78180dd604076d2326885d16127fc4176ed07277ea89c151ce4e0 ccache.patch +74d45d35db23915c3a0b3cb73a42e002e84d8c23f1415114004d5315ab8f25d9432882a5b4c2e59ed8b99035045cae9ad972e328d0b46495ebd7c333c831d9cc patch-3.13.10.xz +f79fcce8adf4720fde752cbfceddf8e7cd8a00e985b94d99d168a1dd3788a349a3948c123e28feb51bc7a876d9f038475c6f00d7c37996b373e19ce7a21e8ce4 grsecurity-3.0-3.13.10-201404141717.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 2ef795ebd70939be346cba824e6af2ca3d8220cdbc54b9fe3a6861cf44bc0df954ca91b7f6e68dcecebdb8a6a1651c12869588cea8c191f9054fe7a8db02f2a4 platform-introduce-OF-style-modalias-support-for-pla.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch diff --git a/main/linux-grsec/ccache.patch b/main/linux-grsec/ccache.patch deleted file mode 100644 index b6c7090b74..0000000000 --- a/main/linux-grsec/ccache.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- ./scripts/gcc-plugin.sh.orig 2014-04-02 11:25:17.447803082 +0000 -+++ ./scripts/gcc-plugin.sh 2014-04-02 11:25:35.211351328 +0000 -@@ -1,6 +1,6 @@ - #!/bin/bash - srctree=$(dirname "$0") --gccplugins_dir=$("$3" -print-file-name=plugin) -+gccplugins_dir=$($3 -print-file-name=plugin) - plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF - #include "gcc-common.h" - #if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) diff --git a/main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch b/main/linux-grsec/grsecurity-3.0-3.13.10-201404141717.patch index 9c4aaacd2f..10e9b5bfb5 100644 --- a/main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch +++ b/main/linux-grsec/grsecurity-3.0-3.13.10-201404141717.patch @@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 4cab13b..b7d5e41 100644 +index 982ade0..f9cdd67 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -12500,9 +12500,18 @@ index c337422..2c5be72 100644 .quad 0x0000000000000000 /* TS continued */ gdt_end: diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 434f077..b6b4b38 100644 +index 434f077..f20f3ff 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c +@@ -224,7 +224,7 @@ void __putstr(const char *s) + + void *memset(void *s, int c, size_t n) + { +- int i; ++ size_t i; + char *ss = s; + + for (i = 0; i < n; i++) @@ -283,7 +283,7 @@ static void handle_relocations(void *output, unsigned long output_len) * Calculate the delta between where vmlinux was linked to load * and where it was actually loaded. @@ -12512,7 +12521,16 @@ index 434f077..b6b4b38 100644 if (!delta) { debug_putstr("No relocation needed... "); return; -@@ -380,7 +380,7 @@ static void parse_elf(void *output) +@@ -353,7 +353,7 @@ static void parse_elf(void *output) + Elf32_Ehdr ehdr; + Elf32_Phdr *phdrs, *phdr; + #endif +- void *dest; ++ void *dest, *prev; + int i; + + memcpy(&ehdr, output, sizeof(ehdr)); +@@ -380,13 +380,16 @@ static void parse_elf(void *output) case PT_LOAD: #ifdef CONFIG_RELOCATABLE dest = output; @@ -12521,7 +12539,16 @@ index 434f077..b6b4b38 100644 #else dest = (void *)(phdr->p_paddr); #endif -@@ -432,7 +432,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, + memcpy(dest, + output + phdr->p_offset, + phdr->p_filesz); ++ if (i) ++ memset(prev, 0xff, dest - prev); ++ prev = dest + phdr->p_filesz; + break; + default: /* Ignore other PT_* */ break; + } +@@ -432,7 +435,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -13661,7 +13688,7 @@ index dbc4339..de6e120 100644 ################################################################ diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S -index 586f41a..d02851e 100644 +index 185fad4..ff4cd36 100644 --- a/arch/x86/crypto/ghash-clmulni-intel_asm.S +++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S @@ -18,6 +18,7 @@ @@ -13672,7 +13699,7 @@ index 586f41a..d02851e 100644 .data -@@ -93,6 +94,7 @@ __clmul_gf128mul_ble: +@@ -89,6 +90,7 @@ __clmul_gf128mul_ble: psrlq $1, T2 pxor T2, T1 pxor T1, DATA @@ -13680,7 +13707,7 @@ index 586f41a..d02851e 100644 ret ENDPROC(__clmul_gf128mul_ble) -@@ -105,6 +107,7 @@ ENTRY(clmul_ghash_mul) +@@ -101,6 +103,7 @@ ENTRY(clmul_ghash_mul) call __clmul_gf128mul_ble PSHUFB_XMM BSWAP DATA movups DATA, (%rdi) @@ -13688,21 +13715,13 @@ index 586f41a..d02851e 100644 ret ENDPROC(clmul_ghash_mul) -@@ -132,6 +135,7 @@ ENTRY(clmul_ghash_update) +@@ -128,5 +131,6 @@ ENTRY(clmul_ghash_update) PSHUFB_XMM BSWAP DATA movups DATA, (%rdi) .Lupdate_just_ret: + pax_force_retaddr ret ENDPROC(clmul_ghash_update) - -@@ -157,5 +161,6 @@ ENTRY(clmul_ghash_setkey) - pand .Lpoly, %xmm1 - pxor %xmm1, %xmm0 - movups %xmm0, (%rdi) -+ pax_force_retaddr - ret - ENDPROC(clmul_ghash_setkey) diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S index 9279e0b..c4b3d2c 100644 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S @@ -17549,7 +17568,7 @@ index 81bb91b..9392125 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 5ad38ad..f228861 100644 +index bbc8b12..f228861 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -17672,30 +17691,7 @@ index 5ad38ad..f228861 100644 #include <linux/mm_types.h> #include <linux/mmdebug.h> #include <linux/log2.h> -@@ -445,20 +520,10 @@ static inline int pte_same(pte_t a, pte_t b) - return a.pte == b.pte; - } - --static inline int pteval_present(pteval_t pteval) --{ -- /* -- * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this -- * way clearly states that the intent is that protnone and numa -- * hinting ptes are considered present for the purposes of -- * pagetable operations like zapping, protection changes, gup etc. -- */ -- return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA); --} -- - static inline int pte_present(pte_t a) - { -- return pteval_present(pte_flags(a)); -+ return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE | -+ _PAGE_NUMA); - } - - #define pte_accessible pte_accessible -@@ -580,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) +@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17704,7 +17700,7 @@ index 5ad38ad..f228861 100644 /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) -@@ -620,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) +@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17713,7 +17709,7 @@ index 5ad38ad..f228861 100644 /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -@@ -635,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -17722,7 +17718,7 @@ index 5ad38ad..f228861 100644 } static inline int pgd_none(pgd_t pgd) -@@ -658,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -17736,7 +17732,7 @@ index 5ad38ad..f228861 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -669,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) +@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -17760,7 +17756,7 @@ index 5ad38ad..f228861 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -835,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -25363,7 +25359,7 @@ index 898160b..758cde8 100644 reset_current_kprobe(); preempt_enable_no_resched(); diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index ebc9873..1b9724b 100644 +index ebc9873..37b8776 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) @@ -25416,7 +25412,7 @@ index ebc9873..1b9724b 100644 return retval; } -@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -229,6 +247,24 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -25427,6 +25423,17 @@ index ebc9873..1b9724b 100644 + } +#endif + ++ /* ++ * On x86-64 we do not support 16-bit segments due to ++ * IRET leaking the high bits of the kernel stack address. ++ */ ++#ifdef CONFIG_X86_64 ++ if (!ldt_info.seg_32bit) { ++ error = -EINVAL; ++ goto out_unlock; ++ } ++#endif ++ fill_ldt(&ldt, &ldt_info); if (oldmode) ldt.avl = 0; @@ -35432,30 +35439,18 @@ index fa6ade7..73da73a5 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 3c76c3d..7327d91 100644 +index ce563be..7327d91 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr, - /* Assume pteval_t is equivalent to all the other *val_t types. */ - static pteval_t pte_mfn_to_pfn(pteval_t val) - { -- if (pteval_present(val)) { -+ if (val & _PAGE_PRESENT) { - unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; - unsigned long pfn = mfn_to_pfn(mfn); - -@@ -379,9 +379,9 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) +@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) return val; } -static pteval_t pte_pfn_to_mfn(pteval_t val) +static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val) { -- if (pteval_present(val)) { -+ if (val & _PAGE_PRESENT) { + if (val & _PAGE_PRESENT) { unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; - pteval_t flags = val & PTE_FLAGS_MASK; - unsigned long mfn; @@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) /* L3_k[510] -> level2_kernel_pgt * L3_i[511] -> level2_fixmap_pgt */ @@ -40067,19 +40062,6 @@ index a3ba9a8..ee52ddd 100644 unsigned relocs_total = 0; unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry); -diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c -index d3c3b5b..e79720d 100644 ---- a/drivers/gpu/drm/i915/i915_gem_gtt.c -+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c -@@ -828,7 +828,7 @@ void i915_gem_suspend_gtt_mappings(struct drm_device *dev) - dev_priv->gtt.base.clear_range(&dev_priv->gtt.base, - dev_priv->gtt.base.start / PAGE_SIZE, - dev_priv->gtt.base.total / PAGE_SIZE, -- false); -+ true); - } - - void i915_gem_restore_gtt_mappings(struct drm_device *dev) diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c index 3c59584..500f2e9 100644 --- a/drivers/gpu/drm/i915/i915_ioc32.c @@ -42930,10 +42912,10 @@ index 2f0b39d..7370f13 100644 ssize_t psmouse_attr_show_helper(struct device *dev, struct device_attribute *attr, diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c -index 4c842c3..590b0bf 100644 +index b604564..3f14ae4 100644 --- a/drivers/input/mousedev.c +++ b/drivers/input/mousedev.c -@@ -738,7 +738,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer, +@@ -744,7 +744,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer, spin_unlock_irq(&client->packet_lock); @@ -44026,6 +44008,28 @@ index 0095ec8..c89277a 100644 } struct md_personality +diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c +index 579b582..9fb6185 100644 +--- a/drivers/md/persistent-data/dm-space-map-metadata.c ++++ b/drivers/md/persistent-data/dm-space-map-metadata.c +@@ -679,7 +679,7 @@ static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks) + * Flick into a mode where all blocks get allocated in the new area. + */ + smm->begin = old_len; +- memcpy(sm, &bootstrap_ops, sizeof(*sm)); ++ memcpy((void *)sm, &bootstrap_ops, sizeof(*sm)); + + /* + * Extend. +@@ -710,7 +710,7 @@ out: + /* + * Switch back to normal behaviour. + */ +- memcpy(sm, &ops, sizeof(*sm)); ++ memcpy((void *)sm, &ops, sizeof(*sm)); + return r; + } + diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h index 3e6d115..ffecdeb 100644 --- a/drivers/md/persistent-data/dm-space-map.h @@ -46322,10 +46326,10 @@ index a79e9d3..78cd4fa 100644 /* we will have to manufacture ethernet headers, prepare template */ diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 0247973..088193a 100644 +index fc5d2b7..48e2984 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c -@@ -2615,7 +2615,7 @@ nla_put_failure: +@@ -2721,7 +2721,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -52105,38 +52109,6 @@ index 1eab4ac..e21efc9 100644 iommu_group_id(group->iommu_group)); return 0; -diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c -index b12176f..e5522d9 100644 ---- a/drivers/vhost/net.c -+++ b/drivers/vhost/net.c -@@ -528,6 +528,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, - *iovcount = seg; - if (unlikely(log)) - *log_num = nlogs; -+ -+ /* Detect overrun */ -+ if (unlikely(datalen > 0)) { -+ r = UIO_MAXIOV + 1; -+ goto err; -+ } - return headcount; - err: - vhost_discard_vq_desc(vq, headcount); -@@ -583,6 +589,14 @@ static void handle_rx(struct vhost_net *net) - /* On error, stop handling until the next kick. */ - if (unlikely(headcount < 0)) - break; -+ /* On overrun, truncate and discard */ -+ if (unlikely(headcount > UIO_MAXIOV)) { -+ msg.msg_iovlen = 1; -+ err = sock->ops->recvmsg(NULL, sock, &msg, -+ 1, MSG_DONTWAIT | MSG_TRUNC); -+ pr_debug("Discarded rx packet: len %zd\n", sock_len); -+ continue; -+ } - /* OK, now we need to know about added descriptors. */ - if (!headcount) { - if (unlikely(vhost_enable_notify(&net->dev, vq))) { diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c index 5174eba..451e6bc 100644 --- a/drivers/vhost/vringh.c @@ -55638,54 +55610,6 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, -diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c -index 4c02e2b..2c85267 100644 ---- a/drivers/xen/balloon.c -+++ b/drivers/xen/balloon.c -@@ -406,12 +406,26 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) - state = BP_EAGAIN; - break; - } -- -- pfn = page_to_pfn(page); -- frame_list[i] = pfn_to_mfn(pfn); -- - scrub_page(page); - -+ frame_list[i] = page_to_pfn(page); -+ } -+ -+ /* -+ * Ensure that ballooned highmem pages don't have kmaps. -+ * -+ * Do this before changing the p2m as kmap_flush_unused() -+ * reads PTEs to obtain pages (and hence needs the original -+ * p2m entry). -+ */ -+ kmap_flush_unused(); -+ -+ /* Update direct mapping, invalidate P2M, and add to balloon. */ -+ for (i = 0; i < nr_pages; i++) { -+ pfn = frame_list[i]; -+ frame_list[i] = pfn_to_mfn(pfn); -+ page = pfn_to_page(pfn); -+ - #ifdef CONFIG_XEN_HAVE_PVMMU - /* - * Ballooned out frames are effectively replaced with -@@ -436,11 +450,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) - } - #endif - -- balloon_append(pfn_to_page(pfn)); -+ balloon_append(page); - } - -- /* Ensure that ballooned highmem pages don't have kmaps. */ -- kmap_flush_unused(); - flush_tlb_all(); - - set_xen_guest_handle(reservation.extent_start, frame_list); diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c index fef20db..d28b1ab 100644 --- a/drivers/xen/xenfs/xenstored.c @@ -58166,7 +58090,7 @@ index bc3fbcd..6031650 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index fdbe230..d852932 100644 +index f7ad6d7..d852932 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) @@ -58178,18 +58102,6 @@ index fdbe230..d852932 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name) - u32 dlen = ACCESS_ONCE(name->len); - char *p; - -- if (*buflen < dlen + 1) -- return -ENAMETOOLONG; - *buflen -= dlen + 1; -+ if (*buflen < 0) -+ return -ENAMETOOLONG; - p = *buffer -= dlen + 1; - *p++ = '/'; - while (dlen--) { @@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; @@ -61162,7 +61074,7 @@ index 92a0f0a..45a48f0 100644 spin_lock(&inode->i_lock); diff --git a/fs/mount.h b/fs/mount.h -index a17458c..e69fb5b 100644 +index b29e42f..5ea7fdf 100644 --- a/fs/mount.h +++ b/fs/mount.h @@ -11,7 +11,7 @@ struct mnt_namespace { @@ -61184,7 +61096,7 @@ index a17458c..e69fb5b 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index cfe6608..a24748c 100644 +index 399f637..a24748c 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) @@ -61260,57 +61172,7 @@ index cfe6608..a24748c 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1098,7 +1112,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, - return false; - - if (!d_mountpoint(path->dentry)) -- break; -+ return true; - - mounted = __lookup_mnt(path->mnt, path->dentry); - if (!mounted) -@@ -1114,20 +1128,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, - */ - *inode = path->dentry->d_inode; - } -- return true; --} -- --static void follow_mount_rcu(struct nameidata *nd) --{ -- while (d_mountpoint(nd->path.dentry)) { -- struct mount *mounted; -- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry); -- if (!mounted) -- break; -- nd->path.mnt = &mounted->mnt; -- nd->path.dentry = mounted->mnt.mnt_root; -- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); -- } -+ return read_seqretry(&mount_lock, nd->m_seq); - } - - static int follow_dotdot_rcu(struct nameidata *nd) -@@ -1155,7 +1156,17 @@ static int follow_dotdot_rcu(struct nameidata *nd) - break; - nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); - } -- follow_mount_rcu(nd); -+ while (d_mountpoint(nd->path.dentry)) { -+ struct mount *mounted; -+ mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry); -+ if (!mounted) -+ break; -+ nd->path.mnt = &mounted->mnt; -+ nd->path.dentry = mounted->mnt.mnt_root; -+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); -+ if (!read_seqretry(&mount_lock, nd->m_seq)) -+ goto failed; -+ } - nd->inode = nd->path.dentry->d_inode; - return 0; - -@@ -1582,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1579,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -61319,7 +61181,7 @@ index cfe6608..a24748c 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1655,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1652,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -61328,7 +61190,7 @@ index cfe6608..a24748c 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1939,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1936,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -61337,7 +61199,7 @@ index cfe6608..a24748c 100644 put_link(nd, &link, cookie); } } -@@ -1946,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1943,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -61351,7 +61213,7 @@ index cfe6608..a24748c 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!d_is_directory(nd->path.dentry)) { path_put(&nd->path); -@@ -1973,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -1970,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -61368,7 +61230,7 @@ index cfe6608..a24748c 100644 return retval; } -@@ -2548,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2545,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -61382,7 +61244,7 @@ index cfe6608..a24748c 100644 return 0; } -@@ -2779,7 +2815,7 @@ looked_up: +@@ -2776,7 +2815,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -61391,7 +61253,7 @@ index cfe6608..a24748c 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2814,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2811,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -61409,7 +61271,7 @@ index cfe6608..a24748c 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2835,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2832,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -61418,7 +61280,7 @@ index cfe6608..a24748c 100644 } out_no_open: path->dentry = dentry; -@@ -2849,7 +2898,7 @@ out_dput: +@@ -2846,7 +2898,7 @@ out_dput: /* * Handle the last step of open() */ @@ -61427,7 +61289,7 @@ index cfe6608..a24748c 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2899,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2896,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -61443,7 +61305,7 @@ index cfe6608..a24748c 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2918,7 +2976,7 @@ retry_lookup: +@@ -2915,7 +2976,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -61452,7 +61314,7 @@ index cfe6608..a24748c 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2942,11 +3000,28 @@ retry_lookup: +@@ -2939,11 +3000,28 @@ retry_lookup: goto finish_open_created; } @@ -61482,7 +61344,7 @@ index cfe6608..a24748c 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2987,6 +3062,11 @@ finish_lookup: +@@ -2984,6 +3062,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -61494,7 +61356,7 @@ index cfe6608..a24748c 100644 return 1; } -@@ -2996,7 +3076,6 @@ finish_lookup: +@@ -2993,7 +3076,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -61502,7 +61364,7 @@ index cfe6608..a24748c 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3006,7 +3085,18 @@ finish_open: +@@ -3003,7 +3085,18 @@ finish_open: path_put(&save_parent); return error; } @@ -61521,7 +61383,7 @@ index cfe6608..a24748c 100644 error = -EISDIR; if ((open_flag & O_CREAT) && (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3170,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3167,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -61530,7 +61392,7 @@ index cfe6608..a24748c 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3188,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3185,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -61539,7 +61401,7 @@ index cfe6608..a24748c 100644 put_link(nd, &link, cookie); } out: -@@ -3288,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3285,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -61553,7 +61415,7 @@ index cfe6608..a24748c 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3342,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3339,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -61574,7 +61436,7 @@ index cfe6608..a24748c 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3404,6 +3510,17 @@ retry: +@@ -3401,6 +3510,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -61592,7 +61454,7 @@ index cfe6608..a24748c 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3420,6 +3537,8 @@ retry: +@@ -3417,6 +3537,8 @@ retry: break; } out: @@ -61601,7 +61463,7 @@ index cfe6608..a24748c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3472,9 +3591,16 @@ retry: +@@ -3469,9 +3591,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -61618,7 +61480,7 @@ index cfe6608..a24748c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3555,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3552,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -61627,7 +61489,7 @@ index cfe6608..a24748c 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3587,10 +3715,21 @@ retry: +@@ -3584,10 +3715,21 @@ retry: error = -ENOENT; goto exit3; } @@ -61649,7 +61511,7 @@ index cfe6608..a24748c 100644 exit3: dput(dentry); exit2: -@@ -3680,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3677,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -61658,7 +61520,7 @@ index cfe6608..a24748c 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3706,10 +3847,22 @@ retry_deleg: +@@ -3703,10 +3847,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -61681,7 +61543,7 @@ index cfe6608..a24748c 100644 exit2: dput(dentry); } -@@ -3797,9 +3950,17 @@ retry: +@@ -3794,9 +3950,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -61699,7 +61561,7 @@ index cfe6608..a24748c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3902,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3899,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -61707,7 +61569,7 @@ index cfe6608..a24748c 100644 int how = 0; int error; -@@ -3925,7 +4087,7 @@ retry: +@@ -3922,7 +4087,7 @@ retry: if (error) return error; @@ -61716,7 +61578,7 @@ index cfe6608..a24748c 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3937,11 +4099,28 @@ retry: +@@ -3934,11 +4099,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -61745,7 +61607,7 @@ index cfe6608..a24748c 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4228,6 +4407,12 @@ retry_deleg: +@@ -4225,6 +4407,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -61758,7 +61620,7 @@ index cfe6608..a24748c 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4235,6 +4420,9 @@ retry_deleg: +@@ -4232,6 +4420,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -61768,7 +61630,7 @@ index cfe6608..a24748c 100644 exit5: dput(new_dentry); exit4: -@@ -4271,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4268,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -61777,7 +61639,7 @@ index cfe6608..a24748c 100644 int len; len = PTR_ERR(link); -@@ -4280,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4277,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -61794,10 +61656,10 @@ index cfe6608..a24748c 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index be32ebc..c595734 100644 +index 6d0e54e..4c1f85e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1293,6 +1293,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1339,6 +1339,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -61807,7 +61669,7 @@ index be32ebc..c595734 100644 return retval; } -@@ -1315,6 +1318,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1361,6 +1364,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -61817,7 +61679,7 @@ index be32ebc..c595734 100644 return retval; } -@@ -1334,7 +1340,7 @@ static inline bool may_mount(void) +@@ -1380,7 +1386,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -61826,7 +61688,7 @@ index be32ebc..c595734 100644 { struct path path; struct mount *mnt; -@@ -1376,7 +1382,7 @@ out: +@@ -1422,7 +1428,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -61835,7 +61697,7 @@ index be32ebc..c595734 100644 { return sys_umount(name, 0); } -@@ -2379,6 +2385,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2426,6 +2432,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -61852,7 +61714,7 @@ index be32ebc..c595734 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2393,6 +2409,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2440,6 +2456,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -61862,7 +61724,7 @@ index be32ebc..c595734 100644 return retval; } -@@ -2410,7 +2429,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2457,7 +2476,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -61871,7 +61733,7 @@ index be32ebc..c595734 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2425,7 +2444,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2472,7 +2491,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -61880,7 +61742,7 @@ index be32ebc..c595734 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2435,7 +2454,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2482,7 +2501,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -61889,7 +61751,7 @@ index be32ebc..c595734 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2556,8 +2575,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2603,8 +2622,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -61900,7 +61762,7 @@ index be32ebc..c595734 100644 { int ret; char *kernel_type; -@@ -2670,6 +2689,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2717,6 +2736,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -61912,7 +61774,7 @@ index be32ebc..c595734 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -2930,7 +2954,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -2983,7 +3007,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -61958,6 +61820,58 @@ index 5d94c02..630214f 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 0e90bf0..134691e 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1070,6 +1070,7 @@ static void nfs4_opendata_free(struct kref *kref) + dput(p->dentry); + nfs_sb_deactive(sb); + nfs_fattr_free_names(&p->f_attr); ++ kfree(p->f_attr.mdsthreshold); + kfree(p); + } + +@@ -2246,10 +2247,12 @@ static int _nfs4_do_open(struct inode *dir, + } + } + +- if (ctx_th && server->attr_bitmask[2] & FATTR4_WORD2_MDSTHRESHOLD) { +- opendata->f_attr.mdsthreshold = pnfs_mdsthreshold_alloc(); +- if (!opendata->f_attr.mdsthreshold) +- goto err_free_label; ++ if (server->attr_bitmask[2] & FATTR4_WORD2_MDSTHRESHOLD) { ++ if (!opendata->f_attr.mdsthreshold) { ++ opendata->f_attr.mdsthreshold = pnfs_mdsthreshold_alloc(); ++ if (!opendata->f_attr.mdsthreshold) ++ goto err_free_label; ++ } + opendata->o_arg.open_bitmap = &nfs4_pnfs_open_bitmap[0]; + } + if (dentry->d_inode != NULL) +@@ -2277,11 +2280,10 @@ static int _nfs4_do_open(struct inode *dir, + if (opendata->file_created) + *opened |= FILE_CREATED; + +- if (pnfs_use_threshold(ctx_th, opendata->f_attr.mdsthreshold, server)) ++ if (pnfs_use_threshold(ctx_th, opendata->f_attr.mdsthreshold, server)) { + *ctx_th = opendata->f_attr.mdsthreshold; +- else +- kfree(opendata->f_attr.mdsthreshold); +- opendata->f_attr.mdsthreshold = NULL; ++ opendata->f_attr.mdsthreshold = NULL; ++ } + + nfs4_label_free(olabel); + +@@ -2291,7 +2293,6 @@ static int _nfs4_do_open(struct inode *dir, + err_free_label: + nfs4_label_free(olabel); + err_opendata_put: +- kfree(opendata->f_attr.mdsthreshold); + nfs4_opendata_put(opendata); + err_put_state_owner: + nfs4_put_state_owner(sp); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 419572f..5414a23 100644 --- a/fs/nfsd/nfs4proc.c @@ -65163,10 +65077,10 @@ index 104455b..764c512 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..13b7885 +index 0000000..3abaf02 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1155 @@ +@@ -0,0 +1,1161 @@ +# +# grecurity configuration +# @@ -65222,7 +65136,8 @@ index 0000000..13b7885 + the most notable of which are XFree86 and hwclock. hwclock can be + remedied by having RTC support in the kernel, so real-time + clock support is enabled if this option is enabled, to ensure -+ that hwclock operates correctly. ++ that hwclock operates correctly. If hwclock still does not work, ++ either update udev or symlink /dev/rtc to /dev/rtc0. + + If you're using XFree86 or a version of Xorg from 2012 or earlier, + you may not be able to boot into a graphical environment with this @@ -65647,6 +65562,11 @@ index 0000000..13b7885 + encounter no software incompatibilities with the following options, it + is recommended that you enable each one. + ++ Note that the chroot restrictions are not intended to apply to "chroots" ++ to directories that are simple bind mounts of the global root filesystem. ++ For several other reasons, a user shouldn't expect any significant ++ security by performing such a chroot. ++ +config GRKERNSEC_CHROOT_MOUNT + bool "Deny mounts" + default y if GRKERNSEC_CONFIG_AUTO @@ -76941,9 +76861,18 @@ index bf1ef22..2a55e1b 100644 static inline kuid_t audit_get_loginuid(struct task_struct *tsk) { diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index fd8bf32..2cccd5a 100644 +index fd8bf32..49a5f5c 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h +@@ -45,7 +45,7 @@ struct linux_binprm { + unsigned interp_data; + unsigned long loader, exec; + char tcomm[TASK_COMM_LEN]; +-}; ++} __randomize_layout; + + #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 + #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT) @@ -74,8 +74,10 @@ struct linux_binfmt { int (*load_binary)(struct linux_binprm *); int (*load_shlib)(struct file *); @@ -76952,12 +76881,12 @@ index fd8bf32..2cccd5a 100644 + void (*handle_mmap)(struct file *); unsigned long min_coredump; /* minimal dump size */ -}; -+} __do_const; ++} __do_const __randomize_layout; extern void __register_binfmt(struct linux_binfmt *fmt, int insert); diff --git a/include/linux/bitops.h b/include/linux/bitops.h -index abc9ca7..e54ee27 100644 +index be5fd38..d71192a 100644 --- a/include/linux/bitops.h +++ b/include/linux/bitops.h @@ -102,7 +102,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift) @@ -79839,7 +79768,7 @@ index 9fe426b..8148be6 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) diff --git a/include/linux/mm.h b/include/linux/mm.h -index 0ab5439..2859c61 100644 +index 5360b82..4eedf45 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp); @@ -79873,7 +79802,7 @@ index 0ab5439..2859c61 100644 struct mmu_gather; struct inode; -@@ -1064,8 +1070,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -1074,8 +1080,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -79884,7 +79813,7 @@ index 0ab5439..2859c61 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1104,9 +1110,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1114,9 +1120,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -79897,7 +79826,7 @@ index 0ab5439..2859c61 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1138,34 +1144,6 @@ int set_page_dirty(struct page *page); +@@ -1148,34 +1154,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -79932,7 +79861,7 @@ index 0ab5439..2859c61 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1265,6 +1243,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1275,6 +1253,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -79948,7 +79877,7 @@ index 0ab5439..2859c61 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1283,8 +1270,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1293,8 +1280,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -79964,7 +79893,7 @@ index 0ab5439..2859c61 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1293,8 +1287,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1303,8 +1297,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -79980,7 +79909,7 @@ index 0ab5439..2859c61 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1312,11 +1313,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1322,11 +1323,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -80004,7 +79933,7 @@ index 0ab5439..2859c61 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTE_PTLOCKS -@@ -1694,7 +1707,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1704,7 +1717,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -80013,7 +79942,7 @@ index 0ab5439..2859c61 100644 extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); -@@ -1702,6 +1715,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1712,6 +1725,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -80021,7 +79950,7 @@ index 0ab5439..2859c61 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1730,10 +1744,11 @@ struct vm_unmapped_area_info { +@@ -1740,10 +1754,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; @@ -80035,7 +79964,7 @@ index 0ab5439..2859c61 100644 /* * Search for an unmapped address range. -@@ -1745,7 +1760,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); +@@ -1755,7 +1770,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) */ static inline unsigned long @@ -80044,7 +79973,7 @@ index 0ab5439..2859c61 100644 { if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) return unmapped_area(info); -@@ -1808,6 +1823,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1818,6 +1833,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -80055,7 +79984,7 @@ index 0ab5439..2859c61 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1836,15 +1855,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1846,15 +1865,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -80071,7 +80000,7 @@ index 0ab5439..2859c61 100644 #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE unsigned long change_prot_numa(struct vm_area_struct *vma, unsigned long start, unsigned long end); -@@ -1896,6 +1906,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1906,6 +1916,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -80083,7 +80012,7 @@ index 0ab5439..2859c61 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1977,7 +1992,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1987,7 +2002,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -80092,7 +80021,7 @@ index 0ab5439..2859c61 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -2014,5 +2029,11 @@ void __init setup_nr_node_ids(void); +@@ -2024,5 +2039,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -80596,6 +80525,27 @@ index 4386946..f50c615 100644 struct padata_cpumask cpumask; spinlock_t lock ____cacheline_aligned; unsigned int processed; +diff --git a/include/linux/path.h b/include/linux/path.h +index d137218..be0c176 100644 +--- a/include/linux/path.h ++++ b/include/linux/path.h +@@ -1,13 +1,15 @@ + #ifndef _LINUX_PATH_H + #define _LINUX_PATH_H + ++#include <linux/compiler.h> ++ + struct dentry; + struct vfsmount; + + struct path { + struct vfsmount *mnt; + struct dentry *dentry; +-}; ++} __randomize_layout; + + extern void path_get(const struct path *); + extern void path_put(const struct path *); diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h index a2e2f1d..8a391d2 100644 --- a/include/linux/pci_hotplug.h @@ -81448,7 +81398,7 @@ index e3347c5..f682891 100644 extern unsigned int sysctl_sched_latency; extern unsigned int sysctl_sched_min_granularity; diff --git a/include/linux/security.h b/include/linux/security.h -index 5623a7f..b352409 100644 +index 5623a7f..7ae77be 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -27,6 +27,7 @@ @@ -81468,6 +81418,15 @@ index 5623a7f..b352409 100644 #ifdef CONFIG_MMU extern unsigned long mmap_min_addr; extern unsigned long dac_mmap_min_addr; +@@ -1718,7 +1717,7 @@ struct security_operations { + struct audit_context *actx); + void (*audit_rule_free) (void *lsmrule); + #endif /* CONFIG_AUDIT */ +-}; ++} __randomize_layout; + + /* prototypes */ + extern int security_init(void); diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h index dc368b8..e895209 100644 --- a/include/linux/semaphore.h @@ -82096,7 +82055,7 @@ index 97d660e..6356755 100644 extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc); diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h -index 756a609..f61242d 100644 +index 756a609..89db85e 100644 --- a/include/linux/tty_driver.h +++ b/include/linux/tty_driver.h @@ -285,7 +285,7 @@ struct tty_operations { @@ -82104,7 +82063,7 @@ index 756a609..f61242d 100644 #endif const struct file_operations *proc_fops; -}; -+} __do_const; ++} __do_const __randomize_layout; struct tty_driver { int magic; /* magic number for this structure */ @@ -82560,6 +82519,19 @@ index 9a36d92..0aafe2a 100644 void v9fs_register_trans(struct p9_trans_module *m); void v9fs_unregister_trans(struct p9_trans_module *m); +diff --git a/include/net/af_unix.h b/include/net/af_unix.h +index a175ba4..196eb82 100644 +--- a/include/net/af_unix.h ++++ b/include/net/af_unix.h +@@ -36,7 +36,7 @@ struct unix_skb_parms { + u32 secid; /* Security ID */ + #endif + u32 consumed; +-}; ++} __randomize_layout; + + #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb)) + #define UNIXSID(skb) (&UNIXCB((skb)).secid) diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h index c853b16d..37fccb7 100644 --- a/include/net/bluetooth/l2cap.h @@ -82974,6 +82946,21 @@ index 8ba8ce2..99b7fff 100644 struct sk_buff *skb, int offset, struct iovec *to, size_t len, struct dma_pinned_list *pinned_list); +diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h +index 956b175..55d1504 100644 +--- a/include/net/netfilter/nf_conntrack_extend.h ++++ b/include/net/netfilter/nf_conntrack_extend.h +@@ -47,8 +47,8 @@ enum nf_ct_ext_id { + /* Extensions: optional stuff which isn't permanently in struct. */ + struct nf_ct_ext { + struct rcu_head rcu; +- u8 offset[NF_CT_EXT_NUM]; +- u8 len; ++ u16 offset[NF_CT_EXT_NUM]; ++ u16 len; + char data[0]; + }; + diff --git a/include/net/netlink.h b/include/net/netlink.h index 2b47eaa..6d5bcc2 100644 --- a/include/net/netlink.h @@ -83148,7 +83135,7 @@ index 0a248b3..4dcbe5c 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index 2ef3c3e..e02013e 100644 +index a2b3d4e..466983f 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -348,7 +348,7 @@ struct sock { @@ -83160,6 +83147,15 @@ index 2ef3c3e..e02013e 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; +@@ -1022,7 +1022,7 @@ struct proto { + void (*destroy_cgroup)(struct mem_cgroup *memcg); + struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg); + #endif +-}; ++} __randomize_layout; + + /* + * Bits in struct cg_proto.flags @@ -1209,7 +1209,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) return ret >> PAGE_SHIFT; } @@ -83169,7 +83165,16 @@ index 2ef3c3e..e02013e 100644 sk_memory_allocated(const struct sock *sk) { struct proto *prot = sk->sk_prot; -@@ -1813,7 +1813,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1354,7 +1354,7 @@ struct sock_iocb { + struct scm_cookie *scm; + struct msghdr *msg, async_msg; + struct kiocb *kiocb; +-}; ++} __randomize_layout; + + static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) + { +@@ -1818,7 +1818,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -83178,7 +83183,7 @@ index 2ef3c3e..e02013e 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2075,7 +2075,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2080,7 +2080,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -83188,37 +83193,10 @@ index 2ef3c3e..e02013e 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index 9250d62..10a7f03 100644 +index 197b020..10a7f03 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -480,20 +480,21 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, - #ifdef CONFIG_SYN_COOKIES - #include <linux/ktime.h> - --/* Syncookies use a monotonic timer which increments every 64 seconds. -+/* Syncookies use a monotonic timer which increments every 60 seconds. - * This counter is used both as a hash input and partially encoded into - * the cookie value. A cookie is only validated further if the delta - * between the current counter value and the encoded one is less than this, -- * i.e. a sent cookie is valid only at most for 128 seconds (or less if -+ * i.e. a sent cookie is valid only at most for 2*60 seconds (or less if - * the counter advances immediately after a cookie is generated). - */ - #define MAX_SYNCOOKIE_AGE 2 - - static inline u32 tcp_cookie_time(void) - { -- struct timespec now; -- getnstimeofday(&now); -- return now.tv_sec >> 6; /* 64 seconds granularity */ -+ u64 val = get_jiffies_64(); -+ -+ do_div(val, 60 * HZ); -+ return val; - } - - u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th, -@@ -540,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk); +@@ -541,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk); void tcp_xmit_retransmit_queue(struct sock *); void tcp_simple_retransmit(struct sock *); int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -83227,7 +83205,7 @@ index 9250d62..10a7f03 100644 void tcp_send_probe0(struct sock *); void tcp_send_partial(struct sock *); -@@ -711,8 +712,8 @@ struct tcp_skb_cb { +@@ -712,8 +712,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -83238,7 +83216,7 @@ index 9250d62..10a7f03 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -726,7 +727,7 @@ struct tcp_skb_cb { +@@ -727,7 +727,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -83785,7 +83763,7 @@ index 30f5362..8ed8ac9 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 4e5d96a..93cd8a1 100644 +index 66e6759..1333b01 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1079,6 +1079,7 @@ endif # CGROUPS @@ -83796,7 +83774,7 @@ index 4e5d96a..93cd8a1 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1550,7 +1551,7 @@ config SLUB_DEBUG +@@ -1557,7 +1558,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -83805,7 +83783,7 @@ index 4e5d96a..93cd8a1 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1838,7 +1839,7 @@ config INIT_ALL_POSSIBLE +@@ -1845,7 +1846,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -84802,7 +84780,7 @@ index 4e66bf9..cdccecf 100644 +} +EXPORT_SYMBOL(inode_capable_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 271acd8..54b70fe 100644 +index b44dd49..94c2826 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -5609,7 +5609,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css, @@ -85794,7 +85772,7 @@ index dfa736c..d170f9b 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index f6ff019..ac53307 100644 +index 0d74e3a..59bea40 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -85805,7 +85783,7 @@ index f6ff019..ac53307 100644 #include <linux/signal.h> #include <linux/export.h> #include <linux/magic.h> -@@ -243,6 +244,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -245,6 +246,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -85817,7 +85795,7 @@ index f6ff019..ac53307 100644 /* * The futex address must be "naturally" aligned. */ -@@ -442,7 +448,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, +@@ -444,7 +450,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, static int get_futex_value_locked(u32 *dest, u32 __user *from) { @@ -85826,15 +85804,15 @@ index f6ff019..ac53307 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -2735,6 +2741,7 @@ static int __init futex_init(void) +@@ -2737,6 +2743,7 @@ static void __init futex_detect_cmpxchg(void) { + #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; - int i; + mm_segment_t oldfs; /* * This will fail and we want it. Some arch implementations do -@@ -2746,8 +2753,11 @@ static int __init futex_init(void) +@@ -2748,8 +2755,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -85843,9 +85821,9 @@ index f6ff019..ac53307 100644 if (cmpxchg_futex_value_locked(&curval, NULL, 0, 0) == -EFAULT) futex_cmpxchg_enabled = 1; + set_fs(oldfs); + #endif + } - for (i = 0; i < ARRAY_SIZE(futex_queues); i++) { - plist_head_init(&futex_queues[i].chain); diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c index f9f44fd..29885e4 100644 --- a/kernel/futex_compat.c @@ -87650,7 +87628,7 @@ index 9b9a266..c20ef80 100644 { struct pid *pid; diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c -index 06c62de..b08cc6c 100644 +index 06c62de..a0ca23f 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -253,7 +253,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, @@ -87662,6 +87640,17 @@ index 06c62de..b08cc6c 100644 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; +@@ -318,7 +318,9 @@ static void *pidns_get(struct task_struct *task) + struct pid_namespace *ns; + + rcu_read_lock(); +- ns = get_pid_ns(task_active_pid_ns(task)); ++ ns = task_active_pid_ns(task); ++ if (ns) ++ get_pid_ns(ns); + rcu_read_unlock(); + + return ns; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c index c7f31aa..2b44977 100644 --- a/kernel/posix-cpu-timers.c @@ -91001,7 +90990,7 @@ index 7811ed3..f80ca19 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/random32.c b/lib/random32.c -index 1e5b2df..009bfe8 100644 +index 6148967..009bfe8 100644 --- a/lib/random32.c +++ b/lib/random32.c @@ -44,7 +44,7 @@ @@ -91013,27 +91002,6 @@ index 1e5b2df..009bfe8 100644 /** * prandom_u32_state - seeded pseudo-random number generator. -@@ -244,8 +244,19 @@ static void __prandom_reseed(bool late) - static bool latch = false; - static DEFINE_SPINLOCK(lock); - -+ /* Asking for random bytes might result in bytes getting -+ * moved into the nonblocking pool and thus marking it -+ * as initialized. In this case we would double back into -+ * this function and attempt to do a late reseed. -+ * Ignore the pointless attempt to reseed again if we're -+ * already waiting for bytes when the nonblocking pool -+ * got initialized. -+ */ -+ - /* only allow initial seeding (late == false) once */ -- spin_lock_irqsave(&lock, flags); -+ if (!spin_trylock_irqsave(&lock, flags)) -+ return; -+ - if (latch && !late) - goto out; - latch = true; diff --git a/lib/rbtree.c b/lib/rbtree.c index 65f4eff..2cfa167 100644 --- a/lib/rbtree.c @@ -91658,7 +91626,7 @@ index 539eeb9..e24a987 100644 if (end == start) return error; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 90977ac..487ab84 100644 +index 4566e8f..46be98c 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -94309,7 +94277,7 @@ index 7106cb1..0805f48 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 56f268d..4d35ec4 100644 +index 589521d..314053a 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -94329,7 +94297,7 @@ index 56f268d..4d35ec4 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -712,6 +713,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -714,6 +715,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -94340,7 +94308,7 @@ index 56f268d..4d35ec4 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -728,6 +733,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -730,6 +735,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -94353,7 +94321,7 @@ index 56f268d..4d35ec4 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -750,6 +761,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -752,6 +763,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -94374,7 +94342,7 @@ index 56f268d..4d35ec4 100644 void __init __free_pages_bootmem(struct page *page, unsigned int order) { unsigned int nr_pages = 1 << order; -@@ -765,6 +790,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) +@@ -767,6 +792,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -94394,7 +94362,7 @@ index 56f268d..4d35ec4 100644 page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -870,8 +908,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -872,8 +910,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -95671,7 +95639,7 @@ index 8cc7be0..d0f7d7a 100644 } } diff --git a/mm/swap.c b/mm/swap.c -index 84b26aa..ce39899 100644 +index 7010cf4..f0a56a4 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -77,6 +77,8 @@ static void __put_compound_page(struct page *page) @@ -96036,10 +96004,10 @@ index 7249614..2639fc7 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index b3d17d1..e8e4cdd 100644 +index 9a87f5a..67aeeb2 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -472,7 +472,7 @@ out: +@@ -474,7 +474,7 @@ out: return NOTIFY_DONE; } @@ -96048,7 +96016,7 @@ index b3d17d1..e8e4cdd 100644 .notifier_call = vlan_device_event, }; -@@ -547,8 +547,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -549,8 +549,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; @@ -96923,10 +96891,94 @@ index 5b7d0e1..cb960fc 100644 } EXPORT_SYMBOL(dev_load); diff --git a/net/core/filter.c b/net/core/filter.c -index ad30d62..c2757df 100644 +index ad30d62..21c0743 100644 --- a/net/core/filter.c +++ b/net/core/filter.c -@@ -679,7 +679,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp, +@@ -126,7 +126,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb, + void *ptr; + u32 A = 0; /* Accumulator */ + u32 X = 0; /* Index Register */ +- u32 mem[BPF_MEMWORDS]; /* Scratch Memory Store */ ++ u32 mem[BPF_MEMWORDS] = {}; /* Scratch Memory Store */ + u32 tmp; + int k; + +@@ -292,10 +292,10 @@ load_b: + X = K; + continue; + case BPF_S_LD_MEM: +- A = mem[K]; ++ A = mem[K&15]; + continue; + case BPF_S_LDX_MEM: +- X = mem[K]; ++ X = mem[K&15]; + continue; + case BPF_S_MISC_TAX: + X = A; +@@ -308,10 +308,10 @@ load_b: + case BPF_S_RET_A: + return A; + case BPF_S_ST: +- mem[K] = A; ++ mem[K&15] = A; + continue; + case BPF_S_STX: +- mem[K] = X; ++ mem[K&15] = X; + continue; + case BPF_S_ANC_PROTOCOL: + A = ntohs(skb->protocol); +@@ -355,6 +355,10 @@ load_b: + + if (skb_is_nonlinear(skb)) + return 0; ++ ++ if (skb->len < sizeof(struct nlattr)) ++ return 0; ++ + if (A > skb->len - sizeof(struct nlattr)) + return 0; + +@@ -371,11 +375,15 @@ load_b: + + if (skb_is_nonlinear(skb)) + return 0; ++ ++ if (skb->len < sizeof(struct nlattr)) ++ return 0; ++ + if (A > skb->len - sizeof(struct nlattr)) + return 0; + + nla = (struct nlattr *)&skb->data[A]; +- if (nla->nla_len > A - skb->len) ++ if (nla->nla_len > skb->len - A) + return 0; + + nla = nla_find_nested(nla, X); +@@ -391,9 +399,10 @@ load_b: + continue; + #endif + default: +- WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n", ++ WARN(1, KERN_ALERT "Unknown sock filter code:%u jt:%u tf:%u k:%u\n", + fentry->code, fentry->jt, + fentry->jf, fentry->k); ++ BUG(); + return 0; + } + } +@@ -416,7 +425,7 @@ static int check_load_and_stores(struct sock_filter *filter, int flen) + u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */ + int pc, ret = 0; + +- BUILD_BUG_ON(BPF_MEMWORDS > 16); ++ BUILD_BUG_ON(BPF_MEMWORDS != 16); + masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL); + if (!masks) + return -ENOMEM; +@@ -679,7 +688,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp, fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL); if (!fp) return -ENOMEM; @@ -97099,7 +97151,7 @@ index 81d3a9a..a0bd7a8 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index 81975f2..9ef3531 100644 +index 9a46671..6b8cb72 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) @@ -97121,7 +97173,7 @@ index 81975f2..9ef3531 100644 iph->ttl = 64; iph->protocol = IPPROTO_UDP; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index cf67144..12bf94c 100644 +index cc706c9..21fcd84 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -97200,7 +97252,7 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index deffb37..213db0a 100644 +index 9a9898e..38cc3e3 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -2006,7 +2006,7 @@ EXPORT_SYMBOL(__skb_checksum); @@ -97212,7 +97264,7 @@ index deffb37..213db0a 100644 .update = csum_partial_ext, .combine = csum_block_add_ext, }; -@@ -3119,13 +3119,15 @@ void __init skb_init(void) +@@ -3124,13 +3124,15 @@ void __init skb_init(void) skbuff_head_cache = kmem_cache_create("skbuff_head_cache", sizeof(struct sk_buff), 0, @@ -97231,7 +97283,7 @@ index deffb37..213db0a 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index fbc5cfb..6d7e8c3 100644 +index 50db733..8e4aeb4 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -97327,7 +97379,7 @@ index fbc5cfb..6d7e8c3 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2478,6 +2478,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) +@@ -2481,6 +2481,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level, int type) { @@ -97335,7 +97387,7 @@ index fbc5cfb..6d7e8c3 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2499,7 +2500,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, +@@ -2502,7 +2503,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -97691,23 +97743,6 @@ index fc0e649..febfa65 100644 EXPORT_SYMBOL(sysctl_local_reserved_ports); void inet_get_local_port_range(struct net *net, int *low, int *high) -diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c -index bb075fc..322dceb 100644 ---- a/net/ipv4/inet_fragment.c -+++ b/net/ipv4/inet_fragment.c -@@ -278,9 +278,10 @@ static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf, - - atomic_inc(&qp->refcnt); - hlist_add_head(&qp->list, &hb->chain); -- spin_unlock(&hb->chain_lock); -- read_unlock(&f->lock); - inet_frag_lru_add(nf, qp); -+ spin_unlock(&hb->chain_lock); -+ read_unlock(&f->lock); -+ - return qp; - } - diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 8b9cf27..0d8d592 100644 --- a/net/ipv4/inet_hashtables.c @@ -98032,7 +98067,7 @@ index 718dfbd..cef4152 100644 case IPT_SO_GET_ENTRIES: diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 242e7f4..a084e95 100644 +index 242e7f4..76cc7ee 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -55,7 +55,7 @@ @@ -98044,7 +98079,39 @@ index 242e7f4..a084e95 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -334,7 +334,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -251,23 +251,28 @@ int ping_init_sock(struct sock *sk) + struct group_info *group_info = get_current_groups(); + int i, j, count = group_info->ngroups; + kgid_t low, high; ++ int ret = 0; + + inet_get_ping_group_range_net(net, &low, &high); + if (gid_lte(low, group) && gid_lte(group, high)) +- return 0; ++ goto out_release_group; + + for (i = 0; i < group_info->nblocks; i++) { + int cp_count = min_t(int, NGROUPS_PER_BLOCK, count); + for (j = 0; j < cp_count; j++) { + kgid_t gid = group_info->blocks[i][j]; + if (gid_lte(low, gid) && gid_lte(gid, high)) +- return 0; ++ goto out_release_group; + } + + count -= cp_count; + } + +- return -EACCES; ++ ret = -EACCES; ++ ++out_release_group: ++ put_group_info(group_info); ++ return ret; + } + EXPORT_SYMBOL_GPL(ping_init_sock); + +@@ -334,7 +339,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -98053,7 +98120,7 @@ index 242e7f4..a084e95 100644 scoped); rcu_read_unlock(); -@@ -542,7 +542,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -542,7 +547,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -98062,7 +98129,7 @@ index 242e7f4..a084e95 100644 #endif } -@@ -560,7 +560,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -560,7 +565,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -98071,7 +98138,7 @@ index 242e7f4..a084e95 100644 info, (u8 *)icmph); #endif } -@@ -830,6 +830,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -830,6 +835,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, { struct inet_sock *isk = inet_sk(sk); int family = sk->sk_family; @@ -98080,7 +98147,7 @@ index 242e7f4..a084e95 100644 struct sk_buff *skb; int copied, err; -@@ -839,12 +841,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -839,12 +846,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, if (flags & MSG_OOB) goto out; @@ -98101,7 +98168,7 @@ index 242e7f4..a084e95 100644 addr_len); #endif } -@@ -876,7 +885,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -876,7 +890,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, sin->sin_port = 0 /* skb->h.uh->source */; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); @@ -98109,7 +98176,7 @@ index 242e7f4..a084e95 100644 } if (isk->cmsg_flags) -@@ -899,11 +907,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -899,11 +912,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); @@ -98122,7 +98189,7 @@ index 242e7f4..a084e95 100644 #endif } else { BUG(); -@@ -1093,7 +1100,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1093,7 +1105,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -98431,7 +98498,7 @@ index c53b7f3..a89aadd 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 0672139..cacc17d 100644 +index 1d7b9dd..66749f8 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -98751,7 +98818,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 9c05d77..9cfa714 100644 +index 0e8ae69..0fc7350 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -589,7 +589,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -98763,7 +98830,7 @@ index 9c05d77..9cfa714 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2334,7 +2334,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2337,7 +2337,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -98772,7 +98839,7 @@ index 9c05d77..9cfa714 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -3964,7 +3964,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -3967,7 +3967,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -98781,7 +98848,7 @@ index 9c05d77..9cfa714 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4571,7 +4571,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4574,7 +4574,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -98790,7 +98857,7 @@ index 9c05d77..9cfa714 100644 rt_genid_bump_ipv6(net); } -@@ -4592,7 +4592,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4595,7 +4595,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -98799,7 +98866,7 @@ index 9c05d77..9cfa714 100644 int ret; /* -@@ -4677,7 +4677,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4680,7 +4680,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -98833,7 +98900,7 @@ index 93b1aa3..e902855 100644 + atomic_read_unchecked(&sp->sk_drops)); } diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c -index eef8d94..cfa1852 100644 +index e2c9ff8..1e40285 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -997,7 +997,7 @@ struct ctl_table ipv6_icmp_table_template[] = { @@ -99067,7 +99134,7 @@ index 827f795..7e28e82 100644 EXPORT_SYMBOL(ipv6_select_ident); diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c -index a83243c..a1ca589 100644 +index 3a1f1f3..11d95bf 100644 --- a/net/ipv6/ping.c +++ b/net/ipv6/ping.c @@ -246,6 +246,22 @@ static struct pernet_operations ping_v6_net_ops = { @@ -99255,18 +99322,9 @@ index cc85a9b..526a133 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 4b4944c..d346b14 100644 +index 40b6e69..d346b14 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -1495,7 +1495,7 @@ int ip6_route_add(struct fib6_config *cfg) - if (!table) - goto out; - -- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table); -+ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table); - - if (!rt) { - err = -ENOMEM; @@ -2954,7 +2954,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) @@ -100194,18 +100252,9 @@ index ce30041..3861b5d 100644 { if (users > 0) diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c -index a99b6c3..cb372f9 100644 +index 59359be..cb372f9 100644 --- a/net/netfilter/nf_conntrack_proto_dccp.c +++ b/net/netfilter/nf_conntrack_proto_dccp.c -@@ -428,7 +428,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, - const char *msg; - u_int8_t state; - -- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); -+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); - BUG_ON(dh == NULL); - - state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE]; @@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, out_invalid: if (LOG_INVALID(net, IPPROTO_DCCP)) @@ -100215,24 +100264,6 @@ index a99b6c3..cb372f9 100644 return false; } -@@ -486,7 +486,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb, - u_int8_t type, old_state, new_state; - enum ct_dccp_roles role; - -- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); -+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); - BUG_ON(dh == NULL); - type = dh->dccph_type; - -@@ -577,7 +577,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, - unsigned int cscov; - const char *msg; - -- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); -+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); - if (dh == NULL) { - msg = "nf_ct_dccp: short packet "; - goto out_invalid; @@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, out_invalid: @@ -100323,6 +100354,31 @@ index f042ae5..30ea486 100644 mutex_unlock(&nf_sockopt_mutex); } EXPORT_SYMBOL(nf_unregister_sockopt); +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index 71a9f49..c09b60c 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -148,8 +148,8 @@ static int nf_tables_chain_type_lookup(const struct nft_af_info *afi, + #ifdef CONFIG_MODULES + if (type < 0 && autoload) { + nfnl_unlock(NFNL_SUBSYS_NFTABLES); +- request_module("nft-chain-%u-%*.s", afi->family, +- nla_len(nla)-1, (const char *)nla_data(nla)); ++ request_module("nft-chain-%u-%.*s", afi->family, ++ nla_len(nla), (const char *)nla_data(nla)); + nfnl_lock(NFNL_SUBSYS_NFTABLES); + type = __nf_tables_chain_type_lookup(afi->family, nla); + } +@@ -1916,7 +1916,8 @@ static const struct nft_set_ops *nft_select_set_ops(const struct nlattr * const + + static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = { + [NFTA_SET_TABLE] = { .type = NLA_STRING }, +- [NFTA_SET_NAME] = { .type = NLA_STRING }, ++ [NFTA_SET_NAME] = { .type = NLA_STRING, ++ .len = IFNAMSIZ - 1 }, + [NFTA_SET_FLAGS] = { .type = NLA_U32 }, + [NFTA_SET_KEY_TYPE] = { .type = NLA_U32 }, + [NFTA_SET_KEY_LEN] = { .type = NLA_U32 }, diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index a155d19..726b0f2 100644 --- a/net/netfilter/nfnetlink_log.c @@ -101263,7 +101319,7 @@ index b0565af..d135e6e 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index e83c416..f87df4c 100644 +index dc57dae..5b883e0 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -101438,18 +101494,16 @@ index e83c416..f87df4c 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1972,6 +2038,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, - { - if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) - return -EFAULT; -+ -+ if (kmsg->msg_namelen < 0) -+ return -EINVAL; -+ - if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) - kmsg->msg_namelen = sizeof(struct sockaddr_storage); - return 0; -@@ -2047,7 +2117,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1825,7 +1891,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, + struct socket *sock; + struct iovec iov; + struct msghdr msg; +- struct sockaddr_storage address; ++ struct sockaddr_storage address = { }; + int err, err2; + int fput_needed; + +@@ -2051,7 +2117,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -101458,7 +101512,16 @@ index e83c416..f87df4c 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2227,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2202,7 +2268,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, + int err, total_len, len; + + /* kernel mode address */ +- struct sockaddr_storage addr; ++ struct sockaddr_storage addr = { }; + + /* user mode address pointers */ + struct sockaddr __user *uaddr; +@@ -2231,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) */ @@ -101467,7 +101530,7 @@ index e83c416..f87df4c 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2871,7 +2941,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2875,7 +2941,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) ifr = compat_alloc_user_space(buf_size); rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); @@ -101476,7 +101539,7 @@ index e83c416..f87df4c 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -2985,14 +3055,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2989,14 +3055,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -101493,7 +101556,7 @@ index e83c416..f87df4c 100644 return -EFAULT; if (get_user(data, &ifr32->ifr_ifru.ifru_data)) -@@ -3094,7 +3164,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3098,7 +3164,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -101502,7 +101565,7 @@ index e83c416..f87df4c 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3199,7 +3269,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3203,7 +3269,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -101511,7 +101574,7 @@ index e83c416..f87df4c 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3425,8 +3495,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3429,8 +3495,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -101522,7 +101585,7 @@ index e83c416..f87df4c 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3446,7 +3516,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3450,7 +3516,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -101871,20 +101934,20 @@ index e7000be..e3b0ba7 100644 int mode = (table->mode >> 6) & 7; return (mode << 6) | (mode << 3) | mode; diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c -index d38bb45..38d5df5 100644 +index c2a37aa..c195fef 100644 --- a/net/tipc/subscr.c +++ b/net/tipc/subscr.c -@@ -98,7 +98,7 @@ static void subscr_send_event(struct tipc_subscription *sub, u32 found_lower, +@@ -97,7 +97,7 @@ static void subscr_send_event(struct tipc_subscription *sub, u32 found_lower, + struct tipc_subscriber *subscriber = sub->subscriber; struct kvec msg_sect; - int ret; - msg_sect.iov_base = (void *)&sub->evt; + msg_sect.iov_base = &sub->evt; msg_sect.iov_len = sizeof(struct tipc_event); - sub->evt.event = htohl(event, sub->swap); + sub->evt.found_lower = htohl(found_lower, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index d7c1ac6..b0fc322 100644 +index c3975bc..b0fc322 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net, @@ -101933,52 +101996,7 @@ index d7c1ac6..b0fc322 100644 done_path_create(&path, dentry); return err; } -@@ -1785,8 +1804,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, - goto out; - - err = mutex_lock_interruptible(&u->readlock); -- if (err) { -- err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); -+ if (unlikely(err)) { -+ /* recvmsg() in non blocking mode is supposed to return -EAGAIN -+ * sk_rcvtimeo is not honored by mutex_lock_interruptible() -+ */ -+ err = noblock ? -EAGAIN : -ERESTARTSYS; - goto out; - } - -@@ -1911,6 +1933,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, - struct unix_sock *u = unix_sk(sk); - struct sockaddr_un *sunaddr = msg->msg_name; - int copied = 0; -+ int noblock = flags & MSG_DONTWAIT; - int check_creds = 0; - int target; - int err = 0; -@@ -1926,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, - goto out; - - target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); -- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); -+ timeo = sock_rcvtimeo(sk, noblock); - - /* Lock the socket to prevent queue disordering - * while sleeps in memcpy_tomsg -@@ -1938,8 +1961,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, - } - - err = mutex_lock_interruptible(&u->readlock); -- if (err) { -- err = sock_intr_errno(timeo); -+ if (unlikely(err)) { -+ /* recvmsg() in non blocking mode is supposed to return -EAGAIN -+ * sk_rcvtimeo is not honored by mutex_lock_interruptible() -+ */ -+ err = noblock ? -EAGAIN : -ERESTARTSYS; - goto out; - } - -@@ -2335,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2342,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -101993,7 +102011,7 @@ index d7c1ac6..b0fc322 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2364,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2371,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -102532,14 +102550,14 @@ index 078fe1d..fbdb363 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..3c23999 +index 0000000..edcbc3a --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,16 @@ +#!/bin/bash +srctree=$(dirname "$0") -+gccplugins_dir=$("$3" -print-file-name=plugin) -+plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++gccplugins_dir=$($3 -print-file-name=plugin) ++plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF +#include "gcc-common.h" +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 @@ -103808,10 +103826,54 @@ index e9c6ac7..75578c4 100644 default 65536 help This is the portion of low virtual memory which should be protected +diff --git a/security/apparmor/file.c b/security/apparmor/file.c +index fdaa50c..2761dcb 100644 +--- a/security/apparmor/file.c ++++ b/security/apparmor/file.c +@@ -348,8 +348,8 @@ static inline bool xindex_is_subset(u32 link, u32 target) + int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, + struct path *new_dir, struct dentry *new_dentry) + { +- struct path link = { new_dir->mnt, new_dentry }; +- struct path target = { new_dir->mnt, old_dentry }; ++ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; ++ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; + struct path_cond cond = { + old_dentry->d_inode->i_uid, + old_dentry->d_inode->i_mode diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 4257b7e..f0c9438 100644 +index 4257b7e..2d0732d 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c +@@ -186,7 +186,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, + struct dentry *dentry, u32 mask, + struct path_cond *cond) + { +- struct path path = { dir->mnt, dentry }; ++ struct path path = { .mnt = dir->mnt, .dentry = dentry }; + + return common_perm(op, &path, mask, cond); + } +@@ -203,7 +203,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, + static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, + struct dentry *dentry, u32 mask) + { +- struct path path = { mnt, dentry }; ++ struct path path = { .mnt = mnt, .dentry = dentry }; + struct path_cond cond = { dentry->d_inode->i_uid, + dentry->d_inode->i_mode + }; +@@ -325,8 +325,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, + + profile = aa_current_profile(); + if (!unconfined(profile)) { +- struct path old_path = { old_dir->mnt, old_dentry }; +- struct path new_path = { new_dir->mnt, new_dentry }; ++ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; ++ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; + struct path_cond cond = { old_dentry->d_inode->i_uid, + old_dentry->d_inode->i_mode + }; @@ -615,7 +615,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, return error; } @@ -104147,7 +104209,7 @@ index fc3e662..7844c60 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 57b0b49..402063e 100644 +index 019749c..0648215 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -96,8 +96,6 @@ @@ -104159,7 +104221,7 @@ index 57b0b49..402063e 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5745,7 +5743,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -5763,7 +5761,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -104168,7 +104230,7 @@ index 57b0b49..402063e 100644 .name = "selinux", .ptrace_access_check = selinux_ptrace_access_check, -@@ -6098,6 +6096,9 @@ static void selinux_nf_ip_exit(void) +@@ -6116,6 +6114,9 @@ static void selinux_nf_ip_exit(void) #ifdef CONFIG_SECURITY_SELINUX_DISABLE static int selinux_disabled; @@ -104178,7 +104240,7 @@ index 57b0b49..402063e 100644 int selinux_disable(void) { if (ss_initialized) { -@@ -6115,7 +6116,9 @@ int selinux_disable(void) +@@ -6133,7 +6134,9 @@ int selinux_disable(void) selinux_disabled = 1; selinux_enabled = 0; @@ -104215,6 +104277,57 @@ index b0be893..646bd94 100644 .name = "smack", .ptrace_access_check = smack_ptrace_access_check, +diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c +index 4003907..13a2b55 100644 +--- a/security/tomoyo/file.c ++++ b/security/tomoyo/file.c +@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error = -ENOMEM; + struct tomoyo_path_info buf; +@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, + struct tomoyo_path_info buf; + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int idx; + +@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path, const char *target) + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error; + struct tomoyo_path_info buf; +@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error = -ENOMEM; + struct tomoyo_path_info buf; +@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, + struct tomoyo_path_info buf2; + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path1, +- .path2 = *path2, ++ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry }, ++ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry } + }; + int idx; + diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 390c646..f2f8db3 100644 --- a/security/tomoyo/mount.c @@ -104231,9 +104344,94 @@ index 390c646..f2f8db3 100644 if (!fstype) { error = -ENODEV; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index f0b756e..b129202 100644 +index f0b756e..8aa497b 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c +@@ -146,7 +146,7 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) + */ + static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) + { +- struct path path = { mnt, dentry }; ++ struct path path = { .mnt = mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL); + } + +@@ -172,7 +172,7 @@ static int tomoyo_path_truncate(struct path *path) + */ + static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); + } + +@@ -188,7 +188,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) + static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, + umode_t mode) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, + mode & S_IALLUGO); + } +@@ -203,7 +203,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, + */ + static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); + } + +@@ -219,7 +219,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) + static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, + const char *old_name) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); + } + +@@ -236,7 +236,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, + static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, + umode_t mode, unsigned int dev) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + int type = TOMOYO_TYPE_CREATE; + const unsigned int perm = mode & S_IALLUGO; + +@@ -275,8 +275,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, + static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, + struct dentry *new_dentry) + { +- struct path path1 = { new_dir->mnt, old_dentry }; +- struct path path2 = { new_dir->mnt, new_dentry }; ++ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; ++ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; + return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); + } + +@@ -295,8 +295,8 @@ static int tomoyo_path_rename(struct path *old_parent, + struct path *new_parent, + struct dentry *new_dentry) + { +- struct path path1 = { old_parent->mnt, old_dentry }; +- struct path path2 = { new_parent->mnt, new_dentry }; ++ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; ++ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; + return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); + } + +@@ -424,7 +424,7 @@ static int tomoyo_sb_mount(const char *dev_name, struct path *path, + */ + static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) + { +- struct path path = { mnt, mnt->mnt_root }; ++ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; + return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); + } + @@ -503,7 +503,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -105007,10 +105205,10 @@ index 0000000..4c2c45c +size_overflow_hash.h diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..b198b6d +index 0000000..d25d472 --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,54 @@ +@@ -0,0 +1,60 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -105049,22 +105247,28 @@ index 0000000..b198b6d +structleak_plugin-objs := structleak_plugin.o +randomize_layout_plugin-objs := randomize_layout_plugin.o + -+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h ++$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h $(objtree)/$(obj)/size_overflow_hash_aux.h +$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h + +quiet_cmd_build_size_overflow_hash = GENHASH $@ + cmd_build_size_overflow_hash = \ -+ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -d $< -o $@ ++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash -d $< -o $@ +$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE + $(call if_changed,build_size_overflow_hash) + ++quiet_cmd_build_size_overflow_hash_aux = GENHASH $@ ++ cmd_build_size_overflow_hash_aux = \ ++ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash_aux -d $< -o $@ ++$(objtree)/$(obj)/size_overflow_hash_aux.h: $(src)/size_overflow_hash_aux.data FORCE ++ $(call if_changed,build_size_overflow_hash_aux) ++ +quiet_cmd_create_randomize_layout_seed = GENSEED $@ + cmd_create_randomize_layout_seed = \ + $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h +$(objtree)/$(obj)/randomize_layout_seed.h: FORCE + $(call if_changed,create_randomize_layout_seed) + -+targets += size_overflow_hash.h randomize_layout_seed.h randomize_layout_hash.h ++targets += size_overflow_hash.h size_overflow_hash_aux.h randomize_layout_seed.h randomize_layout_hash.h diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c new file mode 100644 index 0000000..5452feea @@ -105956,10 +106160,10 @@ index 0000000..4f67ac1 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..6dbb502 +index 0000000..8af3693 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,286 @@ +@@ -0,0 +1,287 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -106074,6 +106278,7 @@ index 0000000..6dbb502 +#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) ++#define TODO_rebuild_cgraph_edges 0 + +static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code) +{ @@ -106262,10 +106467,10 @@ index 0000000..7514850 +fi diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh new file mode 100644 -index 0000000..e518932 +index 0000000..791ca76 --- /dev/null +++ b/tools/gcc/generate_size_overflow_hash.sh -@@ -0,0 +1,94 @@ +@@ -0,0 +1,97 @@ +#!/bin/bash + +# This script generates the hash table (size_overflow_hash.h) for the size_overflow gcc plugin (size_overflow_plugin.c). @@ -106273,6 +106478,7 @@ index 0000000..e518932 +header1="size_overflow_hash.h" +database="size_overflow_hash.data" +n=65536 ++hashtable_name="size_overflow_hash" + +usage() { +cat <<EOF @@ -106282,6 +106488,7 @@ index 0000000..e518932 + -o header file + -d database file + -n hash array size ++ -s name of the hash table +EOF + return 0 +} @@ -106293,6 +106500,7 @@ index 0000000..e518932 + -n) n=$2; shift 2;; + -o) header1="$2"; shift 2;; + -d) database="$2"; shift 2;; ++ -s) hashtable_name="$2"; shift 2;; + --) shift 1; break ;; + *) break ;; + esac @@ -106334,7 +106542,7 @@ index 0000000..e518932 +} + +create_headers() { -+ echo "const struct size_overflow_hash * const size_overflow_hash[$n] = {" >> "$header1" ++ echo "const struct size_overflow_hash * const $hashtable_name[$n] = {" >> "$header1" +} + +create_array_elements() { @@ -114167,12 +114375,101 @@ index 0000000..9529806 +lookup_inline_extent_backref_65493 lookup_inline_extent_backref 9 65493 NULL +nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL +tree_mod_log_eb_copy_65535 tree_mod_log_eb_copy 6 65535 NULL +diff --git a/tools/gcc/size_overflow_hash_aux.data b/tools/gcc/size_overflow_hash_aux.data +new file mode 100644 +index 0000000..5dd8a8f +--- /dev/null ++++ b/tools/gcc/size_overflow_hash_aux.data +@@ -0,0 +1,83 @@ ++spa_set_aux_vdevs_746 spa_set_aux_vdevs 3 746 NULL ++mappedread_2627 mappedread 2 2627 NULL ++vdev_disk_dio_alloc_2957 vdev_disk_dio_alloc 1 2957 NULL ++nv_alloc_pushpage_spl_4286 nv_alloc_pushpage_spl 2 4286 NULL ++zpl_xattr_get_4574 zpl_xattr_get 0 4574 NULL ++sa_replace_all_by_template_5699 sa_replace_all_by_template 3 5699 NULL ++dmu_write_6048 dmu_write 4-3 6048 NULL ++dmu_buf_hold_array_6095 dmu_buf_hold_array 4-3 6095 NULL ++update_pages_6225 update_pages 2-3 6225 NULL ++bio_nr_pages_7117 bio_nr_pages 0-2 7117 NULL ++dmu_buf_hold_array_by_bonus_8562 dmu_buf_hold_array_by_bonus 3-2 8562 NULL ++zpios_dmu_write_8858 zpios_dmu_write 4-5 8858 NULL ++ddi_copyout_9401 ddi_copyout 3 9401 NULL ++avl_numnodes_12384 avl_numnodes 0 12384 NULL ++dmu_write_uio_dnode_12473 dmu_write_uio_dnode 3 12473 NULL ++dmu_xuio_init_12866 dmu_xuio_init 2 12866 NULL ++dmu_snapshot_realname_14632 dmu_snapshot_realname 4 14632 NULL ++kmem_alloc_debug_14852 kmem_alloc_debug 1 14852 NULL ++kmalloc_node_nofail_15151 kmalloc_node_nofail 1 15151 NULL ++dmu_write_uio_16351 dmu_write_uio 4 16351 NULL ++zfs_log_write_16524 zfs_log_write 6-5 16524 NULL ++sa_build_layouts_16910 sa_build_layouts 3 16910 NULL ++dsl_dir_namelen_17053 dsl_dir_namelen 0 17053 NULL ++sa_add_layout_entry_17507 sa_add_layout_entry 3 17507 NULL ++sa_attr_table_setup_18029 sa_attr_table_setup 3 18029 NULL ++uiocopy_18680 uiocopy 2 18680 NULL ++dmu_buf_hold_array_by_dnode_19125 dmu_buf_hold_array_by_dnode 2-3 19125 NULL ++zpl_acl_from_xattr_21141 zpl_acl_from_xattr 2 21141 NULL ++dsl_pool_tx_assign_init_22518 dsl_pool_tx_assign_init 2 22518 NULL ++sa_replace_all_by_template_locked_22533 sa_replace_all_by_template_locked 3 22533 NULL ++tsd_hash_table_init_22559 tsd_hash_table_init 1 22559 NULL ++spa_vdev_remove_aux_23966 spa_vdev_remove_aux 4 23966 NULL ++zpl_xattr_acl_set_access_24129 zpl_xattr_acl_set_access 4 24129 NULL ++dmu_assign_arcbuf_24622 dmu_assign_arcbuf 2 24622 NULL ++zap_lookup_norm_25166 zap_lookup_norm 9 25166 NULL ++dmu_prealloc_25456 dmu_prealloc 4-3 25456 NULL ++kmalloc_nofail_26347 kmalloc_nofail 1 26347 NULL ++zfsctl_snapshot_zpath_27578 zfsctl_snapshot_zpath 2 27578 NULL ++zpios_dmu_read_30015 zpios_dmu_read 4-5 30015 NULL ++splat_write_30943 splat_write 3 30943 NULL ++zpl_xattr_get_sa_31183 zpl_xattr_get_sa 0 31183 NULL ++dmu_read_uio_31467 dmu_read_uio 4 31467 NULL ++zfs_replay_fuids_31479 zfs_replay_fuids 4 31479 NULL ++spa_history_log_to_phys_31632 spa_history_log_to_phys 0-1 31632 NULL ++__zpl_xattr_get_32601 __zpl_xattr_get 0 32601 NULL ++proc_copyout_string_34049 proc_copyout_string 2 34049 NULL ++nv_alloc_sleep_spl_34544 nv_alloc_sleep_spl 2 34544 NULL ++nv_alloc_nosleep_spl_34761 nv_alloc_nosleep_spl 2 34761 NULL ++zap_leaf_array_match_36922 zap_leaf_array_match 4 36922 NULL ++copyinstr_36980 copyinstr 3 36980 NULL ++zpl_xattr_acl_set_default_37864 zpl_xattr_acl_set_default 4 37864 NULL ++splat_read_38116 splat_read 3 38116 NULL ++sa_setup_38756 sa_setup 4 38756 NULL ++vdev_disk_physio_39898 vdev_disk_physio 3 39898 NULL ++arc_buf_size_39982 arc_buf_size 0 39982 NULL ++kzalloc_nofail_40719 kzalloc_nofail 1 40719 NULL ++fuidstr_to_sid_40777 fuidstr_to_sid 4 40777 NULL ++vdev_raidz_matrix_reconstruct_40852 vdev_raidz_matrix_reconstruct 2-3 40852 NULL ++sa_find_layout_40892 sa_find_layout 4 40892 NULL ++zpl_xattr_get_dir_41918 zpl_xattr_get_dir 0 41918 NULL ++zpl_xattr_acl_set_42808 zpl_xattr_acl_set 4 42808 NULL ++xdr_dec_array_43091 xdr_dec_array 5 43091 NULL ++dsl_dataset_namelen_43136 dsl_dataset_namelen 0 43136 NULL ++uiomove_44355 uiomove 2 44355 NULL ++dmu_read_44418 dmu_read 4-3 44418 NULL ++ddi_copyin_44846 ddi_copyin 3 44846 NULL ++copyin_45945 copyin 3 45945 NULL ++zil_itx_create_46555 zil_itx_create 2 46555 NULL ++dmu_write_uio_dbuf_48064 dmu_write_uio_dbuf 3 48064 NULL ++spa_history_write_49650 spa_history_write 3 49650 NULL ++zfs_log_write_50162 zfs_log_write 6-5 50162 NULL ++i_fm_alloc_51038 i_fm_alloc 2 51038 NULL ++copyout_51409 copyout 3 51409 NULL ++zvol_log_write_54898 zvol_log_write 4-3 54898 NULL ++zfs_acl_node_alloc_55641 zfs_acl_node_alloc 1 55641 NULL ++get_nvlist_56685 get_nvlist 2 56685 NULL ++zprop_get_numprops_56820 zprop_get_numprops 0 56820 NULL ++splat_taskq_test4_common_59829 splat_taskq_test4_common 5 59829 NULL ++zfs_replay_domain_cnt_61399 zfs_replay_domain_cnt 0 61399 NULL ++zpios_write_61823 zpios_write 3 61823 NULL ++proc_copyin_string_62019 proc_copyin_string 4 62019 NULL ++random_get_pseudo_bytes_64611 random_get_pseudo_bytes 2 64611 NULL ++zpios_read_64734 zpios_read 3 64734 NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..fa0524c +index 0000000..0a9dd22 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,4101 @@ +@@ -0,0 +1,4110 @@ +/* + * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -114201,7 +114498,7 @@ index 0000000..fa0524c +int plugin_is_GPL_compatible; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20140317", ++ .version = "20140402", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -114229,6 +114526,7 @@ index 0000000..fa0524c +}; + +#include "size_overflow_hash.h" ++#include "size_overflow_hash_aux.h" + +enum mark { + MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF @@ -114620,6 +114918,16 @@ index 0000000..fa0524c + set_node_codes(TREE_VALUE(arg), fn_hash_data); +} + ++static const struct size_overflow_hash *get_proper_hash_chain(const struct size_overflow_hash *entry, const char *func_name) ++{ ++ while (entry) { ++ if (!strcmp(entry->name, func_name)) ++ return entry; ++ entry = entry->next; ++ } ++ return NULL; ++} ++ +static const struct size_overflow_hash *get_function_hash(const_tree fndecl) +{ + const struct size_overflow_hash *entry; @@ -114640,13 +114948,11 @@ index 0000000..fa0524c + set_hash(func_name, &fn_hash_data); + + entry = size_overflow_hash[fn_hash_data.hash]; -+ -+ while (entry) { -+ if (!strcmp(entry->name, func_name)) -+ return entry; -+ entry = entry->next; -+ } -+ return NULL; ++ entry = get_proper_hash_chain(entry, func_name); ++ if (entry) ++ return entry; ++ entry = size_overflow_hash_aux[fn_hash_data.hash]; ++ return get_proper_hash_chain(entry, func_name); +} + +static void print_missing_msg(const_tree func, unsigned int argnum) @@ -118975,6 +119281,19 @@ index b003ad7..c0a02f8 100644 +#endif + #endif +diff --git a/virt/kvm/ioapic.c b/virt/kvm/ioapic.c +index 2d68297..39dc5bc 100644 +--- a/virt/kvm/ioapic.c ++++ b/virt/kvm/ioapic.c +@@ -306,7 +306,7 @@ static int ioapic_deliver(struct kvm_ioapic *ioapic, int irq, bool line_status) + BUG_ON(ioapic->rtc_status.pending_eoi != 0); + ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, + ioapic->rtc_status.dest_map); +- ioapic->rtc_status.pending_eoi = ret; ++ ioapic->rtc_status.pending_eoi = (ret < 0 ? 0 : ret); + } else + ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, NULL); + diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 4f588bc..a543c97 100644 --- a/virt/kvm/kvm_main.c |