diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-01-22 14:06:18 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-01-22 14:06:18 +0000 |
commit | 89f3ffa762b6e2612964336dd98ff7716280b2fb (patch) | |
tree | 2b727dbe3321f4b072c9dcee302a7f5442114474 | |
parent | 3317df2fee671d71e4507ea0a0b656000f833835 (diff) | |
download | aports-89f3ffa762b6e2612964336dd98ff7716280b2fb.tar.bz2 aports-89f3ffa762b6e2612964336dd98ff7716280b2fb.tar.xz |
main/linux-grsec: upgrade to 3.4.27 kernel
-rw-r--r-- | main/linux-grsec/0001-r8169-avoid-NAPI-scheduling-delay.patch | 52 | ||||
-rw-r--r-- | main/linux-grsec/0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch | 58 | ||||
-rw-r--r-- | main/linux-grsec/APKBUILD | 12 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.4.27-0.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.4.24-0.patch) | 355 | ||||
-rw-r--r-- | main/linux-grsec/xsa40.patch | 56 |
5 files changed, 235 insertions, 298 deletions
diff --git a/main/linux-grsec/0001-r8169-avoid-NAPI-scheduling-delay.patch b/main/linux-grsec/0001-r8169-avoid-NAPI-scheduling-delay.patch deleted file mode 100644 index a06c4c03f1..0000000000 --- a/main/linux-grsec/0001-r8169-avoid-NAPI-scheduling-delay.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 7dbb491878a2c51d372a8890fa45a8ff80358af1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?fran=C3=A7ois=20romieu?= <romieu@fr.zoreil.com> -Date: Sat, 9 Jun 2012 10:53:16 +0000 -Subject: [PATCH] r8169: avoid NAPI scheduling delay. - -While reworking the r8169 driver a few months ago to perform the -smallest amount of work in the irq handler, I took care of avoiding -any irq mask register operation in the slow work dedicated user -context thread. The slow work thread scheduled an extra round of NAPI -work which would ultimately set the irq mask register as required, -thus keeping such irq mask operations in the NAPI handler. -It would eventually race with the irq handler and delay NAPI execution -for - assuming no further irq - a whole ksoftirqd period. Mildly a -problem for rare link changes or corner case PCI events. - -The race was always lost after the last bh disabling lock had been -removed from the work thread and people started wondering where those -pesky "NOHZ: local_softirq_pending 08" messages came from. - -Actually the irq mask register _can_ be set up directly in the slow -work thread. - -Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> -Reported-by: Dave Jones <davej@redhat.com> -Tested-by: Marc Dionne <marc.c.dionne@gmail.com> -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Hayes Wang <hayeswang@realtek.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - drivers/net/ethernet/realtek/r8169.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 9757ce3..7260aa7 100644 ---- a/drivers/net/ethernet/realtek/r8169.c -+++ b/drivers/net/ethernet/realtek/r8169.c -@@ -5889,11 +5889,7 @@ static void rtl_slow_event_work(struct rtl8169_private *tp) - if (status & LinkChg) - __rtl8169_check_link_status(dev, tp, tp->mmio_addr, true); - -- napi_disable(&tp->napi); -- rtl_irq_disable(tp); -- -- napi_enable(&tp->napi); -- napi_schedule(&tp->napi); -+ rtl_irq_enable_all(tp); - } - - static void rtl_task(struct work_struct *work) --- -1.8.1 - diff --git a/main/linux-grsec/0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch b/main/linux-grsec/0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch new file mode 100644 index 0000000000..dc7e84df4e --- /dev/null +++ b/main/linux-grsec/0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch @@ -0,0 +1,58 @@ +From f5829ee75361832b9b52e7230f57ecadc1db0125 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Tue, 22 Jan 2013 10:39:08 +0200 +Subject: [PATCH] r8169: remove the obsolete and incorrect AMD workaround +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This was introduced in commit 6dccd16 "r8169: merge with version +6.001.00 of Realtek's r8169 driver". I did not find the version +6.001.00 online, but in 6.002.00 or any later r8169 from Realtek +this hunk is no longer present. + +Also commit 05af214 "r8169: fix Ethernet Hangup for RTL8110SC +rev d" claims to have fixed this issue otherwise. + +The magic compare mask of 0xfffe000 is dubious as it masks +parts of the Reserved part, and parts of the VLAN tag. But this +does not make much sense as the VLAN tag parts are perfectly +valid there. In matter of fact this seems to be triggered with +any VLAN tagged packet as RxVlanTag bit is matched. I would +suspect 0xfffe0000 was intended to test reserved part only. + +Finally, this hunk is evil as it can cause more packets to be +handled than what was NAPI quota causing net/core/dev.c: +net_rx_action(): WARN_ON_ONCE(work > weight) to trigger, and +mess up the NAPI state causing device to hang. + +As result, any system using VLANs and having high receive +traffic (so that NAPI poll budget limits rtl_rx) would result +in device hang. + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +--- + drivers/net/ethernet/realtek/r8169.c | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c +index 9cc0215..3fbb0ca 100644 +--- a/drivers/net/ethernet/realtek/r8169.c ++++ b/drivers/net/ethernet/realtek/r8169.c +@@ -5450,13 +5450,6 @@ process_pkt: + tp->rx_stats.bytes += pkt_size; + u64_stats_update_end(&tp->rx_stats.syncp); + } +- +- /* Work around for AMD plateform. */ +- if ((desc->opts2 & cpu_to_le32(0xfffe000)) && +- (tp->mac_version == RTL_GIGA_MAC_VER_05)) { +- desc->opts2 = 0; +- cur_rx++; +- } + } + + count = cur_rx - tp->cur_rx; +-- +1.8.1.1 + diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index f796f5fa81..9a9580ada4 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.4.24 +pkgver=3.4.27 _kernver=3.4 pkgrel=3 pkgdesc="Linux kernel with grsecurity" @@ -20,9 +20,8 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch intel_idle.patch - 0001-r8169-avoid-NAPI-scheduling-delay.patch r8169-num-rx-desc.patch - xsa40.patch + 0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch kernelconfig.x86 kernelconfig.x86_64 @@ -145,13 +144,12 @@ dev() { } md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz -429bd5732ce4511fde2706e359cd4c9c patch-3.4.24.xz -f23a2fcf6562f3219e43385c787cff23 grsecurity-2.9.1-3.4.24-0.patch +7ce968758159f77ce96a11aea20c6cf7 patch-3.4.27.xz +39f631bed428b974f72576e77c4832af grsecurity-2.9.1-3.4.27-0.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch cb6fcd6e966e73c87a839c4c0183f81f 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch d2f7ba780ff7567c21381428264d7fdd intel_idle.patch -8e5611c6bf3dfb0008d4e58051a8b0ff 0001-r8169-avoid-NAPI-scheduling-delay.patch daf2cbb558588c49c138fe9ca2482b64 r8169-num-rx-desc.patch -d9de28f8a74fe0347866705b4bd6db85 xsa40.patch +63468b44e34fa19237e0a2a1f6737b14 0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch 50a13359236dbd676fa355f0b4fd27ff kernelconfig.x86 c402f52babc729d1280c1677075aa0d7 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.4.24-0.patch b/main/linux-grsec/grsecurity-2.9.1-3.4.27-0.patch index 66fffd1aad..272540aaab 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.4.24-0.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.4.27-0.patch @@ -269,7 +269,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index a3e12e6..1825c04 100644 +index f139ce7..1d2319f 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3015,10 +3015,10 @@ index ff44823..97f8906 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index e9a5fd7..378809a 100644 +index 69b17a9..9db82f9 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -480,15 +480,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -478,15 +478,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -14256,10 +14256,10 @@ index 6ab6aa2..8f71507 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o sched.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 146bb62..ac9c74a 100644 +index a9c8a46..c7d3c55 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -691,7 +691,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -719,7 +719,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -15077,7 +15077,7 @@ index 9b9f18b..9fcaa04 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 6d4f7ba..437381b 100644 +index 2af4ccd..e8f893a 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -179,13 +179,146 @@ @@ -15734,7 +15734,7 @@ index 6d4f7ba..437381b 100644 /* * End of kprobes section */ -@@ -1114,7 +1361,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1113,7 +1360,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, ENTRY(mcount) ret @@ -15743,7 +15743,7 @@ index 6d4f7ba..437381b 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1143,7 +1390,7 @@ ftrace_graph_call: +@@ -1142,7 +1389,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -15752,7 +15752,7 @@ index 6d4f7ba..437381b 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -1179,7 +1426,7 @@ trace: +@@ -1178,7 +1425,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -15761,7 +15761,7 @@ index 6d4f7ba..437381b 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1200,7 +1447,7 @@ ENTRY(ftrace_graph_caller) +@@ -1199,7 +1446,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -15770,7 +15770,7 @@ index 6d4f7ba..437381b 100644 .globl return_to_handler return_to_handler: -@@ -1255,15 +1502,18 @@ error_code: +@@ -1254,15 +1501,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -15791,7 +15791,7 @@ index 6d4f7ba..437381b 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1305,7 +1555,7 @@ debug_stack_correct: +@@ -1304,7 +1554,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -15800,7 +15800,7 @@ index 6d4f7ba..437381b 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1342,6 +1592,9 @@ nmi_stack_correct: +@@ -1341,6 +1591,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -15810,7 +15810,7 @@ index 6d4f7ba..437381b 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1378,12 +1631,15 @@ nmi_espfix_stack: +@@ -1377,12 +1630,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -15827,7 +15827,7 @@ index 6d4f7ba..437381b 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1395,14 +1651,14 @@ ENTRY(int3) +@@ -1394,14 +1650,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -15844,7 +15844,7 @@ index 6d4f7ba..437381b 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1410,7 +1666,7 @@ ENTRY(async_page_fault) +@@ -1409,7 +1665,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -19307,7 +19307,7 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index ae98dbb..9f69d99 100644 +index d289ee7..f8fe68a 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -447,7 +447,7 @@ static void __init parse_setup_data(void) @@ -19319,16 +19319,16 @@ index ae98dbb..9f69d99 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -639,7 +639,7 @@ static void __init trim_bios_range(void) +@@ -714,7 +714,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ - e820_remove_range(BIOS_BEGIN, BIOS_END - BIOS_BEGIN, E820_RAM, 1); + e820_remove_range(ISA_START_ADDRESS, ISA_END_ADDRESS - ISA_START_ADDRESS, E820_RAM, 1); + sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } - -@@ -763,14 +763,14 @@ void __init setup_arch(char **cmdline_p) +@@ -839,14 +839,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -28060,10 +28060,10 @@ index 4a2c131..5a69017 100644 /* * Buggy BIOS check diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index cf4837f..37996a1 100644 +index 4b4caa3..4a03455 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4743,7 +4743,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4744,7 +4744,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -28072,7 +28072,7 @@ index cf4837f..37996a1 100644 ap = qc->ap; qc->flags = 0; -@@ -4759,7 +4759,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4760,7 +4760,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -28081,7 +28081,7 @@ index cf4837f..37996a1 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5823,6 +5823,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5824,6 +5824,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -28089,7 +28089,7 @@ index cf4837f..37996a1 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5836,8 +5837,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5837,8 +5838,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -29005,7 +29005,7 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 9851093..adb2b1e 100644 +index 1853a45..cf2426d 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) @@ -29017,7 +29017,7 @@ index 9851093..adb2b1e 100644 break; case PKT_STATUS: -@@ -1009,7 +1009,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1010,7 +1010,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { @@ -30752,7 +30752,7 @@ index ba60f3c..e2dff7f 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 5fabc6c..0b08aa1 100644 +index 45c5cf8..15f4a12 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h @@ -240,7 +240,7 @@ struct drm_i915_display_funcs { @@ -30764,7 +30764,7 @@ index 5fabc6c..0b08aa1 100644 struct intel_device_info { u8 gen; -@@ -350,7 +350,7 @@ typedef struct drm_i915_private { +@@ -351,7 +351,7 @@ typedef struct drm_i915_private { int current_page; int page_flipping; @@ -30773,7 +30773,7 @@ index 5fabc6c..0b08aa1 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -937,7 +937,7 @@ struct drm_i915_gem_object { +@@ -940,7 +940,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ @@ -30782,7 +30782,7 @@ index 5fabc6c..0b08aa1 100644 }; #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1359,7 +1359,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); +@@ -1364,7 +1364,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); extern void intel_teardown_gmbus(struct drm_device *dev); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -30817,7 +30817,7 @@ index de43194..a14c4cc 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 26c67a7..8d4cbcb 100644 +index 8bca2d2..dd597bd 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -496,7 +496,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) @@ -30866,10 +30866,10 @@ index 26c67a7..8d4cbcb 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index dd3e7e4..85fbec5 100644 +index 8e95c94..9aa605a 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2254,7 +2254,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) +@@ -2272,7 +2272,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -30878,28 +30878,17 @@ index dd3e7e4..85fbec5 100644 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -2919,7 +2919,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) - obj = to_intel_framebuffer(crtc->fb)->obj; - dev_priv = crtc->dev->dev_private; - wait_event(dev_priv->pending_flip_queue, -- atomic_read(&obj->pending_flip) == 0); -+ atomic_read_unchecked(&obj->pending_flip) == 0); - } - - static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -7284,9 +7284,8 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -7277,8 +7277,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, obj = work->old_fb_obj; - atomic_clear_mask(1 << intel_crtc->plane, - &obj->pending_flip.counter); -- if (atomic_read(&obj->pending_flip) == 0) + atomic_clear_mask_unchecked(1 << intel_crtc->plane, &obj->pending_flip); -+ if (atomic_read_unchecked(&obj->pending_flip) == 0) - wake_up(&dev_priv->pending_flip_queue); + wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7582,7 +7581,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7611,7 +7610,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -30908,7 +30897,7 @@ index dd3e7e4..85fbec5 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7596,7 +7595,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7625,7 +7624,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: @@ -31605,10 +31594,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 41d4437..631c2e5 100644 +index 1a92a27..8d93eb7 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2073,7 +2073,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2074,7 +2074,7 @@ static bool hid_ignore(struct hid_device *hdev) int hid_add_device(struct hid_device *hdev) { @@ -31617,7 +31606,7 @@ index 41d4437..631c2e5 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2088,7 +2088,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2089,7 +2089,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -32668,7 +32657,7 @@ index 7140199..da60063 100644 /* Free the control structures */ diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h -index c438e46..ca30356 100644 +index 3f41d9f..69cfea7 100644 --- a/drivers/infiniband/hw/nes/nes.h +++ b/drivers/infiniband/hw/nes/nes.h @@ -178,17 +178,17 @@ extern unsigned int nes_debug_level; @@ -33024,7 +33013,7 @@ index f3a3ecf..57d311d 100644 /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index 8b8812d..a5e1133 100644 +index da84ea3..f159bbe 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -33049,7 +33038,7 @@ index 8b8812d..a5e1133 100644 switch (init_attr->qp_type) { case IB_QPT_RC: if (nes_drv_opt & NES_DRV_OPT_NO_INLINE_DATA) { -@@ -1460,7 +1460,7 @@ static int nes_destroy_qp(struct ib_qp *ibqp) +@@ -1462,7 +1462,7 @@ static int nes_destroy_qp(struct ib_qp *ibqp) struct iw_cm_event cm_event; int ret = 0; @@ -33462,10 +33451,10 @@ index 17e2b47..bcbeec4 100644 seq_printf(seq, "\n"); diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index a1a3e6d..1918bfc 100644 +index f011d4b..3888bd4 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c -@@ -1590,7 +1590,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) +@@ -1598,7 +1598,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) cmd == DM_LIST_VERSIONS_CMD) return 0; @@ -34794,10 +34783,10 @@ index b94d5f7..7f494c5 100644 extern int xpc_disengage_timedout; extern int xpc_activate_IRQ_rcvd; diff --git a/drivers/misc/sgi-xp/xpc_main.c b/drivers/misc/sgi-xp/xpc_main.c -index 8d082b4..aa749ae 100644 +index d971817..3805cce 100644 --- a/drivers/misc/sgi-xp/xpc_main.c +++ b/drivers/misc/sgi-xp/xpc_main.c -@@ -162,7 +162,7 @@ static struct notifier_block xpc_die_notifier = { +@@ -166,7 +166,7 @@ static struct notifier_block xpc_die_notifier = { .notifier_call = xpc_system_die, }; @@ -35365,7 +35354,7 @@ index 4a518a3..936b334 100644 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 0dc70c2..9cc0215 100644 +index 06ee243..6f4b6b4 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -710,17 +710,17 @@ struct rtl8169_private { @@ -37546,10 +37535,10 @@ index 2bc0362..a858ebe 100644 disposition = scsi_decide_disposition(cmd); if (disposition != SUCCESS && diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c -index 08d48a3..2be990d 100644 +index 72ca515..708d627 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c -@@ -660,7 +660,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ +@@ -657,7 +657,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ char *buf) \ { \ struct scsi_device *sdev = to_scsi_device(dev); \ @@ -37994,10 +37983,10 @@ index 4a5c6d7..5ad76fe 100644 (cmd->transport_state & CMD_T_STOP) != 0, (cmd->transport_state & CMD_T_SENT) != 0); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 69f3f7d..8d190b5 100644 +index f687892..9acf944 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1355,7 +1355,7 @@ struct se_device *transport_add_device_to_core_hba( +@@ -1356,7 +1356,7 @@ struct se_device *transport_add_device_to_core_hba( spin_lock_init(&dev->se_port_lock); spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); @@ -38006,7 +37995,7 @@ index 69f3f7d..8d190b5 100644 se_dev_set_default_attribs(dev, dev_limits); -@@ -1542,7 +1542,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1543,7 +1543,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -38015,7 +38004,7 @@ index 69f3f7d..8d190b5 100644 smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, -@@ -1955,7 +1955,7 @@ void transport_generic_request_failure(struct se_cmd *cmd) +@@ -1958,7 +1958,7 @@ void transport_generic_request_failure(struct se_cmd *cmd) " CMD_T_ACTIVE: %d CMD_T_STOP: %d CMD_T_SENT: %d\n", cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -38024,7 +38013,7 @@ index 69f3f7d..8d190b5 100644 atomic_read(&cmd->t_task_cdbs_ex_left), (cmd->transport_state & CMD_T_ACTIVE) != 0, (cmd->transport_state & CMD_T_STOP) != 0, -@@ -2216,9 +2216,9 @@ check_depth: +@@ -2219,9 +2219,9 @@ check_depth: cmd = task->task_se_cmd; spin_lock_irqsave(&cmd->t_state_lock, flags); task->task_flags |= (TF_ACTIVE | TF_SENT); @@ -44120,7 +44109,7 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 6c4791d..2ae58c1 100644 +index 51d8629..d99eb7d 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,6 +55,15 @@ @@ -44390,7 +44379,7 @@ index 6c4791d..2ae58c1 100644 set_fs(old_fs); return result; } -@@ -1255,7 +1294,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1270,7 +1309,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -44399,7 +44388,7 @@ index 6c4791d..2ae58c1 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1452,6 +1491,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1467,6 +1506,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -44428,7 +44417,7 @@ index 6c4791d..2ae58c1 100644 /* * sys_execve() executes a new program. */ -@@ -1460,6 +1521,11 @@ static int do_execve_common(const char *filename, +@@ -1475,6 +1536,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -44440,7 +44429,7 @@ index 6c4791d..2ae58c1 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1467,6 +1533,8 @@ static int do_execve_common(const char *filename, +@@ -1482,6 +1548,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -44449,7 +44438,7 @@ index 6c4791d..2ae58c1 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1507,12 +1575,27 @@ static int do_execve_common(const char *filename, +@@ -1522,12 +1590,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -44477,7 +44466,7 @@ index 6c4791d..2ae58c1 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1529,24 +1612,65 @@ static int do_execve_common(const char *filename, +@@ -1544,24 +1627,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -44547,7 +44536,7 @@ index 6c4791d..2ae58c1 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1555,6 +1679,14 @@ static int do_execve_common(const char *filename, +@@ -1570,6 +1694,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -44562,7 +44551,7 @@ index 6c4791d..2ae58c1 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1628,7 +1760,7 @@ static int expand_corename(struct core_name *cn) +@@ -1643,7 +1775,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -44571,7 +44560,7 @@ index 6c4791d..2ae58c1 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1725,7 +1857,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1740,7 +1872,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -44580,7 +44569,7 @@ index 6c4791d..2ae58c1 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1822,6 +1954,250 @@ out: +@@ -1837,6 +1969,250 @@ out: return ispipe; } @@ -44831,7 +44820,7 @@ index 6c4791d..2ae58c1 100644 static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -1981,17 +2357,17 @@ static void coredump_finish(struct mm_struct *mm) +@@ -1996,17 +2372,17 @@ static void coredump_finish(struct mm_struct *mm) void set_dumpable(struct mm_struct *mm, int value) { switch (value) { @@ -44852,7 +44841,7 @@ index 6c4791d..2ae58c1 100644 set_bit(MMF_DUMP_SECURELY, &mm->flags); smp_wmb(); set_bit(MMF_DUMPABLE, &mm->flags); -@@ -2004,7 +2380,7 @@ static int __get_dumpable(unsigned long mm_flags) +@@ -2019,7 +2395,7 @@ static int __get_dumpable(unsigned long mm_flags) int ret; ret = mm_flags & MMF_DUMPABLE_MASK; @@ -44861,7 +44850,7 @@ index 6c4791d..2ae58c1 100644 } int get_dumpable(struct mm_struct *mm) -@@ -2019,17 +2395,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2034,17 +2410,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -44884,7 +44873,7 @@ index 6c4791d..2ae58c1 100644 pipe_unlock(pipe); } -@@ -2090,7 +2466,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2105,7 +2481,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -44894,7 +44883,7 @@ index 6c4791d..2ae58c1 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2105,6 +2482,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2120,6 +2497,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -44904,7 +44893,7 @@ index 6c4791d..2ae58c1 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2115,14 +2495,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2130,14 +2510,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) if (!cred) goto fail; /* @@ -44925,7 +44914,7 @@ index 6c4791d..2ae58c1 100644 } retval = coredump_wait(exit_code, &core_state); -@@ -2172,7 +2554,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2187,7 +2569,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -44934,7 +44923,7 @@ index 6c4791d..2ae58c1 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2199,9 +2581,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2214,9 +2596,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -44954,7 +44943,7 @@ index 6c4791d..2ae58c1 100644 cprm.file = filp_open(cn.corename, O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, 0600); -@@ -2242,7 +2634,7 @@ close_fail: +@@ -2257,7 +2649,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -44963,7 +44952,7 @@ index 6c4791d..2ae58c1 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2261,7 +2653,7 @@ fail: +@@ -2276,7 +2668,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -47581,7 +47570,7 @@ index edf4119..88dc13c 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index 5686661..80a9a3a 100644 +index f031601..ec57a19 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -933,7 +933,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, @@ -47602,7 +47591,7 @@ index 5686661..80a9a3a 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1573,7 +1573,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1579,7 +1579,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -49692,7 +49681,7 @@ index 0cbd049..64e705c 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index 5cac690..f833a99 100644 +index bed6a3c..94272e0 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -49743,7 +49732,7 @@ index 5cac690..f833a99 100644 vec[i].iov_len = this_len; spd.pages[i] = page; spd.nr_pages++; -@@ -849,10 +849,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); +@@ -851,10 +851,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) { while (!pipe->nrbufs) { @@ -49756,7 +49745,7 @@ index 5cac690..f833a99 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1185,7 +1185,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1187,7 +1187,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -49765,7 +49754,7 @@ index 5cac690..f833a99 100644 current->splice_pipe = pipe; } -@@ -1738,9 +1738,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1740,9 +1740,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -49777,7 +49766,7 @@ index 5cac690..f833a99 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1772,7 +1772,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1774,7 +1774,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -49786,7 +49775,7 @@ index 5cac690..f833a99 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1785,9 +1785,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1787,9 +1787,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -49798,7 +49787,7 @@ index 5cac690..f833a99 100644 } pipe_unlock(pipe); -@@ -1823,14 +1823,14 @@ retry: +@@ -1825,14 +1825,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -49815,7 +49804,7 @@ index 5cac690..f833a99 100644 break; /* -@@ -1927,7 +1927,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1929,7 +1929,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -49824,7 +49813,7 @@ index 5cac690..f833a99 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1972,7 +1972,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1974,7 +1974,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -60600,7 +60589,7 @@ index 06fd4bb..1caec0d 100644 #undef __HANDLE_ITEM }; diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index 366422b..1fa7f84 100644 +index eb53e15..660c63b 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -89,6 +89,7 @@ struct linux_binfmt { @@ -64900,10 +64889,10 @@ index 5878118..f40622b 100644 static inline struct page *sk_stream_alloc_page(struct sock *sk) { diff --git a/include/net/tcp.h b/include/net/tcp.h -index f75a04d..e8f5101 100644 +index 2757a11..39b0464 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -478,7 +478,7 @@ extern void tcp_retransmit_timer(struct sock *sk); +@@ -479,7 +479,7 @@ extern void tcp_retransmit_timer(struct sock *sk); extern void tcp_xmit_retransmit_queue(struct sock *); extern void tcp_simple_retransmit(struct sock *); extern int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -64912,7 +64901,7 @@ index f75a04d..e8f5101 100644 extern void tcp_send_probe0(struct sock *); extern void tcp_send_partial(struct sock *); -@@ -641,8 +641,8 @@ struct tcp_skb_cb { +@@ -642,8 +642,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -64923,7 +64912,7 @@ index f75a04d..e8f5101 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ __u8 sacked; /* State flags for SACK/FACK. */ -@@ -655,7 +655,7 @@ struct tcp_skb_cb { +@@ -656,7 +656,7 @@ struct tcp_skb_cb { #define TCPCB_EVER_RETRANS 0x80 /* Ever retransmitted frame */ #define TCPCB_RETRANS (TCPCB_SACKED_RETRANS|TCPCB_EVER_RETRANS) @@ -64932,7 +64921,7 @@ index f75a04d..e8f5101 100644 }; #define TCP_SKB_CB(__skb) ((struct tcp_skb_cb *)&((__skb)->cb[0])) -@@ -1425,7 +1425,7 @@ struct tcp_seq_afinfo { +@@ -1426,7 +1426,7 @@ struct tcp_seq_afinfo { char *name; sa_family_t family; const struct file_operations *seq_fops; @@ -65131,7 +65120,7 @@ index 4119966..1a4671c 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 3ad5b33..1fa86f4 100644 +index 569c282..d92c717 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h @@ -448,7 +448,7 @@ struct t10_reservation_ops { @@ -65152,7 +65141,7 @@ index 3ad5b33..1fa86f4 100644 unsigned int transport_state; #define CMD_T_ABORTED (1 << 0) #define CMD_T_ACTIVE (1 << 1) -@@ -803,7 +803,7 @@ struct se_device { +@@ -805,7 +805,7 @@ struct se_device { spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; @@ -70385,7 +70374,7 @@ index 100b7fd..0d26b2f 100644 struct ftrace_func_probe *entry; struct ftrace_page *pg; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index cf8d11e..a0e2ba8 100644 +index 2866783..4cc30cf 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -344,9 +344,9 @@ struct buffer_data_page { @@ -70568,7 +70557,7 @@ index cf8d11e..a0e2ba8 100644 } /** -@@ -2782,7 +2782,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -2783,7 +2783,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -70577,7 +70566,7 @@ index cf8d11e..a0e2ba8 100644 return ret; } -@@ -2803,7 +2803,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -2804,7 +2804,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -70586,7 +70575,7 @@ index cf8d11e..a0e2ba8 100644 return ret; } -@@ -2848,7 +2848,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -2849,7 +2849,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -70595,7 +70584,7 @@ index cf8d11e..a0e2ba8 100644 } return overruns; -@@ -3020,8 +3020,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3021,8 +3021,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -70606,7 +70595,7 @@ index cf8d11e..a0e2ba8 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3053,7 +3053,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3056,7 +3056,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -70615,7 +70604,7 @@ index cf8d11e..a0e2ba8 100644 /* * Here's the tricky part. -@@ -3601,8 +3601,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3604,8 +3604,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -70626,7 +70615,7 @@ index cf8d11e..a0e2ba8 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -3611,14 +3611,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3614,14 +3614,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->commit_page = cpu_buffer->head_page; INIT_LIST_HEAD(&cpu_buffer->reader_page->list); @@ -70645,7 +70634,7 @@ index cf8d11e..a0e2ba8 100644 local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); local_set(&cpu_buffer->commits, 0); -@@ -4016,8 +4016,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4019,8 +4019,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -71344,7 +71333,7 @@ index 57d82c6..e9e0552 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index f0e5306..cb9398e 100644 +index caf15b6..5bdade4 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -733,7 +733,7 @@ out: @@ -71662,10 +71651,10 @@ index d86fb20..f7698e8 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 6105f47..3363489 100644 +index 2f42aab..1200730 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -434,8 +434,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -439,8 +439,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, return; pmd = pmd_offset(pud, start); @@ -71678,7 +71667,7 @@ index 6105f47..3363489 100644 } static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, -@@ -466,9 +470,12 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -471,9 +475,12 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, if (end - 1 > ceiling - 1) return; @@ -71691,7 +71680,7 @@ index 6105f47..3363489 100644 } /* -@@ -1597,12 +1604,6 @@ no_page_table: +@@ -1602,12 +1609,6 @@ no_page_table: return page; } @@ -71704,7 +71693,7 @@ index 6105f47..3363489 100644 /** * __get_user_pages() - pin user pages in memory * @tsk: task_struct of target task -@@ -1675,10 +1676,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1680,10 +1681,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); i = 0; @@ -71717,7 +71706,7 @@ index 6105f47..3363489 100644 if (!vma && in_gate_area(mm, start)) { unsigned long pg = start & PAGE_MASK; pgd_t *pgd; -@@ -1726,7 +1727,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1731,7 +1732,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, goto next_page; } @@ -71726,7 +71715,7 @@ index 6105f47..3363489 100644 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1753,11 +1754,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1758,11 +1759,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, int ret; unsigned int fault_flags = 0; @@ -71738,7 +71727,7 @@ index 6105f47..3363489 100644 if (foll_flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (nonblocking) -@@ -1831,7 +1827,7 @@ next_page: +@@ -1836,7 +1832,7 @@ next_page: start += PAGE_SIZE; nr_pages--; } while (nr_pages && start < vma->vm_end); @@ -71747,7 +71736,7 @@ index 6105f47..3363489 100644 return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -2038,6 +2034,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2043,6 +2039,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -71758,7 +71747,7 @@ index 6105f47..3363489 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2072,10 +2072,22 @@ out: +@@ -2077,10 +2077,22 @@ out: int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, struct page *page) { @@ -71781,7 +71770,7 @@ index 6105f47..3363489 100644 vma->vm_flags |= VM_INSERTPAGE; return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2161,6 +2173,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -2166,6 +2178,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -71789,7 +71778,7 @@ index 6105f47..3363489 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2368,7 +2381,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -2373,7 +2386,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -71800,7 +71789,7 @@ index 6105f47..3363489 100644 if (!pmd) return -ENOMEM; do { -@@ -2388,7 +2403,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -2393,7 +2408,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -71811,7 +71800,7 @@ index 6105f47..3363489 100644 if (!pud) return -ENOMEM; do { -@@ -2476,6 +2493,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2481,6 +2498,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -71998,7 +71987,7 @@ index 6105f47..3363489 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2687,6 +2884,12 @@ gotten: +@@ -2692,6 +2889,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -72011,7 +72000,7 @@ index 6105f47..3363489 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2738,6 +2941,10 @@ gotten: +@@ -2743,6 +2946,10 @@ gotten: page_remove_rmap(old_page); } @@ -72022,7 +72011,7 @@ index 6105f47..3363489 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3017,6 +3224,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3022,6 +3229,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -72034,7 +72023,7 @@ index 6105f47..3363489 100644 unlock_page(page); if (swapcache) { /* -@@ -3040,6 +3252,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3045,6 +3257,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -72046,7 +72035,7 @@ index 6105f47..3363489 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3059,40 +3276,6 @@ out_release: +@@ -3064,40 +3281,6 @@ out_release: } /* @@ -72087,7 +72076,7 @@ index 6105f47..3363489 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3101,27 +3284,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3106,27 +3289,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -72120,7 +72109,7 @@ index 6105f47..3363489 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3140,6 +3319,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3145,6 +3324,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -72132,7 +72121,7 @@ index 6105f47..3363489 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3147,6 +3331,12 @@ setpte: +@@ -3152,6 +3336,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -72145,7 +72134,7 @@ index 6105f47..3363489 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3290,6 +3480,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3295,6 +3485,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -72158,7 +72147,7 @@ index 6105f47..3363489 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3309,6 +3505,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3314,6 +3510,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -72173,7 +72162,7 @@ index 6105f47..3363489 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3462,6 +3666,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3467,6 +3671,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -72186,7 +72175,7 @@ index 6105f47..3363489 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3478,6 +3688,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3483,6 +3693,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -72197,7 +72186,7 @@ index 6105f47..3363489 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3489,6 +3703,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3494,6 +3708,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -72229,10 +72218,10 @@ index 6105f47..3363489 100644 + } +#endif + + retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); - if (!pud) -@@ -3518,7 +3760,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3535,7 +3777,7 @@ retry: * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -72241,7 +72230,7 @@ index 6105f47..3363489 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3555,6 +3797,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3572,6 +3814,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -72265,7 +72254,7 @@ index 6105f47..3363489 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3585,6 +3844,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3602,6 +3861,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -72296,7 +72285,7 @@ index 6105f47..3363489 100644 #endif /* __PAGETABLE_PMD_FOLDED */ int make_pages_present(unsigned long addr, unsigned long end) -@@ -3622,7 +3905,7 @@ static int __init gate_vma_init(void) +@@ -3639,7 +3922,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -72306,7 +72295,7 @@ index 6105f47..3363489 100644 return 0; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 458dede..b9d786e 100644 +index 82f1b02..5eb68b7 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -655,6 +655,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -74103,7 +74092,7 @@ index bb8f4f0..40d3e02 100644 new->vm_region = region; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 88a6d87..ae1c51c 100644 +index 691b8ec..c158be3 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -335,7 +335,7 @@ out: @@ -74379,7 +74368,7 @@ index a409bd8..1e695db 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index da2bb68..e5ae5e71 100644 +index da2bb68..cc35e70 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -153,7 +153,7 @@ @@ -74552,7 +74541,7 @@ index da2bb68..e5ae5e71 100644 + if (!PageSlab(page)) + return false; + -+ cachep = page->slab_cache; ++ cachep = page_get_cache(page); + return cachep->flags & SLAB_USERCOPY; +} + @@ -74576,7 +74565,7 @@ index da2bb68..e5ae5e71 100644 + if (!PageSlab(page)) + return NULL; + -+ cachep = page->slab_cache; ++ cachep = page_get_cache(page); + if (!(cachep->flags & SLAB_USERCOPY)) + return cachep->name; + @@ -75735,7 +75724,7 @@ index 23f45ce..c748f1a 100644 #undef __HANDLE_ITEM } diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index a6d5d63..1cc6c2b 100644 +index fa701b6..8b9762a 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c @@ -539,7 +539,7 @@ static void bat_iv_ogm_schedule(struct hard_iface *hard_iface, @@ -75934,7 +75923,7 @@ index 4a26348..a018d15 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 717c43a..d7f68b7 100644 +index 8d1edd7..c63b363 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -685,7 +685,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c @@ -76672,7 +76661,7 @@ index dfba343..c827d50 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index 3727e23..517f5df 100644 +index b7bf6e3..7325e1d 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -318,7 +318,7 @@ static inline int ip_frag_too_far(struct ipq *qp) @@ -76942,10 +76931,10 @@ index 167ea10..4b15883 100644 ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 3acebbd..3fa7572 100644 +index 0e0b6d0..53656c6 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4725,7 +4725,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4752,7 +4752,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -76955,7 +76944,7 @@ index 3acebbd..3fa7572 100644 u32 start, u32 end) { diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 8f2458d..9a12fbb 100644 +index 76f50e1..e26b039 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -76969,7 +76958,7 @@ index 8f2458d..9a12fbb 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1642,6 +1646,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1640,6 +1644,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -76979,7 +76968,7 @@ index 8f2458d..9a12fbb 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1704,12 +1711,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1702,12 +1709,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -77002,7 +76991,7 @@ index 8f2458d..9a12fbb 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1759,6 +1773,10 @@ no_tcp_socket: +@@ -1757,6 +1771,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -77013,7 +77002,7 @@ index 8f2458d..9a12fbb 100644 tcp_v4_send_reset(NULL, skb); } -@@ -2420,7 +2438,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, +@@ -2418,7 +2436,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, 0, /* non standard timer */ 0, /* open_requests have no inode */ atomic_read(&sk->sk_refcnt), @@ -77025,7 +77014,7 @@ index 8f2458d..9a12fbb 100644 len); } -@@ -2470,7 +2492,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) +@@ -2468,7 +2490,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) sock_i_uid(sk), icsk->icsk_probes_out, sock_i_ino(sk), @@ -77039,7 +77028,7 @@ index 8f2458d..9a12fbb 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2498,7 +2525,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, +@@ -2496,7 +2523,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", i, src, srcp, dest, destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -77426,7 +77415,7 @@ index 3ee2870..f19606b 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 8a8fa2d..4faf719 100644 +index 3889e02..889d1ea 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -94,6 +94,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, @@ -77440,7 +77429,7 @@ index 8a8fa2d..4faf719 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1543,6 +1547,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1544,6 +1548,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -77450,7 +77439,7 @@ index 8a8fa2d..4faf719 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1624,12 +1631,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1625,12 +1632,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -77473,7 +77462,7 @@ index 8a8fa2d..4faf719 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1677,6 +1692,10 @@ no_tcp_socket: +@@ -1678,6 +1693,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -77484,7 +77473,7 @@ index 8a8fa2d..4faf719 100644 tcp_v6_send_reset(NULL, skb); } -@@ -1931,7 +1950,13 @@ static void get_openreq6(struct seq_file *seq, +@@ -1932,7 +1951,13 @@ static void get_openreq6(struct seq_file *seq, uid, 0, /* non standard timer */ 0, /* open_requests have no inode */ @@ -77499,7 +77488,7 @@ index 8a8fa2d..4faf719 100644 } static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) -@@ -1981,7 +2006,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) +@@ -1982,7 +2007,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) sock_i_uid(sp), icsk->icsk_probes_out, sock_i_ino(sp), @@ -77513,7 +77502,7 @@ index 8a8fa2d..4faf719 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, -@@ -2016,7 +2046,13 @@ static void get_timewait6_sock(struct seq_file *seq, +@@ -2017,7 +2047,13 @@ static void get_timewait6_sock(struct seq_file *seq, dest->s6_addr32[2], dest->s6_addr32[3], destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -77757,7 +77746,7 @@ index 7e5d927..cdbb54e 100644 return res; } diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 498e87b..29c1ead 100644 +index f8b5e75..f2b4942 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -78839,7 +78828,7 @@ index 1e2eee8..ce3967e 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index dba20d6..9fa89aa 100644 +index 7405355..d34ad39 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4577,6 +4577,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, @@ -79114,7 +79103,7 @@ index dab3176..bea91b3 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index eda32ae..1c9fa7c 100644 +index 85b9235..03610ce 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c @@ -240,9 +240,9 @@ static int rpc_wait_bit_killable(void *word) @@ -88738,7 +88727,7 @@ index 6789d78..4afd019e 100644 + #endif diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 9739b53..462f93d 100644 +index 71b9036..6967337 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,7 +75,7 @@ LIST_HEAD(vm_list); @@ -88750,7 +88739,7 @@ index 9739b53..462f93d 100644 struct kmem_cache *kvm_vcpu_cache; EXPORT_SYMBOL_GPL(kvm_vcpu_cache); -@@ -707,7 +707,7 @@ int __kvm_set_memory_region(struct kvm *kvm, +@@ -706,7 +706,7 @@ int __kvm_set_memory_region(struct kvm *kvm, /* We can read the guest memory with __xxx_user() later on. */ if (user_alloc && ((mem->userspace_addr & (PAGE_SIZE - 1)) || @@ -88759,7 +88748,7 @@ index 9739b53..462f93d 100644 (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; -@@ -2247,7 +2247,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2244,7 +2244,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -88768,7 +88757,7 @@ index 9739b53..462f93d 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2301,10 +2301,10 @@ static int hardware_enable_all(void) +@@ -2298,10 +2298,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -88781,7 +88770,7 @@ index 9739b53..462f93d 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2667,7 +2667,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2664,7 +2664,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -88790,7 +88779,7 @@ index 9739b53..462f93d 100644 struct module *module) { int r; -@@ -2730,7 +2730,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2727,7 +2727,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -88799,7 +88788,7 @@ index 9739b53..462f93d 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2740,9 +2740,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2737,9 +2737,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; diff --git a/main/linux-grsec/xsa40.patch b/main/linux-grsec/xsa40.patch deleted file mode 100644 index 29db917cbb..0000000000 --- a/main/linux-grsec/xsa40.patch +++ /dev/null @@ -1,56 +0,0 @@ -Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. - -This fixes CVE-2013-0190 / XSA-40 - -There has been an error on the xen_failsafe_callback path for failed -iret, which causes the stack pointer to be wrong when entering the -iret_exc error path. This can result in the kernel crashing. - -In the classic kernel case, the relevant code looked a little like: - - popl %eax # Error code from hypervisor - jz 5f - addl $16,%esp - jmp iret_exc # Hypervisor said iret fault -5: addl $16,%esp - # Hypervisor said segment selector fault - -Here, there are two identical addls on either option of a branch which -appears to have been optimised by hoisting it above the jz, and -converting it to an lea, which leaves the flags register unaffected. - -In the PVOPS case, the code looks like: - - popl_cfi %eax # Error from the hypervisor - lea 16(%esp),%esp # Add $16 before choosing fault path - CFI_ADJUST_CFA_OFFSET -16 - jz 5f - addl $16,%esp # Incorrectly adjust %esp again - jmp iret_exc - -It is possible unprivileged userspace applications to cause this -behaviour, for example by loading an LDT code selector, then changing -the code selector to be not-present. At this point, there is a race -condition where it is possible for the hypervisor to return back to -userspace from an interrupt, fault on its own iret, and inject a -failsafe_callback into the kernel. - -This bug has been present since the introduction of Xen PVOPS support -in commit 5ead97c84 (xen: Core Xen implementation), in 2.6.23. - -Signed-off-by: Frediano Ziglio <frediano.ziglio@citrix.com> -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> - -diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index ff84d54..6ed91d9 100644 ---- a/arch/x86/kernel/entry_32.S -+++ b/arch/x86/kernel/entry_32.S -@@ -1065,7 +1065,6 @@ ENTRY(xen_failsafe_callback) - lea 16(%esp),%esp - CFI_ADJUST_CFA_OFFSET -16 - jz 5f -- addl $16,%esp - jmp iret_exc - 5: pushl_cfi $-1 /* orig_ax = -1 => not a system call */ - SAVE_ALL - |