aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2013-07-24 10:55:16 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2013-07-24 10:55:16 +0000
commitbb11263f216e7d42afa5231d487ea94bf977b93e (patch)
tree00d4402732ca5bbb0fba1d4ac6926e80429e1fac
parenta2767704007eaf277cd153e9e3ea42d213e0335e (diff)
downloadaports-bb11263f216e7d42afa5231d487ea94bf977b93e.tar.bz2
aports-bb11263f216e7d42afa5231d487ea94bf977b93e.tar.xz
main/linux-virt-grsec: upgrade to 3.9.11
-rw-r--r--main/linux-virt-grsec/APKBUILD16
-rw-r--r--main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-1.patch (renamed from main/linux-virt-grsec/grsecurity-2.9.1-3.9.9-201307050017.patch)1361
2 files changed, 862 insertions, 515 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
index c564752831..a94f25ba3e 100644
--- a/main/linux-virt-grsec/APKBUILD
+++ b/main/linux-virt-grsec/APKBUILD
@@ -3,7 +3,7 @@
_flavor=grsec
pkgname=linux-virt-${_flavor}
-pkgver=3.9.9
+pkgver=3.9.11
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.9.9-201307050017.patch
+ grsecurity-2.9.1-3.9.11-unofficial-1.patch
0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -148,8 +148,8 @@ dev() {
}
md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
-41f350c2fd6aa14414bf39f173a8e6a3 patch-3.9.9.xz
-f3b3db991845d216a1f60921f5fd650e grsecurity-2.9.1-3.9.9-201307050017.patch
+552146435b7ecc414bf8e3cd8bb6ac4a patch-3.9.11.xz
+0888981bb55e0d27b6ed39edcc7ee45a grsecurity-2.9.1-3.9.11-unofficial-1.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -159,8 +159,8 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p
35bdbb795392104434fdb16e226606bc kernelconfig.x86
3fa1281098783b061581f6c1122edd77 kernelconfig.x86_64"
sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
-4ae653db69190a10b842f05c19499a528ae29898e4f2dfbdb420ef5d26112f3b patch-3.9.9.xz
-d864bb3e745101f5a624a2b716a03ec1b5dc31e4b3ddec6c9741426bcbbd1e53 grsecurity-2.9.1-3.9.9-201307050017.patch
+29be11d16ef152ae1858d567cbf45f0da0193adf364826f5e3fa8b2fcd839682 patch-3.9.11.xz
+fa2223e87b38e225568a36ee2eb00976f74bc109e2ccc21c93abed676f58e3ad grsecurity-2.9.1-3.9.11-unofficial-1.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -170,8 +170,8 @@ fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-
ca83354dfd4d2938bad03bd05aa25d6ab7228b289eabd43f10dab5c571f0ec07 kernelconfig.x86
8e64c024e2f8d7d67198ad8c331cd3ef8df40015c85a0b5ef4c2487274404abb kernelconfig.x86_64"
sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
-51fa4e20b23c9900078e90ace0c4cc38e419e5028a88b63443fafa66c07ad28aab77cb0f56ceb9c8416bfde848ceba64e95f608f0f64ab4634386a161cbc7994 patch-3.9.9.xz
-a16dde6d53649aecfa9eb47b969dbc5d147909c48191cc44a666c8f946181688344ac7512330e08fc47c48073010dd4154aac7b572d6301acaf39f5ad6e1b0df grsecurity-2.9.1-3.9.9-201307050017.patch
+c3a0be102d816ae06d7dfdd2738915fc2114cb9bb488b03b34e4f52f2367dcba4d8cb8ba203687bf694c2dcad36d70bb9d3121ac739a28e2c7fb2c44f08a9c71 patch-3.9.11.xz
+59e34764fca125d097d1826042dce0e6fb0bf53eb97935b591e57674fb755491d78b1180a6db6253a869ffe56f7ceddf2e80f24812319e2b2f623d3e100aaa00 grsecurity-2.9.1-3.9.11-unofficial-1.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
diff --git a/main/linux-virt-grsec/grsecurity-2.9.1-3.9.9-201307050017.patch b/main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-1.patch
index 1ae3c82aef..932805c959 100644
--- a/main/linux-virt-grsec/grsecurity-2.9.1-3.9.9-201307050017.patch
+++ b/main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-1.patch
@@ -263,7 +263,7 @@ index 8ccbf27..afffeb4 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 9591325..1457ef3 100644
+index ad368cd..96b21c3 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -1212,13 +1212,11 @@ index c79f61f..9ac0642 100644
static inline u64 atomic64_add_return(u64 i, atomic64_t *v)
{
-- u64 result;
-- unsigned long tmp;
+ u64 result, tmp;
-
- smp_mb();
-
- __asm__ __volatile__("@ atomic64_add_return\n"
++
++ smp_mb();
++
++ __asm__ __volatile__("@ atomic64_add_return\n"
+"1: ldrexd %1, %H1, [%3]\n"
+" adds %0, %1, %4\n"
+" adcs %H0, %H1, %H4\n"
@@ -1251,19 +1249,21 @@ index c79f61f..9ac0642 100644
+
+static inline u64 atomic64_add_return_unchecked(u64 i, atomic64_unchecked_t *v)
+{
-+ u64 result;
-+ unsigned long tmp;
-+
-+ smp_mb();
-+
+ u64 result;
+ unsigned long tmp;
+
+ smp_mb();
+
+- __asm__ __volatile__("@ atomic64_add_return\n"
+ __asm__ __volatile__("@ atomic64_add_return_unchecked\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
" adc %H0, %H0, %H4\n"
-@@ -318,6 +607,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+@@ -318,23 +607,34 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %0, %0, %4\n"
+-" sbc %H0, %H0, %H4\n"
+" sbcs %H0, %H0, %H4\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
@@ -1272,45 +1272,46 @@ index c79f61f..9ac0642 100644
+"3:\n"
+#endif
+
-+" strexd %1, %0, %H0, [%3]\n"
-+" teq %1, #0\n"
-+" bne 1b"
+ " strexd %1, %0, %H0, [%3]\n"
+ " teq %1, #0\n"
+ " bne 1b"
+
+#ifdef CONFIG_PAX_REFCOUNT
+"\n4:\n"
+ _ASM_EXTABLE(2b, 4b)
+#endif
+
-+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
-+ : "r" (&v->counter), "r" (i)
-+ : "cc");
-+}
-+
+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
+ : "r" (&v->counter), "r" (i)
+ : "cc");
+ }
+
+-static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
+static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v)
-+{
-+ u64 result;
-+ unsigned long tmp;
-+
+ {
+ u64 result;
+ unsigned long tmp;
+
+- smp_mb();
+-
+- __asm__ __volatile__("@ atomic64_sub_return\n"
+ __asm__ __volatile__("@ atomic64_sub_unchecked\n"
-+"1: ldrexd %0, %H0, [%3]\n"
-+" subs %0, %0, %4\n"
+ "1: ldrexd %0, %H0, [%3]\n"
+ " subs %0, %0, %4\n"
" sbc %H0, %H0, %H4\n"
- " strexd %1, %0, %H0, [%3]\n"
- " teq %1, #0\n"
-@@ -329,18 +648,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
-
- static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
- {
-- u64 result;
-- unsigned long tmp;
+@@ -344,6 +644,39 @@ static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
+ : "r" (&v->counter), "r" (i)
+ : "cc");
++}
++
++static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
++{
+ u64 result, tmp;
-
- smp_mb();
-
- __asm__ __volatile__("@ atomic64_sub_return\n"
--"1: ldrexd %0, %H0, [%3]\n"
--" subs %0, %0, %4\n"
--" sbc %H0, %H0, %H4\n"
++
++ smp_mb();
++
++ __asm__ __volatile__("@ atomic64_sub_return\n"
+"1: ldrexd %1, %H1, [%3]\n"
+" subs %0, %1, %4\n"
+" sbcs %H0, %H1, %H4\n"
@@ -1323,18 +1324,21 @@ index c79f61f..9ac0642 100644
+"3:\n"
+#endif
+
- " strexd %1, %0, %H0, [%3]\n"
- " teq %1, #0\n"
- " bne 1b"
++" strexd %1, %0, %H0, [%3]\n"
++" teq %1, #0\n"
++" bne 1b"
+
+#ifdef CONFIG_PAX_REFCOUNT
+"\n4:\n"
+ _ASM_EXTABLE(2b, 4b)
+#endif
+
- : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
- : "r" (&v->counter), "r" (i)
- : "cc");
++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
++ : "r" (&v->counter), "r" (i)
++ : "cc");
+
+ smp_mb();
+
@@ -374,6 +707,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
return oldval;
}
@@ -1539,15 +1543,15 @@ index 6ddbe44..b5e38b1 100644
+#define DOMAIN_KERNELCLIENT 1
#define DOMAIN_MANAGER 3
+#define DOMAIN_VECTORS DOMAIN_USER
- #else
++#else
+
+#ifdef CONFIG_PAX_KERNEXEC
- #define DOMAIN_MANAGER 1
-+#define DOMAIN_KERNEXEC 3
-+#else
+#define DOMAIN_MANAGER 1
-+#endif
-+
++#define DOMAIN_KERNEXEC 3
+ #else
+ #define DOMAIN_MANAGER 1
+ #endif
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+#define DOMAIN_USERCLIENT 0
+#define DOMAIN_UDEREF 1
@@ -1558,8 +1562,8 @@ index 6ddbe44..b5e38b1 100644
+#endif
+#define DOMAIN_KERNELCLIENT 1
+
- #endif
-
++#endif
++
#define domain_val(dom,type) ((type) << (2*(dom)))
#ifndef __ASSEMBLY__
@@ -2967,15 +2971,16 @@ index 296786b..a8d4dd5 100644
- */
- flush_icache_range((unsigned long)rc,
- (unsigned long)(rc + 2));
+-
+- retcode = ((unsigned long)rc) + thumb;
+- }
+ /*
+ * Ensure that the instruction cache sees
+ * the return code written onto the stack.
+ */
+ flush_icache_range((unsigned long)rc,
+ (unsigned long)(rc + 2));
-
-- retcode = ((unsigned long)rc) + thumb;
-- }
++
+ retcode = ((unsigned long)rc) + thumb;
}
@@ -3750,7 +3755,7 @@ index ad722f1..763fdd3 100644
#ifdef CONFIG_HAVE_TCM
extern char __tcm_start, __tcm_end;
+#endif
-
++
+#ifdef CONFIG_PAX_KERNEXEC
+ unsigned long addr;
+ pgd_t *pgd;
@@ -3787,7 +3792,7 @@ index ad722f1..763fdd3 100644
+ }
+ }
+#endif
-+
+
+#ifdef CONFIG_HAVE_TCM
poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start);
totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)),
@@ -4197,12 +4202,12 @@ index a84ff76..f221c1d 100644
struct map_desc map;
unsigned long addr;
- void *vectors;
-
+-
- /*
- * Allocate the vector page early.
- */
- vectors = early_alloc(PAGE_SIZE);
--
+
- early_trap_init(vectors);
+ early_trap_init(&vectors);
@@ -8206,13 +8211,13 @@ index e562d3c..191f176 100644
{
- unsigned long ret = ___copy_to_user(to, from, size);
+ unsigned long ret;
-
++
+ if ((long)size < 0 || size > INT_MAX)
+ return size;
+
+ if (!__builtin_constant_p(size))
+ check_object_size(from, size, true);
-+
+
+ ret = ___copy_to_user(to, from, size);
if (unlikely(ret))
ret = copy_to_user_fixup(to, from, size);
@@ -12389,6 +12394,11 @@ index 722aa3b..3a0bb27 100644
-#define atomic_clear_mask(mask, addr) \
- asm volatile(LOCK_PREFIX "andl %0,%1" \
- : : "r" (~(mask)), "m" (*(addr)) : "memory")
+-
+-#define atomic_set_mask(mask, addr) \
+- asm volatile(LOCK_PREFIX "orl %0,%1" \
+- : : "r" ((unsigned)(mask)), "m" (*(addr)) \
+- : "memory")
+static inline void atomic_clear_mask(unsigned int mask, atomic_t *v)
+{
+ asm volatile(LOCK_PREFIX "andl %1,%0"
@@ -12396,11 +12406,7 @@ index 722aa3b..3a0bb27 100644
+ : "r" (~(mask))
+ : "memory");
+}
-
--#define atomic_set_mask(mask, addr) \
-- asm volatile(LOCK_PREFIX "orl %0,%1" \
-- : : "r" ((unsigned)(mask)), "m" (*(addr)) \
-- : "memory")
++
+static inline void atomic_clear_mask_unchecked(unsigned int mask, atomic_unchecked_t *v)
+{
+ asm volatile(LOCK_PREFIX "andl %1,%0"
@@ -14033,9 +14039,9 @@ index cdbf367..adb37ac 100644
+#endif
+
}
-+#endif
- }
--#endif
+- }
+ #endif
++ }
}
#define activate_mm(prev, next) \
@@ -15438,15 +15444,7 @@ index 70bbe39..4ae2bd4 100644
- void *data,
- unsigned long *end,
- int *graph);
-+typedef unsigned long walk_stack_t(struct task_struct *task,
-+ void *stack_start,
-+ unsigned long *stack,
-+ unsigned long bp,
-+ const struct stacktrace_ops *ops,
-+ void *data,
-+ unsigned long *end,
-+ int *graph);
-
+-
-extern unsigned long
-print_context_stack(struct thread_info *tinfo,
- unsigned long *stack, unsigned long bp,
@@ -15458,6 +15456,15 @@ index 70bbe39..4ae2bd4 100644
- unsigned long *stack, unsigned long bp,
- const struct stacktrace_ops *ops, void *data,
- unsigned long *end, int *graph);
++typedef unsigned long walk_stack_t(struct task_struct *task,
++ void *stack_start,
++ unsigned long *stack,
++ unsigned long bp,
++ const struct stacktrace_ops *ops,
++ void *data,
++ unsigned long *end,
++ int *graph);
++
+extern walk_stack_t print_context_stack;
+extern walk_stack_t print_context_stack_bp;
@@ -15583,43 +15590,16 @@ index 2cd056e..0224df8 100644
/* Only used for 64 bit */
#define _TIF_DO_NOTIFY_MASK \
-@@ -158,45 +154,40 @@ struct thread_info {
+@@ -158,6 +154,23 @@ struct thread_info {
#define PREEMPT_ACTIVE 0x10000000
--#ifdef CONFIG_X86_32
--
--#define STACK_WARN (THREAD_SIZE/8)
--/*
-- * macros/functions for gaining access to the thread information structure
-- *
-- * preempt_count needs to be 1 initially, until the scheduler is functional.
-- */
--#ifndef __ASSEMBLY__
--
--
--/* how to get the current stack pointer from C */
--register unsigned long current_stack_pointer asm("esp") __used;
--
--/* how to get the thread information struct from C */
--static inline struct thread_info *current_thread_info(void)
--{
-- return (struct thread_info *)
-- (current_stack_pointer & ~(THREAD_SIZE - 1));
--}
--
--#else /* !__ASSEMBLY__ */
--
+#ifdef __ASSEMBLY__
- /* how to get the thread information struct from ASM */
- #define GET_THREAD_INFO(reg) \
-- movl $-THREAD_SIZE, reg; \
-- andl %esp, reg
++/* how to get the thread information struct from ASM */
++#define GET_THREAD_INFO(reg) \
+ mov PER_CPU_VAR(current_tinfo), reg
-
- /* use this one if reg already contains %esp */
--#define GET_THREAD_INFO_WITH_ESP(reg) \
-- andl $-THREAD_SIZE, reg
++
++/* use this one if reg already contains %esp */
+#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg)
+#else
+/* how to get the thread information struct from C */
@@ -15631,19 +15611,35 @@ index 2cd056e..0224df8 100644
+}
+#endif
+
-+#ifdef CONFIG_X86_32
-+
-+#define STACK_WARN (THREAD_SIZE/8)
-+/*
-+ * macros/functions for gaining access to the thread information structure
-+ *
-+ * preempt_count needs to be 1 initially, until the scheduler is functional.
-+ */
-+#ifndef __ASSEMBLY__
-+
-+/* how to get the current stack pointer from C */
-+register unsigned long current_stack_pointer asm("esp") __used;
+ #ifdef CONFIG_X86_32
+
+ #define STACK_WARN (THREAD_SIZE/8)
+@@ -168,35 +181,13 @@ struct thread_info {
+ */
+ #ifndef __ASSEMBLY__
+-
+ /* how to get the current stack pointer from C */
+ register unsigned long current_stack_pointer asm("esp") __used;
+
+-/* how to get the thread information struct from C */
+-static inline struct thread_info *current_thread_info(void)
+-{
+- return (struct thread_info *)
+- (current_stack_pointer & ~(THREAD_SIZE - 1));
+-}
+-
+-#else /* !__ASSEMBLY__ */
+-
+-/* how to get the thread information struct from ASM */
+-#define GET_THREAD_INFO(reg) \
+- movl $-THREAD_SIZE, reg; \
+- andl %esp, reg
+-
+-/* use this one if reg already contains %esp */
+-#define GET_THREAD_INFO_WITH_ESP(reg) \
+- andl $-THREAD_SIZE, reg
+-
#endif
#else /* X86_32 */
@@ -16008,18 +16004,18 @@ index 7f760a9..04b1c65 100644
unsigned long n)
{
- return __copy_from_user_ll_nocache_nozero(to, from, n);
+-}
+ if ((long)n < 0)
+ return n;
-+
-+ return __copy_from_user_ll_nocache_nozero(to, from, n);
- }
-unsigned long __must_check copy_to_user(void __user *to,
- const void *from, unsigned long n);
-unsigned long __must_check _copy_from_user(void *to,
- const void __user *from,
- unsigned long n);
--
++ return __copy_from_user_ll_nocache_nozero(to, from, n);
++}
+
+extern void copy_to_user_overflow(void)
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+ __compiletime_error("copy_to_user() buffer size is not provably correct")
@@ -16059,13 +16055,14 @@ index 7f760a9..04b1c65 100644
- if (likely(sz == -1 || sz >= n))
- n = _copy_from_user(to, from, n);
- else
+- copy_from_user_overflow();
+ if (unlikely(sz != (size_t)-1 && sz < n))
+ copy_to_user_overflow();
+ else if (access_ok(VERIFY_WRITE, to, n))
+ n = __copy_to_user(to, from, n);
+ return n;
+}
-+
+
+/**
+ * copy_from_user: - Copy a block of data from user space.
+ * @to: Destination address, in kernel space.
@@ -16090,8 +16087,7 @@ index 7f760a9..04b1c65 100644
+ check_object_size(to, n, false);
+
+ if (unlikely(sz != (size_t)-1 && sz < n))
- copy_from_user_overflow();
--
++ copy_from_user_overflow();
+ else if (access_ok(VERIFY_READ, from, n))
+ n = __copy_from_user(to, from, n);
+ else if ((long)n > 0)
@@ -17129,16 +17125,16 @@ index 2861082..6d4718e 100644
+
+#ifdef CONFIG_PAX_KERNEXEC
+ OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
- #endif
-
++#endif
++
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3);
+ OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3);
+#ifdef CONFIG_X86_64
+ OFFSET(PV_MMU_set_pgd_batched, pv_mmu_ops, set_pgd_batched);
+#endif
-+#endif
-+
+ #endif
+
+#endif
+
+ BLANK();
@@ -20678,10 +20674,10 @@ index 321d65e..ad8817d 100644
+#ifndef CONFIG_XEN
+ addq %rbp, level3_ident_pgt + (1*8)(%rip)
+#endif
++
++ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
- addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
-+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
-+
+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
+ addq %rbp, level3_kernel_pgt + ((L3_START_KERNEL+1)*8)(%rip)
+
@@ -20753,10 +20749,10 @@ index 321d65e..ad8817d 100644
+ .section .rodata,"a",@progbits
-#ifndef CONFIG_XEN
- NEXT_PAGE(init_level4_pgt)
+-NEXT_PAGE(init_level4_pgt)
- .fill 512,8,0
-#else
--NEXT_PAGE(init_level4_pgt)
+ NEXT_PAGE(init_level4_pgt)
- .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
.org init_level4_pgt + L4_PAGE_OFFSET*8, 0
.quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
@@ -21933,10 +21929,10 @@ index 8bfb335..c1463c6 100644
ret = paravirt_patch_ident_32(insnbuf, len);
- else if (opfunc == _paravirt_ident_64)
+ else if (opfunc == (void *)_paravirt_ident_64)
- ret = paravirt_patch_ident_64(insnbuf, len);
++ ret = paravirt_patch_ident_64(insnbuf, len);
+#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
+ else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64)
-+ ret = paravirt_patch_ident_64(insnbuf, len);
+ ret = paravirt_patch_ident_64(insnbuf, len);
+#endif
else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) ||
@@ -24142,7 +24138,7 @@ index e1b1ce2..f7b4b43 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 0af1807..06912bb 100644
+index 0e2f2a4..4331db2 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1184,12 +1184,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -24212,7 +24208,7 @@ index 0af1807..06912bb 100644
if (nested)
nested_vmx_setup_ctls_msrs();
-@@ -3883,7 +3896,10 @@ static void vmx_set_constant_host_state(void)
+@@ -3890,7 +3903,10 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
@@ -24223,7 +24219,7 @@ index 0af1807..06912bb 100644
vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
#ifdef CONFIG_X86_64
-@@ -3904,7 +3920,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3911,7 +3927,7 @@ static void vmx_set_constant_host_state(void)
native_store_idt(&dt);
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
@@ -24232,7 +24228,7 @@ index 0af1807..06912bb 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6580,6 +6596,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6587,6 +6603,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -24245,7 +24241,7 @@ index 0af1807..06912bb 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -6632,6 +6654,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6639,6 +6661,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -24257,7 +24253,7 @@ index 0af1807..06912bb 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -6645,7 +6672,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6652,7 +6679,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -24266,7 +24262,7 @@ index 0af1807..06912bb 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -6654,8 +6681,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6661,8 +6688,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -27104,13 +27100,16 @@ index f0312d7..9c39d63 100644
- */
-unsigned long
-copy_to_user(void __user *to, const void *from, unsigned long n)
--{
++void copy_from_user_overflow(void)
+ {
- if (access_ok(VERIFY_WRITE, to, n))
- n = __copy_to_user(to, from, n);
- return n;
--}
++ WARN(1, "Buffer overflow detected!\n");
+ }
-EXPORT_SYMBOL(copy_to_user);
--
++EXPORT_SYMBOL(copy_from_user_overflow);
+
-/**
- * copy_from_user: - Copy a block of data from user space.
- * @to: Destination address, in kernel space.
@@ -27129,30 +27128,23 @@ index f0312d7..9c39d63 100644
- */
-unsigned long
-_copy_from_user(void *to, const void __user *from, unsigned long n)
--{
++void copy_to_user_overflow(void)
+ {
- if (access_ok(VERIFY_READ, from, n))
- n = __copy_from_user(to, from, n);
- else
- memset(to, 0, n);
- return n;
--}
--EXPORT_SYMBOL(_copy_from_user);
--
- void copy_from_user_overflow(void)
- {
- WARN(1, "Buffer overflow detected!\n");
- }
- EXPORT_SYMBOL(copy_from_user_overflow);
-+
-+void copy_to_user_overflow(void)
-+{
+ WARN(1, "Buffer overflow detected!\n");
-+}
+ }
+-EXPORT_SYMBOL(_copy_from_user);
+EXPORT_SYMBOL(copy_to_user_overflow);
-+
+
+-void copy_from_user_overflow(void)
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+void __set_fs(mm_segment_t x)
-+{
+ {
+- WARN(1, "Buffer overflow detected!\n");
+ switch (x.seg) {
+ case 0:
+ loadsegment(gs, 0);
@@ -27167,7 +27159,8 @@ index f0312d7..9c39d63 100644
+ BUG();
+ }
+ return;
-+}
+ }
+-EXPORT_SYMBOL(copy_from_user_overflow);
+EXPORT_SYMBOL(__set_fs);
+
+void set_fs(mm_segment_t x)
@@ -27643,7 +27636,7 @@ index 0e88336..2bb9777 100644
return false;
return true;
-@@ -1008,18 +1203,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1008,19 +1203,34 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
{
struct vm_area_struct *vma;
struct task_struct *tsk;
@@ -27654,11 +27647,7 @@ index 0e88336..2bb9777 100644
unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE |
(write ? FAULT_FLAG_WRITE : 0);
-- tsk = current;
-- mm = tsk->mm;
--
- /* Get the faulting address: */
-- address = read_cr2();
++ /* Get the faulting address: */
+ unsigned long address = read_cr2();
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -27677,11 +27666,15 @@ index 0e88336..2bb9777 100644
+ }
+#endif
+
-+ tsk = current;
-+ mm = tsk->mm;
+ tsk = current;
+ mm = tsk->mm;
+- /* Get the faulting address: */
+- address = read_cr2();
+-
/*
* Detect and handle instructions that would cause a page fault for
+ * both a tracked kernel page and a userspace page.
@@ -1080,7 +1290,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
@@ -28222,10 +28215,10 @@ index 0c13708..ca05f23 100644
+#ifdef CONFIG_GRKERNSEC_KMEM
+ /* allow BDA */
+ if (!pagenr)
- return 1;
++ return 1;
+ /* allow EBDA */
+ if (pagenr >= ebda_start && pagenr < ebda_end)
-+ return 1;
+ return 1;
+ /* if tboot is in use, allow access to its hardcoded serial log range */
+ if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT)))
+ return 1;
@@ -28767,7 +28760,7 @@ index 474e28f..f016b6e 100644
if (vma == &gate_vma)
return "[vsyscall]";
diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c
-index 7b179b4..6bd17777 100644
+index 7b179b4..6bd1777 100644
--- a/arch/x86/mm/iomap_32.c
+++ b/arch/x86/mm/iomap_32.c
@@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot)
@@ -29223,7 +29216,7 @@ index 17fda6a..489c74a 100644
+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src)
+{
+ unsigned int count = USER_PGD_PTRS;
-
++
+ while (count--)
+ *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER);
+}
@@ -29236,7 +29229,7 @@ index 17fda6a..489c74a 100644
+
+ while (count--) {
+ pgd_t pgd;
-+
+
+#ifdef CONFIG_X86_64
+ pgd = __pgd(pgd_val(*src++) | _PAGE_USER);
+#else
@@ -31654,7 +31647,7 @@ index af00795..2bb8105 100644
#define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */
#define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */
diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c
-index 58916af..eb9dbcf6 100644
+index 58916af..eb9dbcf 100644
--- a/block/blk-iopoll.c
+++ b/block/blk-iopoll.c
@@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll)
@@ -31755,7 +31748,7 @@ index 7c668c8..db3521c 100644
err = -EFAULT;
goto out;
diff --git a/block/genhd.c b/block/genhd.c
-index 3c001fb..d15a9e8 100644
+index 5098a64..d15a9e8 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -467,21 +467,24 @@ static char *bdevt_str(dev_t devt, char *buf)
@@ -31786,15 +31779,6 @@ index 3c001fb..d15a9e8 100644
}
EXPORT_SYMBOL(blk_unregister_region);
-@@ -512,7 +515,7 @@ static void register_disk(struct gendisk *disk)
-
- ddev->parent = disk->driverfs_dev;
-
-- dev_set_name(ddev, disk->disk_name);
-+ dev_set_name(ddev, "%s", disk->disk_name);
-
- /* delay uevents, until we scanned partition table */
- dev_set_uevent_suppress(ddev, 1);
diff --git a/block/partitions/efi.c b/block/partitions/efi.c
index ff5804e..a88acad 100644
--- a/block/partitions/efi.c
@@ -31803,20 +31787,18 @@ index ff5804e..a88acad 100644
if (!gpt)
return NULL;
-+ if (!le32_to_cpu(gpt->num_partition_entries))
-+ return NULL;
-+ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
-+ if (!pte)
-+ return NULL;
-+
- count = le32_to_cpu(gpt->num_partition_entries) *
- le32_to_cpu(gpt->sizeof_partition_entry);
+- count = le32_to_cpu(gpt->num_partition_entries) *
+- le32_to_cpu(gpt->sizeof_partition_entry);
- if (!count)
-- return NULL;
++ if (!le32_to_cpu(gpt->num_partition_entries))
+ return NULL;
- pte = kzalloc(count, GFP_KERNEL);
-- if (!pte)
-- return NULL;
--
++ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
+ if (!pte)
+ return NULL;
+
++ count = le32_to_cpu(gpt->num_partition_entries) *
++ le32_to_cpu(gpt->sizeof_partition_entry);
if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba),
(u8 *) pte,
count) < count) {
@@ -31875,19 +31857,6 @@ index 9a87daa..fb17486 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
-diff --git a/crypto/algapi.c b/crypto/algapi.c
-index 6149a6e..55ed50d 100644
---- a/crypto/algapi.c
-+++ b/crypto/algapi.c
-@@ -495,7 +495,7 @@ static struct crypto_template *__crypto_lookup_template(const char *name)
-
- struct crypto_template *crypto_lookup_template(const char *name)
- {
-- return try_then_request_module(__crypto_lookup_template(name), name);
-+ return try_then_request_module(__crypto_lookup_template(name), "%s", name);
- }
- EXPORT_SYMBOL_GPL(crypto_lookup_template);
-
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -32092,7 +32061,7 @@ index 41c0504..f8c0836 100644
static void delete_gpe_attr_array(void)
{
diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
-index 34c8216..f56c828 100644
+index 09f6047..3b3dab4 100644
--- a/drivers/ata/libahci.c
+++ b/drivers/ata/libahci.c
@@ -1230,7 +1230,7 @@ int ahci_kick_engine(struct ata_port *ap)
@@ -33785,19 +33754,6 @@ index dfe7583..83768bb 100644
set_fs(old_fs);
if (likely(bw == len))
return 0;
-diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
-index 7fecc78..84d217c 100644
---- a/drivers/block/nbd.c
-+++ b/drivers/block/nbd.c
-@@ -714,7 +714,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
- else
- blk_queue_flush(nbd->disk->queue, 0);
-
-- thread = kthread_create(nbd_thread, nbd, nbd->disk->disk_name);
-+ thread = kthread_create(nbd_thread, nbd, "%s", nbd->disk->disk_name);
- if (IS_ERR(thread)) {
- mutex_lock(&nbd->tx_lock);
- return PTR_ERR(thread);
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 2e7de7a..ed86dc0 100644
--- a/drivers/block/pktcdvd.c
@@ -33812,7 +33768,7 @@ index 2e7de7a..ed86dc0 100644
static DEFINE_MUTEX(pktcdvd_mutex);
static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
-index d620b44..d7538c2 100644
+index 8a3aff7..d7538c2 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
@@ -33854,15 +33810,6 @@ index d620b44..d7538c2 100644
if (cgc.buffer)
break;
-@@ -2882,7 +2883,7 @@ static noinline int mmc_ioctl_cdrom_read_data(struct cdrom_device_info *cdi,
- if (lba < 0)
- return -EINVAL;
-
-- cgc->buffer = kmalloc(blocksize, GFP_KERNEL);
-+ cgc->buffer = kzalloc(blocksize, GFP_KERNEL);
- if (cgc->buffer == NULL)
- return -ENOMEM;
-
@@ -3429,7 +3430,7 @@ static int cdrom_print_info(const char *header, int val, char *info,
struct cdrom_device_info *cdi;
int ret;
@@ -33980,7 +33927,7 @@ index 86fe45c..c0ea948 100644
}
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
-index 053201b0..8335cce 100644
+index 053201b..8335cce 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -420,7 +420,7 @@ struct ipmi_smi {
@@ -34202,7 +34149,7 @@ index 2c644af..4b7aede 100644
return tty_init();
diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c
-index c689697..04e6d6a2 100644
+index c689697..04e6d6a 100644
--- a/drivers/char/mwave/tp3780i.c
+++ b/drivers/char/mwave/tp3780i.c
@@ -479,6 +479,7 @@ int tp3780I_QueryAbilities(THINKPAD_BD_DATA * pBDData, MW_ABILITIES * pAbilities
@@ -36577,7 +36524,7 @@ index 12f2f9e..679603c 100644
/*
* Represents channel interrupts. Each bit position represents a
diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
-index bf421e0..ce2c897 100644
+index 4004e54..c2de226 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -668,10 +668,10 @@ int vmbus_device_register(struct hv_device *child_device_obj)
@@ -39592,6 +39539,31 @@ index 5c3ce24..4915ccb 100644
- atomic_long_t flush_tlb_gru;
- atomic_long_t flush_tlb_gru_tgh;
- atomic_long_t flush_tlb_gru_zero_asid;
+-
+- atomic_long_t copy_gpa;
+- atomic_long_t read_gpa;
+-
+- atomic_long_t mesq_receive;
+- atomic_long_t mesq_receive_none;
+- atomic_long_t mesq_send;
+- atomic_long_t mesq_send_failed;
+- atomic_long_t mesq_noop;
+- atomic_long_t mesq_send_unexpected_error;
+- atomic_long_t mesq_send_lb_overflow;
+- atomic_long_t mesq_send_qlimit_reached;
+- atomic_long_t mesq_send_amo_nacked;
+- atomic_long_t mesq_send_put_nacked;
+- atomic_long_t mesq_page_overflow;
+- atomic_long_t mesq_qf_locked;
+- atomic_long_t mesq_qf_noop_not_full;
+- atomic_long_t mesq_qf_switch_head_failed;
+- atomic_long_t mesq_qf_unexpected_error;
+- atomic_long_t mesq_noop_unexpected_error;
+- atomic_long_t mesq_noop_lb_overflow;
+- atomic_long_t mesq_noop_qlimit_reached;
+- atomic_long_t mesq_noop_amo_nacked;
+- atomic_long_t mesq_noop_put_nacked;
+- atomic_long_t mesq_noop_page_overflow;
+ atomic_long_unchecked_t vdata_alloc;
+ atomic_long_unchecked_t vdata_free;
+ atomic_long_unchecked_t gts_alloc;
@@ -39643,33 +39615,10 @@ index 5c3ce24..4915ccb 100644
+ atomic_long_unchecked_t flush_tlb_gru;
+ atomic_long_unchecked_t flush_tlb_gru_tgh;
+ atomic_long_unchecked_t flush_tlb_gru_zero_asid;
-
-- atomic_long_t copy_gpa;
-- atomic_long_t read_gpa;
++
+ atomic_long_unchecked_t copy_gpa;
+ atomic_long_unchecked_t read_gpa;
-
-- atomic_long_t mesq_receive;
-- atomic_long_t mesq_receive_none;
-- atomic_long_t mesq_send;
-- atomic_long_t mesq_send_failed;
-- atomic_long_t mesq_noop;
-- atomic_long_t mesq_send_unexpected_error;
-- atomic_long_t mesq_send_lb_overflow;
-- atomic_long_t mesq_send_qlimit_reached;
-- atomic_long_t mesq_send_amo_nacked;
-- atomic_long_t mesq_send_put_nacked;
-- atomic_long_t mesq_page_overflow;
-- atomic_long_t mesq_qf_locked;
-- atomic_long_t mesq_qf_noop_not_full;
-- atomic_long_t mesq_qf_switch_head_failed;
-- atomic_long_t mesq_qf_unexpected_error;
-- atomic_long_t mesq_noop_unexpected_error;
-- atomic_long_t mesq_noop_lb_overflow;
-- atomic_long_t mesq_noop_qlimit_reached;
-- atomic_long_t mesq_noop_amo_nacked;
-- atomic_long_t mesq_noop_put_nacked;
-- atomic_long_t mesq_noop_page_overflow;
++
+ atomic_long_unchecked_t mesq_receive;
+ atomic_long_unchecked_t mesq_receive_none;
+ atomic_long_unchecked_t mesq_send;
@@ -39916,6 +39865,42 @@ index aee7671..3ca2651 100644
/* multicast configuration controlling object */
bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid,
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
+index edfa67a..d6c52ae 100644
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
+@@ -960,6 +960,9 @@ static int bnx2x_set_dump(struct net_device *dev, struct ethtool_dump *val)
+ struct bnx2x *bp = netdev_priv(dev);
+
+ /* Use the ethtool_dump "flag" field as the dump preset index */
++ if (val->flag < 1 || val->flag > DUMP_MAX_PRESETS)
++ return -EINVAL;
++
+ bp->dump_preset_idx = val->flag;
+ return 0;
+ }
+@@ -986,8 +989,6 @@ static int bnx2x_get_dump_data(struct net_device *dev,
+ struct bnx2x *bp = netdev_priv(dev);
+ struct dump_header dump_hdr = {0};
+
+- memset(p, 0, dump->len);
+-
+ /* Disable parity attentions as long as following dump may
+ * cause false alarms by reading never written registers. We
+ * will re-enable parity attentions right after the dump.
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+index c50696b..cf96f52 100644
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+@@ -11394,6 +11394,8 @@ static int bnx2x_init_bp(struct bnx2x *bp)
+ bp->min_msix_vec_cnt = 2;
+ BNX2X_DEV_INFO("bp->min_msix_vec_cnt %d", bp->min_msix_vec_cnt);
+
++ bp->dump_preset_idx = 1;
++
+ return rc;
+ }
+
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
index 7306416..5fb7fb5 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
@@ -39980,6 +39965,20 @@ index 6e8bc9d..94d957d 100644
break;
default:
return -EINVAL;
+diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
+index 2b5e621..32187b8 100644
+--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
++++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
+@@ -3036,7 +3036,9 @@ static void t3_io_resume(struct pci_dev *pdev)
+ CH_ALERT(adapter, "adapter recovering, PEX ERR 0x%x\n",
+ t3_read_reg(adapter, A_PCIE_PEX_ERR));
+
++ rtnl_lock();
+ t3_resume_ports(adapter);
++ rtnl_unlock();
+ }
+
+ static const struct pci_error_handlers t3_err_handler = {
diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
index 8cffcdf..aadf043 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
@@ -41479,7 +41478,7 @@ index d320df6..ca9a8f6 100644
#define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index 563771f..4e3c368 100644
+index 9c8b3bd..899c8fa 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
@@ -42936,7 +42935,7 @@ index f379c7f..e8fc69c 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 82910cc..7c350ad 100644
+index 0f0370f..7e076c4 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -2929,7 +2929,7 @@ static int sd_probe(struct device *dev)
@@ -44914,6 +44913,56 @@ index 6ef94bc..1b41265 100644
}
/*
+diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
+index dfff647..3a19054 100644
+--- a/drivers/vhost/net.c
++++ b/drivers/vhost/net.c
+@@ -857,7 +857,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
+ mutex_unlock(&vq->mutex);
+
+ if (oldubufs) {
+- vhost_ubuf_put_and_wait(oldubufs);
++ vhost_ubuf_put_and_wait_and_free(oldubufs);
+ mutex_lock(&vq->mutex);
+ vhost_zerocopy_signal_used(n, vq);
+ mutex_unlock(&vq->mutex);
+@@ -875,7 +875,7 @@ err_used:
+ rcu_assign_pointer(vq->private_data, oldsock);
+ vhost_net_enable_vq(n, vq);
+ if (ubufs)
+- vhost_ubuf_put_and_wait(ubufs);
++ vhost_ubuf_put_and_wait_and_free(ubufs);
+ err_ubufs:
+ fput(sock->file);
+ err_vq:
+diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
+index 9759249..2e2524c 100644
+--- a/drivers/vhost/vhost.c
++++ b/drivers/vhost/vhost.c
+@@ -1581,5 +1581,11 @@ void vhost_ubuf_put_and_wait(struct vhost_ubuf_ref *ubufs)
+ {
+ kref_put(&ubufs->kref, vhost_zerocopy_done_signal);
+ wait_event(ubufs->wait, !atomic_read(&ubufs->kref.refcount));
++}
++
++void vhost_ubuf_put_and_wait_and_free(struct vhost_ubuf_ref *ubufs)
++{
++ vhost_ubuf_put_and_wait(ubufs);
+ kfree(ubufs);
+ }
++
+diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
+index 17261e2..70cbe6f 100644
+--- a/drivers/vhost/vhost.h
++++ b/drivers/vhost/vhost.h
+@@ -63,6 +63,7 @@ struct vhost_ubuf_ref {
+ struct vhost_ubuf_ref *vhost_ubuf_alloc(struct vhost_virtqueue *, bool zcopy);
+ void vhost_ubuf_put(struct vhost_ubuf_ref *);
+ void vhost_ubuf_put_and_wait(struct vhost_ubuf_ref *);
++void vhost_ubuf_put_and_wait_and_free(struct vhost_ubuf_ref *);
+
+ struct ubuf_info;
+
diff --git a/drivers/video/aty/aty128fb.c b/drivers/video/aty/aty128fb.c
index 8c55011..eed4ae1a 100644
--- a/drivers/video/aty/aty128fb.c
@@ -49159,6 +49208,8 @@ index 86af964..5d53bf6 100644
+ */
}
+- if (elf_interpreter) {
+- unsigned long interp_map_addr = 0;
+#ifdef CONFIG_PAX_RANDMMAP
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
+ unsigned long start, size, flags;
@@ -49168,7 +49219,7 @@ index 86af964..5d53bf6 100644
+ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
+ flags = MAP_FIXED | MAP_PRIVATE;
+ vm_flags = VM_DONTEXPAND | VM_DONTDUMP;
-+
+
+ down_write(&current->mm->mmap_sem);
+ start = get_unmapped_area(NULL, start, PAGE_ALIGN(size), 0, flags);
+ retval = -ENOMEM;
@@ -49188,9 +49239,7 @@ index 86af964..5d53bf6 100644
+ }
+#endif
+
- if (elf_interpreter) {
-- unsigned long interp_map_addr = 0;
--
++ if (elf_interpreter) {
elf_entry = load_elf_interp(&loc->interp_elf_ex,
interpreter,
- &interp_map_addr,
@@ -49496,7 +49545,7 @@ index aae187a..fd790ba 100644
else if (whole->bd_holder != NULL)
return false; /* is a partition of a held device */
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index ca9d8f1..8c0142d 100644
+index 7a983f7..c73ee93 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1036,9 +1036,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
@@ -51471,7 +51520,7 @@ index 3b83cd6..0f34dcd 100644
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index f3190ab..84ffb21 100644
+index 8b6e837..36fd6c1 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1754,7 +1754,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
@@ -51601,7 +51650,7 @@ index b3b1f7d..cff51d5 100644
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
-index 3beae6a..8cc5637 100644
+index 1cb76e8..0fe3928 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -79,12 +79,20 @@ static int verify_group_input(struct super_block *sb,
@@ -52045,9 +52094,7 @@ index ee38fef..0a326d4 100644
#ifdef CONFIG_FSCACHE_STATS
-extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
-extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
-+extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
-+extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
-
+-
-extern atomic_t fscache_n_op_pend;
-extern atomic_t fscache_n_op_run;
-extern atomic_t fscache_n_op_enqueue;
@@ -52056,26 +52103,13 @@ index ee38fef..0a326d4 100644
-extern atomic_t fscache_n_op_gc;
-extern atomic_t fscache_n_op_cancelled;
-extern atomic_t fscache_n_op_rejected;
-+extern atomic_unchecked_t fscache_n_op_pend;
-+extern atomic_unchecked_t fscache_n_op_run;
-+extern atomic_unchecked_t fscache_n_op_enqueue;
-+extern atomic_unchecked_t fscache_n_op_deferred_release;
-+extern atomic_unchecked_t fscache_n_op_release;
-+extern atomic_unchecked_t fscache_n_op_gc;
-+extern atomic_unchecked_t fscache_n_op_cancelled;
-+extern atomic_unchecked_t fscache_n_op_rejected;
-
+-
-extern atomic_t fscache_n_attr_changed;
-extern atomic_t fscache_n_attr_changed_ok;
-extern atomic_t fscache_n_attr_changed_nobufs;
-extern atomic_t fscache_n_attr_changed_nomem;
-extern atomic_t fscache_n_attr_changed_calls;
-+extern atomic_unchecked_t fscache_n_attr_changed;
-+extern atomic_unchecked_t fscache_n_attr_changed_ok;
-+extern atomic_unchecked_t fscache_n_attr_changed_nobufs;
-+extern atomic_unchecked_t fscache_n_attr_changed_nomem;
-+extern atomic_unchecked_t fscache_n_attr_changed_calls;
-
+-
-extern atomic_t fscache_n_allocs;
-extern atomic_t fscache_n_allocs_ok;
-extern atomic_t fscache_n_allocs_wait;
@@ -52084,15 +52118,7 @@ index ee38fef..0a326d4 100644
-extern atomic_t fscache_n_allocs_object_dead;
-extern atomic_t fscache_n_alloc_ops;
-extern atomic_t fscache_n_alloc_op_waits;
-+extern atomic_unchecked_t fscache_n_allocs;
-+extern atomic_unchecked_t fscache_n_allocs_ok;
-+extern atomic_unchecked_t fscache_n_allocs_wait;
-+extern atomic_unchecked_t fscache_n_allocs_nobufs;
-+extern atomic_unchecked_t fscache_n_allocs_intr;
-+extern atomic_unchecked_t fscache_n_allocs_object_dead;
-+extern atomic_unchecked_t fscache_n_alloc_ops;
-+extern atomic_unchecked_t fscache_n_alloc_op_waits;
-
+-
-extern atomic_t fscache_n_retrievals;
-extern atomic_t fscache_n_retrievals_ok;
-extern atomic_t fscache_n_retrievals_wait;
@@ -52103,17 +52129,7 @@ index ee38fef..0a326d4 100644
-extern atomic_t fscache_n_retrievals_object_dead;
-extern atomic_t fscache_n_retrieval_ops;
-extern atomic_t fscache_n_retrieval_op_waits;
-+extern atomic_unchecked_t fscache_n_retrievals;
-+extern atomic_unchecked_t fscache_n_retrievals_ok;
-+extern atomic_unchecked_t fscache_n_retrievals_wait;
-+extern atomic_unchecked_t fscache_n_retrievals_nodata;
-+extern atomic_unchecked_t fscache_n_retrievals_nobufs;
-+extern atomic_unchecked_t fscache_n_retrievals_intr;
-+extern atomic_unchecked_t fscache_n_retrievals_nomem;
-+extern atomic_unchecked_t fscache_n_retrievals_object_dead;
-+extern atomic_unchecked_t fscache_n_retrieval_ops;
-+extern atomic_unchecked_t fscache_n_retrieval_op_waits;
-
+-
-extern atomic_t fscache_n_stores;
-extern atomic_t fscache_n_stores_ok;
-extern atomic_t fscache_n_stores_again;
@@ -52124,6 +52140,91 @@ index ee38fef..0a326d4 100644
-extern atomic_t fscache_n_store_pages;
-extern atomic_t fscache_n_store_radix_deletes;
-extern atomic_t fscache_n_store_pages_over_limit;
+-
+-extern atomic_t fscache_n_store_vmscan_not_storing;
+-extern atomic_t fscache_n_store_vmscan_gone;
+-extern atomic_t fscache_n_store_vmscan_busy;
+-extern atomic_t fscache_n_store_vmscan_cancelled;
+-extern atomic_t fscache_n_store_vmscan_wait;
+-
+-extern atomic_t fscache_n_marks;
+-extern atomic_t fscache_n_uncaches;
+-
+-extern atomic_t fscache_n_acquires;
+-extern atomic_t fscache_n_acquires_null;
+-extern atomic_t fscache_n_acquires_no_cache;
+-extern atomic_t fscache_n_acquires_ok;
+-extern atomic_t fscache_n_acquires_nobufs;
+-extern atomic_t fscache_n_acquires_oom;
+-
+-extern atomic_t fscache_n_invalidates;
+-extern atomic_t fscache_n_invalidates_run;
+-
+-extern atomic_t fscache_n_updates;
+-extern atomic_t fscache_n_updates_null;
+-extern atomic_t fscache_n_updates_run;
+-
+-extern atomic_t fscache_n_relinquishes;
+-extern atomic_t fscache_n_relinquishes_null;
+-extern atomic_t fscache_n_relinquishes_waitcrt;
+-extern atomic_t fscache_n_relinquishes_retire;
+-
+-extern atomic_t fscache_n_cookie_index;
+-extern atomic_t fscache_n_cookie_data;
+-extern atomic_t fscache_n_cookie_special;
+-
+-extern atomic_t fscache_n_object_alloc;
+-extern atomic_t fscache_n_object_no_alloc;
+-extern atomic_t fscache_n_object_lookups;
+-extern atomic_t fscache_n_object_lookups_negative;
+-extern atomic_t fscache_n_object_lookups_positive;
+-extern atomic_t fscache_n_object_lookups_timed_out;
+-extern atomic_t fscache_n_object_created;
+-extern atomic_t fscache_n_object_avail;
+-extern atomic_t fscache_n_object_dead;
+-
+-extern atomic_t fscache_n_checkaux_none;
+-extern atomic_t fscache_n_checkaux_okay;
+-extern atomic_t fscache_n_checkaux_update;
+-extern atomic_t fscache_n_checkaux_obsolete;
++extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
++extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
++
++extern atomic_unchecked_t fscache_n_op_pend;
++extern atomic_unchecked_t fscache_n_op_run;
++extern atomic_unchecked_t fscache_n_op_enqueue;
++extern atomic_unchecked_t fscache_n_op_deferred_release;
++extern atomic_unchecked_t fscache_n_op_release;
++extern atomic_unchecked_t fscache_n_op_gc;
++extern atomic_unchecked_t fscache_n_op_cancelled;
++extern atomic_unchecked_t fscache_n_op_rejected;
++
++extern atomic_unchecked_t fscache_n_attr_changed;
++extern atomic_unchecked_t fscache_n_attr_changed_ok;
++extern atomic_unchecked_t fscache_n_attr_changed_nobufs;
++extern atomic_unchecked_t fscache_n_attr_changed_nomem;
++extern atomic_unchecked_t fscache_n_attr_changed_calls;
++
++extern atomic_unchecked_t fscache_n_allocs;
++extern atomic_unchecked_t fscache_n_allocs_ok;
++extern atomic_unchecked_t fscache_n_allocs_wait;
++extern atomic_unchecked_t fscache_n_allocs_nobufs;
++extern atomic_unchecked_t fscache_n_allocs_intr;
++extern atomic_unchecked_t fscache_n_allocs_object_dead;
++extern atomic_unchecked_t fscache_n_alloc_ops;
++extern atomic_unchecked_t fscache_n_alloc_op_waits;
++
++extern atomic_unchecked_t fscache_n_retrievals;
++extern atomic_unchecked_t fscache_n_retrievals_ok;
++extern atomic_unchecked_t fscache_n_retrievals_wait;
++extern atomic_unchecked_t fscache_n_retrievals_nodata;
++extern atomic_unchecked_t fscache_n_retrievals_nobufs;
++extern atomic_unchecked_t fscache_n_retrievals_intr;
++extern atomic_unchecked_t fscache_n_retrievals_nomem;
++extern atomic_unchecked_t fscache_n_retrievals_object_dead;
++extern atomic_unchecked_t fscache_n_retrieval_ops;
++extern atomic_unchecked_t fscache_n_retrieval_op_waits;
++
+extern atomic_unchecked_t fscache_n_stores;
+extern atomic_unchecked_t fscache_n_stores_ok;
+extern atomic_unchecked_t fscache_n_stores_again;
@@ -52134,73 +52235,39 @@ index ee38fef..0a326d4 100644
+extern atomic_unchecked_t fscache_n_store_pages;
+extern atomic_unchecked_t fscache_n_store_radix_deletes;
+extern atomic_unchecked_t fscache_n_store_pages_over_limit;
-
--extern atomic_t fscache_n_store_vmscan_not_storing;
--extern atomic_t fscache_n_store_vmscan_gone;
--extern atomic_t fscache_n_store_vmscan_busy;
--extern atomic_t fscache_n_store_vmscan_cancelled;
--extern atomic_t fscache_n_store_vmscan_wait;
++
+extern atomic_unchecked_t fscache_n_store_vmscan_not_storing;
+extern atomic_unchecked_t fscache_n_store_vmscan_gone;
+extern atomic_unchecked_t fscache_n_store_vmscan_busy;
+extern atomic_unchecked_t fscache_n_store_vmscan_cancelled;
+extern atomic_unchecked_t fscache_n_store_vmscan_wait;
-
--extern atomic_t fscache_n_marks;
--extern atomic_t fscache_n_uncaches;
++
+extern atomic_unchecked_t fscache_n_marks;
+extern atomic_unchecked_t fscache_n_uncaches;
-
--extern atomic_t fscache_n_acquires;
--extern atomic_t fscache_n_acquires_null;
--extern atomic_t fscache_n_acquires_no_cache;
--extern atomic_t fscache_n_acquires_ok;
--extern atomic_t fscache_n_acquires_nobufs;
--extern atomic_t fscache_n_acquires_oom;
++
+extern atomic_unchecked_t fscache_n_acquires;
+extern atomic_unchecked_t fscache_n_acquires_null;
+extern atomic_unchecked_t fscache_n_acquires_no_cache;
+extern atomic_unchecked_t fscache_n_acquires_ok;
+extern atomic_unchecked_t fscache_n_acquires_nobufs;
+extern atomic_unchecked_t fscache_n_acquires_oom;
-
--extern atomic_t fscache_n_invalidates;
--extern atomic_t fscache_n_invalidates_run;
++
+extern atomic_unchecked_t fscache_n_invalidates;
+extern atomic_unchecked_t fscache_n_invalidates_run;
-
--extern atomic_t fscache_n_updates;
--extern atomic_t fscache_n_updates_null;
--extern atomic_t fscache_n_updates_run;
++
+extern atomic_unchecked_t fscache_n_updates;
+extern atomic_unchecked_t fscache_n_updates_null;
+extern atomic_unchecked_t fscache_n_updates_run;
-
--extern atomic_t fscache_n_relinquishes;
--extern atomic_t fscache_n_relinquishes_null;
--extern atomic_t fscache_n_relinquishes_waitcrt;
--extern atomic_t fscache_n_relinquishes_retire;
++
+extern atomic_unchecked_t fscache_n_relinquishes;
+extern atomic_unchecked_t fscache_n_relinquishes_null;
+extern atomic_unchecked_t fscache_n_relinquishes_waitcrt;
+extern atomic_unchecked_t fscache_n_relinquishes_retire;
-
--extern atomic_t fscache_n_cookie_index;
--extern atomic_t fscache_n_cookie_data;
--extern atomic_t fscache_n_cookie_special;
++
+extern atomic_unchecked_t fscache_n_cookie_index;
+extern atomic_unchecked_t fscache_n_cookie_data;
+extern atomic_unchecked_t fscache_n_cookie_special;
-
--extern atomic_t fscache_n_object_alloc;
--extern atomic_t fscache_n_object_no_alloc;
--extern atomic_t fscache_n_object_lookups;
--extern atomic_t fscache_n_object_lookups_negative;
--extern atomic_t fscache_n_object_lookups_positive;
--extern atomic_t fscache_n_object_lookups_timed_out;
--extern atomic_t fscache_n_object_created;
--extern atomic_t fscache_n_object_avail;
--extern atomic_t fscache_n_object_dead;
++
+extern atomic_unchecked_t fscache_n_object_alloc;
+extern atomic_unchecked_t fscache_n_object_no_alloc;
+extern atomic_unchecked_t fscache_n_object_lookups;
@@ -52210,11 +52277,7 @@ index ee38fef..0a326d4 100644
+extern atomic_unchecked_t fscache_n_object_created;
+extern atomic_unchecked_t fscache_n_object_avail;
+extern atomic_unchecked_t fscache_n_object_dead;
-
--extern atomic_t fscache_n_checkaux_none;
--extern atomic_t fscache_n_checkaux_okay;
--extern atomic_t fscache_n_checkaux_update;
--extern atomic_t fscache_n_checkaux_obsolete;
++
+extern atomic_unchecked_t fscache_n_checkaux_none;
+extern atomic_unchecked_t fscache_n_checkaux_okay;
+extern atomic_unchecked_t fscache_n_checkaux_update;
@@ -52911,27 +52974,13 @@ index 40d13c7..ddf52b9 100644
-atomic_t fscache_n_op_gc;
-atomic_t fscache_n_op_cancelled;
-atomic_t fscache_n_op_rejected;
-+atomic_unchecked_t fscache_n_op_pend;
-+atomic_unchecked_t fscache_n_op_run;
-+atomic_unchecked_t fscache_n_op_enqueue;
-+atomic_unchecked_t fscache_n_op_requeue;
-+atomic_unchecked_t fscache_n_op_deferred_release;
-+atomic_unchecked_t fscache_n_op_release;
-+atomic_unchecked_t fscache_n_op_gc;
-+atomic_unchecked_t fscache_n_op_cancelled;
-+atomic_unchecked_t fscache_n_op_rejected;
-
+-
-atomic_t fscache_n_attr_changed;
-atomic_t fscache_n_attr_changed_ok;
-atomic_t fscache_n_attr_changed_nobufs;
-atomic_t fscache_n_attr_changed_nomem;
-atomic_t fscache_n_attr_changed_calls;
-+atomic_unchecked_t fscache_n_attr_changed;
-+atomic_unchecked_t fscache_n_attr_changed_ok;
-+atomic_unchecked_t fscache_n_attr_changed_nobufs;
-+atomic_unchecked_t fscache_n_attr_changed_nomem;
-+atomic_unchecked_t fscache_n_attr_changed_calls;
-
+-
-atomic_t fscache_n_allocs;
-atomic_t fscache_n_allocs_ok;
-atomic_t fscache_n_allocs_wait;
@@ -52940,15 +52989,7 @@ index 40d13c7..ddf52b9 100644
-atomic_t fscache_n_allocs_object_dead;
-atomic_t fscache_n_alloc_ops;
-atomic_t fscache_n_alloc_op_waits;
-+atomic_unchecked_t fscache_n_allocs;
-+atomic_unchecked_t fscache_n_allocs_ok;
-+atomic_unchecked_t fscache_n_allocs_wait;
-+atomic_unchecked_t fscache_n_allocs_nobufs;
-+atomic_unchecked_t fscache_n_allocs_intr;
-+atomic_unchecked_t fscache_n_allocs_object_dead;
-+atomic_unchecked_t fscache_n_alloc_ops;
-+atomic_unchecked_t fscache_n_alloc_op_waits;
-
+-
-atomic_t fscache_n_retrievals;
-atomic_t fscache_n_retrievals_ok;
-atomic_t fscache_n_retrievals_wait;
@@ -52959,17 +53000,7 @@ index 40d13c7..ddf52b9 100644
-atomic_t fscache_n_retrievals_object_dead;
-atomic_t fscache_n_retrieval_ops;
-atomic_t fscache_n_retrieval_op_waits;
-+atomic_unchecked_t fscache_n_retrievals;
-+atomic_unchecked_t fscache_n_retrievals_ok;
-+atomic_unchecked_t fscache_n_retrievals_wait;
-+atomic_unchecked_t fscache_n_retrievals_nodata;
-+atomic_unchecked_t fscache_n_retrievals_nobufs;
-+atomic_unchecked_t fscache_n_retrievals_intr;
-+atomic_unchecked_t fscache_n_retrievals_nomem;
-+atomic_unchecked_t fscache_n_retrievals_object_dead;
-+atomic_unchecked_t fscache_n_retrieval_ops;
-+atomic_unchecked_t fscache_n_retrieval_op_waits;
-
+-
-atomic_t fscache_n_stores;
-atomic_t fscache_n_stores_ok;
-atomic_t fscache_n_stores_again;
@@ -52980,6 +53011,89 @@ index 40d13c7..ddf52b9 100644
-atomic_t fscache_n_store_pages;
-atomic_t fscache_n_store_radix_deletes;
-atomic_t fscache_n_store_pages_over_limit;
+-
+-atomic_t fscache_n_store_vmscan_not_storing;
+-atomic_t fscache_n_store_vmscan_gone;
+-atomic_t fscache_n_store_vmscan_busy;
+-atomic_t fscache_n_store_vmscan_cancelled;
+-atomic_t fscache_n_store_vmscan_wait;
+-
+-atomic_t fscache_n_marks;
+-atomic_t fscache_n_uncaches;
+-
+-atomic_t fscache_n_acquires;
+-atomic_t fscache_n_acquires_null;
+-atomic_t fscache_n_acquires_no_cache;
+-atomic_t fscache_n_acquires_ok;
+-atomic_t fscache_n_acquires_nobufs;
+-atomic_t fscache_n_acquires_oom;
+-
+-atomic_t fscache_n_invalidates;
+-atomic_t fscache_n_invalidates_run;
+-
+-atomic_t fscache_n_updates;
+-atomic_t fscache_n_updates_null;
+-atomic_t fscache_n_updates_run;
+-
+-atomic_t fscache_n_relinquishes;
+-atomic_t fscache_n_relinquishes_null;
+-atomic_t fscache_n_relinquishes_waitcrt;
+-atomic_t fscache_n_relinquishes_retire;
+-
+-atomic_t fscache_n_cookie_index;
+-atomic_t fscache_n_cookie_data;
+-atomic_t fscache_n_cookie_special;
+-
+-atomic_t fscache_n_object_alloc;
+-atomic_t fscache_n_object_no_alloc;
+-atomic_t fscache_n_object_lookups;
+-atomic_t fscache_n_object_lookups_negative;
+-atomic_t fscache_n_object_lookups_positive;
+-atomic_t fscache_n_object_lookups_timed_out;
+-atomic_t fscache_n_object_created;
+-atomic_t fscache_n_object_avail;
+-atomic_t fscache_n_object_dead;
+-
+-atomic_t fscache_n_checkaux_none;
+-atomic_t fscache_n_checkaux_okay;
+-atomic_t fscache_n_checkaux_update;
+-atomic_t fscache_n_checkaux_obsolete;
++atomic_unchecked_t fscache_n_op_pend;
++atomic_unchecked_t fscache_n_op_run;
++atomic_unchecked_t fscache_n_op_enqueue;
++atomic_unchecked_t fscache_n_op_requeue;
++atomic_unchecked_t fscache_n_op_deferred_release;
++atomic_unchecked_t fscache_n_op_release;
++atomic_unchecked_t fscache_n_op_gc;
++atomic_unchecked_t fscache_n_op_cancelled;
++atomic_unchecked_t fscache_n_op_rejected;
++
++atomic_unchecked_t fscache_n_attr_changed;
++atomic_unchecked_t fscache_n_attr_changed_ok;
++atomic_unchecked_t fscache_n_attr_changed_nobufs;
++atomic_unchecked_t fscache_n_attr_changed_nomem;
++atomic_unchecked_t fscache_n_attr_changed_calls;
++
++atomic_unchecked_t fscache_n_allocs;
++atomic_unchecked_t fscache_n_allocs_ok;
++atomic_unchecked_t fscache_n_allocs_wait;
++atomic_unchecked_t fscache_n_allocs_nobufs;
++atomic_unchecked_t fscache_n_allocs_intr;
++atomic_unchecked_t fscache_n_allocs_object_dead;
++atomic_unchecked_t fscache_n_alloc_ops;
++atomic_unchecked_t fscache_n_alloc_op_waits;
++
++atomic_unchecked_t fscache_n_retrievals;
++atomic_unchecked_t fscache_n_retrievals_ok;
++atomic_unchecked_t fscache_n_retrievals_wait;
++atomic_unchecked_t fscache_n_retrievals_nodata;
++atomic_unchecked_t fscache_n_retrievals_nobufs;
++atomic_unchecked_t fscache_n_retrievals_intr;
++atomic_unchecked_t fscache_n_retrievals_nomem;
++atomic_unchecked_t fscache_n_retrievals_object_dead;
++atomic_unchecked_t fscache_n_retrieval_ops;
++atomic_unchecked_t fscache_n_retrieval_op_waits;
++
+atomic_unchecked_t fscache_n_stores;
+atomic_unchecked_t fscache_n_stores_ok;
+atomic_unchecked_t fscache_n_stores_again;
@@ -52990,73 +53104,39 @@ index 40d13c7..ddf52b9 100644
+atomic_unchecked_t fscache_n_store_pages;
+atomic_unchecked_t fscache_n_store_radix_deletes;
+atomic_unchecked_t fscache_n_store_pages_over_limit;
-
--atomic_t fscache_n_store_vmscan_not_storing;
--atomic_t fscache_n_store_vmscan_gone;
--atomic_t fscache_n_store_vmscan_busy;
--atomic_t fscache_n_store_vmscan_cancelled;
--atomic_t fscache_n_store_vmscan_wait;
++
+atomic_unchecked_t fscache_n_store_vmscan_not_storing;
+atomic_unchecked_t fscache_n_store_vmscan_gone;
+atomic_unchecked_t fscache_n_store_vmscan_busy;
+atomic_unchecked_t fscache_n_store_vmscan_cancelled;
+atomic_unchecked_t fscache_n_store_vmscan_wait;
-
--atomic_t fscache_n_marks;
--atomic_t fscache_n_uncaches;
++
+atomic_unchecked_t fscache_n_marks;
+atomic_unchecked_t fscache_n_uncaches;
-
--atomic_t fscache_n_acquires;
--atomic_t fscache_n_acquires_null;
--atomic_t fscache_n_acquires_no_cache;
--atomic_t fscache_n_acquires_ok;
--atomic_t fscache_n_acquires_nobufs;
--atomic_t fscache_n_acquires_oom;
++
+atomic_unchecked_t fscache_n_acquires;
+atomic_unchecked_t fscache_n_acquires_null;
+atomic_unchecked_t fscache_n_acquires_no_cache;
+atomic_unchecked_t fscache_n_acquires_ok;
+atomic_unchecked_t fscache_n_acquires_nobufs;
+atomic_unchecked_t fscache_n_acquires_oom;
-
--atomic_t fscache_n_invalidates;
--atomic_t fscache_n_invalidates_run;
++
+atomic_unchecked_t fscache_n_invalidates;
+atomic_unchecked_t fscache_n_invalidates_run;
-
--atomic_t fscache_n_updates;
--atomic_t fscache_n_updates_null;
--atomic_t fscache_n_updates_run;
++
+atomic_unchecked_t fscache_n_updates;
+atomic_unchecked_t fscache_n_updates_null;
+atomic_unchecked_t fscache_n_updates_run;
-
--atomic_t fscache_n_relinquishes;
--atomic_t fscache_n_relinquishes_null;
--atomic_t fscache_n_relinquishes_waitcrt;
--atomic_t fscache_n_relinquishes_retire;
++
+atomic_unchecked_t fscache_n_relinquishes;
+atomic_unchecked_t fscache_n_relinquishes_null;
+atomic_unchecked_t fscache_n_relinquishes_waitcrt;
+atomic_unchecked_t fscache_n_relinquishes_retire;
-
--atomic_t fscache_n_cookie_index;
--atomic_t fscache_n_cookie_data;
--atomic_t fscache_n_cookie_special;
++
+atomic_unchecked_t fscache_n_cookie_index;
+atomic_unchecked_t fscache_n_cookie_data;
+atomic_unchecked_t fscache_n_cookie_special;
-
--atomic_t fscache_n_object_alloc;
--atomic_t fscache_n_object_no_alloc;
--atomic_t fscache_n_object_lookups;
--atomic_t fscache_n_object_lookups_negative;
--atomic_t fscache_n_object_lookups_positive;
--atomic_t fscache_n_object_lookups_timed_out;
--atomic_t fscache_n_object_created;
--atomic_t fscache_n_object_avail;
--atomic_t fscache_n_object_dead;
++
+atomic_unchecked_t fscache_n_object_alloc;
+atomic_unchecked_t fscache_n_object_no_alloc;
+atomic_unchecked_t fscache_n_object_lookups;
@@ -53066,11 +53146,7 @@ index 40d13c7..ddf52b9 100644
+atomic_unchecked_t fscache_n_object_created;
+atomic_unchecked_t fscache_n_object_avail;
+atomic_unchecked_t fscache_n_object_dead;
-
--atomic_t fscache_n_checkaux_none;
--atomic_t fscache_n_checkaux_okay;
--atomic_t fscache_n_checkaux_update;
--atomic_t fscache_n_checkaux_obsolete;
++
+atomic_unchecked_t fscache_n_checkaux_none;
+atomic_unchecked_t fscache_n_checkaux_okay;
+atomic_unchecked_t fscache_n_checkaux_update;
@@ -54289,7 +54365,7 @@ index d401d01..10b3e62 100644
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index 6eb0dc5..29067a9 100644
+index a49c11b..8cd8130 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1457,7 +1457,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
@@ -55656,9 +55732,7 @@ index eda6f01..006ae24 100644
} else {
if (kern_addr_valid(start)) {
- unsigned long n;
-+ char *elf_buf;
-+ mm_segment_t oldfs;
-
+-
- n = copy_to_user(buffer, (char *)start, tsz);
- /*
- * We cannot distinguish between fault on source
@@ -55669,6 +55743,9 @@ index eda6f01..006ae24 100644
- if (n) {
- if (clear_user(buffer + tsz - n,
- n))
++ char *elf_buf;
++ mm_segment_t oldfs;
++
+ elf_buf = kmalloc(tsz, GFP_KERNEL);
+ if (!elf_buf)
+ return -ENOMEM;
@@ -73375,6 +73452,18 @@ index a345480..3c65cf4 100644
};
#define TCP_SKB_CB(__skb) ((struct tcp_skb_cb *)&((__skb)->cb[0]))
+diff --git a/include/net/udp.h b/include/net/udp.h
+index 065f379..ad99eed 100644
+--- a/include/net/udp.h
++++ b/include/net/udp.h
+@@ -181,6 +181,7 @@ extern int udp_get_port(struct sock *sk, unsigned short snum,
+ extern void udp_err(struct sk_buff *, u32);
+ extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ struct msghdr *msg, size_t len);
++extern int udp_push_pending_frames(struct sock *sk);
+ extern void udp_flush_pending_frames(struct sock *sk);
+ extern int udp_rcv(struct sk_buff *skb);
+ extern int udp_ioctl(struct sock *sk, int cmd, unsigned long arg);
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 24c8886..e6fb816 100644
--- a/include/net/xfrm.h
@@ -74828,10 +74917,10 @@ index f6c2ce5..982c0f9 100644
+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
+}
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index a48de6a..df24bfe 100644
+index 526f4ba..19cca33 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
-@@ -5567,7 +5567,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
+@@ -5580,7 +5580,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
struct css_set *cg = link->cg;
struct task_struct *task;
int count = 0;
@@ -75819,7 +75908,7 @@ index 1766d32..c0e44e2 100644
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index b26dcfc..39e266a 100644
+index 49dacfb..5c6b450 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -54,6 +54,7 @@
@@ -75830,7 +75919,7 @@ index b26dcfc..39e266a 100644
#include <linux/signal.h>
#include <linux/export.h>
#include <linux/magic.h>
-@@ -241,6 +242,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
+@@ -242,6 +243,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
struct page *page, *page_head;
int err, ro = 0;
@@ -75842,7 +75931,7 @@ index b26dcfc..39e266a 100644
/*
* The futex address must be "naturally" aligned.
*/
-@@ -2732,6 +2738,7 @@ static int __init futex_init(void)
+@@ -2733,6 +2739,7 @@ static int __init futex_init(void)
{
u32 curval;
int i;
@@ -75850,7 +75939,7 @@ index b26dcfc..39e266a 100644
/*
* This will fail and we want it. Some arch implementations do
-@@ -2743,8 +2750,11 @@ static int __init futex_init(void)
+@@ -2744,8 +2751,11 @@ static int __init futex_init(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
@@ -76426,7 +76515,7 @@ index b2c71c5..7b88d63 100644
seq_printf(m, "%40s %14lu %29s %pS\n",
name, stats->contending_point[i],
diff --git a/kernel/module.c b/kernel/module.c
-index 97f202c..109575f 100644
+index a55f61b..1561428 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -61,6 +61,7 @@
@@ -76880,14 +76969,11 @@ index 97f202c..109575f 100644
if (!ptr) {
- module_free(mod, mod->module_core);
+ module_free(mod, mod->module_core_rw);
- return -ENOMEM;
- }
-- memset(ptr, 0, mod->init_size);
-- mod->module_init = ptr;
++ return -ENOMEM;
++ }
+ memset(ptr, 0, mod->init_size_rw);
+ mod->module_init_rw = ptr;
- } else
-- mod->module_init = NULL;
++ } else
+ mod->module_init_rw = NULL;
+
+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
@@ -76912,14 +76998,17 @@ index 97f202c..109575f 100644
+ if (mod->module_init_rw)
+ module_free(mod, mod->module_init_rw);
+ module_free(mod, mod->module_core_rw);
-+ return -ENOMEM;
-+ }
+ return -ENOMEM;
+ }
+- memset(ptr, 0, mod->init_size);
+- mod->module_init = ptr;
+
+ pax_open_kernel();
+ memset(ptr, 0, mod->init_size_rx);
+ pax_close_kernel();
+ mod->module_init_rx = ptr;
-+ } else
+ } else
+- mod->module_init = NULL;
+ mod->module_init_rx = NULL;
/* Transfer each section which specifies SHF_ALLOC */
@@ -76996,7 +77085,7 @@ index 97f202c..109575f 100644
set_fs(old_fs);
}
-@@ -2992,8 +3097,10 @@ out:
+@@ -2989,8 +3094,10 @@ static int alloc_module_percpu(struct module *mod, struct load_info *info)
static void module_deallocate(struct module *mod, struct load_info *info)
{
percpu_modfree(mod);
@@ -77009,7 +77098,7 @@ index 97f202c..109575f 100644
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -3006,7 +3113,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -3003,7 +3110,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
static int post_relocation(struct module *mod, const struct load_info *info)
{
/* Sort exception table now relocations are done. */
@@ -77019,7 +77108,7 @@ index 97f202c..109575f 100644
/* Copy relocated percpu area over. */
percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
-@@ -3060,16 +3169,16 @@ static int do_init_module(struct module *mod)
+@@ -3057,16 +3166,16 @@ static int do_init_module(struct module *mod)
MODULE_STATE_COMING, mod);
/* Set RO and NX regions for core */
@@ -77044,7 +77133,7 @@ index 97f202c..109575f 100644
do_mod_ctors(mod);
/* Start the module */
-@@ -3131,11 +3240,12 @@ static int do_init_module(struct module *mod)
+@@ -3128,11 +3237,12 @@ static int do_init_module(struct module *mod)
mod->strtab = mod->core_strtab;
#endif
unset_module_init_ro_nx(mod);
@@ -77062,7 +77151,7 @@ index 97f202c..109575f 100644
mutex_unlock(&module_mutex);
wake_up_all(&module_wq);
-@@ -3262,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3264,9 +3374,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
if (err)
goto free_unload;
@@ -77101,7 +77190,7 @@ index 97f202c..109575f 100644
/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(mod, info);
if (err < 0)
-@@ -3280,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3282,13 +3421,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
flush_module_icache(mod);
@@ -77115,7 +77204,7 @@ index 97f202c..109575f 100644
dynamic_debug_setup(info->debug, info->num_debug);
/* Finally it's fully formed, ready to start executing. */
-@@ -3321,11 +3453,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3323,11 +3455,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
ddebug_cleanup:
dynamic_debug_remove(info->debug);
synchronize_sched();
@@ -77128,7 +77217,7 @@ index 97f202c..109575f 100644
free_unload:
module_unload_free(mod);
unlink_mod:
-@@ -3408,10 +3539,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3410,10 +3541,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
@@ -77148,7 +77237,7 @@ index 97f202c..109575f 100644
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3664,7 +3801,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3666,7 +3803,7 @@ static int m_show(struct seq_file *m, void *p)
return 0;
seq_printf(m, "%s %u",
@@ -77157,7 +77246,7 @@ index 97f202c..109575f 100644
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3673,7 +3810,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3675,7 +3812,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
@@ -77166,7 +77255,7 @@ index 97f202c..109575f 100644
/* Taints info */
if (mod->taints)
-@@ -3709,7 +3846,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3711,7 +3848,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
@@ -77184,7 +77273,7 @@ index 97f202c..109575f 100644
return 0;
}
module_init(proc_modules_init);
-@@ -3770,14 +3917,14 @@ struct module *__module_address(unsigned long addr)
+@@ -3772,14 +3919,14 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
@@ -77202,7 +77291,7 @@ index 97f202c..109575f 100644
return mod;
}
return NULL;
-@@ -3812,11 +3959,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3814,11 +3961,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
@@ -79673,10 +79762,10 @@ index 0b537f2..40d6c20 100644
return -ENOMEM;
return 0;
diff --git a/kernel/timer.c b/kernel/timer.c
-index 1b399c8..90e1849 100644
+index 3361cff..0751080 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
-@@ -1363,7 +1363,7 @@ void update_process_times(int user_tick)
+@@ -1365,7 +1365,7 @@ void update_process_times(int user_tick)
/*
* This function runs timers and the timer-tq in bottom half context.
*/
@@ -79685,7 +79774,7 @@ index 1b399c8..90e1849 100644
{
struct tvec_base *base = __this_cpu_read(tvec_bases);
-@@ -1481,7 +1481,7 @@ static void process_timeout(unsigned long __data)
+@@ -1483,7 +1483,7 @@ static void process_timeout(unsigned long __data)
*
* In all cases the return value is guaranteed to be non-negative.
*/
@@ -79694,7 +79783,7 @@ index 1b399c8..90e1849 100644
{
struct timer_list timer;
unsigned long expire;
-@@ -1772,7 +1772,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self,
+@@ -1774,7 +1774,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -81054,10 +81143,10 @@ index b32b70c..e512eb0 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index ce4cb19..93899ef 100644
+index 2baa6e3..cd0a264 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
-@@ -2005,15 +2005,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
+@@ -2022,15 +2022,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
struct hstate *h = &default_hstate;
unsigned long tmp;
int ret;
@@ -81078,7 +81167,7 @@ index ce4cb19..93899ef 100644
if (ret)
goto out;
-@@ -2070,15 +2072,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
+@@ -2087,15 +2089,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
struct hstate *h = &default_hstate;
unsigned long tmp;
int ret;
@@ -81099,7 +81188,7 @@ index ce4cb19..93899ef 100644
if (ret)
goto out;
-@@ -2512,6 +2516,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2529,6 +2533,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -81127,7 +81216,7 @@ index ce4cb19..93899ef 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2630,6 +2655,11 @@ retry_avoidcopy:
+@@ -2647,6 +2672,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -81139,7 +81228,7 @@ index ce4cb19..93899ef 100644
/* Make the old page be freed below */
new_page = old_page;
}
-@@ -2788,6 +2818,10 @@ retry:
+@@ -2805,6 +2835,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -81150,7 +81239,7 @@ index ce4cb19..93899ef 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2817,6 +2851,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2834,6 +2868,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -81161,7 +81250,7 @@ index ce4cb19..93899ef 100644
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -2830,6 +2868,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2847,6 +2885,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(hstate_index(h));
}
@@ -84022,7 +84111,7 @@ index efe6814..64b4701 100644
.next = NULL,
};
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 0d4fef2..8870335 100644
+index ab62b75..410422f 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -59,6 +59,7 @@
@@ -86486,6 +86575,48 @@ index 6cc0481..59cfb00 100644
}
}
EXPORT_SYMBOL(dev_load);
+diff --git a/net/core/ethtool.c b/net/core/ethtool.c
+index 41f4bdf..9e7c219 100644
+--- a/net/core/ethtool.c
++++ b/net/core/ethtool.c
+@@ -1314,10 +1314,19 @@ static int ethtool_get_dump_data(struct net_device *dev,
+ if (ret)
+ return ret;
+
+- len = (tmp.len > dump.len) ? dump.len : tmp.len;
++ len = min(tmp.len, dump.len);
+ if (!len)
+ return -EFAULT;
+
++ /* Don't ever let the driver think there's more space available
++ * than it requested with .get_dump_flag().
++ */
++ dump.len = len;
++
++ /* Always allocate enough space to hold the whole thing so that the
++ * driver does not need to check the length and bother with partial
++ * dumping.
++ */
+ data = vzalloc(tmp.len);
+ if (!data)
+ return -ENOMEM;
+@@ -1325,6 +1334,16 @@ static int ethtool_get_dump_data(struct net_device *dev,
+ if (ret)
+ goto out;
+
++ /* There are two sane possibilities:
++ * 1. The driver's .get_dump_data() does not touch dump.len.
++ * 2. Or it may set dump.len to how much it really writes, which
++ * should be tmp.len (or len if it can do a partial dump).
++ * In any case respond to userspace with the actual length of data
++ * it's receiving.
++ */
++ WARN_ON(dump.len != len && dump.len != tmp.len);
++ dump.len = len;
++
+ if (copy_to_user(useraddr, &dump, sizeof(dump))) {
+ ret = -EFAULT;
+ goto out;
diff --git a/net/core/flow.c b/net/core/flow.c
index 2bfd081..53c6058 100644
--- a/net/core/flow.c
@@ -87313,7 +87444,7 @@ index d9c4f11..02b82dbc 100644
msg.msg_flags = flags;
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
-index c3a4233..7df5626 100644
+index c3a4233..3fa029d 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -47,7 +47,7 @@
@@ -87335,7 +87466,25 @@ index c3a4233..7df5626 100644
skb_dst_drop(skb);
skb_dst_set(skb, &rt->dst);
nf_reset(skb);
-@@ -886,7 +885,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
+@@ -645,17 +644,10 @@ static int __net_init vti_fb_tunnel_init(struct net_device *dev)
+ struct iphdr *iph = &tunnel->parms.iph;
+ struct vti_net *ipn = net_generic(dev_net(dev), vti_net_id);
+
+- tunnel->dev = dev;
+- strcpy(tunnel->parms.name, dev->name);
+-
+ iph->version = 4;
+ iph->protocol = IPPROTO_IPIP;
+ iph->ihl = 5;
+
+- dev->tstats = alloc_percpu(struct pcpu_tstats);
+- if (!dev->tstats)
+- return -ENOMEM;
+-
+ dev_hold(dev);
+ rcu_assign_pointer(ipn->tunnels_wc[0], tunnel);
+ return 0;
+@@ -886,7 +878,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
[IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
};
@@ -87939,7 +88088,7 @@ index b78aac3..e18230b 100644
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 0a073a2..ddf6279 100644
+index 0a073a2..d4a04de 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -87,6 +87,7 @@
@@ -87971,7 +88120,24 @@ index 0a073a2..ddf6279 100644
/*
* This routine is called by the ICMP module when it gets some
* sort of error condition. If err < 0 then the socket should
-@@ -889,9 +897,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -799,7 +807,7 @@ send:
+ /*
+ * Push out all pending data as one UDP datagram. Socket is locked.
+ */
+-static int udp_push_pending_frames(struct sock *sk)
++int udp_push_pending_frames(struct sock *sk)
+ {
+ struct udp_sock *up = udp_sk(sk);
+ struct inet_sock *inet = inet_sk(sk);
+@@ -818,6 +826,7 @@ out:
+ up->pending = 0;
+ return err;
+ }
++EXPORT_SYMBOL(udp_push_pending_frames);
+
+ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+ size_t len)
+@@ -889,9 +898,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
dport = usin->sin_port;
if (dport == 0)
return -EINVAL;
@@ -87990,7 +88156,7 @@ index 0a073a2..ddf6279 100644
daddr = inet->inet_daddr;
dport = inet->inet_dport;
/* Open fast path for connected socket.
-@@ -1133,7 +1150,7 @@ static unsigned int first_packet_length(struct sock *sk)
+@@ -1133,7 +1151,7 @@ static unsigned int first_packet_length(struct sock *sk)
udp_lib_checksum_complete(skb)) {
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
IS_UDPLITE(sk));
@@ -87999,7 +88165,7 @@ index 0a073a2..ddf6279 100644
__skb_unlink(skb, rcvq);
__skb_queue_tail(&list_kill, skb);
}
-@@ -1219,6 +1236,10 @@ try_again:
+@@ -1219,6 +1237,10 @@ try_again:
if (!skb)
goto out;
@@ -88010,7 +88176,7 @@ index 0a073a2..ddf6279 100644
ulen = skb->len - sizeof(struct udphdr);
copied = len;
if (copied > ulen)
-@@ -1252,7 +1273,7 @@ try_again:
+@@ -1252,7 +1274,7 @@ try_again:
if (unlikely(err)) {
trace_kfree_skb(skb, udp_recvmsg);
if (!peeked) {
@@ -88019,7 +88185,7 @@ index 0a073a2..ddf6279 100644
UDP_INC_STATS_USER(sock_net(sk),
UDP_MIB_INERRORS, is_udplite);
}
-@@ -1535,7 +1556,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -1535,7 +1557,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
drop:
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -88028,7 +88194,7 @@ index 0a073a2..ddf6279 100644
kfree_skb(skb);
return -1;
}
-@@ -1554,7 +1575,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -1554,7 +1576,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
@@ -88037,7 +88203,7 @@ index 0a073a2..ddf6279 100644
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -1723,6 +1744,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -1723,6 +1745,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
goto csum_error;
UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -88047,7 +88213,7 @@ index 0a073a2..ddf6279 100644
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
-@@ -2152,7 +2176,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2152,7 +2177,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -88139,6 +88305,53 @@ index fff5bdd..15194fb 100644
table = kmemdup(ipv6_icmp_table_template,
sizeof(ipv6_icmp_table_template),
+diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
+index 192dd1a..5fc9c7a 100644
+--- a/net/ipv6/ip6_fib.c
++++ b/net/ipv6/ip6_fib.c
+@@ -632,6 +632,12 @@ insert_above:
+ return ln;
+ }
+
++static inline bool rt6_qualify_for_ecmp(struct rt6_info *rt)
++{
++ return (rt->rt6i_flags & (RTF_GATEWAY|RTF_ADDRCONF|RTF_DYNAMIC)) ==
++ RTF_GATEWAY;
++}
++
+ /*
+ * Insert routing information in a node.
+ */
+@@ -646,6 +652,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
+ int add = (!info->nlh ||
+ (info->nlh->nlmsg_flags & NLM_F_CREATE));
+ int found = 0;
++ bool rt_can_ecmp = rt6_qualify_for_ecmp(rt);
+
+ ins = &fn->leaf;
+
+@@ -691,9 +698,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
+ * To avoid long list, we only had siblings if the
+ * route have a gateway.
+ */
+- if (rt->rt6i_flags & RTF_GATEWAY &&
+- !(rt->rt6i_flags & RTF_EXPIRES) &&
+- !(iter->rt6i_flags & RTF_EXPIRES))
++ if (rt_can_ecmp &&
++ rt6_qualify_for_ecmp(iter))
+ rt->rt6i_nsiblings++;
+ }
+
+@@ -715,7 +721,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
+ /* Find the first route that have the same metric */
+ sibling = fn->leaf;
+ while (sibling) {
+- if (sibling->rt6i_metric == rt->rt6i_metric) {
++ if (sibling->rt6i_metric == rt->rt6i_metric &&
++ rt6_qualify_for_ecmp(sibling)) {
+ list_add_tail(&rt->rt6i_siblings,
+ &sibling->rt6i_siblings);
+ break;
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 95d13c7..791fe2f 100644
--- a/net/ipv6/ip6_gre.c
@@ -88180,7 +88393,7 @@ index 95d13c7..791fe2f 100644
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index 851fdae..9d4d1fd 100644
+index 851fdae..8f6f09a 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -822,11 +822,17 @@ static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
@@ -88202,6 +88415,56 @@ index 851fdae..9d4d1fd 100644
/* Yes, checking route validity in not connected
* case is not very simple. Take into account,
* that we do not support routing by source, TOS,
+@@ -1093,11 +1099,12 @@ static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
+ return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
+ }
+
+-static void ip6_append_data_mtu(int *mtu,
++static void ip6_append_data_mtu(unsigned int *mtu,
+ int *maxfraglen,
+ unsigned int fragheaderlen,
+ struct sk_buff *skb,
+- struct rt6_info *rt)
++ struct rt6_info *rt,
++ bool pmtuprobe)
+ {
+ if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
+ if (skb == NULL) {
+@@ -1109,7 +1116,9 @@ static void ip6_append_data_mtu(int *mtu,
+ * this fragment is not first, the headers
+ * space is regarded as data space.
+ */
+- *mtu = dst_mtu(rt->dst.path);
++ *mtu = min(*mtu, pmtuprobe ?
++ rt->dst.dev->mtu :
++ dst_mtu(rt->dst.path));
+ }
+ *maxfraglen = ((*mtu - fragheaderlen) & ~7)
+ + fragheaderlen - sizeof(struct frag_hdr);
+@@ -1126,11 +1135,10 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
+ struct ipv6_pinfo *np = inet6_sk(sk);
+ struct inet_cork *cork;
+ struct sk_buff *skb, *skb_prev = NULL;
+- unsigned int maxfraglen, fragheaderlen;
++ unsigned int maxfraglen, fragheaderlen, mtu;
+ int exthdrlen;
+ int dst_exthdrlen;
+ int hh_len;
+- int mtu;
+ int copy;
+ int err;
+ int offset = 0;
+@@ -1290,7 +1298,9 @@ alloc_new_skb:
+ /* update mtu and maxfraglen if necessary */
+ if (skb == NULL || skb_prev == NULL)
+ ip6_append_data_mtu(&mtu, &maxfraglen,
+- fragheaderlen, skb, rt);
++ fragheaderlen, skb, rt,
++ np->pmtudisc ==
++ IPV6_PMTUDISC_PROBE);
+
+ skb_prev = skb;
+
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index fff83cb..82d49dd 100644
--- a/net/ipv6/ip6_tunnel.c
@@ -88562,7 +88825,7 @@ index 0fce928..c52a518 100644
}
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index 27f0f8e..949e7ee 100644
+index 27f0f8e..a8928b5 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -52,6 +52,10 @@
@@ -88613,7 +88876,25 @@ index 27f0f8e..949e7ee 100644
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
kfree_skb(skb);
-@@ -1377,7 +1384,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
+@@ -945,11 +952,16 @@ static int udp_v6_push_pending_frames(struct sock *sk)
+ struct udphdr *uh;
+ struct udp_sock *up = udp_sk(sk);
+ struct inet_sock *inet = inet_sk(sk);
+- struct flowi6 *fl6 = &inet->cork.fl.u.ip6;
++ struct flowi6 *fl6;
+ int err = 0;
+ int is_udplite = IS_UDPLITE(sk);
+ __wsum csum = 0;
+
++ if (up->pending == AF_INET)
++ return udp_push_pending_frames(sk);
++
++ fl6 = &inet->cork.fl.u.ip6;
++
+ /* Grab the skbuff where UDP header space exists. */
+ if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
+ goto out;
+@@ -1377,7 +1389,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
0,
sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -88812,6 +89093,20 @@ index 5b1e5af..1b929e7 100644
} while (!res);
return res;
}
+diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
+index 8dec687..5ebee2d 100644
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -1793,7 +1793,8 @@ static const struct proto_ops pppol2tp_ops = {
+
+ static const struct pppox_proto pppol2tp_proto = {
+ .create = pppol2tp_create,
+- .ioctl = pppol2tp_ioctl
++ .ioctl = pppol2tp_ioctl,
++ .owner = THIS_MODULE,
+ };
+
+ #ifdef CONFIG_L2TP_V3
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 843d8c4..cb04fa1 100644
--- a/net/mac80211/cfg.c
@@ -90848,6 +91143,58 @@ index 8343737..677025e 100644
.mode = 0644,
.proc_handler = read_reset_stat,
},
+diff --git a/net/sunrpc/xprtrdma/svc_rdma_marshal.c b/net/sunrpc/xprtrdma/svc_rdma_marshal.c
+index 8d2eddd..65b1462 100644
+--- a/net/sunrpc/xprtrdma/svc_rdma_marshal.c
++++ b/net/sunrpc/xprtrdma/svc_rdma_marshal.c
+@@ -98,6 +98,7 @@ void svc_rdma_rcl_chunk_counts(struct rpcrdma_read_chunk *ch,
+ */
+ static u32 *decode_write_list(u32 *va, u32 *vaend)
+ {
++ unsigned long start, end;
+ int nchunks;
+
+ struct rpcrdma_write_array *ary =
+@@ -113,9 +114,12 @@ static u32 *decode_write_list(u32 *va, u32 *vaend)
+ return NULL;
+ }
+ nchunks = ntohl(ary->wc_nchunks);
+- if (((unsigned long)&ary->wc_array[0] +
+- (sizeof(struct rpcrdma_write_chunk) * nchunks)) >
+- (unsigned long)vaend) {
++
++ start = (unsigned long)&ary->wc_array[0];
++ end = (unsigned long)vaend;
++ if (nchunks < 0 ||
++ nchunks > (SIZE_MAX - start) / sizeof(struct rpcrdma_write_chunk) ||
++ (start + (sizeof(struct rpcrdma_write_chunk) * nchunks)) > end) {
+ dprintk("svcrdma: ary=%p, wc_nchunks=%d, vaend=%p\n",
+ ary, nchunks, vaend);
+ return NULL;
+@@ -129,6 +133,7 @@ static u32 *decode_write_list(u32 *va, u32 *vaend)
+
+ static u32 *decode_reply_array(u32 *va, u32 *vaend)
+ {
++ unsigned long start, end;
+ int nchunks;
+ struct rpcrdma_write_array *ary =
+ (struct rpcrdma_write_array *)va;
+@@ -143,9 +148,12 @@ static u32 *decode_reply_array(u32 *va, u32 *vaend)
+ return NULL;
+ }
+ nchunks = ntohl(ary->wc_nchunks);
+- if (((unsigned long)&ary->wc_array[0] +
+- (sizeof(struct rpcrdma_write_chunk) * nchunks)) >
+- (unsigned long)vaend) {
++
++ start = (unsigned long)&ary->wc_array[0];
++ end = (unsigned long)vaend;
++ if (nchunks < 0 ||
++ nchunks > (SIZE_MAX - start) / sizeof(struct rpcrdma_write_chunk) ||
++ (start + (sizeof(struct rpcrdma_write_chunk) * nchunks)) > end) {
+ dprintk("svcrdma: ary=%p, wc_nchunks=%d, vaend=%p\n",
+ ary, nchunks, vaend);
+ return NULL;
diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
index 0ce7552..d074459 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c