aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-02-09 09:43:49 +0000
committerTimo Teräs <timo.teras@iki.fi>2015-02-09 09:43:49 +0000
commit99359ed67be6571c9ec8400dc5723bb244ab9928 (patch)
tree2e55ad23faa9e7063f2c69d245fca6f0c27b34c8
parent791f57c188c7b24928433e6ea0104de0273c8a1e (diff)
downloadaports-99359ed67be6571c9ec8400dc5723bb244ab9928.tar.bz2
aports-99359ed67be6571c9ec8400dc5723bb244ab9928.tar.xz
main/linux-grsec: upgrade to 3.14.32
-rw-r--r--main/linux-grsec/APKBUILD16
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.32-201502062101.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.31-201502021853.patch)344
2 files changed, 320 insertions, 40 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 10cc5636c0..80f993d7db 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.14.31
+pkgver=3.14.32
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.14.31-201502021853.patch
+ grsecurity-3.0-3.14.32-201502062101.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -165,24 +165,24 @@ dev() {
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
-be2e0f3f1ebc124940571ca6130dc478 patch-3.14.31.xz
-228c15c924d4a1d9091a41bf9919ce36 grsecurity-3.0-3.14.31-201502021853.patch
+64519f60de7b12ef5bf2df4d323cee9c patch-3.14.32.xz
+c2ba768d23f52cb8ee025ad92bd0375a grsecurity-3.0-3.14.32-201502062101.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
870b91f0eb07294ba453ac61b052c0b6 kernelconfig.x86
38b50cd1a7670f886c5e9fe9f1f91496 kernelconfig.x86_64
6709c83fbbd38d40f31d39f0022d4ce9 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
-4eb7743905bad80c8502d88913cfb5424c1772dbe44af30da97ed4198b12e4a1 patch-3.14.31.xz
-8584450f656fe28e621eac2946f0f9cf20250a6a5c8a228f3e51989a449bd90a grsecurity-3.0-3.14.31-201502021853.patch
+601ea355f71435b19421d7eabd7b92b2bb25bf5598f419ac548f46e416e162e9 patch-3.14.32.xz
+528dfd709203fb6ec09c2cf1ce79f3c29f5f2d4f5580cae1c20f663e4d1fd1e2 grsecurity-3.0-3.14.32-201502062101.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
bf953a65ba047b5316509da5bc7a6dbcee12767e343d26e8360369d27bfdbe78 kernelconfig.x86
d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x86_64
01a6c90cf0643f8727d120aede2267ca7303c4ebe548c5d19222d4387ceb98cc kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
-93db5af7a604ebc5012efa7864fb2583db8ff0ca985e0f4194d688808ced3c666ff5271a6a19cf1de8102834bd512370d613bd7d33e186c16069220cf54c16ad patch-3.14.31.xz
-2cdd0a767e01b8ed05cae5409a956aae82cf16fde662552e5c77a13a106ad00b94cbae50a746b7da0d4b20ed4b2d918f4c0cd57f1740393afc45d47ac1f83755 grsecurity-3.0-3.14.31-201502021853.patch
+b5105f88d982fef656cae9e232457e24a49efc59717ff3511a0d08544beae88644a2a03644361f2f56e5d5e9dcdb8de51da12d8c3ccb8c4e2712abc391d608b9 patch-3.14.32.xz
+9a34575ae4a827bbd201eb679dc3554ac391ebf3c6cc1aadd2e40598d55396bee80df36a1739cb676689e35153ca0822e3f7cab5123ef8b19a8a1671f00fe134 grsecurity-3.0-3.14.32-201502062101.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
dde402be39f68955f9395f807631f1457e90cda76a80e0e198695c8f946cdba02a00fe12a59a77bf5e8b40f5ecb52efbe364449f3e58d8996f27e07b719ac6a4 kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.31-201502021853.patch b/main/linux-grsec/grsecurity-3.0-3.14.32-201502062101.patch
index 7d0e977e50..65a470aea6 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.31-201502021853.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.32-201502062101.patch
@@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 5abf670..9b24a3b 100644
+index 00fffa3..1dc26b3 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3896,7 +3896,7 @@ index 7abde2c..9df495f 100644
static bool of_init = false;
diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c
-index 6eb97b3..ac509f6 100644
+index 6eb97b3..e77848e 100644
--- a/arch/arm/mm/context.c
+++ b/arch/arm/mm/context.c
@@ -43,7 +43,7 @@
@@ -3908,7 +3908,40 @@ index 6eb97b3..ac509f6 100644
static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS);
static DEFINE_PER_CPU(atomic64_t, active_asids);
-@@ -182,7 +182,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
+@@ -144,21 +144,17 @@ static void flush_context(unsigned int cpu)
+ /* Update the list of reserved ASIDs and the ASID bitmap. */
+ bitmap_clear(asid_map, 0, NUM_USER_ASIDS);
+ for_each_possible_cpu(i) {
+- if (i == cpu) {
+- asid = 0;
+- } else {
+- asid = atomic64_xchg(&per_cpu(active_asids, i), 0);
+- /*
+- * If this CPU has already been through a
+- * rollover, but hasn't run another task in
+- * the meantime, we must preserve its reserved
+- * ASID, as this is the only trace we have of
+- * the process it is still running.
+- */
+- if (asid == 0)
+- asid = per_cpu(reserved_asids, i);
+- __set_bit(asid & ~ASID_MASK, asid_map);
+- }
++ asid = atomic64_xchg(&per_cpu(active_asids, i), 0);
++ /*
++ * If this CPU has already been through a
++ * rollover, but hasn't run another task in
++ * the meantime, we must preserve its reserved
++ * ASID, as this is the only trace we have of
++ * the process it is still running.
++ */
++ if (asid == 0)
++ asid = per_cpu(reserved_asids, i);
++ __set_bit(asid & ~ASID_MASK, asid_map);
+ per_cpu(reserved_asids, i) = asid;
+ }
+
+@@ -182,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
{
static u32 cur_idx = 1;
u64 asid = atomic64_read(&mm->context.id);
@@ -3917,7 +3950,7 @@ index 6eb97b3..ac509f6 100644
if (asid != 0 && is_reserved_asid(asid)) {
/*
-@@ -203,7 +203,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
+@@ -203,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
*/
asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx);
if (asid == NUM_USER_ASIDS) {
@@ -3926,7 +3959,7 @@ index 6eb97b3..ac509f6 100644
&asid_generation);
flush_context(cpu);
asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1);
-@@ -234,14 +234,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
+@@ -234,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
cpu_set_reserved_ttbr0();
asid = atomic64_read(&mm->context.id);
@@ -12602,7 +12635,7 @@ index 50f8c5e..4f84fff 100644
return diff;
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index b5bb498..74110e8 100644
+index 67e9f5c..2af15db 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)
@@ -22121,7 +22154,7 @@ index f2a1770..10fa52d 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index 66e274a..99080e6 100644
+index 66e274a..81f4ebf 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -118,9 +118,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
@@ -22185,7 +22218,13 @@ index 66e274a..99080e6 100644
put_cpu();
}
EXPORT_SYMBOL(dump_trace);
-@@ -299,3 +303,50 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -294,8 +298,55 @@ int is_valid_bugaddr(unsigned long ip)
+ {
+ unsigned short ud2;
+
+- if (__copy_from_user(&ud2, (const void __user *) ip, sizeof(ud2)))
++ if (probe_kernel_address((unsigned short *)ip, ud2))
+ return 0;
return ud2 == 0x0b0f;
}
@@ -44542,6 +44581,19 @@ index 4d9b195..455075c 100644
return -EFAULT;
} else {
memcpy(buf, dp, left);
+diff --git a/drivers/isdn/hardware/eicon/message.c b/drivers/isdn/hardware/eicon/message.c
+index a82e542..f766a79 100644
+--- a/drivers/isdn/hardware/eicon/message.c
++++ b/drivers/isdn/hardware/eicon/message.c
+@@ -1474,7 +1474,7 @@ static byte connect_res(dword Id, word Number, DIVA_CAPI_ADAPTER *a,
+ add_ai(plci, &parms[5]);
+ sig_req(plci, REJECT, 0);
+ }
+- else if (Reject == 1 || Reject > 9)
++ else if (Reject == 1 || Reject >= 9)
+ {
+ add_ai(plci, &parms[5]);
+ sig_req(plci, HANGUP, 0);
diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c
index 9bb12ba..d4262f7 100644
--- a/drivers/isdn/i4l/isdn_common.c
@@ -47957,6 +48009,19 @@ index 8be5b40..081bc1b 100644
#include "ftmac100.h"
+diff --git a/drivers/net/ethernet/freescale/gianfar_ethtool.c b/drivers/net/ethernet/freescale/gianfar_ethtool.c
+index 63d2344..65b62c47 100644
+--- a/drivers/net/ethernet/freescale/gianfar_ethtool.c
++++ b/drivers/net/ethernet/freescale/gianfar_ethtool.c
+@@ -1614,7 +1614,7 @@ static int gfar_write_filer_table(struct gfar_private *priv,
+ lock_rx_qs(priv);
+
+ /* Fill regular entries */
+- for (; i < MAX_FILER_IDX - 1 && (tab->fe[i].ctrl | tab->fe[i].ctrl);
++ for (; i < MAX_FILER_IDX - 1 && (tab->fe[i].ctrl | tab->fe[i].prop);
+ i++)
+ gfar_write_filer(priv, i, tab->fe[i].ctrl, tab->fe[i].prop);
+ /* Fill the rest with fall-troughs */
diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c b/drivers/net/ethernet/intel/i40e/i40e_ptp.c
index e33ec6c..f54cfe7 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c
@@ -50509,10 +50574,10 @@ index 84419af..268ede8 100644
&dev_attr_energy_uj.attr;
}
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
-index afca1bc..86840b8 100644
+index b798404..cd11618 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
-@@ -3366,7 +3366,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3368,7 +3368,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
{
const struct regulation_constraints *constraints = NULL;
const struct regulator_init_data *init_data;
@@ -50521,7 +50586,7 @@ index afca1bc..86840b8 100644
struct regulator_dev *rdev;
struct device *dev;
int ret, i;
-@@ -3436,7 +3436,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3438,7 +3438,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
rdev->dev.of_node = config->of_node;
rdev->dev.parent = dev;
dev_set_name(&rdev->dev, "regulator.%d",
@@ -52558,7 +52623,7 @@ index 24884ca..26c8220 100644
login->tgt_agt = sbp_target_agent_register(login);
if (IS_ERR(login->tgt_agt)) {
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 38b4be2..c68af1c 100644
+index 26ae688..ca12181 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -1526,7 +1526,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
@@ -59791,7 +59856,7 @@ index 10a4ccb..92dbc5e 100644
sb->s_bdi = &fsc->backing_dev_info;
return err;
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
-index f3ac415..3d2420c 100644
+index f3ac415..e26bd76 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -286,8 +286,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
@@ -59834,6 +59899,20 @@ index f3ac415..3d2420c 100644
if (server->ops->print_stats)
server->ops->print_stats(m, tcon);
}
+@@ -615,9 +615,11 @@ cifs_security_flags_handle_must_flags(unsigned int *flags)
+ *flags = CIFSSEC_MUST_NTLMV2;
+ else if ((*flags & CIFSSEC_MUST_NTLM) == CIFSSEC_MUST_NTLM)
+ *flags = CIFSSEC_MUST_NTLM;
+- else if ((*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN)
++ else if (CIFSSEC_MUST_LANMAN &&
++ (*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN)
+ *flags = CIFSSEC_MUST_LANMAN;
+- else if ((*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT)
++ else if (CIFSSEC_MUST_PLNTXT &&
++ (*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT)
+ *flags = CIFSSEC_MUST_PLNTXT;
+
+ *flags |= signflags;
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 7c6b73c..a8f0db2 100644
--- a/fs/cifs/cifsfs.c
@@ -59952,10 +60031,37 @@ index 5d12d69..161d0ce 100644
GLOBAL_EXTERN atomic_t smBufAllocCount;
GLOBAL_EXTERN atomic_t midCount;
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
-index d375322..88c3ead 100644
+index d375322..2f1ac75 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
-@@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping,
+@@ -366,6 +366,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
+ struct cifsLockInfo *li, *tmp;
+ struct cifs_fid fid;
+ struct cifs_pending_open open;
++ bool oplock_break_cancelled;
+
+ spin_lock(&cifs_file_list_lock);
+ if (--cifs_file->count > 0) {
+@@ -397,7 +398,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
+ }
+ spin_unlock(&cifs_file_list_lock);
+
+- cancel_work_sync(&cifs_file->oplock_break);
++ oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break);
+
+ if (!tcon->need_reconnect && !cifs_file->invalidHandle) {
+ struct TCP_Server_Info *server = tcon->ses->server;
+@@ -409,6 +410,9 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
+ _free_xid(xid);
+ }
+
++ if (oplock_break_cancelled)
++ cifs_done_oplock_break(cifsi);
++
+ cifs_del_pending_open(&open);
+
+ /*
+@@ -1900,10 +1904,14 @@ static int cifs_writepages(struct address_space *mapping,
index = mapping->writeback_index; /* Start from prev offset */
end = -1;
} else {
@@ -60239,6 +60345,19 @@ index 3487929..47a6ebf2 100644
}
req->FileIndex = cpu_to_le32(index);
+diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
+index 43eb136..f17e718 100644
+--- a/fs/cifs/smbencrypt.c
++++ b/fs/cifs/smbencrypt.c
+@@ -220,7 +220,7 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16,
+ }
+
+ rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16));
+- memset(wpwd, 0, 129 * sizeof(__le16));
++ memzero_explicit(wpwd, sizeof(wpwd));
+
+ return rc;
+ }
diff --git a/fs/coda/cache.c b/fs/coda/cache.c
index 1da168c..8bc7ff6 100644
--- a/fs/coda/cache.c
@@ -95086,10 +95205,10 @@ index c9b6f01..37781d9 100644
.thread_should_run = watchdog_should_run,
.thread_fn = watchdog,
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
-index b4defde..f092808 100644
+index f6f31d8..bbe30db 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
-@@ -4703,7 +4703,7 @@ static void rebind_workers(struct worker_pool *pool)
+@@ -4687,7 +4687,7 @@ static void rebind_workers(struct worker_pool *pool)
WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
worker_flags |= WORKER_REBOUND;
worker_flags &= ~WORKER_UNBOUND;
@@ -102032,7 +102151,7 @@ index a16ed7b..eb44d17 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 86bb9cc..8814d50 100644
+index 86bb9cc..a4f25f3 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -102097,6 +102216,24 @@ index 86bb9cc..8814d50 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
+@@ -5066,7 +5066,7 @@ void netdev_upper_dev_unlink(struct net_device *dev,
+ }
+ EXPORT_SYMBOL(netdev_upper_dev_unlink);
+
+-void netdev_adjacent_add_links(struct net_device *dev)
++static void netdev_adjacent_add_links(struct net_device *dev)
+ {
+ struct netdev_adjacent *iter;
+
+@@ -5091,7 +5091,7 @@ void netdev_adjacent_add_links(struct net_device *dev)
+ }
+ }
+
+-void netdev_adjacent_del_links(struct net_device *dev)
++static void netdev_adjacent_del_links(struct net_device *dev)
+ {
+ struct netdev_adjacent *iter;
+
@@ -6376,7 +6376,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
@@ -102106,6 +102243,15 @@ index 86bb9cc..8814d50 100644
return storage;
}
EXPORT_SYMBOL(dev_get_stats);
+@@ -6392,7 +6392,7 @@ struct netdev_queue *dev_ingress_queue_create(struct net_device *dev)
+ if (!queue)
+ return NULL;
+ netdev_init_one_queue(dev, queue, NULL);
+- queue->qdisc = &noop_qdisc;
++ RCU_INIT_POINTER(queue->qdisc, &noop_qdisc);
+ queue->qdisc_sleeping = &noop_qdisc;
+ rcu_assign_pointer(dev->ingress_queue, queue);
+ #endif
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index cf999e0..c59a9754 100644
--- a/net/core/dev_ioctl.c
@@ -104265,7 +104411,7 @@ index e1a6393..f634ce5 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 3f0ec06..5aad945 100644
+index 3f0ec06..230c2c5 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -170,7 +170,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
@@ -104338,7 +104484,29 @@ index 3f0ec06..5aad945 100644
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
head = &net->dev_index_head[h];
-@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4512,6 +4519,21 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
+ return 0;
+ }
+
++static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = {
++ [IFLA_INET6_TOKEN] = { .len = sizeof(struct in6_addr) },
++};
++
++static int inet6_validate_link_af(const struct net_device *dev,
++ const struct nlattr *nla)
++{
++ struct nlattr *tb[IFLA_INET6_MAX + 1];
++
++ if (dev && !__in6_dev_get(dev))
++ return -EAFNOSUPPORT;
++
++ return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy);
++}
++
+ static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
+ {
+ int err = -EINVAL;
+@@ -4741,11 +4763,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
dev->ifindex, 1);
@@ -104352,7 +104520,7 @@ index 3f0ec06..5aad945 100644
}
dst_hold(&ifp->rt->dst);
-@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4753,7 +4772,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
dst_free(&ifp->rt->dst);
break;
}
@@ -104361,7 +104529,7 @@ index 3f0ec06..5aad945 100644
rt_genid_bump_ipv6(net);
}
-@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+@@ -4774,7 +4793,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -104370,7 +104538,7 @@ index 3f0ec06..5aad945 100644
int ret;
/*
-@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+@@ -4859,7 +4878,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -104379,6 +104547,14 @@ index 3f0ec06..5aad945 100644
int ret;
/*
+@@ -5299,6 +5318,7 @@ static struct rtnl_af_ops inet6_ops = {
+ .family = AF_INET6,
+ .fill_link_af = inet6_fill_link_af,
+ .get_link_af_size = inet6_get_link_af_size,
++ .validate_link_af = inet6_validate_link_af,
+ .set_link_af = inet6_set_link_af,
+ };
+
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index d935889..2f64330 100644
--- a/net/ipv6/af_inet6.c
@@ -104445,7 +104621,7 @@ index 7b32652..0bc348b 100644
table = kmemdup(ipv6_icmp_table_template,
sizeof(ipv6_icmp_table_template),
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index 4a230b1..a1d47b8 100644
+index 4a230b1..42d6ab42 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -71,7 +71,7 @@ struct ip6gre_net {
@@ -104457,6 +104633,24 @@ index 4a230b1..a1d47b8 100644
static int ip6gre_tunnel_init(struct net_device *dev);
static void ip6gre_tunnel_setup(struct net_device *dev);
static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
+@@ -413,7 +413,7 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ if (code == ICMPV6_HDR_FIELD)
+ teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data);
+
+- if (teli && teli == info - 2) {
++ if (teli && teli == be32_to_cpu(info) - 2) {
+ tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
+ if (tel->encap_limit == 0) {
+ net_warn_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n",
+@@ -425,7 +425,7 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ }
+ break;
+ case ICMPV6_PKT_TOOBIG:
+- mtu = info - offset;
++ mtu = be32_to_cpu(info) - offset;
+ if (mtu < IPV6_MIN_MTU)
+ mtu = IPV6_MIN_MTU;
+ t->dev->mtu = mtu;
@@ -1290,7 +1290,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
}
@@ -105938,7 +106132,7 @@ index f042ae5..30ea486 100644
}
EXPORT_SYMBOL(nf_unregister_sockopt);
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
-index c68e5e0..8d52d50 100644
+index c68e5e0..3bed3f0 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -152,8 +152,8 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi,
@@ -105952,6 +106146,18 @@ index c68e5e0..8d52d50 100644
nfnl_lock(NFNL_SUBSYS_NFTABLES);
type = __nf_tables_chain_type_lookup(afi->family, nla);
if (type != NULL)
+@@ -789,9 +789,11 @@ nf_tables_counters(struct nft_base_chain *chain, const struct nlattr *attr)
+ /* Restore old counters on this cpu, no problem. Per-cpu statistics
+ * are not exposed to userspace.
+ */
++ preempt_disable();
+ stats = this_cpu_ptr(newstats);
+ stats->bytes = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES]));
+ stats->pkts = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS]));
++ preempt_enable();
+
+ if (chain->stats) {
+ /* nfnl_lock is held, add some nfnl function for this, later */
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 6ff12a1..d1815b6 100644
--- a/net/netfilter/nfnetlink_log.c
@@ -106462,6 +106668,27 @@ index a82fb66..1ea9251 100644
continue;
}
list_del_init(&rm->m_conn_item);
+diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c
+index b5cb2aa..35773ad 100644
+--- a/net/rds/sysctl.c
++++ b/net/rds/sysctl.c
+@@ -71,14 +71,14 @@ static struct ctl_table rds_sysctl_rds_table[] = {
+ {
+ .procname = "max_unacked_packets",
+ .data = &rds_sysctl_max_unacked_packets,
+- .maxlen = sizeof(unsigned long),
++ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+ {
+ .procname = "max_unacked_bytes",
+ .data = &rds_sysctl_max_unacked_bytes,
+- .maxlen = sizeof(unsigned long),
++ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index edac9ef..16bcb98 100644
--- a/net/rds/tcp.c
@@ -106748,6 +106975,31 @@ index f226709..0e735a8 100644
_proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
+diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
+index bdbdb1a..1afc85f 100644
+--- a/net/sched/cls_api.c
++++ b/net/sched/cls_api.c
+@@ -555,8 +555,9 @@ void tcf_exts_change(struct tcf_proto *tp, struct tcf_exts *dst,
+ }
+ EXPORT_SYMBOL(tcf_exts_change);
+
+-#define tcf_exts_first_act(ext) \
+- list_first_entry(&(exts)->actions, struct tc_action, list)
++#define tcf_exts_first_act(ext) \
++ list_first_entry_or_null(&(exts)->actions, \
++ struct tc_action, list)
+
+ int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts)
+ {
+@@ -597,7 +598,7 @@ int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts)
+ {
+ #ifdef CONFIG_NET_CLS_ACT
+ struct tc_action *a = tcf_exts_first_act(exts);
+- if (tcf_action_copy_stats(skb, a, 1) < 0)
++ if (a != NULL && tcf_action_copy_stats(skb, a, 1) < 0)
+ return -1;
+ #endif
+ return 0;
diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c
index 8e3cf49..4a8e322 100644
--- a/net/sched/cls_bpf.c
@@ -106888,10 +107140,38 @@ index fef2acd..c705c4f 100644
sctp_generate_t1_cookie_event,
sctp_generate_t1_init_event,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 604a6ac..f87f0a3 100644
+index 604a6ac..990354d 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -2175,11 +2175,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
+@@ -1605,6 +1605,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ sctp_scope_t scope;
+ long timeo;
+ __u16 sinfo_flags = 0;
++ bool wait_connect = false;
+ struct sctp_datamsg *datamsg;
+ int msg_flags = msg->msg_flags;
+
+@@ -1924,6 +1925,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ if (err < 0)
+ goto out_free;
+
++ wait_connect = true;
+ pr_debug("%s: we associated primitively\n", __func__);
+ }
+
+@@ -1961,6 +1963,11 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ sctp_datamsg_put(datamsg);
+ err = msg_len;
+
++ if (unlikely(wait_connect)) {
++ timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT);
++ sctp_wait_for_connect(asoc, &timeo);
++ }
++
+ /* If we are already past ASSOCIATE, the lower
+ * layers are responsible for association cleanup.
+ */
+@@ -2175,11 +2182,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
{
struct sctp_association *asoc;
struct sctp_ulpevent *event;
@@ -106906,7 +107186,7 @@ index 604a6ac..f87f0a3 100644
/*
* At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
-@@ -4259,13 +4261,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
+@@ -4259,13 +4268,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
int __user *optlen)
{
@@ -106924,7 +107204,7 @@ index 604a6ac..f87f0a3 100644
return -EFAULT;
return 0;
}
-@@ -4283,6 +4288,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
+@@ -4283,6 +4295,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
*/
static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -106933,7 +107213,7 @@ index 604a6ac..f87f0a3 100644
/* Applicable to UDP-style socket only */
if (sctp_style(sk, TCP))
return -EOPNOTSUPP;
-@@ -4291,7 +4298,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
+@@ -4291,7 +4305,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
len = sizeof(int);
if (put_user(len, optlen))
return -EFAULT;
@@ -106943,7 +107223,7 @@ index 604a6ac..f87f0a3 100644
return -EFAULT;
return 0;
}
-@@ -4666,12 +4674,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
+@@ -4666,12 +4681,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
*/
static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -106960,7 +107240,7 @@ index 604a6ac..f87f0a3 100644
return -EFAULT;
return 0;
}
-@@ -4712,6 +4723,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4712,6 +4730,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
if (space_left < addrlen)
return -ENOMEM;