diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-10 07:46:02 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-10 07:46:02 +0000 |
commit | 797023a1712179c0b5e6e69661a51786e0637371 (patch) | |
tree | b4f31b38653a7e8b7813de4dca6371e1f0eb11a7 | |
parent | 1ab4dbf6662a2f68962800b33a5d13d165b0fdda (diff) | |
download | aports-797023a1712179c0b5e6e69661a51786e0637371.tar.bz2 aports-797023a1712179c0b5e6e69661a51786e0637371.tar.xz |
main/linux-grsec: upgrade to 3.14.18
-rw-r--r-- | main/linux-grsec/APKBUILD | 30 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.18-201409082127.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.17-201408260041.patch) | 1186 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 5 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 5 |
4 files changed, 778 insertions, 448 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index a3f3a7b60d..11c21822b6 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.17 +pkgver=3.14.18 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=1 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.17-201408260041.patch + grsecurity-3.0-3.14.18-201409082127.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,26 +165,26 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -a9a6539c8df7245c2ab9bfca56f2ef04 patch-3.14.17.xz -25066c4bc665d172b980d09435f18432 grsecurity-3.0-3.14.17-201408260041.patch +f00741b35127573c3cf085fc43f6e3f0 patch-3.14.18.xz +43a6f021cff545fa3e3c0386e473ff23 grsecurity-3.0-3.14.18-201409082127.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch -dc5e04d422b807e740fd15b141b89a62 kernelconfig.x86 -1aea3d3de4013c10712a582c8d738bf7 kernelconfig.x86_64 +5395777f2ffcaeedb482afce441a0e2f kernelconfig.x86 +1a836d0252b3486318321b0e26791a04 kernelconfig.x86_64 0d71b1663f7cbfffc6e403deca4bbe86 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -50b0e2a6812597b401a417bd1269b5388fdd980b6009d564fff09605100f0df8 patch-3.14.17.xz -40352c8bd115d91089444670999925e2a383c66c42ae11d94ec295d656772caf grsecurity-3.0-3.14.17-201408260041.patch +3723d8d91e1bba0ed57a4951e8089ebfaa21ac186c3b729b4d2bad2da3eaed9f patch-3.14.18.xz +ac5c311624480651775d6c482a3314edd8f1e1e5730e98f2aa6f648e47e20422 grsecurity-3.0-3.14.18-201409082127.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch -148fe2f06c98716744139f0c92aa702665bb9da96ecc163ef56c8ba3084d534a kernelconfig.x86 -1b26e8c006dccce38520b9b42a6ae43230d032307ec847ab77ea97d4616164f6 kernelconfig.x86_64 +c1f2bcf8711c2295895f682a8e32a0719f389557deb0f1fa1ce9e751dd04f8ae kernelconfig.x86 +227390b633fd749aaadb3e3fc4d027fc06142a395279beb7ba09f8568aa505c2 kernelconfig.x86_64 3cddaac02211dd0f5eb4531aecc3a1427f29dcec7b31d9fe0042192d591bcdc8 kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -03638215934a08a67e3d92d051b6a341e1874872388de910870021934f11f8ed20502a1afbff89a24f0e14053a02f4e40441e2f9878b099ddd1504159ff19872 patch-3.14.17.xz -6c54a9f120dd896b595239f984c326933e50ba2e324215fb8e4bb6092cb624771dc301e78424f7be3f1d42c542fda086e5d8fe84cf9e06dc8106d3b16c0a69bd grsecurity-3.0-3.14.17-201408260041.patch +c7c5b281986819cb69592cc4c2b7c7d79f34aa86f21db1dd64b795dda79b5f9df95626dada5c8e0613c58d8d7979f37baf0a87cd458f340018ce61b42e4eb6c5 patch-3.14.18.xz +2a12ca6dd993fa874da02bdc6913a78a29b21b6621bd243157f5ae65240d4bf934e438f35620935508b7e251445551b1b0c962aec9e26b2d34bca1c8281fdbc2 grsecurity-3.0-3.14.18-201409082127.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch -65697a0652795bc2f57c74968b4e541b372bf9ebfd8effe9d17b75143f2444a76d41982dddee3c7cda28dc33c88f221b89964282d82761593ec697b5fa77f8d4 kernelconfig.x86 -799e497939ed879e118b9bccae970f69c4c64488f3ef52ed5f07685531f13fa756cc7656351d611e6ffb93809f7af526cab379c2e24171c6bb5eac88f77fcc2e kernelconfig.x86_64 +bba0241bf9d51154959cb06d8ecf328b0475bf1c656baff1c0066285c71f6b0115534c8c4fc238b63b617b5c7a75d0a13371d80a7fe99194eaa4238cd4712357 kernelconfig.x86 +cf7e27e9ed00f07a9743c3ad6a35ff2aff86c5e9f9cd9c8076cb5a3f2e3b3b59d4c1da55fd4cd04b599ceae29775ddde7d9b3bd96093bec07a9bce3e20d6dffe kernelconfig.x86_64 c19ce8d5ef84e42d63435731afab351a68226d7b49caf5d6a3b43421a1a856eadfc69b503a2d757de10cba46bcfdf45c17bb0fed6cf0a14ac284050e655614dd kernelconfig.armhf" diff --git a/main/linux-grsec/grsecurity-3.0-3.14.17-201408260041.patch b/main/linux-grsec/grsecurity-3.0-3.14.18-201409082127.patch index c27879a613..2a009861ca 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.17-201408260041.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.18-201409082127.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 12aac03..33d9e9f 100644 +index 05279d4..c24e149 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3643,7 +3643,7 @@ index 78c02b3..c94109a 100644 struct omap_device *omap_device_alloc(struct platform_device *pdev, struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 66c60fe..c78950d 100644 +index c914b00..8a653a7 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops { @@ -12269,7 +12269,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index c718d9f..511e6fa 100644 +index e409891..d64a8f7 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -126,7 +126,7 @@ config X86 @@ -12325,7 +12325,7 @@ index c718d9f..511e6fa 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz +@@ -1624,6 +1625,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12333,7 +12333,7 @@ index c718d9f..511e6fa 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS +@@ -1775,7 +1777,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12344,7 +12344,7 @@ index c718d9f..511e6fa 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1855,9 +1859,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -22894,7 +22894,7 @@ index c5a9cb9..228d280 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 03cd2a8..05a9aed 100644 +index 03cd2a8..d236ccb 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -60,6 +60,8 @@ @@ -23815,7 +23815,7 @@ index 03cd2a8..05a9aed 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */ +@@ -1027,12 +1500,35 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -23828,11 +23828,30 @@ index 03cd2a8..05a9aed 100644 retint_restore_args: /* return to kernel space */ DISABLE_INTERRUPTS(CLBR_ANY) + pax_exit_kernel ++ ++#if defined(CONFIG_EFI) && defined(CONFIG_PAX_KERNEXEC) ++ /* This is a quirk to allow IRQs/NMIs/MCEs during early EFI setup, ++ * namely calling EFI runtime services with a phys mapping. We're ++ * starting off with NOPs and patch in the real instrumentation ++ * (BTS/OR) before starting any userland process; even before starting ++ * up the APs. ++ */ ++ .pushsection .altinstr_replacement, "a" ++ 601: pax_force_retaddr (RIP-ARGOFFSET) ++ 602: ++ .popsection ++ 603: .fill 602b-601b, 1, 0x90 ++ .pushsection .altinstructions, "a" ++ altinstruction_entry 603b, 601b, X86_FEATURE_ALWAYS, 602b-601b, 602b-601b ++ .popsection ++#else + pax_force_retaddr (RIP-ARGOFFSET) ++#endif ++ /* * The iretq could re-enable interrupts: */ -@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel) +@@ -1145,7 +1641,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -23841,7 +23860,7 @@ index 03cd2a8..05a9aed 100644 /* * If IRET takes a fault on the espfix stack, then we -@@ -1167,13 +1644,13 @@ __do_double_fault: +@@ -1167,13 +1663,13 @@ __do_double_fault: cmpq $native_irq_return_iret,%rax jne do_double_fault /* This shouldn't happen... */ movq PER_CPU_VAR(kernel_stack),%rax @@ -23857,7 +23876,7 @@ index 03cd2a8..05a9aed 100644 #else # define __do_double_fault do_double_fault #endif -@@ -1195,7 +1672,7 @@ ENTRY(\sym) +@@ -1195,7 +1691,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -23866,7 +23885,7 @@ index 03cd2a8..05a9aed 100644 .endm #ifdef CONFIG_TRACING -@@ -1283,7 +1760,7 @@ ENTRY(\sym) +@@ -1283,7 +1779,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23875,7 +23894,7 @@ index 03cd2a8..05a9aed 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1301,10 +1778,10 @@ ENTRY(\sym) +@@ -1301,10 +1797,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23888,7 +23907,7 @@ index 03cd2a8..05a9aed 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1317,12 +1794,18 @@ ENTRY(\sym) +@@ -1317,12 +1813,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -23908,7 +23927,7 @@ index 03cd2a8..05a9aed 100644 .endm .macro errorentry sym do_sym -@@ -1340,7 +1823,7 @@ ENTRY(\sym) +@@ -1340,7 +1842,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23917,7 +23936,7 @@ index 03cd2a8..05a9aed 100644 .endm #ifdef CONFIG_TRACING -@@ -1371,7 +1854,7 @@ ENTRY(\sym) +@@ -1371,7 +1873,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23926,7 +23945,7 @@ index 03cd2a8..05a9aed 100644 .endm zeroentry divide_error do_divide_error -@@ -1401,9 +1884,10 @@ gs_change: +@@ -1401,9 +1903,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -23938,7 +23957,7 @@ index 03cd2a8..05a9aed 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack) +@@ -1431,9 +1934,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -23950,7 +23969,7 @@ index 03cd2a8..05a9aed 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1471,7 +1975,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -23959,7 +23978,7 @@ index 03cd2a8..05a9aed 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback) +@@ -1530,7 +2034,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -23968,7 +23987,7 @@ index 03cd2a8..05a9aed 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit) +@@ -1582,18 +2086,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24004,7 +24023,7 @@ index 03cd2a8..05a9aed 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1622,7 +2122,7 @@ paranoid_schedule: +@@ -1622,7 +2141,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24013,7 +24032,7 @@ index 03cd2a8..05a9aed 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1649,12 +2149,23 @@ ENTRY(error_entry) +@@ -1649,12 +2168,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -24038,7 +24057,7 @@ index 03cd2a8..05a9aed 100644 ret /* -@@ -1681,7 +2192,7 @@ bstep_iret: +@@ -1681,7 +2211,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -24047,7 +24066,7 @@ index 03cd2a8..05a9aed 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1692,7 +2203,7 @@ ENTRY(error_exit) +@@ -1692,7 +2222,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24056,7 +24075,7 @@ index 03cd2a8..05a9aed 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1701,7 +2212,7 @@ ENTRY(error_exit) +@@ -1701,7 +2231,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24065,7 +24084,7 @@ index 03cd2a8..05a9aed 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1759,9 +2270,11 @@ ENTRY(nmi) +@@ -1759,9 +2289,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24078,7 +24097,7 @@ index 03cd2a8..05a9aed 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1795,8 +2308,7 @@ nested_nmi: +@@ -1795,8 +2327,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24088,7 +24107,7 @@ index 03cd2a8..05a9aed 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1814,6 +2326,7 @@ nested_nmi_out: +@@ -1814,6 +2345,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24096,7 +24115,7 @@ index 03cd2a8..05a9aed 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1910,13 +2423,13 @@ end_repeat_nmi: +@@ -1910,13 +2442,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24112,7 +24131,7 @@ index 03cd2a8..05a9aed 100644 DEFAULT_FRAME 0 /* -@@ -1926,9 +2439,9 @@ end_repeat_nmi: +@@ -1926,9 +2458,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24124,7 +24143,7 @@ index 03cd2a8..05a9aed 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1937,31 +2450,36 @@ end_repeat_nmi: +@@ -1937,31 +2469,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -28195,7 +28214,7 @@ index da6b35a..977e9cf 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index 1f96f93..6f29be7 100644 +index 09ce23a..9293938 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -56,15 +56,13 @@ @@ -28401,7 +28420,7 @@ index c697625..a032162 100644 out: diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 0069118..c28ec0a 100644 +index 453e5fb..214168f 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -41665,19 +41684,6 @@ index 6866448..2ad2b34 100644 { /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { -diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c -index 1bdcccc..f745d2c 100644 ---- a/drivers/hid/hid-cherry.c -+++ b/drivers/hid/hid-cherry.c -@@ -28,7 +28,7 @@ - static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { -+ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { - hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n"); - rdesc[11] = rdesc[16] = 0xff; - rdesc[12] = rdesc[17] = 0x03; diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 7cd42ea..a367c48 100644 --- a/drivers/hid/hid-core.c @@ -41700,110 +41706,51 @@ index 7cd42ea..a367c48 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); -diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c -index e776963..b92bf01 100644 ---- a/drivers/hid/hid-kye.c -+++ b/drivers/hid/hid-kye.c -@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc, - * - change the button usage range to 4-7 for the extra - * buttons - */ -- if (*rsize >= 74 && -+ if (*rsize >= 75 && - rdesc[61] == 0x05 && rdesc[62] == 0x08 && - rdesc[63] == 0x19 && rdesc[64] == 0x08 && - rdesc[65] == 0x29 && rdesc[66] == 0x0f && -diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c -index 9fe9d4a..b8207e0 100644 ---- a/drivers/hid/hid-lg.c -+++ b/drivers/hid/hid-lg.c -@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc, - struct usb_device_descriptor *udesc; - __u16 bcdDevice, rev_maj, rev_min; - -- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 && -+ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 && - rdesc[84] == 0x8c && rdesc[85] == 0x02) { - hid_info(hdev, - "fixing up Logitech keyboard report descriptor\n"); - rdesc[84] = rdesc[89] = 0x4d; - rdesc[85] = rdesc[90] = 0x10; - } -- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 && -+ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 && - rdesc[32] == 0x81 && rdesc[33] == 0x06 && - rdesc[49] == 0x81 && rdesc[50] == 0x06) { - hid_info(hdev, -diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c -index f45279c..0b14d32 100644 ---- a/drivers/hid/hid-logitech-dj.c -+++ b/drivers/hid/hid-logitech-dj.c -@@ -237,13 +237,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev, - return; - } +diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c +index 3b43d1c..991ba79 100644 +--- a/drivers/hid/hid-magicmouse.c ++++ b/drivers/hid/hid-magicmouse.c +@@ -290,6 +290,11 @@ static int magicmouse_raw_event(struct hid_device *hdev, + if (size < 4 || ((size - 4) % 9) != 0) + return 0; + npoints = (size - 4) / 9; ++ if (npoints > 15) { ++ hid_warn(hdev, "invalid size value (%d) for TRACKPAD_REPORT_ID\n", ++ size); ++ return 0; ++ } + msc->ntouches = 0; + for (ii = 0; ii < npoints; ii++) + magicmouse_emit_touch(msc, ii, data + ii * 9 + 4); +@@ -307,6 +312,11 @@ static int magicmouse_raw_event(struct hid_device *hdev, + if (size < 6 || ((size - 6) % 8) != 0) + return 0; + npoints = (size - 6) / 8; ++ if (npoints > 15) { ++ hid_warn(hdev, "invalid size value (%d) for MOUSE_REPORT_ID\n", ++ size); ++ return 0; ++ } + msc->ntouches = 0; + for (ii = 0; ii < npoints; ii++) + magicmouse_emit_touch(msc, ii, data + ii * 8 + 6); +diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c +index acbb0210..020df3c 100644 +--- a/drivers/hid/hid-picolcd_core.c ++++ b/drivers/hid/hid-picolcd_core.c +@@ -350,6 +350,12 @@ static int picolcd_raw_event(struct hid_device *hdev, + if (!data) + return 1; -- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n", -- __func__, dj_report->device_index); -- return; -- } -- - if (djrcv_dev->paired_dj_devices[dj_report->device_index]) { - /* The device is already known. No need to reallocate it. */ - dbg_hid("%s: device is already known\n", __func__); -@@ -721,6 +714,12 @@ static int logi_dj_raw_event(struct hid_device *hdev, - * device (via hid_input_report() ) and return 1 so hid-core does not do - * anything else with it. - */ -+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -+ dev_err(&hdev->dev, "%s: invalid device index:%d\n", -+ __func__, dj_report->device_index); -+ return false; ++ if (size > 64) { ++ hid_warn(hdev, "invalid size value (%d) for picolcd raw event\n", ++ size); ++ return 0; + } - - spin_lock_irqsave(&djrcv_dev->lock, flags); - if (dj_report->report_id == REPORT_ID_DJ_SHORT) { -diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c -index 9e14c00..25daf28 100644 ---- a/drivers/hid/hid-monterey.c -+++ b/drivers/hid/hid-monterey.c -@@ -24,7 +24,7 @@ - static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { -+ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { - hid_info(hdev, "fixing up button/consumer in HID report descriptor\n"); - rdesc[30] = 0x0c; - } -diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c -index 736b250..6aca4f2 100644 ---- a/drivers/hid/hid-petalynx.c -+++ b/drivers/hid/hid-petalynx.c -@@ -25,7 +25,7 @@ - static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && -+ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && - rdesc[41] == 0x00 && rdesc[59] == 0x26 && - rdesc[60] == 0xf9 && rdesc[61] == 0x00) { - hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n"); -diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c -index 87fc91e..91072fa 100644 ---- a/drivers/hid/hid-sunplus.c -+++ b/drivers/hid/hid-sunplus.c -@@ -24,7 +24,7 @@ - static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && -+ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && - rdesc[106] == 0x03) { - hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n"); - rdesc[105] = rdesc[110] = 0x03; ++ + if (report->id == REPORT_KEY_STATE) { + if (data->input_keys) + ret = picolcd_raw_keypad(data, report, raw_data+1, size-1); diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c index c13fb5b..55a3802 100644 --- a/drivers/hid/hid-wiimote-debug.c @@ -45018,6 +44965,433 @@ index 2fd9009..278cc1e 100644 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL); if (!radio) +diff --git a/drivers/media/usb/dvb-usb/cinergyT2-core.c b/drivers/media/usb/dvb-usb/cinergyT2-core.c +index 9fd1527..8927230 100644 +--- a/drivers/media/usb/dvb-usb/cinergyT2-core.c ++++ b/drivers/media/usb/dvb-usb/cinergyT2-core.c +@@ -50,29 +50,73 @@ static struct dvb_usb_device_properties cinergyt2_properties; + + static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable) + { +- char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 }; +- char result[64]; +- return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result, +- sizeof(result), 0); ++ char *buf; ++ char *result; ++ int retval; ++ ++ buf = kmalloc(2, GFP_KERNEL); ++ if (buf == NULL) ++ return -ENOMEM; ++ result = kmalloc(64, GFP_KERNEL); ++ if (result == NULL) { ++ kfree(buf); ++ return -ENOMEM; ++ } ++ ++ buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER; ++ buf[1] = enable ? 1 : 0; ++ ++ retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0); ++ ++ kfree(buf); ++ kfree(result); ++ return retval; + } + + static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable) + { +- char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 }; +- char state[3]; +- return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0); ++ char *buf; ++ char *state; ++ int retval; ++ ++ buf = kmalloc(2, GFP_KERNEL); ++ if (buf == NULL) ++ return -ENOMEM; ++ state = kmalloc(3, GFP_KERNEL); ++ if (state == NULL) { ++ kfree(buf); ++ return -ENOMEM; ++ } ++ ++ buf[0] = CINERGYT2_EP1_SLEEP_MODE; ++ buf[1] = enable ? 1 : 0; ++ ++ retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0); ++ ++ kfree(buf); ++ kfree(state); ++ return retval; + } + + static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap) + { +- char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION }; +- char state[3]; ++ char *query; ++ char *state; + int ret; ++ query = kmalloc(1, GFP_KERNEL); ++ if (query == NULL) ++ return -ENOMEM; ++ state = kmalloc(3, GFP_KERNEL); ++ if (state == NULL) { ++ kfree(query); ++ return -ENOMEM; ++ } ++ ++ query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION; + + adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev); + +- ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state, +- sizeof(state), 0); ++ ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0); + if (ret < 0) { + deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep " + "state info\n"); +@@ -80,7 +124,8 @@ static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap) + + /* Copy this pointer as we are gonna need it in the release phase */ + cinergyt2_usb_device = adap->dev; +- ++ kfree(query); ++ kfree(state); + return 0; + } + +@@ -141,12 +186,23 @@ static int repeatable_keys[] = { + static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state) + { + struct cinergyt2_state *st = d->priv; +- u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS; ++ u8 *key, *cmd; + int i; + ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -EINVAL; ++ key = kzalloc(5, GFP_KERNEL); ++ if (key == NULL) { ++ kfree(cmd); ++ return -EINVAL; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS; ++ + *state = REMOTE_NO_KEY_PRESSED; + +- dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0); ++ dvb_usb_generic_rw(d, cmd, 1, key, 5, 0); + if (key[4] == 0xff) { + /* key repeat */ + st->rc_counter++; +@@ -157,12 +213,12 @@ static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state) + *event = d->last_event; + deb_rc("repeat key, event %x\n", + *event); +- return 0; ++ goto out; + } + } + deb_rc("repeated key (non repeatable)\n"); + } +- return 0; ++ goto out; + } + + /* hack to pass checksum on the custom field */ +@@ -174,6 +230,9 @@ static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state) + + deb_rc("key: %*ph\n", 5, key); + } ++out: ++ kfree(cmd); ++ kfree(key); + return 0; + } + +diff --git a/drivers/media/usb/dvb-usb/cinergyT2-fe.c b/drivers/media/usb/dvb-usb/cinergyT2-fe.c +index c890fe4..f9b2ae6 100644 +--- a/drivers/media/usb/dvb-usb/cinergyT2-fe.c ++++ b/drivers/media/usb/dvb-usb/cinergyT2-fe.c +@@ -145,103 +145,176 @@ static int cinergyt2_fe_read_status(struct dvb_frontend *fe, + fe_status_t *status) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg result; +- u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *result; ++ u8 *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result, +- sizeof(result), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ result = kmalloc(sizeof(*result), GFP_KERNEL); ++ if (result == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result, ++ sizeof(*result), 0); + if (ret < 0) +- return ret; ++ goto out; + + *status = 0; + +- if (0xffff - le16_to_cpu(result.gain) > 30) ++ if (0xffff - le16_to_cpu(result->gain) > 30) + *status |= FE_HAS_SIGNAL; +- if (result.lock_bits & (1 << 6)) ++ if (result->lock_bits & (1 << 6)) + *status |= FE_HAS_LOCK; +- if (result.lock_bits & (1 << 5)) ++ if (result->lock_bits & (1 << 5)) + *status |= FE_HAS_SYNC; +- if (result.lock_bits & (1 << 4)) ++ if (result->lock_bits & (1 << 4)) + *status |= FE_HAS_CARRIER; +- if (result.lock_bits & (1 << 1)) ++ if (result->lock_bits & (1 << 1)) + *status |= FE_HAS_VITERBI; + + if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) != + (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) + *status &= ~FE_HAS_LOCK; + +- return 0; ++out: ++ kfree(cmd); ++ kfree(result); ++ return ret; + } + + static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg status; +- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *status; ++ char *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, +- sizeof(status), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (status == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, ++ sizeof(*status), 0); + if (ret < 0) +- return ret; ++ goto out; + +- *ber = le32_to_cpu(status.viterbi_error_rate); ++ *ber = le32_to_cpu(status->viterbi_error_rate); ++out: ++ kfree(cmd); ++ kfree(status); + return 0; + } + + static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg status; +- u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *status; ++ u8 *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status, +- sizeof(status), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (status == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status, ++ sizeof(*status), 0); + if (ret < 0) { + err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n", + ret); +- return ret; ++ goto out; + } +- *unc = le32_to_cpu(status.uncorrected_block_count); +- return 0; ++ *unc = le32_to_cpu(status->uncorrected_block_count); ++ ++out: ++ kfree(cmd); ++ kfree(status); ++ return ret; + } + + static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe, + u16 *strength) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg status; +- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *status; ++ char *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, +- sizeof(status), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (status == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, ++ sizeof(*status), 0); + if (ret < 0) { + err("cinergyt2_fe_read_signal_strength() Failed!" + " (Error=%d)\n", ret); +- return ret; ++ goto out; + } +- *strength = (0xffff - le16_to_cpu(status.gain)); ++ *strength = (0xffff - le16_to_cpu(status->gain)); ++ ++out: ++ kfree(cmd); ++ kfree(status); + return 0; + } + + static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg status; +- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *status; ++ char *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, +- sizeof(status), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (status == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, ++ sizeof(*status), 0); + if (ret < 0) { + err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret); +- return ret; ++ goto out; + } +- *snr = (status.snr << 8) | status.snr; +- return 0; ++ *snr = (status->snr << 8) | status->snr; ++ ++out: ++ kfree(cmd); ++ kfree(status); ++ return ret; + } + + static int cinergyt2_fe_init(struct dvb_frontend *fe) +@@ -266,35 +339,46 @@ static int cinergyt2_fe_set_frontend(struct dvb_frontend *fe) + { + struct dtv_frontend_properties *fep = &fe->dtv_property_cache; + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_set_parameters_msg param; +- char result[2]; ++ struct dvbt_set_parameters_msg *param; ++ char *result; + int err; + +- param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS; +- param.tps = cpu_to_le16(compute_tps(fep)); +- param.freq = cpu_to_le32(fep->frequency / 1000); +- param.flags = 0; ++ result = kmalloc(2, GFP_KERNEL); ++ if (result == NULL) ++ return -ENOMEM; ++ param = kmalloc(sizeof(*param), GFP_KERNEL); ++ if (param == NULL) { ++ kfree(result); ++ return -ENOMEM; ++ } ++ ++ param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS; ++ param->tps = cpu_to_le16(compute_tps(fep)); ++ param->freq = cpu_to_le32(fep->frequency / 1000); ++ param->flags = 0; + + switch (fep->bandwidth_hz) { + default: + case 8000000: +- param.bandwidth = 8; ++ param->bandwidth = 8; + break; + case 7000000: +- param.bandwidth = 7; ++ param->bandwidth = 7; + break; + case 6000000: +- param.bandwidth = 6; ++ param->bandwidth = 6; + break; + } + + err = dvb_usb_generic_rw(state->d, +- (char *)¶m, sizeof(param), +- result, sizeof(result), 0); ++ (char *)param, sizeof(*param), ++ result, 2, 0); + if (err < 0) + err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err); + +- return (err < 0) ? err : 0; ++ kfree(result); ++ kfree(param); ++ return err; + } + + static void cinergyt2_fe_release(struct dvb_frontend *fe) diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c index a1c641e..3007da9 100644 --- a/drivers/media/usb/dvb-usb/cxusb.c @@ -49430,7 +49804,7 @@ index f28ea07..34b16d3 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 868318a..e07ef3b 100644 +index 528bff5..84963854 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -571,7 +571,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) @@ -51721,10 +52095,10 @@ index 9cd706d..6ff2de7 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index ece2049b..fba2524 100644 +index 25b8f68..3e23c14 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -1448,7 +1448,7 @@ static void uart_hangup(struct tty_struct *tty) +@@ -1451,7 +1451,7 @@ static void uart_hangup(struct tty_struct *tty) uart_flush_buffer(tty); uart_shutdown(tty, state); spin_lock_irqsave(&port->lock, flags); @@ -51733,7 +52107,7 @@ index ece2049b..fba2524 100644 clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); spin_unlock_irqrestore(&port->lock, flags); tty_port_tty_set(port, NULL); -@@ -1544,7 +1544,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1547,7 +1547,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) goto end; } @@ -51742,7 +52116,7 @@ index ece2049b..fba2524 100644 if (!state->uart_port || state->uart_port->flags & UPF_DEAD) { retval = -ENXIO; goto err_dec_count; -@@ -1572,7 +1572,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1575,7 +1575,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) /* * Make sure the device is in D0 state. */ @@ -51751,7 +52125,7 @@ index ece2049b..fba2524 100644 uart_change_pm(state, UART_PM_STATE_ON); /* -@@ -1590,7 +1590,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1593,7 +1593,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) end: return retval; err_dec_count: @@ -52561,7 +52935,7 @@ index 2a3bbdf..91d72cf 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index 90e18f6..5eeda46 100644 +index 9ca7716..a2ccc2e 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, @@ -52623,7 +52997,7 @@ index 2518c32..1c201bb 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 36b1e85..18fb0a4 100644 +index 6650df7..3a94427 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -52634,7 +53008,7 @@ index 36b1e85..18fb0a4 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4502,6 +4503,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4549,6 +4550,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -52866,7 +53240,7 @@ index 7a55fea..cc0ed4f 100644 #include "u_uac1.h" diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c -index 7ae0c4d..35521b7 100644 +index 7d6f64c..37a1efc 100644 --- a/drivers/usb/host/ehci-hub.c +++ b/drivers/usb/host/ehci-hub.c @@ -780,7 +780,7 @@ static struct urb *request_single_step_set_feature_urb( @@ -56637,7 +57011,7 @@ index ce25d75..dc09eeb 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 6d68e01..573d8dc 100644 +index 6d68e01..6bc8e9a 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -56649,6 +57023,19 @@ index 6d68e01..573d8dc 100644 return -EINVAL; file = aio_private_file(ctx, nr_pages); +@@ -1065,6 +1065,12 @@ static long aio_read_events_ring(struct kioctx *ctx, + tail = ring->tail; + kunmap_atomic(ring); + ++ /* ++ * Ensure that once we've read the current tail pointer, that ++ * we also see the events that were stored up to the tail. ++ */ ++ smp_rmb(); ++ + pr_debug("h%u t%u m%u\n", head, tail, ctx->nr_events); + + if (head == tail) diff --git a/fs/attr.c b/fs/attr.c index 6530ced..4a827e2 100644 --- a/fs/attr.c @@ -58120,10 +58507,33 @@ index ebaff36..7e3ea26 100644 kunmap(page); file_end_write(file); diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 5e0982a..b7e82bc 100644 +index 5e0982a..ca18377 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c -@@ -248,7 +248,7 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) +@@ -128,6 +128,8 @@ static int __dcache_readdir(struct file *file, struct dir_context *ctx) + struct dentry *dentry, *last; + struct ceph_dentry_info *di; + int err = 0; ++ char d_name[DNAME_INLINE_LEN]; ++ const unsigned char *name; + + /* claim ref on last dentry we returned */ + last = fi->dentry; +@@ -183,7 +185,12 @@ more: + dout(" %llu (%llu) dentry %p %.*s %p\n", di->offset, ctx->pos, + dentry, dentry->d_name.len, dentry->d_name.name, dentry->d_inode); + ctx->pos = di->offset; +- if (!dir_emit(ctx, dentry->d_name.name, ++ name = dentry->d_name.name; ++ if (name == dentry->d_iname) { ++ memcpy(d_name, name, dentry->d_name.len); ++ name = d_name; ++ } ++ if (!dir_emit(ctx, name, + dentry->d_name.len, + ceph_translate_ino(dentry->d_sb, dentry->d_inode->i_ino), + dentry->d_inode->i_mode >> 12)) { +@@ -248,7 +255,7 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) struct ceph_fs_client *fsc = ceph_inode_to_client(inode); struct ceph_mds_client *mdsc = fsc->mdsc; unsigned frag = fpos_frag(ctx->pos); @@ -58983,7 +59393,7 @@ index 7f3b400..9c911f2 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 9c0444c..628490c 100644 +index 1576195..49a19ae 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -59978,10 +60388,10 @@ index e6574d7..c30cbe2 100644 brelse(bh); bh = NULL; diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 502f0fd..bf3b3c1 100644 +index 242226a..f3eb6c1 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1882,7 +1882,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -59990,7 +60400,7 @@ index 502f0fd..bf3b3c1 100644 break; } -@@ -2189,7 +2189,7 @@ repeat: +@@ -2191,7 +2191,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -59999,7 +60409,7 @@ index 502f0fd..bf3b3c1 100644 goto repeat; } } -@@ -2697,25 +2697,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2699,25 +2699,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -60035,7 +60445,7 @@ index 502f0fd..bf3b3c1 100644 } free_percpu(sbi->s_locality_groups); -@@ -3169,16 +3169,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3171,16 +3171,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -60058,7 +60468,7 @@ index 502f0fd..bf3b3c1 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3583,7 +3583,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3607,7 +3607,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -60067,7 +60477,7 @@ index 502f0fd..bf3b3c1 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3643,7 +3643,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3667,7 +3667,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -60076,7 +60486,7 @@ index 502f0fd..bf3b3c1 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3732,7 +3732,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3756,7 +3756,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -60085,7 +60495,7 @@ index 502f0fd..bf3b3c1 100644 return err; } -@@ -3750,7 +3750,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3774,7 +3774,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -60108,7 +60518,7 @@ index 04434ad..6404663 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 25b327e..56f169d 100644 +index a46030d..1477295 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -61892,185 +62302,6 @@ index e846a32..bb06bd0 100644 put_cpu_var(last_ino); return res; } -diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c -index 4a9e10e..a9daccb 100644 ---- a/fs/isofs/inode.c -+++ b/fs/isofs/inode.c -@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb) - return; - } - --static int isofs_read_inode(struct inode *); -+static int isofs_read_inode(struct inode *, int relocated); - static int isofs_statfs (struct dentry *, struct kstatfs *); - - static struct kmem_cache *isofs_inode_cachep; -@@ -1258,7 +1258,7 @@ out_toomany: - goto out; - } - --static int isofs_read_inode(struct inode *inode) -+static int isofs_read_inode(struct inode *inode, int relocated) - { - struct super_block *sb = inode->i_sb; - struct isofs_sb_info *sbi = ISOFS_SB(sb); -@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode) - */ - - if (!high_sierra) { -- parse_rock_ridge_inode(de, inode); -+ parse_rock_ridge_inode(de, inode, relocated); - /* if we want uid/gid set, override the rock ridge setting */ - if (sbi->s_uid_set) - inode->i_uid = sbi->s_uid; -@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data) - * offset that point to the underlying meta-data for the inode. The - * code below is otherwise similar to the iget() code in - * include/linux/fs.h */ --struct inode *isofs_iget(struct super_block *sb, -- unsigned long block, -- unsigned long offset) -+struct inode *__isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset, -+ int relocated) - { - unsigned long hashval; - struct inode *inode; -@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb, - return ERR_PTR(-ENOMEM); - - if (inode->i_state & I_NEW) { -- ret = isofs_read_inode(inode); -+ ret = isofs_read_inode(inode, relocated); - if (ret < 0) { - iget_failed(inode); - inode = ERR_PTR(ret); -diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h -index 9916723..0ac4c1f 100644 ---- a/fs/isofs/isofs.h -+++ b/fs/isofs/isofs.h -@@ -107,7 +107,7 @@ extern int iso_date(char *, int); - - struct inode; /* To make gcc happy */ - --extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *); -+extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated); - extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *); - extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *); - -@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int - extern struct buffer_head *isofs_bread(struct inode *, sector_t); - extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long); - --extern struct inode *isofs_iget(struct super_block *sb, -- unsigned long block, -- unsigned long offset); -+struct inode *__isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset, -+ int relocated); -+ -+static inline struct inode *isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset) -+{ -+ return __isofs_iget(sb, block, offset, 0); -+} -+ -+static inline struct inode *isofs_iget_reloc(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset) -+{ -+ return __isofs_iget(sb, block, offset, 1); -+} - - /* Because the inode number is no longer relevant to finding the - * underlying meta-data for an inode, we are free to choose a more -diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c -index c0bf424..f488bba 100644 ---- a/fs/isofs/rock.c -+++ b/fs/isofs/rock.c -@@ -288,12 +288,16 @@ eio: - goto out; - } - -+#define RR_REGARD_XA 1 -+#define RR_RELOC_DE 2 -+ - static int - parse_rock_ridge_inode_internal(struct iso_directory_record *de, -- struct inode *inode, int regard_xa) -+ struct inode *inode, int flags) - { - int symlink_len = 0; - int cnt, sig; -+ unsigned int reloc_block; - struct inode *reloc; - struct rock_ridge *rr; - int rootflag; -@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de, - - init_rock_state(&rs, inode); - setup_rock_ridge(de, inode, &rs); -- if (regard_xa) { -+ if (flags & RR_REGARD_XA) { - rs.chr += 14; - rs.len -= 14; - if (rs.len < 0) -@@ -485,12 +489,22 @@ repeat: - "relocated directory\n"); - goto out; - case SIG('C', 'L'): -- ISOFS_I(inode)->i_first_extent = -- isonum_733(rr->u.CL.location); -- reloc = -- isofs_iget(inode->i_sb, -- ISOFS_I(inode)->i_first_extent, -- 0); -+ if (flags & RR_RELOC_DE) { -+ printk(KERN_ERR -+ "ISOFS: Recursive directory relocation " -+ "is not supported\n"); -+ goto eio; -+ } -+ reloc_block = isonum_733(rr->u.CL.location); -+ if (reloc_block == ISOFS_I(inode)->i_iget5_block && -+ ISOFS_I(inode)->i_iget5_offset == 0) { -+ printk(KERN_ERR -+ "ISOFS: Directory relocation points to " -+ "itself\n"); -+ goto eio; -+ } -+ ISOFS_I(inode)->i_first_extent = reloc_block; -+ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0); - if (IS_ERR(reloc)) { - ret = PTR_ERR(reloc); - goto out; -@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) - return rpnt; - } - --int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) -+int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode, -+ int relocated) - { -- int result = parse_rock_ridge_inode_internal(de, inode, 0); -+ int flags = relocated ? RR_RELOC_DE : 0; -+ int result = parse_rock_ridge_inode_internal(de, inode, flags); - - /* - * if rockridge flag was reset and we didn't look for attributes -@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) - */ - if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1) - && (ISOFS_SB(inode->i_sb)->s_rock == 2)) { -- result = parse_rock_ridge_inode_internal(de, inode, 14); -+ result = parse_rock_ridge_inode_internal(de, inode, -+ flags | RR_REGARD_XA); - } - return result; - } diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index 4a6cf28..d3a29d3 100644 --- a/fs/jffs2/erase.c @@ -63032,19 +63263,6 @@ index 15f9d98..082c625 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) -diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c -index 8f854dd..d0fec26 100644 ---- a/fs/nfs/nfs3acl.c -+++ b/fs/nfs/nfs3acl.c -@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data, - char *p = data + *result; - - acl = get_acl(inode, type); -- if (!acl) -+ if (IS_ERR_OR_NULL(acl)) - return 0; - - posix_acl_release(acl); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index f23a6ca..730ddcc 100644 --- a/fs/nfsd/nfs4proc.c @@ -63072,7 +63290,7 @@ index 8657335..cd3e37f 100644 [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index f8f060f..c4ba09a 100644 +index f8f060f..d9a7258 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c @@ -519,14 +519,17 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) @@ -63096,6 +63314,15 @@ index f8f060f..c4ba09a 100644 /* Don't cache excessive amounts of data and XDR failures */ if (!statp || len > (256 >> 2)) { +@@ -537,7 +540,7 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) + switch (cachetype) { + case RC_REPLSTAT: + if (len != 1) +- printk("nfsd: RC_REPLSTAT/reply len %d!\n",len); ++ printk("nfsd: RC_REPLSTAT/reply len %ld!\n",len); + rp->c_replstat = *statp; + break; + case RC_REPLBUFF: diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index eea5ad1..5a84ac7 100644 --- a/fs/nfsd/vfs.c @@ -63128,7 +63355,7 @@ index eea5ad1..5a84ac7 100644 if (host_err < 0) diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c -index 52ccd34..43a53b1 100644 +index 52ccd34..7a6b202 100644 --- a/fs/nls/nls_base.c +++ b/fs/nls/nls_base.c @@ -234,21 +234,25 @@ EXPORT_SYMBOL(utf16s_to_utf8s); @@ -63180,6 +63407,24 @@ index 52ccd34..43a53b1 100644 spin_unlock(&nls_lock); return 0; } +@@ -272,7 +278,7 @@ int unregister_nls(struct nls_table * nls) + return -EINVAL; + } + +-static struct nls_table *find_nls(char *charset) ++static struct nls_table *find_nls(const char *charset) + { + struct nls_table *nls; + spin_lock(&nls_lock); +@@ -288,7 +294,7 @@ static struct nls_table *find_nls(char *charset) + return nls; + } + +-struct nls_table *load_nls(char *charset) ++struct nls_table *load_nls(const char *charset) + { + return try_then_request_module(find_nls(charset), "nls_%s", charset); + } diff --git a/fs/nls/nls_euc-jp.c b/fs/nls/nls_euc-jp.c index 162b3f1..6076a7c 100644 --- a/fs/nls/nls_euc-jp.c @@ -81948,7 +82193,7 @@ index 0000000..33f4af8 + +#endif diff --git a/include/linux/nls.h b/include/linux/nls.h -index 520681b..1d67ed2 100644 +index 520681b..2b7fabb 100644 --- a/include/linux/nls.h +++ b/include/linux/nls.h @@ -31,7 +31,7 @@ struct nls_table { @@ -81960,6 +82205,15 @@ index 520681b..1d67ed2 100644 /* this value hold the maximum octet of charset */ #define NLS_MAX_CHARSET_SIZE 6 /* for UTF-8 */ +@@ -46,7 +46,7 @@ enum utf16_endian { + /* nls_base.c */ + extern int __register_nls(struct nls_table *, struct module *); + extern int unregister_nls(struct nls_table *); +-extern struct nls_table *load_nls(char *); ++extern struct nls_table *load_nls(const char *); + extern void unload_nls(struct nls_table *); + extern struct nls_table *load_nls_default(void); + #define register_nls(nls) __register_nls((nls), THIS_MODULE) diff --git a/include/linux/notifier.h b/include/linux/notifier.h index d14a4c3..a078786 100644 --- a/include/linux/notifier.h @@ -84215,7 +84469,7 @@ index c55aeed..b3393f4 100644 /** inet_connection_sock - INET connection oriented sock * diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h -index 823ec7b..1af4453 100644 +index 823ec7b..44c938c 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h @@ -47,7 +47,7 @@ struct inet_peer { @@ -84223,7 +84477,7 @@ index 823ec7b..1af4453 100644 union { struct { - atomic_t rid; /* Frag reception counter */ -+ atomic_unchecked_t rid; /* Frag reception counter */ ++ atomic_unchecked_t rid; /* Frag reception counter */ }; struct rcu_head rcu; struct inet_peer *gc_next; @@ -90564,7 +90818,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 515e212..268a828 100644 +index 677ebad..e39b352 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -90615,7 +90869,7 @@ index 515e212..268a828 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4726,8 +4732,10 @@ void idle_task_exit(void) +@@ -4727,8 +4733,10 @@ void idle_task_exit(void) BUG_ON(cpu_online(smp_processor_id())); @@ -90627,7 +90881,7 @@ index 515e212..268a828 100644 mmdrop(mm); } -@@ -4805,7 +4813,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4806,7 +4814,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -90636,7 +90890,7 @@ index 515e212..268a828 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4822,17 +4830,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4823,17 +4831,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -90658,7 +90912,7 @@ index 515e212..268a828 100644 /* * In the intermediate directories, both the child directory and -@@ -4840,22 +4848,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4841,22 +4849,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -90690,7 +90944,7 @@ index 515e212..268a828 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4875,7 +4886,7 @@ set_table_entry(struct ctl_table *entry, +@@ -4876,7 +4887,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -90699,7 +90953,7 @@ index 515e212..268a828 100644 if (table == NULL) return NULL; -@@ -4910,9 +4921,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -4911,9 +4922,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -90711,7 +90965,7 @@ index 515e212..268a828 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -4939,11 +4950,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -4940,11 +4951,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -90726,7 +90980,7 @@ index 515e212..268a828 100644 if (entry == NULL) return; -@@ -4966,8 +4979,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -4967,8 +4980,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -91730,7 +91984,7 @@ index e3be87e..7480b36 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 0954450..0ed035c 100644 +index 0954450..1e3e687 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -91756,7 +92010,31 @@ index 0954450..0ed035c 100644 local_t dropped_events; local_t committing; local_t commits; -@@ -991,8 +991,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -626,8 +626,22 @@ int ring_buffer_poll_wait(struct ring_buffer *buffer, int cpu, + work = &cpu_buffer->irq_work; + } + +- work->waiters_pending = true; + poll_wait(filp, &work->waiters, poll_table); ++ work->waiters_pending = true; ++ /* ++ * There's a tight race between setting the waiters_pending and ++ * checking if the ring buffer is empty. Once the waiters_pending bit ++ * is set, the next event will wake the task up, but we can get stuck ++ * if there's only a single event in. ++ * ++ * FIXME: Ideally, we need a memory barrier on the writer side as well, ++ * but adding a memory barrier to all events will cause too much of a ++ * performance hit in the fast path. We only need a memory barrier when ++ * the buffer goes from empty to having content. But as this race is ++ * extremely small, and it's not a problem if another event comes in, we ++ * will fix it later. ++ */ ++ smp_mb(); + + if ((cpu == RING_BUFFER_ALL_CPUS && !ring_buffer_empty(buffer)) || + (cpu != RING_BUFFER_ALL_CPUS && !ring_buffer_empty_cpu(buffer, cpu))) +@@ -991,8 +1005,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -91767,7 +92045,7 @@ index 0954450..0ed035c 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -1020,8 +1020,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1020,8 +1034,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -91778,7 +92056,7 @@ index 0954450..0ed035c 100644 /* * No need to worry about races with clearing out the commit. -@@ -1385,12 +1385,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1385,12 +1399,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -91793,7 +92071,7 @@ index 0954450..0ed035c 100644 } static int -@@ -1485,7 +1485,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1485,7 +1499,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -91802,7 +92080,7 @@ index 0954450..0ed035c 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -2063,7 +2063,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2063,7 +2077,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -91811,7 +92089,7 @@ index 0954450..0ed035c 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2213,7 +2213,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2213,7 +2227,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -91820,7 +92098,7 @@ index 0954450..0ed035c 100644 return; } -@@ -2248,7 +2248,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2248,7 +2262,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -91829,7 +92107,7 @@ index 0954450..0ed035c 100644 return; } -@@ -2260,7 +2260,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2260,7 +2274,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -91838,7 +92116,7 @@ index 0954450..0ed035c 100644 } /* -@@ -2286,7 +2286,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2286,7 +2300,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -91847,7 +92125,7 @@ index 0954450..0ed035c 100644 goto out_reset; } -@@ -2342,7 +2342,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2342,7 +2356,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -91856,7 +92134,7 @@ index 0954450..0ed035c 100644 goto out_reset; } } -@@ -2390,7 +2390,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2390,7 +2404,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -91865,7 +92143,7 @@ index 0954450..0ed035c 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2414,7 +2414,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2414,7 +2428,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -91874,7 +92152,7 @@ index 0954450..0ed035c 100644 /* * If this is the first commit on the page, then update -@@ -2447,7 +2447,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2447,7 +2461,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -91883,7 +92161,7 @@ index 0954450..0ed035c 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2457,7 +2457,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2457,7 +2471,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -91892,7 +92170,7 @@ index 0954450..0ed035c 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2849,7 +2849,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2849,7 +2863,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -91901,7 +92179,7 @@ index 0954450..0ed035c 100644 return; } -@@ -2861,7 +2861,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2861,7 +2875,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -91910,7 +92188,7 @@ index 0954450..0ed035c 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -3145,7 +3145,7 @@ static inline unsigned long +@@ -3145,7 +3159,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -91919,7 +92197,7 @@ index 0954450..0ed035c 100644 } /** -@@ -3234,7 +3234,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3234,7 +3248,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -91928,7 +92206,7 @@ index 0954450..0ed035c 100644 return ret; } -@@ -3257,7 +3257,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3257,7 +3271,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -91937,7 +92215,7 @@ index 0954450..0ed035c 100644 return ret; } -@@ -3342,7 +3342,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3342,7 +3356,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -91946,7 +92224,7 @@ index 0954450..0ed035c 100644 } return overruns; -@@ -3518,8 +3518,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3518,8 +3532,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -91957,7 +92235,7 @@ index 0954450..0ed035c 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3553,7 +3553,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3553,7 +3567,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -91966,7 +92244,7 @@ index 0954450..0ed035c 100644 /* * Here's the tricky part. -@@ -4123,8 +4123,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4123,8 +4137,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -91977,7 +92255,7 @@ index 0954450..0ed035c 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4134,14 +4134,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4134,14 +4148,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -91996,7 +92274,7 @@ index 0954450..0ed035c 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4546,8 +4546,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4546,8 +4560,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -92305,6 +92583,19 @@ index 48140e3..de854e5 100644 obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o ifneq ($(CONFIG_HAVE_DEC_LOCK),y) +diff --git a/lib/assoc_array.c b/lib/assoc_array.c +index c0b1007..ae146f0 100644 +--- a/lib/assoc_array.c ++++ b/lib/assoc_array.c +@@ -1735,7 +1735,7 @@ ascend_old_tree: + gc_complete: + edit->set[0].to = new_root; + assoc_array_apply_edit(edit); +- edit->array->nr_leaves_on_tree = nr_leaves_on_tree; ++ array->nr_leaves_on_tree = nr_leaves_on_tree; + return 0; + + enomem: diff --git a/lib/average.c b/lib/average.c index 114d1be..ab0350c 100644 --- a/lib/average.c @@ -96236,6 +96527,19 @@ index a2a54a8..43ecb68 100644 EXPORT_SYMBOL_GPL(pcpu_base_addr); static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ +diff --git a/mm/pgtable-generic.c b/mm/pgtable-generic.c +index a8b9199..dfb79e0 100644 +--- a/mm/pgtable-generic.c ++++ b/mm/pgtable-generic.c +@@ -195,7 +195,7 @@ void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, + pmd_t entry = *pmdp; + if (pmd_numa(entry)) + entry = pmd_mknonnuma(entry); +- set_pmd_at(vma->vm_mm, address, pmdp, pmd_mknotpresent(*pmdp)); ++ set_pmd_at(vma->vm_mm, address, pmdp, pmd_mknotpresent(entry)); + flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE); + } + #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c index fd26d04..0cea1b0 100644 --- a/mm/process_vm_access.c @@ -97561,10 +97865,10 @@ index 4a7f7e6..22cddf5 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index a24aa22..a0d41ae 100644 +index c1010cb..91e1a36 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -297,6 +297,12 @@ done: +@@ -294,6 +294,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -100203,7 +100507,7 @@ index 11c8d81..d67116b 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index ca5a01e..1f6f4e2 100644 +index ca5a01e..8c5cdb4 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -234,7 +234,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -100233,7 +100537,7 @@ index ca5a01e..1f6f4e2 100644 } static const struct file_operations rt_acct_proc_fops = { -@@ -465,7 +465,7 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, +@@ -465,11 +465,11 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, #define IP_IDENTS_SZ 2048u struct ip_ident_bucket { @@ -100242,6 +100546,11 @@ index ca5a01e..1f6f4e2 100644 u32 stamp32; }; +-static struct ip_ident_bucket *ip_idents __read_mostly; ++static struct ip_ident_bucket ip_idents[IP_IDENTS_SZ] __read_mostly; + + /* In order to protect privacy, we add a perturbation to identifiers + * if one generator is seldom used. This makes hard for an attacker @@ -485,7 +485,7 @@ u32 ip_idents_reserve(u32 hash, int segs) if (old != now && cmpxchg(&bucket->stamp32, old, now) == old) delta = prandom_u32_max(now - old); @@ -100305,6 +100614,19 @@ index ca5a01e..1f6f4e2 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; +@@ -2725,11 +2725,7 @@ int __init ip_rt_init(void) + { + int rc = 0; + +- ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL); +- if (!ip_idents) +- panic("IP: failed to allocate ip_idents\n"); +- +- prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents)); ++ prandom_bytes(ip_idents, sizeof(ip_idents)); + + #ifdef CONFIG_IP_ROUTE_CLASSID + ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct)); diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 44eba05..b36864b 100644 --- a/net/ipv4/sysctl_net_ipv4.c @@ -100773,7 +101095,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 6c7fa08..8a31430 100644 +index 6c7fa08..7c5abd70 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -100828,7 +101150,21 @@ index 6c7fa08..8a31430 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4758,7 +4765,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4746,11 +4753,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) + + rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, + dev->ifindex, 1); +- if (rt) { +- dst_hold(&rt->dst); +- if (ip6_del_rt(rt)) +- dst_free(&rt->dst); +- } ++ if (rt && ip6_del_rt(rt)) ++ dst_free(&rt->dst); + } + dst_hold(&ifp->rt->dst); + +@@ -4758,7 +4762,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -100837,7 +101173,7 @@ index 6c7fa08..8a31430 100644 rt_genid_bump_ipv6(net); } -@@ -4779,7 +4786,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4779,7 +4783,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -100846,7 +101182,7 @@ index 6c7fa08..8a31430 100644 int ret; /* -@@ -4864,7 +4871,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4864,7 +4868,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101080,18 +101416,6 @@ index 767ab8d..c5ec70a 100644 err_alloc: return -ENOMEM; } -diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c -index 798eb0f..ab2f47d 100644 ---- a/net/ipv6/output_core.c -+++ b/net/ipv6/output_core.c -@@ -7,7 +7,6 @@ - #include <net/ip6_fib.h> - #include <net/addrconf.h> - -- - int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) - { - u16 offset = sizeof(struct ipv6hdr); diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c index bda7429..469b26b 100644 --- a/net/ipv6/ping.c @@ -103849,10 +104173,10 @@ index c1d124d..acfc59e 100644 goto err; return 0; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c -index 62e4f9b..dd3f2d7 100644 +index ed36cb5..c55d17f 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c -@@ -292,7 +292,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -293,7 +293,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_rq_cq, IB_CQ_NEXT_COMP); @@ -103861,7 +104185,7 @@ index 62e4f9b..dd3f2d7 100644 while ((ret = ib_poll_cq(xprt->sc_rq_cq, 1, &wc)) > 0) { ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id; -@@ -314,7 +314,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -315,7 +315,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -103870,7 +104194,7 @@ index 62e4f9b..dd3f2d7 100644 set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags); /* -@@ -386,7 +386,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -387,7 +387,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_sq_cq, IB_CQ_NEXT_COMP); @@ -103879,7 +104203,7 @@ index 62e4f9b..dd3f2d7 100644 while ((ret = ib_poll_cq(cq, 1, &wc)) > 0) { if (wc.status != IB_WC_SUCCESS) /* Close the transport */ -@@ -404,7 +404,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -405,7 +405,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -103888,7 +104212,7 @@ index 62e4f9b..dd3f2d7 100644 } static void sq_comp_handler(struct ib_cq *cq, void *cq_context) -@@ -1262,7 +1262,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) +@@ -1263,7 +1263,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) spin_lock_bh(&xprt->sc_lock); if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) { spin_unlock_bh(&xprt->sc_lock); diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index d0be256571..8549f8f62f 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -479,7 +479,10 @@ CONFIG_HZ=300 CONFIG_SCHED_HRTICK=y # CONFIG_CRASH_DUMP is not set CONFIG_PHYSICAL_START=0x1000000 -# CONFIG_RELOCATABLE is not set +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_BASE_MAX_OFFSET=0x40000000 +CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index ec7398ea36..cf26680281 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -471,7 +471,10 @@ CONFIG_HZ=300 CONFIG_SCHED_HRTICK=y # CONFIG_CRASH_DUMP is not set CONFIG_PHYSICAL_START=0x1000000 -# CONFIG_RELOCATABLE is not set +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_BASE_MAX_OFFSET=0x20000000 +CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set |