aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-08-26 15:19:19 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2013-08-26 15:19:19 +0200
commitd91d6ffd6303a0efe4d40b75470b6e3df264ff37 (patch)
tree22c544f6b9c38ca8b899f1737e827882d34bf9f8 /main/linux-grsec
parent149dfc5c791718770ba07783b345c62ec96eb9c3 (diff)
downloadaports-d91d6ffd6303a0efe4d40b75470b6e3df264ff37.tar.bz2
aports-d91d6ffd6303a0efe4d40b75470b6e3df264ff37.tar.xz
main/dahdi-linux-grsec: rebuild against kernel 3.10.9-r0
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD16
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.10.9-201308202015.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.10.7-201308171249.patch)1059
2 files changed, 405 insertions, 670 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 6bb238d2cf..e61309b237 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.10.7
+pkgver=3.10.9
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.10.7-201308171249.patch
+ grsecurity-2.9.1-3.10.9-201308202015.patch
0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
@@ -149,8 +149,8 @@ dev() {
}
md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz
-6b1b6b62044fcf3624f067154d5c1666 patch-3.10.7.xz
-e8a352c746da4aaf2e14a89da6896023 grsecurity-2.9.1-3.10.7-201308171249.patch
+868d7f5315f95da5e48ed56691a36263 patch-3.10.9.xz
+f41e229103719b010213ae403c1b7afa grsecurity-2.9.1-3.10.9-201308202015.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -160,8 +160,8 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p
1a111abaeb381bf47d9e979a85fba2ee kernelconfig.x86
1312267644d0c729bd7c7af979b29c8d kernelconfig.x86_64"
sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
-a92836d9ae477a7730c79d8ad521a2859ecdd8dea1ac0fa561fb5ce8517f5d1e patch-3.10.7.xz
-9424fb61b373fb3a84cdf0b82183ae4429158a8b582ef49a33af629557330e2a grsecurity-2.9.1-3.10.7-201308171249.patch
+851224c4719e362a8ae6785abd7a8e59aa7200ee82fffbea291003da47a64bf6 patch-3.10.9.xz
+a66590964d415c30643b25d50533c960b3dbd2f5c2e408d39f489b3b03ccefe6 grsecurity-2.9.1-3.10.9-201308202015.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -171,8 +171,8 @@ fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-
1ef74cf3703dd26201970a2d9f043fed7e03ad2540a20f810cec8add93f81ccd kernelconfig.x86
1c4b4a74d982fdc8d3baddcdaa674ae4b4a3390daba024fca55e85604af74507 kernelconfig.x86_64"
sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
-d34729cfca045f12077c44518171a5b933790b112f2576aa55ba7f6684567b04a6beea4da8a635dcc078a844f9cd47aa66ead1fd6d68b926fdc09ecb0ae34324 patch-3.10.7.xz
-1ddc7f9f28e5a8451a36b6cf800e173a59cbd2271aca772b24c568b77fa37997d0bd095e032ffb94d897a5e4d9ebc102e8eb69acb04a57f1938cd92fe98e306e grsecurity-2.9.1-3.10.7-201308171249.patch
+4e1ba00bd38ce248dc9bb160a4bba5800825c2ca8665134ffd56bbfffbfbe7a6acd58bae7fbb7a5490e22393c13a86c1a7937397710c27ca14bffb40ec0d809a patch-3.10.9.xz
+1deda71bdaa5ea1133b2d6bb5c7598d31fa98ac9252ce5eca631412e5cc2be45697bfa7e1ad87a36dfd1530540c21ed528227d7b3ef611624070c9b37faddc2a grsecurity-2.9.1-3.10.9-201308202015.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.10.7-201308171249.patch b/main/linux-grsec/grsecurity-2.9.1-3.10.9-201308202015.patch
index 9a72c3e12c..24d81a08cf 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.10.7-201308171249.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.10.9-201308202015.patch
@@ -281,7 +281,7 @@ index 2fe6e76..889ee23 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 33e36ab..31f1dc8 100644
+index 4b31d62..ac99d49 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -2144,33 +2144,6 @@ index f00b569..aa5bb41 100644
/*
* Change these and you break ASM code in entry-common.S
-diff --git a/arch/arm/include/asm/tlb.h b/arch/arm/include/asm/tlb.h
-index bdf2b84..aa9b4ac 100644
---- a/arch/arm/include/asm/tlb.h
-+++ b/arch/arm/include/asm/tlb.h
-@@ -43,6 +43,7 @@ struct mmu_gather {
- struct mm_struct *mm;
- unsigned int fullmm;
- struct vm_area_struct *vma;
-+ unsigned long start, end;
- unsigned long range_start;
- unsigned long range_end;
- unsigned int nr;
-@@ -107,10 +108,12 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb)
- }
-
- static inline void
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int fullmm)
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
- {
- tlb->mm = mm;
-- tlb->fullmm = fullmm;
-+ tlb->fullmm = !(start | (end+1));
-+ tlb->start = start;
-+ tlb->end = end;
- tlb->vma = NULL;
- tlb->max = ARRAY_SIZE(tlb->local);
- tlb->pages = tlb->local;
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
index 7e1f760..de33b13 100644
--- a/arch/arm/include/asm/uaccess.h
@@ -2889,33 +2862,18 @@ index 07314af..c46655c 100644
flush_icache_range((uintptr_t)(addr),
(uintptr_t)(addr) + size);
diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
-index d9f5cd4..e186ee1 100644
+index e19edc6..e186ee1 100644
--- a/arch/arm/kernel/perf_event.c
+++ b/arch/arm/kernel/perf_event.c
-@@ -53,7 +53,12 @@ armpmu_map_cache_event(const unsigned (*cache_map)
- static int
- armpmu_map_hw_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config)
- {
-- int mapping = (*event_map)[config];
-+ int mapping;
-+
-+ if (config >= PERF_COUNT_HW_MAX)
-+ return -EINVAL;
-+
-+ mapping = (*event_map)[config];
- return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping;
- }
+@@ -56,7 +56,7 @@ armpmu_map_hw_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config)
+ int mapping;
-@@ -253,6 +258,9 @@ validate_event(struct pmu_hw_events *hw_events,
- struct arm_pmu *armpmu = to_arm_pmu(event->pmu);
- struct pmu *leader_pmu = event->group_leader->pmu;
-
-+ if (is_software_event(event))
-+ return 1;
-+
- if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF)
- return 1;
+ if (config >= PERF_COUNT_HW_MAX)
+- return -ENOENT;
++ return -EINVAL;
+ mapping = (*event_map)[config];
+ return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping;
diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c
index 1f2740e..b36e225 100644
--- a/arch/arm/kernel/perf_event_cpu.c
@@ -2930,21 +2888,9 @@ index 1f2740e..b36e225 100644
};
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 5bc2615..4f1a0c2 100644
+index 5bc2615..dcd439f 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
-@@ -28,10 +28,10 @@
- #include <linux/tick.h>
- #include <linux/utsname.h>
- #include <linux/uaccess.h>
--#include <linux/random.h>
- #include <linux/hw_breakpoint.h>
- #include <linux/cpuidle.h>
- #include <linux/leds.h>
-+#include <linux/random.h>
-
- #include <asm/cacheflush.h>
- #include <asm/idmap.h>
@@ -223,6 +223,7 @@ void machine_power_off(void)
if (pm_power_off)
@@ -4543,33 +4489,6 @@ index ce6d763..cfea917 100644
extern void *samsung_dmadev_get_ops(void);
extern void *s3c_dma_get_ops(void);
-diff --git a/arch/arm64/include/asm/tlb.h b/arch/arm64/include/asm/tlb.h
-index 654f096..5546653 100644
---- a/arch/arm64/include/asm/tlb.h
-+++ b/arch/arm64/include/asm/tlb.h
-@@ -35,6 +35,7 @@ struct mmu_gather {
- struct mm_struct *mm;
- unsigned int fullmm;
- struct vm_area_struct *vma;
-+ unsigned long start, end;
- unsigned long range_start;
- unsigned long range_end;
- unsigned int nr;
-@@ -97,10 +98,12 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb)
- }
-
- static inline void
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int fullmm)
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
- {
- tlb->mm = mm;
-- tlb->fullmm = fullmm;
-+ tlb->fullmm = !(start | (end+1));
-+ tlb->start = start;
-+ tlb->end = end;
- tlb->vma = NULL;
- tlb->max = ARRAY_SIZE(tlb->local);
- tlb->pages = tlb->local;
diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c
index f4726dc..39ed646 100644
--- a/arch/arm64/kernel/debug-monitors.c
@@ -4979,45 +4898,6 @@ index 54ff557..70c88b7 100644
}
static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock)
-diff --git a/arch/ia64/include/asm/tlb.h b/arch/ia64/include/asm/tlb.h
-index ef3a9de..bc5efc7 100644
---- a/arch/ia64/include/asm/tlb.h
-+++ b/arch/ia64/include/asm/tlb.h
-@@ -22,7 +22,7 @@
- * unmapping a portion of the virtual address space, these hooks are called according to
- * the following template:
- *
-- * tlb <- tlb_gather_mmu(mm, full_mm_flush); // start unmap for address space MM
-+ * tlb <- tlb_gather_mmu(mm, start, end); // start unmap for address space MM
- * {
- * for each vma that needs a shootdown do {
- * tlb_start_vma(tlb, vma);
-@@ -58,6 +58,7 @@ struct mmu_gather {
- unsigned int max;
- unsigned char fullmm; /* non-zero means full mm flush */
- unsigned char need_flush; /* really unmapped some PTEs? */
-+ unsigned long start, end;
- unsigned long start_addr;
- unsigned long end_addr;
- struct page **pages;
-@@ -155,13 +156,15 @@ static inline void __tlb_alloc_page(struct mmu_gather *tlb)
-
-
- static inline void
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
- {
- tlb->mm = mm;
- tlb->max = ARRAY_SIZE(tlb->local);
- tlb->pages = tlb->local;
- tlb->nr = 0;
-- tlb->fullmm = full_mm_flush;
-+ tlb->fullmm = !(start | (end+1));
-+ tlb->start = start;
-+ tlb->end = end;
- tlb->start_addr = ~0UL;
- }
-
diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h
index 449c8c0..18965fb 100644
--- a/arch/ia64/include/asm/uaccess.h
@@ -7645,34 +7525,6 @@ index c4a93d6..4d2a9b4 100644
+#define arch_align_stack(x) ((x) & ~0xfUL)
#endif /* __ASM_EXEC_H */
-diff --git a/arch/s390/include/asm/tlb.h b/arch/s390/include/asm/tlb.h
-index b75d7d6..6d6d92b 100644
---- a/arch/s390/include/asm/tlb.h
-+++ b/arch/s390/include/asm/tlb.h
-@@ -32,6 +32,7 @@ struct mmu_gather {
- struct mm_struct *mm;
- struct mmu_table_batch *batch;
- unsigned int fullmm;
-+ unsigned long start, end;
- };
-
- struct mmu_table_batch {
-@@ -48,10 +49,13 @@ extern void tlb_remove_table(struct mmu_gather *tlb, void *table);
-
- static inline void tlb_gather_mmu(struct mmu_gather *tlb,
- struct mm_struct *mm,
-- unsigned int full_mm_flush)
-+ unsigned long start,
-+ unsigned long end)
- {
- tlb->mm = mm;
-- tlb->fullmm = full_mm_flush;
-+ tlb->start = start;
-+ tlb->end = end;
-+ tlb->fullmm = !(start | (end+1));
- tlb->batch = NULL;
- if (tlb->fullmm)
- __tlb_flush_mm(mm);
diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
index 9c33ed4..e40cbef 100644
--- a/arch/s390/include/asm/uaccess.h
@@ -7941,25 +7793,6 @@ index ef9e555..331bd29 100644
#define __read_mostly __attribute__((__section__(".data..read_mostly")))
-diff --git a/arch/sh/include/asm/tlb.h b/arch/sh/include/asm/tlb.h
-index e61d43d..362192e 100644
---- a/arch/sh/include/asm/tlb.h
-+++ b/arch/sh/include/asm/tlb.h
-@@ -36,10 +36,12 @@ static inline void init_tlb_gather(struct mmu_gather *tlb)
- }
-
- static inline void
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
- {
- tlb->mm = mm;
-- tlb->fullmm = full_mm_flush;
-+ tlb->start = start;
-+ tlb->end = end;
-+ tlb->fullmm = !(start | (end+1));
-
- init_tlb_gather(tlb);
- }
diff --git a/arch/sh/kernel/cpu/sh4a/smp-shx3.c b/arch/sh/kernel/cpu/sh4a/smp-shx3.c
index 03f2b55..b0270327 100644
--- a/arch/sh/kernel/cpu/sh4a/smp-shx3.c
@@ -10595,25 +10428,6 @@ index 0032f92..cd151e0 100644
#ifdef CONFIG_64BIT
#define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
-diff --git a/arch/um/include/asm/tlb.h b/arch/um/include/asm/tlb.h
-index 4febacd..29b0301 100644
---- a/arch/um/include/asm/tlb.h
-+++ b/arch/um/include/asm/tlb.h
-@@ -45,10 +45,12 @@ static inline void init_tlb_gather(struct mmu_gather *tlb)
- }
-
- static inline void
--tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
-+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
- {
- tlb->mm = mm;
-- tlb->fullmm = full_mm_flush;
-+ tlb->start = start;
-+ tlb->end = end;
-+ tlb->fullmm = !(start | (end+1));
-
- init_tlb_gather(tlb);
- }
diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
index bbcef52..6a2a483 100644
--- a/arch/um/kernel/process.c
@@ -15963,7 +15777,7 @@ index e642300..0ef8f31 100644
#define pgprot_writecombine pgprot_writecombine
extern pgprot_t pgprot_writecombine(pgprot_t prot);
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index 22224b3..c5d8d7d 100644
+index 22224b3..b3a2f90 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -198,9 +198,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
@@ -16006,7 +15820,39 @@ index 22224b3..c5d8d7d 100644
#endif
#ifdef CONFIG_X86_32
unsigned long ip;
-@@ -823,11 +836,18 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -552,29 +565,8 @@ static inline void load_sp0(struct tss_struct *tss,
+ extern unsigned long mmu_cr4_features;
+ extern u32 *trampoline_cr4_features;
+
+-static inline void set_in_cr4(unsigned long mask)
+-{
+- unsigned long cr4;
+-
+- mmu_cr4_features |= mask;
+- if (trampoline_cr4_features)
+- *trampoline_cr4_features = mmu_cr4_features;
+- cr4 = read_cr4();
+- cr4 |= mask;
+- write_cr4(cr4);
+-}
+-
+-static inline void clear_in_cr4(unsigned long mask)
+-{
+- unsigned long cr4;
+-
+- mmu_cr4_features &= ~mask;
+- if (trampoline_cr4_features)
+- *trampoline_cr4_features = mmu_cr4_features;
+- cr4 = read_cr4();
+- cr4 &= ~mask;
+- write_cr4(cr4);
+-}
++extern void set_in_cr4(unsigned long mask);
++extern void clear_in_cr4(unsigned long mask);
+
+ typedef struct {
+ unsigned long seg;
+@@ -823,11 +815,18 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define TASK_SIZE PAGE_OFFSET
#define TASK_SIZE_MAX TASK_SIZE
@@ -16027,7 +15873,7 @@ index 22224b3..c5d8d7d 100644
.vm86_info = NULL, \
.sysenter_cs = __KERNEL_CS, \
.io_bitmap_ptr = NULL, \
-@@ -841,7 +861,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -841,7 +840,7 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define INIT_TSS { \
.x86_tss = { \
@@ -16036,7 +15882,7 @@ index 22224b3..c5d8d7d 100644
.ss0 = __KERNEL_DS, \
.ss1 = __KERNEL_CS, \
.io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
-@@ -852,11 +872,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -852,11 +851,7 @@ static inline void spin_lock_prefetch(const void *x)
extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
@@ -16049,7 +15895,7 @@ index 22224b3..c5d8d7d 100644
/*
* The below -8 is to reserve 8 bytes on top of the ring0 stack.
-@@ -871,7 +887,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -871,7 +866,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define task_pt_regs(task) \
({ \
struct pt_regs *__regs__; \
@@ -16058,7 +15904,7 @@ index 22224b3..c5d8d7d 100644
__regs__ - 1; \
})
-@@ -881,13 +897,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -881,13 +876,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
/*
* User space process size. 47bits minus one guard page.
*/
@@ -16074,7 +15920,7 @@ index 22224b3..c5d8d7d 100644
#define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
-@@ -898,11 +914,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -898,11 +893,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define STACK_TOP_MAX TASK_SIZE_MAX
#define INIT_THREAD { \
@@ -16088,7 +15934,7 @@ index 22224b3..c5d8d7d 100644
}
/*
-@@ -930,6 +946,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
+@@ -930,6 +925,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
*/
#define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
@@ -16099,7 +15945,7 @@ index 22224b3..c5d8d7d 100644
#define KSTK_EIP(task) (task_pt_regs(task)->ip)
/* Get/set a process' ability to use the timestamp counter instruction */
-@@ -942,7 +962,8 @@ extern int set_tsc_mode(unsigned int val);
+@@ -942,7 +941,8 @@ extern int set_tsc_mode(unsigned int val);
extern u16 amd_get_nb_id(int cpu);
struct aperfmperf {
@@ -16109,7 +15955,7 @@ index 22224b3..c5d8d7d 100644
};
static inline void get_aperfmperf(struct aperfmperf *am)
-@@ -970,7 +991,7 @@ unsigned long calc_aperfmperf_ratio(struct aperfmperf *old,
+@@ -970,7 +970,7 @@ unsigned long calc_aperfmperf_ratio(struct aperfmperf *old,
return ratio;
}
@@ -16118,7 +15964,7 @@ index 22224b3..c5d8d7d 100644
extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
void default_idle(void);
-@@ -980,6 +1001,6 @@ bool xen_set_default_idle(void);
+@@ -980,6 +980,6 @@ bool xen_set_default_idle(void);
#define xen_set_default_idle 0
#endif
@@ -16960,31 +16806,31 @@ index a1df6e8..e002940 100644
#endif
#endif /* _ASM_X86_THREAD_INFO_H */
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
-index 50a7fc0..d00c622 100644
+index 50a7fc0..7c437a7 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
-@@ -17,18 +17,39 @@
+@@ -17,18 +17,40 @@
static inline void __native_flush_tlb(void)
{
-- native_write_cr3(native_read_cr3());
++ if (static_cpu_has(X86_FEATURE_INVPCID)) {
++ unsigned long descriptor[2];
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory");
++ return;
++ }
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
+ if (static_cpu_has(X86_FEATURE_PCID)) {
+ unsigned int cpu = raw_get_cpu();
+
-+ if (static_cpu_has(X86_FEATURE_INVPCID)) {
-+ unsigned long descriptor[2];
-+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory");
-+ } else {
-+ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
-+ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
-+ }
++ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
++ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
+ raw_put_cpu_no_resched();
-+ } else
++ return;
++ }
+#endif
+
-+ native_write_cr3(native_read_cr3());
+ native_write_cr3(native_read_cr3());
}
static inline void __native_flush_tlb_global_irq_disabled(void)
@@ -17010,41 +16856,49 @@ index 50a7fc0..d00c622 100644
}
static inline void __native_flush_tlb_global(void)
-@@ -49,7 +70,33 @@ static inline void __native_flush_tlb_global(void)
+@@ -49,6 +71,42 @@ static inline void __native_flush_tlb_global(void)
static inline void __native_flush_tlb_single(unsigned long addr)
{
-- asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
+
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+ if (static_cpu_has(X86_FEATURE_PCID) && addr < TASK_SIZE_MAX) {
-+ unsigned int cpu = raw_get_cpu();
++ if (static_cpu_has(X86_FEATURE_INVPCID)) {
++ unsigned long descriptor[2];
+
-+ if (static_cpu_has(X86_FEATURE_INVPCID)) {
-+ unsigned long descriptor[2];
-+ descriptor[0] = PCID_USER;
-+ descriptor[1] = addr;
++ descriptor[0] = PCID_KERNEL;
++ descriptor[1] = addr;
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) {
++ if (addr < TASK_SIZE_MAX)
++ descriptor[1] += pax_user_shadow_base;
+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
-+ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) {
-+ descriptor[0] = PCID_KERNEL;
-+ descriptor[1] = addr + pax_user_shadow_base;
-+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
-+ }
-+ } else {
-+ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
-+ asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
-+ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
-+ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF))
-+ asm volatile("invlpg (%0)" ::"r" (addr + pax_user_shadow_base) : "memory");
+ }
-+ raw_put_cpu_no_resched();
-+ } else
++
++ descriptor[0] = PCID_USER;
++ descriptor[1] = addr;
+#endif
+
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
++ return;
++ }
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCID)) {
++ unsigned int cpu = raw_get_cpu();
++
++ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
+ asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
++ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
++ raw_put_cpu_no_resched();
++
++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) && addr < TASK_SIZE_MAX)
++ addr += pax_user_shadow_base;
++ }
++#endif
++
+ asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
}
- static inline void __flush_tlb_all(void)
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 5ee2687..74590b9 100644
--- a/arch/x86/include/asm/uaccess.h
@@ -18604,7 +18458,7 @@ index 5013a48..0782c53 100644
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 22018f7..a5883af 100644
+index 22018f7..df77e23 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
@@ -18668,48 +18522,65 @@ index 22018f7..a5883af 100644
static int __init x86_xsave_setup(char *s)
{
setup_clear_cpu_cap(X86_FEATURE_XSAVE);
-@@ -288,6 +234,40 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+@@ -288,6 +234,57 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
set_in_cr4(X86_CR4_SMAP);
}
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#ifdef CONFIG_X86_64
+static __init int setup_disable_pcid(char *arg)
+{
+ setup_clear_cpu_cap(X86_FEATURE_PCID);
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if (clone_pgd_mask != ~(pgdval_t)0UL)
+ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
++#endif
++
+ return 1;
+}
+__setup("nopcid", setup_disable_pcid);
+
+static void setup_pcid(struct cpuinfo_x86 *c)
+{
-+ if (cpu_has(c, X86_FEATURE_PCID))
-+ printk("PAX: PCID detected\n");
++ if (!cpu_has(c, X86_FEATURE_PCID)) {
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ if (clone_pgd_mask != ~(pgdval_t)0UL) {
++ pax_open_kernel();
++ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
++ pax_close_kernel();
++ printk("PAX: slow and weak UDEREF enabled\n");
++ } else
++ printk("PAX: UDEREF disabled\n");
++#endif
++
++ return;
++ }
++
++ printk("PAX: PCID detected\n");
++ set_in_cr4(X86_CR4_PCIDE);
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ pax_open_kernel();
++ clone_pgd_mask = ~(pgdval_t)0UL;
++ pax_close_kernel();
++ if (pax_user_shadow_base)
++ printk("PAX: weak UDEREF enabled\n");
++ else {
++ set_cpu_cap(c, X86_FEATURE_STRONGUDEREF);
++ printk("PAX: strong UDEREF enabled\n");
++ }
++#endif
+
+ if (cpu_has(c, X86_FEATURE_INVPCID))
+ printk("PAX: INVPCID detected\n");
-+
-+ if (cpu_has(c, X86_FEATURE_PCID)) {
-+ set_in_cr4(X86_CR4_PCIDE);
-+ clone_pgd_mask = ~(pgdval_t)0UL;
-+ if (pax_user_shadow_base)
-+ printk("PAX: weak UDEREF enabled\n");
-+ else {
-+ set_cpu_cap(c, X86_FEATURE_STRONGUDEREF);
-+ printk("PAX: strong UDEREF enabled\n");
-+ }
-+ } else if (pax_user_shadow_base)
-+ printk("PAX: slow and weak UDEREF enabled\n");
-+ else
-+ printk("PAX: UDEREF disabled\n");
+}
+#endif
+
/*
* Some CPU features depend on higher CPUID levels, which may not always
* be available due to CPUID level capping or broken virtualization
-@@ -386,7 +366,7 @@ void switch_to_new_gdt(int cpu)
+@@ -386,7 +383,7 @@ void switch_to_new_gdt(int cpu)
{
struct desc_ptr gdt_descr;
@@ -18718,18 +18589,18 @@ index 22018f7..a5883af 100644
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
/* Reload the per-cpu base */
-@@ -874,6 +854,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -874,6 +871,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
setup_smep(c);
setup_smap(c);
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#ifdef CONFIG_X86_64
+ setup_pcid(c);
+#endif
+
/*
* The vendor-specific functions might have changed features.
* Now we do "generic changes."
-@@ -882,6 +866,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -882,6 +883,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
/* Filter out anything that depends on CPUID levels we don't have */
filter_cpuid_features(c, true);
@@ -18740,7 +18611,7 @@ index 22018f7..a5883af 100644
/* If the model name is still unset, do table lookup. */
if (!c->x86_model_id[0]) {
const char *p;
-@@ -1069,10 +1057,12 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1069,10 +1074,12 @@ static __init int setup_disablecpuid(char *arg)
}
__setup("clearcpuid=", setup_disablecpuid);
@@ -18755,7 +18626,7 @@ index 22018f7..a5883af 100644
DEFINE_PER_CPU_FIRST(union irq_stack_union,
irq_stack_union) __aligned(PAGE_SIZE);
-@@ -1086,7 +1076,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
+@@ -1086,7 +1093,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
EXPORT_PER_CPU_SYMBOL(current_task);
DEFINE_PER_CPU(unsigned long, kernel_stack) =
@@ -18764,7 +18635,7 @@ index 22018f7..a5883af 100644
EXPORT_PER_CPU_SYMBOL(kernel_stack);
DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1231,7 +1221,7 @@ void __cpuinit cpu_init(void)
+@@ -1231,7 +1238,7 @@ void __cpuinit cpu_init(void)
load_ucode_ap();
cpu = stack_smp_processor_id();
@@ -18773,7 +18644,7 @@ index 22018f7..a5883af 100644
oist = &per_cpu(orig_ist, cpu);
#ifdef CONFIG_NUMA
-@@ -1257,7 +1247,7 @@ void __cpuinit cpu_init(void)
+@@ -1257,7 +1264,7 @@ void __cpuinit cpu_init(void)
switch_to_new_gdt(cpu);
loadsegment(fs, 0);
@@ -18782,7 +18653,7 @@ index 22018f7..a5883af 100644
memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
syscall_init();
-@@ -1266,7 +1256,6 @@ void __cpuinit cpu_init(void)
+@@ -1266,7 +1273,6 @@ void __cpuinit cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
@@ -18790,7 +18661,7 @@ index 22018f7..a5883af 100644
enable_x2apic();
/*
-@@ -1318,7 +1307,7 @@ void __cpuinit cpu_init(void)
+@@ -1318,7 +1324,7 @@ void __cpuinit cpu_init(void)
{
int cpu = smp_processor_id();
struct task_struct *curr = current;
@@ -19193,7 +19064,7 @@ index a9e2207..d70c83a 100644
intel_ds_init();
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-index 52441a2..f94fae8 100644
+index 8aac56b..588fb13 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
@@ -3093,7 +3093,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
@@ -20461,7 +20332,7 @@ index 8f3e2de..6b71e39 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 7272089..833fdf8 100644
+index 7272089..0b74104 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -20548,7 +20419,7 @@ index 7272089..833fdf8 100644
#endif
-@@ -284,6 +293,427 @@ ENTRY(native_usergs_sysret64)
+@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -20738,10 +20609,11 @@ index 7272089..833fdf8 100644
+ .popsection
+ GET_CR3_INTO_RDI
+ cmp $1,%dil
-+ jnz 3f
++ jnz 4f
+ sub $4097,%rdi
+ bts $63,%rdi
-+ jmp 2f
++ SET_RDI_INTO_CR3
++ jmp 3f
+111:
+
+ GET_CR3_INTO_RDI
@@ -20772,13 +20644,15 @@ index 7272089..833fdf8 100644
+ i = i + 1
+ .endr
+
++2: SET_RDI_INTO_CR3
++
+#ifdef CONFIG_PAX_KERNEXEC
+ GET_CR0_INTO_RDI
+ bts $16,%rdi
+ SET_RDI_INTO_CR0
+#endif
+
-+2: SET_RDI_INTO_CR3
++3:
+
+#ifdef CONFIG_PARAVIRT
+ PV_RESTORE_REGS(CLBR_RDI)
@@ -20788,7 +20662,7 @@ index 7272089..833fdf8 100644
+ popq %rdi
+ pax_force_retaddr
+ retq
-+3: ud2
++4: ud2
+ENDPROC(pax_enter_kernel_user)
+
+ENTRY(pax_exit_kernel_user)
@@ -20814,14 +20688,22 @@ index 7272089..833fdf8 100644
+ SET_RDI_INTO_CR3
+ jmp 2f
+1:
++
+ mov %rdi,%rbx
++
++#ifdef CONFIG_PAX_KERNEXEC
++ GET_CR0_INTO_RDI
++ btr $16,%rdi
++ jnc 3f
++ SET_RDI_INTO_CR0
++#endif
++
+ add $__START_KERNEL_map,%rbx
+ sub phys_base(%rip),%rbx
+
+#ifdef CONFIG_PARAVIRT
+ cmpl $0, pv_info+PARAVIRT_enabled
+ jz 1f
-+ pushq %rdi
+ i = 0
+ .rept USER_PGD_PTRS
+ mov i*8(%rbx),%rsi
@@ -20830,18 +20712,10 @@ index 7272089..833fdf8 100644
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
+ i = i + 1
+ .endr
-+ popq %rdi
+ jmp 2f
+1:
+#endif
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ GET_CR0_INTO_RDI
-+ btr $16,%rdi
-+ jnc 3f
-+ SET_RDI_INTO_CR0
-+#endif
-+
+ i = 0
+ .rept USER_PGD_PTRS
+ movb $0x67,i*8(%rbx)
@@ -20976,7 +20850,7 @@ index 7272089..833fdf8 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -375,8 +805,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -375,8 +808,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
@@ -20987,7 +20861,7 @@ index 7272089..833fdf8 100644
.endm
/*
-@@ -463,7 +893,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -463,7 +896,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -20996,7 +20870,7 @@ index 7272089..833fdf8 100644
je 1f
SWAPGS
/*
-@@ -498,9 +928,10 @@ ENTRY(save_rest)
+@@ -498,9 +931,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
@@ -21008,7 +20882,7 @@ index 7272089..833fdf8 100644
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -529,9 +960,10 @@ ENTRY(save_paranoid)
+@@ -529,9 +963,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -21021,7 +20895,7 @@ index 7272089..833fdf8 100644
.popsection
/*
-@@ -553,7 +985,7 @@ ENTRY(ret_from_fork)
+@@ -553,7 +988,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -21030,7 +20904,7 @@ index 7272089..833fdf8 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -571,7 +1003,7 @@ ENTRY(ret_from_fork)
+@@ -571,7 +1006,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -21039,7 +20913,7 @@ index 7272089..833fdf8 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -608,7 +1040,7 @@ END(ret_from_fork)
+@@ -608,7 +1043,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -21048,7 +20922,7 @@ index 7272089..833fdf8 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -621,16 +1053,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -621,16 +1056,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -21074,7 +20948,7 @@ index 7272089..833fdf8 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -640,7 +1079,7 @@ system_call_fastpath:
+@@ -640,7 +1082,7 @@ system_call_fastpath:
cmpl $__NR_syscall_max,%eax
#endif
ja badsys
@@ -21083,7 +20957,7 @@ index 7272089..833fdf8 100644
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -654,10 +1093,13 @@ sysret_check:
+@@ -654,10 +1096,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -21098,7 +20972,7 @@ index 7272089..833fdf8 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -709,14 +1151,18 @@ badsys:
+@@ -709,14 +1154,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
@@ -21118,7 +20992,7 @@ index 7272089..833fdf8 100644
jmp system_call_fastpath
/*
-@@ -737,7 +1183,7 @@ sysret_audit:
+@@ -737,7 +1186,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -21127,7 +21001,7 @@ index 7272089..833fdf8 100644
jz auditsys
#endif
SAVE_REST
-@@ -745,12 +1191,16 @@ tracesys:
+@@ -745,12 +1194,16 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -21144,7 +21018,7 @@ index 7272089..833fdf8 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -759,7 +1209,7 @@ tracesys:
+@@ -759,7 +1212,7 @@ tracesys:
cmpl $__NR_syscall_max,%eax
#endif
ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */
@@ -21153,7 +21027,7 @@ index 7272089..833fdf8 100644
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -780,7 +1230,9 @@ GLOBAL(int_with_check)
+@@ -780,7 +1233,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -21164,7 +21038,7 @@ index 7272089..833fdf8 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -826,7 +1278,7 @@ int_restore_rest:
+@@ -826,7 +1281,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -21173,7 +21047,7 @@ index 7272089..833fdf8 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -839,9 +1291,10 @@ ENTRY(stub_\func)
+@@ -839,9 +1294,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -21185,7 +21059,7 @@ index 7272089..833fdf8 100644
.endm
.macro FIXED_FRAME label,func
-@@ -851,9 +1304,10 @@ ENTRY(\label)
+@@ -851,9 +1307,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -21197,7 +21071,7 @@ index 7272089..833fdf8 100644
.endm
FORK_LIKE clone
-@@ -870,9 +1324,10 @@ ENTRY(ptregscall_common)
+@@ -870,9 +1327,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
@@ -21209,7 +21083,7 @@ index 7272089..833fdf8 100644
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -885,7 +1340,7 @@ ENTRY(stub_execve)
+@@ -885,7 +1343,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -21218,7 +21092,7 @@ index 7272089..833fdf8 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -902,7 +1357,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -902,7 +1360,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -21227,7 +21101,7 @@ index 7272089..833fdf8 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -916,7 +1371,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -916,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -21236,7 +21110,7 @@ index 7272089..833fdf8 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -930,7 +1385,7 @@ ENTRY(stub_x32_execve)
+@@ -930,7 +1388,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -21245,7 +21119,7 @@ index 7272089..833fdf8 100644
#endif
-@@ -967,7 +1422,7 @@ vector=vector+1
+@@ -967,7 +1425,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -21254,7 +21128,7 @@ index 7272089..833fdf8 100644
.previous
END(interrupt)
-@@ -987,6 +1442,16 @@ END(interrupt)
+@@ -987,6 +1445,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
@@ -21271,7 +21145,7 @@ index 7272089..833fdf8 100644
call \func
.endm
-@@ -1019,7 +1484,7 @@ ret_from_intr:
+@@ -1019,7 +1487,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -21280,7 +21154,7 @@ index 7272089..833fdf8 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1041,12 +1506,16 @@ retint_swapgs: /* return to user-space */
+@@ -1041,12 +1509,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -21297,7 +21171,7 @@ index 7272089..833fdf8 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1129,7 +1598,7 @@ ENTRY(retint_kernel)
+@@ -1129,7 +1601,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -21306,7 +21180,7 @@ index 7272089..833fdf8 100644
/*
* End of kprobes section
*/
-@@ -1147,7 +1616,7 @@ ENTRY(\sym)
+@@ -1147,7 +1619,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -21315,7 +21189,7 @@ index 7272089..833fdf8 100644
.endm
#ifdef CONFIG_SMP
-@@ -1208,12 +1677,22 @@ ENTRY(\sym)
+@@ -1208,12 +1680,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -21339,7 +21213,7 @@ index 7272089..833fdf8 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1226,15 +1705,25 @@ ENTRY(\sym)
+@@ -1226,15 +1708,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -21367,7 +21241,7 @@ index 7272089..833fdf8 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1245,14 +1734,30 @@ ENTRY(\sym)
+@@ -1245,14 +1737,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF_DEBUG
@@ -21399,7 +21273,7 @@ index 7272089..833fdf8 100644
.endm
.macro errorentry sym do_sym
-@@ -1264,13 +1769,23 @@ ENTRY(\sym)
+@@ -1264,13 +1772,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -21424,7 +21298,7 @@ index 7272089..833fdf8 100644
.endm
/* error code is on the stack already */
-@@ -1284,13 +1799,23 @@ ENTRY(\sym)
+@@ -1284,13 +1802,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -21449,7 +21323,7 @@ index 7272089..833fdf8 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1320,9 +1845,10 @@ gs_change:
+@@ -1320,9 +1848,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -21461,7 +21335,7 @@ index 7272089..833fdf8 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1350,9 +1876,10 @@ ENTRY(call_softirq)
+@@ -1350,9 +1879,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -21473,7 +21347,7 @@ index 7272089..833fdf8 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1390,7 +1917,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1390,7 +1920,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -21482,7 +21356,7 @@ index 7272089..833fdf8 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1449,7 +1976,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1449,7 +1979,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -21491,7 +21365,7 @@ index 7272089..833fdf8 100644
apicinterrupt HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1501,18 +2028,33 @@ ENTRY(paranoid_exit)
+@@ -1501,18 +2031,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -21527,7 +21401,7 @@ index 7272089..833fdf8 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1541,7 +2083,7 @@ paranoid_schedule:
+@@ -1541,7 +2086,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -21536,7 +21410,7 @@ index 7272089..833fdf8 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1568,12 +2110,13 @@ ENTRY(error_entry)
+@@ -1568,12 +2113,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -21551,7 +21425,7 @@ index 7272089..833fdf8 100644
ret
/*
-@@ -1600,7 +2143,7 @@ bstep_iret:
+@@ -1600,7 +2146,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -21560,7 +21434,7 @@ index 7272089..833fdf8 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1611,7 +2154,7 @@ ENTRY(error_exit)
+@@ -1611,7 +2157,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -21569,7 +21443,7 @@ index 7272089..833fdf8 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1620,7 +2163,7 @@ ENTRY(error_exit)
+@@ -1620,7 +2166,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -21578,7 +21452,7 @@ index 7272089..833fdf8 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1678,9 +2221,11 @@ ENTRY(nmi)
+@@ -1678,9 +2224,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -21591,7 +21465,7 @@ index 7272089..833fdf8 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1714,8 +2259,7 @@ nested_nmi:
+@@ -1714,8 +2262,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -21601,7 +21475,7 @@ index 7272089..833fdf8 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1733,6 +2277,7 @@ nested_nmi_out:
+@@ -1733,6 +2280,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -21609,7 +21483,7 @@ index 7272089..833fdf8 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1849,6 +2394,8 @@ end_repeat_nmi:
+@@ -1849,6 +2397,8 @@ end_repeat_nmi:
*/
movq %cr2, %r12
@@ -21618,7 +21492,7 @@ index 7272089..833fdf8 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1861,26 +2408,31 @@ end_repeat_nmi:
+@@ -1861,26 +2411,31 @@ end_repeat_nmi:
movq %r12, %cr2
1:
@@ -22473,7 +22347,7 @@ index a836860..1b5c665 100644
- .skip PAGE_SIZE
+ .fill 512,8,0
diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
-index 0fa6912..37fce70 100644
+index 0fa6912..b37438b 100644
--- a/arch/x86/kernel/i386_ksyms_32.c
+++ b/arch/x86/kernel/i386_ksyms_32.c
@@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void);
@@ -22489,7 +22363,7 @@ index 0fa6912..37fce70 100644
EXPORT_SYMBOL(__get_user_1);
EXPORT_SYMBOL(__get_user_2);
-@@ -37,3 +41,7 @@ EXPORT_SYMBOL(strstr);
+@@ -37,3 +41,11 @@ EXPORT_SYMBOL(strstr);
EXPORT_SYMBOL(csum_partial);
EXPORT_SYMBOL(empty_zero_page);
@@ -22497,6 +22371,10 @@ index 0fa6912..37fce70 100644
+#ifdef CONFIG_PAX_KERNEXEC
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
++
++#ifdef CONFIG_PAX_PER_CPU_PGD
++EXPORT_SYMBOL(cpu_pgd);
++#endif
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
index f7ea30d..6318acc 100644
--- a/arch/x86/kernel/i387.c
@@ -24248,7 +24126,7 @@ index f2bb9c9..bed145d7 100644
1:
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 56f7fcf..3b88ad1 100644
+index 56f7fcf..2cfe4f1 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -110,6 +110,7 @@
@@ -24259,7 +24137,7 @@ index 56f7fcf..3b88ad1 100644
/*
* max_low_pfn_mapped: highest direct mapped pfn under 4GB
-@@ -205,10 +206,12 @@ EXPORT_SYMBOL(boot_cpu_data);
+@@ -205,12 +206,50 @@ EXPORT_SYMBOL(boot_cpu_data);
#endif
@@ -24274,8 +24152,46 @@ index 56f7fcf..3b88ad1 100644
+unsigned long mmu_cr4_features __read_only;
#endif
++void set_in_cr4(unsigned long mask)
++{
++ unsigned long cr4 = read_cr4();
++
++ if ((cr4 & mask) == mask && cr4 == mmu_cr4_features)
++ return;
++
++ pax_open_kernel();
++ mmu_cr4_features |= mask;
++ pax_close_kernel();
++
++ if (trampoline_cr4_features)
++ *trampoline_cr4_features = mmu_cr4_features;
++ cr4 |= mask;
++ write_cr4(cr4);
++}
++EXPORT_SYMBOL(set_in_cr4);
++
++void clear_in_cr4(unsigned long mask)
++{
++ unsigned long cr4 = read_cr4();
++
++ if (!(cr4 & mask) && cr4 == mmu_cr4_features)
++ return;
++
++ pax_open_kernel();
++ mmu_cr4_features &= ~mask;
++ pax_close_kernel();
++
++ if (trampoline_cr4_features)
++ *trampoline_cr4_features = mmu_cr4_features;
++ cr4 &= ~mask;
++ write_cr4(cr4);
++}
++EXPORT_SYMBOL(clear_in_cr4);
++
/* Boot loader ID and version as integers, for the benefit of proc_dointvec */
-@@ -444,7 +447,7 @@ static void __init parse_setup_data(void)
+ int bootloader_type, bootloader_version;
+
+@@ -444,7 +483,7 @@ static void __init parse_setup_data(void)
switch (data->type) {
case SETUP_E820_EXT:
@@ -24284,7 +24200,7 @@ index 56f7fcf..3b88ad1 100644
break;
case SETUP_DTB:
add_dtb(pa_data);
-@@ -771,7 +774,7 @@ static void __init trim_bios_range(void)
+@@ -771,7 +810,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
*/
@@ -24293,7 +24209,7 @@ index 56f7fcf..3b88ad1 100644
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
}
-@@ -779,7 +782,7 @@ static void __init trim_bios_range(void)
+@@ -779,7 +818,7 @@ static void __init trim_bios_range(void)
/* called before trim_bios_range() to spare extra sanitize */
static void __init e820_add_kernel_range(void)
{
@@ -24302,7 +24218,7 @@ index 56f7fcf..3b88ad1 100644
u64 size = __pa_symbol(_end) - start;
/*
-@@ -841,8 +844,12 @@ static void __init trim_low_memory_range(void)
+@@ -841,8 +880,12 @@ static void __init trim_low_memory_range(void)
void __init setup_arch(char **cmdline_p)
{
@@ -24315,7 +24231,7 @@ index 56f7fcf..3b88ad1 100644
early_reserve_initrd();
-@@ -934,14 +941,14 @@ void __init setup_arch(char **cmdline_p)
+@@ -934,14 +977,14 @@ void __init setup_arch(char **cmdline_p)
if (!boot_params.hdr.root_flags)
root_mountflags &= ~MS_RDONLY;
@@ -24516,7 +24432,7 @@ index 48d2b7d..90d328a 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index bfd348e..f0c1bf2 100644
+index bfd348e..914f323 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -251,14 +251,18 @@ notrace static void __cpuinit start_secondary(void *unused)
@@ -24569,7 +24485,7 @@ index bfd348e..f0c1bf2 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -908,6 +915,18 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -908,6 +915,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
@@ -24582,9 +24498,6 @@ index bfd348e..f0c1bf2 100644
+ KERNEL_PGD_PTRS);
+#endif
+
-+ /* the FPU context is blank, nobody can own it */
-+ __cpu_disable_lazy_restore(cpu);
-+
err = do_boot_cpu(apicid, cpu, tidle);
if (err) {
pr_debug("do_boot_cpu failed %d\n", err);
@@ -24821,7 +24734,7 @@ index 0000000..5877189
+ return arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
+}
diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
-index dbded5a..ace2781 100644
+index 48f8375..ace2781 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -81,8 +81,8 @@ out:
@@ -24839,7 +24752,7 @@ index dbded5a..ace2781 100644
*begin = new_begin;
}
} else {
-- *begin = TASK_UNMAPPED_BASE;
+- *begin = mmap_legacy_base();
+ *begin = mm->mmap_base;
*end = TASK_SIZE;
}
@@ -25600,7 +25513,7 @@ index 9a907a6..f83f921 100644
(unsigned long)VSYSCALL_START);
diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c
-index b014d94..6d6ca7b 100644
+index b014d94..e775258 100644
--- a/arch/x86/kernel/x8664_ksyms_64.c
+++ b/arch/x86/kernel/x8664_ksyms_64.c
@@ -34,8 +34,6 @@ EXPORT_SYMBOL(copy_user_generic_string);
@@ -25612,6 +25525,14 @@ index b014d94..6d6ca7b 100644
EXPORT_SYMBOL(copy_page);
EXPORT_SYMBOL(clear_page);
+@@ -66,3 +64,7 @@ EXPORT_SYMBOL(empty_zero_page);
+ #ifndef CONFIG_PARAVIRT
+ EXPORT_SYMBOL(native_load_gs_index);
+ #endif
++
++#ifdef CONFIG_PAX_PER_CPU_PGD
++EXPORT_SYMBOL(cpu_pgd);
++#endif
diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
index 45a14db..075bb9b 100644
--- a/arch/x86/kernel/x86_init.c
@@ -30647,7 +30568,7 @@ index d87dd6d..bf3fa66 100644
pte = kmemcheck_pte_lookup(address);
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
-index 845df68..1d8d29f 100644
+index c1af323..4758dad 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void)
@@ -30687,8 +30608,8 @@ index 845df68..1d8d29f 100644
* Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
* does, but not when emulating X86_32
*/
--static unsigned long mmap_legacy_base(void)
-+static unsigned long mmap_legacy_base(struct mm_struct *mm)
+-unsigned long mmap_legacy_base(void)
++unsigned long mmap_legacy_base(struct mm_struct *mm)
{
- if (mmap_is_ia32())
+ if (mmap_is_ia32()) {
@@ -30705,7 +30626,7 @@ index 845df68..1d8d29f 100644
return TASK_UNMAPPED_BASE + mmap_rnd();
}
-@@ -113,11 +126,23 @@ static unsigned long mmap_legacy_base(void)
+@@ -113,11 +126,23 @@ unsigned long mmap_legacy_base(void)
void arch_pick_mmap_layout(struct mm_struct *mm)
{
if (mmap_is_legacy()) {
@@ -41951,19 +41872,6 @@ index f975696..4597e21 100644
#ifdef CONFIG_NET_POLL_CONTROLLER
/*
-diff --git a/drivers/net/can/usb/peak_usb/pcan_usb.c b/drivers/net/can/usb/peak_usb/pcan_usb.c
-index 25723d8..925ab8e 100644
---- a/drivers/net/can/usb/peak_usb/pcan_usb.c
-+++ b/drivers/net/can/usb/peak_usb/pcan_usb.c
-@@ -649,7 +649,7 @@ static int pcan_usb_decode_data(struct pcan_usb_msg_context *mc, u8 status_len)
- if ((mc->ptr + rec_len) > mc->end)
- goto decode_failed;
-
-- memcpy(cf->data, mc->ptr, rec_len);
-+ memcpy(cf->data, mc->ptr, cf->can_dlc);
- mc->ptr += rec_len;
- }
-
diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c
index e1d2643..7f4133b 100644
--- a/drivers/net/ethernet/8390/ax88796.c
@@ -45276,45 +45184,25 @@ index c699a30..b90a5fd 100644
pDevice->apdev->netdev_ops = &apdev_netdev_ops;
pDevice->apdev->type = ARPHRD_IEEE80211;
-diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c
-index d7e51e4..d07eaab 100644
---- a/drivers/staging/zcache/tmem.c
-+++ b/drivers/staging/zcache/tmem.c
-@@ -51,7 +51,7 @@
- * A tmem host implementation must use this function to register callbacks
- * for memory allocation.
- */
--static struct tmem_hostops tmem_hostops;
-+static tmem_hostops_no_const tmem_hostops;
-
- static void tmem_objnode_tree_init(void);
-
-@@ -65,7 +65,7 @@ void tmem_register_hostops(struct tmem_hostops *m)
- * A tmem host implementation must use this function to register
- * callbacks for a page-accessible memory (PAM) implementation.
- */
--static struct tmem_pamops tmem_pamops;
-+static tmem_pamops_no_const tmem_pamops;
-
- void tmem_register_pamops(struct tmem_pamops *m)
- {
diff --git a/drivers/staging/zcache/tmem.h b/drivers/staging/zcache/tmem.h
-index d128ce2..a43980c 100644
+index d128ce2..fc1f9a1 100644
--- a/drivers/staging/zcache/tmem.h
+++ b/drivers/staging/zcache/tmem.h
-@@ -226,6 +226,7 @@ struct tmem_pamops {
+@@ -225,7 +225,7 @@ struct tmem_pamops {
+ bool (*is_remote)(void *);
int (*replace_in_obj)(void *, struct tmem_obj *);
#endif
- };
-+typedef struct tmem_pamops __no_const tmem_pamops_no_const;
+-};
++} __no_const;
extern void tmem_register_pamops(struct tmem_pamops *m);
/* memory allocation methods provided by the host implementation */
-@@ -235,6 +236,7 @@ struct tmem_hostops {
+@@ -234,7 +234,7 @@ struct tmem_hostops {
+ void (*obj_free)(struct tmem_obj *, struct tmem_pool *);
struct tmem_objnode *(*objnode_alloc)(struct tmem_pool *);
void (*objnode_free)(struct tmem_objnode *, struct tmem_pool *);
- };
-+typedef struct tmem_hostops __no_const tmem_hostops_no_const;
+-};
++} __no_const;
extern void tmem_register_hostops(struct tmem_hostops *m);
/* core tmem accessor functions */
@@ -46983,7 +46871,7 @@ index d6bea3e..60b250e 100644
/**
diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c
-index 6ef94bc..1b41265 100644
+index 028fc83..65bb105 100644
--- a/drivers/usb/wusbcore/wa-xfer.c
+++ b/drivers/usb/wusbcore/wa-xfer.c
@@ -296,7 +296,7 @@ out:
@@ -51934,6 +51822,28 @@ index f02d82b..2632cf86 100644
int err;
u32 ftype;
struct ceph_mds_reply_info_parsed *rinfo;
+diff --git a/fs/ceph/super.c b/fs/ceph/super.c
+index 7d377c9..3fb6559 100644
+--- a/fs/ceph/super.c
++++ b/fs/ceph/super.c
+@@ -839,7 +839,7 @@ static int ceph_compare_super(struct super_block *sb, void *data)
+ /*
+ * construct our own bdi so we can control readahead, etc.
+ */
+-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0);
++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0);
+
+ static int ceph_register_bdi(struct super_block *sb,
+ struct ceph_fs_client *fsc)
+@@ -856,7 +856,7 @@ static int ceph_register_bdi(struct super_block *sb,
+ default_backing_dev_info.ra_pages;
+
+ err = bdi_register(&fsc->backing_dev_info, NULL, "ceph-%ld",
+- atomic_long_inc_return(&bdi_seq));
++ atomic_long_inc_return_unchecked(&bdi_seq));
+ if (!err)
+ sb->s_bdi = &fsc->backing_dev_info;
+ return err;
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
index d597483..747901b 100644
--- a/fs/cifs/cifs_debug.c
@@ -52823,7 +52733,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index ffd7a81..3c84660 100644
+index 1f44670..3c84660 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,8 +55,20 @@
@@ -53030,24 +52940,6 @@ index ffd7a81..3c84660 100644
/*
* cover the whole range: [new_start, old_end)
*/
-@@ -607,7 +653,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
- return -ENOMEM;
-
- lru_add_drain();
-- tlb_gather_mmu(&tlb, mm, 0);
-+ tlb_gather_mmu(&tlb, mm, old_start, old_end);
- if (new_end > old_start) {
- /*
- * when the old and new regions overlap clear from new_end.
-@@ -624,7 +670,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
- free_pgd_range(&tlb, old_start, old_end, new_end,
- vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING);
- }
-- tlb_finish_mmu(&tlb, new_end, old_end);
-+ tlb_finish_mmu(&tlb, old_start, old_end);
-
- /*
- * Shrink the vma to just the new range. Always succeeds.
@@ -672,10 +718,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
stack_top = arch_align_stack(stack_top);
stack_top = PAGE_ALIGN(stack_top);
@@ -58453,7 +58345,7 @@ index 6b6a993..807cccc 100644
kfree(s);
}
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 3e636d8..350cc48 100644
+index 65fc60a..350cc48 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -11,12 +11,19 @@
@@ -58620,34 +58512,6 @@ index 3e636d8..350cc48 100644
mss.resident >> 10,
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
mss.shared_clean >> 10,
-@@ -792,14 +843,14 @@ typedef struct {
- } pagemap_entry_t;
-
- struct pagemapread {
-- int pos, len;
-+ int pos, len; /* units: PM_ENTRY_BYTES, not bytes */
- pagemap_entry_t *buffer;
- };
-
- #define PAGEMAP_WALK_SIZE (PMD_SIZE)
- #define PAGEMAP_WALK_MASK (PMD_MASK)
-
--#define PM_ENTRY_BYTES sizeof(u64)
-+#define PM_ENTRY_BYTES sizeof(pagemap_entry_t)
- #define PM_STATUS_BITS 3
- #define PM_STATUS_OFFSET (64 - PM_STATUS_BITS)
- #define PM_STATUS_MASK (((1LL << PM_STATUS_BITS) - 1) << PM_STATUS_OFFSET)
-@@ -1038,8 +1089,8 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
- if (!count)
- goto out_task;
-
-- pm.len = PM_ENTRY_BYTES * (PAGEMAP_WALK_SIZE >> PAGE_SHIFT);
-- pm.buffer = kmalloc(pm.len, GFP_TEMPORARY);
-+ pm.len = (PAGEMAP_WALK_SIZE >> PAGE_SHIFT);
-+ pm.buffer = kmalloc(pm.len * PM_ENTRY_BYTES, GFP_TEMPORARY);
- ret = -ENOMEM;
- if (!pm.buffer)
- goto out_task;
@@ -1264,6 +1315,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
int n;
char buffer[50];
@@ -70560,19 +70424,6 @@ index a59ff51..2594a70 100644
#endif /* CONFIG_MMU */
#endif /* !__ASSEMBLY__ */
-diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h
-index 13821c3..5672d7e 100644
---- a/include/asm-generic/tlb.h
-+++ b/include/asm-generic/tlb.h
-@@ -112,7 +112,7 @@ struct mmu_gather {
-
- #define HAVE_GENERIC_MMU_GATHER
-
--void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm);
-+void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end);
- void tlb_flush_mmu(struct mmu_gather *tlb);
- void tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start,
- unsigned long end);
diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
index c184aa8..d049942 100644
--- a/include/asm-generic/uaccess.h
@@ -74638,7 +74489,7 @@ index 6dacb93..6174423 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 178a8d9..450bf11 100644
+index 3aeb14b..73816a6 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -62,6 +62,7 @@ struct bio_list;
@@ -74658,10 +74509,11 @@ index 178a8d9..450bf11 100644
extern signed long schedule_timeout_interruptible(signed long timeout);
extern signed long schedule_timeout_killable(signed long timeout);
extern signed long schedule_timeout_uninterruptible(signed long timeout);
-@@ -314,6 +315,19 @@ struct nsproxy;
+@@ -314,7 +315,19 @@ struct nsproxy;
struct user_namespace;
#ifdef CONFIG_MMU
+-extern unsigned long mmap_legacy_base(void);
+
+#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK
+extern unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags);
@@ -74674,11 +74526,11 @@ index 178a8d9..450bf11 100644
+
+extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset);
+extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len, unsigned long offset);
-+
++extern unsigned long mmap_legacy_base(struct mm_struct *mm);
extern void arch_pick_mmap_layout(struct mm_struct *mm);
extern unsigned long
arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
-@@ -591,6 +605,17 @@ struct signal_struct {
+@@ -592,6 +605,17 @@ struct signal_struct {
#ifdef CONFIG_TASKSTATS
struct taskstats *stats;
#endif
@@ -74696,7 +74548,7 @@ index 178a8d9..450bf11 100644
#ifdef CONFIG_AUDIT
unsigned audit_tty;
unsigned audit_tty_log_passwd;
-@@ -671,6 +696,14 @@ struct user_struct {
+@@ -672,6 +696,14 @@ struct user_struct {
struct key *session_keyring; /* UID's default session keyring */
#endif
@@ -74711,7 +74563,7 @@ index 178a8d9..450bf11 100644
/* Hash table maintenance information */
struct hlist_node uidhash_node;
kuid_t uid;
-@@ -1158,8 +1191,8 @@ struct task_struct {
+@@ -1159,8 +1191,8 @@ struct task_struct {
struct list_head thread_group;
struct completion *vfork_done; /* for vfork() */
@@ -74722,7 +74574,7 @@ index 178a8d9..450bf11 100644
cputime_t utime, stime, utimescaled, stimescaled;
cputime_t gtime;
-@@ -1184,11 +1217,6 @@ struct task_struct {
+@@ -1185,11 +1217,6 @@ struct task_struct {
struct task_cputime cputime_expires;
struct list_head cpu_timers[3];
@@ -74734,7 +74586,7 @@ index 178a8d9..450bf11 100644
char comm[TASK_COMM_LEN]; /* executable name excluding path
- access with [gs]et_task_comm (which lock
it with task_lock())
-@@ -1205,6 +1233,10 @@ struct task_struct {
+@@ -1206,6 +1233,10 @@ struct task_struct {
#endif
/* CPU-specific state of this task */
struct thread_struct thread;
@@ -74745,7 +74597,7 @@ index 178a8d9..450bf11 100644
/* filesystem information */
struct fs_struct *fs;
/* open file information */
-@@ -1278,6 +1310,10 @@ struct task_struct {
+@@ -1279,6 +1310,10 @@ struct task_struct {
gfp_t lockdep_reclaim_gfp;
#endif
@@ -74756,7 +74608,7 @@ index 178a8d9..450bf11 100644
/* journalling filesystem info */
void *journal_info;
-@@ -1316,6 +1352,10 @@ struct task_struct {
+@@ -1317,6 +1352,10 @@ struct task_struct {
/* cg_list protected by css_set_lock and tsk->alloc_lock */
struct list_head cg_list;
#endif
@@ -74767,7 +74619,7 @@ index 178a8d9..450bf11 100644
#ifdef CONFIG_FUTEX
struct robust_list_head __user *robust_list;
#ifdef CONFIG_COMPAT
-@@ -1416,8 +1456,76 @@ struct task_struct {
+@@ -1417,8 +1456,76 @@ struct task_struct {
unsigned int sequential_io;
unsigned int sequential_io_avg;
#endif
@@ -74844,7 +74696,7 @@ index 178a8d9..450bf11 100644
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -1476,7 +1584,7 @@ struct pid_namespace;
+@@ -1477,7 +1584,7 @@ struct pid_namespace;
pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
struct pid_namespace *ns);
@@ -74853,7 +74705,7 @@ index 178a8d9..450bf11 100644
{
return tsk->pid;
}
-@@ -1919,7 +2027,9 @@ void yield(void);
+@@ -1920,7 +2027,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
@@ -74863,7 +74715,7 @@ index 178a8d9..450bf11 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -1952,6 +2062,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -1953,6 +2062,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -74871,7 +74723,7 @@ index 178a8d9..450bf11 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2118,7 +2229,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2119,7 +2229,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -74880,7 +74732,7 @@ index 178a8d9..450bf11 100644
extern int allow_signal(int);
extern int disallow_signal(int);
-@@ -2309,9 +2420,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2310,9 +2420,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
@@ -75446,7 +75298,7 @@ index a5ffd32..0935dea 100644
extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page,
unsigned long offset, size_t size,
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
-index 4147d70..d356a10 100644
+index 84662ec..d8f8adb 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -97,8 +97,12 @@ struct sigaltstack;
@@ -78730,7 +78582,7 @@ index 7bb73f9..d7978ed 100644
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 987b28a..11ee8a5 100644
+index ffbc090..08ceeee 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
@@ -79025,7 +78877,7 @@ index 987b28a..11ee8a5 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1723,7 +1785,7 @@ void __init proc_caches_init(void)
+@@ -1729,7 +1791,7 @@ void __init proc_caches_init(void)
mm_cachep = kmem_cache_create("mm_struct",
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
@@ -79034,7 +78886,7 @@ index 987b28a..11ee8a5 100644
mmap_init();
nsproxy_cache_init();
}
-@@ -1763,7 +1825,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1769,7 +1831,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -79043,7 +78895,7 @@ index 987b28a..11ee8a5 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1875,7 +1937,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1881,7 +1943,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -80739,7 +80591,7 @@ index 42670e9..8719c2f 100644
.clock_get = thread_cpu_clock_get,
.timer_create = thread_cpu_timer_create,
diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
-index 424c2d4..a9194f7 100644
+index 424c2d4..679242f 100644
--- a/kernel/posix-timers.c
+++ b/kernel/posix-timers.c
@@ -43,6 +43,7 @@
@@ -80831,6 +80683,15 @@ index 424c2d4..a9194f7 100644
}
static int common_timer_create(struct k_itimer *new_timer)
+@@ -597,7 +598,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock,
+ struct k_clock *kc = clockid_to_kclock(which_clock);
+ struct k_itimer *new_timer;
+ int error, new_timer_id;
+- sigevent_t event;
++ sigevent_t event = { };
+ int it_id_set = IT_ID_NOT_SET;
+
+ if (!kc)
@@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
if (copy_from_user(&new_tp, tp, sizeof (*tp)))
return -EFAULT;
@@ -82044,7 +81905,7 @@ index e8b3350..d83d44e 100644
.priority = CPU_PRI_MIGRATION,
};
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index c61a614..d7f3d7e 100644
+index 03b73be..9422b9f 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -831,7 +831,7 @@ void task_numa_fault(int node, int pages, bool migrated)
@@ -82056,7 +81917,7 @@ index c61a614..d7f3d7e 100644
p->mm->numa_scan_offset = 0;
}
-@@ -5686,7 +5686,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+@@ -5687,7 +5687,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
@@ -84318,9 +84179,18 @@ index e742d06..c56fdd8 100644
config NOMMU_INITIAL_TRIM_EXCESS
diff --git a/mm/backing-dev.c b/mm/backing-dev.c
-index 5025174..9fc1c5c 100644
+index 5025174..9d67dcd 100644
--- a/mm/backing-dev.c
+++ b/mm/backing-dev.c
+@@ -12,7 +12,7 @@
+ #include <linux/device.h>
+ #include <trace/events/writeback.h>
+
+-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0);
++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0);
+
+ struct backing_dev_info default_backing_dev_info = {
+ .name = "default",
@@ -515,7 +515,6 @@ EXPORT_SYMBOL(bdi_destroy);
int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
unsigned int cap)
@@ -84335,7 +84205,7 @@ index 5025174..9fc1c5c 100644
- sprintf(tmp, "%.28s%s", name, "-%d");
- err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq));
-+ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq));
++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return_unchecked(&bdi_seq));
if (err) {
bdi_destroy(bdi);
return err;
@@ -84405,7 +84275,7 @@ index b32b70c..e512eb0 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 5cf99bf..5c01c2f 100644
+index 7c5eb85..5c01c2f 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2022,15 +2022,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -84450,15 +84320,6 @@ index 5cf99bf..5c01c2f 100644
if (ret)
goto out;
-@@ -2490,7 +2494,7 @@ void unmap_hugepage_range(struct vm_area_struct *vma, unsigned long start,
-
- mm = vma->vm_mm;
-
-- tlb_gather_mmu(&tlb, mm, 0);
-+ tlb_gather_mmu(&tlb, mm, start, end);
- __unmap_hugepage_range(&tlb, vma, start, end, ref_page);
- tlb_finish_mmu(&tlb, start, end);
- }
@@ -2545,6 +2549,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -84811,39 +84672,10 @@ index ceb0c7f..b2b8e94 100644
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
diff --git a/mm/memory.c b/mm/memory.c
-index 5e50800..7c0340f 100644
+index 5a35443..7c0340f 100644
--- a/mm/memory.c
+++ b/mm/memory.c
-@@ -211,14 +211,15 @@ static int tlb_next_batch(struct mmu_gather *tlb)
- * tear-down from @mm. The @fullmm argument is used when @mm is without
- * users and we're going to destroy the full address space (exit/execve).
- */
--void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm)
-+void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
- {
- tlb->mm = mm;
-
-- tlb->fullmm = fullmm;
-+ /* Is it from 0 to ~0? */
-+ tlb->fullmm = !(start | (end+1));
- tlb->need_flush_all = 0;
-- tlb->start = -1UL;
-- tlb->end = 0;
-+ tlb->start = start;
-+ tlb->end = end;
- tlb->need_flush = 0;
- tlb->local.next = NULL;
- tlb->local.nr = 0;
-@@ -258,8 +259,6 @@ void tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start, unsigned long e
- {
- struct mmu_gather_batch *batch, *next;
-
-- tlb->start = start;
-- tlb->end = end;
- tlb_flush_mmu(tlb);
-
- /* keep the page table cache within bounds */
-@@ -429,6 +428,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -428,6 +428,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
free_pte_range(tlb, pmd, addr);
} while (pmd++, addr = next, addr != end);
@@ -84851,7 +84683,7 @@ index 5e50800..7c0340f 100644
start &= PUD_MASK;
if (start < floor)
return;
-@@ -443,6 +443,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -442,6 +443,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
pmd = pmd_offset(pud, start);
pud_clear(pud);
pmd_free_tlb(tlb, pmd, start);
@@ -84860,7 +84692,7 @@ index 5e50800..7c0340f 100644
}
static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
-@@ -462,6 +464,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -461,6 +464,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
free_pmd_range(tlb, pud, addr, next, floor, ceiling);
} while (pud++, addr = next, addr != end);
@@ -84868,7 +84700,7 @@ index 5e50800..7c0340f 100644
start &= PGDIR_MASK;
if (start < floor)
return;
-@@ -476,6 +479,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -475,6 +479,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
pud = pud_offset(pgd, start);
pgd_clear(pgd);
pud_free_tlb(tlb, pud, start);
@@ -84877,65 +84709,7 @@ index 5e50800..7c0340f 100644
}
/*
-@@ -1101,7 +1106,6 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb,
- spinlock_t *ptl;
- pte_t *start_pte;
- pte_t *pte;
-- unsigned long range_start = addr;
-
- again:
- init_rss_vec(rss);
-@@ -1204,17 +1208,25 @@ again:
- * and page-free while holding it.
- */
- if (force_flush) {
-+ unsigned long old_end;
-+
- force_flush = 0;
-
--#ifdef HAVE_GENERIC_MMU_GATHER
-- tlb->start = range_start;
-+ /*
-+ * Flush the TLB just for the previous segment,
-+ * then update the range to be the remaining
-+ * TLB range.
-+ */
-+ old_end = tlb->end;
- tlb->end = addr;
--#endif
-+
- tlb_flush_mmu(tlb);
-- if (addr != end) {
-- range_start = addr;
-+
-+ tlb->start = addr;
-+ tlb->end = old_end;
-+
-+ if (addr != end)
- goto again;
-- }
- }
-
- return addr;
-@@ -1399,7 +1411,7 @@ void zap_page_range(struct vm_area_struct *vma, unsigned long start,
- unsigned long end = start + size;
-
- lru_add_drain();
-- tlb_gather_mmu(&tlb, mm, 0);
-+ tlb_gather_mmu(&tlb, mm, start, end);
- update_hiwater_rss(mm);
- mmu_notifier_invalidate_range_start(mm, start, end);
- for ( ; vma && vma->vm_start < end; vma = vma->vm_next)
-@@ -1425,7 +1437,7 @@ static void zap_page_range_single(struct vm_area_struct *vma, unsigned long addr
- unsigned long end = address + size;
-
- lru_add_drain();
-- tlb_gather_mmu(&tlb, mm, 0);
-+ tlb_gather_mmu(&tlb, mm, address, end);
- update_hiwater_rss(mm);
- mmu_notifier_invalidate_range_start(mm, address, end);
- unmap_single_vma(&tlb, vma, address, end, details);
-@@ -1638,12 +1650,6 @@ no_page_table:
+@@ -1644,12 +1650,6 @@ no_page_table:
return page;
}
@@ -84948,7 +84722,7 @@ index 5e50800..7c0340f 100644
/**
* __get_user_pages() - pin user pages in memory
* @tsk: task_struct of target task
-@@ -1730,10 +1736,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1736,10 +1736,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
i = 0;
@@ -84961,7 +84735,7 @@ index 5e50800..7c0340f 100644
if (!vma && in_gate_area(mm, start)) {
unsigned long pg = start & PAGE_MASK;
pgd_t *pgd;
-@@ -1782,7 +1788,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1788,7 +1788,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
goto next_page;
}
@@ -84970,7 +84744,7 @@ index 5e50800..7c0340f 100644
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1811,11 +1817,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1817,11 +1817,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int ret;
unsigned int fault_flags = 0;
@@ -84982,7 +84756,7 @@ index 5e50800..7c0340f 100644
if (foll_flags & FOLL_WRITE)
fault_flags |= FAULT_FLAG_WRITE;
if (nonblocking)
-@@ -1895,7 +1896,7 @@ next_page:
+@@ -1901,7 +1896,7 @@ next_page:
start += page_increm * PAGE_SIZE;
nr_pages -= page_increm;
} while (nr_pages && start < vma->vm_end);
@@ -84991,7 +84765,7 @@ index 5e50800..7c0340f 100644
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -2102,6 +2103,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2108,6 +2103,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
@@ -85002,7 +84776,7 @@ index 5e50800..7c0340f 100644
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2146,9 +2151,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2152,9 +2151,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
if (!page_count(page))
return -EINVAL;
if (!(vma->vm_flags & VM_MIXEDMAP)) {
@@ -85024,7 +84798,7 @@ index 5e50800..7c0340f 100644
}
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2231,6 +2248,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2237,6 +2248,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -85032,7 +84806,7 @@ index 5e50800..7c0340f 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2478,7 +2496,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -2484,7 +2496,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
@@ -85043,7 +84817,7 @@ index 5e50800..7c0340f 100644
if (!pmd)
return -ENOMEM;
do {
-@@ -2498,7 +2518,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -2504,7 +2518,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
@@ -85054,7 +84828,7 @@ index 5e50800..7c0340f 100644
if (!pud)
return -ENOMEM;
do {
-@@ -2586,6 +2608,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2592,6 +2608,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
@@ -85241,7 +85015,7 @@ index 5e50800..7c0340f 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2802,6 +3004,12 @@ gotten:
+@@ -2808,6 +3004,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -85254,7 +85028,7 @@ index 5e50800..7c0340f 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2853,6 +3061,10 @@ gotten:
+@@ -2859,6 +3061,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -85265,7 +85039,7 @@ index 5e50800..7c0340f 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -3128,6 +3340,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3134,6 +3340,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -85277,7 +85051,7 @@ index 5e50800..7c0340f 100644
unlock_page(page);
if (page != swapcache) {
/*
-@@ -3151,6 +3368,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3157,6 +3368,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -85289,7 +85063,7 @@ index 5e50800..7c0340f 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -3170,40 +3392,6 @@ out_release:
+@@ -3176,40 +3392,6 @@ out_release:
}
/*
@@ -85330,7 +85104,7 @@ index 5e50800..7c0340f 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3212,27 +3400,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3218,27 +3400,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -85363,7 +85137,7 @@ index 5e50800..7c0340f 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3256,6 +3440,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3262,6 +3440,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -85375,7 +85149,7 @@ index 5e50800..7c0340f 100644
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -3263,6 +3452,12 @@ setpte:
+@@ -3269,6 +3452,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -85388,7 +85162,7 @@ index 5e50800..7c0340f 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -3406,6 +3601,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3412,6 +3601,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -85401,7 +85175,7 @@ index 5e50800..7c0340f 100644
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -3425,6 +3626,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3431,6 +3626,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, page_table);
@@ -85416,7 +85190,7 @@ index 5e50800..7c0340f 100644
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3746,6 +3955,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3752,6 +3955,12 @@ int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -85429,7 +85203,7 @@ index 5e50800..7c0340f 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3762,6 +3977,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3768,6 +3977,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -85440,7 +85214,7 @@ index 5e50800..7c0340f 100644
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3773,6 +3992,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3779,6 +3992,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -85475,7 +85249,7 @@ index 5e50800..7c0340f 100644
retry:
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
-@@ -3871,6 +4118,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3877,6 +4118,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -85499,7 +85273,7 @@ index 5e50800..7c0340f 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3901,6 +4165,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3907,6 +4165,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -85530,7 +85304,7 @@ index 5e50800..7c0340f 100644
#endif /* __PAGETABLE_PMD_FOLDED */
#if !defined(__HAVE_ARCH_GATE_AREA)
-@@ -3914,7 +4202,7 @@ static int __init gate_vma_init(void)
+@@ -3920,7 +4202,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -85539,7 +85313,7 @@ index 5e50800..7c0340f 100644
return 0;
}
-@@ -4048,8 +4336,8 @@ out:
+@@ -4054,8 +4336,8 @@ out:
return ret;
}
@@ -85550,7 +85324,7 @@ index 5e50800..7c0340f 100644
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -4074,8 +4362,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
+@@ -4080,8 +4362,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
@@ -85561,7 +85335,7 @@ index 5e50800..7c0340f 100644
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -4083,7 +4371,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4089,7 +4371,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
@@ -85570,7 +85344,7 @@ index 5e50800..7c0340f 100644
void *maddr;
struct page *page = NULL;
-@@ -4142,8 +4430,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4148,8 +4430,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -85581,7 +85355,7 @@ index 5e50800..7c0340f 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -4153,11 +4441,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4159,11 +4441,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
@@ -85758,7 +85532,7 @@ index 79b7cf7..9944291 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index 7dbe397..bfb7626 100644
+index 8d25fdc..bfb7626 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -36,6 +36,7 @@
@@ -86627,15 +86401,6 @@ index 7dbe397..bfb7626 100644
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
-@@ -2356,7 +2728,7 @@ static void unmap_region(struct mm_struct *mm,
- struct mmu_gather tlb;
-
- lru_add_drain();
-- tlb_gather_mmu(&tlb, mm, 0);
-+ tlb_gather_mmu(&tlb, mm, start, end);
- update_hiwater_rss(mm);
- unmap_vmas(&tlb, vma, start, end);
- free_pgtables(&tlb, vma, prev ? prev->vm_end : FIRST_USER_ADDRESS,
@@ -2379,6 +2751,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
@@ -86941,15 +86706,6 @@ index 7dbe397..bfb7626 100644
return addr;
}
-@@ -2735,7 +3232,7 @@ void exit_mmap(struct mm_struct *mm)
-
- lru_add_drain();
- flush_cache_mm(mm);
-- tlb_gather_mmu(&tlb, mm, 1);
-+ tlb_gather_mmu(&tlb, mm, 0, -1);
- /* update_hiwater_rss(mm) here? but nobody should be looking */
- /* Use -1 here to ensure all VMAs in the mm are unmapped */
- unmap_vmas(&tlb, vma, 0, -1);
@@ -2750,6 +3247,7 @@ void exit_mmap(struct mm_struct *mm)
while (vma) {
if (vma->vm_flags & VM_ACCOUNT)
@@ -93608,7 +93364,7 @@ index 57ee84d..8b99cf5 100644
);
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
-index 1076fe1..8285fd7 100644
+index 1076fe1..f190285 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -310,18 +310,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops)
@@ -93649,27 +93405,6 @@ index 1076fe1..8285fd7 100644
return 0;
}
}
-@@ -789,6 +791,10 @@ static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
- struct net *net = sock_net(skb->sk);
- int chains_to_skip = cb->args[0];
- int fams_to_skip = cb->args[1];
-+ bool need_locking = chains_to_skip || fams_to_skip;
-+
-+ if (need_locking)
-+ genl_lock();
-
- for (i = chains_to_skip; i < GENL_FAM_TAB_SIZE; i++) {
- n = 0;
-@@ -810,6 +816,9 @@ errout:
- cb->args[0] = i;
- cb->args[1] = n;
-
-+ if (need_locking)
-+ genl_unlock();
-+
- return skb->len;
- }
-
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index ec0c80f..41e1830 100644
--- a/net/netrom/af_netrom.c