diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-06-11 07:20:04 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-06-11 07:20:04 +0000 |
commit | ddbc0abff37606835aa54dbad4654a924d6c9803 (patch) | |
tree | 55ae520b66bdeefa149ae510cdff0198bf9c271a /main/linux-grsec | |
parent | 206e25137a92251db553e6e6c3dd80fd8eb70427 (diff) | |
download | aports-ddbc0abff37606835aa54dbad4654a924d6c9803.tar.bz2 aports-ddbc0abff37606835aa54dbad4654a924d6c9803.tar.xz |
main/linux-grsec: upgrade to 3.14.6
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 28 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch) | 1214 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 7 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 7 |
4 files changed, 771 insertions, 485 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 6d3afc84c3..c81b721281 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.5 +pkgver=3.14.6 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.5-201406021708.patch + grsecurity-3.0-3.14.6-201406101411.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,26 +165,26 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -a56bf05cb9033097198f9269bbcff130 patch-3.14.5.xz -e3879ccdca92dbec4e42109a9f5552bb grsecurity-3.0-3.14.5-201406021708.patch +068b814830b45c232340db534bc06e04 patch-3.14.6.xz +b4bca0946e46ae371b8456f96bb8f979 grsecurity-3.0-3.14.6-201406101411.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch -7dbab6689abe6d34178c40773ea6759d kernelconfig.x86 -21240113d77342def57ea9d6017c2cd6 kernelconfig.x86_64 +78480c85e37624c15d2720233f6c958a kernelconfig.x86 +0ed796d10c7f84faf528a6b4e92fb3d9 kernelconfig.x86_64 727688e12e37262437fc9ca9c1fbd215 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -ecc00856830c05736b3f99609bc6d80353c29d2db9b0dffb91eb2d169808cac4 patch-3.14.5.xz -8695054d1a1bd02acd2a08b1268eb65349f6877b1be1a00251dcbc5dd95a5a00 grsecurity-3.0-3.14.5-201406021708.patch +b8de86f64a62ec1f5d62ef7b0caf302546be0d397e7c7d29e4b1e260220462d7 patch-3.14.6.xz +abefdcbacb2c78c0de1168915dc26d16e35ec0e6158e0bbbc84fad819b234404 grsecurity-3.0-3.14.6-201406101411.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch -ea60441bed9d50ed3cde8b73c664448b4efebd60c6b58ea0a6df67f087bbc64b kernelconfig.x86 -c87d9045758f474d092e18a77fc936c1fc9007b09564b79a1ecc46c083c7e3c0 kernelconfig.x86_64 +0ed12d0f86d8e03d4bdbc4f9321b22a7ec449ab5fca765f68f3f031dc493ffae kernelconfig.x86 +48589462cfa1a7ea2ae71dd34c896c6d7e7c285197b78bf0519b5c8a9212a498 kernelconfig.x86_64 00fc74f27931d161ecc1c26e5cd000d9aeaf6ebea6e0e1293ecde14a64d80467 kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -068d139063c94f0e3fd4c24217705628b20f996f6e4cce88366c060150a123381babcfc05c953c58023deff0f7b28b4129b8d381b20dd4e3ac80ce4dbc4ec1e3 patch-3.14.5.xz -86aa2f621e4fe52eaf498236289b66532f7a8bc087e9100ec168861cead44b7a4329ad609314b6b0bcbf114adf7378ae4eb38b37fc7d8e414473b7de1b84bd2f grsecurity-3.0-3.14.5-201406021708.patch +ba8784eb4968b639704e225cbd0455768a3d381ade19d37e0cc06cc00606cc9706163b27441f32b1de4a6f71d44b14004e931ea3f9a2d86c20e35dc881e6d451 patch-3.14.6.xz +ff19d88212682a8a2d3b244313fd54a37728de477038ebac3e118de7a61c122283f44d5bd700f440e3edd597a9f5f1dbd5bb58b57fe8631357b9ce1ceacbb681 grsecurity-3.0-3.14.6-201406101411.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch -e19c081066d5615f3037d66e8cf5074bfa4d448d8db2f32642957eb808e8c26e2a2467d333f8773a02aac44b13d5afe556780bd2303df3a9ac88ad6099a898b2 kernelconfig.x86 -79f7c6890808b9e1f23332c5697e20c5c22e5a12e0e83f697626c96e0fbf7e22b96ed06ffbf398aac716bb0d02e012f7dd5c51bf501d7a1831110c8d0872f1cd kernelconfig.x86_64 +f86584d51e0d449066f9823efc65ed24ba005226c3873ee4a97ff0885956e58157eee6b2d3984b678d0831e8786675687baa2495bdd17f58e26cccf362f1f8bc kernelconfig.x86 +7c74515e4304c371b9f78297a3e624ca24cb116cfb06e6aa920ff2e3551123b5fbc380a3e5dc5a9a6d153287564a7a779c6925fc002ffb6bccf6f66336087309 kernelconfig.x86_64 84cf8bf558d3fa98a46a2dc1bdd5ddbe4b36b210282d939a47123d889a47240469e7b37f1351854a396c58f4366b8267e1e7990fb91be23bc8ddd9f2a33a6257 kernelconfig.armhf" diff --git a/main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch b/main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch index 400f193d7c..274a809e22 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index fa77b0b..dadf5fd 100644 +index 0d499e6..2318683 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -457,15 +457,16 @@ index fa77b0b..dadf5fd 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1112,6 +1189,7 @@ distclean: mrproper +@@ -1111,7 +1188,7 @@ distclean: mrproper + @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ - -o -name '.*.rej' \ +- -o -name '.*.rej' \ + -o -name '.*.rej' -o -name '*.so' \ -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1273,6 +1351,8 @@ PHONY += $(module-dirs) modules +@@ -1273,6 +1350,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -474,7 +475,7 @@ index fa77b0b..dadf5fd 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1412,17 +1492,21 @@ else +@@ -1412,17 +1491,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -500,7 +501,7 @@ index fa77b0b..dadf5fd 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1432,11 +1516,15 @@ endif +@@ -1432,11 +1515,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -1524,6 +1525,19 @@ index 62d2cb5..09d45e3 100644 #define atomic64_dec_return(v) atomic64_sub_return(1LL, (v)) #define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0) #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL) +diff --git a/arch/arm/include/asm/barrier.h b/arch/arm/include/asm/barrier.h +index 2f59f74..1594659 100644 +--- a/arch/arm/include/asm/barrier.h ++++ b/arch/arm/include/asm/barrier.h +@@ -63,7 +63,7 @@ + do { \ + compiletime_assert_atomic_type(*p); \ + smp_mb(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/arm/include/asm/cache.h b/arch/arm/include/asm/cache.h index 75fe66b..ba3dee4 100644 --- a/arch/arm/include/asm/cache.h @@ -4716,6 +4730,19 @@ index ce6d763..cfea917 100644 extern void *samsung_dmadev_get_ops(void); extern void *s3c_dma_get_ops(void); +diff --git a/arch/arm64/include/asm/barrier.h b/arch/arm64/include/asm/barrier.h +index 409ca37..10c87ad 100644 +--- a/arch/arm64/include/asm/barrier.h ++++ b/arch/arm64/include/asm/barrier.h +@@ -40,7 +40,7 @@ + do { \ + compiletime_assert_atomic_type(*p); \ + smp_mb(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 6c0f684..5faea9d 100644 --- a/arch/arm64/include/asm/uaccess.h @@ -5010,6 +5037,19 @@ index 6e6fe18..a6ae668 100644 /* Atomic operations are already serializing */ #define smp_mb__before_atomic_dec() barrier() #define smp_mb__after_atomic_dec() barrier() +diff --git a/arch/ia64/include/asm/barrier.h b/arch/ia64/include/asm/barrier.h +index d0a69aa..142f878 100644 +--- a/arch/ia64/include/asm/barrier.h ++++ b/arch/ia64/include/asm/barrier.h +@@ -64,7 +64,7 @@ + do { \ + compiletime_assert_atomic_type(*p); \ + barrier(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/ia64/include/asm/cache.h b/arch/ia64/include/asm/cache.h index 988254a..e1ee885 100644 --- a/arch/ia64/include/asm/cache.h @@ -5497,6 +5537,19 @@ index 0395c51..5f26031 100644 #define ARCH_DMA_MINALIGN L1_CACHE_BYTES +diff --git a/arch/metag/include/asm/barrier.h b/arch/metag/include/asm/barrier.h +index 2d6f0de..de5f5ac 100644 +--- a/arch/metag/include/asm/barrier.h ++++ b/arch/metag/include/asm/barrier.h +@@ -89,7 +89,7 @@ static inline void fence(void) + do { \ + compiletime_assert_atomic_type(*p); \ + smp_mb(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c index 0424315..defcca9 100644 --- a/arch/metag/mm/hugetlbpage.c @@ -6459,6 +6512,19 @@ index 7eed2f2..c4e385d 100644 /* * atomic64_add_negative - add and test if negative +diff --git a/arch/mips/include/asm/barrier.h b/arch/mips/include/asm/barrier.h +index e1aa4e4..670b68b 100644 +--- a/arch/mips/include/asm/barrier.h ++++ b/arch/mips/include/asm/barrier.h +@@ -184,7 +184,7 @@ + do { \ + compiletime_assert_atomic_type(*p); \ + smp_mb(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/mips/include/asm/cache.h b/arch/mips/include/asm/cache.h index b4db69f..8f3b093 100644 --- a/arch/mips/include/asm/cache.h @@ -7684,10 +7750,10 @@ index 31ffa9b..588a798 100644 mm->mmap_base = mm->mmap_legacy_base; mm->get_unmapped_area = arch_get_unmapped_area; diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c -index 1cd1d0c..44ec918 100644 +index 47ee620..1107387 100644 --- a/arch/parisc/kernel/traps.c +++ b/arch/parisc/kernel/traps.c -@@ -722,9 +722,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) +@@ -726,9 +726,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) down_read(¤t->mm->mmap_sem); vma = find_vma(current->mm,regs->iaoq[0]); @@ -7699,7 +7765,7 @@ index 1cd1d0c..44ec918 100644 fault_space = regs->iasq[0]; diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c -index 9d08c71..e2b4d20 100644 +index d72197f..c017c84 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -15,6 +15,7 @@ @@ -7710,7 +7776,7 @@ index 9d08c71..e2b4d20 100644 #include <asm/uaccess.h> #include <asm/traps.h> -@@ -52,7 +53,7 @@ DEFINE_PER_CPU(struct exception_data, exception_data); +@@ -50,7 +51,7 @@ int show_unhandled_signals = 1; static unsigned long parisc_acctyp(unsigned long code, unsigned int inst) { @@ -7719,7 +7785,7 @@ index 9d08c71..e2b4d20 100644 return VM_EXEC; switch (inst & 0xf0000000) { -@@ -138,6 +139,116 @@ parisc_acctyp(unsigned long code, unsigned int inst) +@@ -136,6 +137,116 @@ parisc_acctyp(unsigned long code, unsigned int inst) } #endif @@ -7836,7 +7902,7 @@ index 9d08c71..e2b4d20 100644 int fixup_exception(struct pt_regs *regs) { const struct exception_table_entry *fix; -@@ -210,8 +321,33 @@ retry: +@@ -234,8 +345,33 @@ retry: good_area: @@ -7904,6 +7970,19 @@ index e3b1d41..8e81edf 100644 #endif /* __powerpc64__ */ #endif /* __KERNEL__ */ +diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h +index f89da80..7f5b05a 100644 +--- a/arch/powerpc/include/asm/barrier.h ++++ b/arch/powerpc/include/asm/barrier.h +@@ -73,7 +73,7 @@ + do { \ + compiletime_assert_atomic_type(*p); \ + __lwsync(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/powerpc/include/asm/cache.h b/arch/powerpc/include/asm/cache.h index ed0afc1..0332825 100644 --- a/arch/powerpc/include/asm/cache.h @@ -9020,6 +9099,19 @@ index 1d47061..0714963 100644 #define smp_mb__before_atomic_dec() smp_mb() #define smp_mb__after_atomic_dec() smp_mb() #define smp_mb__before_atomic_inc() smp_mb() +diff --git a/arch/s390/include/asm/barrier.h b/arch/s390/include/asm/barrier.h +index 578680f..0eb3b11 100644 +--- a/arch/s390/include/asm/barrier.h ++++ b/arch/s390/include/asm/barrier.h +@@ -36,7 +36,7 @@ + do { \ + compiletime_assert_atomic_type(*p); \ + barrier(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/s390/include/asm/cache.h b/arch/s390/include/asm/cache.h index 4d7ccac..d03d0ad 100644 --- a/arch/s390/include/asm/cache.h @@ -9623,6 +9715,19 @@ index be56a24..443328f 100644 } #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) +diff --git a/arch/sparc/include/asm/barrier_64.h b/arch/sparc/include/asm/barrier_64.h +index b5aad96..99d7465 100644 +--- a/arch/sparc/include/asm/barrier_64.h ++++ b/arch/sparc/include/asm/barrier_64.h +@@ -57,7 +57,7 @@ do { __asm__ __volatile__("ba,pt %%xcc, 1f\n\t" \ + do { \ + compiletime_assert_atomic_type(*p); \ + barrier(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/sparc/include/asm/cache.h b/arch/sparc/include/asm/cache.h index 5bb6991..5c2132e 100644 --- a/arch/sparc/include/asm/cache.h @@ -15986,6 +16091,28 @@ index 46e9052..ae45136 100644 } #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) +diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h +index 69bbb48..32517fe 100644 +--- a/arch/x86/include/asm/barrier.h ++++ b/arch/x86/include/asm/barrier.h +@@ -107,7 +107,7 @@ + do { \ + compiletime_assert_atomic_type(*p); \ + smp_mb(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ +@@ -124,7 +124,7 @@ do { \ + do { \ + compiletime_assert_atomic_type(*p); \ + barrier(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h index 9fc1af7..fc71228 100644 --- a/arch/x86/include/asm/bitops.h @@ -16958,18 +17085,6 @@ index b4c1f54..e290c08 100644 pagefault_enable(); -diff --git a/arch/x86/include/asm/hugetlb.h b/arch/x86/include/asm/hugetlb.h -index a809121..68c0539 100644 ---- a/arch/x86/include/asm/hugetlb.h -+++ b/arch/x86/include/asm/hugetlb.h -@@ -52,6 +52,7 @@ static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - static inline void huge_ptep_clear_flush(struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) - { -+ ptep_clear_flush(vma, addr, ptep); - } - - static inline int huge_pte_none(pte_t pte) diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h index 67d69b8..50e4b77 100644 --- a/arch/x86/include/asm/hw_irq.h @@ -17593,6 +17708,19 @@ index 0f1ddee..e2fc3d1 100644 { unsigned long y = x - __START_KERNEL_map; +diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h +index 8de6d9c..6782051 100644 +--- a/arch/x86/include/asm/page_64_types.h ++++ b/arch/x86/include/asm/page_64_types.h +@@ -1,7 +1,7 @@ + #ifndef _ASM_X86_PAGE_64_DEFS_H + #define _ASM_X86_PAGE_64_DEFS_H + +-#define THREAD_SIZE_ORDER 1 ++#define THREAD_SIZE_ORDER 2 + #define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER) + #define CURRENT_MASK (~(THREAD_SIZE - 1)) + diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index cd6e1610..70f4418 100644 --- a/arch/x86/include/asm/paravirt.h @@ -25823,19 +25951,10 @@ index c2bedae..25e7ab6 100644 .name = "data", .mode = S_IRUGO, diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index af1d14a..81ae763 100644 +index dcbbaa1..81ae763 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c -@@ -20,6 +20,8 @@ - #include <asm/mmu_context.h> - #include <asm/syscalls.h> - -+int sysctl_ldt16 = 0; -+ - #ifdef CONFIG_SMP - static void flush_ldt(void *current_mm) - { -@@ -66,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) +@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) if (reload) { #ifdef CONFIG_SMP preempt_disable(); @@ -25851,7 +25970,7 @@ index af1d14a..81ae763 100644 #endif } if (oldsize) { -@@ -94,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) +@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) return err; for (i = 0; i < old->size; i++) @@ -25860,7 +25979,7 @@ index af1d14a..81ae763 100644 return 0; } -@@ -115,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) +@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) retval = copy_ldt(&mm->context, &old_mm->context); mutex_unlock(&old_mm->context.lock); } @@ -25885,7 +26004,7 @@ index af1d14a..81ae763 100644 return retval; } -@@ -229,12 +249,19 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -25899,13 +26018,6 @@ index af1d14a..81ae763 100644 /* * On x86-64 we do not support 16-bit segments due to * IRET leaking the high bits of the kernel stack address. - */ - #ifdef CONFIG_X86_64 -- if (!ldt_info.seg_32bit) { -+ if (!ldt_info.seg_32bit && !sysctl_ldt16) { - error = -EINVAL; - goto out_unlock; - } diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c index 1667b1d..16492c5 100644 --- a/arch/x86/kernel/machine_kexec_32.c @@ -27275,35 +27387,32 @@ index 7c3a5a6..f0a8961 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index a32da80..30c97f1 100644 +index a32da80..041a4ff 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -229,14 +229,18 @@ static void notrace start_secondary(void *unused) +@@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused) enable_start_cpu0 = 0; -#ifdef CONFIG_X86_32 -- /* switch away from the initial page table */ -- load_cr3(swapper_pg_dir); -- __flush_tlb_all(); --#endif -- - /* otherwise gcc will move up smp_processor_id before the cpu_init */ - barrier(); ++ /* otherwise gcc will move up smp_processor_id before the cpu_init */ ++ barrier(); + -+ /* switch away from the initial page table */ + /* switch away from the initial page table */ +#ifdef CONFIG_PAX_PER_CPU_PGD + load_cr3(get_cpu_pgd(smp_processor_id(), kernel)); -+ __flush_tlb_all(); -+#elif defined(CONFIG_X86_32) -+ load_cr3(swapper_pg_dir); -+ __flush_tlb_all(); ++#else + load_cr3(swapper_pg_dir); +#endif -+ + __flush_tlb_all(); +-#endif + +- /* otherwise gcc will move up smp_processor_id before the cpu_init */ +- barrier(); /* * Check TSC synchronization with the BP: */ -@@ -749,8 +753,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -749,8 +752,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) alternatives_enable_smp(); idle->thread.sp = (unsigned long) (((struct pt_regs *) @@ -27314,7 +27423,7 @@ index a32da80..30c97f1 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -758,11 +763,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -758,11 +762,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); @@ -27331,7 +27440,7 @@ index a32da80..30c97f1 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -911,6 +918,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -911,6 +917,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -35630,7 +35739,7 @@ index fd14be1..e3c79c0 100644 # diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c -index d6bfb87..a75c5f7 100644 +index f1d633a..a75c5f7 100644 --- a/arch/x86/vdso/vdso32-setup.c +++ b/arch/x86/vdso/vdso32-setup.c @@ -25,6 +25,7 @@ @@ -35641,15 +35750,7 @@ index d6bfb87..a75c5f7 100644 enum { VDSO_DISABLED = 0, -@@ -41,6 +42,7 @@ enum { - #ifdef CONFIG_X86_64 - #define vdso_enabled sysctl_vsyscall32 - #define arch_setup_additional_pages syscall32_setup_pages -+extern int sysctl_ldt16; - #endif - - /* -@@ -226,7 +228,7 @@ static inline void map_compat_vdso(int map) +@@ -227,7 +228,7 @@ static inline void map_compat_vdso(int map) void enable_sep_cpu(void) { int cpu = get_cpu(); @@ -35658,7 +35759,7 @@ index d6bfb87..a75c5f7 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); -@@ -249,7 +251,7 @@ static int __init gate_vma_init(void) +@@ -250,7 +251,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -35667,7 +35768,7 @@ index d6bfb87..a75c5f7 100644 return 0; } -@@ -330,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (compat) addr = VDSO_HIGH_BASE; else { @@ -35684,7 +35785,7 @@ index d6bfb87..a75c5f7 100644 if (compat_uses_vma || !compat) { /* -@@ -353,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -354,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) } current_thread_info()->sysenter_return = @@ -35698,21 +35799,7 @@ index d6bfb87..a75c5f7 100644 up_write(&mm->mmap_sem); -@@ -380,6 +382,13 @@ static struct ctl_table abi_table2[] = { - .mode = 0644, - .proc_handler = proc_dointvec - }, -+ { -+ .procname = "ldt16", -+ .data = &sysctl_ldt16, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec -+ }, - {} - }; - -@@ -404,8 +413,14 @@ __initcall(ia32_binfmt_init); +@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init); const char *arch_vma_name(struct vm_area_struct *vma) { @@ -35728,7 +35815,7 @@ index d6bfb87..a75c5f7 100644 return NULL; } -@@ -415,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) +@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) * Check to see if the corresponding task was created in compat vdso * mode. */ @@ -36531,7 +36618,7 @@ index a83e3c6..c3d617f 100644 bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj); if (!bgrt_kobj) diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c -index afec452..c5d8b96 100644 +index 3d8413d..95f638c 100644 --- a/drivers/acpi/blacklist.c +++ b/drivers/acpi/blacklist.c @@ -51,7 +51,7 @@ struct acpi_blacklist_item { @@ -36612,7 +36699,7 @@ index 36605ab..6ef6d4b 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 0a79c54..c1b92ed 100644 +index bb26636..09cbdb4 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -38757,10 +38844,10 @@ index ec4e10f..f2a763b 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 03f4189..e79f5e0 100644 +index 8b4fa2c..5f81848 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c -@@ -280,7 +280,7 @@ struct smi_info { +@@ -283,7 +283,7 @@ struct smi_info { unsigned char slave_addr; /* Counters and things for the proc filesystem. */ @@ -38769,7 +38856,7 @@ index 03f4189..e79f5e0 100644 struct task_struct *thread; -@@ -289,9 +289,9 @@ struct smi_info { +@@ -292,9 +292,9 @@ struct smi_info { }; #define smi_inc_stat(smi, stat) \ @@ -38781,7 +38868,7 @@ index 03f4189..e79f5e0 100644 #define SI_MAX_PARMS 4 -@@ -3339,7 +3339,7 @@ static int try_smi_init(struct smi_info *new_smi) +@@ -3349,7 +3349,7 @@ static int try_smi_init(struct smi_info *new_smi) atomic_set(&new_smi->req_events, 0); new_smi->run_to_completion = 0; for (i = 0; i < SI_NUM_STATS; i++) @@ -39505,10 +39592,10 @@ index 18d4091..434be15 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index 2cd36b9..8f07fae 100644 +index 9ac3783..652b033 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c -@@ -124,10 +124,10 @@ struct pstate_funcs { +@@ -126,10 +126,10 @@ struct pstate_funcs { struct cpu_defaults { struct pstate_adjust_policy pid_policy; struct pstate_funcs funcs; @@ -39521,7 +39608,7 @@ index 2cd36b9..8f07fae 100644 struct perf_limits { int no_turbo; -@@ -518,7 +518,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -527,7 +527,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; @@ -39530,7 +39617,7 @@ index 2cd36b9..8f07fae 100644 } static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) -@@ -540,12 +540,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) +@@ -549,12 +549,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) { sprintf(cpu->name, "Intel 2nd generation core"); @@ -39545,10 +39632,10 @@ index 2cd36b9..8f07fae 100644 - pstate_funcs.get_vid(cpu); + if (pstate_funcs->get_vid) + pstate_funcs->get_vid(cpu); + intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); + } - /* - * goto max pstate so we don't slow up boot if we are built-in if we are -@@ -832,9 +832,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -830,9 +830,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); @@ -39561,7 +39648,7 @@ index 2cd36b9..8f07fae 100644 return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -848,7 +848,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -846,7 +846,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -39570,7 +39657,7 @@ index 2cd36b9..8f07fae 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -860,11 +860,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -858,11 +858,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { @@ -40657,10 +40744,10 @@ index 3c59584..500f2e9 100644 return ret; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index d554169..f4426bb 100644 +index 4050450..f67c5c1 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -1438,7 +1438,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) +@@ -1448,7 +1448,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) int pipe; u32 pipe_stats[I915_MAX_PIPES]; @@ -40669,7 +40756,7 @@ index d554169..f4426bb 100644 while (true) { iir = I915_READ(VLV_IIR); -@@ -1751,7 +1751,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) +@@ -1761,7 +1761,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) u32 de_iir, gt_iir, de_ier, sde_ier = 0; irqreturn_t ret = IRQ_NONE; @@ -40678,7 +40765,7 @@ index d554169..f4426bb 100644 /* We get interrupts on unclaimed registers, so check for this before we * do any I915_{READ,WRITE}. */ -@@ -1821,7 +1821,7 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg) +@@ -1831,7 +1831,7 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg) uint32_t tmp = 0; enum pipe pipe; @@ -40687,7 +40774,7 @@ index d554169..f4426bb 100644 master_ctl = I915_READ(GEN8_MASTER_IRQ); master_ctl &= ~GEN8_MASTER_IRQ_CONTROL; -@@ -2645,7 +2645,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -2655,7 +2655,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -40696,7 +40783,7 @@ index d554169..f4426bb 100644 I915_WRITE(HWSTAM, 0xeffe); -@@ -2663,7 +2663,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) +@@ -2673,7 +2673,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -40705,7 +40792,7 @@ index d554169..f4426bb 100644 /* VLV magic */ I915_WRITE(VLV_IMR, 0); -@@ -2694,7 +2694,7 @@ static void gen8_irq_preinstall(struct drm_device *dev) +@@ -2704,7 +2704,7 @@ static void gen8_irq_preinstall(struct drm_device *dev) struct drm_i915_private *dev_priv = dev->dev_private; int pipe; @@ -40714,7 +40801,7 @@ index d554169..f4426bb 100644 I915_WRITE(GEN8_MASTER_IRQ, 0); POSTING_READ(GEN8_MASTER_IRQ); -@@ -3018,7 +3018,7 @@ static void gen8_irq_uninstall(struct drm_device *dev) +@@ -3028,7 +3028,7 @@ static void gen8_irq_uninstall(struct drm_device *dev) if (!dev_priv) return; @@ -40723,7 +40810,7 @@ index d554169..f4426bb 100644 I915_WRITE(GEN8_MASTER_IRQ, 0); -@@ -3112,7 +3112,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) +@@ -3122,7 +3122,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -40732,7 +40819,7 @@ index d554169..f4426bb 100644 for_each_pipe(pipe) I915_WRITE(PIPESTAT(pipe), 0); -@@ -3198,7 +3198,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) +@@ -3208,7 +3208,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -40741,7 +40828,7 @@ index d554169..f4426bb 100644 iir = I915_READ16(IIR); if (iir == 0) -@@ -3277,7 +3277,7 @@ static void i915_irq_preinstall(struct drm_device * dev) +@@ -3287,7 +3287,7 @@ static void i915_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -40750,7 +40837,7 @@ index d554169..f4426bb 100644 if (I915_HAS_HOTPLUG(dev)) { I915_WRITE(PORT_HOTPLUG_EN, 0); -@@ -3384,7 +3384,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) +@@ -3394,7 +3394,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; int pipe, ret = IRQ_NONE; @@ -40759,7 +40846,7 @@ index d554169..f4426bb 100644 iir = I915_READ(IIR); do { -@@ -3511,7 +3511,7 @@ static void i965_irq_preinstall(struct drm_device * dev) +@@ -3521,7 +3521,7 @@ static void i965_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -40768,7 +40855,7 @@ index d554169..f4426bb 100644 I915_WRITE(PORT_HOTPLUG_EN, 0); I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT)); -@@ -3627,7 +3627,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) +@@ -3637,7 +3637,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -40778,10 +40865,10 @@ index d554169..f4426bb 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 963639d..ea0c0cb 100644 +index 9d4d837..6836e22 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -10787,13 +10787,13 @@ struct intel_quirk { +@@ -10798,13 +10798,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -40797,7 +40884,7 @@ index 963639d..ea0c0cb 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -10801,18 +10801,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -10812,18 +10812,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -41375,10 +41462,10 @@ index 4a85bb6..aaea819 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 044bc98..50ced9b 100644 +index 7f370b3..4e92ca6 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -1125,7 +1125,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1128,7 +1128,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -42152,7 +42239,7 @@ index ae208f6..48b6c5b 100644 { sysfs_attr_init(&attr->attr); diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c -index bbb0b0d..9fe1332 100644 +index 1599310..cd9525c 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -823,7 +823,7 @@ static int coretemp_cpu_callback(struct notifier_block *nfb, @@ -43438,10 +43525,10 @@ index b604564..3f14ae4 100644 return count; diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c -index 8f4c4ab..5fc8a45 100644 +index b29134d..394deb0 100644 --- a/drivers/input/serio/serio.c +++ b/drivers/input/serio/serio.c -@@ -505,7 +505,7 @@ static void serio_release_port(struct device *dev) +@@ -514,7 +514,7 @@ static void serio_release_port(struct device *dev) */ static void serio_init_port(struct serio *serio) { @@ -43450,7 +43537,7 @@ index 8f4c4ab..5fc8a45 100644 __module_get(THIS_MODULE); -@@ -516,7 +516,7 @@ static void serio_init_port(struct serio *serio) +@@ -525,7 +525,7 @@ static void serio_init_port(struct serio *serio) mutex_init(&serio->drv_mutex); device_initialize(&serio->dev); dev_set_name(&serio->dev, "serio%ld", @@ -43525,7 +43612,7 @@ index 228632c9..edfe331 100644 bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip) diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c -index 341c601..e5f407e 100644 +index ac2d41b..c657aa4 100644 --- a/drivers/irqchip/irq-gic.c +++ b/drivers/irqchip/irq-gic.c @@ -84,7 +84,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly; @@ -43537,7 +43624,7 @@ index 341c601..e5f407e 100644 .irq_eoi = NULL, .irq_mask = NULL, .irq_unmask = NULL, -@@ -332,7 +332,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) +@@ -336,7 +336,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) chained_irq_exit(chip, desc); } @@ -44429,7 +44516,7 @@ index 8c53b09..f1fb2b0 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 4ad5cc4..0f19664 100644 +index 51c431c..be0fbd6 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -44623,10 +44710,10 @@ index 56e24c0..e1c8e1f 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 33fc408..fc61709 100644 +index cb882aa..9bd076e 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1948,7 +1948,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -44635,7 +44722,7 @@ index 33fc408..fc61709 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2306,7 +2306,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2307,7 +2307,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -44644,7 +44731,7 @@ index 33fc408..fc61709 100644 ktime_get_ts(&cur_time_mon); -@@ -2328,9 +2328,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2329,9 +2329,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -44656,7 +44743,7 @@ index 33fc408..fc61709 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2384,8 +2384,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2385,8 +2385,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -44667,7 +44754,7 @@ index 33fc408..fc61709 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2393,7 +2393,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2394,7 +2394,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -44676,7 +44763,7 @@ index 33fc408..fc61709 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2548,7 +2548,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2549,7 +2549,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -44750,18 +44837,6 @@ index 9b6c3bb..baeb5c7 100644 #if IS_ENABLED(CONFIG_DVB_DIB3000MB) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, -diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c -index d5a7a13..703560f 100644 ---- a/drivers/media/media-device.c -+++ b/drivers/media/media-device.c -@@ -93,6 +93,7 @@ static long media_device_enum_entities(struct media_device *mdev, - struct media_entity *ent; - struct media_entity_desc u_ent; - -+ memset(&u_ent, 0, sizeof(u_ent)); - if (copy_from_user(&u_ent.id, &uent->id, sizeof(u_ent.id))) - return -EFAULT; - diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c index ed8cb90..5ef7f79 100644 --- a/drivers/media/pci/cx88/cx88-video.c @@ -45096,10 +45171,10 @@ index ae0f56a..ec71784 100644 /* debug */ static int dvb_usb_dw2102_debug; diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c -index b63a5e5..b16a062 100644 +index fca336b..fb70ab7 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c -@@ -326,7 +326,7 @@ struct v4l2_buffer32 { +@@ -328,7 +328,7 @@ struct v4l2_buffer32 { __u32 reserved; }; @@ -45108,7 +45183,7 @@ index b63a5e5..b16a062 100644 enum v4l2_memory memory) { void __user *up_pln; -@@ -355,7 +355,7 @@ static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32, +@@ -357,7 +357,7 @@ static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32, return 0; } @@ -45117,7 +45192,7 @@ index b63a5e5..b16a062 100644 enum v4l2_memory memory) { if (copy_in_user(up32, up, 2 * sizeof(__u32)) || -@@ -425,7 +425,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user +@@ -427,7 +427,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user * by passing a very big num_planes value */ uplane = compat_alloc_user_space(num_planes * sizeof(struct v4l2_plane)); @@ -45126,7 +45201,7 @@ index b63a5e5..b16a062 100644 while (--num_planes >= 0) { ret = get_v4l2_plane32(uplane, uplane32, kp->memory); -@@ -496,7 +496,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user +@@ -498,7 +498,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user if (num_planes == 0) return 0; @@ -45135,7 +45210,7 @@ index b63a5e5..b16a062 100644 if (get_user(p, &up->m.planes)) return -EFAULT; uplane32 = compat_ptr(p); -@@ -550,7 +550,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_frame +@@ -552,7 +552,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_frame get_user(kp->capability, &up->capability) || get_user(kp->flags, &up->flags)) return -EFAULT; @@ -45144,7 +45219,7 @@ index b63a5e5..b16a062 100644 get_v4l2_pix_format(&kp->fmt, &up->fmt); return 0; } -@@ -656,7 +656,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext +@@ -658,7 +658,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext n * sizeof(struct v4l2_ext_control32))) return -EFAULT; kcontrols = compat_alloc_user_space(n * sizeof(struct v4l2_ext_control)); @@ -45153,7 +45228,7 @@ index b63a5e5..b16a062 100644 while (--n >= 0) { if (copy_in_user(kcontrols, ucontrols, sizeof(*ucontrols))) return -EFAULT; -@@ -678,7 +678,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext +@@ -680,7 +680,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up) { struct v4l2_ext_control32 __user *ucontrols; @@ -45162,7 +45237,7 @@ index b63a5e5..b16a062 100644 int n = kp->count; compat_caddr_t p; -@@ -772,7 +772,7 @@ static int put_v4l2_subdev_edid32(struct v4l2_subdev_edid *kp, struct v4l2_subde +@@ -774,7 +774,7 @@ static int put_v4l2_subdev_edid32(struct v4l2_subdev_edid *kp, struct v4l2_subde put_user(kp->start_block, &up->start_block) || put_user(kp->blocks, &up->blocks) || put_user(tmp, &up->edid) || @@ -45576,18 +45651,6 @@ index d1a22aa..d0f7bf7 100644 static char **event_name; static u8 avg_sample = SAMPLE_16; -diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c -index 81b7d88..95ae998 100644 ---- a/drivers/mfd/janz-cmodio.c -+++ b/drivers/mfd/janz-cmodio.c -@@ -13,6 +13,7 @@ - - #include <linux/kernel.h> - #include <linux/module.h> -+#include <linux/slab.h> - #include <linux/init.h> - #include <linux/pci.h> - #include <linux/interrupt.h> diff --git a/drivers/mfd/max8925-i2c.c b/drivers/mfd/max8925-i2c.c index a83eed5..62a58a9 100644 --- a/drivers/mfd/max8925-i2c.c @@ -46525,6 +46588,18 @@ index be7d7a6..a8983f8 100644 break; default: dev_err(&adapter->pdev->dev, "Invalid Virtual NIC opmode\n"); +diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c +index 7d4f549..3e46c89 100644 +--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c ++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c +@@ -1022,6 +1022,7 @@ static int qlcnic_dcb_peer_app_info(struct net_device *netdev, + struct qlcnic_dcb_cee *peer; + int i; + ++ memset(info, 0, sizeof(*info)); + *app_count = 0; + + if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state)) diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c index 7763962..c3499a7 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c @@ -47599,7 +47674,7 @@ index ea7e70c..bc0c45f 100644 data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled", data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled", diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index f950780..be9df93 100644 +index 8d42fd9..d923d65 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c @@ -1365,7 +1365,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, @@ -50157,10 +50232,10 @@ index df5e961..df6b97f 100644 return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index d0b28bb..a263613 100644 +index fbf3b22..f5c8b60 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -1971,7 +1971,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -1980,7 +1980,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -50722,10 +50797,10 @@ index 24884ca..26c8220 100644 login->tgt_agt = sbp_target_agent_register(login); if (IS_ERR(login->tgt_agt)) { diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 65001e1..2ebfbb9 100644 +index 26416c1..e796a3d 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c -@@ -1520,7 +1520,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) +@@ -1524,7 +1524,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); sema_init(&dev->caw_sem, 1); @@ -50735,10 +50810,10 @@ index 65001e1..2ebfbb9 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 2956250..b10f722 100644 +index 98b48d4..f4297e5 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1136,7 +1136,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1137,7 +1137,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -56361,19 +56436,6 @@ index 370b24c..ff0be7b 100644 ---help--- A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used -diff --git a/fs/affs/super.c b/fs/affs/super.c -index d098731..9a5b19d 100644 ---- a/fs/affs/super.c -+++ b/fs/affs/super.c -@@ -336,8 +336,6 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent) - &blocksize,&sbi->s_prefix, - sbi->s_volume, &mount_flags)) { - printk(KERN_ERR "AFFS: Error parsing options\n"); -- kfree(sbi->s_prefix); -- kfree(sbi); - return -EINVAL; - } - /* N.B. after this point s_prefix must be released */ diff --git a/fs/afs/inode.c b/fs/afs/inode.c index ce25d75..dc09eeb 100644 --- a/fs/afs/inode.c @@ -56397,7 +56459,7 @@ index ce25d75..dc09eeb 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 12a3de0e..25949c1 100644 +index 04cd768..25949c1 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -375,7 +375,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -56409,19 +56471,6 @@ index 12a3de0e..25949c1 100644 return -EINVAL; file = aio_private_file(ctx, nr_pages); -@@ -1299,10 +1299,8 @@ rw_common: - &iovec, compat) - : aio_setup_single_vector(req, rw, buf, &nr_segs, - iovec); -- if (ret) -- return ret; -- -- ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes); -+ if (!ret) -+ ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes); - if (ret < 0) { - if (iovec != &inline_vec) - kfree(iovec); diff --git a/fs/attr.c b/fs/attr.c index 5d4e59d..fd02418 100644 --- a/fs/attr.c @@ -57893,7 +57942,7 @@ index ebaff36..7e3ea26 100644 kunmap(page); file_end_write(file); diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 45eda6d..9126f7f 100644 +index 5e0982a..b7e82bc 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -248,7 +248,7 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) @@ -58627,27 +58676,10 @@ index e081acb..911df21 100644 /* * We'll have a dentry and an inode for diff --git a/fs/coredump.c b/fs/coredump.c -index e3ad709..836c55f 100644 +index 0b2528f..836c55f 100644 --- a/fs/coredump.c +++ b/fs/coredump.c -@@ -73,10 +73,15 @@ static int expand_corename(struct core_name *cn, int size) - static int cn_vprintf(struct core_name *cn, const char *fmt, va_list arg) - { - int free, need; -+ va_list arg_copy; - - again: - free = cn->size - cn->used; -- need = vsnprintf(cn->corename + cn->used, free, fmt, arg); -+ -+ va_copy(arg_copy, arg); -+ need = vsnprintf(cn->corename + cn->used, free, fmt, arg_copy); -+ va_end(arg_copy); -+ - if (need < free) { - cn->used += need; - return 0; -@@ -437,8 +442,8 @@ static void wait_for_dump_helpers(struct file *file) +@@ -442,8 +442,8 @@ static void wait_for_dump_helpers(struct file *file) struct pipe_inode_info *pipe = file->private_data; pipe_lock(pipe); @@ -58658,7 +58690,7 @@ index e3ad709..836c55f 100644 wake_up_interruptible_sync(&pipe->wait); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); pipe_unlock(pipe); -@@ -447,11 +452,11 @@ static void wait_for_dump_helpers(struct file *file) +@@ -452,11 +452,11 @@ static void wait_for_dump_helpers(struct file *file) * We actually want wait_event_freezable() but then we need * to clear TIF_SIGPENDING and improve dump_interrupted(). */ @@ -58673,7 +58705,7 @@ index e3ad709..836c55f 100644 pipe_unlock(pipe); } -@@ -498,7 +503,9 @@ void do_coredump(const siginfo_t *siginfo) +@@ -503,7 +503,9 @@ void do_coredump(const siginfo_t *siginfo) struct files_struct *displaced; bool need_nonrelative = false; bool core_dumped = false; @@ -58684,7 +58716,7 @@ index e3ad709..836c55f 100644 struct coredump_params cprm = { .siginfo = siginfo, .regs = signal_pt_regs(), -@@ -511,12 +518,17 @@ void do_coredump(const siginfo_t *siginfo) +@@ -516,12 +518,17 @@ void do_coredump(const siginfo_t *siginfo) .mm_flags = mm->flags, }; @@ -58704,7 +58736,7 @@ index e3ad709..836c55f 100644 goto fail; cred = prepare_creds(); -@@ -535,7 +547,7 @@ void do_coredump(const siginfo_t *siginfo) +@@ -540,7 +547,7 @@ void do_coredump(const siginfo_t *siginfo) need_nonrelative = true; } @@ -58713,7 +58745,7 @@ index e3ad709..836c55f 100644 if (retval < 0) goto fail_creds; -@@ -578,7 +590,7 @@ void do_coredump(const siginfo_t *siginfo) +@@ -583,7 +590,7 @@ void do_coredump(const siginfo_t *siginfo) } cprm.limit = RLIM_INFINITY; @@ -58722,7 +58754,7 @@ index e3ad709..836c55f 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -610,6 +622,8 @@ void do_coredump(const siginfo_t *siginfo) +@@ -615,6 +622,8 @@ void do_coredump(const siginfo_t *siginfo) } else { struct inode *inode; @@ -58731,7 +58763,7 @@ index e3ad709..836c55f 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -668,7 +682,7 @@ close_fail: +@@ -673,7 +682,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -58740,7 +58772,7 @@ index e3ad709..836c55f 100644 fail_unlock: kfree(cn.corename); coredump_finish(mm, core_dumped); -@@ -689,6 +703,8 @@ int dump_emit(struct coredump_params *cprm, const void *addr, int nr) +@@ -694,6 +703,8 @@ int dump_emit(struct coredump_params *cprm, const void *addr, int nr) struct file *file = cprm->file; loff_t pos = file->f_pos; ssize_t n; @@ -58750,7 +58782,7 @@ index e3ad709..836c55f 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index ca02c13..7e2b581 100644 +index 7f3b400..9c911f2 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) @@ -58762,7 +58794,7 @@ index ca02c13..7e2b581 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -3431,7 +3431,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3430,7 +3430,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -58815,7 +58847,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 3d78fcc..75b208f 100644 +index 31e46b1..f5c70a3 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,8 +55,20 @@ @@ -59306,7 +59338,7 @@ index 3d78fcc..75b208f 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1626,3 +1801,311 @@ asmlinkage long compat_sys_execve(const char __user * filename, +@@ -1626,3 +1801,312 @@ asmlinkage long compat_sys_execve(const char __user * filename, return compat_do_execve(getname(filename), argv, envp); } #endif @@ -59561,9 +59593,10 @@ index 3d78fcc..75b208f 100644 +#endif + +#ifndef CONFIG_STACK_GROWSUP -+ const void * stackstart = task_stack_page(current); -+ if (unlikely(current_stack_pointer < stackstart + 512 || -+ current_stack_pointer >= stackstart + THREAD_SIZE)) ++ unsigned long stackstart = (unsigned long)task_stack_page(current); ++ unsigned long currentsp = (unsigned long)&stackstart; ++ if (unlikely(currentsp < stackstart + 512 || ++ currentsp >= stackstart + THREAD_SIZE)) + BUG(); +#endif + @@ -61691,7 +61724,7 @@ index 39c0143..d54fad4 100644 unsigned long hash = init_name_hash(); unsigned int len = strlen(name); diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c -index dbf397b..d624b48 100644 +index d29640b..32d2b6b 100644 --- a/fs/kernfs/file.c +++ b/fs/kernfs/file.c @@ -33,7 +33,7 @@ static DEFINE_MUTEX(kernfs_open_file_mutex); @@ -61728,7 +61761,7 @@ index dbf397b..d624b48 100644 if (!of->vm_ops) return -EINVAL; -@@ -557,7 +557,7 @@ static int kernfs_get_open_node(struct kernfs_node *kn, +@@ -559,7 +559,7 @@ static int kernfs_get_open_node(struct kernfs_node *kn, return -ENOMEM; atomic_set(&new_on->refcnt, 0); @@ -61737,7 +61770,7 @@ index dbf397b..d624b48 100644 init_waitqueue_head(&new_on->poll); INIT_LIST_HEAD(&new_on->files); goto retry; -@@ -754,7 +754,7 @@ static unsigned int kernfs_fop_poll(struct file *filp, poll_table *wait) +@@ -756,7 +756,7 @@ static unsigned int kernfs_fop_poll(struct file *filp, poll_table *wait) kernfs_put_active(kn); @@ -61746,7 +61779,7 @@ index dbf397b..d624b48 100644 goto trigger; return DEFAULT_POLLMASK; -@@ -779,7 +779,7 @@ void kernfs_notify(struct kernfs_node *kn) +@@ -781,7 +781,7 @@ void kernfs_notify(struct kernfs_node *kn) if (!WARN_ON(kernfs_type(kn) != KERNFS_FILE)) { on = kn->attr.open; if (on) { @@ -61871,7 +61904,7 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index 4b491b4..a0166f9 100644 +index 4a3c105..0d718f4 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -330,16 +330,32 @@ int generic_permission(struct inode *inode, int mask) @@ -63321,7 +63354,7 @@ index 78fd0d0..f71fc09 100644 ret = -ERESTARTSYS; goto err; diff --git a/fs/posix_acl.c b/fs/posix_acl.c -index 9e363e4..d936d15 100644 +index 0855f77..6787d50 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -20,6 +20,7 @@ @@ -63332,7 +63365,7 @@ index 9e363e4..d936d15 100644 struct posix_acl **acl_by_type(struct inode *inode, int type) { -@@ -271,7 +272,7 @@ posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p) +@@ -277,7 +278,7 @@ posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p) } } if (mode_p) @@ -63341,7 +63374,7 @@ index 9e363e4..d936d15 100644 return not_equiv; } EXPORT_SYMBOL(posix_acl_equiv_mode); -@@ -421,7 +422,7 @@ static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p) +@@ -427,7 +428,7 @@ static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p) mode &= (group_obj->e_perm << 3) | ~S_IRWXG; } @@ -63350,7 +63383,7 @@ index 9e363e4..d936d15 100644 return not_equiv; } -@@ -479,6 +480,8 @@ __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p) +@@ -485,6 +486,8 @@ __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p) struct posix_acl *clone = posix_acl_clone(*acl, gfp); int err = -ENOMEM; if (clone) { @@ -63359,7 +63392,7 @@ index 9e363e4..d936d15 100644 err = posix_acl_create_masq(clone, mode_p); if (err < 0) { posix_acl_release(clone); -@@ -653,11 +656,12 @@ struct posix_acl * +@@ -659,11 +662,12 @@ struct posix_acl * posix_acl_from_xattr(struct user_namespace *user_ns, const void *value, size_t size) { @@ -63374,7 +63407,7 @@ index 9e363e4..d936d15 100644 if (!value) return NULL; -@@ -683,12 +687,18 @@ posix_acl_from_xattr(struct user_namespace *user_ns, +@@ -689,12 +693,18 @@ posix_acl_from_xattr(struct user_namespace *user_ns, switch(acl_e->e_tag) { case ACL_USER_OBJ: @@ -63393,7 +63426,7 @@ index 9e363e4..d936d15 100644 acl_e->e_uid = make_kuid(user_ns, le32_to_cpu(entry->e_id)); -@@ -696,6 +706,7 @@ posix_acl_from_xattr(struct user_namespace *user_ns, +@@ -702,6 +712,7 @@ posix_acl_from_xattr(struct user_namespace *user_ns, goto fail; break; case ACL_GROUP: @@ -65662,25 +65695,6 @@ index ee0d761..b346c58 100644 return PTR_ERR(kn); } -diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c -index 810cf6e..5fd2bf1 100644 ---- a/fs/sysfs/file.c -+++ b/fs/sysfs/file.c -@@ -47,12 +47,13 @@ static int sysfs_kf_seq_show(struct seq_file *sf, void *v) - ssize_t count; - char *buf; - -- /* acquire buffer and ensure that it's >= PAGE_SIZE */ -+ /* acquire buffer and ensure that it's >= PAGE_SIZE and clear */ - count = seq_get_buf(sf, &buf); - if (count < PAGE_SIZE) { - seq_commit(sf, -1); - return 0; - } -+ memset(buf, 0, PAGE_SIZE); - - /* - * Invoke show(). Control may reach here via seq file lseek even diff --git a/fs/sysv/sysv.h b/fs/sysv/sysv.h index 69d4889..a810bd4 100644 --- a/fs/sysv/sysv.h @@ -77314,6 +77328,19 @@ index b18ce4f..2ee2843 100644 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n)) + #endif /* _ASM_GENERIC_ATOMIC64_H */ +diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h +index 6f692f8..2ad9dd2 100644 +--- a/include/asm-generic/barrier.h ++++ b/include/asm-generic/barrier.h +@@ -66,7 +66,7 @@ + do { \ + compiletime_assert_atomic_type(*p); \ + smp_mb(); \ +- ACCESS_ONCE(*p) = (v); \ ++ ACCESS_ONCE_RW(*p) = (v); \ + } while (0) + + #define smp_load_acquire(p) \ diff --git a/include/asm-generic/bitops/__fls.h b/include/asm-generic/bitops/__fls.h index a60a7cc..0fe12f2 100644 --- a/include/asm-generic/bitops/__fls.h @@ -78448,10 +78475,10 @@ index fd4aee2..1f28db9 100644 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h -index c5c92d5..6a5c2b2 100644 +index 0a5f552..6661a5a 100644 --- a/include/linux/dmaengine.h +++ b/include/linux/dmaengine.h -@@ -1150,9 +1150,9 @@ struct dma_pinned_list { +@@ -1151,9 +1151,9 @@ struct dma_pinned_list { struct dma_pinned_list *dma_pin_iovec_pages(struct iovec *iov, size_t len); void dma_unpin_iovec_pages(struct dma_pinned_list* pinned_list); @@ -80277,10 +80304,10 @@ index 6df7f9f..d0bf699 100644 .files = &init_files, \ .signal = &init_signals, \ diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index a2678d3..e411b1b 100644 +index 203c43d..605836b 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h -@@ -373,8 +373,8 @@ extern const char * const softirq_to_name[NR_SOFTIRQS]; +@@ -411,8 +411,8 @@ extern const char * const softirq_to_name[NR_SOFTIRQS]; struct softirq_action { @@ -80291,7 +80318,7 @@ index a2678d3..e411b1b 100644 asmlinkage void do_softirq(void); asmlinkage void __do_softirq(void); -@@ -388,7 +388,7 @@ static inline void do_softirq_own_stack(void) +@@ -426,7 +426,7 @@ static inline void do_softirq_own_stack(void) } #endif @@ -80340,7 +80367,7 @@ index 35e7eca..6afb7ad 100644 extern struct ipc_namespace init_ipc_ns; extern atomic_t nr_ipc_ns; diff --git a/include/linux/irq.h b/include/linux/irq.h -index 7dc1003..407327b 100644 +index ef1ac9f..e1db06c 100644 --- a/include/linux/irq.h +++ b/include/linux/irq.h @@ -338,7 +338,8 @@ struct irq_chip { @@ -81417,6 +81444,36 @@ index 0000000..33f4af8 +}; + +#endif +diff --git a/include/linux/netlink.h b/include/linux/netlink.h +index aad8eea..034cda7 100644 +--- a/include/linux/netlink.h ++++ b/include/linux/netlink.h +@@ -16,9 +16,10 @@ static inline struct nlmsghdr *nlmsg_hdr(const struct sk_buff *skb) + } + + enum netlink_skb_flags { +- NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */ +- NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */ +- NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */ ++ NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */ ++ NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */ ++ NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */ ++ NETLINK_SKB_DST = 0x8, /* Dst set in sendto or sendmsg */ + }; + + struct netlink_skb_parms { +@@ -169,4 +170,11 @@ struct netlink_tap { + extern int netlink_add_tap(struct netlink_tap *nt); + extern int netlink_remove_tap(struct netlink_tap *nt); + ++bool __netlink_ns_capable(const struct netlink_skb_parms *nsp, ++ struct user_namespace *ns, int cap); ++bool netlink_ns_capable(const struct sk_buff *skb, ++ struct user_namespace *ns, int cap); ++bool netlink_capable(const struct sk_buff *skb, int cap); ++bool netlink_net_capable(const struct sk_buff *skb, int cap); ++ + #endif /* __LINUX_NETLINK_H */ diff --git a/include/linux/nls.h b/include/linux/nls.h index 520681b..1d67ed2 100644 --- a/include/linux/nls.h @@ -81508,6 +81565,37 @@ index 5f2e559..7d59314 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot +diff --git a/include/linux/percpu-refcount.h b/include/linux/percpu-refcount.h +index 95961f0..0afb48f 100644 +--- a/include/linux/percpu-refcount.h ++++ b/include/linux/percpu-refcount.h +@@ -110,7 +110,7 @@ static inline void percpu_ref_get(struct percpu_ref *ref) + pcpu_count = ACCESS_ONCE(ref->pcpu_count); + + if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) +- __this_cpu_inc(*pcpu_count); ++ this_cpu_inc(*pcpu_count); + else + atomic_inc(&ref->count); + +@@ -139,7 +139,7 @@ static inline bool percpu_ref_tryget(struct percpu_ref *ref) + pcpu_count = ACCESS_ONCE(ref->pcpu_count); + + if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) { +- __this_cpu_inc(*pcpu_count); ++ this_cpu_inc(*pcpu_count); + ret = true; + } + +@@ -164,7 +164,7 @@ static inline void percpu_ref_put(struct percpu_ref *ref) + pcpu_count = ACCESS_ONCE(ref->pcpu_count); + + if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) +- __this_cpu_dec(*pcpu_count); ++ this_cpu_dec(*pcpu_count); + else if (unlikely(atomic_dec_and_test(&ref->count))) + ref->release(ref); + diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index e56b07f..aef789b 100644 --- a/include/linux/perf_event.h @@ -83638,7 +83726,7 @@ index c55aeed..b3393f4 100644 /** inet_connection_sock - INET connection oriented sock * diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h -index 6efe73c..fa94270 100644 +index 6efe73c..1a44af7 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h @@ -47,8 +47,8 @@ struct inet_peer { @@ -83652,12 +83740,11 @@ index 6efe73c..fa94270 100644 }; struct rcu_head rcu; struct inet_peer *gc_next; -@@ -177,16 +177,13 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) +@@ -177,16 +177,9 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) /* can be called with or without local BH being disabled */ static inline int inet_getid(struct inet_peer *p, int more) { - int old, new; -+ int id; more++; inet_peer_refcheck(p); - do { @@ -83667,10 +83754,7 @@ index 6efe73c..fa94270 100644 - new = 1; - } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old); - return new; -+ id = atomic_add_return_unchecked(more, &p->ip_id_count); -+ if (!id) -+ id = atomic_inc_return_unchecked(&p->ip_id_count); -+ return id; ++ return atomic_add_return_unchecked(more, &p->ip_id_count) - more; } #endif /* _NET_INETPEER_H */ @@ -83816,7 +83900,7 @@ index a61b98c..aade1eb 100644 int llc_sap_action_unitdata_ind(struct llc_sap *sap, struct sk_buff *skb); int llc_sap_action_send_ui(struct llc_sap *sap, struct sk_buff *skb); diff --git a/include/net/llc_s_st.h b/include/net/llc_s_st.h -index 567c681..cd73ac0 100644 +index 567c681..cd73ac02 100644 --- a/include/net/llc_s_st.h +++ b/include/net/llc_s_st.h @@ -20,7 +20,7 @@ struct llc_sap_state_trans { @@ -85668,10 +85752,68 @@ index d5f31c1..06646e1 100644 s.version = AUDIT_VERSION_LATEST; s.backlog_wait_time = audit_backlog_wait_time; diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 3b29605..f6c85d0 100644 +index 3b29605..3604797 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -1945,7 +1945,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -720,6 +720,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) + return AUDIT_BUILD_CONTEXT; + } + ++static int audit_in_mask(const struct audit_krule *rule, unsigned long val) ++{ ++ int word, bit; ++ ++ if (val > 0xffffffff) ++ return false; ++ ++ word = AUDIT_WORD(val); ++ if (word >= AUDIT_BITMASK_SIZE) ++ return false; ++ ++ bit = AUDIT_BIT(val); ++ ++ return rule->mask[word] & bit; ++} ++ + /* At syscall entry and exit time, this filter is called if the + * audit_state is not low enough that auditing cannot take place, but is + * also not high enough that we already know we have to write an audit +@@ -737,11 +753,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, + + rcu_read_lock(); + if (!list_empty(list)) { +- int word = AUDIT_WORD(ctx->major); +- int bit = AUDIT_BIT(ctx->major); +- + list_for_each_entry_rcu(e, list, list) { +- if ((e->rule.mask[word] & bit) == bit && ++ if (audit_in_mask(&e->rule, ctx->major) && + audit_filter_rules(tsk, &e->rule, ctx, NULL, + &state, false)) { + rcu_read_unlock(); +@@ -761,20 +774,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, + static int audit_filter_inode_name(struct task_struct *tsk, + struct audit_names *n, + struct audit_context *ctx) { +- int word, bit; + int h = audit_hash_ino((u32)n->ino); + struct list_head *list = &audit_inode_hash[h]; + struct audit_entry *e; + enum audit_state state; + +- word = AUDIT_WORD(ctx->major); +- bit = AUDIT_BIT(ctx->major); +- + if (list_empty(list)) + return 0; + + list_for_each_entry_rcu(e, list, list) { +- if ((e->rule.mask[word] & bit) == bit && ++ if (audit_in_mask(&e->rule, ctx->major) && + audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { + ctx->current_state = state; + return 1; +@@ -1945,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -85680,7 +85822,7 @@ index 3b29605..f6c85d0 100644 static int audit_set_loginuid_perm(kuid_t loginuid) { -@@ -2014,7 +2014,7 @@ int audit_set_loginuid(kuid_t loginuid) +@@ -2014,7 +2023,7 @@ int audit_set_loginuid(kuid_t loginuid) /* are we setting or clearing? */ if (uid_valid(loginuid)) @@ -86824,7 +86966,7 @@ index a17621c..d9e4b37 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 6801b37..bb6becca 100644 +index e3087af..8e3b90f 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -86835,6 +86977,24 @@ index 6801b37..bb6becca 100644 #include <linux/signal.h> #include <linux/export.h> #include <linux/magic.h> +@@ -188,7 +189,7 @@ struct futex_pi_state { + atomic_t refcount; + + union futex_key key; +-}; ++} __randomize_layout; + + /** + * struct futex_q - The hashed futex queue entry, one per waiting task +@@ -222,7 +223,7 @@ struct futex_q { + struct rt_mutex_waiter *rt_waiter; + union futex_key *requeue_pi_key; + u32 bitset; +-}; ++} __randomize_layout; + + static const struct futex_q futex_q_init = { + /* list gets initialized in queue_me()*/ @@ -380,6 +381,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -86856,7 +87016,7 @@ index 6801b37..bb6becca 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -2886,6 +2892,7 @@ static void __init futex_detect_cmpxchg(void) +@@ -3019,6 +3025,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; @@ -86864,7 +87024,7 @@ index 6801b37..bb6becca 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2897,8 +2904,11 @@ static void __init futex_detect_cmpxchg(void) +@@ -3030,8 +3037,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -86915,10 +87075,10 @@ index f45b75b..bfac6d5 100644 if (gcov_events_enabled) gcov_event(GCOV_REMOVE, info); diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 0909436..6037d22 100644 +index 04d0374..e7c3725 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c -@@ -1439,7 +1439,7 @@ void hrtimer_peek_ahead_timers(void) +@@ -1461,7 +1461,7 @@ void hrtimer_peek_ahead_timers(void) local_irq_restore(flags); } @@ -87113,7 +87273,7 @@ index e30ac0f..3528cac 100644 /* diff --git a/kernel/kexec.c b/kernel/kexec.c -index 60bafbe..a120f4f 100644 +index 18ff0b9..40b0eab 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -1045,7 +1045,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, @@ -87667,7 +87827,7 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index d24fcf2..2af3fd9 100644 +index 6716a1f..9ddc1e1 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -87715,7 +87875,7 @@ index d24fcf2..2af3fd9 100644 pr_warn("%s: per-cpu alignment %li > %li\n", mod->name, align, PAGE_SIZE); align = PAGE_SIZE; -@@ -1062,7 +1064,7 @@ struct module_attribute module_uevent = +@@ -1059,7 +1061,7 @@ struct module_attribute module_uevent = static ssize_t show_coresize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -87724,7 +87884,7 @@ index d24fcf2..2af3fd9 100644 } static struct module_attribute modinfo_coresize = -@@ -1071,7 +1073,7 @@ static struct module_attribute modinfo_coresize = +@@ -1068,7 +1070,7 @@ static struct module_attribute modinfo_coresize = static ssize_t show_initsize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -87733,7 +87893,7 @@ index d24fcf2..2af3fd9 100644 } static struct module_attribute modinfo_initsize = -@@ -1163,12 +1165,29 @@ static int check_version(Elf_Shdr *sechdrs, +@@ -1160,12 +1162,29 @@ static int check_version(Elf_Shdr *sechdrs, goto bad_version; } @@ -87763,7 +87923,7 @@ index d24fcf2..2af3fd9 100644 return 0; } -@@ -1284,7 +1303,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1281,7 +1300,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS @@ -87772,7 +87932,7 @@ index d24fcf2..2af3fd9 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; -@@ -1424,7 +1443,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) +@@ -1421,7 +1440,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) { unsigned int notes, loaded, i; struct module_notes_attrs *notes_attrs; @@ -87781,7 +87941,7 @@ index d24fcf2..2af3fd9 100644 /* failed to create section attributes, so can't create notes */ if (!mod->sect_attrs) -@@ -1536,7 +1555,7 @@ static void del_usage_links(struct module *mod) +@@ -1533,7 +1552,7 @@ static void del_usage_links(struct module *mod) static int module_add_modinfo_attrs(struct module *mod) { struct module_attribute *attr; @@ -87790,7 +87950,7 @@ index d24fcf2..2af3fd9 100644 int error = 0; int i; -@@ -1757,21 +1776,21 @@ static void set_section_ro_nx(void *base, +@@ -1754,21 +1773,21 @@ static void set_section_ro_nx(void *base, static void unset_module_core_ro_nx(struct module *mod) { @@ -87820,7 +87980,7 @@ index d24fcf2..2af3fd9 100644 set_memory_rw); } -@@ -1784,14 +1803,14 @@ void set_all_modules_text_rw(void) +@@ -1781,14 +1800,14 @@ void set_all_modules_text_rw(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -87841,7 +88001,7 @@ index d24fcf2..2af3fd9 100644 set_memory_rw); } } -@@ -1807,14 +1826,14 @@ void set_all_modules_text_ro(void) +@@ -1804,14 +1823,14 @@ void set_all_modules_text_ro(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -87862,7 +88022,7 @@ index d24fcf2..2af3fd9 100644 set_memory_ro); } } -@@ -1865,16 +1884,19 @@ static void free_module(struct module *mod) +@@ -1862,16 +1881,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -87885,7 +88045,7 @@ index d24fcf2..2af3fd9 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1943,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1940,9 +1962,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -87917,7 +88077,7 @@ index d24fcf2..2af3fd9 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1966,7 +2010,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1963,7 +2007,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -87927,7 +88087,7 @@ index d24fcf2..2af3fd9 100644 break; } -@@ -1985,11 +2031,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1982,11 +2028,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -87948,7 +88108,7 @@ index d24fcf2..2af3fd9 100644 return ret; } -@@ -2073,22 +2128,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2070,22 +2125,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -87975,7 +88135,7 @@ index d24fcf2..2af3fd9 100644 } pr_debug("Init section allocation order:\n"); -@@ -2102,23 +2147,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2099,23 +2144,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -88004,7 +88164,7 @@ index d24fcf2..2af3fd9 100644 } } -@@ -2291,7 +2326,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2288,7 +2323,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -88013,7 +88173,7 @@ index d24fcf2..2af3fd9 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2308,13 +2343,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2305,13 +2340,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -88031,7 +88191,7 @@ index d24fcf2..2af3fd9 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2332,12 +2367,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2329,12 +2364,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -88048,7 +88208,7 @@ index d24fcf2..2af3fd9 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2349,6 +2386,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2346,6 +2383,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -88057,7 +88217,7 @@ index d24fcf2..2af3fd9 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2382,17 +2421,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2379,17 +2418,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -88096,7 +88256,7 @@ index d24fcf2..2af3fd9 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2649,7 +2704,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2646,7 +2701,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) mod = (void *)info->sechdrs[info->index.mod].sh_addr; if (info->index.sym == 0) { @@ -88112,7 +88272,7 @@ index d24fcf2..2af3fd9 100644 return ERR_PTR(-ENOEXEC); } -@@ -2665,8 +2728,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2662,8 +2725,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -88127,7 +88287,7 @@ index d24fcf2..2af3fd9 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2691,7 +2760,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2688,7 +2757,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -88136,7 +88296,7 @@ index d24fcf2..2af3fd9 100644 return 0; } -@@ -2785,7 +2854,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2782,7 +2851,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -88145,7 +88305,7 @@ index d24fcf2..2af3fd9 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2795,11 +2864,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2792,11 +2861,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -88161,7 +88321,7 @@ index d24fcf2..2af3fd9 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2808,13 +2877,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2805,13 +2874,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -88211,7 +88371,7 @@ index d24fcf2..2af3fd9 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2825,16 +2926,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2822,16 +2923,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -88264,7 +88424,7 @@ index d24fcf2..2af3fd9 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2891,12 +3021,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2888,12 +3018,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -88283,7 +88443,7 @@ index d24fcf2..2af3fd9 100644 set_fs(old_fs); } -@@ -2953,8 +3083,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) +@@ -2950,8 +3080,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -88296,7 +88456,7 @@ index d24fcf2..2af3fd9 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2967,7 +3099,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2964,7 +3096,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -88306,7 +88466,7 @@ index d24fcf2..2af3fd9 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3021,16 +3155,16 @@ static int do_init_module(struct module *mod) +@@ -3018,16 +3152,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -88331,7 +88491,7 @@ index d24fcf2..2af3fd9 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3091,11 +3225,12 @@ static int do_init_module(struct module *mod) +@@ -3088,11 +3222,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -88349,7 +88509,7 @@ index d24fcf2..2af3fd9 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3238,9 +3373,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3235,9 +3370,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -88388,7 +88548,7 @@ index d24fcf2..2af3fd9 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3256,13 +3420,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3253,13 +3417,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -88401,7 +88561,7 @@ index d24fcf2..2af3fd9 100644 - dynamic_debug_setup(info->debug, info->num_debug); - /* Finally it's fully formed, ready to start executing. */ + /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ @@ -3297,11 +3454,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); @@ -90921,7 +91081,7 @@ index 1fb08f2..ca4bb1e 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index accfd24..e00f0c0 100644 +index 38f0d40..96b2ebf 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1366,7 +1366,7 @@ void update_process_times(int user_tick) @@ -90974,7 +91134,7 @@ index 4f3a3c03..04b7886 100644 ret = -EIO; diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index cd7f76d..553c805 100644 +index 868633e..921dc41 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1965,12 +1965,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) @@ -91008,7 +91168,7 @@ index cd7f76d..553c805 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) -@@ -4909,8 +4916,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, +@@ -4890,8 +4897,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, #ifdef CONFIG_FUNCTION_GRAPH_TRACER static int ftrace_graph_active; @@ -91017,7 +91177,7 @@ index cd7f76d..553c805 100644 int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) { return 0; -@@ -5086,6 +5091,10 @@ static void update_function_graph_func(void) +@@ -5067,6 +5072,10 @@ static void update_function_graph_func(void) ftrace_graph_entry = ftrace_graph_entry_test; } @@ -91028,7 +91188,7 @@ index cd7f76d..553c805 100644 int register_ftrace_graph(trace_func_graph_ret_t retfunc, trace_func_graph_ent_t entryfunc) { -@@ -5099,7 +5108,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, +@@ -5080,7 +5089,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, goto out; } @@ -91521,10 +91681,10 @@ index 4431610..4265616 100644 .thread_should_run = watchdog_should_run, .thread_fn = watchdog, diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index 193e977..26dd63f 100644 +index b6a3941..b68f191 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -4678,7 +4678,7 @@ static void rebind_workers(struct worker_pool *pool) +@@ -4702,7 +4702,7 @@ static void rebind_workers(struct worker_pool *pool) WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); worker_flags |= WORKER_REBOUND; worker_flags &= ~WORKER_UNBOUND; @@ -92745,7 +92905,7 @@ index 539eeb9..e24a987 100644 if (end == start) return error; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 90002ea..db1452d 100644 +index 66586bb..73ab487 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -92784,16 +92944,16 @@ index 90002ea..db1452d 100644 /* * We need/can do nothing about count=0 pages. -@@ -1092,7 +1092,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) - if (!PageHWPoison(hpage) - || (hwpoison_filter(p) && TestClearPageHWPoison(p)) - || (p != hpage && TestSetPageHWPoison(hpage))) { -- atomic_long_sub(nr_pages, &num_poisoned_pages); -+ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages); - return 0; - } - set_page_hwpoison_huge_page(hpage); -@@ -1161,7 +1161,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1091,7 +1091,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) + if (PageHWPoison(hpage)) { + if ((hwpoison_filter(p) && TestClearPageHWPoison(p)) + || (p != hpage && TestSetPageHWPoison(hpage))) { +- atomic_long_sub(nr_pages, &num_poisoned_pages); ++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages); + unlock_page(hpage); + return 0; + } +@@ -1162,7 +1162,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) } if (hwpoison_filter(p)) { if (TestClearPageHWPoison(p)) @@ -92802,7 +92962,7 @@ index 90002ea..db1452d 100644 unlock_page(hpage); put_page(hpage); return 0; -@@ -1383,7 +1383,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1384,7 +1384,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) @@ -92811,7 +92971,7 @@ index 90002ea..db1452d 100644 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1397,7 +1397,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1398,7 +1398,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); @@ -92820,7 +92980,7 @@ index 90002ea..db1452d 100644 freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1522,11 +1522,11 @@ static int soft_offline_huge_page(struct page *page, int flags) +@@ -1523,11 +1523,11 @@ static int soft_offline_huge_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -92834,7 +92994,7 @@ index 90002ea..db1452d 100644 } } return ret; -@@ -1565,7 +1565,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1566,7 +1566,7 @@ static int __soft_offline_page(struct page *page, int flags) put_page(page); pr_info("soft_offline: %#lx: invalidated\n", pfn); SetPageHWPoison(page); @@ -92843,7 +93003,7 @@ index 90002ea..db1452d 100644 return 0; } -@@ -1616,7 +1616,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1617,7 +1617,7 @@ static int __soft_offline_page(struct page *page, int flags) if (!is_free_buddy_page(page)) pr_info("soft offline: %#lx: page leaked\n", pfn); @@ -92852,7 +93012,7 @@ index 90002ea..db1452d 100644 } } else { pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", -@@ -1690,11 +1690,11 @@ int soft_offline_page(struct page *page, int flags) +@@ -1691,11 +1691,11 @@ int soft_offline_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -92867,7 +93027,7 @@ index 90002ea..db1452d 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 22dfa61..90d7ec5 100644 +index 49e930f..90d7ec5 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -92960,25 +93120,7 @@ index 22dfa61..90d7ec5 100644 return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -1929,12 +1924,17 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm, - unsigned long address, unsigned int fault_flags) - { - struct vm_area_struct *vma; -+ vm_flags_t vm_flags; - int ret; - - vma = find_extend_vma(mm, address); - if (!vma || address < vma->vm_start) - return -EFAULT; - -+ vm_flags = (fault_flags & FAULT_FLAG_WRITE) ? VM_WRITE : VM_READ; -+ if (!(vm_flags & vma->vm_flags)) -+ return -EFAULT; -+ - ret = handle_mm_fault(mm, vma, address, fault_flags); - if (ret & VM_FAULT_ERROR) { - if (ret & VM_FAULT_OOM) -@@ -2100,6 +2100,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2105,6 +2100,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -92989,7 +93131,7 @@ index 22dfa61..90d7ec5 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2144,9 +2148,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2149,9 +2148,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, if (!page_count(page)) return -EINVAL; if (!(vma->vm_flags & VM_MIXEDMAP)) { @@ -93011,7 +93153,7 @@ index 22dfa61..90d7ec5 100644 } return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2229,6 +2245,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -2234,6 +2245,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -93019,7 +93161,7 @@ index 22dfa61..90d7ec5 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2476,7 +2493,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -2481,7 +2493,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -93030,7 +93172,7 @@ index 22dfa61..90d7ec5 100644 if (!pmd) return -ENOMEM; do { -@@ -2496,7 +2515,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -2501,7 +2515,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -93041,7 +93183,7 @@ index 22dfa61..90d7ec5 100644 if (!pud) return -ENOMEM; do { -@@ -2586,6 +2607,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2591,6 +2607,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -93228,7 +93370,7 @@ index 22dfa61..90d7ec5 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2810,6 +3011,12 @@ gotten: +@@ -2815,6 +3011,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -93241,7 +93383,7 @@ index 22dfa61..90d7ec5 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2861,6 +3068,10 @@ gotten: +@@ -2866,6 +3068,10 @@ gotten: page_remove_rmap(old_page); } @@ -93252,7 +93394,7 @@ index 22dfa61..90d7ec5 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3138,6 +3349,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3143,6 +3349,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -93264,7 +93406,7 @@ index 22dfa61..90d7ec5 100644 unlock_page(page); if (page != swapcache) { /* -@@ -3161,6 +3377,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3166,6 +3377,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -93276,7 +93418,7 @@ index 22dfa61..90d7ec5 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3180,40 +3401,6 @@ out_release: +@@ -3185,40 +3401,6 @@ out_release: } /* @@ -93317,7 +93459,7 @@ index 22dfa61..90d7ec5 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3222,27 +3409,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3227,27 +3409,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -93350,7 +93492,7 @@ index 22dfa61..90d7ec5 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3266,6 +3449,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3271,6 +3449,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -93362,7 +93504,7 @@ index 22dfa61..90d7ec5 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3273,6 +3461,12 @@ setpte: +@@ -3278,6 +3461,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -93375,7 +93517,7 @@ index 22dfa61..90d7ec5 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3417,6 +3611,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3422,6 +3611,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -93388,7 +93530,7 @@ index 22dfa61..90d7ec5 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3438,6 +3638,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3443,6 +3638,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -93403,7 +93545,7 @@ index 22dfa61..90d7ec5 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3685,6 +3893,12 @@ static int handle_pte_fault(struct mm_struct *mm, +@@ -3690,6 +3893,12 @@ static int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -93416,7 +93558,7 @@ index 22dfa61..90d7ec5 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3701,9 +3915,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3706,9 +3915,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -93458,7 +93600,7 @@ index 22dfa61..90d7ec5 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3834,6 +4080,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3839,6 +4080,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -93482,7 +93624,7 @@ index 22dfa61..90d7ec5 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3864,6 +4127,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3869,6 +4127,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -93513,7 +93655,7 @@ index 22dfa61..90d7ec5 100644 #endif /* __PAGETABLE_PMD_FOLDED */ #if !defined(__HAVE_ARCH_GATE_AREA) -@@ -3877,7 +4164,7 @@ static int __init gate_vma_init(void) +@@ -3882,7 +4164,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -93522,7 +93664,7 @@ index 22dfa61..90d7ec5 100644 return 0; } -@@ -4011,8 +4298,8 @@ out: +@@ -4016,8 +4298,8 @@ out: return ret; } @@ -93533,7 +93675,7 @@ index 22dfa61..90d7ec5 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -4038,8 +4325,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); +@@ -4043,8 +4325,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -93544,7 +93686,7 @@ index 22dfa61..90d7ec5 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -4047,7 +4334,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4052,7 +4334,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -93553,7 +93695,7 @@ index 22dfa61..90d7ec5 100644 void *maddr; struct page *page = NULL; -@@ -4106,8 +4393,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4111,8 +4393,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -93564,7 +93706,7 @@ index 22dfa61..90d7ec5 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -4117,11 +4404,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -4122,11 +4404,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -95224,7 +95366,7 @@ index 769a67a..414d24f 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index 0843feb..c3cde48 100644 +index 05f1180..c3cde48 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -144,6 +144,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, @@ -95240,26 +95382,7 @@ index 0843feb..c3cde48 100644 pte = move_soft_dirty_pte(pte); set_pte_at(mm, new_addr, new_pte, pte); } -@@ -194,10 +200,17 @@ unsigned long move_page_tables(struct vm_area_struct *vma, - break; - if (pmd_trans_huge(*old_pmd)) { - int err = 0; -- if (extent == HPAGE_PMD_SIZE) -+ if (extent == HPAGE_PMD_SIZE) { -+ VM_BUG_ON(vma->vm_file || !vma->anon_vma); -+ /* See comment in move_ptes() */ -+ if (need_rmap_locks) -+ anon_vma_lock_write(vma->anon_vma); - err = move_huge_pmd(vma, new_vma, old_addr, - new_addr, old_end, - old_pmd, new_pmd); -+ if (need_rmap_locks) -+ anon_vma_unlock_write(vma->anon_vma); -+ } - if (err > 0) { - need_flush = true; - continue; -@@ -337,6 +350,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, +@@ -344,6 +350,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, if (is_vm_hugetlb_page(vma)) goto Einval; @@ -95271,7 +95394,7 @@ index 0843feb..c3cde48 100644 /* We can't remap across vm area boundaries */ if (old_len > vma->vm_end - addr) goto Efault; -@@ -392,20 +410,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, +@@ -399,20 +410,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, unsigned long ret = -EINVAL; unsigned long charged = 0; unsigned long map_flags; @@ -95302,7 +95425,7 @@ index 0843feb..c3cde48 100644 goto out; ret = do_munmap(mm, new_addr, new_len); -@@ -474,6 +497,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -481,6 +497,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, unsigned long ret = -EINVAL; unsigned long charged = 0; bool locked = false; @@ -95310,7 +95433,7 @@ index 0843feb..c3cde48 100644 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) return ret; -@@ -495,6 +519,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -502,6 +519,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, if (!new_len) return ret; @@ -95328,7 +95451,7 @@ index 0843feb..c3cde48 100644 down_write(¤t->mm->mmap_sem); if (flags & MREMAP_FIXED) { -@@ -545,6 +580,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -552,6 +580,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, new_addr = addr; } ret = addr; @@ -95336,7 +95459,7 @@ index 0843feb..c3cde48 100644 goto out; } } -@@ -568,7 +604,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -575,7 +604,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, goto out; } @@ -95417,10 +95540,10 @@ index 8740213..f87e25b 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index 7106cb1..0805f48 100644 +index 8f6daa6..1f8587c 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c -@@ -685,7 +685,7 @@ static inline long long pos_ratio_polynom(unsigned long setpoint, +@@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, * card's bdi_dirty may rush to many times higher than bdi_setpoint. * - the bdi dirty thresh drops quickly due to change of JBOD workload */ @@ -95555,7 +95678,7 @@ index 7c59ef6..1358905 100644 }; diff --git a/mm/percpu.c b/mm/percpu.c -index 036cfe0..980d0fa 100644 +index a2a54a8..43ecb68 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; @@ -95619,7 +95742,7 @@ index fd26d04..0cea1b0 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index d3cbac5..0788da4 100644 +index d3cbac5..3784601 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -95721,6 +95844,18 @@ index d3cbac5..0788da4 100644 } /* +@@ -1554,10 +1590,9 @@ void __put_anon_vma(struct anon_vma *anon_vma) + { + struct anon_vma *root = anon_vma->root; + ++ anon_vma_free(anon_vma); + if (root != anon_vma && atomic_dec_and_test(&root->refcount)) + anon_vma_free(root); +- +- anon_vma_free(anon_vma); + } + + static struct anon_vma *rmap_walk_anon_lock(struct page *page, diff --git a/mm/shmem.c b/mm/shmem.c index 1f18c9d..3e03d33 100644 --- a/mm/shmem.c @@ -97864,7 +97999,7 @@ index b543470..d2ddae2 100644 if (!can_dir) { printk(KERN_INFO "can: failed to create /proc/net/can . " diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 30efc5c..cfa1bbc 100644 +index 988721a..947846d 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con); @@ -100377,7 +100512,7 @@ index 767ab8d..c5ec70a 100644 return -ENOMEM; } diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c -index 827f795..7e28e82 100644 +index 827f795..bdff9eb 100644 --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c @@ -9,8 +9,8 @@ @@ -100391,7 +100526,7 @@ index 827f795..7e28e82 100644 #if IS_ENABLED(CONFIG_IPV6) if (rt && !(rt->dst.flags & DST_NOPEER)) { -@@ -26,13 +26,10 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) +@@ -26,13 +26,8 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) } } #endif @@ -100403,8 +100538,6 @@ index 827f795..7e28e82 100644 - } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old); - fhdr->identification = htonl(new); + id = atomic_inc_return_unchecked(&ipv6_fragmentation_id); -+ if (!id) -+ id = atomic_inc_return_unchecked(&ipv6_fragmentation_id); + fhdr->identification = htonl(id); } EXPORT_SYMBOL(ipv6_select_ident); @@ -100950,7 +101083,7 @@ index b9ac598..f88cc56 100644 return; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index c4b7218..3e83259 100644 +index c4b7218..c7e9f14 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -773,10 +773,10 @@ static int iucv_sock_autobind(struct sock *sk) @@ -100966,6 +101099,15 @@ index c4b7218..3e83259 100644 } write_unlock_bh(&iucv_sk_list.lock); +@@ -1829,7 +1829,7 @@ static void iucv_callback_txdone(struct iucv_path *path, + spin_lock_irqsave(&list->lock, flags); + + while (list_skb != (struct sk_buff *)list) { +- if (msg->tag != IUCV_SKB_CB(list_skb)->tag) { ++ if (msg->tag == IUCV_SKB_CB(list_skb)->tag) { + this = list_skb; + break; + } diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c index cd5b8ec..f205e6b 100644 --- a/net/iucv/iucv.c @@ -101065,7 +101207,7 @@ index 453e974..b3a43a5 100644 if (local->use_chanctx) *chandef = local->monitor_chandef; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 6bd4984..d8805c5 100644 +index b127902..9dc4947 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -101076,7 +101218,7 @@ index 6bd4984..d8805c5 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -994,7 +995,7 @@ struct ieee80211_local { +@@ -995,7 +996,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -101232,7 +101374,7 @@ index 6ff1346..936ca9a 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index b8700d4..89086d5 100644 +index 6427625..afa5a5a 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -1483,7 +1483,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) @@ -101849,7 +101991,7 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 04748ab6..ca8f86f 100644 +index 04748ab6..c72ef1f 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk) @@ -101861,7 +102003,137 @@ index 04748ab6..ca8f86f 100644 } static void netlink_rcv_wake(struct sock *sk) -@@ -2933,7 +2933,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -1360,7 +1360,74 @@ retry: + return err; + } + +-static inline int netlink_capable(const struct socket *sock, unsigned int flag) ++/** ++ * __netlink_ns_capable - General netlink message capability test ++ * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace. ++ * @user_ns: The user namespace of the capability to use ++ * @cap: The capability to use ++ * ++ * Test to see if the opener of the socket we received the message ++ * from had when the netlink socket was created and the sender of the ++ * message has has the capability @cap in the user namespace @user_ns. ++ */ ++bool __netlink_ns_capable(const struct netlink_skb_parms *nsp, ++ struct user_namespace *user_ns, int cap) ++{ ++ return ((nsp->flags & NETLINK_SKB_DST) || ++ file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) && ++ ns_capable(user_ns, cap); ++} ++EXPORT_SYMBOL(__netlink_ns_capable); ++ ++/** ++ * netlink_ns_capable - General netlink message capability test ++ * @skb: socket buffer holding a netlink command from userspace ++ * @user_ns: The user namespace of the capability to use ++ * @cap: The capability to use ++ * ++ * Test to see if the opener of the socket we received the message ++ * from had when the netlink socket was created and the sender of the ++ * message has has the capability @cap in the user namespace @user_ns. ++ */ ++bool netlink_ns_capable(const struct sk_buff *skb, ++ struct user_namespace *user_ns, int cap) ++{ ++ return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap); ++} ++EXPORT_SYMBOL(netlink_ns_capable); ++ ++/** ++ * netlink_capable - Netlink global message capability test ++ * @skb: socket buffer holding a netlink command from userspace ++ * @cap: The capability to use ++ * ++ * Test to see if the opener of the socket we received the message ++ * from had when the netlink socket was created and the sender of the ++ * message has has the capability @cap in all user namespaces. ++ */ ++bool netlink_capable(const struct sk_buff *skb, int cap) ++{ ++ return netlink_ns_capable(skb, &init_user_ns, cap); ++} ++EXPORT_SYMBOL(netlink_capable); ++ ++/** ++ * netlink_net_capable - Netlink network namespace message capability test ++ * @skb: socket buffer holding a netlink command from userspace ++ * @cap: The capability to use ++ * ++ * Test to see if the opener of the socket we received the message ++ * from had when the netlink socket was created and the sender of the ++ * message has has the capability @cap over the network namespace of ++ * the socket we received the message from. ++ */ ++bool netlink_net_capable(const struct sk_buff *skb, int cap) ++{ ++ return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap); ++} ++EXPORT_SYMBOL(netlink_net_capable); ++ ++static inline int netlink_allowed(const struct socket *sock, unsigned int flag) + { + return (nl_table[sock->sk->sk_protocol].flags & flag) || + ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); +@@ -1428,7 +1495,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, + + /* Only superuser is allowed to listen multicasts */ + if (nladdr->nl_groups) { +- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV)) ++ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV)) + return -EPERM; + err = netlink_realloc_groups(sk); + if (err) +@@ -1490,7 +1557,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, + return -EINVAL; + + if ((nladdr->nl_groups || nladdr->nl_pid) && +- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) ++ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) + return -EPERM; + + if (!nlk->portid) +@@ -2096,7 +2163,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname, + break; + case NETLINK_ADD_MEMBERSHIP: + case NETLINK_DROP_MEMBERSHIP: { +- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV)) ++ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV)) + return -EPERM; + err = netlink_realloc_groups(sk); + if (err) +@@ -2228,6 +2295,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, + struct sk_buff *skb; + int err; + struct scm_cookie scm; ++ u32 netlink_skb_flags = 0; + + if (msg->msg_flags&MSG_OOB) + return -EOPNOTSUPP; +@@ -2247,8 +2315,9 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, + dst_group = ffs(addr->nl_groups); + err = -EPERM; + if ((dst_group || dst_portid) && +- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) ++ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) + goto out; ++ netlink_skb_flags |= NETLINK_SKB_DST; + } else { + dst_portid = nlk->dst_portid; + dst_group = nlk->dst_group; +@@ -2278,6 +2347,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, + NETLINK_CB(skb).portid = nlk->portid; + NETLINK_CB(skb).dst_group = dst_group; + NETLINK_CB(skb).creds = siocb->scm->creds; ++ NETLINK_CB(skb).flags = netlink_skb_flags; + + err = -EFAULT; + if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { +@@ -2933,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, atomic_read(&s->sk_refcnt), @@ -104142,10 +104414,10 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..1ea5a01 100644 +index beb86b5..1776e5eb7 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,960 @@ +@@ -4,6 +4,957 @@ menu "Security options" @@ -104804,8 +105076,7 @@ index beb86b5..1ea5a01 100644 + guess them in most cases. Any failed guess will most likely crash + the attacked program which allows the kernel to detect such attempts + and react on them. PaX itself provides no reaction mechanisms, -+ instead it is strongly encouraged that you make use of Nergal's -+ segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's ++ instead it is strongly encouraged that you make use of grsecurity's + (http://www.grsecurity.net/) built-in crash detection features or + develop one yourself. + @@ -104839,30 +105110,28 @@ index beb86b5..1ea5a01 100644 + configuration, this feature cannot be disabled on a per file basis. + +config PAX_RANDUSTACK -+ bool "Randomize user stack base" ++ bool ++ ++config PAX_RANDMMAP ++ bool "Randomize user stack and mmap() bases" + default y if GRKERNSEC_CONFIG_AUTO + depends on PAX_ASLR ++ select PAX_RANDUSTACK + help + By saying Y here the kernel will randomize every task's userland -+ stack. The randomization is done in two steps where the second ++ stack and use a randomized base address for mmap() requests that ++ do not specify one themselves. ++ ++ The stack randomization is done in two steps where the second + one may apply a big amount of shift to the top of the stack and + cause problems for programs that want to use lots of memory (more + than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is). -+ For this reason the second step can be controlled by 'chpax' or -+ 'paxctl' on a per file basis. + -+config PAX_RANDMMAP -+ bool "Randomize mmap() base" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on PAX_ASLR -+ help -+ By saying Y here the kernel will use a randomized base address for -+ mmap() requests that do not specify one themselves. As a result -+ all dynamically loaded libraries will appear at random addresses -+ and therefore be harder to exploit by a technique where an attacker -+ attempts to execute library code for his purposes (e.g. spawn a -+ shell from an exploited program that is running at an elevated -+ privilege level). ++ As a result of mmap randomization all dynamically loaded libraries ++ will appear at random addresses and therefore be harder to exploit ++ by a technique where an attacker attempts to execute library code ++ for his purposes (e.g. spawn a shell from an exploited program that ++ is running at an elevated privilege level). + + Furthermore, if a program is relinked as a dynamic ELF file, its + base address will be randomized as well, completing the full @@ -105106,7 +105375,7 @@ index beb86b5..1ea5a01 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1057,7 @@ config INTEL_TXT +@@ -103,7 +1054,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -114236,10 +114505,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..72e9c0e +index 0000000..8972f81 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5986 @@ +@@ -0,0 +1,5988 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -114337,6 +114606,7 @@ index 0000000..72e9c0e +lov_ost_pool_init_1215 lov_ost_pool_init 2 1215 NULL +fsync_buffers_list_1219 fsync_buffers_list 0 1219 NULL +kernfs_file_direct_read_1238 kernfs_file_direct_read 3 1238 NULL ++acpi_battery_write_alarm_1240 acpi_battery_write_alarm 3 1240 NULL +ocfs2_extend_file_1266 ocfs2_extend_file 3 1266 NULL +qla4xxx_change_queue_depth_1268 qla4xxx_change_queue_depth 2 1268 NULL +ioctl_private_iw_point_1273 ioctl_private_iw_point 7 1273 NULL @@ -116620,6 +116890,7 @@ index 0000000..72e9c0e +keyctl_update_key_26061 keyctl_update_key 3 26061 NULL +btrfs_wait_ordered_range_26086 btrfs_wait_ordered_range 0 26086 NULL +rx_rx_wa_density_dropped_frame_read_26095 rx_rx_wa_density_dropped_frame_read 3 26095 NULL ++i8042_pnp_id_to_string_26108 i8042_pnp_id_to_string 3 26108 NULL +read_sb_page_26119 read_sb_page 5 26119 NULL +ath9k_hw_name_26146 ath9k_hw_name 3 26146 NULL +copy_oldmem_page_26164 copy_oldmem_page 3 26164 NULL @@ -121663,6 +121934,19 @@ index 6789d788..4afd019e 100644 + .endm + #endif +diff --git a/tools/virtio/linux/uaccess.h b/tools/virtio/linux/uaccess.h +index 0a578fe..b81f62d 100644 +--- a/tools/virtio/linux/uaccess.h ++++ b/tools/virtio/linux/uaccess.h +@@ -13,7 +13,7 @@ static inline void __chk_user_ptr(const volatile void *p, size_t size) + ({ \ + typeof(ptr) __pu_ptr = (ptr); \ + __chk_user_ptr(__pu_ptr, sizeof(*__pu_ptr)); \ +- ACCESS_ONCE(*(__pu_ptr)) = x; \ ++ ACCESS_ONCE_RW(*(__pu_ptr)) = x; \ + 0; \ + }) + diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 03a0381..8b31923 100644 --- a/virt/kvm/kvm_main.c diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index d5bb114659..db0a92a955 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.4 Kernel Configuration +# Linux/x86 3.14.6 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -200,6 +200,7 @@ CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLUB=y # CONFIG_SLOB is not set CONFIG_SLUB_CPU_PARTIAL=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_OPROFILE=m # CONFIG_OPROFILE_EVENT_MULTIPLEX is not set @@ -254,7 +255,6 @@ CONFIG_OLD_SIGACTION=y CONFIG_HAVE_GENERIC_DMA_COHERENT=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_MODULES=y # CONFIG_MODULE_FORCE_LOAD is not set CONFIG_MODULE_UNLOAD=y @@ -501,6 +501,7 @@ CONFIG_PM=y CONFIG_ACPI=y CONFIG_ACPI_SLEEP=y CONFIG_ACPI_PROCFS=y +# CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_EC_DEBUGFS=y CONFIG_ACPI_AC=m CONFIG_ACPI_BATTERY=m @@ -4617,7 +4618,7 @@ CONFIG_USB_WUSB_CBAF=m # CONFIG_USB_C67X00_HCD=m CONFIG_USB_XHCI_HCD=m -CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_HCD=m # CONFIG_USB_EHCI_ROOT_HUB_TT is not set # CONFIG_USB_EHCI_TT_NEWSCHED is not set CONFIG_USB_EHCI_PCI=m diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index b966e1ab02..1efcdffe07 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.4 Kernel Configuration +# Linux/x86 3.14.6 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -208,6 +208,7 @@ CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLUB=y # CONFIG_SLOB is not set CONFIG_SLUB_CPU_PARTIAL=y +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_PROFILING=y CONFIG_OPROFILE=m # CONFIG_OPROFILE_EVENT_MULTIPLEX is not set @@ -268,7 +269,6 @@ CONFIG_COMPAT_OLD_SIGACTION=y # CONFIG_HAVE_GENERIC_DMA_COHERENT is not set CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_MODULES=y # CONFIG_MODULE_FORCE_LOAD is not set CONFIG_MODULE_UNLOAD=y @@ -494,6 +494,7 @@ CONFIG_PM=y CONFIG_ACPI=y CONFIG_ACPI_SLEEP=y CONFIG_ACPI_PROCFS=y +# CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_EC_DEBUGFS=y CONFIG_ACPI_AC=m CONFIG_ACPI_BATTERY=m @@ -4444,7 +4445,7 @@ CONFIG_USB_WUSB_CBAF=m # CONFIG_USB_C67X00_HCD=m CONFIG_USB_XHCI_HCD=m -CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_HCD=m # CONFIG_USB_EHCI_ROOT_HUB_TT is not set # CONFIG_USB_EHCI_TT_NEWSCHED is not set CONFIG_USB_EHCI_PCI=m |