diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-10-20 08:55:24 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-10-20 08:55:24 +0000 |
commit | 78ed2b288501ad440ab03b405b5947f1ab26b6cf (patch) | |
tree | 9bddb2b55bb406c72b02a49bc19dd5a02a8c429f /main/linux-grsec | |
parent | d71c23151407b01882655a4829f6f9041df58dfe (diff) | |
download | aports-78ed2b288501ad440ab03b405b5947f1ab26b6cf.tar.bz2 aports-78ed2b288501ad440ab03b405b5947f1ab26b6cf.tar.xz |
main/linux-grsec: upgrade to 3.14.22
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 16 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.22-201410192047.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.21-201410131959.patch) | 779 |
2 files changed, 596 insertions, 199 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index b2b35856c7..14fe2df0e5 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.21 +pkgver=3.14.22 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.21-201410131959.patch + grsecurity-3.0-3.14.22-201410192047.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,24 +165,24 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -25debf3b5652cdd94df176cd4e36a9ed patch-3.14.21.xz -ae0b992f2329162d2341f4e5dc316eea grsecurity-3.0-3.14.21-201410131959.patch +6634fc5051468ef7ff96187edc108825 patch-3.14.22.xz +2a930c98841c849c7517828395d2583f grsecurity-3.0-3.14.22-201410192047.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 62b42fa80c62687a7ef80a12e8b45b5c kernelconfig.x86 2436ff9c1faa8e7fa41b4561b6a0ed0e kernelconfig.x86_64 3d79d27ce4aea637042bb70055c35a3d kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -5ab01f154f0cb8b9fc9a941617e48b601c964db41c07f86c0f003305ea84e28a patch-3.14.21.xz -f4bd4c52697957cdcf1fef51d0dcbe643ec272dc6ebe2e230e00bfc2599fcecd grsecurity-3.0-3.14.21-201410131959.patch +459d9a5d38d496a6448c896e39c342c71fee29c49da38192104d3acc4f0cdd43 patch-3.14.22.xz +816f9fee2e551b16a20aff3123325194299c03f8a397539fa72d2654016bd538 grsecurity-3.0-3.14.22-201410192047.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 913df933c3792af3d2ea48bb891c3ccdb319c03ac77f35ab591fcb5a5afffba1 kernelconfig.x86 f67ba0adba190845d353ea565aea8467bf558d719ed116bb3ff4c92fd431fd3b kernelconfig.x86_64 a2dc0e30e1d1d691768543a17b51efccfc11ef17c04ac08f2b54c95f25dab75d kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -fc75d0e9313d96438b5eeed677d208eae8953ce79e26904c4f6fe1c4525daa2293abe5bc5b1bb8b173f16122340ff34090a7f0944579c8213b6f5675e3c3d1c2 patch-3.14.21.xz -9d6a97995122e2ce45c4c819b06056cc14084f02993cc641a59b59a9cd00c5fe16d01881fe1cbbb038956314c750a29e907da0ea8627d9f4eab72f6a81e114f8 grsecurity-3.0-3.14.21-201410131959.patch +ccd02031badafe9c981cfc65d10eee674f76cd8bbcfd8d9765ec057b87dcb7d56583fb2b75eb0a6d14fa7aa028e15061aa79fe1618b40fb79dae6c0479e9202b patch-3.14.22.xz +8a673850de30772dedd1323fdaab02e3c0ad15669c9330c1b64b485b6b2153e651915e221f9a8f7d96098540b4aa95a15fd65a0e9a1e7c7b29a49c927e4dd448 grsecurity-3.0-3.14.22-201410192047.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 74953c6339ada219cab0807731816013887e62cd8c3afc628edbcfe37baf04c6ab34428f15263690b16a5dd8ef6d5df53f8173c9e021de697a521ebde5d61e5c kernelconfig.x86 diff --git a/main/linux-grsec/grsecurity-3.0-3.14.21-201410131959.patch b/main/linux-grsec/grsecurity-3.0-3.14.22-201410192047.patch index 61e17cf050..8d0df77a72 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.21-201410131959.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.22-201410192047.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 41e6e19..abeca4e 100644 +index a59980e..46601e4 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -10053,19 +10053,22 @@ index 96efa7a..16858bf 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index a5f01ac..703b554 100644 +index a5f01ac..a8811dd 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h -@@ -63,6 +63,8 @@ struct thread_info { +@@ -63,7 +63,10 @@ struct thread_info { struct pt_regs *kern_una_regs; unsigned int kern_una_insn; +- unsigned long fpregs[0] __attribute__ ((aligned(64))); + unsigned long lowest_stack; + - unsigned long fpregs[0] __attribute__ ((aligned(64))); ++ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)] ++ __attribute__ ((aligned(64))); }; -@@ -188,12 +190,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); + #endif /* !(__ASSEMBLY__) */ +@@ -188,12 +191,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ /* flag bit 4 is available */ #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ @@ -10080,7 +10083,7 @@ index a5f01ac..703b554 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -213,12 +216,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -213,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) @@ -16579,10 +16582,22 @@ index ced283a..ffe04cc 100644 union { u64 v64; diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 9c999c1..3860cb8 100644 +index 9c999c1..5718a82 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h -@@ -243,7 +243,25 @@ extern int force_personality32; +@@ -155,8 +155,9 @@ do { \ + #define elf_check_arch(x) \ + ((x)->e_machine == EM_X86_64) + +-#define compat_elf_check_arch(x) \ +- (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64) ++#define compat_elf_check_arch(x) \ ++ (elf_check_arch_ia32(x) || \ ++ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) + + #if __USER32_DS != __USER_DS + # error "The following code assumes __USER32_DS == __USER_DS" +@@ -243,7 +244,25 @@ extern int force_personality32; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -16608,7 +16623,7 @@ index 9c999c1..3860cb8 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -296,16 +314,12 @@ do { \ +@@ -296,16 +315,12 @@ do { \ #define ARCH_DLINFO \ do { \ @@ -16627,7 +16642,7 @@ index 9c999c1..3860cb8 100644 } while (0) #define AT_SYSINFO 32 -@@ -320,7 +334,7 @@ else \ +@@ -320,7 +335,7 @@ else \ #endif /* !CONFIG_X86_32 */ @@ -16636,7 +16651,7 @@ index 9c999c1..3860cb8 100644 #define VDSO_ENTRY \ ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall)) -@@ -336,9 +350,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, +@@ -336,9 +351,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, extern int syscall32_setup_pages(struct linux_binprm *, int exstack); #define compat_arch_setup_additional_pages syscall32_setup_pages @@ -28545,10 +28560,18 @@ index 2de1bc0..22251ee 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 3927528..fc19971 100644 +index 3927528..cd7f2ac 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1320,12 +1320,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -441,6 +441,7 @@ struct vcpu_vmx { + #endif + int gs_ldt_reload_needed; + int fs_reload_needed; ++ unsigned long vmcs_host_cr4; /* May not match real cr4 */ + } host_state; + struct { + int vm86_active; +@@ -1320,12 +1321,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -28563,7 +28586,7 @@ index 3927528..fc19971 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1585,7 +1585,11 @@ static void reload_tss(void) +@@ -1585,7 +1586,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -28575,7 +28598,7 @@ index 3927528..fc19971 100644 load_TR_desc(); } -@@ -1809,6 +1813,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1809,6 +1814,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -28586,7 +28609,7 @@ index 3927528..fc19971 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2098,7 +2106,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) +@@ -2098,7 +2107,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) * reads and returns guest's timestamp counter "register" * guest_tsc = host_tsc + tsc_offset -- 21.3 */ @@ -28595,7 +28618,7 @@ index 3927528..fc19971 100644 { u64 host_tsc, tsc_offset; -@@ -3024,8 +3032,11 @@ static __init int hardware_setup(void) +@@ -3024,8 +3033,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -28609,7 +28632,7 @@ index 3927528..fc19971 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3036,13 +3047,15 @@ static __init int hardware_setup(void) +@@ -3036,13 +3048,15 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_apicv()) enable_apicv = 0; @@ -28629,18 +28652,26 @@ index 3927528..fc19971 100644 if (nested) nested_vmx_setup_ctls_msrs(); -@@ -4165,7 +4178,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4162,10 +4176,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) + u32 low32, high32; + unsigned long tmpl; + struct desc_ptr dt; ++ unsigned long cr4; vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ - vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ -+ +- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ +#ifndef CONFIG_PAX_PER_CPU_PGD vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ +#endif ++ ++ /* Save the most likely value for this task's CR4 in the VMCS. */ ++ cr4 = read_cr4(); ++ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ ++ vmx->host_state.vmcs_host_cr4 = cr4; vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -4187,7 +4203,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4187,7 +4208,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ vmx->host_idt_base = dt.address; @@ -28649,7 +28680,29 @@ index 3927528..fc19971 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -7265,6 +7281,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7186,7 +7207,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) + static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + { + struct vcpu_vmx *vmx = to_vmx(vcpu); +- unsigned long debugctlmsr; ++ unsigned long debugctlmsr, cr4; + + /* Record the guest's net vcpu time for enforced NMI injections. */ + if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) +@@ -7207,6 +7228,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) + vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); + ++ cr4 = read_cr4(); ++ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) { ++ vmcs_writel(HOST_CR4, cr4); ++ vmx->host_state.vmcs_host_cr4 = cr4; ++ } ++ + /* When single-stepping over STI and MOV SS, we must clear the + * corresponding interruptibility bits in the guest state. Otherwise + * vmentry fails as it then expects bit 14 (BS) in pending debug +@@ -7265,6 +7292,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -28662,7 +28715,7 @@ index 3927528..fc19971 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -7317,6 +7339,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7317,6 +7350,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -28674,7 +28727,7 @@ index 3927528..fc19971 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -7330,7 +7357,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7330,7 +7368,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -28683,7 +28736,7 @@ index 3927528..fc19971 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -7339,8 +7366,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7339,8 +7377,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -47092,6 +47145,26 @@ index 13f9636..228040f 100644 }; static void bna_attr_init(struct bna_ioceth *ioceth) +diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c +index 669eeb4..1566ef0 100644 +--- a/drivers/net/ethernet/brocade/bna/bnad.c ++++ b/drivers/net/ethernet/brocade/bna/bnad.c +@@ -552,6 +552,7 @@ bnad_cq_setup_skb_frags(struct bna_rcb *rcb, struct sk_buff *skb, + + len = (vec == nvecs) ? + last_fraglen : unmap->vector.len; ++ skb->truesize += unmap->vector.len; + totlen += len; + + skb_fill_page_desc(skb, skb_shinfo(skb)->nr_frags, +@@ -563,7 +564,6 @@ bnad_cq_setup_skb_frags(struct bna_rcb *rcb, struct sk_buff *skb, + + skb->len += totlen; + skb->data_len += totlen; +- skb->truesize += totlen; + } + + static inline void diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index 8cffcdf..aadf043 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -47205,6 +47278,20 @@ index 5184e2a..acb28c3 100644 smp_mb(); /* need lock to prevent incorrect read while modifying cyclecounter */ +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +index dff0977..6df4b1d 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +@@ -1270,6 +1270,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) + struct ixgbe_hw *hw = &adapter->hw; + u32 regval; + ++ if (vf >= adapter->num_vfs) ++ return -EINVAL; ++ + adapter->vfinfo[vf].spoofchk_enabled = setting; + + regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c index 089b713..28d87ae 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -47397,10 +47484,10 @@ index bf0d55e..82bcfbd1 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 7f1abb7..6434b33 100644 +index fbf7dcd..ad71499 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c -@@ -992,13 +992,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -993,13 +993,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -47423,7 +47510,7 @@ index 7f1abb7..6434b33 100644 return rtnl_link_register(ops); }; -@@ -1052,7 +1054,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -1053,7 +1055,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -47433,10 +47520,10 @@ index 7f1abb7..6434b33 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 3381c4f..dea5fd5 100644 +index 0c6adaa..0784e3f 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -47445,7 +47532,7 @@ index 3381c4f..dea5fd5 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1188,7 +1188,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -47455,9 +47542,18 @@ index 3381c4f..dea5fd5 100644 }; diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 72ff14b..11d442d 100644 +index 72ff14b..e860630 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c +@@ -601,7 +601,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + if (file == ppp->owner) + ppp_shutdown_interface(ppp); + } +- if (atomic_long_read(&file->f_count) <= 2) { ++ if (atomic_long_read(&file->f_count) < 2) { + ppp_release(NULL, file); + err = 0; + } else @@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; struct ppp_stats stats; @@ -47490,7 +47586,7 @@ index 1252d9c..80e660b 100644 /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index 26d8c29..bbc6837 100644 +index 979fe43..1f1230c 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -2874,7 +2874,7 @@ static int team_device_event(struct notifier_block *unused, @@ -47665,9 +47761,58 @@ index 841b608..198a8b7 100644 #define VIRTNET_DRIVER_VERSION "1.0.0" diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 40ad25d..8703023 100644 +index 9b40532..e3294ac 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c +@@ -1447,9 +1447,6 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb) + if (!in6_dev) + goto out; + +- if (!pskb_may_pull(skb, skb->len)) +- goto out; +- + iphdr = ipv6_hdr(skb); + saddr = &iphdr->saddr; + daddr = &iphdr->daddr; +@@ -1770,6 +1767,8 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, + struct pcpu_sw_netstats *tx_stats, *rx_stats; + union vxlan_addr loopback; + union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip; ++ struct net_device *dev = skb->dev; ++ int len = skb->len; + + tx_stats = this_cpu_ptr(src_vxlan->dev->tstats); + rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats); +@@ -1793,16 +1792,16 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, + + u64_stats_update_begin(&tx_stats->syncp); + tx_stats->tx_packets++; +- tx_stats->tx_bytes += skb->len; ++ tx_stats->tx_bytes += len; + u64_stats_update_end(&tx_stats->syncp); + + if (netif_rx(skb) == NET_RX_SUCCESS) { + u64_stats_update_begin(&rx_stats->syncp); + rx_stats->rx_packets++; +- rx_stats->rx_bytes += skb->len; ++ rx_stats->rx_bytes += len; + u64_stats_update_end(&rx_stats->syncp); + } else { +- skb->dev->stats.rx_dropped++; ++ dev->stats.rx_dropped++; + } + } + +@@ -1977,7 +1976,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) + return arp_reduce(dev, skb); + #if IS_ENABLED(CONFIG_IPV6) + else if (ntohs(eth->h_proto) == ETH_P_IPV6 && +- skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) && ++ pskb_may_pull(skb, sizeof(struct ipv6hdr) ++ + sizeof(struct nd_msg)) && + ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { + struct nd_msg *msg; + @@ -2846,7 +2846,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -53193,7 +53338,7 @@ index 2518c32..1c201bb 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 263612c..dbc0f3d 100644 +index 445d62a..e0657a3 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -53204,7 +53349,7 @@ index 263612c..dbc0f3d 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4549,6 +4550,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4551,6 +4552,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -58523,10 +58668,22 @@ index ff286f3..8153a14 100644 .attrs = attrs, }; diff --git a/fs/buffer.c b/fs/buffer.c -index 71e2d0e..8673b7b 100644 +index 71e2d0e..7e40912 100644 --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -3430,7 +3430,7 @@ void __init buffer_init(void) +@@ -2313,6 +2313,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping, + err = 0; + + balance_dirty_pages_ratelimited(mapping); ++ ++ if (unlikely(fatal_signal_pending(current))) { ++ err = -EINTR; ++ goto out; ++ } + } + + /* page covers the boundary, find the boundary offset */ +@@ -3430,7 +3435,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -58725,6 +58882,19 @@ index 5e0982a..ca18377 100644 int err; u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; +diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c +index dc66c9e..5fa0c34 100644 +--- a/fs/ceph/ioctl.c ++++ b/fs/ceph/ioctl.c +@@ -42,7 +42,7 @@ static long __validate_layout(struct ceph_mds_client *mdsc, + /* validate striping parameters */ + if ((l->object_size & ~PAGE_MASK) || + (l->stripe_unit & ~PAGE_MASK) || +- (l->stripe_unit != 0 && ++ ((unsigned)l->stripe_unit != 0 && + ((unsigned)l->object_size % (unsigned)l->stripe_unit))) + return -EINVAL; + diff --git a/fs/ceph/super.c b/fs/ceph/super.c index 10a4ccb..92dbc5e 100644 --- a/fs/ceph/super.c @@ -63478,7 +63648,7 @@ index dd2f2c5..27e6c48 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 75536db..5cda729 100644 +index 75536db..7ec079e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1369,6 +1369,9 @@ static int do_umount(struct mount *mnt, int flags) @@ -63596,7 +63766,17 @@ index 75536db..5cda729 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -3060,7 +3084,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -2829,6 +2853,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, + /* make sure we can reach put_old from new_root */ + if (!is_path_reachable(old_mnt, old.dentry, &new)) + goto out4; ++ /* make certain new is below the root */ ++ if (!is_path_reachable(new_mnt, new.dentry, &root)) ++ goto out4; + root_mp->m_count++; /* pin it so it won't go away */ + lock_mount_hash(); + detach_mnt(new_mnt, &parent_path); +@@ -3060,7 +3087,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -63862,6 +64042,23 @@ index 287a22c..4e56e4e 100644 group->fanotify_data.f_flags = event_f_flags; #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS oevent->response = 0; +diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c +index 43ab1e1..9c8187e 100644 +--- a/fs/notify/inotify/inotify_fsnotify.c ++++ b/fs/notify/inotify/inotify_fsnotify.c +@@ -165,8 +165,10 @@ static void inotify_free_group_priv(struct fsnotify_group *group) + /* ideally the idr is empty and we won't hit the BUG in the callback */ + idr_for_each(&group->inotify_data.idr, idr_callback, group); + idr_destroy(&group->inotify_data.idr); +- atomic_dec(&group->inotify_data.user->inotify_devs); +- free_uid(group->inotify_data.user); ++ if (group->inotify_data.user) { ++ atomic_dec(&group->inotify_data.user->inotify_devs); ++ free_uid(group->inotify_data.user); ++ } + } + + static void inotify_free_event(struct fsnotify_event *fsn_event) diff --git a/fs/notify/notification.c b/fs/notify/notification.c index 1e58402..bb2d6f4 100644 --- a/fs/notify/notification.c @@ -66722,6 +66919,19 @@ index ae0c3ce..9ee641c 100644 generic_fillattr(inode, stat); return 0; +diff --git a/fs/super.c b/fs/super.c +index 7624267..88a6bc6 100644 +--- a/fs/super.c ++++ b/fs/super.c +@@ -81,6 +81,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink, + inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid); + dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid); + total_objects = dentries + inodes + fs_objects + 1; ++ if (!total_objects) ++ total_objects = 1; + + /* proportion the scan between the caches */ + dentries = mult_frac(sc->nr_to_scan, dentries, total_objects); diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index ee0d761..b346c58 100644 --- a/fs/sysfs/dir.c @@ -83856,7 +84066,7 @@ index 1e2cd2e..0288750 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 15ede6a..80161c3 100644 +index ad8f859..e93b2e4 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -662,7 +662,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, @@ -83895,7 +84105,7 @@ index 15ede6a..80161c3 100644 struct iovec *to, int size); int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, int hlen, struct iovec *iov); -@@ -2721,6 +2721,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2722,6 +2722,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -84970,13 +85180,13 @@ index 734d9b5..48a9a4b 100644 return; } diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h -index c55aeed..b3393f4 100644 +index cf92728..9236ee6 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h -@@ -62,7 +62,7 @@ struct inet_connection_sock_af_ops { - void (*addr2sockaddr)(struct sock *sk, struct sockaddr *); +@@ -63,7 +63,7 @@ struct inet_connection_sock_af_ops { int (*bind_conflict)(const struct sock *sk, const struct inet_bind_bucket *tb, bool relax); + void (*mtu_reduced)(struct sock *sk); -}; +} __do_const; @@ -85467,7 +85677,7 @@ index 0dfcc92..7967849 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index 2f7bc43..530dadc 100644 +index f66b2b1..5233aa0 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -348,7 +348,7 @@ struct sock { @@ -85479,7 +85689,7 @@ index 2f7bc43..530dadc 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1036,7 +1036,7 @@ struct proto { +@@ -1035,7 +1035,7 @@ struct proto { void (*destroy_cgroup)(struct mem_cgroup *memcg); struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg); #endif @@ -85488,7 +85698,7 @@ index 2f7bc43..530dadc 100644 /* * Bits in struct cg_proto.flags -@@ -1223,7 +1223,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) +@@ -1222,7 +1222,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) return ret >> PAGE_SHIFT; } @@ -85497,7 +85707,7 @@ index 2f7bc43..530dadc 100644 sk_memory_allocated(const struct sock *sk) { struct proto *prot = sk->sk_prot; -@@ -1368,7 +1368,7 @@ struct sock_iocb { +@@ -1367,7 +1367,7 @@ struct sock_iocb { struct scm_cookie *scm; struct msghdr *msg, async_msg; struct kiocb *kiocb; @@ -85506,7 +85716,7 @@ index 2f7bc43..530dadc 100644 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) { -@@ -1830,7 +1830,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1829,7 +1829,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -85515,7 +85725,7 @@ index 2f7bc43..530dadc 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2092,7 +2092,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2091,7 +2091,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -85525,10 +85735,10 @@ index 2f7bc43..530dadc 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index 743acce..44a58b0 100644 +index 1f0d847..613237a 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -541,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk); +@@ -542,7 +542,7 @@ void tcp_retransmit_timer(struct sock *sk); void tcp_xmit_retransmit_queue(struct sock *); void tcp_simple_retransmit(struct sock *); int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -85537,7 +85747,7 @@ index 743acce..44a58b0 100644 void tcp_send_probe0(struct sock *); void tcp_send_partial(struct sock *); -@@ -710,8 +710,8 @@ struct tcp_skb_cb { +@@ -711,8 +711,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -85548,7 +85758,7 @@ index 743acce..44a58b0 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -725,7 +725,7 @@ struct tcp_skb_cb { +@@ -728,7 +728,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -88247,7 +88457,7 @@ index e2c6853..9a6397e 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 0b0dc02..4730710 100644 +index 0b0dc02..5f3eb62 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -88276,7 +88486,16 @@ index 0b0dc02..4730710 100644 static const struct futex_q futex_q_init = { /* list gets initialized in queue_me()*/ -@@ -380,6 +381,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -329,6 +330,8 @@ static void get_futex_key_refs(union futex_key *key) + case FUT_OFF_MMSHARED: + futex_get_mm(key); /* implies MB (B) */ + break; ++ default: ++ smp_mb(); /* explicit MB (B) */ + } + } + +@@ -380,6 +383,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -88288,7 +88507,7 @@ index 0b0dc02..4730710 100644 /* * The futex address must be "naturally" aligned. */ -@@ -579,7 +585,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, +@@ -579,7 +587,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, static int get_futex_value_locked(u32 *dest, u32 __user *from) { @@ -88297,7 +88516,7 @@ index 0b0dc02..4730710 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -3020,6 +3026,7 @@ static void __init futex_detect_cmpxchg(void) +@@ -3020,6 +3028,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; @@ -88305,7 +88524,7 @@ index 0b0dc02..4730710 100644 /* * This will fail and we want it. Some arch implementations do -@@ -3031,8 +3038,11 @@ static void __init futex_detect_cmpxchg(void) +@@ -3031,8 +3040,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -89108,7 +89327,7 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index 6716a1f..9ddc1e1 100644 +index 6716a1f..acc7443 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -89303,7 +89522,17 @@ index 6716a1f..9ddc1e1 100644 set_memory_ro); } } -@@ -1862,16 +1881,19 @@ static void free_module(struct module *mod) +@@ -1841,7 +1860,9 @@ static void free_module(struct module *mod) + + /* We leave it in list to prevent duplicate loads, but make sure + * that noone uses it while it's being deconstructed. */ ++ mutex_lock(&module_mutex); + mod->state = MODULE_STATE_UNFORMED; ++ mutex_unlock(&module_mutex); + + /* Remove dynamic debug info */ + ddebug_remove_module(mod->name); +@@ -1862,16 +1883,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -89326,7 +89555,7 @@ index 6716a1f..9ddc1e1 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1940,9 +1962,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1940,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -89358,7 +89587,7 @@ index 6716a1f..9ddc1e1 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1963,7 +2007,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1963,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -89368,7 +89597,7 @@ index 6716a1f..9ddc1e1 100644 break; } -@@ -1982,11 +2028,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1982,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -89389,7 +89618,7 @@ index 6716a1f..9ddc1e1 100644 return ret; } -@@ -2070,22 +2125,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2070,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -89416,7 +89645,7 @@ index 6716a1f..9ddc1e1 100644 } pr_debug("Init section allocation order:\n"); -@@ -2099,23 +2144,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2099,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -89445,7 +89674,7 @@ index 6716a1f..9ddc1e1 100644 } } -@@ -2288,7 +2323,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2288,7 +2325,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -89454,7 +89683,7 @@ index 6716a1f..9ddc1e1 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2305,13 +2340,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2305,13 +2342,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -89472,7 +89701,7 @@ index 6716a1f..9ddc1e1 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2329,12 +2364,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2329,12 +2366,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -89489,7 +89718,7 @@ index 6716a1f..9ddc1e1 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2346,6 +2383,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2346,6 +2385,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -89498,7 +89727,7 @@ index 6716a1f..9ddc1e1 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2379,17 +2418,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2379,17 +2420,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -89537,7 +89766,7 @@ index 6716a1f..9ddc1e1 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2646,7 +2701,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2646,7 +2703,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) mod = (void *)info->sechdrs[info->index.mod].sh_addr; if (info->index.sym == 0) { @@ -89553,7 +89782,7 @@ index 6716a1f..9ddc1e1 100644 return ERR_PTR(-ENOEXEC); } -@@ -2662,8 +2725,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2662,8 +2727,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -89568,7 +89797,7 @@ index 6716a1f..9ddc1e1 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2688,7 +2757,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2688,7 +2759,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -89577,7 +89806,7 @@ index 6716a1f..9ddc1e1 100644 return 0; } -@@ -2782,7 +2851,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2782,7 +2853,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -89586,7 +89815,7 @@ index 6716a1f..9ddc1e1 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2792,11 +2861,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2792,11 +2863,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -89602,7 +89831,7 @@ index 6716a1f..9ddc1e1 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2805,13 +2874,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2805,13 +2876,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -89652,7 +89881,7 @@ index 6716a1f..9ddc1e1 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2822,16 +2923,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2822,16 +2925,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -89705,7 +89934,7 @@ index 6716a1f..9ddc1e1 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2888,12 +3018,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2888,12 +3020,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -89724,7 +89953,7 @@ index 6716a1f..9ddc1e1 100644 set_fs(old_fs); } -@@ -2950,8 +3080,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) +@@ -2950,8 +3082,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -89737,7 +89966,7 @@ index 6716a1f..9ddc1e1 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2964,7 +3096,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2964,7 +3098,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -89747,7 +89976,7 @@ index 6716a1f..9ddc1e1 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3018,16 +3152,16 @@ static int do_init_module(struct module *mod) +@@ -3018,16 +3154,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -89772,7 +90001,7 @@ index 6716a1f..9ddc1e1 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3088,11 +3222,12 @@ static int do_init_module(struct module *mod) +@@ -3088,11 +3224,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -89790,7 +90019,7 @@ index 6716a1f..9ddc1e1 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3235,9 +3370,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3235,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -89829,7 +90058,7 @@ index 6716a1f..9ddc1e1 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3253,13 +3417,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3253,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -89843,7 +90072,7 @@ index 6716a1f..9ddc1e1 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ -@@ -3297,11 +3454,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3297,11 +3456,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -89856,7 +90085,7 @@ index 6716a1f..9ddc1e1 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3384,10 +3540,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3384,10 +3542,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -89876,7 +90105,7 @@ index 6716a1f..9ddc1e1 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3638,7 +3800,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3638,7 +3802,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -89885,7 +90114,7 @@ index 6716a1f..9ddc1e1 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3647,7 +3809,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3647,7 +3811,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -89894,7 +90123,7 @@ index 6716a1f..9ddc1e1 100644 /* Taints info */ if (mod->taints) -@@ -3683,7 +3845,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3683,7 +3847,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -89912,7 +90141,7 @@ index 6716a1f..9ddc1e1 100644 return 0; } module_init(proc_modules_init); -@@ -3744,14 +3916,14 @@ struct module *__module_address(unsigned long addr) +@@ -3744,14 +3918,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -89930,7 +90159,7 @@ index 6716a1f..9ddc1e1 100644 return mod; } return NULL; -@@ -3786,11 +3958,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3786,11 +3960,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -99711,7 +99940,7 @@ index a16ed7b..eb44d17 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 37bddf7..c78c480 100644 +index 3ed11a5..c177c8f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -100065,7 +100294,7 @@ index 7c8ffd9..0cb3687 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index df9e6b1..6e68e4e 100644 +index 723fa7d..81bd037 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) @@ -100100,7 +100329,7 @@ index fdac61c..e5e5b46 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index aef1500..4b61acd 100644 +index b0db904..70b5ea2 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -100179,10 +100408,47 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 8f6391b..40bc442 100644 +index baf6fc4..783639a 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c -@@ -2003,7 +2003,7 @@ EXPORT_SYMBOL(__skb_checksum); +@@ -360,18 +360,29 @@ refill: + goto end; + } + nc->frag.size = PAGE_SIZE << order; +-recycle: +- atomic_set(&nc->frag.page->_count, NETDEV_PAGECNT_MAX_BIAS); ++ /* Even if we own the page, we do not use atomic_set(). ++ * This would break get_page_unless_zero() users. ++ */ ++ atomic_add(NETDEV_PAGECNT_MAX_BIAS - 1, ++ &nc->frag.page->_count); + nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS; + nc->frag.offset = 0; + } + + if (nc->frag.offset + fragsz > nc->frag.size) { +- /* avoid unnecessary locked operations if possible */ +- if ((atomic_read(&nc->frag.page->_count) == nc->pagecnt_bias) || +- atomic_sub_and_test(nc->pagecnt_bias, &nc->frag.page->_count)) +- goto recycle; +- goto refill; ++ if (atomic_read(&nc->frag.page->_count) != nc->pagecnt_bias) { ++ if (!atomic_sub_and_test(nc->pagecnt_bias, ++ &nc->frag.page->_count)) ++ goto refill; ++ /* OK, page count is 0, we can safely set it */ ++ atomic_set(&nc->frag.page->_count, ++ NETDEV_PAGECNT_MAX_BIAS); ++ } else { ++ atomic_add(NETDEV_PAGECNT_MAX_BIAS - nc->pagecnt_bias, ++ &nc->frag.page->_count); ++ } ++ nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS; ++ nc->frag.offset = 0; + } + + data = page_address(nc->frag.page) + nc->frag.offset; +@@ -2004,7 +2015,7 @@ EXPORT_SYMBOL(__skb_checksum); __wsum skb_checksum(const struct sk_buff *skb, int offset, int len, __wsum csum) { @@ -100191,7 +100457,7 @@ index 8f6391b..40bc442 100644 .update = csum_partial_ext, .combine = csum_block_add_ext, }; -@@ -3221,13 +3221,15 @@ void __init skb_init(void) +@@ -3225,13 +3236,15 @@ void __init skb_init(void) skbuff_head_cache = kmem_cache_create("skbuff_head_cache", sizeof(struct sk_buff), 0, @@ -100210,7 +100476,7 @@ index 8f6391b..40bc442 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index c806956..e5599ea 100644 +index c806956..b63d825 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -442,7 +442,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -100297,7 +100563,16 @@ index c806956..e5599ea 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2375,7 +2375,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -1731,6 +1731,8 @@ EXPORT_SYMBOL(sock_kmalloc); + */ + void sock_kfree_s(struct sock *sk, void *mem, int size) + { ++ if (WARN_ON_ONCE(!mem)) ++ return; + kfree(mem); + atomic_sub(size, &sk->sk_omem_alloc); + } +@@ -2375,7 +2377,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -100306,7 +100581,7 @@ index c806956..e5599ea 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2503,6 +2503,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) +@@ -2503,6 +2505,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level, int type) { @@ -100314,7 +100589,7 @@ index c806956..e5599ea 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2524,7 +2525,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, +@@ -2524,7 +2527,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -100642,6 +100917,27 @@ index 9d43468..ffa28cc 100644 return nh->nh_saddr; } +diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c +index 2d24f29..70fee98 100644 +--- a/net/ipv4/gre_offload.c ++++ b/net/ipv4/gre_offload.c +@@ -56,13 +56,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb, + + csum = !!(greh->flags & GRE_CSUM); + +- if (unlikely(!pskb_may_pull(skb, ghl))) +- goto out; +- + /* setup inner skb. */ + skb->protocol = greh->protocol; + skb->encapsulation = 0; + ++ if (unlikely(!pskb_may_pull(skb, ghl))) ++ goto out; ++ + __skb_pull(skb, ghl); + skb_reset_mac_header(skb); + skb_set_network_header(skb, skb_inner_network_offset(skb)); diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 0d1e2cb..4501a2c 100644 --- a/net/ipv4/inet_connection_sock.c @@ -100805,6 +101101,43 @@ index 3d4da2c..40f9c29 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); } +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index ed88d78..844323b 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -1487,6 +1487,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + struct sk_buff *nskb; + struct sock *sk; + struct inet_sock *inet; ++ int err; + + if (ip_options_echo(&replyopts.opt.opt, skb)) + return; +@@ -1525,8 +1526,13 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + sock_net_set(sk, net); + __skb_queue_head_init(&sk->sk_write_queue); + sk->sk_sndbuf = sysctl_wmem_default; +- ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0, +- &ipc, &rt, MSG_DONTWAIT); ++ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, ++ len, 0, &ipc, &rt, MSG_DONTWAIT); ++ if (unlikely(err)) { ++ ip_flush_pending_frames(sk); ++ goto out; ++ } ++ + nskb = skb_peek(&sk->sk_write_queue); + if (nskb) { + if (arg->csumoffset >= 0) +@@ -1538,7 +1544,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb)); + ip_push_pending_frames(sk, &fl4); + } +- ++out: + put_cpu_var(unicast_sock); + + ip_rt_put(rt); diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 580dd96..9fcef7e 100644 --- a/net/ipv4/ip_sockglue.c @@ -100828,6 +101161,24 @@ index 580dd96..9fcef7e 100644 msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c +index 65b664d..791a419 100644 +--- a/net/ipv4/ip_tunnel_core.c ++++ b/net/ipv4/ip_tunnel_core.c +@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto) + skb_pull_rcsum(skb, hdr_len); + + if (inner_proto == htons(ETH_P_TEB)) { +- struct ethhdr *eh = (struct ethhdr *)skb->data; ++ struct ethhdr *eh; + + if (unlikely(!pskb_may_pull(skb, ETH_HLEN))) + return -ENOMEM; + ++ eh = (struct ethhdr *)skb->data; + if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN)) + skb->protocol = eh->h_proto; + else diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e4a8f76..dd8ad72 100644 --- a/net/ipv4/ip_vti.c @@ -101141,7 +101492,7 @@ index 11c8d81..d67116b 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index ca5a01e..8c5cdb4 100644 +index 487bb62..bc101aa 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -234,7 +234,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -101383,7 +101734,7 @@ index 44eba05..b36864b 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 3898694..9bd1a03 100644 +index 2291791..7b62d2b 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -761,7 +761,7 @@ static void tcp_update_pacing_rate(struct sock *sk) @@ -101395,7 +101746,7 @@ index 3898694..9bd1a03 100644 sk->sk_max_pacing_rate); } -@@ -4484,7 +4484,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4482,7 +4482,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -101404,7 +101755,7 @@ index 3898694..9bd1a03 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5561,6 +5561,7 @@ discard: +@@ -5559,6 +5559,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -101412,7 +101763,7 @@ index 3898694..9bd1a03 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5611,6 +5612,7 @@ discard: +@@ -5609,6 +5610,7 @@ discard: goto discard; #endif } @@ -101420,7 +101771,7 @@ index 3898694..9bd1a03 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5657,7 +5659,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5655,7 +5657,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -101430,7 +101781,7 @@ index 3898694..9bd1a03 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 1e4eac7..a66fa4a 100644 +index a782d5b..28f0ae5 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -101444,7 +101795,7 @@ index 1e4eac7..a66fa4a 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1829,6 +1833,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1830,6 +1834,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -101454,7 +101805,7 @@ index 1e4eac7..a66fa4a 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1974,12 +1981,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1975,12 +1982,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -101477,7 +101828,7 @@ index 1e4eac7..a66fa4a 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -2033,6 +2047,10 @@ csum_error: +@@ -2034,6 +2048,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -101729,7 +102080,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 6c7fa08..7c5abd70 100644 +index 3f0ec06..495548c 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -101741,7 +102092,7 @@ index 6c7fa08..7c5abd70 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2395,7 +2395,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2390,7 +2390,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -101750,7 +102101,7 @@ index 6c7fa08..7c5abd70 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -3528,16 +3528,23 @@ static const struct file_operations if6_fops = { +@@ -3523,16 +3523,23 @@ static const struct file_operations if6_fops = { .release = seq_release_net, }; @@ -101775,7 +102126,7 @@ index 6c7fa08..7c5abd70 100644 } static struct pernet_operations if6_proc_net_ops = { -@@ -4146,7 +4153,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -4141,7 +4148,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -101784,7 +102135,7 @@ index 6c7fa08..7c5abd70 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4746,11 +4753,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, dev->ifindex, 1); @@ -101798,7 +102149,7 @@ index 6c7fa08..7c5abd70 100644 } dst_hold(&ifp->rt->dst); -@@ -4758,7 +4762,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -101807,7 +102158,7 @@ index 6c7fa08..7c5abd70 100644 rt_genid_bump_ipv6(net); } -@@ -4779,7 +4783,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101816,7 +102167,7 @@ index 6c7fa08..7c5abd70 100644 int ret; /* -@@ -4864,7 +4868,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101863,7 +102214,7 @@ index 7b32652..0bc348b 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index 2465d18..bc5bf7f 100644 +index cb57aa8..01c248e 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -71,7 +71,7 @@ struct ip6gre_net { @@ -101902,6 +102253,18 @@ index 2465d18..bc5bf7f 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c +index b2f0915..066db10 100644 +--- a/net/ipv6/ip6_offload.c ++++ b/net/ipv6/ip6_offload.c +@@ -46,6 +46,7 @@ static int ipv6_gso_pull_exthdrs(struct sk_buff *skb, int proto) + if (unlikely(!pskb_may_pull(skb, len))) + break; + ++ opth = (void *)skb->data; + proto = opth->nexthdr; + __skb_pull(skb, len); + } diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 9120339..cfdd84f 100644 --- a/net/ipv6/ip6_tunnel.c @@ -102254,7 +102617,7 @@ index 7cc1102..7785931 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index fe548ba..0dfa744 100644 +index b12b11b..13856f9 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -102266,6 +102629,29 @@ index fe548ba..0dfa744 100644 static int sit_net_id __read_mostly; struct sit_net { +@@ -484,11 +484,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev) + */ + static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) + { +- const struct iphdr *iph = (const struct iphdr *) skb->data; ++ int ihl = ((const struct iphdr *)skb->data)->ihl*4; + struct rt6_info *rt; + struct sk_buff *skb2; + +- if (!pskb_may_pull(skb, iph->ihl * 4 + sizeof(struct ipv6hdr) + 8)) ++ if (!pskb_may_pull(skb, ihl + sizeof(struct ipv6hdr) + 8)) + return 1; + + skb2 = skb_clone(skb, GFP_ATOMIC); +@@ -497,7 +497,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) + return 1; + + skb_dst_drop(skb2); +- skb_pull(skb2, iph->ihl * 4); ++ skb_pull(skb2, ihl); + skb_reset_network_header(skb2); + + rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0); @@ -1683,7 +1683,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) unregister_netdevice_queue(dev, head); } @@ -102289,7 +102675,7 @@ index 7f405a1..eabef92 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 889079b..a04512c 100644 +index a4f890d..5db3708 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -103431,7 +103817,7 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 0dfe894..7702a84 100644 +index c375d73..d4abd23 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk) @@ -103443,6 +103829,15 @@ index 0dfe894..7702a84 100644 } static void netlink_rcv_wake(struct sock *sk) +@@ -707,7 +707,7 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg, + * after validation, the socket and the ring may only be used by a + * single process, otherwise we fall back to copying. + */ +- if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 || ++ if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 || + atomic_read(&nlk->mapped) > 1) + excl = false; + @@ -3003,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, @@ -103465,18 +103860,10 @@ index b74aa07..d41926e 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 48a6a93..d2c096b 100644 +index 48b1817..d2c096b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -635,6 +635,7 @@ static void init_prb_bdqc(struct packet_sock *po, - p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov); - p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv; - -+ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv); - prb_init_ft_ops(p1, req_u); - prb_setup_retire_blk_timer(po, tx_ring); - prb_open_block(p1, pbd); -@@ -1845,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1846,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_packets++; @@ -103485,7 +103872,7 @@ index 48a6a93..d2c096b 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1854,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1855,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_drops++; @@ -103494,26 +103881,7 @@ index 48a6a93..d2c096b 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -1946,6 +1947,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, - if ((int)snaplen < 0) - snaplen = 0; - } -+ } else if (unlikely(macoff + snaplen > -+ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) { -+ u32 nval; -+ -+ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff; -+ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n", -+ snaplen, nval, macoff); -+ snaplen = nval; -+ if (unlikely((int)snaplen < 0)) { -+ snaplen = 0; -+ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len; -+ } - } - spin_lock(&sk->sk_receive_queue.lock); - h.raw = packet_current_rx_frame(po, skb, -@@ -3449,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3462,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -103522,7 +103890,7 @@ index 48a6a93..d2c096b 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3495,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3508,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -103531,29 +103899,6 @@ index 48a6a93..d2c096b 100644 return -EFAULT; return 0; } -@@ -3779,6 +3792,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, - goto out; - if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) - goto out; -+ if (po->tp_version >= TPACKET_V3 && -+ (int)(req->tp_block_size - -+ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) -+ goto out; - if (unlikely(req->tp_frame_size < po->tp_hdrlen + - po->tp_reserve)) - goto out; -diff --git a/net/packet/internal.h b/net/packet/internal.h -index eb9580a..cdddf6a 100644 ---- a/net/packet/internal.h -+++ b/net/packet/internal.h -@@ -29,6 +29,7 @@ struct tpacket_kbdq_core { - char *pkblk_start; - char *pkblk_end; - int kblk_size; -+ unsigned int max_frame_len; - unsigned int knum_blocks; - uint64_t knxt_seq_num; - char *prev; diff --git a/net/phonet/pep.c b/net/phonet/pep.c index e774117..900b8b7 100644 --- a/net/phonet/pep.c @@ -103738,6 +104083,42 @@ index 4503335..db566b4 100644 } #endif +diff --git a/net/rds/rdma.c b/net/rds/rdma.c +index 4e37c1c..40084d8 100644 +--- a/net/rds/rdma.c ++++ b/net/rds/rdma.c +@@ -564,12 +564,12 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + + if (rs->rs_bound_addr == 0) { + ret = -ENOTCONN; /* XXX not a great errno */ +- goto out; ++ goto out_ret; + } + + if (args->nr_local > UIO_MAXIOV) { + ret = -EMSGSIZE; +- goto out; ++ goto out_ret; + } + + /* Check whether to allocate the iovec area */ +@@ -578,7 +578,7 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + iovs = sock_kmalloc(rds_rs_to_sk(rs), iov_size, GFP_KERNEL); + if (!iovs) { + ret = -ENOMEM; +- goto out; ++ goto out_ret; + } + } + +@@ -696,6 +696,7 @@ out: + if (iovs != iovstack) + sock_kfree_s(rds_rs_to_sk(rs), iovs, iov_size); + kfree(pages); ++out_ret: + if (ret) + rds_rdma_free_op(op); + else diff --git a/net/rds/rds.h b/net/rds/rds.h index 48f8ffc..0ef3eec 100644 --- a/net/rds/rds.h @@ -105161,10 +105542,10 @@ index 0917f04..f4e3d8c 100644 if (!proc_create("x25/route", S_IRUGO, init_net.proc_net, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 1d5c7bf..f762f1f 100644 +index 59cf325..e7fa6f0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c -@@ -327,7 +327,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) +@@ -332,7 +332,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) { policy->walk.dead = 1; @@ -105173,7 +105554,7 @@ index 1d5c7bf..f762f1f 100644 if (del_timer(&policy->polq.hold_timer)) xfrm_pol_put(policy); -@@ -661,7 +661,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) +@@ -666,7 +666,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) hlist_add_head(&policy->bydst, chain); xfrm_pol_hold(policy); net->xfrm.policy_count[dir]++; @@ -105182,7 +105563,7 @@ index 1d5c7bf..f762f1f 100644 /* After previous checking, family can either be AF_INET or AF_INET6 */ if (policy->family == AF_INET) -@@ -1761,7 +1761,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, +@@ -1766,7 +1766,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols = num_pols; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols); @@ -105191,7 +105572,7 @@ index 1d5c7bf..f762f1f 100644 return xdst; } -@@ -2572,11 +2572,12 @@ void xfrm_garbage_collect(struct net *net) +@@ -2604,11 +2604,12 @@ void xfrm_garbage_collect(struct net *net) } EXPORT_SYMBOL(xfrm_garbage_collect); @@ -105205,7 +105586,7 @@ index 1d5c7bf..f762f1f 100644 static void xfrm_init_pmtu(struct dst_entry *dst) { -@@ -2626,7 +2627,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2658,7 +2659,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -105214,7 +105595,7 @@ index 1d5c7bf..f762f1f 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2714,8 +2715,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2746,8 +2747,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->link_failure = xfrm_link_failure; if (likely(dst_ops->neigh_lookup == NULL)) dst_ops->neigh_lookup = xfrm_neigh_lookup; @@ -105223,7 +105604,7 @@ index 1d5c7bf..f762f1f 100644 rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo); } spin_unlock(&xfrm_policy_afinfo_lock); -@@ -2769,7 +2768,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2801,7 +2800,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->check = NULL; dst_ops->negative_advice = NULL; dst_ops->link_failure = NULL; @@ -105231,7 +105612,7 @@ index 1d5c7bf..f762f1f 100644 } return err; } -@@ -3159,7 +3157,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -3191,7 +3189,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -107200,7 +107581,7 @@ index fc3e662..7844c60 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index e294b86..eda45c55 100644 +index e294b86..4fc9b7f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -107212,6 +107593,22 @@ index e294b86..eda45c55 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); +@@ -470,6 +468,7 @@ next_inode: + list_entry(sbsec->isec_head.next, + struct inode_security_struct, list); + struct inode *inode = isec->inode; ++ list_del_init(&isec->list); + spin_unlock(&sbsec->isec_lock); + inode = igrab(inode); + if (inode) { +@@ -478,7 +477,6 @@ next_inode: + iput(inode); + } + spin_lock(&sbsec->isec_lock); +- list_del_init(&isec->list); + goto next_inode; + } + spin_unlock(&sbsec->isec_lock); @@ -5759,7 +5757,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif |