aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-05-22 13:17:53 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-05-22 13:49:33 +0000
commite5c176c6a337804bd6007231d967faf435ea5210 (patch)
treeb11573695d05a9c5ef01123326880d89311ef425 /main/linux-grsec
parent0ced45d288b7a9ceb8077ebef4c49fcf65deda08 (diff)
downloadaports-e5c176c6a337804bd6007231d967faf435ea5210.tar.bz2
aports-e5c176c6a337804bd6007231d967faf435ea5210.tar.xz
main/linux-grsec: upgprade to 3.9.3 and update flush arp cache patch
fixes #1926
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch29
-rw-r--r--main/linux-grsec/APKBUILD38
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.9.3-201305201732.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.9.2-201305162327.patch)365
-rw-r--r--main/linux-grsec/kernelconfig.x866
-rw-r--r--main/linux-grsec/kernelconfig.x86_646
-rw-r--r--main/linux-grsec/v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch89
6 files changed, 306 insertions, 227 deletions
diff --git a/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch b/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch
deleted file mode 100644
index 85161ea3a3..0000000000
--- a/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 8a0e3ea4924059a7268446177d6869e3399adbb2 Mon Sep 17 00:00:00 2001
-From: Timo Teras <timo.teras@iki.fi>
-Date: Mon, 12 Apr 2010 13:46:45 +0000
-Subject: [PATCH 04/18] arp: flush arp cache on device change
-
-If IFF_NOARP is changed, we must flush the arp cache.
-
-Signed-off-by: Timo Teras <timo.teras@iki.fi>
----
- net/ipv4/arp.c | 3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
-index 4e80f33..580bfc3 100644
---- a/net/ipv4/arp.c
-+++ b/net/ipv4/arp.c
-@@ -1200,6 +1200,9 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo
- neigh_changeaddr(&arp_tbl, dev);
- rt_cache_flush(dev_net(dev), 0);
- break;
-+ case NETDEV_CHANGE:
-+ neigh_changeaddr(&arp_tbl, dev);
-+ break;
- default:
- break;
- }
---
-1.7.0.2
-
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 6eee77349b..dda2694820 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,12 +2,12 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.9.2
+pkgver=3.9.3
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=2
+pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -17,9 +17,9 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.9.2-201305162327.patch
+ grsecurity-2.9.1-3.9.3-201305201732.patch
- 0004-arp-flush-arp-cache-on-device-change.patch
+ v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
leds-leds-gpio-reserve-gpio-before-using-it.patch
kernelconfig.x86
@@ -145,23 +145,23 @@ dev() {
}
md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
-adeb2556568f79e827e7a0ce4c483605 patch-3.9.2.xz
-089d16b7c5306ed0d42e344ce1b59615 grsecurity-2.9.1-3.9.2-201305162327.patch
-776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
+71b31e29e0cb437a27017c781293b6f4 patch-3.9.3.xz
+e881cf0db639205660f237ceea58f708 grsecurity-2.9.1-3.9.3-201305201732.patch
+699e92148cc9a55b6fc4d7d81e476717 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
83db7136608d8101ae130728539dc376 leds-leds-gpio-reserve-gpio-before-using-it.patch
-ae4d8b3e917cdea5330ec52048080de3 kernelconfig.x86
-839de81fedd3a6294d42da70a3fb99e0 kernelconfig.x86_64"
+fd6fd35309c0e8c1f05cb725df958f22 kernelconfig.x86
+fd61ff58d25155997c0d6f73e7ca7a7d kernelconfig.x86_64"
sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
-069126b2b70acbc27fada2bf67235238fd90ff103267b1bb392244a301321996 patch-3.9.2.xz
-3de1633f26c46a4c93af8497d889a5acc37db54adaa4f3677cb5c5c027787254 grsecurity-2.9.1-3.9.2-201305162327.patch
-e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch
+248ab5f9a42b72e5c3d961520a5fff609a625bbf570ad45d7ae97009525b94d7 patch-3.9.3.xz
+c1b4310085ff07200131dc841a0a22f84a7f166c3b25464e27dd2694584bc72c grsecurity-2.9.1-3.9.3-201305201732.patch
+8e2f41605937eecd47cefe62daefd372dbf1e63cf956ab3ced3213ac2b508ee3 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4 leds-leds-gpio-reserve-gpio-before-using-it.patch
-513a5f387e7453169a7f41c1ba42da3229e47edd58b5ac18da31f04905c5c0bf kernelconfig.x86
-e842cf49decc9a8f5c0f2e4b431382f521fe41db22f2c2e6a1c077b2b158b3ab kernelconfig.x86_64"
+b44c6671b344ddae1da94e6c051a0e708af8609c1f2ff40d962301ed5023c83a kernelconfig.x86
+7a6700a6db89f8c2c7f8cce7d77f4ddb3fcad889d72c709c2833af795ef1bc79 kernelconfig.x86_64"
sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
-439e32edab86f8b1bd49bc4c9325e11520d78b8182ae88aebf46a4be319c4633d6d896e2ecd3fe0363d9247f5af88a989aafca9103b8e1544262bd191440dae9 patch-3.9.2.xz
-652847ba23a7761d6fe90a04deb68f28cdde65d71bd9a53355075ba8410279250d36169359fa759208fcf45b5bfc1cc9505f072e93dd47eae5c464652760aa97 grsecurity-2.9.1-3.9.2-201305162327.patch
-b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch
+ae2bca3f0d274281d7ae88bb835d129a036350dfd3e9e941d7a0175194b2cbccffb5f8b5a20e5a7498cb5a097c6376d8cb1032ea048051b08ec0dd05309c09eb patch-3.9.3.xz
+d6aa751d1fac8c4d758f9479bc6b08f70d8725c6c74b63446def044f42260a8beb1f540ae4473ec57f42538513d3ccb42de41c8cc721b9b85d8cfbaef7ab85d5 grsecurity-2.9.1-3.9.3-201305201732.patch
+772c847cd74b12ed22266042c0902d8a3cf09c897b6e1c01148dfcd2f01aed331f292e82c34bb718090dc0898e1ef364196272bff885a32378f7fbc8bfc06a9b v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d leds-leds-gpio-reserve-gpio-before-using-it.patch
-57dc79b8b08a81993e1050197886c7f91a609843ed2f919eabd6769860fb1383e87a433def8f6b544a8c6382180822b863869ef76183c4d9df421465fe13c220 kernelconfig.x86
-0ce361b417821fc3795c4d8e4b3a8eeecbdc7df66261f744c55d288186f9a7d2a367f80bac2ff29c0d5c54f133cbbd74f3ec5e0147b0e7c04462627724dd3572 kernelconfig.x86_64"
+2516c47145f53cfa5624a9a8839b3590fd16a980aa4c8c48af4db025960d33abe855a5c698ee701a0d3704a96a9a3f93cd6c3cc8c9b8fdf73f230c15ad2f7611 kernelconfig.x86
+0a3739e5e1fe29fcce8c686d8ac223316467a2efaaa18cb3d1abf6c7a66dc86be12c26755dff1aef6d0f5a028ce4f6dfc5664ab42b484046949f401f3b9198f9 kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.2-201305162327.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.3-201305201732.patch
index 588c5edc1b..b6dd68f753 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.9.2-201305162327.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.9.3-201305201732.patch
@@ -259,7 +259,7 @@ index 8ccbf27..afffeb4 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 3e71511..8ff502e 100644
+index 01003d4..da43c4a 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -1509,7 +1509,7 @@ index 6dcc164..b14d917 100644
/*
* Fold a partial checksum without adding pseudo headers
diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h
-index 7eb18c1..e38b6d2 100644
+index 4f009c1..466c59b 100644
--- a/arch/arm/include/asm/cmpxchg.h
+++ b/arch/arm/include/asm/cmpxchg.h
@@ -102,6 +102,8 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr, int size
@@ -10240,10 +10240,10 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 15b5cef..173babc 100644
+index 6ef2a37..74ad6ad 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -244,7 +244,7 @@ config X86_HT
+@@ -243,7 +243,7 @@ config X86_HT
config X86_32_LAZY_GS
def_bool y
@@ -10252,7 +10252,7 @@ index 15b5cef..173babc 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -1077,6 +1077,7 @@ config MICROCODE_EARLY
+@@ -1076,6 +1076,7 @@ config MICROCODE_EARLY
config X86_MSR
tristate "/dev/cpu/*/msr - Model-specific register support"
@@ -10260,7 +10260,7 @@ index 15b5cef..173babc 100644
---help---
This device gives privileged processes access to the x86
Model-Specific Registers (MSRs). It is a character device with
-@@ -1100,7 +1101,7 @@ choice
+@@ -1099,7 +1100,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -10269,7 +10269,7 @@ index 15b5cef..173babc 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1137,7 +1138,7 @@ config NOHIGHMEM
+@@ -1136,7 +1137,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -10278,7 +10278,7 @@ index 15b5cef..173babc 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1190,7 +1191,7 @@ config PAGE_OFFSET
+@@ -1189,7 +1190,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -10287,7 +10287,7 @@ index 15b5cef..173babc 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1588,6 +1589,7 @@ config SECCOMP
+@@ -1587,6 +1588,7 @@ config SECCOMP
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection"
@@ -10295,7 +10295,7 @@ index 15b5cef..173babc 100644
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -1707,6 +1709,8 @@ config X86_NEED_RELOCS
+@@ -1706,6 +1708,8 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
@@ -10304,7 +10304,7 @@ index 15b5cef..173babc 100644
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1782,9 +1786,10 @@ config DEBUG_HOTPLUG_CPU0
+@@ -1781,9 +1785,10 @@ config DEBUG_HOTPLUG_CPU0
If unsure, say N.
config COMPAT_VDSO
@@ -14302,7 +14302,7 @@ index 4cc9f2b..5fd9226 100644
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 1e67223..9183226 100644
+index 1e67223..dd6e7ea 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -14365,7 +14365,19 @@ index 1e67223..9183226 100644
static inline int pte_dirty(pte_t pte)
{
return pte_flags(pte) & _PAGE_DIRTY;
-@@ -200,9 +240,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
+@@ -147,6 +187,11 @@ static inline unsigned long pud_pfn(pud_t pud)
+ return (pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT;
+ }
+
++static inline unsigned long pgd_pfn(pgd_t pgd)
++{
++ return (pgd_val(pgd) & PTE_PFN_MASK) >> PAGE_SHIFT;
++}
++
+ #define pte_page(pte) pfn_to_page(pte_pfn(pte))
+
+ static inline int pmd_large(pmd_t pte)
+@@ -200,9 +245,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
return pte_clear_flags(pte, _PAGE_RW);
}
@@ -14396,7 +14408,7 @@ index 1e67223..9183226 100644
}
static inline pte_t pte_mkdirty(pte_t pte)
-@@ -394,6 +454,15 @@ pte_t *populate_extra_pte(unsigned long vaddr);
+@@ -394,6 +459,15 @@ pte_t *populate_extra_pte(unsigned long vaddr);
#endif
#ifndef __ASSEMBLY__
@@ -14412,7 +14424,25 @@ index 1e67223..9183226 100644
#include <linux/mm_types.h>
#include <linux/log2.h>
-@@ -584,7 +653,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -529,7 +603,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
+ * Currently stuck as a macro due to indirect forward reference to
+ * linux/mmzone.h's __section_mem_map_addr() definition:
+ */
+-#define pud_page(pud) pfn_to_page(pud_val(pud) >> PAGE_SHIFT)
++#define pud_page(pud) pfn_to_page((pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT)
+
+ /* Find an entry in the second-level page table.. */
+ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
+@@ -569,7 +643,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+ * Currently stuck as a macro due to indirect forward reference to
+ * linux/mmzone.h's __section_mem_map_addr() definition:
+ */
+-#define pgd_page(pgd) pfn_to_page(pgd_val(pgd) >> PAGE_SHIFT)
++#define pgd_page(pgd) pfn_to_page((pgd_val(pgd) & PTE_PFN_MASK) >> PAGE_SHIFT)
+
+ /* to find an entry in a page-table-directory. */
+ static inline unsigned long pud_index(unsigned long address)
+@@ -584,7 +658,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -14421,7 +14451,7 @@ index 1e67223..9183226 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -607,7 +676,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -607,7 +681,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -14435,7 +14465,7 @@ index 1e67223..9183226 100644
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -618,6 +692,22 @@ static inline int pgd_none(pgd_t pgd)
+@@ -618,6 +697,22 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -14458,7 +14488,7 @@ index 1e67223..9183226 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -784,11 +874,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -784,11 +879,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -23896,10 +23926,10 @@ index a20ecb5..d0e2194 100644
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index a9c9d3e..9fe214f 100644
+index 59622c9..f338414 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
-@@ -326,6 +326,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -328,6 +328,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
#define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \
do { \
@@ -23907,7 +23937,7 @@ index a9c9d3e..9fe214f 100644
__asm__ __volatile__ ( \
_PRE_EFLAGS("0", "4", "2") \
_op _suffix " %"_x"3,%1; " \
-@@ -340,8 +341,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -342,8 +343,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
/* Raw emulation: instruction has two explicit operands. */
#define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
@@ -23916,7 +23946,7 @@ index a9c9d3e..9fe214f 100644
switch ((ctxt)->dst.bytes) { \
case 2: \
____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \
-@@ -357,7 +356,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -359,7 +358,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
#define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
@@ -23978,7 +24008,7 @@ index e1b1ce2..f7b4b43 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 6667042..b47ece4 100644
+index 0af1807..06912bb 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1184,12 +1184,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -24068,7 +24098,7 @@ index 6667042..b47ece4 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6574,6 +6590,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6580,6 +6596,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -24081,7 +24111,7 @@ index 6667042..b47ece4 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -6626,6 +6648,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6632,6 +6654,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -24093,7 +24123,7 @@ index 6667042..b47ece4 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -6639,7 +6666,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6645,7 +6672,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -24102,7 +24132,7 @@ index 6667042..b47ece4 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -6648,8 +6675,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6654,8 +6681,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -31103,7 +31133,7 @@ index 431e875..cbb23f3 100644
-}
-__setup("vdso=", vdso_setup);
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 2363127..ec09d96 100644
+index cf95e19..17e9f50 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
@@ -31115,7 +31145,7 @@ index 2363127..ec09d96 100644
RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
__read_mostly int xen_have_vector_callback;
EXPORT_SYMBOL_GPL(xen_have_vector_callback);
-@@ -496,8 +494,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
+@@ -511,8 +509,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
@@ -31125,7 +31155,7 @@ index 2363127..ec09d96 100644
int f;
/*
-@@ -545,8 +542,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -560,8 +557,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
@@ -31135,7 +31165,7 @@ index 2363127..ec09d96 100644
int f;
/*
-@@ -554,7 +550,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -569,7 +565,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
* 8-byte entries, or 16 4k pages..
*/
@@ -31144,7 +31174,7 @@ index 2363127..ec09d96 100644
BUG_ON(va & ~PAGE_MASK);
for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
-@@ -939,7 +935,7 @@ static u32 xen_safe_apic_wait_icr_idle(void)
+@@ -954,7 +950,7 @@ static u32 xen_safe_apic_wait_icr_idle(void)
return 0;
}
@@ -31153,7 +31183,7 @@ index 2363127..ec09d96 100644
{
apic->read = xen_apic_read;
apic->write = xen_apic_write;
-@@ -1245,30 +1241,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
+@@ -1260,30 +1256,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
#endif
};
@@ -31191,7 +31221,7 @@ index 2363127..ec09d96 100644
{
if (pm_power_off)
pm_power_off();
-@@ -1370,7 +1366,17 @@ asmlinkage void __init xen_start_kernel(void)
+@@ -1385,7 +1381,17 @@ asmlinkage void __init xen_start_kernel(void)
__userpte_alloc_gfp &= ~__GFP_HIGHMEM;
/* Work out if we support NX */
@@ -31210,7 +31240,7 @@ index 2363127..ec09d96 100644
xen_setup_features();
-@@ -1401,13 +1407,6 @@ asmlinkage void __init xen_start_kernel(void)
+@@ -1416,13 +1422,6 @@ asmlinkage void __init xen_start_kernel(void)
machine_ops = xen_machine_ops;
@@ -31224,7 +31254,7 @@ index 2363127..ec09d96 100644
xen_smp_init();
#ifdef CONFIG_ACPI_NUMA
-@@ -1601,7 +1600,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
+@@ -1616,7 +1615,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -33319,7 +33349,7 @@ index 6b51afa..17e1191 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index e98da67..1181716b 100644
+index 54d03d4..332f311 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd,
@@ -33352,7 +33382,7 @@ index e98da67..1181716b 100644
idr_destroy(&tconn->volumes);
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
-index a9eccfc..f5efe87 100644
+index 2f5fffd..b22a1ae 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -833,7 +833,7 @@ int drbd_connected(struct drbd_conf *mdev)
@@ -33423,7 +33453,7 @@ index a9eccfc..f5efe87 100644
atomic_inc(&peer_req->epoch->active);
spin_unlock(&tconn->epoch_lock);
-@@ -4346,7 +4346,7 @@ struct data_cmd {
+@@ -4345,7 +4345,7 @@ struct data_cmd {
int expect_payload;
size_t pkt_size;
int (*fn)(struct drbd_tconn *, struct packet_info *);
@@ -33432,7 +33462,7 @@ index a9eccfc..f5efe87 100644
static struct data_cmd drbd_cmd_handler[] = {
[P_DATA] = { 1, sizeof(struct p_data), receive_Data },
-@@ -4466,7 +4466,7 @@ static void conn_disconnect(struct drbd_tconn *tconn)
+@@ -4465,7 +4465,7 @@ static void conn_disconnect(struct drbd_tconn *tconn)
if (!list_empty(&tconn->current_epoch->list))
conn_err(tconn, "ASSERTION FAILED: tconn->current_epoch->list not empty\n");
/* ok, no more ee's on the fly, it is safe to reset the epoch_size */
@@ -33441,7 +33471,7 @@ index a9eccfc..f5efe87 100644
tconn->send.seen_any_write_yet = false;
conn_info(tconn, "Connection closed\n");
-@@ -5222,7 +5222,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn)
+@@ -5221,7 +5221,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn)
struct asender_cmd {
size_t pkt_size;
int (*fn)(struct drbd_tconn *tconn, struct packet_info *);
@@ -35986,10 +36016,10 @@ index 8a8725c2..afed796 100644
marker = list_first_entry(&queue->head,
struct vmw_marker, head);
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index aa341d1..ef07090 100644
+index e6dbf09..3dd2540 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2267,7 +2267,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2268,7 +2268,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
@@ -35998,7 +36028,7 @@ index aa341d1..ef07090 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2301,7 +2301,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2302,7 +2302,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -37704,7 +37734,7 @@ index d053098..05cc375 100644
return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' :
diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c
-index d8837d3..1f7c341 100644
+index 7b8b2b9..9c7d145 100644
--- a/drivers/md/dm-stripe.c
+++ b/drivers/md/dm-stripe.c
@@ -20,7 +20,7 @@ struct stripe {
@@ -37716,7 +37746,7 @@ index d8837d3..1f7c341 100644
};
struct stripe_c {
-@@ -184,7 +184,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
+@@ -185,7 +185,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
kfree(sc);
return r;
}
@@ -37725,7 +37755,7 @@ index d8837d3..1f7c341 100644
}
ti->private = sc;
-@@ -325,7 +325,7 @@ static void stripe_status(struct dm_target *ti, status_type_t type,
+@@ -326,7 +326,7 @@ static void stripe_status(struct dm_target *ti, status_type_t type,
DMEMIT("%d ", sc->stripes);
for (i = 0; i < sc->stripes; i++) {
DMEMIT("%s ", sc->stripe[i].dev->name);
@@ -37734,7 +37764,7 @@ index d8837d3..1f7c341 100644
'D' : 'A';
}
buffer[i] = '\0';
-@@ -370,8 +370,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error)
+@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error)
*/
for (i = 0; i < sc->stripes; i++)
if (!strcmp(sc->stripe[i].dev->name, major_minor)) {
@@ -37746,7 +37776,7 @@ index d8837d3..1f7c341 100644
schedule_work(&sc->trigger_event);
}
diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
-index e50dad0..d9575e2 100644
+index 1ff252a..ee384c1 100644
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -389,7 +389,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
@@ -39575,10 +39605,10 @@ index 8f1c256..a2991d1 100644
priv = netdev_priv(dev);
priv->phy = phy;
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
-index 73abbc1..f25db7c 100644
+index 011062e..ada88e9 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
-@@ -891,13 +891,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
+@@ -892,13 +892,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
int macvlan_link_register(struct rtnl_link_ops *ops)
{
/* common fields */
@@ -39601,7 +39631,7 @@ index 73abbc1..f25db7c 100644
return rtnl_link_register(ops);
};
-@@ -953,7 +955,7 @@ static int macvlan_device_event(struct notifier_block *unused,
+@@ -954,7 +956,7 @@ static int macvlan_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -39684,10 +39714,10 @@ index bf34192..fba3500 100644
};
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index 729ed53..9453f99 100644
+index 755fa9e..631fdce 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
-@@ -1838,7 +1838,7 @@ unlock:
+@@ -1841,7 +1841,7 @@ unlock:
}
static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
@@ -39696,7 +39726,7 @@ index 729ed53..9453f99 100644
{
struct tun_file *tfile = file->private_data;
struct tun_struct *tun;
-@@ -1850,6 +1850,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
+@@ -1853,6 +1853,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
int vnet_hdr_sz;
int ret;
@@ -42166,10 +42196,10 @@ index f379c7f..e8fc69c 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 7992635..609faf8 100644
+index 82910cc..7c350ad 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
-@@ -2909,7 +2909,7 @@ static int sd_probe(struct device *dev)
+@@ -2929,7 +2929,7 @@ static int sd_probe(struct device *dev)
sdkp->disk = gd;
sdkp->index = index;
atomic_set(&sdkp->openers, 0);
@@ -42468,7 +42498,7 @@ index 2e4d655..fd72e68 100644
spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
INIT_LIST_HEAD(&dev->t10_pr.registration_list);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index 3243ea7..4f19a6e 100644
+index 0d46276..f327cab5 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1080,7 +1080,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
@@ -50650,7 +50680,7 @@ index 3b83cd6..0f34dcd 100644
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index cf3025c..cac6011 100644
+index f3190ab..84ffb21 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1754,7 +1754,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
@@ -50662,7 +50692,7 @@ index cf3025c..cac6011 100644
break;
}
-@@ -2055,7 +2055,7 @@ repeat:
+@@ -2059,7 +2059,7 @@ repeat:
ac->ac_status = AC_STATUS_CONTINUE;
ac->ac_flags |= EXT4_MB_HINT_FIRST;
cr = 3;
@@ -50671,7 +50701,7 @@ index cf3025c..cac6011 100644
goto repeat;
}
}
-@@ -2563,25 +2563,25 @@ int ext4_mb_release(struct super_block *sb)
+@@ -2567,25 +2567,25 @@ int ext4_mb_release(struct super_block *sb)
if (sbi->s_mb_stats) {
ext4_msg(sb, KERN_INFO,
"mballoc: %u blocks %u reqs (%u success)",
@@ -50707,7 +50737,7 @@ index cf3025c..cac6011 100644
}
free_percpu(sbi->s_locality_groups);
-@@ -3035,16 +3035,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
+@@ -3039,16 +3039,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
@@ -50730,7 +50760,7 @@ index cf3025c..cac6011 100644
}
if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
-@@ -3444,7 +3444,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
+@@ -3448,7 +3448,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_inode_pa(ac, pa);
ext4_mb_use_inode_pa(ac, pa);
@@ -50739,7 +50769,7 @@ index cf3025c..cac6011 100644
ei = EXT4_I(ac->ac_inode);
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
-@@ -3504,7 +3504,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
+@@ -3508,7 +3508,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_group_pa(ac, pa);
ext4_mb_use_group_pa(ac, pa);
@@ -50748,7 +50778,7 @@ index cf3025c..cac6011 100644
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
lg = ac->ac_lg;
-@@ -3593,7 +3593,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
+@@ -3597,7 +3597,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
* from the bitmap and continue.
*/
}
@@ -50757,7 +50787,7 @@ index cf3025c..cac6011 100644
return err;
}
-@@ -3611,7 +3611,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
+@@ -3615,7 +3615,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
@@ -52632,7 +52662,7 @@ index cb424a4..850e4dd 100644
lock_flocks();
diff --git a/fs/namei.c b/fs/namei.c
-index 57ae9c8..b018eba 100644
+index 85e40d1..b66744e 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -53315,10 +53345,10 @@ index 1f94167..79c4ce4 100644
void nfs_fattr_init(struct nfs_fattr *fattr)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index 8288b08..4a140d4 100644
+index d401d01..10b3e62 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
-@@ -1098,7 +1098,7 @@ struct nfsd4_operation {
+@@ -1109,7 +1109,7 @@ struct nfsd4_operation {
nfsd4op_rsize op_rsize_bop;
stateid_getter op_get_currentstateid;
stateid_setter op_set_currentstateid;
@@ -69129,10 +69159,10 @@ index f66b065..c2c29b4 100644
int kobj_ns_type_register(const struct kobj_ns_type_operations *ops);
int kobj_ns_type_registered(enum kobj_ns_type type);
diff --git a/include/linux/kref.h b/include/linux/kref.h
-index 4972e6e..de4d19b 100644
+index 7419c02..aa2f02d 100644
--- a/include/linux/kref.h
+++ b/include/linux/kref.h
-@@ -64,7 +64,7 @@ static inline void kref_get(struct kref *kref)
+@@ -65,7 +65,7 @@ static inline void kref_get(struct kref *kref)
static inline int kref_sub(struct kref *kref, unsigned int count,
void (*release)(struct kref *kref))
{
@@ -72199,7 +72229,7 @@ index c2e542b..6ca975b 100644
extern __u32 secure_ipv6_id(const __be32 daddr[4]);
extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
diff --git a/include/net/sock.h b/include/net/sock.h
-index 14f6e9d..7cd56d0 100644
+index 0be480a..586232f 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -325,7 +325,7 @@ struct sock {
@@ -72211,7 +72241,7 @@ index 14f6e9d..7cd56d0 100644
int sk_rcvbuf;
struct sk_filter __rcu *sk_filter;
-@@ -1784,7 +1784,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
+@@ -1796,7 +1796,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
}
static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
@@ -72220,7 +72250,7 @@ index 14f6e9d..7cd56d0 100644
int copy, int offset)
{
if (skb->ip_summed == CHECKSUM_NONE) {
-@@ -2043,7 +2043,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
+@@ -2055,7 +2055,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
}
}
@@ -72230,7 +72260,7 @@ index 14f6e9d..7cd56d0 100644
/**
* sk_page_frag - return an appropriate page_frag
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index cf0694d..52a6881 100644
+index a345480..3c65cf4 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -529,7 +529,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
@@ -73412,7 +73442,7 @@ index 58d31f1..cce7a55 100644
sem_params.flg = semflg;
sem_params.u.nsems = nsems;
diff --git a/ipc/shm.c b/ipc/shm.c
-index 34af1fe..85fc1aa 100644
+index 7e199fa..180a1ca 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
@@ -73430,7 +73460,7 @@ index 34af1fe..85fc1aa 100644
void shm_init_ns(struct ipc_namespace *ns)
{
ns->shm_ctlmax = SHMMAX;
-@@ -525,6 +533,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+@@ -531,6 +539,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
shp->shm_ctim = get_seconds();
@@ -73445,7 +73475,7 @@ index 34af1fe..85fc1aa 100644
shp->shm_segsz = size;
shp->shm_nattch = 0;
shp->shm_file = file;
-@@ -576,18 +592,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
+@@ -582,18 +598,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
@@ -73470,7 +73500,7 @@ index 34af1fe..85fc1aa 100644
shm_params.key = key;
shm_params.flg = shmflg;
shm_params.u.size = size;
-@@ -1008,6 +1025,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1014,6 +1031,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
f_mode = FMODE_READ | FMODE_WRITE;
}
if (shmflg & SHM_EXEC) {
@@ -73483,7 +73513,7 @@ index 34af1fe..85fc1aa 100644
prot |= PROT_EXEC;
acc_mode |= S_IXUGO;
}
-@@ -1031,9 +1054,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1037,9 +1060,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
if (err)
goto out_unlock;
@@ -73559,10 +73589,10 @@ index d596e53..dbef3c3 100644
audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
&status_set, sizeof(status_set));
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index a371f85..da826c1 100644
+index c4b72b0..8654c4e 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -2292,7 +2292,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
+@@ -2295,7 +2295,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
}
/* global counter which is incremented every time something logs in */
@@ -73571,7 +73601,7 @@ index a371f85..da826c1 100644
/**
* audit_set_loginuid - set current task's audit_context loginuid
-@@ -2316,7 +2316,7 @@ int audit_set_loginuid(kuid_t loginuid)
+@@ -2319,7 +2319,7 @@ int audit_set_loginuid(kuid_t loginuid)
return -EPERM;
#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
@@ -74908,7 +74938,7 @@ index ffd4e11..c3ff6bf 100644
/* Don't allow clients that don't understand the native
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index 56dd349..336e1dc 100644
+index 8985c87..f539dbe 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
@@ -75045,7 +75075,7 @@ index 56dd349..336e1dc 100644
/*
* If ret is 0, either ____call_usermodehelper failed and the
-@@ -644,7 +697,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns);
+@@ -649,7 +702,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns);
static int proc_cap_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -78439,7 +78469,7 @@ index 0b537f2..40d6c20 100644
return -ENOMEM;
return 0;
diff --git a/kernel/timer.c b/kernel/timer.c
-index dbf7a78..e2148f0 100644
+index 1b399c8..90e1849 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
@@ -1363,7 +1363,7 @@ void update_process_times(int user_tick)
@@ -81042,7 +81072,7 @@ index 79b7cf7..c60424f 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index e17fc06..72fc5fd 100644
+index 0dceed8..671951c 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -33,6 +33,7 @@
@@ -81337,7 +81367,7 @@ index e17fc06..72fc5fd 100644
addr = mmap_region(file, addr, len, vm_flags, pgoff);
if (!IS_ERR_VALUE(addr) &&
((vm_flags & VM_LOCKED) ||
-@@ -1392,7 +1509,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
+@@ -1396,7 +1513,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
vm_flags_t vm_flags = vma->vm_flags;
/* If it was private or non-writable, the write bit is already clear */
@@ -81346,7 +81376,7 @@ index e17fc06..72fc5fd 100644
return 0;
/* The backer wishes to know when pages are first written to? */
-@@ -1440,16 +1557,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1444,16 +1561,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
unsigned long charged = 0;
struct inode *inode = file ? file_inode(file) : NULL;
@@ -81379,7 +81409,7 @@ index e17fc06..72fc5fd 100644
if (!may_expand_vm(mm, len >> PAGE_SHIFT))
return -ENOMEM;
-@@ -1481,6 +1612,16 @@ munmap_back:
+@@ -1485,6 +1616,16 @@ munmap_back:
goto unacct_error;
}
@@ -81396,7 +81426,7 @@ index e17fc06..72fc5fd 100644
vma->vm_mm = mm;
vma->vm_start = addr;
vma->vm_end = addr + len;
-@@ -1505,6 +1646,13 @@ munmap_back:
+@@ -1509,6 +1650,13 @@ munmap_back:
if (error)
goto unmap_and_free_vma;
@@ -81410,7 +81440,7 @@ index e17fc06..72fc5fd 100644
/* Can addr have changed??
*
* Answer: Yes, several device drivers can do it in their
-@@ -1543,6 +1691,11 @@ munmap_back:
+@@ -1547,6 +1695,11 @@ munmap_back:
vma_link(mm, vma, prev, rb_link, rb_parent);
file = vma->vm_file;
@@ -81422,7 +81452,7 @@ index e17fc06..72fc5fd 100644
/* Once vma denies write, undo our temporary denial count */
if (correct_wcount)
atomic_inc(&inode->i_writecount);
-@@ -1550,6 +1703,7 @@ out:
+@@ -1554,6 +1707,7 @@ out:
perf_event_mmap(vma);
vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
@@ -81430,7 +81460,7 @@ index e17fc06..72fc5fd 100644
if (vm_flags & VM_LOCKED) {
if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) ||
vma == get_gate_vma(current->mm)))
-@@ -1573,6 +1727,12 @@ unmap_and_free_vma:
+@@ -1577,6 +1731,12 @@ unmap_and_free_vma:
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
charged = 0;
free_vma:
@@ -81443,7 +81473,7 @@ index e17fc06..72fc5fd 100644
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1580,6 +1740,62 @@ unacct_error:
+@@ -1584,6 +1744,62 @@ unacct_error:
return error;
}
@@ -81506,7 +81536,7 @@ index e17fc06..72fc5fd 100644
unsigned long unmapped_area(struct vm_unmapped_area_info *info)
{
/*
-@@ -1799,6 +2015,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1803,6 +2019,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
struct vm_unmapped_area_info info;
@@ -81514,7 +81544,7 @@ index e17fc06..72fc5fd 100644
if (len > TASK_SIZE)
return -ENOMEM;
-@@ -1806,29 +2023,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1810,29 +2027,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (flags & MAP_FIXED)
return addr;
@@ -81563,7 +81593,7 @@ index e17fc06..72fc5fd 100644
mm->free_area_cache = addr;
}
-@@ -1846,6 +2079,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1850,6 +2083,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
struct mm_struct *mm = current->mm;
unsigned long addr = addr0;
struct vm_unmapped_area_info info;
@@ -81571,7 +81601,7 @@ index e17fc06..72fc5fd 100644
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -1854,12 +2088,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1858,12 +2092,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
if (flags & MAP_FIXED)
return addr;
@@ -81589,7 +81619,7 @@ index e17fc06..72fc5fd 100644
return addr;
}
-@@ -1868,6 +2105,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1872,6 +2109,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
info.low_limit = PAGE_SIZE;
info.high_limit = mm->mmap_base;
info.align_mask = 0;
@@ -81597,7 +81627,7 @@ index e17fc06..72fc5fd 100644
addr = vm_unmapped_area(&info);
/*
-@@ -1880,6 +2118,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1884,6 +2122,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
VM_BUG_ON(addr != -ENOMEM);
info.flags = 0;
info.low_limit = TASK_UNMAPPED_BASE;
@@ -81610,7 +81640,7 @@ index e17fc06..72fc5fd 100644
info.high_limit = TASK_SIZE;
addr = vm_unmapped_area(&info);
}
-@@ -1890,6 +2134,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1894,6 +2138,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
{
@@ -81623,7 +81653,7 @@ index e17fc06..72fc5fd 100644
/*
* Is this a new hole at the highest possible address?
*/
-@@ -1897,8 +2147,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+@@ -1901,8 +2151,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
mm->free_area_cache = addr;
/* dont allow allocations above current base */
@@ -81635,7 +81665,7 @@ index e17fc06..72fc5fd 100644
}
unsigned long
-@@ -1997,6 +2249,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
+@@ -2001,6 +2253,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
return vma;
}
@@ -81664,7 +81694,7 @@ index e17fc06..72fc5fd 100644
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -2013,6 +2287,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2017,6 +2291,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
return -ENOMEM;
/* Stack limit test */
@@ -81672,7 +81702,7 @@ index e17fc06..72fc5fd 100644
if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -2023,6 +2298,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2027,6 +2302,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
locked = mm->locked_vm + grow;
limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
@@ -81680,7 +81710,7 @@ index e17fc06..72fc5fd 100644
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -2052,37 +2328,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2056,37 +2332,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
@@ -81738,7 +81768,7 @@ index e17fc06..72fc5fd 100644
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -2117,6 +2404,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+@@ -2121,6 +2408,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
}
}
}
@@ -81747,7 +81777,7 @@ index e17fc06..72fc5fd 100644
vma_unlock_anon_vma(vma);
khugepaged_enter_vma_merge(vma);
validate_mm(vma->vm_mm);
-@@ -2131,6 +2420,8 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2135,6 +2424,8 @@ int expand_downwards(struct vm_area_struct *vma,
unsigned long address)
{
int error;
@@ -81756,7 +81786,7 @@ index e17fc06..72fc5fd 100644
/*
* We must make sure the anon_vma is allocated
-@@ -2144,6 +2435,15 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2148,6 +2439,15 @@ int expand_downwards(struct vm_area_struct *vma,
if (error)
return error;
@@ -81772,7 +81802,7 @@ index e17fc06..72fc5fd 100644
vma_lock_anon_vma(vma);
/*
-@@ -2153,9 +2453,17 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2157,9 +2457,17 @@ int expand_downwards(struct vm_area_struct *vma,
*/
/* Somebody else might have raced and expanded it already */
@@ -81791,7 +81821,7 @@ index e17fc06..72fc5fd 100644
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -2180,6 +2488,18 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2184,6 +2492,18 @@ int expand_downwards(struct vm_area_struct *vma,
vma->vm_pgoff -= grow;
anon_vma_interval_tree_post_update_vma(vma);
vma_gap_update(vma);
@@ -81810,7 +81840,7 @@ index e17fc06..72fc5fd 100644
spin_unlock(&vma->vm_mm->page_table_lock);
perf_event_mmap(vma);
-@@ -2284,6 +2604,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2288,6 +2608,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
do {
long nrpages = vma_pages(vma);
@@ -81824,7 +81854,7 @@ index e17fc06..72fc5fd 100644
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
-@@ -2329,6 +2656,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2333,6 +2660,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
do {
@@ -81841,7 +81871,7 @@ index e17fc06..72fc5fd 100644
vma_rb_erase(vma, &mm->mm_rb);
mm->map_count--;
tail_vma = vma;
-@@ -2360,14 +2697,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2364,14 +2701,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
struct vm_area_struct *new;
int err = -ENOMEM;
@@ -81875,7 +81905,7 @@ index e17fc06..72fc5fd 100644
/* most fields are the same, copy all, and then fixup */
*new = *vma;
-@@ -2380,6 +2736,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2384,6 +2740,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
}
@@ -81898,7 +81928,7 @@ index e17fc06..72fc5fd 100644
pol = mpol_dup(vma_policy(vma));
if (IS_ERR(pol)) {
err = PTR_ERR(pol);
-@@ -2402,6 +2774,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2406,6 +2778,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
else
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
@@ -81935,7 +81965,7 @@ index e17fc06..72fc5fd 100644
/* Success. */
if (!err)
return 0;
-@@ -2411,10 +2813,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2415,10 +2817,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
new->vm_ops->close(new);
if (new->vm_file)
fput(new->vm_file);
@@ -81955,7 +81985,7 @@ index e17fc06..72fc5fd 100644
kmem_cache_free(vm_area_cachep, new);
out_err:
return err;
-@@ -2427,6 +2837,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2431,6 +2841,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, int new_below)
{
@@ -81971,7 +82001,7 @@ index e17fc06..72fc5fd 100644
if (mm->map_count >= sysctl_max_map_count)
return -ENOMEM;
-@@ -2438,11 +2857,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2442,11 +2861,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
@@ -82002,7 +82032,7 @@ index e17fc06..72fc5fd 100644
if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
return -EINVAL;
-@@ -2517,6 +2955,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+@@ -2521,6 +2959,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
/* Fix up all other VM information */
remove_vma_list(mm, vma);
@@ -82011,7 +82041,7 @@ index e17fc06..72fc5fd 100644
return 0;
}
-@@ -2525,6 +2965,13 @@ int vm_munmap(unsigned long start, size_t len)
+@@ -2529,6 +2969,13 @@ int vm_munmap(unsigned long start, size_t len)
int ret;
struct mm_struct *mm = current->mm;
@@ -82025,7 +82055,7 @@ index e17fc06..72fc5fd 100644
down_write(&mm->mmap_sem);
ret = do_munmap(mm, start, len);
up_write(&mm->mmap_sem);
-@@ -2538,16 +2985,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
+@@ -2542,16 +2989,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
return vm_munmap(addr, len);
}
@@ -82042,7 +82072,7 @@ index e17fc06..72fc5fd 100644
/*
* this is really a simplified "do_mmap". it only handles
* anonymous maps. eventually we may be able to do some
-@@ -2561,6 +2998,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2565,6 +3002,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
struct rb_node ** rb_link, * rb_parent;
pgoff_t pgoff = addr >> PAGE_SHIFT;
int error;
@@ -82050,7 +82080,7 @@ index e17fc06..72fc5fd 100644
len = PAGE_ALIGN(len);
if (!len)
-@@ -2568,16 +3006,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2572,16 +3010,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
@@ -82082,7 +82112,7 @@ index e17fc06..72fc5fd 100644
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
-@@ -2594,21 +3046,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2598,21 +3050,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
/*
* Clear old maps. this also does some error checking for us
*/
@@ -82107,7 +82137,7 @@ index e17fc06..72fc5fd 100644
return -ENOMEM;
/* Can we just expand an old private anonymous mapping? */
-@@ -2622,7 +3073,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2626,7 +3077,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
*/
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
if (!vma) {
@@ -82116,7 +82146,7 @@ index e17fc06..72fc5fd 100644
return -ENOMEM;
}
-@@ -2636,9 +3087,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2640,9 +3091,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
vma_link(mm, vma, prev, rb_link, rb_parent);
out:
perf_event_mmap(vma);
@@ -82129,7 +82159,7 @@ index e17fc06..72fc5fd 100644
return addr;
}
-@@ -2700,6 +3152,7 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2704,6 +3156,7 @@ void exit_mmap(struct mm_struct *mm)
while (vma) {
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += vma_pages(vma);
@@ -82137,7 +82167,7 @@ index e17fc06..72fc5fd 100644
vma = remove_vma(vma);
}
vm_unacct_memory(nr_accounted);
-@@ -2716,6 +3169,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2720,6 +3173,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
struct vm_area_struct *prev;
struct rb_node **rb_link, *rb_parent;
@@ -82151,7 +82181,7 @@ index e17fc06..72fc5fd 100644
/*
* The vm_pgoff of a purely anonymous vma should be irrelevant
* until its first write fault, when page's anon_vma and index
-@@ -2739,7 +3199,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2743,7 +3203,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
@@ -82173,7 +82203,7 @@ index e17fc06..72fc5fd 100644
return 0;
}
-@@ -2759,6 +3233,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2763,6 +3237,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct mempolicy *pol;
bool faulted_in_anon_vma = true;
@@ -82182,7 +82212,7 @@ index e17fc06..72fc5fd 100644
/*
* If anonymous vma has not yet been faulted, update new pgoff
* to match new location, to increase its chance of merging.
-@@ -2825,6 +3301,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2829,6 +3305,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
return NULL;
}
@@ -82222,7 +82252,7 @@ index e17fc06..72fc5fd 100644
/*
* Return true if the calling process may expand its vm space by the passed
* number of pages
-@@ -2836,6 +3345,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
+@@ -2840,6 +3349,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
@@ -82230,7 +82260,7 @@ index e17fc06..72fc5fd 100644
if (cur + npages > lim)
return 0;
return 1;
-@@ -2906,6 +3416,22 @@ int install_special_mapping(struct mm_struct *mm,
+@@ -2910,6 +3420,22 @@ int install_special_mapping(struct mm_struct *mm,
vma->vm_start = addr;
vma->vm_end = addr + len;
@@ -85015,7 +85045,7 @@ index 368f9c3..f82d4a3 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index b24ab0e9..1c424bc 100644
+index 9a278e9..15f2b9e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -85352,7 +85382,7 @@ index e61a8bb..6a2f13c 100644
#ifdef CONFIG_INET
static u32 seq_scale(u32 seq)
diff --git a/net/core/sock.c b/net/core/sock.c
-index b261a79..8fe17ab 100644
+index 1432266..1a0d4a1 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -85439,7 +85469,7 @@ index b261a79..8fe17ab 100644
return -EFAULT;
lenout:
if (put_user(len, optlen))
-@@ -2296,7 +2296,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2284,7 +2284,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
*/
smp_wmb();
atomic_set(&sk->sk_refcnt, 1);
@@ -86482,7 +86512,7 @@ index d09203c..fd5cc91 100644
}
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
-index b83a49c..6c562a7 100644
+index 2f672e7..b8895e9 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -27,6 +27,10 @@
@@ -86496,7 +86526,7 @@ index b83a49c..6c562a7 100644
int sysctl_tcp_syncookies __read_mostly = 1;
EXPORT_SYMBOL(sysctl_tcp_syncookies);
-@@ -744,7 +748,10 @@ embryonic_reset:
+@@ -749,7 +753,10 @@ embryonic_reset:
* avoid becoming vulnerable to outside attack aiming at
* resetting legit local connections.
*/
@@ -86752,7 +86782,7 @@ index fff5bdd..15194fb 100644
table = kmemdup(ipv6_icmp_table_template,
sizeof(ipv6_icmp_table_template),
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index e4efffe..791fe2f 100644
+index 95d13c7..791fe2f 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -73,7 +73,7 @@ struct ip6gre_net {
@@ -86764,23 +86794,7 @@ index e4efffe..791fe2f 100644
static int ip6gre_tunnel_init(struct net_device *dev);
static void ip6gre_tunnel_setup(struct net_device *dev);
static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
-@@ -1135,6 +1135,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev,
- }
- if (t == NULL)
- t = netdev_priv(dev);
-+ memset(&p, 0, sizeof(p));
- ip6gre_tnl_parm_to_user(&p, &t->parms);
- if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
- err = -EFAULT;
-@@ -1182,6 +1183,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev,
- if (t) {
- err = 0;
-
-+ memset(&p, 0, sizeof(p));
- ip6gre_tnl_parm_to_user(&p, &t->parms);
- if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
- err = -EFAULT;
-@@ -1335,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
+@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
}
@@ -86789,7 +86803,7 @@ index e4efffe..791fe2f 100644
.handler = ip6gre_rcv,
.err_handler = ip6gre_err,
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
-@@ -1669,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
+@@ -1671,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
[IFLA_GRE_FLAGS] = { .type = NLA_U32 },
};
@@ -86798,7 +86812,7 @@ index e4efffe..791fe2f 100644
.kind = "ip6gre",
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
-@@ -1682,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
+@@ -1684,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
.fill_info = ip6gre_fill_info,
};
@@ -87108,7 +87122,7 @@ index e85c48b..b8268d3 100644
struct ctl_table *ipv6_icmp_table;
int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 46a5be8..415688d 100644
+index 0fce928..c52a518 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
@@ -87167,7 +87181,7 @@ index 46a5be8..415688d 100644
}
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index d8e5e85..5a447f4 100644
+index 27f0f8e..949e7ee 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -52,6 +52,10 @@
@@ -87228,10 +87242,10 @@ index d8e5e85..5a447f4 100644
int udp6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
-index 4ef7bdb..9e97017 100644
+index 23ed03d..465a71d 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
-@@ -322,19 +322,19 @@ static struct ctl_table xfrm6_policy_table[] = {
+@@ -324,19 +324,19 @@ static struct ctl_table xfrm6_policy_table[] = {
static int __net_init xfrm6_net_init(struct net *net)
{
@@ -87256,7 +87270,7 @@ index 4ef7bdb..9e97017 100644
if (!hdr)
goto err_reg;
-@@ -342,8 +342,7 @@ static int __net_init xfrm6_net_init(struct net *net)
+@@ -344,8 +344,7 @@ static int __net_init xfrm6_net_init(struct net *net)
return 0;
err_reg:
@@ -88195,10 +88209,10 @@ index 103bd70..f21aad3 100644
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 1d6793d..056b191 100644
+index f83e172..b57140d 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1571,7 +1571,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_packets++;
@@ -88207,7 +88221,7 @@ index 1d6793d..056b191 100644
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk, skb->len);
-@@ -1587,7 +1587,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1580,7 +1580,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_drops++;
@@ -88216,7 +88230,7 @@ index 1d6793d..056b191 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -2565,6 +2565,7 @@ out:
+@@ -2558,6 +2558,7 @@ out:
static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
{
@@ -88224,7 +88238,7 @@ index 1d6793d..056b191 100644
struct sock_exterr_skb *serr;
struct sk_buff *skb, *skb2;
int copied, err;
-@@ -2586,8 +2587,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
+@@ -2579,8 +2580,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
sock_recv_timestamp(msg, sk, skb);
serr = SKB_EXT_ERR(skb);
@@ -88235,7 +88249,7 @@ index 1d6793d..056b191 100644
msg->msg_flags |= MSG_ERRQUEUE;
err = copied;
-@@ -3212,7 +3214,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3205,7 +3207,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -88244,7 +88258,7 @@ index 1d6793d..056b191 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3254,7 +3256,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3247,7 +3249,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
@@ -102590,10 +102604,10 @@ index 0000000..ac2901e
+}
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c
new file mode 100644
-index 0000000..b07fe22
+index 0000000..4fae911
--- /dev/null
+++ b/tools/gcc/structleak_plugin.c
-@@ -0,0 +1,276 @@
+@@ -0,0 +1,277 @@
+/*
+ * Copyright 2013 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -102734,11 +102748,12 @@ index 0000000..b07fe22
+ // first check if the variable is already initialized, warn otherwise
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ gimple stmt = gsi_stmt(gsi);
-+ tree rhs1 = gimple_assign_rhs1(stmt);
++ tree rhs1;
+
+ // we're looking for an assignment of a single rhs...
+ if (!gimple_assign_single_p(stmt))
+ continue;
++ rhs1 = gimple_assign_rhs1(stmt);
+#if BUILDING_GCC_VERSION >= 4007
+ // ... of a non-clobbering expression...
+ if (TREE_CLOBBER_P(rhs1))
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index 3f3b6f478d..e7d4331a7f 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.9.2 Kernel Configuration
+# Linux/x86 3.9.3 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -83,7 +83,6 @@ CONFIG_IRQ_DOMAIN=y
CONFIG_IRQ_FORCED_THREADING=y
CONFIG_SPARSE_IRQ=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
-CONFIG_ALWAYS_USE_PERSISTENT_CLOCK=y
CONFIG_KTIME_SCALAR=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
@@ -4735,6 +4734,9 @@ CONFIG_INFINIBAND_ISER=m
# CONFIG_EDAC is not set
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
+CONFIG_RTC_HCTOSYS=y
+CONFIG_RTC_SYSTOHC=y
+CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
# CONFIG_RTC_DEBUG is not set
#
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64
index ba51aaf127..561ab2088a 100644
--- a/main/linux-grsec/kernelconfig.x86_64
+++ b/main/linux-grsec/kernelconfig.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.9.2 Kernel Configuration
+# Linux/x86 3.9.3 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -85,7 +85,6 @@ CONFIG_IRQ_FORCED_THREADING=y
CONFIG_SPARSE_IRQ=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_ARCH_CLOCKSOURCE_DATA=y
-CONFIG_ALWAYS_USE_PERSISTENT_CLOCK=y
CONFIG_GENERIC_TIME_VSYSCALL=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
@@ -4650,6 +4649,9 @@ CONFIG_INFINIBAND_ISER=m
# CONFIG_EDAC is not set
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
+CONFIG_RTC_HCTOSYS=y
+CONFIG_RTC_SYSTOHC=y
+CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
# CONFIG_RTC_DEBUG is not set
#
diff --git a/main/linux-grsec/v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch b/main/linux-grsec/v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
new file mode 100644
index 0000000000..0fdafec17e
--- /dev/null
+++ b/main/linux-grsec/v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
@@ -0,0 +1,89 @@
+From patchwork Tue May 21 10:23:44 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Subject: [v2,net-next] arp: flush arp cache on IFF_NOARP change
+Date: Tue, 21 May 2013 00:23:44 -0000
+From: =?utf-8?q?Timo_Ter=C3=A4s?= <timo.teras@iki.fi>
+X-Patchwork-Id: 245256
+Message-Id: <1369131824-6318-1-git-send-email-timo.teras@iki.fi>
+To: David Miller <davem@davemloft.net>, netdev@vger.kernel.org, kaber@trash.net
+Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+
+IFF_NOARP affects what kind of neighbor entries are created
+(nud NOARP or nud INCOMPLETE). If the flag changes, flush the arp
+cache to refresh all entries.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+
+---
+> This patch makes no sense at all.
+>
+> The state bit in ->priv_flags is a boolean stating whether the
+> notified should do something or not.
+>
+> But you're setting it to match what IFF_NOARP is.
+>
+> You should set it any time IFF_NOARP _changes_, and then clear
+> the bit when the notifier clears the neighbour entries.
+
+IFF_NOARP_CHANGED is set according to "changes = dev->flags ^ old_flags;"
+which reflect the change. But I agree that the clearing out bit was
+misplaced. This is especially true as it seems NETDEV_CHANGE can be
+notified from another place too.
+
+I've updated the if.h comment to state that the bit is valid only during
+NETDEV_CHANGE notifier. And __dev_notify_flags is updated to always clear
+the bit after notifiers are done.
+
+ include/uapi/linux/if.h | 2 ++
+ net/core/dev.c | 6 +++++-
+ net/ipv4/arp.c | 4 ++++
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/include/uapi/linux/if.h b/include/uapi/linux/if.h
+index 1ec407b..1be8b35 100644
+--- a/include/uapi/linux/if.h
++++ b/include/uapi/linux/if.h
+@@ -83,6 +83,8 @@
+ #define IFF_SUPP_NOFCS 0x80000 /* device supports sending custom FCS */
+ #define IFF_LIVE_ADDR_CHANGE 0x100000 /* device supports hardware address
+ * change when it's running */
++#define IFF_NOARP_CHANGED 0x200000 /* Set during NETDEV_CHANGE notifier
++ * if IFF_NOARP has changed */
+
+
+ #define IF_GET_IFACE 0x0001 /* for querying only */
+diff --git a/net/core/dev.c b/net/core/dev.c
+index 18e9730..ce30761 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -4699,8 +4699,12 @@ void __dev_notify_flags(struct net_device *dev, unsigned int old_flags)
+ }
+
+ if (dev->flags & IFF_UP &&
+- (changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE)))
++ (changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE))) {
++ if (changes & IFF_NOARP)
++ dev->priv_flags |= IFF_NOARP_CHANGED;
+ call_netdevice_notifiers(NETDEV_CHANGE, dev);
++ dev->priv_flags &= ~IFF_NOARP_CHANGED;
++ }
+ }
+
+ /**
+diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
+index 247ec19..375b2f2 100644
+--- a/net/ipv4/arp.c
++++ b/net/ipv4/arp.c
+@@ -1241,6 +1241,10 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event,
+ neigh_changeaddr(&arp_tbl, dev);
+ rt_cache_flush(dev_net(dev));
+ break;
++ case NETDEV_CHANGE:
++ if (dev->priv_flags & IFF_NOARP_CHANGED)
++ neigh_changeaddr(&arp_tbl, dev);
++ break;
+ default:
+ break;
+ }