diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-10-23 12:58:36 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-10-23 12:58:36 +0000 |
| commit | a56da86bc3bea1f2fcbba99b7826b0ea771eb5d4 (patch) | |
| tree | f85eea06c53ab64e4d1018c3e22bb1cba425d67c /main/linux-virt-grsec | |
| parent | 287dda5edee5dd42c49cb3c9624e3ad76155932e (diff) | |
| download | aports-a56da86bc3bea1f2fcbba99b7826b0ea771eb5d4.tar.bz2 aports-a56da86bc3bea1f2fcbba99b7826b0ea771eb5d4.tar.xz | |
main/linux-virt-grsec: upgrade to 3.14.22
Diffstat (limited to 'main/linux-virt-grsec')
| -rw-r--r-- | main/linux-virt-grsec/APKBUILD | 16 | ||||
| -rw-r--r-- | main/linux-virt-grsec/grsecurity-3.0-3.14.22-201410192047.patch (renamed from main/linux-virt-grsec/grsecurity-3.0-3.14.20-201410062037.patch) | 1519 |
2 files changed, 904 insertions, 631 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD index 5f6790fe05..366bef215f 100644 --- a/main/linux-virt-grsec/APKBUILD +++ b/main/linux-virt-grsec/APKBUILD @@ -3,7 +3,7 @@ _flavor=virt-grsec pkgname=linux-${_flavor} -pkgver=3.14.20 +pkgver=3.14.22 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-$pkgver-201410062037.patch + grsecurity-3.0-$pkgver-201410192047.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -146,22 +146,22 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -e581089540b747c39d528fc4c47b70b6 patch-3.14.20.xz -149cb0b654a5eb6122c7e47b0f113c98 grsecurity-3.0-3.14.20-201410062037.patch +6634fc5051468ef7ff96187edc108825 patch-3.14.22.xz +2a930c98841c849c7517828395d2583f grsecurity-3.0-3.14.22-201410192047.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 6b30dd8284f37ecc244d556bebf32046 kernelconfig.x86 8df8378d305bdd302b01293ff44e982d kernelconfig.x86_64" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -b01ba521cce12d3b9e8c25807567837dd88878b861f27c453c29cee80b6cb84b patch-3.14.20.xz -578f55546016f72c9ed3afedebb0cf6e74ab613f25c29d0a2f3a6b4bfbd1456f grsecurity-3.0-3.14.20-201410062037.patch +459d9a5d38d496a6448c896e39c342c71fee29c49da38192104d3acc4f0cdd43 patch-3.14.22.xz +816f9fee2e551b16a20aff3123325194299c03f8a397539fa72d2654016bd538 grsecurity-3.0-3.14.22-201410192047.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 5e06e22ca723e50ae9f4bfabdda2e738f7b28cbbfe77b6be295285d6cd75c916 kernelconfig.x86 0ec1e1eb4445bd9751cb98a55afd4a430bed08e8d8c3c0a107d2f14ec5746dd2 kernelconfig.x86_64" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -91231ec4e8e10a09b407d8db123e29a87ef4bf03fa3707f7ed511f22248de7d7b9cfc5169de5e9630854c97166594d3a00293571529d9b7a529118e6d2295b4f patch-3.14.20.xz -2a515f7ef49df5ef1d1de725884f541438f980d364db94789eb8381bf10a7902c7a5647ef1d7e296952980e6918e6697d0212b61cc1b7e171137ca6abba56504 grsecurity-3.0-3.14.20-201410062037.patch +ccd02031badafe9c981cfc65d10eee674f76cd8bbcfd8d9765ec057b87dcb7d56583fb2b75eb0a6d14fa7aa028e15061aa79fe1618b40fb79dae6c0479e9202b patch-3.14.22.xz +8a673850de30772dedd1323fdaab02e3c0ad15669c9330c1b64b485b6b2153e651915e221f9a8f7d96098540b4aa95a15fd65a0e9a1e7c7b29a49c927e4dd448 grsecurity-3.0-3.14.22-201410192047.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 29dc4bbde6052bb16200d87b7137717a053ad3c716a305a51d2b523531f35c1a7e144099f7a251c85849c9117a65ed961262dd314e0832f58750f489aeb1440e kernelconfig.x86 diff --git a/main/linux-virt-grsec/grsecurity-3.0-3.14.20-201410062037.patch b/main/linux-virt-grsec/grsecurity-3.0-3.14.22-201410192047.patch index 07a0783bae..8d0df77a72 100644 --- a/main/linux-virt-grsec/grsecurity-3.0-3.14.20-201410062037.patch +++ b/main/linux-virt-grsec/grsecurity-3.0-3.14.22-201410192047.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index beb7e6f..70db31f 100644 +index a59980e..46601e4 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -10053,19 +10053,22 @@ index 96efa7a..16858bf 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index a5f01ac..703b554 100644 +index a5f01ac..a8811dd 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h -@@ -63,6 +63,8 @@ struct thread_info { +@@ -63,7 +63,10 @@ struct thread_info { struct pt_regs *kern_una_regs; unsigned int kern_una_insn; +- unsigned long fpregs[0] __attribute__ ((aligned(64))); + unsigned long lowest_stack; + - unsigned long fpregs[0] __attribute__ ((aligned(64))); ++ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)] ++ __attribute__ ((aligned(64))); }; -@@ -188,12 +190,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); + #endif /* !(__ASSEMBLY__) */ +@@ -188,12 +191,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ /* flag bit 4 is available */ #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ @@ -10080,7 +10083,7 @@ index a5f01ac..703b554 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -213,12 +216,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -213,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) @@ -16579,10 +16582,22 @@ index ced283a..ffe04cc 100644 union { u64 v64; diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 9c999c1..3860cb8 100644 +index 9c999c1..5718a82 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h -@@ -243,7 +243,25 @@ extern int force_personality32; +@@ -155,8 +155,9 @@ do { \ + #define elf_check_arch(x) \ + ((x)->e_machine == EM_X86_64) + +-#define compat_elf_check_arch(x) \ +- (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64) ++#define compat_elf_check_arch(x) \ ++ (elf_check_arch_ia32(x) || \ ++ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) + + #if __USER32_DS != __USER_DS + # error "The following code assumes __USER32_DS == __USER_DS" +@@ -243,7 +244,25 @@ extern int force_personality32; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -16608,7 +16623,7 @@ index 9c999c1..3860cb8 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -296,16 +314,12 @@ do { \ +@@ -296,16 +315,12 @@ do { \ #define ARCH_DLINFO \ do { \ @@ -16627,7 +16642,7 @@ index 9c999c1..3860cb8 100644 } while (0) #define AT_SYSINFO 32 -@@ -320,7 +334,7 @@ else \ +@@ -320,7 +335,7 @@ else \ #endif /* !CONFIG_X86_32 */ @@ -16636,7 +16651,7 @@ index 9c999c1..3860cb8 100644 #define VDSO_ENTRY \ ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall)) -@@ -336,9 +350,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, +@@ -336,9 +351,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, extern int syscall32_setup_pages(struct linux_binprm *, int exstack); #define compat_arch_setup_additional_pages syscall32_setup_pages @@ -18024,10 +18039,10 @@ index ed5903b..c7fe163 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index d869931..82f2923 100644 +index d869931..aeba032 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h -@@ -16,11 +16,15 @@ +@@ -16,11 +16,16 @@ extern pud_t level3_kernel_pgt[512]; extern pud_t level3_ident_pgt[512]; @@ -18041,11 +18056,12 @@ index d869931..82f2923 100644 +extern pmd_t level2_ident_pgt[512*2]; extern pte_t level1_fixmap_pgt[512]; -extern pgd_t init_level4_pgt[]; ++extern pte_t level1_vsyscall_pgt[512]; +extern pgd_t init_level4_pgt[512]; #define swapper_pg_dir init_level4_pgt -@@ -62,7 +66,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) +@@ -62,7 +67,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) { @@ -18055,7 +18071,7 @@ index d869931..82f2923 100644 } static inline void native_pmd_clear(pmd_t *pmd) -@@ -98,7 +104,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) +@@ -98,7 +105,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) static inline void native_set_pud(pud_t *pudp, pud_t pud) { @@ -18065,7 +18081,7 @@ index d869931..82f2923 100644 } static inline void native_pud_clear(pud_t *pud) -@@ -108,6 +116,13 @@ static inline void native_pud_clear(pud_t *pud) +@@ -108,6 +117,13 @@ static inline void native_pud_clear(pud_t *pud) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -28544,10 +28560,18 @@ index 2de1bc0..22251ee 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 3927528..fc19971 100644 +index 3927528..cd7f2ac 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1320,12 +1320,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -441,6 +441,7 @@ struct vcpu_vmx { + #endif + int gs_ldt_reload_needed; + int fs_reload_needed; ++ unsigned long vmcs_host_cr4; /* May not match real cr4 */ + } host_state; + struct { + int vm86_active; +@@ -1320,12 +1321,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -28562,7 +28586,7 @@ index 3927528..fc19971 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1585,7 +1585,11 @@ static void reload_tss(void) +@@ -1585,7 +1586,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -28574,7 +28598,7 @@ index 3927528..fc19971 100644 load_TR_desc(); } -@@ -1809,6 +1813,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1809,6 +1814,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -28585,7 +28609,7 @@ index 3927528..fc19971 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2098,7 +2106,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) +@@ -2098,7 +2107,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) * reads and returns guest's timestamp counter "register" * guest_tsc = host_tsc + tsc_offset -- 21.3 */ @@ -28594,7 +28618,7 @@ index 3927528..fc19971 100644 { u64 host_tsc, tsc_offset; -@@ -3024,8 +3032,11 @@ static __init int hardware_setup(void) +@@ -3024,8 +3033,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -28608,7 +28632,7 @@ index 3927528..fc19971 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3036,13 +3047,15 @@ static __init int hardware_setup(void) +@@ -3036,13 +3048,15 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_apicv()) enable_apicv = 0; @@ -28628,18 +28652,26 @@ index 3927528..fc19971 100644 if (nested) nested_vmx_setup_ctls_msrs(); -@@ -4165,7 +4178,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4162,10 +4176,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) + u32 low32, high32; + unsigned long tmpl; + struct desc_ptr dt; ++ unsigned long cr4; vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ - vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ -+ +- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ +#ifndef CONFIG_PAX_PER_CPU_PGD vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ +#endif ++ ++ /* Save the most likely value for this task's CR4 in the VMCS. */ ++ cr4 = read_cr4(); ++ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ ++ vmx->host_state.vmcs_host_cr4 = cr4; vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -4187,7 +4203,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4187,7 +4208,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ vmx->host_idt_base = dt.address; @@ -28648,7 +28680,29 @@ index 3927528..fc19971 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -7265,6 +7281,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7186,7 +7207,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) + static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + { + struct vcpu_vmx *vmx = to_vmx(vcpu); +- unsigned long debugctlmsr; ++ unsigned long debugctlmsr, cr4; + + /* Record the guest's net vcpu time for enforced NMI injections. */ + if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) +@@ -7207,6 +7228,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) + vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); + ++ cr4 = read_cr4(); ++ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) { ++ vmcs_writel(HOST_CR4, cr4); ++ vmx->host_state.vmcs_host_cr4 = cr4; ++ } ++ + /* When single-stepping over STI and MOV SS, we must clear the + * corresponding interruptibility bits in the guest state. Otherwise + * vmentry fails as it then expects bit 14 (BS) in pending debug +@@ -7265,6 +7292,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -28661,7 +28715,7 @@ index 3927528..fc19971 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -7317,6 +7339,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7317,6 +7350,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -28673,7 +28727,7 @@ index 3927528..fc19971 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -7330,7 +7357,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7330,7 +7368,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -28682,7 +28736,7 @@ index 3927528..fc19971 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -7339,8 +7366,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7339,8 +7377,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -35880,7 +35934,7 @@ index 201d09a..e4723e5 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index c83da6f..a5f0379 100644 +index c83da6f..9d019b4 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) @@ -35892,7 +35946,7 @@ index c83da6f..a5f0379 100644 { if (val & _PAGE_PRESENT) { unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; -@@ -1903,6 +1903,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) +@@ -1903,8 +1903,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) /* L3_k[510] -> level2_kernel_pgt * L3_k[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); @@ -35901,8 +35955,11 @@ index c83da6f..a5f0379 100644 + convert_pfn_mfn(level3_vmemmap_pgt); /* L3_k[511][506] -> level1_fixmap_pgt */ ++ /* L3_k[511][507] -> level1_vsyscall_pgt */ convert_pfn_mfn(level2_fixmap_pgt); -@@ -1929,8 +1932,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) + } + /* We get [511][511] and have Xen's version of level2_kernel_pgt */ +@@ -1929,11 +1933,16 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); @@ -35915,7 +35972,11 @@ index c83da6f..a5f0379 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO); -@@ -2120,6 +2127,7 @@ static void __init xen_post_allocator_init(void) ++ set_page_prot(level1_vsyscall_pgt, PAGE_KERNEL_RO); + + /* Pin down new L4 */ + pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE, +@@ -2120,6 +2129,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -35923,7 +35984,7 @@ index c83da6f..a5f0379 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2198,6 +2206,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2198,6 +2208,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -38271,10 +38332,10 @@ index 929468e..efb12f0 100644 idr_destroy(&tconn->volumes); diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index c706d50..5e1b472 100644 +index 8c16c2f..3274b96 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c -@@ -3440,7 +3440,7 @@ out: +@@ -3446,7 +3446,7 @@ out: void drbd_bcast_event(struct drbd_conf *mdev, const struct sib_info *sib) { @@ -38283,7 +38344,7 @@ index c706d50..5e1b472 100644 struct sk_buff *msg; struct drbd_genlmsghdr *d_out; unsigned seq; -@@ -3453,7 +3453,7 @@ void drbd_bcast_event(struct drbd_conf *mdev, const struct sib_info *sib) +@@ -3459,7 +3459,7 @@ void drbd_bcast_event(struct drbd_conf *mdev, const struct sib_info *sib) return; } @@ -44736,10 +44797,10 @@ index a46124e..caf0bd55 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 18cda77..c5d72c7 100644 +index 4913c06..663bb94 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) +@@ -1711,6 +1711,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) return 1; } @@ -44750,7 +44811,7 @@ index 18cda77..c5d72c7 100644 static int grow_stripes(struct r5conf *conf, int num) { struct kmem_cache *sc; -@@ -1718,7 +1722,11 @@ static int grow_stripes(struct r5conf *conf, int num) +@@ -1722,7 +1726,11 @@ static int grow_stripes(struct r5conf *conf, int num) "raid%d-%s", conf->level, mdname(conf->mddev)); else sprintf(conf->cache_name[0], @@ -44762,7 +44823,7 @@ index 18cda77..c5d72c7 100644 sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]); conf->active_name = 0; -@@ -1991,21 +1999,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1995,21 +2003,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -44788,7 +44849,7 @@ index 18cda77..c5d72c7 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -2033,7 +2041,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -2037,7 +2045,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -47084,6 +47145,26 @@ index 13f9636..228040f 100644 }; static void bna_attr_init(struct bna_ioceth *ioceth) +diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c +index 669eeb4..1566ef0 100644 +--- a/drivers/net/ethernet/brocade/bna/bnad.c ++++ b/drivers/net/ethernet/brocade/bna/bnad.c +@@ -552,6 +552,7 @@ bnad_cq_setup_skb_frags(struct bna_rcb *rcb, struct sk_buff *skb, + + len = (vec == nvecs) ? + last_fraglen : unmap->vector.len; ++ skb->truesize += unmap->vector.len; + totlen += len; + + skb_fill_page_desc(skb, skb_shinfo(skb)->nr_frags, +@@ -563,7 +564,6 @@ bnad_cq_setup_skb_frags(struct bna_rcb *rcb, struct sk_buff *skb, + + skb->len += totlen; + skb->data_len += totlen; +- skb->truesize += totlen; + } + + static inline void diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index 8cffcdf..aadf043 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -47197,6 +47278,20 @@ index 5184e2a..acb28c3 100644 smp_mb(); /* need lock to prevent incorrect read while modifying cyclecounter */ +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +index dff0977..6df4b1d 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +@@ -1270,6 +1270,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) + struct ixgbe_hw *hw = &adapter->hw; + u32 regval; + ++ if (vf >= adapter->num_vfs) ++ return -EINVAL; ++ + adapter->vfinfo[vf].spoofchk_enabled = setting; + + regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c index 089b713..28d87ae 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -47389,10 +47484,10 @@ index bf0d55e..82bcfbd1 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 7f1abb7..6434b33 100644 +index fbf7dcd..ad71499 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c -@@ -992,13 +992,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -993,13 +993,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -47415,7 +47510,7 @@ index 7f1abb7..6434b33 100644 return rtnl_link_register(ops); }; -@@ -1052,7 +1054,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -1053,7 +1055,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -47425,10 +47520,10 @@ index 7f1abb7..6434b33 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 3381c4f..dea5fd5 100644 +index 0c6adaa..0784e3f 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -47437,7 +47532,7 @@ index 3381c4f..dea5fd5 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1188,7 +1188,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -47447,9 +47542,18 @@ index 3381c4f..dea5fd5 100644 }; diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 72ff14b..11d442d 100644 +index 72ff14b..e860630 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c +@@ -601,7 +601,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + if (file == ppp->owner) + ppp_shutdown_interface(ppp); + } +- if (atomic_long_read(&file->f_count) <= 2) { ++ if (atomic_long_read(&file->f_count) < 2) { + ppp_release(NULL, file); + err = 0; + } else @@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; struct ppp_stats stats; @@ -47482,7 +47586,7 @@ index 1252d9c..80e660b 100644 /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index 26d8c29..bbc6837 100644 +index 979fe43..1f1230c 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -2874,7 +2874,7 @@ static int team_device_event(struct notifier_block *unused, @@ -47657,9 +47761,58 @@ index 841b608..198a8b7 100644 #define VIRTNET_DRIVER_VERSION "1.0.0" diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 40ad25d..8703023 100644 +index 9b40532..e3294ac 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c +@@ -1447,9 +1447,6 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb) + if (!in6_dev) + goto out; + +- if (!pskb_may_pull(skb, skb->len)) +- goto out; +- + iphdr = ipv6_hdr(skb); + saddr = &iphdr->saddr; + daddr = &iphdr->daddr; +@@ -1770,6 +1767,8 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, + struct pcpu_sw_netstats *tx_stats, *rx_stats; + union vxlan_addr loopback; + union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip; ++ struct net_device *dev = skb->dev; ++ int len = skb->len; + + tx_stats = this_cpu_ptr(src_vxlan->dev->tstats); + rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats); +@@ -1793,16 +1792,16 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, + + u64_stats_update_begin(&tx_stats->syncp); + tx_stats->tx_packets++; +- tx_stats->tx_bytes += skb->len; ++ tx_stats->tx_bytes += len; + u64_stats_update_end(&tx_stats->syncp); + + if (netif_rx(skb) == NET_RX_SUCCESS) { + u64_stats_update_begin(&rx_stats->syncp); + rx_stats->rx_packets++; +- rx_stats->rx_bytes += skb->len; ++ rx_stats->rx_bytes += len; + u64_stats_update_end(&rx_stats->syncp); + } else { +- skb->dev->stats.rx_dropped++; ++ dev->stats.rx_dropped++; + } + } + +@@ -1977,7 +1976,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) + return arp_reduce(dev, skb); + #if IS_ENABLED(CONFIG_IPV6) + else if (ntohs(eth->h_proto) == ETH_P_IPV6 && +- skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) && ++ pskb_may_pull(skb, sizeof(struct ipv6hdr) ++ + sizeof(struct nd_msg)) && + ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { + struct nd_msg *msg; + @@ -2846,7 +2846,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -53185,7 +53338,7 @@ index 2518c32..1c201bb 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 263612c..dbc0f3d 100644 +index 445d62a..e0657a3 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -53196,7 +53349,7 @@ index 263612c..dbc0f3d 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4549,6 +4550,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4551,6 +4552,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -58515,10 +58668,22 @@ index ff286f3..8153a14 100644 .attrs = attrs, }; diff --git a/fs/buffer.c b/fs/buffer.c -index 71e2d0e..8673b7b 100644 +index 71e2d0e..7e40912 100644 --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -3430,7 +3430,7 @@ void __init buffer_init(void) +@@ -2313,6 +2313,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping, + err = 0; + + balance_dirty_pages_ratelimited(mapping); ++ ++ if (unlikely(fatal_signal_pending(current))) { ++ err = -EINTR; ++ goto out; ++ } + } + + /* page covers the boundary, find the boundary offset */ +@@ -3430,7 +3435,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -58717,6 +58882,19 @@ index 5e0982a..ca18377 100644 int err; u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; +diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c +index dc66c9e..5fa0c34 100644 +--- a/fs/ceph/ioctl.c ++++ b/fs/ceph/ioctl.c +@@ -42,7 +42,7 @@ static long __validate_layout(struct ceph_mds_client *mdsc, + /* validate striping parameters */ + if ((l->object_size & ~PAGE_MASK) || + (l->stripe_unit & ~PAGE_MASK) || +- (l->stripe_unit != 0 && ++ ((unsigned)l->stripe_unit != 0 && + ((unsigned)l->object_size % (unsigned)l->stripe_unit))) + return -EINVAL; + diff --git a/fs/ceph/super.c b/fs/ceph/super.c index 10a4ccb..92dbc5e 100644 --- a/fs/ceph/super.c @@ -58817,10 +58995,10 @@ index 7c6b73c..a8f0db2 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index f15d435..0f61ef5 100644 +index 5d12d69..161d0ce 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -801,35 +801,35 @@ struct cifs_tcon { +@@ -803,35 +803,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -58880,7 +59058,7 @@ index f15d435..0f61ef5 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1165,7 +1165,7 @@ convert_delimiter(char *path, char delim) +@@ -1167,7 +1167,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -58889,7 +59067,7 @@ index f15d435..0f61ef5 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1531,8 +1531,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1533,8 +1533,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -58901,7 +59079,7 @@ index f15d435..0f61ef5 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 8175b18..9525542 100644 +index d375322..88c3ead 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, @@ -58945,18 +59123,9 @@ index 3b0c62e..f7d090c 100644 } diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index d1fdfa8..186defc 100644 +index e9ad8d3..6395e45 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c -@@ -586,7 +586,7 @@ cifs_query_path_info(const unsigned int xid, struct cifs_tcon *tcon, - tmprc = CIFS_open(xid, &oparms, &oplock, NULL); - if (tmprc == -EOPNOTSUPP) - *symlink = true; -- else -+ else if (tmprc == 0) - CIFSSMBClose(xid, tcon, fid.netfid); - } - @@ -626,27 +626,27 @@ static void cifs_clear_stats(struct cifs_tcon *tcon) { @@ -59062,21 +59231,8 @@ index d1fdfa8..186defc 100644 #endif } -diff --git a/fs/cifs/smb2maperror.c b/fs/cifs/smb2maperror.c -index e31a9df..1007867 100644 ---- a/fs/cifs/smb2maperror.c -+++ b/fs/cifs/smb2maperror.c -@@ -256,6 +256,8 @@ static const struct status_to_posix_error smb2_error_map_table[] = { - {STATUS_DLL_MIGHT_BE_INCOMPATIBLE, -EIO, - "STATUS_DLL_MIGHT_BE_INCOMPATIBLE"}, - {STATUS_STOPPED_ON_SYMLINK, -EOPNOTSUPP, "STATUS_STOPPED_ON_SYMLINK"}, -+ {STATUS_IO_REPARSE_TAG_NOT_HANDLED, -EOPNOTSUPP, -+ "STATUS_REPARSE_NOT_HANDLED"}, - {STATUS_DEVICE_REQUIRES_CLEANING, -EIO, - "STATUS_DEVICE_REQUIRES_CLEANING"}, - {STATUS_DEVICE_DOOR_OPEN, -EIO, "STATUS_DEVICE_DOOR_OPEN"}, diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index f8977b2..bb38079 100644 +index 34a17d4..9ca186f 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) @@ -59197,7 +59353,7 @@ index f8977b2..bb38079 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 9aab8fe..2bd5f3b 100644 +index 3487929..47a6ebf2 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -2100,8 +2100,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, @@ -59774,10 +59930,10 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 31e46b1..88754df 100644 +index ea4449d..cb8ebd8 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,8 +55,20 @@ +@@ -56,8 +56,20 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> @@ -59798,7 +59954,7 @@ index 31e46b1..88754df 100644 #include <asm/mmu_context.h> #include <asm/tlb.h> -@@ -65,19 +77,34 @@ +@@ -66,19 +78,34 @@ #include <trace/events/sched.h> @@ -59835,7 +59991,7 @@ index 31e46b1..88754df 100644 write_unlock(&binfmt_lock); } -@@ -86,7 +113,7 @@ EXPORT_SYMBOL(__register_binfmt); +@@ -87,7 +114,7 @@ EXPORT_SYMBOL(__register_binfmt); void unregister_binfmt(struct linux_binfmt * fmt) { write_lock(&binfmt_lock); @@ -59844,7 +60000,7 @@ index 31e46b1..88754df 100644 write_unlock(&binfmt_lock); } -@@ -180,18 +207,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -181,18 +208,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -59866,7 +60022,7 @@ index 31e46b1..88754df 100644 return NULL; if (write) { -@@ -207,6 +226,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -208,6 +227,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -59884,7 +60040,7 @@ index 31e46b1..88754df 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -266,6 +296,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -267,6 +297,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_SOFTDIRTY | VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -59896,7 +60052,7 @@ index 31e46b1..88754df 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -276,6 +311,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -277,6 +312,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -59909,7 +60065,7 @@ index 31e46b1..88754df 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -396,7 +437,7 @@ struct user_arg_ptr { +@@ -397,7 +438,7 @@ struct user_arg_ptr { } ptr; }; @@ -59918,7 +60074,7 @@ index 31e46b1..88754df 100644 { const char __user *native; -@@ -405,14 +446,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -406,14 +447,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -59935,7 +60091,7 @@ index 31e46b1..88754df 100644 return native; } -@@ -431,7 +472,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -432,7 +473,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -59944,7 +60100,7 @@ index 31e46b1..88754df 100644 return -EFAULT; if (i >= max) -@@ -466,7 +507,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -467,7 +508,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -59953,7 +60109,7 @@ index 31e46b1..88754df 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -548,7 +589,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -549,7 +590,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -59962,7 +60118,7 @@ index 31e46b1..88754df 100644 }; set_fs(KERNEL_DS); -@@ -583,7 +624,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -584,7 +625,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -59972,7 +60128,7 @@ index 31e46b1..88754df 100644 /* * ensure there are no vmas between where we want to go -@@ -592,6 +634,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -593,6 +635,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -59983,7 +60139,7 @@ index 31e46b1..88754df 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -672,10 +718,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -673,10 +719,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -59994,7 +60150,7 @@ index 31e46b1..88754df 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -687,8 +729,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -688,8 +730,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -60023,7 +60179,7 @@ index 31e46b1..88754df 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -707,13 +769,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -708,13 +770,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -60037,7 +60193,7 @@ index 31e46b1..88754df 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -737,6 +792,27 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -738,6 +793,27 @@ int setup_arg_pages(struct linux_binprm *bprm, #endif current->mm->start_stack = bprm->p; ret = expand_stack(vma, stack_base); @@ -60065,7 +60221,7 @@ index 31e46b1..88754df 100644 if (ret) ret = -EFAULT; -@@ -772,6 +848,8 @@ static struct file *do_open_exec(struct filename *name) +@@ -773,6 +849,8 @@ static struct file *do_open_exec(struct filename *name) fsnotify_open(file); @@ -60074,7 +60230,7 @@ index 31e46b1..88754df 100644 err = deny_write_access(file); if (err) goto exit; -@@ -801,7 +879,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -802,7 +880,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -60083,15 +60239,15 @@ index 31e46b1..88754df 100644 set_fs(old_fs); return result; } -@@ -846,6 +924,7 @@ static int exec_mmap(struct mm_struct *mm) +@@ -847,6 +925,7 @@ static int exec_mmap(struct mm_struct *mm) tsk->mm = mm; tsk->active_mm = mm; activate_mm(active_mm, mm); + populate_stack(); + tsk->mm->vmacache_seqnum = 0; + vmacache_flush(tsk); task_unlock(tsk); - if (old_mm) { - up_read(&old_mm->mmap_sem); -@@ -1258,7 +1337,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) +@@ -1261,7 +1340,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -60100,7 +60256,7 @@ index 31e46b1..88754df 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; else p->fs->in_exec = 1; -@@ -1434,6 +1513,31 @@ static int exec_binprm(struct linux_binprm *bprm) +@@ -1437,6 +1516,31 @@ static int exec_binprm(struct linux_binprm *bprm) return ret; } @@ -60132,7 +60288,7 @@ index 31e46b1..88754df 100644 /* * sys_execve() executes a new program. */ -@@ -1441,6 +1545,11 @@ static int do_execve_common(struct filename *filename, +@@ -1444,6 +1548,11 @@ static int do_execve_common(struct filename *filename, struct user_arg_ptr argv, struct user_arg_ptr envp) { @@ -60144,7 +60300,7 @@ index 31e46b1..88754df 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1449,6 +1558,8 @@ static int do_execve_common(struct filename *filename, +@@ -1452,6 +1561,8 @@ static int do_execve_common(struct filename *filename, if (IS_ERR(filename)) return PTR_ERR(filename); @@ -60153,7 +60309,7 @@ index 31e46b1..88754df 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1486,11 +1597,21 @@ static int do_execve_common(struct filename *filename, +@@ -1489,11 +1600,21 @@ static int do_execve_common(struct filename *filename, if (IS_ERR(file)) goto out_unmark; @@ -60175,7 +60331,7 @@ index 31e46b1..88754df 100644 retval = bprm_mm_init(bprm); if (retval) goto out_unmark; -@@ -1507,24 +1628,70 @@ static int do_execve_common(struct filename *filename, +@@ -1510,24 +1631,70 @@ static int do_execve_common(struct filename *filename, if (retval < 0) goto out; @@ -60250,7 +60406,7 @@ index 31e46b1..88754df 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1535,6 +1702,14 @@ static int do_execve_common(struct filename *filename, +@@ -1538,6 +1705,14 @@ static int do_execve_common(struct filename *filename, put_files_struct(displaced); return retval; @@ -60265,7 +60421,7 @@ index 31e46b1..88754df 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1626,3 +1801,312 @@ asmlinkage long compat_sys_execve(const char __user * filename, +@@ -1629,3 +1804,312 @@ asmlinkage long compat_sys_execve(const char __user * filename, return compat_do_execve(getname(filename), argv, envp); } #endif @@ -62564,7 +62720,7 @@ index fe649d3..c679164 100644 __putname(s); } diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index d19b30a..ef89c36 100644 +index a4a8ed5..9e017c0 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -152,6 +152,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, @@ -63492,7 +63648,7 @@ index dd2f2c5..27e6c48 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 75536db..5cda729 100644 +index 75536db..7ec079e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1369,6 +1369,9 @@ static int do_umount(struct mount *mnt, int flags) @@ -63610,7 +63766,17 @@ index 75536db..5cda729 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -3060,7 +3084,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -2829,6 +2853,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, + /* make sure we can reach put_old from new_root */ + if (!is_path_reachable(old_mnt, old.dentry, &new)) + goto out4; ++ /* make certain new is below the root */ ++ if (!is_path_reachable(new_mnt, new.dentry, &root)) ++ goto out4; + root_mp->m_count++; /* pin it so it won't go away */ + lock_mount_hash(); + detach_mnt(new_mnt, &parent_path); +@@ -3060,7 +3087,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -63876,6 +64042,23 @@ index 287a22c..4e56e4e 100644 group->fanotify_data.f_flags = event_f_flags; #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS oevent->response = 0; +diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c +index 43ab1e1..9c8187e 100644 +--- a/fs/notify/inotify/inotify_fsnotify.c ++++ b/fs/notify/inotify/inotify_fsnotify.c +@@ -165,8 +165,10 @@ static void inotify_free_group_priv(struct fsnotify_group *group) + /* ideally the idr is empty and we won't hit the BUG in the callback */ + idr_for_each(&group->inotify_data.idr, idr_callback, group); + idr_destroy(&group->inotify_data.idr); +- atomic_dec(&group->inotify_data.user->inotify_devs); +- free_uid(group->inotify_data.user); ++ if (group->inotify_data.user) { ++ atomic_dec(&group->inotify_data.user->inotify_devs); ++ free_uid(group->inotify_data.user); ++ } + } + + static void inotify_free_event(struct fsnotify_event *fsn_event) diff --git a/fs/notify/notification.c b/fs/notify/notification.c index 1e58402..bb2d6f4 100644 --- a/fs/notify/notification.c @@ -65888,10 +66071,10 @@ index 6f599c6..bd00271 100644 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 8f78819..ba6c272 100644 +index c4b2646..84f0d7b 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c -@@ -12,12 +12,19 @@ +@@ -13,12 +13,19 @@ #include <linux/swap.h> #include <linux/swapops.h> #include <linux/mmu_notifier.h> @@ -65911,7 +66094,7 @@ index 8f78819..ba6c272 100644 void task_mem(struct seq_file *m, struct mm_struct *mm) { unsigned long data, text, lib, swap; -@@ -53,8 +60,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) +@@ -54,8 +61,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) "VmExe:\t%8lu kB\n" "VmLib:\t%8lu kB\n" "VmPTE:\t%8lu kB\n" @@ -65927,7 +66110,7 @@ index 8f78819..ba6c272 100644 total_vm << (PAGE_SHIFT-10), mm->locked_vm << (PAGE_SHIFT-10), mm->pinned_vm << (PAGE_SHIFT-10), -@@ -64,7 +76,19 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) +@@ -65,7 +77,19 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) mm->stack_vm << (PAGE_SHIFT-10), text, lib, (PTRS_PER_PTE * sizeof(pte_t) * atomic_long_read(&mm->nr_ptes)) >> 10, @@ -65948,7 +66131,7 @@ index 8f78819..ba6c272 100644 } unsigned long task_vsize(struct mm_struct *mm) -@@ -270,13 +294,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -271,13 +295,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; } @@ -65967,7 +66150,7 @@ index 8f78819..ba6c272 100644 seq_setwidth(m, 25 + sizeof(void *) * 6 - 1); seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ", -@@ -286,7 +310,11 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -287,7 +311,11 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) flags & VM_WRITE ? 'w' : '-', flags & VM_EXEC ? 'x' : '-', flags & VM_MAYSHARE ? 's' : 'p', @@ -65979,7 +66162,7 @@ index 8f78819..ba6c272 100644 MAJOR(dev), MINOR(dev), ino); /* -@@ -295,7 +323,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -296,7 +324,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) */ if (file) { seq_pad(m, ' '); @@ -65988,7 +66171,7 @@ index 8f78819..ba6c272 100644 goto done; } -@@ -321,8 +349,9 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -322,8 +350,9 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) * Thread stack in /proc/PID/task/TID/maps or * the main process stack. */ @@ -66000,7 +66183,7 @@ index 8f78819..ba6c272 100644 name = "[stack]"; } else { /* Thread stack in /proc/PID/maps */ -@@ -346,6 +375,13 @@ static int show_map(struct seq_file *m, void *v, int is_pid) +@@ -347,6 +376,13 @@ static int show_map(struct seq_file *m, void *v, int is_pid) struct proc_maps_private *priv = m->private; struct task_struct *task = priv->task; @@ -66014,7 +66197,7 @@ index 8f78819..ba6c272 100644 show_map_vma(m, vma, is_pid); if (m->count < m->size) /* vma is copied successfully */ -@@ -586,12 +622,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -587,12 +623,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) .private = &mss, }; @@ -66043,7 +66226,7 @@ index 8f78819..ba6c272 100644 show_map_vma(m, vma, is_pid); seq_printf(m, -@@ -609,7 +656,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -610,7 +657,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) "KernelPageSize: %8lu kB\n" "MMUPageSize: %8lu kB\n" "Locked: %8lu kB\n", @@ -66055,7 +66238,7 @@ index 8f78819..ba6c272 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1387,6 +1438,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1388,6 +1439,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) char buffer[64]; int nid; @@ -66069,7 +66252,7 @@ index 8f78819..ba6c272 100644 if (!mm) return 0; -@@ -1404,11 +1462,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1405,11 +1463,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), pol); mpol_cond_put(pol); @@ -66736,6 +66919,19 @@ index ae0c3ce..9ee641c 100644 generic_fillattr(inode, stat); return 0; +diff --git a/fs/super.c b/fs/super.c +index 7624267..88a6bc6 100644 +--- a/fs/super.c ++++ b/fs/super.c +@@ -81,6 +81,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink, + inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid); + dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid); + total_objects = dentries + inodes + fs_objects + 1; ++ if (!total_objects) ++ total_objects = 1; + + /* proportion the scan between the caches */ + dentries = mult_frac(sc->nr_to_scan, dentries, total_objects); diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index ee0d761..b346c58 100644 --- a/fs/sysfs/dir.c @@ -66810,7 +67006,7 @@ index e18b988..f1d4ad0f 100644 int err; diff --git a/fs/udf/inode.c b/fs/udf/inode.c -index 982ce05..c693331 100644 +index 287cd5f..c693331 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -51,7 +51,6 @@ MODULE_LICENSE("GPL"); @@ -66821,18 +67017,7 @@ index 982ce05..c693331 100644 static int udf_sync_inode(struct inode *inode); static int udf_alloc_i_data(struct inode *inode, size_t size); static sector_t inode_getblk(struct inode *, sector_t, int *, int *); -@@ -1271,13 +1270,25 @@ update_time: - return 0; - } - -+/* -+ * Maximum length of linked list formed by ICB hierarchy. The chosen number is -+ * arbitrary - just that we hopefully don't limit any real use of rewritten -+ * inode on write-once media but avoid looping for too long on corrupted media. -+ */ -+#define UDF_MAX_ICB_NESTING 1024 -+ - static void __udf_read_inode(struct inode *inode) +@@ -1282,8 +1281,11 @@ static void __udf_read_inode(struct inode *inode) { struct buffer_head *bh = NULL; struct fileEntry *fe; @@ -66841,13 +67026,10 @@ index 982ce05..c693331 100644 struct udf_inode_info *iinfo = UDF_I(inode); + struct udf_sb_info *sbi = UDF_SB(inode->i_sb); + unsigned int link_count; -+ unsigned int indirections = 0; + unsigned int indirections = 0; -+reread: - /* - * Set defaults, but the inode is still incomplete! - * Note: get_new_inode() sets the following on a new inode: -@@ -1307,6 +1318,7 @@ static void __udf_read_inode(struct inode *inode) + reread: +@@ -1316,6 +1318,7 @@ reread: } fe = (struct fileEntry *)bh->b_data; @@ -66855,48 +67037,7 @@ index 982ce05..c693331 100644 if (fe->icbTag.strategyType == cpu_to_le16(4096)) { struct buffer_head *ibh; -@@ -1314,28 +1326,26 @@ static void __udf_read_inode(struct inode *inode) - ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1, - &ident); - if (ident == TAG_IDENT_IE && ibh) { -- struct buffer_head *nbh = NULL; - struct kernel_lb_addr loc; - struct indirectEntry *ie; - - ie = (struct indirectEntry *)ibh->b_data; - loc = lelb_to_cpu(ie->indirectICB.extLocation); - -- if (ie->indirectICB.extLength && -- (nbh = udf_read_ptagged(inode->i_sb, &loc, 0, -- &ident))) { -- if (ident == TAG_IDENT_FE || -- ident == TAG_IDENT_EFE) { -- memcpy(&iinfo->i_location, -- &loc, -- sizeof(struct kernel_lb_addr)); -- brelse(bh); -- brelse(ibh); -- brelse(nbh); -- __udf_read_inode(inode); -+ if (ie->indirectICB.extLength) { -+ brelse(bh); -+ brelse(ibh); -+ memcpy(&iinfo->i_location, &loc, -+ sizeof(struct kernel_lb_addr)); -+ if (++indirections > UDF_MAX_ICB_NESTING) { -+ udf_err(inode->i_sb, -+ "too many ICBs in ICB hierarchy" -+ " (max %d supported)\n", -+ UDF_MAX_ICB_NESTING); -+ make_bad_inode(inode); - return; - } -- brelse(nbh); -+ goto reread; - } - } - brelse(ibh); -@@ -1346,22 +1356,6 @@ static void __udf_read_inode(struct inode *inode) +@@ -1353,22 +1356,6 @@ reread: make_bad_inode(inode); return; } @@ -66919,7 +67060,7 @@ index 982ce05..c693331 100644 if (fe->icbTag.strategyType == cpu_to_le16(4)) iinfo->i_strat4096 = 0; else /* if (fe->icbTag.strategyType == cpu_to_le16(4096)) */ -@@ -1551,6 +1545,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) +@@ -1558,6 +1545,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) } else make_bad_inode(inode); } @@ -66927,7 +67068,7 @@ index 982ce05..c693331 100644 } static int udf_alloc_i_data(struct inode *inode, size_t size) -@@ -1664,7 +1659,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) +@@ -1671,7 +1659,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) FE_PERM_U_DELETE | FE_PERM_U_CHATTR)); fe->permissions = cpu_to_le32(udfperms); @@ -67194,10 +67335,10 @@ index 78e62cc..eec3706 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..27cec32 +index 0000000..cdaa3ef --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1166 @@ +@@ -0,0 +1,1168 @@ +# +# grecurity configuration +# @@ -68138,6 +68279,8 @@ index 0000000..27cec32 + If you say Y here, neither TCP resets nor ICMP + destination-unreachable packets will be sent in response to packets + sent to ports for which no associated listening process exists. ++ It will also prevent the sending of ICMP protocol unreachable packets ++ in response to packets with unknown protocols. + This feature supports both IPV4 and IPV6 and exempts the + loopback interface from blackholing. Enabling this feature + makes a host more resilient to DoS attacks and reduces network @@ -81693,10 +81836,10 @@ index 0ceb389..eed3fb8 100644 void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, u32 offset, struct device_node *); diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h -index 1f44466..b481806 100644 +index c367cbd..c9b79e6 100644 --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h -@@ -292,20 +292,20 @@ extern unsigned long preset_lpj; +@@ -280,20 +280,20 @@ extern unsigned long preset_lpj; /* * Convert various time units to each other: */ @@ -82345,7 +82488,7 @@ index c1b7414..5ea2ad8 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 290901a..e99b01c 100644 +index 2b58d19..6378966 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -307,7 +307,9 @@ struct vm_area_struct { @@ -83503,10 +83646,10 @@ index a964f72..b475afb 100644 } diff --git a/include/linux/sched.h b/include/linux/sched.h -index ccd0c6f..84d9030 100644 +index d7ca410..8b39a0c 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -129,6 +129,7 @@ struct fs_struct; +@@ -133,6 +133,7 @@ struct fs_struct; struct perf_event_context; struct blk_plug; struct filename; @@ -83514,7 +83657,7 @@ index ccd0c6f..84d9030 100644 /* * List of flags we want to share for kernel threads, -@@ -369,7 +370,7 @@ extern char __sched_text_start[], __sched_text_end[]; +@@ -373,7 +374,7 @@ extern char __sched_text_start[], __sched_text_end[]; extern int in_sched_functions(unsigned long addr); #define MAX_SCHEDULE_TIMEOUT LONG_MAX @@ -83523,7 +83666,7 @@ index ccd0c6f..84d9030 100644 extern signed long schedule_timeout_interruptible(signed long timeout); extern signed long schedule_timeout_killable(signed long timeout); extern signed long schedule_timeout_uninterruptible(signed long timeout); -@@ -380,6 +381,19 @@ struct nsproxy; +@@ -384,6 +385,19 @@ struct nsproxy; struct user_namespace; #ifdef CONFIG_MMU @@ -83543,7 +83686,7 @@ index ccd0c6f..84d9030 100644 extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -677,6 +691,17 @@ struct signal_struct { +@@ -681,6 +695,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -83561,7 +83704,7 @@ index ccd0c6f..84d9030 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; unsigned audit_tty_log_passwd; -@@ -703,7 +728,7 @@ struct signal_struct { +@@ -707,7 +732,7 @@ struct signal_struct { struct mutex cred_guard_mutex; /* guard against foreign influences on * credential calculations * (notably. ptrace) */ @@ -83570,7 +83713,7 @@ index ccd0c6f..84d9030 100644 /* * Bits in flags field of signal_struct. -@@ -757,6 +782,14 @@ struct user_struct { +@@ -761,6 +786,14 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif @@ -83585,7 +83728,7 @@ index ccd0c6f..84d9030 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; kuid_t uid; -@@ -764,7 +797,7 @@ struct user_struct { +@@ -768,7 +801,7 @@ struct user_struct { #ifdef CONFIG_PERF_EVENTS atomic_long_t locked_vm; #endif @@ -83594,7 +83737,7 @@ index ccd0c6f..84d9030 100644 extern int uids_sysfs_init(void); -@@ -1164,6 +1197,9 @@ enum perf_event_task_context { +@@ -1168,6 +1201,9 @@ enum perf_event_task_context { struct task_struct { volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ void *stack; @@ -83604,7 +83747,7 @@ index ccd0c6f..84d9030 100644 atomic_t usage; unsigned int flags; /* per process flags, defined below */ unsigned int ptrace; -@@ -1286,8 +1322,8 @@ struct task_struct { +@@ -1293,8 +1329,8 @@ struct task_struct { struct list_head thread_node; struct completion *vfork_done; /* for vfork() */ @@ -83615,7 +83758,7 @@ index ccd0c6f..84d9030 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1312,11 +1348,6 @@ struct task_struct { +@@ -1319,11 +1355,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -83627,7 +83770,7 @@ index ccd0c6f..84d9030 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1333,6 +1364,10 @@ struct task_struct { +@@ -1340,6 +1371,10 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -83638,7 +83781,7 @@ index ccd0c6f..84d9030 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1409,6 +1444,10 @@ struct task_struct { +@@ -1416,6 +1451,10 @@ struct task_struct { gfp_t lockdep_reclaim_gfp; #endif @@ -83649,7 +83792,7 @@ index ccd0c6f..84d9030 100644 /* journalling filesystem info */ void *journal_info; -@@ -1447,6 +1486,10 @@ struct task_struct { +@@ -1454,6 +1493,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -83660,7 +83803,7 @@ index ccd0c6f..84d9030 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1581,7 +1624,78 @@ struct task_struct { +@@ -1588,7 +1631,78 @@ struct task_struct { unsigned int sequential_io; unsigned int sequential_io_avg; #endif @@ -83740,7 +83883,7 @@ index ccd0c6f..84d9030 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -1658,7 +1772,7 @@ struct pid_namespace; +@@ -1665,7 +1779,7 @@ struct pid_namespace; pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, struct pid_namespace *ns); @@ -83749,7 +83892,7 @@ index ccd0c6f..84d9030 100644 { return tsk->pid; } -@@ -2006,6 +2120,25 @@ extern u64 sched_clock_cpu(int cpu); +@@ -2013,6 +2127,25 @@ extern u64 sched_clock_cpu(int cpu); extern void sched_clock_init(void); @@ -83775,7 +83918,7 @@ index ccd0c6f..84d9030 100644 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK static inline void sched_clock_tick(void) { -@@ -2130,7 +2263,9 @@ void yield(void); +@@ -2137,7 +2270,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -83785,7 +83928,7 @@ index ccd0c6f..84d9030 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2163,6 +2298,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2170,6 +2305,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -83793,7 +83936,7 @@ index ccd0c6f..84d9030 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2325,7 +2461,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2332,7 +2468,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -83802,7 +83945,7 @@ index ccd0c6f..84d9030 100644 extern int allow_signal(int); extern int disallow_signal(int); -@@ -2526,9 +2662,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2533,9 +2669,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -83923,7 +84066,7 @@ index 1e2cd2e..0288750 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 15ede6a..80161c3 100644 +index ad8f859..e93b2e4 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -662,7 +662,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, @@ -83962,7 +84105,7 @@ index 15ede6a..80161c3 100644 struct iovec *to, int size); int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, int hlen, struct iovec *iov); -@@ -2721,6 +2721,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2722,6 +2722,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -85037,13 +85180,13 @@ index 734d9b5..48a9a4b 100644 return; } diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h -index c55aeed..b3393f4 100644 +index cf92728..9236ee6 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h -@@ -62,7 +62,7 @@ struct inet_connection_sock_af_ops { - void (*addr2sockaddr)(struct sock *sk, struct sockaddr *); +@@ -63,7 +63,7 @@ struct inet_connection_sock_af_ops { int (*bind_conflict)(const struct sock *sk, const struct inet_bind_bucket *tb, bool relax); + void (*mtu_reduced)(struct sock *sk); -}; +} __do_const; @@ -85534,7 +85677,7 @@ index 0dfcc92..7967849 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index 2f7bc43..530dadc 100644 +index f66b2b1..5233aa0 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -348,7 +348,7 @@ struct sock { @@ -85546,7 +85689,7 @@ index 2f7bc43..530dadc 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1036,7 +1036,7 @@ struct proto { +@@ -1035,7 +1035,7 @@ struct proto { void (*destroy_cgroup)(struct mem_cgroup *memcg); struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg); #endif @@ -85555,7 +85698,7 @@ index 2f7bc43..530dadc 100644 /* * Bits in struct cg_proto.flags -@@ -1223,7 +1223,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) +@@ -1222,7 +1222,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) return ret >> PAGE_SHIFT; } @@ -85564,7 +85707,7 @@ index 2f7bc43..530dadc 100644 sk_memory_allocated(const struct sock *sk) { struct proto *prot = sk->sk_prot; -@@ -1368,7 +1368,7 @@ struct sock_iocb { +@@ -1367,7 +1367,7 @@ struct sock_iocb { struct scm_cookie *scm; struct msghdr *msg, async_msg; struct kiocb *kiocb; @@ -85573,7 +85716,7 @@ index 2f7bc43..530dadc 100644 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) { -@@ -1830,7 +1830,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1829,7 +1829,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -85582,7 +85725,7 @@ index 2f7bc43..530dadc 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2092,7 +2092,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2091,7 +2091,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -85592,10 +85735,10 @@ index 2f7bc43..530dadc 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index 743acce..44a58b0 100644 +index 1f0d847..613237a 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -541,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk); +@@ -542,7 +542,7 @@ void tcp_retransmit_timer(struct sock *sk); void tcp_xmit_retransmit_queue(struct sock *); void tcp_simple_retransmit(struct sock *); int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -85604,7 +85747,7 @@ index 743acce..44a58b0 100644 void tcp_send_probe0(struct sock *); void tcp_send_partial(struct sock *); -@@ -710,8 +710,8 @@ struct tcp_skb_cb { +@@ -711,8 +711,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -85615,7 +85758,7 @@ index 743acce..44a58b0 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -725,7 +725,7 @@ struct tcp_skb_cb { +@@ -728,7 +728,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -86185,7 +86328,7 @@ index 30f5362..8ed8ac9 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 93c5ef0..ac92caa 100644 +index 8b9521a..8a3cc34 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1079,6 +1079,7 @@ endif # CGROUPS @@ -86196,7 +86339,7 @@ index 93c5ef0..ac92caa 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1545,7 +1546,7 @@ config SLUB_DEBUG +@@ -1546,7 +1547,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -86205,7 +86348,7 @@ index 93c5ef0..ac92caa 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1833,7 +1834,7 @@ config INIT_ALL_POSSIBLE +@@ -1834,7 +1835,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -87543,10 +87686,10 @@ index e0573a4..20fb164 100644 /** diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c -index 334b398..9145fb1 100644 +index 8865cae..3530a18 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c -@@ -123,7 +123,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock); +@@ -124,7 +124,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock); */ static atomic_t masters_in_kgdb; static atomic_t slaves_in_kgdb; @@ -87555,7 +87698,7 @@ index 334b398..9145fb1 100644 atomic_t kgdb_setting_breakpoint; struct task_struct *kgdb_usethread; -@@ -133,7 +133,7 @@ int kgdb_single_step; +@@ -134,7 +134,7 @@ int kgdb_single_step; static pid_t kgdb_sstep_pid; /* to keep track of the CPU which is doing the single stepping*/ @@ -87564,7 +87707,7 @@ index 334b398..9145fb1 100644 /* * If you are debugging a problem where roundup (the collection of -@@ -541,7 +541,7 @@ return_normal: +@@ -549,7 +549,7 @@ return_normal: * kernel will only try for the value of sstep_tries before * giving up and continuing on. */ @@ -87573,7 +87716,7 @@ index 334b398..9145fb1 100644 (kgdb_info[cpu].task && kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) { atomic_set(&kgdb_active, -1); -@@ -639,8 +639,8 @@ cpu_master_loop: +@@ -647,8 +647,8 @@ cpu_master_loop: } kgdb_restore: @@ -87584,7 +87727,7 @@ index 334b398..9145fb1 100644 if (kgdb_info[sstep_cpu].task) kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid; else -@@ -917,18 +917,18 @@ static void kgdb_unregister_callbacks(void) +@@ -925,18 +925,18 @@ static void kgdb_unregister_callbacks(void) static void kgdb_tasklet_bpt(unsigned long ing) { kgdb_breakpoint(); @@ -87629,7 +87772,7 @@ index 0b097c8..11dd5c5 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 3a140ca..6624485 100644 +index 4ced342f..6624485 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu; @@ -87759,18 +87902,6 @@ index 3a140ca..6624485 100644 &parent_event->child_total_time_running); /* -@@ -7836,8 +7848,10 @@ int perf_event_init_task(struct task_struct *child) - - for_each_task_context_nr(ctxn) { - ret = perf_event_init_context(child, ctxn); -- if (ret) -+ if (ret) { -+ perf_event_free_task(child); - return ret; -+ } - } - - return 0; diff --git a/kernel/events/internal.h b/kernel/events/internal.h index 569b2187..19940d9 100644 --- a/kernel/events/internal.h @@ -87889,10 +88020,10 @@ index 81b3d67..ef189a4 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index c44bff8..7361260 100644 +index e2c6853..9a6397e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -180,6 +180,48 @@ void thread_info_cache_init(void) +@@ -182,6 +182,48 @@ void thread_info_cache_init(void) # endif #endif @@ -87941,7 +88072,7 @@ index c44bff8..7361260 100644 /* SLAB cache for signal_struct structures (tsk->signal) */ static struct kmem_cache *signal_cachep; -@@ -198,18 +240,22 @@ struct kmem_cache *vm_area_cachep; +@@ -200,18 +242,22 @@ struct kmem_cache *vm_area_cachep; /* SLAB cache for mm_struct structures (tsk->mm) */ static struct kmem_cache *mm_cachep; @@ -87967,7 +88098,7 @@ index c44bff8..7361260 100644 rt_mutex_debug_task_free(tsk); ftrace_graph_exit_task(tsk); put_seccomp_filter(tsk); -@@ -295,6 +341,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -297,6 +343,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) struct task_struct *tsk; struct thread_info *ti; unsigned long *stackend; @@ -87975,7 +88106,7 @@ index c44bff8..7361260 100644 int node = tsk_fork_get_node(orig); int err; -@@ -302,7 +349,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -304,7 +351,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) if (!tsk) return NULL; @@ -87984,7 +88115,7 @@ index c44bff8..7361260 100644 if (!ti) goto free_tsk; -@@ -311,6 +358,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -313,6 +360,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) goto free_ti; tsk->stack = ti; @@ -87994,7 +88125,7 @@ index c44bff8..7361260 100644 setup_thread_stack(tsk, orig); clear_user_return_notifier(tsk); -@@ -319,7 +369,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -321,7 +371,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -88003,7 +88134,7 @@ index c44bff8..7361260 100644 #endif /* -@@ -333,24 +383,92 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -335,24 +385,92 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) tsk->splice_pipe = NULL; tsk->task_frag.page = NULL; @@ -88100,7 +88231,7 @@ index c44bff8..7361260 100644 uprobe_start_dup_mmap(); down_write(&oldmm->mmap_sem); -@@ -379,55 +497,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -381,55 +499,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -88160,7 +88291,7 @@ index c44bff8..7361260 100644 } /* -@@ -459,6 +537,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -461,6 +539,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -88192,7 +88323,7 @@ index c44bff8..7361260 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -468,14 +571,6 @@ out: +@@ -470,14 +573,6 @@ out: up_write(&oldmm->mmap_sem); uprobe_end_dup_mmap(); return retval; @@ -88207,7 +88338,7 @@ index c44bff8..7361260 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -689,8 +784,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -691,8 +786,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -88218,7 +88349,7 @@ index c44bff8..7361260 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -906,13 +1001,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -911,13 +1006,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -88240,7 +88371,7 @@ index c44bff8..7361260 100644 return 0; } -@@ -1130,7 +1232,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid) +@@ -1135,7 +1237,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid) * parts of the process environment (as per the clone * flags). The actual kick-off is left to the caller. */ @@ -88249,7 +88380,7 @@ index c44bff8..7361260 100644 unsigned long stack_start, unsigned long stack_size, int __user *child_tidptr, -@@ -1202,6 +1304,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1207,6 +1309,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -88259,16 +88390,7 @@ index c44bff8..7361260 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (p->real_cred->user != INIT_USER && -@@ -1323,7 +1428,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, - goto bad_fork_cleanup_policy; - retval = audit_alloc(p); - if (retval) -- goto bad_fork_cleanup_policy; -+ goto bad_fork_cleanup_perf; - /* copy all the process information */ - retval = copy_semundo(clone_flags, p); - if (retval) -@@ -1449,6 +1554,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1454,6 +1559,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -88280,18 +88402,7 @@ index c44bff8..7361260 100644 if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); -@@ -1522,8 +1632,9 @@ bad_fork_cleanup_semundo: - exit_sem(p); - bad_fork_cleanup_audit: - audit_free(p); --bad_fork_cleanup_policy: -+bad_fork_cleanup_perf: - perf_event_free_task(p); -+bad_fork_cleanup_policy: - #ifdef CONFIG_NUMA - mpol_put(p->mempolicy); - bad_fork_cleanup_cgroup: -@@ -1539,6 +1650,8 @@ bad_fork_cleanup_count: +@@ -1545,6 +1655,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -88300,7 +88411,7 @@ index c44bff8..7361260 100644 return ERR_PTR(retval); } -@@ -1600,6 +1713,7 @@ long do_fork(unsigned long clone_flags, +@@ -1606,6 +1718,7 @@ long do_fork(unsigned long clone_flags, p = copy_process(clone_flags, stack_start, stack_size, child_tidptr, NULL, trace); @@ -88308,7 +88419,7 @@ index c44bff8..7361260 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1616,6 +1730,8 @@ long do_fork(unsigned long clone_flags, +@@ -1622,6 +1735,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -88317,7 +88428,7 @@ index c44bff8..7361260 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1734,7 +1850,7 @@ void __init proc_caches_init(void) +@@ -1740,7 +1855,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -88326,7 +88437,7 @@ index c44bff8..7361260 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1774,7 +1890,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1780,7 +1895,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -88335,7 +88446,7 @@ index c44bff8..7361260 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1881,7 +1997,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1887,7 +2002,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -88346,7 +88457,7 @@ index c44bff8..7361260 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 0b0dc02..4730710 100644 +index 0b0dc02..5f3eb62 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -88375,7 +88486,16 @@ index 0b0dc02..4730710 100644 static const struct futex_q futex_q_init = { /* list gets initialized in queue_me()*/ -@@ -380,6 +381,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -329,6 +330,8 @@ static void get_futex_key_refs(union futex_key *key) + case FUT_OFF_MMSHARED: + futex_get_mm(key); /* implies MB (B) */ + break; ++ default: ++ smp_mb(); /* explicit MB (B) */ + } + } + +@@ -380,6 +383,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -88387,7 +88507,7 @@ index 0b0dc02..4730710 100644 /* * The futex address must be "naturally" aligned. */ -@@ -579,7 +585,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, +@@ -579,7 +587,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, static int get_futex_value_locked(u32 *dest, u32 __user *from) { @@ -88396,7 +88516,7 @@ index 0b0dc02..4730710 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -3020,6 +3026,7 @@ static void __init futex_detect_cmpxchg(void) +@@ -3020,6 +3028,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; @@ -88404,7 +88524,7 @@ index 0b0dc02..4730710 100644 /* * This will fail and we want it. Some arch implementations do -@@ -3031,8 +3038,11 @@ static void __init futex_detect_cmpxchg(void) +@@ -3031,8 +3040,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -89207,7 +89327,7 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index 6716a1f..9ddc1e1 100644 +index 6716a1f..acc7443 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -89402,7 +89522,17 @@ index 6716a1f..9ddc1e1 100644 set_memory_ro); } } -@@ -1862,16 +1881,19 @@ static void free_module(struct module *mod) +@@ -1841,7 +1860,9 @@ static void free_module(struct module *mod) + + /* We leave it in list to prevent duplicate loads, but make sure + * that noone uses it while it's being deconstructed. */ ++ mutex_lock(&module_mutex); + mod->state = MODULE_STATE_UNFORMED; ++ mutex_unlock(&module_mutex); + + /* Remove dynamic debug info */ + ddebug_remove_module(mod->name); +@@ -1862,16 +1883,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -89425,7 +89555,7 @@ index 6716a1f..9ddc1e1 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1940,9 +1962,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1940,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -89457,7 +89587,7 @@ index 6716a1f..9ddc1e1 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1963,7 +2007,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1963,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -89467,7 +89597,7 @@ index 6716a1f..9ddc1e1 100644 break; } -@@ -1982,11 +2028,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1982,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -89488,7 +89618,7 @@ index 6716a1f..9ddc1e1 100644 return ret; } -@@ -2070,22 +2125,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2070,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -89515,7 +89645,7 @@ index 6716a1f..9ddc1e1 100644 } pr_debug("Init section allocation order:\n"); -@@ -2099,23 +2144,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2099,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -89544,7 +89674,7 @@ index 6716a1f..9ddc1e1 100644 } } -@@ -2288,7 +2323,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2288,7 +2325,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -89553,7 +89683,7 @@ index 6716a1f..9ddc1e1 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2305,13 +2340,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2305,13 +2342,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -89571,7 +89701,7 @@ index 6716a1f..9ddc1e1 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2329,12 +2364,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2329,12 +2366,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -89588,7 +89718,7 @@ index 6716a1f..9ddc1e1 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2346,6 +2383,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2346,6 +2385,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -89597,7 +89727,7 @@ index 6716a1f..9ddc1e1 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2379,17 +2418,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2379,17 +2420,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -89636,7 +89766,7 @@ index 6716a1f..9ddc1e1 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2646,7 +2701,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2646,7 +2703,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) mod = (void *)info->sechdrs[info->index.mod].sh_addr; if (info->index.sym == 0) { @@ -89652,7 +89782,7 @@ index 6716a1f..9ddc1e1 100644 return ERR_PTR(-ENOEXEC); } -@@ -2662,8 +2725,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2662,8 +2727,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -89667,7 +89797,7 @@ index 6716a1f..9ddc1e1 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2688,7 +2757,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2688,7 +2759,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -89676,7 +89806,7 @@ index 6716a1f..9ddc1e1 100644 return 0; } -@@ -2782,7 +2851,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2782,7 +2853,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -89685,7 +89815,7 @@ index 6716a1f..9ddc1e1 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2792,11 +2861,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2792,11 +2863,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -89701,7 +89831,7 @@ index 6716a1f..9ddc1e1 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2805,13 +2874,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2805,13 +2876,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -89751,7 +89881,7 @@ index 6716a1f..9ddc1e1 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2822,16 +2923,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2822,16 +2925,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -89804,7 +89934,7 @@ index 6716a1f..9ddc1e1 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2888,12 +3018,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2888,12 +3020,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -89823,7 +89953,7 @@ index 6716a1f..9ddc1e1 100644 set_fs(old_fs); } -@@ -2950,8 +3080,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) +@@ -2950,8 +3082,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -89836,7 +89966,7 @@ index 6716a1f..9ddc1e1 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2964,7 +3096,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2964,7 +3098,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -89846,7 +89976,7 @@ index 6716a1f..9ddc1e1 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3018,16 +3152,16 @@ static int do_init_module(struct module *mod) +@@ -3018,16 +3154,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -89871,7 +90001,7 @@ index 6716a1f..9ddc1e1 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3088,11 +3222,12 @@ static int do_init_module(struct module *mod) +@@ -3088,11 +3224,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -89889,7 +90019,7 @@ index 6716a1f..9ddc1e1 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3235,9 +3370,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3235,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -89928,7 +90058,7 @@ index 6716a1f..9ddc1e1 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3253,13 +3417,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3253,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -89942,7 +90072,7 @@ index 6716a1f..9ddc1e1 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ -@@ -3297,11 +3454,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3297,11 +3456,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -89955,7 +90085,7 @@ index 6716a1f..9ddc1e1 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3384,10 +3540,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3384,10 +3542,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -89975,7 +90105,7 @@ index 6716a1f..9ddc1e1 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3638,7 +3800,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3638,7 +3802,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -89984,7 +90114,7 @@ index 6716a1f..9ddc1e1 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3647,7 +3809,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3647,7 +3811,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -89993,7 +90123,7 @@ index 6716a1f..9ddc1e1 100644 /* Taints info */ if (mod->taints) -@@ -3683,7 +3845,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3683,7 +3847,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -90011,7 +90141,7 @@ index 6716a1f..9ddc1e1 100644 return 0; } module_init(proc_modules_init); -@@ -3744,14 +3916,14 @@ struct module *__module_address(unsigned long addr) +@@ -3744,14 +3918,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -90029,7 +90159,7 @@ index 6716a1f..9ddc1e1 100644 return mod; } return NULL; -@@ -3786,11 +3958,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3786,11 +3960,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -92314,7 +92444,7 @@ index 13d2f7c..c93d0b0 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index 7c7964c..2a0d412 100644 +index 3c49ab4..00a3aea 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -172,6 +172,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -92597,7 +92727,7 @@ index e3be87e..7480b36 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 773aba8..0e70660 100644 +index 774a080..7fa60b1 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -94054,24 +94184,10 @@ index 09d9591..165bb75 100644 bdi_destroy(bdi); return err; diff --git a/mm/filemap.c b/mm/filemap.c -index 7a13f6a..e31738b 100644 +index c2cc7c9..50ef696 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -192,9 +192,11 @@ static int filemap_check_errors(struct address_space *mapping) - { - int ret = 0; - /* Check for outstanding write errors */ -- if (test_and_clear_bit(AS_ENOSPC, &mapping->flags)) -+ if (test_bit(AS_ENOSPC, &mapping->flags) && -+ test_and_clear_bit(AS_ENOSPC, &mapping->flags)) - ret = -ENOSPC; -- if (test_and_clear_bit(AS_EIO, &mapping->flags)) -+ if (test_bit(AS_EIO, &mapping->flags) && -+ test_and_clear_bit(AS_EIO, &mapping->flags)) - ret = -EIO; - return ret; - } -@@ -1766,7 +1768,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1768,7 +1768,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -94080,7 +94196,7 @@ index 7a13f6a..e31738b 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -1948,7 +1950,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, +@@ -1950,7 +1950,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, while (bytes) { char __user *buf = iov->iov_base + base; @@ -94089,7 +94205,7 @@ index 7a13f6a..e31738b 100644 base = 0; left = __copy_from_user_inatomic(vaddr, buf, copy); -@@ -1977,7 +1979,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, +@@ -1979,7 +1979,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, BUG_ON(!in_atomic()); kaddr = kmap_atomic(page); if (likely(i->nr_segs == 1)) { @@ -94098,7 +94214,7 @@ index 7a13f6a..e31738b 100644 char __user *buf = i->iov->iov_base + i->iov_offset; left = __copy_from_user_inatomic(kaddr + offset, buf, bytes); copied = bytes - left; -@@ -2005,7 +2007,7 @@ size_t iov_iter_copy_from_user(struct page *page, +@@ -2007,7 +2007,7 @@ size_t iov_iter_copy_from_user(struct page *page, kaddr = kmap(page); if (likely(i->nr_segs == 1)) { @@ -94107,7 +94223,7 @@ index 7a13f6a..e31738b 100644 char __user *buf = i->iov->iov_base + i->iov_offset; left = __copy_from_user(kaddr + offset, buf, bytes); copied = bytes - left; -@@ -2035,7 +2037,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) +@@ -2037,7 +2037,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) * zero-length segments (without overruning the iovec). */ while (bytes || unlikely(i->count && !iov->iov_len)) { @@ -94116,7 +94232,7 @@ index 7a13f6a..e31738b 100644 copy = min(bytes, iov->iov_len - base); BUG_ON(!i->count || i->count < copy); -@@ -2106,6 +2108,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2108,6 +2108,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -94168,43 +94284,19 @@ index b32b70c..e512eb0 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); -diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 1c42d0c..2a99426 100644 ---- a/mm/huge_memory.c -+++ b/mm/huge_memory.c -@@ -1824,6 +1824,11 @@ static int __split_huge_page_map(struct page *page, - for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { - pte_t *pte, entry; - BUG_ON(PageCompound(page+i)); -+ /* -+ * Note that pmd_numa is not transferred deliberately -+ * to avoid any possibility that pte_numa leaks to -+ * a PROT_NONE VMA by accident. -+ */ - entry = mk_pte(page + i, vma->vm_page_prot); - entry = maybe_mkwrite(pte_mkdirty(entry), vma); - if (!pmd_write(*pmd)) -@@ -1832,8 +1837,6 @@ static int __split_huge_page_map(struct page *page, - BUG_ON(page_mapcount(page) != 1); - if (!pmd_young(*pmd)) - entry = pte_mkold(entry); -- if (pmd_numa(*pmd)) -- entry = pte_mknuma(entry); - pte = pte_offset_map(&_pmd, haddr); - BUG_ON(!pte_none(*pte)); - set_pte_at(mm, haddr, pte, entry); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 923f38e..74e159a 100644 +index 67d0c17..b22c193 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2070,15 +2070,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2070,6 +2070,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, struct hstate *h = &default_hstate; unsigned long tmp; int ret; + ctl_table_no_const hugetlb_table; - tmp = h->max_huge_pages; - + if (!hugepages_supported()) + return -ENOTSUPP; +@@ -2079,9 +2080,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, if (write && h->order >= MAX_ORDER) return -EINVAL; @@ -94218,14 +94310,15 @@ index 923f38e..74e159a 100644 if (ret) goto out; -@@ -2123,15 +2125,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2126,6 +2128,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, struct hstate *h = &default_hstate; unsigned long tmp; int ret; + ctl_table_no_const hugetlb_table; - tmp = h->nr_overcommit_huge_pages; - + if (!hugepages_supported()) + return -ENOTSUPP; +@@ -2135,9 +2138,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, if (write && h->order >= MAX_ORDER) return -EINVAL; @@ -94239,7 +94332,7 @@ index 923f38e..74e159a 100644 if (ret) goto out; -@@ -2616,6 +2620,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2629,6 +2633,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -94267,7 +94360,7 @@ index 923f38e..74e159a 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2732,6 +2757,11 @@ retry_avoidcopy: +@@ -2745,6 +2770,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -94279,7 +94372,7 @@ index 923f38e..74e159a 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2896,6 +2926,10 @@ retry: +@@ -2909,6 +2939,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -94290,7 +94383,7 @@ index 923f38e..74e159a 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); -@@ -2926,6 +2960,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2939,6 +2973,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -94301,7 +94394,7 @@ index 923f38e..74e159a 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2939,6 +2977,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2952,6 +2990,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -95299,7 +95392,7 @@ index 492e36f..3771c0a 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 15a8ea0..cb50389 100644 +index 796c7e6..3e6ec8a 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -95375,23 +95468,10 @@ index 15a8ea0..cb50389 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index bed4880..95c4b9f 100644 +index 13f47fb..95c4b9f 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -148,8 +148,11 @@ static int remove_migration_pte(struct page *new, struct vm_area_struct *vma, - pte = pte_mkold(mk_pte(new, vma->vm_page_prot)); - if (pte_swp_soft_dirty(*ptep)) - pte = pte_mksoft_dirty(pte); -+ -+ /* Recheck VMA as permissions can change since migration started */ - if (is_write_migration_entry(entry)) -- pte = pte_mkwrite(pte); -+ pte = maybe_mkwrite(pte, vma); -+ - #ifdef CONFIG_HUGETLB_PAGE - if (PageHuge(new)) { - pte = pte_mkhuge(pte); -@@ -1485,8 +1488,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1488,8 +1488,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -95477,10 +95557,10 @@ index b1eb536..091d154 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 20ff0c3..005dc47 100644 +index dfe90657..3892436 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -36,6 +36,7 @@ +@@ -37,6 +37,7 @@ #include <linux/sched/sysctl.h> #include <linux/notifier.h> #include <linux/memory.h> @@ -95488,7 +95568,7 @@ index 20ff0c3..005dc47 100644 #include <asm/uaccess.h> #include <asm/cacheflush.h> -@@ -52,6 +53,16 @@ +@@ -53,6 +54,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -95505,7 +95585,7 @@ index 20ff0c3..005dc47 100644 static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, unsigned long start, unsigned long end); -@@ -71,16 +82,25 @@ static void unmap_region(struct mm_struct *mm, +@@ -72,16 +83,25 @@ static void unmap_region(struct mm_struct *mm, * x: (no) no x: (no) yes x: (no) yes x: (yes) yes * */ @@ -95534,7 +95614,7 @@ index 20ff0c3..005dc47 100644 } EXPORT_SYMBOL(vm_get_page_prot); -@@ -90,6 +110,7 @@ unsigned long sysctl_overcommit_kbytes __read_mostly; +@@ -91,6 +111,7 @@ unsigned long sysctl_overcommit_kbytes __read_mostly; int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */ unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */ @@ -95542,7 +95622,7 @@ index 20ff0c3..005dc47 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -246,6 +267,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -247,6 +268,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; might_sleep(); @@ -95550,7 +95630,7 @@ index 20ff0c3..005dc47 100644 if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) -@@ -290,6 +312,12 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) +@@ -291,6 +313,12 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) * not page aligned -Ram Gupta */ rlim = rlimit(RLIMIT_DATA); @@ -95563,7 +95643,7 @@ index 20ff0c3..005dc47 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -940,6 +968,12 @@ static int +@@ -942,6 +970,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -95576,7 +95656,7 @@ index 20ff0c3..005dc47 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -959,6 +993,12 @@ static int +@@ -961,6 +995,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -95589,7 +95669,7 @@ index 20ff0c3..005dc47 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -1001,13 +1041,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -1003,13 +1043,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -95611,7 +95691,7 @@ index 20ff0c3..005dc47 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -1023,6 +1070,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1025,6 +1072,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -95627,7 +95707,7 @@ index 20ff0c3..005dc47 100644 /* * Can it merge with the predecessor? */ -@@ -1042,9 +1098,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1044,9 +1100,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -95653,7 +95733,7 @@ index 20ff0c3..005dc47 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -1058,12 +1129,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1060,12 +1131,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -95683,7 +95763,7 @@ index 20ff0c3..005dc47 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -1172,8 +1258,10 @@ none: +@@ -1174,8 +1260,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -95696,7 +95776,7 @@ index 20ff0c3..005dc47 100644 mm->total_vm += pages; -@@ -1181,7 +1269,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, +@@ -1183,7 +1271,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, mm->shared_vm += pages; if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) mm->exec_vm += pages; @@ -95705,7 +95785,7 @@ index 20ff0c3..005dc47 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1211,6 +1299,7 @@ static inline int mlock_future_check(struct mm_struct *mm, +@@ -1213,6 +1301,7 @@ static inline int mlock_future_check(struct mm_struct *mm, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -95713,7 +95793,7 @@ index 20ff0c3..005dc47 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1237,7 +1326,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1239,7 +1328,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -95722,7 +95802,7 @@ index 20ff0c3..005dc47 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1263,7 +1352,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1265,7 +1354,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -95731,7 +95811,7 @@ index 20ff0c3..005dc47 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1274,6 +1363,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1276,6 +1365,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -95775,7 +95855,7 @@ index 20ff0c3..005dc47 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1361,6 +1487,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1363,6 +1489,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags |= VM_NORESERVE; } @@ -95785,7 +95865,7 @@ index 20ff0c3..005dc47 100644 addr = mmap_region(file, addr, len, vm_flags, pgoff); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || -@@ -1454,7 +1583,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1456,7 +1585,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -95794,7 +95874,7 @@ index 20ff0c3..005dc47 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1500,7 +1629,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1502,7 +1631,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, struct rb_node **rb_link, *rb_parent; unsigned long charged = 0; @@ -95817,7 +95897,7 @@ index 20ff0c3..005dc47 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) { unsigned long nr_pages; -@@ -1519,11 +1663,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1521,11 +1665,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, /* Clear old maps */ error = -ENOMEM; @@ -95830,7 +95910,7 @@ index 20ff0c3..005dc47 100644 } /* -@@ -1554,6 +1697,16 @@ munmap_back: +@@ -1556,6 +1699,16 @@ munmap_back: goto unacct_error; } @@ -95847,7 +95927,7 @@ index 20ff0c3..005dc47 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1573,6 +1726,13 @@ munmap_back: +@@ -1575,6 +1728,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -95861,7 +95941,7 @@ index 20ff0c3..005dc47 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1606,6 +1766,12 @@ munmap_back: +@@ -1608,6 +1768,12 @@ munmap_back: } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -95874,7 +95954,7 @@ index 20ff0c3..005dc47 100644 /* Once vma denies write, undo our temporary denial count */ if (vm_flags & VM_DENYWRITE) allow_write_access(file); -@@ -1614,6 +1780,7 @@ out: +@@ -1616,6 +1782,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -95882,7 +95962,7 @@ index 20ff0c3..005dc47 100644 if (vm_flags & VM_LOCKED) { if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))) -@@ -1646,6 +1813,12 @@ unmap_and_free_vma: +@@ -1648,6 +1815,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -95895,7 +95975,7 @@ index 20ff0c3..005dc47 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1653,7 +1826,63 @@ unacct_error: +@@ -1655,7 +1828,63 @@ unacct_error: return error; } @@ -95960,7 +96040,7 @@ index 20ff0c3..005dc47 100644 { /* * We implement the search by looking for an rbtree node that -@@ -1701,11 +1930,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) +@@ -1703,11 +1932,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) } } @@ -95991,7 +96071,7 @@ index 20ff0c3..005dc47 100644 if (gap_end >= low_limit && gap_end - gap_start >= length) goto found; -@@ -1755,7 +2002,7 @@ found: +@@ -1757,7 +2004,7 @@ found: return gap_start; } @@ -96000,7 +96080,7 @@ index 20ff0c3..005dc47 100644 { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; -@@ -1809,6 +2056,24 @@ check_current: +@@ -1811,6 +2058,24 @@ check_current: gap_end = vma->vm_start; if (gap_end < low_limit) return -ENOMEM; @@ -96025,7 +96105,7 @@ index 20ff0c3..005dc47 100644 if (gap_start <= high_limit && gap_end - gap_start >= length) goto found; -@@ -1872,6 +2137,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1874,6 +2139,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -96033,7 +96113,7 @@ index 20ff0c3..005dc47 100644 if (len > TASK_SIZE - mmap_min_addr) return -ENOMEM; -@@ -1879,11 +2145,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1881,11 +2147,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -96050,7 +96130,7 @@ index 20ff0c3..005dc47 100644 return addr; } -@@ -1892,6 +2162,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1894,6 +2164,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, info.low_limit = mm->mmap_base; info.high_limit = TASK_SIZE; info.align_mask = 0; @@ -96058,7 +96138,7 @@ index 20ff0c3..005dc47 100644 return vm_unmapped_area(&info); } #endif -@@ -1910,6 +2181,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1912,6 +2183,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -96066,7 +96146,7 @@ index 20ff0c3..005dc47 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE - mmap_min_addr) -@@ -1918,12 +2190,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1920,12 +2192,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -96084,7 +96164,7 @@ index 20ff0c3..005dc47 100644 return addr; } -@@ -1932,6 +2208,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1934,6 +2210,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.low_limit = max(PAGE_SIZE, mmap_min_addr); info.high_limit = mm->mmap_base; info.align_mask = 0; @@ -96092,7 +96172,7 @@ index 20ff0c3..005dc47 100644 addr = vm_unmapped_area(&info); /* -@@ -1944,6 +2221,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1946,6 +2223,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -96105,7 +96185,7 @@ index 20ff0c3..005dc47 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -2045,6 +2328,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -2046,6 +2329,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -96134,7 +96214,7 @@ index 20ff0c3..005dc47 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2061,6 +2366,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2062,6 +2367,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -96142,7 +96222,7 @@ index 20ff0c3..005dc47 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2071,6 +2377,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2072,6 +2378,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -96150,7 +96230,7 @@ index 20ff0c3..005dc47 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2100,37 +2407,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2101,37 +2408,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -96208,7 +96288,7 @@ index 20ff0c3..005dc47 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2165,6 +2483,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2166,6 +2484,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -96217,7 +96297,7 @@ index 20ff0c3..005dc47 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); -@@ -2179,6 +2499,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2180,6 +2500,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -96226,7 +96306,7 @@ index 20ff0c3..005dc47 100644 /* * We must make sure the anon_vma is allocated -@@ -2192,6 +2514,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2193,6 +2515,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -96242,7 +96322,7 @@ index 20ff0c3..005dc47 100644 vma_lock_anon_vma(vma); /* -@@ -2201,9 +2532,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2202,9 +2533,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -96261,7 +96341,7 @@ index 20ff0c3..005dc47 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2228,13 +2567,27 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2229,13 +2568,27 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -96289,7 +96369,7 @@ index 20ff0c3..005dc47 100644 khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); return error; -@@ -2332,6 +2685,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2333,6 +2686,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -96303,7 +96383,7 @@ index 20ff0c3..005dc47 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2376,6 +2736,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2377,6 +2737,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -96320,7 +96400,7 @@ index 20ff0c3..005dc47 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2401,14 +2771,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2404,14 +2774,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -96354,7 +96434,7 @@ index 20ff0c3..005dc47 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2421,6 +2810,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2424,6 +2813,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -96377,7 +96457,7 @@ index 20ff0c3..005dc47 100644 err = vma_dup_policy(vma, new); if (err) goto out_free_vma; -@@ -2440,6 +2845,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2443,6 +2848,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -96416,7 +96496,7 @@ index 20ff0c3..005dc47 100644 /* Success. */ if (!err) return 0; -@@ -2449,10 +2886,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2452,10 +2889,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -96436,7 +96516,7 @@ index 20ff0c3..005dc47 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2465,6 +2910,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2468,6 +2913,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -96452,7 +96532,7 @@ index 20ff0c3..005dc47 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2476,11 +2930,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2479,11 +2933,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -96483,7 +96563,7 @@ index 20ff0c3..005dc47 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2555,6 +3028,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2558,6 +3031,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -96492,7 +96572,7 @@ index 20ff0c3..005dc47 100644 return 0; } -@@ -2563,6 +3038,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2566,6 +3041,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -96506,7 +96586,7 @@ index 20ff0c3..005dc47 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2576,16 +3058,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2579,16 +3061,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -96523,7 +96603,7 @@ index 20ff0c3..005dc47 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2599,6 +3071,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2602,6 +3074,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -96531,7 +96611,7 @@ index 20ff0c3..005dc47 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2606,10 +3079,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2609,10 +3082,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -96556,7 +96636,7 @@ index 20ff0c3..005dc47 100644 error = mlock_future_check(mm, mm->def_flags, len); if (error) return error; -@@ -2623,21 +3110,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2626,21 +3113,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -96581,7 +96661,7 @@ index 20ff0c3..005dc47 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2651,7 +3137,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2654,7 +3140,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -96590,7 +96670,7 @@ index 20ff0c3..005dc47 100644 return -ENOMEM; } -@@ -2665,10 +3151,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2668,10 +3154,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -96604,7 +96684,7 @@ index 20ff0c3..005dc47 100644 return addr; } -@@ -2730,6 +3217,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2733,6 +3220,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -96612,7 +96692,7 @@ index 20ff0c3..005dc47 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2747,6 +3235,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2750,6 +3238,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -96626,7 +96706,7 @@ index 20ff0c3..005dc47 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2770,7 +3265,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2773,7 +3268,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -96648,7 +96728,7 @@ index 20ff0c3..005dc47 100644 return 0; } -@@ -2789,6 +3298,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2792,6 +3301,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; bool faulted_in_anon_vma = true; @@ -96657,7 +96737,7 @@ index 20ff0c3..005dc47 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2853,6 +3364,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2856,6 +3367,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -96697,7 +96777,7 @@ index 20ff0c3..005dc47 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2864,6 +3408,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2867,6 +3411,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -96705,7 +96785,7 @@ index 20ff0c3..005dc47 100644 if (cur + npages > lim) return 0; return 1; -@@ -2934,6 +3479,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2937,6 +3482,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -97068,10 +97148,10 @@ index 05f1180..c3cde48 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 8740213..f87e25b 100644 +index 3ee4f74..9f4fdd8 100644 --- a/mm/nommu.c +++ b/mm/nommu.c -@@ -65,7 +65,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; +@@ -66,7 +66,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS; unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */ unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */ @@ -97079,7 +97159,7 @@ index 8740213..f87e25b 100644 atomic_long_t mmap_pages_allocated; -@@ -845,15 +844,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -853,15 +852,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); /* @@ -97095,7 +97175,7 @@ index 8740213..f87e25b 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1564,6 +1554,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1572,6 +1562,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -97103,7 +97183,7 @@ index 8740213..f87e25b 100644 *region = *vma->vm_region; new->vm_region = region; -@@ -1993,8 +1984,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, +@@ -2001,8 +1992,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -97114,7 +97194,7 @@ index 8740213..f87e25b 100644 { struct vm_area_struct *vma; -@@ -2035,8 +2026,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -2043,8 +2034,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -97125,7 +97205,7 @@ index 8740213..f87e25b 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -2045,7 +2036,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -2053,7 +2044,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Access another process' address space. * - source/target buffer must be kernel space */ @@ -97148,7 +97228,7 @@ index 9f45f87..749bfd8 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 62e400d..2072e4e 100644 +index ff0f6b1..8a67124 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -97253,7 +97333,7 @@ index 62e400d..2072e4e 100644 } } -@@ -6605,4 +6645,4 @@ void dump_page(struct page *page, char *reason) +@@ -6606,4 +6646,4 @@ void dump_page(struct page *page, char *reason) { dump_page_badflags(page, reason, 0); } @@ -97513,7 +97593,7 @@ index f0d698b..7037c25 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index ea854eb..673c763 100644 +index 0b1c2a5..819c6bc 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -300,10 +300,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) @@ -98253,7 +98333,7 @@ index 4bf8809..98a6914 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 25f14ad..c904f6f 100644 +index 7611f14..dfe9298 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -207,7 +207,7 @@ struct track { @@ -98274,7 +98354,7 @@ index 25f14ad..c904f6f 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2666,6 +2666,14 @@ static __always_inline void slab_free(struct kmem_cache *s, +@@ -2664,6 +2664,14 @@ static __always_inline void slab_free(struct kmem_cache *s, slab_free_hook(s, x); @@ -98289,7 +98369,7 @@ index 25f14ad..c904f6f 100644 redo: /* * Determine the currently cpus per cpu slab. -@@ -2733,7 +2741,7 @@ static int slub_min_objects; +@@ -2731,7 +2739,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -98298,7 +98378,7 @@ index 25f14ad..c904f6f 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3014,6 +3022,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) +@@ -3012,6 +3020,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) s->inuse = size; if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) || @@ -98308,7 +98388,7 @@ index 25f14ad..c904f6f 100644 s->ctor)) { /* * Relocate free pointer after the object if it is not -@@ -3359,6 +3370,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3357,6 +3368,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -98368,7 +98448,7 @@ index 25f14ad..c904f6f 100644 size_t ksize(const void *object) { struct page *page; -@@ -3387,6 +3451,7 @@ void kfree(const void *x) +@@ -3385,6 +3449,7 @@ void kfree(const void *x) if (unlikely(ZERO_OR_NULL_PTR(x))) return; @@ -98376,7 +98456,7 @@ index 25f14ad..c904f6f 100644 page = virt_to_head_page(x); if (unlikely(!PageSlab(page))) { BUG_ON(!PageCompound(page)); -@@ -3692,7 +3757,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3690,7 +3755,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -98385,7 +98465,7 @@ index 25f14ad..c904f6f 100644 return 1; return 0; -@@ -3750,7 +3815,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, +@@ -3748,7 +3813,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, s = find_mergeable(memcg, size, align, flags, name, ctor); if (s) { @@ -98394,7 +98474,7 @@ index 25f14ad..c904f6f 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3759,7 +3824,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, +@@ -3757,7 +3822,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -98403,7 +98483,7 @@ index 25f14ad..c904f6f 100644 s = NULL; } } -@@ -3879,7 +3944,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -3877,7 +3942,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -98412,7 +98492,7 @@ index 25f14ad..c904f6f 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4163,7 +4228,11 @@ static int list_locations(struct kmem_cache *s, char *buf, +@@ -4161,7 +4226,11 @@ static int list_locations(struct kmem_cache *s, char *buf, len += sprintf(buf + len, "%7ld ", l->count); if (l->addr) @@ -98424,7 +98504,7 @@ index 25f14ad..c904f6f 100644 else len += sprintf(buf + len, "<not-available>"); -@@ -4268,12 +4337,12 @@ static void resiliency_test(void) +@@ -4266,12 +4335,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -98439,7 +98519,7 @@ index 25f14ad..c904f6f 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4513,13 +4582,17 @@ static ssize_t ctor_show(struct kmem_cache *s, char *buf) +@@ -4511,13 +4580,17 @@ static ssize_t ctor_show(struct kmem_cache *s, char *buf) { if (!s->ctor) return 0; @@ -98458,7 +98538,7 @@ index 25f14ad..c904f6f 100644 } SLAB_ATTR_RO(aliases); -@@ -4607,6 +4680,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) +@@ -4605,6 +4678,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) SLAB_ATTR_RO(cache_dma); #endif @@ -98473,7 +98553,7 @@ index 25f14ad..c904f6f 100644 static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf) { return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU)); -@@ -4941,6 +5022,9 @@ static struct attribute *slab_attrs[] = { +@@ -4939,6 +5020,9 @@ static struct attribute *slab_attrs[] = { #ifdef CONFIG_ZONE_DMA &cache_dma_attr.attr, #endif @@ -98483,7 +98563,7 @@ index 25f14ad..c904f6f 100644 #ifdef CONFIG_NUMA &remote_node_defrag_ratio_attr.attr, #endif -@@ -5173,6 +5257,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5171,6 +5255,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -98491,7 +98571,7 @@ index 25f14ad..c904f6f 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5230,6 +5315,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5228,6 +5313,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -98499,7 +98579,7 @@ index 25f14ad..c904f6f 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5243,6 +5329,7 @@ struct saved_alias { +@@ -5241,6 +5327,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -98507,7 +98587,7 @@ index 25f14ad..c904f6f 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5265,6 +5352,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5263,6 +5350,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -98572,10 +98652,10 @@ index 0092097..33361ff 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index 4a7f7e6..22cddf5 100644 +index beeeef8..1cb288b 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c -@@ -66,7 +66,7 @@ static DEFINE_MUTEX(swapon_mutex); +@@ -84,7 +84,7 @@ static DEFINE_MUTEX(swapon_mutex); static DECLARE_WAIT_QUEUE_HEAD(proc_poll_wait); /* Activity counter to indicate that a swapon or swapoff has occurred */ @@ -98584,7 +98664,7 @@ index 4a7f7e6..22cddf5 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1959,7 +1959,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1968,7 +1968,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) spin_unlock(&swap_lock); err = 0; @@ -98593,7 +98673,7 @@ index 4a7f7e6..22cddf5 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1976,8 +1976,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1985,8 +1985,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -98604,7 +98684,7 @@ index 4a7f7e6..22cddf5 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -2075,7 +2075,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -2084,7 +2084,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -98613,7 +98693,7 @@ index 4a7f7e6..22cddf5 100644 return 0; } -@@ -2534,7 +2534,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2544,7 +2544,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (frontswap_map) ? "FS" : ""); mutex_unlock(&swapon_mutex); @@ -99860,7 +99940,7 @@ index a16ed7b..eb44d17 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 37bddf7..c78c480 100644 +index 3ed11a5..c177c8f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -100214,7 +100294,7 @@ index 7c8ffd9..0cb3687 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index df9e6b1..6e68e4e 100644 +index 723fa7d..81bd037 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) @@ -100249,7 +100329,7 @@ index fdac61c..e5e5b46 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index aef1500..4b61acd 100644 +index b0db904..70b5ea2 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -100328,10 +100408,47 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 8f6391b..40bc442 100644 +index baf6fc4..783639a 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c -@@ -2003,7 +2003,7 @@ EXPORT_SYMBOL(__skb_checksum); +@@ -360,18 +360,29 @@ refill: + goto end; + } + nc->frag.size = PAGE_SIZE << order; +-recycle: +- atomic_set(&nc->frag.page->_count, NETDEV_PAGECNT_MAX_BIAS); ++ /* Even if we own the page, we do not use atomic_set(). ++ * This would break get_page_unless_zero() users. ++ */ ++ atomic_add(NETDEV_PAGECNT_MAX_BIAS - 1, ++ &nc->frag.page->_count); + nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS; + nc->frag.offset = 0; + } + + if (nc->frag.offset + fragsz > nc->frag.size) { +- /* avoid unnecessary locked operations if possible */ +- if ((atomic_read(&nc->frag.page->_count) == nc->pagecnt_bias) || +- atomic_sub_and_test(nc->pagecnt_bias, &nc->frag.page->_count)) +- goto recycle; +- goto refill; ++ if (atomic_read(&nc->frag.page->_count) != nc->pagecnt_bias) { ++ if (!atomic_sub_and_test(nc->pagecnt_bias, ++ &nc->frag.page->_count)) ++ goto refill; ++ /* OK, page count is 0, we can safely set it */ ++ atomic_set(&nc->frag.page->_count, ++ NETDEV_PAGECNT_MAX_BIAS); ++ } else { ++ atomic_add(NETDEV_PAGECNT_MAX_BIAS - nc->pagecnt_bias, ++ &nc->frag.page->_count); ++ } ++ nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS; ++ nc->frag.offset = 0; + } + + data = page_address(nc->frag.page) + nc->frag.offset; +@@ -2004,7 +2015,7 @@ EXPORT_SYMBOL(__skb_checksum); __wsum skb_checksum(const struct sk_buff *skb, int offset, int len, __wsum csum) { @@ -100340,7 +100457,7 @@ index 8f6391b..40bc442 100644 .update = csum_partial_ext, .combine = csum_block_add_ext, }; -@@ -3221,13 +3221,15 @@ void __init skb_init(void) +@@ -3225,13 +3236,15 @@ void __init skb_init(void) skbuff_head_cache = kmem_cache_create("skbuff_head_cache", sizeof(struct sk_buff), 0, @@ -100359,7 +100476,7 @@ index 8f6391b..40bc442 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index c806956..e5599ea 100644 +index c806956..b63d825 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -442,7 +442,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -100446,7 +100563,16 @@ index c806956..e5599ea 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2375,7 +2375,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -1731,6 +1731,8 @@ EXPORT_SYMBOL(sock_kmalloc); + */ + void sock_kfree_s(struct sock *sk, void *mem, int size) + { ++ if (WARN_ON_ONCE(!mem)) ++ return; + kfree(mem); + atomic_sub(size, &sk->sk_omem_alloc); + } +@@ -2375,7 +2377,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -100455,7 +100581,7 @@ index c806956..e5599ea 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2503,6 +2503,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) +@@ -2503,6 +2505,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level, int type) { @@ -100463,7 +100589,7 @@ index c806956..e5599ea 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2524,7 +2525,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, +@@ -2524,7 +2527,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -100791,6 +100917,27 @@ index 9d43468..ffa28cc 100644 return nh->nh_saddr; } +diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c +index 2d24f29..70fee98 100644 +--- a/net/ipv4/gre_offload.c ++++ b/net/ipv4/gre_offload.c +@@ -56,13 +56,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb, + + csum = !!(greh->flags & GRE_CSUM); + +- if (unlikely(!pskb_may_pull(skb, ghl))) +- goto out; +- + /* setup inner skb. */ + skb->protocol = greh->protocol; + skb->encapsulation = 0; + ++ if (unlikely(!pskb_may_pull(skb, ghl))) ++ goto out; ++ + __skb_pull(skb, ghl); + skb_reset_mac_header(skb); + skb_set_network_header(skb, skb_inner_network_offset(skb)); diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 0d1e2cb..4501a2c 100644 --- a/net/ipv4/inet_connection_sock.c @@ -100929,6 +101076,68 @@ index 94213c8..8bdb342 100644 .kind = "gretap", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, +diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c +index 3d4da2c..40f9c29 100644 +--- a/net/ipv4/ip_input.c ++++ b/net/ipv4/ip_input.c +@@ -147,6 +147,10 @@ + #include <linux/mroute.h> + #include <linux/netlink.h> + ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++extern int grsec_enable_blackhole; ++#endif ++ + /* + * Process Router Attention IP option (RFC 2113) + */ +@@ -223,6 +227,9 @@ static int ip_local_deliver_finish(struct sk_buff *skb) + if (!raw) { + if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { + IP_INC_STATS_BH(net, IPSTATS_MIB_INUNKNOWNPROTOS); ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) ++#endif + icmp_send(skb, ICMP_DEST_UNREACH, + ICMP_PROT_UNREACH, 0); + } +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index ed88d78..844323b 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -1487,6 +1487,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + struct sk_buff *nskb; + struct sock *sk; + struct inet_sock *inet; ++ int err; + + if (ip_options_echo(&replyopts.opt.opt, skb)) + return; +@@ -1525,8 +1526,13 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + sock_net_set(sk, net); + __skb_queue_head_init(&sk->sk_write_queue); + sk->sk_sndbuf = sysctl_wmem_default; +- ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0, +- &ipc, &rt, MSG_DONTWAIT); ++ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, ++ len, 0, &ipc, &rt, MSG_DONTWAIT); ++ if (unlikely(err)) { ++ ip_flush_pending_frames(sk); ++ goto out; ++ } ++ + nskb = skb_peek(&sk->sk_write_queue); + if (nskb) { + if (arg->csumoffset >= 0) +@@ -1538,7 +1544,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb)); + ip_push_pending_frames(sk, &fl4); + } +- ++out: + put_cpu_var(unicast_sock); + + ip_rt_put(rt); diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 580dd96..9fcef7e 100644 --- a/net/ipv4/ip_sockglue.c @@ -100952,6 +101161,24 @@ index 580dd96..9fcef7e 100644 msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c +index 65b664d..791a419 100644 +--- a/net/ipv4/ip_tunnel_core.c ++++ b/net/ipv4/ip_tunnel_core.c +@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto) + skb_pull_rcsum(skb, hdr_len); + + if (inner_proto == htons(ETH_P_TEB)) { +- struct ethhdr *eh = (struct ethhdr *)skb->data; ++ struct ethhdr *eh; + + if (unlikely(!pskb_may_pull(skb, ETH_HLEN))) + return -ENOMEM; + ++ eh = (struct ethhdr *)skb->data; + if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN)) + skb->protocol = eh->h_proto; + else diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e4a8f76..dd8ad72 100644 --- a/net/ipv4/ip_vti.c @@ -101265,7 +101492,7 @@ index 11c8d81..d67116b 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index ca5a01e..8c5cdb4 100644 +index 487bb62..bc101aa 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -234,7 +234,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -101507,7 +101734,7 @@ index 44eba05..b36864b 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 3898694..9bd1a03 100644 +index 2291791..7b62d2b 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -761,7 +761,7 @@ static void tcp_update_pacing_rate(struct sock *sk) @@ -101519,7 +101746,7 @@ index 3898694..9bd1a03 100644 sk->sk_max_pacing_rate); } -@@ -4484,7 +4484,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4482,7 +4482,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -101528,7 +101755,7 @@ index 3898694..9bd1a03 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5561,6 +5561,7 @@ discard: +@@ -5559,6 +5559,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -101536,7 +101763,7 @@ index 3898694..9bd1a03 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5611,6 +5612,7 @@ discard: +@@ -5609,6 +5610,7 @@ discard: goto discard; #endif } @@ -101544,7 +101771,7 @@ index 3898694..9bd1a03 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5657,7 +5659,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5655,7 +5657,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -101554,7 +101781,7 @@ index 3898694..9bd1a03 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 1e4eac7..a66fa4a 100644 +index a782d5b..28f0ae5 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -101568,7 +101795,7 @@ index 1e4eac7..a66fa4a 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1829,6 +1833,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1830,6 +1834,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -101578,7 +101805,7 @@ index 1e4eac7..a66fa4a 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1974,12 +1981,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1975,12 +1982,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -101601,7 +101828,7 @@ index 1e4eac7..a66fa4a 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -2033,6 +2047,10 @@ csum_error: +@@ -2034,6 +2048,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -101853,7 +102080,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 6c7fa08..7c5abd70 100644 +index 3f0ec06..495548c 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -101865,7 +102092,7 @@ index 6c7fa08..7c5abd70 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2395,7 +2395,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2390,7 +2390,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -101874,7 +102101,7 @@ index 6c7fa08..7c5abd70 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -3528,16 +3528,23 @@ static const struct file_operations if6_fops = { +@@ -3523,16 +3523,23 @@ static const struct file_operations if6_fops = { .release = seq_release_net, }; @@ -101899,7 +102126,7 @@ index 6c7fa08..7c5abd70 100644 } static struct pernet_operations if6_proc_net_ops = { -@@ -4146,7 +4153,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -4141,7 +4148,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -101908,7 +102135,7 @@ index 6c7fa08..7c5abd70 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4746,11 +4753,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, dev->ifindex, 1); @@ -101922,7 +102149,7 @@ index 6c7fa08..7c5abd70 100644 } dst_hold(&ifp->rt->dst); -@@ -4758,7 +4762,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -101931,7 +102158,7 @@ index 6c7fa08..7c5abd70 100644 rt_genid_bump_ipv6(net); } -@@ -4779,7 +4783,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101940,7 +102167,7 @@ index 6c7fa08..7c5abd70 100644 int ret; /* -@@ -4864,7 +4868,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101987,7 +102214,7 @@ index 7b32652..0bc348b 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index 2465d18..bc5bf7f 100644 +index cb57aa8..01c248e 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -71,7 +71,7 @@ struct ip6gre_net { @@ -102026,6 +102253,18 @@ index 2465d18..bc5bf7f 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c +index b2f0915..066db10 100644 +--- a/net/ipv6/ip6_offload.c ++++ b/net/ipv6/ip6_offload.c +@@ -46,6 +46,7 @@ static int ipv6_gso_pull_exthdrs(struct sk_buff *skb, int proto) + if (unlikely(!pskb_may_pull(skb, len))) + break; + ++ opth = (void *)skb->data; + proto = opth->nexthdr; + __skb_pull(skb, len); + } diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 9120339..cfdd84f 100644 --- a/net/ipv6/ip6_tunnel.c @@ -102378,7 +102617,7 @@ index 7cc1102..7785931 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index fe548ba..0dfa744 100644 +index b12b11b..13856f9 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -102390,6 +102629,29 @@ index fe548ba..0dfa744 100644 static int sit_net_id __read_mostly; struct sit_net { +@@ -484,11 +484,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev) + */ + static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) + { +- const struct iphdr *iph = (const struct iphdr *) skb->data; ++ int ihl = ((const struct iphdr *)skb->data)->ihl*4; + struct rt6_info *rt; + struct sk_buff *skb2; + +- if (!pskb_may_pull(skb, iph->ihl * 4 + sizeof(struct ipv6hdr) + 8)) ++ if (!pskb_may_pull(skb, ihl + sizeof(struct ipv6hdr) + 8)) + return 1; + + skb2 = skb_clone(skb, GFP_ATOMIC); +@@ -497,7 +497,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) + return 1; + + skb_dst_drop(skb2); +- skb_pull(skb2, iph->ihl * 4); ++ skb_pull(skb2, ihl); + skb_reset_network_header(skb2); + + rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0); @@ -1683,7 +1683,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) unregister_netdevice_queue(dev, head); } @@ -102413,7 +102675,7 @@ index 7f405a1..eabef92 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 889079b..a04512c 100644 +index a4f890d..5db3708 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -103555,7 +103817,7 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 0dfe894..7702a84 100644 +index c375d73..d4abd23 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk) @@ -103567,6 +103829,15 @@ index 0dfe894..7702a84 100644 } static void netlink_rcv_wake(struct sock *sk) +@@ -707,7 +707,7 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg, + * after validation, the socket and the ring may only be used by a + * single process, otherwise we fall back to copying. + */ +- if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 || ++ if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 || + atomic_read(&nlk->mapped) > 1) + excl = false; + @@ -3003,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, @@ -103589,18 +103860,10 @@ index b74aa07..d41926e 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 48a6a93..d2c096b 100644 +index 48b1817..d2c096b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -635,6 +635,7 @@ static void init_prb_bdqc(struct packet_sock *po, - p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov); - p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv; - -+ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv); - prb_init_ft_ops(p1, req_u); - prb_setup_retire_blk_timer(po, tx_ring); - prb_open_block(p1, pbd); -@@ -1845,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1846,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_packets++; @@ -103609,7 +103872,7 @@ index 48a6a93..d2c096b 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1854,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1855,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_drops++; @@ -103618,26 +103881,7 @@ index 48a6a93..d2c096b 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -1946,6 +1947,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, - if ((int)snaplen < 0) - snaplen = 0; - } -+ } else if (unlikely(macoff + snaplen > -+ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) { -+ u32 nval; -+ -+ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff; -+ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n", -+ snaplen, nval, macoff); -+ snaplen = nval; -+ if (unlikely((int)snaplen < 0)) { -+ snaplen = 0; -+ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len; -+ } - } - spin_lock(&sk->sk_receive_queue.lock); - h.raw = packet_current_rx_frame(po, skb, -@@ -3449,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3462,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -103646,7 +103890,7 @@ index 48a6a93..d2c096b 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3495,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3508,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -103655,29 +103899,6 @@ index 48a6a93..d2c096b 100644 return -EFAULT; return 0; } -@@ -3779,6 +3792,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, - goto out; - if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) - goto out; -+ if (po->tp_version >= TPACKET_V3 && -+ (int)(req->tp_block_size - -+ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) -+ goto out; - if (unlikely(req->tp_frame_size < po->tp_hdrlen + - po->tp_reserve)) - goto out; -diff --git a/net/packet/internal.h b/net/packet/internal.h -index eb9580a..cdddf6a 100644 ---- a/net/packet/internal.h -+++ b/net/packet/internal.h -@@ -29,6 +29,7 @@ struct tpacket_kbdq_core { - char *pkblk_start; - char *pkblk_end; - int kblk_size; -+ unsigned int max_frame_len; - unsigned int knum_blocks; - uint64_t knxt_seq_num; - char *prev; diff --git a/net/phonet/pep.c b/net/phonet/pep.c index e774117..900b8b7 100644 --- a/net/phonet/pep.c @@ -103862,6 +104083,42 @@ index 4503335..db566b4 100644 } #endif +diff --git a/net/rds/rdma.c b/net/rds/rdma.c +index 4e37c1c..40084d8 100644 +--- a/net/rds/rdma.c ++++ b/net/rds/rdma.c +@@ -564,12 +564,12 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + + if (rs->rs_bound_addr == 0) { + ret = -ENOTCONN; /* XXX not a great errno */ +- goto out; ++ goto out_ret; + } + + if (args->nr_local > UIO_MAXIOV) { + ret = -EMSGSIZE; +- goto out; ++ goto out_ret; + } + + /* Check whether to allocate the iovec area */ +@@ -578,7 +578,7 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + iovs = sock_kmalloc(rds_rs_to_sk(rs), iov_size, GFP_KERNEL); + if (!iovs) { + ret = -ENOMEM; +- goto out; ++ goto out_ret; + } + } + +@@ -696,6 +696,7 @@ out: + if (iovs != iovstack) + sock_kfree_s(rds_rs_to_sk(rs), iovs, iov_size); + kfree(pages); ++out_ret: + if (ret) + rds_rdma_free_op(op); + else diff --git a/net/rds/rds.h b/net/rds/rds.h index 48f8ffc..0ef3eec 100644 --- a/net/rds/rds.h @@ -105285,10 +105542,10 @@ index 0917f04..f4e3d8c 100644 if (!proc_create("x25/route", S_IRUGO, init_net.proc_net, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 1d5c7bf..f762f1f 100644 +index 59cf325..e7fa6f0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c -@@ -327,7 +327,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) +@@ -332,7 +332,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) { policy->walk.dead = 1; @@ -105297,7 +105554,7 @@ index 1d5c7bf..f762f1f 100644 if (del_timer(&policy->polq.hold_timer)) xfrm_pol_put(policy); -@@ -661,7 +661,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) +@@ -666,7 +666,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) hlist_add_head(&policy->bydst, chain); xfrm_pol_hold(policy); net->xfrm.policy_count[dir]++; @@ -105306,7 +105563,7 @@ index 1d5c7bf..f762f1f 100644 /* After previous checking, family can either be AF_INET or AF_INET6 */ if (policy->family == AF_INET) -@@ -1761,7 +1761,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, +@@ -1766,7 +1766,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols = num_pols; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols); @@ -105315,7 +105572,7 @@ index 1d5c7bf..f762f1f 100644 return xdst; } -@@ -2572,11 +2572,12 @@ void xfrm_garbage_collect(struct net *net) +@@ -2604,11 +2604,12 @@ void xfrm_garbage_collect(struct net *net) } EXPORT_SYMBOL(xfrm_garbage_collect); @@ -105329,7 +105586,7 @@ index 1d5c7bf..f762f1f 100644 static void xfrm_init_pmtu(struct dst_entry *dst) { -@@ -2626,7 +2627,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2658,7 +2659,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -105338,7 +105595,7 @@ index 1d5c7bf..f762f1f 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2714,8 +2715,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2746,8 +2747,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->link_failure = xfrm_link_failure; if (likely(dst_ops->neigh_lookup == NULL)) dst_ops->neigh_lookup = xfrm_neigh_lookup; @@ -105347,7 +105604,7 @@ index 1d5c7bf..f762f1f 100644 rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo); } spin_unlock(&xfrm_policy_afinfo_lock); -@@ -2769,7 +2768,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2801,7 +2800,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->check = NULL; dst_ops->negative_advice = NULL; dst_ops->link_failure = NULL; @@ -105355,7 +105612,7 @@ index 1d5c7bf..f762f1f 100644 } return err; } -@@ -3159,7 +3157,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -3191,7 +3189,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -107324,7 +107581,7 @@ index fc3e662..7844c60 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index e294b86..eda45c55 100644 +index e294b86..4fc9b7f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -107336,6 +107593,22 @@ index e294b86..eda45c55 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); +@@ -470,6 +468,7 @@ next_inode: + list_entry(sbsec->isec_head.next, + struct inode_security_struct, list); + struct inode *inode = isec->inode; ++ list_del_init(&isec->list); + spin_unlock(&sbsec->isec_lock); + inode = igrab(inode); + if (inode) { +@@ -478,7 +477,6 @@ next_inode: + iput(inode); + } + spin_lock(&sbsec->isec_lock); +- list_del_init(&isec->list); + goto next_inode; + } + spin_unlock(&sbsec->isec_lock); @@ -5759,7 +5757,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -116098,7 +116371,7 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..e4b26fe +index 0000000..d832fcc --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data @@ -0,0 +1,5991 @@ @@ -117447,7 +117720,7 @@ index 0000000..e4b26fe +keys_proc_write_14792 keys_proc_write 3 14792 NULL +ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL +__kfifo_in_14797 __kfifo_in 3-0 14797 NULL nohasharray -+ttm_page_pool_free_14797 ttm_page_pool_free 2 14797 &__kfifo_in_14797 ++ttm_page_pool_free_14797 ttm_page_pool_free 2-0 14797 &__kfifo_in_14797 +hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray +snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801 +security_inode_rename_14805 security_inode_rename 0 14805 NULL @@ -117870,7 +118143,7 @@ index 0000000..e4b26fe +kstrtoll_from_user_19500 kstrtoll_from_user 2 19500 NULL +ext4_add_new_descs_19509 ext4_add_new_descs 3 19509 NULL +batadv_tvlv_container_register_19520 batadv_tvlv_container_register 5 19520 NULL -+ttm_dma_page_pool_free_19527 ttm_dma_page_pool_free 2 19527 NULL ++ttm_dma_page_pool_free_19527 ttm_dma_page_pool_free 2-0 19527 NULL +apei_exec_pre_map_gars_19529 apei_exec_pre_map_gars 0 19529 NULL nohasharray +cfc_write_array_to_buffer_19529 cfc_write_array_to_buffer 3 19529 &apei_exec_pre_map_gars_19529 +nfc_llcp_build_tlv_19536 nfc_llcp_build_tlv 3 19536 NULL |