main/linux-virt-grsec: upgrade to 3.10.19

(cherry picked from commit be7afbff42941e441138d76b367e898872a2bce2)

6 files changed, 196 insertions, 188 deletions

diff --git a/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch b/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch
deleted file mode 100644
index da442aae39..0000000000
--- a/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From b8bf456d13988fb38cfe248676327f44a2d2ed2e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Wed, 23 Oct 2013 09:54:54 +0300
-Subject: [PATCH] pax: x86_64: fix copy_user_generic
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Pax patch removed r10 from clobbers list as all assembly code was
-updated to not use it. However, in the error path the assembly code
-ends up calling copy_user_handle_tail() C-function that can clobber
-r10. This broke things for certain gcc optimizations (at least for gcc
-4.8.x), as copy_user_generic() is inline function, and the inline
-assembly incorrectly guaranteed not to clobber r10.
-
-Add r10 back to clobbers list like vanilla kernel has it. It is
-needed always due to the possibly C-function call in error path.
-
-Signed-off-by: Timo Teräs <timo.teras@iki.f>
-Acked-by: Natanael Copa <ncopa@alpinelinux.org>
----
- arch/x86/include/asm/uaccess_64.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 1dbe82f..9d398f4 100644
---- a/arch/x86/include/asm/uaccess_64.h
-+++ b/arch/x86/include/asm/uaccess_64.h
-@@ -44,7 +44,7 @@ copy_user_generic(void *to, const void *from, unsigned len)
- 			 ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from),
- 				     "=d" (len)),
- 			 "1" (to), "2" (from), "3" (len)
--			 : "memory", "rcx", "r8", "r9", "r11");
-+			 : "memory", "rcx", "r8", "r9", "r10", "r11");
- 	return ret;
- }
- 
--- 
-1.8.4.1
-
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
index e90804166b..52f347a1e4 100644
--- a/main/linux-virt-grsec/APKBUILD
+++ b/main/linux-virt-grsec/APKBUILD
@@ -3,7 +3,7 @@
 
 _flavor=grsec
 pkgname=linux-virt-${_flavor}
-pkgver=3.10.17
+pkgver=3.10.19
 case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
@@ -18,8 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
-	grsecurity-2.9.1-3.10.17-unofficial.patch
-	0001-pax-x86_64-fix-copy_user_generic.patch
+	grsecurity-2.9.1-$pkgver-unofficial.patch
 	0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
 	0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
 	0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -27,7 +26,9 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 	0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
 	fix-memory-map-for-PIE-applications.patch
-	remove-cap-sys-admin-for-proc-sys.patch
+	sysctl_lxc.patch
+	CVE-2013-4348.patch
+
 	kernelconfig.x86
 	kernelconfig.x86_64
 	"
@@ -151,9 +152,8 @@ dev() {
 }
 
 md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481  linux-3.10.tar.xz
-8431ee4e2467fdfde47e31701813a265  patch-3.10.17.xz
-6894537e9ccc2b296b27b42c39c64b31  grsecurity-2.9.1-3.10.17-unofficial.patch
-51607abf0a105aebbe65e3df6fb415bd  0001-pax-x86_64-fix-copy_user_generic.patch
+b7f932eecbbf5636ad69add480fa1573  patch-3.10.19.xz
+4440f9004d3b62cf9b526d53c02416ad  grsecurity-2.9.1-3.10.19-unofficial.patch
 a16f11b12381efb3bec79b9bfb329836  0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
 656ae7b10dd2f18dbfa1011041d08d60  0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
 aa454ffb96428586447775c21449e284  0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -161,13 +161,13 @@ aa454ffb96428586447775c21449e284  0003-ipv4-properly-refresh-rtable-entries-on-p
 6ce5fed63aad3f1a1ff1b9ba7b741822  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 1a5800a2122ba0cc0d06733cb3bb8b8f  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
 c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
-ebb624500d0b89fbf2daadfc7151c693  remove-cap-sys-admin-for-proc-sys.patch
+b3c0153d53e508e03d73b94d15b24a96  sysctl_lxc.patch
+09ae7985af988c75ff35ed503558eb8b  CVE-2013-4348.patch
 539c848d541c1656851fe865018273df  kernelconfig.x86
 82cd965fc82651f2e6b35e75c17d8031  kernelconfig.x86_64"
 sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544  linux-3.10.tar.xz
-5552fc6f24a56d13d603ddc7759114a7b52e92ad2fb84a23a1b80b37b739a33b  patch-3.10.17.xz
-8e82e71c0da392a601a952aa712b56a5116fcf626c19d69ae9d86dda2d200852  grsecurity-2.9.1-3.10.17-unofficial.patch
-0742780b41ded0837d25f0b2f646b954da9362ac5956886427ad630000c0e335  0001-pax-x86_64-fix-copy_user_generic.patch
+c420b1da0aefe23e4a6953e579374fd377385b6041f967694cf4f828e2f3252e  patch-3.10.19.xz
+532870eb3c59200b045efb64463bcc544d394410b2aba63ed5c6dbfe9d974e38  grsecurity-2.9.1-3.10.19-unofficial.patch
 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3  0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
 dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0  0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892  0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -175,13 +175,13 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0  0002-arp-flush
 ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
-01c33a3093d23a6ef5ea50cb91174d524be5bfcc4f3dd9694844cf47697d5287  remove-cap-sys-admin-for-proc-sys.patch
+9ba55b0f45d5aa97503e376a13be6d249a10f32e36687055b2fa1e5a39fa0584  sysctl_lxc.patch
+39acdfc0bb2298e3a9ba62ee42ac2b6556fc31d8eaa2c085f84897cdeaa1a996  CVE-2013-4348.patch
 997d4c8a5a2b911047d26fe1bf8ee8d5cd3b7133e6abdc07b7deacd0b3eb2330  kernelconfig.x86
 7845194551137fbc3b69a75249696bc843bb7fe7f4a4e6b0582c0ca0856caa64  kernelconfig.x86_64"
 sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35  linux-3.10.tar.xz
-38f9085d67d59cb37c32db69b84714a96f327fe74b69bb4a7304861ea6e474614216067ee08093f41739ce803b83a70400c83f06c695cb1114cf41c0b2dc7aa7  patch-3.10.17.xz
-6d27a986f32f42b12c4291ebb4b7365d8cd90b604ee9bc57344b9f9764efd7c5aae89c5ab4977878a24ae4b6e812c1db6030c3451bd15fdb2ea01a2a50e2ce41  grsecurity-2.9.1-3.10.17-unofficial.patch
-b32903a59cd582c2acf95869640bb34fefee544d242702e04af1db188f381da3889c9db9475e8ffc31628cda0b0641828f609c5ac9a387dd86ac4917be26792f  0001-pax-x86_64-fix-copy_user_generic.patch
+6a8bfb124f90f1c8ed27ce3315629601b1b72d4bc8b1d2b776424e56b3a72e4cd03bcebe6cde35223a3beba75ec6d69e949e217504acc611becb7e62aa88f05c  patch-3.10.19.xz
+015b090eedeb4bcd75025690bab264afddc9e5a54a897f918a8c5f260b5ddf46bd6cbf510e6efdeb26cc5d351e8c5ccb3c921738f315e4ee5153e288b86608cd  grsecurity-2.9.1-3.10.19-unofficial.patch
 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02  0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c  0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e  0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -189,6 +189,7 @@ d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d71
 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87  0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205  0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
-90d236cb79054751d9081c0ffc002c89cb855e0785c5419449563724e4f9de1c67f763923bdc8c1a5b336ab7850ad33d21fa41ad33b9e2e680badefe40c26626  remove-cap-sys-admin-for-proc-sys.patch
+41071e21c59997604a380575d3c4171d35a12eaae6ddcf158d95e4fd5ccc69d61753cbd38b7bd08d879cce5bfea3fed2df15e5a3dca944f6f7cbd95d5d2daa23  sysctl_lxc.patch
+6c5165692519c630cb96a254088e55d4d7412bd0f45920c0bf514dd9c68d24625da91798158fe502b6c214a7b8d44ae6b2e49b39aed6da3c1344f816f90405a3  CVE-2013-4348.patch
 08f5bb86f03415f60e9bb171ffa192fa70fa85dafeada10817a4b8ae7932fffd1b0f2df01750407e576bb71cd6c3f2c5fe76f2613922cd77f398bce134fd3ec2  kernelconfig.x86
 7a373bec279fe00601bff7ed64c5a09bb4318bf07557fece194afb426d78bf13191b0510642192518f3ffa68b9a36aa6f971f77f55ea09ae4f42c4a84afc00a5  kernelconfig.x86_64"
diff --git a/main/linux-virt-grsec/CVE-2013-4348.patch b/main/linux-virt-grsec/CVE-2013-4348.patch
new file mode 100644
index 0000000000..cce1592eb8
--- /dev/null
+++ b/main/linux-virt-grsec/CVE-2013-4348.patch
@@ -0,0 +1,35 @@
+From 6f092343855a71e03b8d209815d8c45bf3a27fcd Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Fri, 01 Nov 2013 07:01:10 +0000
+Subject: net: flow_dissector: fail on evil iph->ihl
+
+We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
+skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
+is evil (less than 5).
+
+This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae
+(rps: support IPIP encapsulation).
+
+Cc: Eric Dumazet <edumazet@google.com>
+Cc: Petr Matousek <pmatouse@redhat.com>
+Cc: Michael S. Tsirkin <mst@redhat.com>
+Cc: Daniel Borkmann <dborkman@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
+index 8d7d0dd..143b6fd 100644
+--- a/net/core/flow_dissector.c
++++ b/net/core/flow_dissector.c
+@@ -40,7 +40,7 @@ again:
+ 		struct iphdr _iph;
+ ip:
+ 		iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
+-		if (!iph)
++		if (!iph || iph->ihl < 5)
+ 			return false;
+ 
+ 		if (ip_is_fragment(iph))
+--
+cgit v0.9.2
diff --git a/main/linux-virt-grsec/grsecurity-2.9.1-3.10.17-unofficial.patch b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.19-unofficial.patch
index 3a78478212..cf1b0625d0 100644
--- a/main/linux-virt-grsec/grsecurity-2.9.1-3.10.17-unofficial.patch
+++ b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.19-unofficial.patch
@@ -281,7 +281,7 @@ index 2fe6e76..889ee23 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index 5c7d3d6..aa1c9c3 100644
+index 83a02f5..8673672 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -18579,7 +18579,7 @@ index 7f760a9..04b1c65 100644
  }
  
 diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 142810c..1dbe82f 100644
+index 142810c..9d398f4 100644
 --- a/arch/x86/include/asm/uaccess_64.h
 +++ b/arch/x86/include/asm/uaccess_64.h
 @@ -10,6 +10,9 @@
@@ -18610,12 +18610,7 @@ index 142810c..1dbe82f 100644
  copy_user_generic(void *to, const void *from, unsigned len)
  {
  	unsigned ret;
-@@ -41,142 +44,204 @@ copy_user_generic(void *to, const void *from, unsigned len)
- 			 ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from),
- 				     "=d" (len)),
- 			 "1" (to), "2" (from), "3" (len)
--			 : "memory", "rcx", "r8", "r9", "r10", "r11");
-+			 : "memory", "rcx", "r8", "r9", "r11");
+@@ -45,138 +48,200 @@ copy_user_generic(void *to, const void *from, unsigned len)
  	return ret;
  }
  
@@ -19520,7 +19515,7 @@ index 562a76d..a003c0f 100644
  	.name				= "physical x2apic",
  	.probe				= x2apic_phys_probe,
 diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
-index 794f6eb..67e1db2 100644
+index b32dbb4..6d66648 100644
 --- a/arch/x86/kernel/apic/x2apic_uv_x.c
 +++ b/arch/x86/kernel/apic/x2apic_uv_x.c
 @@ -342,7 +342,7 @@ static int uv_probe(void)
@@ -38439,7 +38434,7 @@ index ed1334e..ee0dd42 100644
  	dev = crtc->dev;
  
 diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index 9cc247f..36aa285 100644
+index 2ab782c..d994a37 100644
 --- a/drivers/gpu/drm/drm_drv.c
 +++ b/drivers/gpu/drm/drm_drv.c
 @@ -306,7 +306,7 @@ module_exit(drm_core_exit);
@@ -42099,7 +42094,7 @@ index 1c13071..4bb0452 100644
  
  void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
 diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 51f0345..c77810e 100644
+index d78f1ff..952b9c6 100644
 --- a/drivers/md/md.c
 +++ b/drivers/md/md.c
 @@ -234,10 +234,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -42249,10 +42244,10 @@ index 3e6d115..ffecdeb 100644
  /*----------------------------------------------------------------*/
  
 diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 6f48244..7d29145 100644
+index afaa5d4..c139824 100644
 --- a/drivers/md/raid1.c
 +++ b/drivers/md/raid1.c
-@@ -1822,7 +1822,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1823,7 +1823,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
  			if (r1_sync_page_io(rdev, sect, s,
  					    bio->bi_io_vec[idx].bv_page,
  					    READ) != 0)
@@ -42261,7 +42256,7 @@ index 6f48244..7d29145 100644
  		}
  		sectors -= s;
  		sect += s;
-@@ -2049,7 +2049,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2050,7 +2050,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
  			    test_bit(In_sync, &rdev->flags)) {
  				if (r1_sync_page_io(rdev, sect, s,
  						    conf->tmppage, READ)) {
@@ -42271,10 +42266,10 @@ index 6f48244..7d29145 100644
  					       "md/raid1:%s: read error corrected "
  					       "(%d sectors at %llu on %s)\n",
 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 081bb33..3c4b287 100644
+index 0add868..372c6ec 100644
 --- a/drivers/md/raid10.c
 +++ b/drivers/md/raid10.c
-@@ -1940,7 +1940,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1941,7 +1941,7 @@ static void end_sync_read(struct bio *bio, int error)
  		/* The write handler will notice the lack of
  		 * R10BIO_Uptodate and record any errors etc
  		 */
@@ -42283,7 +42278,7 @@ index 081bb33..3c4b287 100644
  			   &conf->mirrors[d].rdev->corrected_errors);
  
  	/* for reconstruct, we always reschedule after a read.
-@@ -2298,7 +2298,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2299,7 +2299,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
  {
  	struct timespec cur_time_mon;
  	unsigned long hours_since_last;
@@ -42292,7 +42287,7 @@ index 081bb33..3c4b287 100644
  
  	ktime_get_ts(&cur_time_mon);
  
-@@ -2320,9 +2320,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2321,9 +2321,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
  	 * overflowing the shift of read_errors by hours_since_last.
  	 */
  	if (hours_since_last >= 8 * sizeof(read_errors))
@@ -42304,7 +42299,7 @@ index 081bb33..3c4b287 100644
  }
  
  static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -2376,8 +2376,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2377,8 +2377,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
  		return;
  
  	check_decay_read_errors(mddev, rdev);
@@ -42315,7 +42310,7 @@ index 081bb33..3c4b287 100644
  		char b[BDEVNAME_SIZE];
  		bdevname(rdev->bdev, b);
  
-@@ -2385,7 +2385,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2386,7 +2386,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
  		       "md/raid10:%s: %s: Raid device exceeded "
  		       "read_error threshold [cur %d:max %d]\n",
  		       mdname(mddev), b,
@@ -42324,7 +42319,7 @@ index 081bb33..3c4b287 100644
  		printk(KERN_NOTICE
  		       "md/raid10:%s: %s: Failing raid device\n",
  		       mdname(mddev), b);
-@@ -2540,7 +2540,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2541,7 +2541,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
  					       sect +
  					       choose_data_offset(r10_bio, rdev)),
  				       bdevname(rdev->bdev, b));
@@ -42334,10 +42329,10 @@ index 081bb33..3c4b287 100644
  
  			rdev_dec_pending(rdev, mddev);
 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index a35b846..e295c6d 100644
+index 4bed545..8d22d0b 100644
 --- a/drivers/md/raid5.c
 +++ b/drivers/md/raid5.c
-@@ -1764,21 +1764,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1776,21 +1776,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
  				mdname(conf->mddev), STRIPE_SECTORS,
  				(unsigned long long)s,
  				bdevname(rdev->bdev, b));
@@ -42363,7 +42358,7 @@ index a35b846..e295c6d 100644
  		if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
  			printk_ratelimited(
  				KERN_WARNING
-@@ -1806,7 +1806,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1818,7 +1818,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
  				mdname(conf->mddev),
  				(unsigned long long)s,
  				bdn);
@@ -46815,7 +46810,7 @@ index f379c7f..e8fc69c 100644
  
  	transport_setup_device(&rport->dev);
 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index c398634..47ccb41 100644
+index 734a29a..6b06e4a 100644
 --- a/drivers/scsi/sd.c
 +++ b/drivers/scsi/sd.c
 @@ -2923,7 +2923,7 @@ static int sd_probe(struct device *dev)
@@ -48503,7 +48498,7 @@ index a9af1b9a..1e08e7f 100644
  			ret = -EPERM;
  			goto reterr;
 diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
-index b645c47..a55c182 100644
+index 2d57a00..74d14de 100644
 --- a/drivers/uio/uio.c
 +++ b/drivers/uio/uio.c
 @@ -25,6 +25,7 @@
@@ -48588,7 +48583,7 @@ index b645c47..a55c182 100644
  }
  
  static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
-@@ -809,7 +810,7 @@ int __uio_register_device(struct module *owner,
+@@ -830,7 +831,7 @@ int __uio_register_device(struct module *owner,
  	idev->owner = owner;
  	idev->info = info;
  	init_waitqueue_head(&idev->wait);
@@ -61205,7 +61200,7 @@ index 8c1c96c..a0f9b6d 100644
  		return -EINVAL;
  
 diff --git a/fs/seq_file.c b/fs/seq_file.c
-index 774c1eb..b67582a 100644
+index 3dd44db..a7da2f2 100644
 --- a/fs/seq_file.c
 +++ b/fs/seq_file.c
 @@ -10,6 +10,7 @@
@@ -61262,7 +61257,7 @@ index 774c1eb..b67582a 100644
  		if (!m->buf)
  			goto Enomem;
  		m->count = 0;
-@@ -581,7 +585,7 @@ static void single_stop(struct seq_file *p, void *v)
+@@ -583,7 +587,7 @@ static void single_stop(struct seq_file *p, void *v)
  int single_open(struct file *file, int (*show)(struct seq_file *, void *),
  		void *data)
  {
@@ -77273,7 +77268,7 @@ index 2ac423b..237c72e 100644
  #define save_altstack_ex(uss, sp) do { \
  	stack_t __user *__uss = uss; \
 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index dec1748..112c1f9 100644
+index eaf6027..2266947 100644
 --- a/include/linux/skbuff.h
 +++ b/include/linux/skbuff.h
 @@ -640,7 +640,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
@@ -77312,7 +77307,7 @@ index dec1748..112c1f9 100644
  }
  
  /**
-@@ -1848,7 +1848,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1853,7 +1853,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
   * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
   */
  #ifndef NET_SKB_PAD
@@ -77321,7 +77316,7 @@ index dec1748..112c1f9 100644
  #endif
  
  extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-@@ -2443,7 +2443,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
+@@ -2448,7 +2448,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
  					 int noblock, int *err);
  extern unsigned int    datagram_poll(struct file *file, struct socket *sock,
  				     struct poll_table_struct *wait);
@@ -77330,7 +77325,7 @@ index dec1748..112c1f9 100644
  					       int offset, struct iovec *to,
  					       int size);
  extern int	       skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
-@@ -2733,6 +2733,9 @@ static inline void nf_reset(struct sk_buff *skb)
+@@ -2738,6 +2738,9 @@ static inline void nf_reset(struct sk_buff *skb)
  	nf_bridge_put(skb->nf_bridge);
  	skb->nf_bridge = NULL;
  #endif
@@ -78881,10 +78876,10 @@ index 1bd4c41..9250b5b 100644
  
  /* Structure to track chunk fragments that have been acked, but peer
 diff --git a/include/net/sock.h b/include/net/sock.h
-index 66772cf..25bc45b 100644
+index cec4c72..66ba735 100644
 --- a/include/net/sock.h
 +++ b/include/net/sock.h
-@@ -325,7 +325,7 @@ struct sock {
+@@ -326,7 +326,7 @@ struct sock {
  #ifdef CONFIG_RPS
  	__u32			sk_rxhash;
  #endif
@@ -78893,7 +78888,7 @@ index 66772cf..25bc45b 100644
  	int			sk_rcvbuf;
  
  	struct sk_filter __rcu	*sk_filter;
-@@ -1797,7 +1797,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
+@@ -1799,7 +1799,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
  }
  
  static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
@@ -78902,7 +78897,7 @@ index 66772cf..25bc45b 100644
  					   int copy, int offset)
  {
  	if (skb->ip_summed == CHECKSUM_NONE) {
-@@ -2056,7 +2056,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
+@@ -2058,7 +2058,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
  	}
  }
  
@@ -78912,10 +78907,10 @@ index 66772cf..25bc45b 100644
  /**
   * sk_page_frag - return an appropriate page_frag
 diff --git a/include/net/tcp.h b/include/net/tcp.h
-index 5bba80f..8520a82 100644
+index 3fc77e9..a20155c 100644
 --- a/include/net/tcp.h
 +++ b/include/net/tcp.h
-@@ -524,7 +524,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
+@@ -525,7 +525,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
  extern void tcp_xmit_retransmit_queue(struct sock *);
  extern void tcp_simple_retransmit(struct sock *);
  extern int tcp_trim_head(struct sock *, struct sk_buff *, u32);
@@ -78924,7 +78919,7 @@ index 5bba80f..8520a82 100644
  
  extern void tcp_send_probe0(struct sock *);
  extern void tcp_send_partial(struct sock *);
-@@ -697,8 +697,8 @@ struct tcp_skb_cb {
+@@ -698,8 +698,8 @@ struct tcp_skb_cb {
  		struct inet6_skb_parm	h6;
  #endif
  	} header;	/* For incoming frames		*/
@@ -78935,7 +78930,7 @@ index 5bba80f..8520a82 100644
  	__u32		when;		/* used to compute rtt's	*/
  	__u8		tcp_flags;	/* TCP header flags. (tcp[13])	*/
  
-@@ -712,7 +712,7 @@ struct tcp_skb_cb {
+@@ -713,7 +713,7 @@ struct tcp_skb_cb {
  
  	__u8		ip_dsfield;	/* IPv4 tos or IPv6 dsfield	*/
  	/* 1 byte hole */
@@ -80430,7 +80425,7 @@ index f6c2ce5..982c0f9 100644
 +	return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
 +}
 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 2e9b387..61817b1 100644
+index b6b26fa..ae2217e 100644
 --- a/kernel/cgroup.c
 +++ b/kernel/cgroup.c
 @@ -5398,7 +5398,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
@@ -87214,7 +87209,7 @@ index ceb0c7f..b2b8e94 100644
  	} else {
  		pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
 diff --git a/mm/memory.c b/mm/memory.c
-index 5a35443..7c0340f 100644
+index 4b60011..80b1cba 100644
 --- a/mm/memory.c
 +++ b/mm/memory.c
 @@ -428,6 +428,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -87732,7 +87727,7 @@ index 5a35443..7c0340f 100644
  	} else {
  		if (cow_page)
  			mem_cgroup_uncharge_page(cow_page);
-@@ -3752,6 +3955,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3741,6 +3944,12 @@ int handle_pte_fault(struct mm_struct *mm,
  		if (flags & FAULT_FLAG_WRITE)
  			flush_tlb_fix_spurious_fault(vma, address);
  	}
@@ -87745,7 +87740,7 @@ index 5a35443..7c0340f 100644
  unlock:
  	pte_unmap_unlock(pte, ptl);
  	return 0;
-@@ -3768,6 +3977,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3757,6 +3966,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	pmd_t *pmd;
  	pte_t *pte;
  
@@ -87756,7 +87751,7 @@ index 5a35443..7c0340f 100644
  	__set_current_state(TASK_RUNNING);
  
  	count_vm_event(PGFAULT);
-@@ -3779,6 +3992,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3768,6 +3981,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	if (unlikely(is_vm_hugetlb_page(vma)))
  		return hugetlb_fault(mm, vma, address, flags);
  
@@ -87791,7 +87786,7 @@ index 5a35443..7c0340f 100644
  retry:
  	pgd = pgd_offset(mm, address);
  	pud = pud_alloc(mm, pgd, address);
-@@ -3877,6 +4118,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3866,6 +4107,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
  	spin_unlock(&mm->page_table_lock);
  	return 0;
  }
@@ -87815,7 +87810,7 @@ index 5a35443..7c0340f 100644
  #endif /* __PAGETABLE_PUD_FOLDED */
  
  #ifndef __PAGETABLE_PMD_FOLDED
-@@ -3907,6 +4165,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3896,6 +4154,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
  	spin_unlock(&mm->page_table_lock);
  	return 0;
  }
@@ -87846,7 +87841,7 @@ index 5a35443..7c0340f 100644
  #endif /* __PAGETABLE_PMD_FOLDED */
  
  #if !defined(__HAVE_ARCH_GATE_AREA)
-@@ -3920,7 +4202,7 @@ static int __init gate_vma_init(void)
+@@ -3909,7 +4191,7 @@ static int __init gate_vma_init(void)
  	gate_vma.vm_start = FIXADDR_USER_START;
  	gate_vma.vm_end = FIXADDR_USER_END;
  	gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -87855,7 +87850,7 @@ index 5a35443..7c0340f 100644
  
  	return 0;
  }
-@@ -4054,8 +4336,8 @@ out:
+@@ -4043,8 +4325,8 @@ out:
  	return ret;
  }
  
@@ -87866,7 +87861,7 @@ index 5a35443..7c0340f 100644
  {
  	resource_size_t phys_addr;
  	unsigned long prot = 0;
-@@ -4080,8 +4362,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
+@@ -4070,8 +4352,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
   * Access another process' address space as given in mm.  If non-NULL, use the
   * given task for page fault accounting.
   */
@@ -87877,7 +87872,7 @@ index 5a35443..7c0340f 100644
  {
  	struct vm_area_struct *vma;
  	void *old_buf = buf;
-@@ -4089,7 +4371,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4079,7 +4361,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
  	down_read(&mm->mmap_sem);
  	/* ignore errors, just check how much was successfully transferred */
  	while (len) {
@@ -87886,7 +87881,7 @@ index 5a35443..7c0340f 100644
  		void *maddr;
  		struct page *page = NULL;
  
-@@ -4148,8 +4430,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4138,8 +4420,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
   *
   * The caller must hold a reference on @mm.
   */
@@ -87897,7 +87892,7 @@ index 5a35443..7c0340f 100644
  {
  	return __access_remote_vm(NULL, mm, addr, buf, len, write);
  }
-@@ -4159,11 +4441,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4149,11 +4431,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
   * Source/target buffer must be kernel space,
   * Do not walk the page table directly, use get_user_pages
   */
@@ -87989,7 +87984,7 @@ index 4baf12e..5497066 100644
  		capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
  
 diff --git a/mm/migrate.c b/mm/migrate.c
-index 25ca7ca..abe1836 100644
+index bf436c1..f571994 100644
 --- a/mm/migrate.c
 +++ b/mm/migrate.c
 @@ -1399,8 +1399,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
@@ -89373,7 +89368,7 @@ index 8d25fdc..bfb7626 100644
  	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
  
 diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 94722a4..e661e29 100644
+index 2bbb648..1658c46 100644
 --- a/mm/mprotect.c
 +++ b/mm/mprotect.c
 @@ -23,10 +23,18 @@
@@ -89779,7 +89774,7 @@ index 298884d..5f74980 100644
  	struct mm_struct *mm;
  
 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 4514ad7..92eaa1c 100644
+index aca4364..09039c6 100644
 --- a/mm/page-writeback.c
 +++ b/mm/page-writeback.c
 @@ -659,7 +659,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty)
@@ -91263,7 +91258,7 @@ index ab1424d..7c5bd5a 100644
  	mm->unmap_area = arch_unmap_area;
  }
 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index d365724..6cae7c2 100644
+index d456560..3ed6863 100644
 --- a/mm/vmalloc.c
 +++ b/mm/vmalloc.c
 @@ -59,8 +59,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -92285,13 +92280,13 @@ index eb0a46a..5f3bae8 100644
  
  	switch (ss->ss_family) {
 diff --git a/net/compat.c b/net/compat.c
-index f0a1ba6..0541331 100644
+index 8903258..24e30e5 100644
 --- a/net/compat.c
 +++ b/net/compat.c
-@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
- 	    __get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
- 	    __get_user(kmsg->msg_flags, &umsg->msg_flags))
+@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
  		return -EFAULT;
+ 	if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
+ 		return -EINVAL;
 -	kmsg->msg_name = compat_ptr(tmp1);
 -	kmsg->msg_iov = compat_ptr(tmp2);
 -	kmsg->msg_control = compat_ptr(tmp3);
@@ -92301,7 +92296,7 @@ index f0a1ba6..0541331 100644
  	return 0;
  }
  
-@@ -85,7 +85,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -87,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
  
  	if (kern_msg->msg_namelen) {
  		if (mode == VERIFY_READ) {
@@ -92310,7 +92305,7 @@ index f0a1ba6..0541331 100644
  						      kern_msg->msg_namelen,
  						      kern_address);
  			if (err < 0)
-@@ -96,7 +96,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -98,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
  		kern_msg->msg_name = NULL;
  
  	tot_len = iov_from_user_compat_to_kern(kern_iov,
@@ -92319,7 +92314,7 @@ index f0a1ba6..0541331 100644
  					  kern_msg->msg_iovlen);
  	if (tot_len >= 0)
  		kern_msg->msg_iov = kern_iov;
-@@ -116,20 +116,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -118,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
  
  #define CMSG_COMPAT_FIRSTHDR(msg)			\
  	(((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ?	\
@@ -92343,7 +92338,7 @@ index f0a1ba6..0541331 100644
  			msg->msg_controllen)
  		return NULL;
  	return (struct compat_cmsghdr __user *)ptr;
-@@ -219,7 +219,7 @@ Efault:
+@@ -221,7 +221,7 @@ Efault:
  
  int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *data)
  {
@@ -92352,7 +92347,7 @@ index f0a1ba6..0541331 100644
  	struct compat_cmsghdr cmhdr;
  	struct compat_timeval ctv;
  	struct compat_timespec cts[3];
-@@ -275,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
+@@ -277,7 +277,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
  
  void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
  {
@@ -92361,7 +92356,7 @@ index f0a1ba6..0541331 100644
  	int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
  	int fdnum = scm->fp->count;
  	struct file **fp = scm->fp->fp;
-@@ -363,7 +363,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
+@@ -365,7 +365,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
  		return -EFAULT;
  	old_fs = get_fs();
  	set_fs(KERNEL_DS);
@@ -92370,7 +92365,7 @@ index f0a1ba6..0541331 100644
  	set_fs(old_fs);
  
  	return err;
-@@ -424,7 +424,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
+@@ -426,7 +426,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
  	len = sizeof(ktime);
  	old_fs = get_fs();
  	set_fs(KERNEL_DS);
@@ -92379,7 +92374,7 @@ index f0a1ba6..0541331 100644
  	set_fs(old_fs);
  
  	if (!err) {
-@@ -567,7 +567,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -569,7 +569,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
  	case MCAST_JOIN_GROUP:
  	case MCAST_LEAVE_GROUP:
  	{
@@ -92388,7 +92383,7 @@ index f0a1ba6..0541331 100644
  		struct group_req __user *kgr =
  			compat_alloc_user_space(sizeof(struct group_req));
  		u32 interface;
-@@ -588,7 +588,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -590,7 +590,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
  	case MCAST_BLOCK_SOURCE:
  	case MCAST_UNBLOCK_SOURCE:
  	{
@@ -92397,7 +92392,7 @@ index f0a1ba6..0541331 100644
  		struct group_source_req __user *kgsr = compat_alloc_user_space(
  			sizeof(struct group_source_req));
  		u32 interface;
-@@ -609,7 +609,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -611,7 +611,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
  	}
  	case MCAST_MSFILTER:
  	{
@@ -92406,7 +92401,7 @@ index f0a1ba6..0541331 100644
  		struct group_filter __user *kgf;
  		u32 interface, fmode, numsrc;
  
-@@ -647,7 +647,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
+@@ -649,7 +649,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
  	char __user *optval, int __user *optlen,
  	int (*getsockopt)(struct sock *, int, int, char __user *, int __user *))
  {
@@ -92415,7 +92410,7 @@ index f0a1ba6..0541331 100644
  	struct group_filter __user *kgf;
  	int __user	*koptlen;
  	u32 interface, fmode, numsrc;
-@@ -805,7 +805,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
+@@ -807,7 +807,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
  
  	if (call < SYS_SOCKET || call > SYS_SENDMMSG)
  		return -EINVAL;
@@ -92843,7 +92838,7 @@ index 1c1738c..4cab7f0 100644
  }
  
 diff --git a/net/core/sock.c b/net/core/sock.c
-index d6d024c..6ea7ab4 100644
+index 6565431..4012941 100644
 --- a/net/core/sock.c
 +++ b/net/core/sock.c
 @@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -92930,7 +92925,7 @@ index d6d024c..6ea7ab4 100644
  		return -EFAULT;
  lenout:
  	if (put_user(len, optlen))
-@@ -2277,7 +2277,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2278,7 +2278,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
  	 */
  	smp_wmb();
  	atomic_set(&sk->sk_refcnt, 1);
@@ -93297,7 +93292,7 @@ index 6acb541..9ea617d 100644
  
  void inet_get_local_port_range(int *low, int *high)
 diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
-index 6af375a..c493c74 100644
+index c95848d..e561cbd 100644
 --- a/net/ipv4/inet_hashtables.c
 +++ b/net/ipv4/inet_hashtables.c
 @@ -18,12 +18,15 @@
@@ -93446,7 +93441,7 @@ index d9c4f11..02b82dbc 100644
  		msg.msg_flags = flags;
  
 diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
-index 17cc0ff..63856c4 100644
+index 0656041..d6ecb60 100644
 --- a/net/ipv4/ip_vti.c
 +++ b/net/ipv4/ip_vti.c
 @@ -47,7 +47,7 @@
@@ -93458,7 +93453,7 @@ index 17cc0ff..63856c4 100644
  
  static int vti_net_id __read_mostly;
  struct vti_net {
-@@ -840,7 +840,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
+@@ -848,7 +848,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
  	[IFLA_VTI_REMOTE]	= { .len = FIELD_SIZEOF(struct iphdr, daddr) },
  };
  
@@ -93700,7 +93695,7 @@ index 6fb2337..9cd6b20 100644
  
  static int raw_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index d35bbf0..faa3ab8 100644
+index d11e73c..25c1dc4 100644
 --- a/net/ipv4/route.c
 +++ b/net/ipv4/route.c
 @@ -2558,34 +2558,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
@@ -93756,10 +93751,10 @@ index d35bbf0..faa3ab8 100644
  			 sizeof(net->ipv4.dev_addr_genid));
  	return 0;
 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
-index 3f25e75..3ae0f4d 100644
+index 90b26be..268b217 100644
 --- a/net/ipv4/sysctl_net_ipv4.c
 +++ b/net/ipv4/sysctl_net_ipv4.c
-@@ -57,7 +57,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
+@@ -58,7 +58,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
  {
  	int ret;
  	int range[2];
@@ -93768,7 +93763,7 @@ index 3f25e75..3ae0f4d 100644
  		.data = &range,
  		.maxlen = sizeof(range),
  		.mode = table->mode,
-@@ -110,7 +110,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
+@@ -111,7 +111,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
  	int ret;
  	gid_t urange[2];
  	kgid_t low, high;
@@ -93777,7 +93772,7 @@ index 3f25e75..3ae0f4d 100644
  		.data = &urange,
  		.maxlen = sizeof(urange),
  		.mode = table->mode,
-@@ -141,7 +141,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
+@@ -142,7 +142,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
  				       void __user *buffer, size_t *lenp, loff_t *ppos)
  {
  	char val[TCP_CA_NAME_MAX];
@@ -93786,7 +93781,7 @@ index 3f25e75..3ae0f4d 100644
  		.data = val,
  		.maxlen = TCP_CA_NAME_MAX,
  	};
-@@ -160,7 +160,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
+@@ -161,7 +161,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
  						 void __user *buffer, size_t *lenp,
  						 loff_t *ppos)
  {
@@ -93795,7 +93790,7 @@ index 3f25e75..3ae0f4d 100644
  	int ret;
  
  	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
-@@ -177,7 +177,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
+@@ -178,7 +178,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
  					   void __user *buffer, size_t *lenp,
  					   loff_t *ppos)
  {
@@ -93804,7 +93799,7 @@ index 3f25e75..3ae0f4d 100644
  	int ret;
  
  	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
-@@ -203,15 +203,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+@@ -204,15 +204,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
  	struct mem_cgroup *memcg;
  #endif
  
@@ -93825,7 +93820,7 @@ index 3f25e75..3ae0f4d 100644
  	}
  
  	ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
-@@ -238,7 +240,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+@@ -239,7 +241,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
  static int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer,
  				 size_t *lenp, loff_t *ppos)
  {
@@ -93834,7 +93829,7 @@ index 3f25e75..3ae0f4d 100644
  	struct tcp_fastopen_context *ctxt;
  	int ret;
  	u32  user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
-@@ -481,7 +483,7 @@ static struct ctl_table ipv4_table[] = {
+@@ -482,7 +484,7 @@ static struct ctl_table ipv4_table[] = {
  	},
  	{
  		.procname	= "ip_local_reserved_ports",
@@ -93843,7 +93838,7 @@ index 3f25e75..3ae0f4d 100644
  		.maxlen		= 65536,
  		.mode		= 0644,
  		.proc_handler	= proc_do_large_bitmap,
-@@ -846,11 +848,10 @@ static struct ctl_table ipv4_net_table[] = {
+@@ -856,11 +858,10 @@ static struct ctl_table ipv4_net_table[] = {
  
  static __net_init int ipv4_sysctl_init_net(struct net *net)
  {
@@ -93857,7 +93852,7 @@ index 3f25e75..3ae0f4d 100644
  		if (table == NULL)
  			goto err_alloc;
  
-@@ -885,15 +886,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
+@@ -895,15 +896,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
  
  	tcp_init_mem(net);
  
@@ -93878,7 +93873,7 @@ index 3f25e75..3ae0f4d 100644
  err_alloc:
  	return -ENOMEM;
  }
-@@ -915,16 +918,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
+@@ -925,16 +928,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
  static __init int sysctl_ipv4_init(void)
  {
  	struct ctl_table_header *hdr;
@@ -93896,10 +93891,10 @@ index 3f25e75..3ae0f4d 100644
  	hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
  	if (hdr == NULL)
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 4b75aad..a4b2833 100644
+index e15d330..c93711a 100644
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
-@@ -4439,7 +4439,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4472,7 +4472,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
   * simplifies code)
   */
  static void
@@ -93908,7 +93903,7 @@ index 4b75aad..a4b2833 100644
  	     struct sk_buff *head, struct sk_buff *tail,
  	     u32 start, u32 end)
  {
-@@ -5525,6 +5525,7 @@ discard:
+@@ -5558,6 +5558,7 @@ discard:
  	    tcp_paws_reject(&tp->rx_opt, 0))
  		goto discard_and_undo;
  
@@ -93916,7 +93911,7 @@ index 4b75aad..a4b2833 100644
  	if (th->syn) {
  		/* We see SYN without ACK. It is attempt of
  		 * simultaneous connect with crossed SYNs.
-@@ -5575,6 +5576,7 @@ discard:
+@@ -5608,6 +5609,7 @@ discard:
  		goto discard;
  #endif
  	}
@@ -93924,7 +93919,7 @@ index 4b75aad..a4b2833 100644
  	/* "fifth, if neither of the SYN or RST bits is set then
  	 * drop the segment and return."
  	 */
-@@ -5619,7 +5621,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5652,7 +5654,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
  			goto discard;
  
  		if (th->syn) {
@@ -94637,10 +94632,10 @@ index 1aeb473..bea761c 100644
  	return -ENOMEM;
  }
 diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index bacce6c..9d1741a 100644
+index 3c1f493..4129ccc 100644
 --- a/net/ipv6/route.c
 +++ b/net/ipv6/route.c
-@@ -2903,7 +2903,7 @@ ctl_table ipv6_route_table_template[] = {
+@@ -2931,7 +2931,7 @@ ctl_table ipv6_route_table_template[] = {
  
  struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
  {
@@ -94966,7 +94961,7 @@ index ab8bd2c..cd2d641 100644
  	return res;
  }
 diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index ae36f8e..09d42ac 100644
+index 5ab17b8..5b0aae4 100644
 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
 @@ -806,7 +806,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
@@ -94999,7 +94994,7 @@ index ae36f8e..09d42ac 100644
  		if (local->use_chanctx)
  			*chandef = local->monitor_chandef;
 diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 9ca8e32..48e4a9b 100644
+index 92ef04c..dab37ef3 100644
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
 @@ -28,6 +28,7 @@
@@ -95010,7 +95005,7 @@ index 9ca8e32..48e4a9b 100644
  #include "key.h"
  #include "sta_info.h"
  #include "debug.h"
-@@ -891,7 +892,7 @@ struct ieee80211_local {
+@@ -894,7 +895,7 @@ struct ieee80211_local {
  	/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
  	spinlock_t queue_stop_reason_lock;
  
@@ -95175,7 +95170,7 @@ index c97a065..ff61928 100644
  
  	return p;
 diff --git a/net/mac80211/util.c b/net/mac80211/util.c
-index 72e6292..e6319eb 100644
+index 5db8eb5..d0319e8 100644
 --- a/net/mac80211/util.c
 +++ b/net/mac80211/util.c
 @@ -1472,7 +1472,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
@@ -96806,7 +96801,7 @@ index 098f1d5f..60da2f7 100644
  
  /* Start T3_rtx timer if it is not already running and update the heartbeat
 diff --git a/net/socket.c b/net/socket.c
-index 4ca1526..df83e47 100644
+index 9c467b2..f2cbd27 100644
 --- a/net/socket.c
 +++ b/net/socket.c
 @@ -88,6 +88,7 @@
@@ -96977,7 +96972,7 @@ index 4ca1526..df83e47 100644
  	int err, err2;
  	int fput_needed;
  
-@@ -2023,7 +2085,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2036,7 +2098,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
  		 * checking falls down on this.
  		 */
  		if (copy_from_user(ctl_buf,
@@ -96986,7 +96981,7 @@ index 4ca1526..df83e47 100644
  				   ctl_len))
  			goto out_freectl;
  		msg_sys->msg_control = ctl_buf;
-@@ -2174,7 +2236,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2187,7 +2249,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
  	int err, total_len, len;
  
  	/* kernel mode address */
@@ -96995,7 +96990,7 @@ index 4ca1526..df83e47 100644
  
  	/* user mode address pointers */
  	struct sockaddr __user *uaddr;
-@@ -2202,7 +2264,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2218,7 +2280,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
  	 *      kernel msghdr to use the kernel address space)
  	 */
  
@@ -97004,7 +96999,7 @@ index 4ca1526..df83e47 100644
  	uaddr_len = COMPAT_NAMELEN(msg);
  	if (MSG_CMSG_COMPAT & flags) {
  		err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
-@@ -2955,7 +3017,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2971,7 +3033,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
  		old_fs = get_fs();
  		set_fs(KERNEL_DS);
  		err = dev_ioctl(net, cmd,
@@ -97013,7 +97008,7 @@ index 4ca1526..df83e47 100644
  		set_fs(old_fs);
  
  		return err;
-@@ -3064,7 +3126,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3080,7 +3142,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
  
  	old_fs = get_fs();
  	set_fs(KERNEL_DS);
@@ -97022,7 +97017,7 @@ index 4ca1526..df83e47 100644
  	set_fs(old_fs);
  
  	if (cmd == SIOCGIFMAP && !err) {
-@@ -3169,7 +3231,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3185,7 +3247,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
  		ret |= __get_user(rtdev, &(ur4->rt_dev));
  		if (rtdev) {
  			ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -97031,7 +97026,7 @@ index 4ca1526..df83e47 100644
  			devname[15] = 0;
  		} else
  			r4.rt_dev = NULL;
-@@ -3395,8 +3457,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3411,8 +3473,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
  	int __user *uoptlen;
  	int err;
  
@@ -97042,7 +97037,7 @@ index 4ca1526..df83e47 100644
  
  	set_fs(KERNEL_DS);
  	if (level == SOL_SOCKET)
-@@ -3416,7 +3478,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3432,7 +3494,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
  	char __user *uoptval;
  	int err;
  
@@ -97403,7 +97398,7 @@ index 6b42d47..2ac24d5 100644
  
  	sub->evt.event = htohl(event, sub->swap);
 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 826e099..4fa8c93 100644
+index 0258072..fc6d46d 100644
 --- a/net/unix/af_unix.c
 +++ b/net/unix/af_unix.c
 @@ -783,6 +783,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -97452,7 +97447,7 @@ index 826e099..4fa8c93 100644
  	done_path_create(&path, dentry);
  	return err;
  }
-@@ -2324,9 +2343,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2334,9 +2353,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
  		seq_puts(seq, "Num       RefCount Protocol Flags    Type St "
  			 "Inode Path\n");
  	else {
@@ -97467,7 +97462,7 @@ index 826e099..4fa8c93 100644
  
  		seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
  			s,
-@@ -2353,8 +2376,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2363,8 +2386,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
  			}
  			for ( ; i < len; i++)
  				seq_putc(seq, u->addr->name->sun_path[i]);
@@ -97946,10 +97941,10 @@ index 643764f..6cc0137 100644
  		-e 's@^#include <linux/compiler.h>@@' \
  		-e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \
 diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
-index 0149949..d482a0d 100644
+index 32b10f5..0d8d2ee 100644
 --- a/scripts/link-vmlinux.sh
 +++ b/scripts/link-vmlinux.sh
-@@ -158,7 +158,7 @@ else
+@@ -160,7 +160,7 @@ else
  fi;
  
  # final build of init/
@@ -100397,7 +100392,7 @@ index 7d8803a..559f8d0 100644
                  list_add(&s->list, &cs4297a_devs);
  
 diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
-index 55108b5..d973e11 100644
+index 31461ba..d700d1a 100644
 --- a/sound/pci/hda/hda_codec.c
 +++ b/sound/pci/hda/hda_codec.c
 @@ -916,14 +916,10 @@ find_codec_preset(struct hda_codec *codec)
diff --git a/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch b/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch
deleted file mode 100644
index 6fa56ba134..0000000000
--- a/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index 1e6dc7e..d65d119 100644
---- a/fs/proc/proc_sysctl.c
-+++ b/fs/proc/proc_sysctl.c
-@@ -521,8 +521,6 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
- 	dput(filp->f_path.dentry);
- 	if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
- 		goto out;
--	if (write && !capable(CAP_SYS_ADMIN))
--		goto out;
- #endif
- 
- 	/* careful: calling conventions are nasty here */
-
diff --git a/main/linux-virt-grsec/sysctl_lxc.patch b/main/linux-virt-grsec/sysctl_lxc.patch
new file mode 100644
index 0000000000..56279aa03f
--- /dev/null
+++ b/main/linux-virt-grsec/sysctl_lxc.patch
@@ -0,0 +1,31 @@
+This patch allows guests to set /proc/sys/net/*/ip_forward without
+needing CAP_SYS_ADMIN.
+
+diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
+index 1e6dc7e..0a5638b 100644
+--- a/fs/proc/proc_sysctl.c
++++ b/fs/proc/proc_sysctl.c
+@@ -11,6 +11,7 @@
+ #include <linux/namei.h>
+ #include <linux/mm.h>
+ #include <linux/module.h>
++#include <linux/nsproxy.h>
+ #include "internal.h"
+ 
+ extern int gr_handle_chroot_sysctl(const int op);
+@@ -521,8 +522,13 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+ 	dput(filp->f_path.dentry);
+ 	if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
+ 		goto out;
+-	if (write && !capable(CAP_SYS_ADMIN))
+-		goto out;
++	if (write) {
++		if (current->nsproxy->net_ns != table->extra2) {
++			if (!capable(CAP_SYS_ADMIN))
++				goto out;
++		} else if (!nsown_capable(CAP_NET_ADMIN))
++			goto out;
++	}
+ #endif
+ 
+ 	/* careful: calling conventions are nasty here */