aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-virt-grsec
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2014-01-23 08:26:09 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2014-01-23 08:26:09 +0000
commitc7bbdca2a256fe6abded086bf4e27338f78f67f9 (patch)
tree905b7113d8155c65a4a2aa1e0f89e9e96d902fc1 /main/linux-virt-grsec
parenta34a5dcf81b53f781e83f857e429d79e945f8af2 (diff)
downloadaports-c7bbdca2a256fe6abded086bf4e27338f78f67f9.tar.bz2
aports-c7bbdca2a256fe6abded086bf4e27338f78f67f9.tar.xz
main/linux-virt-grsec: upgrade to 3.12.8
Diffstat (limited to 'main/linux-virt-grsec')
-rw-r--r--main/linux-virt-grsec/APKBUILD18
-rw-r--r--main/linux-virt-grsec/grsecurity-3.0-3.12.8-201401191015.patch (renamed from main/linux-virt-grsec/grsecurity-3.0-3.12.7-201401120824.patch)1415
2 files changed, 1107 insertions, 326 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
index 02eec6d71a..bf2e05f267 100644
--- a/main/linux-virt-grsec/APKBUILD
+++ b/main/linux-virt-grsec/APKBUILD
@@ -3,12 +3,12 @@
_flavor=virt-grsec
pkgname=linux-${_flavor}
-pkgver=3.12.7
+pkgver=3.12.8
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=1
+pkgrel=0
pkgdesc="Linux kernel for virtual guests with grsecurity"
url="http://grsecurity.net"
depends="mkinitfs linux-firmware"
@@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-$pkgver-201401120824.patch
+ grsecurity-3.0-$pkgver-201401191015.patch
fix-memory-map-for-PIE-applications.patch
kernelconfig.x86
@@ -145,20 +145,20 @@ dev() {
}
md5sums="cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz
-a158a29ecf49e768ebd2f34967991606 patch-3.12.7.xz
-a90b0bcd0ece5c0bee4fa8155a0122fd grsecurity-3.0-3.12.7-201401120824.patch
+03d34842e3a1197d17055610f62627b8 patch-3.12.8.xz
+a7dd09d05b98cca3b7c00098698bdd38 grsecurity-3.0-3.12.8-201401191015.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
cc0bc34dd6d4f4396fa70ceaa5aa4a1a kernelconfig.x86
93a67bcefa885e0089247694c3e1fa25 kernelconfig.x86_64"
sha256sums="2e120ec7fde19fa51dc6b6cc11c81860a0775defcad5a5bf910ed9a50e845a02 linux-3.12.tar.xz
-ac57d56064bb23dae55fe656c407c662e842c98a6a5411251d6bb79c9718f555 patch-3.12.7.xz
-1ff99432fb966b8646bfa73f6828c8e25351afcfac2acbd3f019448926de9278 grsecurity-3.0-3.12.7-201401120824.patch
+a8e056bec1a39bbca8d2df9c477a9dee0e263ae4335601548eda14326e83e782 patch-3.12.8.xz
+8ec870556270bb0041b1b7fcc4d86328c62023a288b8e914b8721c94956ac737 grsecurity-3.0-3.12.8-201401191015.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
bb7418bfdfbe45476331412b17a06abb08f8a0f44fe8ff978fd3413e8671ae66 kernelconfig.x86
4a11a2edd0dc69687f96f6c80140537b8ba74684244af59a1ffe74cd69712c6c kernelconfig.x86_64"
sha512sums="4ba5797e0772726d05c9f2eee66dc6dc2a5033c749ef44764c805a83da739ed5d0c6443b76785e38fe1ef74cc7ade787e48144faed0cfcb6f124f05248c700ff linux-3.12.tar.xz
-070536e1ed0911e91e96f32038b38efd8d531a306b09eb3074f68ebd7c582cf09574ea712666c3e3dff8443d66d054028a58497dd5e11f66d3bb5eb4570aee78 patch-3.12.7.xz
-34475fd4f167492550f2cc0df7f0b4eb4f616e1a40d1e914128c20b0ec3a77d7c7a57f1fe7874316e4081ac15d06e4bf33b841477b69757409fe54c4f40d76ce grsecurity-3.0-3.12.7-201401120824.patch
+27cf39ed82d2b28669a7a63b577814b625e9fa73fce4e15c5f4a35358621356e4364c4892427fb5e02982087090404f5ce871357a04c0372d008b1e55ca55aee patch-3.12.8.xz
+d8d9ead63a728385fff54597cd25d0856d9f1e964d871cf75ed9563beb358ea8f6e87d81ed16432c02772fa3d8e1caf45b15e0cce4ec4c07e73e0ef531f28016 grsecurity-3.0-3.12.8-201401191015.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
b2245e3eeb020651eb36289d658b32a0ace45e00c392113e8589dbc31f5bd602fb3284b915b4924c235c7886f5e773ad731ddb392ca9e7b10528e0344bdafaef kernelconfig.x86
203ef17038ebdb92dbdd6547875816012442f6d4c3d5ea43d9f4898b4c074feda85c485c3bf2aa1b6de127985292aaeef3596e66f06282c7853f9ff7db0a5df4 kernelconfig.x86_64"
diff --git a/main/linux-virt-grsec/grsecurity-3.0-3.12.7-201401120824.patch b/main/linux-virt-grsec/grsecurity-3.0-3.12.8-201401191015.patch
index 6b060dc4d0..07d9c2507f 100644
--- a/main/linux-virt-grsec/grsecurity-3.0-3.12.7-201401120824.patch
+++ b/main/linux-virt-grsec/grsecurity-3.0-3.12.8-201401191015.patch
@@ -1,5 +1,5 @@
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index b89a739..79768fb 100644
+index b89a739..903b673 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
@@ -2,9 +2,11 @@
@@ -61,7 +61,7 @@ index b89a739..79768fb 100644
asm-offsets.h
asm_offsets.h
autoconf.h*
-@@ -92,19 +101,24 @@ bounds.h
+@@ -92,32 +101,40 @@ bounds.h
bsetup
btfixupprep
build
@@ -86,7 +86,11 @@ index b89a739..79768fb 100644
conmakehash
consolemap_deftbl.c*
cpustr.h
-@@ -115,9 +129,11 @@ devlist.h*
+ crc32table.h*
+ cscope.*
+ defkeymap.c
++devicetable-offsets.h
+ devlist.h*
dnotify_test
docproc
dslm
@@ -98,7 +102,7 @@ index b89a739..79768fb 100644
fixdep
flask.h
fore200e_mkfirm
-@@ -125,12 +141,15 @@ fore200e_pca_fw.c*
+@@ -125,12 +142,15 @@ fore200e_pca_fw.c*
gconf
gconf.glade.h
gen-devlist
@@ -114,7 +118,7 @@ index b89a739..79768fb 100644
hpet_example
hugepage-mmap
hugepage-shm
-@@ -145,14 +164,14 @@ int32.c
+@@ -145,14 +165,14 @@ int32.c
int4.c
int8.c
kallsyms
@@ -131,7 +135,7 @@ index b89a739..79768fb 100644
logo_*.c
logo_*_clut224.c
logo_*_mono.c
-@@ -162,14 +181,15 @@ mach-types.h
+@@ -162,14 +182,15 @@ mach-types.h
machtypes.h
map
map_hugetlb
@@ -148,7 +152,7 @@ index b89a739..79768fb 100644
mkprep
mkregtable
mktables
-@@ -185,6 +205,8 @@ oui.c*
+@@ -185,6 +206,8 @@ oui.c*
page-types
parse.c
parse.h
@@ -157,7 +161,7 @@ index b89a739..79768fb 100644
patches*
pca200e.bin
pca200e_ecd.bin2
-@@ -194,6 +216,7 @@ perf-archive
+@@ -194,6 +217,7 @@ perf-archive
piggyback
piggy.gzip
piggy.S
@@ -165,7 +169,7 @@ index b89a739..79768fb 100644
pnmtologo
ppc_defs.h*
pss_boot.h
-@@ -203,7 +226,10 @@ r200_reg_safe.h
+@@ -203,7 +227,10 @@ r200_reg_safe.h
r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
@@ -176,7 +180,7 @@ index b89a739..79768fb 100644
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -213,8 +239,12 @@ series
+@@ -213,8 +240,12 @@ series
setup
setup.bin
setup.elf
@@ -189,7 +193,7 @@ index b89a739..79768fb 100644
split-include
syscalltab.h
tables.c
-@@ -224,6 +254,7 @@ tftpboot.img
+@@ -224,6 +255,7 @@ tftpboot.img
timeconst.h
times.h*
trix_boot.h
@@ -197,7 +201,7 @@ index b89a739..79768fb 100644
utsrelease.h*
vdso-syms.lds
vdso.lds
-@@ -235,13 +266,17 @@ vdso32.lds
+@@ -235,13 +267,17 @@ vdso32.lds
vdso32.so.dbg
vdso64.lds
vdso64.so.dbg
@@ -215,7 +219,7 @@ index b89a739..79768fb 100644
vmlinuz
voffset.h
vsyscall.lds
-@@ -249,9 +284,12 @@ vsyscall_32.lds
+@@ -249,9 +285,12 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
@@ -281,7 +285,7 @@ index 4f7c57c..a2dc685 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index c2f0b79..2e5e090 100644
+index 5d0ec13..d3dcef2 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -400,7 +404,13 @@ index c2f0b79..2e5e090 100644
$(Q)$(MAKE) $(build)=$@
define filechk_kernel.release
-@@ -838,6 +900,7 @@ prepare0: archprepare FORCE
+@@ -834,10 +896,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+
+ archprepare: archheaders archscripts prepare1 scripts_basic
+
++prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
++prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
+ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=.
# All the preparing..
@@ -408,7 +418,7 @@ index c2f0b79..2e5e090 100644
prepare: prepare0
# Generate some files
-@@ -945,6 +1008,8 @@ all: modules
+@@ -945,6 +1010,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -417,7 +427,7 @@ index c2f0b79..2e5e090 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -960,7 +1025,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -960,7 +1027,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -426,7 +436,7 @@ index c2f0b79..2e5e090 100644
# Target to install modules
PHONY += modules_install
-@@ -1026,7 +1091,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1026,7 +1093,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
@@ -435,7 +445,7 @@ index c2f0b79..2e5e090 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1066,6 +1131,7 @@ distclean: mrproper
+@@ -1066,6 +1133,7 @@ distclean: mrproper
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
-o -name '.*.rej' \
@@ -443,7 +453,7 @@ index c2f0b79..2e5e090 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1227,6 +1293,8 @@ PHONY += $(module-dirs) modules
+@@ -1227,6 +1295,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -452,7 +462,7 @@ index c2f0b79..2e5e090 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1366,17 +1434,21 @@ else
+@@ -1366,17 +1436,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -478,7 +488,7 @@ index c2f0b79..2e5e090 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1386,11 +1458,15 @@ endif
+@@ -1386,11 +1460,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -3083,10 +3093,10 @@ index 72024ea..ae302dd 100644
void __init smp_set_ops(struct smp_operations *ops)
{
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index 65ed63f..430c478 100644
+index 1f735aa..08af6f7 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
-@@ -55,7 +55,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long);
+@@ -61,7 +61,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long);
void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame)
{
#ifdef CONFIG_KALLSYMS
@@ -3095,7 +3105,7 @@ index 65ed63f..430c478 100644
#else
printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from);
#endif
-@@ -257,6 +257,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED;
+@@ -263,6 +263,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED;
static int die_owner = -1;
static unsigned int die_nest_count;
@@ -3104,7 +3114,7 @@ index 65ed63f..430c478 100644
static unsigned long oops_begin(void)
{
int cpu;
-@@ -299,6 +301,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+@@ -305,6 +307,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
@@ -3114,7 +3124,7 @@ index 65ed63f..430c478 100644
if (signr)
do_exit(signr);
}
-@@ -629,7 +634,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
+@@ -635,7 +640,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
* The user helper at 0xffff0fe0 must be used instead.
* (see entry-armv.S for details)
*/
@@ -3124,7 +3134,7 @@ index 65ed63f..430c478 100644
}
return 0;
-@@ -886,7 +893,11 @@ void __init early_trap_init(void *vectors_base)
+@@ -892,7 +899,11 @@ void __init early_trap_init(void *vectors_base)
kuser_init(vectors_base);
flush_icache_range(vectors, vectors + PAGE_SIZE * 2);
@@ -4570,6 +4580,24 @@ index b1d17ee..7a6f4d3 100644
create_mapping(&map);
}
}
+diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
+index 99b44e0..8c9106f 100644
+--- a/arch/arm/net/bpf_jit_32.c
++++ b/arch/arm/net/bpf_jit_32.c
+@@ -637,10 +637,10 @@ load_ind:
+ emit(ARM_MUL(r_A, r_A, r_X), ctx);
+ break;
+ case BPF_S_ALU_DIV_K:
+- /* current k == reciprocal_value(userspace k) */
++ if (k == 1)
++ break;
+ emit_mov_i(r_scratch, k, ctx);
+- /* A = top 32 bits of the product */
+- emit(ARM_UMULL(r_scratch, r_A, r_A, r_scratch), ctx);
++ emit_udiv(r_A, r_A, r_scratch, ctx);
+ break;
+ case BPF_S_ALU_DIV_X:
+ update_on_xread(ctx);
diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c
index a5bc92d..0bb4730 100644
--- a/arch/arm/plat-omap/sram.c
@@ -8468,6 +8496,25 @@ index 7ce9cf3..a964087 100644
/* If hint, make sure it matches our alignment restrictions */
if (!fixed && addr) {
addr = _ALIGN_UP(addr, 1ul << pshift);
+diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c
+index 2345bdb..ebbb2f1 100644
+--- a/arch/powerpc/net/bpf_jit_comp.c
++++ b/arch/powerpc/net/bpf_jit_comp.c
+@@ -209,10 +209,11 @@ static int bpf_jit_build_body(struct sk_filter *fp, u32 *image,
+ }
+ PPC_DIVWU(r_A, r_A, r_X);
+ break;
+- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */
++ case BPF_S_ALU_DIV_K: /* A /= K */
++ if (K == 1)
++ break;
+ PPC_LI32(r_scratch1, K);
+- /* Top 32 bits of 64bit result -> A */
+- PPC_MULHWU(r_A, r_A, r_scratch1);
++ PPC_DIVWU(r_A, r_A, r_scratch1);
+ break;
+ case BPF_S_ALU_AND_X:
+ ctx->seen |= SEEN_XREG;
diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index 9098692..3d54cd1 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
@@ -8773,6 +8820,41 @@ index 4002329..99b67cb 100644
mm->get_unmapped_area = s390_get_unmapped_area_topdown;
}
}
+diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
+index a5df511..06f5acc 100644
+--- a/arch/s390/net/bpf_jit_comp.c
++++ b/arch/s390/net/bpf_jit_comp.c
+@@ -371,11 +371,13 @@ static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter,
+ /* dr %r4,%r12 */
+ EMIT2(0x1d4c);
+ break;
+- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K) */
+- /* m %r4,<d(K)>(%r13) */
+- EMIT4_DISP(0x5c40d000, EMIT_CONST(K));
+- /* lr %r5,%r4 */
+- EMIT2(0x1854);
++ case BPF_S_ALU_DIV_K: /* A /= K */
++ if (K == 1)
++ break;
++ /* lhi %r4,0 */
++ EMIT4(0xa7480000);
++ /* d %r4,<d(K)>(%r13) */
++ EMIT4_DISP(0x5d40d000, EMIT_CONST(K));
+ break;
+ case BPF_S_ALU_MOD_X: /* A %= X */
+ jit->seen |= SEEN_XREG | SEEN_RET0;
+@@ -391,6 +393,11 @@ static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter,
+ EMIT2(0x1854);
+ break;
+ case BPF_S_ALU_MOD_K: /* A %= K */
++ if (K == 1) {
++ /* lhi %r5,0 */
++ EMIT4(0xa7580000);
++ break;
++ }
+ /* lhi %r4,0 */
+ EMIT4(0xa7480000);
+ /* d %r4,<d(K)>(%r13) */
diff --git a/arch/score/include/asm/cache.h b/arch/score/include/asm/cache.h
index ae3d59f..f65f075 100644
--- a/arch/score/include/asm/cache.h
@@ -11396,6 +11478,34 @@ index ed82eda..0d80e77 100644
#endif /* CONFIG_SMP */
#endif /* CONFIG_DEBUG_DCFLUSH */
}
+diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c
+index 218b6b2..01fe994 100644
+--- a/arch/sparc/net/bpf_jit_comp.c
++++ b/arch/sparc/net/bpf_jit_comp.c
+@@ -497,9 +497,20 @@ void bpf_jit_compile(struct sk_filter *fp)
+ case BPF_S_ALU_MUL_K: /* A *= K */
+ emit_alu_K(MUL, K);
+ break;
+- case BPF_S_ALU_DIV_K: /* A /= K */
+- emit_alu_K(MUL, K);
+- emit_read_y(r_A);
++ case BPF_S_ALU_DIV_K: /* A /= K with K != 0*/
++ if (K == 1)
++ break;
++ emit_write_y(G0);
++#ifdef CONFIG_SPARC32
++ /* The Sparc v8 architecture requires
++ * three instructions between a %y
++ * register write and the first use.
++ */
++ emit_nop();
++ emit_nop();
++ emit_nop();
++#endif
++ emit_alu_K(DIV, K);
+ break;
+ case BPF_S_ALU_DIV_X: /* A /= X; */
+ emit_cmpi(r_X, 0);
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
index d45a2c4..3c05a78 100644
--- a/arch/tile/Kconfig
@@ -15990,7 +16100,7 @@ index 77a99ac..39ff7f5 100644
#endif /* _ASM_X86_EMERGENCY_RESTART_H */
diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h
-index 4d0bda7..221da4d 100644
+index 5be9f87..0320912 100644
--- a/arch/x86/include/asm/fpu-internal.h
+++ b/arch/x86/include/asm/fpu-internal.h
@@ -124,8 +124,11 @@ static inline void sanitize_i387_state(struct task_struct *tsk)
@@ -16015,14 +16125,14 @@ index 4d0bda7..221da4d 100644
})
@@ -298,7 +302,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk)
- "emms\n\t" /* clear stack tags */
- "fildl %P[addr]", /* set F?P to defined value */
- X86_FEATURE_FXSAVE_LEAK,
-- [addr] "m" (tsk->thread.fpu.has_fpu));
-+ [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0));
+ "fnclex\n\t"
+ "emms\n\t"
+ "fildl %P[addr]" /* set F?P to defined value */
+- : : [addr] "m" (tsk->thread.fpu.has_fpu));
++ : : [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0));
+ }
return fpu_restore_checking(&tsk->thread.fpu);
- }
diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h
index be27ba1..04a8801 100644
--- a/arch/x86/include/asm/futex.h
@@ -24240,7 +24350,7 @@ index 22d0687..e07b2a5 100644
}
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
-index 4186755..784efa0 100644
+index 4186755..18d6a9e 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -39,7 +39,7 @@ static int check_stack_overflow(void)
@@ -24310,7 +24420,7 @@ index 4186755..784efa0 100644
return 1;
}
-@@ -121,29 +125,14 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+@@ -121,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
*/
void irq_ctx_init(int cpu)
{
@@ -24326,9 +24436,7 @@ index 4186755..784efa0 100644
- irqctx->tinfo.cpu = cpu;
- irqctx->tinfo.preempt_count = HARDIRQ_OFFSET;
- irqctx->tinfo.addr_limit = MAKE_MM_SEG(0);
-+ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER));
-+ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER));
-
+-
- per_cpu(hardirq_ctx, cpu) = irqctx;
-
- irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
@@ -24339,12 +24447,12 @@ index 4186755..784efa0 100644
- irqctx->tinfo.addr_limit = MAKE_MM_SEG(0);
-
- per_cpu(softirq_ctx, cpu) = irqctx;
-+ printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
-+ cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu));
++ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER));
++ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER));
printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu));
-@@ -152,7 +141,6 @@ void irq_ctx_init(int cpu)
+@@ -152,7 +138,6 @@ void irq_ctx_init(int cpu)
asmlinkage void do_softirq(void)
{
unsigned long flags;
@@ -24352,7 +24460,7 @@ index 4186755..784efa0 100644
union irq_ctx *irqctx;
u32 *isp;
-@@ -162,15 +150,22 @@ asmlinkage void do_softirq(void)
+@@ -162,15 +147,22 @@ asmlinkage void do_softirq(void)
local_irq_save(flags);
if (local_softirq_pending()) {
@@ -24379,7 +24487,7 @@ index 4186755..784efa0 100644
/*
* Shouldn't happen, we returned above if in_interrupt():
*/
-@@ -191,7 +186,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs)
+@@ -191,7 +183,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs)
if (unlikely(!desc))
return false;
@@ -32902,7 +33010,7 @@ index 877b9a1..a8ecf42 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 26328e8..5f96c25 100644
+index 26328e8..8dfe0d5 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
@@ -33132,9 +33240,14 @@ index 26328e8..5f96c25 100644
break;
case BPF_S_ALU_DIV_X: /* A /= X; */
seen |= SEEN_XREG;
-@@ -360,13 +457,23 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -359,15 +456,29 @@ void bpf_jit_compile(struct sk_filter *fp)
+ EMIT2(0x89, 0xd0); /* mov %edx,%eax */
break;
case BPF_S_ALU_MOD_K: /* A %= K; */
++ if (K == 1) {
++ CLEAR_A();
++ break;
++ }
EMIT2(0x31, 0xd2); /* xor %edx,%edx */
+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN
+ DILUTE_CONST_SEQUENCE(K, randkey);
@@ -33144,19 +33257,24 @@ index 26328e8..5f96c25 100644
EMIT2(0xf7, 0xf1); /* div %ecx */
EMIT2(0x89, 0xd0); /* mov %edx,%eax */
break;
- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */
+- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */
+- EMIT3(0x48, 0x69, 0xc0); /* imul imm32,%rax,%rax */
+- EMIT(K, 4);
+- EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */
++ case BPF_S_ALU_DIV_K: /* A /= K */
++ if (K == 1)
++ break;
++ EMIT2(0x31, 0xd2); /* xor %edx,%edx */
+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN
+ DILUTE_CONST_SEQUENCE(K, randkey);
-+ // imul rax, rcx
-+ EMIT4(0x48, 0x0f, 0xaf, 0xc1);
+#else
- EMIT3(0x48, 0x69, 0xc0); /* imul imm32,%rax,%rax */
- EMIT(K, 4);
++ EMIT1(0xb9);EMIT(K, 4); /* mov imm32,%ecx */
+#endif
- EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */
++ EMIT2(0xf7, 0xf1); /* div %ecx */
break;
case BPF_S_ALU_AND_X:
-@@ -637,8 +744,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG;
+ seen |= SEEN_XREG;
+@@ -637,8 +748,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG;
if (is_imm8(K)) {
EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */
} else {
@@ -33166,7 +33284,7 @@ index 26328e8..5f96c25 100644
}
} else {
EMIT2(0x89,0xde); /* mov %ebx,%esi */
-@@ -728,10 +834,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -728,10 +838,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
if (unlikely(proglen + ilen > oldproglen)) {
pr_err("bpb_jit_compile fatal error\n");
kfree(addrs);
@@ -33180,7 +33298,7 @@ index 26328e8..5f96c25 100644
}
proglen += ilen;
addrs[i] = proglen;
-@@ -764,7 +872,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -764,7 +876,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
if (image) {
bpf_flush_icache(header, image + proglen);
@@ -33188,7 +33306,7 @@ index 26328e8..5f96c25 100644
fp->bpf_func = (void *)image;
}
out:
-@@ -776,10 +883,9 @@ static void bpf_jit_free_deferred(struct work_struct *work)
+@@ -776,10 +887,9 @@ static void bpf_jit_free_deferred(struct work_struct *work)
{
struct sk_filter *fp = container_of(work, struct sk_filter, work);
unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
@@ -37556,7 +37674,7 @@ index d39cca6..8c1e269 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 7a744d3..35a177ee 100644
+index 7a744d3..895af8f 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -269,8 +269,13 @@
@@ -37602,7 +37720,20 @@ index 7a744d3..35a177ee 100644
smp_wmb();
if (out)
-@@ -1029,7 +1041,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -603,8 +615,11 @@ retry:
+
+ if (!r->initialized && nbits > 0) {
+ r->entropy_total += nbits;
+- if (r->entropy_total > 128)
++ if (r->entropy_total > 128) {
+ r->initialized = 1;
++ if (r == &nonblocking_pool)
++ prandom_reseed_late();
++ }
+ }
+
+ trace_credit_entropy_bits(r->name, nbits, entropy_count,
+@@ -1029,7 +1044,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -37611,7 +37742,7 @@ index 7a744d3..35a177ee 100644
ret = -EFAULT;
break;
}
-@@ -1365,7 +1377,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1365,7 +1380,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -37620,7 +37751,7 @@ index 7a744d3..35a177ee 100644
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
-@@ -1381,7 +1393,7 @@ static char sysctl_bootid[16];
+@@ -1381,7 +1396,7 @@ static char sysctl_bootid[16];
static int proc_do_uuid(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -42591,9 +42722,27 @@ index aacf6bf..67d63f2 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 73dc8a3..bdd515a 100644
+index 73dc8a3..859d581f6 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
+@@ -1319,7 +1319,7 @@ read_again:
+ /* Could not read all from this device, so we will
+ * need another r10_bio.
+ */
+- sectors_handled = (r10_bio->sectors + max_sectors
++ sectors_handled = (r10_bio->sector + max_sectors
+ - bio->bi_sector);
+ r10_bio->sectors = max_sectors;
+ spin_lock_irq(&conf->device_lock);
+@@ -1327,7 +1327,7 @@ read_again:
+ bio->bi_phys_segments = 2;
+ else
+ bio->bi_phys_segments++;
+- spin_unlock(&conf->device_lock);
++ spin_unlock_irq(&conf->device_lock);
+ /* Cannot call generic_make_request directly
+ * as that will be queued in __generic_make_request
+ * and subsequent mempool_alloc might block
@@ -1963,7 +1963,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
@@ -42653,8 +42802,30 @@ index 73dc8a3..bdd515a 100644
}
rdev_dec_pending(rdev, mddev);
+@@ -3220,10 +3220,6 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
+ if (j == conf->copies) {
+ /* Cannot recover, so abort the recovery or
+ * record a bad block */
+- put_buf(r10_bio);
+- if (rb2)
+- atomic_dec(&rb2->remaining);
+- r10_bio = rb2;
+ if (any_working) {
+ /* problem is that there are bad blocks
+ * on other device(s)
+@@ -3255,6 +3251,10 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
+ mirror->recovery_disabled
+ = mddev->recovery_disabled;
+ }
++ put_buf(r10_bio);
++ if (rb2)
++ atomic_dec(&rb2->remaining);
++ r10_bio = rb2;
+ break;
+ }
+ }
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 8a0665d..984c46d 100644
+index 8a0665d..b322118 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1887,21 +1887,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
@@ -42692,6 +42863,24 @@ index 8a0665d..984c46d 100644
> conf->max_nr_stripes)
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing device %s.\n",
+@@ -3502,7 +3502,7 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s)
+ */
+ set_bit(R5_Insync, &dev->flags);
+
+- if (rdev && test_bit(R5_WriteError, &dev->flags)) {
++ if (test_bit(R5_WriteError, &dev->flags)) {
+ /* This flag does not apply to '.replacement'
+ * only to .rdev, so make sure to check that*/
+ struct md_rdev *rdev2 = rcu_dereference(
+@@ -3515,7 +3515,7 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s)
+ } else
+ clear_bit(R5_WriteError, &dev->flags);
+ }
+- if (rdev && test_bit(R5_MadeGood, &dev->flags)) {
++ if (test_bit(R5_MadeGood, &dev->flags)) {
+ /* This flag does not apply to '.replacement'
+ * only to .rdev, so make sure to check that*/
+ struct md_rdev *rdev2 = rcu_dereference(
diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
index 401ef64..836e563 100644
--- a/drivers/media/dvb-core/dvbdev.c
@@ -44335,10 +44524,10 @@ index fb3f8dc..9d2ff38 100644
int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv);
int (*get_settings)(struct net_device *, struct ethtool_cmd *);
diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c
-index 03acf57..e1251ff 100644
+index 3dd39dc..85efa46 100644
--- a/drivers/net/ethernet/sfc/ptp.c
+++ b/drivers/net/ethernet/sfc/ptp.c
-@@ -539,7 +539,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings)
+@@ -541,7 +541,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings)
ptp->start.dma_addr);
/* Clear flag that signals MC ready */
@@ -44362,19 +44551,6 @@ index 50617c5..b13724c 100644
}
/* To mask all all interrupts.*/
-diff --git a/drivers/net/hamradio/hdlcdrv.c b/drivers/net/hamradio/hdlcdrv.c
-index 3169252..5d78c1d 100644
---- a/drivers/net/hamradio/hdlcdrv.c
-+++ b/drivers/net/hamradio/hdlcdrv.c
-@@ -571,6 +571,8 @@ static int hdlcdrv_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
- case HDLCDRVCTL_CALIBRATE:
- if(!capable(CAP_SYS_RAWIO))
- return -EPERM;
-+ if (bi.data.calibrate > INT_MAX / s->par.bitrate)
-+ return -EINVAL;
- s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16;
- return 0;
-
diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
index e6fe0d8..2b7d752 100644
--- a/drivers/net/hyperv/hyperv_net.h
@@ -44460,10 +44636,10 @@ index 9bf46bd..bfdaa84 100644
};
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index dc76670..e18f39c 100644
+index 5895e4d..0343d45 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
-@@ -1189,7 +1189,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1182,7 +1182,7 @@ static int macvtap_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -44533,10 +44709,10 @@ index 6327df2..e6e1ebe 100644
};
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index 782e38b..d076fdc 100644
+index 7c8343a..80d1e69 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
-@@ -1834,7 +1834,7 @@ unlock:
+@@ -1838,7 +1838,7 @@ unlock:
}
static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
@@ -44545,7 +44721,7 @@ index 782e38b..d076fdc 100644
{
struct tun_file *tfile = file->private_data;
struct tun_struct *tun;
-@@ -1847,6 +1847,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
+@@ -1851,6 +1851,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
unsigned int ifindex;
int ret;
@@ -44669,7 +44845,7 @@ index a79e9d3..78cd4fa 100644
/* we will have to manufacture ethernet headers, prepare template */
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index 2ef5b62..6fa0ec3 100644
+index 1462368..578941c 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2615,7 +2615,7 @@ nla_put_failure:
@@ -47377,10 +47553,10 @@ index f379c7f..e8fc69c 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 2634d69..fcf7a81 100644
+index dbc024b..6e3b837 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
-@@ -2940,7 +2940,7 @@ static int sd_probe(struct device *dev)
+@@ -2943,7 +2943,7 @@ static int sd_probe(struct device *dev)
sdkp->disk = gd;
sdkp->index = index;
atomic_set(&sdkp->openers, 0);
@@ -53516,7 +53692,7 @@ index 89dec7f..361b0d75 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex)) {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 4c94a79..228e9da 100644
+index 4c94a79..9d5fb56 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -34,6 +34,7 @@
@@ -53685,7 +53861,7 @@ index 4c94a79..228e9da 100644
}
error = load_addr;
-@@ -538,6 +569,322 @@ out:
+@@ -538,6 +569,336 @@ out:
return error;
}
@@ -53826,12 +54002,48 @@ index 4c94a79..228e9da 100644
+#endif
+
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
-+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
++static unsigned long pax_parse_defaults(void)
+{
+ unsigned long pax_flags = 0UL;
+
++#ifdef CONFIG_PAX_SOFTMODE
++ if (pax_softmode)
++ return pax_flags;
++#endif
++
++#ifdef CONFIG_PAX_PAGEEXEC
++ pax_flags |= MF_PAX_PAGEEXEC;
++#endif
++
++#ifdef CONFIG_PAX_SEGMEXEC
++ pax_flags |= MF_PAX_SEGMEXEC;
++#endif
++
++#ifdef CONFIG_PAX_MPROTECT
++ pax_flags |= MF_PAX_MPROTECT;
++#endif
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (randomize_va_space)
++ pax_flags |= MF_PAX_RANDMMAP;
++#endif
++
++ return pax_flags;
++}
++
++static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
++{
++ unsigned long pax_flags = PAX_PARSE_FLAGS_FALLBACK;
++
+#ifdef CONFIG_PAX_EI_PAX
+
++#ifdef CONFIG_PAX_SOFTMODE
++ if (pax_softmode)
++ return pax_flags;
++#endif
++
++ pax_flags = 0UL;
++
+#ifdef CONFIG_PAX_PAGEEXEC
+ if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
+ pax_flags |= MF_PAX_PAGEEXEC;
@@ -53857,28 +54069,10 @@ index 4c94a79..228e9da 100644
+ pax_flags |= MF_PAX_RANDMMAP;
+#endif
+
-+#else
-+
-+#ifdef CONFIG_PAX_PAGEEXEC
-+ pax_flags |= MF_PAX_PAGEEXEC;
-+#endif
-+
-+#ifdef CONFIG_PAX_SEGMEXEC
-+ pax_flags |= MF_PAX_SEGMEXEC;
-+#endif
-+
-+#ifdef CONFIG_PAX_MPROTECT
-+ pax_flags |= MF_PAX_MPROTECT;
-+#endif
-+
-+#ifdef CONFIG_PAX_RANDMMAP
-+ if (randomize_va_space)
-+ pax_flags |= MF_PAX_RANDMMAP;
-+#endif
-+
+#endif
+
+ return pax_flags;
++
+}
+
+static unsigned long pax_parse_pt_pax(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
@@ -53894,7 +54088,7 @@ index 4c94a79..228e9da 100644
+ ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
+ ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
+ ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
-+ return ~0UL;
++ return PAX_PARSE_FLAGS_FALLBACK;
+
+#ifdef CONFIG_PAX_SOFTMODE
+ if (pax_softmode)
@@ -53907,7 +54101,7 @@ index 4c94a79..228e9da 100644
+ }
+#endif
+
-+ return ~0UL;
++ return PAX_PARSE_FLAGS_FALLBACK;
+}
+
+static unsigned long pax_parse_xattr_pax(struct file * const file)
@@ -53919,44 +54113,37 @@ index 4c94a79..228e9da 100644
+ unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL;
+
+ xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value);
-+ switch (xattr_size) {
-+ default:
-+ return ~0UL;
-+
-+ case -ENODATA:
-+ break;
++ if (xattr_size < 0 || xattr_size > sizeof xattr_value)
++ return PAX_PARSE_FLAGS_FALLBACK;
+
-+ case 0 ... sizeof xattr_value:
-+ for (i = 0; i < xattr_size; i++)
-+ switch (xattr_value[i]) {
-+ default:
-+ return ~0UL;
-+
-+#define parse_flag(option1, option2, flag) \
-+ case option1: \
-+ if (pax_flags_hardmode & MF_PAX_##flag) \
-+ return ~0UL; \
-+ pax_flags_hardmode |= MF_PAX_##flag; \
-+ break; \
-+ case option2: \
-+ if (pax_flags_softmode & MF_PAX_##flag) \
-+ return ~0UL; \
-+ pax_flags_softmode |= MF_PAX_##flag; \
-+ break;
++ for (i = 0; i < xattr_size; i++)
++ switch (xattr_value[i]) {
++ default:
++ return PAX_PARSE_FLAGS_FALLBACK;
++
++#define parse_flag(option1, option2, flag) \
++ case option1: \
++ if (pax_flags_hardmode & MF_PAX_##flag) \
++ return PAX_PARSE_FLAGS_FALLBACK;\
++ pax_flags_hardmode |= MF_PAX_##flag; \
++ break; \
++ case option2: \
++ if (pax_flags_softmode & MF_PAX_##flag) \
++ return PAX_PARSE_FLAGS_FALLBACK;\
++ pax_flags_softmode |= MF_PAX_##flag; \
++ break;
+
-+ parse_flag('p', 'P', PAGEEXEC);
-+ parse_flag('e', 'E', EMUTRAMP);
-+ parse_flag('m', 'M', MPROTECT);
-+ parse_flag('r', 'R', RANDMMAP);
-+ parse_flag('s', 'S', SEGMEXEC);
++ parse_flag('p', 'P', PAGEEXEC);
++ parse_flag('e', 'E', EMUTRAMP);
++ parse_flag('m', 'M', MPROTECT);
++ parse_flag('r', 'R', RANDMMAP);
++ parse_flag('s', 'S', SEGMEXEC);
+
+#undef parse_flag
-+ }
-+ break;
-+ }
++ }
+
+ if (pax_flags_hardmode & pax_flags_softmode)
-+ return ~0UL;
++ return PAX_PARSE_FLAGS_FALLBACK;
+
+#ifdef CONFIG_PAX_SOFTMODE
+ if (pax_softmode)
@@ -53966,27 +54153,30 @@ index 4c94a79..228e9da 100644
+
+ return pax_parse_xattr_pax_hardmode(pax_flags_hardmode);
+#else
-+ return ~0UL;
++ return PAX_PARSE_FLAGS_FALLBACK;
+#endif
+
+}
+
+static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file)
+{
-+ unsigned long pax_flags, pt_pax_flags, xattr_pax_flags;
++ unsigned long pax_flags, ei_pax_flags, pt_pax_flags, xattr_pax_flags;
+
-+ pax_flags = pax_parse_ei_pax(elf_ex);
++ pax_flags = pax_parse_defaults();
++ ei_pax_flags = pax_parse_ei_pax(elf_ex);
+ pt_pax_flags = pax_parse_pt_pax(elf_ex, elf_phdata);
+ xattr_pax_flags = pax_parse_xattr_pax(file);
+
-+ if (pt_pax_flags == ~0UL)
-+ pt_pax_flags = xattr_pax_flags;
-+ else if (xattr_pax_flags == ~0UL)
-+ xattr_pax_flags = pt_pax_flags;
-+ if (pt_pax_flags != xattr_pax_flags)
++ if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK &&
++ xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK &&
++ pt_pax_flags != xattr_pax_flags)
+ return -EINVAL;
-+ if (pt_pax_flags != ~0UL)
++ if (xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
++ pax_flags = xattr_pax_flags;
++ else if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
+ pax_flags = pt_pax_flags;
++ else if (ei_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
++ pax_flags = ei_pax_flags;
+
+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
@@ -54008,7 +54198,7 @@ index 4c94a79..228e9da 100644
/*
* These are the functions used to load ELF style executables and shared
* libraries. There is no binary dependent code anywhere else.
-@@ -554,6 +901,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
+@@ -554,6 +915,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
{
unsigned int random_variable = 0;
@@ -54020,7 +54210,7 @@ index 4c94a79..228e9da 100644
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
-@@ -572,7 +924,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -572,7 +938,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
@@ -54029,7 +54219,7 @@ index 4c94a79..228e9da 100644
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int retval, i;
-@@ -582,12 +934,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -582,12 +948,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc __maybe_unused = 0;
int executable_stack = EXSTACK_DEFAULT;
@@ -54043,7 +54233,7 @@ index 4c94a79..228e9da 100644
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
-@@ -723,11 +1075,82 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -723,11 +1089,82 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
/* OK, This is the point of no return */
@@ -54127,7 +54317,7 @@ index 4c94a79..228e9da 100644
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -817,6 +1240,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -817,6 +1254,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
@@ -54148,7 +54338,7 @@ index 4c94a79..228e9da 100644
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -849,9 +1286,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -849,9 +1300,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
@@ -54161,7 +54351,7 @@ index 4c94a79..228e9da 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -890,17 +1327,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -890,17 +1341,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -54213,7 +54403,7 @@ index 4c94a79..228e9da 100644
load_bias);
if (!IS_ERR((void *)elf_entry)) {
/*
-@@ -1122,7 +1587,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1122,7 +1601,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -54222,7 +54412,7 @@ index 4c94a79..228e9da 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1160,7 +1625,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1160,7 +1639,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -54231,7 +54421,7 @@ index 4c94a79..228e9da 100644
goto whole;
/*
-@@ -1385,9 +1850,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1385,9 +1864,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -54243,7 +54433,7 @@ index 4c94a79..228e9da 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1396,7 +1861,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
+@@ -1396,7 +1875,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
{
mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -54252,7 +54442,7 @@ index 4c94a79..228e9da 100644
set_fs(old_fs);
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
}
-@@ -2023,14 +2488,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -2023,14 +2502,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -54269,7 +54459,7 @@ index 4c94a79..228e9da 100644
return size;
}
-@@ -2123,7 +2588,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2123,7 +2602,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -54278,7 +54468,7 @@ index 4c94a79..228e9da 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -2137,10 +2602,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2137,10 +2616,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -54291,7 +54481,7 @@ index 4c94a79..228e9da 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -2154,7 +2621,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2154,7 +2635,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -54300,7 +54490,7 @@ index 4c94a79..228e9da 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2165,6 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2165,6 +2646,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -54308,7 +54498,7 @@ index 4c94a79..228e9da 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2189,7 +2657,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2189,7 +2671,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -54317,7 +54507,7 @@ index 4c94a79..228e9da 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2198,6 +2666,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2198,6 +2680,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -54325,7 +54515,7 @@ index 4c94a79..228e9da 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2215,6 +2684,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2215,6 +2698,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -54333,7 +54523,7 @@ index 4c94a79..228e9da 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2235,6 +2705,167 @@ out:
+@@ -2235,6 +2719,167 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -59542,6 +59732,34 @@ index 72cb28e..5b5f87d 100644
set_fs(oldfs);
if (host_err < 0)
+diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c
+index 9f6b486..a1a19163 100644
+--- a/fs/nilfs2/segment.c
++++ b/fs/nilfs2/segment.c
+@@ -1440,17 +1440,19 @@ static int nilfs_segctor_collect(struct nilfs_sc_info *sci,
+
+ nilfs_clear_logs(&sci->sc_segbufs);
+
+- err = nilfs_segctor_extend_segments(sci, nilfs, nadd);
+- if (unlikely(err))
+- return err;
+-
+ if (sci->sc_stage.flags & NILFS_CF_SUFREED) {
+ err = nilfs_sufile_cancel_freev(nilfs->ns_sufile,
+ sci->sc_freesegs,
+ sci->sc_nfreesegs,
+ NULL);
+ WARN_ON(err); /* do not happen */
++ sci->sc_stage.flags &= ~NILFS_CF_SUFREED;
+ }
++
++ err = nilfs_segctor_extend_segments(sci, nilfs, nadd);
++ if (unlikely(err))
++ return err;
++
+ nadd = min_t(int, nadd << 1, SC_MAX_SEGDELTA);
+ sci->sc_stage = prev_stage;
+ }
diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c
index fea6bd5..8ee9d81 100644
--- a/fs/nls/nls_base.c
@@ -62472,6 +62690,19 @@ index 9fbea87..6b19972 100644
int count;
struct posix_acl *acl;
struct posix_acl_entry *acl_e;
+diff --git a/fs/xfs/xfs_attr_remote.c b/fs/xfs/xfs_attr_remote.c
+index 712a502..18180a3 100644
+--- a/fs/xfs/xfs_attr_remote.c
++++ b/fs/xfs/xfs_attr_remote.c
+@@ -110,7 +110,7 @@ xfs_attr3_rmt_verify(
+ if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt))
+ return false;
+ if (be32_to_cpu(rmt->rm_offset) +
+- be32_to_cpu(rmt->rm_bytes) >= XATTR_SIZE_MAX)
++ be32_to_cpu(rmt->rm_bytes) > XATTR_SIZE_MAX)
+ return false;
+ if (rmt->rm_owner == 0)
+ return false;
diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
index f47e65c..e7125d9 100644
--- a/fs/xfs/xfs_bmap.c
@@ -77618,7 +77849,7 @@ index 8e47bc7..c70fd73 100644
return nd->saved_names[nd->depth];
}
diff --git a/include/linux/net.h b/include/linux/net.h
-index 8bd9d92..08b1c20 100644
+index 41103f8..631edff 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -191,7 +191,7 @@ struct net_proto_family {
@@ -77631,7 +77862,7 @@ index 8bd9d92..08b1c20 100644
struct iovec;
struct kvec;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 25f5d2d1..5cf2120 100644
+index 21eae43..4fff130 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1098,6 +1098,7 @@ struct net_device_ops {
@@ -78085,7 +78316,7 @@ index cc7494a..1e27036 100644
extern bool qid_valid(struct kqid qid);
diff --git a/include/linux/random.h b/include/linux/random.h
-index bf9085e..1e8bbcf 100644
+index bf9085e..02aca5f 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -10,9 +10,19 @@
@@ -78110,7 +78341,7 @@ index bf9085e..1e8bbcf 100644
extern void get_random_bytes(void *buf, int nbytes);
extern void get_random_bytes_arch(void *buf, int nbytes);
-@@ -23,16 +33,21 @@ extern int random_int_secret_init(void);
+@@ -23,16 +33,22 @@ extern int random_int_secret_init(void);
extern const struct file_operations random_fops, urandom_fops;
#endif
@@ -78122,8 +78353,10 @@ index bf9085e..1e8bbcf 100644
+u32 prandom_u32(void) __intentional_overflow(-1);
void prandom_bytes(void *buf, int nbytes);
void prandom_seed(u32 seed);
++void prandom_reseed_late(void);
- u32 prandom_u32_state(struct rnd_state *);
+-u32 prandom_u32_state(struct rnd_state *);
++u32 prandom_u32_state(struct rnd_state *state);
void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes);
+static inline unsigned long __intentional_overflow(-1) pax_get_random_long(void)
@@ -78134,6 +78367,20 @@ index bf9085e..1e8bbcf 100644
/*
* Handle minimum values for seeds
*/
+@@ -50,9 +66,10 @@ static inline void prandom_seed_state(struct rnd_state *state, u64 seed)
+ {
+ u32 i = (seed >> 32) ^ (seed << 10) ^ seed;
+
+- state->s1 = __seed(i, 2);
+- state->s2 = __seed(i, 8);
+- state->s3 = __seed(i, 16);
++ state->s1 = __seed(i, 2U);
++ state->s2 = __seed(i, 8U);
++ state->s3 = __seed(i, 16U);
++ state->s4 = __seed(i, 128U);
+ }
+
+ #ifdef CONFIG_ARCH_RANDOM
diff --git a/include/linux/rculist.h b/include/linux/rculist.h
index 4106721..132d42c 100644
--- a/include/linux/rculist.h
@@ -78277,7 +78524,7 @@ index 6dacb93..6174423 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index b1e963e..114b8fd 100644
+index b1e963e..4916219 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -62,6 +62,7 @@ struct bio_list;
@@ -78406,7 +78653,7 @@ index b1e963e..114b8fd 100644
#ifdef CONFIG_FUTEX
struct robust_list_head __user *robust_list;
#ifdef CONFIG_COMPAT
-@@ -1411,8 +1451,78 @@ struct task_struct {
+@@ -1411,8 +1451,79 @@ struct task_struct {
unsigned int sequential_io;
unsigned int sequential_io_avg;
#endif
@@ -78448,6 +78695,7 @@ index b1e963e..114b8fd 100644
+#endif
+
+extern int pax_check_flags(unsigned long *);
++#define PAX_PARSE_FLAGS_FALLBACK (~0UL)
+
+/* if tsk != current then task_lock must be held on it */
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
@@ -78485,7 +78733,7 @@ index b1e963e..114b8fd 100644
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -1471,7 +1581,7 @@ struct pid_namespace;
+@@ -1471,7 +1582,7 @@ struct pid_namespace;
pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
struct pid_namespace *ns);
@@ -78494,7 +78742,7 @@ index b1e963e..114b8fd 100644
{
return tsk->pid;
}
-@@ -1921,7 +2031,9 @@ void yield(void);
+@@ -1921,7 +2032,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
@@ -78504,7 +78752,7 @@ index b1e963e..114b8fd 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -1954,6 +2066,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -1954,6 +2067,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -78512,7 +78760,7 @@ index b1e963e..114b8fd 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2118,7 +2231,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2118,7 +2232,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -78521,7 +78769,7 @@ index b1e963e..114b8fd 100644
extern int allow_signal(int);
extern int disallow_signal(int);
-@@ -2309,9 +2422,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2309,9 +2423,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
@@ -78617,7 +78865,7 @@ index 429c199..4d42e38 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index f66f346..2e304d5 100644
+index efa1649..ff898ac 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -639,7 +639,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
@@ -78656,7 +78904,7 @@ index f66f346..2e304d5 100644
}
/**
-@@ -1741,7 +1741,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1746,7 +1746,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
@@ -78665,7 +78913,7 @@ index f66f346..2e304d5 100644
#endif
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-@@ -2339,7 +2339,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
+@@ -2344,7 +2344,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
int noblock, int *err);
extern unsigned int datagram_poll(struct file *file, struct socket *sock,
struct poll_table_struct *wait);
@@ -78674,7 +78922,7 @@ index f66f346..2e304d5 100644
int offset, struct iovec *to,
int size);
extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
-@@ -2618,6 +2618,9 @@ static inline void nf_reset(struct sk_buff *skb)
+@@ -2623,6 +2623,9 @@ static inline void nf_reset(struct sk_buff *skb)
nf_bridge_put(skb->nf_bridge);
skb->nf_bridge = NULL;
#endif
@@ -80645,6 +80893,19 @@ index aa169c4..6a2771d 100644
MMAP_PAGE_ZERO)
/*
+diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h
+index 7471b5b..f97f514 100644
+--- a/include/uapi/linux/random.h
++++ b/include/uapi/linux/random.h
+@@ -41,7 +41,7 @@ struct rand_pool_info {
+ };
+
+ struct rnd_state {
+- __u32 s1, s2, s3;
++ __u32 s1, s2, s3, s4;
+ };
+
+ /* Exported functions */
diff --git a/include/uapi/linux/screen_info.h b/include/uapi/linux/screen_info.h
index 7530e74..e714828 100644
--- a/include/uapi/linux/screen_info.h
@@ -80691,22 +80952,18 @@ index 0e011eb..82681b1 100644
#ifdef __HAVE_BUILTIN_BSWAP64__
return __builtin_bswap64(val);
diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h
-index 6d67213..8dab561 100644
+index 6d67213..552fdd9 100644
--- a/include/uapi/linux/sysctl.h
+++ b/include/uapi/linux/sysctl.h
-@@ -155,7 +155,11 @@ enum
+@@ -155,8 +155,6 @@ enum
KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
};
-
-+#ifdef CONFIG_PAX_SOFTMODE
-+enum {
-+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */
-+};
-+#endif
-
+-
/* CTL_VM names: */
enum
+ {
diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
index e4629b9..6958086 100644
--- a/include/uapi/linux/xattr.h
@@ -85662,7 +85919,7 @@ index 4a07353..66b5291 100644
#ifdef CONFIG_RT_GROUP_SCHED
/*
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 5ac63c9..d912786 100644
+index ceae65e..3ac1344 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2868,7 +2868,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible);
@@ -85834,7 +86091,7 @@ index 5ac63c9..d912786 100644
#else
static void register_sched_domain_sysctl(void)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 7765ad8..774519f 100644
+index 4117323..91c91ac 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -869,7 +869,7 @@ void task_numa_fault(int node, int pages, bool migrated)
@@ -85846,7 +86103,7 @@ index 7765ad8..774519f 100644
p->mm->numa_scan_offset = 0;
}
-@@ -5847,7 +5847,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+@@ -5864,7 +5864,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
@@ -85856,7 +86113,7 @@ index 7765ad8..774519f 100644
int this_cpu = smp_processor_id();
struct rq *this_rq = cpu_rq(this_cpu);
diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
-index b3c5653..a4d192a 100644
+index a6208af..a2d7bb5 100644
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -1004,7 +1004,7 @@ struct sched_class {
@@ -87863,6 +88120,396 @@ index 7811ed3..f80ca19 100644
static inline void *ptr_to_indirect(void *ptr)
{
+diff --git a/lib/random32.c b/lib/random32.c
+index 01e8890..1e5b2df 100644
+--- a/lib/random32.c
++++ b/lib/random32.c
+@@ -2,19 +2,19 @@
+ This is a maximally equidistributed combined Tausworthe generator
+ based on code from GNU Scientific Library 1.5 (30 Jun 2004)
+
+- x_n = (s1_n ^ s2_n ^ s3_n)
++ lfsr113 version:
+
+- s1_{n+1} = (((s1_n & 4294967294) <<12) ^ (((s1_n <<13) ^ s1_n) >>19))
+- s2_{n+1} = (((s2_n & 4294967288) << 4) ^ (((s2_n << 2) ^ s2_n) >>25))
+- s3_{n+1} = (((s3_n & 4294967280) <<17) ^ (((s3_n << 3) ^ s3_n) >>11))
++ x_n = (s1_n ^ s2_n ^ s3_n ^ s4_n)
+
+- The period of this generator is about 2^88.
++ s1_{n+1} = (((s1_n & 4294967294) << 18) ^ (((s1_n << 6) ^ s1_n) >> 13))
++ s2_{n+1} = (((s2_n & 4294967288) << 2) ^ (((s2_n << 2) ^ s2_n) >> 27))
++ s3_{n+1} = (((s3_n & 4294967280) << 7) ^ (((s3_n << 13) ^ s3_n) >> 21))
++ s4_{n+1} = (((s4_n & 4294967168) << 13) ^ (((s4_n << 3) ^ s4_n) >> 12))
++
++ The period of this generator is about 2^113 (see erratum paper).
+
+ From: P. L'Ecuyer, "Maximally Equidistributed Combined Tausworthe
+- Generators", Mathematics of Computation, 65, 213 (1996), 203--213.
+-
+- This is available on the net from L'Ecuyer's home page,
+-
++ Generators", Mathematics of Computation, 65, 213 (1996), 203--213:
+ http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps
+ ftp://ftp.iro.umontreal.ca/pub/simulation/lecuyer/papers/tausme.ps
+
+@@ -29,7 +29,7 @@
+ that paper.)
+
+ This affects the seeding procedure by imposing the requirement
+- s1 > 1, s2 > 7, s3 > 15.
++ s1 > 1, s2 > 7, s3 > 15, s4 > 127.
+
+ */
+
+@@ -38,6 +38,11 @@
+ #include <linux/export.h>
+ #include <linux/jiffies.h>
+ #include <linux/random.h>
++#include <linux/sched.h>
++
++#ifdef CONFIG_RANDOM32_SELFTEST
++static void __init prandom_state_selftest(void);
++#endif
+
+ static DEFINE_PER_CPU(struct rnd_state, net_rand_state);
+
+@@ -52,11 +57,12 @@ u32 prandom_u32_state(struct rnd_state *state)
+ {
+ #define TAUSWORTHE(s,a,b,c,d) ((s&c)<<d) ^ (((s <<a) ^ s)>>b)
+
+- state->s1 = TAUSWORTHE(state->s1, 13, 19, 4294967294UL, 12);
+- state->s2 = TAUSWORTHE(state->s2, 2, 25, 4294967288UL, 4);
+- state->s3 = TAUSWORTHE(state->s3, 3, 11, 4294967280UL, 17);
++ state->s1 = TAUSWORTHE(state->s1, 6U, 13U, 4294967294U, 18U);
++ state->s2 = TAUSWORTHE(state->s2, 2U, 27U, 4294967288U, 2U);
++ state->s3 = TAUSWORTHE(state->s3, 13U, 21U, 4294967280U, 7U);
++ state->s4 = TAUSWORTHE(state->s4, 3U, 12U, 4294967168U, 13U);
+
+- return (state->s1 ^ state->s2 ^ state->s3);
++ return (state->s1 ^ state->s2 ^ state->s3 ^ state->s4);
+ }
+ EXPORT_SYMBOL(prandom_u32_state);
+
+@@ -126,6 +132,38 @@ void prandom_bytes(void *buf, int bytes)
+ }
+ EXPORT_SYMBOL(prandom_bytes);
+
++static void prandom_warmup(struct rnd_state *state)
++{
++ /* Calling RNG ten times to satify recurrence condition */
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++ prandom_u32_state(state);
++}
++
++static void prandom_seed_very_weak(struct rnd_state *state, u32 seed)
++{
++ /* Note: This sort of seeding is ONLY used in test cases and
++ * during boot at the time from core_initcall until late_initcall
++ * as we don't have a stronger entropy source available yet.
++ * After late_initcall, we reseed entire state, we have to (!),
++ * otherwise an attacker just needs to search 32 bit space to
++ * probe for our internal 128 bit state if he knows a couple
++ * of prandom32 outputs!
++ */
++#define LCG(x) ((x) * 69069U) /* super-duper LCG */
++ state->s1 = __seed(LCG(seed), 2U);
++ state->s2 = __seed(LCG(state->s1), 8U);
++ state->s3 = __seed(LCG(state->s2), 16U);
++ state->s4 = __seed(LCG(state->s3), 128U);
++}
++
+ /**
+ * prandom_seed - add entropy to pseudo random number generator
+ * @seed: seed value
+@@ -141,7 +179,9 @@ void prandom_seed(u32 entropy)
+ */
+ for_each_possible_cpu (i) {
+ struct rnd_state *state = &per_cpu(net_rand_state, i);
+- state->s1 = __seed(state->s1 ^ entropy, 2);
++
++ state->s1 = __seed(state->s1 ^ entropy, 2U);
++ prandom_warmup(state);
+ }
+ }
+ EXPORT_SYMBOL(prandom_seed);
+@@ -154,46 +194,249 @@ static int __init prandom_init(void)
+ {
+ int i;
+
++#ifdef CONFIG_RANDOM32_SELFTEST
++ prandom_state_selftest();
++#endif
++
+ for_each_possible_cpu(i) {
+ struct rnd_state *state = &per_cpu(net_rand_state,i);
+
+-#define LCG(x) ((x) * 69069) /* super-duper LCG */
+- state->s1 = __seed(LCG(i + jiffies), 2);
+- state->s2 = __seed(LCG(state->s1), 8);
+- state->s3 = __seed(LCG(state->s2), 16);
+-
+- /* "warm it up" */
+- prandom_u32_state(state);
+- prandom_u32_state(state);
+- prandom_u32_state(state);
+- prandom_u32_state(state);
+- prandom_u32_state(state);
+- prandom_u32_state(state);
++ prandom_seed_very_weak(state, (i + jiffies) ^ random_get_entropy());
++ prandom_warmup(state);
+ }
+ return 0;
+ }
+ core_initcall(prandom_init);
+
++static void __prandom_timer(unsigned long dontcare);
++static DEFINE_TIMER(seed_timer, __prandom_timer, 0, 0);
++
++static void __prandom_timer(unsigned long dontcare)
++{
++ u32 entropy;
++ unsigned long expires;
++
++ get_random_bytes(&entropy, sizeof(entropy));
++ prandom_seed(entropy);
++
++ /* reseed every ~60 seconds, in [40 .. 80) interval with slack */
++ expires = 40 + (prandom_u32() % 40);
++ seed_timer.expires = jiffies + msecs_to_jiffies(expires * MSEC_PER_SEC);
++
++ add_timer(&seed_timer);
++}
++
++static void __init __prandom_start_seed_timer(void)
++{
++ set_timer_slack(&seed_timer, HZ);
++ seed_timer.expires = jiffies + msecs_to_jiffies(40 * MSEC_PER_SEC);
++ add_timer(&seed_timer);
++}
++
+ /*
+ * Generate better values after random number generator
+ * is fully initialized.
+ */
+-static int __init prandom_reseed(void)
++static void __prandom_reseed(bool late)
+ {
+ int i;
++ unsigned long flags;
++ static bool latch = false;
++ static DEFINE_SPINLOCK(lock);
++
++ /* only allow initial seeding (late == false) once */
++ spin_lock_irqsave(&lock, flags);
++ if (latch && !late)
++ goto out;
++ latch = true;
+
+ for_each_possible_cpu(i) {
+ struct rnd_state *state = &per_cpu(net_rand_state,i);
+- u32 seeds[3];
++ u32 seeds[4];
+
+ get_random_bytes(&seeds, sizeof(seeds));
+- state->s1 = __seed(seeds[0], 2);
+- state->s2 = __seed(seeds[1], 8);
+- state->s3 = __seed(seeds[2], 16);
++ state->s1 = __seed(seeds[0], 2U);
++ state->s2 = __seed(seeds[1], 8U);
++ state->s3 = __seed(seeds[2], 16U);
++ state->s4 = __seed(seeds[3], 128U);
+
+- /* mix it in */
+- prandom_u32_state(state);
++ prandom_warmup(state);
+ }
++out:
++ spin_unlock_irqrestore(&lock, flags);
++}
++
++void prandom_reseed_late(void)
++{
++ __prandom_reseed(true);
++}
++
++static int __init prandom_reseed(void)
++{
++ __prandom_reseed(false);
++ __prandom_start_seed_timer();
+ return 0;
+ }
+ late_initcall(prandom_reseed);
++
++#ifdef CONFIG_RANDOM32_SELFTEST
++static struct prandom_test1 {
++ u32 seed;
++ u32 result;
++} test1[] = {
++ { 1U, 3484351685U },
++ { 2U, 2623130059U },
++ { 3U, 3125133893U },
++ { 4U, 984847254U },
++};
++
++static struct prandom_test2 {
++ u32 seed;
++ u32 iteration;
++ u32 result;
++} test2[] = {
++ /* Test cases against taus113 from GSL library. */
++ { 931557656U, 959U, 2975593782U },
++ { 1339693295U, 876U, 3887776532U },
++ { 1545556285U, 961U, 1615538833U },
++ { 601730776U, 723U, 1776162651U },
++ { 1027516047U, 687U, 511983079U },
++ { 416526298U, 700U, 916156552U },
++ { 1395522032U, 652U, 2222063676U },
++ { 366221443U, 617U, 2992857763U },
++ { 1539836965U, 714U, 3783265725U },
++ { 556206671U, 994U, 799626459U },
++ { 684907218U, 799U, 367789491U },
++ { 2121230701U, 931U, 2115467001U },
++ { 1668516451U, 644U, 3620590685U },
++ { 768046066U, 883U, 2034077390U },
++ { 1989159136U, 833U, 1195767305U },
++ { 536585145U, 996U, 3577259204U },
++ { 1008129373U, 642U, 1478080776U },
++ { 1740775604U, 939U, 1264980372U },
++ { 1967883163U, 508U, 10734624U },
++ { 1923019697U, 730U, 3821419629U },
++ { 442079932U, 560U, 3440032343U },
++ { 1961302714U, 845U, 841962572U },
++ { 2030205964U, 962U, 1325144227U },
++ { 1160407529U, 507U, 240940858U },
++ { 635482502U, 779U, 4200489746U },
++ { 1252788931U, 699U, 867195434U },
++ { 1961817131U, 719U, 668237657U },
++ { 1071468216U, 983U, 917876630U },
++ { 1281848367U, 932U, 1003100039U },
++ { 582537119U, 780U, 1127273778U },
++ { 1973672777U, 853U, 1071368872U },
++ { 1896756996U, 762U, 1127851055U },
++ { 847917054U, 500U, 1717499075U },
++ { 1240520510U, 951U, 2849576657U },
++ { 1685071682U, 567U, 1961810396U },
++ { 1516232129U, 557U, 3173877U },
++ { 1208118903U, 612U, 1613145022U },
++ { 1817269927U, 693U, 4279122573U },
++ { 1510091701U, 717U, 638191229U },
++ { 365916850U, 807U, 600424314U },
++ { 399324359U, 702U, 1803598116U },
++ { 1318480274U, 779U, 2074237022U },
++ { 697758115U, 840U, 1483639402U },
++ { 1696507773U, 840U, 577415447U },
++ { 2081979121U, 981U, 3041486449U },
++ { 955646687U, 742U, 3846494357U },
++ { 1250683506U, 749U, 836419859U },
++ { 595003102U, 534U, 366794109U },
++ { 47485338U, 558U, 3521120834U },
++ { 619433479U, 610U, 3991783875U },
++ { 704096520U, 518U, 4139493852U },
++ { 1712224984U, 606U, 2393312003U },
++ { 1318233152U, 922U, 3880361134U },
++ { 855572992U, 761U, 1472974787U },
++ { 64721421U, 703U, 683860550U },
++ { 678931758U, 840U, 380616043U },
++ { 692711973U, 778U, 1382361947U },
++ { 677703619U, 530U, 2826914161U },
++ { 92393223U, 586U, 1522128471U },
++ { 1222592920U, 743U, 3466726667U },
++ { 358288986U, 695U, 1091956998U },
++ { 1935056945U, 958U, 514864477U },
++ { 735675993U, 990U, 1294239989U },
++ { 1560089402U, 897U, 2238551287U },
++ { 70616361U, 829U, 22483098U },
++ { 368234700U, 731U, 2913875084U },
++ { 20221190U, 879U, 1564152970U },
++ { 539444654U, 682U, 1835141259U },
++ { 1314987297U, 840U, 1801114136U },
++ { 2019295544U, 645U, 3286438930U },
++ { 469023838U, 716U, 1637918202U },
++ { 1843754496U, 653U, 2562092152U },
++ { 400672036U, 809U, 4264212785U },
++ { 404722249U, 965U, 2704116999U },
++ { 600702209U, 758U, 584979986U },
++ { 519953954U, 667U, 2574436237U },
++ { 1658071126U, 694U, 2214569490U },
++ { 420480037U, 749U, 3430010866U },
++ { 690103647U, 969U, 3700758083U },
++ { 1029424799U, 937U, 3787746841U },
++ { 2012608669U, 506U, 3362628973U },
++ { 1535432887U, 998U, 42610943U },
++ { 1330635533U, 857U, 3040806504U },
++ { 1223800550U, 539U, 3954229517U },
++ { 1322411537U, 680U, 3223250324U },
++ { 1877847898U, 945U, 2915147143U },
++ { 1646356099U, 874U, 965988280U },
++ { 805687536U, 744U, 4032277920U },
++ { 1948093210U, 633U, 1346597684U },
++ { 392609744U, 783U, 1636083295U },
++ { 690241304U, 770U, 1201031298U },
++ { 1360302965U, 696U, 1665394461U },
++ { 1220090946U, 780U, 1316922812U },
++ { 447092251U, 500U, 3438743375U },
++ { 1613868791U, 592U, 828546883U },
++ { 523430951U, 548U, 2552392304U },
++ { 726692899U, 810U, 1656872867U },
++ { 1364340021U, 836U, 3710513486U },
++ { 1986257729U, 931U, 935013962U },
++ { 407983964U, 921U, 728767059U },
++};
++
++static void __init prandom_state_selftest(void)
++{
++ int i, j, errors = 0, runs = 0;
++ bool error = false;
++
++ for (i = 0; i < ARRAY_SIZE(test1); i++) {
++ struct rnd_state state;
++
++ prandom_seed_very_weak(&state, test1[i].seed);
++ prandom_warmup(&state);
++
++ if (test1[i].result != prandom_u32_state(&state))
++ error = true;
++ }
++
++ if (error)
++ pr_warn("prandom: seed boundary self test failed\n");
++ else
++ pr_info("prandom: seed boundary self test passed\n");
++
++ for (i = 0; i < ARRAY_SIZE(test2); i++) {
++ struct rnd_state state;
++
++ prandom_seed_very_weak(&state, test2[i].seed);
++ prandom_warmup(&state);
++
++ for (j = 0; j < test2[i].iteration - 1; j++)
++ prandom_u32_state(&state);
++
++ if (test2[i].result != prandom_u32_state(&state))
++ errors++;
++
++ runs++;
++ cond_resched();
++ }
++
++ if (errors)
++ pr_warn("prandom: %d/%d self tests failed\n", errors, runs);
++ else
++ pr_info("prandom: %d self tests passed\n", runs);
++}
++#endif
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index bb2b201..46abaf9 100644
--- a/lib/strncpy_from_user.c
@@ -88191,6 +88838,37 @@ index b32b70c..e512eb0 100644
pkmap_count[last_pkmap_nr] = 1;
set_page_address(page, (void *)vaddr);
+diff --git a/mm/huge_memory.c b/mm/huge_memory.c
+index 4796245..292a266 100644
+--- a/mm/huge_memory.c
++++ b/mm/huge_memory.c
+@@ -1154,7 +1154,7 @@ alloc:
+ new_page = NULL;
+
+ if (unlikely(!new_page)) {
+- if (is_huge_zero_pmd(orig_pmd)) {
++ if (!page) {
+ ret = do_huge_pmd_wp_zero_page_fallback(mm, vma,
+ address, pmd, orig_pmd, haddr);
+ } else {
+@@ -1181,7 +1181,7 @@ alloc:
+
+ count_vm_event(THP_FAULT_ALLOC);
+
+- if (is_huge_zero_pmd(orig_pmd))
++ if (!page)
+ clear_huge_page(new_page, haddr, HPAGE_PMD_NR);
+ else
+ copy_user_huge_page(new_page, page, haddr, vma, HPAGE_PMD_NR);
+@@ -1207,7 +1207,7 @@ alloc:
+ page_add_new_anon_rmap(new_page, vma, haddr);
+ set_pmd_at(mm, haddr, pmd, entry);
+ update_mmu_cache_pmd(vma, address, pmd);
+- if (is_huge_zero_pmd(orig_pmd)) {
++ if (!page) {
+ add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
+ put_huge_zero_page();
+ } else {
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 0b7656e..d21cefc 100644
--- a/mm/hugetlb.c
@@ -92558,7 +93236,7 @@ index de7c904..c84bf11 100644
if (S_ISREG(inode->i_mode))
diff --git a/mm/util.c b/mm/util.c
-index eaf63fc2..32b2629 100644
+index eaf63fc2..c6952b2 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -294,6 +294,12 @@ done:
@@ -92574,6 +93252,18 @@ index eaf63fc2..32b2629 100644
mm->get_unmapped_area = arch_get_unmapped_area;
}
#endif
+@@ -387,7 +393,10 @@ struct address_space *page_mapping(struct page *page)
+ {
+ struct address_space *mapping = page->mapping;
+
+- VM_BUG_ON(PageSlab(page));
++ /* This happens if someone calls flush_dcache_page on slab page */
++ if (unlikely(PageSlab(page)))
++ return NULL;
++
+ if (unlikely(PageSwapCache(page))) {
+ swp_entry_t entry;
+
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 1074543..136dbe0 100644
--- a/mm/vmalloc.c
@@ -93685,6 +94375,68 @@ index 5b7d0e1..cb960fc 100644
}
}
EXPORT_SYMBOL(dev_load);
+diff --git a/net/core/filter.c b/net/core/filter.c
+index 01b7808..ad30d62 100644
+--- a/net/core/filter.c
++++ b/net/core/filter.c
+@@ -36,7 +36,6 @@
+ #include <asm/uaccess.h>
+ #include <asm/unaligned.h>
+ #include <linux/filter.h>
+-#include <linux/reciprocal_div.h>
+ #include <linux/ratelimit.h>
+ #include <linux/seccomp.h>
+ #include <linux/if_vlan.h>
+@@ -166,7 +165,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb,
+ A /= X;
+ continue;
+ case BPF_S_ALU_DIV_K:
+- A = reciprocal_divide(A, K);
++ A /= K;
+ continue;
+ case BPF_S_ALU_MOD_X:
+ if (X == 0)
+@@ -553,11 +552,6 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
+ /* Some instructions need special checks */
+ switch (code) {
+ case BPF_S_ALU_DIV_K:
+- /* check for division by zero */
+- if (ftest->k == 0)
+- return -EINVAL;
+- ftest->k = reciprocal_value(ftest->k);
+- break;
+ case BPF_S_ALU_MOD_K:
+ /* check for division by zero */
+ if (ftest->k == 0)
+@@ -853,27 +847,7 @@ void sk_decode_filter(struct sock_filter *filt, struct sock_filter *to)
+ to->code = decodes[code];
+ to->jt = filt->jt;
+ to->jf = filt->jf;
+-
+- if (code == BPF_S_ALU_DIV_K) {
+- /*
+- * When loaded this rule user gave us X, which was
+- * translated into R = r(X). Now we calculate the
+- * RR = r(R) and report it back. If next time this
+- * value is loaded and RRR = r(RR) is calculated
+- * then the R == RRR will be true.
+- *
+- * One exception. X == 1 translates into R == 0 and
+- * we can't calculate RR out of it with r().
+- */
+-
+- if (filt->k == 0)
+- to->k = 1;
+- else
+- to->k = reciprocal_value(filt->k);
+-
+- BUG_ON(reciprocal_value(to->k) != filt->k);
+- } else
+- to->k = filt->k;
++ to->k = filt->k;
+ }
+
+ int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf, unsigned int len)
diff --git a/net/core/flow.c b/net/core/flow.c
index dfa602c..3103d88 100644
--- a/net/core/flow.c
@@ -93748,7 +94500,7 @@ index 7d84ea1..55385ae 100644
m->msg_iov = iov;
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index 6072610..7374c18 100644
+index 11af243..7357d84 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -2774,7 +2774,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
@@ -93832,10 +94584,10 @@ index 81d3a9a..a0bd7a8 100644
return error;
}
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
-index fc75c9e..8c8e9be 100644
+index 0c1482c..f7ae314 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
-@@ -428,7 +428,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
+@@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
struct udphdr *udph;
struct iphdr *iph;
struct ethhdr *eth;
@@ -93844,7 +94596,7 @@ index fc75c9e..8c8e9be 100644
struct ipv6hdr *ip6h;
udp_len = len + sizeof(*udph);
-@@ -499,7 +499,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
+@@ -506,7 +506,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
put_unaligned(0x45, (unsigned char *)iph);
iph->tos = 0;
put_unaligned(htons(ip_len), &(iph->tot_len));
@@ -93933,7 +94685,7 @@ index b442e7e..6f5b5a2 100644
{
struct socket *sock;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index c28c7fe..a399a6d 100644
+index 743e6eb..a399a6d 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3104,13 +3104,15 @@ void __init skb_init(void)
@@ -93954,16 +94706,8 @@ index c28c7fe..a399a6d 100644
NULL);
}
-@@ -3541,6 +3543,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet)
- skb->tstamp.tv64 = 0;
- skb->pkt_type = PACKET_HOST;
- skb->skb_iif = 0;
-+ skb->local_df = 0;
- skb_dst_drop(skb);
- skb->mark = 0;
- secpath_reset(skb);
diff --git a/net/core/sock.c b/net/core/sock.c
-index 0b39e7a..5e9f91e 100644
+index 5cec994..81aa1dd 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -94255,6 +94999,23 @@ index 008f337..b03b8c9 100644
/* replace the top byte with new ECN | DSCP format */
*hc06_ptr = tmp;
hc06_ptr += 4;
+diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c
+index 22b1a70..4efd237 100644
+--- a/net/ieee802154/nl-phy.c
++++ b/net/ieee802154/nl-phy.c
+@@ -224,8 +224,10 @@ static int ieee802154_add_iface(struct sk_buff *skb,
+
+ if (info->attrs[IEEE802154_ATTR_DEV_TYPE]) {
+ type = nla_get_u8(info->attrs[IEEE802154_ATTR_DEV_TYPE]);
+- if (type >= __IEEE802154_DEV_MAX)
+- return -EINVAL;
++ if (type >= __IEEE802154_DEV_MAX) {
++ rc = -EINVAL;
++ goto nla_put_failure;
++ }
+ }
+
+ dev = phy->add_iface(phy, devname, type);
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index cfeb85c..385989a 100644
--- a/net/ipv4/af_inet.c
@@ -94408,55 +95169,6 @@ index 6acb541..9ea617d 100644
EXPORT_SYMBOL(sysctl_local_reserved_ports);
void inet_get_local_port_range(int *low, int *high)
-diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
-index 5f64875..31cf54d 100644
---- a/net/ipv4/inet_diag.c
-+++ b/net/ipv4/inet_diag.c
-@@ -106,6 +106,10 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
-
- r->id.idiag_sport = inet->inet_sport;
- r->id.idiag_dport = inet->inet_dport;
-+
-+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
-+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
-+
- r->id.idiag_src[0] = inet->inet_rcv_saddr;
- r->id.idiag_dst[0] = inet->inet_daddr;
-
-@@ -240,12 +244,19 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
-
- r->idiag_family = tw->tw_family;
- r->idiag_retrans = 0;
-+
- r->id.idiag_if = tw->tw_bound_dev_if;
- sock_diag_save_cookie(tw, r->id.idiag_cookie);
-+
- r->id.idiag_sport = tw->tw_sport;
- r->id.idiag_dport = tw->tw_dport;
-+
-+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
-+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
-+
- r->id.idiag_src[0] = tw->tw_rcv_saddr;
- r->id.idiag_dst[0] = tw->tw_daddr;
-+
- r->idiag_state = tw->tw_substate;
- r->idiag_timer = 3;
- r->idiag_expires = DIV_ROUND_UP(tmo * 1000, HZ);
-@@ -732,8 +743,13 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
-
- r->id.idiag_sport = inet->inet_sport;
- r->id.idiag_dport = ireq->rmt_port;
-+
-+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
-+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
-+
- r->id.idiag_src[0] = ireq->loc_addr;
- r->id.idiag_dst[0] = ireq->rmt_addr;
-+
- r->idiag_expires = jiffies_to_msecs(tmo);
- r->idiag_rqueue = 0;
- r->idiag_wqueue = 0;
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 96da9c7..b956690 100644
--- a/net/ipv4/inet_hashtables.c
@@ -94553,7 +95265,7 @@ index b66910a..cfe416e 100644
return -ENOMEM;
}
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
-index d7aea4c..a8ee872 100644
+index e560ef3..218c5c5 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -115,7 +115,7 @@ static bool log_ecn_error = true;
@@ -94565,7 +95277,7 @@ index d7aea4c..a8ee872 100644
static int ipgre_tunnel_init(struct net_device *dev);
static int ipgre_net_id __read_mostly;
-@@ -731,7 +731,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
+@@ -732,7 +732,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
[IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
};
@@ -94574,7 +95286,7 @@ index d7aea4c..a8ee872 100644
.kind = "gre",
.maxtype = IFLA_GRE_MAX,
.policy = ipgre_policy,
-@@ -745,7 +745,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
+@@ -746,7 +746,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
.fill_info = ipgre_fill_info,
};
@@ -94681,6 +95393,25 @@ index 7f80fb4..b0328f6 100644
.kind = "ipip",
.maxtype = IFLA_IPTUN_MAX,
.policy = ipip_policy,
+diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
+index 62212c7..1672409 100644
+--- a/net/ipv4/ipmr.c
++++ b/net/ipv4/ipmr.c
+@@ -157,9 +157,12 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id)
+ static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4,
+ struct mr_table **mrt)
+ {
++ int err;
+ struct ipmr_result res;
+- struct fib_lookup_arg arg = { .result = &res, };
+- int err;
++ struct fib_lookup_arg arg = {
++ .result = &res,
++ .flags = FIB_LOOKUP_NOREF,
++ };
+
+ err = fib_rules_lookup(net->ipv4.mr_rules_ops,
+ flowi4_to_flowi(flp4), 0, &arg);
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 85a4f21..1beb1f5 100644
--- a/net/ipv4/netfilter/arp_tables.c
@@ -95301,7 +96032,7 @@ index 4b85e6f..22f9ac9 100644
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 5e2c2f1..6473c22 100644
+index 6ca9907..a1e6c00 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -87,6 +87,7 @@
@@ -95628,6 +96359,25 @@ index c1e11b5..568e633 100644
.kind = "ip6tnl",
.maxtype = IFLA_IPTUN_MAX,
.policy = ip6_tnl_policy,
+diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
+index f365310..0eb4038 100644
+--- a/net/ipv6/ip6mr.c
++++ b/net/ipv6/ip6mr.c
+@@ -141,9 +141,12 @@ static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
+ static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
+ struct mr6_table **mrt)
+ {
++ int err;
+ struct ip6mr_result res;
+- struct fib_lookup_arg arg = { .result = &res, };
+- int err;
++ struct fib_lookup_arg arg = {
++ .result = &res,
++ .flags = FIB_LOOKUP_NOREF,
++ };
+
+ err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
+ flowi6_to_flowi(flp6), 0, &arg);
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index d1e2e8e..51c19ae 100644
--- a/net/ipv6/ipv6_sockglue.c
@@ -95936,10 +96686,10 @@ index 1aeb473..bea761c 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 77308af..36ed509 100644
+index 0accb13..f793130 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -3009,7 +3009,7 @@ struct ctl_table ipv6_route_table_template[] = {
+@@ -3003,7 +3003,7 @@ struct ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
{
@@ -97135,10 +97885,10 @@ index 53c19a3..b0ac04a 100644
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index ba2548b..1a4e98e 100644
+index 88cfbc1..05d73f5 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1699,7 +1699,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1720,7 +1720,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_packets++;
@@ -97147,7 +97897,7 @@ index ba2548b..1a4e98e 100644
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk, skb->len);
-@@ -1708,7 +1708,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1729,7 +1729,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_drops++;
@@ -97156,7 +97906,7 @@ index ba2548b..1a4e98e 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -3261,7 +3261,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3275,7 +3275,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -97165,7 +97915,7 @@ index ba2548b..1a4e98e 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3304,7 +3304,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3318,7 +3318,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
@@ -97849,7 +98599,7 @@ index 6b36561..4f21064 100644
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
diff --git a/net/socket.c b/net/socket.c
-index e83c416..9169305 100644
+index e83c416..6342a2f 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -98024,15 +98774,6 @@ index e83c416..9169305 100644
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
unsigned int, flags, struct sockaddr __user *, addr,
int, addr_len)
-@@ -1825,7 +1891,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
- struct socket *sock;
- struct iovec iov;
- struct msghdr msg;
-- struct sockaddr_storage address;
-+ struct sockaddr_storage address = { };
- int err, err2;
- int fput_needed;
-
@@ -2047,7 +2113,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
@@ -98042,15 +98783,6 @@ index e83c416..9169305 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2198,7 +2264,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
- int err, total_len, len;
-
- /* kernel mode address */
-- struct sockaddr_storage addr;
-+ struct sockaddr_storage addr = { };
-
- /* user mode address pointers */
- struct sockaddr __user *uaddr;
@@ -2227,7 +2293,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
/* Save the user-mode address (verify_iovec will change the
* kernel msghdr to use the kernel address space)
@@ -98463,10 +99195,10 @@ index d38bb45..4fd6ac6 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 01625cc..d486b64 100644
+index a427623..387c80b 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
-@@ -784,6 +784,12 @@ static struct sock *unix_find_other(struct net *net,
+@@ -790,6 +790,12 @@ static struct sock *unix_find_other(struct net *net,
err = -ECONNREFUSED;
if (!S_ISSOCK(inode->i_mode))
goto put_fail;
@@ -98479,7 +99211,7 @@ index 01625cc..d486b64 100644
u = unix_find_socket_byinode(inode);
if (!u)
goto put_fail;
-@@ -804,6 +810,13 @@ static struct sock *unix_find_other(struct net *net,
+@@ -810,6 +816,13 @@ static struct sock *unix_find_other(struct net *net,
if (u) {
struct dentry *dentry;
dentry = unix_sk(u)->path.dentry;
@@ -98493,7 +99225,7 @@ index 01625cc..d486b64 100644
if (dentry)
touch_atime(&unix_sk(u)->path);
} else
-@@ -837,12 +850,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
+@@ -843,12 +856,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
*/
err = security_path_mknod(&path, dentry, mode, 0);
if (!err) {
@@ -98512,7 +99244,7 @@ index 01625cc..d486b64 100644
done_path_create(&path, dentry);
return err;
}
-@@ -2328,9 +2347,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2336,9 +2355,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -98527,7 +99259,7 @@ index 01625cc..d486b64 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2357,8 +2380,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2365,8 +2388,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -100586,10 +101318,44 @@ index fc3e662..7844c60 100644
lock = &avc_cache.slots_lock[hvalue];
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 392a044..5e931be 100644
+index 392a044..c3eb2bd 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
-@@ -5693,7 +5693,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -220,6 +220,14 @@ static int inode_alloc_security(struct inode *inode)
+ return 0;
+ }
+
++static void inode_free_rcu(struct rcu_head *head)
++{
++ struct inode_security_struct *isec;
++
++ isec = container_of(head, struct inode_security_struct, rcu);
++ kmem_cache_free(sel_inode_cache, isec);
++}
++
+ static void inode_free_security(struct inode *inode)
+ {
+ struct inode_security_struct *isec = inode->i_security;
+@@ -230,8 +238,16 @@ static void inode_free_security(struct inode *inode)
+ list_del_init(&isec->list);
+ spin_unlock(&sbsec->isec_lock);
+
+- inode->i_security = NULL;
+- kmem_cache_free(sel_inode_cache, isec);
++ /*
++ * The inode may still be referenced in a path walk and
++ * a call to selinux_inode_permission() can be made
++ * after inode_free_security() is called. Ideally, the VFS
++ * wouldn't do this, but fixing that is a much harder
++ * job. For now, simply free the i_security via RCU, and
++ * leave the current inode->i_security pointer intact.
++ * The inode will be freed after the RCU grace period too.
++ */
++ call_rcu(&isec->rcu, inode_free_rcu);
+ }
+
+ static int file_alloc_security(struct file *file)
+@@ -5693,7 +5709,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
@@ -100598,7 +101364,7 @@ index 392a044..5e931be 100644
.name = "selinux",
.ptrace_access_check = selinux_ptrace_access_check,
-@@ -6045,6 +6045,9 @@ static void selinux_nf_ip_exit(void)
+@@ -6045,6 +6061,9 @@ static void selinux_nf_ip_exit(void)
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static int selinux_disabled;
@@ -100608,7 +101374,7 @@ index 392a044..5e931be 100644
int selinux_disable(void)
{
if (ss_initialized) {
-@@ -6062,7 +6065,9 @@ int selinux_disable(void)
+@@ -6062,7 +6081,9 @@ int selinux_disable(void)
selinux_disabled = 1;
selinux_enabled = 0;
@@ -100619,6 +101385,22 @@ index 392a044..5e931be 100644
/* Try to destroy the avc node cache */
avc_disable();
+diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
+index aa47bca..6fd9dd2 100644
+--- a/security/selinux/include/objsec.h
++++ b/security/selinux/include/objsec.h
+@@ -38,7 +38,10 @@ struct task_security_struct {
+
+ struct inode_security_struct {
+ struct inode *inode; /* back pointer to inode object */
+- struct list_head list; /* list of inode_security_struct */
++ union {
++ struct list_head list; /* list of inode_security_struct */
++ struct rcu_head rcu; /* for freeing the inode_security_struct */
++ };
+ u32 task_sid; /* SID of creating task */
+ u32 sid; /* SID of this object */
+ u16 sclass; /* security class of this object */
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index c1af4e1..bcb003c 100644
--- a/security/selinux/include/xfrm.h
@@ -101698,10 +102480,10 @@ index 0000000..414fe5e
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..ba59e50
+index 0000000..59bf839
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,558 @@
+@@ -0,0 +1,557 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
+ * Copyright 2011-2013 by PaX Team <pageexec@freemail.hu>
@@ -101748,7 +102530,7 @@ index 0000000..ba59e50
+int plugin_is_GPL_compatible;
+
+static struct plugin_info const_plugin_info = {
-+ .version = "201312032345",
++ .version = "201401140130",
+ .help = "no-constify\tturn off constification\n",
+};
+
@@ -101874,8 +102656,10 @@ index 0000000..ba59e50
+ }
+ TYPE_READONLY(type) = 0;
+ C_TYPE_FIELDS_READONLY(type) = 0;
-+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type)))
++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) {
++ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type));
+ TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type));
++ }
+}
+
+static void deconstify_tree(tree node)
@@ -101928,7 +102712,6 @@ index 0000000..ba59e50
+ }
+
+ if (TYPE_P(*node)) {
-+ *no_add_attrs = false;
+ type = *node;
+ } else {
+ gcc_assert(TREE_CODE(*node) == TYPE_DECL);
@@ -101948,6 +102731,8 @@ index 0000000..ba59e50
+ if (TYPE_P(*node)) {
+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type)))
+ error("%qE attribute used on type %qT is incompatible with 'do_const'", name, type);
++ else
++ *no_add_attrs = false;
+ return NULL_TREE;
+ }
+
@@ -101967,6 +102752,7 @@ index 0000000..ba59e50
+ TYPE_READONLY(type) = 1;
+ C_TYPE_FIELDS_READONLY(type) = 1;
+ TYPE_CONSTIFY_VISITED(type) = 1;
++// TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type));
+// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type));
+}
+
@@ -102078,7 +102864,7 @@ index 0000000..ba59e50
+ TYPE_CONSTIFY_VISITED(type) = 1;
+}
+
-+static void check_global_variables(void)
++static void check_global_variables(void *event_data, void *data)
+{
+ struct varpool_node *node;
+
@@ -102151,21 +102937,15 @@ index 0000000..ba59e50
+ return ret;
+}
+
-+static unsigned int check_variables(void)
-+{
-+ check_global_variables();
-+ return check_local_variables();
-+}
-+
+static struct gimple_opt_pass pass_local_variable = {
+ {
+ .type = GIMPLE_PASS,
-+ .name = "check_variables",
++ .name = "check_local_variables",
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
+ .gate = NULL,
-+ .execute = check_variables,
++ .execute = check_local_variables,
+ .sub = NULL,
+ .next = NULL,
+ .static_pass_number = 0,
@@ -102252,6 +103032,7 @@ index 0000000..ba59e50
+
+ register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info);
+ if (constify) {
++ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL);
+ register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL);
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info);
+ register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL);