aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-06-03 06:43:42 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-06-03 07:44:26 +0000
commit5e97f1b32fc2e7c6050335b29e36641eb719f4d0 (patch)
treeb8efeaadd96c926826edf03ed23818e96202b647 /main
parent72dfeb01ba1e25b20d8c063aef48a8e34c45e162 (diff)
downloadaports-5e97f1b32fc2e7c6050335b29e36641eb719f4d0.tar.bz2
aports-5e97f1b32fc2e7c6050335b29e36641eb719f4d0.tar.xz
main/linux-grsec: upgrade to 3.14.5
Diffstat (limited to 'main')
-rw-r--r--main/linux-grsec/APKBUILD18
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.4-201405271114.patch)608
2 files changed, 280 insertions, 346 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 48c9fad10a..6d3afc84c3 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,12 +2,12 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.14.4
+pkgver=3.14.5
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=2
+pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.14.4-201405271114.patch
+ grsecurity-3.0-3.14.5-201406021708.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -165,24 +165,24 @@ dev() {
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
-116f27cf17c3522716b6678b17516067 patch-3.14.4.xz
-60e4f370c3543eb4634c84c24009b92d grsecurity-3.0-3.14.4-201405271114.patch
+a56bf05cb9033097198f9269bbcff130 patch-3.14.5.xz
+e3879ccdca92dbec4e42109a9f5552bb grsecurity-3.0-3.14.5-201406021708.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
7dbab6689abe6d34178c40773ea6759d kernelconfig.x86
21240113d77342def57ea9d6017c2cd6 kernelconfig.x86_64
727688e12e37262437fc9ca9c1fbd215 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
-af640ea64e923d525a8238832e8452381e6dc76a3bf28046411cadd67c408114 patch-3.14.4.xz
-76daa7e437ab5fedc51c1fec3a84b7e6901a073b083a94e3a55671bca9e67d34 grsecurity-3.0-3.14.4-201405271114.patch
+ecc00856830c05736b3f99609bc6d80353c29d2db9b0dffb91eb2d169808cac4 patch-3.14.5.xz
+8695054d1a1bd02acd2a08b1268eb65349f6877b1be1a00251dcbc5dd95a5a00 grsecurity-3.0-3.14.5-201406021708.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
ea60441bed9d50ed3cde8b73c664448b4efebd60c6b58ea0a6df67f087bbc64b kernelconfig.x86
c87d9045758f474d092e18a77fc936c1fc9007b09564b79a1ecc46c083c7e3c0 kernelconfig.x86_64
00fc74f27931d161ecc1c26e5cd000d9aeaf6ebea6e0e1293ecde14a64d80467 kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
-61eca26d57f7d7caa78d157582d4b98fbba1c85af73f1773fb51eab3db4381de53f4fbfbc202083e45297c0b4487bc58880a518e7ee9c0d616cddf0b3909b303 patch-3.14.4.xz
-4276c7f2d533b62074180efb069047f562336647078cd47b8a0abb70123fe05f3b2d30c3a212358bfde9897f8b5592d63057f66c2b47718691474cbc77f09d5a grsecurity-3.0-3.14.4-201405271114.patch
+068d139063c94f0e3fd4c24217705628b20f996f6e4cce88366c060150a123381babcfc05c953c58023deff0f7b28b4129b8d381b20dd4e3ac80ce4dbc4ec1e3 patch-3.14.5.xz
+86aa2f621e4fe52eaf498236289b66532f7a8bc087e9100ec168861cead44b7a4329ad609314b6b0bcbf114adf7378ae4eb38b37fc7d8e414473b7de1b84bd2f grsecurity-3.0-3.14.5-201406021708.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
e19c081066d5615f3037d66e8cf5074bfa4d448d8db2f32642957eb808e8c26e2a2467d333f8773a02aac44b13d5afe556780bd2303df3a9ac88ad6099a898b2 kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.4-201405271114.patch b/main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch
index 3537db8395..400f193d7c 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.4-201405271114.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index d7c07fd..1ad8228 100644
+index fa77b0b..dadf5fd 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -7508,18 +7508,6 @@ index 4006964..fcb3cc2 100644
ret = __copy_from_user(to, from, n);
else
copy_from_user_overflow();
-diff --git a/arch/parisc/include/uapi/asm/resource.h b/arch/parisc/include/uapi/asm/resource.h
-index 8b06343..090483c 100644
---- a/arch/parisc/include/uapi/asm/resource.h
-+++ b/arch/parisc/include/uapi/asm/resource.h
-@@ -1,7 +1,6 @@
- #ifndef _ASM_PARISC_RESOURCE_H
- #define _ASM_PARISC_RESOURCE_H
-
--#define _STK_LIM_MAX 10 * _STK_LIM
- #include <asm-generic/resource.h>
-
- #endif
diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
index 50dfafc..b9fc230 100644
--- a/arch/parisc/kernel/module.c
@@ -7624,7 +7612,7 @@ index 50dfafc..b9fc230 100644
DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
me->arch.unwind_section, table, end, gp);
diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
-index b7cadc4..bf4a32d 100644
+index 31ffa9b..588a798 100644
--- a/arch/parisc/kernel/sys_parisc.c
+++ b/arch/parisc/kernel/sys_parisc.c
@@ -89,6 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
@@ -7648,7 +7636,7 @@ index b7cadc4..bf4a32d 100644
addr = COLOR_ALIGN(addr, last_mmap, pgoff);
@@ -124,6 +129,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
info.high_limit = mmap_upper_limit();
- info.align_mask = last_mmap ? (PAGE_MASK & (SHMLBA - 1)) : 0;
+ info.align_mask = last_mmap ? (PAGE_MASK & (SHM_COLOUR - 1)) : 0;
info.align_offset = shared_align_offset(last_mmap, pgoff);
+ info.threadstack_offset = offset;
addr = vm_unmapped_area(&info);
@@ -7675,7 +7663,7 @@ index b7cadc4..bf4a32d 100644
addr = COLOR_ALIGN(addr, last_mmap, pgoff);
@@ -184,6 +195,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
info.high_limit = mm->mmap_base;
- info.align_mask = last_mmap ? (PAGE_MASK & (SHMLBA - 1)) : 0;
+ info.align_mask = last_mmap ? (PAGE_MASK & (SHM_COLOUR - 1)) : 0;
info.align_offset = shared_align_offset(last_mmap, pgoff);
+ info.threadstack_offset = offset;
addr = vm_unmapped_area(&info);
@@ -18365,10 +18353,10 @@ index 94e40f1..ebd03e4 100644
#define pgprot_writecombine pgprot_writecombine
extern pgprot_t pgprot_writecombine(pgprot_t prot);
diff --git a/arch/x86/include/asm/preempt.h b/arch/x86/include/asm/preempt.h
-index c8b0519..fd29e73 100644
+index b39e194..9d44fd1 100644
--- a/arch/x86/include/asm/preempt.h
+++ b/arch/x86/include/asm/preempt.h
-@@ -87,7 +87,7 @@ static __always_inline void __preempt_count_sub(int val)
+@@ -99,7 +99,7 @@ static __always_inline void __preempt_count_sub(int val)
*/
static __always_inline bool __preempt_count_dec_and_test(void)
{
@@ -19602,7 +19590,7 @@ index 04905bf..49203ca 100644
}
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 0d592e0..f58a222 100644
+index 0d592e0..7437fcc 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -7,6 +7,7 @@
@@ -19626,7 +19614,7 @@ index 0d592e0..f58a222 100644
#define segment_eq(a, b) ((a).seg == (b).seg)
-@@ -85,8 +91,34 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
+@@ -85,8 +91,36 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
* checks that the pointer is in the user space range - after calling
* this function, memory access functions may still return -EFAULT.
*/
@@ -19636,26 +19624,28 @@ index 0d592e0..f58a222 100644
+#define access_ok_noprefault(type, addr, size) (likely(!__range_not_ok(addr, size, user_addr_max())))
+#define access_ok(type, addr, size) \
+({ \
-+ long __size = size; \
++ unsigned long __size = size; \
+ unsigned long __addr = (unsigned long)addr; \
-+ unsigned long __addr_ao = __addr & PAGE_MASK; \
-+ unsigned long __end_ao = __addr + __size - 1; \
+ bool __ret_ao = __range_not_ok(__addr, __size, user_addr_max()) == 0;\
-+ if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
-+ while(__addr_ao <= __end_ao) { \
-+ char __c_ao; \
-+ __addr_ao += PAGE_SIZE; \
-+ if (__size > PAGE_SIZE) \
-+ _cond_resched(); \
-+ if (__get_user(__c_ao, (char __user *)__addr)) \
-+ break; \
-+ if (type != VERIFY_WRITE) { \
++ if (__ret_ao && __size) { \
++ unsigned long __addr_ao = __addr & PAGE_MASK; \
++ unsigned long __end_ao = __addr + __size - 1; \
++ if (unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
++ while (__addr_ao <= __end_ao) { \
++ char __c_ao; \
++ __addr_ao += PAGE_SIZE; \
++ if (__size > PAGE_SIZE) \
++ _cond_resched(); \
++ if (__get_user(__c_ao, (char __user *)__addr)) \
++ break; \
++ if (type != VERIFY_WRITE) { \
++ __addr = __addr_ao; \
++ continue; \
++ } \
++ if (__put_user(__c_ao, (char __user *)__addr)) \
++ break; \
+ __addr = __addr_ao; \
-+ continue; \
+ } \
-+ if (__put_user(__c_ao, (char __user *)__addr)) \
-+ break; \
-+ __addr = __addr_ao; \
+ } \
+ } \
+ __ret_ao; \
@@ -19663,7 +19653,7 @@ index 0d592e0..f58a222 100644
/*
* The exception table consists of pairs of addresses relative to the
-@@ -176,10 +208,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -176,10 +210,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX); \
__chk_user_ptr(ptr); \
might_fault(); \
@@ -19676,7 +19666,7 @@ index 0d592e0..f58a222 100644
__ret_gu; \
})
-@@ -187,13 +221,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -187,13 +223,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
: "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
@@ -19701,7 +19691,7 @@ index 0d592e0..f58a222 100644
"3: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"4: movl %3,%0\n" \
-@@ -206,8 +248,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -206,8 +250,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
#define __put_user_asm_ex_u64(x, addr) \
asm volatile(ASM_STAC "\n" \
@@ -19712,7 +19702,7 @@ index 0d592e0..f58a222 100644
"3: " ASM_CLAC "\n" \
_ASM_EXTABLE_EX(1b, 2b) \
_ASM_EXTABLE_EX(2b, 3b) \
-@@ -257,7 +299,8 @@ extern void __put_user_8(void);
+@@ -257,7 +301,8 @@ extern void __put_user_8(void);
__typeof__(*(ptr)) __pu_val; \
__chk_user_ptr(ptr); \
might_fault(); \
@@ -19722,7 +19712,7 @@ index 0d592e0..f58a222 100644
switch (sizeof(*(ptr))) { \
case 1: \
__put_user_x(1, __pu_val, ptr, __ret_pu); \
-@@ -275,6 +318,7 @@ extern void __put_user_8(void);
+@@ -275,6 +320,7 @@ extern void __put_user_8(void);
__put_user_x(X, __pu_val, ptr, __ret_pu); \
break; \
} \
@@ -19730,7 +19720,7 @@ index 0d592e0..f58a222 100644
__ret_pu; \
})
-@@ -355,8 +399,10 @@ do { \
+@@ -355,8 +401,10 @@ do { \
} while (0)
#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -19742,7 +19732,7 @@ index 0d592e0..f58a222 100644
"2: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"3: mov %3,%0\n" \
-@@ -364,8 +410,10 @@ do { \
+@@ -364,8 +412,10 @@ do { \
" jmp 2b\n" \
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
@@ -19755,7 +19745,7 @@ index 0d592e0..f58a222 100644
#define __get_user_size_ex(x, ptr, size) \
do { \
-@@ -389,7 +437,7 @@ do { \
+@@ -389,7 +439,7 @@ do { \
} while (0)
#define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
@@ -19764,7 +19754,7 @@ index 0d592e0..f58a222 100644
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: ltype(x) : "m" (__m(addr)))
-@@ -406,13 +454,24 @@ do { \
+@@ -406,13 +456,24 @@ do { \
int __gu_err; \
unsigned long __gu_val; \
__get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
@@ -19791,7 +19781,7 @@ index 0d592e0..f58a222 100644
/*
* Tell gcc we read from memory instead of writing: this is because
-@@ -420,8 +479,10 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -420,8 +481,10 @@ struct __large_struct { unsigned long buf[100]; };
* aliasing issues.
*/
#define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -19803,7 +19793,7 @@ index 0d592e0..f58a222 100644
"2: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"3: mov %3,%0\n" \
-@@ -429,10 +490,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -429,10 +492,12 @@ struct __large_struct { unsigned long buf[100]; };
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
: "=r"(err) \
@@ -19818,7 +19808,7 @@ index 0d592e0..f58a222 100644
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: : ltype(x), "m" (__m(addr)))
-@@ -442,11 +505,13 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -442,11 +507,13 @@ struct __large_struct { unsigned long buf[100]; };
*/
#define uaccess_try do { \
current_thread_info()->uaccess_err = 0; \
@@ -19832,7 +19822,7 @@ index 0d592e0..f58a222 100644
(err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \
} while (0)
-@@ -471,8 +536,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -471,8 +538,12 @@ struct __large_struct { unsigned long buf[100]; };
* On error, the variable @x is set to zero.
*/
@@ -19845,7 +19835,7 @@ index 0d592e0..f58a222 100644
/**
* __put_user: - Write a simple value into user space, with less checking.
-@@ -494,8 +563,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -494,8 +565,12 @@ struct __large_struct { unsigned long buf[100]; };
* Returns zero on success, or -EFAULT on error.
*/
@@ -19858,7 +19848,7 @@ index 0d592e0..f58a222 100644
#define __get_user_unaligned __get_user
#define __put_user_unaligned __put_user
-@@ -513,7 +586,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -513,7 +588,7 @@ struct __large_struct { unsigned long buf[100]; };
#define get_user_ex(x, ptr) do { \
unsigned long __gue_val; \
__get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
@@ -19867,7 +19857,7 @@ index 0d592e0..f58a222 100644
} while (0)
#define put_user_try uaccess_try
-@@ -542,18 +615,19 @@ extern void __cmpxchg_wrong_size(void)
+@@ -542,18 +617,19 @@ extern void __cmpxchg_wrong_size(void)
__typeof__(ptr) __uval = (uval); \
__typeof__(*(ptr)) __old = (old); \
__typeof__(*(ptr)) __new = (new); \
@@ -19889,7 +19879,7 @@ index 0d592e0..f58a222 100644
: "i" (-EFAULT), "q" (__new), "1" (__old) \
: "memory" \
); \
-@@ -562,14 +636,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -562,14 +638,14 @@ extern void __cmpxchg_wrong_size(void)
case 2: \
{ \
asm volatile("\t" ASM_STAC "\n" \
@@ -19906,7 +19896,7 @@ index 0d592e0..f58a222 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -578,14 +652,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -578,14 +654,14 @@ extern void __cmpxchg_wrong_size(void)
case 4: \
{ \
asm volatile("\t" ASM_STAC "\n" \
@@ -19923,7 +19913,7 @@ index 0d592e0..f58a222 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -597,14 +671,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -597,14 +673,14 @@ extern void __cmpxchg_wrong_size(void)
__cmpxchg_wrong_size(); \
\
asm volatile("\t" ASM_STAC "\n" \
@@ -19940,7 +19930,7 @@ index 0d592e0..f58a222 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -613,6 +687,7 @@ extern void __cmpxchg_wrong_size(void)
+@@ -613,6 +689,7 @@ extern void __cmpxchg_wrong_size(void)
default: \
__cmpxchg_wrong_size(); \
} \
@@ -19948,7 +19938,7 @@ index 0d592e0..f58a222 100644
*__uval = __old; \
__ret; \
})
-@@ -636,17 +711,6 @@ extern struct movsl_mask {
+@@ -636,17 +713,6 @@ extern struct movsl_mask {
#define ARCH_HAS_NOCACHE_UACCESS 1
@@ -19966,7 +19956,7 @@ index 0d592e0..f58a222 100644
#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
# define copy_user_diag __compiletime_error
#else
-@@ -656,7 +720,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
+@@ -656,7 +722,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
extern void copy_user_diag("copy_from_user() buffer size is too small")
copy_from_user_overflow(void);
extern void copy_user_diag("copy_to_user() buffer size is too small")
@@ -19975,7 +19965,7 @@ index 0d592e0..f58a222 100644
#undef copy_user_diag
-@@ -669,7 +733,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
+@@ -669,7 +735,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
extern void
__compiletime_warning("copy_to_user() buffer size is not provably correct")
@@ -19984,7 +19974,7 @@ index 0d592e0..f58a222 100644
#define __copy_to_user_overflow(size, count) __copy_to_user_overflow()
#else
-@@ -684,10 +748,16 @@ __copy_from_user_overflow(int size, unsigned long count)
+@@ -684,10 +750,16 @@ __copy_from_user_overflow(int size, unsigned long count)
#endif
@@ -20002,7 +19992,7 @@ index 0d592e0..f58a222 100644
might_fault();
-@@ -709,12 +779,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
+@@ -709,12 +781,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
* case, and do only runtime checking for non-constant sizes.
*/
@@ -20024,7 +20014,7 @@ index 0d592e0..f58a222 100644
return n;
}
-@@ -722,17 +795,18 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
+@@ -722,17 +797,18 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
static inline unsigned long __must_check
copy_to_user(void __user *to, const void *from, unsigned long n)
{
@@ -28784,10 +28774,10 @@ index 3927528..fc19971 100644
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 2b85784..ad70e19 100644
+index ee0c3b5..773bb94 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -1777,8 +1777,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1776,8 +1776,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
@@ -28798,7 +28788,7 @@ index 2b85784..ad70e19 100644
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2689,6 +2689,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2688,6 +2688,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
@@ -28807,7 +28797,7 @@ index 2b85784..ad70e19 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -5503,7 +5505,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5502,7 +5504,7 @@ static struct notifier_block pvclock_gtod_notifier = {
};
#endif
@@ -34132,7 +34122,7 @@ index 0149575..f746de8 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 4ed75dd..3cf24f0b 100644
+index af2d431..3cf24f0b 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
@@ -34298,7 +34288,7 @@ index 4ed75dd..3cf24f0b 100644
+ pax_close_kernel();
- header->pages = sz / PAGE_SIZE;
-- hole = sz - (proglen + sizeof(*header));
+- hole = min(sz - (proglen + sizeof(*header)), PAGE_SIZE - sizeof(*header));
+ hole = PAGE_SIZE - (proglen & ~PAGE_MASK);
/* insert a random number of int3 instructions before BPF code */
@@ -40603,10 +40593,10 @@ index 15a74f9..4278889 100644
return can_switch;
}
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index df77e20..d3fda9f 100644
+index 697f215..6f89b7f 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
-@@ -1361,7 +1361,7 @@ typedef struct drm_i915_private {
+@@ -1362,7 +1362,7 @@ typedef struct drm_i915_private {
drm_dma_handle_t *status_page_dmah;
struct resource mch_res;
@@ -40788,10 +40778,10 @@ index d554169..f4426bb 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 9b8a7c7..60f6003 100644
+index 963639d..ea0c0cb 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -10776,13 +10776,13 @@ struct intel_quirk {
+@@ -10787,13 +10787,13 @@ struct intel_quirk {
int subsystem_vendor;
int subsystem_device;
void (*hook)(struct drm_device *dev);
@@ -40807,7 +40797,7 @@ index 9b8a7c7..60f6003 100644
static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
{
-@@ -10790,18 +10790,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
+@@ -10801,18 +10801,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
return 1;
}
@@ -41191,7 +41181,7 @@ index 28f84b4..fb3e224 100644
ret = drm_irq_install(qdev->ddev);
qdev->ram_header->int_mask = QXL_INTERRUPT_MASK;
diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c
-index c7e7e65..7dddd4d 100644
+index c82c1d6a9..6158c02 100644
--- a/drivers/gpu/drm/qxl/qxl_ttm.c
+++ b/drivers/gpu/drm/qxl/qxl_ttm.c
@@ -103,7 +103,7 @@ static void qxl_ttm_global_fini(struct qxl_device *qdev)
@@ -41214,7 +41204,7 @@ index c7e7e65..7dddd4d 100644
}
vma->vm_ops = &qxl_ttm_vm_ops;
return 0;
-@@ -560,25 +562,23 @@ static int qxl_mm_dump_table(struct seq_file *m, void *data)
+@@ -561,25 +563,23 @@ static int qxl_mm_dump_table(struct seq_file *m, void *data)
static int qxl_ttm_debugfs_init(struct qxl_device *qdev)
{
#if defined(CONFIG_DEBUG_FS)
@@ -41881,10 +41871,10 @@ index ec0ae2d..dc0780b 100644
/* copy over all the bus versions */
if (dev->bus && dev->bus->pm) {
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index cc32a6f..02a4b1c 100644
+index 8a5384c..cf63c18 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2421,7 +2421,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2422,7 +2422,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
@@ -41893,7 +41883,7 @@ index cc32a6f..02a4b1c 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2455,7 +2455,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2456,7 +2456,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -44611,10 +44601,10 @@ index 3e6d115..ffecdeb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 4a6ca1c..e952750 100644
+index 56e24c0..e1c8e1f 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1922,7 +1922,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
@@ -44623,7 +44613,7 @@ index 4a6ca1c..e952750 100644
}
sectors -= s;
sect += s;
-@@ -2156,7 +2156,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2165,7 +2165,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -46214,10 +46204,10 @@ index cf49c22..971b133 100644
struct sm_sysfs_attribute *vendor_attribute;
char *vendor;
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
-index e5628fc..ffe54d1 100644
+index 91ec8cd..562ff5f 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
-@@ -4551,6 +4551,7 @@ static void __exit bonding_exit(void)
+@@ -4552,6 +4552,7 @@ static void __exit bonding_exit(void)
bond_netlink_fini();
unregister_pernet_subsys(&bond_net_ops);
@@ -46656,10 +46646,10 @@ index bf0d55e..82bcfbd1 100644
priv = netdev_priv(dev);
priv->phy = phy;
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
-index 1831fb7..9c24bca 100644
+index 20bb669..9a0e17e 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
-@@ -984,13 +984,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
+@@ -991,13 +991,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
int macvlan_link_register(struct rtnl_link_ops *ops)
{
/* common fields */
@@ -46682,7 +46672,7 @@ index 1831fb7..9c24bca 100644
return rtnl_link_register(ops);
};
-@@ -1045,7 +1047,7 @@ static int macvlan_device_event(struct notifier_block *unused,
+@@ -1052,7 +1054,7 @@ static int macvlan_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -46692,10 +46682,10 @@ index 1831fb7..9c24bca 100644
};
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index ff111a8..c4c3ac4 100644
+index 3381c4f..dea5fd5 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
-@@ -1011,7 +1011,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
+@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
}
ret = 0;
@@ -46704,7 +46694,7 @@ index ff111a8..c4c3ac4 100644
put_user(q->flags, &ifr->ifr_flags))
ret = -EFAULT;
macvtap_put_vlan(vlan);
-@@ -1181,7 +1181,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -46796,19 +46786,6 @@ index 26f8635..c237839 100644
if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
if (copy_from_user(&ifr, argp, ifreq_len))
return -EFAULT;
-diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
-index d350d27..75d7d9d 100644
---- a/drivers/net/usb/cdc_ncm.c
-+++ b/drivers/net/usb/cdc_ncm.c
-@@ -768,7 +768,7 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign)
- skb_out->len > CDC_NCM_MIN_TX_PKT)
- memset(skb_put(skb_out, ctx->tx_max - skb_out->len), 0,
- ctx->tx_max - skb_out->len);
-- else if ((skb_out->len % dev->maxpacket) == 0)
-+ else if (skb_out->len < ctx->tx_max && (skb_out->len % dev->maxpacket) == 0)
- *skb_put(skb_out, 1) = 0; /* force short packet */
-
- /* set final frame length */
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
index 660bd5e..ac59452 100644
--- a/drivers/net/usb/hso.c
@@ -50026,10 +50003,10 @@ index 62ec84b..93159d8 100644
disposition = scsi_decide_disposition(cmd);
if (disposition != SUCCESS &&
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
-index 9117d0b..d289a7a 100644
+index 665acbf..d18fab4 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
-@@ -739,7 +739,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \
+@@ -734,7 +734,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \
char *buf) \
{ \
struct scsi_device *sdev = to_scsi_device(dev); \
@@ -57622,7 +57599,7 @@ index 1e86823..8e34695 100644
else if (whole->bd_holder != NULL)
return false; /* is a partition of a held device */
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index cbd3a7d..c6a2881 100644
+index cbd3a7d6f..c6a2881 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1216,9 +1216,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
@@ -57995,10 +57972,10 @@ index f3ac415..3d2420c 100644
server->ops->print_stats(m, tcon);
}
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
-index 849f613..eae6dec 100644
+index 7c6b73c..a8f0db2 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
-@@ -1056,7 +1056,7 @@ cifs_init_request_bufs(void)
+@@ -1068,7 +1068,7 @@ cifs_init_request_bufs(void)
*/
cifs_req_cachep = kmem_cache_create("cifs_request",
CIFSMaxBufSize + max_hdr_size, 0,
@@ -58007,7 +57984,7 @@ index 849f613..eae6dec 100644
if (cifs_req_cachep == NULL)
return -ENOMEM;
-@@ -1083,7 +1083,7 @@ cifs_init_request_bufs(void)
+@@ -1095,7 +1095,7 @@ cifs_init_request_bufs(void)
efficient to alloc 1 per page off the slab compared to 17K (5page)
alloc of large cifs buffers even when page debugging is on */
cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq",
@@ -58016,7 +57993,7 @@ index 849f613..eae6dec 100644
NULL);
if (cifs_sm_req_cachep == NULL) {
mempool_destroy(cifs_req_poolp);
-@@ -1168,8 +1168,8 @@ init_cifs(void)
+@@ -1180,8 +1180,8 @@ init_cifs(void)
atomic_set(&bufAllocCount, 0);
atomic_set(&smBufAllocCount, 0);
#ifdef CONFIG_CIFS_STATS2
@@ -58028,10 +58005,10 @@ index 849f613..eae6dec 100644
atomic_set(&midCount, 0);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index c0f3718..6afed7d 100644
+index 30f6e92..e915ba5 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
-@@ -804,35 +804,35 @@ struct cifs_tcon {
+@@ -806,35 +806,35 @@ struct cifs_tcon {
__u16 Flags; /* optional support bits */
enum statusEnum tidStatus;
#ifdef CONFIG_CIFS_STATS
@@ -58091,7 +58068,7 @@ index c0f3718..6afed7d 100644
} smb2_stats;
#endif /* CONFIG_CIFS_SMB2 */
} stats;
-@@ -1162,7 +1162,7 @@ convert_delimiter(char *path, char delim)
+@@ -1170,7 +1170,7 @@ convert_delimiter(char *path, char delim)
}
#ifdef CONFIG_CIFS_STATS
@@ -58100,7 +58077,7 @@ index c0f3718..6afed7d 100644
static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
unsigned int bytes)
-@@ -1528,8 +1528,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
+@@ -1536,8 +1536,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
/* Various Debug counters */
GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
#ifdef CONFIG_CIFS_STATS2
@@ -58112,7 +58089,7 @@ index c0f3718..6afed7d 100644
GLOBAL_EXTERN atomic_t smBufAllocCount;
GLOBAL_EXTERN atomic_t midCount;
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
-index 834fce7..8a314b5 100644
+index 87c4dd0..a90f115 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping,
@@ -58134,7 +58111,7 @@ index 834fce7..8a314b5 100644
}
retry:
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
-index 2f9f379..43f8025 100644
+index 3b0c62e..f7d090c 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -170,7 +170,7 @@ cifs_buf_get(void)
@@ -58156,10 +58133,10 @@ index 2f9f379..43f8025 100644
}
diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
-index 526fb89..ecdbf5a 100644
+index d1fdfa8..94558f8 100644
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
-@@ -616,27 +616,27 @@ static void
+@@ -626,27 +626,27 @@ static void
cifs_clear_stats(struct cifs_tcon *tcon)
{
#ifdef CONFIG_CIFS_STATS
@@ -58208,7 +58185,7 @@ index 526fb89..ecdbf5a 100644
#endif
}
-@@ -645,36 +645,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
+@@ -655,36 +655,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
{
#ifdef CONFIG_CIFS_STATS
seq_printf(m, " Oplocks breaks: %d",
@@ -58265,7 +58242,7 @@ index 526fb89..ecdbf5a 100644
}
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
-index 192f51a..539307e 100644
+index 35ddc3e..563e809 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon)
@@ -58838,7 +58815,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 3d78fcc..cd4f983 100644
+index 3d78fcc..75b208f 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,8 +55,20 @@
@@ -59329,7 +59306,7 @@ index 3d78fcc..cd4f983 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1626,3 +1801,296 @@ asmlinkage long compat_sys_execve(const char __user * filename,
+@@ -1626,3 +1801,311 @@ asmlinkage long compat_sys_execve(const char __user * filename,
return compat_do_execve(getname(filename), argv, envp);
}
#endif
@@ -59577,12 +59554,25 @@ index 3d78fcc..cd4f983 100644
+}
+#endif
+
-+void __check_object_size(const void *ptr, unsigned long n, bool to_user)
++void __check_object_size(const void *ptr, unsigned long n, bool to_user, bool const_size)
+{
-+
+#ifdef CONFIG_PAX_USERCOPY
+ const char *type;
++#endif
++
++#ifndef CONFIG_STACK_GROWSUP
++ const void * stackstart = task_stack_page(current);
++ if (unlikely(current_stack_pointer < stackstart + 512 ||
++ current_stack_pointer >= stackstart + THREAD_SIZE))
++ BUG();
++#endif
+
++#ifndef CONFIG_PAX_USERCOPY_DEBUG
++ if (const_size)
++ return;
++#endif
++
++#ifdef CONFIG_PAX_USERCOPY
+ if (!n)
+ return;
+
@@ -59613,6 +59603,8 @@ index 3d78fcc..cd4f983 100644
+ if (sp < current_thread_info()->lowest_stack &&
+ sp > (unsigned long)task_stack_page(current))
+ current_thread_info()->lowest_stack = sp;
++ if (unlikely((sp & ~(THREAD_SIZE - 1)) < (THREAD_SIZE/16)))
++ BUG();
+}
+EXPORT_SYMBOL(pax_track_stack);
+#endif
@@ -63006,7 +62998,7 @@ index 49d84f8..4807e0b 100644
/* Copy the blockcheck stats from the superblock probe */
osb->osb_ecc_stats = *stats;
diff --git a/fs/open.c b/fs/open.c
-index b9ed8b2..0d5c7a0 100644
+index 2ed7325..4e77ac3 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -32,6 +32,8 @@
@@ -63110,7 +63102,7 @@ index b9ed8b2..0d5c7a0 100644
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
if (!uid_valid(uid))
-@@ -994,6 +1031,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
+@@ -982,6 +1019,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
} else {
fsnotify_open(f);
fd_install(fd, f);
@@ -77538,10 +77530,10 @@ index 810431d..0ec4804f 100644
* (puds are folded into pgds so this doesn't get actually called,
* but the define is needed for a generic inline function.)
diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
-index 34c7bdc..38d4f3b 100644
+index 38a7437..47f62a4 100644
--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
-@@ -787,6 +787,22 @@ static inline void pmdp_set_numa(struct mm_struct *mm, unsigned long addr,
+@@ -802,6 +802,22 @@ static inline void pmdp_set_numa(struct mm_struct *mm, unsigned long addr,
}
#endif /* CONFIG_NUMA_BALANCING */
@@ -78286,7 +78278,7 @@ index d08e4d2..95fad61 100644
/**
diff --git a/include/linux/cred.h b/include/linux/cred.h
-index 04421e8..117e17a 100644
+index 04421e8..a85afd4 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -35,7 +35,7 @@ struct group_info {
@@ -78317,6 +78309,14 @@ index 04421e8..117e17a 100644
#endif
/**
+@@ -322,6 +325,7 @@ static inline void put_cred(const struct cred *_cred)
+
+ #define task_uid(task) (task_cred_xxx((task), uid))
+ #define task_euid(task) (task_cred_xxx((task), euid))
++#define task_securebits(task) (task_cred_xxx((task), securebits))
+
+ #define current_cred_xxx(xxx) \
+ ({ \
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index b92eadf..b4ecdc1 100644
--- a/include/linux/crypto.h
@@ -81343,7 +81343,7 @@ index 492de72..1bddcd4 100644
return nd->saved_names[nd->depth];
}
diff --git a/include/linux/net.h b/include/linux/net.h
-index 94734a6..d8d6931 100644
+index 17d8339..81656c0 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -192,7 +192,7 @@ struct net_proto_family {
@@ -81356,18 +81356,18 @@ index 94734a6..d8d6931 100644
struct iovec;
struct kvec;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index daafd95..74c5d1e 100644
+index 911718f..f673407 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -1146,6 +1146,7 @@ struct net_device_ops {
- struct net_device *dev,
+@@ -1147,6 +1147,7 @@ struct net_device_ops {
void *priv);
+ int (*ndo_get_lock_subclass)(struct net_device *dev);
};
+typedef struct net_device_ops __no_const net_device_ops_no_const;
/*
* The DEVICE structure.
-@@ -1228,7 +1229,7 @@ struct net_device {
+@@ -1229,7 +1230,7 @@ struct net_device {
int iflink;
struct net_device_stats stats;
@@ -81710,10 +81710,10 @@ index 4ea1d37..80f4b33 100644
/*
* The return value from decompress routine is the length of the
diff --git a/include/linux/preempt.h b/include/linux/preempt.h
-index de83b4e..c4b997d 100644
+index 1841b58..fbeebf8 100644
--- a/include/linux/preempt.h
+++ b/include/linux/preempt.h
-@@ -27,11 +27,16 @@ extern void preempt_count_sub(int val);
+@@ -29,11 +29,16 @@ extern void preempt_count_sub(int val);
#define preempt_count_dec_and_test() __preempt_count_dec_and_test()
#endif
@@ -81730,7 +81730,7 @@ index de83b4e..c4b997d 100644
#ifdef CONFIG_PREEMPT_COUNT
-@@ -41,6 +46,12 @@ do { \
+@@ -43,6 +48,12 @@ do { \
barrier(); \
} while (0)
@@ -81743,7 +81743,7 @@ index de83b4e..c4b997d 100644
#define sched_preempt_enable_no_resched() \
do { \
barrier(); \
-@@ -49,6 +60,12 @@ do { \
+@@ -51,6 +62,12 @@ do { \
#define preempt_enable_no_resched() sched_preempt_enable_no_resched()
@@ -81756,7 +81756,7 @@ index de83b4e..c4b997d 100644
#ifdef CONFIG_PREEMPT
#define preempt_enable() \
do { \
-@@ -113,8 +130,10 @@ do { \
+@@ -115,8 +132,10 @@ do { \
* region.
*/
#define preempt_disable() barrier()
@@ -81767,7 +81767,7 @@ index de83b4e..c4b997d 100644
#define preempt_enable() barrier()
#define preempt_check_resched() do { } while (0)
-@@ -128,11 +147,13 @@ do { \
+@@ -130,11 +149,13 @@ do { \
/*
* Modules have no business playing preemption tricks.
*/
@@ -82106,7 +82106,7 @@ index b66c211..13d2915 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index a781dec..2c03225 100644
+index ccd0c6f..39c28a4 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -129,6 +129,7 @@ struct fs_struct;
@@ -82342,7 +82342,7 @@ index a781dec..2c03225 100644
{
return tsk->pid;
}
-@@ -1988,6 +2099,25 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2006,6 +2117,25 @@ extern u64 sched_clock_cpu(int cpu);
extern void sched_clock_init(void);
@@ -82368,7 +82368,7 @@ index a781dec..2c03225 100644
#ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
static inline void sched_clock_tick(void)
{
-@@ -2112,7 +2242,9 @@ void yield(void);
+@@ -2130,7 +2260,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
@@ -82378,7 +82378,7 @@ index a781dec..2c03225 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2145,6 +2277,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2163,6 +2295,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -82386,7 +82386,7 @@ index a781dec..2c03225 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2307,7 +2440,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2325,7 +2458,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -82395,7 +82395,7 @@ index a781dec..2c03225 100644
extern int allow_signal(int);
extern int disallow_signal(int);
-@@ -2508,9 +2641,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2526,9 +2659,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
@@ -82729,7 +82729,7 @@ index 6ae004e..2743532 100644
/*
* Callback to arch code if there's nosmp or maxcpus=0 on the
diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
-index 54f91d3..be2c379 100644
+index 302ab80..3233276 100644
--- a/include/linux/sock_diag.h
+++ b/include/linux/sock_diag.h
@@ -11,7 +11,7 @@ struct sock;
@@ -83015,30 +83015,18 @@ index 387fa7d..3fcde6b 100644
#ifdef CONFIG_MAGIC_SYSRQ
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
-index fddbe20..e4cce53 100644
+index a629e4b..3fea3d9 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
-@@ -161,6 +161,25 @@ static inline bool test_and_clear_restore_sigmask(void)
+@@ -159,6 +159,13 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
-+extern void __check_object_size(const void *ptr, unsigned long n, bool to_user);
-+
-+#if defined(CONFIG_X86) && defined(CONFIG_PAX_USERCOPY)
-+extern void pax_check_alloca(unsigned long size);
-+#endif
++extern void __check_object_size(const void *ptr, unsigned long n, bool to_user, bool const_size);
+
+static inline void check_object_size(const void *ptr, unsigned long n, bool to_user)
+{
-+#if defined(CONFIG_X86) && defined(CONFIG_PAX_USERCOPY)
-+ /* always check if we've overflowed the stack in a copy*user */
-+ pax_check_alloca(sizeof(unsigned long));
-+#endif
-+
-+#ifndef CONFIG_PAX_USERCOPY_DEBUG
-+ if (!__builtin_constant_p(n))
-+#endif
-+ __check_object_size(ptr, n, to_user);
++ __check_object_size(ptr, n, to_user, __builtin_constant_p(n));
+}
+
#endif /* __KERNEL__ */
@@ -83975,21 +83963,6 @@ index 8ba8ce2..99b7fff 100644
struct sk_buff *skb, int offset, struct iovec *to,
size_t len, struct dma_pinned_list *pinned_list);
-diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
-index 956b175..55d1504 100644
---- a/include/net/netfilter/nf_conntrack_extend.h
-+++ b/include/net/netfilter/nf_conntrack_extend.h
-@@ -47,8 +47,8 @@ enum nf_ct_ext_id {
- /* Extensions: optional stuff which isn't permanently in struct. */
- struct nf_ct_ext {
- struct rcu_head rcu;
-- u8 offset[NF_CT_EXT_NUM];
-- u8 len;
-+ u16 offset[NF_CT_EXT_NUM];
-+ u16 len;
- char data[0];
- };
-
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 2b47eaa..6d5bcc2 100644
--- a/include/net/netlink.h
@@ -84151,7 +84124,7 @@ index 7f4eeb3..37e8fe1 100644
/* Get the size of a DATA chunk payload. */
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
-index 6ee76c8..45f2609 100644
+index 0dfcc92..7967849 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -507,7 +507,7 @@ struct sctp_pf {
@@ -84355,7 +84328,7 @@ index 52beadf..598734c 100644
u8 qfull;
enum fc_lport_state state;
diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index d65fbec..f80fef2 100644
+index b4f1eff..7fdbd46 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
@@ -180,9 +180,9 @@ struct scsi_device {
@@ -84815,7 +84788,7 @@ index 30f5362..8ed8ac9 100644
void *pmi_pal;
u8 *vbe_state_orig; /*
diff --git a/init/Kconfig b/init/Kconfig
-index d56cb03..7e6d5dc 100644
+index 93c5ef0..ac92caa 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1079,6 +1079,7 @@ endif # CGROUPS
@@ -85655,7 +85628,7 @@ index 8d6e145..33e0b1e 100644
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index 95a20f3..e1cb300 100644
+index d5f31c1..06646e1 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -122,7 +122,7 @@ u32 audit_sig_sid = 0;
@@ -85695,7 +85668,7 @@ index 95a20f3..e1cb300 100644
s.version = AUDIT_VERSION_LATEST;
s.backlog_wait_time = audit_backlog_wait_time;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 7aef2f4..db6ced2 100644
+index 3b29605..f6c85d0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1945,7 +1945,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
@@ -86009,7 +85982,7 @@ index c18b1f1..b9a0132 100644
return -ENOMEM;
diff --git a/kernel/cred.c b/kernel/cred.c
-index e0573a4..3874e41 100644
+index e0573a4..20fb164 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -164,6 +164,16 @@ void exit_creds(struct task_struct *tsk)
@@ -86047,7 +86020,7 @@ index e0573a4..3874e41 100644
/* dumpability changes */
if (!uid_eq(old->euid, new->euid) ||
!gid_eq(old->egid, new->egid) ||
-@@ -479,6 +491,102 @@ int commit_creds(struct cred *new)
+@@ -479,6 +491,108 @@ int commit_creds(struct cred *new)
put_cred(old);
return 0;
}
@@ -86116,6 +86089,7 @@ index e0573a4..3874e41 100644
+ int ret;
+ int schedule_it = 0;
+ struct task_struct *t;
++ unsigned oldsecurebits = current_cred()->securebits;
+
+ /* we won't get called with tasklist_lock held for writing
+ and interrupts disabled as the cred struct in that case is
@@ -86132,7 +86106,11 @@ index e0573a4..3874e41 100644
+ read_lock(&tasklist_lock);
+ for (t = next_thread(current); t != current;
+ t = next_thread(t)) {
-+ if (t->delayed_cred == NULL) {
++ /* we'll check if the thread has uid 0 in
++ * the delayed worker routine
++ */
++ if (task_securebits(t) == oldsecurebits &&
++ t->delayed_cred == NULL) {
+ t->delayed_cred = get_cred(new);
+ set_tsk_thread_flag(t, TIF_GRSEC_SETXID);
+ set_tsk_need_resched(t);
@@ -86141,6 +86119,7 @@ index e0573a4..3874e41 100644
+ read_unlock(&tasklist_lock);
+ rcu_read_unlock();
+ }
++
+ return ret;
+#else
+ return __commit_creds(new);
@@ -90964,7 +90943,7 @@ index accfd24..e00f0c0 100644
struct timer_list timer;
unsigned long expire;
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
-index b418cb0..f879a3d 100644
+index 4f3a3c03..04b7886 100644
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -328,7 +328,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer,
@@ -92486,10 +92465,10 @@ index b32b70c..e512eb0 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 2de3c84..4ecaf1b 100644
+index 06a9bc0..cfbba83 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
-@@ -2069,15 +2069,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
+@@ -2070,15 +2070,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
struct hstate *h = &default_hstate;
unsigned long tmp;
int ret;
@@ -92510,7 +92489,7 @@ index 2de3c84..4ecaf1b 100644
if (ret)
goto out;
-@@ -2122,15 +2124,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
+@@ -2123,15 +2125,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
struct hstate *h = &default_hstate;
unsigned long tmp;
int ret;
@@ -92531,7 +92510,7 @@ index 2de3c84..4ecaf1b 100644
if (ret)
goto out;
-@@ -2599,6 +2603,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2600,6 +2604,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -92559,7 +92538,7 @@ index 2de3c84..4ecaf1b 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2715,6 +2740,11 @@ retry_avoidcopy:
+@@ -2716,6 +2741,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -92571,7 +92550,7 @@ index 2de3c84..4ecaf1b 100644
/* Make the old page be freed below */
new_page = old_page;
}
-@@ -2879,6 +2909,10 @@ retry:
+@@ -2880,6 +2910,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -92582,7 +92561,7 @@ index 2de3c84..4ecaf1b 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl);
-@@ -2909,6 +2943,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2910,6 +2944,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -92593,7 +92572,7 @@ index 2de3c84..4ecaf1b 100644
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -2922,6 +2960,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2923,6 +2961,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(hstate_index(h));
}
@@ -97227,10 +97206,10 @@ index def5dd2..4ce55cec 100644
return 0;
}
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
-index 175273f..1c63e05 100644
+index 44ebd5c..1f732bae 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
-@@ -474,7 +474,7 @@ out:
+@@ -475,7 +475,7 @@ out:
return NOTIFY_DONE;
}
@@ -97239,7 +97218,7 @@ index 175273f..1c63e05 100644
.notifier_call = vlan_device_event,
};
-@@ -549,8 +549,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
+@@ -550,8 +550,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
err = -EPERM;
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
break;
@@ -97507,7 +97486,7 @@ index 919a5ce..cc6b444 100644
table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL);
if (!table)
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
-index 8323bce..a03130d 100644
+index d074d06..ad3cfcf 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -312,7 +312,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
@@ -97531,7 +97510,7 @@ index 8323bce..a03130d 100644
batadv_iv_ogm_slide_own_bcast_window(hard_iface);
-@@ -1594,7 +1594,7 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset,
+@@ -1596,7 +1596,7 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset,
return;
/* could be changed by schedule_own_packet() */
@@ -97541,10 +97520,10 @@ index 8323bce..a03130d 100644
if (ogm_packet->flags & BATADV_DIRECTLINK)
has_directlink_flag = true;
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
-index 88df9b1..69cf7c0 100644
+index cc1cfd6..7a68e022 100644
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
-@@ -445,7 +445,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
+@@ -446,7 +446,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
frag_header.packet_type = BATADV_UNICAST_FRAG;
frag_header.version = BATADV_COMPAT_VERSION;
frag_header.ttl = BATADV_TTL;
@@ -97741,10 +97720,10 @@ index f9c0980a..fcbbfeb 100644
tty_port_close(&dev->port, tty, filp);
}
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
-index 0e474b1..fb7109c 100644
+index 1059ed3..d70846a 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
-@@ -1525,7 +1525,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -1524,7 +1524,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
tmp.valid_hooks = t->table->valid_hooks;
}
mutex_unlock(&ebt_mutex);
@@ -97753,7 +97732,7 @@ index 0e474b1..fb7109c 100644
BUGPRINT("c2u Didn't work\n");
ret = -EFAULT;
break;
-@@ -2331,7 +2331,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
+@@ -2330,7 +2330,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
goto out;
tmp.valid_hooks = t->valid_hooks;
@@ -97762,7 +97741,7 @@ index 0e474b1..fb7109c 100644
ret = -EFAULT;
break;
}
-@@ -2342,7 +2342,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
+@@ -2341,7 +2341,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
tmp.entries_size = t->table->entries_size;
tmp.valid_hooks = t->table->valid_hooks;
@@ -98060,7 +98039,7 @@ index a16ed7b..eb44d17 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 45fa2f1..f3e28ec 100644
+index fccc195..c8486ab 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1688,14 +1688,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -98116,7 +98095,7 @@ index 45fa2f1..f3e28ec 100644
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -4331,7 +4331,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -4333,7 +4333,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
@@ -98125,7 +98104,7 @@ index 45fa2f1..f3e28ec 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -6250,7 +6250,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -6302,7 +6302,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -98153,7 +98132,7 @@ index cf999e0..c59a975 100644
}
EXPORT_SYMBOL(dev_load);
diff --git a/net/core/filter.c b/net/core/filter.c
-index ad30d62..21c0743 100644
+index ebce437..9fed9d0 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -126,7 +126,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb,
@@ -98191,35 +98170,7 @@ index ad30d62..21c0743 100644
continue;
case BPF_S_ANC_PROTOCOL:
A = ntohs(skb->protocol);
-@@ -355,6 +355,10 @@ load_b:
-
- if (skb_is_nonlinear(skb))
- return 0;
-+
-+ if (skb->len < sizeof(struct nlattr))
-+ return 0;
-+
- if (A > skb->len - sizeof(struct nlattr))
- return 0;
-
-@@ -371,11 +375,15 @@ load_b:
-
- if (skb_is_nonlinear(skb))
- return 0;
-+
-+ if (skb->len < sizeof(struct nlattr))
-+ return 0;
-+
- if (A > skb->len - sizeof(struct nlattr))
- return 0;
-
- nla = (struct nlattr *)&skb->data[A];
-- if (nla->nla_len > A - skb->len)
-+ if (nla->nla_len > skb->len - A)
- return 0;
-
- nla = nla_find_nested(nla, X);
-@@ -391,9 +399,10 @@ load_b:
+@@ -395,9 +395,10 @@ load_b:
continue;
#endif
default:
@@ -98231,7 +98182,7 @@ index ad30d62..21c0743 100644
return 0;
}
}
-@@ -416,7 +425,7 @@ static int check_load_and_stores(struct sock_filter *filter, int flen)
+@@ -420,7 +421,7 @@ static int check_load_and_stores(struct sock_filter *filter, int flen)
u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */
int pc, ret = 0;
@@ -98240,7 +98191,7 @@ index ad30d62..21c0743 100644
masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL);
if (!masks)
return -ENOMEM;
-@@ -679,7 +688,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp,
+@@ -683,7 +684,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp,
fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL);
if (!fp)
return -ENOMEM;
@@ -98312,7 +98263,7 @@ index b618694..192bbba 100644
m->msg_iov = iov;
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index e161290..8149aea 100644
+index 7d95f69..a6065de 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -2824,7 +2824,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
@@ -98402,7 +98353,7 @@ index 2bf8329..2eb1423 100644
return 0;
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
-index 81d3a9a..a0bd7a8 100644
+index 7c8ffd9..0cb3687 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -443,7 +443,7 @@ static int __register_pernet_operations(struct list_head *list,
@@ -98477,7 +98428,7 @@ index fdac61c..e5e5b46 100644
pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 120eecc..cd1ec44 100644
+index 83b9d6a..cff1ce7 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -98556,7 +98507,7 @@ index b442e7e..6f5b5a2 100644
{
struct socket *sock;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index 90b96a1..cd18f16d 100644
+index e5ae776e..15c90cb 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2003,7 +2003,7 @@ EXPORT_SYMBOL(__skb_checksum);
@@ -98702,7 +98653,7 @@ index c0fc6bd..51d8326 100644
msg->msg_flags |= MSG_ERRQUEUE;
err = copied;
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
-index a0e9cf6..ef7f9ed 100644
+index 6a7fae2..d7c22e6 100644
--- a/net/core/sock_diag.c
+++ b/net/core/sock_diag.c
@@ -9,26 +9,33 @@
@@ -99022,7 +98973,7 @@ index c7539e2..b455e51 100644
break;
case NETDEV_DOWN:
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
-index b53f0bf..3585b33 100644
+index 9d43468..ffa28cc 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
@@ -99144,7 +99095,7 @@ index c10a3ce..dd71f84 100644
return -ENOMEM;
}
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
-index ec4f762..4ce3645 100644
+index 94213c8..8bdb342 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -115,7 +115,7 @@ static bool log_ecn_error = true;
@@ -99198,7 +99149,7 @@ index 580dd96..9fcef7e 100644
msg.msg_flags = flags;
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
-index 48eafae..defff53 100644
+index e4a8f76..dd8ad72 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -44,7 +44,7 @@
@@ -99273,7 +99224,7 @@ index 812b183..56cbe9c 100644
.maxtype = IFLA_IPTUN_MAX,
.policy = ipip_policy,
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index 59da7cd..e318de1 100644
+index f95b6f9..2ee2097 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -885,14 +885,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -99303,7 +99254,7 @@ index 59da7cd..e318de1 100644
ret = -EFAULT;
else
ret = 0;
-@@ -1688,7 +1688,7 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
+@@ -1690,7 +1690,7 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
switch (cmd) {
case ARPT_SO_GET_INFO:
@@ -99312,7 +99263,7 @@ index 59da7cd..e318de1 100644
break;
case ARPT_SO_GET_ENTRIES:
ret = compat_get_entries(sock_net(sk), user, len);
-@@ -1733,7 +1733,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
+@@ -1735,7 +1735,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
switch (cmd) {
case ARPT_SO_GET_INFO:
@@ -99322,7 +99273,7 @@ index 59da7cd..e318de1 100644
case ARPT_SO_GET_ENTRIES:
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
-index 718dfbd..cef4152 100644
+index 99e810f..3711b81 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1073,14 +1073,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -99352,7 +99303,7 @@ index 718dfbd..cef4152 100644
ret = -EFAULT;
else
ret = 0;
-@@ -1971,7 +1971,7 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -1973,7 +1973,7 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IPT_SO_GET_INFO:
@@ -99361,7 +99312,7 @@ index 718dfbd..cef4152 100644
break;
case IPT_SO_GET_ENTRIES:
ret = compat_get_entries(sock_net(sk), user, len);
-@@ -2018,7 +2018,7 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -2020,7 +2020,7 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IPT_SO_GET_INFO:
@@ -99384,7 +99335,7 @@ index 2510c02..cfb34fa 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 2d11c09..3f153f8 100644
+index e21934b..16f52a6 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -99396,39 +99347,16 @@ index 2d11c09..3f153f8 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -255,23 +255,28 @@ int ping_init_sock(struct sock *sk)
- struct group_info *group_info = get_current_groups();
- int i, j, count = group_info->ngroups;
- kgid_t low, high;
-+ int ret = 0;
+@@ -259,7 +259,7 @@ int ping_init_sock(struct sock *sk)
inet_get_ping_group_range_net(net, &low, &high);
if (gid_lte(low, group) && gid_lte(group, high))
- return 0;
+ goto out_release_group;
- for (i = 0; i < group_info->nblocks; i++) {
- int cp_count = min_t(int, NGROUPS_PER_BLOCK, count);
- for (j = 0; j < cp_count; j++) {
- kgid_t gid = group_info->blocks[i][j];
- if (gid_lte(low, gid) && gid_lte(gid, high))
-- return 0;
-+ goto out_release_group;
- }
-
- count -= cp_count;
- }
-
-- return -EACCES;
-+ ret = -EACCES;
-+
-+out_release_group:
-+ put_group_info(group_info);
-+ return ret;
- }
- EXPORT_SYMBOL_GPL(ping_init_sock);
-
-@@ -341,7 +346,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+ group_info = get_current_groups();
+ count = group_info->ngroups;
+@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
return -ENODEV;
}
}
@@ -99437,7 +99365,7 @@ index 2d11c09..3f153f8 100644
scoped);
rcu_read_unlock();
-@@ -549,7 +554,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -556,7 +556,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -99446,7 +99374,7 @@ index 2d11c09..3f153f8 100644
#endif
}
-@@ -567,7 +572,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -574,7 +574,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -99455,7 +99383,7 @@ index 2d11c09..3f153f8 100644
info, (u8 *)icmph);
#endif
}
-@@ -837,6 +842,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -844,6 +844,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
{
struct inet_sock *isk = inet_sk(sk);
int family = sk->sk_family;
@@ -99464,7 +99392,7 @@ index 2d11c09..3f153f8 100644
struct sk_buff *skb;
int copied, err;
-@@ -846,12 +853,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -853,12 +855,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
if (flags & MSG_OOB)
goto out;
@@ -99485,7 +99413,7 @@ index 2d11c09..3f153f8 100644
addr_len);
#endif
}
-@@ -883,7 +897,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -890,7 +899,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
sin->sin_port = 0 /* skb->h.uh->source */;
sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
@@ -99493,7 +99421,7 @@ index 2d11c09..3f153f8 100644
}
if (isk->cmsg_flags)
-@@ -905,14 +918,13 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -912,14 +920,13 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
sin6->sin6_scope_id =
ipv6_iface_scope_id(&sin6->sin6_addr,
IP6CB(skb)->iif);
@@ -99510,7 +99438,7 @@ index 2d11c09..3f153f8 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1104,7 +1116,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -1111,7 +1118,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -99593,7 +99521,7 @@ index c04518f..824ebe5 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index 4c011ec..8fae66b 100644
+index 1344373..02f339e 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -233,7 +233,7 @@ static const struct seq_operations rt_cache_seq_ops = {
@@ -100261,7 +100189,7 @@ index 7b32652..0bc348b 100644
table = kmemdup(ipv6_icmp_table_template,
sizeof(ipv6_icmp_table_template),
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index f3ffb43..1172ba7 100644
+index 2465d18..bc5bf7f 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -71,7 +71,7 @@ struct ip6gre_net {
@@ -100282,7 +100210,7 @@ index f3ffb43..1172ba7 100644
.handler = ip6gre_rcv,
.err_handler = ip6gre_err,
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
-@@ -1634,7 +1634,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
+@@ -1643,7 +1643,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
[IFLA_GRE_FLAGS] = { .type = NLA_U32 },
};
@@ -100291,7 +100219,7 @@ index f3ffb43..1172ba7 100644
.kind = "ip6gre",
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
-@@ -1647,7 +1647,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
+@@ -1657,7 +1657,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
.fill_info = ip6gre_fill_info,
};
@@ -100301,7 +100229,7 @@ index f3ffb43..1172ba7 100644
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
-index 5db8d31..4a72c26 100644
+index 0e51f68..1f501e1 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -85,7 +85,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
@@ -100358,7 +100286,7 @@ index 0a00f44..bec42b2 100644
msg.msg_flags = flags;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index 710238f..0fd1816 100644
+index e080fbb..412b3cf 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1083,14 +1083,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -100388,7 +100316,7 @@ index 710238f..0fd1816 100644
ret = -EFAULT;
else
ret = 0;
-@@ -1981,7 +1981,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -1983,7 +1983,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IP6T_SO_GET_INFO:
@@ -100397,7 +100325,7 @@ index 710238f..0fd1816 100644
break;
case IP6T_SO_GET_ENTRIES:
ret = compat_get_entries(sock_net(sk), user, len);
-@@ -2028,7 +2028,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -2030,7 +2030,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IP6T_SO_GET_INFO:
@@ -100690,10 +100618,10 @@ index cc85a9b..526a133 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index fba54a4..73e374e 100644
+index 7cc1102..7785931 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -2972,7 +2972,7 @@ struct ctl_table ipv6_route_table_template[] = {
+@@ -2973,7 +2973,7 @@ struct ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
{
@@ -101740,7 +101668,7 @@ index f042ae5..30ea486 100644
}
EXPORT_SYMBOL(nf_unregister_sockopt);
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
-index adce01e..8d52d50 100644
+index c68e5e0..8d52d50 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -152,8 +152,8 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi,
@@ -101754,16 +101682,6 @@ index adce01e..8d52d50 100644
nfnl_lock(NFNL_SUBSYS_NFTABLES);
type = __nf_tables_chain_type_lookup(afi->family, nla);
if (type != NULL)
-@@ -1934,7 +1934,8 @@ static const struct nft_set_ops *nft_select_set_ops(const struct nlattr * const
-
- static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
- [NFTA_SET_TABLE] = { .type = NLA_STRING },
-- [NFTA_SET_NAME] = { .type = NLA_STRING },
-+ [NFTA_SET_NAME] = { .type = NLA_STRING,
-+ .len = IFNAMSIZ - 1 },
- [NFTA_SET_FLAGS] = { .type = NLA_U32 },
- [NFTA_SET_KEY_TYPE] = { .type = NLA_U32 },
- [NFTA_SET_KEY_LEN] = { .type = NLA_U32 },
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index a155d19..726b0f2 100644
--- a/net/netfilter/nfnetlink_log.c
@@ -102519,10 +102437,10 @@ index 2b1738e..a9d0fc9 100644
/* Initialize IPv6 support and register with socket layer. */
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
-index 4e1d0fc..068fef7 100644
+index a62a215..0976540 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
-@@ -831,8 +831,10 @@ int sctp_register_af(struct sctp_af *af)
+@@ -836,8 +836,10 @@ int sctp_register_af(struct sctp_af *af)
return 0;
}
@@ -102534,7 +102452,7 @@ index 4e1d0fc..068fef7 100644
return 1;
}
-@@ -962,7 +964,7 @@ static inline int sctp_v4_xmit(struct sk_buff *skb,
+@@ -967,7 +969,7 @@ static inline int sctp_v4_xmit(struct sk_buff *skb,
static struct sctp_af sctp_af_inet;
@@ -102543,7 +102461,7 @@ index 4e1d0fc..068fef7 100644
.event_msgname = sctp_inet_event_msgname,
.skb_msgname = sctp_inet_skb_msgname,
.af_supported = sctp_inet_af_supported,
-@@ -1034,7 +1036,7 @@ static const struct net_protocol sctp_protocol = {
+@@ -1039,7 +1041,7 @@ static const struct net_protocol sctp_protocol = {
};
/* IPv4 address related functions. */
@@ -102552,7 +102470,7 @@ index 4e1d0fc..068fef7 100644
.sa_family = AF_INET,
.sctp_xmit = sctp_v4_xmit,
.setsockopt = ip_setsockopt,
-@@ -1119,7 +1121,7 @@ static void sctp_v4_pf_init(void)
+@@ -1124,7 +1126,7 @@ static void sctp_v4_pf_init(void)
static void sctp_v4_pf_exit(void)
{
@@ -102562,7 +102480,7 @@ index 4e1d0fc..068fef7 100644
static int sctp_v4_protosw_init(void)
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
-index 5d6883f..394a102 100644
+index fef2acd..c705c4f 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -439,7 +439,7 @@ static void sctp_generate_sack_event(unsigned long data)
@@ -102575,10 +102493,10 @@ index 5d6883f..394a102 100644
sctp_generate_t1_cookie_event,
sctp_generate_t1_init_event,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 981aaf8..5bc016d 100644
+index 604a6ac..f87f0a3 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -2169,11 +2169,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
+@@ -2175,11 +2175,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
{
struct sctp_association *asoc;
struct sctp_ulpevent *event;
@@ -102593,7 +102511,7 @@ index 981aaf8..5bc016d 100644
/*
* At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
-@@ -4255,13 +4257,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
+@@ -4259,13 +4261,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
int __user *optlen)
{
@@ -102611,7 +102529,7 @@ index 981aaf8..5bc016d 100644
return -EFAULT;
return 0;
}
-@@ -4279,6 +4284,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
+@@ -4283,6 +4288,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
*/
static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -102620,7 +102538,7 @@ index 981aaf8..5bc016d 100644
/* Applicable to UDP-style socket only */
if (sctp_style(sk, TCP))
return -EOPNOTSUPP;
-@@ -4287,7 +4294,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
+@@ -4291,7 +4298,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
len = sizeof(int);
if (put_user(len, optlen))
return -EFAULT;
@@ -102630,7 +102548,7 @@ index 981aaf8..5bc016d 100644
return -EFAULT;
return 0;
}
-@@ -4662,12 +4670,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
+@@ -4666,12 +4674,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
*/
static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -102647,7 +102565,7 @@ index 981aaf8..5bc016d 100644
return -EFAULT;
return 0;
}
-@@ -4708,6 +4719,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4712,6 +4723,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
if (space_left < addrlen)
return -ENOMEM;
@@ -102657,10 +102575,10 @@ index 981aaf8..5bc016d 100644
return -EFAULT;
to += addrlen;
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
-index 35c8923..536614e 100644
+index c82fdc1..4ca1f95 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
-@@ -305,7 +305,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
+@@ -308,7 +308,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
{
struct net *net = current->nsproxy->net_ns;
char tmp[8];
@@ -102669,7 +102587,7 @@ index 35c8923..536614e 100644
int ret;
int changed = 0;
char *none = "none";
-@@ -352,7 +352,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
+@@ -355,7 +355,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
{
struct net *net = current->nsproxy->net_ns;
int new_value;
@@ -102678,7 +102596,7 @@ index 35c8923..536614e 100644
unsigned int min = *(unsigned int *) ctl->extra1;
unsigned int max = *(unsigned int *) ctl->extra2;
int ret;
-@@ -379,7 +379,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
+@@ -382,7 +382,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
{
struct net *net = current->nsproxy->net_ns;
int new_value;
@@ -102687,7 +102605,16 @@ index 35c8923..536614e 100644
unsigned int min = *(unsigned int *) ctl->extra1;
unsigned int max = *(unsigned int *) ctl->extra2;
int ret;
-@@ -402,7 +402,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
+@@ -408,7 +408,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
+ loff_t *ppos)
+ {
+ struct net *net = current->nsproxy->net_ns;
+- struct ctl_table tbl;
++ ctl_table_no_const tbl;
+ int new_value, ret;
+
+ memset(&tbl, 0, sizeof(struct ctl_table));
+@@ -436,7 +436,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
int sctp_sysctl_net_register(struct net *net)
{
@@ -102696,7 +102623,7 @@ index 35c8923..536614e 100644
if (!net_eq(net, &init_net)) {
int i;
-@@ -415,7 +415,10 @@ int sctp_sysctl_net_register(struct net *net)
+@@ -449,7 +449,10 @@ int sctp_sysctl_net_register(struct net *net)
table[i].data += (char *)(&net->sctp) - (char *)&init_net.sctp;
}
@@ -104215,10 +104142,10 @@ index 8fac3fd..32ff38d 100644
unsigned int secindex_strings;
diff --git a/security/Kconfig b/security/Kconfig
-index beb86b5..55198cd 100644
+index beb86b5..1ea5a01 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,961 @@
+@@ -4,6 +4,960 @@
menu "Security options"
@@ -104255,7 +104182,6 @@ index beb86b5..55198cd 100644
+ select TTY
+ select DEBUG_KERNEL
+ select DEBUG_LIST
-+ select DEBUG_STACKOVERFLOW if HAVE_DEBUG_STACKOVERFLOW
+ help
+ If you say Y here, you will be able to configure many features
+ that will enhance the security of your system. It is highly
@@ -105180,7 +105106,7 @@ index beb86b5..55198cd 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1058,7 @@ config INTEL_TXT
+@@ -103,7 +1057,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -107562,10 +107488,10 @@ index 0000000..82bc5a8
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..8af3693
+index 0000000..e90c205
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,287 @@
+@@ -0,0 +1,295 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -107636,7 +107562,6 @@ index 0000000..8af3693
+#include "tree-pass.h"
+//#include "df.h"
+#include "predict.h"
-+//#include "lto-streamer.h"
+#include "ipa-utils.h"
+
+#if BUILDING_GCC_VERSION >= 4009
@@ -107651,6 +107576,7 @@ index 0000000..8af3693
+#include "tree-ssanames.h"
+#include "print-tree.h"
+#include "tree-eh.h"
++#include "stmt.h"
+#endif
+
+#include "gimple.h"
@@ -107664,6 +107590,10 @@ index 0000000..8af3693
+#include "ssa-iterators.h"
+#endif
+
++//#include "lto/lto.h"
++//#include "data-streamer.h"
++//#include "lto-compress.h"
++
+//#include "expr.h" where are you...
+extern rtx emit_move_insn(rtx x, rtx y);
+
@@ -107675,6 +107605,8 @@ index 0000000..8af3693
+
+#define DECL_NAME_POINTER(node) IDENTIFIER_POINTER(DECL_NAME(node))
+#define DECL_NAME_LENGTH(node) IDENTIFIER_LENGTH(DECL_NAME(node))
++#define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node))
++#define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node))
+
+#if BUILDING_GCC_VERSION == 4005
+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
@@ -107813,6 +107745,8 @@ index 0000000..8af3693
+#if BUILDING_GCC_VERSION >= 4007
+#define cgraph_create_edge(caller, callee, call_stmt, count, freq, nest) \
+ cgraph_create_edge((caller), (callee), (call_stmt), (count), (freq))
++#define cgraph_create_edge_including_clones(caller, callee, old_call_stmt, call_stmt, count, freq, nest, reason) \
++ cgraph_create_edge_including_clones((caller), (callee), (old_call_stmt), (call_stmt), (count), (freq), (reason))
+#endif
+
+#if BUILDING_GCC_VERSION <= 4008
@@ -121718,7 +121652,7 @@ index ed2f51e..cc2d8f6 100644
ALL_CFLAGS = $(CFLAGS) $(BASIC_CFLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
ALL_LDFLAGS = $(LDFLAGS)
diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h
-index 6789d78..4afd019e 100644
+index 6789d788..4afd019e 100644
--- a/tools/perf/util/include/asm/alternative-asm.h
+++ b/tools/perf/util/include/asm/alternative-asm.h
@@ -5,4 +5,7 @@