aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD20
-rw-r--r--main/linux-grsec/ccache.patch10
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch (renamed from main/linux-grsec/grsecurity-3.0-3.13.7-201403252047.patch)647
3 files changed, 468 insertions, 209 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 0da0975fa1..8551ef6dcd 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.13.7
+pkgver=3.13.8
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -17,7 +17,8 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.13.7-201403252047.patch
+ grsecurity-3.0-3.13.8-201404011912.patch
+ ccache.patch
fix-memory-map-for-PIE-applications.patch
platform-introduce-OF-style-modalias-support-for-pla.patch
@@ -148,8 +149,9 @@ dev() {
}
md5sums="0ecbaf65c00374eb4a826c2f9f37606f linux-3.13.tar.xz
-cb33b329d3417846d310c7f58a2614b6 patch-3.13.7.xz
-00dbb1fb5bfc08842d97c02ece67e441 grsecurity-3.0-3.13.7-201403252047.patch
+72b911bfc50de88c67bd0e8732978deb patch-3.13.8.xz
+8d342a525405ccd167eb95a20c0e1062 grsecurity-3.0-3.13.8-201404011912.patch
+2a1bac5f61da1962dfa90dfb16895eef ccache.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-for-pla.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
@@ -157,8 +159,9 @@ f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-f
3949ef829d102d36255ff92ff76936d2 kernelconfig.x86_64
6ea461c60077b09aa75040f7672c7250 kernelconfig.armhf"
sha256sums="4d5e5eee5f276424c32e9591f1b6c971baedc7b49f28ce03d1f48b1e5d6226a2 linux-3.13.tar.xz
-4e7a062493c2a0dd2f2aa0ec636a47b2b1785aebccf652ae56e68f0dfc083f89 patch-3.13.7.xz
-2bd65311a72df142f5b4f7be20f4b1e26fc62c076dba9991f0efba12dc847538 grsecurity-3.0-3.13.7-201403252047.patch
+073a392f4d156955df26a09c3236faf375da0afc49077e6b805f5788b8fffb10 patch-3.13.8.xz
+9121632468387fa458326d1e05a62f855ba8c8ab49998500f56dca7768208bbb grsecurity-3.0-3.13.8-201404011912.patch
+b6abce04f005314f768707a54f85d150cfde1a738f20c569ffa0d11770ff70dc ccache.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
e90bb651da4ff16df25565e44ca70e26367bbcbf9d27962c796c6afd5eecea96 platform-introduce-OF-style-modalias-support-for-pla.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
@@ -166,8 +169,9 @@ f8297eb16cfbe48d5202072e21fa16ebac95de26c8cfa8ec5a66610504af2f81 kernelconfig.x
fd55e28d9baf330d6593453da592bcc03779694e7c3fb496fec47cdad1d7bcaa kernelconfig.x86_64
c1e583baa6694643f85b8df0924cc7c4fac0f6eef963969615e6e642db0f969a kernelconfig.armhf"
sha512sums="1ba223bb4b885d691a67196d86a8aaf7b4a1c351bf2a762f50f1b0c32da00dd0c28895872a66b49e8d244498d996876609268e64861d28ac4048886ef9f79b87 linux-3.13.tar.xz
-bee628e25d8ed378fd32d0e96ac20f24d1bef2950377cee249b65db918bd528a744cc1058006f9e945095ccc81805d715eb27e5c36f2515c7dcfdf5fe6b6c7a6 patch-3.13.7.xz
-f118a017084f8dee3d5ae0f9435f96e9e5cff7c2d4672855622133cc6fd811c4e481c6b6f907b43c691f0531bfaf168dbd08877e29c25da82989492bc4186de4 grsecurity-3.0-3.13.7-201403252047.patch
+d61fc7e95e461b8f0f09ac6e3456eea160f64555bd0c78449d98a6a06e14929915dd6f739f7c7ee34512fbf9eb44ed17e2d262830f86194cb66a4760d019f8f0 patch-3.13.8.xz
+0dcb393b94a36fea3698856031e165bc665b5a5f4a080dadcf6f4928e4776780fb16b23c5de8a0446c9a3766afa42f36df67f000b0b020e13c025b474fb68531 grsecurity-3.0-3.13.8-201404011912.patch
+f6e36cc94cb0c06ba181362f6de6c9fd431e571fbb35acad78d8790ae107531add54f6cb87d78180dd604076d2326885d16127fc4176ed07277ea89c151ce4e0 ccache.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
2ef795ebd70939be346cba824e6af2ca3d8220cdbc54b9fe3a6861cf44bc0df954ca91b7f6e68dcecebdb8a6a1651c12869588cea8c191f9054fe7a8db02f2a4 platform-introduce-OF-style-modalias-support-for-pla.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
diff --git a/main/linux-grsec/ccache.patch b/main/linux-grsec/ccache.patch
new file mode 100644
index 0000000000..b6c7090b74
--- /dev/null
+++ b/main/linux-grsec/ccache.patch
@@ -0,0 +1,10 @@
+--- ./scripts/gcc-plugin.sh.orig 2014-04-02 11:25:17.447803082 +0000
++++ ./scripts/gcc-plugin.sh 2014-04-02 11:25:35.211351328 +0000
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ srctree=$(dirname "$0")
+-gccplugins_dir=$("$3" -print-file-name=plugin)
++gccplugins_dir=$($3 -print-file-name=plugin)
+ plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
+ #include "gcc-common.h"
+ #if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
diff --git a/main/linux-grsec/grsecurity-3.0-3.13.7-201403252047.patch b/main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch
index 52f42f1148..9c4aaacd2f 100644
--- a/main/linux-grsec/grsecurity-3.0-3.13.7-201403252047.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 9f214b4..8c9c622 100644
+index 4cab13b..b7d5e41 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -4097,7 +4097,7 @@ index cf08bdf..772656c 100644
unsigned long search_exception_table(unsigned long addr);
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
-index 3e8f106..a0a1fe4 100644
+index ac1d883..5a7bb91 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -30,6 +30,8 @@
@@ -4109,7 +4109,7 @@ index 3e8f106..a0a1fe4 100644
#include <asm/mach/arch.h>
#include <asm/mach/map.h>
-@@ -681,7 +683,46 @@ void free_initmem(void)
+@@ -682,7 +684,46 @@ void free_initmem(void)
{
#ifdef CONFIG_HAVE_TCM
extern char __tcm_start, __tcm_end;
@@ -6662,18 +6662,9 @@ index 25da651..ae2a259 100644
#endif /* __ASM_SMTC_PROC_H */
diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h
-index 81c8913..81d8432 100644
+index 33e8dbf..81d8432 100644
--- a/arch/mips/include/asm/syscall.h
+++ b/arch/mips/include/asm/syscall.h
-@@ -29,7 +29,7 @@ static inline long syscall_get_nr(struct task_struct *task,
- static inline unsigned long mips_get_syscall_arg(unsigned long *arg,
- struct task_struct *task, struct pt_regs *regs, unsigned int n)
- {
-- unsigned long usp = regs->regs[29];
-+ unsigned long usp __maybe_unused = regs->regs[29];
-
- switch (n) {
- case 0: case 1: case 2: case 3:
@@ -39,14 +39,14 @@ static inline unsigned long mips_get_syscall_arg(unsigned long *arg,
#ifdef CONFIG_32BIT
@@ -17558,7 +17549,7 @@ index 81bb91b..9392125 100644
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 5ad38ad..71db3f2 100644
+index 5ad38ad..f228861 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -17681,7 +17672,30 @@ index 5ad38ad..71db3f2 100644
#include <linux/mm_types.h>
#include <linux/mmdebug.h>
#include <linux/log2.h>
-@@ -580,7 +655,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
+@@ -445,20 +520,10 @@ static inline int pte_same(pte_t a, pte_t b)
+ return a.pte == b.pte;
+ }
+
+-static inline int pteval_present(pteval_t pteval)
+-{
+- /*
+- * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this
+- * way clearly states that the intent is that protnone and numa
+- * hinting ptes are considered present for the purposes of
+- * pagetable operations like zapping, protection changes, gup etc.
+- */
+- return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA);
+-}
+-
+ static inline int pte_present(pte_t a)
+ {
+- return pteval_present(pte_flags(a));
++ return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE |
++ _PAGE_NUMA);
+ }
+
+ #define pte_accessible pte_accessible
+@@ -580,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -17690,7 +17704,7 @@ index 5ad38ad..71db3f2 100644
/* Find an entry in the second-level page table.. */
static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
-@@ -620,7 +695,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -620,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -17699,7 +17713,7 @@ index 5ad38ad..71db3f2 100644
/* to find an entry in a page-table-directory. */
static inline unsigned long pud_index(unsigned long address)
-@@ -635,7 +710,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -635,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -17708,7 +17722,7 @@ index 5ad38ad..71db3f2 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -658,7 +733,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -658,7 +723,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -17722,7 +17736,7 @@ index 5ad38ad..71db3f2 100644
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -669,6 +749,23 @@ static inline int pgd_none(pgd_t pgd)
+@@ -669,6 +739,23 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -17746,7 +17760,7 @@ index 5ad38ad..71db3f2 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -835,11 +932,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -835,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -24440,7 +24454,7 @@ index f36bd42..56ee1534 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index a468c0a..b9aed84 100644
+index a468c0a..c7dec74 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -24532,6 +24546,15 @@ index a468c0a..b9aed84 100644
movq initial_code(%rip),%rax
pushq $0 # fake return address to stop unwinder
pushq $__KERNEL_CS # set correct cs
+@@ -313,7 +344,7 @@ ENDPROC(start_cpu0)
+ .quad INIT_PER_CPU_VAR(irq_stack_union)
+
+ GLOBAL(stack_start)
+- .quad init_thread_union+THREAD_SIZE-8
++ .quad init_thread_union+THREAD_SIZE-16
+ .word 0
+ __FINITDATA
+
@@ -391,7 +422,7 @@ ENTRY(early_idt_handler)
call dump_stack
#ifdef CONFIG_KALLSYMS
@@ -26509,18 +26532,10 @@ index c8e41e9..64049ef 100644
/*
* PCI ids solely used for fixups_table go here
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
-index 3fd2c69..16ef367 100644
+index 3fd2c69..a444264 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
-@@ -11,6 +11,7 @@
- #include <asm/kexec.h>
- #include <asm/processor-flags.h>
- #include <asm/pgtable_types.h>
-+#include <asm/alternative-asm.h>
-
- /*
- * Must be relocatable PIC code callable as a C function
-@@ -96,8 +97,7 @@ relocate_kernel:
+@@ -96,8 +96,7 @@ relocate_kernel:
/* jump to identity mapped page */
addq $(identity_mapped - relocate_kernel), %r8
@@ -26530,14 +26545,6 @@ index 3fd2c69..16ef367 100644
identity_mapped:
/* set return address to 0 if not preserving context */
-@@ -167,6 +167,7 @@ identity_mapped:
- xorl %r14d, %r14d
- xorl %r15d, %r15d
-
-+ pax_force_retaddr 0, 1
- ret
-
- 1:
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index cb233bc..23b4879 100644
--- a/arch/x86/kernel/setup.c
@@ -26823,7 +26830,7 @@ index 7c3a5a6..f0a8961 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index 85dc05a..1241266 100644
+index 85dc05a..f8c96f6 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -229,14 +229,18 @@ static void notrace start_secondary(void *unused)
@@ -26851,9 +26858,12 @@ index 85dc05a..1241266 100644
/*
* Check TSC synchronization with the BP:
*/
-@@ -751,6 +755,7 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -749,8 +753,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+ alternatives_enable_smp();
+
idle->thread.sp = (unsigned long) (((struct pt_regs *)
- (THREAD_SIZE + task_stack_page(idle))) - 1);
+- (THREAD_SIZE + task_stack_page(idle))) - 1);
++ (THREAD_SIZE - 16 + task_stack_page(idle))) - 1);
per_cpu(current_task, cpu) = idle;
+ per_cpu(current_tinfo, cpu) = &idle->tinfo;
@@ -28085,7 +28095,7 @@ index d86ff15..e77b023 100644
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
-index ad75d77..a679d32 100644
+index cba218a..1cc1bed 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -331,7 +331,7 @@ retry_walk:
@@ -28125,7 +28135,7 @@ index 532add1..59eb241 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index dcc4de3..6bf73f4 100644
+index 31c3e8b..ca3acc6 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1316,12 +1316,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -33527,7 +33537,7 @@ index 0000000..dace51c
+EXPORT_SYMBOL(__pax_close_userland);
+#endif
diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
-index 877b9a1..f746de8 100644
+index 0149575..f746de8 100644
--- a/arch/x86/net/bpf_jit.S
+++ b/arch/x86/net/bpf_jit.S
@@ -9,6 +9,7 @@
@@ -33601,15 +33611,6 @@ index 877b9a1..f746de8 100644
ret
#define sk_negative_common(SIZE) \
-@@ -140,7 +149,7 @@ bpf_slow_path_byte_msh:
- push %r9; \
- push SKBDATA; \
- /* rsi already has offset */ \
-- mov $SIZE,%ecx; /* size */ \
-+ mov $SIZE,%edx; /* size */ \
- call bpf_internal_load_pointer_neg_helper; \
- test %rax,%rax; \
- pop SKBDATA; \
@@ -157,6 +166,7 @@ sk_load_word_negative_offset:
sk_negative_common(4)
mov (%rax), %eax
@@ -35431,18 +35432,30 @@ index fa6ade7..73da73a5 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index 3c76c3d..7871755 100644
+index 3c76c3d..7327d91 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
-@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
+@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr,
+ /* Assume pteval_t is equivalent to all the other *val_t types. */
+ static pteval_t pte_mfn_to_pfn(pteval_t val)
+ {
+- if (pteval_present(val)) {
++ if (val & _PAGE_PRESENT) {
+ unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
+ unsigned long pfn = mfn_to_pfn(mfn);
+
+@@ -379,9 +379,9 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
return val;
}
-static pteval_t pte_pfn_to_mfn(pteval_t val)
+static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val)
{
- if (pteval_present(val)) {
+- if (pteval_present(val)) {
++ if (val & _PAGE_PRESENT) {
unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
+ pteval_t flags = val & PTE_FLAGS_MASK;
+ unsigned long mfn;
@@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
/* L3_k[510] -> level2_kernel_pgt
* L3_i[511] -> level2_fixmap_pgt */
@@ -40054,6 +40067,19 @@ index a3ba9a8..ee52ddd 100644
unsigned relocs_total = 0;
unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
+diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
+index d3c3b5b..e79720d 100644
+--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
++++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
+@@ -828,7 +828,7 @@ void i915_gem_suspend_gtt_mappings(struct drm_device *dev)
+ dev_priv->gtt.base.clear_range(&dev_priv->gtt.base,
+ dev_priv->gtt.base.start / PAGE_SIZE,
+ dev_priv->gtt.base.total / PAGE_SIZE,
+- false);
++ true);
+ }
+
+ void i915_gem_restore_gtt_mappings(struct drm_device *dev)
diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c
index 3c59584..500f2e9 100644
--- a/drivers/gpu/drm/i915/i915_ioc32.c
@@ -40090,7 +40116,7 @@ index 3c59584..500f2e9 100644
return ret;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index a209177..842a89a 100644
+index 9702704..3fb9e40 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -1419,7 +1419,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
@@ -40147,7 +40173,7 @@ index a209177..842a89a 100644
I915_WRITE(GEN8_MASTER_IRQ, 0);
POSTING_READ(GEN8_MASTER_IRQ);
-@@ -2998,7 +2998,7 @@ static void gen8_irq_uninstall(struct drm_device *dev)
+@@ -2996,7 +2996,7 @@ static void gen8_irq_uninstall(struct drm_device *dev)
if (!dev_priv)
return;
@@ -40156,7 +40182,7 @@ index a209177..842a89a 100644
I915_WRITE(GEN8_MASTER_IRQ, 0);
-@@ -3092,7 +3092,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -3090,7 +3090,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -40165,7 +40191,7 @@ index a209177..842a89a 100644
for_each_pipe(pipe)
I915_WRITE(PIPESTAT(pipe), 0);
-@@ -3178,7 +3178,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
+@@ -3176,7 +3176,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -40174,7 +40200,7 @@ index a209177..842a89a 100644
iir = I915_READ16(IIR);
if (iir == 0)
-@@ -3253,7 +3253,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -3251,7 +3251,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -40183,7 +40209,7 @@ index a209177..842a89a 100644
if (I915_HAS_HOTPLUG(dev)) {
I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -3360,7 +3360,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
+@@ -3358,7 +3358,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
int pipe, ret = IRQ_NONE;
@@ -40192,7 +40218,7 @@ index a209177..842a89a 100644
iir = I915_READ(IIR);
do {
-@@ -3487,7 +3487,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -3485,7 +3485,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -40201,7 +40227,7 @@ index a209177..842a89a 100644
I915_WRITE(PORT_HOTPLUG_EN, 0);
I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -3603,7 +3603,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
+@@ -3601,7 +3601,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -41431,7 +41457,7 @@ index cea623c..73011b0 100644
ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
if (ret)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index f0c5e07..399256e 100644
+index f0c5e07..49a4d4a 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
@@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)
@@ -41443,6 +41469,15 @@ index f0c5e07..399256e 100644
__asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi),
"=a"(hv_status_lo) : "d" (control_hi),
+@@ -154,7 +154,7 @@ int hv_init(void)
+ /* See if the hypercall page is already set */
+ rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+
+- virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC);
++ virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_RX);
+
+ if (!virtaddr)
+ goto cleanup;
diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
index 7e17a54..a50a33d 100644
--- a/drivers/hv/hv_balloon.c
@@ -44483,10 +44518,10 @@ index 46da365..3ba4206 100644
dev_set_drvdata(&dev->dev, dev);
rc = device_add(&dev->dev);
diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c
-index 20e345d..da56fe4 100644
+index a1c641e..3007da9 100644
--- a/drivers/media/usb/dvb-usb/cxusb.c
+++ b/drivers/media/usb/dvb-usb/cxusb.c
-@@ -1101,7 +1101,7 @@ static struct dib0070_config dib7070p_dib0070_config = {
+@@ -1112,7 +1112,7 @@ static struct dib0070_config dib7070p_dib0070_config = {
struct dib0700_adapter_state {
int (*set_param_save) (struct dvb_frontend *);
@@ -44496,7 +44531,7 @@ index 20e345d..da56fe4 100644
static int dib7070_set_param_override(struct dvb_frontend *fe)
{
diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c
-index c1a63b2..dbcbfb6 100644
+index f272ed8..6289f9c 100644
--- a/drivers/media/usb/dvb-usb/dw2102.c
+++ b/drivers/media/usb/dvb-usb/dw2102.c
@@ -121,7 +121,7 @@ struct su3000_state {
@@ -45476,19 +45511,6 @@ index 7b5424f..ed1d6ac 100644
err = -EFAULT;
goto cmd_rel_host;
}
-diff --git a/drivers/mmc/card/queue.c b/drivers/mmc/card/queue.c
-index 357bbc5..3e049c1 100644
---- a/drivers/mmc/card/queue.c
-+++ b/drivers/mmc/card/queue.c
-@@ -197,7 +197,7 @@ int mmc_init_queue(struct mmc_queue *mq, struct mmc_card *card,
- struct mmc_queue_req *mqrq_prev = &mq->mqrq[1];
-
- if (mmc_dev(host)->dma_mask && *mmc_dev(host)->dma_mask)
-- limit = dma_max_pfn(mmc_dev(host)) << PAGE_SHIFT;
-+ limit = (u64)dma_max_pfn(mmc_dev(host)) << PAGE_SHIFT;
-
- mq->card = card;
- mq->queue = blk_init_queue(mmc_request_fn, lock);
diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c
index e5b5eeb..7bf2212 100644
--- a/drivers/mmc/core/mmc_ops.c
@@ -48189,10 +48211,10 @@ index 84419af..268ede8 100644
&dev_attr_energy_uj.attr;
}
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
-index 75dffb79..df850cd 100644
+index 7271299..20217a5 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
-@@ -3370,7 +3370,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3366,7 +3366,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
{
const struct regulation_constraints *constraints = NULL;
const struct regulator_init_data *init_data;
@@ -48201,7 +48223,7 @@ index 75dffb79..df850cd 100644
struct regulator_dev *rdev;
struct device *dev;
int ret, i;
-@@ -3440,7 +3440,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3436,7 +3436,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
rdev->dev.of_node = config->of_node;
rdev->dev.parent = dev;
dev_set_name(&rdev->dev, "regulator.%d",
@@ -49336,7 +49358,7 @@ index fe0bcb1..c9255be 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index 7bd7f0d..93159d8 100644
+index 62ec84b..93159d8 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1474,7 +1474,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
@@ -49360,15 +49382,6 @@ index 7bd7f0d..93159d8 100644
disposition = scsi_decide_disposition(cmd);
if (disposition != SUCCESS &&
-@@ -1684,7 +1684,7 @@ u64 scsi_calculate_bounce_limit(struct Scsi_Host *shost)
-
- host_dev = scsi_get_device(shost);
- if (host_dev && host_dev->dma_mask)
-- bounce_limit = dma_max_pfn(host_dev) << PAGE_SHIFT;
-+ bounce_limit = (u64)dma_max_pfn(host_dev) << PAGE_SHIFT;
-
- return bounce_limit;
- }
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 8ff62c2..693b6f7 100644
--- a/drivers/scsi/scsi_sysfs.c
@@ -52092,6 +52105,38 @@ index 1eab4ac..e21efc9 100644
iommu_group_id(group->iommu_group));
return 0;
+diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
+index b12176f..e5522d9 100644
+--- a/drivers/vhost/net.c
++++ b/drivers/vhost/net.c
+@@ -528,6 +528,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq,
+ *iovcount = seg;
+ if (unlikely(log))
+ *log_num = nlogs;
++
++ /* Detect overrun */
++ if (unlikely(datalen > 0)) {
++ r = UIO_MAXIOV + 1;
++ goto err;
++ }
+ return headcount;
+ err:
+ vhost_discard_vq_desc(vq, headcount);
+@@ -583,6 +589,14 @@ static void handle_rx(struct vhost_net *net)
+ /* On error, stop handling until the next kick. */
+ if (unlikely(headcount < 0))
+ break;
++ /* On overrun, truncate and discard */
++ if (unlikely(headcount > UIO_MAXIOV)) {
++ msg.msg_iovlen = 1;
++ err = sock->ops->recvmsg(NULL, sock, &msg,
++ 1, MSG_DONTWAIT | MSG_TRUNC);
++ pr_debug("Discarded rx packet: len %zd\n", sock_len);
++ continue;
++ }
+ /* OK, now we need to know about added descriptors. */
+ if (!headcount) {
+ if (unlikely(vhost_enable_notify(&net->dev, vq))) {
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 5174eba..451e6bc 100644
--- a/drivers/vhost/vringh.c
@@ -55593,6 +55638,54 @@ index 88714ae..16c2e11 100644
static inline u32 get_pll_internal_frequency(u32 ref_freq,
+diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
+index 4c02e2b..2c85267 100644
+--- a/drivers/xen/balloon.c
++++ b/drivers/xen/balloon.c
+@@ -406,12 +406,26 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
+ state = BP_EAGAIN;
+ break;
+ }
+-
+- pfn = page_to_pfn(page);
+- frame_list[i] = pfn_to_mfn(pfn);
+-
+ scrub_page(page);
+
++ frame_list[i] = page_to_pfn(page);
++ }
++
++ /*
++ * Ensure that ballooned highmem pages don't have kmaps.
++ *
++ * Do this before changing the p2m as kmap_flush_unused()
++ * reads PTEs to obtain pages (and hence needs the original
++ * p2m entry).
++ */
++ kmap_flush_unused();
++
++ /* Update direct mapping, invalidate P2M, and add to balloon. */
++ for (i = 0; i < nr_pages; i++) {
++ pfn = frame_list[i];
++ frame_list[i] = pfn_to_mfn(pfn);
++ page = pfn_to_page(pfn);
++
+ #ifdef CONFIG_XEN_HAVE_PVMMU
+ /*
+ * Ballooned out frames are effectively replaced with
+@@ -436,11 +450,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
+ }
+ #endif
+
+- balloon_append(pfn_to_page(pfn));
++ balloon_append(page);
+ }
+
+- /* Ensure that ballooned highmem pages don't have kmaps. */
+- kmap_flush_unused();
+ flush_tlb_all();
+
+ set_xen_guest_handle(reservation.extent_start, frame_list);
diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c
index fef20db..d28b1ab 100644
--- a/drivers/xen/xenfs/xenstored.c
@@ -55684,6 +55777,61 @@ index 062a5f6..e5618e0 100644
return -EINVAL;
file = aio_private_file(ctx, nr_pages);
+diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
+index 2408473..80ef38c 100644
+--- a/fs/anon_inodes.c
++++ b/fs/anon_inodes.c
+@@ -41,19 +41,8 @@ static const struct dentry_operations anon_inodefs_dentry_operations = {
+ static struct dentry *anon_inodefs_mount(struct file_system_type *fs_type,
+ int flags, const char *dev_name, void *data)
+ {
+- struct dentry *root;
+- root = mount_pseudo(fs_type, "anon_inode:", NULL,
++ return mount_pseudo(fs_type, "anon_inode:", NULL,
+ &anon_inodefs_dentry_operations, ANON_INODE_FS_MAGIC);
+- if (!IS_ERR(root)) {
+- struct super_block *s = root->d_sb;
+- anon_inode_inode = alloc_anon_inode(s);
+- if (IS_ERR(anon_inode_inode)) {
+- dput(root);
+- deactivate_locked_super(s);
+- root = ERR_CAST(anon_inode_inode);
+- }
+- }
+- return root;
+ }
+
+ static struct file_system_type anon_inode_fs_type = {
+@@ -175,22 +164,15 @@ EXPORT_SYMBOL_GPL(anon_inode_getfd);
+
+ static int __init anon_inode_init(void)
+ {
+- int error;
+-
+- error = register_filesystem(&anon_inode_fs_type);
+- if (error)
+- goto err_exit;
+ anon_inode_mnt = kern_mount(&anon_inode_fs_type);
+- if (IS_ERR(anon_inode_mnt)) {
+- error = PTR_ERR(anon_inode_mnt);
+- goto err_unregister_filesystem;
+- }
++ if (IS_ERR(anon_inode_mnt))
++ panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt));
++
++ anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
++ if (IS_ERR(anon_inode_inode))
++ panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode));
++
+ return 0;
+-
+-err_unregister_filesystem:
+- unregister_filesystem(&anon_inode_fs_type);
+-err_exit:
+- panic(KERN_ERR "anon_inode_init() failed (%d)\n", error);
+ }
+
+ fs_initcall(anon_inode_init);
diff --git a/fs/attr.c b/fs/attr.c
index 5d4e59d..fd02418 100644
--- a/fs/attr.c
@@ -58018,7 +58166,7 @@ index bc3fbcd..6031650 100644
return 0;
while (nr) {
diff --git a/fs/dcache.c b/fs/dcache.c
-index fdbe230..ba17c1f 100644
+index fdbe230..d852932 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
@@ -58030,6 +58178,18 @@ index fdbe230..ba17c1f 100644
if (!dname) {
kmem_cache_free(dentry_cache, dentry);
return NULL;
+@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name)
+ u32 dlen = ACCESS_ONCE(name->len);
+ char *p;
+
+- if (*buflen < dlen + 1)
+- return -ENAMETOOLONG;
+ *buflen -= dlen + 1;
++ if (*buflen < 0)
++ return -ENAMETOOLONG;
+ p = *buffer -= dlen + 1;
+ *p++ = '/';
+ while (dlen--) {
@@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
@@ -61024,7 +61184,7 @@ index a17458c..e69fb5b 100644
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index cfe6608..f9deefc 100644
+index cfe6608..a24748c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -61100,7 +61260,57 @@ index cfe6608..f9deefc 100644
nd->last_type = LAST_BIND;
*p = dentry->d_inode->i_op->follow_link(dentry, nd);
error = PTR_ERR(*p);
-@@ -1582,6 +1596,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
+@@ -1098,7 +1112,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
+ return false;
+
+ if (!d_mountpoint(path->dentry))
+- break;
++ return true;
+
+ mounted = __lookup_mnt(path->mnt, path->dentry);
+ if (!mounted)
+@@ -1114,20 +1128,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
+ */
+ *inode = path->dentry->d_inode;
+ }
+- return true;
+-}
+-
+-static void follow_mount_rcu(struct nameidata *nd)
+-{
+- while (d_mountpoint(nd->path.dentry)) {
+- struct mount *mounted;
+- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
+- if (!mounted)
+- break;
+- nd->path.mnt = &mounted->mnt;
+- nd->path.dentry = mounted->mnt.mnt_root;
+- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
+- }
++ return read_seqretry(&mount_lock, nd->m_seq);
+ }
+
+ static int follow_dotdot_rcu(struct nameidata *nd)
+@@ -1155,7 +1156,17 @@ static int follow_dotdot_rcu(struct nameidata *nd)
+ break;
+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
+ }
+- follow_mount_rcu(nd);
++ while (d_mountpoint(nd->path.dentry)) {
++ struct mount *mounted;
++ mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
++ if (!mounted)
++ break;
++ nd->path.mnt = &mounted->mnt;
++ nd->path.dentry = mounted->mnt.mnt_root;
++ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
++ if (!read_seqretry(&mount_lock, nd->m_seq))
++ goto failed;
++ }
+ nd->inode = nd->path.dentry->d_inode;
+ return 0;
+
+@@ -1582,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
if (res)
break;
res = walk_component(nd, path, LOOKUP_FOLLOW);
@@ -61109,7 +61319,7 @@ index cfe6608..f9deefc 100644
put_link(nd, &link, cookie);
} while (res > 0);
-@@ -1655,7 +1671,7 @@ EXPORT_SYMBOL(full_name_hash);
+@@ -1655,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash);
static inline unsigned long hash_name(const char *name, unsigned int *hashp)
{
unsigned long a, b, adata, bdata, mask, hash, len;
@@ -61118,7 +61328,7 @@ index cfe6608..f9deefc 100644
hash = a = 0;
len = -sizeof(unsigned long);
-@@ -1939,6 +1955,8 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1939,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name,
if (err)
break;
err = lookup_last(nd, &path);
@@ -61127,7 +61337,7 @@ index cfe6608..f9deefc 100644
put_link(nd, &link, cookie);
}
}
-@@ -1946,6 +1964,13 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1946,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name,
if (!err)
err = complete_walk(nd);
@@ -61141,7 +61351,7 @@ index cfe6608..f9deefc 100644
if (!err && nd->flags & LOOKUP_DIRECTORY) {
if (!d_is_directory(nd->path.dentry)) {
path_put(&nd->path);
-@@ -1973,8 +1998,15 @@ static int filename_lookup(int dfd, struct filename *name,
+@@ -1973,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name,
retval = path_lookupat(dfd, name->name,
flags | LOOKUP_REVAL, nd);
@@ -61158,7 +61368,7 @@ index cfe6608..f9deefc 100644
return retval;
}
-@@ -2548,6 +2580,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
+@@ -2548,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
return -EPERM;
@@ -61172,7 +61382,7 @@ index cfe6608..f9deefc 100644
return 0;
}
-@@ -2779,7 +2818,7 @@ looked_up:
+@@ -2779,7 +2815,7 @@ looked_up:
* cleared otherwise prior to returning.
*/
static int lookup_open(struct nameidata *nd, struct path *path,
@@ -61181,7 +61391,7 @@ index cfe6608..f9deefc 100644
const struct open_flags *op,
bool got_write, int *opened)
{
-@@ -2814,6 +2853,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2814,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
umode_t mode = op->mode;
@@ -61199,7 +61409,7 @@ index cfe6608..f9deefc 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2835,6 +2885,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2835,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
nd->flags & LOOKUP_EXCL);
if (error)
goto out_dput;
@@ -61208,7 +61418,7 @@ index cfe6608..f9deefc 100644
}
out_no_open:
path->dentry = dentry;
-@@ -2849,7 +2901,7 @@ out_dput:
+@@ -2849,7 +2898,7 @@ out_dput:
/*
* Handle the last step of open()
*/
@@ -61217,7 +61427,7 @@ index cfe6608..f9deefc 100644
struct file *file, const struct open_flags *op,
int *opened, struct filename *name)
{
-@@ -2899,6 +2951,15 @@ static int do_last(struct nameidata *nd, struct path *path,
+@@ -2899,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path,
if (error)
return error;
@@ -61233,7 +61443,7 @@ index cfe6608..f9deefc 100644
audit_inode(name, dir, LOOKUP_PARENT);
error = -EISDIR;
/* trailing slashes? */
-@@ -2918,7 +2979,7 @@ retry_lookup:
+@@ -2918,7 +2976,7 @@ retry_lookup:
*/
}
mutex_lock(&dir->d_inode->i_mutex);
@@ -61242,7 +61452,7 @@ index cfe6608..f9deefc 100644
mutex_unlock(&dir->d_inode->i_mutex);
if (error <= 0) {
-@@ -2942,11 +3003,28 @@ retry_lookup:
+@@ -2942,11 +3000,28 @@ retry_lookup:
goto finish_open_created;
}
@@ -61272,7 +61482,7 @@ index cfe6608..f9deefc 100644
/*
* If atomic_open() acquired write access it is dropped now due to
-@@ -2987,6 +3065,11 @@ finish_lookup:
+@@ -2987,6 +3062,11 @@ finish_lookup:
}
}
BUG_ON(inode != path->dentry->d_inode);
@@ -61284,7 +61494,7 @@ index cfe6608..f9deefc 100644
return 1;
}
-@@ -2996,7 +3079,6 @@ finish_lookup:
+@@ -2996,7 +3076,6 @@ finish_lookup:
save_parent.dentry = nd->path.dentry;
save_parent.mnt = mntget(path->mnt);
nd->path.dentry = path->dentry;
@@ -61292,7 +61502,7 @@ index cfe6608..f9deefc 100644
}
nd->inode = inode;
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
-@@ -3006,7 +3088,18 @@ finish_open:
+@@ -3006,7 +3085,18 @@ finish_open:
path_put(&save_parent);
return error;
}
@@ -61311,7 +61521,7 @@ index cfe6608..f9deefc 100644
error = -EISDIR;
if ((open_flag & O_CREAT) &&
(d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry)))
-@@ -3170,7 +3263,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3170,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
if (unlikely(error))
goto out;
@@ -61320,7 +61530,7 @@ index cfe6608..f9deefc 100644
while (unlikely(error > 0)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -3188,7 +3281,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3188,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
break;
@@ -61329,7 +61539,7 @@ index cfe6608..f9deefc 100644
put_link(nd, &link, cookie);
}
out:
-@@ -3288,9 +3381,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
+@@ -3288,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
goto unlock;
error = -EEXIST;
@@ -61343,7 +61553,7 @@ index cfe6608..f9deefc 100644
/*
* Special case - lookup gave negative, but... we had foo/bar/
* From the vfs_mknod() POV we just have a negative dentry -
-@@ -3342,6 +3437,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
+@@ -3342,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
}
EXPORT_SYMBOL(user_path_create);
@@ -61364,7 +61574,7 @@ index cfe6608..f9deefc 100644
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -3404,6 +3513,17 @@ retry:
+@@ -3404,6 +3510,17 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -61382,7 +61592,7 @@ index cfe6608..f9deefc 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out;
-@@ -3420,6 +3540,8 @@ retry:
+@@ -3420,6 +3537,8 @@ retry:
break;
}
out:
@@ -61391,7 +61601,7 @@ index cfe6608..f9deefc 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3472,9 +3594,16 @@ retry:
+@@ -3472,9 +3591,16 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -61408,7 +61618,7 @@ index cfe6608..f9deefc 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3555,6 +3684,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -3555,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
struct filename *name;
struct dentry *dentry;
struct nameidata nd;
@@ -61417,7 +61627,7 @@ index cfe6608..f9deefc 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3587,10 +3718,21 @@ retry:
+@@ -3587,10 +3715,21 @@ retry:
error = -ENOENT;
goto exit3;
}
@@ -61439,7 +61649,7 @@ index cfe6608..f9deefc 100644
exit3:
dput(dentry);
exit2:
-@@ -3680,6 +3822,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -3680,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct nameidata nd;
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
@@ -61448,7 +61658,7 @@ index cfe6608..f9deefc 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3706,10 +3850,22 @@ retry_deleg:
+@@ -3706,10 +3847,22 @@ retry_deleg:
if (d_is_negative(dentry))
goto slashes;
ihold(inode);
@@ -61471,7 +61681,7 @@ index cfe6608..f9deefc 100644
exit2:
dput(dentry);
}
-@@ -3797,9 +3953,17 @@ retry:
+@@ -3797,9 +3950,17 @@ retry:
if (IS_ERR(dentry))
goto out_putname;
@@ -61489,7 +61699,7 @@ index cfe6608..f9deefc 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3902,6 +4066,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3902,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
struct dentry *new_dentry;
struct path old_path, new_path;
struct inode *delegated_inode = NULL;
@@ -61497,7 +61707,7 @@ index cfe6608..f9deefc 100644
int how = 0;
int error;
-@@ -3925,7 +4090,7 @@ retry:
+@@ -3925,7 +4087,7 @@ retry:
if (error)
return error;
@@ -61506,7 +61716,7 @@ index cfe6608..f9deefc 100644
(how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
-@@ -3937,11 +4102,28 @@ retry:
+@@ -3937,11 +4099,28 @@ retry:
error = may_linkat(&old_path);
if (unlikely(error))
goto out_dput;
@@ -61535,7 +61745,7 @@ index cfe6608..f9deefc 100644
done_path_create(&new_path, new_dentry);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
-@@ -4228,6 +4410,12 @@ retry_deleg:
+@@ -4228,6 +4407,12 @@ retry_deleg:
if (new_dentry == trap)
goto exit5;
@@ -61548,7 +61758,7 @@ index cfe6608..f9deefc 100644
error = security_path_rename(&oldnd.path, old_dentry,
&newnd.path, new_dentry);
if (error)
-@@ -4235,6 +4423,9 @@ retry_deleg:
+@@ -4235,6 +4420,9 @@ retry_deleg:
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry,
&delegated_inode);
@@ -61558,7 +61768,7 @@ index cfe6608..f9deefc 100644
exit5:
dput(new_dentry);
exit4:
-@@ -4271,6 +4462,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -4271,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -61567,7 +61777,7 @@ index cfe6608..f9deefc 100644
int len;
len = PTR_ERR(link);
-@@ -4280,7 +4473,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -4280,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
@@ -64953,10 +65163,10 @@ index 104455b..764c512 100644
kfree(s);
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..031e895
+index 0000000..13b7885
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1157 @@
+@@ -0,0 +1,1155 @@
+#
+# grecurity configuration
+#
@@ -64970,18 +65180,16 @@ index 0000000..031e895
+ help
+ If you say Y here, /dev/kmem and /dev/mem won't be allowed to
+ be written to or read from to modify or leak the contents of the running
-+ kernel. /dev/port will also not be allowed to be opened, and support
-+ for /dev/cpu/*/msr and kexec will be removed. If you have module
-+ support disabled, enabling this will close up six ways that are
-+ currently used to insert malicious code into the running kernel.
++ kernel. /dev/port will also not be allowed to be opened, writing to
++ /dev/cpu/*/msr will be prevented, and support for kexec will be removed.
++ If you have module support disabled, enabling this will close up several
++ ways that are currently used to insert malicious code into the running
++ kernel.
+
+ Even with this feature enabled, we still highly recommend that
+ you use the RBAC system, as it is still possible for an attacker to
+ modify the running kernel through other more obscure methods.
+
-+ Enabling this feature will prevent the "cpupower" and "powertop" tools
-+ from working.
-+
+ It is highly recommended that you say Y here if you meet all the
+ conditions above.
+
@@ -87648,7 +87856,7 @@ index 06ec886..9dba35e 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index be7c86b..b972b27 100644
+index 97fb834..b972b27 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -87663,22 +87871,6 @@ index be7c86b..b972b27 100644
if (syslog_action_restricted(type)) {
if (capable(CAP_SYSLOG))
return 0;
-@@ -1080,7 +1085,6 @@ static int syslog_print_all(char __user *buf, int size, bool clear)
- next_seq = log_next_seq;
-
- len = 0;
-- prev = 0;
- while (len >= 0 && seq < next_seq) {
- struct printk_log *msg = log_from_idx(idx);
- int textlen;
-@@ -2789,7 +2793,6 @@ bool kmsg_dump_get_buffer(struct kmsg_dumper *dumper, bool syslog,
- next_idx = idx;
-
- l = 0;
-- prev = 0;
- while (seq < dumper->next_seq) {
- struct printk_log *msg = log_from_idx(idx);
-
diff --git a/kernel/profile.c b/kernel/profile.c
index 6631e1e..310c266 100644
--- a/kernel/profile.c
@@ -90104,10 +90296,10 @@ index 26dc348..8708ca7 100644
+ return atomic64_inc_return_unchecked(&trace_counter);
}
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
-index 2e58196..fdd3d61 100644
+index ba983dc..911aaf9 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
-@@ -1681,7 +1681,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call,
+@@ -1675,7 +1675,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call,
return 0;
}
@@ -90809,7 +91001,7 @@ index 7811ed3..f80ca19 100644
static inline void *ptr_to_indirect(void *ptr)
{
diff --git a/lib/random32.c b/lib/random32.c
-index 1e5b2df..fb616c7 100644
+index 1e5b2df..009bfe8 100644
--- a/lib/random32.c
+++ b/lib/random32.c
@@ -44,7 +44,7 @@
@@ -90821,6 +91013,27 @@ index 1e5b2df..fb616c7 100644
/**
* prandom_u32_state - seeded pseudo-random number generator.
+@@ -244,8 +244,19 @@ static void __prandom_reseed(bool late)
+ static bool latch = false;
+ static DEFINE_SPINLOCK(lock);
+
++ /* Asking for random bytes might result in bytes getting
++ * moved into the nonblocking pool and thus marking it
++ * as initialized. In this case we would double back into
++ * this function and attempt to do a late reseed.
++ * Ignore the pointless attempt to reseed again if we're
++ * already waiting for bytes when the nonblocking pool
++ * got initialized.
++ */
++
+ /* only allow initial seeding (late == false) once */
+- spin_lock_irqsave(&lock, flags);
++ if (!spin_trylock_irqsave(&lock, flags))
++ return;
++
+ if (latch && !late)
+ goto out;
+ latch = true;
diff --git a/lib/rbtree.c b/lib/rbtree.c
index 65f4eff..2cfa167 100644
--- a/lib/rbtree.c
@@ -96442,7 +96655,7 @@ index 3f9b0f3..fc6d4fa 100644
if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) {
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
-index 4a5df7b..9ad1f1d 100644
+index 464303f..9c30218 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -186,7 +186,7 @@ static void con_fault(struct ceph_connection *con);
@@ -101318,24 +101531,6 @@ index e83c416..f87df4c 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
-index a642fd616..1eebf22 100644
---- a/net/sunrpc/auth_gss/auth_gss.c
-+++ b/net/sunrpc/auth_gss/auth_gss.c
-@@ -500,10 +500,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
- default:
- err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
- if (err)
-- goto err_free_msg;
-+ goto err_put_pipe_version;
- };
- kref_get(&gss_auth->kref);
- return gss_msg;
-+err_put_pipe_version:
-+ put_pipe_version(gss_auth->net);
- err_free_msg:
- kfree(gss_msg);
- err:
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 1b94a9c..496f7f5 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
@@ -101689,7 +101884,7 @@ index d38bb45..38d5df5 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index d7c1ac6..8e92764 100644
+index d7c1ac6..b0fc322 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -101738,7 +101933,52 @@ index d7c1ac6..8e92764 100644
done_path_create(&path, dentry);
return err;
}
-@@ -2335,9 +2354,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -1785,8 +1804,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
+ goto out;
+
+ err = mutex_lock_interruptible(&u->readlock);
+- if (err) {
+- err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
++ if (unlikely(err)) {
++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
++ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
++ */
++ err = noblock ? -EAGAIN : -ERESTARTSYS;
+ goto out;
+ }
+
+@@ -1911,6 +1933,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
+ struct unix_sock *u = unix_sk(sk);
+ struct sockaddr_un *sunaddr = msg->msg_name;
+ int copied = 0;
++ int noblock = flags & MSG_DONTWAIT;
+ int check_creds = 0;
+ int target;
+ int err = 0;
+@@ -1926,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
+ goto out;
+
+ target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
+- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
++ timeo = sock_rcvtimeo(sk, noblock);
+
+ /* Lock the socket to prevent queue disordering
+ * while sleeps in memcpy_tomsg
+@@ -1938,8 +1961,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
+ }
+
+ err = mutex_lock_interruptible(&u->readlock);
+- if (err) {
+- err = sock_intr_errno(timeo);
++ if (unlikely(err)) {
++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
++ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
++ */
++ err = noblock ? -EAGAIN : -ERESTARTSYS;
+ goto out;
+ }
+
+@@ -2335,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -101753,7 +101993,7 @@ index d7c1ac6..8e92764 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2364,8 +2387,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2364,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -102292,26 +102532,25 @@ index 078fe1d..fbdb363 100644
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..5e0222d
+index 0000000..3c23999
--- /dev/null
+++ b/scripts/gcc-plugin.sh
-@@ -0,0 +1,17 @@
+@@ -0,0 +1,16 @@
+#!/bin/bash
-+plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF
-+#include "gcc-plugin.h"
-+#include "tree.h"
-+#include "tm.h"
-+#include "rtl.h"
-+#ifdef ENABLE_BUILD_WITH_CXX
++srctree=$(dirname "$0")
++gccplugins_dir=$("$3" -print-file-name=plugin)
++plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++#include "gcc-common.h"
++#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
+#warning $2
+#else
+#warning $1
+#endif
-+EOF`
++EOF
++)
+if [ $? -eq 0 ]
+then
-+ [[ "$plugincc" =~ "$1" ]] && echo "$1"
-+ [[ "$plugincc" =~ "$2" ]] && echo "$2"
++ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" )
+fi
diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
index 5de5660..d3deb89 100644
@@ -102537,7 +102776,7 @@ index 0865b3e..7235dd4 100644
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
-index 90e521f..e9eaf8f 100644
+index c1bb9be..63aed853 100644
--- a/scripts/package/builddeb
+++ b/scripts/package/builddeb
@@ -281,6 +281,7 @@ fi
@@ -106836,10 +107075,10 @@ index 0000000..dd73713
+}
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
new file mode 100644
-index 0000000..1a98bed
+index 0000000..319229d
--- /dev/null
+++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,451 @@
+@@ -0,0 +1,457 @@
+/*
+ * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -106868,7 +107107,7 @@ index 0000000..1a98bed
+static tree latent_entropy_decl;
+
+static struct plugin_info latent_entropy_plugin_info = {
-+ .version = "201402240545",
++ .version = "201403280150",
+ .help = NULL
+};
+
@@ -107040,6 +107279,10 @@ index 0000000..1a98bed
+
+static bool gate_latent_entropy(void)
+{
++ // don't bother with noreturn functions for now
++ if (TREE_THIS_VOLATILE(current_function_decl))
++ return false;
++
+ return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE;
+}
+
@@ -107164,7 +107407,8 @@ index 0000000..1a98bed
+ gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
+ update_stmt(assign);
+//debug_bb(bb);
-+ bb = bb->next_bb;
++ gcc_assert(single_succ_p(bb));
++ bb = single_succ(bb);
+
+ // 3. instrument each BB with an operation on the local entropy variable
+ while (bb != EXIT_BLOCK_PTR_FOR_FN(cfun)) {
@@ -107174,8 +107418,9 @@ index 0000000..1a98bed
+ };
+
+ // 4. mix local entropy into the global entropy variable
-+ perturb_latent_entropy(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb, local_entropy);
-+//debug_bb(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb);
++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun)));
++ perturb_latent_entropy(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)), local_entropy);
++//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)));
+ return 0;
+}
+