aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD18
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.12.7-201401120824.patch (renamed from main/linux-grsec/grsecurity-3.0-3.12.6-201312221037.patch)1236
2 files changed, 904 insertions, 350 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index aff5e5219d..f47ffa8d94 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,12 +2,12 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.12.6
+pkgver=3.12.7
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=2
+pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.12.6-201312221037.patch
+ grsecurity-3.0-3.12.7-201401120824.patch
fix-memory-map-for-PIE-applications.patch
@@ -144,20 +144,20 @@ dev() {
}
md5sums="cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz
-9e75be8b127e58f1a76c0015eabb12ae patch-3.12.6.xz
-08fb432729eecd94fbd97d2b413043a1 grsecurity-3.0-3.12.6-201312221037.patch
+a158a29ecf49e768ebd2f34967991606 patch-3.12.7.xz
+a90b0bcd0ece5c0bee4fa8155a0122fd grsecurity-3.0-3.12.7-201401120824.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
6dcd7940c137dadcd01a4e0f3fbc7446 kernelconfig.x86
22c5cf50df52d24d222473760a007869 kernelconfig.x86_64"
sha256sums="2e120ec7fde19fa51dc6b6cc11c81860a0775defcad5a5bf910ed9a50e845a02 linux-3.12.tar.xz
-d3f0fab91fa4f25b685ae087030252feedb0169061c2f486cdf38b399e4baf7a patch-3.12.6.xz
-3db8444dda3eb2b6d41abd8f6d280303bbe2c57f3508b2537e2d3fe24aa7346a grsecurity-3.0-3.12.6-201312221037.patch
+ac57d56064bb23dae55fe656c407c662e842c98a6a5411251d6bb79c9718f555 patch-3.12.7.xz
+1ff99432fb966b8646bfa73f6828c8e25351afcfac2acbd3f019448926de9278 grsecurity-3.0-3.12.7-201401120824.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
ab5f8d000dae45616dad9857e24961b315bc5a43f86805875c051961152a9ee3 kernelconfig.x86
46739cf496107e88e8ccc648b90b7dd0a62738fda286f2908c9aecc8ee239c8a kernelconfig.x86_64"
sha512sums="4ba5797e0772726d05c9f2eee66dc6dc2a5033c749ef44764c805a83da739ed5d0c6443b76785e38fe1ef74cc7ade787e48144faed0cfcb6f124f05248c700ff linux-3.12.tar.xz
-dd386fa4ace7a2a63c788540fb4b76a621c2aa7ac874e2ebbf81014da255f6811584e93a4e92beffda88e33e848d8a69cdcb33cce81387b35c79ff49fc32563c patch-3.12.6.xz
-f98a05fffdffee62cdb6ceaea1326d6231e391ba771f69c24e5ea0b7f3b83a1346530c48170c0fce9cf7681a247786d3324d1034c3f10e0fcf2db61429a16705 grsecurity-3.0-3.12.6-201312221037.patch
+070536e1ed0911e91e96f32038b38efd8d531a306b09eb3074f68ebd7c582cf09574ea712666c3e3dff8443d66d054028a58497dd5e11f66d3bb5eb4570aee78 patch-3.12.7.xz
+34475fd4f167492550f2cc0df7f0b4eb4f616e1a40d1e914128c20b0ec3a77d7c7a57f1fe7874316e4081ac15d06e4bf33b841477b69757409fe54c4f40d76ce grsecurity-3.0-3.12.7-201401120824.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
fd66d8704ef272c0d7b35237dcd297484afa39eeb8f1a820b6734e8e636c8db699116247a89dac99a59372d8dcf5125b04676d60c27eea5f65a2dbfa07aa39f8 kernelconfig.x86
3ff4b1d67975376a562624691d0ab03f4760ba8d9283719bbbfd281c49399a83feaefa70186cd1f1ca654f4e1110d9c2326f7a07bb862c59a92a7e93b9d99592 kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-3.0-3.12.6-201312221037.patch b/main/linux-grsec/grsecurity-3.0-3.12.7-201401120824.patch
index 12c5249c45..6b060dc4d0 100644
--- a/main/linux-grsec/grsecurity-3.0-3.12.6-201312221037.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.12.7-201401120824.patch
@@ -229,7 +229,7 @@ index b89a739..79768fb 100644
+zconf.lex.c
zoffset.h
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index fcbb736..5508d8c 100644
+index 4f7c57c..a2dc685 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1031,6 +1031,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
@@ -243,7 +243,7 @@ index fcbb736..5508d8c 100644
hashdist= [KNL,NUMA] Large hashes allocated during boot
are distributed across NUMA nodes. Defaults on
for 64-bit NUMA, off otherwise.
-@@ -1999,6 +2003,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2001,6 +2005,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
noexec=on: enable non-executable mappings (default)
noexec=off: disable non-executable mappings
@@ -254,7 +254,7 @@ index fcbb736..5508d8c 100644
nosmap [X86]
Disable SMAP (Supervisor Mode Access Prevention)
even if it is supported by processor.
-@@ -2266,6 +2274,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2268,6 +2276,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
@@ -281,7 +281,7 @@ index fcbb736..5508d8c 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 2b23383..a66cff0 100644
+index c2f0b79..2e5e090 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -8003,7 +8003,7 @@ index 3a9ed6a..b534681 100644
addi r3,r1,STACK_FRAME_OVERHEAD
lwz r4,_DAR(r1)
diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c
-index 2e3200c..72095ce 100644
+index 2e3200c..7118986 100644
--- a/arch/powerpc/kernel/module_32.c
+++ b/arch/powerpc/kernel/module_32.c
@@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr *hdr,
@@ -8035,6 +8035,15 @@ index 2e3200c..72095ce 100644
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
+@@ -300,7 +305,7 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
+ }
+ #ifdef CONFIG_DYNAMIC_FTRACE
+ module->arch.tramp =
+- do_plt_call(module->module_core,
++ do_plt_call(module->module_core_rx,
+ (unsigned long)ftrace_caller,
+ sechdrs, module);
+ #endif
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index 96d2fdf..f6d10c8 100644
--- a/arch/powerpc/kernel/process.c
@@ -16996,7 +17005,7 @@ index 81bb91b..9392125 100644
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 3d19994..732a48c 100644
+index bbc8b12..f228861 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -17119,7 +17128,7 @@ index 3d19994..732a48c 100644
#include <linux/mm_types.h>
#include <linux/mmdebug.h>
#include <linux/log2.h>
-@@ -563,7 +638,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
+@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -17128,7 +17137,7 @@ index 3d19994..732a48c 100644
/* Find an entry in the second-level page table.. */
static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
-@@ -603,7 +678,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -17137,7 +17146,7 @@ index 3d19994..732a48c 100644
/* to find an entry in a page-table-directory. */
static inline unsigned long pud_index(unsigned long address)
-@@ -618,7 +693,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -17146,7 +17155,7 @@ index 3d19994..732a48c 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -641,7 +716,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -17160,7 +17169,7 @@ index 3d19994..732a48c 100644
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -652,6 +732,23 @@ static inline int pgd_none(pgd_t pgd)
+@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -17184,7 +17193,7 @@ index 3d19994..732a48c 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -818,11 +915,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -27338,7 +27347,7 @@ index b110fe6..d9c19f2 100644
out:
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index dec48bf..f4d21f7 100644
+index 1673940..4bce95e 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -55,7 +55,7 @@
@@ -27391,7 +27400,7 @@ index c0bc803..6837a50 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 2b2fce1..da76be4 100644
+index 6128914..8be1dd2 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1316,12 +1316,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -31195,10 +31204,10 @@ index 3aaeffc..42ea9fb 100644
+ return ret ? -EFAULT : 0;
+}
diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index dd74e46..0970b01 100644
+index 0596e8e..9de0b1c 100644
--- a/arch/x86/mm/gup.c
+++ b/arch/x86/mm/gup.c
-@@ -255,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
+@@ -268,7 +268,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
addr = start;
len = (unsigned long) nr_pages << PAGE_SHIFT;
end = start + len;
@@ -31207,7 +31216,7 @@ index dd74e46..0970b01 100644
(void __user *)start, len)))
return 0;
-@@ -331,6 +331,10 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
+@@ -344,6 +344,10 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
goto slow_irqon;
#endif
@@ -35262,6 +35271,21 @@ index 9515f18..4b149c9 100644
{
.callback = dmi_disable_osi_vista,
.ident = "Fujitsu Siemens",
+diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
+index 12b62f2..dc2aac8 100644
+--- a/drivers/acpi/custom_method.c
++++ b/drivers/acpi/custom_method.c
+@@ -29,6 +29,10 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
+ struct acpi_table_header table;
+ acpi_status status;
+
++#ifdef CONFIG_GRKERNSEC_KMEM
++ return -EPERM;
++#endif
++
+ if (!(*ppos)) {
+ /* parse the table header to get the table length */
+ if (count <= sizeof(struct acpi_table_header))
diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
index c7414a5..d5afd71 100644
--- a/drivers/acpi/processor_idle.c
@@ -35307,7 +35331,7 @@ index cfb7447..98f2149 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 81a94a3..b711c74 100644
+index 2c2780a..5ebc310 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
@@ -35319,7 +35343,7 @@ index 81a94a3..b711c74 100644
struct ata_force_param {
const char *name;
-@@ -4809,7 +4809,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4823,7 +4823,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -35328,7 +35352,7 @@ index 81a94a3..b711c74 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4825,7 +4825,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4839,7 +4839,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -35337,7 +35361,7 @@ index 81a94a3..b711c74 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5944,6 +5944,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5958,6 +5958,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -35345,7 +35369,7 @@ index 81a94a3..b711c74 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5957,8 +5958,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5971,8 +5972,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -35356,7 +35380,7 @@ index 81a94a3..b711c74 100644
spin_unlock(&lock);
}
-@@ -6151,7 +6153,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+@@ -6165,7 +6167,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
/* give ports names and add SCSI hosts */
for (i = 0; i < host->n_ports; i++) {
@@ -35366,10 +35390,10 @@ index 81a94a3..b711c74 100644
}
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
-index ab58556..ed19dd2 100644
+index 377eb88..8591b44 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
-@@ -4114,7 +4114,7 @@ int ata_sas_port_init(struct ata_port *ap)
+@@ -4135,7 +4135,7 @@ int ata_sas_port_init(struct ata_port *ap)
if (rc)
return rc;
@@ -38919,10 +38943,10 @@ index a6f4cb5..6b2beb2 100644
if (IS_GEN6(dev) || IS_GEN7(dev)) {
seq_printf(m,
diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index d5c784d..06e5c36 100644
+index 5a25f24..5af2004 100644
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
-@@ -1263,7 +1263,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1271,7 +1271,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
@@ -39090,7 +39114,7 @@ index 4b91228..590c643 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index f535670..bde09e2 100644
+index aad6f7b..dcc91447 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -10019,13 +10019,13 @@ struct intel_quirk {
@@ -39800,10 +39824,10 @@ index 71245d6..94c556d 100644
return radeon_debugfs_add_files(rdev, radeon_mem_types_list, i);
diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c
-index 1447d79..40b2a5b 100644
+index 3c38f0a..13816e3 100644
--- a/drivers/gpu/drm/radeon/rs690.c
+++ b/drivers/gpu/drm/radeon/rs690.c
-@@ -345,9 +345,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev,
+@@ -355,9 +355,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev,
if (max_bandwidth.full > rdev->pm.sideport_bandwidth.full &&
rdev->pm.sideport_bandwidth.full)
max_bandwidth = rdev->pm.sideport_bandwidth;
@@ -41501,7 +41525,7 @@ index 922a7fe..bb035db 100644
gameport->dev.release = gameport_release_port;
if (gameport->parent)
diff --git a/drivers/input/input.c b/drivers/input/input.c
-index e75d015..57d1c28 100644
+index 74f4798..d9f7168 100644
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -1734,7 +1734,7 @@ EXPORT_SYMBOL_GPL(input_class);
@@ -42912,6 +42936,21 @@ index 3d13a63..da31bf1 100644
.release = mxr_vp_layer_release,
.buffer_set = mxr_vp_buffer_set,
.stream_set = mxr_vp_stream_set,
+diff --git a/drivers/media/platform/vivi.c b/drivers/media/platform/vivi.c
+index 1d3f119..75f40bb 100644
+--- a/drivers/media/platform/vivi.c
++++ b/drivers/media/platform/vivi.c
+@@ -58,8 +58,8 @@ MODULE_AUTHOR("Mauro Carvalho Chehab, Ted Walther and John Sokol");
+ MODULE_LICENSE("Dual BSD/GPL");
+ MODULE_VERSION(VIVI_VERSION);
+
+-static unsigned video_nr = -1;
+-module_param(video_nr, uint, 0644);
++static int video_nr = -1;
++module_param(video_nr, int, 0644);
+ MODULE_PARM_DESC(video_nr, "videoX start number, -1 is autodetect");
+
+ static unsigned n_devs = 1;
diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c
index 545c04c..a14bded 100644
--- a/drivers/media/radio/radio-cadet.c
@@ -44323,6 +44362,19 @@ index 50617c5..b13724c 100644
}
/* To mask all all interrupts.*/
+diff --git a/drivers/net/hamradio/hdlcdrv.c b/drivers/net/hamradio/hdlcdrv.c
+index 3169252..5d78c1d 100644
+--- a/drivers/net/hamradio/hdlcdrv.c
++++ b/drivers/net/hamradio/hdlcdrv.c
+@@ -571,6 +571,8 @@ static int hdlcdrv_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+ case HDLCDRVCTL_CALIBRATE:
+ if(!capable(CAP_SYS_RAWIO))
+ return -EPERM;
++ if (bi.data.calibrate > INT_MAX / s->par.bitrate)
++ return -EINVAL;
+ s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16;
+ return 0;
+
diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
index e6fe0d8..2b7d752 100644
--- a/drivers/net/hyperv/hyperv_net.h
@@ -44713,10 +44765,10 @@ index e1dd8c7..9f91b3f 100644
/* service connection information */
struct ath10k_htc_svc_conn_req {
diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
-index 8d78253..bebbb68 100644
+index a366d6b..b6f28f8 100644
--- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c
+++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
-@@ -184,8 +184,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
+@@ -218,8 +218,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
ads->ds_txstatus6 = ads->ds_txstatus7 = 0;
ads->ds_txstatus8 = ads->ds_txstatus9 = 0;
@@ -44727,7 +44779,7 @@ index 8d78253..bebbb68 100644
ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore);
ctl6 = SM(i->keytype, AR_EncrType);
-@@ -199,26 +199,26 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
+@@ -233,26 +233,26 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
if ((i->is_first || i->is_last) &&
i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) {
@@ -44761,7 +44813,7 @@ index 8d78253..bebbb68 100644
return;
}
-@@ -243,7 +243,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
+@@ -277,7 +277,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
break;
}
@@ -44770,7 +44822,7 @@ index 8d78253..bebbb68 100644
| (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
| SM(i->txpower, AR_XmitPower)
| (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
-@@ -253,19 +253,19 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
+@@ -287,19 +287,19 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
| (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable :
(i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0));
@@ -45739,6 +45791,43 @@ index cdc7836..528635c 100644
proc_create("devices", 0, proc_bus_pci_dir,
&proc_bus_pci_dev_operations);
proc_initialized = 1;
+diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
+index 19c313b..ed28b38 100644
+--- a/drivers/platform/x86/asus-wmi.c
++++ b/drivers/platform/x86/asus-wmi.c
+@@ -1618,6 +1618,10 @@ static int show_dsts(struct seq_file *m, void *data)
+ int err;
+ u32 retval = -1;
+
++#ifdef CONFIG_GRKERNSEC_KMEM
++ return -EPERM;
++#endif
++
+ err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
+
+ if (err < 0)
+@@ -1634,6 +1638,10 @@ static int show_devs(struct seq_file *m, void *data)
+ int err;
+ u32 retval = -1;
+
++#ifdef CONFIG_GRKERNSEC_KMEM
++ return -EPERM;
++#endif
++
+ err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
+ &retval);
+
+@@ -1658,6 +1666,10 @@ static int show_call(struct seq_file *m, void *data)
+ union acpi_object *obj;
+ acpi_status status;
+
++#ifdef CONFIG_GRKERNSEC_KMEM
++ return -EPERM;
++#endif
++
+ status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
+ 1, asus->debug.method_id,
+ &input, &output);
diff --git a/drivers/platform/x86/chromeos_laptop.c b/drivers/platform/x86/chromeos_laptop.c
index 3e5b4497..dcdfb70 100644
--- a/drivers/platform/x86/chromeos_laptop.c
@@ -46062,7 +46151,7 @@ index cc439fd..8fa30df 100644
#endif /* CONFIG_SYSFS */
diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c
-index 00e6672..2642c08 100644
+index 557af94..84dc1fe 100644
--- a/drivers/power/power_supply_core.c
+++ b/drivers/power/power_supply_core.c
@@ -24,7 +24,10 @@
@@ -47788,10 +47877,10 @@ index e51b09a..5ebac31 100644
login->tgt_agt = sbp_target_agent_register(login);
if (IS_ERR(login->tgt_agt)) {
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index d90dbb0..6cbe585 100644
+index e5e3965..a7b487c 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
-@@ -1431,7 +1431,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
+@@ -1436,7 +1436,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
spin_lock_init(&dev->se_tmr_lock);
spin_lock_init(&dev->qf_cmd_lock);
sema_init(&dev->caw_sem, 1);
@@ -48236,10 +48325,19 @@ index c0f76da..d974c32 100644
dlci_get(dlci->gsm->dlci[0]);
mux_get(dlci->gsm);
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 4d6f430..0810fa9 100644
+index d4a89db..dbe8d8c 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
-@@ -2504,6 +2504,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -114,7 +114,7 @@ struct n_tty_data {
+ int minimum_to_wake;
+
+ /* consumer-published */
+- size_t read_tail;
++ size_t read_tail __intentional_overflow(-1);
+ size_t line_start;
+
+ /* protected by output lock */
+@@ -2509,6 +2509,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
@@ -49336,7 +49434,7 @@ index 2a3bbdf..91d72cf 100644
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
-index 71dc5d7..300db0e 100644
+index 71dc5d7..d4c488f 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
@@ -49348,7 +49446,7 @@ index 71dc5d7..300db0e 100644
loff_t pos;
int i;
-@@ -229,16 +229,16 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
+@@ -229,22 +229,22 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
struct usb_config_descriptor *config =
(struct usb_config_descriptor *)dev->rawdescriptors[i];
@@ -49368,6 +49466,13 @@ index 71dc5d7..300db0e 100644
if (len > nbytes)
len = nbytes;
+ /* Simply don't write (skip over) unallocated parts */
+ if (alloclen > (*ppos - pos)) {
+- alloclen -= (*ppos - pos);
++ alloclen = alloclen + pos - *ppos;
+ if (copy_to_user(buf,
+ dev->rawdescriptors[i] + (*ppos - pos),
+ min(len, alloclen))) {
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index f20a044..d1059aa 100644
--- a/drivers/usb/core/hcd.c
@@ -53225,10 +53330,10 @@ index 789bc25..fafaeea 100644
&data);
if (!inode) {
diff --git a/fs/aio.c b/fs/aio.c
-index 6efb7f6..37da952 100644
+index 062a5f6..e5618e0 100644
--- a/fs/aio.c
+++ b/fs/aio.c
-@@ -338,7 +338,7 @@ static int aio_setup_ring(struct kioctx *ctx)
+@@ -374,7 +374,7 @@ static int aio_setup_ring(struct kioctx *ctx)
size += sizeof(struct io_event) * nr_events;
nr_pages = PFN_UP(size);
@@ -54976,10 +55081,10 @@ index 7ddddf2..2e12dbc 100644
}
retry:
diff --git a/fs/cifs/link.c b/fs/cifs/link.c
-index 7e36ceb..109252f 100644
+index 477e53b..7a32216 100644
--- a/fs/cifs/link.c
+++ b/fs/cifs/link.c
-@@ -624,7 +624,7 @@ symlink_exit:
+@@ -620,7 +620,7 @@ symlink_exit:
void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie)
{
@@ -56572,10 +56677,10 @@ index dc5d572..4c21f8e 100644
if (free_clusters >= (nclusters + dirty_clusters +
resv_clusters))
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index af815ea..99294a6 100644
+index 745faaa..a072816 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
-@@ -1256,19 +1256,19 @@ struct ext4_sb_info {
+@@ -1266,19 +1266,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
/* stats for buddy allocator */
@@ -56606,7 +56711,7 @@ index af815ea..99294a6 100644
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index a41e3ba..e574a00 100644
+index 04a5c75..09894fa 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
@@ -56686,7 +56791,7 @@ index a41e3ba..e574a00 100644
}
if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
-@@ -3578,7 +3578,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
+@@ -3583,7 +3583,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_inode_pa(ac, pa);
ext4_mb_use_inode_pa(ac, pa);
@@ -56695,7 +56800,7 @@ index a41e3ba..e574a00 100644
ei = EXT4_I(ac->ac_inode);
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
-@@ -3638,7 +3638,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
+@@ -3643,7 +3643,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_group_pa(ac, pa);
ext4_mb_use_group_pa(ac, pa);
@@ -56704,7 +56809,7 @@ index a41e3ba..e574a00 100644
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
lg = ac->ac_lg;
-@@ -3727,7 +3727,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
+@@ -3732,7 +3732,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
* from the bitmap and continue.
*/
}
@@ -56713,7 +56818,7 @@ index a41e3ba..e574a00 100644
return err;
}
-@@ -3745,7 +3745,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
+@@ -3750,7 +3750,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
@@ -56736,7 +56841,7 @@ index 214461e..3614c89 100644
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 2c2e6cb..7c3ee62 100644
+index b947e0a..c102e3b 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1251,7 +1251,7 @@ static ext4_fsblk_t get_sb_block(void **data)
@@ -60794,6 +60899,22 @@ index 651d09a..60c73ae 100644
/*
* base.c
+diff --git a/fs/proc/interrupts.c b/fs/proc/interrupts.c
+index 05029c0..7ea1987 100644
+--- a/fs/proc/interrupts.c
++++ b/fs/proc/interrupts.c
+@@ -47,7 +47,11 @@ static const struct file_operations proc_interrupts_operations = {
+
+ static int __init proc_interrupts_init(void)
+ {
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++ proc_create_grsec("interrupts", 0, NULL, &proc_interrupts_operations);
++#else
+ proc_create("interrupts", 0, NULL, &proc_interrupts_operations);
++#endif
+ return 0;
+ }
+ module_init(proc_interrupts_init);
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 06ea155..9a798c7 100644
--- a/fs/proc/kcore.c
@@ -61143,6 +61264,94 @@ index 6b6a993..807cccc 100644
if (!IS_ERR(s))
kfree(s);
}
+diff --git a/fs/proc/stat.c b/fs/proc/stat.c
+index 1cf86c0..0ee1ca5 100644
+--- a/fs/proc/stat.c
++++ b/fs/proc/stat.c
+@@ -11,6 +11,7 @@
+ #include <linux/irqnr.h>
+ #include <asm/cputime.h>
+ #include <linux/tick.h>
++#include <linux/grsecurity.h>
+
+ #ifndef arch_irq_stat_cpu
+ #define arch_irq_stat_cpu(cpu) 0
+@@ -87,6 +88,18 @@ static int show_stat(struct seq_file *p, void *v)
+ u64 sum_softirq = 0;
+ unsigned int per_softirq_sums[NR_SOFTIRQS] = {0};
+ struct timespec boottime;
++ int unrestricted = 1;
++
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ && !in_group_p(grsec_proc_gid)
++#endif
++ )
++ unrestricted = 0;
++#endif
++#endif
+
+ user = nice = system = idle = iowait =
+ irq = softirq = steal = 0;
+@@ -94,6 +107,7 @@ static int show_stat(struct seq_file *p, void *v)
+ getboottime(&boottime);
+ jif = boottime.tv_sec;
+
++ if (unrestricted) {
+ for_each_possible_cpu(i) {
+ user += kcpustat_cpu(i).cpustat[CPUTIME_USER];
+ nice += kcpustat_cpu(i).cpustat[CPUTIME_NICE];
+@@ -116,6 +130,7 @@ static int show_stat(struct seq_file *p, void *v)
+ }
+ }
+ sum += arch_irq_stat();
++ }
+
+ seq_puts(p, "cpu ");
+ seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(user));
+@@ -131,6 +146,7 @@ static int show_stat(struct seq_file *p, void *v)
+ seq_putc(p, '\n');
+
+ for_each_online_cpu(i) {
++ if (unrestricted) {
+ /* Copy values here to work around gcc-2.95.3, gcc-2.96 */
+ user = kcpustat_cpu(i).cpustat[CPUTIME_USER];
+ nice = kcpustat_cpu(i).cpustat[CPUTIME_NICE];
+@@ -142,6 +158,7 @@ static int show_stat(struct seq_file *p, void *v)
+ steal = kcpustat_cpu(i).cpustat[CPUTIME_STEAL];
+ guest = kcpustat_cpu(i).cpustat[CPUTIME_GUEST];
+ guest_nice = kcpustat_cpu(i).cpustat[CPUTIME_GUEST_NICE];
++ }
+ seq_printf(p, "cpu%d", i);
+ seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(user));
+ seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(nice));
+@@ -159,7 +176,7 @@ static int show_stat(struct seq_file *p, void *v)
+
+ /* sum again ? it could be updated? */
+ for_each_irq_nr(j)
+- seq_put_decimal_ull(p, ' ', kstat_irqs(j));
++ seq_put_decimal_ull(p, ' ', unrestricted ? kstat_irqs(j) : 0ULL);
+
+ seq_printf(p,
+ "\nctxt %llu\n"
+@@ -167,11 +184,11 @@ static int show_stat(struct seq_file *p, void *v)
+ "processes %lu\n"
+ "procs_running %lu\n"
+ "procs_blocked %lu\n",
+- nr_context_switches(),
++ unrestricted ? nr_context_switches() : 0ULL,
+ (unsigned long)jif,
+- total_forks,
+- nr_running(),
+- nr_iowait());
++ unrestricted ? total_forks : 0UL,
++ unrestricted ? nr_running() : 0UL,
++ unrestricted ? nr_iowait() : 0UL);
+
+ seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
+
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 390bdab..83c1e8a 100644
--- a/fs/proc/task_mmu.c
@@ -62097,7 +62306,7 @@ index f4fb7ec..3fe03c0 100644
error = notify_change(path->dentry, &newattrs);
mutex_unlock(&inode->i_mutex);
diff --git a/fs/xattr.c b/fs/xattr.c
-index 3377dff..4d074d9 100644
+index 3377dff..f394815 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -227,6 +227,27 @@ int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
@@ -62188,6 +62397,66 @@ index 3377dff..4d074d9 100644
mnt_drop_write_file(f.file);
}
fdput(f);
+@@ -626,7 +650,7 @@ SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
+ * Extended attribute REMOVE operations
+ */
+ static long
+-removexattr(struct dentry *d, const char __user *name)
++removexattr(struct path *path, const char __user *name)
+ {
+ int error;
+ char kname[XATTR_NAME_MAX + 1];
+@@ -637,7 +661,10 @@ removexattr(struct dentry *d, const char __user *name)
+ if (error < 0)
+ return error;
+
+- return vfs_removexattr(d, kname);
++ if (!gr_acl_handle_removexattr(path->dentry, path->mnt))
++ return -EACCES;
++
++ return vfs_removexattr(path->dentry, kname);
+ }
+
+ SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
+@@ -652,7 +679,7 @@ retry:
+ return error;
+ error = mnt_want_write(path.mnt);
+ if (!error) {
+- error = removexattr(path.dentry, name);
++ error = removexattr(&path, name);
+ mnt_drop_write(path.mnt);
+ }
+ path_put(&path);
+@@ -675,7 +702,7 @@ retry:
+ return error;
+ error = mnt_want_write(path.mnt);
+ if (!error) {
+- error = removexattr(path.dentry, name);
++ error = removexattr(&path, name);
+ mnt_drop_write(path.mnt);
+ }
+ path_put(&path);
+@@ -689,16 +716,16 @@ retry:
+ SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
+ {
+ struct fd f = fdget(fd);
+- struct dentry *dentry;
++ struct path *path;
+ int error = -EBADF;
+
+ if (!f.file)
+ return error;
+- dentry = f.file->f_path.dentry;
+- audit_inode(NULL, dentry, 0);
++ path = &f.file->f_path;
++ audit_inode(NULL, path->dentry, 0);
+ error = mnt_want_write_file(f.file);
+ if (!error) {
+- error = removexattr(dentry, name);
++ error = removexattr(path, name);
+ mnt_drop_write_file(f.file);
+ }
+ fdput(f);
diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c
index 9fbea87..6b19972 100644
--- a/fs/xattr_acl.c
@@ -62262,10 +62531,10 @@ index 2b8952d..a60c6be 100644
kfree(s);
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..a78d810
+index 0000000..5b2538b
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1107 @@
+@@ -0,0 +1,1116 @@
+#
+# grecurity configuration
+#
@@ -62684,7 +62953,12 @@ index 0000000..a78d810
+ This option acts independently of grsec_lock: once it is set to 1,
+ it cannot be turned off. Therefore, please be mindful of the resulting
+ behavior if this option is enabled in an init script on a read-only
-+ filesystem. This feature is mainly intended for secure embedded systems.
++ filesystem.
++ Also be aware that as with other root-focused features, GRKERNSEC_KMEM
++ and GRKERNSEC_IO should be enabled and module loading disabled via
++ config or at runtime.
++ This feature is mainly intended for secure embedded systems.
++
+
+config GRKERNSEC_DEVICE_SIDECHANNEL
+ bool "Eliminate stat/notify-based device sidechannels"
@@ -63056,15 +63330,19 @@ index 0000000..a78d810
+ a sysctl option with name "consistent_setxid" is created.
+
+config GRKERNSEC_HARDEN_IPC
-+ bool "Disallow access to world-accessible IPC objects"
++ bool "Disallow access to overly-permissive IPC objects"
+ default y if GRKERNSEC_CONFIG_AUTO
+ depends on SYSVIPC
+ help
-+ If you say Y here, access to overly-permissive IPC (shared memory,
-+ message queues, and semaphores) will be denied for processes whose
-+ effective user or group would not grant them permission. It's a
-+ common error to grant too much permission to these objects, with
-+ impact ranging from denial of service and information leaking to
++ If you say Y here, access to overly-permissive IPC objects (shared
++ memory, message queues, and semaphores) will be denied for processes
++ given the following criteria beyond normal permission checks:
++ 1) If the IPC object is world-accessible and the euid doesn't match
++ that of the creator or current uid for the IPC object
++ 2) If the IPC object is group-accessible and the egid doesn't
++ match that of the creator or current gid for the IPC object
++ It's a common error to grant too much permission to these objects,
++ with impact ranging from denial of service and information leaking to
+ privilege escalation. This feature was developed in response to
+ research by Tim Brown:
+ http://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/
@@ -63424,7 +63702,7 @@ index 0000000..85beb79
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..6affeea
+index 0000000..90f71ce
--- /dev/null
+++ b/grsecurity/gracl.c
@@ -0,0 +1,2679 @@
@@ -63579,7 +63857,7 @@ index 0000000..6affeea
+gr_handle_rawio(const struct inode *inode)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (inode && S_ISBLK(inode->i_mode) &&
++ if (inode && (S_ISBLK(inode->i_mode) || (S_ISCHR(inode->i_mode) && imajor(inode) == RAW_MAJOR)) &&
+ grsec_enable_chroot_caps && proc_is_chrooted(current) &&
+ !capable(CAP_SYS_RAWIO))
+ return 1;
@@ -66612,10 +66890,10 @@ index 0000000..ca25605
+
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
-index 0000000..a340c17
+index 0000000..deb6f3b
--- /dev/null
+++ b/grsecurity/gracl_fs.c
-@@ -0,0 +1,431 @@
+@@ -0,0 +1,437 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/types.h>
@@ -66857,6 +67135,12 @@ index 0000000..a340c17
+}
+
+__u32
++gr_acl_handle_removexattr(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++ return generic_fs_handler(dentry, mnt, GR_WRITE, GR_REMOVEXATTR_ACL_MSG);
++}
++
++__u32
+gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
+{
+ return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
@@ -70282,10 +70566,10 @@ index 0000000..e10b319
+}
diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
new file mode 100644
-index 0000000..0866ab2
+index 0000000..52b3e30
--- /dev/null
+++ b/grsecurity/grsec_disabled.c
-@@ -0,0 +1,427 @@
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -70536,6 +70820,12 @@ index 0000000..0866ab2
+ return 1;
+}
+
++__u32
++gr_acl_handle_removexattr(const struct dentry * dentry, const struct vfsmount * mnt)
++{
++ return 1;
++}
++
+void
+grsecurity_init(void)
+{
@@ -71245,10 +71535,10 @@ index 0000000..a88e901
+}
diff --git a/grsecurity/grsec_ipc.c b/grsecurity/grsec_ipc.c
new file mode 100644
-index 0000000..f365de0
+index 0000000..78d1680
--- /dev/null
+++ b/grsecurity/grsec_ipc.c
-@@ -0,0 +1,22 @@
+@@ -0,0 +1,48 @@
+#include <linux/kernel.h>
+#include <linux/mm.h>
+#include <linux/sched.h>
@@ -71262,10 +71552,36 @@ index 0000000..f365de0
+gr_ipc_permitted(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, int requested_mode, int granted_mode)
+{
+#ifdef CONFIG_GRKERNSEC_HARDEN_IPC
-+ int write = (requested_mode & 00002);
++ int write;
++ int orig_granted_mode;
++ kuid_t euid;
++ kgid_t egid;
++
++ if (!grsec_enable_harden_ipc)
++ return 0;
+
-+ if (grsec_enable_harden_ipc && !(requested_mode & ~granted_mode & 0007) && !ns_capable_nolog(ns->user_ns, CAP_IPC_OWNER)) {
-+ gr_log_str2_int(GR_DONT_AUDIT, GR_IPC_DENIED_MSG, write ? "write" : "read", write ? "writ" : "read", GR_GLOBAL_UID(ipcp->cuid));
++ euid = current_euid();
++ egid = current_egid();
++
++ write = requested_mode & 00002;
++ orig_granted_mode = ipcp->mode;
++
++ if (uid_eq(euid, ipcp->cuid) || uid_eq(euid, ipcp->uid))
++ orig_granted_mode >>= 6;
++ else {
++ /* if likely wrong permissions, lock to user */
++ if (orig_granted_mode & 0007)
++ orig_granted_mode = 0;
++ /* otherwise do a egid-only check */
++ else if (gid_eq(egid, ipcp->cgid) || gid_eq(egid, ipcp->gid))
++ orig_granted_mode >>= 3;
++ /* otherwise, no access */
++ else
++ orig_granted_mode = 0;
++ }
++ if (!(requested_mode & ~granted_mode & 0007) && (requested_mode & ~orig_granted_mode & 0007) &&
++ !ns_capable_nolog(ns->user_ns, CAP_IPC_OWNER)) {
++ gr_log_str_int(GR_DONT_AUDIT, GR_IPC_DENIED_MSG, write ? "write" : "read", GR_GLOBAL_UID(ipcp->cuid));
+ return 0;
+ }
+#endif
@@ -71730,13 +72046,14 @@ index 0000000..f536303
+}
diff --git a/grsecurity/grsec_mount.c b/grsecurity/grsec_mount.c
new file mode 100644
-index 0000000..2131422
+index 0000000..cd9e124
--- /dev/null
+++ b/grsecurity/grsec_mount.c
-@@ -0,0 +1,62 @@
+@@ -0,0 +1,65 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mount.h>
++#include <linux/major.h>
+#include <linux/grsecurity.h>
+#include <linux/grinternal.h>
+
@@ -71787,8 +72104,10 @@ index 0000000..2131422
+gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode)
+{
+#ifdef CONFIG_GRKERNSEC_ROFS
++ struct inode *inode = dentry->d_inode;
++
+ if (grsec_enable_rofs && (acc_mode & MAY_WRITE) &&
-+ dentry->d_inode && S_ISBLK(dentry->d_inode->i_mode)) {
++ inode && (S_ISBLK(inode->i_mode) || (S_ISCHR(inode->i_mode) && imajor(inode) == RAW_MAJOR))) {
+ gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_BLOCKWRITE_MSG, dentry, mnt);
+ return -EPERM;
+ } else
@@ -73674,10 +73993,24 @@ index 810431d..0ec4804f 100644
* (puds are folded into pgds so this doesn't get actually called,
* but the define is needed for a generic inline function.)
diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
-index f330d28..83ce28f 100644
+index b12079a..86683e3 100644
--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
-@@ -737,6 +737,22 @@ static inline pmd_t pmd_mknuma(pmd_t pmd)
+@@ -599,11 +599,10 @@ static inline int pmd_none_or_trans_huge_or_clear_bad(pmd_t *pmd)
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ barrier();
+ #endif
+- if (pmd_none(pmdval))
++ if (pmd_none(pmdval) || pmd_trans_huge(pmdval))
+ return 1;
+ if (unlikely(pmd_bad(pmdval))) {
+- if (!pmd_trans_huge(pmdval))
+- pmd_clear_bad(pmd);
++ pmd_clear_bad(pmd);
+ return 1;
+ }
+ return 0;
+@@ -737,6 +736,22 @@ static inline pmd_t pmd_mknuma(pmd_t pmd)
}
#endif /* CONFIG_NUMA_BALANCING */
@@ -75740,10 +76073,10 @@ index 0000000..d25522e
+#endif
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
new file mode 100644
-index 0000000..378a81a
+index 0000000..195cbe4
--- /dev/null
+++ b/include/linux/grmsg.h
-@@ -0,0 +1,114 @@
+@@ -0,0 +1,115 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -75791,7 +76124,8 @@ index 0000000..378a81a
+#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
+#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
+#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
-+#define GR_SETXATTR_ACL_MSG "%s setting extended attributes of %.950s by "
++#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
++#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
+#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
+#define GR_INITF_ACL_MSG "init_variables() failed %s by "
+#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
@@ -75857,13 +76191,13 @@ index 0000000..378a81a
+#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
+#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
+#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
-+#define GR_IPC_DENIED_MSG "denied %s of globally-%sable IPC with creator uid %u by "
++#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..134860c
+index 0000000..d8b5b48
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,243 @@
+@@ -0,0 +1,245 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -75988,6 +76322,8 @@ index 0000000..134860c
+ const struct vfsmount *mnt);
+__u32 gr_acl_handle_setxattr(const struct dentry *dentry,
+ const struct vfsmount *mnt);
++__u32 gr_acl_handle_removexattr(const struct dentry *dentry,
++ const struct vfsmount *mnt);
+int gr_handle_ptrace(struct task_struct *task, const long request);
+int gr_handle_proc_ptrace(struct task_struct *task);
+__u32 gr_acl_handle_execve(const struct dentry *dentry,
@@ -76558,10 +76894,10 @@ index 0fbbc7a..db081e3 100644
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
diff --git a/include/linux/libata.h b/include/linux/libata.h
-index 0e23c26..6ad8c33 100644
+index 9b50337..712d748 100644
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
-@@ -972,7 +972,7 @@ struct ata_port_operations {
+@@ -973,7 +973,7 @@ struct ata_port_operations {
* fields must be pointers.
*/
const struct ata_port_operations *inherits;
@@ -76956,7 +77292,7 @@ index 8b6e55e..c4edf39 100644
#endif /* __KERNEL__ */
#endif /* _LINUX_MM_H */
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index d9851ee..619492d 100644
+index 8e082f1..f61f576 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -289,6 +289,8 @@ struct vm_area_struct {
@@ -76968,8 +77304,8 @@ index d9851ee..619492d 100644
};
struct core_thread {
-@@ -436,6 +438,24 @@ struct mm_struct {
- int first_nid;
+@@ -444,6 +446,24 @@ struct mm_struct {
+ bool tlb_flush_pending;
#endif
struct uprobes_state uprobes_state;
+
@@ -77847,13 +78183,13 @@ index 4106721..132d42c 100644
* hlist_del_init_rcu - deletes entry from hash list with re-initialization
* @n: the element to delete from the hash list.
diff --git a/include/linux/reboot.h b/include/linux/reboot.h
-index 8e00f9f..9449b55 100644
+index 9e7db9e..7d4fd72 100644
--- a/include/linux/reboot.h
+++ b/include/linux/reboot.h
-@@ -43,9 +43,9 @@ extern int unregister_reboot_notifier(struct notifier_block *);
- * Architecture-specific implementations of sys_reboot commands.
+@@ -44,9 +44,9 @@ extern int unregister_reboot_notifier(struct notifier_block *);
*/
+ extern void migrate_to_reboot_cpu(void);
-extern void machine_restart(char *cmd);
-extern void machine_halt(void);
-extern void machine_power_off(void);
@@ -77863,7 +78199,7 @@ index 8e00f9f..9449b55 100644
extern void machine_shutdown(void);
struct pt_regs;
-@@ -56,9 +56,9 @@ extern void machine_crash_shutdown(struct pt_regs *);
+@@ -57,9 +57,9 @@ extern void machine_crash_shutdown(struct pt_regs *);
*/
extern void kernel_restart_prepare(char *cmd);
@@ -77876,7 +78212,7 @@ index 8e00f9f..9449b55 100644
extern int C_A_D; /* for sysctl */
void ctrl_alt_del(void);
-@@ -72,7 +72,7 @@ extern int orderly_poweroff(bool force);
+@@ -73,7 +73,7 @@ extern int orderly_poweroff(bool force);
* Emergency restart, callable from an interrupt handler.
*/
@@ -80055,10 +80391,10 @@ index d22cb0a..c6ba150 100644
struct snd_soc_platform {
const char *name;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index 5bdb8b7..bb1096c 100644
+index 23bfd10..1ff3e35 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
-@@ -663,7 +663,7 @@ struct se_device {
+@@ -664,7 +664,7 @@ struct se_device {
spinlock_t stats_lock;
/* Active commands on this virtual SE device */
atomic_t simple_cmds;
@@ -81202,7 +81538,7 @@ index 7a51443..3a257d8 100644
ipc_unlock_object(&shp->shm_perm);
rcu_read_unlock();
diff --git a/ipc/util.c b/ipc/util.c
-index 7684f41..f7da711 100644
+index 7684f41..5bf1880 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -71,6 +71,8 @@ struct ipc_proc_iface {
@@ -81214,11 +81550,12 @@ index 7684f41..f7da711 100644
static void ipc_memory_notifier(struct work_struct *work)
{
ipcns_notify(IPCNS_MEMCHANGED);
-@@ -560,6 +562,9 @@ int ipcperms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, short flag)
+@@ -560,6 +562,10 @@ int ipcperms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, short flag)
granted_mode >>= 6;
else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid))
granted_mode >>= 3;
-+ else if (!gr_ipc_permitted(ns, ipcp, requested_mode, granted_mode))
++
++ if (!gr_ipc_permitted(ns, ipcp, requested_mode, granted_mode))
+ return -1;
+
/* is there some bit set in requested_mode but not in granted_mode? */
@@ -81406,10 +81743,10 @@ index 4e66bf9..cdccecf 100644
+}
+EXPORT_SYMBOL(inode_capable_nolog);
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 5c9127d..f871169 100644
+index b6fd783..7f526b7 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
-@@ -5844,7 +5844,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css,
+@@ -5855,7 +5855,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css,
struct css_set *cset = link->cset;
struct task_struct *task;
int count = 0;
@@ -82069,7 +82406,7 @@ index a949819..a5f127d 100644
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 086fe73..72c1122 100644
+index 690cfac..3be2d98 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
@@ -82271,7 +82608,7 @@ index 086fe73..72c1122 100644
}
static inline int mm_alloc_pgd(struct mm_struct *mm)
-@@ -688,8 +733,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+@@ -689,8 +734,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
return ERR_PTR(err);
mm = get_task_mm(task);
@@ -82282,7 +82619,7 @@ index 086fe73..72c1122 100644
mmput(mm);
mm = ERR_PTR(-EACCES);
}
-@@ -911,13 +956,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
+@@ -912,13 +957,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
spin_unlock(&fs->lock);
return -EAGAIN;
}
@@ -82304,7 +82641,7 @@ index 086fe73..72c1122 100644
return 0;
}
-@@ -1128,7 +1180,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
+@@ -1129,7 +1181,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
* parts of the process environment (as per the clone
* flags). The actual kick-off is left to the caller.
*/
@@ -82313,7 +82650,7 @@ index 086fe73..72c1122 100644
unsigned long stack_start,
unsigned long stack_size,
int __user *child_tidptr,
-@@ -1200,6 +1252,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1201,6 +1253,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
retval = -EAGAIN;
@@ -82323,7 +82660,7 @@ index 086fe73..72c1122 100644
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (p->real_cred->user != INIT_USER &&
-@@ -1449,6 +1504,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1450,6 +1505,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
goto bad_fork_free_pid;
}
@@ -82335,7 +82672,7 @@ index 086fe73..72c1122 100644
if (likely(p->pid)) {
ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
-@@ -1534,6 +1594,8 @@ bad_fork_cleanup_count:
+@@ -1535,6 +1595,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -82344,7 +82681,7 @@ index 086fe73..72c1122 100644
return ERR_PTR(retval);
}
-@@ -1595,6 +1657,7 @@ long do_fork(unsigned long clone_flags,
+@@ -1596,6 +1658,7 @@ long do_fork(unsigned long clone_flags,
p = copy_process(clone_flags, stack_start, stack_size,
child_tidptr, NULL, trace);
@@ -82352,7 +82689,7 @@ index 086fe73..72c1122 100644
/*
* Do this prior waking up the new thread - the thread pointer
* might get invalid after that point, if the thread exits quickly.
-@@ -1609,6 +1672,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1610,6 +1673,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -82361,7 +82698,7 @@ index 086fe73..72c1122 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1725,7 +1790,7 @@ void __init proc_caches_init(void)
+@@ -1726,7 +1791,7 @@ void __init proc_caches_init(void)
mm_cachep = kmem_cache_create("mm_struct",
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
@@ -82370,7 +82707,7 @@ index 086fe73..72c1122 100644
mmap_init();
nsproxy_cache_init();
}
-@@ -1765,7 +1830,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1766,7 +1831,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -82379,7 +82716,7 @@ index 086fe73..72c1122 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1872,7 +1937,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1873,7 +1938,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -82679,7 +83016,7 @@ index e30ac0f..3528cac 100644
/*
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index ecd783d..9aa270c 100644
+index 355e13a..06b25d2 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -1044,7 +1044,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
@@ -84230,6 +84567,19 @@ index 424c2d4..679242f 100644
return kc->clock_set(which_clock, &new_tp);
}
+diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
+index d444c4e..bc3de51 100644
+--- a/kernel/power/Kconfig
++++ b/kernel/power/Kconfig
+@@ -24,6 +24,8 @@ config HIBERNATE_CALLBACKS
+ config HIBERNATION
+ bool "Hibernation (aka 'suspend to disk')"
+ depends on SWAP && ARCH_HIBERNATION_POSSIBLE
++ depends on !GRKERNSEC_KMEM
++ depends on !PAX_MEMORY_SANITIZE
+ select HIBERNATE_CALLBACKS
+ select LZO_COMPRESS
+ select LZO_DECOMPRESS
diff --git a/kernel/power/process.c b/kernel/power/process.c
index 06ec886..9dba35e 100644
--- a/kernel/power/process.c
@@ -85484,7 +85834,7 @@ index 5ac63c9..d912786 100644
#else
static void register_sched_domain_sysctl(void)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 513fc2f..906a851 100644
+index 7765ad8..774519f 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -869,7 +869,7 @@ void task_numa_fault(int node, int pages, bool migrated)
@@ -85496,7 +85846,7 @@ index 513fc2f..906a851 100644
p->mm->numa_scan_offset = 0;
}
-@@ -5840,7 +5840,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+@@ -5847,7 +5847,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
@@ -86422,7 +86772,7 @@ index b8b8560..75b1a09 100644
ret = -EIO;
bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index f3bd09ee..9bb9586 100644
+index 1345d9f..db46efe 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1944,12 +1944,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
@@ -87798,7 +88148,7 @@ index ae4846f..b0acebe 100644
send_sig(SIGXFSZ, current, 0);
return -EFBIG;
diff --git a/mm/fremap.c b/mm/fremap.c
-index 5bff081..bfa6e93 100644
+index bbc4d66..117b798 100644
--- a/mm/fremap.c
+++ b/mm/fremap.c
@@ -163,6 +163,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
@@ -87813,36 +88163,6 @@ index 5bff081..bfa6e93 100644
/*
* Make sure the vma is shared, that it supports prefaulting,
* and that the remapped range is valid and fully within
-@@ -208,9 +213,10 @@ get_write_lock:
- if (mapping_cap_account_dirty(mapping)) {
- unsigned long addr;
- struct file *file = get_file(vma->vm_file);
-+ /* mmap_region may free vma; grab the info now */
-+ vm_flags = ACCESS_ONCE(vma->vm_flags);
-
-- addr = mmap_region(file, start, size,
-- vma->vm_flags, pgoff);
-+ addr = mmap_region(file, start, size, vm_flags, pgoff);
- fput(file);
- if (IS_ERR_VALUE(addr)) {
- err = addr;
-@@ -218,7 +224,7 @@ get_write_lock:
- BUG_ON(addr != start);
- err = 0;
- }
-- goto out;
-+ goto out_freed;
- }
- mutex_lock(&mapping->i_mmap_mutex);
- flush_dcache_mmap_lock(mapping);
-@@ -253,6 +259,7 @@ get_write_lock:
- out:
- if (vma)
- vm_flags = vma->vm_flags;
-+out_freed:
- if (likely(!has_write_lock))
- up_read(&mm->mmap_sem);
- else
diff --git a/mm/highmem.c b/mm/highmem.c
index b32b70c..e512eb0 100644
--- a/mm/highmem.c
@@ -88152,7 +88472,7 @@ index 539eeb9..e24a987 100644
if (end == start)
return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index bf3351b..aea800d 100644
+index 9aea53f..f239c30 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -88182,7 +88502,7 @@ index bf3351b..aea800d 100644
{ reserved, reserved, "reserved kernel", me_kernel },
/*
* free pages are specially detected outside this table:
-@@ -1053,7 +1053,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1063,7 +1063,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
nr_pages = 1 << compound_order(hpage);
else /* normal page or thp */
nr_pages = 1;
@@ -88191,7 +88511,7 @@ index bf3351b..aea800d 100644
/*
* We need/can do nothing about count=0 pages.
-@@ -1083,7 +1083,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1093,7 +1093,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
if (!PageHWPoison(hpage)
|| (hwpoison_filter(p) && TestClearPageHWPoison(p))
|| (p != hpage && TestSetPageHWPoison(hpage))) {
@@ -88200,7 +88520,7 @@ index bf3351b..aea800d 100644
return 0;
}
set_page_hwpoison_huge_page(hpage);
-@@ -1152,7 +1152,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1162,7 +1162,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
}
if (hwpoison_filter(p)) {
if (TestClearPageHWPoison(p))
@@ -88209,7 +88529,7 @@ index bf3351b..aea800d 100644
unlock_page(hpage);
put_page(hpage);
return 0;
-@@ -1370,7 +1370,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1380,7 +1380,7 @@ int unpoison_memory(unsigned long pfn)
return 0;
}
if (TestClearPageHWPoison(p))
@@ -88218,7 +88538,7 @@ index bf3351b..aea800d 100644
pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
return 0;
}
-@@ -1384,7 +1384,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1394,7 +1394,7 @@ int unpoison_memory(unsigned long pfn)
*/
if (TestClearPageHWPoison(page)) {
pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
@@ -88227,16 +88547,21 @@ index bf3351b..aea800d 100644
freeit = 1;
if (PageHuge(page))
clear_page_hwpoison_huge_page(page);
-@@ -1521,7 +1521,7 @@ static int soft_offline_huge_page(struct page *page, int flags)
- } else {
- set_page_hwpoison_huge_page(hpage);
- dequeue_hwpoisoned_huge_page(hpage);
-- atomic_long_add(1 << compound_order(hpage),
-+ atomic_long_add_unchecked(1 << compound_order(hpage),
- &num_poisoned_pages);
+@@ -1533,11 +1533,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
+ if (PageHuge(page)) {
+ set_page_hwpoison_huge_page(hpage);
+ dequeue_hwpoisoned_huge_page(hpage);
+- atomic_long_add(1 << compound_order(hpage),
++ atomic_long_add_unchecked(1 << compound_order(hpage),
+ &num_poisoned_pages);
+ } else {
+ SetPageHWPoison(page);
+- atomic_long_inc(&num_poisoned_pages);
++ atomic_long_inc_unchecked(&num_poisoned_pages);
+ }
}
return ret;
-@@ -1560,7 +1560,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1576,7 +1576,7 @@ static int __soft_offline_page(struct page *page, int flags)
put_page(page);
pr_info("soft_offline: %#lx: invalidated\n", pfn);
SetPageHWPoison(page);
@@ -88245,7 +88570,7 @@ index bf3351b..aea800d 100644
return 0;
}
-@@ -1605,7 +1605,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1621,7 +1621,7 @@ static int __soft_offline_page(struct page *page, int flags)
if (!is_free_buddy_page(page))
pr_info("soft offline: %#lx: page leaked\n",
pfn);
@@ -88254,7 +88579,7 @@ index bf3351b..aea800d 100644
}
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1666,11 +1666,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1682,11 +1682,11 @@ int soft_offline_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -88964,7 +89289,7 @@ index d176154..cd1b387 100644
mm = get_task_mm(tsk);
if (!mm)
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 0472964..7d5a0ea 100644
+index 6b22d8f9..8b5f6cf 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -746,6 +746,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -89040,10 +89365,10 @@ index 0472964..7d5a0ea 100644
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index c046927..6996b40 100644
+index e3cf71d..c94506c 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
-@@ -1404,8 +1404,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1406,8 +1406,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -89054,7 +89379,7 @@ index c046927..6996b40 100644
err = -EPERM;
goto out;
diff --git a/mm/mlock.c b/mm/mlock.c
-index d480cd6..0f98458 100644
+index 192e6ee..b044449 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -14,6 +14,7 @@
@@ -89065,7 +89390,7 @@ index d480cd6..0f98458 100644
#include <linux/sched.h>
#include <linux/export.h>
#include <linux/rmap.h>
-@@ -568,7 +569,7 @@ static int do_mlock(unsigned long start, size_t len, int on)
+@@ -588,7 +589,7 @@ static int do_mlock(unsigned long start, size_t len, int on)
{
unsigned long nstart, end, tmp;
struct vm_area_struct * vma, * prev;
@@ -89074,7 +89399,7 @@ index d480cd6..0f98458 100644
VM_BUG_ON(start & ~PAGE_MASK);
VM_BUG_ON(len != PAGE_ALIGN(len));
-@@ -577,6 +578,9 @@ static int do_mlock(unsigned long start, size_t len, int on)
+@@ -597,6 +598,9 @@ static int do_mlock(unsigned long start, size_t len, int on)
return -EINVAL;
if (end == start)
return 0;
@@ -89084,7 +89409,7 @@ index d480cd6..0f98458 100644
vma = find_vma(current->mm, start);
if (!vma || vma->vm_start > start)
return -ENOMEM;
-@@ -588,6 +592,11 @@ static int do_mlock(unsigned long start, size_t len, int on)
+@@ -608,6 +612,11 @@ static int do_mlock(unsigned long start, size_t len, int on)
for (nstart = start ; ; ) {
vm_flags_t newflags;
@@ -89096,7 +89421,7 @@ index d480cd6..0f98458 100644
/* Here we know that vma->vm_start <= nstart < vma->vm_end. */
newflags = vma->vm_flags & ~VM_LOCKED;
-@@ -700,6 +709,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
+@@ -720,6 +729,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
lock_limit >>= PAGE_SHIFT;
/* check against resource limits */
@@ -89104,7 +89429,7 @@ index d480cd6..0f98458 100644
if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
error = do_mlock(start, len, 1);
up_write(&current->mm->mmap_sem);
-@@ -734,6 +744,11 @@ static int do_mlockall(int flags)
+@@ -754,6 +764,11 @@ static int do_mlockall(int flags)
for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
vm_flags_t newflags;
@@ -89116,7 +89441,7 @@ index d480cd6..0f98458 100644
newflags = vma->vm_flags & ~VM_LOCKED;
if (flags & MCL_CURRENT)
newflags |= VM_LOCKED;
-@@ -767,6 +782,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
+@@ -787,6 +802,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
lock_limit >>= PAGE_SHIFT;
ret = -ENOMEM;
@@ -90386,7 +90711,7 @@ index 362e5f1..8968e02 100644
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 6c3f56f..b2340b0 100644
+index 7651a57..d761c62 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -23,10 +23,18 @@
@@ -90408,7 +90733,7 @@ index 6c3f56f..b2340b0 100644
#ifndef pgprot_modify
static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
-@@ -241,6 +249,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
+@@ -250,6 +258,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
return pages;
}
@@ -90457,7 +90782,7 @@ index 6c3f56f..b2340b0 100644
int
mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
unsigned long start, unsigned long end, unsigned long newflags)
-@@ -253,11 +303,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
+@@ -262,11 +312,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
int error;
int dirty_accountable = 0;
@@ -90487,7 +90812,7 @@ index 6c3f56f..b2340b0 100644
/*
* If we make a private mapping writable we increase our commit;
* but (without finer accounting) cannot reduce our commit if we
-@@ -274,6 +342,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
+@@ -283,6 +351,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
}
}
@@ -90530,7 +90855,7 @@ index 6c3f56f..b2340b0 100644
/*
* First try to merge with previous and/or next vma.
*/
-@@ -304,9 +408,21 @@ success:
+@@ -313,9 +417,21 @@ success:
* vm_flags and vm_page_prot are protected by the mmap_sem
* held in write mode.
*/
@@ -90553,7 +90878,7 @@ index 6c3f56f..b2340b0 100644
if (vma_wants_writenotify(vma)) {
vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
-@@ -345,6 +461,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -354,6 +470,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
end = start + len;
if (end <= start)
return -ENOMEM;
@@ -90571,7 +90896,7 @@ index 6c3f56f..b2340b0 100644
if (!arch_validate_prot(prot))
return -EINVAL;
-@@ -352,7 +479,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -361,7 +488,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
/*
* Does the application expect PROT_READ to imply PROT_EXEC:
*/
@@ -90580,7 +90905,7 @@ index 6c3f56f..b2340b0 100644
prot |= PROT_EXEC;
vm_flags = calc_vm_prot_bits(prot);
-@@ -384,6 +511,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -393,6 +520,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
if (start > vma->vm_start)
prev = vma;
@@ -90592,7 +90917,7 @@ index 6c3f56f..b2340b0 100644
for (nstart = start ; ; ) {
unsigned long newflags;
-@@ -394,6 +526,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -403,6 +535,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
/* newflags >> 4 shift VM_MAY% in place of VM_% */
if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
@@ -90607,7 +90932,7 @@ index 6c3f56f..b2340b0 100644
error = -EACCES;
goto out;
}
-@@ -408,6 +548,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -417,6 +557,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
if (error)
goto out;
@@ -90805,7 +91130,7 @@ index 6380758..4064aec 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index dd886fa..7686339 100644
+index 317ea74..a4a1977 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -90979,7 +91304,7 @@ index fd26d04..0cea1b0 100644
if (!mm || IS_ERR(mm)) {
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index fd3ee7a..3613079 100644
+index b9d2222..e4baa1f 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
@@ -92430,10 +92755,18 @@ index 1074543..136dbe0 100644
if (v->nr_pages)
seq_printf(m, " pages=%d", v->nr_pages);
diff --git a/mm/vmstat.c b/mm/vmstat.c
-index 5a442a7..5eb281e 100644
+index 5a442a7..dbbda4a 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
-@@ -79,7 +79,7 @@ void vm_events_fold_cpu(int cpu)
+@@ -20,6 +20,7 @@
+ #include <linux/writeback.h>
+ #include <linux/compaction.h>
+ #include <linux/mm_inline.h>
++#include <linux/grsecurity.h>
+
+ #include "internal.h"
+
+@@ -79,7 +80,7 @@ void vm_events_fold_cpu(int cpu)
*
* vm_stat contains the global counters
*/
@@ -92442,7 +92775,7 @@ index 5a442a7..5eb281e 100644
EXPORT_SYMBOL(vm_stat);
#ifdef CONFIG_SMP
-@@ -423,7 +423,7 @@ static inline void fold_diff(int *diff)
+@@ -423,7 +424,7 @@ static inline void fold_diff(int *diff)
for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++)
if (diff[i])
@@ -92451,7 +92784,7 @@ index 5a442a7..5eb281e 100644
}
/*
-@@ -455,7 +455,7 @@ static void refresh_cpu_vm_stats(void)
+@@ -455,7 +456,7 @@ static void refresh_cpu_vm_stats(void)
v = this_cpu_xchg(p->vm_stat_diff[i], 0);
if (v) {
@@ -92460,7 +92793,7 @@ index 5a442a7..5eb281e 100644
global_diff[i] += v;
#ifdef CONFIG_NUMA
/* 3 seconds idle till flush */
-@@ -517,7 +517,7 @@ void cpu_vm_stats_fold(int cpu)
+@@ -517,7 +518,7 @@ void cpu_vm_stats_fold(int cpu)
v = p->vm_stat_diff[i];
p->vm_stat_diff[i] = 0;
@@ -92469,7 +92802,7 @@ index 5a442a7..5eb281e 100644
global_diff[i] += v;
}
}
-@@ -537,8 +537,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset)
+@@ -537,8 +538,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset)
if (pset->vm_stat_diff[i]) {
int v = pset->vm_stat_diff[i];
pset->vm_stat_diff[i] = 0;
@@ -92480,7 +92813,31 @@ index 5a442a7..5eb281e 100644
}
}
#endif
-@@ -1281,10 +1281,20 @@ static int __init setup_vmstat(void)
+@@ -1148,10 +1149,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos)
+ stat_items_size += sizeof(struct vm_event_state);
+ #endif
+
+- v = kmalloc(stat_items_size, GFP_KERNEL);
++ v = kzalloc(stat_items_size, GFP_KERNEL);
+ m->private = v;
+ if (!v)
+ return ERR_PTR(-ENOMEM);
++
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ && !in_group_p(grsec_proc_gid)
++#endif
++ )
++ return (unsigned long *)m->private + *pos;
++#endif
++#endif
++
+ for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++)
+ v[i] = global_page_state(i);
+ v += NR_VM_ZONE_STAT_ITEMS;
+@@ -1281,10 +1294,16 @@ static int __init setup_vmstat(void)
start_cpu_timer(cpu);
#endif
#ifdef CONFIG_PROC_FS
@@ -92495,11 +92852,7 @@ index 5a442a7..5eb281e 100644
+#endif
+ proc_create("buddyinfo", gr_mode, NULL, &fragmentation_file_operations);
+ proc_create("pagetypeinfo", gr_mode, NULL, &pagetypeinfo_file_ops);
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ proc_create("vmstat", gr_mode | S_IRGRP, NULL, &proc_vmstat_file_operations);
-+#else
-+ proc_create("vmstat", gr_mode, NULL, &proc_vmstat_file_operations);
-+#endif
++ proc_create("vmstat", S_IRUGO, NULL, &proc_vmstat_file_operations);
+ proc_create("zoneinfo", gr_mode, NULL, &proc_zoneinfo_file_operations);
+ }
#endif
@@ -94055,6 +94408,55 @@ index 6acb541..9ea617d 100644
EXPORT_SYMBOL(sysctl_local_reserved_ports);
void inet_get_local_port_range(int *low, int *high)
+diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
+index 5f64875..31cf54d 100644
+--- a/net/ipv4/inet_diag.c
++++ b/net/ipv4/inet_diag.c
+@@ -106,6 +106,10 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
+
+ r->id.idiag_sport = inet->inet_sport;
+ r->id.idiag_dport = inet->inet_dport;
++
++ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
++ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
++
+ r->id.idiag_src[0] = inet->inet_rcv_saddr;
+ r->id.idiag_dst[0] = inet->inet_daddr;
+
+@@ -240,12 +244,19 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
+
+ r->idiag_family = tw->tw_family;
+ r->idiag_retrans = 0;
++
+ r->id.idiag_if = tw->tw_bound_dev_if;
+ sock_diag_save_cookie(tw, r->id.idiag_cookie);
++
+ r->id.idiag_sport = tw->tw_sport;
+ r->id.idiag_dport = tw->tw_dport;
++
++ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
++ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
++
+ r->id.idiag_src[0] = tw->tw_rcv_saddr;
+ r->id.idiag_dst[0] = tw->tw_daddr;
++
+ r->idiag_state = tw->tw_substate;
+ r->idiag_timer = 3;
+ r->idiag_expires = DIV_ROUND_UP(tmo * 1000, HZ);
+@@ -732,8 +743,13 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
+
+ r->id.idiag_sport = inet->inet_sport;
+ r->id.idiag_dport = ireq->rmt_port;
++
++ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
++ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
++
+ r->id.idiag_src[0] = ireq->loc_addr;
+ r->id.idiag_dst[0] = ireq->rmt_addr;
++
+ r->idiag_expires = jiffies_to_msecs(tmo);
+ r->idiag_rqueue = 0;
+ r->idiag_wqueue = 0;
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 96da9c7..b956690 100644
--- a/net/ipv4/inet_hashtables.c
@@ -98597,21 +98999,10 @@ index 5de5660..d3deb89 100644
-e 's@^#include <linux/compiler.h>@@' \
-e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
-index 32b10f5..64eeb30 100644
+index 2dcb377..a82c500 100644
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
-@@ -82,7 +82,9 @@ kallsyms()
- kallsymopt="${kallsymopt} --all-symbols"
- fi
-
-- kallsymopt="${kallsymopt} --page-offset=$CONFIG_PAGE_OFFSET"
-+ if [ -z "${CONFIG_X86_32}" ] || [ -z "${CONFIG_PAX_KERNEXEC}" ]; then
-+ kallsymopt="${kallsymopt} --page-offset=$CONFIG_PAGE_OFFSET"
-+ fi
-
- local aflags="${KBUILD_AFLAGS} ${KBUILD_AFLAGS_KERNEL} \
- ${NOSTDINC_FLAGS} ${LINUXINCLUDE} ${KBUILD_CPPFLAGS}"
-@@ -160,7 +162,7 @@ else
+@@ -162,7 +162,7 @@ else
fi;
# final build of init/
@@ -98878,10 +99269,10 @@ index f5eb43d..1814de8 100644
shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..031a726 100644
+index e9c6ac7..9551ea7 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,960 @@
+@@ -4,6 +4,958 @@
menu "Security options"
@@ -99192,7 +99583,6 @@ index e9c6ac7..031a726 100644
+ select CIFS_XATTR if CIFS
+ select EXT2_FS_XATTR if EXT2_FS
+ select EXT3_FS_XATTR if EXT3_FS
-+ select EXT4_FS_XATTR if EXT4_FS
+ select JFFS2_FS_XATTR if JFFS2_FS
+ select REISERFS_FS_XATTR if REISERFS_FS
+ select SQUASHFS_XATTR if SQUASHFS
@@ -99616,7 +100006,6 @@ index e9c6ac7..031a726 100644
+config PAX_MEMORY_SANITIZE
+ bool "Sanitize all freed memory"
+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
-+ depends on !HIBERNATION
+ help
+ By saying Y here the kernel will erase memory pages and slab objects
+ as soon as they are freed. This in turn reduces the lifetime of data
@@ -99842,7 +100231,7 @@ index e9c6ac7..031a726 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1057,7 @@ config INTEL_TXT
+@@ -103,7 +1055,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -100197,10 +100586,10 @@ index fc3e662..7844c60 100644
lock = &avc_cache.slots_lock[hvalue];
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index d9a78fd..5038314 100644
+index 392a044..5e931be 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
-@@ -5662,7 +5662,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -5693,7 +5693,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
@@ -100209,7 +100598,7 @@ index d9a78fd..5038314 100644
.name = "selinux",
.ptrace_access_check = selinux_ptrace_access_check,
-@@ -6014,6 +6014,9 @@ static void selinux_nf_ip_exit(void)
+@@ -6045,6 +6045,9 @@ static void selinux_nf_ip_exit(void)
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static int selinux_disabled;
@@ -100219,7 +100608,7 @@ index d9a78fd..5038314 100644
int selinux_disable(void)
{
if (ss_initialized) {
-@@ -6031,7 +6034,9 @@ int selinux_disable(void)
+@@ -6062,7 +6065,9 @@ int selinux_disable(void)
selinux_disabled = 1;
selinux_enabled = 0;
@@ -100231,10 +100620,10 @@ index d9a78fd..5038314 100644
/* Try to destroy the avc node cache */
avc_disable();
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
-index 6713f04..c57ecef 100644
+index c1af4e1..bcb003c 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
-@@ -52,7 +52,7 @@ static inline void selinux_xfrm_notify_policyload(void)
+@@ -53,7 +53,7 @@ static inline void selinux_xfrm_notify_policyload(void)
{
struct net *net;
@@ -102970,10 +103359,10 @@ index 0000000..679b9ef
+}
diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data
new file mode 100644
-index 0000000..a0c9844
+index 0000000..3d6cc0f
--- /dev/null
+++ b/tools/gcc/size_overflow_hash.data
-@@ -0,0 +1,7723 @@
+@@ -0,0 +1,7743 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+batadv_orig_node_del_if_4 batadv_orig_node_del_if 2 4 NULL
@@ -102988,8 +103377,8 @@ index 0000000..a0c9844
+snd_korg1212_copy_to_92 snd_korg1212_copy_to 6 92 NULL
+load_msg_95 load_msg 2 95 NULL
+device_flush_iotlb_115 device_flush_iotlb 2-3 115 NULL
-+ipath_verbs_send_117 ipath_verbs_send 5-3 117 NULL nohasharray
-+write_all_supers_117 write_all_supers 0 117 &ipath_verbs_send_117
++write_all_supers_117 write_all_supers 0 117 NULL nohasharray
++ipath_verbs_send_117 ipath_verbs_send 5-3 117 &write_all_supers_117
+init_q_132 init_q 4 132 NULL
+ocfs2_local_alloc_slide_window_134 ocfs2_local_alloc_slide_window 0 134 NULL
+memstick_alloc_host_142 memstick_alloc_host 1 142 NULL
@@ -103277,6 +103666,7 @@ index 0000000..a0c9844
+set_msr_hyperv_pw_2785 set_msr_hyperv_pw 3 2785 NULL
+device_add_attrs_2789 device_add_attrs 0 2789 NULL
+iwl_dbgfs_clear_ucode_statistics_write_2804 iwl_dbgfs_clear_ucode_statistics_write 3 2804 NULL
++vmemmap_pte_populate_2822 vmemmap_pte_populate 3 2822 NULL
+sel_read_enforce_2828 sel_read_enforce 3 2828 NULL
+vb2_dc_get_userptr_2829 vb2_dc_get_userptr 2-3 2829 NULL nohasharray
+snd_pcm_reset_2829 snd_pcm_reset 0 2829 &vb2_dc_get_userptr_2829
@@ -103320,7 +103710,7 @@ index 0000000..a0c9844
+ocfs2_get_right_path_3097 ocfs2_get_right_path 0 3097 NULL
+clone_bio_3100 clone_bio 6 3100 NULL nohasharray
+ttusb2_msg_3100 ttusb2_msg 4 3100 &clone_bio_3100
-+rb_alloc_3102 rb_alloc 1 3102 NULL
++rb_alloc_3102 rb_alloc 1-3 3102 NULL
+simple_write_to_buffer_3122 simple_write_to_buffer 2-5 3122 NULL
+print_time_3132 print_time 0 3132 NULL
+fill_write_buffer_3142 fill_write_buffer 3 3142 NULL
@@ -103439,6 +103829,7 @@ index 0000000..a0c9844
+ext4_xattr_find_entry_4025 ext4_xattr_find_entry 0 4025 NULL
+mtip_hw_read_registers_4037 mtip_hw_read_registers 3 4037 NULL
+i915_gpu_idle_4062 i915_gpu_idle 0 4062 NULL
++vmemmap_pmd_populate_4071 vmemmap_pmd_populate 3 4071 NULL
+read_file_queues_4078 read_file_queues 3 4078 NULL
+fbcon_do_set_font_4079 fbcon_do_set_font 2-3 4079 NULL
+btrfs_inc_ref_4084 btrfs_inc_ref 0 4084 NULL
@@ -103988,8 +104379,8 @@ index 0000000..a0c9844
+usb_allocate_stream_buffers_8964 usb_allocate_stream_buffers 3 8964 NULL
+qib_qsfp_dump_8966 qib_qsfp_dump 0-3 8966 NULL
+venus_mkdir_8967 venus_mkdir 4 8967 NULL
-+seq_open_net_8968 seq_open_net 4 8968 NULL nohasharray
-+vol_cdev_read_8968 vol_cdev_read 3 8968 &seq_open_net_8968
++vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray
++seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968
+bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL
+btrfs_alloc_free_block_8986 btrfs_alloc_free_block 3-8 8986 NULL
+jbd2_journal_blocks_per_page_9004 jbd2_journal_blocks_per_page 0 9004 NULL
@@ -104033,6 +104424,7 @@ index 0000000..a0c9844
+sparse_early_usemaps_alloc_node_9269 sparse_early_usemaps_alloc_node 4 9269 NULL
+hdpvr_read_9273 hdpvr_read 3 9273 NULL
+flakey_status_9274 flakey_status 5 9274 NULL
++migrate_misplaced_transhuge_page_9298 migrate_misplaced_transhuge_page 7 9298 NULL
+iwl_dbgfs_stations_read_9309 iwl_dbgfs_stations_read 3 9309 NULL
+ceph_sync_setxattr_9310 ceph_sync_setxattr 4 9310 NULL
+ieee80211_if_fmt_txpower_9334 ieee80211_if_fmt_txpower 3 9334 NULL
@@ -104356,6 +104748,7 @@ index 0000000..a0c9844
+ecryptfs_copy_filename_11868 ecryptfs_copy_filename 4 11868 NULL
+ieee80211_rx_bss_info_11887 ieee80211_rx_bss_info 3 11887 NULL
+mdc_rename_11899 mdc_rename 4-6 11899 NULL
++perf_mmap_alloc_page_11904 perf_mmap_alloc_page 1 11904 NULL
+xstateregs_get_11906 xstateregs_get 4 11906 NULL
+ti_write_11916 ti_write 4 11916 NULL
+fs_devrw_entry_11924 fs_devrw_entry 3 11924 NULL
@@ -104405,8 +104798,8 @@ index 0000000..a0c9844
+shash_compat_setkey_12267 shash_compat_setkey 3 12267 NULL
+add_sctp_bind_addr_12269 add_sctp_bind_addr 3 12269 NULL
+note_last_dentry_12285 note_last_dentry 3 12285 NULL
-+il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 NULL nohasharray
-+roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 &il_dbgfs_nvm_read_12288
++roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 NULL nohasharray
++il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 &roundup_to_multiple_of_64_12288
+wrap_min_12303 wrap_min 0-1-2 12303 NULL
+bt_sock_recvmsg_12316 bt_sock_recvmsg 4 12316 NULL
+pcbit_writecmd_12332 pcbit_writecmd 2 12332 NULL
@@ -104445,7 +104838,7 @@ index 0000000..a0c9844
+rtw_android_get_link_speed_12655 rtw_android_get_link_speed 0 12655 NULL
+ocfs2_read_block_12659 ocfs2_read_block 0 12659 NULL
+sel_read_class_12669 sel_read_class 3 12669 NULL nohasharray
-+sparse_mem_maps_populate_node_12669 sparse_mem_maps_populate_node 4 12669 &sel_read_class_12669
++sparse_mem_maps_populate_node_12669 sparse_mem_maps_populate_node 4-5 12669 &sel_read_class_12669
+ext4_writepage_trans_blocks_12674 ext4_writepage_trans_blocks 0 12674 NULL
+ext4_bg_num_gdb_meta_12702 ext4_bg_num_gdb_meta 0 12702 NULL
+iwl_dbgfs_calib_disabled_write_12707 iwl_dbgfs_calib_disabled_write 3 12707 NULL
@@ -104524,6 +104917,7 @@ index 0000000..a0c9844
+kvm_read_nested_guest_page_13337 kvm_read_nested_guest_page 5-2 13337 NULL
+get_bits_13353 get_bits 0-2 13353 NULL
+hscx_empty_fifo_13360 hscx_empty_fifo 2 13360 NULL
++snd_ctl_elem_info_13363 snd_ctl_elem_info 0 13363 NULL
+iso_sched_alloc_13377 iso_sched_alloc 1 13377 NULL nohasharray
+wep_key_not_found_read_13377 wep_key_not_found_read 3 13377 &iso_sched_alloc_13377
+ext4_meta_trans_blocks_13380 ext4_meta_trans_blocks 0-3-2 13380 NULL
@@ -104665,8 +105059,8 @@ index 0000000..a0c9844
+efx_mdio_check_mmds_14486 efx_mdio_check_mmds 2 14486 NULL nohasharray
+ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 &efx_mdio_check_mmds_14486
+ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL
-+ep0_write_14536 ep0_write 3 14536 NULL nohasharray
-+dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 &ep0_write_14536
++dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 NULL nohasharray
++ep0_write_14536 ep0_write 3 14536 &dataflash_read_user_otp_14536
+register_trace_sched_switch_14545 register_trace_sched_switch 0 14545 NULL
+picolcd_debug_eeprom_read_14549 picolcd_debug_eeprom_read 3 14549 NULL
+drm_vmalloc_dma_14550 drm_vmalloc_dma 1 14550 NULL
@@ -104702,8 +105096,8 @@ index 0000000..a0c9844
+keys_proc_write_14792 keys_proc_write 3 14792 NULL
+ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL
+__kfifo_in_14797 __kfifo_in 3-0 14797 NULL
-+hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
-+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
++snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 NULL nohasharray
++hpet_readl_14801 hpet_readl 0 14801 &snd_als300_gcr_read_14801
+changed_cb_14819 changed_cb 0 14819 NULL
+do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL
+mrp_attr_create_14853 mrp_attr_create 3 14853 NULL
@@ -105179,6 +105573,7 @@ index 0000000..a0c9844
+SyS_lsetxattr_18776 SyS_lsetxattr 4 18776 NULL
+alloc_fcdev_18780 alloc_fcdev 1 18780 NULL
+prealloc_18800 prealloc 0 18800 NULL
++alloc_pages_node_18809 alloc_pages_node 1 18809 NULL
+madvise_hwpoison_18812 madvise_hwpoison 2 18812 NULL
+setup_ioapic_irq_18813 setup_ioapic_irq 1 18813 NULL
+dm_stats_print_18815 dm_stats_print 7 18815 NULL
@@ -105396,8 +105791,8 @@ index 0000000..a0c9844
+cpulist_scnprintf_20648 cpulist_scnprintf 2-0 20648 NULL
+oz_add_farewell_20652 oz_add_farewell 5 20652 NULL
+oz_cdev_read_20659 oz_cdev_read 3 20659 NULL
-+snd_hdsp_playback_copy_20676 snd_hdsp_playback_copy 5 20676 NULL nohasharray
-+btrfs_qgroup_reserve_20676 btrfs_qgroup_reserve 0 20676 &snd_hdsp_playback_copy_20676
++btrfs_qgroup_reserve_20676 btrfs_qgroup_reserve 0 20676 NULL nohasharray
++snd_hdsp_playback_copy_20676 snd_hdsp_playback_copy 5 20676 &btrfs_qgroup_reserve_20676
+get_user_page_nowait_20682 get_user_page_nowait 3 20682 NULL nohasharray
+dvb_dmxdev_buffer_read_20682 dvb_dmxdev_buffer_read 0-4 20682 &get_user_page_nowait_20682
+cpumask_size_20683 cpumask_size 0 20683 NULL
@@ -105738,6 +106133,7 @@ index 0000000..a0c9844
+iscsi_change_queue_depth_23416 iscsi_change_queue_depth 2 23416 NULL
+vga_mm_r_23419 vga_mm_r 0 23419 NULL
+vzalloc_node_23424 vzalloc_node 1-2 23424 NULL
++vmemmap_populate_basepages_23435 vmemmap_populate_basepages 3 23435 NULL
+__ctzsi2_23444 __ctzsi2 1 23444 NULL
+ocfs2_zero_tail_23447 ocfs2_zero_tail 3 23447 NULL
+hidraw_send_report_23449 hidraw_send_report 3 23449 NULL
@@ -106011,6 +106407,7 @@ index 0000000..a0c9844
+aircable_prepare_write_buffer_25669 aircable_prepare_write_buffer 3 25669 NULL
+lpfc_idiag_cmd_get_25672 lpfc_idiag_cmd_get 2 25672 NULL
+sta_inactive_ms_read_25690 sta_inactive_ms_read 3 25690 NULL
++sparse_mem_map_populate_25693 sparse_mem_map_populate 2 25693 NULL
+ebitmap_start_positive_25703 ebitmap_start_positive 0 25703 NULL
+wl1271_tx_enabled_rates_get_25712 wl1271_tx_enabled_rates_get 0 25712 NULL nohasharray
+rx_filter_mc_filter_read_25712 rx_filter_mc_filter_read 3 25712 &wl1271_tx_enabled_rates_get_25712
@@ -106063,8 +106460,8 @@ index 0000000..a0c9844
+read_sb_page_26119 read_sb_page 5 26119 NULL
+__fswab64_26155 __fswab64 0 26155 NULL
+copy_oldmem_page_26164 copy_oldmem_page 3 26164 NULL
-+gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 NULL nohasharray
-+ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 &gfs2_xattr_acl_get_26166
++ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 NULL nohasharray
++gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 &ath6kl_roam_table_read_26166
+disk_devt_26180 disk_devt 0 26180 NULL
+cgroup_setxattr_26188 cgroup_setxattr 4 26188 NULL
+ieee80211_if_fmt_dot11MeshTTL_26198 ieee80211_if_fmt_dot11MeshTTL 3 26198 NULL
@@ -106206,6 +106603,7 @@ index 0000000..a0c9844
+ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 0-3-4 27422 NULL nohasharray
+evm_inode_init_security_27422 evm_inode_init_security 0 27422 &ocfs2_refcount_cal_cow_clusters_27422
+cypress_write_27423 cypress_write 4 27423 NULL
++vmemmap_populate_27442 vmemmap_populate 3 27442 NULL
+sddr09_read_data_27447 sddr09_read_data 3 27447 NULL
+ktime_to_us_27455 ktime_to_us 0 27455 NULL
+sk_extract_addr_27474 sk_extract_addr 0 27474 NULL
@@ -106392,8 +106790,8 @@ index 0000000..a0c9844
+xz_dec_init_29029 xz_dec_init 2 29029 NULL
+i915_gem_object_bind_to_vm_29035 i915_gem_object_bind_to_vm 0 29035 NULL
+ieee80211_if_read_ht_opmode_29044 ieee80211_if_read_ht_opmode 3 29044 NULL
-+ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 NULL nohasharray
-+rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 &ProcessGetHostMibs_29049
++rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 NULL nohasharray
++ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 &rxrpc_sendmsg_29049
+btrfs_root_bytenr_29058 btrfs_root_bytenr 0 29058 NULL
+iso_packets_buffer_init_29061 iso_packets_buffer_init 3-4 29061 NULL
+roundup_64_29066 roundup_64 2-0-1 29066 NULL
@@ -106625,6 +107023,7 @@ index 0000000..a0c9844
+size_inside_page_31141 size_inside_page 0-1-2 31141 NULL
+w9966_v4l_read_31148 w9966_v4l_read 3 31148 NULL
+ch_do_scsi_31171 ch_do_scsi 4 31171 NULL
++crypto_rng_seedsize_31196 crypto_rng_seedsize 0 31196 NULL
+r592_read_fifo_pio_31198 r592_read_fifo_pio 3 31198 NULL
+mtdchar_readoob_31200 mtdchar_readoob 4 31200 NULL
+__btrfs_free_reserved_extent_31207 __btrfs_free_reserved_extent 2 31207 NULL
@@ -107005,8 +107404,8 @@ index 0000000..a0c9844
+av7110_vbi_write_34384 av7110_vbi_write 3 34384 NULL
+usbvision_v4l2_read_34386 usbvision_v4l2_read 3 34386 NULL
+read_rbu_image_type_34387 read_rbu_image_type 6 34387 NULL
-+iwl_calib_set_34400 iwl_calib_set 3 34400 NULL nohasharray
-+ivtv_read_pos_34400 ivtv_read_pos 3 34400 &iwl_calib_set_34400
++ivtv_read_pos_34400 ivtv_read_pos 3 34400 NULL nohasharray
++iwl_calib_set_34400 iwl_calib_set 3 34400 &ivtv_read_pos_34400
+wd_exp_mode_write_34407 wd_exp_mode_write 3 34407 NULL
+nl80211_send_disassoc_34424 nl80211_send_disassoc 4 34424 NULL
+security_socket_create_34439 security_socket_create 0 34439 NULL
@@ -107016,13 +107415,13 @@ index 0000000..a0c9844
+i2o_parm_field_get_34477 i2o_parm_field_get 5 34477 NULL
+ocfs2_block_group_clear_bits_34484 ocfs2_block_group_clear_bits 0 34484 NULL
+security_inode_permission_34488 security_inode_permission 0 34488 NULL
-+SyS_pwritev_34494 SyS_pwritev 3 34494 NULL nohasharray
-+__ffs64_34494 __ffs64 1-0 34494 &SyS_pwritev_34494
++__ffs64_34494 __ffs64 1-0 34494 NULL nohasharray
++SyS_pwritev_34494 SyS_pwritev 3 34494 &__ffs64_34494
+qp_alloc_res_34496 qp_alloc_res 5 34496 NULL
+lu_buf_check_and_alloc_34505 lu_buf_check_and_alloc 2 34505 NULL
+snd_pcm_hw_param_value_34525 snd_pcm_hw_param_value 0 34525 NULL
-+ext4_fallocate_34537 ext4_fallocate 4-3 34537 NULL nohasharray
-+tracing_stats_read_34537 tracing_stats_read 3 34537 &ext4_fallocate_34537
++tracing_stats_read_34537 tracing_stats_read 3 34537 NULL nohasharray
++ext4_fallocate_34537 ext4_fallocate 4-3 34537 &tracing_stats_read_34537
+hugetlbfs_read_actor_34547 hugetlbfs_read_actor 4-5-2-0 34547 NULL
+dbBackSplit_34561 dbBackSplit 0 34561 NULL
+alloc_ieee80211_rsl_34564 alloc_ieee80211_rsl 1 34564 NULL nohasharray
@@ -107035,8 +107434,8 @@ index 0000000..a0c9844
+cw1200_queue_init_34599 cw1200_queue_init 4 34599 &ceph_msgpool_init_34599
+__add_prelim_ref_34600 __add_prelim_ref 0 34600 NULL
+brcmf_cfg80211_mgmt_tx_34608 brcmf_cfg80211_mgmt_tx 7 34608 NULL
-+__jffs2_ref_totlen_34609 __jffs2_ref_totlen 0 34609 NULL nohasharray
-+mtd_write_34609 mtd_write 0 34609 &__jffs2_ref_totlen_34609
++mtd_write_34609 mtd_write 0 34609 NULL nohasharray
++__jffs2_ref_totlen_34609 __jffs2_ref_totlen 0 34609 &mtd_write_34609
+apei_get_nvs_resources_34616 apei_get_nvs_resources 0 34616 NULL
+__cfg80211_disconnected_34622 __cfg80211_disconnected 3 34622 NULL
+cnic_alloc_dma_34641 cnic_alloc_dma 3 34641 NULL
@@ -107090,6 +107489,7 @@ index 0000000..a0c9844
+ntfs_attr_extend_initialized_35084 ntfs_attr_extend_initialized 2 35084 NULL
+store_ifalias_35088 store_ifalias 4 35088 NULL
+__kfifo_uint_must_check_helper_35097 __kfifo_uint_must_check_helper 0-1 35097 NULL
++alloc_thread_info_node_35101 alloc_thread_info_node 2 35101 NULL
+capi_write_35104 capi_write 3 35104 NULL nohasharray
+tx_tx_done_template_read_35104 tx_tx_done_template_read 3 35104 &capi_write_35104
+ide_settings_proc_write_35110 ide_settings_proc_write 3 35110 NULL
@@ -107209,7 +107609,8 @@ index 0000000..a0c9844
+ieee80211_if_fmt_peer_36071 ieee80211_if_fmt_peer 3 36071 NULL
+ext3_new_blocks_36073 ext3_new_blocks 3-0 36073 NULL
+ieee80211_if_write_tsf_36077 ieee80211_if_write_tsf 3 36077 NULL
-+snd_pcm_plug_read_transfer_36080 snd_pcm_plug_read_transfer 0-3 36080 NULL
++vmemmap_pud_populate_36080 vmemmap_pud_populate 3 36080 NULL nohasharray
++snd_pcm_plug_read_transfer_36080 snd_pcm_plug_read_transfer 0-3 36080 &vmemmap_pud_populate_36080
+mtip_hw_read_device_status_36082 mtip_hw_read_device_status 3 36082 NULL
+vga_arb_write_36112 vga_arb_write 3 36112 NULL
+simple_xattr_alloc_36118 simple_xattr_alloc 2 36118 NULL
@@ -107502,11 +107903,11 @@ index 0000000..a0c9844
+snd_pcm_playback_rewind_38249 snd_pcm_playback_rewind 0-2 38249 NULL
+from_dblock_38256 from_dblock 0-1 38256 NULL
+vmci_qp_broker_set_page_store_38260 vmci_qp_broker_set_page_store 3-2 38260 NULL
-+SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 NULL nohasharray
-+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &SYSC_msgrcv_38268 nohasharray
-+mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &ieee80211_if_read_auto_open_plinks_38268
-+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 NULL nohasharray
-+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 &xfs_bmdr_to_bmbt_38275
++ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray
++SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 &ieee80211_if_read_auto_open_plinks_38268 nohasharray
++mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &SYSC_msgrcv_38268
++xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray
++xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275
+ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL
+gpa_to_gfn_38291 gpa_to_gfn 0-1 38291 NULL
+ucma_query_path_38305 ucma_query_path 3 38305 NULL
@@ -107579,8 +107980,8 @@ index 0000000..a0c9844
+ext3_trim_all_free_38929 ext3_trim_all_free 4-3-2 38929 NULL
+il_dbgfs_sram_write_38942 il_dbgfs_sram_write 3 38942 NULL
+__ath6kl_wmi_send_mgmt_cmd_38971 __ath6kl_wmi_send_mgmt_cmd 7 38971 NULL
-+C_SYSC_preadv64_38977 C_SYSC_preadv64 3 38977 NULL nohasharray
-+usb_maxpacket_38977 usb_maxpacket 0 38977 &C_SYSC_preadv64_38977
++usb_maxpacket_38977 usb_maxpacket 0 38977 NULL nohasharray
++C_SYSC_preadv64_38977 C_SYSC_preadv64 3 38977 &usb_maxpacket_38977
+OSDSetBlock_38986 OSDSetBlock 2-4 38986 NULL
+lpfc_idiag_extacc_write_38998 lpfc_idiag_extacc_write 3 38998 NULL
+udf_new_block_38999 udf_new_block 4 38999 NULL
@@ -107644,8 +108045,8 @@ index 0000000..a0c9844
+ext_depth_39607 ext_depth 0 39607 NULL
+nfs_idmap_get_key_39616 nfs_idmap_get_key 2 39616 NULL
+sdio_readb_39618 sdio_readb 0 39618 NULL
-+set_dev_class_39645 set_dev_class 4 39645 NULL nohasharray
-+dm_exception_table_init_39645 dm_exception_table_init 2 39645 &set_dev_class_39645
++dm_exception_table_init_39645 dm_exception_table_init 2 39645 NULL nohasharray
++set_dev_class_39645 set_dev_class 4 39645 &dm_exception_table_init_39645
+snd_rme32_capture_copy_39653 snd_rme32_capture_copy 5 39653 NULL
+tcp_try_rmem_schedule_39657 tcp_try_rmem_schedule 3 39657 NULL
+kvm_read_guest_cached_39666 kvm_read_guest_cached 4 39666 NULL
@@ -107848,6 +108249,7 @@ index 0000000..a0c9844
+xfs_iext_add_41422 xfs_iext_add 3 41422 NULL
+isdn_ppp_fill_rq_41428 isdn_ppp_fill_rq 2 41428 NULL
+lbs_rdrf_read_41431 lbs_rdrf_read 3 41431 NULL
++vmemmap_populate_hugepages_41434 vmemmap_populate_hugepages 3 41434 NULL
+iio_device_alloc_41440 iio_device_alloc 1 41440 NULL
+ntfs_file_buffered_write_41442 ntfs_file_buffered_write 6-4 41442 NULL
+pcpu_build_alloc_info_41443 pcpu_build_alloc_info 1-2-3 41443 NULL
@@ -108068,7 +108470,7 @@ index 0000000..a0c9844
+ath10k_p2p_calc_noa_ie_len_43209 ath10k_p2p_calc_noa_ie_len 0 43209 NULL
+f2fs_acl_from_disk_43210 f2fs_acl_from_disk 2 43210 NULL
+atomic_long_add_return_43217 atomic_long_add_return 1-0 43217 NULL
-+vmemmap_alloc_block_43245 vmemmap_alloc_block 1 43245 NULL
++vmemmap_alloc_block_43245 vmemmap_alloc_block 1-2 43245 NULL
+fixup_leb_43256 fixup_leb 3 43256 NULL
+ide_end_rq_43269 ide_end_rq 4 43269 NULL
+nilfs_direct_IO_43271 nilfs_direct_IO 4 43271 NULL
@@ -108089,8 +108491,8 @@ index 0000000..a0c9844
+usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL
+ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL
+ocfs2_rotate_tree_left_43442 ocfs2_rotate_tree_left 0 43442 NULL
-+usemap_size_43443 usemap_size 0-2-1 43443 NULL nohasharray
-+usb_string_43443 usb_string 0 43443 &usemap_size_43443
++usb_string_43443 usb_string 0 43443 NULL nohasharray
++usemap_size_43443 usemap_size 0-2-1 43443 &usb_string_43443
+get_vm_area_size_43444 get_vm_area_size 0 43444 NULL
+nvme_trans_device_id_page_43466 nvme_trans_device_id_page 4 43466 NULL
+calculate_discard_block_size_43480 calculate_discard_block_size 0 43480 NULL nohasharray
@@ -108399,8 +108801,8 @@ index 0000000..a0c9844
+dma_tx_errors_read_46060 dma_tx_errors_read 3 46060 &__ocfs2_move_extent_46060
+sel_commit_bools_write_46077 sel_commit_bools_write 3 46077 NULL
+arizona_set_irq_wake_46101 arizona_set_irq_wake 2 46101 NULL
-+memcg_update_array_size_46111 memcg_update_array_size 1 46111 NULL nohasharray
-+il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 &memcg_update_array_size_46111
++il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 NULL nohasharray
++memcg_update_array_size_46111 memcg_update_array_size 1 46111 &il3945_ucode_general_stats_read_46111
+C_SYSC_writev_46113 C_SYSC_writev 3 46113 NULL
+mlx4_ib_alloc_fast_reg_page_list_46119 mlx4_ib_alloc_fast_reg_page_list 2 46119 NULL
+paging32_walk_addr_nested_46121 paging32_walk_addr_nested 3 46121 NULL
@@ -108409,6 +108811,7 @@ index 0000000..a0c9844
+vb2_dma_sg_get_userptr_46146 vb2_dma_sg_get_userptr 2-3 46146 NULL
+__netlink_change_ngroups_46156 __netlink_change_ngroups 2 46156 NULL
+alloc_iova_46160 alloc_iova 2 46160 NULL
++kmalloc_section_memmap_46168 kmalloc_section_memmap 2 46168 NULL
+twl_direction_out_46182 twl_direction_out 2 46182 NULL
+vxge_os_dma_malloc_46184 vxge_os_dma_malloc 2 46184 NULL
+fq_resize_46195 fq_resize 2 46195 NULL
@@ -108420,8 +108823,8 @@ index 0000000..a0c9844
+mpi_read_raw_data_46248 mpi_read_raw_data 2 46248 NULL
+ReadReg_46277 ReadReg 0 46277 NULL
+sg_proc_write_dressz_46316 sg_proc_write_dressz 3 46316 NULL
-+__hwahc_dev_set_key_46328 __hwahc_dev_set_key 5 46328 NULL nohasharray
-+compat_SyS_readv_46328 compat_SyS_readv 3 46328 &__hwahc_dev_set_key_46328
++compat_SyS_readv_46328 compat_SyS_readv 3 46328 NULL nohasharray
++__hwahc_dev_set_key_46328 __hwahc_dev_set_key 5 46328 &compat_SyS_readv_46328
+iwl_dbgfs_chain_noise_read_46355 iwl_dbgfs_chain_noise_read 3 46355 NULL
+smk_write_direct_46363 smk_write_direct 3 46363 NULL
+__iommu_calculate_agaw_46366 __iommu_calculate_agaw 2 46366 NULL
@@ -108641,8 +109044,8 @@ index 0000000..a0c9844
+set_discoverable_48141 set_discoverable 4 48141 NULL
+dn_fib_count_nhs_48145 dn_fib_count_nhs 0 48145 NULL
+get_cur_inode_state_48149 get_cur_inode_state 0 48149 NULL
-+_add_to_r4w_48152 _add_to_r4w 4 48152 NULL nohasharray
-+bitmap_onto_48152 bitmap_onto 4 48152 &_add_to_r4w_48152
++bitmap_onto_48152 bitmap_onto 4 48152 NULL nohasharray
++_add_to_r4w_48152 _add_to_r4w 4 48152 &bitmap_onto_48152
+isr_dma1_done_read_48159 isr_dma1_done_read 3 48159 NULL
+c4iw_id_table_alloc_48163 c4iw_id_table_alloc 3 48163 NULL
+ocfs2_find_next_zero_bit_unaligned_48170 ocfs2_find_next_zero_bit_unaligned 2-3 48170 NULL nohasharray
@@ -108724,8 +109127,8 @@ index 0000000..a0c9844
+vc_do_resize_48842 vc_do_resize 4-3 48842 NULL
+comedi_buf_write_alloc_48846 comedi_buf_write_alloc 0-2 48846 NULL
+suspend_dtim_interval_write_48854 suspend_dtim_interval_write 3 48854 NULL
-+C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 NULL nohasharray
-+viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 &C_SYSC_pwritev64_48864
++viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL nohasharray
++C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 &viafb_dvp1_proc_write_48864
+ide_port_alloc_devices_48866 ide_port_alloc_devices 2 48866 NULL
+__ffs_ep0_read_events_48868 __ffs_ep0_read_events 3 48868 NULL
+ext2_alloc_branch_48889 ext2_alloc_branch 4 48889 NULL
@@ -108752,7 +109155,8 @@ index 0000000..a0c9844
+aic7xxx_rem_scb_from_disc_list_49041 aic7xxx_rem_scb_from_disc_list 0 49041 NULL
+setup_msi_irq_49052 setup_msi_irq 3-4 49052 NULL
+ubi_read_49061 ubi_read 0 49061 NULL
-+scsi_register_49094 scsi_register 2 49094 NULL
++sparse_early_nid_49094 sparse_early_nid 0 49094 NULL nohasharray
++scsi_register_49094 scsi_register 2 49094 &sparse_early_nid_49094
+paging64_walk_addr_nested_49100 paging64_walk_addr_nested 3 49100 NULL
+compat_do_readv_writev_49102 compat_do_readv_writev 4 49102 NULL
+xfrm_replay_state_esn_len_49119 xfrm_replay_state_esn_len 0 49119 NULL
@@ -108981,8 +109385,8 @@ index 0000000..a0c9844
+dpcm_show_state_50827 dpcm_show_state 0 50827 NULL
+acpi_ev_install_gpe_block_50829 acpi_ev_install_gpe_block 2 50829 NULL
+SetArea_50835 SetArea 4 50835 NULL nohasharray
-+create_mem_extents_50835 create_mem_extents 0 50835 &SetArea_50835 nohasharray
-+mask_from_50835 mask_from 0-1-2 50835 &create_mem_extents_50835
++mask_from_50835 mask_from 0-1-2 50835 &SetArea_50835 nohasharray
++create_mem_extents_50835 create_mem_extents 0 50835 &mask_from_50835
+videobuf_dma_init_user_50839 videobuf_dma_init_user 3-4 50839 NULL
+btrfs_search_slot_for_read_50843 btrfs_search_slot_for_read 0 50843 NULL
+self_check_write_50856 self_check_write 0-5 50856 NULL
@@ -109074,8 +109478,8 @@ index 0000000..a0c9844
+load_pdptrs_51541 load_pdptrs 3 51541 NULL
+__alloc_eip_netdev_51549 __alloc_eip_netdev 1 51549 NULL
+ixgb_get_eeprom_len_51586 ixgb_get_eeprom_len 0 51586 NULL
-+get_cur_path_51589 get_cur_path 0 51589 NULL nohasharray
-+snd_interval_refine_first_51589 snd_interval_refine_first 0 51589 &get_cur_path_51589
++snd_interval_refine_first_51589 snd_interval_refine_first 0 51589 NULL nohasharray
++get_cur_path_51589 get_cur_path 0 51589 &snd_interval_refine_first_51589
+aac_convert_sgraw2_51598 aac_convert_sgraw2 4 51598 NULL
+table_size_to_number_of_entries_51613 table_size_to_number_of_entries 0-1 51613 NULL
+extent_fiemap_51621 extent_fiemap 3 51621 NULL
@@ -109111,8 +109515,8 @@ index 0000000..a0c9844
+get_indirect_ea_51869 get_indirect_ea 4 51869 NULL
+user_read_51881 user_read 3 51881 NULL
+dbAdjCtl_51888 dbAdjCtl 0 51888 NULL
-+SyS_mq_timedsend_51896 SyS_mq_timedsend 3 51896 NULL nohasharray
-+virt_to_phys_51896 virt_to_phys 0 51896 &SyS_mq_timedsend_51896
++virt_to_phys_51896 virt_to_phys 0 51896 NULL nohasharray
++SyS_mq_timedsend_51896 SyS_mq_timedsend 3 51896 &virt_to_phys_51896
+commit_fs_roots_51898 commit_fs_roots 0 51898 NULL
+uvhub_to_first_node_51916 uvhub_to_first_node 0 51916 NULL
+wmi_set_ie_51919 wmi_set_ie 3 51919 NULL
@@ -109311,6 +109715,7 @@ index 0000000..a0c9844
+dbAllocNext_53506 dbAllocNext 0 53506 NULL
+ocfs2_xattr_set_acl_53508 ocfs2_xattr_set_acl 4 53508 NULL
+check_acl_53512 check_acl 0 53512 NULL
++alloc_pages_exact_nid_53515 alloc_pages_exact_nid 1 53515 NULL
+send_utimes_53516 send_utimes 0 53516 NULL
+SYSC_bind_53582 SYSC_bind 3 53582 NULL
+cifs_utf16_bytes_53593 cifs_utf16_bytes 0 53593 NULL
@@ -109324,8 +109729,8 @@ index 0000000..a0c9844
+nr_sendmsg_53656 nr_sendmsg 4 53656 NULL
+fuse_fill_write_pages_53682 fuse_fill_write_pages 0-4 53682 NULL
+v4l2_event_subscribe_53687 v4l2_event_subscribe 3 53687 NULL
-+bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 NULL nohasharray
-+igb_alloc_q_vector_53690 igb_alloc_q_vector 6-4 53690 &bdev_logical_block_size_53690
++igb_alloc_q_vector_53690 igb_alloc_q_vector 6-4 53690 NULL nohasharray
++bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 &igb_alloc_q_vector_53690
+find_overflow_devnum_53711 find_overflow_devnum 0 53711 NULL
+bio_integrity_split_53714 bio_integrity_split 3 53714 NULL
+__ocfs2_resv_find_window_53721 __ocfs2_resv_find_window 3 53721 NULL
@@ -109414,7 +109819,7 @@ index 0000000..a0c9844
+ll_ra_count_get_54410 ll_ra_count_get 3 54410 NULL
+copy_gadget_strings_54417 copy_gadget_strings 3-2 54417 NULL
+btrfs_inc_extent_ref_54442 btrfs_inc_extent_ref 0 54442 NULL
-+sparse_early_mem_maps_alloc_node_54485 sparse_early_mem_maps_alloc_node 4 54485 NULL
++sparse_early_mem_maps_alloc_node_54485 sparse_early_mem_maps_alloc_node 4-5 54485 NULL
+simple_strtoull_54493 simple_strtoull 0 54493 NULL
+swiotlb_tbl_map_single_54495 swiotlb_tbl_map_single 0 54495 NULL
+btrfs_ordered_sum_size_54509 btrfs_ordered_sum_size 0-2 54509 NULL
@@ -109528,8 +109933,8 @@ index 0000000..a0c9844
+lov_get_stripecnt_55297 lov_get_stripecnt 0-3 55297 NULL
+gsm_control_modem_55303 gsm_control_modem 3 55303 NULL
+wimax_msg_len_55304 wimax_msg_len 0 55304 NULL
-+__get_vm_area_node_55305 __get_vm_area_node 6 55305 NULL nohasharray
-+qp_alloc_guest_work_55305 qp_alloc_guest_work 5-3 55305 &__get_vm_area_node_55305
++qp_alloc_guest_work_55305 qp_alloc_guest_work 5-3 55305 NULL nohasharray
++__get_vm_area_node_55305 __get_vm_area_node 6 55305 &qp_alloc_guest_work_55305
+__vxge_hw_vpath_initialize_55328 __vxge_hw_vpath_initialize 2 55328 NULL
+do_shmat_55336 do_shmat 5 55336 NULL
+vme_user_read_55338 vme_user_read 3 55338 NULL
@@ -109627,6 +110032,7 @@ index 0000000..a0c9844
+ocfs2_find_xe_in_bucket_56224 ocfs2_find_xe_in_bucket 0 56224 NULL
+do_ipt_set_ctl_56238 do_ipt_set_ctl 4 56238 NULL
+fd_copyin_56247 fd_copyin 3 56247 NULL
++svc_init_buffer_56249 svc_init_buffer 3 56249 NULL
+sk_rmem_schedule_56255 sk_rmem_schedule 3 56255 NULL
+p9pdu_vreadf_56271 p9pdu_vreadf 0 56271 NULL
+il4965_ucode_general_stats_read_56277 il4965_ucode_general_stats_read 3 56277 NULL
@@ -109713,8 +110119,8 @@ index 0000000..a0c9844
+__bitmap_clear_bits_56912 __bitmap_clear_bits 3 56912 NULL
+strcspn_56913 strcspn 0 56913 NULL
+__kfifo_out_56927 __kfifo_out 0-3 56927 NULL
-+CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 NULL nohasharray
-+journal_init_revoke_56933 journal_init_revoke 2 56933 &CopyBufferToControlPacket_56933
++journal_init_revoke_56933 journal_init_revoke 2 56933 NULL nohasharray
++CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 &journal_init_revoke_56933
+nouveau_xtensa_create__56952 nouveau_xtensa_create_ 8 56952 NULL
+diva_get_driver_info_56967 diva_get_driver_info 0 56967 NULL
+nouveau_device_create__56984 nouveau_device_create_ 6 56984 NULL
@@ -109830,8 +110236,8 @@ index 0000000..a0c9844
+kiblnd_create_tx_pool_57846 kiblnd_create_tx_pool 2 57846 NULL
+process_all_new_xattrs_57881 process_all_new_xattrs 0 57881 NULL
+xt_alloc_table_info_57903 xt_alloc_table_info 1 57903 NULL
-+iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 NULL nohasharray
-+atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 &iio_read_first_n_kfifo_57910
++atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 NULL nohasharray
++iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 &atomic_add_return_unchecked_57910
+memcg_caches_array_size_57918 memcg_caches_array_size 0-1 57918 NULL
+twl_i2c_write_57923 twl_i2c_write 3-4 57923 NULL
+__snd_gf1_look16_57925 __snd_gf1_look16 0 57925 NULL
@@ -109872,7 +110278,7 @@ index 0000000..a0c9844
+ieee80211_if_read_dot11MeshTTL_58307 ieee80211_if_read_dot11MeshTTL 3 58307 NULL
+i915_wait_seqno_58309 i915_wait_seqno 0 58309 NULL
+tx_tx_start_int_templates_read_58324 tx_tx_start_int_templates_read 3 58324 NULL
-+ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3 58331 NULL
++ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3-0 58331 NULL
+diva_init_dma_map_58336 diva_init_dma_map 3 58336 NULL
+__copy_from_user_swizzled_58337 __copy_from_user_swizzled 2-4 58337 NULL
+next_pidmap_58347 next_pidmap 2-0 58347 NULL
@@ -110003,6 +110409,7 @@ index 0000000..a0c9844
+btrfs_del_dir_entries_in_log_59490 btrfs_del_dir_entries_in_log 0 59490 NULL
+ib_copy_from_udata_59502 ib_copy_from_udata 3 59502 NULL
+rds_pin_pages_59507 rds_pin_pages 1-2 59507 NULL
++kmalloc_large_node_59542 kmalloc_large_node 3 59542 NULL
+ext4_resize_fs_59543 ext4_resize_fs 2 59543 NULL
+mpi_get_nbits_59551 mpi_get_nbits 0 59551 NULL
+tunables_write_59563 tunables_write 3 59563 NULL
@@ -110071,8 +110478,8 @@ index 0000000..a0c9844
+xlog_bread_offset_60030 xlog_bread_offset 3 60030 NULL
+bio_integrity_hw_sectors_60039 bio_integrity_hw_sectors 0-2 60039 NULL
+do_ip6t_set_ctl_60040 do_ip6t_set_ctl 4 60040 NULL
-+vcs_size_60050 vcs_size 0 60050 NULL nohasharray
-+pin_2_irq_60050 pin_2_irq 0-3 60050 &vcs_size_60050
++pin_2_irq_60050 pin_2_irq 0-3 60050 NULL nohasharray
++vcs_size_60050 vcs_size 0 60050 &pin_2_irq_60050
+gru_alloc_gts_60056 gru_alloc_gts 3-2 60056 NULL
+open_cur_inode_file_60057 open_cur_inode_file 0 60057 NULL
+compat_writev_60063 compat_writev 3 60063 NULL
@@ -110180,7 +110587,7 @@ index 0000000..a0c9844
+i40e_calculate_l2fpm_size_61104 i40e_calculate_l2fpm_size 0-1-2-3-4 61104 NULL
+alloc_chrdev_region_61112 alloc_chrdev_region 0 61112 NULL
+__probe_kernel_read_61119 __probe_kernel_read 3 61119 NULL
-+vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1 61126 NULL
++vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1-2 61126 NULL
+afs_proc_cells_write_61139 afs_proc_cells_write 3 61139 NULL
+brcmf_sdio_chip_cr4_exitdl_61143 brcmf_sdio_chip_cr4_exitdl 4 61143 NULL
+__vmalloc_61168 __vmalloc 1 61168 NULL
@@ -110232,6 +110639,7 @@ index 0000000..a0c9844
+trace_options_core_write_61551 trace_options_core_write 3 61551 NULL
+o2hb_pop_count_61553 o2hb_pop_count 2 61553 NULL
+dvb_net_ioctl_61559 dvb_net_ioctl 2 61559 NULL
++alloc_pgtable_page_61562 alloc_pgtable_page 1 61562 NULL
+parport_pc_fifo_write_block_dma_61568 parport_pc_fifo_write_block_dma 3 61568 NULL
+fan_proc_write_61569 fan_proc_write 3 61569 NULL
+ieee80211_if_read_rc_rateidx_mask_2ghz_61570 ieee80211_if_read_rc_rateidx_mask_2ghz 3 61570 NULL
@@ -110326,6 +110734,7 @@ index 0000000..a0c9844
+sparse_early_usemaps_alloc_pgdat_section_62304 sparse_early_usemaps_alloc_pgdat_section 2 62304 NULL
+ocfs2_find_victim_alloc_group_62306 ocfs2_find_victim_alloc_group 0 62306 NULL
+subsystem_filter_read_62310 subsystem_filter_read 3 62310 NULL
++vmemmap_pgd_populate_62315 vmemmap_pgd_populate 2 62315 NULL
+timespec_to_jiffies_62321 timespec_to_jiffies 0 62321 NULL
+Wb35Reg_BurstWrite_62327 Wb35Reg_BurstWrite 4 62327 NULL
+subseq_list_62332 subseq_list 3-0 62332 NULL
@@ -110699,12 +111108,12 @@ index 0000000..a0c9844
+nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..5515dcb
+index 0000000..50f8464
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,3927 @@
+@@ -0,0 +1,4072 @@
+/*
-+ * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@gmail.com>
++ * Copyright 2011, 2012, 2013, 2014 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
+ *
+ * Homepage:
@@ -110763,9 +111172,9 @@ index 0000000..5515dcb
+#define MIN_CHECK true
+#define MAX_CHECK false
+
-+#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF\n\t"
-+#define YES_ASM_STR "# size_overflow MARK_YES\n\t"
-+#define OK_ASM_STR "# size_overflow\n\t"
++#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF "
++#define YES_ASM_STR "# size_overflow MARK_YES "
++#define OK_ASM_STR "# size_overflow "
+
+#if BUILDING_GCC_VERSION == 4005
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
@@ -110832,7 +111241,7 @@ index 0000000..5515dcb
+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3);
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20131214beta",
++ .version = "20140111beta",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
@@ -112922,7 +113331,7 @@ index 0000000..5515dcb
+ str = get_asm_string(stmt);
+ if (!str)
+ return false;
-+ return !strcmp(str, TURN_OFF_ASM_STR);
++ return !strncmp(str, TURN_OFF_ASM_STR, sizeof(TURN_OFF_ASM_STR) - 1);
+}
+
+static bool is_size_overflow_intentional_asm_yes(const_gimple stmt)
@@ -112932,7 +113341,7 @@ index 0000000..5515dcb
+ str = get_asm_string(stmt);
+ if (!str)
+ return false;
-+ return !strcmp(str, YES_ASM_STR);
++ return !strncmp(str, YES_ASM_STR, sizeof(YES_ASM_STR) - 1);
+}
+
+static bool is_size_overflow_asm(const_gimple stmt)
@@ -112942,7 +113351,7 @@ index 0000000..5515dcb
+ str = get_asm_string(stmt);
+ if (!str)
+ return false;
-+ return !strncmp(str, "# size_overflow", 15);
++ return !strncmp(str, OK_ASM_STR, sizeof(OK_ASM_STR) - 1);
+}
+
+static void print_missing_intentional(enum mark callee_attr, enum mark caller_attr, const_tree decl, unsigned int argnum)
@@ -114040,9 +114449,8 @@ index 0000000..5515dcb
+
+ switch (cur_fndecl_attr) {
+ case MARK_NO:
-+ return MARK_NO;
+ case MARK_TURN_OFF:
-+ return MARK_TURN_OFF;
++ return cur_fndecl_attr;
+ default:
+ print_missing_intentional(decl_attr, cur_fndecl_attr, fndecl, argnum);
+ return MARK_YES;
@@ -114182,6 +114590,23 @@ index 0000000..5515dcb
+ update_stmt(stmt);
+}
+
++static char *create_asm_comment(unsigned int argnum, const_gimple stmt , const char *mark_str)
++{
++ const char *fn_name;
++ char *asm_comment;
++ unsigned int len;
++
++ if (argnum == 0)
++ fn_name = NAME(current_function_decl);
++ else
++ fn_name = NAME(gimple_call_fndecl(stmt));
++
++ len = asprintf(&asm_comment, "%s %s %u", mark_str, fn_name, argnum);
++ gcc_assert(len > 0);
++
++ return asm_comment;
++}
++
+static const char *convert_mark_to_str(enum mark mark)
+{
+ switch (mark) {
@@ -114210,8 +114635,6 @@ index 0000000..5515dcb
+ return;
+ }
+
-+ gcc_assert(!is_size_overflow_intentional_asm_turn_off(asm_data->def_stmt));
-+
+ asm_data->input = create_new_var(TREE_TYPE(asm_data->output));
+ asm_data->input = make_ssa_name(asm_data->input, asm_data->def_stmt);
+
@@ -114225,16 +114648,20 @@ index 0000000..5515dcb
+ break;
+ case GIMPLE_NOP: {
+ enum mark mark;
-+ const char *str;
++ const char *mark_str;
++ char *asm_comment;
+
+ mark = check_intentional_attribute_gimple(asm_data->output, stmt, argnum);
-+ str = convert_mark_to_str(mark);
+
+ asm_data->input = asm_data->output;
+ asm_data->output = NULL;
+ asm_data->def_stmt = stmt;
+
-+ create_asm_stmt(str, build_string(2, "rm"), NULL, asm_data);
++ mark_str = convert_mark_to_str(mark);
++ asm_comment = create_asm_comment(argnum, stmt, mark_str);
++
++ create_asm_stmt(asm_comment, build_string(2, "rm"), NULL, asm_data);
++ free(asm_comment);
+ asm_data->input = NULL_TREE;
+ break;
+ }
@@ -114257,7 +114684,8 @@ index 0000000..5515dcb
+static void create_size_overflow_asm(gimple stmt, tree output_node, unsigned int argnum)
+{
+ struct asm_data asm_data;
-+ const char *str;
++ const char *mark_str;
++ char *asm_comment;
+ enum mark mark;
+
+ if (is_gimple_constant(output_node))
@@ -114265,18 +114693,156 @@ index 0000000..5515dcb
+
+ asm_data.output = output_node;
+ mark = check_intentional_attribute_gimple(asm_data.output, stmt, argnum);
-+ if (mark == MARK_TURN_OFF)
-+ return;
-+
-+ search_missing_size_overflow_attribute_gimple(stmt, argnum);
++ if (mark != MARK_TURN_OFF)
++ search_missing_size_overflow_attribute_gimple(stmt, argnum);
+
+ asm_data.def_stmt = get_def_stmt(asm_data.output);
++ if (is_size_overflow_intentional_asm_turn_off(asm_data.def_stmt))
++ return;
++
+ create_asm_input(stmt, argnum, &asm_data);
+ if (asm_data.input == NULL_TREE)
+ return;
+
-+ str = convert_mark_to_str(mark);
-+ create_asm_stmt(str, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
++ mark_str = convert_mark_to_str(mark);
++ asm_comment = create_asm_comment(argnum, stmt, mark_str);
++ create_asm_stmt(asm_comment, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
++ free(asm_comment);
++}
++
++// Insert an asm stmt with "MARK_TURN_OFF", "MARK_YES" or "MARK_NOT_INTENTIONAL".
++static bool create_mark_asm(gimple stmt, enum mark mark)
++{
++ struct asm_data asm_data;
++ const char *asm_str;
++
++ switch (mark) {
++ case MARK_TURN_OFF:
++ asm_str = TURN_OFF_ASM_STR;
++ break;
++ case MARK_NOT_INTENTIONAL:
++ case MARK_YES:
++ asm_str = YES_ASM_STR;
++ break;
++ default:
++ gcc_unreachable();
++ }
++
++ asm_data.def_stmt = stmt;
++ asm_data.output = gimple_call_lhs(stmt);
++
++ if (asm_data.output == NULL_TREE) {
++ asm_data.input = gimple_call_arg(stmt, 0);
++ if (is_gimple_constant(asm_data.input))
++ return false;
++ asm_data.output = NULL;
++ create_asm_stmt(asm_str, build_string(2, "rm"), NULL, &asm_data);
++ return true;
++ }
++
++ create_asm_input(stmt, 0, &asm_data);
++ gcc_assert(asm_data.input != NULL_TREE);
++
++ create_asm_stmt(asm_str, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
++ return true;
++}
++
++static bool is_from_cast(const_tree node)
++{
++ gimple def_stmt = get_def_stmt(node);
++
++ if (!def_stmt)
++ return false;
++
++ if (gimple_assign_cast_p(def_stmt))
++ return true;
++
++ return false;
++}
++
++// Skip duplication when there is a minus expr and the type of rhs1 or rhs2 is a pointer_type.
++static bool skip_ptr_minus(gimple stmt)
++{
++ const_tree rhs1, rhs2, ptr1_rhs, ptr2_rhs;
++
++ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
++ return false;
++
++ rhs1 = gimple_assign_rhs1(stmt);
++ if (!is_from_cast(rhs1))
++ return false;
++
++ rhs2 = gimple_assign_rhs2(stmt);
++ if (!is_from_cast(rhs2))
++ return false;
++
++ ptr1_rhs = gimple_assign_rhs1(get_def_stmt(rhs1));
++ ptr2_rhs = gimple_assign_rhs1(get_def_stmt(rhs2));
++
++ if (TREE_CODE(TREE_TYPE(ptr1_rhs)) != POINTER_TYPE && TREE_CODE(TREE_TYPE(ptr2_rhs)) != POINTER_TYPE)
++ return false;
++
++ create_mark_asm(stmt, MARK_YES);
++ return true;
++}
++
++static void walk_use_def_ptr(struct pointer_set_t *visited, const_tree lhs)
++{
++ gimple def_stmt;
++
++ def_stmt = get_def_stmt(lhs);
++ if (!def_stmt)
++ return;
++
++ if (pointer_set_insert(visited, def_stmt))
++ return;
++
++ switch (gimple_code(def_stmt)) {
++ case GIMPLE_NOP:
++ case GIMPLE_ASM:
++ case GIMPLE_CALL:
++ break;
++ case GIMPLE_PHI: {
++ unsigned int i, n = gimple_phi_num_args(def_stmt);
++
++ pointer_set_insert(visited, def_stmt);
++
++ for (i = 0; i < n; i++) {
++ tree arg = gimple_phi_arg_def(def_stmt, i);
++
++ walk_use_def_ptr(visited, arg);
++ }
++ }
++ case GIMPLE_ASSIGN:
++ switch (gimple_num_ops(def_stmt)) {
++ case 2:
++ walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt));
++ return;
++ case 3:
++ if (skip_ptr_minus(def_stmt))
++ return;
++
++ walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt));
++ walk_use_def_ptr(visited, gimple_assign_rhs2(def_stmt));
++ return;
++ default:
++ return;
++ }
++ default:
++ debug_gimple_stmt((gimple)def_stmt);
++ error("%s: unknown gimple code", __func__);
++ gcc_unreachable();
++ }
++}
++
++// Look for a ptr - ptr expression (e.g., cpuset_common_file_read() s - page)
++static void insert_mark_not_intentional_asm_at_ptr(const_tree arg)
++{
++ struct pointer_set_t *visited;
++
++ visited = pointer_set_create();
++ walk_use_def_ptr(visited, arg);
++ pointer_set_destroy(visited);
+}
+
+// Determine the return value and insert the asm stmt to mark the return stmt.
@@ -114301,6 +114867,10 @@ index 0000000..5515dcb
+
+ arg = gimple_call_arg(stmt, argnum - 1);
+ gcc_assert(arg != NULL_TREE);
++
++ // skip all ptr - ptr expressions
++ insert_mark_not_intentional_asm_at_ptr(arg);
++
+ create_size_overflow_asm(stmt, arg, argnum);
+}
+
@@ -114360,35 +114930,17 @@ index 0000000..5515dcb
+
+/*
+ * Look up the intentional_overflow attribute that turns off ipa based duplication
-+ * on the callee function, if found insert an asm stmt with "MARK_TURN_OFF".
++ * on the callee function.
+ */
-+static bool create_mark_turn_off_asm(gimple stmt)
++static bool is_mark_turn_off_attribute(gimple stmt)
+{
+ enum mark mark;
-+ struct asm_data asm_data;
+ const_tree fndecl = gimple_call_fndecl(stmt);
+
+ mark = get_intentional_attr_type(DECL_ORIGIN(fndecl));
-+ if (mark != MARK_TURN_OFF)
-+ return false;
-+
-+ asm_data.def_stmt = stmt;
-+ asm_data.output = gimple_call_lhs(stmt);
-+
-+ if (asm_data.output == NULL_TREE) {
-+ asm_data.input = gimple_call_arg(stmt, 0);
-+ if (is_gimple_constant(asm_data.input))
-+ return false;
-+ asm_data.output = NULL;
-+ create_asm_stmt(TURN_OFF_ASM_STR, build_string(2, "rm"), NULL, &asm_data);
++ if (mark == MARK_TURN_OFF)
+ return true;
-+ }
-+
-+ create_asm_input(stmt, 0, &asm_data);
-+ gcc_assert(asm_data.input != NULL_TREE);
-+
-+ create_asm_stmt(TURN_OFF_ASM_STR, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
-+ return true;
++ return false;
+}
+
+// If the argument(s) of the callee function is/are in the hash table or are marked by an attribute then mark the call stmt with an asm stmt
@@ -114405,8 +114957,10 @@ index 0000000..5515dcb
+ return;
+ fndecl = DECL_ORIGIN(fndecl);
+
-+ if (create_mark_turn_off_asm(stmt))
++ if (is_mark_turn_off_attribute(stmt)) {
++ create_mark_asm(stmt, MARK_TURN_OFF);
+ return;
++ }
+
+ search_interesting_args(fndecl, orig_argnums);
+