aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-virt-grsec/APKBUILD28
-rw-r--r--main/linux-virt-grsec/grsecurity-3.0-3.14.16-201408110024.patch (renamed from main/linux-virt-grsec/grsecurity-3.0-3.14.15-201408032014.patch)462
-rw-r--r--main/linux-virt-grsec/kernelconfig.x861
-rw-r--r--main/linux-virt-grsec/kernelconfig.x86_641
4 files changed, 236 insertions, 256 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
index 5259119e45..057f0bab38 100644
--- a/main/linux-virt-grsec/APKBUILD
+++ b/main/linux-virt-grsec/APKBUILD
@@ -3,7 +3,7 @@
_flavor=virt-grsec
pkgname=linux-${_flavor}
-pkgver=3.14.15
+pkgver=3.14.16
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-$pkgver-201408032014.patch
+ grsecurity-3.0-$pkgver-201408110024.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -146,23 +146,23 @@ dev() {
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
-497579393986bb76e08abc355e59550c patch-3.14.15.xz
-d1d5b12a0a0f0f8dd8588d42bd3b2375 grsecurity-3.0-3.14.15-201408032014.patch
+0c17d6e79e240062a36d4a71a2f7d1f2 patch-3.14.16.xz
+cba8b3e01874c01f982a360cc3aad33f grsecurity-3.0-3.14.16-201408110024.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
-74884a16fa9c58e0cabfaf57c8b64678 kernelconfig.x86
-ef60383e07d9e7df6c474a03f3f56782 kernelconfig.x86_64"
+6b30dd8284f37ecc244d556bebf32046 kernelconfig.x86
+8df8378d305bdd302b01293ff44e982d kernelconfig.x86_64"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
-fd0fff77dd5274fd53bce431275cf203357d1a96a6c6129f0562b07232399ed2 patch-3.14.15.xz
-c52e543a680cf82721aa378251fd66f223a03a294343ae9500bc6d1d59771f8f grsecurity-3.0-3.14.15-201408032014.patch
+3d3e79fd9795812f293aa38799c056aaea0f14da8294b31067f7768e9f38db2d patch-3.14.16.xz
+e27fc08381e4937347b426e5f68149a0917dce79ef4f962b106ae158cdb4a619 grsecurity-3.0-3.14.16-201408110024.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
-0afbfb07b8c1eaf741593da97ad15ab34196afe541a82efc66cb8648c36c6c68 kernelconfig.x86
-92aa8a3f494732762deec3adfe34b0578bf86310c45eafb678c3c518e6ef578f kernelconfig.x86_64"
+5e06e22ca723e50ae9f4bfabdda2e738f7b28cbbfe77b6be295285d6cd75c916 kernelconfig.x86
+0ec1e1eb4445bd9751cb98a55afd4a430bed08e8d8c3c0a107d2f14ec5746dd2 kernelconfig.x86_64"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
-9a9d99a5e6f724f3c7063212ce7187e1bf15a1931aacc0e56fcb46b5f1f8266c47dd61ca0dafdfeb27a7348817629fa2d26df0f0d6f36d7ceab6295b39a5e5d9 patch-3.14.15.xz
-2edef8d733b2fbfeb65de833e85d2f2693967263e8b8faf7838192af763b6868ad41daaf71d26327566ab5a8184a87be159388a1ceb48bea88ece1fbc0adaf19 grsecurity-3.0-3.14.15-201408032014.patch
+3004ce119ee9d6a13c8d1af6c3e1bd96794c89a98e914c0a0d80ff96c2a6f41ed3d2108aa86312d4b08646a38c9b47478c136252418a4964476b624e5e1fae70 patch-3.14.16.xz
+f4a1dec548fb2bb2791d3b4a3e53a4f5f52fef95cd81e4d2dac0749474ff646b51b7f06eb9d83b27c9882e803164f7e60139d9781b144a7eba0819d565cf23b3 grsecurity-3.0-3.14.16-201408110024.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
-324513d75def9fb78ccc5f446e1fae28e7069e94c1ebac406776750cd05f1bf6f0f8a9216543ee6bf82a68d9834e2a1404093d92cc2acd2cb28e3f9a478ad0c6 kernelconfig.x86
-b75e13eb31d7a22cb0216e5e04130f58a428932dde6233e0d430071ab4dcc620d5f05e20c6ff2be01a6ec465e7f5136644443e366f6f38029b64650218d0a595 kernelconfig.x86_64"
+29dc4bbde6052bb16200d87b7137717a053ad3c716a305a51d2b523531f35c1a7e144099f7a251c85849c9117a65ed961262dd314e0832f58750f489aeb1440e kernelconfig.x86
+74b647b4a05414fac76068869aa8a84e2a5c6e571dc40abb1532b8d2ac7c6577011be3ae5fb307fa63bd9f1ee184f993ded5ed15dd94311cbbf9086f12a79de8 kernelconfig.x86_64"
diff --git a/main/linux-virt-grsec/grsecurity-3.0-3.14.15-201408032014.patch b/main/linux-virt-grsec/grsecurity-3.0-3.14.16-201408110024.patch
index 96db0fa027..cd58a6f54d 100644
--- a/main/linux-virt-grsec/grsecurity-3.0-3.14.15-201408032014.patch
+++ b/main/linux-virt-grsec/grsecurity-3.0-3.14.16-201408110024.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 188523e..5c8d8ee 100644
+index 8b22e24..7f4d29b 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -313,10 +313,13 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -585,6 +586,72 @@ else
+@@ -585,6 +586,75 @@ else
KBUILD_CFLAGS += -O2
endif
++# Tell gcc to never replace conditional load with a non-conditional one
++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++
+ifndef DISABLE_PAX_PLUGINS
+ifeq ($(call cc-ifversion, -ge, 0408, y), y)
+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
@@ -386,7 +389,7 @@ index 188523e..5c8d8ee 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifdef CONFIG_READABLE_ASM
-@@ -781,7 +848,7 @@ export mod_sign_cmd
+@@ -781,7 +851,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -395,7 +398,7 @@ index 188523e..5c8d8ee 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -830,6 +897,8 @@ endif
+@@ -830,6 +900,8 @@ endif
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -404,7 +407,7 @@ index 188523e..5c8d8ee 100644
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -839,7 +908,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -839,7 +911,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -413,7 +416,7 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=$@
define filechk_kernel.release
-@@ -882,10 +951,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -882,10 +954,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -427,7 +430,7 @@ index 188523e..5c8d8ee 100644
prepare: prepare0
# Generate some files
-@@ -993,6 +1065,8 @@ all: modules
+@@ -993,6 +1068,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -436,7 +439,7 @@ index 188523e..5c8d8ee 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1008,7 +1082,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1008,7 +1085,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -445,7 +448,7 @@ index 188523e..5c8d8ee 100644
# Target to install modules
PHONY += modules_install
-@@ -1074,7 +1148,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1074,7 +1151,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
@@ -457,7 +460,7 @@ index 188523e..5c8d8ee 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1113,7 +1190,7 @@ distclean: mrproper
+@@ -1113,7 +1193,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -466,7 +469,7 @@ index 188523e..5c8d8ee 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1275,6 +1352,8 @@ PHONY += $(module-dirs) modules
+@@ -1275,6 +1355,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -475,7 +478,7 @@ index 188523e..5c8d8ee 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1414,17 +1493,21 @@ else
+@@ -1414,17 +1496,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -501,7 +504,7 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1434,11 +1517,15 @@ endif
+@@ -1434,11 +1520,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -4329,7 +4332,7 @@ index 5e85ed3..b10a7ed 100644
}
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index b68c6b2..f66c492 100644
+index f15c22e..d830561 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -39,6 +39,22 @@
@@ -12643,7 +12646,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 7324107..a63fd9f 100644
+index c718d9f..511e6fa 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -126,7 +126,7 @@ config X86
@@ -12672,7 +12675,7 @@ index 7324107..a63fd9f 100644
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -1112,7 +1113,7 @@ choice
+@@ -1129,7 +1130,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12681,7 +12684,7 @@ index 7324107..a63fd9f 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1149,7 +1150,7 @@ config NOHIGHMEM
+@@ -1166,7 +1167,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12690,7 +12693,7 @@ index 7324107..a63fd9f 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1202,7 +1203,7 @@ config PAGE_OFFSET
+@@ -1219,7 +1220,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12699,7 +12702,7 @@ index 7324107..a63fd9f 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1606,6 +1607,7 @@ source kernel/Kconfig.hz
+@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -12707,7 +12710,7 @@ index 7324107..a63fd9f 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1757,7 +1759,9 @@ config X86_NEED_RELOCS
+@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12718,7 +12721,7 @@ index 7324107..a63fd9f 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -1837,9 +1841,10 @@ config DEBUG_HOTPLUG_CPU0
+@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0
If unsure, say N.
config COMPAT_VDSO
@@ -17184,7 +17187,7 @@ index 91d9c69..dfae7d0 100644
* Convert a virtual cached pointer to an uncached pointer
*/
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
-index bba3cf8..06bc8da 100644
+index 0a8b519..80e7d5b 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void)
@@ -18395,21 +18398,24 @@ index e22c1db..23a625a 100644
}
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
-index c883bf7..19970b3 100644
+index 7166e25..baaa6fe 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
-@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t;
+@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t;
#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
#define MODULES_END _AC(0xffffffffff000000, UL)
#define MODULES_LEN (MODULES_END - MODULES_VADDR)
+#define MODULES_EXEC_VADDR MODULES_VADDR
+#define MODULES_EXEC_END MODULES_END
-+
+ #define ESPFIX_PGD_ENTRY _AC(-2, UL)
+ #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT)
+
+#define ktla_ktva(addr) (addr)
+#define ktva_ktla(addr) (addr)
-
++
#define EARLY_DYNAMIC_PAGE_TABLES 64
+ #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 94e40f1..ebd03e4 100644
--- a/arch/x86/include/asm/pgtable_types.h
@@ -20768,7 +20774,7 @@ index 7b0a55a..ad115bf 100644
/* top of stack page */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index cb648c8..91cb07e 100644
+index 56bac86..9d8df82 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o
@@ -22489,7 +22495,7 @@ index 01d1c18..8073693 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index c87810b..413d83f 100644
+index c5a9cb9..228d280 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -177,13 +177,153 @@
@@ -22848,7 +22854,7 @@ index c87810b..413d83f 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -577,14 +784,34 @@ ldt_ss:
+@@ -580,14 +787,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -22886,7 +22892,7 @@ index c87810b..413d83f 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -613,20 +840,18 @@ work_resched:
+@@ -617,20 +844,18 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -22909,7 +22915,7 @@ index c87810b..413d83f 100644
#endif
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -647,7 +872,7 @@ work_notifysig_v86:
+@@ -651,7 +876,7 @@ work_notifysig_v86:
movl %eax, %esp
jmp 1b
#endif
@@ -22918,7 +22924,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -655,11 +880,14 @@ syscall_trace_entry:
+@@ -659,11 +884,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -22934,7 +22940,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -672,26 +900,30 @@ syscall_exit_work:
+@@ -676,26 +904,30 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -22969,9 +22975,9 @@ index c87810b..413d83f 100644
CFI_ENDPROC
/*
* End of kprobes section
-@@ -707,8 +939,15 @@ END(syscall_badsys)
- * normal stack and adjusts ESP with the matching offset.
+@@ -712,8 +944,15 @@ END(syscall_badsys)
*/
+ #ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
- mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
- mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
@@ -22987,7 +22993,7 @@ index c87810b..413d83f 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -761,7 +1000,7 @@ vector=vector+1
+@@ -769,7 +1008,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -22996,7 +23002,7 @@ index c87810b..413d83f 100644
.previous
END(interrupt)
-@@ -822,7 +1061,7 @@ ENTRY(coprocessor_error)
+@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -23005,7 +23011,7 @@ index c87810b..413d83f 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error)
+@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error)
.section .altinstructions,"a"
altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
.previous
@@ -23014,7 +23020,7 @@ index c87810b..413d83f 100644
663: pushl $do_simd_coprocessor_error
664:
.previous
-@@ -844,7 +1083,7 @@ ENTRY(simd_coprocessor_error)
+@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -23023,7 +23029,7 @@ index c87810b..413d83f 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -853,18 +1092,18 @@ ENTRY(device_not_available)
+@@ -861,18 +1100,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -23045,7 +23051,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(overflow)
-@@ -874,7 +1113,7 @@ ENTRY(overflow)
+@@ -882,7 +1121,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -23054,7 +23060,7 @@ index c87810b..413d83f 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -883,7 +1122,7 @@ ENTRY(bounds)
+@@ -891,7 +1130,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -23063,7 +23069,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -892,7 +1131,7 @@ ENTRY(invalid_op)
+@@ -900,7 +1139,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -23072,7 +23078,7 @@ index c87810b..413d83f 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -901,7 +1140,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -23081,7 +23087,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -909,7 +1148,7 @@ ENTRY(invalid_TSS)
+@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
@@ -23090,7 +23096,7 @@ index c87810b..413d83f 100644
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -917,7 +1156,7 @@ ENTRY(segment_not_present)
+@@ -925,7 +1164,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
@@ -23099,7 +23105,7 @@ index c87810b..413d83f 100644
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -925,7 +1164,7 @@ ENTRY(stack_segment)
+@@ -933,7 +1172,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
@@ -23108,7 +23114,7 @@ index c87810b..413d83f 100644
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -933,7 +1172,7 @@ ENTRY(alignment_check)
+@@ -941,7 +1180,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
@@ -23117,7 +23123,7 @@ index c87810b..413d83f 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -942,7 +1181,7 @@ ENTRY(divide_error)
+@@ -950,7 +1189,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -23126,7 +23132,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -952,7 +1191,7 @@ ENTRY(machine_check)
+@@ -960,7 +1199,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -23135,7 +23141,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -962,7 +1201,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -23144,7 +23150,7 @@ index c87810b..413d83f 100644
/*
* End of kprobes section
*/
-@@ -1072,7 +1311,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -23153,7 +23159,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1105,7 +1344,7 @@ ftrace_graph_call:
+@@ -1113,7 +1352,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -23162,7 +23168,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1209,7 +1448,7 @@ trace:
+@@ -1217,7 +1456,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -23171,7 +23177,7 @@ index c87810b..413d83f 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1227,7 +1466,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -23180,7 +23186,7 @@ index c87810b..413d83f 100644
.globl return_to_handler
return_to_handler:
-@@ -1293,15 +1532,18 @@ error_code:
+@@ -1301,15 +1540,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -23201,7 +23207,7 @@ index c87810b..413d83f 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1344,7 +1586,7 @@ debug_stack_correct:
+@@ -1352,7 +1594,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -23210,7 +23216,7 @@ index c87810b..413d83f 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1382,6 +1624,9 @@ nmi_stack_correct:
+@@ -1392,6 +1634,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -23220,7 +23226,7 @@ index c87810b..413d83f 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1418,12 +1663,15 @@ nmi_espfix_stack:
+@@ -1429,13 +1674,16 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -23231,13 +23237,14 @@ index c87810b..413d83f 100644
lss 12+4(%esp), %esp # back to espfix stack
CFI_ADJUST_CFA_OFFSET -24
jmp irq_return
+ #endif
CFI_ENDPROC
-END(nmi)
+ENDPROC(nmi)
ENTRY(int3)
RING0_INT_FRAME
-@@ -1436,14 +1684,14 @@ ENTRY(int3)
+@@ -1448,14 +1696,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -23254,7 +23261,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1452,7 +1700,7 @@ ENTRY(async_page_fault)
+@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -23264,19 +23271,19 @@ index c87810b..413d83f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 1e96c36..3ff710a 100644
+index 03cd2a8..05a9aed 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -59,6 +59,8 @@
- #include <asm/context_tracking.h>
+@@ -60,6 +60,8 @@
#include <asm/smap.h>
+ #include <asm/pgtable_types.h>
#include <linux/err.h>
+#include <asm/pgtable.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -80,8 +82,9 @@
+@@ -81,8 +83,9 @@
#ifdef CONFIG_DYNAMIC_FTRACE
ENTRY(function_hook)
@@ -23287,7 +23294,7 @@ index 1e96c36..3ff710a 100644
/* skip is set if stack has been adjusted */
.macro ftrace_caller_setup skip=0
-@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call)
+@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call)
#endif
GLOBAL(ftrace_stub)
@@ -23298,7 +23305,7 @@ index 1e96c36..3ff710a 100644
ENTRY(ftrace_regs_caller)
/* Save the current flags before compare (in SS location)*/
-@@ -191,7 +195,7 @@ ftrace_restore_flags:
+@@ -192,7 +196,7 @@ ftrace_restore_flags:
popfq
jmp ftrace_stub
@@ -23307,7 +23314,7 @@ index 1e96c36..3ff710a 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -212,6 +216,7 @@ ENTRY(function_hook)
+@@ -213,6 +217,7 @@ ENTRY(function_hook)
#endif
GLOBAL(ftrace_stub)
@@ -23315,7 +23322,7 @@ index 1e96c36..3ff710a 100644
retq
trace:
-@@ -225,12 +230,13 @@ trace:
+@@ -226,12 +231,13 @@ trace:
#endif
subq $MCOUNT_INSN_SIZE, %rdi
@@ -23330,7 +23337,7 @@ index 1e96c36..3ff710a 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller)
+@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller)
MCOUNT_RESTORE_FRAME
@@ -23341,7 +23348,7 @@ index 1e96c36..3ff710a 100644
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -269,7 +276,9 @@ GLOBAL(return_to_handler)
+@@ -270,7 +277,9 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
@@ -23351,7 +23358,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64)
+@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -23782,7 +23789,7 @@ index 1e96c36..3ff710a 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
@@ -23791,7 +23798,7 @@ index 1e96c36..3ff710a 100644
jnc 1f
TRACE_IRQS_ON_DEBUG
1:
-@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64)
+@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64)
movq \tmp,R11+\offset(%rsp)
.endm
@@ -23819,7 +23826,7 @@ index 1e96c36..3ff710a 100644
/*
* initial frame state for interrupts (and exceptions without error code)
*/
-@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64)
+@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64)
/* save partial stack frame */
.macro SAVE_ARGS_IRQ
cld
@@ -23859,7 +23866,7 @@ index 1e96c36..3ff710a 100644
je 1f
SWAPGS
/*
-@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64)
+@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64)
0x06 /* DW_OP_deref */, \
0x08 /* DW_OP_const1u */, SS+8-RBP, \
0x22 /* DW_OP_plus */
@@ -23878,7 +23885,7 @@ index 1e96c36..3ff710a 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
.endm
-@@ -514,9 +939,52 @@ ENTRY(save_paranoid)
+@@ -515,9 +940,52 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -23933,7 +23940,7 @@ index 1e96c36..3ff710a 100644
.popsection
/*
-@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork)
+@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23942,7 +23949,7 @@ index 1e96c36..3ff710a 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork)
+@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
1:
@@ -23959,7 +23966,7 @@ index 1e96c36..3ff710a 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -593,7 +1059,7 @@ END(ret_from_fork)
+@@ -594,7 +1060,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23968,7 +23975,7 @@ index 1e96c36..3ff710a 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23994,7 +24001,7 @@ index 1e96c36..3ff710a 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -639,10 +1112,13 @@ sysret_check:
+@@ -640,10 +1113,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -24009,7 +24016,7 @@ index 1e96c36..3ff710a 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -701,6 +1177,9 @@ auditsys:
+@@ -702,6 +1178,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -24019,7 +24026,7 @@ index 1e96c36..3ff710a 100644
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -722,7 +1201,7 @@ sysret_audit:
+@@ -723,7 +1202,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -24028,7 +24035,7 @@ index 1e96c36..3ff710a 100644
jz auditsys
#endif
SAVE_REST
-@@ -730,12 +1209,15 @@ tracesys:
+@@ -731,12 +1210,15 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -24045,7 +24052,7 @@ index 1e96c36..3ff710a 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -765,7 +1247,9 @@ GLOBAL(int_with_check)
+@@ -766,7 +1248,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -24056,7 +24063,7 @@ index 1e96c36..3ff710a 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -811,7 +1295,7 @@ int_restore_rest:
+@@ -812,7 +1296,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -24065,7 +24072,7 @@ index 1e96c36..3ff710a 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -824,9 +1308,10 @@ ENTRY(stub_\func)
+@@ -825,9 +1309,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -24078,7 +24085,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro FIXED_FRAME label,func
-@@ -836,9 +1321,10 @@ ENTRY(\label)
+@@ -837,9 +1322,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -24090,7 +24097,7 @@ index 1e96c36..3ff710a 100644
.endm
FORK_LIKE clone
-@@ -846,19 +1332,6 @@ END(\label)
+@@ -847,19 +1333,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -24110,7 +24117,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -870,7 +1343,7 @@ ENTRY(stub_execve)
+@@ -871,7 +1344,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24119,7 +24126,7 @@ index 1e96c36..3ff710a 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24128,7 +24135,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24137,7 +24144,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve)
+@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24146,7 +24153,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -952,7 +1425,7 @@ vector=vector+1
+@@ -953,7 +1426,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -24155,7 +24162,7 @@ index 1e96c36..3ff710a 100644
.previous
END(interrupt)
-@@ -969,8 +1442,8 @@ END(interrupt)
+@@ -970,8 +1443,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -24166,7 +24173,7 @@ index 1e96c36..3ff710a 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -997,14 +1470,14 @@ ret_from_intr:
+@@ -998,14 +1471,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -24185,7 +24192,7 @@ index 1e96c36..3ff710a 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */
+@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -24202,16 +24209,32 @@ index 1e96c36..3ff710a 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel)
+@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel)
+ jmp exit_intr
#endif
-
CFI_ENDPROC
-END(common_interrupt)
+ENDPROC(common_interrupt)
- /*
- * End of kprobes section
- */
-@@ -1130,7 +1607,7 @@ ENTRY(\sym)
+
+ /*
+ * If IRET takes a fault on the espfix stack, then we
+@@ -1167,13 +1644,13 @@ __do_double_fault:
+ cmpq $native_irq_return_iret,%rax
+ jne do_double_fault /* This shouldn't happen... */
+ movq PER_CPU_VAR(kernel_stack),%rax
+- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */
++ subq $(6*8),%rax /* Reset to original stack */
+ movq %rax,RSP(%rdi)
+ movq $0,(%rax) /* Missing (lost) #GP error code */
+ movq $general_protection,RIP(%rdi)
+ retq
+ CFI_ENDPROC
+-END(__do_double_fault)
++ENDPROC(__do_double_fault)
+ #else
+ # define __do_double_fault do_double_fault
+ #endif
+@@ -1195,7 +1672,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -24220,7 +24243,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1218,7 +1695,7 @@ ENTRY(\sym)
+@@ -1283,7 +1760,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24229,7 +24252,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1236,10 +1713,10 @@ ENTRY(\sym)
+@@ -1301,10 +1778,10 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24242,7 +24265,7 @@ index 1e96c36..3ff710a 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1252,12 +1729,18 @@ ENTRY(\sym)
+@@ -1317,12 +1794,18 @@ ENTRY(\sym)
TRACE_IRQS_OFF_DEBUG
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
@@ -24262,7 +24285,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro errorentry sym do_sym
-@@ -1275,7 +1758,7 @@ ENTRY(\sym)
+@@ -1340,7 +1823,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24271,7 +24294,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1306,7 +1789,7 @@ ENTRY(\sym)
+@@ -1371,7 +1854,7 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24280,7 +24303,7 @@ index 1e96c36..3ff710a 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1336,9 +1819,10 @@ gs_change:
+@@ -1401,9 +1884,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -24292,7 +24315,7 @@ index 1e96c36..3ff710a 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -24304,7 +24327,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -24313,7 +24336,7 @@ index 1e96c36..3ff710a 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -24322,7 +24345,7 @@ index 1e96c36..3ff710a 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit)
+@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -24358,7 +24381,7 @@ index 1e96c36..3ff710a 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1557,7 +2057,7 @@ paranoid_schedule:
+@@ -1622,7 +2122,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -24367,7 +24390,7 @@ index 1e96c36..3ff710a 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1584,12 +2084,23 @@ ENTRY(error_entry)
+@@ -1649,12 +2149,23 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -24392,7 +24415,7 @@ index 1e96c36..3ff710a 100644
ret
/*
-@@ -1616,7 +2127,7 @@ bstep_iret:
+@@ -1681,7 +2192,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -24401,7 +24424,7 @@ index 1e96c36..3ff710a 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1627,7 +2138,7 @@ ENTRY(error_exit)
+@@ -1692,7 +2203,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -24410,7 +24433,7 @@ index 1e96c36..3ff710a 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1636,7 +2147,7 @@ ENTRY(error_exit)
+@@ -1701,7 +2212,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -24419,7 +24442,7 @@ index 1e96c36..3ff710a 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1694,9 +2205,11 @@ ENTRY(nmi)
+@@ -1759,9 +2270,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -24432,7 +24455,7 @@ index 1e96c36..3ff710a 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1730,8 +2243,7 @@ nested_nmi:
+@@ -1795,8 +2308,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24442,7 +24465,7 @@ index 1e96c36..3ff710a 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1749,6 +2261,7 @@ nested_nmi_out:
+@@ -1814,6 +2326,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -24450,7 +24473,7 @@ index 1e96c36..3ff710a 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1845,13 +2358,13 @@ end_repeat_nmi:
+@@ -1910,13 +2423,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24466,7 +24489,7 @@ index 1e96c36..3ff710a 100644
DEFAULT_FRAME 0
/*
-@@ -1861,9 +2374,9 @@ end_repeat_nmi:
+@@ -1926,9 +2439,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24478,7 +24501,7 @@ index 1e96c36..3ff710a 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1872,31 +2385,36 @@ end_repeat_nmi:
+@@ -1937,31 +2450,36 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -24520,6 +24543,19 @@ index 1e96c36..3ff710a 100644
/*
* End of kprobes section
+diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
+index 94d857f..bf1f0bf 100644
+--- a/arch/x86/kernel/espfix_64.c
++++ b/arch/x86/kernel/espfix_64.c
+@@ -197,7 +197,7 @@ void init_espfix_ap(void)
+ set_pte(&pte_p[n*PTE_STRIDE], pte);
+
+ /* Job is done for this CPU and any CPU which shares this page */
+- ACCESS_ONCE(espfix_pages[page]) = stack_page;
++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page;
+
+ unlock_done:
+ mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 1ffc32d..e52c745 100644
--- a/arch/x86/kernel/ftrace.c
@@ -26002,10 +26038,10 @@ index c2bedae..25e7ab60 100644
.name = "data",
.mode = S_IRUGO,
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index dcbbaa1..81ae763 100644
+index c37886d..d851d32 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
-@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
+@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
if (reload) {
#ifdef CONFIG_SMP
preempt_disable();
@@ -26021,7 +26057,7 @@ index dcbbaa1..81ae763 100644
#endif
}
if (oldsize) {
-@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
+@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
return err;
for (i = 0; i < old->size; i++)
@@ -26030,7 +26066,7 @@ index dcbbaa1..81ae763 100644
return 0;
}
-@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
+@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
retval = copy_ldt(&mm->context, &old_mm->context);
mutex_unlock(&old_mm->context.lock);
}
@@ -26055,7 +26091,7 @@ index dcbbaa1..81ae763 100644
return retval;
}
-@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
@@ -26066,9 +26102,9 @@ index dcbbaa1..81ae763 100644
+ }
+#endif
+
- /*
- * On x86-64 we do not support 16-bit segments due to
- * IRET leaking the high bits of the kernel stack address.
+ if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) {
+ error = -EINVAL;
+ goto out_unlock;
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 1667b1d..16492c5 100644
--- a/arch/x86/kernel/machine_kexec_32.c
@@ -27459,7 +27495,7 @@ index 7c3a5a6..f0a8961 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index a32da80..041a4ff 100644
+index 395be6d..11665af 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused)
@@ -27484,7 +27520,7 @@ index a32da80..041a4ff 100644
/*
* Check TSC synchronization with the BP:
*/
-@@ -749,8 +752,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -756,8 +759,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
alternatives_enable_smp();
idle->thread.sp = (unsigned long) (((struct pt_regs *)
@@ -27495,7 +27531,7 @@ index a32da80..041a4ff 100644
#ifdef CONFIG_X86_32
/* Stack for startup_32 can be just as for start_secondary onwards */
-@@ -758,11 +762,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -765,11 +769,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
#else
clear_tsk_thread_flag(idle, TIF_FORK);
initial_gs = per_cpu_offset(cpu);
@@ -27512,7 +27548,7 @@ index a32da80..041a4ff 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -911,6 +917,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -918,6 +924,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
@@ -35813,7 +35849,7 @@ index fd14be1..e3c79c0 100644
#
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
-index f1d633a..a75c5f7 100644
+index d6bfb87..876ee18 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -25,6 +25,7 @@
@@ -35824,7 +35860,7 @@ index f1d633a..a75c5f7 100644
enum {
VDSO_DISABLED = 0,
-@@ -227,7 +228,7 @@ static inline void map_compat_vdso(int map)
+@@ -226,7 +227,7 @@ static inline void map_compat_vdso(int map)
void enable_sep_cpu(void)
{
int cpu = get_cpu();
@@ -35833,7 +35869,7 @@ index f1d633a..a75c5f7 100644
if (!boot_cpu_has(X86_FEATURE_SEP)) {
put_cpu();
-@@ -250,7 +251,7 @@ static int __init gate_vma_init(void)
+@@ -249,7 +250,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -35842,7 +35878,7 @@ index f1d633a..a75c5f7 100644
return 0;
}
-@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -330,14 +331,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
if (compat)
addr = VDSO_HIGH_BASE;
else {
@@ -35859,7 +35895,7 @@ index f1d633a..a75c5f7 100644
if (compat_uses_vma || !compat) {
/*
-@@ -354,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -353,11 +354,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
}
current_thread_info()->sysenter_return =
@@ -35873,7 +35909,7 @@ index f1d633a..a75c5f7 100644
up_write(&mm->mmap_sem);
-@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init);
+@@ -404,8 +405,14 @@ __initcall(ia32_binfmt_init);
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -35889,7 +35925,7 @@ index f1d633a..a75c5f7 100644
return NULL;
}
-@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
+@@ -415,7 +422,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
* Check to see if the corresponding task was created in compat vdso
* mode.
*/
@@ -36582,26 +36618,6 @@ index 2648797..92ed21f 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
-diff --git a/crypto/af_alg.c b/crypto/af_alg.c
-index 966f893..6a3ad80 100644
---- a/crypto/af_alg.c
-+++ b/crypto/af_alg.c
-@@ -21,6 +21,7 @@
- #include <linux/module.h>
- #include <linux/net.h>
- #include <linux/rwsem.h>
-+#include <linux/security.h>
-
- struct alg_type_list {
- const struct af_alg_type *type;
-@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
-
- sock_init_data(newsock, sk2);
- sock_graft(sk2, newsock);
-+ security_sk_clone(sk, sk2);
-
- err = type->accept(ask->private, sk2);
- if (err) {
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -39529,10 +39545,10 @@ index 18448a7..d5fad43 100644
/* Force all MSRs to the same value */
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index 199b52b..e3503bb 100644
+index 153f4b9..d47054a 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
-@@ -1970,7 +1970,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
+@@ -1972,7 +1972,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
#endif
mutex_lock(&cpufreq_governor_mutex);
@@ -39541,7 +39557,7 @@ index 199b52b..e3503bb 100644
mutex_unlock(&cpufreq_governor_mutex);
return;
}
-@@ -2200,7 +2200,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -2202,7 +2202,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -39550,7 +39566,7 @@ index 199b52b..e3503bb 100644
.notifier_call = cpufreq_cpu_callback,
};
-@@ -2240,13 +2240,17 @@ int cpufreq_boost_trigger_state(int state)
+@@ -2242,13 +2242,17 @@ int cpufreq_boost_trigger_state(int state)
return 0;
write_lock_irqsave(&cpufreq_driver_lock, flags);
@@ -39570,7 +39586,7 @@ index 199b52b..e3503bb 100644
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
pr_err("%s: Cannot %s BOOST\n", __func__,
-@@ -2300,8 +2304,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2302,8 +2306,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
pr_debug("trying to register driver %s\n", driver_data->name);
@@ -39584,7 +39600,7 @@ index 199b52b..e3503bb 100644
write_lock_irqsave(&cpufreq_driver_lock, flags);
if (cpufreq_driver) {
-@@ -2316,8 +2323,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2318,8 +2325,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
* Check if driver provides function to enable boost -
* if not, use cpufreq_boost_set_sw as default
*/
@@ -50470,25 +50486,10 @@ index d8afec8..3ec7152 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index 62ec84b..384f684 100644
+index 64e487a..384f684 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
-@@ -831,6 +831,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
- scsi_next_command(cmd);
- return;
- }
-+ } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) {
-+ /*
-+ * Certain non BLOCK_PC requests are commands that don't
-+ * actually transfer anything (FLUSH), so cannot use
-+ * good_bytes != blk_rq_bytes(req) as the signal for an error.
-+ * This sets the error explicitly for the problem case.
-+ */
-+ error = __scsi_error_from_host_byte(cmd, result);
- }
-
- /* no bidi support for !REQ_TYPE_BLOCK_PC yet */
-@@ -1474,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1482,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
@@ -50497,7 +50498,7 @@ index 62ec84b..384f684 100644
/*
* SCSI request completion path will do scsi_device_unbusy(),
-@@ -1500,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1508,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq)
INIT_LIST_HEAD(&cmd->eh_entry);
@@ -63137,6 +63138,19 @@ index 15f9d98..082c625 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
+index 8f854dd..d0fec26 100644
+--- a/fs/nfs/nfs3acl.c
++++ b/fs/nfs/nfs3acl.c
+@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data,
+ char *p = data + *result;
+
+ acl = get_acl(inode, type);
+- if (!acl)
++ if (IS_ERR_OR_NULL(acl))
+ return 0;
+
+ posix_acl_release(acl);
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index f23a6ca..730ddcc 100644
--- a/fs/nfsd/nfs4proc.c
@@ -80441,10 +80455,10 @@ index 0000000..b02ba9d
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..5c4bdee
+index 0000000..b87dd26
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,249 @@
+@@ -0,0 +1,252 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -80456,6 +80470,9 @@ index 0000000..5c4bdee
+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
+#endif
++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
++#endif
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
+#endif
@@ -82371,7 +82388,7 @@ index 1841b58..fbeebf8 100644
#define preempt_set_need_resched() \
do { \
diff --git a/include/linux/printk.h b/include/linux/printk.h
-index fa47e27..c08e034 100644
+index cbf094f..86007b7 100644
--- a/include/linux/printk.h
+++ b/include/linux/printk.h
@@ -114,6 +114,8 @@ static inline __printf(1, 2) __cold
@@ -85877,7 +85894,7 @@ index 93b6139..8d628b7 100644
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index 9c7fd4c..650b4f1 100644
+index 58c132d..ac3f3b0 100644
--- a/init/main.c
+++ b/init/main.c
@@ -97,6 +97,8 @@ extern void radix_tree_init(void);
@@ -85965,7 +85982,7 @@ index 9c7fd4c..650b4f1 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -85996,7 +86013,7 @@ index 9c7fd4c..650b4f1 100644
return ret;
}
-@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename)
+@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename)
{
argv_init[0] = init_filename;
return do_execve(getname_kernel(init_filename),
@@ -86007,7 +86024,7 @@ index 9c7fd4c..650b4f1 100644
}
static int try_to_run_init_process(const char *init_filename)
-@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename)
+@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename)
return ret;
}
@@ -86018,7 +86035,7 @@ index 9c7fd4c..650b4f1 100644
static noinline void __init kernel_init_freeable(void);
static int __ref kernel_init(void *unused)
-@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused)
+@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused)
ramdisk_execute_command, ret);
}
@@ -86030,7 +86047,7 @@ index 9c7fd4c..650b4f1 100644
/*
* We try each of these until one succeeds.
*
-@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void)
+@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
@@ -86039,7 +86056,7 @@ index 9c7fd4c..650b4f1 100644
pr_err("Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -89701,7 +89718,7 @@ index 14f9a8d..98ee610 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index 4dae9cb..039ffbb 100644
+index 8c086e6..a52bc51 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -90706,7 +90723,7 @@ index a63f4dc..349bbb0 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 0aae0fc..2ba2b81 100644
+index 515e212..268a828 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
@@ -93559,23 +93576,6 @@ index 539eeb9..e24a987 100644
error = 0;
if (end == start)
return error;
-diff --git a/mm/memcontrol.c b/mm/memcontrol.c
-index 5b6b003..9b35da2 100644
---- a/mm/memcontrol.c
-+++ b/mm/memcontrol.c
-@@ -5670,8 +5670,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
- {
- struct mem_cgroup_eventfd_list *ev;
-
-+ spin_lock(&memcg_oom_lock);
-+
- list_for_each_entry(ev, &memcg->oom_notify, list)
- eventfd_signal(ev->eventfd, 1);
-+
-+ spin_unlock(&memcg_oom_lock);
- return 0;
- }
-
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 33365e9..2234ef9 100644
--- a/mm/memory-failure.c
@@ -96220,7 +96220,7 @@ index 8740213..f87e25b 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index d013dba..d5ae30d 100644
+index 9f45f87..749bfd8 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
@@ -96233,7 +96233,7 @@ index d013dba..d5ae30d 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 7e7f947..254d009 100644
+index 62e400d..2072e4e 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -98241,7 +98241,7 @@ index 876fbe8..8bbea9f 100644
#undef __HANDLE_ITEM
}
diff --git a/net/atm/lec.c b/net/atm/lec.c
-index 5a2f602..9396143 100644
+index 5a2f602..93961433 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -111,9 +111,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry)
@@ -102123,28 +102123,6 @@ index 7932697..a13d158 100644
} while (!res);
return res;
}
-diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
-index ec66063..1e05bbd 100644
---- a/net/l2tp/l2tp_ppp.c
-+++ b/net/l2tp/l2tp_ppp.c
-@@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
- int err;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (optlen < sizeof(int))
- return -EINVAL;
-@@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
- struct pppol2tp_session *ps;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (get_user(len, optlen))
- return -EFAULT;
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index 1a3c7e0..80f8b0c 100644
--- a/net/llc/llc_proc.c
diff --git a/main/linux-virt-grsec/kernelconfig.x86 b/main/linux-virt-grsec/kernelconfig.x86
index 6239961733..e70baf4dc7 100644
--- a/main/linux-virt-grsec/kernelconfig.x86
+++ b/main/linux-virt-grsec/kernelconfig.x86
@@ -387,6 +387,7 @@ CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
# CONFIG_X86_MCE is not set
CONFIG_VM86=y
+# CONFIG_X86_16BIT is not set
# CONFIG_TOSHIBA is not set
# CONFIG_I8K is not set
# CONFIG_X86_REBOOTFIXUPS is not set
diff --git a/main/linux-virt-grsec/kernelconfig.x86_64 b/main/linux-virt-grsec/kernelconfig.x86_64
index 3a3a94a1f7..20a7e92789 100644
--- a/main/linux-virt-grsec/kernelconfig.x86_64
+++ b/main/linux-virt-grsec/kernelconfig.x86_64
@@ -377,6 +377,7 @@ CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
# CONFIG_X86_MCE is not set
+# CONFIG_X86_16BIT is not set
# CONFIG_I8K is not set
CONFIG_MICROCODE=m
CONFIG_MICROCODE_INTEL=y