diff options
-rw-r--r-- | main/linux-virt-grsec/APKBUILD | 16 | ||||
-rw-r--r-- | main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-1.patch (renamed from main/linux-virt-grsec/grsecurity-2.9.1-3.9.9-201307050017.patch) | 1361 |
2 files changed, 862 insertions, 515 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD index c564752831..a94f25ba3e 100644 --- a/main/linux-virt-grsec/APKBUILD +++ b/main/linux-virt-grsec/APKBUILD @@ -3,7 +3,7 @@ _flavor=grsec pkgname=linux-virt-${_flavor} -pkgver=3.9.9 +pkgver=3.9.11 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9.1-3.9.9-201307050017.patch + grsecurity-2.9.1-3.9.11-unofficial-1.patch 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -148,8 +148,8 @@ dev() { } md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz -41f350c2fd6aa14414bf39f173a8e6a3 patch-3.9.9.xz -f3b3db991845d216a1f60921f5fd650e grsecurity-2.9.1-3.9.9-201307050017.patch +552146435b7ecc414bf8e3cd8bb6ac4a patch-3.9.11.xz +0888981bb55e0d27b6ed39edcc7ee45a grsecurity-2.9.1-3.9.11-unofficial-1.patch a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -159,8 +159,8 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p 35bdbb795392104434fdb16e226606bc kernelconfig.x86 3fa1281098783b061581f6c1122edd77 kernelconfig.x86_64" sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz -4ae653db69190a10b842f05c19499a528ae29898e4f2dfbdb420ef5d26112f3b patch-3.9.9.xz -d864bb3e745101f5a624a2b716a03ec1b5dc31e4b3ddec6c9741426bcbbd1e53 grsecurity-2.9.1-3.9.9-201307050017.patch +29be11d16ef152ae1858d567cbf45f0da0193adf364826f5e3fa8b2fcd839682 patch-3.9.11.xz +fa2223e87b38e225568a36ee2eb00976f74bc109e2ccc21c93abed676f58e3ad grsecurity-2.9.1-3.9.11-unofficial-1.patch 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -170,8 +170,8 @@ fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use- ca83354dfd4d2938bad03bd05aa25d6ab7228b289eabd43f10dab5c571f0ec07 kernelconfig.x86 8e64c024e2f8d7d67198ad8c331cd3ef8df40015c85a0b5ef4c2487274404abb kernelconfig.x86_64" sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz -51fa4e20b23c9900078e90ace0c4cc38e419e5028a88b63443fafa66c07ad28aab77cb0f56ceb9c8416bfde848ceba64e95f608f0f64ab4634386a161cbc7994 patch-3.9.9.xz -a16dde6d53649aecfa9eb47b969dbc5d147909c48191cc44a666c8f946181688344ac7512330e08fc47c48073010dd4154aac7b572d6301acaf39f5ad6e1b0df grsecurity-2.9.1-3.9.9-201307050017.patch +c3a0be102d816ae06d7dfdd2738915fc2114cb9bb488b03b34e4f52f2367dcba4d8cb8ba203687bf694c2dcad36d70bb9d3121ac739a28e2c7fb2c44f08a9c71 patch-3.9.11.xz +59e34764fca125d097d1826042dce0e6fb0bf53eb97935b591e57674fb755491d78b1180a6db6253a869ffe56f7ceddf2e80f24812319e2b2f623d3e100aaa00 grsecurity-2.9.1-3.9.11-unofficial-1.patch 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch diff --git a/main/linux-virt-grsec/grsecurity-2.9.1-3.9.9-201307050017.patch b/main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-1.patch index 1ae3c82aef..932805c959 100644 --- a/main/linux-virt-grsec/grsecurity-2.9.1-3.9.9-201307050017.patch +++ b/main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-1.patch @@ -263,7 +263,7 @@ index 8ccbf27..afffeb4 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 9591325..1457ef3 100644 +index ad368cd..96b21c3 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -1212,13 +1212,11 @@ index c79f61f..9ac0642 100644 static inline u64 atomic64_add_return(u64 i, atomic64_t *v) { -- u64 result; -- unsigned long tmp; + u64 result, tmp; - - smp_mb(); - - __asm__ __volatile__("@ atomic64_add_return\n" ++ ++ smp_mb(); ++ ++ __asm__ __volatile__("@ atomic64_add_return\n" +"1: ldrexd %1, %H1, [%3]\n" +" adds %0, %1, %4\n" +" adcs %H0, %H1, %H4\n" @@ -1251,19 +1249,21 @@ index c79f61f..9ac0642 100644 + +static inline u64 atomic64_add_return_unchecked(u64 i, atomic64_unchecked_t *v) +{ -+ u64 result; -+ unsigned long tmp; -+ -+ smp_mb(); -+ + u64 result; + unsigned long tmp; + + smp_mb(); + +- __asm__ __volatile__("@ atomic64_add_return\n" + __asm__ __volatile__("@ atomic64_add_return_unchecked\n" "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" " adc %H0, %H0, %H4\n" -@@ -318,6 +607,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -318,23 +607,34 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %0, %0, %4\n" +-" sbc %H0, %H0, %H4\n" +" sbcs %H0, %H0, %H4\n" + +#ifdef CONFIG_PAX_REFCOUNT @@ -1272,45 +1272,46 @@ index c79f61f..9ac0642 100644 +"3:\n" +#endif + -+" strexd %1, %0, %H0, [%3]\n" -+" teq %1, #0\n" -+" bne 1b" + " strexd %1, %0, %H0, [%3]\n" + " teq %1, #0\n" + " bne 1b" + +#ifdef CONFIG_PAX_REFCOUNT +"\n4:\n" + _ASM_EXTABLE(2b, 4b) +#endif + -+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) -+ : "r" (&v->counter), "r" (i) -+ : "cc"); -+} -+ + : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) + : "r" (&v->counter), "r" (i) + : "cc"); + } + +-static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) +static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v) -+{ -+ u64 result; -+ unsigned long tmp; -+ + { + u64 result; + unsigned long tmp; + +- smp_mb(); +- +- __asm__ __volatile__("@ atomic64_sub_return\n" + __asm__ __volatile__("@ atomic64_sub_unchecked\n" -+"1: ldrexd %0, %H0, [%3]\n" -+" subs %0, %0, %4\n" + "1: ldrexd %0, %H0, [%3]\n" + " subs %0, %0, %4\n" " sbc %H0, %H0, %H4\n" - " strexd %1, %0, %H0, [%3]\n" - " teq %1, #0\n" -@@ -329,18 +648,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) - - static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) - { -- u64 result; -- unsigned long tmp; +@@ -344,6 +644,39 @@ static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) + : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) + : "r" (&v->counter), "r" (i) + : "cc"); ++} ++ ++static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) ++{ + u64 result, tmp; - - smp_mb(); - - __asm__ __volatile__("@ atomic64_sub_return\n" --"1: ldrexd %0, %H0, [%3]\n" --" subs %0, %0, %4\n" --" sbc %H0, %H0, %H4\n" ++ ++ smp_mb(); ++ ++ __asm__ __volatile__("@ atomic64_sub_return\n" +"1: ldrexd %1, %H1, [%3]\n" +" subs %0, %1, %4\n" +" sbcs %H0, %H1, %H4\n" @@ -1323,18 +1324,21 @@ index c79f61f..9ac0642 100644 +"3:\n" +#endif + - " strexd %1, %0, %H0, [%3]\n" - " teq %1, #0\n" - " bne 1b" ++" strexd %1, %0, %H0, [%3]\n" ++" teq %1, #0\n" ++" bne 1b" + +#ifdef CONFIG_PAX_REFCOUNT +"\n4:\n" + _ASM_EXTABLE(2b, 4b) +#endif + - : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) - : "r" (&v->counter), "r" (i) - : "cc"); ++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) ++ : "r" (&v->counter), "r" (i) ++ : "cc"); + + smp_mb(); + @@ -374,6 +707,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) return oldval; } @@ -1539,15 +1543,15 @@ index 6ddbe44..b5e38b1 100644 +#define DOMAIN_KERNELCLIENT 1 #define DOMAIN_MANAGER 3 +#define DOMAIN_VECTORS DOMAIN_USER - #else ++#else + +#ifdef CONFIG_PAX_KERNEXEC - #define DOMAIN_MANAGER 1 -+#define DOMAIN_KERNEXEC 3 -+#else +#define DOMAIN_MANAGER 1 -+#endif -+ ++#define DOMAIN_KERNEXEC 3 + #else + #define DOMAIN_MANAGER 1 + #endif + +#ifdef CONFIG_PAX_MEMORY_UDEREF +#define DOMAIN_USERCLIENT 0 +#define DOMAIN_UDEREF 1 @@ -1558,8 +1562,8 @@ index 6ddbe44..b5e38b1 100644 +#endif +#define DOMAIN_KERNELCLIENT 1 + - #endif - ++#endif ++ #define domain_val(dom,type) ((type) << (2*(dom))) #ifndef __ASSEMBLY__ @@ -2967,15 +2971,16 @@ index 296786b..a8d4dd5 100644 - */ - flush_icache_range((unsigned long)rc, - (unsigned long)(rc + 2)); +- +- retcode = ((unsigned long)rc) + thumb; +- } + /* + * Ensure that the instruction cache sees + * the return code written onto the stack. + */ + flush_icache_range((unsigned long)rc, + (unsigned long)(rc + 2)); - -- retcode = ((unsigned long)rc) + thumb; -- } ++ + retcode = ((unsigned long)rc) + thumb; } @@ -3750,7 +3755,7 @@ index ad722f1..763fdd3 100644 #ifdef CONFIG_HAVE_TCM extern char __tcm_start, __tcm_end; +#endif - ++ +#ifdef CONFIG_PAX_KERNEXEC + unsigned long addr; + pgd_t *pgd; @@ -3787,7 +3792,7 @@ index ad722f1..763fdd3 100644 + } + } +#endif -+ + +#ifdef CONFIG_HAVE_TCM poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start); totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)), @@ -4197,12 +4202,12 @@ index a84ff76..f221c1d 100644 struct map_desc map; unsigned long addr; - void *vectors; - +- - /* - * Allocate the vector page early. - */ - vectors = early_alloc(PAGE_SIZE); -- + - early_trap_init(vectors); + early_trap_init(&vectors); @@ -8206,13 +8211,13 @@ index e562d3c..191f176 100644 { - unsigned long ret = ___copy_to_user(to, from, size); + unsigned long ret; - ++ + if ((long)size < 0 || size > INT_MAX) + return size; + + if (!__builtin_constant_p(size)) + check_object_size(from, size, true); -+ + + ret = ___copy_to_user(to, from, size); if (unlikely(ret)) ret = copy_to_user_fixup(to, from, size); @@ -12389,6 +12394,11 @@ index 722aa3b..3a0bb27 100644 -#define atomic_clear_mask(mask, addr) \ - asm volatile(LOCK_PREFIX "andl %0,%1" \ - : : "r" (~(mask)), "m" (*(addr)) : "memory") +- +-#define atomic_set_mask(mask, addr) \ +- asm volatile(LOCK_PREFIX "orl %0,%1" \ +- : : "r" ((unsigned)(mask)), "m" (*(addr)) \ +- : "memory") +static inline void atomic_clear_mask(unsigned int mask, atomic_t *v) +{ + asm volatile(LOCK_PREFIX "andl %1,%0" @@ -12396,11 +12406,7 @@ index 722aa3b..3a0bb27 100644 + : "r" (~(mask)) + : "memory"); +} - --#define atomic_set_mask(mask, addr) \ -- asm volatile(LOCK_PREFIX "orl %0,%1" \ -- : : "r" ((unsigned)(mask)), "m" (*(addr)) \ -- : "memory") ++ +static inline void atomic_clear_mask_unchecked(unsigned int mask, atomic_unchecked_t *v) +{ + asm volatile(LOCK_PREFIX "andl %1,%0" @@ -14033,9 +14039,9 @@ index cdbf367..adb37ac 100644 +#endif + } -+#endif - } --#endif +- } + #endif ++ } } #define activate_mm(prev, next) \ @@ -15438,15 +15444,7 @@ index 70bbe39..4ae2bd4 100644 - void *data, - unsigned long *end, - int *graph); -+typedef unsigned long walk_stack_t(struct task_struct *task, -+ void *stack_start, -+ unsigned long *stack, -+ unsigned long bp, -+ const struct stacktrace_ops *ops, -+ void *data, -+ unsigned long *end, -+ int *graph); - +- -extern unsigned long -print_context_stack(struct thread_info *tinfo, - unsigned long *stack, unsigned long bp, @@ -15458,6 +15456,15 @@ index 70bbe39..4ae2bd4 100644 - unsigned long *stack, unsigned long bp, - const struct stacktrace_ops *ops, void *data, - unsigned long *end, int *graph); ++typedef unsigned long walk_stack_t(struct task_struct *task, ++ void *stack_start, ++ unsigned long *stack, ++ unsigned long bp, ++ const struct stacktrace_ops *ops, ++ void *data, ++ unsigned long *end, ++ int *graph); ++ +extern walk_stack_t print_context_stack; +extern walk_stack_t print_context_stack_bp; @@ -15583,43 +15590,16 @@ index 2cd056e..0224df8 100644 /* Only used for 64 bit */ #define _TIF_DO_NOTIFY_MASK \ -@@ -158,45 +154,40 @@ struct thread_info { +@@ -158,6 +154,23 @@ struct thread_info { #define PREEMPT_ACTIVE 0x10000000 --#ifdef CONFIG_X86_32 -- --#define STACK_WARN (THREAD_SIZE/8) --/* -- * macros/functions for gaining access to the thread information structure -- * -- * preempt_count needs to be 1 initially, until the scheduler is functional. -- */ --#ifndef __ASSEMBLY__ -- -- --/* how to get the current stack pointer from C */ --register unsigned long current_stack_pointer asm("esp") __used; -- --/* how to get the thread information struct from C */ --static inline struct thread_info *current_thread_info(void) --{ -- return (struct thread_info *) -- (current_stack_pointer & ~(THREAD_SIZE - 1)); --} -- --#else /* !__ASSEMBLY__ */ -- +#ifdef __ASSEMBLY__ - /* how to get the thread information struct from ASM */ - #define GET_THREAD_INFO(reg) \ -- movl $-THREAD_SIZE, reg; \ -- andl %esp, reg ++/* how to get the thread information struct from ASM */ ++#define GET_THREAD_INFO(reg) \ + mov PER_CPU_VAR(current_tinfo), reg - - /* use this one if reg already contains %esp */ --#define GET_THREAD_INFO_WITH_ESP(reg) \ -- andl $-THREAD_SIZE, reg ++ ++/* use this one if reg already contains %esp */ +#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg) +#else +/* how to get the thread information struct from C */ @@ -15631,19 +15611,35 @@ index 2cd056e..0224df8 100644 +} +#endif + -+#ifdef CONFIG_X86_32 -+ -+#define STACK_WARN (THREAD_SIZE/8) -+/* -+ * macros/functions for gaining access to the thread information structure -+ * -+ * preempt_count needs to be 1 initially, until the scheduler is functional. -+ */ -+#ifndef __ASSEMBLY__ -+ -+/* how to get the current stack pointer from C */ -+register unsigned long current_stack_pointer asm("esp") __used; + #ifdef CONFIG_X86_32 + + #define STACK_WARN (THREAD_SIZE/8) +@@ -168,35 +181,13 @@ struct thread_info { + */ + #ifndef __ASSEMBLY__ +- + /* how to get the current stack pointer from C */ + register unsigned long current_stack_pointer asm("esp") __used; + +-/* how to get the thread information struct from C */ +-static inline struct thread_info *current_thread_info(void) +-{ +- return (struct thread_info *) +- (current_stack_pointer & ~(THREAD_SIZE - 1)); +-} +- +-#else /* !__ASSEMBLY__ */ +- +-/* how to get the thread information struct from ASM */ +-#define GET_THREAD_INFO(reg) \ +- movl $-THREAD_SIZE, reg; \ +- andl %esp, reg +- +-/* use this one if reg already contains %esp */ +-#define GET_THREAD_INFO_WITH_ESP(reg) \ +- andl $-THREAD_SIZE, reg +- #endif #else /* X86_32 */ @@ -16008,18 +16004,18 @@ index 7f760a9..04b1c65 100644 unsigned long n) { - return __copy_from_user_ll_nocache_nozero(to, from, n); +-} + if ((long)n < 0) + return n; -+ -+ return __copy_from_user_ll_nocache_nozero(to, from, n); - } -unsigned long __must_check copy_to_user(void __user *to, - const void *from, unsigned long n); -unsigned long __must_check _copy_from_user(void *to, - const void __user *from, - unsigned long n); -- ++ return __copy_from_user_ll_nocache_nozero(to, from, n); ++} + +extern void copy_to_user_overflow(void) +#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS + __compiletime_error("copy_to_user() buffer size is not provably correct") @@ -16059,13 +16055,14 @@ index 7f760a9..04b1c65 100644 - if (likely(sz == -1 || sz >= n)) - n = _copy_from_user(to, from, n); - else +- copy_from_user_overflow(); + if (unlikely(sz != (size_t)-1 && sz < n)) + copy_to_user_overflow(); + else if (access_ok(VERIFY_WRITE, to, n)) + n = __copy_to_user(to, from, n); + return n; +} -+ + +/** + * copy_from_user: - Copy a block of data from user space. + * @to: Destination address, in kernel space. @@ -16090,8 +16087,7 @@ index 7f760a9..04b1c65 100644 + check_object_size(to, n, false); + + if (unlikely(sz != (size_t)-1 && sz < n)) - copy_from_user_overflow(); -- ++ copy_from_user_overflow(); + else if (access_ok(VERIFY_READ, from, n)) + n = __copy_from_user(to, from, n); + else if ((long)n > 0) @@ -17129,16 +17125,16 @@ index 2861082..6d4718e 100644 + +#ifdef CONFIG_PAX_KERNEXEC + OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0); - #endif - ++#endif ++ +#ifdef CONFIG_PAX_MEMORY_UDEREF + OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3); + OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3); +#ifdef CONFIG_X86_64 + OFFSET(PV_MMU_set_pgd_batched, pv_mmu_ops, set_pgd_batched); +#endif -+#endif -+ + #endif + +#endif + + BLANK(); @@ -20678,10 +20674,10 @@ index 321d65e..ad8817d 100644 +#ifndef CONFIG_XEN + addq %rbp, level3_ident_pgt + (1*8)(%rip) +#endif ++ ++ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) - addq %rbp, level2_fixmap_pgt + (506*8)(%rip) -+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) -+ + addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) + addq %rbp, level3_kernel_pgt + ((L3_START_KERNEL+1)*8)(%rip) + @@ -20753,10 +20749,10 @@ index 321d65e..ad8817d 100644 + .section .rodata,"a",@progbits -#ifndef CONFIG_XEN - NEXT_PAGE(init_level4_pgt) +-NEXT_PAGE(init_level4_pgt) - .fill 512,8,0 -#else --NEXT_PAGE(init_level4_pgt) + NEXT_PAGE(init_level4_pgt) - .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE @@ -21933,10 +21929,10 @@ index 8bfb335..c1463c6 100644 ret = paravirt_patch_ident_32(insnbuf, len); - else if (opfunc == _paravirt_ident_64) + else if (opfunc == (void *)_paravirt_ident_64) - ret = paravirt_patch_ident_64(insnbuf, len); ++ ret = paravirt_patch_ident_64(insnbuf, len); +#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) + else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64) -+ ret = paravirt_patch_ident_64(insnbuf, len); + ret = paravirt_patch_ident_64(insnbuf, len); +#endif else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || @@ -24142,7 +24138,7 @@ index e1b1ce2..f7b4b43 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 0af1807..06912bb 100644 +index 0e2f2a4..4331db2 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1184,12 +1184,12 @@ static void vmcs_write64(unsigned long field, u64 value) @@ -24212,7 +24208,7 @@ index 0af1807..06912bb 100644 if (nested) nested_vmx_setup_ctls_msrs(); -@@ -3883,7 +3896,10 @@ static void vmx_set_constant_host_state(void) +@@ -3890,7 +3903,10 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ @@ -24223,7 +24219,7 @@ index 0af1807..06912bb 100644 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -3904,7 +3920,7 @@ static void vmx_set_constant_host_state(void) +@@ -3911,7 +3927,7 @@ static void vmx_set_constant_host_state(void) native_store_idt(&dt); vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ @@ -24232,7 +24228,7 @@ index 0af1807..06912bb 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6580,6 +6596,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6587,6 +6603,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -24245,7 +24241,7 @@ index 0af1807..06912bb 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -6632,6 +6654,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6639,6 +6661,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -24257,7 +24253,7 @@ index 0af1807..06912bb 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -6645,7 +6672,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6652,7 +6679,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -24266,7 +24262,7 @@ index 0af1807..06912bb 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -6654,8 +6681,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6661,8 +6688,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -27104,13 +27100,16 @@ index f0312d7..9c39d63 100644 - */ -unsigned long -copy_to_user(void __user *to, const void *from, unsigned long n) --{ ++void copy_from_user_overflow(void) + { - if (access_ok(VERIFY_WRITE, to, n)) - n = __copy_to_user(to, from, n); - return n; --} ++ WARN(1, "Buffer overflow detected!\n"); + } -EXPORT_SYMBOL(copy_to_user); -- ++EXPORT_SYMBOL(copy_from_user_overflow); + -/** - * copy_from_user: - Copy a block of data from user space. - * @to: Destination address, in kernel space. @@ -27129,30 +27128,23 @@ index f0312d7..9c39d63 100644 - */ -unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) --{ ++void copy_to_user_overflow(void) + { - if (access_ok(VERIFY_READ, from, n)) - n = __copy_from_user(to, from, n); - else - memset(to, 0, n); - return n; --} --EXPORT_SYMBOL(_copy_from_user); -- - void copy_from_user_overflow(void) - { - WARN(1, "Buffer overflow detected!\n"); - } - EXPORT_SYMBOL(copy_from_user_overflow); -+ -+void copy_to_user_overflow(void) -+{ + WARN(1, "Buffer overflow detected!\n"); -+} + } +-EXPORT_SYMBOL(_copy_from_user); +EXPORT_SYMBOL(copy_to_user_overflow); -+ + +-void copy_from_user_overflow(void) +#ifdef CONFIG_PAX_MEMORY_UDEREF +void __set_fs(mm_segment_t x) -+{ + { +- WARN(1, "Buffer overflow detected!\n"); + switch (x.seg) { + case 0: + loadsegment(gs, 0); @@ -27167,7 +27159,8 @@ index f0312d7..9c39d63 100644 + BUG(); + } + return; -+} + } +-EXPORT_SYMBOL(copy_from_user_overflow); +EXPORT_SYMBOL(__set_fs); + +void set_fs(mm_segment_t x) @@ -27643,7 +27636,7 @@ index 0e88336..2bb9777 100644 return false; return true; -@@ -1008,18 +1203,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1008,19 +1203,34 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -27654,11 +27647,7 @@ index 0e88336..2bb9777 100644 unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | (write ? FAULT_FLAG_WRITE : 0); -- tsk = current; -- mm = tsk->mm; -- - /* Get the faulting address: */ -- address = read_cr2(); ++ /* Get the faulting address: */ + unsigned long address = read_cr2(); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -27677,11 +27666,15 @@ index 0e88336..2bb9777 100644 + } +#endif + -+ tsk = current; -+ mm = tsk->mm; + tsk = current; + mm = tsk->mm; +- /* Get the faulting address: */ +- address = read_cr2(); +- /* * Detect and handle instructions that would cause a page fault for + * both a tracked kernel page and a userspace page. @@ -1080,7 +1290,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: @@ -28222,10 +28215,10 @@ index 0c13708..ca05f23 100644 +#ifdef CONFIG_GRKERNSEC_KMEM + /* allow BDA */ + if (!pagenr) - return 1; ++ return 1; + /* allow EBDA */ + if (pagenr >= ebda_start && pagenr < ebda_end) -+ return 1; + return 1; + /* if tboot is in use, allow access to its hardcoded serial log range */ + if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT))) + return 1; @@ -28767,7 +28760,7 @@ index 474e28f..f016b6e 100644 if (vma == &gate_vma) return "[vsyscall]"; diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c -index 7b179b4..6bd17777 100644 +index 7b179b4..6bd1777 100644 --- a/arch/x86/mm/iomap_32.c +++ b/arch/x86/mm/iomap_32.c @@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot) @@ -29223,7 +29216,7 @@ index 17fda6a..489c74a 100644 +void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) +{ + unsigned int count = USER_PGD_PTRS; - ++ + while (count--) + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); +} @@ -29236,7 +29229,7 @@ index 17fda6a..489c74a 100644 + + while (count--) { + pgd_t pgd; -+ + +#ifdef CONFIG_X86_64 + pgd = __pgd(pgd_val(*src++) | _PAGE_USER); +#else @@ -31654,7 +31647,7 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c -index 58916af..eb9dbcf6 100644 +index 58916af..eb9dbcf 100644 --- a/block/blk-iopoll.c +++ b/block/blk-iopoll.c @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll) @@ -31755,7 +31748,7 @@ index 7c668c8..db3521c 100644 err = -EFAULT; goto out; diff --git a/block/genhd.c b/block/genhd.c -index 3c001fb..d15a9e8 100644 +index 5098a64..d15a9e8 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -467,21 +467,24 @@ static char *bdevt_str(dev_t devt, char *buf) @@ -31786,15 +31779,6 @@ index 3c001fb..d15a9e8 100644 } EXPORT_SYMBOL(blk_unregister_region); -@@ -512,7 +515,7 @@ static void register_disk(struct gendisk *disk) - - ddev->parent = disk->driverfs_dev; - -- dev_set_name(ddev, disk->disk_name); -+ dev_set_name(ddev, "%s", disk->disk_name); - - /* delay uevents, until we scanned partition table */ - dev_set_uevent_suppress(ddev, 1); diff --git a/block/partitions/efi.c b/block/partitions/efi.c index ff5804e..a88acad 100644 --- a/block/partitions/efi.c @@ -31803,20 +31787,18 @@ index ff5804e..a88acad 100644 if (!gpt) return NULL; -+ if (!le32_to_cpu(gpt->num_partition_entries)) -+ return NULL; -+ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL); -+ if (!pte) -+ return NULL; -+ - count = le32_to_cpu(gpt->num_partition_entries) * - le32_to_cpu(gpt->sizeof_partition_entry); +- count = le32_to_cpu(gpt->num_partition_entries) * +- le32_to_cpu(gpt->sizeof_partition_entry); - if (!count) -- return NULL; ++ if (!le32_to_cpu(gpt->num_partition_entries)) + return NULL; - pte = kzalloc(count, GFP_KERNEL); -- if (!pte) -- return NULL; -- ++ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL); + if (!pte) + return NULL; + ++ count = le32_to_cpu(gpt->num_partition_entries) * ++ le32_to_cpu(gpt->sizeof_partition_entry); if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), (u8 *) pte, count) < count) { @@ -31875,19 +31857,6 @@ index 9a87daa..fb17486 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -diff --git a/crypto/algapi.c b/crypto/algapi.c -index 6149a6e..55ed50d 100644 ---- a/crypto/algapi.c -+++ b/crypto/algapi.c -@@ -495,7 +495,7 @@ static struct crypto_template *__crypto_lookup_template(const char *name) - - struct crypto_template *crypto_lookup_template(const char *name) - { -- return try_then_request_module(__crypto_lookup_template(name), name); -+ return try_then_request_module(__crypto_lookup_template(name), "%s", name); - } - EXPORT_SYMBOL_GPL(crypto_lookup_template); - diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -32092,7 +32061,7 @@ index 41c0504..f8c0836 100644 static void delete_gpe_attr_array(void) { diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index 34c8216..f56c828 100644 +index 09f6047..3b3dab4 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -1230,7 +1230,7 @@ int ahci_kick_engine(struct ata_port *ap) @@ -33785,19 +33754,6 @@ index dfe7583..83768bb 100644 set_fs(old_fs); if (likely(bw == len)) return 0; -diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c -index 7fecc78..84d217c 100644 ---- a/drivers/block/nbd.c -+++ b/drivers/block/nbd.c -@@ -714,7 +714,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd, - else - blk_queue_flush(nbd->disk->queue, 0); - -- thread = kthread_create(nbd_thread, nbd, nbd->disk->disk_name); -+ thread = kthread_create(nbd_thread, nbd, "%s", nbd->disk->disk_name); - if (IS_ERR(thread)) { - mutex_lock(&nbd->tx_lock); - return PTR_ERR(thread); diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c index 2e7de7a..ed86dc0 100644 --- a/drivers/block/pktcdvd.c @@ -33812,7 +33768,7 @@ index 2e7de7a..ed86dc0 100644 static DEFINE_MUTEX(pktcdvd_mutex); static struct pktcdvd_device *pkt_devs[MAX_WRITERS]; diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c -index d620b44..d7538c2 100644 +index 8a3aff7..d7538c2 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi) @@ -33854,15 +33810,6 @@ index d620b44..d7538c2 100644 if (cgc.buffer) break; -@@ -2882,7 +2883,7 @@ static noinline int mmc_ioctl_cdrom_read_data(struct cdrom_device_info *cdi, - if (lba < 0) - return -EINVAL; - -- cgc->buffer = kmalloc(blocksize, GFP_KERNEL); -+ cgc->buffer = kzalloc(blocksize, GFP_KERNEL); - if (cgc->buffer == NULL) - return -ENOMEM; - @@ -3429,7 +3430,7 @@ static int cdrom_print_info(const char *header, int val, char *info, struct cdrom_device_info *cdi; int ret; @@ -33980,7 +33927,7 @@ index 86fe45c..c0ea948 100644 } diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index 053201b0..8335cce 100644 +index 053201b..8335cce 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -420,7 +420,7 @@ struct ipmi_smi { @@ -34202,7 +34149,7 @@ index 2c644af..4b7aede 100644 return tty_init(); diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c -index c689697..04e6d6a2 100644 +index c689697..04e6d6a 100644 --- a/drivers/char/mwave/tp3780i.c +++ b/drivers/char/mwave/tp3780i.c @@ -479,6 +479,7 @@ int tp3780I_QueryAbilities(THINKPAD_BD_DATA * pBDData, MW_ABILITIES * pAbilities @@ -36577,7 +36524,7 @@ index 12f2f9e..679603c 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index bf421e0..ce2c897 100644 +index 4004e54..c2de226 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -668,10 +668,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) @@ -39592,6 +39539,31 @@ index 5c3ce24..4915ccb 100644 - atomic_long_t flush_tlb_gru; - atomic_long_t flush_tlb_gru_tgh; - atomic_long_t flush_tlb_gru_zero_asid; +- +- atomic_long_t copy_gpa; +- atomic_long_t read_gpa; +- +- atomic_long_t mesq_receive; +- atomic_long_t mesq_receive_none; +- atomic_long_t mesq_send; +- atomic_long_t mesq_send_failed; +- atomic_long_t mesq_noop; +- atomic_long_t mesq_send_unexpected_error; +- atomic_long_t mesq_send_lb_overflow; +- atomic_long_t mesq_send_qlimit_reached; +- atomic_long_t mesq_send_amo_nacked; +- atomic_long_t mesq_send_put_nacked; +- atomic_long_t mesq_page_overflow; +- atomic_long_t mesq_qf_locked; +- atomic_long_t mesq_qf_noop_not_full; +- atomic_long_t mesq_qf_switch_head_failed; +- atomic_long_t mesq_qf_unexpected_error; +- atomic_long_t mesq_noop_unexpected_error; +- atomic_long_t mesq_noop_lb_overflow; +- atomic_long_t mesq_noop_qlimit_reached; +- atomic_long_t mesq_noop_amo_nacked; +- atomic_long_t mesq_noop_put_nacked; +- atomic_long_t mesq_noop_page_overflow; + atomic_long_unchecked_t vdata_alloc; + atomic_long_unchecked_t vdata_free; + atomic_long_unchecked_t gts_alloc; @@ -39643,33 +39615,10 @@ index 5c3ce24..4915ccb 100644 + atomic_long_unchecked_t flush_tlb_gru; + atomic_long_unchecked_t flush_tlb_gru_tgh; + atomic_long_unchecked_t flush_tlb_gru_zero_asid; - -- atomic_long_t copy_gpa; -- atomic_long_t read_gpa; ++ + atomic_long_unchecked_t copy_gpa; + atomic_long_unchecked_t read_gpa; - -- atomic_long_t mesq_receive; -- atomic_long_t mesq_receive_none; -- atomic_long_t mesq_send; -- atomic_long_t mesq_send_failed; -- atomic_long_t mesq_noop; -- atomic_long_t mesq_send_unexpected_error; -- atomic_long_t mesq_send_lb_overflow; -- atomic_long_t mesq_send_qlimit_reached; -- atomic_long_t mesq_send_amo_nacked; -- atomic_long_t mesq_send_put_nacked; -- atomic_long_t mesq_page_overflow; -- atomic_long_t mesq_qf_locked; -- atomic_long_t mesq_qf_noop_not_full; -- atomic_long_t mesq_qf_switch_head_failed; -- atomic_long_t mesq_qf_unexpected_error; -- atomic_long_t mesq_noop_unexpected_error; -- atomic_long_t mesq_noop_lb_overflow; -- atomic_long_t mesq_noop_qlimit_reached; -- atomic_long_t mesq_noop_amo_nacked; -- atomic_long_t mesq_noop_put_nacked; -- atomic_long_t mesq_noop_page_overflow; ++ + atomic_long_unchecked_t mesq_receive; + atomic_long_unchecked_t mesq_receive_none; + atomic_long_unchecked_t mesq_send; @@ -39916,6 +39865,42 @@ index aee7671..3ca2651 100644 /* multicast configuration controlling object */ bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid, +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c +index edfa67a..d6c52ae 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c +@@ -960,6 +960,9 @@ static int bnx2x_set_dump(struct net_device *dev, struct ethtool_dump *val) + struct bnx2x *bp = netdev_priv(dev); + + /* Use the ethtool_dump "flag" field as the dump preset index */ ++ if (val->flag < 1 || val->flag > DUMP_MAX_PRESETS) ++ return -EINVAL; ++ + bp->dump_preset_idx = val->flag; + return 0; + } +@@ -986,8 +989,6 @@ static int bnx2x_get_dump_data(struct net_device *dev, + struct bnx2x *bp = netdev_priv(dev); + struct dump_header dump_hdr = {0}; + +- memset(p, 0, dump->len); +- + /* Disable parity attentions as long as following dump may + * cause false alarms by reading never written registers. We + * will re-enable parity attentions right after the dump. +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +index c50696b..cf96f52 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +@@ -11394,6 +11394,8 @@ static int bnx2x_init_bp(struct bnx2x *bp) + bp->min_msix_vec_cnt = 2; + BNX2X_DEV_INFO("bp->min_msix_vec_cnt %d", bp->min_msix_vec_cnt); + ++ bp->dump_preset_idx = 1; ++ + return rc; + } + diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c index 7306416..5fb7fb5 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c @@ -39980,6 +39965,20 @@ index 6e8bc9d..94d957d 100644 break; default: return -EINVAL; +diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +index 2b5e621..32187b8 100644 +--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c ++++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +@@ -3036,7 +3036,9 @@ static void t3_io_resume(struct pci_dev *pdev) + CH_ALERT(adapter, "adapter recovering, PEX ERR 0x%x\n", + t3_read_reg(adapter, A_PCIE_PEX_ERR)); + ++ rtnl_lock(); + t3_resume_ports(adapter); ++ rtnl_unlock(); + } + + static const struct pci_error_handlers t3_err_handler = { diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index 8cffcdf..aadf043 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -41479,7 +41478,7 @@ index d320df6..ca9a8f6 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 563771f..4e3c368 100644 +index 9c8b3bd..899c8fa 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -42936,7 +42935,7 @@ index f379c7f..e8fc69c 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 82910cc..7c350ad 100644 +index 0f0370f..7e076c4 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -2929,7 +2929,7 @@ static int sd_probe(struct device *dev) @@ -44914,6 +44913,56 @@ index 6ef94bc..1b41265 100644 } /* +diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c +index dfff647..3a19054 100644 +--- a/drivers/vhost/net.c ++++ b/drivers/vhost/net.c +@@ -857,7 +857,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) + mutex_unlock(&vq->mutex); + + if (oldubufs) { +- vhost_ubuf_put_and_wait(oldubufs); ++ vhost_ubuf_put_and_wait_and_free(oldubufs); + mutex_lock(&vq->mutex); + vhost_zerocopy_signal_used(n, vq); + mutex_unlock(&vq->mutex); +@@ -875,7 +875,7 @@ err_used: + rcu_assign_pointer(vq->private_data, oldsock); + vhost_net_enable_vq(n, vq); + if (ubufs) +- vhost_ubuf_put_and_wait(ubufs); ++ vhost_ubuf_put_and_wait_and_free(ubufs); + err_ubufs: + fput(sock->file); + err_vq: +diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c +index 9759249..2e2524c 100644 +--- a/drivers/vhost/vhost.c ++++ b/drivers/vhost/vhost.c +@@ -1581,5 +1581,11 @@ void vhost_ubuf_put_and_wait(struct vhost_ubuf_ref *ubufs) + { + kref_put(&ubufs->kref, vhost_zerocopy_done_signal); + wait_event(ubufs->wait, !atomic_read(&ubufs->kref.refcount)); ++} ++ ++void vhost_ubuf_put_and_wait_and_free(struct vhost_ubuf_ref *ubufs) ++{ ++ vhost_ubuf_put_and_wait(ubufs); + kfree(ubufs); + } ++ +diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h +index 17261e2..70cbe6f 100644 +--- a/drivers/vhost/vhost.h ++++ b/drivers/vhost/vhost.h +@@ -63,6 +63,7 @@ struct vhost_ubuf_ref { + struct vhost_ubuf_ref *vhost_ubuf_alloc(struct vhost_virtqueue *, bool zcopy); + void vhost_ubuf_put(struct vhost_ubuf_ref *); + void vhost_ubuf_put_and_wait(struct vhost_ubuf_ref *); ++void vhost_ubuf_put_and_wait_and_free(struct vhost_ubuf_ref *); + + struct ubuf_info; + diff --git a/drivers/video/aty/aty128fb.c b/drivers/video/aty/aty128fb.c index 8c55011..eed4ae1a 100644 --- a/drivers/video/aty/aty128fb.c @@ -49159,6 +49208,8 @@ index 86af964..5d53bf6 100644 + */ } +- if (elf_interpreter) { +- unsigned long interp_map_addr = 0; +#ifdef CONFIG_PAX_RANDMMAP + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size, flags; @@ -49168,7 +49219,7 @@ index 86af964..5d53bf6 100644 + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); + flags = MAP_FIXED | MAP_PRIVATE; + vm_flags = VM_DONTEXPAND | VM_DONTDUMP; -+ + + down_write(¤t->mm->mmap_sem); + start = get_unmapped_area(NULL, start, PAGE_ALIGN(size), 0, flags); + retval = -ENOMEM; @@ -49188,9 +49239,7 @@ index 86af964..5d53bf6 100644 + } +#endif + - if (elf_interpreter) { -- unsigned long interp_map_addr = 0; -- ++ if (elf_interpreter) { elf_entry = load_elf_interp(&loc->interp_elf_ex, interpreter, - &interp_map_addr, @@ -49496,7 +49545,7 @@ index aae187a..fd790ba 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index ca9d8f1..8c0142d 100644 +index 7a983f7..c73ee93 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -1036,9 +1036,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -51471,7 +51520,7 @@ index 3b83cd6..0f34dcd 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index f3190ab..84ffb21 100644 +index 8b6e837..36fd6c1 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1754,7 +1754,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -51601,7 +51650,7 @@ index b3b1f7d..cff51d5 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c -index 3beae6a..8cc5637 100644 +index 1cb76e8..0fe3928 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -79,12 +79,20 @@ static int verify_group_input(struct super_block *sb, @@ -52045,9 +52094,7 @@ index ee38fef..0a326d4 100644 #ifdef CONFIG_FSCACHE_STATS -extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; -extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; -+extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; -+extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; - +- -extern atomic_t fscache_n_op_pend; -extern atomic_t fscache_n_op_run; -extern atomic_t fscache_n_op_enqueue; @@ -52056,26 +52103,13 @@ index ee38fef..0a326d4 100644 -extern atomic_t fscache_n_op_gc; -extern atomic_t fscache_n_op_cancelled; -extern atomic_t fscache_n_op_rejected; -+extern atomic_unchecked_t fscache_n_op_pend; -+extern atomic_unchecked_t fscache_n_op_run; -+extern atomic_unchecked_t fscache_n_op_enqueue; -+extern atomic_unchecked_t fscache_n_op_deferred_release; -+extern atomic_unchecked_t fscache_n_op_release; -+extern atomic_unchecked_t fscache_n_op_gc; -+extern atomic_unchecked_t fscache_n_op_cancelled; -+extern atomic_unchecked_t fscache_n_op_rejected; - +- -extern atomic_t fscache_n_attr_changed; -extern atomic_t fscache_n_attr_changed_ok; -extern atomic_t fscache_n_attr_changed_nobufs; -extern atomic_t fscache_n_attr_changed_nomem; -extern atomic_t fscache_n_attr_changed_calls; -+extern atomic_unchecked_t fscache_n_attr_changed; -+extern atomic_unchecked_t fscache_n_attr_changed_ok; -+extern atomic_unchecked_t fscache_n_attr_changed_nobufs; -+extern atomic_unchecked_t fscache_n_attr_changed_nomem; -+extern atomic_unchecked_t fscache_n_attr_changed_calls; - +- -extern atomic_t fscache_n_allocs; -extern atomic_t fscache_n_allocs_ok; -extern atomic_t fscache_n_allocs_wait; @@ -52084,15 +52118,7 @@ index ee38fef..0a326d4 100644 -extern atomic_t fscache_n_allocs_object_dead; -extern atomic_t fscache_n_alloc_ops; -extern atomic_t fscache_n_alloc_op_waits; -+extern atomic_unchecked_t fscache_n_allocs; -+extern atomic_unchecked_t fscache_n_allocs_ok; -+extern atomic_unchecked_t fscache_n_allocs_wait; -+extern atomic_unchecked_t fscache_n_allocs_nobufs; -+extern atomic_unchecked_t fscache_n_allocs_intr; -+extern atomic_unchecked_t fscache_n_allocs_object_dead; -+extern atomic_unchecked_t fscache_n_alloc_ops; -+extern atomic_unchecked_t fscache_n_alloc_op_waits; - +- -extern atomic_t fscache_n_retrievals; -extern atomic_t fscache_n_retrievals_ok; -extern atomic_t fscache_n_retrievals_wait; @@ -52103,17 +52129,7 @@ index ee38fef..0a326d4 100644 -extern atomic_t fscache_n_retrievals_object_dead; -extern atomic_t fscache_n_retrieval_ops; -extern atomic_t fscache_n_retrieval_op_waits; -+extern atomic_unchecked_t fscache_n_retrievals; -+extern atomic_unchecked_t fscache_n_retrievals_ok; -+extern atomic_unchecked_t fscache_n_retrievals_wait; -+extern atomic_unchecked_t fscache_n_retrievals_nodata; -+extern atomic_unchecked_t fscache_n_retrievals_nobufs; -+extern atomic_unchecked_t fscache_n_retrievals_intr; -+extern atomic_unchecked_t fscache_n_retrievals_nomem; -+extern atomic_unchecked_t fscache_n_retrievals_object_dead; -+extern atomic_unchecked_t fscache_n_retrieval_ops; -+extern atomic_unchecked_t fscache_n_retrieval_op_waits; - +- -extern atomic_t fscache_n_stores; -extern atomic_t fscache_n_stores_ok; -extern atomic_t fscache_n_stores_again; @@ -52124,6 +52140,91 @@ index ee38fef..0a326d4 100644 -extern atomic_t fscache_n_store_pages; -extern atomic_t fscache_n_store_radix_deletes; -extern atomic_t fscache_n_store_pages_over_limit; +- +-extern atomic_t fscache_n_store_vmscan_not_storing; +-extern atomic_t fscache_n_store_vmscan_gone; +-extern atomic_t fscache_n_store_vmscan_busy; +-extern atomic_t fscache_n_store_vmscan_cancelled; +-extern atomic_t fscache_n_store_vmscan_wait; +- +-extern atomic_t fscache_n_marks; +-extern atomic_t fscache_n_uncaches; +- +-extern atomic_t fscache_n_acquires; +-extern atomic_t fscache_n_acquires_null; +-extern atomic_t fscache_n_acquires_no_cache; +-extern atomic_t fscache_n_acquires_ok; +-extern atomic_t fscache_n_acquires_nobufs; +-extern atomic_t fscache_n_acquires_oom; +- +-extern atomic_t fscache_n_invalidates; +-extern atomic_t fscache_n_invalidates_run; +- +-extern atomic_t fscache_n_updates; +-extern atomic_t fscache_n_updates_null; +-extern atomic_t fscache_n_updates_run; +- +-extern atomic_t fscache_n_relinquishes; +-extern atomic_t fscache_n_relinquishes_null; +-extern atomic_t fscache_n_relinquishes_waitcrt; +-extern atomic_t fscache_n_relinquishes_retire; +- +-extern atomic_t fscache_n_cookie_index; +-extern atomic_t fscache_n_cookie_data; +-extern atomic_t fscache_n_cookie_special; +- +-extern atomic_t fscache_n_object_alloc; +-extern atomic_t fscache_n_object_no_alloc; +-extern atomic_t fscache_n_object_lookups; +-extern atomic_t fscache_n_object_lookups_negative; +-extern atomic_t fscache_n_object_lookups_positive; +-extern atomic_t fscache_n_object_lookups_timed_out; +-extern atomic_t fscache_n_object_created; +-extern atomic_t fscache_n_object_avail; +-extern atomic_t fscache_n_object_dead; +- +-extern atomic_t fscache_n_checkaux_none; +-extern atomic_t fscache_n_checkaux_okay; +-extern atomic_t fscache_n_checkaux_update; +-extern atomic_t fscache_n_checkaux_obsolete; ++extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; ++extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; ++ ++extern atomic_unchecked_t fscache_n_op_pend; ++extern atomic_unchecked_t fscache_n_op_run; ++extern atomic_unchecked_t fscache_n_op_enqueue; ++extern atomic_unchecked_t fscache_n_op_deferred_release; ++extern atomic_unchecked_t fscache_n_op_release; ++extern atomic_unchecked_t fscache_n_op_gc; ++extern atomic_unchecked_t fscache_n_op_cancelled; ++extern atomic_unchecked_t fscache_n_op_rejected; ++ ++extern atomic_unchecked_t fscache_n_attr_changed; ++extern atomic_unchecked_t fscache_n_attr_changed_ok; ++extern atomic_unchecked_t fscache_n_attr_changed_nobufs; ++extern atomic_unchecked_t fscache_n_attr_changed_nomem; ++extern atomic_unchecked_t fscache_n_attr_changed_calls; ++ ++extern atomic_unchecked_t fscache_n_allocs; ++extern atomic_unchecked_t fscache_n_allocs_ok; ++extern atomic_unchecked_t fscache_n_allocs_wait; ++extern atomic_unchecked_t fscache_n_allocs_nobufs; ++extern atomic_unchecked_t fscache_n_allocs_intr; ++extern atomic_unchecked_t fscache_n_allocs_object_dead; ++extern atomic_unchecked_t fscache_n_alloc_ops; ++extern atomic_unchecked_t fscache_n_alloc_op_waits; ++ ++extern atomic_unchecked_t fscache_n_retrievals; ++extern atomic_unchecked_t fscache_n_retrievals_ok; ++extern atomic_unchecked_t fscache_n_retrievals_wait; ++extern atomic_unchecked_t fscache_n_retrievals_nodata; ++extern atomic_unchecked_t fscache_n_retrievals_nobufs; ++extern atomic_unchecked_t fscache_n_retrievals_intr; ++extern atomic_unchecked_t fscache_n_retrievals_nomem; ++extern atomic_unchecked_t fscache_n_retrievals_object_dead; ++extern atomic_unchecked_t fscache_n_retrieval_ops; ++extern atomic_unchecked_t fscache_n_retrieval_op_waits; ++ +extern atomic_unchecked_t fscache_n_stores; +extern atomic_unchecked_t fscache_n_stores_ok; +extern atomic_unchecked_t fscache_n_stores_again; @@ -52134,73 +52235,39 @@ index ee38fef..0a326d4 100644 +extern atomic_unchecked_t fscache_n_store_pages; +extern atomic_unchecked_t fscache_n_store_radix_deletes; +extern atomic_unchecked_t fscache_n_store_pages_over_limit; - --extern atomic_t fscache_n_store_vmscan_not_storing; --extern atomic_t fscache_n_store_vmscan_gone; --extern atomic_t fscache_n_store_vmscan_busy; --extern atomic_t fscache_n_store_vmscan_cancelled; --extern atomic_t fscache_n_store_vmscan_wait; ++ +extern atomic_unchecked_t fscache_n_store_vmscan_not_storing; +extern atomic_unchecked_t fscache_n_store_vmscan_gone; +extern atomic_unchecked_t fscache_n_store_vmscan_busy; +extern atomic_unchecked_t fscache_n_store_vmscan_cancelled; +extern atomic_unchecked_t fscache_n_store_vmscan_wait; - --extern atomic_t fscache_n_marks; --extern atomic_t fscache_n_uncaches; ++ +extern atomic_unchecked_t fscache_n_marks; +extern atomic_unchecked_t fscache_n_uncaches; - --extern atomic_t fscache_n_acquires; --extern atomic_t fscache_n_acquires_null; --extern atomic_t fscache_n_acquires_no_cache; --extern atomic_t fscache_n_acquires_ok; --extern atomic_t fscache_n_acquires_nobufs; --extern atomic_t fscache_n_acquires_oom; ++ +extern atomic_unchecked_t fscache_n_acquires; +extern atomic_unchecked_t fscache_n_acquires_null; +extern atomic_unchecked_t fscache_n_acquires_no_cache; +extern atomic_unchecked_t fscache_n_acquires_ok; +extern atomic_unchecked_t fscache_n_acquires_nobufs; +extern atomic_unchecked_t fscache_n_acquires_oom; - --extern atomic_t fscache_n_invalidates; --extern atomic_t fscache_n_invalidates_run; ++ +extern atomic_unchecked_t fscache_n_invalidates; +extern atomic_unchecked_t fscache_n_invalidates_run; - --extern atomic_t fscache_n_updates; --extern atomic_t fscache_n_updates_null; --extern atomic_t fscache_n_updates_run; ++ +extern atomic_unchecked_t fscache_n_updates; +extern atomic_unchecked_t fscache_n_updates_null; +extern atomic_unchecked_t fscache_n_updates_run; - --extern atomic_t fscache_n_relinquishes; --extern atomic_t fscache_n_relinquishes_null; --extern atomic_t fscache_n_relinquishes_waitcrt; --extern atomic_t fscache_n_relinquishes_retire; ++ +extern atomic_unchecked_t fscache_n_relinquishes; +extern atomic_unchecked_t fscache_n_relinquishes_null; +extern atomic_unchecked_t fscache_n_relinquishes_waitcrt; +extern atomic_unchecked_t fscache_n_relinquishes_retire; - --extern atomic_t fscache_n_cookie_index; --extern atomic_t fscache_n_cookie_data; --extern atomic_t fscache_n_cookie_special; ++ +extern atomic_unchecked_t fscache_n_cookie_index; +extern atomic_unchecked_t fscache_n_cookie_data; +extern atomic_unchecked_t fscache_n_cookie_special; - --extern atomic_t fscache_n_object_alloc; --extern atomic_t fscache_n_object_no_alloc; --extern atomic_t fscache_n_object_lookups; --extern atomic_t fscache_n_object_lookups_negative; --extern atomic_t fscache_n_object_lookups_positive; --extern atomic_t fscache_n_object_lookups_timed_out; --extern atomic_t fscache_n_object_created; --extern atomic_t fscache_n_object_avail; --extern atomic_t fscache_n_object_dead; ++ +extern atomic_unchecked_t fscache_n_object_alloc; +extern atomic_unchecked_t fscache_n_object_no_alloc; +extern atomic_unchecked_t fscache_n_object_lookups; @@ -52210,11 +52277,7 @@ index ee38fef..0a326d4 100644 +extern atomic_unchecked_t fscache_n_object_created; +extern atomic_unchecked_t fscache_n_object_avail; +extern atomic_unchecked_t fscache_n_object_dead; - --extern atomic_t fscache_n_checkaux_none; --extern atomic_t fscache_n_checkaux_okay; --extern atomic_t fscache_n_checkaux_update; --extern atomic_t fscache_n_checkaux_obsolete; ++ +extern atomic_unchecked_t fscache_n_checkaux_none; +extern atomic_unchecked_t fscache_n_checkaux_okay; +extern atomic_unchecked_t fscache_n_checkaux_update; @@ -52911,27 +52974,13 @@ index 40d13c7..ddf52b9 100644 -atomic_t fscache_n_op_gc; -atomic_t fscache_n_op_cancelled; -atomic_t fscache_n_op_rejected; -+atomic_unchecked_t fscache_n_op_pend; -+atomic_unchecked_t fscache_n_op_run; -+atomic_unchecked_t fscache_n_op_enqueue; -+atomic_unchecked_t fscache_n_op_requeue; -+atomic_unchecked_t fscache_n_op_deferred_release; -+atomic_unchecked_t fscache_n_op_release; -+atomic_unchecked_t fscache_n_op_gc; -+atomic_unchecked_t fscache_n_op_cancelled; -+atomic_unchecked_t fscache_n_op_rejected; - +- -atomic_t fscache_n_attr_changed; -atomic_t fscache_n_attr_changed_ok; -atomic_t fscache_n_attr_changed_nobufs; -atomic_t fscache_n_attr_changed_nomem; -atomic_t fscache_n_attr_changed_calls; -+atomic_unchecked_t fscache_n_attr_changed; -+atomic_unchecked_t fscache_n_attr_changed_ok; -+atomic_unchecked_t fscache_n_attr_changed_nobufs; -+atomic_unchecked_t fscache_n_attr_changed_nomem; -+atomic_unchecked_t fscache_n_attr_changed_calls; - +- -atomic_t fscache_n_allocs; -atomic_t fscache_n_allocs_ok; -atomic_t fscache_n_allocs_wait; @@ -52940,15 +52989,7 @@ index 40d13c7..ddf52b9 100644 -atomic_t fscache_n_allocs_object_dead; -atomic_t fscache_n_alloc_ops; -atomic_t fscache_n_alloc_op_waits; -+atomic_unchecked_t fscache_n_allocs; -+atomic_unchecked_t fscache_n_allocs_ok; -+atomic_unchecked_t fscache_n_allocs_wait; -+atomic_unchecked_t fscache_n_allocs_nobufs; -+atomic_unchecked_t fscache_n_allocs_intr; -+atomic_unchecked_t fscache_n_allocs_object_dead; -+atomic_unchecked_t fscache_n_alloc_ops; -+atomic_unchecked_t fscache_n_alloc_op_waits; - +- -atomic_t fscache_n_retrievals; -atomic_t fscache_n_retrievals_ok; -atomic_t fscache_n_retrievals_wait; @@ -52959,17 +53000,7 @@ index 40d13c7..ddf52b9 100644 -atomic_t fscache_n_retrievals_object_dead; -atomic_t fscache_n_retrieval_ops; -atomic_t fscache_n_retrieval_op_waits; -+atomic_unchecked_t fscache_n_retrievals; -+atomic_unchecked_t fscache_n_retrievals_ok; -+atomic_unchecked_t fscache_n_retrievals_wait; -+atomic_unchecked_t fscache_n_retrievals_nodata; -+atomic_unchecked_t fscache_n_retrievals_nobufs; -+atomic_unchecked_t fscache_n_retrievals_intr; -+atomic_unchecked_t fscache_n_retrievals_nomem; -+atomic_unchecked_t fscache_n_retrievals_object_dead; -+atomic_unchecked_t fscache_n_retrieval_ops; -+atomic_unchecked_t fscache_n_retrieval_op_waits; - +- -atomic_t fscache_n_stores; -atomic_t fscache_n_stores_ok; -atomic_t fscache_n_stores_again; @@ -52980,6 +53011,89 @@ index 40d13c7..ddf52b9 100644 -atomic_t fscache_n_store_pages; -atomic_t fscache_n_store_radix_deletes; -atomic_t fscache_n_store_pages_over_limit; +- +-atomic_t fscache_n_store_vmscan_not_storing; +-atomic_t fscache_n_store_vmscan_gone; +-atomic_t fscache_n_store_vmscan_busy; +-atomic_t fscache_n_store_vmscan_cancelled; +-atomic_t fscache_n_store_vmscan_wait; +- +-atomic_t fscache_n_marks; +-atomic_t fscache_n_uncaches; +- +-atomic_t fscache_n_acquires; +-atomic_t fscache_n_acquires_null; +-atomic_t fscache_n_acquires_no_cache; +-atomic_t fscache_n_acquires_ok; +-atomic_t fscache_n_acquires_nobufs; +-atomic_t fscache_n_acquires_oom; +- +-atomic_t fscache_n_invalidates; +-atomic_t fscache_n_invalidates_run; +- +-atomic_t fscache_n_updates; +-atomic_t fscache_n_updates_null; +-atomic_t fscache_n_updates_run; +- +-atomic_t fscache_n_relinquishes; +-atomic_t fscache_n_relinquishes_null; +-atomic_t fscache_n_relinquishes_waitcrt; +-atomic_t fscache_n_relinquishes_retire; +- +-atomic_t fscache_n_cookie_index; +-atomic_t fscache_n_cookie_data; +-atomic_t fscache_n_cookie_special; +- +-atomic_t fscache_n_object_alloc; +-atomic_t fscache_n_object_no_alloc; +-atomic_t fscache_n_object_lookups; +-atomic_t fscache_n_object_lookups_negative; +-atomic_t fscache_n_object_lookups_positive; +-atomic_t fscache_n_object_lookups_timed_out; +-atomic_t fscache_n_object_created; +-atomic_t fscache_n_object_avail; +-atomic_t fscache_n_object_dead; +- +-atomic_t fscache_n_checkaux_none; +-atomic_t fscache_n_checkaux_okay; +-atomic_t fscache_n_checkaux_update; +-atomic_t fscache_n_checkaux_obsolete; ++atomic_unchecked_t fscache_n_op_pend; ++atomic_unchecked_t fscache_n_op_run; ++atomic_unchecked_t fscache_n_op_enqueue; ++atomic_unchecked_t fscache_n_op_requeue; ++atomic_unchecked_t fscache_n_op_deferred_release; ++atomic_unchecked_t fscache_n_op_release; ++atomic_unchecked_t fscache_n_op_gc; ++atomic_unchecked_t fscache_n_op_cancelled; ++atomic_unchecked_t fscache_n_op_rejected; ++ ++atomic_unchecked_t fscache_n_attr_changed; ++atomic_unchecked_t fscache_n_attr_changed_ok; ++atomic_unchecked_t fscache_n_attr_changed_nobufs; ++atomic_unchecked_t fscache_n_attr_changed_nomem; ++atomic_unchecked_t fscache_n_attr_changed_calls; ++ ++atomic_unchecked_t fscache_n_allocs; ++atomic_unchecked_t fscache_n_allocs_ok; ++atomic_unchecked_t fscache_n_allocs_wait; ++atomic_unchecked_t fscache_n_allocs_nobufs; ++atomic_unchecked_t fscache_n_allocs_intr; ++atomic_unchecked_t fscache_n_allocs_object_dead; ++atomic_unchecked_t fscache_n_alloc_ops; ++atomic_unchecked_t fscache_n_alloc_op_waits; ++ ++atomic_unchecked_t fscache_n_retrievals; ++atomic_unchecked_t fscache_n_retrievals_ok; ++atomic_unchecked_t fscache_n_retrievals_wait; ++atomic_unchecked_t fscache_n_retrievals_nodata; ++atomic_unchecked_t fscache_n_retrievals_nobufs; ++atomic_unchecked_t fscache_n_retrievals_intr; ++atomic_unchecked_t fscache_n_retrievals_nomem; ++atomic_unchecked_t fscache_n_retrievals_object_dead; ++atomic_unchecked_t fscache_n_retrieval_ops; ++atomic_unchecked_t fscache_n_retrieval_op_waits; ++ +atomic_unchecked_t fscache_n_stores; +atomic_unchecked_t fscache_n_stores_ok; +atomic_unchecked_t fscache_n_stores_again; @@ -52990,73 +53104,39 @@ index 40d13c7..ddf52b9 100644 +atomic_unchecked_t fscache_n_store_pages; +atomic_unchecked_t fscache_n_store_radix_deletes; +atomic_unchecked_t fscache_n_store_pages_over_limit; - --atomic_t fscache_n_store_vmscan_not_storing; --atomic_t fscache_n_store_vmscan_gone; --atomic_t fscache_n_store_vmscan_busy; --atomic_t fscache_n_store_vmscan_cancelled; --atomic_t fscache_n_store_vmscan_wait; ++ +atomic_unchecked_t fscache_n_store_vmscan_not_storing; +atomic_unchecked_t fscache_n_store_vmscan_gone; +atomic_unchecked_t fscache_n_store_vmscan_busy; +atomic_unchecked_t fscache_n_store_vmscan_cancelled; +atomic_unchecked_t fscache_n_store_vmscan_wait; - --atomic_t fscache_n_marks; --atomic_t fscache_n_uncaches; ++ +atomic_unchecked_t fscache_n_marks; +atomic_unchecked_t fscache_n_uncaches; - --atomic_t fscache_n_acquires; --atomic_t fscache_n_acquires_null; --atomic_t fscache_n_acquires_no_cache; --atomic_t fscache_n_acquires_ok; --atomic_t fscache_n_acquires_nobufs; --atomic_t fscache_n_acquires_oom; ++ +atomic_unchecked_t fscache_n_acquires; +atomic_unchecked_t fscache_n_acquires_null; +atomic_unchecked_t fscache_n_acquires_no_cache; +atomic_unchecked_t fscache_n_acquires_ok; +atomic_unchecked_t fscache_n_acquires_nobufs; +atomic_unchecked_t fscache_n_acquires_oom; - --atomic_t fscache_n_invalidates; --atomic_t fscache_n_invalidates_run; ++ +atomic_unchecked_t fscache_n_invalidates; +atomic_unchecked_t fscache_n_invalidates_run; - --atomic_t fscache_n_updates; --atomic_t fscache_n_updates_null; --atomic_t fscache_n_updates_run; ++ +atomic_unchecked_t fscache_n_updates; +atomic_unchecked_t fscache_n_updates_null; +atomic_unchecked_t fscache_n_updates_run; - --atomic_t fscache_n_relinquishes; --atomic_t fscache_n_relinquishes_null; --atomic_t fscache_n_relinquishes_waitcrt; --atomic_t fscache_n_relinquishes_retire; ++ +atomic_unchecked_t fscache_n_relinquishes; +atomic_unchecked_t fscache_n_relinquishes_null; +atomic_unchecked_t fscache_n_relinquishes_waitcrt; +atomic_unchecked_t fscache_n_relinquishes_retire; - --atomic_t fscache_n_cookie_index; --atomic_t fscache_n_cookie_data; --atomic_t fscache_n_cookie_special; ++ +atomic_unchecked_t fscache_n_cookie_index; +atomic_unchecked_t fscache_n_cookie_data; +atomic_unchecked_t fscache_n_cookie_special; - --atomic_t fscache_n_object_alloc; --atomic_t fscache_n_object_no_alloc; --atomic_t fscache_n_object_lookups; --atomic_t fscache_n_object_lookups_negative; --atomic_t fscache_n_object_lookups_positive; --atomic_t fscache_n_object_lookups_timed_out; --atomic_t fscache_n_object_created; --atomic_t fscache_n_object_avail; --atomic_t fscache_n_object_dead; ++ +atomic_unchecked_t fscache_n_object_alloc; +atomic_unchecked_t fscache_n_object_no_alloc; +atomic_unchecked_t fscache_n_object_lookups; @@ -53066,11 +53146,7 @@ index 40d13c7..ddf52b9 100644 +atomic_unchecked_t fscache_n_object_created; +atomic_unchecked_t fscache_n_object_avail; +atomic_unchecked_t fscache_n_object_dead; - --atomic_t fscache_n_checkaux_none; --atomic_t fscache_n_checkaux_okay; --atomic_t fscache_n_checkaux_update; --atomic_t fscache_n_checkaux_obsolete; ++ +atomic_unchecked_t fscache_n_checkaux_none; +atomic_unchecked_t fscache_n_checkaux_okay; +atomic_unchecked_t fscache_n_checkaux_update; @@ -54289,7 +54365,7 @@ index d401d01..10b3e62 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index 6eb0dc5..29067a9 100644 +index a49c11b..8cd8130 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -1457,7 +1457,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) @@ -55656,9 +55732,7 @@ index eda6f01..006ae24 100644 } else { if (kern_addr_valid(start)) { - unsigned long n; -+ char *elf_buf; -+ mm_segment_t oldfs; - +- - n = copy_to_user(buffer, (char *)start, tsz); - /* - * We cannot distinguish between fault on source @@ -55669,6 +55743,9 @@ index eda6f01..006ae24 100644 - if (n) { - if (clear_user(buffer + tsz - n, - n)) ++ char *elf_buf; ++ mm_segment_t oldfs; ++ + elf_buf = kmalloc(tsz, GFP_KERNEL); + if (!elf_buf) + return -ENOMEM; @@ -73375,6 +73452,18 @@ index a345480..3c65cf4 100644 }; #define TCP_SKB_CB(__skb) ((struct tcp_skb_cb *)&((__skb)->cb[0])) +diff --git a/include/net/udp.h b/include/net/udp.h +index 065f379..ad99eed 100644 +--- a/include/net/udp.h ++++ b/include/net/udp.h +@@ -181,6 +181,7 @@ extern int udp_get_port(struct sock *sk, unsigned short snum, + extern void udp_err(struct sk_buff *, u32); + extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk, + struct msghdr *msg, size_t len); ++extern int udp_push_pending_frames(struct sock *sk); + extern void udp_flush_pending_frames(struct sock *sk); + extern int udp_rcv(struct sk_buff *skb); + extern int udp_ioctl(struct sock *sk, int cmd, unsigned long arg); diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 24c8886..e6fb816 100644 --- a/include/net/xfrm.h @@ -74828,10 +74917,10 @@ index f6c2ce5..982c0f9 100644 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +} diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index a48de6a..df24bfe 100644 +index 526f4ba..19cca33 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5567,7 +5567,7 @@ static int cgroup_css_links_read(struct cgroup *cont, +@@ -5580,7 +5580,7 @@ static int cgroup_css_links_read(struct cgroup *cont, struct css_set *cg = link->cg; struct task_struct *task; int count = 0; @@ -75819,7 +75908,7 @@ index 1766d32..c0e44e2 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index b26dcfc..39e266a 100644 +index 49dacfb..5c6b450 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -75830,7 +75919,7 @@ index b26dcfc..39e266a 100644 #include <linux/signal.h> #include <linux/export.h> #include <linux/magic.h> -@@ -241,6 +242,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -242,6 +243,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -75842,7 +75931,7 @@ index b26dcfc..39e266a 100644 /* * The futex address must be "naturally" aligned. */ -@@ -2732,6 +2738,7 @@ static int __init futex_init(void) +@@ -2733,6 +2739,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -75850,7 +75939,7 @@ index b26dcfc..39e266a 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2743,8 +2750,11 @@ static int __init futex_init(void) +@@ -2744,8 +2751,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -76426,7 +76515,7 @@ index b2c71c5..7b88d63 100644 seq_printf(m, "%40s %14lu %29s %pS\n", name, stats->contending_point[i], diff --git a/kernel/module.c b/kernel/module.c -index 97f202c..109575f 100644 +index a55f61b..1561428 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -76880,14 +76969,11 @@ index 97f202c..109575f 100644 if (!ptr) { - module_free(mod, mod->module_core); + module_free(mod, mod->module_core_rw); - return -ENOMEM; - } -- memset(ptr, 0, mod->init_size); -- mod->module_init = ptr; ++ return -ENOMEM; ++ } + memset(ptr, 0, mod->init_size_rw); + mod->module_init_rw = ptr; - } else -- mod->module_init = NULL; ++ } else + mod->module_init_rw = NULL; + + ptr = module_alloc_update_bounds_rx(mod->core_size_rx); @@ -76912,14 +76998,17 @@ index 97f202c..109575f 100644 + if (mod->module_init_rw) + module_free(mod, mod->module_init_rw); + module_free(mod, mod->module_core_rw); -+ return -ENOMEM; -+ } + return -ENOMEM; + } +- memset(ptr, 0, mod->init_size); +- mod->module_init = ptr; + + pax_open_kernel(); + memset(ptr, 0, mod->init_size_rx); + pax_close_kernel(); + mod->module_init_rx = ptr; -+ } else + } else +- mod->module_init = NULL; + mod->module_init_rx = NULL; /* Transfer each section which specifies SHF_ALLOC */ @@ -76996,7 +77085,7 @@ index 97f202c..109575f 100644 set_fs(old_fs); } -@@ -2992,8 +3097,10 @@ out: +@@ -2989,8 +3094,10 @@ static int alloc_module_percpu(struct module *mod, struct load_info *info) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -77009,7 +77098,7 @@ index 97f202c..109575f 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -3006,7 +3113,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -3003,7 +3110,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -77019,7 +77108,7 @@ index 97f202c..109575f 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3060,16 +3169,16 @@ static int do_init_module(struct module *mod) +@@ -3057,16 +3166,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -77044,7 +77133,7 @@ index 97f202c..109575f 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3131,11 +3240,12 @@ static int do_init_module(struct module *mod) +@@ -3128,11 +3237,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -77062,7 +77151,7 @@ index 97f202c..109575f 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3262,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3264,9 +3374,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -77101,7 +77190,7 @@ index 97f202c..109575f 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3280,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3282,13 +3421,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -77115,7 +77204,7 @@ index 97f202c..109575f 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Finally it's fully formed, ready to start executing. */ -@@ -3321,11 +3453,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3323,11 +3455,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -77128,7 +77217,7 @@ index 97f202c..109575f 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3408,10 +3539,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3410,10 +3541,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -77148,7 +77237,7 @@ index 97f202c..109575f 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3664,7 +3801,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3666,7 +3803,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -77157,7 +77246,7 @@ index 97f202c..109575f 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3673,7 +3810,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3675,7 +3812,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -77166,7 +77255,7 @@ index 97f202c..109575f 100644 /* Taints info */ if (mod->taints) -@@ -3709,7 +3846,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3711,7 +3848,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -77184,7 +77273,7 @@ index 97f202c..109575f 100644 return 0; } module_init(proc_modules_init); -@@ -3770,14 +3917,14 @@ struct module *__module_address(unsigned long addr) +@@ -3772,14 +3919,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -77202,7 +77291,7 @@ index 97f202c..109575f 100644 return mod; } return NULL; -@@ -3812,11 +3959,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3814,11 +3961,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -79673,10 +79762,10 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 1b399c8..90e1849 100644 +index 3361cff..0751080 100644 --- a/kernel/timer.c +++ b/kernel/timer.c -@@ -1363,7 +1363,7 @@ void update_process_times(int user_tick) +@@ -1365,7 +1365,7 @@ void update_process_times(int user_tick) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -79685,7 +79774,7 @@ index 1b399c8..90e1849 100644 { struct tvec_base *base = __this_cpu_read(tvec_bases); -@@ -1481,7 +1481,7 @@ static void process_timeout(unsigned long __data) +@@ -1483,7 +1483,7 @@ static void process_timeout(unsigned long __data) * * In all cases the return value is guaranteed to be non-negative. */ @@ -79694,7 +79783,7 @@ index 1b399c8..90e1849 100644 { struct timer_list timer; unsigned long expire; -@@ -1772,7 +1772,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self, +@@ -1774,7 +1774,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -81054,10 +81143,10 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index ce4cb19..93899ef 100644 +index 2baa6e3..cd0a264 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2005,15 +2005,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2022,15 +2022,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -81078,7 +81167,7 @@ index ce4cb19..93899ef 100644 if (ret) goto out; -@@ -2070,15 +2072,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2087,15 +2089,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -81099,7 +81188,7 @@ index ce4cb19..93899ef 100644 if (ret) goto out; -@@ -2512,6 +2516,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2529,6 +2533,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -81127,7 +81216,7 @@ index ce4cb19..93899ef 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2630,6 +2655,11 @@ retry_avoidcopy: +@@ -2647,6 +2672,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -81139,7 +81228,7 @@ index ce4cb19..93899ef 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2788,6 +2818,10 @@ retry: +@@ -2805,6 +2835,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -81150,7 +81239,7 @@ index ce4cb19..93899ef 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2817,6 +2851,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2834,6 +2868,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -81161,7 +81250,7 @@ index ce4cb19..93899ef 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2830,6 +2868,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2847,6 +2885,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -84022,7 +84111,7 @@ index efe6814..64b4701 100644 .next = NULL, }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 0d4fef2..8870335 100644 +index ab62b75..410422f 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -59,6 +59,7 @@ @@ -86486,6 +86575,48 @@ index 6cc0481..59cfb00 100644 } } EXPORT_SYMBOL(dev_load); +diff --git a/net/core/ethtool.c b/net/core/ethtool.c +index 41f4bdf..9e7c219 100644 +--- a/net/core/ethtool.c ++++ b/net/core/ethtool.c +@@ -1314,10 +1314,19 @@ static int ethtool_get_dump_data(struct net_device *dev, + if (ret) + return ret; + +- len = (tmp.len > dump.len) ? dump.len : tmp.len; ++ len = min(tmp.len, dump.len); + if (!len) + return -EFAULT; + ++ /* Don't ever let the driver think there's more space available ++ * than it requested with .get_dump_flag(). ++ */ ++ dump.len = len; ++ ++ /* Always allocate enough space to hold the whole thing so that the ++ * driver does not need to check the length and bother with partial ++ * dumping. ++ */ + data = vzalloc(tmp.len); + if (!data) + return -ENOMEM; +@@ -1325,6 +1334,16 @@ static int ethtool_get_dump_data(struct net_device *dev, + if (ret) + goto out; + ++ /* There are two sane possibilities: ++ * 1. The driver's .get_dump_data() does not touch dump.len. ++ * 2. Or it may set dump.len to how much it really writes, which ++ * should be tmp.len (or len if it can do a partial dump). ++ * In any case respond to userspace with the actual length of data ++ * it's receiving. ++ */ ++ WARN_ON(dump.len != len && dump.len != tmp.len); ++ dump.len = len; ++ + if (copy_to_user(useraddr, &dump, sizeof(dump))) { + ret = -EFAULT; + goto out; diff --git a/net/core/flow.c b/net/core/flow.c index 2bfd081..53c6058 100644 --- a/net/core/flow.c @@ -87313,7 +87444,7 @@ index d9c4f11..02b82dbc 100644 msg.msg_flags = flags; diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c -index c3a4233..7df5626 100644 +index c3a4233..3fa029d 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -47,7 +47,7 @@ @@ -87335,7 +87466,25 @@ index c3a4233..7df5626 100644 skb_dst_drop(skb); skb_dst_set(skb, &rt->dst); nf_reset(skb); -@@ -886,7 +885,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = { +@@ -645,17 +644,10 @@ static int __net_init vti_fb_tunnel_init(struct net_device *dev) + struct iphdr *iph = &tunnel->parms.iph; + struct vti_net *ipn = net_generic(dev_net(dev), vti_net_id); + +- tunnel->dev = dev; +- strcpy(tunnel->parms.name, dev->name); +- + iph->version = 4; + iph->protocol = IPPROTO_IPIP; + iph->ihl = 5; + +- dev->tstats = alloc_percpu(struct pcpu_tstats); +- if (!dev->tstats) +- return -ENOMEM; +- + dev_hold(dev); + rcu_assign_pointer(ipn->tunnels_wc[0], tunnel); + return 0; +@@ -886,7 +878,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = { [IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) }, }; @@ -87939,7 +88088,7 @@ index b78aac3..e18230b 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 0a073a2..ddf6279 100644 +index 0a073a2..d4a04de 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -87971,7 +88120,24 @@ index 0a073a2..ddf6279 100644 /* * This routine is called by the ICMP module when it gets some * sort of error condition. If err < 0 then the socket should -@@ -889,9 +897,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -799,7 +807,7 @@ send: + /* + * Push out all pending data as one UDP datagram. Socket is locked. + */ +-static int udp_push_pending_frames(struct sock *sk) ++int udp_push_pending_frames(struct sock *sk) + { + struct udp_sock *up = udp_sk(sk); + struct inet_sock *inet = inet_sk(sk); +@@ -818,6 +826,7 @@ out: + up->pending = 0; + return err; + } ++EXPORT_SYMBOL(udp_push_pending_frames); + + int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + size_t len) +@@ -889,9 +898,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, dport = usin->sin_port; if (dport == 0) return -EINVAL; @@ -87990,7 +88156,7 @@ index 0a073a2..ddf6279 100644 daddr = inet->inet_daddr; dport = inet->inet_dport; /* Open fast path for connected socket. -@@ -1133,7 +1150,7 @@ static unsigned int first_packet_length(struct sock *sk) +@@ -1133,7 +1151,7 @@ static unsigned int first_packet_length(struct sock *sk) udp_lib_checksum_complete(skb)) { UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, IS_UDPLITE(sk)); @@ -87999,7 +88165,7 @@ index 0a073a2..ddf6279 100644 __skb_unlink(skb, rcvq); __skb_queue_tail(&list_kill, skb); } -@@ -1219,6 +1236,10 @@ try_again: +@@ -1219,6 +1237,10 @@ try_again: if (!skb) goto out; @@ -88010,7 +88176,7 @@ index 0a073a2..ddf6279 100644 ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) -@@ -1252,7 +1273,7 @@ try_again: +@@ -1252,7 +1274,7 @@ try_again: if (unlikely(err)) { trace_kfree_skb(skb, udp_recvmsg); if (!peeked) { @@ -88019,7 +88185,7 @@ index 0a073a2..ddf6279 100644 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } -@@ -1535,7 +1556,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -1535,7 +1557,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) drop: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -88028,7 +88194,7 @@ index 0a073a2..ddf6279 100644 kfree_skb(skb); return -1; } -@@ -1554,7 +1575,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -1554,7 +1576,7 @@ static void flush_stack(struct sock **stack, unsigned int count, skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -88037,7 +88203,7 @@ index 0a073a2..ddf6279 100644 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -1723,6 +1744,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -1723,6 +1745,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -88047,7 +88213,7 @@ index 0a073a2..ddf6279 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2152,7 +2176,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, +@@ -2152,7 +2177,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -88139,6 +88305,53 @@ index fff5bdd..15194fb 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), +diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c +index 192dd1a..5fc9c7a 100644 +--- a/net/ipv6/ip6_fib.c ++++ b/net/ipv6/ip6_fib.c +@@ -632,6 +632,12 @@ insert_above: + return ln; + } + ++static inline bool rt6_qualify_for_ecmp(struct rt6_info *rt) ++{ ++ return (rt->rt6i_flags & (RTF_GATEWAY|RTF_ADDRCONF|RTF_DYNAMIC)) == ++ RTF_GATEWAY; ++} ++ + /* + * Insert routing information in a node. + */ +@@ -646,6 +652,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, + int add = (!info->nlh || + (info->nlh->nlmsg_flags & NLM_F_CREATE)); + int found = 0; ++ bool rt_can_ecmp = rt6_qualify_for_ecmp(rt); + + ins = &fn->leaf; + +@@ -691,9 +698,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, + * To avoid long list, we only had siblings if the + * route have a gateway. + */ +- if (rt->rt6i_flags & RTF_GATEWAY && +- !(rt->rt6i_flags & RTF_EXPIRES) && +- !(iter->rt6i_flags & RTF_EXPIRES)) ++ if (rt_can_ecmp && ++ rt6_qualify_for_ecmp(iter)) + rt->rt6i_nsiblings++; + } + +@@ -715,7 +721,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, + /* Find the first route that have the same metric */ + sibling = fn->leaf; + while (sibling) { +- if (sibling->rt6i_metric == rt->rt6i_metric) { ++ if (sibling->rt6i_metric == rt->rt6i_metric && ++ rt6_qualify_for_ecmp(sibling)) { + list_add_tail(&rt->rt6i_siblings, + &sibling->rt6i_siblings); + break; diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index 95d13c7..791fe2f 100644 --- a/net/ipv6/ip6_gre.c @@ -88180,7 +88393,7 @@ index 95d13c7..791fe2f 100644 .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 851fdae..9d4d1fd 100644 +index 851fdae..8f6f09a 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -822,11 +822,17 @@ static struct dst_entry *ip6_sk_dst_check(struct sock *sk, @@ -88202,6 +88415,56 @@ index 851fdae..9d4d1fd 100644 /* Yes, checking route validity in not connected * case is not very simple. Take into account, * that we do not support routing by source, TOS, +@@ -1093,11 +1099,12 @@ static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src, + return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; + } + +-static void ip6_append_data_mtu(int *mtu, ++static void ip6_append_data_mtu(unsigned int *mtu, + int *maxfraglen, + unsigned int fragheaderlen, + struct sk_buff *skb, +- struct rt6_info *rt) ++ struct rt6_info *rt, ++ bool pmtuprobe) + { + if (!(rt->dst.flags & DST_XFRM_TUNNEL)) { + if (skb == NULL) { +@@ -1109,7 +1116,9 @@ static void ip6_append_data_mtu(int *mtu, + * this fragment is not first, the headers + * space is regarded as data space. + */ +- *mtu = dst_mtu(rt->dst.path); ++ *mtu = min(*mtu, pmtuprobe ? ++ rt->dst.dev->mtu : ++ dst_mtu(rt->dst.path)); + } + *maxfraglen = ((*mtu - fragheaderlen) & ~7) + + fragheaderlen - sizeof(struct frag_hdr); +@@ -1126,11 +1135,10 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + struct ipv6_pinfo *np = inet6_sk(sk); + struct inet_cork *cork; + struct sk_buff *skb, *skb_prev = NULL; +- unsigned int maxfraglen, fragheaderlen; ++ unsigned int maxfraglen, fragheaderlen, mtu; + int exthdrlen; + int dst_exthdrlen; + int hh_len; +- int mtu; + int copy; + int err; + int offset = 0; +@@ -1290,7 +1298,9 @@ alloc_new_skb: + /* update mtu and maxfraglen if necessary */ + if (skb == NULL || skb_prev == NULL) + ip6_append_data_mtu(&mtu, &maxfraglen, +- fragheaderlen, skb, rt); ++ fragheaderlen, skb, rt, ++ np->pmtudisc == ++ IPV6_PMTUDISC_PROBE); + + skb_prev = skb; + diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index fff83cb..82d49dd 100644 --- a/net/ipv6/ip6_tunnel.c @@ -88562,7 +88825,7 @@ index 0fce928..c52a518 100644 } diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 27f0f8e..949e7ee 100644 +index 27f0f8e..a8928b5 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -52,6 +52,10 @@ @@ -88613,7 +88876,25 @@ index 27f0f8e..949e7ee 100644 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); kfree_skb(skb); -@@ -1377,7 +1384,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket +@@ -945,11 +952,16 @@ static int udp_v6_push_pending_frames(struct sock *sk) + struct udphdr *uh; + struct udp_sock *up = udp_sk(sk); + struct inet_sock *inet = inet_sk(sk); +- struct flowi6 *fl6 = &inet->cork.fl.u.ip6; ++ struct flowi6 *fl6; + int err = 0; + int is_udplite = IS_UDPLITE(sk); + __wsum csum = 0; + ++ if (up->pending == AF_INET) ++ return udp_push_pending_frames(sk); ++ ++ fl6 = &inet->cork.fl.u.ip6; ++ + /* Grab the skbuff where UDP header space exists. */ + if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) + goto out; +@@ -1377,7 +1389,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -88812,6 +89093,20 @@ index 5b1e5af..1b929e7 100644 } while (!res); return res; } +diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c +index 8dec687..5ebee2d 100644 +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -1793,7 +1793,8 @@ static const struct proto_ops pppol2tp_ops = { + + static const struct pppox_proto pppol2tp_proto = { + .create = pppol2tp_create, +- .ioctl = pppol2tp_ioctl ++ .ioctl = pppol2tp_ioctl, ++ .owner = THIS_MODULE, + }; + + #ifdef CONFIG_L2TP_V3 diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 843d8c4..cb04fa1 100644 --- a/net/mac80211/cfg.c @@ -90848,6 +91143,58 @@ index 8343737..677025e 100644 .mode = 0644, .proc_handler = read_reset_stat, }, +diff --git a/net/sunrpc/xprtrdma/svc_rdma_marshal.c b/net/sunrpc/xprtrdma/svc_rdma_marshal.c +index 8d2eddd..65b1462 100644 +--- a/net/sunrpc/xprtrdma/svc_rdma_marshal.c ++++ b/net/sunrpc/xprtrdma/svc_rdma_marshal.c +@@ -98,6 +98,7 @@ void svc_rdma_rcl_chunk_counts(struct rpcrdma_read_chunk *ch, + */ + static u32 *decode_write_list(u32 *va, u32 *vaend) + { ++ unsigned long start, end; + int nchunks; + + struct rpcrdma_write_array *ary = +@@ -113,9 +114,12 @@ static u32 *decode_write_list(u32 *va, u32 *vaend) + return NULL; + } + nchunks = ntohl(ary->wc_nchunks); +- if (((unsigned long)&ary->wc_array[0] + +- (sizeof(struct rpcrdma_write_chunk) * nchunks)) > +- (unsigned long)vaend) { ++ ++ start = (unsigned long)&ary->wc_array[0]; ++ end = (unsigned long)vaend; ++ if (nchunks < 0 || ++ nchunks > (SIZE_MAX - start) / sizeof(struct rpcrdma_write_chunk) || ++ (start + (sizeof(struct rpcrdma_write_chunk) * nchunks)) > end) { + dprintk("svcrdma: ary=%p, wc_nchunks=%d, vaend=%p\n", + ary, nchunks, vaend); + return NULL; +@@ -129,6 +133,7 @@ static u32 *decode_write_list(u32 *va, u32 *vaend) + + static u32 *decode_reply_array(u32 *va, u32 *vaend) + { ++ unsigned long start, end; + int nchunks; + struct rpcrdma_write_array *ary = + (struct rpcrdma_write_array *)va; +@@ -143,9 +148,12 @@ static u32 *decode_reply_array(u32 *va, u32 *vaend) + return NULL; + } + nchunks = ntohl(ary->wc_nchunks); +- if (((unsigned long)&ary->wc_array[0] + +- (sizeof(struct rpcrdma_write_chunk) * nchunks)) > +- (unsigned long)vaend) { ++ ++ start = (unsigned long)&ary->wc_array[0]; ++ end = (unsigned long)vaend; ++ if (nchunks < 0 || ++ nchunks > (SIZE_MAX - start) / sizeof(struct rpcrdma_write_chunk) || ++ (start + (sizeof(struct rpcrdma_write_chunk) * nchunks)) > end) { + dprintk("svcrdma: ary=%p, wc_nchunks=%d, vaend=%p\n", + ary, nchunks, vaend); + return NULL; diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c index 0ce7552..d074459 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c |