diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 16 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.24-201411150026.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.23-201410312212.patch) | 1723 |
2 files changed, 1161 insertions, 578 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 5a74c96a7b..41ef488e4b 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.23 +pkgver=3.14.24 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.23-201410312212.patch + grsecurity-3.0-3.14.24-201411150026.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,24 +165,24 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -45a2b9fbe6c9075093fb015f818b4e37 patch-3.14.23.xz -0de7fd3ed253841e486817250f09dfee grsecurity-3.0-3.14.23-201410312212.patch +651a92fc1d45c02fa02358bb07e80697 patch-3.14.24.xz +384982d028a3d484345ef780c11a464f grsecurity-3.0-3.14.24-201411150026.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 870b91f0eb07294ba453ac61b052c0b6 kernelconfig.x86 38b50cd1a7670f886c5e9fe9f1f91496 kernelconfig.x86_64 3d79d27ce4aea637042bb70055c35a3d kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -451199487f3e311ff57729f9104c23eeab1db528f15f2091da74cb2fd565f56e patch-3.14.23.xz -55333d8467e557925bb0116c6ff92ba39c075374a12b7125970364389182f0a5 grsecurity-3.0-3.14.23-201410312212.patch +80013321b6891216fcff6d0746cb977bd7e8438b02ca13ff261659f3dfa76d51 patch-3.14.24.xz +36f3dfd5237966661fef9bf18bc3779c3f5e852df48889902e6be94d708b3aef grsecurity-3.0-3.14.24-201411150026.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch bf953a65ba047b5316509da5bc7a6dbcee12767e343d26e8360369d27bfdbe78 kernelconfig.x86 d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x86_64 a2dc0e30e1d1d691768543a17b51efccfc11ef17c04ac08f2b54c95f25dab75d kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -31883f947d93e8b489f75d3508efab24f3d5c94f75f6f0e66e34ad8f54de2511eb22e92b8a27bde19bba3c1a510435f3ba181157bdef726120226eba18bd825a patch-3.14.23.xz -7f17d47ffc78e23a80b84921742cfbbc9afff551ad75bfbb4e1399aba6eca6fd8c8b6262232d57cd6c7165ba2bafe80c7f6e1689e495fa3a61740930808a3d53 grsecurity-3.0-3.14.23-201410312212.patch +7f45dfd7340a41c360c7521b573adbb8569825aa078f7ef067a27f19be5c749e42965badde7cdf9c413374953e776e4cce43cd1856f9e08870793a50ba6ad0fb patch-3.14.24.xz +35f27312fc83d0c4380742bca33ad2c9d8313d87c9e2299d58f422b15af993f2221e3d2332ad13d3a3151fafb055e738cec23c9de5d0d84d218cdcad70379030 grsecurity-3.0-3.14.24-201411150026.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch dde402be39f68955f9395f807631f1457e90cda76a80e0e198695c8f946cdba02a00fe12a59a77bf5e8b40f5ecb52efbe364449f3e58d8996f27e07b719ac6a4 kernelconfig.x86 diff --git a/main/linux-grsec/grsecurity-3.0-3.14.23-201410312212.patch b/main/linux-grsec/grsecurity-3.0-3.14.24-201411150026.patch index 2b0f9bd7fc..b8fbeb3c9e 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.23-201410312212.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.24-201411150026.patch @@ -292,7 +292,7 @@ index 7116fda..2f71588 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 135a04a..79b5e32 100644 +index 8fd0610..914c673 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -4827,6 +4827,19 @@ index 6c0f684..5faea9d 100644 #define access_ok(type, addr, size) __range_ok(addr, size) #define user_addr_max get_fs +diff --git a/arch/arm64/lib/clear_user.S b/arch/arm64/lib/clear_user.S +index 6e0ed93..c17967f 100644 +--- a/arch/arm64/lib/clear_user.S ++++ b/arch/arm64/lib/clear_user.S +@@ -46,7 +46,7 @@ USER(9f, strh wzr, [x0], #2 ) + sub x1, x1, #2 + 4: adds x1, x1, #1 + b.mi 5f +- strb wzr, [x0] ++USER(9f, strb wzr, [x0] ) + 5: mov x0, #0 + ret + ENDPROC(__clear_user) diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h index c3a58a1..78fbf54 100644 --- a/arch/avr32/include/asm/cache.h @@ -12341,7 +12354,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index e409891..8ec65be 100644 +index 98aa930..d2cef74 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -22,6 +22,7 @@ config X86_64 @@ -14500,7 +14513,7 @@ index 2206757..85cbcfa 100644 err |= copy_siginfo_to_user32(&frame->info, &ksig->info); diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index 4299eb0..c0687a7 100644 +index 92a2e93..9b829fa 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -15,8 +15,10 @@ @@ -14578,7 +14591,7 @@ index 4299eb0..c0687a7 100644 movl %ebp,%ebp /* zero extension */ pushq_cfi $__USER32_DS /*CFI_REL_OFFSET ss,0*/ -@@ -135,24 +157,49 @@ ENTRY(ia32_sysenter_target) +@@ -135,23 +157,46 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ @@ -14620,20 +14633,27 @@ index 4299eb0..c0687a7 100644 1: movl (%rbp),%ebp _ASM_EXTABLE(1b,ia32_badarg) ASM_CLAC -- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) -+ + +#ifdef CONFIG_PAX_MEMORY_UDEREF + ASM_PAX_CLOSE_USERLAND +#endif + + /* + * Sysenter doesn't filter flags, so we need to clear NT + * ourselves. To save a few cycles, we can check whether +@@ -161,8 +206,9 @@ ENTRY(ia32_sysenter_target) + jnz sysenter_fix_flags + sysenter_flags_fixed: + +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -162,15 +209,18 @@ sysenter_do_call: +@@ -172,15 +218,18 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -14656,7 +14676,7 @@ index 4299eb0..c0687a7 100644 CFI_REGISTER rip,rdx RESTORE_ARGS 0,24,0,0,0,0 xorq %r8,%r8 -@@ -193,6 +243,9 @@ sysexit_from_sys_call: +@@ -205,6 +254,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -14666,7 +14686,7 @@ index 4299eb0..c0687a7 100644 movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -204,7 +257,7 @@ sysexit_from_sys_call: +@@ -216,7 +268,7 @@ sysexit_from_sys_call: .endm .macro auditsys_exit exit @@ -14675,7 +14695,7 @@ index 4299eb0..c0687a7 100644 jnz ia32_ret_from_sys_call TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -215,11 +268,12 @@ sysexit_from_sys_call: +@@ -227,11 +279,12 @@ sysexit_from_sys_call: 1: setbe %al /* 1 if error, 0 if not */ movzbl %al,%edi /* zero-extend that into %edi */ call __audit_syscall_exit @@ -14689,7 +14709,7 @@ index 4299eb0..c0687a7 100644 jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -237,7 +291,7 @@ sysexit_audit: +@@ -253,7 +306,7 @@ sysenter_fix_flags: sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -14698,7 +14718,7 @@ index 4299eb0..c0687a7 100644 jz sysenter_auditsys #endif SAVE_REST -@@ -249,6 +303,9 @@ sysenter_tracesys: +@@ -265,6 +318,9 @@ sysenter_tracesys: RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ @@ -14708,7 +14728,7 @@ index 4299eb0..c0687a7 100644 jmp sysenter_do_call CFI_ENDPROC ENDPROC(ia32_sysenter_target) -@@ -276,19 +333,25 @@ ENDPROC(ia32_sysenter_target) +@@ -292,19 +348,25 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -14736,7 +14756,7 @@ index 4299eb0..c0687a7 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -304,12 +367,25 @@ ENTRY(ia32_cstar_target) +@@ -320,12 +382,25 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -14764,7 +14784,7 @@ index 4299eb0..c0687a7 100644 CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -319,13 +395,16 @@ cstar_do_call: +@@ -335,13 +410,16 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -14784,7 +14804,7 @@ index 4299eb0..c0687a7 100644 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx movl EFLAGS-ARGOFFSET(%rsp),%r11d -@@ -352,7 +431,7 @@ sysretl_audit: +@@ -368,7 +446,7 @@ sysretl_audit: cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -14793,7 +14813,7 @@ index 4299eb0..c0687a7 100644 jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -366,11 +445,19 @@ cstar_tracesys: +@@ -382,11 +460,19 @@ cstar_tracesys: xchgl %ebp,%r9d cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ @@ -14813,7 +14833,7 @@ index 4299eb0..c0687a7 100644 movq $-EFAULT,%rax jmp ia32_sysret CFI_ENDPROC -@@ -407,19 +494,26 @@ ENTRY(ia32_syscall) +@@ -423,19 +509,26 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -14847,7 +14867,7 @@ index 4299eb0..c0687a7 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -442,6 +536,9 @@ ia32_tracesys: +@@ -458,6 +551,9 @@ ia32_tracesys: RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ @@ -16612,22 +16632,10 @@ index ced283a..ffe04cc 100644 union { u64 v64; diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 9c999c1..5718a82 100644 +index 01f15b2..5718a82 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h -@@ -155,8 +155,9 @@ do { \ - #define elf_check_arch(x) \ - ((x)->e_machine == EM_X86_64) - --#define compat_elf_check_arch(x) \ -- (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64) -+#define compat_elf_check_arch(x) \ -+ (elf_check_arch_ia32(x) || \ -+ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) - - #if __USER32_DS != __USER_DS - # error "The following code assumes __USER32_DS == __USER_DS" -@@ -243,7 +244,25 @@ extern int force_personality32; +@@ -244,7 +244,25 @@ extern int force_personality32; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -16653,7 +16661,7 @@ index 9c999c1..5718a82 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -296,16 +315,12 @@ do { \ +@@ -297,16 +315,12 @@ do { \ #define ARCH_DLINFO \ do { \ @@ -16672,7 +16680,7 @@ index 9c999c1..5718a82 100644 } while (0) #define AT_SYSINFO 32 -@@ -320,7 +335,7 @@ else \ +@@ -321,7 +335,7 @@ else \ #endif /* !CONFIG_X86_32 */ @@ -16681,7 +16689,7 @@ index 9c999c1..5718a82 100644 #define VDSO_ENTRY \ ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall)) -@@ -336,9 +351,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, +@@ -337,9 +351,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, extern int syscall32_setup_pages(struct linux_binprm *, int exstack); #define compat_arch_setup_additional_pages syscall32_setup_pages @@ -20729,7 +20737,7 @@ index df94598..f3b29bf 100644 bp_int3_handler = handler; bp_int3_addr = (u8 *)addr + sizeof(int3); diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index 7f26c9a..694544e 100644 +index 523f147..7b996e0 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -198,7 +198,7 @@ int first_system_vector = 0xfe; @@ -21105,7 +21113,7 @@ index c67ffa6..f41fbbf 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 8e28bf2..bf5c0d2 100644 +index 3f27f5f..6c575e3 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -88,60 +88,6 @@ static const struct cpu_dev default_cpu = { @@ -27163,7 +27171,7 @@ index 5cdff03..80fa283 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 9e5de68..147c254 100644 +index b88fc86..99a7057 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -27952,7 +27960,7 @@ index 57409f6..b505597 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c -index e0d1d7a..db035d4 100644 +index de02906..7353850 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data) @@ -28435,7 +28443,7 @@ index e48b674..a451dd9 100644 .read = native_io_apic_read, .write = native_io_apic_write, diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index a4b451c..8dfe1ad 100644 +index dd50e26..6e07dc3 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c @@ -164,18 +164,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame) @@ -28477,7 +28485,7 @@ index a4b451c..8dfe1ad 100644 if (use_xsave()) err = xsave_user(buf); else if (use_fxsr()) -@@ -311,6 +312,7 @@ sanitize_restored_xstate(struct task_struct *tsk, +@@ -309,6 +310,7 @@ sanitize_restored_xstate(struct task_struct *tsk, */ static inline int restore_user_xstate(void __user *buf, u64 xbv, int fx_only) { @@ -28563,7 +28571,7 @@ index cba218a..1cc1bed 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 2de1bc0..22251ee 100644 +index 9643eda6..c9cb765 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -3508,7 +3508,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) @@ -28590,7 +28598,7 @@ index 2de1bc0..22251ee 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 3927528..cd7f2ac 100644 +index 0c90f4b..9fca4d7 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -441,6 +441,7 @@ struct vcpu_vmx { @@ -28648,7 +28656,7 @@ index 3927528..cd7f2ac 100644 { u64 host_tsc, tsc_offset; -@@ -3024,8 +3033,11 @@ static __init int hardware_setup(void) +@@ -3027,8 +3036,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -28662,7 +28670,7 @@ index 3927528..cd7f2ac 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3036,13 +3048,15 @@ static __init int hardware_setup(void) +@@ -3039,13 +3051,15 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_apicv()) enable_apicv = 0; @@ -28682,7 +28690,7 @@ index 3927528..cd7f2ac 100644 if (nested) nested_vmx_setup_ctls_msrs(); -@@ -4162,10 +4176,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4165,10 +4179,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) u32 low32, high32; unsigned long tmpl; struct desc_ptr dt; @@ -28701,7 +28709,7 @@ index 3927528..cd7f2ac 100644 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -4187,7 +4208,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4190,7 +4211,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ vmx->host_idt_base = dt.address; @@ -28710,7 +28718,7 @@ index 3927528..cd7f2ac 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -7186,7 +7207,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) +@@ -7196,7 +7217,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -28719,7 +28727,7 @@ index 3927528..cd7f2ac 100644 /* Record the guest's net vcpu time for enforced NMI injections. */ if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) -@@ -7207,6 +7228,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7217,6 +7238,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); @@ -28732,7 +28740,7 @@ index 3927528..cd7f2ac 100644 /* When single-stepping over STI and MOV SS, we must clear the * corresponding interruptibility bits in the guest state. Otherwise * vmentry fails as it then expects bit 14 (BS) in pending debug -@@ -7265,6 +7292,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7275,6 +7302,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -28745,7 +28753,7 @@ index 3927528..cd7f2ac 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -7317,6 +7350,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7327,6 +7360,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -28757,7 +28765,7 @@ index 3927528..cd7f2ac 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -7330,7 +7368,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7340,7 +7378,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -28766,7 +28774,7 @@ index 3927528..cd7f2ac 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -7339,8 +7377,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7349,8 +7387,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -28788,10 +28796,10 @@ index 3927528..cd7f2ac 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 8fbd1a7..e046eef 100644 +index 51c2851..394306f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1776,8 +1776,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1806,8 +1806,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -28802,7 +28810,7 @@ index 8fbd1a7..e046eef 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2688,6 +2688,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2718,6 +2718,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -28811,7 +28819,16 @@ index 8fbd1a7..e046eef 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -5502,7 +5504,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -4911,7 +4913,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu) + + ++vcpu->stat.insn_emulation_fail; + trace_kvm_emulate_insn_failed(vcpu); +- if (!is_guest_mode(vcpu)) { ++ if (!is_guest_mode(vcpu) && kvm_x86_ops->get_cpl(vcpu) == 0) { + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; + vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION; + vcpu->run->internal.ndata = 0; +@@ -5532,7 +5534,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -33416,7 +33433,7 @@ index 461bc82..4e091a3 100644 struct split_state { diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index a348868..3c64310 100644 +index fed892d..e380153 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -262,7 +262,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, @@ -36467,7 +36484,7 @@ index dc51f46..d5446a8 100644 (u8 *) pte, count) < count) { kfree(pte); diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 2648797..92ed21f 100644 +index 4044cf7..555ae4e 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -67,7 +67,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p) @@ -38476,7 +38493,7 @@ index 0e06f0c..d98cde3 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/drivers/block/drbd/drbd_interval.c b/drivers/block/drbd/drbd_interval.c -index 89c497c..9c736ae 100644 +index 04a14e0..5b8f0aa 100644 --- a/drivers/block/drbd/drbd_interval.c +++ b/drivers/block/drbd/drbd_interval.c @@ -67,9 +67,9 @@ static void augment_rotate(struct rb_node *rb_old, struct rb_node *rb_new) @@ -39381,7 +39398,7 @@ index 8320abd..ec48108 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 429b75b..58488cc 100644 +index 8a64dbe..58488cc 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -284,9 +284,6 @@ @@ -39427,35 +39444,6 @@ index 429b75b..58488cc 100644 unsigned int add = ((pool_size - entropy_count)*anfrac*3) >> s; -@@ -1063,8 +1060,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out) - * pool while mixing, and hash one final time. - */ - sha_transform(hash.w, extract, workspace); -- memset(extract, 0, sizeof(extract)); -- memset(workspace, 0, sizeof(workspace)); -+ memzero_explicit(extract, sizeof(extract)); -+ memzero_explicit(workspace, sizeof(workspace)); - - /* - * In case the hash function has some recognizable output -@@ -1076,7 +1073,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out) - hash.w[2] ^= rol32(hash.w[2], 16); - - memcpy(out, &hash, EXTRACT_SIZE); -- memset(&hash, 0, sizeof(hash)); -+ memzero_explicit(&hash, sizeof(hash)); - } - - static ssize_t extract_entropy(struct entropy_store *r, void *buf, -@@ -1124,7 +1121,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, - } - - /* Wipe data just returned from memory */ -- memset(tmp, 0, sizeof(tmp)); -+ memzero_explicit(tmp, sizeof(tmp)); - - return ret; - } @@ -1151,7 +1148,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); @@ -39465,15 +39453,6 @@ index 429b75b..58488cc 100644 ret = -EFAULT; break; } -@@ -1162,7 +1159,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, - } - - /* Wipe data just returned from memory */ -- memset(tmp, 0, sizeof(tmp)); -+ memzero_explicit(tmp, sizeof(tmp)); - - return ret; - } @@ -1507,7 +1504,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> @@ -39705,10 +39684,10 @@ index 18448a7..d5fad43 100644 /* Force all MSRs to the same value */ diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 4159236..b850472 100644 +index 4854f81..d9178cb 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -1974,7 +1974,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) +@@ -1985,7 +1985,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) #endif mutex_lock(&cpufreq_governor_mutex); @@ -39717,7 +39696,7 @@ index 4159236..b850472 100644 mutex_unlock(&cpufreq_governor_mutex); return; } -@@ -2204,7 +2204,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -2215,7 +2215,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -39726,7 +39705,7 @@ index 4159236..b850472 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -2244,13 +2244,17 @@ int cpufreq_boost_trigger_state(int state) +@@ -2255,13 +2255,17 @@ int cpufreq_boost_trigger_state(int state) return 0; write_lock_irqsave(&cpufreq_driver_lock, flags); @@ -39746,7 +39725,7 @@ index 4159236..b850472 100644 write_unlock_irqrestore(&cpufreq_driver_lock, flags); pr_err("%s: Cannot %s BOOST\n", __func__, -@@ -2304,8 +2308,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2315,8 +2319,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -39760,7 +39739,7 @@ index 4159236..b850472 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { -@@ -2320,8 +2327,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2331,8 +2338,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) * Check if driver provides function to enable boost - * if not, use cpufreq_boost_set_sw as default */ @@ -39862,10 +39841,10 @@ index 18d4091..434be15 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index ae52c77..3d8f69b 100644 +index 533a509..4e1860b 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c -@@ -125,10 +125,10 @@ struct pstate_funcs { +@@ -138,10 +138,10 @@ struct pstate_funcs { struct cpu_defaults { struct pstate_adjust_policy pid_policy; struct pstate_funcs funcs; @@ -39878,7 +39857,7 @@ index ae52c77..3d8f69b 100644 struct perf_limits { int no_turbo; -@@ -530,7 +530,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -566,7 +566,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; @@ -39887,16 +39866,18 @@ index ae52c77..3d8f69b 100644 } static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) -@@ -552,12 +552,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) +@@ -588,13 +588,13 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) { sprintf(cpu->name, "Intel 2nd generation core"); - cpu->pstate.min_pstate = pstate_funcs.get_min(); - cpu->pstate.max_pstate = pstate_funcs.get_max(); - cpu->pstate.turbo_pstate = pstate_funcs.get_turbo(); +- cpu->pstate.scaling = pstate_funcs.get_scaling(); + cpu->pstate.min_pstate = pstate_funcs->get_min(); + cpu->pstate.max_pstate = pstate_funcs->get_max(); + cpu->pstate.turbo_pstate = pstate_funcs->get_turbo(); ++ cpu->pstate.scaling = pstate_funcs->get_scaling(); - if (pstate_funcs.get_vid) - pstate_funcs.get_vid(cpu); @@ -39905,7 +39886,7 @@ index ae52c77..3d8f69b 100644 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); } -@@ -844,9 +844,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -889,9 +889,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); @@ -39918,7 +39899,7 @@ index ae52c77..3d8f69b 100644 return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -860,7 +860,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -905,7 +905,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -39927,13 +39908,14 @@ index ae52c77..3d8f69b 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -872,11 +872,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -917,12 +917,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { - pstate_funcs.get_max = funcs->get_max; - pstate_funcs.get_min = funcs->get_min; - pstate_funcs.get_turbo = funcs->get_turbo; +- pstate_funcs.get_scaling = funcs->get_scaling; - pstate_funcs.set = funcs->set; - pstate_funcs.get_vid = funcs->get_vid; + pstate_funcs = funcs; @@ -40420,6 +40402,20 @@ index 57ea7f4..af06b76 100644 card->driver->update_phy_reg(card, 4, PHY_LINK_ACTIVE | PHY_CONTENDER, 0); +diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c +index d7d5c8a..6d44568 100644 +--- a/drivers/firewire/core-cdev.c ++++ b/drivers/firewire/core-cdev.c +@@ -1637,8 +1637,7 @@ static int dispatch_ioctl(struct client *client, + _IOC_SIZE(cmd) > sizeof(buffer)) + return -ENOTTY; + +- if (_IOC_DIR(cmd) == _IOC_READ) +- memset(&buffer, 0, _IOC_SIZE(cmd)); ++ memset(&buffer, 0, sizeof(buffer)); + + if (_IOC_DIR(cmd) & _IOC_WRITE) + if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd))) diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c index 2c6d5e1..a2cca6b 100644 --- a/drivers/firewire/core-device.c @@ -46166,6 +46162,20 @@ index 98d24ae..bc22415 100644 return 1; } +diff --git a/drivers/media/usb/ttusb-dec/ttusbdecfe.c b/drivers/media/usb/ttusb-dec/ttusbdecfe.c +index 5c45c9d..9c29552 100644 +--- a/drivers/media/usb/ttusb-dec/ttusbdecfe.c ++++ b/drivers/media/usb/ttusb-dec/ttusbdecfe.c +@@ -156,6 +156,9 @@ static int ttusbdecfe_dvbs_diseqc_send_master_cmd(struct dvb_frontend* fe, struc + 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00 }; + ++ if (cmd->msg_len > sizeof(b) - 4) ++ return -EINVAL; ++ + memcpy(&b[4], cmd->msg, cmd->msg_len); + + state->config->send_command(fe, 0x72, diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index fca336b..fb70ab7 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -47763,9 +47773,18 @@ index fbf7dcd..ad71499 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 0c6adaa..0784e3f 100644 +index f30ceb1..81c589c 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c +@@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev) + dev->tx_queue_len = TUN_READQ_SIZE; + } + +-static struct rtnl_link_ops macvtap_link_ops __read_mostly = { ++static struct rtnl_link_ops macvtap_link_ops = { + .kind = "macvtap", + .setup = macvtap_setup, + .newlink = macvtap_newlink, @@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } @@ -47785,18 +47804,9 @@ index 0c6adaa..0784e3f 100644 }; diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 72ff14b..e860630 100644 +index 5a1897d..e860630 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c -@@ -601,7 +601,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - if (file == ppp->owner) - ppp_shutdown_interface(ppp); - } -- if (atomic_long_read(&file->f_count) <= 2) { -+ if (atomic_long_read(&file->f_count) < 2) { - ppp_release(NULL, file); - err = 0; - } else @@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; struct ppp_stats stats; @@ -47842,10 +47852,10 @@ index 979fe43..1f1230c 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 26f8635..c237839 100644 +index 2c8b1c2..9942a89 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1876,7 +1876,7 @@ unlock: +@@ -1883,7 +1883,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -47854,7 +47864,7 @@ index 26f8635..c237839 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1889,6 +1889,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1896,6 +1896,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, unsigned int ifindex; int ret; @@ -47991,7 +48001,7 @@ index a2515887..6d13233 100644 /* we will have to manufacture ethernet headers, prepare template */ diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c -index 841b608..198a8b7 100644 +index 07a3255..4c59b30 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -47,7 +47,7 @@ module_param(gso, bool, 0444); @@ -48004,59 +48014,10 @@ index 841b608..198a8b7 100644 #define VIRTNET_DRIVER_VERSION "1.0.0" diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 9b40532..e3294ac 100644 +index 0704a04..4208d2d 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c -@@ -1447,9 +1447,6 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb) - if (!in6_dev) - goto out; - -- if (!pskb_may_pull(skb, skb->len)) -- goto out; -- - iphdr = ipv6_hdr(skb); - saddr = &iphdr->saddr; - daddr = &iphdr->daddr; -@@ -1770,6 +1767,8 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, - struct pcpu_sw_netstats *tx_stats, *rx_stats; - union vxlan_addr loopback; - union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip; -+ struct net_device *dev = skb->dev; -+ int len = skb->len; - - tx_stats = this_cpu_ptr(src_vxlan->dev->tstats); - rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats); -@@ -1793,16 +1792,16 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, - - u64_stats_update_begin(&tx_stats->syncp); - tx_stats->tx_packets++; -- tx_stats->tx_bytes += skb->len; -+ tx_stats->tx_bytes += len; - u64_stats_update_end(&tx_stats->syncp); - - if (netif_rx(skb) == NET_RX_SUCCESS) { - u64_stats_update_begin(&rx_stats->syncp); - rx_stats->rx_packets++; -- rx_stats->rx_bytes += skb->len; -+ rx_stats->rx_bytes += len; - u64_stats_update_end(&rx_stats->syncp); - } else { -- skb->dev->stats.rx_dropped++; -+ dev->stats.rx_dropped++; - } - } - -@@ -1977,7 +1976,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) - return arp_reduce(dev, skb); - #if IS_ENABLED(CONFIG_IPV6) - else if (ntohs(eth->h_proto) == ETH_P_IPV6 && -- skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) && -+ pskb_may_pull(skb, sizeof(struct ipv6hdr) -+ + sizeof(struct nd_msg)) && - ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { - struct nd_msg *msg; - -@@ -2846,7 +2846,7 @@ nla_put_failure: +@@ -2847,7 +2847,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -48065,7 +48026,7 @@ index 9b40532..e3294ac 100644 .kind = "vxlan", .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, -@@ -2893,7 +2893,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, +@@ -2894,7 +2894,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -49297,7 +49258,7 @@ index fb02fc2..83dc2c3 100644 kfree(msi_dev_attr); ++count; diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 39a207a..d1ec78a 100644 +index a943c6c..ad1a3cc 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -1112,7 +1112,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) @@ -51402,6 +51363,58 @@ index 236ed66..dd9cd74 100644 ret = -EBUSY; goto err_busy; } +diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c +index 7a6d85e..4c55a18 100644 +--- a/drivers/staging/line6/driver.c ++++ b/drivers/staging/line6/driver.c +@@ -458,7 +458,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data, + { + struct usb_device *usbdev = line6->usbdev; + int ret; +- unsigned char len; ++ unsigned char *plen; + + /* query the serial number: */ + ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67, +@@ -471,27 +471,34 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data, + return ret; + } + ++ plen = kmalloc(1, GFP_KERNEL); ++ if (plen == NULL) ++ return -ENOMEM; ++ + /* Wait for data length. We'll get 0xff until length arrives. */ + do { + ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | + USB_DIR_IN, +- 0x0012, 0x0000, &len, 1, ++ 0x0012, 0x0000, plen, 1, + LINE6_TIMEOUT * HZ); + if (ret < 0) { + dev_err(line6->ifcdev, + "receive length failed (error %d)\n", ret); ++ kfree(plen); + return ret; + } +- } while (len == 0xff); ++ } while (*plen == 0xff); + +- if (len != datalen) { ++ if (*plen != datalen) { + /* should be equal or something went wrong */ + dev_err(line6->ifcdev, + "length mismatch (expected %d, got %d)\n", +- (int)datalen, (int)len); ++ (int)datalen, (int)*plen); ++ kfree(plen); + return -EINVAL; + } ++ kfree(plen); + + /* receive the result: */ + ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c index 3f8020c..649fded 100644 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c @@ -51903,10 +51916,10 @@ index 24884ca..26c8220 100644 login->tgt_agt = sbp_target_agent_register(login); if (IS_ERR(login->tgt_agt)) { diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 6ea95d2..88607b4 100644 +index 38b4be2..c68af1c 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c -@@ -1525,7 +1525,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) +@@ -1526,7 +1526,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); sema_init(&dev->caw_sem, 1); @@ -51916,7 +51929,7 @@ index 6ea95d2..88607b4 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 24f5279..046edc5 100644 +index 9232c773..e42a77a 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1154,7 +1154,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) @@ -52679,7 +52692,7 @@ index 9cd706d..6ff2de7 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 25b8f68..3e23c14 100644 +index 27b5554..8131d9d 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1451,7 +1451,7 @@ static void uart_hangup(struct tty_struct *tty) @@ -53121,10 +53134,10 @@ index ce396ec..04a37be 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index d3448a9..28e8db0 100644 +index 25d0741..36e7237 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3475,7 +3475,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3480,7 +3480,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -53559,7 +53572,7 @@ index 9ca7716..a2ccc2e 100644 dev->rawdescriptors[i] + (*ppos - pos), min(len, alloclen))) { diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index 2518c32..1c201bb 100644 +index ef6ec13b..5c6e68e 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) @@ -53581,7 +53594,7 @@ index 2518c32..1c201bb 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 445d62a..e0657a3 100644 +index d2bd9d7..1ddb53a 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -53592,7 +53605,7 @@ index 445d62a..e0657a3 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4551,6 +4552,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4554,6 +4555,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -53660,19 +53673,6 @@ index 4d11449..f4ccabf 100644 INIT_LIST_HEAD(&dev->ep0.urb_list); dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; -diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c -index 09e9619..d266724 100644 ---- a/drivers/usb/dwc3/gadget.c -+++ b/drivers/usb/dwc3/gadget.c -@@ -532,8 +532,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, - if (!usb_endpoint_xfer_isoc(desc)) - return 0; - -- memset(&trb_link, 0, sizeof(trb_link)); -- - /* Link TRB for ISOC. The HWO bit is never reset */ - trb_st_hw = &dep->trb_pool[0]; - diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c index 8cfc319..4868255 100644 --- a/drivers/usb/early/ehci-dbgp.c @@ -58911,22 +58911,10 @@ index ff286f3..8153a14 100644 .attrs = attrs, }; diff --git a/fs/buffer.c b/fs/buffer.c -index 71e2d0e..7e40912 100644 +index 4d06a57..5977df8 100644 --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -2313,6 +2313,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping, - err = 0; - - balance_dirty_pages_ratelimited(mapping); -+ -+ if (unlikely(fatal_signal_pending(current))) { -+ err = -EINTR; -+ goto out; -+ } - } - - /* page covers the boundary, find the boundary offset */ -@@ -3430,7 +3435,7 @@ void __init buffer_init(void) +@@ -3438,7 +3438,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -59966,7 +59954,7 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index 58d57da..a3f889f 100644 +index 4366127..581b312 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -250,7 +250,7 @@ static void __d_free(struct rcu_head *head) @@ -60119,7 +60107,7 @@ index 58d57da..a3f889f 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -3313,7 +3314,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3318,7 +3319,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -60128,7 +60116,7 @@ index 58d57da..a3f889f 100644 } } return D_WALK_CONTINUE; -@@ -3429,7 +3430,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3434,7 +3435,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -61085,7 +61073,7 @@ index 6ea7b14..8fa16d9 100644 if (free_clusters >= (nclusters + dirty_clusters + resv_clusters)) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 62f024c..a6a1a61 100644 +index 2a6830a..d25d59c 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1269,19 +1269,19 @@ struct ext4_sb_info { @@ -61251,10 +61239,10 @@ index 242226a..f3eb6c1 100644 return 0; diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c -index 04434ad..6404663 100644 +index 1268a1b..adf949f 100644 --- a/fs/ext4/mmp.c +++ b/fs/ext4/mmp.c -@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, +@@ -111,7 +111,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp, const char *function, unsigned int line, const char *msg) { @@ -61264,10 +61252,10 @@ index 04434ad..6404663 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index a46030d..1477295 100644 +index 9fb3e6c..9a82508 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c -@@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data) +@@ -1268,7 +1268,7 @@ static ext4_fsblk_t get_sb_block(void **data) } #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3)) @@ -61276,7 +61264,7 @@ index a46030d..1477295 100644 "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; #ifdef CONFIG_QUOTA -@@ -2448,7 +2448,7 @@ struct ext4_attr { +@@ -2442,7 +2442,7 @@ struct ext4_attr { int offset; int deprecated_val; } u; @@ -61286,10 +61274,10 @@ index a46030d..1477295 100644 static int parse_strtoull(const char *buf, unsigned long long max, unsigned long long *value) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c -index 55e611c..cfad16d 100644 +index 8825154..af51586 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c -@@ -381,7 +381,7 @@ static int +@@ -394,7 +394,7 @@ static int ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry, char *buffer, size_t buffer_size) { @@ -61298,7 +61286,7 @@ index 55e611c..cfad16d 100644 for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) { const struct xattr_handler *handler = -@@ -398,9 +398,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry, +@@ -411,9 +411,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry, buffer += size; } rest -= size; @@ -63063,7 +63051,7 @@ index 4a6cf28..d3a29d3 100644 jffs2_prealloc_raw_node_refs(c, jeb, 1); diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c -index a6597d6..41b30ec 100644 +index 09ed551..45684f8 100644 --- a/fs/jffs2/wbuf.c +++ b/fs/jffs2/wbuf.c @@ -1023,7 +1023,8 @@ static const struct jffs2_unknown_node oob_cleanmarker = @@ -63283,7 +63271,7 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index dd2f2c5..27e6c48 100644 +index 0dd72c8..34dd17d 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -331,17 +331,34 @@ int generic_permission(struct inode *inode, int mask) @@ -63626,7 +63614,7 @@ index dd2f2c5..27e6c48 100644 error = -EISDIR; if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) goto out; -@@ -3180,7 +3285,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3181,7 +3286,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -63635,7 +63623,7 @@ index dd2f2c5..27e6c48 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3198,7 +3303,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3199,7 +3304,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -63644,7 +63632,7 @@ index dd2f2c5..27e6c48 100644 put_link(nd, &link, cookie); } out: -@@ -3298,9 +3403,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3299,9 +3404,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -63658,7 +63646,7 @@ index dd2f2c5..27e6c48 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3352,6 +3459,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3353,6 +3460,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -63679,7 +63667,7 @@ index dd2f2c5..27e6c48 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3414,6 +3535,17 @@ retry: +@@ -3415,6 +3536,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -63697,7 +63685,7 @@ index dd2f2c5..27e6c48 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3430,6 +3562,8 @@ retry: +@@ -3431,6 +3563,8 @@ retry: break; } out: @@ -63706,7 +63694,7 @@ index dd2f2c5..27e6c48 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3482,9 +3616,16 @@ retry: +@@ -3483,9 +3617,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -63723,7 +63711,7 @@ index dd2f2c5..27e6c48 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3565,6 +3706,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3566,6 +3707,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -63732,7 +63720,7 @@ index dd2f2c5..27e6c48 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3597,10 +3740,21 @@ retry: +@@ -3598,10 +3741,21 @@ retry: error = -ENOENT; goto exit3; } @@ -63754,7 +63742,7 @@ index dd2f2c5..27e6c48 100644 exit3: dput(dentry); exit2: -@@ -3690,6 +3844,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3691,6 +3845,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -63763,7 +63751,7 @@ index dd2f2c5..27e6c48 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3716,10 +3872,22 @@ retry_deleg: +@@ -3717,10 +3873,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -63786,7 +63774,7 @@ index dd2f2c5..27e6c48 100644 exit2: dput(dentry); } -@@ -3807,9 +3975,17 @@ retry: +@@ -3808,9 +3976,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -63804,7 +63792,7 @@ index dd2f2c5..27e6c48 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3912,6 +4088,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3913,6 +4089,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -63812,7 +63800,7 @@ index dd2f2c5..27e6c48 100644 int how = 0; int error; -@@ -3935,7 +4112,7 @@ retry: +@@ -3936,7 +4113,7 @@ retry: if (error) return error; @@ -63821,7 +63809,7 @@ index dd2f2c5..27e6c48 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3947,11 +4124,28 @@ retry: +@@ -3948,11 +4125,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -63850,7 +63838,7 @@ index dd2f2c5..27e6c48 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4238,6 +4432,12 @@ retry_deleg: +@@ -4239,6 +4433,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -63863,7 +63851,7 @@ index dd2f2c5..27e6c48 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4245,6 +4445,9 @@ retry_deleg: +@@ -4246,6 +4446,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -63873,7 +63861,7 @@ index dd2f2c5..27e6c48 100644 exit5: dput(new_dentry); exit4: -@@ -4281,6 +4484,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4282,6 +4485,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -63882,7 +63870,7 @@ index dd2f2c5..27e6c48 100644 int len; len = PTR_ERR(link); -@@ -4290,7 +4495,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4291,7 +4496,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -63899,7 +63887,7 @@ index dd2f2c5..27e6c48 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index c7d4a0a..93207ab 100644 +index d9bf3ef..93207ab 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1371,6 +1371,9 @@ static int do_umount(struct mount *mnt, int flags) @@ -64017,17 +64005,7 @@ index c7d4a0a..93207ab 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -2831,6 +2855,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, - /* make sure we can reach put_old from new_root */ - if (!is_path_reachable(old_mnt, old.dentry, &new)) - goto out4; -+ /* make certain new is below the root */ -+ if (!is_path_reachable(new_mnt, new.dentry, &root)) -+ goto out4; - root_mp->m_count++; /* pin it so it won't go away */ - lock_mount_hash(); - detach_mnt(new_mnt, &parent_path); -@@ -3062,7 +3089,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -3065,7 +3089,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -64074,7 +64052,7 @@ index 15f9d98..082c625 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index f23a6ca..730ddcc 100644 +index 86f5d3e..ae2d35a 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1169,7 +1169,7 @@ struct nfsd4_operation { @@ -67191,19 +67169,6 @@ index ae0c3ce..9ee641c 100644 generic_fillattr(inode, stat); return 0; -diff --git a/fs/super.c b/fs/super.c -index 7624267..88a6bc6 100644 ---- a/fs/super.c -+++ b/fs/super.c -@@ -81,6 +81,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink, - inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid); - dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid); - total_objects = dentries + inodes + fs_objects + 1; -+ if (!total_objects) -+ total_objects = 1; - - /* proportion the scan between the caches */ - dentries = mult_frac(sc->nr_to_scan, dentries, total_objects); diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index ee0d761..b346c58 100644 --- a/fs/sysfs/dir.c @@ -67605,6 +67570,28 @@ index 78e62cc..eec3706 100644 copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32))) goto out_put; +diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h +index f9bb590..af3c389 100644 +--- a/fs/xfs/xfs_linux.h ++++ b/fs/xfs/xfs_linux.h +@@ -229,7 +229,7 @@ static inline kgid_t xfs_gid_to_kgid(__uint32_t gid) + * of the compiler which do not like us using do_div in the middle + * of large functions. + */ +-static inline __u32 xfs_do_div(void *a, __u32 b, int n) ++static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n) + { + __u32 mod; + +@@ -285,7 +285,7 @@ static inline __u32 xfs_do_mod(void *a, __u32 b, int n) + return 0; + } + #else +-static inline __u32 xfs_do_div(void *a, __u32 b, int n) ++static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n) + { + __u32 mod; + diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 index 0000000..cdaa3ef @@ -79556,10 +79543,10 @@ index be5fd38..d71192a 100644 if (sizeof(l) == 4) return fls(l); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 4afa4f8..1ed7824 100644 +index a693c6d..cec897f 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1572,7 +1572,7 @@ struct block_device_operations { +@@ -1571,7 +1571,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -82551,7 +82538,7 @@ index 5bba088..7ad4ae7 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) diff --git a/include/linux/mm.h b/include/linux/mm.h -index c1b7414..5ea2ad8 100644 +index 0a0b024..ebee54f 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp); @@ -82596,7 +82583,7 @@ index c1b7414..5ea2ad8 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1152,9 +1158,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1153,9 +1159,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -82609,7 +82596,7 @@ index c1b7414..5ea2ad8 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1186,34 +1192,6 @@ int set_page_dirty(struct page *page); +@@ -1187,34 +1193,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -82644,7 +82631,7 @@ index c1b7414..5ea2ad8 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1313,6 +1291,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1314,6 +1292,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -82660,7 +82647,7 @@ index c1b7414..5ea2ad8 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1331,8 +1318,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1332,8 +1319,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -82676,7 +82663,7 @@ index c1b7414..5ea2ad8 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1341,8 +1335,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1342,8 +1336,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -82692,7 +82679,7 @@ index c1b7414..5ea2ad8 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1360,11 +1361,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1361,11 +1362,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -82716,7 +82703,7 @@ index c1b7414..5ea2ad8 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTE_PTLOCKS -@@ -1754,7 +1767,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1755,7 +1768,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -82725,7 +82712,7 @@ index c1b7414..5ea2ad8 100644 extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); -@@ -1762,6 +1775,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1763,6 +1776,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -82733,7 +82720,7 @@ index c1b7414..5ea2ad8 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1790,10 +1804,11 @@ struct vm_unmapped_area_info { +@@ -1791,10 +1805,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; @@ -82747,7 +82734,7 @@ index c1b7414..5ea2ad8 100644 /* * Search for an unmapped address range. -@@ -1805,7 +1820,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); +@@ -1806,7 +1821,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) */ static inline unsigned long @@ -82756,7 +82743,7 @@ index c1b7414..5ea2ad8 100644 { if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) return unmapped_area(info); -@@ -1868,6 +1883,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1869,6 +1884,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -82767,7 +82754,7 @@ index c1b7414..5ea2ad8 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1896,15 +1915,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1897,15 +1916,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -82783,7 +82770,7 @@ index c1b7414..5ea2ad8 100644 #ifdef CONFIG_NUMA_BALANCING unsigned long change_prot_numa(struct vm_area_struct *vma, unsigned long start, unsigned long end); -@@ -1956,6 +1966,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1957,6 +1967,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -82795,7 +82782,7 @@ index c1b7414..5ea2ad8 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -2037,7 +2052,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -2038,7 +2053,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -82804,7 +82791,7 @@ index c1b7414..5ea2ad8 100644 extern int soft_offline_page(struct page *page, int flags); #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS) -@@ -2072,5 +2087,11 @@ void __init setup_nr_node_ids(void); +@@ -2073,5 +2088,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -84633,29 +84620,6 @@ index 680f9a3..f13aeb0 100644 __SONET_ITEMS #undef __HANDLE_ITEM }; -diff --git a/include/linux/string.h b/include/linux/string.h -index ac889c5..0ed878d 100644 ---- a/include/linux/string.h -+++ b/include/linux/string.h -@@ -129,7 +129,7 @@ int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4); - #endif - - extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos, -- const void *from, size_t available); -+ const void *from, size_t available); - - /** - * strstarts - does @str start with @prefix? -@@ -141,7 +141,8 @@ static inline bool strstarts(const char *str, const char *prefix) - return strncmp(str, prefix, strlen(prefix)) == 0; - } - --extern size_t memweight(const void *ptr, size_t bytes); -+size_t memweight(const void *ptr, size_t bytes); -+void memzero_explicit(void *s, size_t count); - - /** - * kbasename - return the last part of a pathname. diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h index 07d8e53..dc934c9 100644 --- a/include/linux/sunrpc/addr.h @@ -85993,8 +85957,24 @@ index 4a5b9a3..ca27d73 100644 .update = sctp_csum_update, .combine = sctp_csum_combine, }; +diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h +index a3353f4..ba41e01 100644 +--- a/include/net/sctp/sctp.h ++++ b/include/net/sctp/sctp.h +@@ -433,6 +433,11 @@ static inline void sctp_assoc_pending_pmtu(struct sock *sk, struct sctp_associat + asoc->pmtu_pending = 0; + } + ++static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk) ++{ ++ return !list_empty(&chunk->list); ++} ++ + /* Walk through a list of TLV parameters. Don't trust the + * individual parameter lengths and instead depend on + * the chunk length to indicate when to stop. Make sure diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h -index 7f4eeb3..37e8fe1 100644 +index 7f4eeb3..aaa63d9 100644 --- a/include/net/sctp/sm.h +++ b/include/net/sctp/sm.h @@ -80,7 +80,7 @@ typedef void (sctp_timer_event_t) (unsigned long); @@ -86006,6 +85986,19 @@ index 7f4eeb3..37e8fe1 100644 /* A naming convention of "sctp_sf_xxx" applies to all the state functions * currently in use. +@@ -248,9 +248,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *, + int, __be16); + struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, + union sctp_addr *addr); +-int sctp_verify_asconf(const struct sctp_association *asoc, +- struct sctp_paramhdr *param_hdr, void *chunk_end, +- struct sctp_paramhdr **errp); ++bool sctp_verify_asconf(const struct sctp_association *asoc, ++ struct sctp_chunk *chunk, bool addr_param_needed, ++ struct sctp_paramhdr **errp); + struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + struct sctp_chunk *asconf); + int sctp_process_asconf_ack(struct sctp_association *asoc, @@ -292,7 +292,7 @@ __u32 sctp_generate_tag(const struct sctp_endpoint *); __u32 sctp_generate_tsn(const struct sctp_endpoint *); @@ -89670,7 +89663,7 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index 6716a1f..acc7443 100644 +index 1d679a6..acc7443 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -89865,17 +89858,7 @@ index 6716a1f..acc7443 100644 set_memory_ro); } } -@@ -1841,7 +1860,9 @@ static void free_module(struct module *mod) - - /* We leave it in list to prevent duplicate loads, but make sure - * that noone uses it while it's being deconstructed. */ -+ mutex_lock(&module_mutex); - mod->state = MODULE_STATE_UNFORMED; -+ mutex_unlock(&module_mutex); - - /* Remove dynamic debug info */ - ddebug_remove_module(mod->name); -@@ -1862,16 +1883,19 @@ static void free_module(struct module *mod) +@@ -1864,16 +1883,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -89898,7 +89881,7 @@ index 6716a1f..acc7443 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1940,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1942,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -89930,7 +89913,7 @@ index 6716a1f..acc7443 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1963,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1965,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -89940,7 +89923,7 @@ index 6716a1f..acc7443 100644 break; } -@@ -1982,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1984,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -89961,7 +89944,7 @@ index 6716a1f..acc7443 100644 return ret; } -@@ -2070,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2072,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -89988,7 +89971,7 @@ index 6716a1f..acc7443 100644 } pr_debug("Init section allocation order:\n"); -@@ -2099,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2101,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -90017,7 +90000,7 @@ index 6716a1f..acc7443 100644 } } -@@ -2288,7 +2325,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2290,7 +2325,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -90026,7 +90009,7 @@ index 6716a1f..acc7443 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2305,13 +2342,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2307,13 +2342,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -90044,7 +90027,7 @@ index 6716a1f..acc7443 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2329,12 +2366,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2331,12 +2366,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -90061,7 +90044,7 @@ index 6716a1f..acc7443 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2346,6 +2385,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2348,6 +2385,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -90070,7 +90053,7 @@ index 6716a1f..acc7443 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2379,17 +2420,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2381,17 +2420,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -90109,7 +90092,7 @@ index 6716a1f..acc7443 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2646,7 +2703,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2648,7 +2703,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) mod = (void *)info->sechdrs[info->index.mod].sh_addr; if (info->index.sym == 0) { @@ -90125,7 +90108,7 @@ index 6716a1f..acc7443 100644 return ERR_PTR(-ENOEXEC); } -@@ -2662,8 +2727,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2664,8 +2727,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -90140,7 +90123,7 @@ index 6716a1f..acc7443 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2688,7 +2759,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2690,7 +2759,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -90149,7 +90132,7 @@ index 6716a1f..acc7443 100644 return 0; } -@@ -2782,7 +2853,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2784,7 +2853,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -90158,7 +90141,7 @@ index 6716a1f..acc7443 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2792,11 +2863,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2794,11 +2863,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -90174,7 +90157,7 @@ index 6716a1f..acc7443 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2805,13 +2876,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2807,13 +2876,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -90224,7 +90207,7 @@ index 6716a1f..acc7443 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2822,16 +2925,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2824,16 +2925,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -90277,7 +90260,7 @@ index 6716a1f..acc7443 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2888,12 +3020,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2890,12 +3020,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -90296,7 +90279,7 @@ index 6716a1f..acc7443 100644 set_fs(old_fs); } -@@ -2950,8 +3082,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) +@@ -2952,8 +3082,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -90309,7 +90292,7 @@ index 6716a1f..acc7443 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2964,7 +3098,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2966,7 +3098,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -90319,7 +90302,7 @@ index 6716a1f..acc7443 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3018,16 +3154,16 @@ static int do_init_module(struct module *mod) +@@ -3020,16 +3154,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -90344,7 +90327,7 @@ index 6716a1f..acc7443 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3088,11 +3224,12 @@ static int do_init_module(struct module *mod) +@@ -3090,11 +3224,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -90362,7 +90345,7 @@ index 6716a1f..acc7443 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3235,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3237,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -90401,7 +90384,7 @@ index 6716a1f..acc7443 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3253,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3255,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -90415,7 +90398,7 @@ index 6716a1f..acc7443 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ -@@ -3297,11 +3456,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3299,11 +3456,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -90428,7 +90411,7 @@ index 6716a1f..acc7443 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3384,10 +3542,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3386,10 +3542,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -90448,7 +90431,7 @@ index 6716a1f..acc7443 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3638,7 +3802,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3640,7 +3802,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -90457,7 +90440,7 @@ index 6716a1f..acc7443 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3647,7 +3811,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3649,7 +3811,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -90466,7 +90449,7 @@ index 6716a1f..acc7443 100644 /* Taints info */ if (mod->taints) -@@ -3683,7 +3847,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3685,7 +3847,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -90484,7 +90467,7 @@ index 6716a1f..acc7443 100644 return 0; } module_init(proc_modules_init); -@@ -3744,14 +3918,14 @@ struct module *__module_address(unsigned long addr) +@@ -3746,14 +3918,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -90502,7 +90485,7 @@ index 6716a1f..acc7443 100644 return mod; } return NULL; -@@ -3786,11 +3960,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3788,11 +3960,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -90727,7 +90710,7 @@ index 3b89464..5e38379 100644 .clock_get = thread_cpu_clock_get, .timer_create = thread_cpu_timer_create, diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c -index 424c2d4..679242f 100644 +index 77e6b83..fc021bd 100644 --- a/kernel/posix-timers.c +++ b/kernel/posix-timers.c @@ -43,6 +43,7 @@ @@ -90828,7 +90811,7 @@ index 424c2d4..679242f 100644 int it_id_set = IT_ID_NOT_SET; if (!kc) -@@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, +@@ -1012,6 +1013,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; @@ -90856,7 +90839,7 @@ index 2fac9cc..56fef29 100644 select LZO_COMPRESS select LZO_DECOMPRESS diff --git a/kernel/power/process.c b/kernel/power/process.c -index 14f9a8d..98ee610 100644 +index f1fe7ec..7d4e641 100644 --- a/kernel/power/process.c +++ b/kernel/power/process.c @@ -34,6 +34,7 @@ static int try_to_freeze_tasks(bool user_only) @@ -91904,7 +91887,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 677ebad..e39b352 100644 +index 9a3f3c4..943fa11 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -91916,7 +91899,7 @@ index 677ebad..e39b352 100644 int err; int state = numabalancing_enabled; -@@ -2251,8 +2251,10 @@ context_switch(struct rq *rq, struct task_struct *prev, +@@ -2255,8 +2255,10 @@ context_switch(struct rq *rq, struct task_struct *prev, next->active_mm = oldmm; atomic_inc(&oldmm->mm_count); enter_lazy_tlb(oldmm, next); @@ -91928,7 +91911,7 @@ index 677ebad..e39b352 100644 if (!prev->mm) { prev->active_mm = NULL; -@@ -3049,6 +3051,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3053,6 +3055,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -91937,7 +91920,7 @@ index 677ebad..e39b352 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3082,7 +3086,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3086,7 +3090,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -91947,7 +91930,7 @@ index 677ebad..e39b352 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3355,6 +3360,7 @@ recheck: +@@ -3359,6 +3364,7 @@ recheck: if (policy != p->policy && !rlim_rtprio) return -EPERM; @@ -91955,7 +91938,7 @@ index 677ebad..e39b352 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4727,8 +4733,10 @@ void idle_task_exit(void) +@@ -4732,8 +4738,10 @@ void idle_task_exit(void) BUG_ON(cpu_online(smp_processor_id())); @@ -91967,7 +91950,7 @@ index 677ebad..e39b352 100644 mmdrop(mm); } -@@ -4806,7 +4814,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4811,7 +4819,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -91976,7 +91959,7 @@ index 677ebad..e39b352 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4823,17 +4831,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4828,17 +4836,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -91998,7 +91981,7 @@ index 677ebad..e39b352 100644 /* * In the intermediate directories, both the child directory and -@@ -4841,22 +4849,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4846,22 +4854,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -92030,7 +92013,7 @@ index 677ebad..e39b352 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4876,7 +4887,7 @@ set_table_entry(struct ctl_table *entry, +@@ -4881,7 +4892,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -92039,7 +92022,7 @@ index 677ebad..e39b352 100644 if (table == NULL) return NULL; -@@ -4911,9 +4922,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -4916,9 +4927,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -92051,7 +92034,7 @@ index 677ebad..e39b352 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -4940,11 +4951,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -4945,11 +4956,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -92066,7 +92049,7 @@ index 677ebad..e39b352 100644 if (entry == NULL) return; -@@ -4967,8 +4980,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -4972,8 +4985,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -93492,6 +93475,46 @@ index e6be585..d73ae5e 100644 return; local_irq_save(flags); +diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c +index 7e3cd7a..5156a5fe 100644 +--- a/kernel/trace/trace_syscalls.c ++++ b/kernel/trace/trace_syscalls.c +@@ -602,6 +602,8 @@ static int perf_sysenter_enable(struct ftrace_event_call *call) + int num; + + num = ((struct syscall_metadata *)call->data)->syscall_nr; ++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls)) ++ return -EINVAL; + + mutex_lock(&syscall_trace_lock); + if (!sys_perf_refcount_enter) +@@ -622,6 +624,8 @@ static void perf_sysenter_disable(struct ftrace_event_call *call) + int num; + + num = ((struct syscall_metadata *)call->data)->syscall_nr; ++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls)) ++ return; + + mutex_lock(&syscall_trace_lock); + sys_perf_refcount_enter--; +@@ -674,6 +678,8 @@ static int perf_sysexit_enable(struct ftrace_event_call *call) + int num; + + num = ((struct syscall_metadata *)call->data)->syscall_nr; ++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls)) ++ return -EINVAL; + + mutex_lock(&syscall_trace_lock); + if (!sys_perf_refcount_exit) +@@ -694,6 +700,8 @@ static void perf_sysexit_disable(struct ftrace_event_call *call) + int num; + + num = ((struct syscall_metadata *)call->data)->syscall_nr; ++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls)) ++ return; + + mutex_lock(&syscall_trace_lock); + sys_perf_refcount_exit--; diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 80a57af..7f5a7ff 100644 --- a/kernel/user_namespace.c @@ -93673,32 +93696,10 @@ index 114d1be..ab0350c 100644 (val << avg->factor)) >> avg->weight : (val << avg->factor); diff --git a/lib/bitmap.c b/lib/bitmap.c -index 06f7e4f..9078e42 100644 +index e5c4ebe..9078e42 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c -@@ -131,7 +131,9 @@ void __bitmap_shift_right(unsigned long *dst, - lower = src[off + k]; - if (left && off + k == lim - 1) - lower &= mask; -- dst[k] = upper << (BITS_PER_LONG - rem) | lower >> rem; -+ dst[k] = lower >> rem; -+ if (rem) -+ dst[k] |= upper << (BITS_PER_LONG - rem); - if (left && k == lim - 1) - dst[k] &= mask; - } -@@ -172,7 +174,9 @@ void __bitmap_shift_left(unsigned long *dst, - upper = src[k]; - if (left && k == lim - 1) - upper &= (1UL << left) - 1; -- dst[k + off] = lower >> (BITS_PER_LONG - rem) | upper << rem; -+ dst[k + off] = upper << rem; -+ if (rem) -+ dst[k + off] |= lower >> (BITS_PER_LONG - rem); - if (left && k + off == lim - 1) - dst[k + off] &= (1UL << left) - 1; - } -@@ -422,7 +426,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, +@@ -426,7 +426,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, { int c, old_c, totaldigits, ndigits, nchunks, nbits; u32 chunk; @@ -93707,7 +93708,7 @@ index 06f7e4f..9078e42 100644 bitmap_zero(maskp, nmaskbits); -@@ -507,7 +511,7 @@ int bitmap_parse_user(const char __user *ubuf, +@@ -511,7 +511,7 @@ int bitmap_parse_user(const char __user *ubuf, { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; @@ -93716,7 +93717,7 @@ index 06f7e4f..9078e42 100644 ulen, 1, maskp, nmaskbits); } -@@ -598,7 +602,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, +@@ -602,7 +602,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, { unsigned a, b; int c, old_c, totaldigits; @@ -93725,7 +93726,7 @@ index 06f7e4f..9078e42 100644 int exp_digit, in_range; totaldigits = c = 0; -@@ -698,7 +702,7 @@ int bitmap_parselist_user(const char __user *ubuf, +@@ -702,7 +702,7 @@ int bitmap_parselist_user(const char __user *ubuf, { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; @@ -94306,33 +94307,10 @@ index 0922579..9d7adb9 100644 #endif } diff --git a/lib/string.c b/lib/string.c -index e5878de..64941b2 100644 +index 43d0781..64941b2 100644 --- a/lib/string.c +++ b/lib/string.c -@@ -586,6 +586,22 @@ void *memset(void *s, int c, size_t count) - EXPORT_SYMBOL(memset); - #endif - -+/** -+ * memzero_explicit - Fill a region of memory (e.g. sensitive -+ * keying data) with 0s. -+ * @s: Pointer to the start of the area. -+ * @count: The size of the area. -+ * -+ * memzero_explicit() doesn't need an arch-specific version as -+ * it just invokes the one of memset() implicitly. -+ */ -+void memzero_explicit(void *s, size_t count) -+{ -+ memset(s, 0, count); -+ OPTIMIZER_HIDE_VAR(s); -+} -+EXPORT_SYMBOL(memzero_explicit); -+ - #ifndef __HAVE_ARCH_MEMCPY - /** - * memcpy - Copy one area of memory to another -@@ -789,9 +805,9 @@ void *memchr_inv(const void *start, int c, size_t bytes) +@@ -805,9 +805,9 @@ void *memchr_inv(const void *start, int c, size_t bytes) return check_bytes8(start, value, bytes); value64 = value; @@ -97641,7 +97619,7 @@ index 9f45f87..749bfd8 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index ff0f6b1..8a67124 100644 +index 7b2611a..4407637 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -97737,7 +97715,16 @@ index ff0f6b1..8a67124 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -2414,7 +2454,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, +@@ -1957,7 +1997,7 @@ zonelist_scan: + if (alloc_flags & ALLOC_FAIR) { + if (!zone_local(preferred_zone, zone)) + continue; +- if (atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH]) <= 0) ++ if (atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH]) <= 0) + continue; + } + /* +@@ -2422,7 +2462,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, continue; mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - @@ -97746,7 +97733,16 @@ index ff0f6b1..8a67124 100644 } } -@@ -6606,4 +6646,4 @@ void dump_page(struct page *page, char *reason) +@@ -5671,7 +5711,7 @@ static void __setup_per_zone_wmarks(void) + + __mod_zone_page_state(zone, NR_ALLOC_BATCH, + high_wmark_pages(zone) - low_wmark_pages(zone) - +- atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH])); ++ atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH])); + + setup_zone_migrate_reserve(zone); + spin_unlock_irqrestore(&zone->lock, flags); +@@ -6613,4 +6653,4 @@ void dump_page(struct page *page, char *reason) { dump_page_badflags(page, reason, 0); } @@ -97766,7 +97762,7 @@ index 7c59ef6..1358905 100644 }; diff --git a/mm/percpu.c b/mm/percpu.c -index 8cd4308..ab22f17 100644 +index a2a54a8..43ecb68 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; @@ -100238,8 +100234,325 @@ index b543470..d2ddae2 100644 if (!can_dir) { printk(KERN_INFO "can: failed to create /proc/net/can . " +diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c +index 6e7a236..06f19b9 100644 +--- a/net/ceph/crypto.c ++++ b/net/ceph/crypto.c +@@ -89,11 +89,82 @@ static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void) + + static const u8 *aes_iv = (u8 *)CEPH_AES_IV; + ++/* ++ * Should be used for buffers allocated with ceph_kvmalloc(). ++ * Currently these are encrypt out-buffer (ceph_buffer) and decrypt ++ * in-buffer (msg front). ++ * ++ * Dispose of @sgt with teardown_sgtable(). ++ * ++ * @prealloc_sg is to avoid memory allocation inside sg_alloc_table() ++ * in cases where a single sg is sufficient. No attempt to reduce the ++ * number of sgs by squeezing physically contiguous pages together is ++ * made though, for simplicity. ++ */ ++static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg, ++ const void *buf, unsigned int buf_len) ++{ ++ struct scatterlist *sg; ++ const bool is_vmalloc = is_vmalloc_addr(buf); ++ unsigned int off = offset_in_page(buf); ++ unsigned int chunk_cnt = 1; ++ unsigned int chunk_len = PAGE_ALIGN(off + buf_len); ++ int i; ++ int ret; ++ ++ if (buf_len == 0) { ++ memset(sgt, 0, sizeof(*sgt)); ++ return -EINVAL; ++ } ++ ++ if (is_vmalloc) { ++ chunk_cnt = chunk_len >> PAGE_SHIFT; ++ chunk_len = PAGE_SIZE; ++ } ++ ++ if (chunk_cnt > 1) { ++ ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS); ++ if (ret) ++ return ret; ++ } else { ++ WARN_ON(chunk_cnt != 1); ++ sg_init_table(prealloc_sg, 1); ++ sgt->sgl = prealloc_sg; ++ sgt->nents = sgt->orig_nents = 1; ++ } ++ ++ for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { ++ struct page *page; ++ unsigned int len = min(chunk_len - off, buf_len); ++ ++ if (is_vmalloc) ++ page = vmalloc_to_page(buf); ++ else ++ page = virt_to_page(buf); ++ ++ sg_set_page(sg, page, len, off); ++ ++ off = 0; ++ buf += len; ++ buf_len -= len; ++ } ++ WARN_ON(buf_len != 0); ++ ++ return 0; ++} ++ ++static void teardown_sgtable(struct sg_table *sgt) ++{ ++ if (sgt->orig_nents > 1) ++ sg_free_table(sgt); ++} ++ + static int ceph_aes_encrypt(const void *key, int key_len, + void *dst, size_t *dst_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[2], sg_out[1]; ++ struct scatterlist sg_in[2], prealloc_sg; ++ struct sg_table sg_out; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; + int ret; +@@ -109,16 +180,18 @@ static int ceph_aes_encrypt(const void *key, int key_len, + + *dst_len = src_len + zero_padding; + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); + sg_init_table(sg_in, 2); + sg_set_buf(&sg_in[0], src, src_len); + sg_set_buf(&sg_in[1], pad, zero_padding); +- sg_init_table(sg_out, 1); +- sg_set_buf(sg_out, dst, *dst_len); ++ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); ++ if (ret) ++ goto out_tfm; ++ ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); ++ + /* + print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, + key, key_len, 1); +@@ -127,16 +200,22 @@ static int ceph_aes_encrypt(const void *key, int key_len, + print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, + pad, zero_padding, 1); + */ +- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, ++ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, + src_len + zero_padding); +- crypto_free_blkcipher(tfm); +- if (ret < 0) ++ if (ret < 0) { + pr_err("ceph_aes_crypt failed %d\n", ret); ++ goto out_sg; ++ } + /* + print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_out); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, +@@ -144,7 +223,8 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, + const void *src1, size_t src1_len, + const void *src2, size_t src2_len) + { +- struct scatterlist sg_in[3], sg_out[1]; ++ struct scatterlist sg_in[3], prealloc_sg; ++ struct sg_table sg_out; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; + int ret; +@@ -160,17 +240,19 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, + + *dst_len = src1_len + src2_len + zero_padding; + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); + sg_init_table(sg_in, 3); + sg_set_buf(&sg_in[0], src1, src1_len); + sg_set_buf(&sg_in[1], src2, src2_len); + sg_set_buf(&sg_in[2], pad, zero_padding); +- sg_init_table(sg_out, 1); +- sg_set_buf(sg_out, dst, *dst_len); ++ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); ++ if (ret) ++ goto out_tfm; ++ ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); ++ + /* + print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, + key, key_len, 1); +@@ -181,23 +263,30 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, + print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, + pad, zero_padding, 1); + */ +- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, ++ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, + src1_len + src2_len + zero_padding); +- crypto_free_blkcipher(tfm); +- if (ret < 0) ++ if (ret < 0) { + pr_err("ceph_aes_crypt2 failed %d\n", ret); ++ goto out_sg; ++ } + /* + print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_out); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_decrypt(const void *key, int key_len, + void *dst, size_t *dst_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[1], sg_out[2]; ++ struct sg_table sg_in; ++ struct scatterlist sg_out[2], prealloc_sg; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm }; + char pad[16]; +@@ -209,16 +298,16 @@ static int ceph_aes_decrypt(const void *key, int key_len, + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); +- sg_init_table(sg_in, 1); + sg_init_table(sg_out, 2); +- sg_set_buf(sg_in, src, src_len); + sg_set_buf(&sg_out[0], dst, *dst_len); + sg_set_buf(&sg_out[1], pad, sizeof(pad)); ++ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); ++ if (ret) ++ goto out_tfm; + ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); + + /* +@@ -227,12 +316,10 @@ static int ceph_aes_decrypt(const void *key, int key_len, + print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, + src, src_len, 1); + */ +- +- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); +- crypto_free_blkcipher(tfm); ++ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); + if (ret < 0) { + pr_err("ceph_aes_decrypt failed %d\n", ret); +- return ret; ++ goto out_sg; + } + + if (src_len <= *dst_len) +@@ -250,7 +337,12 @@ static int ceph_aes_decrypt(const void *key, int key_len, + print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_in); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_decrypt2(const void *key, int key_len, +@@ -258,7 +350,8 @@ static int ceph_aes_decrypt2(const void *key, int key_len, + void *dst2, size_t *dst2_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[1], sg_out[3]; ++ struct sg_table sg_in; ++ struct scatterlist sg_out[3], prealloc_sg; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm }; + char pad[16]; +@@ -270,17 +363,17 @@ static int ceph_aes_decrypt2(const void *key, int key_len, + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + +- sg_init_table(sg_in, 1); +- sg_set_buf(sg_in, src, src_len); + sg_init_table(sg_out, 3); + sg_set_buf(&sg_out[0], dst1, *dst1_len); + sg_set_buf(&sg_out[1], dst2, *dst2_len); + sg_set_buf(&sg_out[2], pad, sizeof(pad)); ++ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); ++ if (ret) ++ goto out_tfm; + + crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); + + /* +@@ -289,12 +382,10 @@ static int ceph_aes_decrypt2(const void *key, int key_len, + print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, + src, src_len, 1); + */ +- +- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); +- crypto_free_blkcipher(tfm); ++ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); + if (ret < 0) { + pr_err("ceph_aes_decrypt failed %d\n", ret); +- return ret; ++ goto out_sg; + } + + if (src_len <= *dst1_len) +@@ -324,7 +415,11 @@ static int ceph_aes_decrypt2(const void *key, int key_len, + dst2, *dst2_len, 1); + */ + +- return 0; ++out_sg: ++ teardown_sgtable(&sg_in); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 0a31298..241da43 100644 +index 2e87eec..6301eb0 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con); @@ -100489,7 +100802,7 @@ index 3ed11a5..c177c8f 100644 } EXPORT_SYMBOL(dev_get_stats); diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c -index cf999e0..c59a975 100644 +index cf999e0..c59a9754 100644 --- a/net/core/dev_ioctl.c +++ b/net/core/dev_ioctl.c @@ -366,9 +366,13 @@ void dev_load(struct net *net, const char *name) @@ -101379,7 +101692,7 @@ index c7539e2..b455e51 100644 break; case NETDEV_DOWN: diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c -index 9d43468..ffa28cc 100644 +index 017fa5e..d61ebac 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) @@ -101392,7 +101705,7 @@ index 9d43468..ffa28cc 100644 return nh->nh_saddr; } diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c -index 2d24f29..70fee98 100644 +index 8c8493e..d5214a4 100644 --- a/net/ipv4/gre_offload.c +++ b/net/ipv4/gre_offload.c @@ -56,13 +56,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb, @@ -101575,43 +101888,6 @@ index 3d4da2c..40f9c29 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); } -diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c -index ed88d78..844323b 100644 ---- a/net/ipv4/ip_output.c -+++ b/net/ipv4/ip_output.c -@@ -1487,6 +1487,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, - struct sk_buff *nskb; - struct sock *sk; - struct inet_sock *inet; -+ int err; - - if (ip_options_echo(&replyopts.opt.opt, skb)) - return; -@@ -1525,8 +1526,13 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, - sock_net_set(sk, net); - __skb_queue_head_init(&sk->sk_write_queue); - sk->sk_sndbuf = sysctl_wmem_default; -- ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0, -- &ipc, &rt, MSG_DONTWAIT); -+ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, -+ len, 0, &ipc, &rt, MSG_DONTWAIT); -+ if (unlikely(err)) { -+ ip_flush_pending_frames(sk); -+ goto out; -+ } -+ - nskb = skb_peek(&sk->sk_write_queue); - if (nskb) { - if (arg->csumoffset >= 0) -@@ -1538,7 +1544,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, - skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb)); - ip_push_pending_frames(sk, &fl4); - } -- -+out: - put_cpu_var(unicast_sock); - - ip_rt_put(rt); diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 580dd96..9fcef7e 100644 --- a/net/ipv4/ip_sockglue.c @@ -101635,24 +101911,6 @@ index 580dd96..9fcef7e 100644 msg.msg_controllen = len; msg.msg_flags = flags; -diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c -index 65b664d..791a419 100644 ---- a/net/ipv4/ip_tunnel_core.c -+++ b/net/ipv4/ip_tunnel_core.c -@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto) - skb_pull_rcsum(skb, hdr_len); - - if (inner_proto == htons(ETH_P_TEB)) { -- struct ethhdr *eh = (struct ethhdr *)skb->data; -+ struct ethhdr *eh; - - if (unlikely(!pskb_may_pull(skb, ETH_HLEN))) - return -ENOMEM; - -+ eh = (struct ethhdr *)skb->data; - if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN)) - skb->protocol = eh->h_proto; - else diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e4a8f76..dd8ad72 100644 --- a/net/ipv4/ip_vti.c @@ -103683,7 +103941,7 @@ index d478b88..8c8d157 100644 suspend: diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c -index 22b223f..ab70070 100644 +index 74350c3..512e9f5 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -734,7 +734,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, @@ -104326,7 +104584,7 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index c375d73..d4abd23 100644 +index 7c177bc..d4abd23 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk) @@ -104338,15 +104596,6 @@ index c375d73..d4abd23 100644 } static void netlink_rcv_wake(struct sock *sk) -@@ -707,7 +707,7 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg, - * after validation, the socket and the ring may only be used by a - * single process, otherwise we fall back to copying. - */ -- if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 || -+ if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 || - atomic_read(&nlk->mapped) > 1) - excl = false; - @@ -3003,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, @@ -104964,6 +105213,87 @@ index f226709..0e735a8 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index 5d97d8f..d477d47 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -1627,6 +1627,8 @@ struct sctp_chunk *sctp_assoc_lookup_asconf_ack( + * ack chunk whose serial number matches that of the request. + */ + list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) { ++ if (sctp_chunk_pending(ack)) ++ continue; + if (ack->subh.addip_hdr->serial == serial) { + sctp_chunk_hold(ack); + return ack; +diff --git a/net/sctp/auth.c b/net/sctp/auth.c +index 0e85291..fb7976a 100644 +--- a/net/sctp/auth.c ++++ b/net/sctp/auth.c +@@ -862,8 +862,6 @@ int sctp_auth_set_key(struct sctp_endpoint *ep, + list_add(&cur_key->key_list, sh_keys); + + cur_key->key = key; +- sctp_auth_key_hold(key); +- + return 0; + nomem: + if (!replace) +diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c +index 4de12af..7e8a16c 100644 +--- a/net/sctp/inqueue.c ++++ b/net/sctp/inqueue.c +@@ -140,18 +140,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) + } else { + /* Nothing to do. Next chunk in the packet, please. */ + ch = (sctp_chunkhdr_t *) chunk->chunk_end; +- + /* Force chunk->skb->data to chunk->chunk_end. */ +- skb_pull(chunk->skb, +- chunk->chunk_end - chunk->skb->data); +- +- /* Verify that we have at least chunk headers +- * worth of buffer left. +- */ +- if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) { +- sctp_chunk_free(chunk); +- chunk = queue->in_progress = NULL; +- } ++ skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data); ++ /* We are guaranteed to pull a SCTP header. */ + } + } + +@@ -187,24 +178,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) + skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t)); + chunk->subh.v = NULL; /* Subheader is no longer valid. */ + +- if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) { ++ if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) < ++ skb_tail_pointer(chunk->skb)) { + /* This is not a singleton */ + chunk->singleton = 0; + } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) { +- /* RFC 2960, Section 6.10 Bundling +- * +- * Partial chunks MUST NOT be placed in an SCTP packet. +- * If the receiver detects a partial chunk, it MUST drop +- * the chunk. +- * +- * Since the end of the chunk is past the end of our buffer +- * (which contains the whole packet, we can freely discard +- * the whole packet. +- */ +- sctp_chunk_free(chunk); +- chunk = queue->in_progress = NULL; +- +- return NULL; ++ /* Discard inside state machine. */ ++ chunk->pdiscard = 1; ++ chunk->chunk_end = skb_tail_pointer(chunk->skb); + } else { + /* We are at the end of the packet, so mark the chunk + * in case we need to send a SACK. diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 2b1738e..a9d0fc9 100644 --- a/net/sctp/ipv6.c @@ -105038,6 +105368,182 @@ index a62a215..0976540 100644 } static int sctp_v4_protosw_init(void) +diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c +index fee5552..43abb64 100644 +--- a/net/sctp/sm_make_chunk.c ++++ b/net/sctp/sm_make_chunk.c +@@ -2609,6 +2609,9 @@ do_addr_param: + addr_param = param.v + sizeof(sctp_addip_param_t); + + af = sctp_get_af_specific(param_type2af(param.p->type)); ++ if (af == NULL) ++ break; ++ + af->from_addr_param(&addr, addr_param, + htons(asoc->peer.port), 0); + +@@ -3110,50 +3113,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, + return SCTP_ERROR_NO_ERROR; + } + +-/* Verify the ASCONF packet before we process it. */ +-int sctp_verify_asconf(const struct sctp_association *asoc, +- struct sctp_paramhdr *param_hdr, void *chunk_end, +- struct sctp_paramhdr **errp) { +- sctp_addip_param_t *asconf_param; ++/* Verify the ASCONF packet before we process it. */ ++bool sctp_verify_asconf(const struct sctp_association *asoc, ++ struct sctp_chunk *chunk, bool addr_param_needed, ++ struct sctp_paramhdr **errp) ++{ ++ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr; + union sctp_params param; +- int length, plen; ++ bool addr_param_seen = false; ++ ++ sctp_walk_params(param, addip, addip_hdr.params) { ++ size_t length = ntohs(param.p->length); + +- param.v = (sctp_paramhdr_t *) param_hdr; +- while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { +- length = ntohs(param.p->length); + *errp = param.p; +- +- if (param.v > chunk_end - length || +- length < sizeof(sctp_paramhdr_t)) +- return 0; +- + switch (param.p->type) { ++ case SCTP_PARAM_ERR_CAUSE: ++ break; ++ case SCTP_PARAM_IPV4_ADDRESS: ++ if (length != sizeof(sctp_ipv4addr_param_t)) ++ return false; ++ addr_param_seen = true; ++ break; ++ case SCTP_PARAM_IPV6_ADDRESS: ++ if (length != sizeof(sctp_ipv6addr_param_t)) ++ return false; ++ addr_param_seen = true; ++ break; + case SCTP_PARAM_ADD_IP: + case SCTP_PARAM_DEL_IP: + case SCTP_PARAM_SET_PRIMARY: +- asconf_param = (sctp_addip_param_t *)param.v; +- plen = ntohs(asconf_param->param_hdr.length); +- if (plen < sizeof(sctp_addip_param_t) + +- sizeof(sctp_paramhdr_t)) +- return 0; ++ /* In ASCONF chunks, these need to be first. */ ++ if (addr_param_needed && !addr_param_seen) ++ return false; ++ length = ntohs(param.addip->param_hdr.length); ++ if (length < sizeof(sctp_addip_param_t) + ++ sizeof(sctp_paramhdr_t)) ++ return false; + break; + case SCTP_PARAM_SUCCESS_REPORT: + case SCTP_PARAM_ADAPTATION_LAYER_IND: + if (length != sizeof(sctp_addip_param_t)) +- return 0; +- ++ return false; + break; + default: +- break; ++ /* This is unkown to us, reject! */ ++ return false; + } +- +- param.v += WORD_ROUND(length); + } + +- if (param.v != chunk_end) +- return 0; ++ /* Remaining sanity checks. */ ++ if (addr_param_needed && !addr_param_seen) ++ return false; ++ if (!addr_param_needed && addr_param_seen) ++ return false; ++ if (param.v != chunk->chunk_end) ++ return false; + +- return 1; ++ return true; + } + + /* Process an incoming ASCONF chunk with the next expected serial no. and +@@ -3162,16 +3178,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc, + struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + struct sctp_chunk *asconf) + { ++ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr; ++ bool all_param_pass = true; ++ union sctp_params param; + sctp_addiphdr_t *hdr; + union sctp_addr_param *addr_param; + sctp_addip_param_t *asconf_param; + struct sctp_chunk *asconf_ack; +- + __be16 err_code; + int length = 0; + int chunk_len; + __u32 serial; +- int all_param_pass = 1; + + chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); + hdr = (sctp_addiphdr_t *)asconf->skb->data; +@@ -3199,9 +3216,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + goto done; + + /* Process the TLVs contained within the ASCONF chunk. */ +- while (chunk_len > 0) { ++ sctp_walk_params(param, addip, addip_hdr.params) { ++ /* Skip preceeding address parameters. */ ++ if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || ++ param.p->type == SCTP_PARAM_IPV6_ADDRESS) ++ continue; ++ + err_code = sctp_process_asconf_param(asoc, asconf, +- asconf_param); ++ param.addip); + /* ADDIP 4.1 A7) + * If an error response is received for a TLV parameter, + * all TLVs with no response before the failed TLV are +@@ -3209,28 +3231,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + * the failed response are considered unsuccessful unless + * a specific success indication is present for the parameter. + */ +- if (SCTP_ERROR_NO_ERROR != err_code) +- all_param_pass = 0; +- ++ if (err_code != SCTP_ERROR_NO_ERROR) ++ all_param_pass = false; + if (!all_param_pass) +- sctp_add_asconf_response(asconf_ack, +- asconf_param->crr_id, err_code, +- asconf_param); ++ sctp_add_asconf_response(asconf_ack, param.addip->crr_id, ++ err_code, param.addip); + + /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add + * an IP address sends an 'Out of Resource' in its response, it + * MUST also fail any subsequent add or delete requests bundled + * in the ASCONF. + */ +- if (SCTP_ERROR_RSRC_LOW == err_code) ++ if (err_code == SCTP_ERROR_RSRC_LOW) + goto done; +- +- /* Move to the next ASCONF param. */ +- length = ntohs(asconf_param->param_hdr.length); +- asconf_param = (void *)asconf_param + length; +- chunk_len -= length; + } +- + done: + asoc->peer.addip_serial++; + diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c index fef2acd..c705c4f 100644 --- a/net/sctp/sm_sideeffect.c @@ -105051,6 +105557,61 @@ index fef2acd..c705c4f 100644 NULL, sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, +diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c +index 7194fe85..3e287a3 100644 +--- a/net/sctp/sm_statefuns.c ++++ b/net/sctp/sm_statefuns.c +@@ -170,6 +170,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk, + { + __u16 chunk_length = ntohs(chunk->chunk_hdr->length); + ++ /* Previously already marked? */ ++ if (unlikely(chunk->pdiscard)) ++ return 0; + if (unlikely(chunk_length < required_length)) + return 0; + +@@ -3591,9 +3594,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, + struct sctp_chunk *asconf_ack = NULL; + struct sctp_paramhdr *err_param = NULL; + sctp_addiphdr_t *hdr; +- union sctp_addr_param *addr_param; + __u32 serial; +- int length; + + if (!sctp_vtag_verify(chunk, asoc)) { + sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, +@@ -3618,17 +3619,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, + hdr = (sctp_addiphdr_t *)chunk->skb->data; + serial = ntohl(hdr->serial); + +- addr_param = (union sctp_addr_param *)hdr->params; +- length = ntohs(addr_param->p.length); +- if (length < sizeof(sctp_paramhdr_t)) +- return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, +- (void *)addr_param, commands); +- + /* Verify the ASCONF chunk before processing it. */ +- if (!sctp_verify_asconf(asoc, +- (sctp_paramhdr_t *)((void *)addr_param + length), +- (void *)chunk->chunk_end, +- &err_param)) ++ if (!sctp_verify_asconf(asoc, chunk, true, &err_param)) + return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, + (void *)err_param, commands); + +@@ -3745,10 +3737,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net, + rcvd_serial = ntohl(addip_hdr->serial); + + /* Verify the ASCONF-ACK chunk before processing it. */ +- if (!sctp_verify_asconf(asoc, +- (sctp_paramhdr_t *)addip_hdr->params, +- (void *)asconf_ack->chunk_end, +- &err_param)) ++ if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param)) + return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, + (void *)err_param, commands); + diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 604a6ac..f87f0a3 100644 --- a/net/sctp/socket.c @@ -105508,10 +106069,10 @@ index ae333c1..18521f0 100644 goto out_nomem; cd->u.procfs.channel_ent = NULL; diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 3ea5cda..bfb3e08 100644 +index 5ff8b87..35af642 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -1415,7 +1415,9 @@ call_start(struct rpc_task *task) +@@ -1418,7 +1418,9 @@ call_start(struct rpc_task *task) (RPC_IS_ASYNC(task) ? "async" : "sync")); /* Increment call count */ @@ -106698,6 +107259,45 @@ index 152d4d2..791684c 100644 destdir=$kernel_headers_dir/usr/src/linux-headers-$version mkdir -p "$destdir" (cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -) +diff --git a/scripts/package/mkspec b/scripts/package/mkspec +index 1395760..e4f4ac4 100755 +--- a/scripts/package/mkspec ++++ b/scripts/package/mkspec +@@ -82,6 +82,16 @@ echo "" + fi + + echo "%install" ++echo 'chmod -f 0500 /boot' ++echo 'if [ -d /lib/modules ]; then' ++echo 'chmod -f 0500 /lib/modules' ++echo 'fi' ++echo 'if [ -d /lib32/modules ]; then' ++echo 'chmod -f 0500 /lib32/modules' ++echo 'fi' ++echo 'if [ -d /lib64/modules ]; then' ++echo 'chmod -f 0500 /lib64/modules' ++echo 'fi' + echo 'KBUILD_IMAGE=$(make image_name)' + echo "%ifarch ia64" + echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules' +@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm + echo "fi" + echo "" + echo "%files" +-echo '%defattr (-, root, root)' ++echo '%defattr (400, root, root, 500)' + echo "%dir /lib/modules" + echo "/lib/modules/$KERNELRELEASE" + echo "%exclude /lib/modules/$KERNELRELEASE/build" +@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)' + echo "/usr/include" + echo "" + echo "%files devel" +-echo '%defattr (-, root, root)' ++echo '%defattr (400, root, root, 500)' + echo "/usr/src/kernels/$KERNELRELEASE" + echo "/lib/modules/$KERNELRELEASE/build" + echo "/lib/modules/$KERNELRELEASE/source" diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c index 68bb4ef..2f419e1 100644 --- a/scripts/pnmtologo.c @@ -108094,7 +108694,7 @@ index fc3e662..7844c60 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index e294b86..4fc9b7f 100644 +index 47b5c69..4fc9b7f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -108106,22 +108706,6 @@ index e294b86..4fc9b7f 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -470,6 +468,7 @@ next_inode: - list_entry(sbsec->isec_head.next, - struct inode_security_struct, list); - struct inode *inode = isec->inode; -+ list_del_init(&isec->list); - spin_unlock(&sbsec->isec_lock); - inode = igrab(inode); - if (inode) { -@@ -478,7 +477,6 @@ next_inode: - iput(inode); - } - spin_lock(&sbsec->isec_lock); -- list_del_init(&isec->list); - goto next_inode; - } - spin_unlock(&sbsec->isec_lock); @@ -5759,7 +5757,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -108524,7 +109108,7 @@ index 4c1cc51..16040040 100644 } } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) { diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c -index af49721..e85058e 100644 +index c4ac3c1..5266261 100644 --- a/sound/core/pcm_compat.c +++ b/sound/core/pcm_compat.c @@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream, @@ -116884,10 +117468,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..2f37382 +index 0000000..d14887a6 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5996 @@ +@@ -0,0 +1,6033 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -117254,6 +117838,7 @@ index 0000000..2f37382 +userspace_status_4004 userspace_status 4 4004 NULL +xfs_check_block_4005 xfs_check_block 4 4005 NULL nohasharray +mei_write_4005 mei_write 3 4005 &xfs_check_block_4005 ++gfs2_dir_get_existing_buffer_4007 gfs2_dir_get_existing_buffer 0 4007 NULL +snd_hdsp_capture_copy_4011 snd_hdsp_capture_copy 5 4011 NULL +blk_end_request_4024 blk_end_request 3 4024 NULL +ext4_xattr_find_entry_4025 ext4_xattr_find_entry 0 4025 NULL @@ -117261,6 +117846,7 @@ index 0000000..2f37382 +mtip_hw_read_registers_4037 mtip_hw_read_registers 3 4037 NULL +read_file_queues_4078 read_file_queues 3 4078 NULL +fbcon_do_set_font_4079 fbcon_do_set_font 2-3 4079 NULL ++C_SYSC_rt_sigpending_4114 C_SYSC_rt_sigpending 2 4114 NULL +tm6000_read_4151 tm6000_read 3 4151 NULL +mpt_raid_phys_disk_get_num_paths_4155 mpt_raid_phys_disk_get_num_paths 0 4155 NULL +msg_bits_4158 msg_bits 0-3-4 4158 NULL @@ -117401,6 +117987,7 @@ index 0000000..2f37382 +ll_statahead_one_5962 ll_statahead_one 3 5962 NULL +__apu_get_register_5967 __apu_get_register 0 5967 NULL +ieee80211_if_fmt_rc_rateidx_mask_5ghz_5971 ieee80211_if_fmt_rc_rateidx_mask_5ghz 3 5971 NULL ++SyS_semop_5980 SyS_semop 3 5980 NULL +alloc_msg_6072 alloc_msg 1 6072 NULL +sctp_setsockopt_connectx_6073 sctp_setsockopt_connectx 3 6073 NULL +rts51x_ms_rw_multi_sector_6076 rts51x_ms_rw_multi_sector 3-4 6076 NULL @@ -117432,6 +118019,7 @@ index 0000000..2f37382 +mei_dbgfs_read_devstate_6352 mei_dbgfs_read_devstate 3 6352 NULL +_proc_do_string_6376 _proc_do_string 2 6376 NULL +osd_req_read_sg_kern_6378 osd_req_read_sg_kern 5 6378 NULL ++gfs2_dir_read_stuffed_6380 gfs2_dir_read_stuffed 3 6380 NULL +xfs_bmap_extents_to_btree_6387 xfs_bmap_extents_to_btree 0 6387 NULL +posix_acl_fix_xattr_userns_6420 posix_acl_fix_xattr_userns 4 6420 NULL +add_transaction_credits_6422 add_transaction_credits 2-3 6422 NULL @@ -117449,6 +118037,7 @@ index 0000000..2f37382 +SyS_semtimedop_6563 SyS_semtimedop 3 6563 NULL +xfs_iozero_6573 xfs_iozero 0 6573 NULL +ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL ++xfs_do_div_6649 xfs_do_div 0-2 6649 NULL +process_rcvd_data_6679 process_rcvd_data 3 6679 NULL +btrfs_lookup_csums_range_6696 btrfs_lookup_csums_range 2-3 6696 NULL +ps_pspoll_max_apturn_read_6699 ps_pspoll_max_apturn_read 3 6699 NULL @@ -117479,6 +118068,7 @@ index 0000000..2f37382 +acm_alloc_minor_6911 acm_alloc_minor 0 6911 &spi_show_regs_6911 +__kfifo_dma_in_finish_r_6913 __kfifo_dma_in_finish_r 2-3 6913 NULL +lops_scan_elements_6916 lops_scan_elements 0 6916 NULL ++do_msgrcv_6921 do_msgrcv 3 6921 NULL +cache_do_downcall_6926 cache_do_downcall 3 6926 NULL +ipath_verbs_send_dma_6929 ipath_verbs_send_dma 6 6929 NULL +qsfp_cks_6945 qsfp_cks 2-0 6945 NULL @@ -117572,6 +118162,7 @@ index 0000000..2f37382 +qla4xxx_post_ping_evt_work_8074 qla4xxx_post_ping_evt_work 4 8074 NULL +venus_lookup_8121 venus_lookup 4 8121 NULL +ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL ++xfs_file_fallocate_8150 xfs_file_fallocate 3-4 8150 NULL +__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL +ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL +recent_mt_proc_write_8206 recent_mt_proc_write 3 8206 NULL @@ -118063,6 +118654,7 @@ index 0000000..2f37382 +biovec_create_pool_13079 biovec_create_pool 2 13079 NULL +xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL +ttm_dma_pool_alloc_new_pages_13105 ttm_dma_pool_alloc_new_pages 3 13105 NULL ++SyS_msgrcv_13109 SyS_msgrcv 3 13109 NULL +snd_rme96_playback_copy_13111 snd_rme96_playback_copy 5 13111 NULL +bfad_debugfs_read_13119 bfad_debugfs_read 3 13119 NULL +blk_update_request_13146 blk_update_request 3 13146 NULL @@ -118102,6 +118694,7 @@ index 0000000..2f37382 +sb_init_dio_done_wq_13482 sb_init_dio_done_wq 0 13482 NULL +data_read_13494 data_read 3 13494 NULL +ioat_chansts_32_13506 ioat_chansts_32 0 13506 NULL ++ocfs2_align_bytes_to_blocks_13512 ocfs2_align_bytes_to_blocks 0-2 13512 NULL +core_status_13515 core_status 4 13515 NULL +smk_write_mapped_13519 smk_write_mapped 3 13519 NULL +bm_init_13529 bm_init 2 13529 NULL @@ -118118,6 +118711,7 @@ index 0000000..2f37382 +blk_msg_write_13655 blk_msg_write 3 13655 NULL +cache_downcall_13666 cache_downcall 3 13666 NULL +ext3_xattr_list_entries_13682 ext3_xattr_list_entries 0 13682 NULL ++nv94_aux_13689 nv94_aux 2-5 13689 NULL +usb_get_string_13693 usb_get_string 0 13693 NULL +fw_iso_buffer_alloc_13704 fw_iso_buffer_alloc 2 13704 NULL +audit_unpack_string_13748 audit_unpack_string 3 13748 NULL @@ -118266,6 +118860,7 @@ index 0000000..2f37382 +smscore_load_firmware_family2_15086 smscore_load_firmware_family2 3 15086 NULL +xfs_btree_insrec_15090 xfs_btree_insrec 0 15090 NULL +btrfs_readpage_15094 btrfs_readpage 0 15094 NULL ++compat_SyS_pwritev_15118 compat_SyS_pwritev 3 15118 NULL +hex_dump_to_buffer_15121 hex_dump_to_buffer 6 15121 NULL +start_port_15124 start_port 0 15124 NULL +ipwireless_ppp_mru_15153 ipwireless_ppp_mru 0 15153 NULL @@ -118598,6 +119193,7 @@ index 0000000..2f37382 +ffs_epfile_read_18775 ffs_epfile_read 3 18775 NULL +SyS_lsetxattr_18776 SyS_lsetxattr 4 18776 NULL +alloc_fcdev_18780 alloc_fcdev 1 18780 NULL ++prealloc_18800 prealloc 0 18800 NULL +dm_stats_print_18815 dm_stats_print 7 18815 NULL +sys_modify_ldt_18824 sys_modify_ldt 3 18824 NULL +mtf_test_write_18844 mtf_test_write 3 18844 NULL @@ -118831,6 +119427,7 @@ index 0000000..2f37382 +use_debug_keys_read_21251 use_debug_keys_read 3 21251 NULL +fru_length_21257 fru_length 0 21257 NULL +rtw_set_wps_beacon_21262 rtw_set_wps_beacon 3 21262 NULL ++ocfs2_blocks_for_bytes_21268 ocfs2_blocks_for_bytes 0-2 21268 NULL +xfs_alloc_ag_vextent_size_21276 xfs_alloc_ag_vextent_size 0 21276 NULL +do_msg_fill_21307 do_msg_fill 3 21307 NULL +add_res_range_21310 add_res_range 4 21310 NULL @@ -118865,6 +119462,7 @@ index 0000000..2f37382 +ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL +filemap_get_page_21606 filemap_get_page 2 21606 NULL +gfs2_glock_nq_init_21624 gfs2_glock_nq_init 0 21624 NULL ++ocfs2_refcount_cow_hunk_21630 ocfs2_refcount_cow_hunk 3-4 21630 NULL +__jfs_getxattr_21631 __jfs_getxattr 0 21631 NULL +atalk_sendmsg_21677 atalk_sendmsg 4 21677 NULL +ocfs2_xattr_get_nolock_21678 ocfs2_xattr_get_nolock 0 21678 NULL @@ -118922,6 +119520,7 @@ index 0000000..2f37382 +mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL +lov_setstripe_22307 lov_setstripe 2 22307 NULL +udpv6_sendmsg_22316 udpv6_sendmsg 4 22316 NULL ++C_SYSC_msgrcv_22320 C_SYSC_msgrcv 3 22320 NULL +atomic_read_22342 atomic_read 0 22342 NULL +ll_lazystatfs_seq_write_22353 ll_lazystatfs_seq_write 3 22353 NULL +snd_pcm_alsa_frames_22363 snd_pcm_alsa_frames 2 22363 NULL @@ -118946,6 +119545,7 @@ index 0000000..2f37382 +wl1271_rx_filter_get_fields_size_22638 wl1271_rx_filter_get_fields_size 0 22638 NULL +pwr_wake_on_timer_exp_read_22640 pwr_wake_on_timer_exp_read 3 22640 NULL +iwl_dbgfs_calib_disabled_read_22649 iwl_dbgfs_calib_disabled_read 3 22649 NULL ++compat_SyS_msgrcv_22661 compat_SyS_msgrcv 3 22661 NULL +ext4_ext_direct_IO_22679 ext4_ext_direct_IO 4 22679 NULL +l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL +bch_dump_read_22685 bch_dump_read 3 22685 NULL @@ -118983,7 +119583,7 @@ index 0000000..2f37382 +remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL +viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL +cifs_local_to_utf16_bytes_23025 cifs_local_to_utf16_bytes 0 23025 NULL -+ocfs2_refcount_cow_xattr_23029 ocfs2_refcount_cow_xattr 0 23029 NULL ++ocfs2_refcount_cow_xattr_23029 ocfs2_refcount_cow_xattr 0-6-7 23029 NULL +st_status_23032 st_status 5 23032 NULL +nv50_disp_chan_create__23056 nv50_disp_chan_create_ 5 23056 NULL +comedi_buf_write_n_available_23057 comedi_buf_write_n_available 0 23057 NULL @@ -119120,6 +119720,7 @@ index 0000000..2f37382 +reserve_metadata_bytes_24313 reserve_metadata_bytes 0 24313 NULL +ath6kl_add_bss_if_needed_24317 ath6kl_add_bss_if_needed 6 24317 NULL +si476x_radio_read_acf_blob_24336 si476x_radio_read_acf_blob 3 24336 NULL ++C_SYSC_pwritev_24345 C_SYSC_pwritev 3 24345 NULL +prepare_pages_24349 prepare_pages 0 24349 NULL +kzalloc_node_24352 kzalloc_node 1 24352 NULL +qla2x00_handle_queue_full_24365 qla2x00_handle_queue_full 2 24365 NULL @@ -119166,6 +119767,7 @@ index 0000000..2f37382 +simple_attr_read_24738 simple_attr_read 3 24738 NULL +qla2x00_change_queue_depth_24742 qla2x00_change_queue_depth 2 24742 NULL +get_dma_residue_24749 get_dma_residue 0 24749 NULL ++ocfs2_cow_file_pos_24751 ocfs2_cow_file_pos 3 24751 NULL +kgdb_hex2mem_24755 kgdb_hex2mem 3 24755 NULL +ocfs2_read_blocks_24777 ocfs2_read_blocks 0 24777 NULL +datablob_hmac_verify_24786 datablob_hmac_verify 4 24786 NULL @@ -119382,7 +119984,7 @@ index 0000000..2f37382 +seq_read_27411 seq_read 3 27411 NULL +ib_dma_map_sg_27413 ib_dma_map_sg 0 27413 NULL +ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 NULL -+ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 0 27422 NULL ++ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 0-3-4 27422 NULL +cypress_write_27423 cypress_write 4 27423 NULL +sddr09_read_data_27447 sddr09_read_data 3 27447 NULL +xfs_btree_lookup_get_block_27448 xfs_btree_lookup_get_block 0 27448 NULL @@ -119580,7 +120182,7 @@ index 0000000..2f37382 +add_to_page_cache_lru_29534 add_to_page_cache_lru 0 29534 NULL +ftrace_write_29551 ftrace_write 3 29551 NULL +idetape_queue_rw_tail_29562 idetape_queue_rw_tail 3 29562 NULL -+leaf_dealloc_29566 leaf_dealloc 3 29566 NULL ++leaf_dealloc_29566 leaf_dealloc 3-2 29566 NULL +kvm_read_guest_virt_system_29569 kvm_read_guest_virt_system 4-2 29569 NULL +lbs_lowsnr_read_29571 lbs_lowsnr_read 3 29571 NULL +security_path_chmod_29578 security_path_chmod 0 29578 NULL @@ -119639,6 +120241,7 @@ index 0000000..2f37382 +__genwqe_readq_30197 __genwqe_readq 0 30197 NULL +usblp_ioctl_30203 usblp_ioctl 2 30203 NULL +read_4k_modal_eeprom_30212 read_4k_modal_eeprom 3 30212 NULL ++SyS_semop_30227 SyS_semop 3 30227 NULL +bitmap_file_set_bit_30228 bitmap_file_set_bit 2 30228 NULL +shmem_unuse_inode_30263 shmem_unuse_inode 0 30263 NULL +rawv6_recvmsg_30265 rawv6_recvmsg 4 30265 NULL @@ -119681,6 +120284,7 @@ index 0000000..2f37382 +set_le_30581 set_le 4 30581 NULL +blk_init_tags_30592 blk_init_tags 1 30592 NULL +sgl_map_user_pages_30610 sgl_map_user_pages 2 30610 NULL ++SyS_msgrcv_30611 SyS_msgrcv 3 30611 NULL +macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL +ieee80211_if_read_dot11MeshAwakeWindowDuration_30631 ieee80211_if_read_dot11MeshAwakeWindowDuration 3 30631 NULL +compat_raw_setsockopt_30634 compat_raw_setsockopt 5 30634 NULL @@ -119880,6 +120484,7 @@ index 0000000..2f37382 +generic_readlink_32654 generic_readlink 3 32654 NULL +move_addr_to_kernel_32673 move_addr_to_kernel 2 32673 NULL +apei_res_add_32674 apei_res_add 0 32674 NULL ++compat_SyS_preadv_32679 compat_SyS_preadv 3 32679 NULL +jfs_readpages_32702 jfs_readpages 4 32702 NULL +xfs_filestream_new_ag_32711 xfs_filestream_new_ag 0 32711 NULL +rt2x00debug_read_queue_dump_32712 rt2x00debug_read_queue_dump 3 32712 NULL @@ -120147,6 +120752,7 @@ index 0000000..2f37382 +ptlrpcd_steal_rqset_35637 ptlrpcd_steal_rqset 0 35637 NULL +spi_register_board_info_35651 spi_register_board_info 2 35651 NULL +rdmaltWithLock_35669 rdmaltWithLock 0 35669 NULL ++compat_sys_kexec_load_35674 compat_sys_kexec_load 2 35674 NULL +SYSC_pwritev_35690 SYSC_pwritev 3 35690 NULL +rds_page_copy_user_35691 rds_page_copy_user 4 35691 NULL +md_super_write_35703 md_super_write 4 35703 NULL @@ -120401,7 +121007,8 @@ index 0000000..2f37382 +_ipw_read_reg32_38245 _ipw_read_reg32 0 38245 NULL +xfs_qm_dqrepair_38262 xfs_qm_dqrepair 0 38262 NULL +mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 NULL nohasharray -+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268 ++ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268 nohasharray ++SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 &ieee80211_if_read_auto_open_plinks_38268 +xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray +xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275 +ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL @@ -120410,6 +121017,7 @@ index 0000000..2f37382 +ida_simple_get_38326 ida_simple_get 0 38326 NULL +__snd_gf1_look8_38333 __snd_gf1_look8 0 38333 NULL +btrfs_file_extent_disk_num_bytes_38363 btrfs_file_extent_disk_num_bytes 0 38363 NULL ++xfs_free_file_space_38383 xfs_free_file_space 2-3 38383 NULL +dn_sendmsg_38390 dn_sendmsg 4 38390 NULL +ieee80211_if_read_dtim_count_38419 ieee80211_if_read_dtim_count 3 38419 NULL +pmcraid_copy_sglist_38431 pmcraid_copy_sglist 3 38431 NULL @@ -120486,6 +121094,7 @@ index 0000000..2f37382 +insert_reserved_file_extent_39327 insert_reserved_file_extent 3 39327 NULL +wimax_msg_alloc_39343 wimax_msg_alloc 4 39343 NULL +ide_complete_rq_39354 ide_complete_rq 3 39354 NULL ++gfs2_dir_write_data_39357 gfs2_dir_write_data 3-4 39357 NULL +do_write_log_from_user_39362 do_write_log_from_user 3-0 39362 NULL +vortex_wtdma_getlinearpos_39371 vortex_wtdma_getlinearpos 0 39371 NULL +regmap_name_read_file_39379 regmap_name_read_file 3 39379 NULL @@ -120565,7 +121174,7 @@ index 0000000..2f37382 +compress_file_range_40225 compress_file_range 3-4 40225 NULL +osst_read_40237 osst_read 3 40237 NULL +lpage_info_slot_40243 lpage_info_slot 3-1 40243 NULL -+ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4 40248 NULL ++ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4-3 40248 NULL +rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL +ext2_fiemap_40271 ext2_fiemap 4 40271 NULL +usbnet_read_cmd_40275 usbnet_read_cmd 7 40275 NULL @@ -120824,6 +121433,7 @@ index 0000000..2f37382 +ieee80211_if_fmt_drop_unencrypted_43107 ieee80211_if_fmt_drop_unencrypted 3 43107 NULL +calculate_node_totalpages_43118 calculate_node_totalpages 2-3 43118 NULL +read_file_dfs_43145 read_file_dfs 3 43145 NULL ++gfs2_dir_write_stuffed_43147 gfs2_dir_write_stuffed 0-4 43147 NULL +cfs_cpt_table_alloc_43159 cfs_cpt_table_alloc 1 43159 NULL +usb_string_sub_43164 usb_string_sub 0 43164 NULL +il_dbgfs_power_save_status_read_43165 il_dbgfs_power_save_status_read 3 43165 NULL @@ -120849,6 +121459,7 @@ index 0000000..2f37382 +gfs2_rgrp_bh_get_43375 gfs2_rgrp_bh_get 0 43375 NULL +xfs_btree_new_iroot_43392 xfs_btree_new_iroot 0 43392 NULL +xenfb_write_43412 xenfb_write 3 43412 NULL ++ext4_xattr_check_names_43422 ext4_xattr_check_names 0 43422 NULL +__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL +cifs_writev_43437 cifs_writev 4 43437 NULL @@ -120933,6 +121544,7 @@ index 0000000..2f37382 +radix_tree_maybe_preload_44346 radix_tree_maybe_preload 0 44346 NULL +blk_queue_init_tags_44355 blk_queue_init_tags 2 44355 NULL nohasharray +nfs_fscache_get_super_cookie_44355 nfs_fscache_get_super_cookie 3 44355 &blk_queue_init_tags_44355 ++alloc_requests_44372 alloc_requests 0 44372 NULL +rts_threshold_read_44384 rts_threshold_read 3 44384 NULL +mtip_hw_read_flags_44396 mtip_hw_read_flags 3 44396 NULL +aoedev_flush_44398 aoedev_flush 2 44398 NULL @@ -121003,7 +121615,7 @@ index 0000000..2f37382 +cfs_trace_daemon_command_usrstr_45147 cfs_trace_daemon_command_usrstr 2 45147 NULL +gen_bitmask_string_45149 gen_bitmask_string 6 45149 NULL +device_write_45156 device_write 3 45156 NULL nohasharray -+ocfs2_remove_inode_range_45156 ocfs2_remove_inode_range 3 45156 &device_write_45156 ++ocfs2_remove_inode_range_45156 ocfs2_remove_inode_range 3-4 45156 &device_write_45156 +tomoyo_write_self_45161 tomoyo_write_self 3 45161 NULL +sta_agg_status_write_45164 sta_agg_status_write 3 45164 NULL +snd_sb_csp_load_user_45190 snd_sb_csp_load_user 3 45190 NULL nohasharray @@ -121189,6 +121801,7 @@ index 0000000..2f37382 +ablkcipher_next_slow_47274 ablkcipher_next_slow 4-3 47274 NULL +gfs2_readpages_47285 gfs2_readpages 4 47285 NULL +vsnprintf_47291 vsnprintf 0 47291 NULL ++SYSC_semop_47292 SYSC_semop 3 47292 NULL +tx_internal_desc_overflow_read_47300 tx_internal_desc_overflow_read 3 47300 NULL +xfs_trans_reserve_quota_nblks_47313 xfs_trans_reserve_quota_nblks 0 47313 NULL +nouveau_fb_create__47316 nouveau_fb_create_ 4 47316 NULL @@ -121304,6 +121917,7 @@ index 0000000..2f37382 +compat_SyS_preadv64_48469 compat_SyS_preadv64 3 48469 NULL +ipath_format_hwerrors_48487 ipath_format_hwerrors 5 48487 NULL +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL ++ocfs2_refcount_cow_48495 ocfs2_refcount_cow 3 48495 NULL +send_control_msg_48498 send_control_msg 6 48498 NULL +count_masked_bytes_48507 count_masked_bytes 0-1 48507 NULL +diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL @@ -121962,6 +122576,7 @@ index 0000000..2f37382 +gsm_control_modem_55303 gsm_control_modem 3 55303 NULL +wimax_msg_len_55304 wimax_msg_len 0 55304 NULL +qp_alloc_guest_work_55305 qp_alloc_guest_work 5-3 55305 NULL ++gfs2_dir_read_data_55327 gfs2_dir_read_data 3 55327 NULL +__vxge_hw_vpath_initialize_55328 __vxge_hw_vpath_initialize 2 55328 NULL +vme_user_read_55338 vme_user_read 3 55338 NULL +__wa_xfer_setup_sizes_55342 __wa_xfer_setup_sizes 0 55342 NULL nohasharray @@ -122228,6 +122843,7 @@ index 0000000..2f37382 +key_algorithm_read_57946 key_algorithm_read 3 57946 NULL +ip_set_alloc_57953 ip_set_alloc 1 57953 NULL nohasharray +ioat3_dca_count_dca_slots_57953 ioat3_dca_count_dca_slots 0 57953 &ip_set_alloc_57953 ++do_rx_dma_57996 do_rx_dma 5 57996 NULL +rx_reset_counter_read_58001 rx_reset_counter_read 3 58001 NULL +iwl_dbgfs_ucode_rx_stats_read_58023 iwl_dbgfs_ucode_rx_stats_read 3 58023 NULL +io_playback_transfer_58030 io_playback_transfer 4 58030 NULL @@ -122386,6 +123002,7 @@ index 0000000..2f37382 +cap_inode_need_killpriv_59766 cap_inode_need_killpriv 0 59766 &long_retry_limit_read_59766 +venus_remove_59781 venus_remove 4 59781 NULL +mei_nfc_recv_59784 mei_nfc_recv 3 59784 NULL ++C_SYSC_preadv_59801 C_SYSC_preadv 3 59801 NULL +ipw_write_59807 ipw_write 3 59807 NULL +scsi_init_shared_tag_map_59812 scsi_init_shared_tag_map 2 59812 NULL +ieee80211_if_read_dot11MeshHWMPmaxPREQretries_59829 ieee80211_if_read_dot11MeshHWMPmaxPREQretries 3 59829 NULL @@ -122523,6 +123140,7 @@ index 0000000..2f37382 +f1x_map_sysaddr_to_csrow_61344 f1x_map_sysaddr_to_csrow 2 61344 NULL +debug_debug4_read_61367 debug_debug4_read 3 61367 NULL +system_enable_write_61396 system_enable_write 3 61396 NULL ++xfs_zero_remaining_bytes_61423 xfs_zero_remaining_bytes 3 61423 NULL +unix_stream_sendmsg_61455 unix_stream_sendmsg 4 61455 NULL +snd_pcm_lib_writev_transfer_61483 snd_pcm_lib_writev_transfer 5-4-2 61483 NULL +btrfs_item_size_61485 btrfs_item_size 0 61485 NULL @@ -122578,6 +123196,7 @@ index 0000000..2f37382 +il4965_ucode_rx_stats_read_61948 il4965_ucode_rx_stats_read 3 61948 NULL +squashfs_read_id_index_table_61961 squashfs_read_id_index_table 4 61961 NULL +fix_read_error_61965 fix_read_error 4 61965 NULL ++ocfs2_quota_write_61972 ocfs2_quota_write 4-5 61972 NULL +fd_locked_ioctl_61978 fd_locked_ioctl 3 61978 NULL +cow_file_range_61979 cow_file_range 3 61979 NULL +set_extent_delalloc_61982 set_extent_delalloc 0 61982 NULL @@ -122633,6 +123252,7 @@ index 0000000..2f37382 +link_send_sections_long_62557 link_send_sections_long 3 62557 NULL +compute_bitstructs_62570 compute_bitstructs 0 62570 NULL +xfrm_user_policy_62573 xfrm_user_policy 4 62573 NULL ++compat_SyS_rt_sigpending_62580 compat_SyS_rt_sigpending 2 62580 NULL +get_subdir_62581 get_subdir 3 62581 NULL +nfsd_vfs_read_62605 nfsd_vfs_read 6 62605 NULL +tipc_port_recv_sections_62609 tipc_port_recv_sections 3 62609 NULL @@ -122725,6 +123345,7 @@ index 0000000..2f37382 +spidev_compat_ioctl_63778 spidev_compat_ioctl 2 63778 NULL +mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL +copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL ++prepare_copy_63826 prepare_copy 2 63826 NULL +sel_write_load_63830 sel_write_load 3 63830 NULL +ll_readlink_63836 ll_readlink 3 63836 NULL +proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL @@ -124353,44 +124974,6 @@ index 0a578fe..b81f62d 100644 0; \ }) -diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c -index 714b949..1f0dc1e 100644 ---- a/virt/kvm/iommu.c -+++ b/virt/kvm/iommu.c -@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm, - gfn_t base_gfn, unsigned long npages); - - static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn, -- unsigned long size) -+ unsigned long npages) - { - gfn_t end_gfn; - pfn_t pfn; - - pfn = gfn_to_pfn_memslot(slot, gfn); -- end_gfn = gfn + (size >> PAGE_SHIFT); -+ end_gfn = gfn + npages; - gfn += 1; - - if (is_error_noslot_pfn(pfn)) -@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) - * Pin all pages we are about to map in memory. This is - * important because we unmap and unpin in 4kb steps later. - */ -- pfn = kvm_pin_pages(slot, gfn, page_size); -+ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT); - if (is_error_noslot_pfn(pfn)) { - gfn += 1; - continue; -@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) - if (r) { - printk(KERN_ERR "kvm_iommu_map_address:" - "iommu failed to map pfn=%llx\n", pfn); -- kvm_unpin_pages(kvm, pfn, page_size); -+ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT); - goto unmap_pages; - } - diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 6611253..eb4bc0f 100644 --- a/virt/kvm/kvm_main.c |