aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD28
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.8.7-201304142158.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.8.6-201304082215.patch)998
-rw-r--r--main/linux-grsec/kernelconfig.x8612
-rw-r--r--main/linux-grsec/kernelconfig.x86_6412
4 files changed, 698 insertions, 352 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index a670f459b3..f7579358d9 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.8.6
+pkgver=3.8.7
_kernver=3.8
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.8.6-201304082215.patch
+ grsecurity-2.9.1-3.8.7-201304142158.patch
0004-arp-flush-arp-cache-on-device-change.patch
@@ -141,20 +141,20 @@ dev() {
}
md5sums="1c738edfc54e7c65faeb90c436104e2f linux-3.8.tar.xz
-f11748a53d4ec0e2dcbfbb64526d6434 patch-3.8.6.xz
-365ee5c7ccd0095db4aaa972d3a33d45 grsecurity-2.9.1-3.8.6-201304082215.patch
+d166692330220c425d69db82c9d693b6 patch-3.8.7.xz
+b1d5626b6cdce1037c06ace84e04acff grsecurity-2.9.1-3.8.7-201304142158.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
-f82f73f341a0cdac97ef8ffd188ae08b kernelconfig.x86
-eefa5ca3d2b63a1082aaf1b42a85e4f0 kernelconfig.x86_64"
+0914bcf698bb5e1a39d2888ad2c5c442 kernelconfig.x86
+477f1a2a20dd6634dfa42f4732235370 kernelconfig.x86_64"
sha256sums="e070d1bdfbded5676a4f374721c63565f1c969466c5a3e214004a136b583184b linux-3.8.tar.xz
-19b2748e9c11c6ca7672dc0b945725914a7481fad8c5f0fb5c1658115f04c72a patch-3.8.6.xz
-cdcb882156b6b4861a4d5862cc132787c1484ebc435d52a2422711f6fc2489ad grsecurity-2.9.1-3.8.6-201304082215.patch
+35596a6e1504354ce165a36b743fc14eeeae3a462a321eafca54ab1b3215f861 patch-3.8.7.xz
+eea6cedf3e2ab2d45df7d9a04113f97ed8b666d7c248bfa34c0976216535b33f grsecurity-2.9.1-3.8.7-201304142158.patch
e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch
-a50c35f891e272332bdd33dff24b248502f1efb2f5b5941b662ca5bf0e3d31a1 kernelconfig.x86
-06598a7e3860995a24b5926e2ed42c85787902faf052c4066266716516b7d389 kernelconfig.x86_64"
+fea4df55c6db0a058eb24ede61473bf401a52ceb1945d5d552421847cc947160 kernelconfig.x86
+6b4c04220aaecd9854ac6e889e7518c931f1c3f5f2e7c32c2c084ccfc3be911f kernelconfig.x86_64"
sha512sums="10a7983391af907d8aec72bdb096d1cabd4911985715e9ea13d35ff09095c035db15d4ab08b92eda7c10026cc27348cb9728c212335f7fcdcda7c610856ec30f linux-3.8.tar.xz
-7e1a36d54f32534d434c9968d1ad7bb47e86fdca68abb227a20ac8faf88c39b3d32b710578de8af8f418997b02e3bac0a4ea446ce143e2eb9b7906b2031a000d patch-3.8.6.xz
-b9a8a1850ccb77472f66d2e3b7ed20426af0b8531caa87a323df1bd16df86ae28910f075202e4a59f6ebf9cf2e3e31173f0d46db28b4033eff9ed798f3529798 grsecurity-2.9.1-3.8.6-201304082215.patch
+311cb2b75671ec842c7f4f4724af5afe2a23458eb28f2199ed9a4472f7a34e10ccd1f656a4c61634a0f6606714d5d4ebd6007ea90eddbdd32d83179e4adcb242 patch-3.8.7.xz
+cf265d345fe2ba1d53b7cccddfb5a06424ca49da48a76261fa18f8e963155fbcfea99a3eb016f6a78cfb6e5477bfb97972322633cf503470f9d01592dd3b6f6c grsecurity-2.9.1-3.8.7-201304142158.patch
b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch
-f137e63a9065c41a808e39c43784226787b7b19d056c721909039358c5ac3bcc94e5386ae99e422c1be3186f08e75565cf2e8e874986965222639a0efae84486 kernelconfig.x86
-2b7c401ff742fa06b7d35403eccf486968b3e9460f14d5743d2747cbb86f97dafc874978ef870df277d972ceb984988a753c08b17fa95da0f8d91fabcf55cf46 kernelconfig.x86_64"
+ffb12d33f55dbc50e97156feaf65e29f6b332750e43c33ed90b2def5029d039b0b87d559483cf3a80f330dadac68f921fa276dc6cc9fbc4e60050985d823501e kernelconfig.x86
+3bdc68b0b8d36b051ac543f13eba1151902e1e43e76abef8d8dcbaa6927db6365f1b091505569af8146c89e486e24647e8e96fb6b96f30a0071f59e5923950cb kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.8.6-201304082215.patch b/main/linux-grsec/grsecurity-2.9.1-3.8.7-201304142158.patch
index ccb497cccf..8cb1973696 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.8.6-201304082215.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.8.7-201304142158.patch
@@ -259,7 +259,7 @@ index 986614d..e8bfedc 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 10075d6..dcb3e14 100644
+index 85204da..9d99250 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -269,7 +269,7 @@ index 10075d6..dcb3e14 100644
-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
-HOSTCXXFLAGS = -O2
+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
-+HOSTCLFAGS += $(call cc-option, -Wno-empty-body)
++HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
+HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks
# Decide whether to build built-in, modular, or both.
@@ -5199,9 +5199,18 @@ index 24603be..948052d 100644
DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
}
diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c
-index 77597e5..6f28f3f 100644
+index 77597e5..189dd62f 100644
--- a/arch/ia64/kernel/palinfo.c
+++ b/arch/ia64/kernel/palinfo.c
+@@ -977,7 +977,7 @@ create_palinfo_proc_entries(unsigned int cpu)
+ struct proc_dir_entry **pdir;
+ struct proc_dir_entry *cpu_dir;
+ int j;
+- char cpustr[sizeof(CPUSTR)];
++ char cpustr[3+4+1];
+
+
+ /*
@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -6663,6 +6672,19 @@ index 3d5c9dc..62f8414 100644
#define DSISR_PROTFAULT 0x08000000 /* protection fault */
#define DSISR_ISSTORE 0x02000000 /* access was a store */
#define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
+diff --git a/arch/powerpc/include/asm/smp.h b/arch/powerpc/include/asm/smp.h
+index 195ce2a..ab5c614 100644
+--- a/arch/powerpc/include/asm/smp.h
++++ b/arch/powerpc/include/asm/smp.h
+@@ -50,7 +50,7 @@ struct smp_ops_t {
+ int (*cpu_disable)(void);
+ void (*cpu_die)(unsigned int nr);
+ int (*cpu_bootable)(unsigned int nr);
+-};
++} __no_const;
+
+ extern void smp_send_debugger_break(void);
+ extern void start_secondary_resume(void);
diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
index 406b7b9..af63426 100644
--- a/arch/powerpc/include/asm/thread_info.h
@@ -10484,7 +10506,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 0694d09..b58b3aa 100644
+index 0694d09..58ea1a1 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -238,7 +238,7 @@ config X86_HT
@@ -10539,19 +10561,12 @@ index 0694d09..b58b3aa 100644
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -1599,6 +1601,7 @@ config KEXEC_JUMP
- config PHYSICAL_START
- hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
- default "0x1000000"
-+ range 0x400000 0x40000000
- ---help---
- This gives the physical address where the kernel is loaded.
-
-@@ -1662,6 +1665,7 @@ config X86_NEED_RELOCS
+@@ -1662,6 +1664,8 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
-+ range 0x400000 0x1000000 if PAX_KERNEXEC
++ range 0x200000 0x1000000 if PAX_KERNEXEC && X86_PAE
++ range 0x400000 0x1000000 if PAX_KERNEXEC && !X86_PAE
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
@@ -10713,7 +10728,7 @@ index 18997e5..83d9c67 100644
return diff;
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index 8a84501..b2d165f 100644
+index 5ef205c..342191d 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small
@@ -15899,6 +15914,19 @@ index 2d946e6..e453ec4 100644
+
#endif
#endif /* _ASM_X86_THREAD_INFO_H */
+diff --git a/arch/x86/include/asm/tlb.h b/arch/x86/include/asm/tlb.h
+index 4fef207..c779730 100644
+--- a/arch/x86/include/asm/tlb.h
++++ b/arch/x86/include/asm/tlb.h
+@@ -7,7 +7,7 @@
+
+ #define tlb_flush(tlb) \
+ { \
+- if (tlb->fullmm == 0) \
++ if (!tlb->fullmm && !tlb->need_flush_all) \
+ flush_tlb_mm_range(tlb->mm, tlb->start, tlb->end, 0UL); \
+ else \
+ flush_tlb_mm_range(tlb->mm, 0UL, TLB_FLUSH_ALL, 0UL); \
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 1709801..0a60f2f 100644
--- a/arch/x86/include/asm/uaccess.h
@@ -19228,7 +19256,7 @@ index 6ed91d9..6cc365b 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index cb3c591..bc63707 100644
+index cb3c591..7ba137c 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -19370,7 +19398,7 @@ index cb3c591..bc63707 100644
+ pax_force_retaddr
+ retq
+
-+2: ljmpq __KERNEL_CS,1f
++2: ljmpq __KERNEL_CS,1b
+3: ljmpq __KERNEXEC_KERNEL_CS,4f
+4: SET_RDI_INTO_CR0
+ jmp 1b
@@ -20171,6 +20199,31 @@ index cb3c591..bc63707 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
+@@ -1712,14 +2102,13 @@ nested_nmi:
+
+ 1:
+ /* Set up the interrupted NMIs stack to jump to repeat_nmi */
+- leaq -1*8(%rsp), %rdx
+- movq %rdx, %rsp
++ subq $8, %rsp
+ CFI_ADJUST_CFA_OFFSET 1*8
+ leaq -10*8(%rsp), %rdx
+ pushq_cfi $__KERNEL_DS
+ pushq_cfi %rdx
+ pushfq_cfi
+- pushq_cfi $__KERNEL_CS
++ pushq_cfi 6*8(%rsp)
+ pushq_cfi $repeat_nmi
+
+ /* Put stack back */
+@@ -1731,6 +2120,7 @@ nested_nmi_out:
+ CFI_RESTORE rdx
+
+ /* No need to check faults here */
++ pax_force_retaddr_bts
+ INTERRUPT_RETURN
+
+ CFI_RESTORE_STATE
@@ -1847,6 +2237,17 @@ end_repeat_nmi:
*/
movq %cr2, %r12
@@ -28943,7 +28996,7 @@ index 75c9a6a..498d677 100644
if (vma == &gate_vma)
return "[vsyscall]";
diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c
-index 7b179b4..6bd1777 100644
+index 7b179b4..6bd17777 100644
--- a/arch/x86/mm/iomap_32.c
+++ b/arch/x86/mm/iomap_32.c
@@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot)
@@ -29384,10 +29437,24 @@ index 9f0614d..92ae64a 100644
p += get_opcode(p, &opcode);
for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
-index e27fbf8..8b56dc9 100644
+index e27fbf8..213e72b 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
-@@ -84,10 +84,64 @@ static inline void pgd_list_del(pgd_t *pgd)
+@@ -58,6 +58,13 @@ void ___pte_free_tlb(struct mmu_gather *tlb, struct page *pte)
+ void ___pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd)
+ {
+ paravirt_release_pmd(__pa(pmd) >> PAGE_SHIFT);
++ /*
++ * NOTE! For PAE, any changes to the top page-directory-pointer-table
++ * entries need a full cr3 reload to flush.
++ */
++#ifdef CONFIG_X86_PAE
++ tlb->need_flush_all = 1;
++#endif
+ tlb_remove_page(tlb, virt_to_page(pmd));
+ }
+
+@@ -84,10 +91,64 @@ static inline void pgd_list_del(pgd_t *pgd)
list_del(&page->lru);
}
@@ -29454,7 +29521,7 @@ index e27fbf8..8b56dc9 100644
static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm)
{
BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm));
-@@ -128,6 +182,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -128,6 +189,7 @@ static void pgd_dtor(pgd_t *pgd)
pgd_list_del(pgd);
spin_unlock(&pgd_lock);
}
@@ -29462,7 +29529,7 @@ index e27fbf8..8b56dc9 100644
/*
* List of all pgd's needed for non-PAE so it can invalidate entries
-@@ -140,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -140,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd)
* -- nyc
*/
@@ -29471,7 +29538,7 @@ index e27fbf8..8b56dc9 100644
/*
* In PAE mode, we need to do a cr3 reload (=tlb flush) when
* updating the top-level pagetable entries to guarantee the
-@@ -152,7 +207,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -152,7 +214,7 @@ static void pgd_dtor(pgd_t *pgd)
* not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate
* and initialize the kernel pmds here.
*/
@@ -29480,7 +29547,7 @@ index e27fbf8..8b56dc9 100644
void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
{
-@@ -170,36 +225,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
+@@ -170,36 +232,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
*/
flush_tlb_mm(mm);
}
@@ -29530,7 +29597,7 @@ index e27fbf8..8b56dc9 100644
return -ENOMEM;
}
-@@ -212,51 +269,55 @@ static int preallocate_pmds(pmd_t *pmds[])
+@@ -212,51 +276,55 @@ static int preallocate_pmds(pmd_t *pmds[])
* preallocate which never got a corresponding vma will need to be
* freed manually.
*/
@@ -29603,7 +29670,7 @@ index e27fbf8..8b56dc9 100644
pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
-@@ -265,11 +326,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -265,11 +333,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
mm->pgd = pgd;
@@ -29617,7 +29684,7 @@ index e27fbf8..8b56dc9 100644
/*
* Make sure that pre-populating the pmds is atomic with
-@@ -279,14 +340,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -279,14 +347,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
spin_lock(&pgd_lock);
pgd_ctor(mm, pgd);
@@ -29635,7 +29702,7 @@ index e27fbf8..8b56dc9 100644
out_free_pgd:
free_page((unsigned long)pgd);
out:
-@@ -295,7 +356,7 @@ out:
+@@ -295,7 +363,7 @@ out:
void pgd_free(struct mm_struct *mm, pgd_t *pgd)
{
@@ -31422,7 +31489,7 @@ index 431e875..cbb23f3 100644
-}
-__setup("vdso=", vdso_setup);
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 2262003..f229ced 100644
+index 2262003..3ee61cf 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
@@ -31450,10 +31517,19 @@ index 2262003..f229ced 100644
unsigned int size = dtr->size + 1;
- unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE;
- unsigned long frames[pages];
-+ unsigned long frames[65536 / PAGE_SIZE];
++ unsigned long frames[(GDT_SIZE + PAGE_SIZE - 1) / PAGE_SIZE];
int f;
/*
+@@ -554,7 +550,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+ * 8-byte entries, or 16 4k pages..
+ */
+
+- BUG_ON(size > 65536);
++ BUG_ON(size > GDT_SIZE);
+ BUG_ON(va & ~PAGE_MASK);
+
+ for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
@@ -939,7 +935,7 @@ static u32 xen_safe_apic_wait_icr_idle(void)
return 0;
}
@@ -31520,22 +31596,20 @@ index 2262003..f229ced 100644
xen_setup_features();
-@@ -1399,14 +1405,7 @@ asmlinkage void __init xen_start_kernel(void)
- pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;
- }
+@@ -1401,13 +1407,6 @@ asmlinkage void __init xen_start_kernel(void)
+
+ machine_ops = xen_machine_ops;
-- machine_ops = xen_machine_ops;
--
- /*
- * The only reliable way to retain the initial address of the
- * percpu gdt_page is to remember it here, so we can go and
- * mark it RW later, when the initial percpu area is freed.
- */
- xen_initial_gdt = &per_cpu(gdt_page, 0);
-+ memcpy((void *)&machine_ops, &xen_machine_ops, sizeof machine_ops);
-
+-
xen_smp_init();
+ #ifdef CONFIG_ACPI_NUMA
@@ -1598,7 +1597,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -31546,10 +31620,46 @@ index 2262003..f229ced 100644
};
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index 01de35c..0bda07b 100644
+index 01de35c..692023f 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
-@@ -1881,6 +1881,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1739,14 +1739,18 @@ static void *m2v(phys_addr_t maddr)
+ }
+
+ /* Set the page permissions on an identity-mapped pages */
+-static void set_page_prot(void *addr, pgprot_t prot)
++static void set_page_prot_flags(void *addr, pgprot_t prot, unsigned long flags)
+ {
+ unsigned long pfn = __pa(addr) >> PAGE_SHIFT;
+ pte_t pte = pfn_pte(pfn, prot);
+
+- if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, 0))
++ if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, flags))
+ BUG();
+ }
++static void set_page_prot(void *addr, pgprot_t prot)
++{
++ return set_page_prot_flags(addr, prot, UVMF_NONE);
++}
+ #ifdef CONFIG_X86_32
+ static void __init xen_map_identity_early(pmd_t *pmd, unsigned long max_pfn)
+ {
+@@ -1830,12 +1834,12 @@ static void __init check_pt_base(unsigned long *pt_base, unsigned long *pt_end,
+ unsigned long addr)
+ {
+ if (*pt_base == PFN_DOWN(__pa(addr))) {
+- set_page_prot((void *)addr, PAGE_KERNEL);
++ set_page_prot_flags((void *)addr, PAGE_KERNEL, UVMF_INVLPG);
+ clear_page((void *)addr);
+ (*pt_base)++;
+ }
+ if (*pt_end == PFN_DOWN(__pa(addr))) {
+- set_page_prot((void *)addr, PAGE_KERNEL);
++ set_page_prot_flags((void *)addr, PAGE_KERNEL, UVMF_INVLPG);
+ clear_page((void *)addr);
+ (*pt_end)--;
+ }
+@@ -1881,6 +1885,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
/* L3_k[510] -> level2_kernel_pgt
* L3_i[511] -> level2_fixmap_pgt */
convert_pfn_mfn(level3_kernel_pgt);
@@ -31559,7 +31669,7 @@ index 01de35c..0bda07b 100644
/* We get [511][511] and have Xen's version of level2_kernel_pgt */
l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
-@@ -1910,8 +1913,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1910,8 +1917,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
@@ -31572,7 +31682,7 @@ index 01de35c..0bda07b 100644
set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
-@@ -2097,6 +2104,7 @@ static void __init xen_post_allocator_init(void)
+@@ -2097,6 +2108,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if PAGETABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -31580,7 +31690,7 @@ index 01de35c..0bda07b 100644
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2178,6 +2186,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2178,6 +2190,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
@@ -32208,10 +32318,10 @@ index 6cd7805..07facb3 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 46cd3f4..0871ad0 100644
+index 501c209..5f28b4d 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
-@@ -4780,7 +4780,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4784,7 +4784,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -32220,7 +32330,7 @@ index 46cd3f4..0871ad0 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4796,7 +4796,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4800,7 +4800,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -32229,7 +32339,7 @@ index 46cd3f4..0871ad0 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5892,6 +5892,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5896,6 +5896,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -32237,7 +32347,7 @@ index 46cd3f4..0871ad0 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5905,8 +5906,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5909,8 +5910,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -35061,7 +35171,7 @@ index be174ca..7f38143 100644
DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
-index 133b413..fd68225 100644
+index 32d7775..c8be5e1 100644
--- a/drivers/gpu/drm/drm_fops.c
+++ b/drivers/gpu/drm/drm_fops.c
@@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev)
@@ -35073,7 +35183,7 @@ index 133b413..fd68225 100644
dev->sigdata.lock = NULL;
-@@ -134,7 +134,7 @@ int drm_open(struct inode *inode, struct file *filp)
+@@ -135,7 +135,7 @@ int drm_open(struct inode *inode, struct file *filp)
if (drm_device_is_unplugged(dev))
return -ENODEV;
@@ -35081,8 +35191,8 @@ index 133b413..fd68225 100644
+ if (local_inc_return(&dev->open_count) == 1)
need_setup = 1;
mutex_lock(&dev->struct_mutex);
- old_mapping = dev->dev_mapping;
-@@ -149,7 +149,7 @@ int drm_open(struct inode *inode, struct file *filp)
+ old_imapping = inode->i_mapping;
+@@ -151,7 +151,7 @@ int drm_open(struct inode *inode, struct file *filp)
retcode = drm_open_helper(inode, filp, dev);
if (retcode)
goto err_undo;
@@ -35091,7 +35201,7 @@ index 133b413..fd68225 100644
if (need_setup) {
retcode = drm_setup(dev);
if (retcode)
-@@ -164,7 +164,7 @@ err_undo:
+@@ -166,7 +166,7 @@ err_undo:
iput(container_of(dev->dev_mapping, struct inode, i_data));
dev->dev_mapping = old_mapping;
mutex_unlock(&dev->struct_mutex);
@@ -35100,7 +35210,7 @@ index 133b413..fd68225 100644
return retcode;
}
EXPORT_SYMBOL(drm_open);
-@@ -438,7 +438,7 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -440,7 +440,7 @@ int drm_release(struct inode *inode, struct file *filp)
mutex_lock(&drm_global_mutex);
@@ -35109,7 +35219,7 @@ index 133b413..fd68225 100644
if (dev->driver->preclose)
dev->driver->preclose(dev, file_priv);
-@@ -447,10 +447,10 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -449,10 +449,10 @@ int drm_release(struct inode *inode, struct file *filp)
* Begin inline drm_release
*/
@@ -35122,7 +35232,7 @@ index 133b413..fd68225 100644
/* Release any auth tokens that might point to this file_priv,
(do that under the drm_global_mutex) */
-@@ -547,8 +547,8 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -549,8 +549,8 @@ int drm_release(struct inode *inode, struct file *filp)
* End inline drm_release
*/
@@ -35437,7 +35547,7 @@ index 7339a4b..445aaba 100644
return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
}
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index 7adf5a7..e24fb51 100644
+index ba8805a..39d5330 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -672,7 +672,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring,
@@ -35609,7 +35719,7 @@ index fe84338..a863190 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index e6e4df7..6a9a1bd 100644
+index d3f834a..0ad1b37 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -2255,7 +2255,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb)
@@ -39701,6 +39811,27 @@ index 10bc093..a2fb42a 100644
}
return rval;
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+index 5523da3..4fcf274 100644
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+@@ -4767,7 +4767,7 @@ static void bnx2x_after_function_update(struct bnx2x *bp)
+ q);
+ }
+
+- if (!NO_FCOE(bp)) {
++ if (!NO_FCOE(bp) && CNIC_ENABLED(bp)) {
+ fp = &bp->fp[FCOE_IDX(bp)];
+ queue_params.q_obj = &bnx2x_sp_obj(bp, fp).q_obj;
+
+@@ -13047,6 +13047,7 @@ static int bnx2x_unregister_cnic(struct net_device *dev)
+ RCU_INIT_POINTER(bp->cnic_ops, NULL);
+ mutex_unlock(&bp->cnic_mutex);
+ synchronize_rcu();
++ bp->cnic_enabled = false;
+ kfree(bp->cnic_kwq);
+ bp->cnic_kwq = NULL;
+
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
index 09b625e..15b16fe 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
@@ -39826,6 +39957,142 @@ index b901a01..1ff32ee 100644
#include "ftmac100.h"
+diff --git a/drivers/net/ethernet/intel/e100.c b/drivers/net/ethernet/intel/e100.c
+index a59f077..7925d77 100644
+--- a/drivers/net/ethernet/intel/e100.c
++++ b/drivers/net/ethernet/intel/e100.c
+@@ -870,7 +870,7 @@ err_unlock:
+ }
+
+ static int e100_exec_cb(struct nic *nic, struct sk_buff *skb,
+- void (*cb_prepare)(struct nic *, struct cb *, struct sk_buff *))
++ int (*cb_prepare)(struct nic *, struct cb *, struct sk_buff *))
+ {
+ struct cb *cb;
+ unsigned long flags;
+@@ -888,10 +888,13 @@ static int e100_exec_cb(struct nic *nic, struct sk_buff *skb,
+ nic->cbs_avail--;
+ cb->skb = skb;
+
++ err = cb_prepare(nic, cb, skb);
++ if (err)
++ goto err_unlock;
++
+ if (unlikely(!nic->cbs_avail))
+ err = -ENOSPC;
+
+- cb_prepare(nic, cb, skb);
+
+ /* Order is important otherwise we'll be in a race with h/w:
+ * set S-bit in current first, then clear S-bit in previous. */
+@@ -1091,7 +1094,7 @@ static void e100_get_defaults(struct nic *nic)
+ nic->mii.mdio_write = mdio_write;
+ }
+
+-static void e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb)
++static int e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb)
+ {
+ struct config *config = &cb->u.config;
+ u8 *c = (u8 *)config;
+@@ -1181,6 +1184,7 @@ static void e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb)
+ netif_printk(nic, hw, KERN_DEBUG, nic->netdev,
+ "[16-23]=%02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X\n",
+ c[16], c[17], c[18], c[19], c[20], c[21], c[22], c[23]);
++ return 0;
+ }
+
+ /*************************************************************************
+@@ -1331,7 +1335,7 @@ static const struct firmware *e100_request_firmware(struct nic *nic)
+ return fw;
+ }
+
+-static void e100_setup_ucode(struct nic *nic, struct cb *cb,
++static int e100_setup_ucode(struct nic *nic, struct cb *cb,
+ struct sk_buff *skb)
+ {
+ const struct firmware *fw = (void *)skb;
+@@ -1358,6 +1362,7 @@ static void e100_setup_ucode(struct nic *nic, struct cb *cb,
+ cb->u.ucode[min_size] |= cpu_to_le32((BUNDLESMALL) ? 0xFFFF : 0xFF80);
+
+ cb->command = cpu_to_le16(cb_ucode | cb_el);
++ return 0;
+ }
+
+ static inline int e100_load_ucode_wait(struct nic *nic)
+@@ -1400,18 +1405,20 @@ static inline int e100_load_ucode_wait(struct nic *nic)
+ return err;
+ }
+
+-static void e100_setup_iaaddr(struct nic *nic, struct cb *cb,
++static int e100_setup_iaaddr(struct nic *nic, struct cb *cb,
+ struct sk_buff *skb)
+ {
+ cb->command = cpu_to_le16(cb_iaaddr);
+ memcpy(cb->u.iaaddr, nic->netdev->dev_addr, ETH_ALEN);
++ return 0;
+ }
+
+-static void e100_dump(struct nic *nic, struct cb *cb, struct sk_buff *skb)
++static int e100_dump(struct nic *nic, struct cb *cb, struct sk_buff *skb)
+ {
+ cb->command = cpu_to_le16(cb_dump);
+ cb->u.dump_buffer_addr = cpu_to_le32(nic->dma_addr +
+ offsetof(struct mem, dump_buf));
++ return 0;
+ }
+
+ static int e100_phy_check_without_mii(struct nic *nic)
+@@ -1581,7 +1588,7 @@ static int e100_hw_init(struct nic *nic)
+ return 0;
+ }
+
+-static void e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb)
++static int e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb)
+ {
+ struct net_device *netdev = nic->netdev;
+ struct netdev_hw_addr *ha;
+@@ -1596,6 +1603,7 @@ static void e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb)
+ memcpy(&cb->u.multi.addr[i++ * ETH_ALEN], &ha->addr,
+ ETH_ALEN);
+ }
++ return 0;
+ }
+
+ static void e100_set_multicast_list(struct net_device *netdev)
+@@ -1756,11 +1764,18 @@ static void e100_watchdog(unsigned long data)
+ round_jiffies(jiffies + E100_WATCHDOG_PERIOD));
+ }
+
+-static void e100_xmit_prepare(struct nic *nic, struct cb *cb,
++static int e100_xmit_prepare(struct nic *nic, struct cb *cb,
+ struct sk_buff *skb)
+ {
++ dma_addr_t dma_addr;
+ cb->command = nic->tx_command;
+
++ dma_addr = pci_map_single(nic->pdev,
++ skb->data, skb->len, PCI_DMA_TODEVICE);
++ /* If we can't map the skb, have the upper layer try later */
++ if (pci_dma_mapping_error(nic->pdev, dma_addr))
++ return -ENOMEM;
++
+ /*
+ * Use the last 4 bytes of the SKB payload packet as the CRC, used for
+ * testing, ie sending frames with bad CRC.
+@@ -1777,11 +1792,10 @@ static void e100_xmit_prepare(struct nic *nic, struct cb *cb,
+ cb->u.tcb.tcb_byte_count = 0;
+ cb->u.tcb.threshold = nic->tx_threshold;
+ cb->u.tcb.tbd_count = 1;
+- cb->u.tcb.tbd.buf_addr = cpu_to_le32(pci_map_single(nic->pdev,
+- skb->data, skb->len, PCI_DMA_TODEVICE));
+- /* check for mapping failure? */
++ cb->u.tcb.tbd.buf_addr = cpu_to_le32(dma_addr);
+ cb->u.tcb.tbd.size = cpu_to_le16(skb->len);
+ skb_tx_timestamp(skb);
++ return 0;
+ }
+
+ static netdev_tx_t e100_xmit_frame(struct sk_buff *skb,
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
index bb9256a..56d8752 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
@@ -39878,7 +40145,7 @@ index fbe5363..266b4e3 100644
__vxge_hw_mempool_create(vpath->hldev,
fifo->config->memblock_size,
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 998974f..ecd26db 100644
+index 2d849da..23bba3b 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -741,22 +741,22 @@ struct rtl8169_private {
@@ -40648,20 +40915,6 @@ index ff90855..e46d223 100644
}
spin_lock_init(&hwsim_radio_lock);
-diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
-index cdb11b3..3eca710 100644
---- a/drivers/net/wireless/mwifiex/cfg80211.c
-+++ b/drivers/net/wireless/mwifiex/cfg80211.c
-@@ -1846,7 +1846,8 @@ mwifiex_cfg80211_scan(struct wiphy *wiphy,
- }
- }
-
-- for (i = 0; i < request->n_channels; i++) {
-+ for (i = 0; i < min_t(u32, request->n_channels,
-+ MWIFIEX_USER_SCAN_CHAN_MAX); i++) {
- chan = request->channels[i];
- priv->user_scan_cfg->chan_list[i].chan_number = chan->hw_value;
- priv->user_scan_cfg->chan_list[i].radio_type = chan->band;
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
index abe1d03..fb02c22 100644
--- a/drivers/net/wireless/rndis_wlan.c
@@ -50452,10 +50705,51 @@ index cc7709e..7e7211f 100644
/* Free the char* */
kfree(buf);
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
-index 412e6ed..4292d22 100644
+index 412e6ed..d8263e8 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
-@@ -315,7 +315,7 @@ check_list:
+@@ -80,13 +80,6 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
+ int rc;
+
+ mutex_lock(&ecryptfs_daemon_hash_mux);
+- rc = try_module_get(THIS_MODULE);
+- if (rc == 0) {
+- rc = -EIO;
+- printk(KERN_ERR "%s: Error attempting to increment module use "
+- "count; rc = [%d]\n", __func__, rc);
+- goto out_unlock_daemon_list;
+- }
+ rc = ecryptfs_find_daemon_by_euid(&daemon);
+ if (!rc) {
+ rc = -EINVAL;
+@@ -96,7 +89,7 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
+ if (rc) {
+ printk(KERN_ERR "%s: Error attempting to spawn daemon; "
+ "rc = [%d]\n", __func__, rc);
+- goto out_module_put_unlock_daemon_list;
++ goto out_unlock_daemon_list;
+ }
+ mutex_lock(&daemon->mux);
+ if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) {
+@@ -108,9 +101,6 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
+ atomic_inc(&ecryptfs_num_miscdev_opens);
+ out_unlock_daemon:
+ mutex_unlock(&daemon->mux);
+-out_module_put_unlock_daemon_list:
+- if (rc)
+- module_put(THIS_MODULE);
+ out_unlock_daemon_list:
+ mutex_unlock(&ecryptfs_daemon_hash_mux);
+ return rc;
+@@ -147,7 +137,6 @@ ecryptfs_miscdev_release(struct inode *inode, struct file *file)
+ "bug.\n", __func__, rc);
+ BUG();
+ }
+- module_put(THIS_MODULE);
+ return rc;
+ }
+
+@@ -315,7 +304,7 @@ check_list:
goto out_unlock_msg_ctx;
i = PKT_TYPE_SIZE + PKT_CTR_SIZE;
if (msg_ctx->msg) {
@@ -50464,6 +50758,14 @@ index 412e6ed..4292d22 100644
goto out_unlock_msg_ctx;
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
+@@ -471,6 +460,7 @@ out_free:
+
+
+ static const struct file_operations ecryptfs_miscdev_fops = {
++ .owner = THIS_MODULE,
+ .open = ecryptfs_miscdev_open,
+ .poll = ecryptfs_miscdev_poll,
+ .read = ecryptfs_miscdev_read,
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
index b2a34a1..162fa69 100644
--- a/fs/ecryptfs/read_write.c
@@ -53175,9 +53477,18 @@ index 78bde32..767e906 100644
static int can_do_hugetlb_shm(void)
{
diff --git a/fs/inode.c b/fs/inode.c
-index 14084b7..29af1d9 100644
+index 14084b7..6a439ea 100644
--- a/fs/inode.c
+++ b/fs/inode.c
+@@ -725,7 +725,7 @@ void prune_icache_sb(struct super_block *sb, int nr_to_scan)
+ * inode to the back of the list so we don't spin on it.
+ */
+ if (!spin_trylock(&inode->i_lock)) {
+- list_move_tail(&inode->i_lru, &sb->s_inode_lru);
++ list_move(&inode->i_lru, &sb->s_inode_lru);
+ continue;
+ }
+
@@ -880,8 +880,8 @@ unsigned int get_next_ino(void)
#ifdef CONFIG_SMP
@@ -53894,7 +54205,7 @@ index ec97aef..e67718d 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index 5dd7709..0002ebe 100644
+index 5dd7709..6f64e9c 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1219,6 +1219,9 @@ static int do_umount(struct mount *mnt, int flags)
@@ -53917,6 +54228,15 @@ index 5dd7709..0002ebe 100644
return retval;
}
+@@ -1713,7 +1719,7 @@ static int do_loopback(struct path *path, const char *old_name,
+
+ if (IS_ERR(mnt)) {
+ err = PTR_ERR(mnt);
+- goto out;
++ goto out2;
+ }
+
+ err = graft_tree(mnt, path);
@@ -2294,6 +2300,16 @@ long do_mount(const char *dev_name, const char *dir_name,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
@@ -56082,21 +56402,6 @@ index 157e474..65a6114 100644
#define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen)
#define __fs_changed(gen,s) (gen != get_generation (s))
#define fs_changed(gen,s) \
-diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
-index c196369..4cce1d9 100644
---- a/fs/reiserfs/xattr.c
-+++ b/fs/reiserfs/xattr.c
-@@ -187,8 +187,8 @@ fill_with_dentries(void *buf, const char *name, int namelen, loff_t offset,
- if (dbuf->count == ARRAY_SIZE(dbuf->dentries))
- return -ENOSPC;
-
-- if (name[0] == '.' && (name[1] == '\0' ||
-- (name[1] == '.' && name[2] == '\0')))
-+ if (name[0] == '.' && (namelen < 2 ||
-+ (namelen == 2 && name[1] == '.')))
- return 0;
-
- dentry = lookup_one_len(name, dbuf->xadir, namelen);
diff --git a/fs/select.c b/fs/select.c
index 2ef72d9..f213b17 100644
--- a/fs/select.c
@@ -57776,7 +58081,7 @@ index 0000000..1b9afa9
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..d0e7b38
+index 0000000..b306b36
--- /dev/null
+++ b/grsecurity/gracl.c
@@ -0,0 +1,4071 @@
@@ -60112,7 +60417,7 @@ index 0000000..d0e7b38
+ return;
+
+ for (i = 0; i < RLIM_NLIMITS; i++) {
-+ if (!(proc->resmask & (1 << i)))
++ if (!(proc->resmask & (1U << i)))
+ continue;
+
+ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
@@ -61347,7 +61652,7 @@ index 0000000..d0e7b38
+ acl = task->acl;
+
+ if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
-+ !(acl->resmask & (1 << (unsigned short) res))))
++ !(acl->resmask & (1U << (unsigned short) res))))
+ return;
+
+ if (wanted >= acl->res[res].rlim_cur) {
@@ -62517,10 +62822,10 @@ index 0000000..a340c17
+}
diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
new file mode 100644
-index 0000000..4699807
+index 0000000..8132048
--- /dev/null
+++ b/grsecurity/gracl_ip.c
-@@ -0,0 +1,384 @@
+@@ -0,0 +1,387 @@
+#include <linux/kernel.h>
+#include <asm/uaccess.h>
+#include <asm/errno.h>
@@ -62627,7 +62932,7 @@ index 0000000..4699807
+
+ curr = current->acl;
+
-+ if (curr->sock_families[domain / 32] & (1 << (domain % 32))) {
++ if (curr->sock_families[domain / 32] & (1U << (domain % 32))) {
+ /* the family is allowed, if this is PF_INET allow it only if
+ the extra sock type/protocol checks pass */
+ if (domain == PF_INET)
@@ -62654,8 +62959,8 @@ index 0000000..4699807
+ if (!curr->ips)
+ goto exit;
+
-+ if ((curr->ip_type & (1 << type)) &&
-+ (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
++ if ((curr->ip_type & (1U << type)) &&
++ (curr->ip_proto[protocol / 32] & (1U << (protocol % 32))))
+ goto exit;
+
+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
@@ -62692,6 +62997,9 @@ index 0000000..4699807
+ gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
+ gr_socktype_to_name(type), gr_proto_to_name(protocol));
+ else
++#ifndef CONFIG_IPV6
++ if (domain != PF_INET6)
++#endif
+ gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
+ gr_socktype_to_name(type), protocol);
+
@@ -62707,8 +63015,8 @@ index 0000000..4699807
+ (ip_port <= ip->high) &&
+ ((ntohl(ip_addr) & our_netmask) ==
+ (ntohl(our_addr) & our_netmask))
-+ && (ip->proto[protocol / 32] & (1 << (protocol % 32)))
-+ && (ip->type & (1 << type))) {
++ && (ip->proto[protocol / 32] & (1U << (protocol % 32)))
++ && (ip->type & (1U << type))) {
+ if (ip->mode & GR_INVERT)
+ return 2; // specifically denied
+ else
@@ -63194,7 +63502,7 @@ index 0000000..39645c9
+}
diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
new file mode 100644
-index 0000000..8c8fc9d
+index 0000000..cb1e5ab
--- /dev/null
+++ b/grsecurity/gracl_segv.c
@@ -0,0 +1,303 @@
@@ -63395,7 +63703,7 @@ index 0000000..8c8fc9d
+
+ curr = task->acl;
+
-+ if (!(curr->resmask & (1 << GR_CRASH_RES)))
++ if (!(curr->resmask & (1U << GR_CRASH_RES)))
+ return;
+
+ if (time_before_eq(curr->expires, get_seconds())) {
@@ -63461,7 +63769,7 @@ index 0000000..8c8fc9d
+ current->role);
+ read_unlock(&gr_inode_lock);
+
-+ if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
++ if (!curr || !(curr->resmask & (1U << GR_CRASH_RES)) ||
+ (!curr->crashes && !curr->expires))
+ return 0;
+
@@ -67212,6 +67520,24 @@ index 5cf680a..4b74d62 100644
#endif /* CONFIG_MMU */
#endif /* !__ASSEMBLY__ */
+diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h
+index 25f01d0..b1b1fa6 100644
+--- a/include/asm-generic/tlb.h
++++ b/include/asm-generic/tlb.h
+@@ -99,7 +99,12 @@ struct mmu_gather {
+ unsigned int need_flush : 1, /* Did free PTEs */
+ fast_mode : 1; /* No batching */
+
+- unsigned int fullmm;
++ /* we are in the middle of an operation to clear
++ * a full mm and can make some optimizations */
++ unsigned int fullmm : 1,
++ /* we have performed an operation which
++ * requires a complete flush of the tlb */
++ need_flush_all : 1;
+
+ struct mmu_gather_batch *active;
+ struct mmu_gather_batch local;
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index d1ea7ce..b1ebf2a 100644
--- a/include/asm-generic/vmlinux.lds.h
@@ -69758,10 +70084,10 @@ index 2c497ab..afe32f5 100644
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
diff --git a/include/linux/libata.h b/include/linux/libata.h
-index 649e5f8..ead5194 100644
+index 0621bca..24d6851 100644
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
-@@ -915,7 +915,7 @@ struct ata_port_operations {
+@@ -916,7 +916,7 @@ struct ata_port_operations {
* fields must be pointers.
*/
const struct ata_port_operations *inherits;
@@ -78423,7 +78749,7 @@ index 2f194e9..2c05ea9 100644
.priority = 10,
};
diff --git a/kernel/sys.c b/kernel/sys.c
-index 265b376..4e42ef5 100644
+index 265b376..48b8613 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
@@ -78512,17 +78838,16 @@ index 265b376..4e42ef5 100644
if (rgid != (gid_t) -1)
new->gid = krgid;
if (egid != (gid_t) -1)
-@@ -981,6 +1009,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
- if (!uid_valid(kuid))
- return old_fsuid;
-
-+ if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid))
-+ goto error;
+@@ -989,12 +1017,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+ uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
+ nsown_capable(CAP_SETUID)) {
+ if (!uid_eq(kuid, old->fsuid)) {
++ if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid))
++ goto error;
+
- new = prepare_creds();
- if (!new)
- return old_fsuid;
-@@ -995,6 +1026,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+ new->fsuid = kuid;
+ if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
+ goto change_okay;
}
}
@@ -79133,10 +79458,18 @@ index c0bd030..62a1927 100644
ret = -EIO;
bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index b27052c..0e1af95 100644
+index 64bc5d8..1ed69e2 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
-@@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
+@@ -668,7 +668,6 @@ int ftrace_profile_pages_init(struct ftrace_profile_stat *stat)
+ free_page(tmp);
+ }
+
+- free_page((unsigned long)stat->pages);
+ stat->pages = NULL;
+ stat->start = NULL;
+
+@@ -1874,12 +1873,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
if (unlikely(ftrace_disabled))
return 0;
@@ -79156,7 +79489,7 @@ index b27052c..0e1af95 100644
}
/*
-@@ -2965,7 +2970,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
+@@ -2965,7 +2969,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
int
register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops,
@@ -79165,7 +79498,7 @@ index b27052c..0e1af95 100644
{
struct ftrace_func_probe *entry;
struct ftrace_page *pg;
-@@ -3832,8 +3837,10 @@ static int ftrace_process_locs(struct module *mod,
+@@ -3832,8 +3836,10 @@ static int ftrace_process_locs(struct module *mod,
if (!count)
return 0;
@@ -79176,7 +79509,7 @@ index b27052c..0e1af95 100644
start_pg = ftrace_allocate_pages(count);
if (!start_pg)
-@@ -4559,8 +4566,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
+@@ -4555,8 +4561,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
static int ftrace_graph_active;
@@ -79185,7 +79518,7 @@ index b27052c..0e1af95 100644
int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace)
{
return 0;
-@@ -4704,6 +4709,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
+@@ -4700,6 +4704,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
return NOTIFY_DONE;
}
@@ -79196,7 +79529,7 @@ index b27052c..0e1af95 100644
int register_ftrace_graph(trace_func_graph_ret_t retfunc,
trace_func_graph_ent_t entryfunc)
{
-@@ -4717,7 +4726,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
+@@ -4713,7 +4721,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
goto out;
}
@@ -79986,10 +80319,33 @@ index bd2bea9..6b3c95e 100644
return false;
diff --git a/lib/kobject.c b/lib/kobject.c
-index e07ee1f..998489d 100644
+index e07ee1f..a4fd13d 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
-@@ -852,9 +852,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
+@@ -529,6 +529,13 @@ struct kobject *kobject_get(struct kobject *kobj)
+ return kobj;
+ }
+
++static struct kobject *kobject_get_unless_zero(struct kobject *kobj)
++{
++ if (!kref_get_unless_zero(&kobj->kref))
++ kobj = NULL;
++ return kobj;
++}
++
+ /*
+ * kobject_cleanup - free kobject resources.
+ * @kobj: object to cleanup
+@@ -751,7 +758,7 @@ struct kobject *kset_find_obj(struct kset *kset, const char *name)
+
+ list_for_each_entry(k, &kset->list, entry) {
+ if (kobject_name(k) && !strcmp(kobject_name(k), name)) {
+- ret = kobject_get(k);
++ ret = kobject_get_unless_zero(k);
+ break;
+ }
+ }
+@@ -852,9 +859,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
static DEFINE_SPINLOCK(kobj_ns_type_lock);
@@ -80822,10 +81178,18 @@ index c6e4dd3..1f41988 100644
/* keep elevated page count for bad page */
return ret;
diff --git a/mm/memory.c b/mm/memory.c
-index bb1369f..b9631d2 100644
+index bb1369f..38014f5 100644
--- a/mm/memory.c
+++ b/mm/memory.c
-@@ -433,6 +433,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -212,6 +212,7 @@ void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm)
+ tlb->mm = mm;
+
+ tlb->fullmm = fullmm;
++ tlb->need_flush_all = 0;
+ tlb->start = -1UL;
+ tlb->end = 0;
+ tlb->need_flush = 0;
+@@ -433,6 +434,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
free_pte_range(tlb, pmd, addr);
} while (pmd++, addr = next, addr != end);
@@ -80833,7 +81197,7 @@ index bb1369f..b9631d2 100644
start &= PUD_MASK;
if (start < floor)
return;
-@@ -447,6 +448,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -447,6 +449,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
pmd = pmd_offset(pud, start);
pud_clear(pud);
pmd_free_tlb(tlb, pmd, start);
@@ -80842,7 +81206,7 @@ index bb1369f..b9631d2 100644
}
static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
-@@ -466,6 +469,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -466,6 +470,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
free_pmd_range(tlb, pud, addr, next, floor, ceiling);
} while (pud++, addr = next, addr != end);
@@ -80850,7 +81214,7 @@ index bb1369f..b9631d2 100644
start &= PGDIR_MASK;
if (start < floor)
return;
-@@ -480,6 +484,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -480,6 +485,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
pud = pud_offset(pgd, start);
pgd_clear(pgd);
pud_free_tlb(tlb, pud, start);
@@ -80859,7 +81223,7 @@ index bb1369f..b9631d2 100644
}
/*
-@@ -1618,12 +1624,6 @@ no_page_table:
+@@ -1618,12 +1625,6 @@ no_page_table:
return page;
}
@@ -80872,7 +81236,7 @@ index bb1369f..b9631d2 100644
/**
* __get_user_pages() - pin user pages in memory
* @tsk: task_struct of target task
-@@ -1709,10 +1709,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1709,10 +1710,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
i = 0;
@@ -80885,7 +81249,7 @@ index bb1369f..b9631d2 100644
if (!vma && in_gate_area(mm, start)) {
unsigned long pg = start & PAGE_MASK;
pgd_t *pgd;
-@@ -1760,7 +1760,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1760,7 +1761,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
goto next_page;
}
@@ -80894,7 +81258,7 @@ index bb1369f..b9631d2 100644
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1787,11 +1787,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1787,11 +1788,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int ret;
unsigned int fault_flags = 0;
@@ -80906,7 +81270,7 @@ index bb1369f..b9631d2 100644
if (foll_flags & FOLL_WRITE)
fault_flags |= FAULT_FLAG_WRITE;
if (nonblocking)
-@@ -1865,7 +1860,7 @@ next_page:
+@@ -1865,7 +1861,7 @@ next_page:
start += PAGE_SIZE;
nr_pages--;
} while (nr_pages && start < vma->vm_end);
@@ -80915,7 +81279,7 @@ index bb1369f..b9631d2 100644
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -2072,6 +2067,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2072,6 +2068,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
@@ -80926,7 +81290,7 @@ index bb1369f..b9631d2 100644
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2116,9 +2115,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2116,9 +2116,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
if (!page_count(page))
return -EINVAL;
if (!(vma->vm_flags & VM_MIXEDMAP)) {
@@ -80948,7 +81312,7 @@ index bb1369f..b9631d2 100644
}
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2201,6 +2212,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2201,6 +2213,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -80956,7 +81320,7 @@ index bb1369f..b9631d2 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2401,7 +2413,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -2401,7 +2414,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
@@ -80967,7 +81331,7 @@ index bb1369f..b9631d2 100644
if (!pmd)
return -ENOMEM;
do {
-@@ -2421,7 +2435,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -2421,7 +2436,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
@@ -80978,7 +81342,7 @@ index bb1369f..b9631d2 100644
if (!pud)
return -ENOMEM;
do {
-@@ -2509,6 +2525,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2509,6 +2526,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
@@ -81165,7 +81529,7 @@ index bb1369f..b9631d2 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2725,6 +2921,12 @@ gotten:
+@@ -2725,6 +2922,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -81178,7 +81542,7 @@ index bb1369f..b9631d2 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2776,6 +2978,10 @@ gotten:
+@@ -2776,6 +2979,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -81189,7 +81553,7 @@ index bb1369f..b9631d2 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -3051,6 +3257,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3051,6 +3258,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -81201,7 +81565,7 @@ index bb1369f..b9631d2 100644
unlock_page(page);
if (swapcache) {
/*
-@@ -3074,6 +3285,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3074,6 +3286,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -81213,7 +81577,7 @@ index bb1369f..b9631d2 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -3093,40 +3309,6 @@ out_release:
+@@ -3093,40 +3310,6 @@ out_release:
}
/*
@@ -81254,7 +81618,7 @@ index bb1369f..b9631d2 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3135,27 +3317,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3135,27 +3318,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -81287,7 +81651,7 @@ index bb1369f..b9631d2 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3174,6 +3352,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3174,6 +3353,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -81299,7 +81663,7 @@ index bb1369f..b9631d2 100644
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -3181,6 +3364,12 @@ setpte:
+@@ -3181,6 +3365,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -81312,7 +81676,7 @@ index bb1369f..b9631d2 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -3324,6 +3513,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3324,6 +3514,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -81325,7 +81689,7 @@ index bb1369f..b9631d2 100644
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -3343,6 +3538,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3343,6 +3539,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, page_table);
@@ -81340,7 +81704,7 @@ index bb1369f..b9631d2 100644
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3664,6 +3867,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3664,6 +3868,12 @@ int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -81353,7 +81717,7 @@ index bb1369f..b9631d2 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3680,6 +3889,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3680,6 +3890,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -81364,7 +81728,7 @@ index bb1369f..b9631d2 100644
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3691,6 +3904,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3691,6 +3905,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -81399,7 +81763,7 @@ index bb1369f..b9631d2 100644
retry:
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
-@@ -3789,6 +4030,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3789,6 +4031,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -81423,7 +81787,7 @@ index bb1369f..b9631d2 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3819,11 +4077,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3819,11 +4078,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -81461,7 +81825,7 @@ index bb1369f..b9631d2 100644
struct vm_area_struct * vma;
vma = find_vma(current->mm, addr);
-@@ -3856,7 +4138,7 @@ static int __init gate_vma_init(void)
+@@ -3856,7 +4139,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -81470,7 +81834,7 @@ index bb1369f..b9631d2 100644
return 0;
}
-@@ -3990,8 +4272,8 @@ out:
+@@ -3990,8 +4273,8 @@ out:
return ret;
}
@@ -81481,7 +81845,7 @@ index bb1369f..b9631d2 100644
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -4016,8 +4298,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
+@@ -4016,8 +4299,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
@@ -81492,7 +81856,7 @@ index bb1369f..b9631d2 100644
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -4025,7 +4307,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4025,7 +4308,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
@@ -81501,7 +81865,7 @@ index bb1369f..b9631d2 100644
void *maddr;
struct page *page = NULL;
-@@ -4084,8 +4366,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4084,8 +4367,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -81512,7 +81876,7 @@ index bb1369f..b9631d2 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -4095,11 +4377,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4095,11 +4378,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
@@ -81694,7 +82058,7 @@ index c9bd528..da8d069 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index 8832b87..04240d1 100644
+index 90db251..04240d1 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -32,6 +32,7 @@
@@ -82277,15 +82641,6 @@ index 8832b87..04240d1 100644
}
unsigned long
-@@ -1922,7 +2172,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
-
- /* Check the cache first. */
- /* (Cache hit rate is typically around 35%.) */
-- vma = mm->mmap_cache;
-+ vma = ACCESS_ONCE(mm->mmap_cache);
- if (!(vma && vma->vm_end > addr && vma->vm_start <= addr)) {
- struct rb_node *rb_node;
-
@@ -1974,6 +2224,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
return vma;
}
@@ -83245,7 +83600,7 @@ index e1031e1..1f2a0a1 100644
out:
if (ret & ~PAGE_MASK)
diff --git a/mm/nommu.c b/mm/nommu.c
-index 79c3cac..b2601ea 100644
+index bbe1f3f..b2601ea 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
@@ -83256,15 +83611,6 @@ index 79c3cac..b2601ea 100644
atomic_long_t mmap_pages_allocated;
-@@ -819,7 +818,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
- struct vm_area_struct *vma;
-
- /* check the cache first */
-- vma = mm->mmap_cache;
-+ vma = ACCESS_ONCE(mm->mmap_cache);
- if (vma && vma->vm_start <= addr && vma->vm_end > addr)
- return vma;
-
@@ -839,15 +838,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
EXPORT_SYMBOL(find_vma);
@@ -85519,7 +85865,7 @@ index ddac1ee..3ee0a78 100644
};
diff --git a/net/can/gw.c b/net/can/gw.c
-index 574dda78e..3d2b3da 100644
+index 28e7bdc..d42c4cd 100644
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -67,7 +67,6 @@ MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
@@ -85935,7 +86281,7 @@ index 8acce01..2e306bb 100644
return error;
}
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 6212ec9..dd4ad3b 100644
+index 6212ec9..5ee16b2 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -85973,6 +86319,24 @@ index 6212ec9..dd4ad3b 100644
}
EXPORT_SYMBOL_GPL(__rtnl_link_unregister);
+@@ -1068,7 +1071,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
+ rcu_read_lock();
+ cb->seq = net->dev_base_seq;
+
+- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
++ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+ ifla_policy) >= 0) {
+
+ if (tb[IFLA_EXT_MASK])
+@@ -1924,7 +1927,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
+ u32 ext_filter_mask = 0;
+ u16 min_ifinfo_dump_size = 0;
+
+- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
++ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+ ifla_policy) >= 0) {
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
diff --git a/net/core/scm.c b/net/core/scm.c
index 2dc6cda..2159524 100644
--- a/net/core/scm.c
@@ -87747,7 +88111,7 @@ index e85c48b..b8268d3 100644
struct ctl_table *ipv6_icmp_table;
int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 8d19346..e47216f 100644
+index 8d19346..f122ba5 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
@@ -87761,7 +88125,15 @@ index 8d19346..e47216f 100644
static void tcp_v6_hash(struct sock *sk)
{
if (sk->sk_state != TCP_CLOSE) {
-@@ -1440,6 +1444,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -386,6 +390,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+
+ if (dst)
+ dst->ops->redirect(dst, sk, skb);
++ goto out;
+ }
+
+ if (type == ICMPV6_PKT_TOOBIG) {
+@@ -1440,6 +1445,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -87771,7 +88143,7 @@ index 8d19346..e47216f 100644
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1521,12 +1528,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1521,12 +1529,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -87794,7 +88166,7 @@ index 8d19346..e47216f 100644
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1575,6 +1590,10 @@ no_tcp_socket:
+@@ -1575,6 +1591,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -88009,7 +88381,7 @@ index 5b426a6..970032b 100644
return res;
}
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index 0479c64..9e72ff4 100644
+index 49c48c6..9e72ff4 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -790,7 +790,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
@@ -88021,34 +88393,7 @@ index 0479c64..9e72ff4 100644
local->_oper_channel = chandef->chan;
local->_oper_channel_type = cfg80211_get_chandef_type(chandef);
ieee80211_hw_config(local, 0);
-@@ -2499,7 +2499,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
- list_del(&dep->list);
- mutex_unlock(&local->mtx);
-
-- ieee80211_roc_notify_destroy(dep);
-+ ieee80211_roc_notify_destroy(dep, true);
- return 0;
- }
-
-@@ -2539,7 +2539,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
- ieee80211_start_next_roc(local);
- mutex_unlock(&local->mtx);
-
-- ieee80211_roc_notify_destroy(found);
-+ ieee80211_roc_notify_destroy(found, true);
- } else {
- /* work may be pending so use it all the time */
- found->abort = true;
-@@ -2549,6 +2549,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
-
- /* work will clean up etc */
- flush_delayed_work(&found->work);
-+ WARN_ON(!found->to_be_freed);
-+ kfree(found);
- }
-
- return 0;
-@@ -2716,7 +2718,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
+@@ -2718,7 +2718,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
else
local->probe_req_reg--;
@@ -88058,7 +88403,7 @@ index 0479c64..9e72ff4 100644
ieee80211_queue_work(&local->hw, &local->reconfig_filter);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 2ed065c..bec0c2b 100644
+index 55d8f89..bec0c2b 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -28,6 +28,7 @@
@@ -88069,15 +88414,7 @@ index 2ed065c..bec0c2b 100644
#include "key.h"
#include "sta_info.h"
#include "debug.h"
-@@ -346,6 +347,7 @@ struct ieee80211_roc_work {
- struct ieee80211_channel *chan;
-
- bool started, abort, hw_begun, notified;
-+ bool to_be_freed;
-
- unsigned long hw_start_time;
-
-@@ -909,7 +911,7 @@ struct ieee80211_local {
+@@ -910,7 +911,7 @@ struct ieee80211_local {
/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
spinlock_t queue_stop_reason_lock;
@@ -88086,15 +88423,6 @@ index 2ed065c..bec0c2b 100644
int monitors, cooked_mntrs;
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
-@@ -1363,7 +1365,7 @@ void ieee80211_offchannel_return(struct ieee80211_local *local);
- void ieee80211_roc_setup(struct ieee80211_local *local);
- void ieee80211_start_next_roc(struct ieee80211_local *local);
- void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata);
--void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc);
-+void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free);
- void ieee80211_sw_roc_work(struct work_struct *work);
- void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);
-
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 8be854e..ad72a69 100644
--- a/net/mac80211/iface.c
@@ -88175,84 +88503,6 @@ index 1b087ff..bf600e9 100644
ret = drv_config(local, changed);
/*
* Goal:
-diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
-index a3ad4c3..7acbdaa 100644
---- a/net/mac80211/offchannel.c
-+++ b/net/mac80211/offchannel.c
-@@ -299,10 +299,13 @@ void ieee80211_start_next_roc(struct ieee80211_local *local)
- }
- }
-
--void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
-+void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free)
- {
- struct ieee80211_roc_work *dep, *tmp;
-
-+ if (WARN_ON(roc->to_be_freed))
-+ return;
-+
- /* was never transmitted */
- if (roc->frame) {
- cfg80211_mgmt_tx_status(&roc->sdata->wdev,
-@@ -318,9 +321,12 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
- GFP_KERNEL);
-
- list_for_each_entry_safe(dep, tmp, &roc->dependents, list)
-- ieee80211_roc_notify_destroy(dep);
-+ ieee80211_roc_notify_destroy(dep, true);
-
-- kfree(roc);
-+ if (free)
-+ kfree(roc);
-+ else
-+ roc->to_be_freed = true;
- }
-
- void ieee80211_sw_roc_work(struct work_struct *work)
-@@ -333,6 +339,9 @@ void ieee80211_sw_roc_work(struct work_struct *work)
-
- mutex_lock(&local->mtx);
-
-+ if (roc->to_be_freed)
-+ goto out_unlock;
-+
- if (roc->abort)
- goto finish;
-
-@@ -372,7 +381,7 @@ void ieee80211_sw_roc_work(struct work_struct *work)
- finish:
- list_del(&roc->list);
- started = roc->started;
-- ieee80211_roc_notify_destroy(roc);
-+ ieee80211_roc_notify_destroy(roc, !roc->abort);
-
- if (started) {
- drv_flush(local, false);
-@@ -412,7 +421,7 @@ static void ieee80211_hw_roc_done(struct work_struct *work)
-
- list_del(&roc->list);
-
-- ieee80211_roc_notify_destroy(roc);
-+ ieee80211_roc_notify_destroy(roc, true);
-
- /* if there's another roc, start it now */
- ieee80211_start_next_roc(local);
-@@ -462,12 +471,14 @@ void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata)
- list_for_each_entry_safe(roc, tmp, &tmp_list, list) {
- if (local->ops->remain_on_channel) {
- list_del(&roc->list);
-- ieee80211_roc_notify_destroy(roc);
-+ ieee80211_roc_notify_destroy(roc, true);
- } else {
- ieee80211_queue_delayed_work(&local->hw, &roc->work, 0);
-
- /* work will clean up etc */
- flush_delayed_work(&roc->work);
-+ WARN_ON(!roc->to_be_freed);
-+ kfree(roc);
- }
- }
-
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 79a48f3..5e185c9 100644
--- a/net/mac80211/pm.c
@@ -90053,10 +90303,34 @@ index 2ca51c7..ee5feb5 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index 507b5e8..049e64a 100644
+index 716aa41..75e88ea 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
-@@ -1272,7 +1272,9 @@ call_start(struct rpc_task *task)
+@@ -303,10 +303,8 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru
+ err = rpciod_up();
+ if (err)
+ goto out_no_rpciod;
++
+ err = -EINVAL;
+- if (!xprt)
+- goto out_no_xprt;
+-
+ if (args->version >= program->nrvers)
+ goto out_err;
+ version = program->version[args->version];
+@@ -381,10 +379,9 @@ out_no_principal:
+ out_no_stats:
+ kfree(clnt);
+ out_err:
+- xprt_put(xprt);
+-out_no_xprt:
+ rpciod_down();
+ out_no_rpciod:
++ xprt_put(xprt);
+ return ERR_PTR(err);
+ }
+
+@@ -1270,7 +1267,9 @@ call_start(struct rpc_task *task)
(RPC_IS_ASYNC(task) ? "async" : "sync"));
/* Increment call count */
@@ -91165,10 +91439,10 @@ index e4fd45b..2eeb5c4 100644
shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..20df9f1 100644
+index e9c6ac7..4cb4ecc 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,944 @@
+@@ -4,6 +4,943 @@
menu "Security options"
@@ -92008,7 +92282,7 @@ index e9c6ac7..20df9f1 100644
+config PAX_CONSTIFY_PLUGIN
+ bool "Automatically constify eligible structures"
+ default y
-+ depends on !UML
++ depends on !UML && PAX_KERNEXEC
+ help
+ By saying Y here the compiler will automatically constify a class
+ of types that contain only function pointers. This reduces the
@@ -92054,7 +92328,6 @@ index e9c6ac7..20df9f1 100644
+ Since this has a negligible performance impact, you should enable
+ this feature.
+
-+
+config PAX_USERCOPY_DEBUG
+ bool
+ depends on X86 && PAX_USERCOPY
@@ -92113,7 +92386,7 @@ index e9c6ac7..20df9f1 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1041,7 @@ config INTEL_TXT
+@@ -103,7 +1040,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -100963,17 +101236,20 @@ index 0000000..ddd5b2e
+alloc_dr_65495 alloc_dr 2 65495 NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..63c46e5
+index 0000000..9db0d0e
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,2050 @@
+@@ -0,0 +1,2114 @@
+/*
-+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com>
++ * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
+ *
+ * Homepage:
+ * http://www.grsecurity.net/~ephox/overflow_plugin/
+ *
++ * Documentation:
++ * http://forums.grsecurity.net/viewtopic.php?f=7&t=3043
++ *
+ * This plugin recomputes expressions of function arguments marked by a size_overflow attribute
+ * with double integer precision (DImode/TImode for 32/64 bit integer types).
+ * The recomputed argument is checked against TYPE_MAX and an event is logged on overflow and the triggering process is killed.
@@ -101053,7 +101329,7 @@ index 0000000..63c46e5
+static void print_missing_msg(tree func, unsigned int argnum);
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20130316beta",
++ .version = "20130410beta",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
@@ -101858,6 +102134,61 @@ index 0000000..63c46e5
+ return create_assign(visited, stmt, rhs1, AFTER_STMT);
+}
+
++static bool no_uses(tree node)
++{
++ imm_use_iterator imm_iter;
++ use_operand_p use_p;
++
++ FOR_EACH_IMM_USE_FAST(use_p, imm_iter, node) {
++ const_gimple use_stmt = USE_STMT(use_p);
++ if (use_stmt == NULL)
++ return true;
++ if (is_gimple_debug(use_stmt))
++ continue;
++ if (!(gimple_bb(use_stmt)->flags & BB_REACHABLE))
++ continue;
++ return false;
++ }
++ return true;
++}
++
++// 3.8.5 mm/page-writeback.c __ilog2_u64(): ret, uint + uintmax; uint -> int; int max
++static bool is_const_plus_unsigned_signed_truncation(const_tree lhs)
++{
++ tree rhs1, lhs_type, rhs_type, rhs2, not_const_rhs;
++ gimple def_stmt = get_def_stmt(lhs);
++
++ if (!def_stmt || !gimple_assign_cast_p(def_stmt))
++ return false;
++
++ rhs1 = gimple_assign_rhs1(def_stmt);
++ rhs_type = TREE_TYPE(rhs1);
++ lhs_type = TREE_TYPE(lhs);
++ if (TYPE_UNSIGNED(lhs_type) || !TYPE_UNSIGNED(rhs_type))
++ return false;
++ if (TYPE_MODE(lhs_type) != TYPE_MODE(rhs_type))
++ return false;
++
++ def_stmt = get_def_stmt(rhs1);
++ if (!def_stmt || gimple_code(def_stmt) != GIMPLE_ASSIGN || gimple_num_ops(def_stmt) != 3)
++ return false;
++
++ if (gimple_assign_rhs_code(def_stmt) != PLUS_EXPR)
++ return false;
++
++ rhs1 = gimple_assign_rhs1(def_stmt);
++ rhs2 = gimple_assign_rhs2(def_stmt);
++ if (!is_gimple_constant(rhs1) && !is_gimple_constant(rhs2))
++ return false;
++
++ if (is_gimple_constant(rhs2))
++ not_const_rhs = rhs1;
++ else
++ not_const_rhs = rhs2;
++
++ return no_uses(not_const_rhs);
++}
++
+static bool skip_lhs_cast_check(const_gimple stmt)
+{
+ const_tree rhs = gimple_assign_rhs1(stmt);
@@ -101867,6 +102198,9 @@ index 0000000..63c46e5
+ if (gimple_code(def_stmt) == GIMPLE_ASM)
+ return true;
+
++ if (is_const_plus_unsigned_signed_truncation(rhs))
++ return true;
++
+ return false;
+}
+
@@ -102116,6 +102450,9 @@ index 0000000..63c46e5
+
+ gcc_assert(TREE_CODE(rhs_type) == INTEGER_TYPE || TREE_CODE(rhs_type) == ENUMERAL_TYPE);
+
++ if (is_const_plus_unsigned_signed_truncation(rhs))
++ return;
++
+ type_max = cast_a_tree(size_overflow_type, TYPE_MAX_VALUE(rhs_type));
+ // typemax (-1) < typemin (0)
+ if (TREE_OVERFLOW(type_max))
@@ -103352,10 +103689,10 @@ index 0000000..ac2901e
+}
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c
new file mode 100644
-index 0000000..5afca14
+index 0000000..41770fc
--- /dev/null
+++ b/tools/gcc/structleak_plugin.c
-@@ -0,0 +1,271 @@
+@@ -0,0 +1,272 @@
+/*
+ * Copyright 2013 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -103500,9 +103837,11 @@ index 0000000..5afca14
+ // we're looking for an assignment of a single rhs...
+ if (!gimple_assign_single_p(stmt))
+ continue;
++#if BUILDING_GCC_VERSION >= 4007
+ // ... of a non-clobbering expression...
+ if (TREE_CLOBBER_P(rhs1))
+ continue;
++#endif
+ // ... to our variable...
+ if (gimple_get_lhs(stmt) != var)
+ continue;
@@ -103512,8 +103851,7 @@ index 0000000..5afca14
+ }
+
+ // build the initializer expression
-+ initializer = make_node(CONSTRUCTOR);
-+ TREE_TYPE(initializer) = TREE_TYPE(var);
++ initializer = build_constructor(TREE_TYPE(var), NULL);
+
+ // build the initializer stmt
+ init_stmt = gimple_build_assign(var, initializer);
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index 707b1834a9..c14d186c63 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/i386 3.8.5 Kernel Configuration
+# Linux/i386 3.8.7 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -5287,7 +5287,10 @@ CONFIG_HAVE_DEBUG_KMEMLEAK=y
# CONFIG_RT_MUTEX_TESTER is not set
# CONFIG_DEBUG_SPINLOCK is not set
# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
# CONFIG_SPARSE_RCU_POINTER is not set
+# CONFIG_LOCK_STAT is not set
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
CONFIG_STACKTRACE=y
@@ -5380,6 +5383,7 @@ CONFIG_DEBUG_NMI_SELFTEST=y
# Grsecurity
#
CONFIG_ARCH_TRACK_EXEC_LIMIT=y
+CONFIG_PAX_USERCOPY_SLABS=y
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
CONFIG_GRKERNSEC_CONFIG_CUSTOM=y
@@ -5429,11 +5433,11 @@ CONFIG_PAX_RANDMMAP=y
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_STACKLEAK is not set
-# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
+CONFIG_PAX_MEMORY_STRUCTLEAK=y
CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y
-CONFIG_PAX_CONSTIFY_PLUGIN=y
-# CONFIG_PAX_USERCOPY is not set
+CONFIG_PAX_USERCOPY=y
+# CONFIG_PAX_USERCOPY_DEBUG is not set
# CONFIG_PAX_SIZE_OVERFLOW is not set
# CONFIG_PAX_LATENT_ENTROPY is not set
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64
index fc28faeb66..2f4361cb25 100644
--- a/main/linux-grsec/kernelconfig.x86_64
+++ b/main/linux-grsec/kernelconfig.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 3.8.2 Kernel Configuration
+# Linux/x86_64 3.8.7 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -5222,7 +5222,10 @@ CONFIG_HAVE_DEBUG_KMEMLEAK=y
# CONFIG_RT_MUTEX_TESTER is not set
# CONFIG_DEBUG_SPINLOCK is not set
# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
# CONFIG_SPARSE_RCU_POINTER is not set
+# CONFIG_LOCK_STAT is not set
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
CONFIG_STACKTRACE=y
@@ -5316,6 +5319,7 @@ CONFIG_DEBUG_NMI_SELFTEST=y
# Grsecurity
#
CONFIG_TASK_SIZE_MAX_SHIFT=47
+CONFIG_PAX_USERCOPY_SLABS=y
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
CONFIG_GRKERNSEC_CONFIG_CUSTOM=y
@@ -5365,10 +5369,10 @@ CONFIG_PAX_RANDMMAP=y
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_STACKLEAK is not set
-# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
+CONFIG_PAX_MEMORY_STRUCTLEAK=y
CONFIG_PAX_REFCOUNT=y
-CONFIG_PAX_CONSTIFY_PLUGIN=y
-# CONFIG_PAX_USERCOPY is not set
+CONFIG_PAX_USERCOPY=y
+# CONFIG_PAX_USERCOPY_DEBUG is not set
# CONFIG_PAX_SIZE_OVERFLOW is not set
# CONFIG_PAX_LATENT_ENTROPY is not set