diff options
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 16 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.8-201406222110.patch) | 767 |
2 files changed, 379 insertions, 404 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 8a7b82a8e1..a9dad4e95e 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.8 +pkgver=3.14.10 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.8-201406222110.patch + grsecurity-3.0-3.14.10-201407012152.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,24 +165,24 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -f612535d2c5d954b5e885757c387ae54 patch-3.14.8.xz -a0519c8c05be0bf6a06e9c4b8fba680b grsecurity-3.0-3.14.8-201406222110.patch +13d435d77d719cd845fb82627aa07974 patch-3.14.10.xz +e43935611420bfaa55f68ba32d43be58 grsecurity-3.0-3.14.10-201407012152.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 83f0e1b1d2413bcb2dddcf87a10dc42b kernelconfig.x86 0b07cc6ece6232c631e2d55f2dd860d6 kernelconfig.x86_64 887980f603af6a1ac6f67edeae2e0d07 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -0edab0f772836162e5e57ef294d83e88153c15a12f394914c6a25b49e408e8f1 patch-3.14.8.xz -8acb478a24bd57145dc1524d8f2e4e1b9cc0de652b373a1eb9535e0c41385949 grsecurity-3.0-3.14.8-201406222110.patch +e93bcbbd4568449e771f420ddd281a797b8df92ff265d59f849c3f53172fd95e patch-3.14.10.xz +a16bb425114a1e19296d6daed4daed821df3177881de17f2e529cf4f09012984 grsecurity-3.0-3.14.10-201407012152.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 5431d66b9c1af413b4dc6f91de00a6e830e3d780a79c5f85d2d8b013b151c169 kernelconfig.x86 9f420cee74896fd3578c3b342188438ac5d6b0f327586c108367abcfc3f1e6ff kernelconfig.x86_64 ab3e07f85f4dd090b2d22b485881031bd479a1c34fc9a2e9707cb8cdebfcfda4 kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -a71fdb5391d664ecccef6602df638588e6202992415a788ad85fab9878ec6b76034c37de824069cfc6d6d502a1fab0eba98c69170f410d28951335e19d94db72 patch-3.14.8.xz -4a8ef5cc67205d12721e40738551672afc6d1041509143969b043da476afdac09cc39a468ddb511bda8c1cc376c3c336d33e4333eebea773831b28b637c66099 grsecurity-3.0-3.14.8-201406222110.patch +807783caa9ff492b936b1deef2da96bfb4af5429adc4810de66fbc709ab1a707e26c03edb66a10e429ad5038697c0d522d7f63075382db5d65f622f727be5452 patch-3.14.10.xz +1d12d3ee7d37ecc5eafefa5866c2910f53be22019c1de538de279527c63e0c4855c07c29d4b55dfdb9aacd9c9d830cfae8acef456c04566ff1967d593d15d377 grsecurity-3.0-3.14.10-201407012152.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 03f817222bf5812fa8363542e4ab108767212c67efe3994ea8fe9d0751215d9c3f166ce41de41f9070c855db6c04606828dc61265a1738920b984a24077347c4 kernelconfig.x86 diff --git a/main/linux-grsec/grsecurity-3.0-3.14.8-201406222110.patch b/main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch index aeeb2f060e..ba8d0ddfdd 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.8-201406222110.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index ef1d59b..7030652 100644 +index bd5d673..00eaa40 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -2956,11 +2956,23 @@ index 4693188..4596c5e 100644 static int (*invoke_psci_fn)(u32, u32, u32, u32); diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c -index 0dd3b79..e018f64 100644 +index 0dd3b79..b67388e 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c -@@ -929,10 +929,19 @@ static int tracehook_report_syscall(struct pt_regs *regs, - return current_thread_info()->syscall; +@@ -908,7 +908,7 @@ enum ptrace_syscall_dir { + PTRACE_SYSCALL_EXIT, + }; + +-static int tracehook_report_syscall(struct pt_regs *regs, ++static void tracehook_report_syscall(struct pt_regs *regs, + enum ptrace_syscall_dir dir) + { + unsigned long ip; +@@ -926,19 +926,29 @@ static int tracehook_report_syscall(struct pt_regs *regs, + current_thread_info()->syscall = -1; + + regs->ARM_ip = ip; +- return current_thread_info()->syscall; } +#ifdef CONFIG_GRKERNSEC_SETXID @@ -2979,6 +2991,15 @@ index 0dd3b79..e018f64 100644 /* Do the secure computing check first; failures should be fast. */ if (secure_computing(scno) == -1) return -1; + + if (test_thread_flag(TIF_SYSCALL_TRACE)) +- scno = tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); ++ tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); ++ ++ scno = current_thread_info()->syscall; + + if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) + trace_sys_enter(regs, scno); diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c index 1e8b030..37c3022 100644 --- a/arch/arm/kernel/setup.c @@ -5437,10 +5458,10 @@ index 7225dad..2a7c8256 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c -index 68232db..6ca80af 100644 +index 76069c1..c2aa816 100644 --- a/arch/ia64/mm/hugetlbpage.c +++ b/arch/ia64/mm/hugetlbpage.c -@@ -154,6 +154,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u +@@ -149,6 +149,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u unsigned long pgoff, unsigned long flags) { struct vm_unmapped_area_info info; @@ -5448,7 +5469,7 @@ index 68232db..6ca80af 100644 if (len > RGN_MAP_LIMIT) return -ENOMEM; -@@ -177,6 +178,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u +@@ -172,6 +173,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u info.high_limit = HPAGE_REGION_BASE + RGN_MAP_LIMIT; info.align_mask = PAGE_MASK & (HPAGE_SIZE - 1); info.align_offset = 0; @@ -5551,10 +5572,10 @@ index 2d6f0de..de5f5ac 100644 #define smp_load_acquire(p) \ diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c -index 0424315..defcca9 100644 +index 3c52fa6..11b2ad8 100644 --- a/arch/metag/mm/hugetlbpage.c +++ b/arch/metag/mm/hugetlbpage.c -@@ -205,6 +205,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len) +@@ -200,6 +200,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len) info.high_limit = TASK_SIZE; info.align_mask = PAGE_MASK & HUGEPT_MASK; info.align_offset = 0; @@ -12213,7 +12234,7 @@ index c4d3da6..1aed043 100644 if (write && !pmd_write(pmd)) diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index 9bd9ce8..dc84852 100644 +index d329537..2c3746a 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c @@ -25,8 +25,10 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, @@ -12485,10 +12506,10 @@ index b6cde32..c0cb736 100644 else copy_from_user_overflow(); diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c -index 0cb3bba..7338b2d 100644 +index e514899..f8743c4 100644 --- a/arch/tile/mm/hugetlbpage.c +++ b/arch/tile/mm/hugetlbpage.c -@@ -212,6 +212,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, +@@ -207,6 +207,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, info.high_limit = TASK_SIZE; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; @@ -12496,7 +12517,7 @@ index 0cb3bba..7338b2d 100644 return vm_unmapped_area(&info); } -@@ -229,6 +230,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -224,6 +225,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, info.high_limit = current->mm->mmap_base; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; @@ -12622,7 +12643,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 0af5250..59f9597 100644 +index 1981dd9..8f3ff4d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -126,7 +126,7 @@ config X86 @@ -22468,7 +22489,7 @@ index 01d1c18..8073693 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index a2a4f46..6cab058 100644 +index 6491353..a918952 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -22745,7 +22766,7 @@ index a2a4f46..6cab058 100644 testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz sysenter_audit sysenter_do_call: -@@ -441,12 +613,24 @@ sysenter_do_call: +@@ -442,12 +614,24 @@ sysenter_after_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -22770,7 +22791,7 @@ index a2a4f46..6cab058 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT -@@ -463,6 +647,9 @@ sysenter_audit: +@@ -464,6 +648,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ call __audit_syscall_entry @@ -22780,7 +22801,7 @@ index a2a4f46..6cab058 100644 pushl_cfi %ebx movl PT_EAX(%esp),%eax /* reload syscall number */ jmp sysenter_do_call -@@ -488,10 +675,16 @@ sysexit_audit: +@@ -489,10 +676,16 @@ sysexit_audit: CFI_ENDPROC .pushsection .fixup,"ax" @@ -22799,7 +22820,7 @@ index a2a4f46..6cab058 100644 PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -506,6 +699,11 @@ ENTRY(system_call) +@@ -507,6 +700,11 @@ ENTRY(system_call) pushl_cfi %eax # save orig_eax SAVE_ALL GET_THREAD_INFO(%ebp) @@ -22811,7 +22832,7 @@ index a2a4f46..6cab058 100644 # system call tracing in operation / emulation testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz syscall_trace_entry -@@ -524,6 +722,15 @@ syscall_exit: +@@ -525,6 +723,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -22827,7 +22848,7 @@ index a2a4f46..6cab058 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -580,14 +787,34 @@ ldt_ss: +@@ -576,14 +783,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -22865,7 +22886,7 @@ index a2a4f46..6cab058 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -616,20 +843,18 @@ work_resched: +@@ -612,20 +839,18 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -22888,7 +22909,7 @@ index a2a4f46..6cab058 100644 #endif TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -650,7 +875,7 @@ work_notifysig_v86: +@@ -646,7 +871,7 @@ work_notifysig_v86: movl %eax, %esp jmp 1b #endif @@ -22897,7 +22918,7 @@ index a2a4f46..6cab058 100644 # perform syscall exit tracing ALIGN -@@ -658,11 +883,14 @@ syscall_trace_entry: +@@ -654,11 +879,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -22913,7 +22934,7 @@ index a2a4f46..6cab058 100644 # perform syscall exit tracing ALIGN -@@ -675,21 +903,25 @@ syscall_exit_work: +@@ -671,26 +899,30 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -22936,13 +22957,19 @@ index a2a4f46..6cab058 100644 syscall_badsys: movl $-ENOSYS,PT_EAX(%esp) - jmp resume_userspace + jmp syscall_exit -END(syscall_badsys) +ENDPROC(syscall_badsys) + + sysenter_badsys: + movl $-ENOSYS,PT_EAX(%esp) + jmp sysenter_after_call +-END(syscall_badsys) ++ENDPROC(sysenter_badsys) CFI_ENDPROC /* * End of kprobes section -@@ -705,8 +937,15 @@ END(syscall_badsys) +@@ -706,8 +938,15 @@ END(syscall_badsys) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -22960,7 +22987,7 @@ index a2a4f46..6cab058 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -759,7 +998,7 @@ vector=vector+1 +@@ -760,7 +999,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -22969,7 +22996,7 @@ index a2a4f46..6cab058 100644 .previous END(interrupt) -@@ -820,7 +1059,7 @@ ENTRY(coprocessor_error) +@@ -821,7 +1060,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -22978,7 +23005,7 @@ index a2a4f46..6cab058 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -833,7 +1072,7 @@ ENTRY(simd_coprocessor_error) +@@ -834,7 +1073,7 @@ ENTRY(simd_coprocessor_error) .section .altinstructions,"a" altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f .previous @@ -22987,7 +23014,7 @@ index a2a4f46..6cab058 100644 663: pushl $do_simd_coprocessor_error 664: .previous -@@ -842,7 +1081,7 @@ ENTRY(simd_coprocessor_error) +@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -22996,7 +23023,7 @@ index a2a4f46..6cab058 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -851,18 +1090,18 @@ ENTRY(device_not_available) +@@ -852,18 +1091,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -23018,7 +23045,7 @@ index a2a4f46..6cab058 100644 #endif ENTRY(overflow) -@@ -872,7 +1111,7 @@ ENTRY(overflow) +@@ -873,7 +1112,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -23027,7 +23054,7 @@ index a2a4f46..6cab058 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -881,7 +1120,7 @@ ENTRY(bounds) +@@ -882,7 +1121,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -23036,7 +23063,7 @@ index a2a4f46..6cab058 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -890,7 +1129,7 @@ ENTRY(invalid_op) +@@ -891,7 +1130,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -23045,7 +23072,7 @@ index a2a4f46..6cab058 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -899,7 +1138,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -900,7 +1139,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -23054,7 +23081,7 @@ index a2a4f46..6cab058 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -907,7 +1146,7 @@ ENTRY(invalid_TSS) +@@ -908,7 +1147,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -23063,7 +23090,7 @@ index a2a4f46..6cab058 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -915,7 +1154,7 @@ ENTRY(segment_not_present) +@@ -916,7 +1155,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -23072,7 +23099,7 @@ index a2a4f46..6cab058 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -923,7 +1162,7 @@ ENTRY(stack_segment) +@@ -924,7 +1163,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -23081,7 +23108,7 @@ index a2a4f46..6cab058 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -931,7 +1170,7 @@ ENTRY(alignment_check) +@@ -932,7 +1171,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -23090,7 +23117,7 @@ index a2a4f46..6cab058 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -940,7 +1179,7 @@ ENTRY(divide_error) +@@ -941,7 +1180,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -23099,7 +23126,7 @@ index a2a4f46..6cab058 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -950,7 +1189,7 @@ ENTRY(machine_check) +@@ -951,7 +1190,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -23108,7 +23135,7 @@ index a2a4f46..6cab058 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -960,7 +1199,7 @@ ENTRY(spurious_interrupt_bug) +@@ -961,7 +1200,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -23117,7 +23144,7 @@ index a2a4f46..6cab058 100644 /* * End of kprobes section */ -@@ -1070,7 +1309,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, +@@ -1071,7 +1310,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, ENTRY(mcount) ret @@ -23126,7 +23153,7 @@ index a2a4f46..6cab058 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1103,7 +1342,7 @@ ftrace_graph_call: +@@ -1104,7 +1343,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -23135,7 +23162,7 @@ index a2a4f46..6cab058 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1207,7 +1446,7 @@ trace: +@@ -1208,7 +1447,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -23144,7 +23171,7 @@ index a2a4f46..6cab058 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1225,7 +1464,7 @@ ENTRY(ftrace_graph_caller) +@@ -1226,7 +1465,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -23153,7 +23180,7 @@ index a2a4f46..6cab058 100644 .globl return_to_handler return_to_handler: -@@ -1291,15 +1530,18 @@ error_code: +@@ -1292,15 +1531,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -23174,7 +23201,7 @@ index a2a4f46..6cab058 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1342,7 +1584,7 @@ debug_stack_correct: +@@ -1343,7 +1585,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -23183,7 +23210,7 @@ index a2a4f46..6cab058 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1380,6 +1622,9 @@ nmi_stack_correct: +@@ -1381,6 +1623,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -23193,7 +23220,7 @@ index a2a4f46..6cab058 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1416,12 +1661,15 @@ nmi_espfix_stack: +@@ -1417,12 +1662,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -23210,7 +23237,7 @@ index a2a4f46..6cab058 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1434,14 +1682,14 @@ ENTRY(int3) +@@ -1435,14 +1683,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -23227,7 +23254,7 @@ index a2a4f46..6cab058 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1450,7 +1698,7 @@ ENTRY(async_page_fault) +@@ -1451,7 +1699,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -25962,7 +25989,7 @@ index 898160b..758cde8 100644 reset_current_kprobe(); preempt_enable_no_resched(); diff --git a/arch/x86/kernel/ksysfs.c b/arch/x86/kernel/ksysfs.c -index c2bedae..25e7ab6 100644 +index c2bedae..25e7ab60 100644 --- a/arch/x86/kernel/ksysfs.c +++ b/arch/x86/kernel/ksysfs.c @@ -184,7 +184,7 @@ out: @@ -28694,7 +28721,7 @@ index c697625..a032162 100644 out: diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 9736529..ab4f54c 100644 +index 0069118..c28ec0a 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -32588,10 +32615,10 @@ index 4500142..53a363c 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 8c9f647..57cb402 100644 +index 8b977eb..4732c33 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c -@@ -90,23 +90,24 @@ int pmd_huge_support(void) +@@ -80,23 +80,24 @@ int pud_huge(pud_t pud) #ifdef CONFIG_HUGETLB_PAGE static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, unsigned long addr, unsigned long len, @@ -32619,7 +32646,7 @@ index 8c9f647..57cb402 100644 { struct hstate *h = hstate_file(file); struct vm_unmapped_area_info info; -@@ -118,6 +119,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -108,6 +109,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, info.high_limit = current->mm->mmap_base; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; @@ -32627,7 +32654,7 @@ index 8c9f647..57cb402 100644 addr = vm_unmapped_area(&info); /* -@@ -130,6 +132,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -120,6 +122,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -32640,7 +32667,7 @@ index 8c9f647..57cb402 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -144,10 +152,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -134,10 +142,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -32662,7 +32689,7 @@ index 8c9f647..57cb402 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -156,19 +174,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -146,19 +164,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -40406,7 +40433,9 @@ index 3b7d32d..05c2f74 100644 ret = -EFAULT; goto done; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 345be03..158368d 100644 +old mode 100644 +new mode 100755 +index 345be03..65b66c0 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -233,7 +233,7 @@ module_exit(drm_core_exit); @@ -40427,6 +40456,17 @@ index 345be03..158368d 100644 unsigned int nr = DRM_IOCTL_NR(cmd); int retcode = -EINVAL; char stack_kdata[128]; +@@ -380,8 +380,9 @@ long drm_ioctl(struct file *filp, + retcode = -EFAULT; + goto err_i1; + } +- } else ++ } else if (cmd & IOC_OUT) { + memset(kdata, 0, usize); ++ } + + if (ioctl->flags & DRM_UNLOCKED) + retcode = func(dev, kdata, file_priv); diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c index 7f2af9a..1561914 100644 --- a/drivers/gpu/drm/drm_fops.c @@ -41982,10 +42022,10 @@ index ec0ae2d..dc0780b 100644 /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 8a5384c..cf63c18 100644 +index 7cd42ea..a367c48 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2422,7 +2422,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2432,7 +2432,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -41994,7 +42034,7 @@ index 8a5384c..cf63c18 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2456,7 +2456,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2466,7 +2466,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -42085,10 +42125,10 @@ index bcb4950..61dba6c 100644 if (!virtaddr) goto cleanup; diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c -index 7e17a54..a50a33d 100644 +index 393fd8a..079e13f 100644 --- a/drivers/hv/hv_balloon.c +++ b/drivers/hv/hv_balloon.c -@@ -464,7 +464,7 @@ MODULE_PARM_DESC(hot_add, "If set attempt memory hot_add"); +@@ -470,7 +470,7 @@ MODULE_PARM_DESC(hot_add, "If set attempt memory hot_add"); module_param(pressure_report_delay, uint, (S_IRUGO | S_IWUSR)); MODULE_PARM_DESC(pressure_report_delay, "Delay in secs in reporting pressure"); @@ -42097,7 +42137,7 @@ index 7e17a54..a50a33d 100644 static int dm_ring_size = (5 * PAGE_SIZE); -@@ -886,7 +886,7 @@ static void hot_add_req(struct work_struct *dummy) +@@ -893,7 +893,7 @@ static void hot_add_req(struct work_struct *dummy) pr_info("Memory hot add failed\n"); dm->state = DM_INITIALIZED; @@ -42106,7 +42146,7 @@ index 7e17a54..a50a33d 100644 vmbus_sendpacket(dm->dev->channel, &resp, sizeof(struct dm_hot_add_response), (unsigned long)NULL, -@@ -960,7 +960,7 @@ static void post_status(struct hv_dynmem_device *dm) +@@ -973,7 +973,7 @@ static void post_status(struct hv_dynmem_device *dm) memset(&status, 0, sizeof(struct dm_status)); status.hdr.type = DM_STATUS_REPORT; status.hdr.size = sizeof(struct dm_status); @@ -42115,7 +42155,7 @@ index 7e17a54..a50a33d 100644 /* * The host expects the guest to report free memory. -@@ -980,7 +980,7 @@ static void post_status(struct hv_dynmem_device *dm) +@@ -993,7 +993,7 @@ static void post_status(struct hv_dynmem_device *dm) * send the status. This can happen if we were interrupted * after we picked our transaction ID. */ @@ -42123,8 +42163,8 @@ index 7e17a54..a50a33d 100644 + if (status.hdr.trans_id != atomic_read_unchecked(&trans_id)) return; - vmbus_sendpacket(dm->dev->channel, &status, -@@ -1108,7 +1108,7 @@ static void balloon_up(struct work_struct *dummy) + /* +@@ -1129,7 +1129,7 @@ static void balloon_up(struct work_struct *dummy) */ do { @@ -42133,7 +42173,7 @@ index 7e17a54..a50a33d 100644 ret = vmbus_sendpacket(dm_device.dev->channel, bl_resp, bl_resp->hdr.size, -@@ -1152,7 +1152,7 @@ static void balloon_down(struct hv_dynmem_device *dm, +@@ -1175,7 +1175,7 @@ static void balloon_down(struct hv_dynmem_device *dm, memset(&resp, 0, sizeof(struct dm_unballoon_response)); resp.hdr.type = DM_UNBALLOON_RESPONSE; @@ -42142,7 +42182,7 @@ index 7e17a54..a50a33d 100644 resp.hdr.size = sizeof(struct dm_unballoon_response); vmbus_sendpacket(dm_device.dev->channel, &resp, -@@ -1215,7 +1215,7 @@ static void version_resp(struct hv_dynmem_device *dm, +@@ -1238,7 +1238,7 @@ static void version_resp(struct hv_dynmem_device *dm, memset(&version_req, 0, sizeof(struct dm_version_request)); version_req.hdr.type = DM_VERSION_REQUEST; version_req.hdr.size = sizeof(struct dm_version_request); @@ -42151,7 +42191,7 @@ index 7e17a54..a50a33d 100644 version_req.version.version = DYNMEM_PROTOCOL_VERSION_WIN7; version_req.is_last_attempt = 1; -@@ -1385,7 +1385,7 @@ static int balloon_probe(struct hv_device *dev, +@@ -1408,7 +1408,7 @@ static int balloon_probe(struct hv_device *dev, memset(&version_req, 0, sizeof(struct dm_version_request)); version_req.hdr.type = DM_VERSION_REQUEST; version_req.hdr.size = sizeof(struct dm_version_request); @@ -42160,7 +42200,7 @@ index 7e17a54..a50a33d 100644 version_req.version.version = DYNMEM_PROTOCOL_VERSION_WIN8; version_req.is_last_attempt = 0; -@@ -1416,7 +1416,7 @@ static int balloon_probe(struct hv_device *dev, +@@ -1439,7 +1439,7 @@ static int balloon_probe(struct hv_device *dev, memset(&cap_msg, 0, sizeof(struct dm_capabilities)); cap_msg.hdr.type = DM_CAPABILITIES_REPORT; cap_msg.hdr.size = sizeof(struct dm_capabilities); @@ -46368,6 +46408,20 @@ index 455d4c3..3353ee7 100644 } if (!request_mem_region(mem->start, mem_size, pdev->name)) { +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +index dbcff50..5ed5124 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +@@ -793,7 +793,8 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, + + return; + } +- bnx2x_frag_free(fp, new_data); ++ if (new_data) ++ bnx2x_frag_free(fp, new_data); + drop: + /* drop the packet and keep the buffer in the bin */ + DP(NETIF_MSG_RX_STATUS, diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h index a89a40f..5a8a2ac 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h @@ -46635,18 +46689,6 @@ index be7d7a6..a8983f8 100644 break; default: dev_err(&adapter->pdev->dev, "Invalid Virtual NIC opmode\n"); -diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c -index 7d4f549..3e46c89 100644 ---- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c -+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c -@@ -1022,6 +1022,7 @@ static int qlcnic_dcb_peer_app_info(struct net_device *netdev, - struct qlcnic_dcb_cee *peer; - int i; - -+ memset(info, 0, sizeof(*info)); - *app_count = 0; - - if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state)) diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c index 7763962..c3499a7 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c @@ -46768,7 +46810,7 @@ index bf0d55e..82bcfbd1 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 20bb669..9a0e17e 100644 +index 5adecc5..aec7730 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -991,13 +991,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { @@ -46794,7 +46836,7 @@ index 20bb669..9a0e17e 100644 return rtnl_link_register(ops); }; -@@ -1052,7 +1054,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -1051,7 +1053,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -46873,10 +46915,10 @@ index 1252d9c..80e660b 100644 /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index c8624a8..f0a4f6a 100644 +index 26d8c29..bbc6837 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c -@@ -2869,7 +2869,7 @@ static int team_device_event(struct notifier_block *unused, +@@ -2874,7 +2874,7 @@ static int team_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -47035,10 +47077,10 @@ index a2515887..6d13233 100644 /* we will have to manufacture ethernet headers, prepare template */ diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index d091e52..568bb179 100644 +index 40ad25d..8703023 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c -@@ -2847,7 +2847,7 @@ nla_put_failure: +@@ -2846,7 +2846,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -47047,7 +47089,7 @@ index d091e52..568bb179 100644 .kind = "vxlan", .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, -@@ -2894,7 +2894,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, +@@ -2893,7 +2893,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -50857,10 +50899,10 @@ index 26416c1..e796a3d 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 98b48d4..f4297e5 100644 +index 24f5279..046edc5 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1137,7 +1137,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1154,7 +1154,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -52602,7 +52644,7 @@ index 4d11449..f4ccabf 100644 INIT_LIST_HEAD(&dev->ep0.urb_list); dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c -index 2da0a5a..4870e09 100644 +index 09e9619..d266724 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -532,8 +532,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, @@ -56506,7 +56548,7 @@ index ce25d75..dc09eeb 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 04cd768..25949c1 100644 +index 19e7d95..af5756a 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -375,7 +375,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -57809,10 +57851,10 @@ index d04db81..96e54f1 100644 wake_up(&root->fs_info->transaction_wait); wake_up(&root->fs_info->transaction_blocked_wait); diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c -index 865f4cf..f321e86 100644 +index ff286f3..8153a14 100644 --- a/fs/btrfs/sysfs.c +++ b/fs/btrfs/sysfs.c -@@ -436,7 +436,7 @@ static int addrm_unknown_feature_attrs(struct btrfs_fs_info *fs_info, bool add) +@@ -437,7 +437,7 @@ static int addrm_unknown_feature_attrs(struct btrfs_fs_info *fs_info, bool add) for (set = 0; set < FEAT_MAX; set++) { int i; struct attribute *attrs[2]; @@ -58459,10 +58501,10 @@ index 35ddc3e..563e809 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 8603447..f9caeee 100644 +index 049a3f2..0f41305 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -2094,8 +2094,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -2099,8 +2099,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: cifs_dbg(VFS, "info level %u isn't supported\n", srch_inf->info_level); @@ -59798,7 +59840,7 @@ index 6ea7b14..8fa16d9 100644 if (free_clusters >= (nclusters + dirty_clusters + resv_clusters)) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 3a603a8..9b868ba 100644 +index 62f024c..a6a1a61 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1269,19 +1269,19 @@ struct ext4_sb_info { @@ -59831,8 +59873,65 @@ index 3a603a8..9b868ba 100644 atomic_t s_lock_busy; /* locality groups */ +diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c +index 594009f..c30cbe2 100644 +--- a/fs/ext4/indirect.c ++++ b/fs/ext4/indirect.c +@@ -389,7 +389,13 @@ static int ext4_alloc_branch(handle_t *handle, struct inode *inode, + return 0; + failed: + for (; i >= 0; i--) { +- if (i != indirect_blks && branch[i].bh) ++ /* ++ * We want to ext4_forget() only freshly allocated indirect ++ * blocks. Buffer for new_blocks[i-1] is at branch[i].bh and ++ * buffer at branch[0].bh is indirect block / inode already ++ * existing before ext4_alloc_branch() was called. ++ */ ++ if (i > 0 && i != indirect_blks && branch[i].bh) + ext4_forget(handle, 1, inode, branch[i].bh, + branch[i].bh->b_blocknr); + ext4_free_blocks(handle, inode, NULL, new_blocks[i], +@@ -1312,16 +1318,24 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode, + blk = *i_data; + if (level > 0) { + ext4_lblk_t first2; ++ ext4_lblk_t count2; ++ + bh = sb_bread(inode->i_sb, le32_to_cpu(blk)); + if (!bh) { + EXT4_ERROR_INODE_BLOCK(inode, le32_to_cpu(blk), + "Read failure"); + return -EIO; + } +- first2 = (first > offset) ? first - offset : 0; ++ if (first > offset) { ++ first2 = first - offset; ++ count2 = count; ++ } else { ++ first2 = 0; ++ count2 = count - (offset - first); ++ } + ret = free_hole_blocks(handle, inode, bh, + (__le32 *)bh->b_data, level - 1, +- first2, count - offset, ++ first2, count2, + inode->i_sb->s_blocksize >> 2); + if (ret) { + brelse(bh); +@@ -1331,8 +1345,8 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode, + if (level == 0 || + (bh && all_zeroes((__le32 *)bh->b_data, + (__le32 *)bh->b_data + addr_per_block))) { +- ext4_free_data(handle, inode, parent_bh, &blk, &blk+1); +- *i_data = 0; ++ ext4_free_data(handle, inode, parent_bh, ++ i_data, i_data + 1); + } + brelse(bh); + bh = NULL; diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 04a5c75..09894fa 100644 +index 08ddfda..a48f3f6 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -80818,7 +80917,7 @@ index c45c089..298841c 100644 u32 remainder; return div_u64_rem(dividend, divisor, &remainder); diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h -index 5f1ea75..5125ac5 100644 +index 5bba088..7ad4ae7 100644 --- a/include/linux/mempolicy.h +++ b/include/linux/mempolicy.h @@ -91,6 +91,10 @@ static inline struct mempolicy *mpol_dup(struct mempolicy *pol) @@ -80832,7 +80931,7 @@ index 5f1ea75..5125ac5 100644 static inline void mpol_get(struct mempolicy *pol) { -@@ -223,6 +227,9 @@ static inline void mpol_free_shared_policy(struct shared_policy *p) +@@ -229,6 +233,9 @@ static inline void mpol_free_shared_policy(struct shared_policy *p) } #define vma_policy(vma) NULL @@ -81173,10 +81272,10 @@ index c5d5278..f0b68c8 100644 } diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 9b61b9b..52147d6b 100644 +index e6800f0..d59674e 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -396,7 +396,7 @@ struct zone { +@@ -400,7 +400,7 @@ struct zone { unsigned long flags; /* zone flags, see below */ /* Zone statistics */ @@ -81186,18 +81285,9 @@ index 9b61b9b..52147d6b 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h -index 45e9214..a7227d6 100644 +index 45e9214..4a547ac 100644 --- a/include/linux/mod_devicetable.h +++ b/include/linux/mod_devicetable.h -@@ -13,7 +13,7 @@ - typedef unsigned long kernel_ulong_t; - #endif - --#define PCI_ANY_ID (~0) -+#define PCI_ANY_ID ((__u16)~0) - - struct pci_device_id { - __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/ @@ -139,7 +139,7 @@ struct usb_device_id { #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200 #define USB_DEVICE_ID_MATCH_INT_NUMBER 0x0400 @@ -81544,36 +81634,6 @@ index 0000000..33f4af8 +}; + +#endif -diff --git a/include/linux/netlink.h b/include/linux/netlink.h -index aad8eea..034cda7 100644 ---- a/include/linux/netlink.h -+++ b/include/linux/netlink.h -@@ -16,9 +16,10 @@ static inline struct nlmsghdr *nlmsg_hdr(const struct sk_buff *skb) - } - - enum netlink_skb_flags { -- NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */ -- NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */ -- NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */ -+ NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */ -+ NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */ -+ NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */ -+ NETLINK_SKB_DST = 0x8, /* Dst set in sendto or sendmsg */ - }; - - struct netlink_skb_parms { -@@ -169,4 +170,11 @@ struct netlink_tap { - extern int netlink_add_tap(struct netlink_tap *nt); - extern int netlink_remove_tap(struct netlink_tap *nt); - -+bool __netlink_ns_capable(const struct netlink_skb_parms *nsp, -+ struct user_namespace *ns, int cap); -+bool netlink_ns_capable(const struct sk_buff *skb, -+ struct user_namespace *ns, int cap); -+bool netlink_capable(const struct sk_buff *skb, int cap); -+bool netlink_net_capable(const struct sk_buff *skb, int cap); -+ - #endif /* __LINUX_NETLINK_H */ diff --git a/include/linux/nls.h b/include/linux/nls.h index 520681b..1d67ed2 100644 --- a/include/linux/nls.h @@ -82921,7 +82981,7 @@ index 6ae004e..2743532 100644 /* * Callback to arch code if there's nosmp or maxcpus=0 on the diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h -index 302ab80..3233276 100644 +index 46cca4c..3323536 100644 --- a/include/linux/sock_diag.h +++ b/include/linux/sock_diag.h @@ -11,7 +11,7 @@ struct sock; @@ -83833,7 +83893,7 @@ index c55aeed..b3393f4 100644 /** inet_connection_sock - INET connection oriented sock * diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h -index 6efe73c..1a44af7 100644 +index 058271b..1a44af7 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h @@ -47,8 +47,8 @@ struct inet_peer { @@ -83847,20 +83907,11 @@ index 6efe73c..1a44af7 100644 }; struct rcu_head rcu; struct inet_peer *gc_next; -@@ -177,16 +177,9 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) - /* can be called with or without local BH being disabled */ - static inline int inet_getid(struct inet_peer *p, int more) +@@ -179,7 +179,7 @@ static inline int inet_getid(struct inet_peer *p, int more) { -- int old, new; more++; inet_peer_refcheck(p); -- do { -- old = atomic_read(&p->ip_id_count); -- new = old + more; -- if (!new) -- new = 1; -- } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old); -- return new; +- return atomic_add_return(more, &p->ip_id_count) - more; + return atomic_add_return_unchecked(more, &p->ip_id_count) - more; } @@ -84328,7 +84379,7 @@ index 0dfcc92..7967849 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index b9586a1..b2948c0 100644 +index 57c31dd..f5e5196 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -348,7 +348,7 @@ struct sock { @@ -84367,6 +84418,17 @@ index b9586a1..b2948c0 100644 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) { +@@ -1755,8 +1755,8 @@ sk_dst_get(struct sock *sk) + + rcu_read_lock(); + dst = rcu_dereference(sk->sk_dst_cache); +- if (dst) +- dst_hold(dst); ++ if (dst && !atomic_inc_not_zero(&dst->__refcnt)) ++ dst = NULL; + rcu_read_unlock(); + return dst; + } @@ -1830,7 +1830,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } @@ -85819,7 +85881,7 @@ index 8d6e145..33e0b1e 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index d5f31c1..06646e1 100644 +index 0c9dc86..a891393 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -122,7 +122,7 @@ u32 audit_sig_sid = 0; @@ -86656,7 +86718,7 @@ index 81b3d67..ef189a4 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index a17621c..2a89549 100644 +index 45da005c..6581b2b 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -180,6 +180,48 @@ void thread_info_cache_init(void) @@ -87055,7 +87117,7 @@ index a17621c..2a89549 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1612,6 +1725,8 @@ long do_fork(unsigned long clone_flags, +@@ -1614,6 +1727,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -87064,7 +87126,7 @@ index a17621c..2a89549 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1728,7 +1843,7 @@ void __init proc_caches_init(void) +@@ -1732,7 +1847,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -87073,7 +87135,7 @@ index a17621c..2a89549 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1768,7 +1883,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1772,7 +1887,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -87082,7 +87144,7 @@ index a17621c..2a89549 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1875,7 +1990,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1879,7 +1994,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -92587,10 +92649,10 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index 2888024..c15a810 100644 +index 9b63c15..2ab509e 100644 --- a/mm/Kconfig +++ b/mm/Kconfig -@@ -326,10 +326,11 @@ config KSM +@@ -329,10 +329,11 @@ config KSM root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). config DEFAULT_MMAP_MIN_ADDR @@ -92605,7 +92667,7 @@ index 2888024..c15a810 100644 This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. -@@ -360,7 +361,7 @@ config MEMORY_FAILURE +@@ -363,7 +364,7 @@ config MEMORY_FAILURE config HWPOISON_INJECT tristate "HWPoison pages injector" @@ -93032,7 +93094,7 @@ index 539eeb9..e24a987 100644 if (end == start) return error; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index e346fa9..5d32f0a 100644 +index 33365e9..2234ef9 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -93053,7 +93115,7 @@ index e346fa9..5d32f0a 100644 #ifdef __ARCH_SI_TRAPNO si.si_trapno = trapno; #endif -@@ -762,7 +762,7 @@ static struct page_state { +@@ -795,7 +795,7 @@ static struct page_state { unsigned long res; char *msg; int (*action)(struct page *p, unsigned long pfn); @@ -93062,7 +93124,7 @@ index e346fa9..5d32f0a 100644 { reserved, reserved, "reserved kernel", me_kernel }, /* * free pages are specially detected outside this table: -@@ -1062,7 +1062,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1095,7 +1095,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) nr_pages = 1 << compound_order(hpage); else /* normal page or thp */ nr_pages = 1; @@ -93071,7 +93133,7 @@ index e346fa9..5d32f0a 100644 /* * We need/can do nothing about count=0 pages. -@@ -1091,7 +1091,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1124,7 +1124,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) if (PageHWPoison(hpage)) { if ((hwpoison_filter(p) && TestClearPageHWPoison(p)) || (p != hpage && TestSetPageHWPoison(hpage))) { @@ -93080,7 +93142,7 @@ index e346fa9..5d32f0a 100644 unlock_page(hpage); return 0; } -@@ -1157,14 +1157,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1190,14 +1190,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags) */ if (!PageHWPoison(p)) { printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn); @@ -93097,7 +93159,7 @@ index e346fa9..5d32f0a 100644 unlock_page(hpage); put_page(hpage); return 0; -@@ -1386,7 +1386,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1419,7 +1419,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) @@ -93106,7 +93168,7 @@ index e346fa9..5d32f0a 100644 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1400,7 +1400,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1433,7 +1433,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); @@ -93115,7 +93177,7 @@ index e346fa9..5d32f0a 100644 freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1525,11 +1525,11 @@ static int soft_offline_huge_page(struct page *page, int flags) +@@ -1558,11 +1558,11 @@ static int soft_offline_huge_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -93129,7 +93191,7 @@ index e346fa9..5d32f0a 100644 } } return ret; -@@ -1568,7 +1568,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1601,7 +1601,7 @@ static int __soft_offline_page(struct page *page, int flags) put_page(page); pr_info("soft_offline: %#lx: invalidated\n", pfn); SetPageHWPoison(page); @@ -93138,7 +93200,7 @@ index e346fa9..5d32f0a 100644 return 0; } -@@ -1619,7 +1619,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1652,7 +1652,7 @@ static int __soft_offline_page(struct page *page, int flags) if (!is_free_buddy_page(page)) pr_info("soft offline: %#lx: page leaked\n", pfn); @@ -93147,7 +93209,7 @@ index e346fa9..5d32f0a 100644 } } else { pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", -@@ -1693,11 +1693,11 @@ int soft_offline_page(struct page *page, int flags) +@@ -1726,11 +1726,11 @@ int soft_offline_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -95675,7 +95737,7 @@ index 8740213..f87e25b 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index 8f6daa6..1f8587c 100644 +index d013dba..d5ae30d 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, @@ -95688,7 +95750,7 @@ index 8f6daa6..1f8587c 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 7387a67..67105e4 100644 +index 4b5d4f6..56dfb0a 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -95793,7 +95855,7 @@ index 7387a67..67105e4 100644 } } -@@ -6565,4 +6605,4 @@ void dump_page(struct page *page, char *reason) +@@ -6577,4 +6617,4 @@ void dump_page(struct page *page, char *reason) { dump_page_badflags(page, reason, 0); } @@ -95877,10 +95939,10 @@ index fd26d04..0cea1b0 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index 5d91bb7..3784601 100644 +index cdbd312..2e1e0b9 100644 --- a/mm/rmap.c +++ b/mm/rmap.c -@@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) struct anon_vma *anon_vma = vma->anon_vma; struct anon_vma_chain *avc; @@ -95891,7 +95953,7 @@ index 5d91bb7..3784601 100644 might_sleep(); if (unlikely(!anon_vma)) { struct mm_struct *mm = vma->vm_mm; -@@ -172,6 +176,12 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -173,6 +177,12 @@ int anon_vma_prepare(struct vm_area_struct *vma) if (!avc) goto out_enomem; @@ -95904,7 +95966,7 @@ index 5d91bb7..3784601 100644 anon_vma = find_mergeable_anon_vma(vma); allocated = NULL; if (!anon_vma) { -@@ -185,6 +195,18 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -186,6 +196,18 @@ int anon_vma_prepare(struct vm_area_struct *vma) /* page_table_lock to protect against threads */ spin_lock(&mm->page_table_lock); if (likely(!vma->anon_vma)) { @@ -95923,7 +95985,7 @@ index 5d91bb7..3784601 100644 vma->anon_vma = anon_vma; anon_vma_chain_link(vma, avc, anon_vma); allocated = NULL; -@@ -195,12 +217,24 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -196,12 +218,24 @@ int anon_vma_prepare(struct vm_area_struct *vma) if (unlikely(allocated)) put_anon_vma(allocated); @@ -95948,7 +96010,7 @@ index 5d91bb7..3784601 100644 anon_vma_chain_free(avc); out_enomem: return -ENOMEM; -@@ -236,7 +270,7 @@ static inline void unlock_anon_vma_root(struct anon_vma *root) +@@ -237,7 +271,7 @@ static inline void unlock_anon_vma_root(struct anon_vma *root) * Attach the anon_vmas from src to dst. * Returns 0 on success, -ENOMEM on failure. */ @@ -95957,7 +96019,7 @@ index 5d91bb7..3784601 100644 { struct anon_vma_chain *avc, *pavc; struct anon_vma *root = NULL; -@@ -269,7 +303,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) +@@ -270,7 +304,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) * the corresponding VMA in the parent process is attached to. * Returns 0 on success, non-zero on failure. */ @@ -95966,7 +96028,7 @@ index 5d91bb7..3784601 100644 { struct anon_vma_chain *avc; struct anon_vma *anon_vma; -@@ -373,8 +407,10 @@ static void anon_vma_ctor(void *data) +@@ -374,8 +408,10 @@ static void anon_vma_ctor(void *data) void __init anon_vma_init(void) { anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma), @@ -97258,7 +97320,7 @@ index a24aa22..a0d41ae 100644 } #endif diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 0fdf968..f044efb 100644 +index 0fdf968..991ff6a 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -38,6 +38,21 @@ struct vfree_deferred { @@ -97457,15 +97519,6 @@ index 0fdf968..f044efb 100644 if (flags & VM_IOREMAP) align = 1ul << clamp(fls(size), PAGE_SHIFT, IOREMAP_MAX_ORDER); -@@ -1503,7 +1592,7 @@ EXPORT_SYMBOL(vfree); - * Free the virtually contiguous memory area starting at @addr, - * which was created from the page array passed to vmap(). - * -- * Must not be called in interrupt context. -+ * Must not be called in NMI context. - */ - void vunmap(const void *addr) - { @@ -1514,6 +1603,23 @@ void vunmap(const void *addr) } EXPORT_SYMBOL(vunmap); @@ -98073,7 +98126,7 @@ index 6afa3b4..7a14180 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index d58f76b..b69600a 100644 +index d4b7702..7122922 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -625,7 +625,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, @@ -98268,7 +98321,7 @@ index dcb75c0..24b1b43 100644 } diff --git a/net/can/gw.c b/net/can/gw.c -index ac31891..4799c17 100644 +index 050a211..bb9fe33 100644 --- a/net/can/gw.c +++ b/net/can/gw.c @@ -80,7 +80,6 @@ MODULE_PARM_DESC(max_hops, @@ -98487,7 +98540,7 @@ index a16ed7b..eb44d17 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index fccc195..c8486ab 100644 +index 4c1b483..3d45b13 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1688,14 +1688,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -98579,6 +98632,40 @@ index cf999e0..c59a975 100644 } } EXPORT_SYMBOL(dev_load); +diff --git a/net/core/dst.c b/net/core/dst.c +index ca4231e..15b6792 100644 +--- a/net/core/dst.c ++++ b/net/core/dst.c +@@ -267,6 +267,15 @@ again: + } + EXPORT_SYMBOL(dst_destroy); + ++static void dst_destroy_rcu(struct rcu_head *head) ++{ ++ struct dst_entry *dst = container_of(head, struct dst_entry, rcu_head); ++ ++ dst = dst_destroy(dst); ++ if (dst) ++ __dst_free(dst); ++} ++ + void dst_release(struct dst_entry *dst) + { + if (dst) { +@@ -274,11 +283,8 @@ void dst_release(struct dst_entry *dst) + + newrefcnt = atomic_dec_return(&dst->__refcnt); + WARN_ON(newrefcnt < 0); +- if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt) { +- dst = dst_destroy(dst); +- if (dst) +- __dst_free(dst); +- } ++ if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt) ++ call_rcu(&dst->rcu_head, dst_destroy_rcu); + } + } + EXPORT_SYMBOL(dst_release); diff --git a/net/core/filter.c b/net/core/filter.c index ebce437..9fed9d0 100644 --- a/net/core/filter.c @@ -98876,7 +98963,7 @@ index fdac61c..e5e5b46 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 83b9d6a..cff1ce7 100644 +index aef1500..4b61acd 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -98986,10 +99073,10 @@ index e5ae776e..15c90cb 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index c0fc6bd..51d8326 100644 +index c806956..e5599ea 100644 --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -442,7 +442,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) struct sk_buff_head *list = &sk->sk_receive_queue; if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) { @@ -98998,7 +99085,7 @@ index c0fc6bd..51d8326 100644 trace_sock_rcvqueue_full(sk, skb); return -ENOMEM; } -@@ -403,7 +403,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -452,7 +452,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; if (!sk_rmem_schedule(sk, skb, skb->truesize)) { @@ -99007,7 +99094,7 @@ index c0fc6bd..51d8326 100644 return -ENOBUFS; } -@@ -423,7 +423,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -472,7 +472,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) skb_dst_force(skb); spin_lock_irqsave(&list->lock, flags); @@ -99016,7 +99103,7 @@ index c0fc6bd..51d8326 100644 __skb_queue_tail(list, skb); spin_unlock_irqrestore(&list->lock, flags); -@@ -443,7 +443,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -492,7 +492,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) skb->dev = NULL; if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) { @@ -99025,7 +99112,7 @@ index c0fc6bd..51d8326 100644 goto discard_and_relse; } if (nested) -@@ -461,7 +461,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -510,7 +510,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); } else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) { bh_unlock_sock(sk); @@ -99034,7 +99121,7 @@ index c0fc6bd..51d8326 100644 goto discard_and_relse; } -@@ -949,12 +949,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -998,12 +998,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, struct timeval tm; } v; @@ -99050,7 +99137,7 @@ index c0fc6bd..51d8326 100644 return -EINVAL; memset(&v, 0, sizeof(v)); -@@ -1106,11 +1106,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1155,11 +1155,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, case SO_PEERNAME: { @@ -99064,7 +99151,7 @@ index c0fc6bd..51d8326 100644 return -EINVAL; if (copy_to_user(optval, address, len)) return -EFAULT; -@@ -1191,7 +1191,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1240,7 +1240,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -99073,7 +99160,7 @@ index c0fc6bd..51d8326 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2326,7 +2326,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2375,7 +2375,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -99082,7 +99169,7 @@ index c0fc6bd..51d8326 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2454,6 +2454,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) +@@ -2503,6 +2503,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level, int type) { @@ -99090,7 +99177,7 @@ index c0fc6bd..51d8326 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2475,7 +2476,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, +@@ -2524,7 +2525,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -99101,7 +99188,7 @@ index c0fc6bd..51d8326 100644 msg->msg_flags |= MSG_ERRQUEUE; err = copied; diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index 6a7fae2..d7c22e6 100644 +index c38e7a2..773e3d7 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -9,26 +9,33 @@ @@ -99244,7 +99331,7 @@ index 4c04848..f575934 100644 static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gfp) diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c -index a603823..a36ee0b 100644 +index 3b726f3..1af6368 100644 --- a/net/decnet/dn_dev.c +++ b/net/decnet/dn_dev.c @@ -200,7 +200,7 @@ static struct dn_dev_sysctl_table { @@ -99581,6 +99668,42 @@ index 580dd96..9fcef7e 100644 msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c +index 0c3a5d1..c05c07d 100644 +--- a/net/ipv4/ip_tunnel.c ++++ b/net/ipv4/ip_tunnel.c +@@ -73,12 +73,7 @@ static void __tunnel_dst_set(struct ip_tunnel_dst *idst, + { + struct dst_entry *old_dst; + +- if (dst) { +- if (dst->flags & DST_NOCACHE) +- dst = NULL; +- else +- dst_clone(dst); +- } ++ dst_clone(dst); + old_dst = xchg((__force struct dst_entry **)&idst->dst, dst); + dst_release(old_dst); + } +@@ -108,13 +103,14 @@ static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie) + + rcu_read_lock(); + dst = rcu_dereference(this_cpu_ptr(t->dst_cache)->dst); ++ if (dst && !atomic_inc_not_zero(&dst->__refcnt)) ++ dst = NULL; + if (dst) { + if (dst->obsolete && dst->ops->check(dst, cookie) == NULL) { +- rcu_read_unlock(); + tunnel_dst_reset(t); +- return NULL; ++ dst_release(dst); ++ dst = NULL; + } +- dst_hold(dst); + } + rcu_read_unlock(); + return (struct rtable *)dst; diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e4a8f76..dd8ad72 100644 --- a/net/ipv4/ip_vti.c @@ -99635,7 +99758,7 @@ index b3e86ea..18ce98c 100644 return res; } diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c -index 812b183..56cbe9c 100644 +index 62eaa00..29b2dc2 100644 --- a/net/ipv4/ipip.c +++ b/net/ipv4/ipip.c @@ -124,7 +124,7 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); @@ -100100,7 +100223,7 @@ index 44eba05..b36864b 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index eeaac39..dc29942 100644 +index e364746..598e76e 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -761,7 +761,7 @@ static void tcp_update_pacing_rate(struct sock *sk) @@ -100112,7 +100235,7 @@ index eeaac39..dc29942 100644 sk->sk_max_pacing_rate); } -@@ -4485,7 +4485,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4484,7 +4484,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -100121,7 +100244,7 @@ index eeaac39..dc29942 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5562,6 +5562,7 @@ discard: +@@ -5561,6 +5561,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -100129,7 +100252,7 @@ index eeaac39..dc29942 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5612,6 +5613,7 @@ discard: +@@ -5611,6 +5612,7 @@ discard: goto discard; #endif } @@ -100137,7 +100260,7 @@ index eeaac39..dc29942 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5658,7 +5660,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5657,7 +5659,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -100275,7 +100398,7 @@ index 64f0354..a81b39d 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 77bd16f..3ce366b 100644 +index b25e852..cdc3258 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -100383,7 +100506,7 @@ index 77bd16f..3ce366b 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2350,7 +2374,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, +@@ -2354,7 +2378,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -100581,10 +100704,10 @@ index 2465d18..bc5bf7f 100644 .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index 0e51f68..1f501e1 100644 +index 9120339..cfdd84f 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c -@@ -85,7 +85,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) +@@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) static int ip6_tnl_dev_init(struct net_device *dev); static void ip6_tnl_dev_setup(struct net_device *dev); @@ -100593,7 +100716,7 @@ index 0e51f68..1f501e1 100644 static int ip6_tnl_net_id __read_mostly; struct ip6_tnl_net { -@@ -1714,7 +1714,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { +@@ -1715,7 +1715,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, }; @@ -100729,36 +100852,27 @@ index 767ab8d..c5ec70a 100644 return -ENOMEM; } diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c -index 827f795..bdff9eb 100644 +index b31a012..c36f09c 100644 --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c -@@ -9,8 +9,8 @@ +@@ -9,7 +9,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) { - static atomic_t ipv6_fragmentation_id; -- int old, new; + static atomic_unchecked_t ipv6_fragmentation_id; -+ int id; + int ident; #if IS_ENABLED(CONFIG_IPV6) - if (rt && !(rt->dst.flags & DST_NOPEER)) { -@@ -26,13 +26,8 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) +@@ -26,7 +26,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) } } #endif -- do { -- old = atomic_read(&ipv6_fragmentation_id); -- new = old + 1; -- if (!new) -- new = 1; -- } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old); -- fhdr->identification = htonl(new); -+ id = atomic_inc_return_unchecked(&ipv6_fragmentation_id); -+ fhdr->identification = htonl(id); +- ident = atomic_inc_return(&ipv6_fragmentation_id); ++ ident = atomic_inc_return_unchecked(&ipv6_fragmentation_id); + fhdr->identification = htonl(ident); } EXPORT_SYMBOL(ipv6_select_ident); - diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c index bda7429..469b26b 100644 --- a/net/ipv6/ping.c @@ -100963,7 +101077,7 @@ index 7cc1102..7785931 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index b4d74c8..b4f3fbe 100644 +index fe548ba..0dfa744 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -101057,7 +101171,7 @@ index 889079b..a04512c 100644 } diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 1e586d9..2b8ad76 100644 +index 20b63d2..31a777d 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -76,6 +76,10 @@ static unsigned int udp6_ehashfn(struct net *net, @@ -101263,7 +101377,7 @@ index b9ac598..f88cc56 100644 return; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index c4b7218..c7e9f14 100644 +index 1465363..c7e9f14 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -773,10 +773,10 @@ static int iucv_sock_autobind(struct sock *sk) @@ -101279,15 +101393,6 @@ index c4b7218..c7e9f14 100644 } write_unlock_bh(&iucv_sk_list.lock); -@@ -1829,7 +1829,7 @@ static void iucv_callback_txdone(struct iucv_path *path, - spin_lock_irqsave(&list->lock, flags); - - while (list_skb != (struct sk_buff *)list) { -- if (msg->tag != IUCV_SKB_CB(list_skb)->tag) { -+ if (msg->tag == IUCV_SKB_CB(list_skb)->tag) { - this = list_skb; - break; - } diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c index cd5b8ec..f205e6b 100644 --- a/net/iucv/iucv.c @@ -101386,7 +101491,7 @@ index b127902..9dc4947 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index ce1c443..6cd39e1 100644 +index 8f7fabc..e400523 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -529,7 +529,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) @@ -102149,7 +102254,7 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 04748ab6..c72ef1f 100644 +index 7f40fd2..c72ef1f 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk) @@ -102161,137 +102266,7 @@ index 04748ab6..c72ef1f 100644 } static void netlink_rcv_wake(struct sock *sk) -@@ -1360,7 +1360,74 @@ retry: - return err; - } - --static inline int netlink_capable(const struct socket *sock, unsigned int flag) -+/** -+ * __netlink_ns_capable - General netlink message capability test -+ * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace. -+ * @user_ns: The user namespace of the capability to use -+ * @cap: The capability to use -+ * -+ * Test to see if the opener of the socket we received the message -+ * from had when the netlink socket was created and the sender of the -+ * message has has the capability @cap in the user namespace @user_ns. -+ */ -+bool __netlink_ns_capable(const struct netlink_skb_parms *nsp, -+ struct user_namespace *user_ns, int cap) -+{ -+ return ((nsp->flags & NETLINK_SKB_DST) || -+ file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) && -+ ns_capable(user_ns, cap); -+} -+EXPORT_SYMBOL(__netlink_ns_capable); -+ -+/** -+ * netlink_ns_capable - General netlink message capability test -+ * @skb: socket buffer holding a netlink command from userspace -+ * @user_ns: The user namespace of the capability to use -+ * @cap: The capability to use -+ * -+ * Test to see if the opener of the socket we received the message -+ * from had when the netlink socket was created and the sender of the -+ * message has has the capability @cap in the user namespace @user_ns. -+ */ -+bool netlink_ns_capable(const struct sk_buff *skb, -+ struct user_namespace *user_ns, int cap) -+{ -+ return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap); -+} -+EXPORT_SYMBOL(netlink_ns_capable); -+ -+/** -+ * netlink_capable - Netlink global message capability test -+ * @skb: socket buffer holding a netlink command from userspace -+ * @cap: The capability to use -+ * -+ * Test to see if the opener of the socket we received the message -+ * from had when the netlink socket was created and the sender of the -+ * message has has the capability @cap in all user namespaces. -+ */ -+bool netlink_capable(const struct sk_buff *skb, int cap) -+{ -+ return netlink_ns_capable(skb, &init_user_ns, cap); -+} -+EXPORT_SYMBOL(netlink_capable); -+ -+/** -+ * netlink_net_capable - Netlink network namespace message capability test -+ * @skb: socket buffer holding a netlink command from userspace -+ * @cap: The capability to use -+ * -+ * Test to see if the opener of the socket we received the message -+ * from had when the netlink socket was created and the sender of the -+ * message has has the capability @cap over the network namespace of -+ * the socket we received the message from. -+ */ -+bool netlink_net_capable(const struct sk_buff *skb, int cap) -+{ -+ return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap); -+} -+EXPORT_SYMBOL(netlink_net_capable); -+ -+static inline int netlink_allowed(const struct socket *sock, unsigned int flag) - { - return (nl_table[sock->sk->sk_protocol].flags & flag) || - ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); -@@ -1428,7 +1495,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, - - /* Only superuser is allowed to listen multicasts */ - if (nladdr->nl_groups) { -- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV)) -+ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV)) - return -EPERM; - err = netlink_realloc_groups(sk); - if (err) -@@ -1490,7 +1557,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, - return -EINVAL; - - if ((nladdr->nl_groups || nladdr->nl_pid) && -- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) -+ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) - return -EPERM; - - if (!nlk->portid) -@@ -2096,7 +2163,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname, - break; - case NETLINK_ADD_MEMBERSHIP: - case NETLINK_DROP_MEMBERSHIP: { -- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV)) -+ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV)) - return -EPERM; - err = netlink_realloc_groups(sk); - if (err) -@@ -2228,6 +2295,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, - struct sk_buff *skb; - int err; - struct scm_cookie scm; -+ u32 netlink_skb_flags = 0; - - if (msg->msg_flags&MSG_OOB) - return -EOPNOTSUPP; -@@ -2247,8 +2315,9 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, - dst_group = ffs(addr->nl_groups); - err = -EPERM; - if ((dst_group || dst_portid) && -- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) -+ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) - goto out; -+ netlink_skb_flags |= NETLINK_SKB_DST; - } else { - dst_portid = nlk->dst_portid; - dst_group = nlk->dst_group; -@@ -2278,6 +2347,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, - NETLINK_CB(skb).portid = nlk->portid; - NETLINK_CB(skb).dst_group = dst_group; - NETLINK_CB(skb).creds = siocb->scm->creds; -+ NETLINK_CB(skb).flags = netlink_skb_flags; - - err = -EFAULT; - if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { -@@ -2933,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -3003,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, atomic_read(&s->sk_refcnt), @@ -104540,7 +104515,7 @@ index 0865b3e..7235dd4 100644 __ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) } __ksymtab_unused : { *(SORT(___ksymtab_unused+*)) } diff --git a/scripts/package/builddeb b/scripts/package/builddeb -index f46e4dd..090e168 100644 +index 152d4d2..791684c 100644 --- a/scripts/package/builddeb +++ b/scripts/package/builddeb @@ -291,6 +291,7 @@ fi @@ -105689,7 +105664,7 @@ index f79fa8b..6161868 100644 }; extern struct ima_h_table ima_htable; diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c -index c38bbce..f45133d 100644 +index 025824a..2a681b1 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -137,7 +137,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, |