aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD16
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.8-201406222110.patch)767
2 files changed, 379 insertions, 404 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 8a7b82a8e1..a9dad4e95e 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.14.8
+pkgver=3.14.10
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.14.8-201406222110.patch
+ grsecurity-3.0-3.14.10-201407012152.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -165,24 +165,24 @@ dev() {
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
-f612535d2c5d954b5e885757c387ae54 patch-3.14.8.xz
-a0519c8c05be0bf6a06e9c4b8fba680b grsecurity-3.0-3.14.8-201406222110.patch
+13d435d77d719cd845fb82627aa07974 patch-3.14.10.xz
+e43935611420bfaa55f68ba32d43be58 grsecurity-3.0-3.14.10-201407012152.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
83f0e1b1d2413bcb2dddcf87a10dc42b kernelconfig.x86
0b07cc6ece6232c631e2d55f2dd860d6 kernelconfig.x86_64
887980f603af6a1ac6f67edeae2e0d07 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
-0edab0f772836162e5e57ef294d83e88153c15a12f394914c6a25b49e408e8f1 patch-3.14.8.xz
-8acb478a24bd57145dc1524d8f2e4e1b9cc0de652b373a1eb9535e0c41385949 grsecurity-3.0-3.14.8-201406222110.patch
+e93bcbbd4568449e771f420ddd281a797b8df92ff265d59f849c3f53172fd95e patch-3.14.10.xz
+a16bb425114a1e19296d6daed4daed821df3177881de17f2e529cf4f09012984 grsecurity-3.0-3.14.10-201407012152.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
5431d66b9c1af413b4dc6f91de00a6e830e3d780a79c5f85d2d8b013b151c169 kernelconfig.x86
9f420cee74896fd3578c3b342188438ac5d6b0f327586c108367abcfc3f1e6ff kernelconfig.x86_64
ab3e07f85f4dd090b2d22b485881031bd479a1c34fc9a2e9707cb8cdebfcfda4 kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
-a71fdb5391d664ecccef6602df638588e6202992415a788ad85fab9878ec6b76034c37de824069cfc6d6d502a1fab0eba98c69170f410d28951335e19d94db72 patch-3.14.8.xz
-4a8ef5cc67205d12721e40738551672afc6d1041509143969b043da476afdac09cc39a468ddb511bda8c1cc376c3c336d33e4333eebea773831b28b637c66099 grsecurity-3.0-3.14.8-201406222110.patch
+807783caa9ff492b936b1deef2da96bfb4af5429adc4810de66fbc709ab1a707e26c03edb66a10e429ad5038697c0d522d7f63075382db5d65f622f727be5452 patch-3.14.10.xz
+1d12d3ee7d37ecc5eafefa5866c2910f53be22019c1de538de279527c63e0c4855c07c29d4b55dfdb9aacd9c9d830cfae8acef456c04566ff1967d593d15d377 grsecurity-3.0-3.14.10-201407012152.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
03f817222bf5812fa8363542e4ab108767212c67efe3994ea8fe9d0751215d9c3f166ce41de41f9070c855db6c04606828dc61265a1738920b984a24077347c4 kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.8-201406222110.patch b/main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch
index aeeb2f060e..ba8d0ddfdd 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.8-201406222110.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.10-201407012152.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index ef1d59b..7030652 100644
+index bd5d673..00eaa40 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -2956,11 +2956,23 @@ index 4693188..4596c5e 100644
static int (*invoke_psci_fn)(u32, u32, u32, u32);
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
-index 0dd3b79..e018f64 100644
+index 0dd3b79..b67388e 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
-@@ -929,10 +929,19 @@ static int tracehook_report_syscall(struct pt_regs *regs,
- return current_thread_info()->syscall;
+@@ -908,7 +908,7 @@ enum ptrace_syscall_dir {
+ PTRACE_SYSCALL_EXIT,
+ };
+
+-static int tracehook_report_syscall(struct pt_regs *regs,
++static void tracehook_report_syscall(struct pt_regs *regs,
+ enum ptrace_syscall_dir dir)
+ {
+ unsigned long ip;
+@@ -926,19 +926,29 @@ static int tracehook_report_syscall(struct pt_regs *regs,
+ current_thread_info()->syscall = -1;
+
+ regs->ARM_ip = ip;
+- return current_thread_info()->syscall;
}
+#ifdef CONFIG_GRKERNSEC_SETXID
@@ -2979,6 +2991,15 @@ index 0dd3b79..e018f64 100644
/* Do the secure computing check first; failures should be fast. */
if (secure_computing(scno) == -1)
return -1;
+
+ if (test_thread_flag(TIF_SYSCALL_TRACE))
+- scno = tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
++ tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
++
++ scno = current_thread_info()->syscall;
+
+ if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
+ trace_sys_enter(regs, scno);
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
index 1e8b030..37c3022 100644
--- a/arch/arm/kernel/setup.c
@@ -5437,10 +5458,10 @@ index 7225dad..2a7c8256 100644
/*
* If for any reason at all we couldn't handle the fault, make
diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c
-index 68232db..6ca80af 100644
+index 76069c1..c2aa816 100644
--- a/arch/ia64/mm/hugetlbpage.c
+++ b/arch/ia64/mm/hugetlbpage.c
-@@ -154,6 +154,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
+@@ -149,6 +149,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
unsigned long pgoff, unsigned long flags)
{
struct vm_unmapped_area_info info;
@@ -5448,7 +5469,7 @@ index 68232db..6ca80af 100644
if (len > RGN_MAP_LIMIT)
return -ENOMEM;
-@@ -177,6 +178,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
+@@ -172,6 +173,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
info.high_limit = HPAGE_REGION_BASE + RGN_MAP_LIMIT;
info.align_mask = PAGE_MASK & (HPAGE_SIZE - 1);
info.align_offset = 0;
@@ -5551,10 +5572,10 @@ index 2d6f0de..de5f5ac 100644
#define smp_load_acquire(p) \
diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
-index 0424315..defcca9 100644
+index 3c52fa6..11b2ad8 100644
--- a/arch/metag/mm/hugetlbpage.c
+++ b/arch/metag/mm/hugetlbpage.c
-@@ -205,6 +205,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len)
+@@ -200,6 +200,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len)
info.high_limit = TASK_SIZE;
info.align_mask = PAGE_MASK & HUGEPT_MASK;
info.align_offset = 0;
@@ -12213,7 +12234,7 @@ index c4d3da6..1aed043 100644
if (write && !pmd_write(pmd))
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
-index 9bd9ce8..dc84852 100644
+index d329537..2c3746a 100644
--- a/arch/sparc/mm/hugetlbpage.c
+++ b/arch/sparc/mm/hugetlbpage.c
@@ -25,8 +25,10 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
@@ -12485,10 +12506,10 @@ index b6cde32..c0cb736 100644
else
copy_from_user_overflow();
diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c
-index 0cb3bba..7338b2d 100644
+index e514899..f8743c4 100644
--- a/arch/tile/mm/hugetlbpage.c
+++ b/arch/tile/mm/hugetlbpage.c
-@@ -212,6 +212,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
+@@ -207,6 +207,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
info.high_limit = TASK_SIZE;
info.align_mask = PAGE_MASK & ~huge_page_mask(h);
info.align_offset = 0;
@@ -12496,7 +12517,7 @@ index 0cb3bba..7338b2d 100644
return vm_unmapped_area(&info);
}
-@@ -229,6 +230,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+@@ -224,6 +225,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
info.high_limit = current->mm->mmap_base;
info.align_mask = PAGE_MASK & ~huge_page_mask(h);
info.align_offset = 0;
@@ -12622,7 +12643,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 0af5250..59f9597 100644
+index 1981dd9..8f3ff4d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -126,7 +126,7 @@ config X86
@@ -22468,7 +22489,7 @@ index 01d1c18..8073693 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index a2a4f46..6cab058 100644
+index 6491353..a918952 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -177,13 +177,153 @@
@@ -22745,7 +22766,7 @@ index a2a4f46..6cab058 100644
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz sysenter_audit
sysenter_do_call:
-@@ -441,12 +613,24 @@ sysenter_do_call:
+@@ -442,12 +614,24 @@ sysenter_after_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
sysenter_exit:
@@ -22770,7 +22791,7 @@ index a2a4f46..6cab058 100644
PTGS_TO_GS
ENABLE_INTERRUPTS_SYSEXIT
-@@ -463,6 +647,9 @@ sysenter_audit:
+@@ -464,6 +648,9 @@ sysenter_audit:
movl %eax,%edx /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -22780,7 +22801,7 @@ index a2a4f46..6cab058 100644
pushl_cfi %ebx
movl PT_EAX(%esp),%eax /* reload syscall number */
jmp sysenter_do_call
-@@ -488,10 +675,16 @@ sysexit_audit:
+@@ -489,10 +676,16 @@ sysexit_audit:
CFI_ENDPROC
.pushsection .fixup,"ax"
@@ -22799,7 +22820,7 @@ index a2a4f46..6cab058 100644
PTGS_TO_GS_EX
ENDPROC(ia32_sysenter_target)
-@@ -506,6 +699,11 @@ ENTRY(system_call)
+@@ -507,6 +700,11 @@ ENTRY(system_call)
pushl_cfi %eax # save orig_eax
SAVE_ALL
GET_THREAD_INFO(%ebp)
@@ -22811,7 +22832,7 @@ index a2a4f46..6cab058 100644
# system call tracing in operation / emulation
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz syscall_trace_entry
-@@ -524,6 +722,15 @@ syscall_exit:
+@@ -525,6 +723,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
@@ -22827,7 +22848,7 @@ index a2a4f46..6cab058 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -580,14 +787,34 @@ ldt_ss:
+@@ -576,14 +783,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -22865,7 +22886,7 @@ index a2a4f46..6cab058 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -616,20 +843,18 @@ work_resched:
+@@ -612,20 +839,18 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -22888,7 +22909,7 @@ index a2a4f46..6cab058 100644
#endif
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -650,7 +875,7 @@ work_notifysig_v86:
+@@ -646,7 +871,7 @@ work_notifysig_v86:
movl %eax, %esp
jmp 1b
#endif
@@ -22897,7 +22918,7 @@ index a2a4f46..6cab058 100644
# perform syscall exit tracing
ALIGN
-@@ -658,11 +883,14 @@ syscall_trace_entry:
+@@ -654,11 +879,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -22913,7 +22934,7 @@ index a2a4f46..6cab058 100644
# perform syscall exit tracing
ALIGN
-@@ -675,21 +903,25 @@ syscall_exit_work:
+@@ -671,26 +899,30 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -22936,13 +22957,19 @@ index a2a4f46..6cab058 100644
syscall_badsys:
movl $-ENOSYS,PT_EAX(%esp)
- jmp resume_userspace
+ jmp syscall_exit
-END(syscall_badsys)
+ENDPROC(syscall_badsys)
+
+ sysenter_badsys:
+ movl $-ENOSYS,PT_EAX(%esp)
+ jmp sysenter_after_call
+-END(syscall_badsys)
++ENDPROC(sysenter_badsys)
CFI_ENDPROC
/*
* End of kprobes section
-@@ -705,8 +937,15 @@ END(syscall_badsys)
+@@ -706,8 +938,15 @@ END(syscall_badsys)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
@@ -22960,7 +22987,7 @@ index a2a4f46..6cab058 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -759,7 +998,7 @@ vector=vector+1
+@@ -760,7 +999,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -22969,7 +22996,7 @@ index a2a4f46..6cab058 100644
.previous
END(interrupt)
-@@ -820,7 +1059,7 @@ ENTRY(coprocessor_error)
+@@ -821,7 +1060,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -22978,7 +23005,7 @@ index a2a4f46..6cab058 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -833,7 +1072,7 @@ ENTRY(simd_coprocessor_error)
+@@ -834,7 +1073,7 @@ ENTRY(simd_coprocessor_error)
.section .altinstructions,"a"
altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
.previous
@@ -22987,7 +23014,7 @@ index a2a4f46..6cab058 100644
663: pushl $do_simd_coprocessor_error
664:
.previous
-@@ -842,7 +1081,7 @@ ENTRY(simd_coprocessor_error)
+@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -22996,7 +23023,7 @@ index a2a4f46..6cab058 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -851,18 +1090,18 @@ ENTRY(device_not_available)
+@@ -852,18 +1091,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -23018,7 +23045,7 @@ index a2a4f46..6cab058 100644
#endif
ENTRY(overflow)
-@@ -872,7 +1111,7 @@ ENTRY(overflow)
+@@ -873,7 +1112,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -23027,7 +23054,7 @@ index a2a4f46..6cab058 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -881,7 +1120,7 @@ ENTRY(bounds)
+@@ -882,7 +1121,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -23036,7 +23063,7 @@ index a2a4f46..6cab058 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -890,7 +1129,7 @@ ENTRY(invalid_op)
+@@ -891,7 +1130,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -23045,7 +23072,7 @@ index a2a4f46..6cab058 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -899,7 +1138,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -900,7 +1139,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -23054,7 +23081,7 @@ index a2a4f46..6cab058 100644
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -907,7 +1146,7 @@ ENTRY(invalid_TSS)
+@@ -908,7 +1147,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
@@ -23063,7 +23090,7 @@ index a2a4f46..6cab058 100644
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -915,7 +1154,7 @@ ENTRY(segment_not_present)
+@@ -916,7 +1155,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
@@ -23072,7 +23099,7 @@ index a2a4f46..6cab058 100644
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -923,7 +1162,7 @@ ENTRY(stack_segment)
+@@ -924,7 +1163,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
@@ -23081,7 +23108,7 @@ index a2a4f46..6cab058 100644
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -931,7 +1170,7 @@ ENTRY(alignment_check)
+@@ -932,7 +1171,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
@@ -23090,7 +23117,7 @@ index a2a4f46..6cab058 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -940,7 +1179,7 @@ ENTRY(divide_error)
+@@ -941,7 +1180,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -23099,7 +23126,7 @@ index a2a4f46..6cab058 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -950,7 +1189,7 @@ ENTRY(machine_check)
+@@ -951,7 +1190,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -23108,7 +23135,7 @@ index a2a4f46..6cab058 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -960,7 +1199,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -961,7 +1200,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -23117,7 +23144,7 @@ index a2a4f46..6cab058 100644
/*
* End of kprobes section
*/
-@@ -1070,7 +1309,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1071,7 +1310,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -23126,7 +23153,7 @@ index a2a4f46..6cab058 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1103,7 +1342,7 @@ ftrace_graph_call:
+@@ -1104,7 +1343,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -23135,7 +23162,7 @@ index a2a4f46..6cab058 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1207,7 +1446,7 @@ trace:
+@@ -1208,7 +1447,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -23144,7 +23171,7 @@ index a2a4f46..6cab058 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1225,7 +1464,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1226,7 +1465,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -23153,7 +23180,7 @@ index a2a4f46..6cab058 100644
.globl return_to_handler
return_to_handler:
-@@ -1291,15 +1530,18 @@ error_code:
+@@ -1292,15 +1531,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -23174,7 +23201,7 @@ index a2a4f46..6cab058 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1342,7 +1584,7 @@ debug_stack_correct:
+@@ -1343,7 +1585,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -23183,7 +23210,7 @@ index a2a4f46..6cab058 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1380,6 +1622,9 @@ nmi_stack_correct:
+@@ -1381,6 +1623,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -23193,7 +23220,7 @@ index a2a4f46..6cab058 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1416,12 +1661,15 @@ nmi_espfix_stack:
+@@ -1417,12 +1662,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -23210,7 +23237,7 @@ index a2a4f46..6cab058 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1434,14 +1682,14 @@ ENTRY(int3)
+@@ -1435,14 +1683,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -23227,7 +23254,7 @@ index a2a4f46..6cab058 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1450,7 +1698,7 @@ ENTRY(async_page_fault)
+@@ -1451,7 +1699,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -25962,7 +25989,7 @@ index 898160b..758cde8 100644
reset_current_kprobe();
preempt_enable_no_resched();
diff --git a/arch/x86/kernel/ksysfs.c b/arch/x86/kernel/ksysfs.c
-index c2bedae..25e7ab6 100644
+index c2bedae..25e7ab60 100644
--- a/arch/x86/kernel/ksysfs.c
+++ b/arch/x86/kernel/ksysfs.c
@@ -184,7 +184,7 @@ out:
@@ -28694,7 +28721,7 @@ index c697625..a032162 100644
out:
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 9736529..ab4f54c 100644
+index 0069118..c28ec0a 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -55,7 +55,7 @@
@@ -32588,10 +32615,10 @@ index 4500142..53a363c 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index 8c9f647..57cb402 100644
+index 8b977eb..4732c33 100644
--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
-@@ -90,23 +90,24 @@ int pmd_huge_support(void)
+@@ -80,23 +80,24 @@ int pud_huge(pud_t pud)
#ifdef CONFIG_HUGETLB_PAGE
static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
unsigned long addr, unsigned long len,
@@ -32619,7 +32646,7 @@ index 8c9f647..57cb402 100644
{
struct hstate *h = hstate_file(file);
struct vm_unmapped_area_info info;
-@@ -118,6 +119,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+@@ -108,6 +109,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
info.high_limit = current->mm->mmap_base;
info.align_mask = PAGE_MASK & ~huge_page_mask(h);
info.align_offset = 0;
@@ -32627,7 +32654,7 @@ index 8c9f647..57cb402 100644
addr = vm_unmapped_area(&info);
/*
-@@ -130,6 +132,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+@@ -120,6 +122,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
VM_BUG_ON(addr != -ENOMEM);
info.flags = 0;
info.low_limit = TASK_UNMAPPED_BASE;
@@ -32640,7 +32667,7 @@ index 8c9f647..57cb402 100644
info.high_limit = TASK_SIZE;
addr = vm_unmapped_area(&info);
}
-@@ -144,10 +152,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -134,10 +142,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
struct hstate *h = hstate_file(file);
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
@@ -32662,7 +32689,7 @@ index 8c9f647..57cb402 100644
return -ENOMEM;
if (flags & MAP_FIXED) {
-@@ -156,19 +174,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -146,19 +164,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
return addr;
}
@@ -40406,7 +40433,9 @@ index 3b7d32d..05c2f74 100644
ret = -EFAULT;
goto done;
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index 345be03..158368d 100644
+old mode 100644
+new mode 100755
+index 345be03..65b66c0
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -233,7 +233,7 @@ module_exit(drm_core_exit);
@@ -40427,6 +40456,17 @@ index 345be03..158368d 100644
unsigned int nr = DRM_IOCTL_NR(cmd);
int retcode = -EINVAL;
char stack_kdata[128];
+@@ -380,8 +380,9 @@ long drm_ioctl(struct file *filp,
+ retcode = -EFAULT;
+ goto err_i1;
+ }
+- } else
++ } else if (cmd & IOC_OUT) {
+ memset(kdata, 0, usize);
++ }
+
+ if (ioctl->flags & DRM_UNLOCKED)
+ retcode = func(dev, kdata, file_priv);
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
index 7f2af9a..1561914 100644
--- a/drivers/gpu/drm/drm_fops.c
@@ -41982,10 +42022,10 @@ index ec0ae2d..dc0780b 100644
/* copy over all the bus versions */
if (dev->bus && dev->bus->pm) {
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index 8a5384c..cf63c18 100644
+index 7cd42ea..a367c48 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2422,7 +2422,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2432,7 +2432,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
@@ -41994,7 +42034,7 @@ index 8a5384c..cf63c18 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2456,7 +2456,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2466,7 +2466,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -42085,10 +42125,10 @@ index bcb4950..61dba6c 100644
if (!virtaddr)
goto cleanup;
diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
-index 7e17a54..a50a33d 100644
+index 393fd8a..079e13f 100644
--- a/drivers/hv/hv_balloon.c
+++ b/drivers/hv/hv_balloon.c
-@@ -464,7 +464,7 @@ MODULE_PARM_DESC(hot_add, "If set attempt memory hot_add");
+@@ -470,7 +470,7 @@ MODULE_PARM_DESC(hot_add, "If set attempt memory hot_add");
module_param(pressure_report_delay, uint, (S_IRUGO | S_IWUSR));
MODULE_PARM_DESC(pressure_report_delay, "Delay in secs in reporting pressure");
@@ -42097,7 +42137,7 @@ index 7e17a54..a50a33d 100644
static int dm_ring_size = (5 * PAGE_SIZE);
-@@ -886,7 +886,7 @@ static void hot_add_req(struct work_struct *dummy)
+@@ -893,7 +893,7 @@ static void hot_add_req(struct work_struct *dummy)
pr_info("Memory hot add failed\n");
dm->state = DM_INITIALIZED;
@@ -42106,7 +42146,7 @@ index 7e17a54..a50a33d 100644
vmbus_sendpacket(dm->dev->channel, &resp,
sizeof(struct dm_hot_add_response),
(unsigned long)NULL,
-@@ -960,7 +960,7 @@ static void post_status(struct hv_dynmem_device *dm)
+@@ -973,7 +973,7 @@ static void post_status(struct hv_dynmem_device *dm)
memset(&status, 0, sizeof(struct dm_status));
status.hdr.type = DM_STATUS_REPORT;
status.hdr.size = sizeof(struct dm_status);
@@ -42115,7 +42155,7 @@ index 7e17a54..a50a33d 100644
/*
* The host expects the guest to report free memory.
-@@ -980,7 +980,7 @@ static void post_status(struct hv_dynmem_device *dm)
+@@ -993,7 +993,7 @@ static void post_status(struct hv_dynmem_device *dm)
* send the status. This can happen if we were interrupted
* after we picked our transaction ID.
*/
@@ -42123,8 +42163,8 @@ index 7e17a54..a50a33d 100644
+ if (status.hdr.trans_id != atomic_read_unchecked(&trans_id))
return;
- vmbus_sendpacket(dm->dev->channel, &status,
-@@ -1108,7 +1108,7 @@ static void balloon_up(struct work_struct *dummy)
+ /*
+@@ -1129,7 +1129,7 @@ static void balloon_up(struct work_struct *dummy)
*/
do {
@@ -42133,7 +42173,7 @@ index 7e17a54..a50a33d 100644
ret = vmbus_sendpacket(dm_device.dev->channel,
bl_resp,
bl_resp->hdr.size,
-@@ -1152,7 +1152,7 @@ static void balloon_down(struct hv_dynmem_device *dm,
+@@ -1175,7 +1175,7 @@ static void balloon_down(struct hv_dynmem_device *dm,
memset(&resp, 0, sizeof(struct dm_unballoon_response));
resp.hdr.type = DM_UNBALLOON_RESPONSE;
@@ -42142,7 +42182,7 @@ index 7e17a54..a50a33d 100644
resp.hdr.size = sizeof(struct dm_unballoon_response);
vmbus_sendpacket(dm_device.dev->channel, &resp,
-@@ -1215,7 +1215,7 @@ static void version_resp(struct hv_dynmem_device *dm,
+@@ -1238,7 +1238,7 @@ static void version_resp(struct hv_dynmem_device *dm,
memset(&version_req, 0, sizeof(struct dm_version_request));
version_req.hdr.type = DM_VERSION_REQUEST;
version_req.hdr.size = sizeof(struct dm_version_request);
@@ -42151,7 +42191,7 @@ index 7e17a54..a50a33d 100644
version_req.version.version = DYNMEM_PROTOCOL_VERSION_WIN7;
version_req.is_last_attempt = 1;
-@@ -1385,7 +1385,7 @@ static int balloon_probe(struct hv_device *dev,
+@@ -1408,7 +1408,7 @@ static int balloon_probe(struct hv_device *dev,
memset(&version_req, 0, sizeof(struct dm_version_request));
version_req.hdr.type = DM_VERSION_REQUEST;
version_req.hdr.size = sizeof(struct dm_version_request);
@@ -42160,7 +42200,7 @@ index 7e17a54..a50a33d 100644
version_req.version.version = DYNMEM_PROTOCOL_VERSION_WIN8;
version_req.is_last_attempt = 0;
-@@ -1416,7 +1416,7 @@ static int balloon_probe(struct hv_device *dev,
+@@ -1439,7 +1439,7 @@ static int balloon_probe(struct hv_device *dev,
memset(&cap_msg, 0, sizeof(struct dm_capabilities));
cap_msg.hdr.type = DM_CAPABILITIES_REPORT;
cap_msg.hdr.size = sizeof(struct dm_capabilities);
@@ -46368,6 +46408,20 @@ index 455d4c3..3353ee7 100644
}
if (!request_mem_region(mem->start, mem_size, pdev->name)) {
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+index dbcff50..5ed5124 100644
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+@@ -793,7 +793,8 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp,
+
+ return;
+ }
+- bnx2x_frag_free(fp, new_data);
++ if (new_data)
++ bnx2x_frag_free(fp, new_data);
+ drop:
+ /* drop the packet and keep the buffer in the bin */
+ DP(NETIF_MSG_RX_STATUS,
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
index a89a40f..5a8a2ac 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
@@ -46635,18 +46689,6 @@ index be7d7a6..a8983f8 100644
break;
default:
dev_err(&adapter->pdev->dev, "Invalid Virtual NIC opmode\n");
-diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
-index 7d4f549..3e46c89 100644
---- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
-+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
-@@ -1022,6 +1022,7 @@ static int qlcnic_dcb_peer_app_info(struct net_device *netdev,
- struct qlcnic_dcb_cee *peer;
- int i;
-
-+ memset(info, 0, sizeof(*info));
- *app_count = 0;
-
- if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state))
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
index 7763962..c3499a7 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
@@ -46768,7 +46810,7 @@ index bf0d55e..82bcfbd1 100644
priv = netdev_priv(dev);
priv->phy = phy;
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
-index 20bb669..9a0e17e 100644
+index 5adecc5..aec7730 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -991,13 +991,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
@@ -46794,7 +46836,7 @@ index 20bb669..9a0e17e 100644
return rtnl_link_register(ops);
};
-@@ -1052,7 +1054,7 @@ static int macvlan_device_event(struct notifier_block *unused,
+@@ -1051,7 +1053,7 @@ static int macvlan_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -46873,10 +46915,10 @@ index 1252d9c..80e660b 100644
/* We've got a compressed packet; read the change byte */
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
-index c8624a8..f0a4f6a 100644
+index 26d8c29..bbc6837 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
-@@ -2869,7 +2869,7 @@ static int team_device_event(struct notifier_block *unused,
+@@ -2874,7 +2874,7 @@ static int team_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -47035,10 +47077,10 @@ index a2515887..6d13233 100644
/* we will have to manufacture ethernet headers, prepare template */
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index d091e52..568bb179 100644
+index 40ad25d..8703023 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
-@@ -2847,7 +2847,7 @@ nla_put_failure:
+@@ -2846,7 +2846,7 @@ nla_put_failure:
return -EMSGSIZE;
}
@@ -47047,7 +47089,7 @@ index d091e52..568bb179 100644
.kind = "vxlan",
.maxtype = IFLA_VXLAN_MAX,
.policy = vxlan_policy,
-@@ -2894,7 +2894,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused,
+@@ -2893,7 +2893,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -50857,10 +50899,10 @@ index 26416c1..e796a3d 100644
spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
INIT_LIST_HEAD(&dev->t10_pr.registration_list);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index 98b48d4..f4297e5 100644
+index 24f5279..046edc5 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
-@@ -1137,7 +1137,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
+@@ -1154,7 +1154,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
* Used to determine when ORDERED commands should go from
* Dormant to Active status.
*/
@@ -52602,7 +52644,7 @@ index 4d11449..f4ccabf 100644
INIT_LIST_HEAD(&dev->ep0.urb_list);
dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE;
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
-index 2da0a5a..4870e09 100644
+index 09e9619..d266724 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -532,8 +532,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep,
@@ -56506,7 +56548,7 @@ index ce25d75..dc09eeb 100644
&data);
if (!inode) {
diff --git a/fs/aio.c b/fs/aio.c
-index 04cd768..25949c1 100644
+index 19e7d95..af5756a 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -375,7 +375,7 @@ static int aio_setup_ring(struct kioctx *ctx)
@@ -57809,10 +57851,10 @@ index d04db81..96e54f1 100644
wake_up(&root->fs_info->transaction_wait);
wake_up(&root->fs_info->transaction_blocked_wait);
diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c
-index 865f4cf..f321e86 100644
+index ff286f3..8153a14 100644
--- a/fs/btrfs/sysfs.c
+++ b/fs/btrfs/sysfs.c
-@@ -436,7 +436,7 @@ static int addrm_unknown_feature_attrs(struct btrfs_fs_info *fs_info, bool add)
+@@ -437,7 +437,7 @@ static int addrm_unknown_feature_attrs(struct btrfs_fs_info *fs_info, bool add)
for (set = 0; set < FEAT_MAX; set++) {
int i;
struct attribute *attrs[2];
@@ -58459,10 +58501,10 @@ index 35ddc3e..563e809 100644
}
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
-index 8603447..f9caeee 100644
+index 049a3f2..0f41305 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
-@@ -2094,8 +2094,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
+@@ -2099,8 +2099,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
default:
cifs_dbg(VFS, "info level %u isn't supported\n",
srch_inf->info_level);
@@ -59798,7 +59840,7 @@ index 6ea7b14..8fa16d9 100644
if (free_clusters >= (nclusters + dirty_clusters +
resv_clusters))
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index 3a603a8..9b868ba 100644
+index 62f024c..a6a1a61 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1269,19 +1269,19 @@ struct ext4_sb_info {
@@ -59831,8 +59873,65 @@ index 3a603a8..9b868ba 100644
atomic_t s_lock_busy;
/* locality groups */
+diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c
+index 594009f..c30cbe2 100644
+--- a/fs/ext4/indirect.c
++++ b/fs/ext4/indirect.c
+@@ -389,7 +389,13 @@ static int ext4_alloc_branch(handle_t *handle, struct inode *inode,
+ return 0;
+ failed:
+ for (; i >= 0; i--) {
+- if (i != indirect_blks && branch[i].bh)
++ /*
++ * We want to ext4_forget() only freshly allocated indirect
++ * blocks. Buffer for new_blocks[i-1] is at branch[i].bh and
++ * buffer at branch[0].bh is indirect block / inode already
++ * existing before ext4_alloc_branch() was called.
++ */
++ if (i > 0 && i != indirect_blks && branch[i].bh)
+ ext4_forget(handle, 1, inode, branch[i].bh,
+ branch[i].bh->b_blocknr);
+ ext4_free_blocks(handle, inode, NULL, new_blocks[i],
+@@ -1312,16 +1318,24 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode,
+ blk = *i_data;
+ if (level > 0) {
+ ext4_lblk_t first2;
++ ext4_lblk_t count2;
++
+ bh = sb_bread(inode->i_sb, le32_to_cpu(blk));
+ if (!bh) {
+ EXT4_ERROR_INODE_BLOCK(inode, le32_to_cpu(blk),
+ "Read failure");
+ return -EIO;
+ }
+- first2 = (first > offset) ? first - offset : 0;
++ if (first > offset) {
++ first2 = first - offset;
++ count2 = count;
++ } else {
++ first2 = 0;
++ count2 = count - (offset - first);
++ }
+ ret = free_hole_blocks(handle, inode, bh,
+ (__le32 *)bh->b_data, level - 1,
+- first2, count - offset,
++ first2, count2,
+ inode->i_sb->s_blocksize >> 2);
+ if (ret) {
+ brelse(bh);
+@@ -1331,8 +1345,8 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode,
+ if (level == 0 ||
+ (bh && all_zeroes((__le32 *)bh->b_data,
+ (__le32 *)bh->b_data + addr_per_block))) {
+- ext4_free_data(handle, inode, parent_bh, &blk, &blk+1);
+- *i_data = 0;
++ ext4_free_data(handle, inode, parent_bh,
++ i_data, i_data + 1);
+ }
+ brelse(bh);
+ bh = NULL;
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index 04a5c75..09894fa 100644
+index 08ddfda..a48f3f6 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
@@ -80818,7 +80917,7 @@ index c45c089..298841c 100644
u32 remainder;
return div_u64_rem(dividend, divisor, &remainder);
diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
-index 5f1ea75..5125ac5 100644
+index 5bba088..7ad4ae7 100644
--- a/include/linux/mempolicy.h
+++ b/include/linux/mempolicy.h
@@ -91,6 +91,10 @@ static inline struct mempolicy *mpol_dup(struct mempolicy *pol)
@@ -80832,7 +80931,7 @@ index 5f1ea75..5125ac5 100644
static inline void mpol_get(struct mempolicy *pol)
{
-@@ -223,6 +227,9 @@ static inline void mpol_free_shared_policy(struct shared_policy *p)
+@@ -229,6 +233,9 @@ static inline void mpol_free_shared_policy(struct shared_policy *p)
}
#define vma_policy(vma) NULL
@@ -81173,10 +81272,10 @@ index c5d5278..f0b68c8 100644
}
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
-index 9b61b9b..52147d6b 100644
+index e6800f0..d59674e 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
-@@ -396,7 +396,7 @@ struct zone {
+@@ -400,7 +400,7 @@ struct zone {
unsigned long flags; /* zone flags, see below */
/* Zone statistics */
@@ -81186,18 +81285,9 @@ index 9b61b9b..52147d6b 100644
/*
* The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on
diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h
-index 45e9214..a7227d6 100644
+index 45e9214..4a547ac 100644
--- a/include/linux/mod_devicetable.h
+++ b/include/linux/mod_devicetable.h
-@@ -13,7 +13,7 @@
- typedef unsigned long kernel_ulong_t;
- #endif
-
--#define PCI_ANY_ID (~0)
-+#define PCI_ANY_ID ((__u16)~0)
-
- struct pci_device_id {
- __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/
@@ -139,7 +139,7 @@ struct usb_device_id {
#define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200
#define USB_DEVICE_ID_MATCH_INT_NUMBER 0x0400
@@ -81544,36 +81634,6 @@ index 0000000..33f4af8
+};
+
+#endif
-diff --git a/include/linux/netlink.h b/include/linux/netlink.h
-index aad8eea..034cda7 100644
---- a/include/linux/netlink.h
-+++ b/include/linux/netlink.h
-@@ -16,9 +16,10 @@ static inline struct nlmsghdr *nlmsg_hdr(const struct sk_buff *skb)
- }
-
- enum netlink_skb_flags {
-- NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */
-- NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */
-- NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */
-+ NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */
-+ NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */
-+ NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */
-+ NETLINK_SKB_DST = 0x8, /* Dst set in sendto or sendmsg */
- };
-
- struct netlink_skb_parms {
-@@ -169,4 +170,11 @@ struct netlink_tap {
- extern int netlink_add_tap(struct netlink_tap *nt);
- extern int netlink_remove_tap(struct netlink_tap *nt);
-
-+bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
-+ struct user_namespace *ns, int cap);
-+bool netlink_ns_capable(const struct sk_buff *skb,
-+ struct user_namespace *ns, int cap);
-+bool netlink_capable(const struct sk_buff *skb, int cap);
-+bool netlink_net_capable(const struct sk_buff *skb, int cap);
-+
- #endif /* __LINUX_NETLINK_H */
diff --git a/include/linux/nls.h b/include/linux/nls.h
index 520681b..1d67ed2 100644
--- a/include/linux/nls.h
@@ -82921,7 +82981,7 @@ index 6ae004e..2743532 100644
/*
* Callback to arch code if there's nosmp or maxcpus=0 on the
diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
-index 302ab80..3233276 100644
+index 46cca4c..3323536 100644
--- a/include/linux/sock_diag.h
+++ b/include/linux/sock_diag.h
@@ -11,7 +11,7 @@ struct sock;
@@ -83833,7 +83893,7 @@ index c55aeed..b3393f4 100644
/** inet_connection_sock - INET connection oriented sock
*
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
-index 6efe73c..1a44af7 100644
+index 058271b..1a44af7 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -47,8 +47,8 @@ struct inet_peer {
@@ -83847,20 +83907,11 @@ index 6efe73c..1a44af7 100644
};
struct rcu_head rcu;
struct inet_peer *gc_next;
-@@ -177,16 +177,9 @@ static inline void inet_peer_refcheck(const struct inet_peer *p)
- /* can be called with or without local BH being disabled */
- static inline int inet_getid(struct inet_peer *p, int more)
+@@ -179,7 +179,7 @@ static inline int inet_getid(struct inet_peer *p, int more)
{
-- int old, new;
more++;
inet_peer_refcheck(p);
-- do {
-- old = atomic_read(&p->ip_id_count);
-- new = old + more;
-- if (!new)
-- new = 1;
-- } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old);
-- return new;
+- return atomic_add_return(more, &p->ip_id_count) - more;
+ return atomic_add_return_unchecked(more, &p->ip_id_count) - more;
}
@@ -84328,7 +84379,7 @@ index 0dfcc92..7967849 100644
/* Structure to track chunk fragments that have been acked, but peer
diff --git a/include/net/sock.h b/include/net/sock.h
-index b9586a1..b2948c0 100644
+index 57c31dd..f5e5196 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -348,7 +348,7 @@ struct sock {
@@ -84367,6 +84418,17 @@ index b9586a1..b2948c0 100644
static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
{
+@@ -1755,8 +1755,8 @@ sk_dst_get(struct sock *sk)
+
+ rcu_read_lock();
+ dst = rcu_dereference(sk->sk_dst_cache);
+- if (dst)
+- dst_hold(dst);
++ if (dst && !atomic_inc_not_zero(&dst->__refcnt))
++ dst = NULL;
+ rcu_read_unlock();
+ return dst;
+ }
@@ -1830,7 +1830,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
}
@@ -85819,7 +85881,7 @@ index 8d6e145..33e0b1e 100644
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index d5f31c1..06646e1 100644
+index 0c9dc86..a891393 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -122,7 +122,7 @@ u32 audit_sig_sid = 0;
@@ -86656,7 +86718,7 @@ index 81b3d67..ef189a4 100644
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index a17621c..2a89549 100644
+index 45da005c..6581b2b 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -180,6 +180,48 @@ void thread_info_cache_init(void)
@@ -87055,7 +87117,7 @@ index a17621c..2a89549 100644
/*
* Do this prior waking up the new thread - the thread pointer
* might get invalid after that point, if the thread exits quickly.
-@@ -1612,6 +1725,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1614,6 +1727,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -87064,7 +87126,7 @@ index a17621c..2a89549 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1728,7 +1843,7 @@ void __init proc_caches_init(void)
+@@ -1732,7 +1847,7 @@ void __init proc_caches_init(void)
mm_cachep = kmem_cache_create("mm_struct",
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
@@ -87073,7 +87135,7 @@ index a17621c..2a89549 100644
mmap_init();
nsproxy_cache_init();
}
-@@ -1768,7 +1883,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1772,7 +1887,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -87082,7 +87144,7 @@ index a17621c..2a89549 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1875,7 +1990,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1879,7 +1994,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -92587,10 +92649,10 @@ index 0000000..7cd6065
@@ -0,0 +1 @@
+-grsec
diff --git a/mm/Kconfig b/mm/Kconfig
-index 2888024..c15a810 100644
+index 9b63c15..2ab509e 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
-@@ -326,10 +326,11 @@ config KSM
+@@ -329,10 +329,11 @@ config KSM
root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
config DEFAULT_MMAP_MIN_ADDR
@@ -92605,7 +92667,7 @@ index 2888024..c15a810 100644
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
-@@ -360,7 +361,7 @@ config MEMORY_FAILURE
+@@ -363,7 +364,7 @@ config MEMORY_FAILURE
config HWPOISON_INJECT
tristate "HWPoison pages injector"
@@ -93032,7 +93094,7 @@ index 539eeb9..e24a987 100644
if (end == start)
return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index e346fa9..5d32f0a 100644
+index 33365e9..2234ef9 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -93053,7 +93115,7 @@ index e346fa9..5d32f0a 100644
#ifdef __ARCH_SI_TRAPNO
si.si_trapno = trapno;
#endif
-@@ -762,7 +762,7 @@ static struct page_state {
+@@ -795,7 +795,7 @@ static struct page_state {
unsigned long res;
char *msg;
int (*action)(struct page *p, unsigned long pfn);
@@ -93062,7 +93124,7 @@ index e346fa9..5d32f0a 100644
{ reserved, reserved, "reserved kernel", me_kernel },
/*
* free pages are specially detected outside this table:
-@@ -1062,7 +1062,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1095,7 +1095,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
nr_pages = 1 << compound_order(hpage);
else /* normal page or thp */
nr_pages = 1;
@@ -93071,7 +93133,7 @@ index e346fa9..5d32f0a 100644
/*
* We need/can do nothing about count=0 pages.
-@@ -1091,7 +1091,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1124,7 +1124,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
if (PageHWPoison(hpage)) {
if ((hwpoison_filter(p) && TestClearPageHWPoison(p))
|| (p != hpage && TestSetPageHWPoison(hpage))) {
@@ -93080,7 +93142,7 @@ index e346fa9..5d32f0a 100644
unlock_page(hpage);
return 0;
}
-@@ -1157,14 +1157,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1190,14 +1190,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
*/
if (!PageHWPoison(p)) {
printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn);
@@ -93097,7 +93159,7 @@ index e346fa9..5d32f0a 100644
unlock_page(hpage);
put_page(hpage);
return 0;
-@@ -1386,7 +1386,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1419,7 +1419,7 @@ int unpoison_memory(unsigned long pfn)
return 0;
}
if (TestClearPageHWPoison(p))
@@ -93106,7 +93168,7 @@ index e346fa9..5d32f0a 100644
pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
return 0;
}
-@@ -1400,7 +1400,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1433,7 +1433,7 @@ int unpoison_memory(unsigned long pfn)
*/
if (TestClearPageHWPoison(page)) {
pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
@@ -93115,7 +93177,7 @@ index e346fa9..5d32f0a 100644
freeit = 1;
if (PageHuge(page))
clear_page_hwpoison_huge_page(page);
-@@ -1525,11 +1525,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
+@@ -1558,11 +1558,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -93129,7 +93191,7 @@ index e346fa9..5d32f0a 100644
}
}
return ret;
-@@ -1568,7 +1568,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1601,7 +1601,7 @@ static int __soft_offline_page(struct page *page, int flags)
put_page(page);
pr_info("soft_offline: %#lx: invalidated\n", pfn);
SetPageHWPoison(page);
@@ -93138,7 +93200,7 @@ index e346fa9..5d32f0a 100644
return 0;
}
-@@ -1619,7 +1619,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1652,7 +1652,7 @@ static int __soft_offline_page(struct page *page, int flags)
if (!is_free_buddy_page(page))
pr_info("soft offline: %#lx: page leaked\n",
pfn);
@@ -93147,7 +93209,7 @@ index e346fa9..5d32f0a 100644
}
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1693,11 +1693,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1726,11 +1726,11 @@ int soft_offline_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -95675,7 +95737,7 @@ index 8740213..f87e25b 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 8f6daa6..1f8587c 100644
+index d013dba..d5ae30d 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
@@ -95688,7 +95750,7 @@ index 8f6daa6..1f8587c 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 7387a67..67105e4 100644
+index 4b5d4f6..56dfb0a 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -95793,7 +95855,7 @@ index 7387a67..67105e4 100644
}
}
-@@ -6565,4 +6605,4 @@ void dump_page(struct page *page, char *reason)
+@@ -6577,4 +6617,4 @@ void dump_page(struct page *page, char *reason)
{
dump_page_badflags(page, reason, 0);
}
@@ -95877,10 +95939,10 @@ index fd26d04..0cea1b0 100644
if (!mm || IS_ERR(mm)) {
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index 5d91bb7..3784601 100644
+index cdbd312..2e1e0b9 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
-@@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
+@@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
struct anon_vma *anon_vma = vma->anon_vma;
struct anon_vma_chain *avc;
@@ -95891,7 +95953,7 @@ index 5d91bb7..3784601 100644
might_sleep();
if (unlikely(!anon_vma)) {
struct mm_struct *mm = vma->vm_mm;
-@@ -172,6 +176,12 @@ int anon_vma_prepare(struct vm_area_struct *vma)
+@@ -173,6 +177,12 @@ int anon_vma_prepare(struct vm_area_struct *vma)
if (!avc)
goto out_enomem;
@@ -95904,7 +95966,7 @@ index 5d91bb7..3784601 100644
anon_vma = find_mergeable_anon_vma(vma);
allocated = NULL;
if (!anon_vma) {
-@@ -185,6 +195,18 @@ int anon_vma_prepare(struct vm_area_struct *vma)
+@@ -186,6 +196,18 @@ int anon_vma_prepare(struct vm_area_struct *vma)
/* page_table_lock to protect against threads */
spin_lock(&mm->page_table_lock);
if (likely(!vma->anon_vma)) {
@@ -95923,7 +95985,7 @@ index 5d91bb7..3784601 100644
vma->anon_vma = anon_vma;
anon_vma_chain_link(vma, avc, anon_vma);
allocated = NULL;
-@@ -195,12 +217,24 @@ int anon_vma_prepare(struct vm_area_struct *vma)
+@@ -196,12 +218,24 @@ int anon_vma_prepare(struct vm_area_struct *vma)
if (unlikely(allocated))
put_anon_vma(allocated);
@@ -95948,7 +96010,7 @@ index 5d91bb7..3784601 100644
anon_vma_chain_free(avc);
out_enomem:
return -ENOMEM;
-@@ -236,7 +270,7 @@ static inline void unlock_anon_vma_root(struct anon_vma *root)
+@@ -237,7 +271,7 @@ static inline void unlock_anon_vma_root(struct anon_vma *root)
* Attach the anon_vmas from src to dst.
* Returns 0 on success, -ENOMEM on failure.
*/
@@ -95957,7 +96019,7 @@ index 5d91bb7..3784601 100644
{
struct anon_vma_chain *avc, *pavc;
struct anon_vma *root = NULL;
-@@ -269,7 +303,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
+@@ -270,7 +304,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
* the corresponding VMA in the parent process is attached to.
* Returns 0 on success, non-zero on failure.
*/
@@ -95966,7 +96028,7 @@ index 5d91bb7..3784601 100644
{
struct anon_vma_chain *avc;
struct anon_vma *anon_vma;
-@@ -373,8 +407,10 @@ static void anon_vma_ctor(void *data)
+@@ -374,8 +408,10 @@ static void anon_vma_ctor(void *data)
void __init anon_vma_init(void)
{
anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
@@ -97258,7 +97320,7 @@ index a24aa22..a0d41ae 100644
}
#endif
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 0fdf968..f044efb 100644
+index 0fdf968..991ff6a 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -38,6 +38,21 @@ struct vfree_deferred {
@@ -97457,15 +97519,6 @@ index 0fdf968..f044efb 100644
if (flags & VM_IOREMAP)
align = 1ul << clamp(fls(size), PAGE_SHIFT, IOREMAP_MAX_ORDER);
-@@ -1503,7 +1592,7 @@ EXPORT_SYMBOL(vfree);
- * Free the virtually contiguous memory area starting at @addr,
- * which was created from the page array passed to vmap().
- *
-- * Must not be called in interrupt context.
-+ * Must not be called in NMI context.
- */
- void vunmap(const void *addr)
- {
@@ -1514,6 +1603,23 @@ void vunmap(const void *addr)
}
EXPORT_SYMBOL(vunmap);
@@ -98073,7 +98126,7 @@ index 6afa3b4..7a14180 100644
if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
rfc.mode != chan->mode)
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
-index d58f76b..b69600a 100644
+index d4b7702..7122922 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -625,7 +625,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
@@ -98268,7 +98321,7 @@ index dcb75c0..24b1b43 100644
}
diff --git a/net/can/gw.c b/net/can/gw.c
-index ac31891..4799c17 100644
+index 050a211..bb9fe33 100644
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -80,7 +80,6 @@ MODULE_PARM_DESC(max_hops,
@@ -98487,7 +98540,7 @@ index a16ed7b..eb44d17 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index fccc195..c8486ab 100644
+index 4c1b483..3d45b13 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1688,14 +1688,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -98579,6 +98632,40 @@ index cf999e0..c59a975 100644
}
}
EXPORT_SYMBOL(dev_load);
+diff --git a/net/core/dst.c b/net/core/dst.c
+index ca4231e..15b6792 100644
+--- a/net/core/dst.c
++++ b/net/core/dst.c
+@@ -267,6 +267,15 @@ again:
+ }
+ EXPORT_SYMBOL(dst_destroy);
+
++static void dst_destroy_rcu(struct rcu_head *head)
++{
++ struct dst_entry *dst = container_of(head, struct dst_entry, rcu_head);
++
++ dst = dst_destroy(dst);
++ if (dst)
++ __dst_free(dst);
++}
++
+ void dst_release(struct dst_entry *dst)
+ {
+ if (dst) {
+@@ -274,11 +283,8 @@ void dst_release(struct dst_entry *dst)
+
+ newrefcnt = atomic_dec_return(&dst->__refcnt);
+ WARN_ON(newrefcnt < 0);
+- if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt) {
+- dst = dst_destroy(dst);
+- if (dst)
+- __dst_free(dst);
+- }
++ if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt)
++ call_rcu(&dst->rcu_head, dst_destroy_rcu);
+ }
+ }
+ EXPORT_SYMBOL(dst_release);
diff --git a/net/core/filter.c b/net/core/filter.c
index ebce437..9fed9d0 100644
--- a/net/core/filter.c
@@ -98876,7 +98963,7 @@ index fdac61c..e5e5b46 100644
pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 83b9d6a..cff1ce7 100644
+index aef1500..4b61acd 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -98986,10 +99073,10 @@ index e5ae776e..15c90cb 100644
}
diff --git a/net/core/sock.c b/net/core/sock.c
-index c0fc6bd..51d8326 100644
+index c806956..e5599ea 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
-@@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -442,7 +442,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
struct sk_buff_head *list = &sk->sk_receive_queue;
if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
@@ -98998,7 +99085,7 @@ index c0fc6bd..51d8326 100644
trace_sock_rcvqueue_full(sk, skb);
return -ENOMEM;
}
-@@ -403,7 +403,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -452,7 +452,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
return err;
if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
@@ -99007,7 +99094,7 @@ index c0fc6bd..51d8326 100644
return -ENOBUFS;
}
-@@ -423,7 +423,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -472,7 +472,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
skb_dst_force(skb);
spin_lock_irqsave(&list->lock, flags);
@@ -99016,7 +99103,7 @@ index c0fc6bd..51d8326 100644
__skb_queue_tail(list, skb);
spin_unlock_irqrestore(&list->lock, flags);
-@@ -443,7 +443,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
+@@ -492,7 +492,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
skb->dev = NULL;
if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) {
@@ -99025,7 +99112,7 @@ index c0fc6bd..51d8326 100644
goto discard_and_relse;
}
if (nested)
-@@ -461,7 +461,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
+@@ -510,7 +510,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_);
} else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) {
bh_unlock_sock(sk);
@@ -99034,7 +99121,7 @@ index c0fc6bd..51d8326 100644
goto discard_and_relse;
}
-@@ -949,12 +949,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -998,12 +998,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
struct timeval tm;
} v;
@@ -99050,7 +99137,7 @@ index c0fc6bd..51d8326 100644
return -EINVAL;
memset(&v, 0, sizeof(v));
-@@ -1106,11 +1106,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1155,11 +1155,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
case SO_PEERNAME:
{
@@ -99064,7 +99151,7 @@ index c0fc6bd..51d8326 100644
return -EINVAL;
if (copy_to_user(optval, address, len))
return -EFAULT;
-@@ -1191,7 +1191,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1240,7 +1240,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
if (len > lv)
len = lv;
@@ -99073,7 +99160,7 @@ index c0fc6bd..51d8326 100644
return -EFAULT;
lenout:
if (put_user(len, optlen))
-@@ -2326,7 +2326,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2375,7 +2375,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
*/
smp_wmb();
atomic_set(&sk->sk_refcnt, 1);
@@ -99082,7 +99169,7 @@ index c0fc6bd..51d8326 100644
}
EXPORT_SYMBOL(sock_init_data);
-@@ -2454,6 +2454,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
+@@ -2503,6 +2503,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
int level, int type)
{
@@ -99090,7 +99177,7 @@ index c0fc6bd..51d8326 100644
struct sock_exterr_skb *serr;
struct sk_buff *skb, *skb2;
int copied, err;
-@@ -2475,7 +2476,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
+@@ -2524,7 +2525,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
sock_recv_timestamp(msg, sk, skb);
serr = SKB_EXT_ERR(skb);
@@ -99101,7 +99188,7 @@ index c0fc6bd..51d8326 100644
msg->msg_flags |= MSG_ERRQUEUE;
err = copied;
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
-index 6a7fae2..d7c22e6 100644
+index c38e7a2..773e3d7 100644
--- a/net/core/sock_diag.c
+++ b/net/core/sock_diag.c
@@ -9,26 +9,33 @@
@@ -99244,7 +99331,7 @@ index 4c04848..f575934 100644
static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gfp)
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
-index a603823..a36ee0b 100644
+index 3b726f3..1af6368 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -200,7 +200,7 @@ static struct dn_dev_sysctl_table {
@@ -99581,6 +99668,42 @@ index 580dd96..9fcef7e 100644
msg.msg_controllen = len;
msg.msg_flags = flags;
+diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
+index 0c3a5d1..c05c07d 100644
+--- a/net/ipv4/ip_tunnel.c
++++ b/net/ipv4/ip_tunnel.c
+@@ -73,12 +73,7 @@ static void __tunnel_dst_set(struct ip_tunnel_dst *idst,
+ {
+ struct dst_entry *old_dst;
+
+- if (dst) {
+- if (dst->flags & DST_NOCACHE)
+- dst = NULL;
+- else
+- dst_clone(dst);
+- }
++ dst_clone(dst);
+ old_dst = xchg((__force struct dst_entry **)&idst->dst, dst);
+ dst_release(old_dst);
+ }
+@@ -108,13 +103,14 @@ static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie)
+
+ rcu_read_lock();
+ dst = rcu_dereference(this_cpu_ptr(t->dst_cache)->dst);
++ if (dst && !atomic_inc_not_zero(&dst->__refcnt))
++ dst = NULL;
+ if (dst) {
+ if (dst->obsolete && dst->ops->check(dst, cookie) == NULL) {
+- rcu_read_unlock();
+ tunnel_dst_reset(t);
+- return NULL;
++ dst_release(dst);
++ dst = NULL;
+ }
+- dst_hold(dst);
+ }
+ rcu_read_unlock();
+ return (struct rtable *)dst;
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index e4a8f76..dd8ad72 100644
--- a/net/ipv4/ip_vti.c
@@ -99635,7 +99758,7 @@ index b3e86ea..18ce98c 100644
return res;
}
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
-index 812b183..56cbe9c 100644
+index 62eaa00..29b2dc2 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -124,7 +124,7 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
@@ -100100,7 +100223,7 @@ index 44eba05..b36864b 100644
hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
if (hdr == NULL)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index eeaac39..dc29942 100644
+index e364746..598e76e 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -761,7 +761,7 @@ static void tcp_update_pacing_rate(struct sock *sk)
@@ -100112,7 +100235,7 @@ index eeaac39..dc29942 100644
sk->sk_max_pacing_rate);
}
-@@ -4485,7 +4485,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4484,7 +4484,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
* simplifies code)
*/
static void
@@ -100121,7 +100244,7 @@ index eeaac39..dc29942 100644
struct sk_buff *head, struct sk_buff *tail,
u32 start, u32 end)
{
-@@ -5562,6 +5562,7 @@ discard:
+@@ -5561,6 +5561,7 @@ discard:
tcp_paws_reject(&tp->rx_opt, 0))
goto discard_and_undo;
@@ -100129,7 +100252,7 @@ index eeaac39..dc29942 100644
if (th->syn) {
/* We see SYN without ACK. It is attempt of
* simultaneous connect with crossed SYNs.
-@@ -5612,6 +5613,7 @@ discard:
+@@ -5611,6 +5612,7 @@ discard:
goto discard;
#endif
}
@@ -100137,7 +100260,7 @@ index eeaac39..dc29942 100644
/* "fifth, if neither of the SYN or RST bits is set then
* drop the segment and return."
*/
-@@ -5658,7 +5660,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5657,7 +5659,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
goto discard;
if (th->syn) {
@@ -100275,7 +100398,7 @@ index 64f0354..a81b39d 100644
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 77bd16f..3ce366b 100644
+index b25e852..cdc3258 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -87,6 +87,7 @@
@@ -100383,7 +100506,7 @@ index 77bd16f..3ce366b 100644
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
-@@ -2350,7 +2374,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2354,7 +2378,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -100581,10 +100704,10 @@ index 2465d18..bc5bf7f 100644
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
-index 0e51f68..1f501e1 100644
+index 9120339..cfdd84f 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
-@@ -85,7 +85,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
+@@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
static int ip6_tnl_dev_init(struct net_device *dev);
static void ip6_tnl_dev_setup(struct net_device *dev);
@@ -100593,7 +100716,7 @@ index 0e51f68..1f501e1 100644
static int ip6_tnl_net_id __read_mostly;
struct ip6_tnl_net {
-@@ -1714,7 +1714,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -1715,7 +1715,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
[IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
};
@@ -100729,36 +100852,27 @@ index 767ab8d..c5ec70a 100644
return -ENOMEM;
}
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
-index 827f795..bdff9eb 100644
+index b31a012..c36f09c 100644
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
-@@ -9,8 +9,8 @@
+@@ -9,7 +9,7 @@
void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
{
- static atomic_t ipv6_fragmentation_id;
-- int old, new;
+ static atomic_unchecked_t ipv6_fragmentation_id;
-+ int id;
+ int ident;
#if IS_ENABLED(CONFIG_IPV6)
- if (rt && !(rt->dst.flags & DST_NOPEER)) {
-@@ -26,13 +26,8 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
+@@ -26,7 +26,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
}
}
#endif
-- do {
-- old = atomic_read(&ipv6_fragmentation_id);
-- new = old + 1;
-- if (!new)
-- new = 1;
-- } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old);
-- fhdr->identification = htonl(new);
-+ id = atomic_inc_return_unchecked(&ipv6_fragmentation_id);
-+ fhdr->identification = htonl(id);
+- ident = atomic_inc_return(&ipv6_fragmentation_id);
++ ident = atomic_inc_return_unchecked(&ipv6_fragmentation_id);
+ fhdr->identification = htonl(ident);
}
EXPORT_SYMBOL(ipv6_select_ident);
-
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
index bda7429..469b26b 100644
--- a/net/ipv6/ping.c
@@ -100963,7 +101077,7 @@ index 7cc1102..7785931 100644
table = kmemdup(ipv6_route_table_template,
sizeof(ipv6_route_table_template),
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
-index b4d74c8..b4f3fbe 100644
+index fe548ba..0dfa744 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
@@ -101057,7 +101171,7 @@ index 889079b..a04512c 100644
}
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index 1e586d9..2b8ad76 100644
+index 20b63d2..31a777d 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -76,6 +76,10 @@ static unsigned int udp6_ehashfn(struct net *net,
@@ -101263,7 +101377,7 @@ index b9ac598..f88cc56 100644
return;
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index c4b7218..c7e9f14 100644
+index 1465363..c7e9f14 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -773,10 +773,10 @@ static int iucv_sock_autobind(struct sock *sk)
@@ -101279,15 +101393,6 @@ index c4b7218..c7e9f14 100644
}
write_unlock_bh(&iucv_sk_list.lock);
-@@ -1829,7 +1829,7 @@ static void iucv_callback_txdone(struct iucv_path *path,
- spin_lock_irqsave(&list->lock, flags);
-
- while (list_skb != (struct sk_buff *)list) {
-- if (msg->tag != IUCV_SKB_CB(list_skb)->tag) {
-+ if (msg->tag == IUCV_SKB_CB(list_skb)->tag) {
- this = list_skb;
- break;
- }
diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
index cd5b8ec..f205e6b 100644
--- a/net/iucv/iucv.c
@@ -101386,7 +101491,7 @@ index b127902..9dc4947 100644
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index ce1c443..6cd39e1 100644
+index 8f7fabc..e400523 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -529,7 +529,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
@@ -102149,7 +102254,7 @@ index 11de55e..f25e448 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 04748ab6..c72ef1f 100644
+index 7f40fd2..c72ef1f 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk)
@@ -102161,137 +102266,7 @@ index 04748ab6..c72ef1f 100644
}
static void netlink_rcv_wake(struct sock *sk)
-@@ -1360,7 +1360,74 @@ retry:
- return err;
- }
-
--static inline int netlink_capable(const struct socket *sock, unsigned int flag)
-+/**
-+ * __netlink_ns_capable - General netlink message capability test
-+ * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace.
-+ * @user_ns: The user namespace of the capability to use
-+ * @cap: The capability to use
-+ *
-+ * Test to see if the opener of the socket we received the message
-+ * from had when the netlink socket was created and the sender of the
-+ * message has has the capability @cap in the user namespace @user_ns.
-+ */
-+bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
-+ struct user_namespace *user_ns, int cap)
-+{
-+ return ((nsp->flags & NETLINK_SKB_DST) ||
-+ file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) &&
-+ ns_capable(user_ns, cap);
-+}
-+EXPORT_SYMBOL(__netlink_ns_capable);
-+
-+/**
-+ * netlink_ns_capable - General netlink message capability test
-+ * @skb: socket buffer holding a netlink command from userspace
-+ * @user_ns: The user namespace of the capability to use
-+ * @cap: The capability to use
-+ *
-+ * Test to see if the opener of the socket we received the message
-+ * from had when the netlink socket was created and the sender of the
-+ * message has has the capability @cap in the user namespace @user_ns.
-+ */
-+bool netlink_ns_capable(const struct sk_buff *skb,
-+ struct user_namespace *user_ns, int cap)
-+{
-+ return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap);
-+}
-+EXPORT_SYMBOL(netlink_ns_capable);
-+
-+/**
-+ * netlink_capable - Netlink global message capability test
-+ * @skb: socket buffer holding a netlink command from userspace
-+ * @cap: The capability to use
-+ *
-+ * Test to see if the opener of the socket we received the message
-+ * from had when the netlink socket was created and the sender of the
-+ * message has has the capability @cap in all user namespaces.
-+ */
-+bool netlink_capable(const struct sk_buff *skb, int cap)
-+{
-+ return netlink_ns_capable(skb, &init_user_ns, cap);
-+}
-+EXPORT_SYMBOL(netlink_capable);
-+
-+/**
-+ * netlink_net_capable - Netlink network namespace message capability test
-+ * @skb: socket buffer holding a netlink command from userspace
-+ * @cap: The capability to use
-+ *
-+ * Test to see if the opener of the socket we received the message
-+ * from had when the netlink socket was created and the sender of the
-+ * message has has the capability @cap over the network namespace of
-+ * the socket we received the message from.
-+ */
-+bool netlink_net_capable(const struct sk_buff *skb, int cap)
-+{
-+ return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap);
-+}
-+EXPORT_SYMBOL(netlink_net_capable);
-+
-+static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
- {
- return (nl_table[sock->sk->sk_protocol].flags & flag) ||
- ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
-@@ -1428,7 +1495,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
-
- /* Only superuser is allowed to listen multicasts */
- if (nladdr->nl_groups) {
-- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
-+ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
- return -EPERM;
- err = netlink_realloc_groups(sk);
- if (err)
-@@ -1490,7 +1557,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
- return -EINVAL;
-
- if ((nladdr->nl_groups || nladdr->nl_pid) &&
-- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
-+ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
- return -EPERM;
-
- if (!nlk->portid)
-@@ -2096,7 +2163,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
- break;
- case NETLINK_ADD_MEMBERSHIP:
- case NETLINK_DROP_MEMBERSHIP: {
-- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
-+ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
- return -EPERM;
- err = netlink_realloc_groups(sk);
- if (err)
-@@ -2228,6 +2295,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
- struct sk_buff *skb;
- int err;
- struct scm_cookie scm;
-+ u32 netlink_skb_flags = 0;
-
- if (msg->msg_flags&MSG_OOB)
- return -EOPNOTSUPP;
-@@ -2247,8 +2315,9 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
- dst_group = ffs(addr->nl_groups);
- err = -EPERM;
- if ((dst_group || dst_portid) &&
-- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
-+ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
- goto out;
-+ netlink_skb_flags |= NETLINK_SKB_DST;
- } else {
- dst_portid = nlk->dst_portid;
- dst_group = nlk->dst_group;
-@@ -2278,6 +2347,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
- NETLINK_CB(skb).portid = nlk->portid;
- NETLINK_CB(skb).dst_group = dst_group;
- NETLINK_CB(skb).creds = siocb->scm->creds;
-+ NETLINK_CB(skb).flags = netlink_skb_flags;
-
- err = -EFAULT;
- if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
-@@ -2933,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -3003,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb_running,
atomic_read(&s->sk_refcnt),
@@ -104540,7 +104515,7 @@ index 0865b3e..7235dd4 100644
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
-index f46e4dd..090e168 100644
+index 152d4d2..791684c 100644
--- a/scripts/package/builddeb
+++ b/scripts/package/builddeb
@@ -291,6 +291,7 @@ fi
@@ -105689,7 +105664,7 @@ index f79fa8b..6161868 100644
};
extern struct ima_h_table ima_htable;
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
-index c38bbce..f45133d 100644
+index 025824a..2a681b1 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -137,7 +137,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,