aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/linux-grsec/APKBUILD16
-rw-r--r--main/linux-grsec/grsecurity-3.1-3.14.36-201503182218.patch (renamed from main/linux-grsec/grsecurity-3.1-3.14.35-201503071140.patch)1117
2 files changed, 730 insertions, 403 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 736f0bce33..85f0a86beb 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.14.35
+pkgver=3.14.36
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.1-3.14.35-201503071140.patch
+ grsecurity-3.1-3.14.36-201503182218.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -165,24 +165,24 @@ dev() {
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
-7db70508b7cb888650f8bc14bca04a03 patch-3.14.35.xz
-d81a6ebd98c282c66cfede4e6a7db170 grsecurity-3.1-3.14.35-201503071140.patch
+85d1d459cb9bcedcfbdb03dd9df83d23 patch-3.14.36.xz
+44594b78075024e23fe9b588dd4a7a10 grsecurity-3.1-3.14.36-201503182218.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
4ceaeb8adf2cf3353a8327f927aeea1c kernelconfig.x86
450ca5bae3629c50c0b0485f3a334508 kernelconfig.x86_64
e18158a62b940c4b12bafbacd1e00639 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
-372a13e28ec4dc16c38e9bf2a01919960844d5c1fec66e7fe49918484c624094 patch-3.14.35.xz
-a520dbd1dbaa4fe36edb1c599783686d3aba5ed39e3105bb400fbd9afdafd31c grsecurity-3.1-3.14.35-201503071140.patch
+af2e5b01b4d771e9818271d6023bdc1ca8668bdb0fe081ab9373ee58c29795bf patch-3.14.36.xz
+2892787071815cf8b1b8cf282c063826e2ab5a3f3df303ad43630f18fb60d292 grsecurity-3.1-3.14.36-201503182218.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
1c6eca9c7fef842280bbf4705c01c4535d8fde92e00887e52d2a62a0aefe5f94 kernelconfig.x86
30cdfc33bf00d1d9a79ea2bc46dfc6a69c2317e05a84ec16b79a4c8015f70ead kernelconfig.x86_64
655e230d216896c769ec184cb7ec4f95aea3a13326251ffdf35c17426687d1b9 kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
-f698636b1c06e2694a1e991c2563f43991f75fc3a4c0933b7a2b1e1e0d847df6868c7e7aa4661ed1242b9120d3fa5214e06920feeadec098652a9b8bf7b97be8 patch-3.14.35.xz
-50047e28cd4074369ec82d8895786015952fdc5354e4082eba083fa5a990a017022bd29bbfbce059f2d84d5ffcc70fb0cb8a0e4511fb884fd25fc1b3ae727164 grsecurity-3.1-3.14.35-201503071140.patch
+971273437b29810db5931ccc58db7dbcad23895a8907b01dd3aca0fa3a3beb889c9e916cb3e5214a8753165ed952d79267b6923d4442837dfb66d53d1884e5c2 patch-3.14.36.xz
+4243784e6db8902667605f8681b9e710d26c142459721331bfa109135f530c095a1b0532bd7e916ab10f23b07041f35c0eec821d382b5aa801c2573b394773d5 grsecurity-3.1-3.14.36-201503182218.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
8479492c9c3f9bb08e7f04379bb69574fcf59b63db24392797fa6c73c992aa9d8415b97e96151f20bf5d117d5abc430da08bae4e5fb99ad6d4635bc0fadab85c kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.1-3.14.35-201503071140.patch b/main/linux-grsec/grsecurity-3.1-3.14.36-201503182218.patch
index 4cf94959ae..28c0f41f7c 100644
--- a/main/linux-grsec/grsecurity-3.1-3.14.35-201503071140.patch
+++ b/main/linux-grsec/grsecurity-3.1-3.14.36-201503182218.patch
@@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 9720e86..98643f8 100644
+index 4e6537b..ce0ac5f 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -23088,7 +23088,7 @@ index c5a9cb9..b6a5426 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 02553d6..ff1450f4 100644
+index 06469ee..ff1450f4 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -60,6 +60,8 @@
@@ -23758,7 +23758,7 @@ index 02553d6..ff1450f4 100644
.popsection
/*
-@@ -539,25 +1008,26 @@ ENTRY(ret_from_fork)
+@@ -539,7 +1008,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23766,19 +23766,9 @@ index 02553d6..ff1450f4 100644
+ testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
jz 1f
-- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-- jnz int_ret_from_sys_call
--
-- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET
-- jmp ret_from_sys_call # go to the SYSRET fastpath
-+ /*
-+ * By the time we get here, we have no idea whether our pt_regs,
-+ * ti flags, and ti status came from the 64-bit SYSCALL fast path,
-+ * the slow path, or one of the ia32entry paths.
-+ * Use int_ret_from_sys_call to return, since it can safely handle
-+ * all of the above.
-+ */
-+ jmp int_ret_from_sys_call
+ /*
+@@ -552,15 +1021,13 @@ ENTRY(ret_from_fork)
+ jmp int_ret_from_sys_call
1:
- subq $REST_SKIP, %rsp # leave space for volatiles
@@ -23794,7 +23784,7 @@ index 02553d6..ff1450f4 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -594,7 +1064,7 @@ END(ret_from_fork)
+@@ -597,7 +1064,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23803,7 +23793,7 @@ index 02553d6..ff1450f4 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -607,16 +1077,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -610,16 +1077,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23829,7 +23819,7 @@ index 02553d6..ff1450f4 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -640,10 +1117,13 @@ sysret_check:
+@@ -643,10 +1117,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -23844,7 +23834,7 @@ index 02553d6..ff1450f4 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -702,6 +1182,9 @@ auditsys:
+@@ -705,6 +1182,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -23854,7 +23844,7 @@ index 02553d6..ff1450f4 100644
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -723,7 +1206,7 @@ sysret_audit:
+@@ -726,7 +1206,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -23863,7 +23853,7 @@ index 02553d6..ff1450f4 100644
jz auditsys
#endif
SAVE_REST
-@@ -731,12 +1214,15 @@ tracesys:
+@@ -734,12 +1214,15 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -23880,7 +23870,7 @@ index 02553d6..ff1450f4 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -766,7 +1252,9 @@ GLOBAL(int_with_check)
+@@ -769,7 +1252,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -23891,7 +23881,7 @@ index 02553d6..ff1450f4 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -812,7 +1300,7 @@ int_restore_rest:
+@@ -815,7 +1300,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -23900,7 +23890,7 @@ index 02553d6..ff1450f4 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -825,9 +1313,10 @@ ENTRY(stub_\func)
+@@ -828,9 +1313,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -23913,7 +23903,7 @@ index 02553d6..ff1450f4 100644
.endm
.macro FIXED_FRAME label,func
-@@ -837,9 +1326,10 @@ ENTRY(\label)
+@@ -840,9 +1326,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -23925,7 +23915,7 @@ index 02553d6..ff1450f4 100644
.endm
FORK_LIKE clone
-@@ -847,19 +1337,6 @@ END(\label)
+@@ -850,19 +1337,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -23945,7 +23935,7 @@ index 02553d6..ff1450f4 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -871,7 +1348,7 @@ ENTRY(stub_execve)
+@@ -874,7 +1348,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23954,7 +23944,7 @@ index 02553d6..ff1450f4 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -888,7 +1365,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -891,7 +1365,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23963,7 +23953,7 @@ index 02553d6..ff1450f4 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -902,7 +1379,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -905,7 +1379,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23972,7 +23962,7 @@ index 02553d6..ff1450f4 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -916,7 +1393,7 @@ ENTRY(stub_x32_execve)
+@@ -919,7 +1393,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23981,7 +23971,7 @@ index 02553d6..ff1450f4 100644
#endif
-@@ -953,7 +1430,7 @@ vector=vector+1
+@@ -956,7 +1430,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -23990,7 +23980,7 @@ index 02553d6..ff1450f4 100644
.previous
END(interrupt)
-@@ -970,8 +1447,8 @@ END(interrupt)
+@@ -973,8 +1447,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -24001,7 +23991,7 @@ index 02553d6..ff1450f4 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -998,14 +1475,14 @@ ret_from_intr:
+@@ -1001,14 +1475,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -24020,7 +24010,7 @@ index 02553d6..ff1450f4 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1027,12 +1504,35 @@ retint_swapgs: /* return to user-space */
+@@ -1030,12 +1504,35 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -24056,7 +24046,7 @@ index 02553d6..ff1450f4 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1070,15 +1570,15 @@ native_irq_return_ldt:
+@@ -1073,15 +1570,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr),%rdi
movq %rax,(0*8)(%rdi) /* RAX */
@@ -24077,7 +24067,7 @@ index 02553d6..ff1450f4 100644
movq %rax,(4*8)(%rdi)
andl $0xffff0000,%eax
popq_cfi %rdi
-@@ -1132,7 +1632,7 @@ ENTRY(retint_kernel)
+@@ -1135,7 +1632,7 @@ ENTRY(retint_kernel)
jmp exit_intr
#endif
CFI_ENDPROC
@@ -24086,7 +24076,7 @@ index 02553d6..ff1450f4 100644
/*
* End of kprobes section
-@@ -1151,7 +1651,7 @@ ENTRY(\sym)
+@@ -1154,7 +1651,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -24095,7 +24085,7 @@ index 02553d6..ff1450f4 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1239,7 +1739,7 @@ ENTRY(\sym)
+@@ -1242,7 +1739,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24104,7 +24094,7 @@ index 02553d6..ff1450f4 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1257,10 +1757,10 @@ ENTRY(\sym)
+@@ -1260,10 +1757,10 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24117,7 +24107,7 @@ index 02553d6..ff1450f4 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1273,12 +1773,18 @@ ENTRY(\sym)
+@@ -1276,12 +1773,18 @@ ENTRY(\sym)
TRACE_IRQS_OFF_DEBUG
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
@@ -24137,7 +24127,7 @@ index 02553d6..ff1450f4 100644
.endm
.macro errorentry sym do_sym
-@@ -1296,7 +1802,7 @@ ENTRY(\sym)
+@@ -1299,7 +1802,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24146,7 +24136,7 @@ index 02553d6..ff1450f4 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1327,7 +1833,7 @@ ENTRY(\sym)
+@@ -1330,7 +1833,7 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24155,7 +24145,7 @@ index 02553d6..ff1450f4 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1357,9 +1863,10 @@ gs_change:
+@@ -1360,9 +1863,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -24167,7 +24157,7 @@ index 02553d6..ff1450f4 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1387,9 +1894,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1390,9 +1894,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -24179,7 +24169,7 @@ index 02553d6..ff1450f4 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1427,7 +1935,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1430,7 +1935,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -24188,7 +24178,7 @@ index 02553d6..ff1450f4 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1486,7 +1994,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1489,7 +1994,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -24197,7 +24187,7 @@ index 02553d6..ff1450f4 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1538,18 +2046,33 @@ ENTRY(paranoid_exit)
+@@ -1541,18 +2046,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -24233,7 +24223,7 @@ index 02553d6..ff1450f4 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1578,7 +2101,7 @@ paranoid_schedule:
+@@ -1581,7 +2101,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -24242,7 +24232,7 @@ index 02553d6..ff1450f4 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1605,12 +2128,23 @@ ENTRY(error_entry)
+@@ -1608,12 +2128,23 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -24267,7 +24257,7 @@ index 02553d6..ff1450f4 100644
ret
/*
-@@ -1644,7 +2178,7 @@ error_bad_iret:
+@@ -1647,7 +2178,7 @@ error_bad_iret:
decl %ebx /* Return to usergs */
jmp error_sti
CFI_ENDPROC
@@ -24276,7 +24266,7 @@ index 02553d6..ff1450f4 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1655,7 +2189,7 @@ ENTRY(error_exit)
+@@ -1658,7 +2189,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -24285,7 +24275,7 @@ index 02553d6..ff1450f4 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1664,7 +2198,7 @@ ENTRY(error_exit)
+@@ -1667,7 +2198,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -24294,7 +24284,7 @@ index 02553d6..ff1450f4 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1722,9 +2256,11 @@ ENTRY(nmi)
+@@ -1725,9 +2256,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -24307,7 +24297,7 @@ index 02553d6..ff1450f4 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1758,8 +2294,7 @@ nested_nmi:
+@@ -1761,8 +2294,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24317,7 +24307,7 @@ index 02553d6..ff1450f4 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1777,6 +2312,7 @@ nested_nmi_out:
+@@ -1780,6 +2312,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -24325,7 +24315,7 @@ index 02553d6..ff1450f4 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1873,13 +2409,13 @@ end_repeat_nmi:
+@@ -1876,13 +2409,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24341,7 +24331,7 @@ index 02553d6..ff1450f4 100644
DEFAULT_FRAME 0
/*
-@@ -1889,9 +2425,9 @@ end_repeat_nmi:
+@@ -1892,9 +2425,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24353,7 +24343,7 @@ index 02553d6..ff1450f4 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1900,31 +2436,36 @@ end_repeat_nmi:
+@@ -1903,31 +2436,36 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -28713,7 +28703,7 @@ index c697625..a032162 100644
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 38d3751..497a96f 100644
+index 09651d4..cdb8f22 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2258,7 +2258,7 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
@@ -36091,7 +36081,7 @@ index d6bfb87..876ee18 100644
return NULL;
}
diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c
-index ab6ba35..7ede14e 100644
+index ab6ba35..2a5ff0d 100644
--- a/arch/x86/vdso/vma.c
+++ b/arch/x86/vdso/vma.c
@@ -16,8 +16,6 @@
@@ -36103,20 +36093,7 @@ index ab6ba35..7ede14e 100644
extern char vdso_start[], vdso_end[];
extern unsigned short vdso_sync_cpuid;
-@@ -152,12 +150,6 @@ static unsigned long vdso_addr(unsigned long start, unsigned len)
- addr = start;
- }
-
-- /*
-- * Forcibly align the final address in case we have a hardware
-- * issue that requires alignment for performance reasons.
-- */
-- addr = align_vdso_addr(addr);
--
- return addr;
- }
-
-@@ -169,30 +161,37 @@ static int setup_additional_pages(struct linux_binprm *bprm,
+@@ -169,13 +167,15 @@ static int setup_additional_pages(struct linux_binprm *bprm,
unsigned size)
{
struct mm_struct *mm = current->mm;
@@ -36134,16 +36111,9 @@ index ab6ba35..7ede14e 100644
+#endif
+
addr = vdso_addr(mm->start_stack, size);
-+
-+ /*
-+ * Forcibly align the final address in case we have a hardware
-+ * issue that requires alignment for performance reasons.
-+ */
-+ addr = align_vdso_addr(addr);
-+
addr = get_unmapped_area(NULL, addr, size, 0, 0);
if (IS_ERR_VALUE(addr)) {
- ret = addr;
+@@ -183,16 +183,14 @@ static int setup_additional_pages(struct linux_binprm *bprm,
goto up_fail;
}
@@ -36163,7 +36133,7 @@ index ab6ba35..7ede14e 100644
up_fail:
up_write(&mm->mmap_sem);
-@@ -212,10 +211,3 @@ int x32_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -212,10 +210,3 @@ int x32_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
vdsox32_size);
}
#endif
@@ -39458,7 +39428,7 @@ index 8b4fa2c..5f81848 100644
new_smi->interrupt_disabled = 1;
atomic_set(&new_smi->stop_operation, 0);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 92c5937..1be4e4d 100644
+index 92c5937..2cc937b 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
@@ -39506,15 +39476,17 @@ index 92c5937..1be4e4d 100644
#else
static inline int range_is_allowed(unsigned long pfn, unsigned long size)
{
-@@ -119,6 +133,7 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+@@ -118,7 +132,8 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+ #endif
while (count > 0) {
- unsigned long remaining;
+- unsigned long remaining;
++ unsigned long remaining = 0;
+ char *temp;
sz = size_inside_page(p, count);
-@@ -134,7 +149,23 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+@@ -134,7 +149,24 @@ static ssize_t read_mem(struct file *file, char __user *buf,
if (!ptr)
return -EFAULT;
@@ -39525,12 +39497,13 @@ index 92c5937..1be4e4d 100644
+ unxlate_dev_mem_ptr(p, ptr);
+ return -ENOMEM;
+ }
-+ memcpy(temp, ptr, sz);
++ remaining = probe_kernel_read(temp, ptr, sz);
+#else
+ temp = ptr;
+#endif
+
-+ remaining = copy_to_user(buf, temp, sz);
++ if (!remaining)
++ remaining = copy_to_user(buf, temp, sz);
+
+#ifdef CONFIG_PAX_USERCOPY
+ kfree(temp);
@@ -39539,7 +39512,7 @@ index 92c5937..1be4e4d 100644
unxlate_dev_mem_ptr(p, ptr);
if (remaining)
return -EFAULT;
-@@ -363,9 +394,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -363,9 +395,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
unsigned long p = *ppos;
@@ -39550,7 +39523,7 @@ index 92c5937..1be4e4d 100644
read = 0;
if (p < (unsigned long) high_memory) {
-@@ -387,6 +417,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -387,6 +418,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
}
#endif
while (low_count > 0) {
@@ -39559,7 +39532,7 @@ index 92c5937..1be4e4d 100644
sz = size_inside_page(p, low_count);
/*
-@@ -396,7 +428,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -396,7 +429,23 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
*/
kbuf = xlate_dev_kmem_ptr((char *)p);
@@ -39568,12 +39541,13 @@ index 92c5937..1be4e4d 100644
+ temp = kmalloc(sz, GFP_KERNEL|GFP_USERCOPY);
+ if (!temp)
+ return -ENOMEM;
-+ memcpy(temp, kbuf, sz);
++ err = probe_kernel_read(temp, kbuf, sz);
+#else
+ temp = kbuf;
+#endif
+
-+ err = copy_to_user(buf, temp, sz);
++ if (!err)
++ err = copy_to_user(buf, temp, sz);
+
+#ifdef CONFIG_PAX_USERCOPY
+ kfree(temp);
@@ -39583,7 +39557,7 @@ index 92c5937..1be4e4d 100644
return -EFAULT;
buf += sz;
p += sz;
-@@ -821,6 +868,9 @@ static const struct memdev {
+@@ -821,6 +870,9 @@ static const struct memdev {
#ifdef CONFIG_PRINTK
[11] = { "kmsg", 0644, &kmsg_fops, NULL },
#endif
@@ -39593,7 +39567,7 @@ index 92c5937..1be4e4d 100644
};
static int memory_open(struct inode *inode, struct file *filp)
-@@ -892,7 +942,7 @@ static int __init chr_dev_init(void)
+@@ -892,7 +944,7 @@ static int __init chr_dev_init(void)
continue;
device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
@@ -43398,6 +43372,25 @@ index 9f5ad7c..588cd84 100644
wake_up_process(pool->thread);
}
}
+diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
+index a841123..055ebeb 100644
+--- a/drivers/infiniband/core/umem.c
++++ b/drivers/infiniband/core/umem.c
+@@ -94,6 +94,14 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
+ if (dmasync)
+ dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
+
++ /*
++ * If the combination of the addr and size requested for this memory
++ * region causes an integer overflow, return error.
++ */
++ if ((PAGE_ALIGN(addr + size) <= size) ||
++ (PAGE_ALIGN(addr + size) <= addr))
++ return ERR_PTR(-EINVAL);
++
+ if (!can_do_mlock())
+ return ERR_PTR(-EPERM);
+
diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
index 41b1195..27971a0 100644
--- a/drivers/infiniband/hw/cxgb4/mem.c
@@ -44085,7 +44078,7 @@ index eb62461..2b7fc71 100644
/* Blow away the connection if it exists. */
diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h
-index 1946101..09766d2 100644
+index 675d3c7..65d72bc 100644
--- a/drivers/infiniband/hw/qib/qib.h
+++ b/drivers/infiniband/hw/qib/qib.h
@@ -52,6 +52,7 @@
@@ -44749,7 +44742,7 @@ index e2d4e58..40cd045 100644
/* error message helper function */
diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c
-index 53d487f..cae33fe 100644
+index 53d487f..b4987ea 100644
--- a/drivers/isdn/icn/icn.c
+++ b/drivers/isdn/icn/icn.c
@@ -1045,7 +1045,7 @@ icn_writecmd(const u_char *buf, int len, int user, icn_card *card)
@@ -44793,6 +44786,15 @@ index 53d487f..cae33fe 100644
i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
}
break;
+@@ -1610,7 +1609,7 @@ icn_setup(char *line)
+ if (ints[0] > 1)
+ membase = (unsigned long)ints[2];
+ if (str && *str) {
+- strcpy(sid, str);
++ strlcpy(sid, str, sizeof(sid));
+ icn_id = sid;
+ if ((p = strchr(sid, ','))) {
+ *p++ = 0;
diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
index a4f05c5..1433bc5 100644
--- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -45023,7 +45025,7 @@ index 5152142..623d141 100644
DMWARN("name not supplied when creating device");
return -EINVAL;
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
-index 7dfdb5c..4caada6 100644
+index 089d627..ef7352e 100644
--- a/drivers/md/dm-raid1.c
+++ b/drivers/md/dm-raid1.c
@@ -40,7 +40,7 @@ enum dm_raid1_error {
@@ -45080,7 +45082,7 @@ index 7dfdb5c..4caada6 100644
m = NULL;
if (likely(m))
-@@ -927,7 +927,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
+@@ -936,7 +936,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
}
ms->mirror[mirror].ms = ms;
@@ -45089,7 +45091,7 @@ index 7dfdb5c..4caada6 100644
ms->mirror[mirror].error_type = 0;
ms->mirror[mirror].offset = offset;
-@@ -1342,7 +1342,7 @@ static void mirror_resume(struct dm_target *ti)
+@@ -1351,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti)
*/
static char device_status_char(struct mirror *m)
{
@@ -45209,7 +45211,7 @@ index e9d33ad..dae9880d 100644
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 65ee3a0..1852af9 100644
+index 1582c3da..2a5ea0b 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -187,9 +187,9 @@ struct mapped_device {
@@ -45244,7 +45246,7 @@ index 65ee3a0..1852af9 100644
wake_up(&md->eventq);
}
-@@ -2747,18 +2747,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -2740,18 +2740,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
uint32_t dm_next_uevent_seq(struct mapped_device *md)
{
@@ -45918,6 +45920,19 @@ index 2fd9009..278cc1e 100644
radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL);
if (!radio)
+diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c
+index 4b2e9e8..c2900d9 100644
+--- a/drivers/media/radio/wl128x/fmdrv_common.c
++++ b/drivers/media/radio/wl128x/fmdrv_common.c
+@@ -71,7 +71,7 @@ module_param(default_rds_buf, uint, 0444);
+ MODULE_PARM_DESC(rds_buf, "RDS buffer entries");
+
+ /* Radio Nr */
+-static u32 radio_nr = -1;
++static int radio_nr = -1;
+ module_param(radio_nr, int, 0444);
+ MODULE_PARM_DESC(radio_nr, "Radio Nr");
+
diff --git a/drivers/media/usb/dvb-usb/cinergyT2-core.c b/drivers/media/usb/dvb-usb/cinergyT2-core.c
index 9fd1527..8927230 100644
--- a/drivers/media/usb/dvb-usb/cinergyT2-core.c
@@ -48385,7 +48400,7 @@ index fbf7dcd..ad71499 100644
};
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index 07c942b..747b848 100644
+index e8c21f9..747b848 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev)
@@ -48397,33 +48412,7 @@ index 07c942b..747b848 100644
.kind = "macvtap",
.setup = macvtap_setup,
.newlink = macvtap_newlink,
-@@ -637,12 +637,15 @@ static void macvtap_skb_to_vnet_hdr(const struct sk_buff *skb,
- } /* else everything is zero */
- }
-
-+/* Neighbour code has some assumptions on HH_DATA_MOD alignment */
-+#define MACVTAP_RESERVE HH_DATA_OFF(ETH_HLEN)
-+
- /* Get packet from user space buffer */
- static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
- const struct iovec *iv, unsigned long total_len,
- size_t count, int noblock)
- {
-- int good_linear = SKB_MAX_HEAD(NET_IP_ALIGN);
-+ int good_linear = SKB_MAX_HEAD(MACVTAP_RESERVE);
- struct sk_buff *skb;
- struct macvlan_dev *vlan;
- unsigned long len = total_len;
-@@ -701,7 +704,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
- linear = vnet_hdr.hdr_len;
- }
-
-- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen,
-+ skb = macvtap_alloc_skb(&q->sk, MACVTAP_RESERVE, copylen,
- linear, noblock, &err);
- if (!skb)
- goto err;
-@@ -1023,7 +1026,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
+@@ -1026,7 +1026,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
}
ret = 0;
@@ -48432,7 +48421,7 @@ index 07c942b..747b848 100644
put_user(q->flags, &ifr->ifr_flags))
ret = -EFAULT;
macvtap_put_vlan(vlan);
-@@ -1193,7 +1196,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1196,7 +1196,7 @@ static int macvtap_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -48454,6 +48443,37 @@ index d2bb12b..d6c921e 100644
.kind = "nlmon",
.priv_size = sizeof(struct nlmon),
.setup = nlmon_setup,
+diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
+index 25f7419..62ed80a7 100644
+--- a/drivers/net/phy/phy_device.c
++++ b/drivers/net/phy/phy_device.c
+@@ -216,7 +216,7 @@ EXPORT_SYMBOL(phy_device_create);
+ * zero on success.
+ *
+ */
+-static int get_phy_c45_ids(struct mii_bus *bus, int addr, u32 *phy_id,
++static int get_phy_c45_ids(struct mii_bus *bus, int addr, int *phy_id,
+ struct phy_c45_device_ids *c45_ids) {
+ int phy_reg;
+ int i, reg_addr;
+@@ -286,7 +286,7 @@ static int get_phy_c45_ids(struct mii_bus *bus, int addr, u32 *phy_id,
+ * its return value is in turn returned.
+ *
+ */
+-static int get_phy_id(struct mii_bus *bus, int addr, u32 *phy_id,
++static int get_phy_id(struct mii_bus *bus, int addr, int *phy_id,
+ bool is_c45, struct phy_c45_device_ids *c45_ids)
+ {
+ int phy_reg;
+@@ -324,7 +324,7 @@ static int get_phy_id(struct mii_bus *bus, int addr, u32 *phy_id,
+ struct phy_device *get_phy_device(struct mii_bus *bus, int addr, bool is_c45)
+ {
+ struct phy_c45_device_ids c45_ids = {0};
+- u32 phy_id = 0;
++ int phy_id = 0;
+ int r;
+
+ r = get_phy_id(bus, addr, &phy_id, is_c45, &c45_ids);
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 5a1897d..e860630 100644
--- a/drivers/net/ppp/ppp_generic.c
@@ -48490,10 +48510,10 @@ index 1252d9c..80e660b 100644
/* We've got a compressed packet; read the change byte */
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
-index 32efe83..cef96b8 100644
+index c28e2da..f58845e 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
-@@ -2098,7 +2098,7 @@ static unsigned int team_get_num_rx_queues(void)
+@@ -2096,7 +2096,7 @@ static unsigned int team_get_num_rx_queues(void)
return TEAM_DEFAULT_NUM_RX_QUEUES;
}
@@ -48502,7 +48522,7 @@ index 32efe83..cef96b8 100644
.kind = DRV_NAME,
.priv_size = sizeof(struct team),
.setup = team_setup,
-@@ -2886,7 +2886,7 @@ static int team_device_event(struct notifier_block *unused,
+@@ -2884,7 +2884,7 @@ static int team_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -51932,7 +51952,7 @@ index e8abb73..faa6fbe 100644
if (!sdp->request_queue->rq_timeout) {
if (sdp->type != TYPE_MOD)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index df5e961..df6b97f 100644
+index eb81c98..e6716ae 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1102,7 +1102,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
@@ -52505,6 +52525,122 @@ index dc23395..cf7e9b1 100644
struct io_req {
struct list_head list;
+diff --git a/drivers/staging/rts5139/rts51x_transport.c b/drivers/staging/rts5139/rts51x_transport.c
+index c172f4a..ad5aeb6 100644
+--- a/drivers/staging/rts5139/rts51x_transport.c
++++ b/drivers/staging/rts5139/rts51x_transport.c
+@@ -339,11 +339,18 @@ int rts51x_ctrl_transfer(struct rts51x_chip *chip, unsigned int pipe,
+ void *data, u16 size, int timeout)
+ {
+ struct rts51x_usb *rts51x = chip->usb;
++ void *buf = kmalloc(size, GFP_KERNEL);
+ int result;
++ int ret;
++
++ if (buf == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
+
+ RTS51X_DEBUGP("%s: rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
+ __func__, request, requesttype, value, index, size);
+
++ memcpy(buf, data, size);
++
+ /* fill in the devrequest structure */
+ rts51x->cr->bRequestType = requesttype;
+ rts51x->cr->bRequest = request;
+@@ -353,12 +360,17 @@ int rts51x_ctrl_transfer(struct rts51x_chip *chip, unsigned int pipe,
+
+ /* fill and submit the URB */
+ usb_fill_control_urb(rts51x->current_urb, rts51x->pusb_dev, pipe,
+- (unsigned char *)rts51x->cr, data, size,
++ (unsigned char *)rts51x->cr, buf, size,
+ urb_done_completion, NULL);
+ result = rts51x_msg_common(chip, rts51x->current_urb, timeout);
+
+- return interpret_urb_result(chip, pipe, size, result,
++ ret = interpret_urb_result(chip, pipe, size, result,
+ rts51x->current_urb->actual_length);
++ memcpy(data, buf, size);
++
++ kfree(buf);
++
++ return ret;
+ }
+
+ static int rts51x_clear_halt(struct rts51x_chip *chip, unsigned int pipe)
+@@ -535,17 +547,30 @@ static int rts51x_bulk_transfer_buf(struct rts51x_chip *chip,
+ unsigned int *act_len, int timeout)
+ {
+ int result;
++ int ret;
++ void *newbuf = kmalloc(length, GFP_KERNEL);
++
++ if (newbuf == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
++
++ memcpy(newbuf, buf, length);
+
+ /* fill and submit the URB */
+ usb_fill_bulk_urb(chip->usb->current_urb, chip->usb->pusb_dev, pipe,
+- buf, length, urb_done_completion, NULL);
++ newbuf, length, urb_done_completion, NULL);
+ result = rts51x_msg_common(chip, chip->usb->current_urb, timeout);
+
+ /* store the actual length of the data transferred */
+ if (act_len)
+ *act_len = chip->usb->current_urb->actual_length;
+- return interpret_urb_result(chip, pipe, length, result,
++ ret = interpret_urb_result(chip, pipe, length, result,
+ chip->usb->current_urb->actual_length);
++
++ memcpy(buf, newbuf, length);
++
++ kfree(newbuf);
++
++ return ret;
+ }
+
+ int rts51x_transfer_data(struct rts51x_chip *chip, unsigned int pipe,
+@@ -624,11 +649,19 @@ int rts51x_get_epc_status(struct rts51x_chip *chip, u16 *status)
+ unsigned int pipe = RCV_INTR_PIPE(chip);
+ struct usb_host_endpoint *ep;
+ struct completion urb_done;
++ u16 *buf_status;
+ int result;
++ int ret;
+
+ if (!status)
+ TRACE_RET(chip, STATUS_ERROR);
+
++ buf_status = kmalloc(sizeof(*status), GFP_KERNEL);
++ if (buf_status == NULL)
++ TRACE_RET(chip, STATUS_ERROR);
++
++ *buf_status = *status;
++
+ /* set up data structures for the wakeup system */
+ init_completion(&urb_done);
+
+@@ -638,12 +671,17 @@ int rts51x_get_epc_status(struct rts51x_chip *chip, u16 *status)
+ /* Set interval to 10 here to match the endpoint descriptor,
+ * the polling interval is controlled by the polling thread */
+ usb_fill_int_urb(chip->usb->intr_urb, chip->usb->pusb_dev, pipe,
+- status, 2, urb_done_completion, &urb_done, 10);
++ buf_status, 2, urb_done_completion, &urb_done, 10);
+
+ result = rts51x_msg_common(chip, chip->usb->intr_urb, 100);
+
+- return interpret_urb_result(chip, pipe, 2, result,
++ ret = interpret_urb_result(chip, pipe, 2, result,
+ chip->usb->intr_urb->actual_length);
++ *status = *buf_status;
++
++ kfree(buf_status);
++
++ return ret;
+ }
+
+ u8 media_not_present[] = {
diff --git a/drivers/staging/sbe-2t3e3/netdev.c b/drivers/staging/sbe-2t3e3/netdev.c
index 1f5088b..0e59820 100644
--- a/drivers/staging/sbe-2t3e3/netdev.c
@@ -53886,7 +54022,7 @@ index ce396ec..04a37be 100644
if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 25d0741..36e7237 100644
+index 39988fa..f36ed8a 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -3480,7 +3480,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
@@ -54284,7 +54420,7 @@ index 2a3bbdf..91d72cf 100644
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
-index 9ca7716..a2ccc2e 100644
+index 45b7b96..e016243 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
@@ -58372,34 +58508,19 @@ index 6530ced..4a827e2 100644
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
-index 3182c0e..23b078e 100644
+index e3399dc..23b078e 100644
--- a/fs/autofs4/dev-ioctl.c
+++ b/fs/autofs4/dev-ioctl.c
-@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
- */
- static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
- {
-- struct autofs_dev_ioctl tmp;
-+ struct autofs_dev_ioctl tmp, *res;
-
- if (copy_from_user(&tmp, in, sizeof(tmp)))
- return ERR_PTR(-EFAULT);
-@@ -103,7 +103,14 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i
+@@ -103,6 +103,9 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i
if (tmp.size < sizeof(tmp))
return ERR_PTR(-EINVAL);
-- return memdup_user(in, tmp.size);
+ if (tmp.size > (PATH_MAX + sizeof(tmp)))
+ return ERR_PTR(-ENAMETOOLONG);
+
-+ res = memdup_user(in, tmp.size);
-+ if (!IS_ERR(res))
-+ res->size = tmp.size;
-+
-+ return res;
- }
-
- static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
+ res = memdup_user(in, tmp.size);
+ if (!IS_ERR(res))
+ res->size = tmp.size;
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index 116fd38..c04182da 100644
--- a/fs/autofs4/waitq.c
@@ -60945,30 +61066,10 @@ index 4366127..b8c2cf9 100644
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index 1576195..5bf8b25 100644
+index 1ff8fe5..5bf8b25 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
-@@ -245,10 +245,19 @@ static int debugfs_show_options(struct seq_file *m, struct dentry *root)
- return 0;
- }
-
-+static void debugfs_evict_inode(struct inode *inode)
-+{
-+ truncate_inode_pages(&inode->i_data, 0);
-+ clear_inode(inode);
-+ if (S_ISLNK(inode->i_mode))
-+ kfree(inode->i_private);
-+}
-+
- static const struct super_operations debugfs_super_operations = {
- .statfs = simple_statfs,
- .remount_fs = debugfs_remount,
- .show_options = debugfs_show_options,
-+ .evict_inode = debugfs_evict_inode,
- };
-
- static int debug_fill_super(struct super_block *sb, void *data, int silent)
-@@ -415,7 +424,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
+@@ -424,7 +424,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
*/
struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
{
@@ -60980,38 +61081,6 @@ index 1576195..5bf8b25 100644
parent, NULL, NULL);
}
EXPORT_SYMBOL_GPL(debugfs_create_dir);
-@@ -465,23 +478,14 @@ static int __debugfs_remove(struct dentry *dentry, struct dentry *parent)
- int ret = 0;
-
- if (debugfs_positive(dentry)) {
-- if (dentry->d_inode) {
-- dget(dentry);
-- switch (dentry->d_inode->i_mode & S_IFMT) {
-- case S_IFDIR:
-- ret = simple_rmdir(parent->d_inode, dentry);
-- break;
-- case S_IFLNK:
-- kfree(dentry->d_inode->i_private);
-- /* fall through */
-- default:
-- simple_unlink(parent->d_inode, dentry);
-- break;
-- }
-- if (!ret)
-- d_delete(dentry);
-- dput(dentry);
-- }
-+ dget(dentry);
-+ if (S_ISDIR(dentry->d_inode->i_mode))
-+ ret = simple_rmdir(parent->d_inode, dentry);
-+ else
-+ simple_unlink(parent->d_inode, dentry);
-+ if (!ret)
-+ d_delete(dentry);
-+ dput(dentry);
- }
- return ret;
- }
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index a85ceb7..5097313b 100644
--- a/fs/ecryptfs/inode.c
@@ -62175,6 +62244,48 @@ index 1268a1b..adf949f 100644
__ext4_warning(sb, function, line,
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
+index 2400ad1..0bc93ab 100644
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -400,7 +400,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+
+ ext4_debug("mark blocks [%llu/%u] used\n", block, count);
+ for (count2 = count; count > 0; count -= count2, block += count2) {
+- ext4_fsblk_t start;
++ ext4_fsblk_t start, diff;
+ struct buffer_head *bh;
+ ext4_group_t group;
+ int err;
+@@ -409,10 +409,6 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+ start = ext4_group_first_block_no(sb, group);
+ group -= flex_gd->groups[0].group;
+
+- count2 = EXT4_BLOCKS_PER_GROUP(sb) - (block - start);
+- if (count2 > count)
+- count2 = count;
+-
+ if (flex_gd->bg_flags[group] & EXT4_BG_BLOCK_UNINIT) {
+ BUG_ON(flex_gd->count > 1);
+ continue;
+@@ -429,9 +425,15 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
+ err = ext4_journal_get_write_access(handle, bh);
+ if (err)
+ return err;
++
++ diff = block - start;
++ count2 = EXT4_BLOCKS_PER_GROUP(sb) - diff;
++ if (count2 > count)
++ count2 = count;
++
+ ext4_debug("mark block bitmap %#04llx (+%llu/%u)\n", block,
+- block - start, count2);
+- ext4_set_bits(bh->b_data, block - start, count2);
++ diff, count2);
++ ext4_set_bits(bh->b_data, diff, count2);
+
+ err = ext4_handle_dirty_metadata(handle, NULL, bh);
+ if (unlikely(err))
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 9fb3e6c..9a82508 100644
--- a/fs/ext4/super.c
@@ -66643,10 +66754,10 @@ index 985ea88..d118a0a 100644
}
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
-index b7f268e..3bea6b7 100644
+index 2e2d9d5..0ac3d4e 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
-@@ -23,6 +23,7 @@
+@@ -22,6 +22,7 @@
#include <linux/bitops.h>
#include <linux/spinlock.h>
#include <linux/completion.h>
@@ -66654,7 +66765,7 @@ index b7f268e..3bea6b7 100644
#include <asm/uaccess.h>
#include "internal.h"
-@@ -207,6 +208,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry,
+@@ -195,6 +196,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry,
return proc_lookup_de(PDE(dir), dir, dentry);
}
@@ -66670,7 +66781,7 @@ index b7f268e..3bea6b7 100644
/*
* This returns non-zero if at EOF, so that the /proc
* root directory can use this and check if it should
-@@ -264,6 +274,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx)
+@@ -252,6 +262,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx)
return proc_readdir_de(PDE(inode), file, ctx);
}
@@ -66687,7 +66798,7 @@ index b7f268e..3bea6b7 100644
/*
* These are the generic /proc directory operations. They
* use the in-memory "struct proc_dir_entry" tree to parse
-@@ -275,6 +295,12 @@ static const struct file_operations proc_dir_operations = {
+@@ -263,6 +283,12 @@ static const struct file_operations proc_dir_operations = {
.iterate = proc_readdir,
};
@@ -66700,7 +66811,7 @@ index b7f268e..3bea6b7 100644
/*
* proc directories can do almost nothing..
*/
-@@ -284,6 +310,12 @@ static const struct inode_operations proc_dir_inode_operations = {
+@@ -272,6 +298,12 @@ static const struct inode_operations proc_dir_inode_operations = {
.setattr = proc_notify_change,
};
@@ -66713,7 +66824,7 @@ index b7f268e..3bea6b7 100644
static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp)
{
struct proc_dir_entry *tmp;
-@@ -294,8 +326,13 @@ static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp
+@@ -282,8 +314,13 @@ static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp
return ret;
if (S_ISDIR(dp->mode)) {
@@ -66729,7 +66840,7 @@ index b7f268e..3bea6b7 100644
dir->nlink++;
} else if (S_ISLNK(dp->mode)) {
dp->proc_iops = &proc_link_inode_operations;
-@@ -407,6 +444,27 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode,
+@@ -395,6 +432,27 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode,
}
EXPORT_SYMBOL_GPL(proc_mkdir_data);
@@ -66757,7 +66868,7 @@ index b7f268e..3bea6b7 100644
struct proc_dir_entry *proc_mkdir_mode(const char *name, umode_t mode,
struct proc_dir_entry *parent)
{
-@@ -421,6 +479,13 @@ struct proc_dir_entry *proc_mkdir(const char *name,
+@@ -409,6 +467,13 @@ struct proc_dir_entry *proc_mkdir(const char *name,
}
EXPORT_SYMBOL(proc_mkdir);
@@ -66772,13 +66883,13 @@ index b7f268e..3bea6b7 100644
struct proc_dir_entry *parent,
const struct file_operations *proc_fops,
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index 124fc43..8afbb02 100644
+index 2f2815f..07fa320 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
-@@ -23,11 +23,17 @@
- #include <linux/slab.h>
+@@ -24,11 +24,17 @@
#include <linux/mount.h>
#include <linux/magic.h>
+ #include <linux/namei.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -66793,7 +66904,7 @@ index 124fc43..8afbb02 100644
static void proc_evict_inode(struct inode *inode)
{
struct proc_dir_entry *de;
-@@ -55,6 +61,13 @@ static void proc_evict_inode(struct inode *inode)
+@@ -56,6 +62,13 @@ static void proc_evict_inode(struct inode *inode)
ns = PROC_I(inode)->ns.ns;
if (ns_ops && ns)
ns_ops->put(ns);
@@ -66807,7 +66918,7 @@ index 124fc43..8afbb02 100644
}
static struct kmem_cache * proc_inode_cachep;
-@@ -413,7 +426,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+@@ -434,7 +447,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
@@ -66820,7 +66931,7 @@ index 124fc43..8afbb02 100644
if (de->size)
inode->i_size = de->size;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index 651d09a..6a4b495 100644
+index 8b8ca1d..d15474f 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -46,9 +46,10 @@ struct proc_dir_entry {
@@ -85289,6 +85400,19 @@ index 5f2e559..7d59314 100644
/**
* struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
+diff --git a/include/linux/percpu.h b/include/linux/percpu.h
+index e3817d2..74af65b 100644
+--- a/include/linux/percpu.h
++++ b/include/linux/percpu.h
+@@ -59,7 +59,7 @@
+ * preallocate for this. Keep PERCPU_DYNAMIC_RESERVE equal to or
+ * larger than PERCPU_DYNAMIC_EARLY_SIZE.
+ */
+-#define PERCPU_DYNAMIC_EARLY_SLOTS 128
++#define PERCPU_DYNAMIC_EARLY_SLOTS 256
+ #define PERCPU_DYNAMIC_EARLY_SIZE (12 << 10)
+
+ /*
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index e56b07f..aef789b 100644
--- a/include/linux/perf_event.h
@@ -88257,7 +88381,7 @@ index 9a00147..d814573 100644
struct snd_soc_platform {
const char *name;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index 1772fad..282e3e2 100644
+index 34932540..8d54ec7 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -754,7 +754,7 @@ struct se_device {
@@ -88651,7 +88775,7 @@ index 30f5362..8ed8ac9 100644
void *pmi_pal;
u8 *vbe_state_orig; /*
diff --git a/init/Kconfig b/init/Kconfig
-index 8b9521a..8a3cc34 100644
+index 8b9521a..8a3cc34d 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1079,6 +1079,7 @@ endif # CGROUPS
@@ -92892,8 +93016,21 @@ index f1fe7ec..7d4e641 100644
break;
if (pm_wakeup_pending()) {
+diff --git a/kernel/printk/console_cmdline.h b/kernel/printk/console_cmdline.h
+index cbd69d8..2ca4a8b 100644
+--- a/kernel/printk/console_cmdline.h
++++ b/kernel/printk/console_cmdline.h
+@@ -3,7 +3,7 @@
+
+ struct console_cmdline
+ {
+- char name[8]; /* Name of the driver */
++ char name[16]; /* Name of the driver */
+ int index; /* Minor dev. to use */
+ char *options; /* Options for the driver */
+ #ifdef CONFIG_A11Y_BRAILLE_CONSOLE
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index 8c086e6..a52bc51 100644
+index 8c086e6..bf7e534 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -92908,6 +93045,14 @@ index 8c086e6..a52bc51 100644
if (syslog_action_restricted(type)) {
if (capable(CAP_SYSLOG))
return 0;
+@@ -2280,6 +2285,7 @@ void register_console(struct console *newcon)
+ for (i = 0, c = console_cmdline;
+ i < MAX_CMDLINECONSOLES && c->name[0];
+ i++, c++) {
++ BUILD_BUG_ON(sizeof(c->name) != sizeof(newcon->name));
+ if (strcmp(c->name, newcon->name) != 0)
+ continue;
+ if (newcon->index >= 0 &&
diff --git a/kernel/profile.c b/kernel/profile.c
index ebdd9c1..612ee05 100644
--- a/kernel/profile.c
@@ -96724,7 +96869,7 @@ index b32b70c..e512eb0 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 472259b..7a58e99 100644
+index c3e8660..3499fac 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2070,6 +2070,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -96771,7 +96916,7 @@ index 472259b..7a58e99 100644
if (ret)
goto out;
-@@ -2629,6 +2633,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2630,6 +2634,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -96799,7 +96944,7 @@ index 472259b..7a58e99 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2745,6 +2770,11 @@ retry_avoidcopy:
+@@ -2746,6 +2771,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -96811,7 +96956,7 @@ index 472259b..7a58e99 100644
/* Make the old page be freed below */
new_page = old_page;
}
-@@ -2909,6 +2939,10 @@ retry:
+@@ -2910,6 +2940,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -96822,7 +96967,7 @@ index 472259b..7a58e99 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl);
-@@ -2939,6 +2973,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2940,6 +2974,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -96833,7 +96978,7 @@ index 472259b..7a58e99 100644
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -2952,6 +2990,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2953,6 +2991,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(hstate_index(h));
}
@@ -97136,7 +97281,7 @@ index a98c7fc..393f8f1 100644
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index 7f30bea..67cb92b 100644
+index 102af09..4118c57 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -98021,7 +98166,7 @@ index b1eb536..091d154 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index 085bcd8..916b1d4 100644
+index d4c97ba..916b1d4 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -37,6 +37,7 @@
@@ -98086,24 +98231,6 @@ index 085bcd8..916b1d4 100644
/*
* Make sure vm_committed_as in one cacheline and not cacheline shared with
* other variables. It can be updated by several CPUs frequently.
-@@ -129,7 +150,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed);
- */
- int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- {
-- unsigned long free, allowed, reserve;
-+ long free, allowed, reserve;
-
- vm_acct_memory(pages);
-
-@@ -193,7 +214,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- */
- if (mm) {
- reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
-- allowed -= min(mm->total_vm / 32, reserve);
-+ allowed -= min_t(long, mm->total_vm / 32, reserve);
- }
-
- if (percpu_counter_read_positive(&vm_committed_as) < allowed)
@@ -247,6 +268,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
struct vm_area_struct *next = vma->vm_next;
@@ -99632,7 +99759,7 @@ index 05f1180..c3cde48 100644
out:
if (ret & ~PAGE_MASK)
diff --git a/mm/nommu.c b/mm/nommu.c
-index 3ee4f74..d79b8e2 100644
+index 76b3f90..d79b8e2 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -66,7 +66,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
@@ -99667,24 +99794,6 @@ index 3ee4f74..d79b8e2 100644
*region = *vma->vm_region;
new->vm_region = region;
-@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range);
- */
- int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- {
-- unsigned long free, allowed, reserve;
-+ long free, allowed, reserve;
-
- vm_acct_memory(pages);
-
-@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
- */
- if (mm) {
- reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
-- allowed -= min(mm->total_vm / 32, reserve);
-+ allowed -= min_t(long, mm->total_vm / 32, reserve);
- }
-
- if (percpu_counter_read_positive(&vm_committed_as) < allowed)
@@ -2001,8 +1992,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
}
EXPORT_SYMBOL(generic_file_remap_pages);
@@ -99730,7 +99839,7 @@ index 9f45f87..749bfd8 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index ea41913..d1a474f 100644
+index 0479732..4c6aee3 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -99826,7 +99935,7 @@ index ea41913..d1a474f 100644
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -1948,7 +1988,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
+@@ -1946,7 +1986,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
do {
mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -99835,7 +99944,7 @@ index ea41913..d1a474f 100644
zone_clear_flag(zone, ZONE_FAIR_DEPLETED);
} while (zone++ != preferred_zone);
}
-@@ -5711,7 +5751,7 @@ static void __setup_per_zone_wmarks(void)
+@@ -5709,7 +5749,7 @@ static void __setup_per_zone_wmarks(void)
__mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -99844,7 +99953,7 @@ index ea41913..d1a474f 100644
setup_zone_migrate_reserve(zone);
spin_unlock_irqrestore(&zone->lock, flags);
-@@ -6652,4 +6692,4 @@ void dump_page(struct page *page, char *reason)
+@@ -6650,4 +6690,4 @@ void dump_page(struct page *page, char *reason)
{
dump_page_badflags(page, reason, 0);
}
@@ -102492,7 +102601,7 @@ index 2e87eec..6301eb0 100644
switch (ss->ss_family) {
diff --git a/net/compat.c b/net/compat.c
-index cbc1a2a..ab7644e 100644
+index 275af79..859a46f 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
@@ -102622,7 +102731,7 @@ index cbc1a2a..ab7644e 100644
struct group_filter __user *kgf;
int __user *koptlen;
u32 interface, fmode, numsrc;
-@@ -804,7 +804,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
+@@ -795,7 +795,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
if (call < SYS_SOCKET || call > SYS_SENDMMSG)
return -EINVAL;
@@ -102645,7 +102754,7 @@ index a16ed7b..eb44d17 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 4ed77d7..e1ef1c9 100644
+index f6d8d7f..846845c 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -103048,7 +103157,7 @@ index 723fa7d..81bd037 100644
iph->ttl = 64;
iph->protocol = IPPROTO_UDP;
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
-index fdac61c..e5e5b46 100644
+index ca68d32..236499d 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -3719,7 +3719,7 @@ static int __net_init pg_net_init(struct net *net)
@@ -103061,7 +103170,7 @@ index fdac61c..e5e5b46 100644
pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index a6613ff..810aa44 100644
+index 8aadd6a..adf3f59 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -103099,7 +103208,7 @@ index a6613ff..810aa44 100644
}
EXPORT_SYMBOL_GPL(__rtnl_link_unregister);
-@@ -2010,6 +2013,10 @@ replay:
+@@ -2006,6 +2009,10 @@ replay:
if (IS_ERR(dest_net))
return PTR_ERR(dest_net);
@@ -103110,7 +103219,7 @@ index a6613ff..810aa44 100644
dev = rtnl_create_link(dest_net, ifname, ops, tb);
if (IS_ERR(dev)) {
err = PTR_ERR(dev);
-@@ -2689,6 +2696,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
+@@ -2693,6 +2700,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
if (br_spec) {
nla_for_each_nested(attr, br_spec, rem) {
if (nla_type(attr) == IFLA_BRIDGE_FLAGS) {
@@ -103120,7 +103229,7 @@ index a6613ff..810aa44 100644
have_flags = true;
flags = nla_get_u16(attr);
break;
-@@ -2759,6 +2769,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh)
+@@ -2763,6 +2773,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh)
if (br_spec) {
nla_for_each_nested(attr, br_spec, rem) {
if (nla_type(attr) == IFLA_BRIDGE_FLAGS) {
@@ -103425,10 +103534,19 @@ index c38e7a2..773e3d7 100644
}
EXPORT_SYMBOL_GPL(sock_diag_unregister);
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
-index cf9cd13..8b56af3 100644
+index cf9cd13..26d07e0 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
-@@ -32,7 +32,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
+@@ -25,6 +25,8 @@
+ static int zero = 0;
+ static int one = 1;
+ static int ushort_max = USHRT_MAX;
++static int min_sndbuf = SOCK_MIN_SNDBUF;
++static int min_rcvbuf = SOCK_MIN_RCVBUF;
+
+ #ifdef CONFIG_RPS
+ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
+@@ -32,7 +34,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
{
unsigned int orig_size, size;
int ret, i;
@@ -103437,7 +103555,7 @@ index cf9cd13..8b56af3 100644
.data = &size,
.maxlen = sizeof(size),
.mode = table->mode
-@@ -200,7 +200,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
+@@ -200,7 +202,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
char id[IFNAMSIZ];
@@ -103446,7 +103564,43 @@ index cf9cd13..8b56af3 100644
.data = id,
.maxlen = IFNAMSIZ,
};
-@@ -379,13 +379,12 @@ static struct ctl_table netns_core_table[] = {
+@@ -223,7 +225,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_sndbuf,
+ },
+ {
+ .procname = "rmem_max",
+@@ -231,7 +233,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_rcvbuf,
+ },
+ {
+ .procname = "wmem_default",
+@@ -239,7 +241,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_sndbuf,
+ },
+ {
+ .procname = "rmem_default",
+@@ -247,7 +249,7 @@ static struct ctl_table net_core_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+- .extra1 = &one,
++ .extra1 = &min_rcvbuf,
+ },
+ {
+ .procname = "dev_weight",
+@@ -379,13 +381,12 @@ static struct ctl_table netns_core_table[] = {
static __net_init int sysctl_core_net_init(struct net *net)
{
@@ -103462,7 +103616,7 @@ index cf9cd13..8b56af3 100644
if (tbl == NULL)
goto err_dup;
-@@ -395,17 +394,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
+@@ -395,17 +396,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
if (net->user_ns != &init_user_ns) {
tbl[0].procname = NULL;
}
@@ -103484,7 +103638,7 @@ index cf9cd13..8b56af3 100644
err_dup:
return -ENOMEM;
}
-@@ -420,7 +418,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
+@@ -420,7 +420,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
kfree(tbl);
}
@@ -103777,6 +103931,42 @@ index 0d1e2cb..4501a2c 100644
EXPORT_SYMBOL(sysctl_local_reserved_ports);
void inet_get_local_port_range(struct net *net, int *low, int *high)
+diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
+index e34dccb..4eeba4e 100644
+--- a/net/ipv4/inet_diag.c
++++ b/net/ipv4/inet_diag.c
+@@ -71,6 +71,20 @@ static inline void inet_diag_unlock_handler(
+ mutex_unlock(&inet_diag_table_mutex);
+ }
+
++static size_t inet_sk_attr_size(void)
++{
++ return nla_total_size(sizeof(struct tcp_info))
++ + nla_total_size(1) /* INET_DIAG_SHUTDOWN */
++ + nla_total_size(1) /* INET_DIAG_TOS */
++ + nla_total_size(1) /* INET_DIAG_TCLASS */
++ + nla_total_size(sizeof(struct inet_diag_meminfo))
++ + nla_total_size(sizeof(struct inet_diag_msg))
++ + nla_total_size(SK_MEMINFO_VARS * sizeof(u32))
++ + nla_total_size(TCP_CA_NAME_MAX)
++ + nla_total_size(sizeof(struct tcpvegas_info))
++ + 64;
++}
++
+ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
+ struct sk_buff *skb, struct inet_diag_req_v2 *req,
+ struct user_namespace *user_ns,
+@@ -324,9 +338,7 @@ int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *in_s
+ if (err)
+ goto out;
+
+- rep = nlmsg_new(sizeof(struct inet_diag_msg) +
+- sizeof(struct inet_diag_meminfo) +
+- sizeof(struct tcp_info) + 64, GFP_KERNEL);
++ rep = nlmsg_new(inet_sk_attr_size(), GFP_KERNEL);
+ if (!rep) {
+ err = -ENOMEM;
+ goto out;
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 8b9cf27..9c17cab 100644
--- a/net/ipv4/inet_hashtables.c
@@ -103821,7 +104011,7 @@ index bf2cb4a..d83ba8a 100644
p->rate_tokens = 0;
/* 60*HZ is arbitrary, but chosen enough high so that the first
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index c10a3ce..dd71f84 100644
+index 9ff497d..877a388 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -283,7 +283,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
@@ -103833,7 +104023,7 @@ index c10a3ce..dd71f84 100644
qp->rid = end;
rc = qp->q.fragments && (end - start) > max;
-@@ -760,12 +760,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
+@@ -763,12 +763,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
static int __net_init ip4_frags_ns_ctl_register(struct net *net)
{
@@ -103848,7 +104038,7 @@ index c10a3ce..dd71f84 100644
if (table == NULL)
goto err_alloc;
-@@ -776,9 +775,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -779,9 +778,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
/* Don't export sysctls to unprivileged users */
if (net->user_ns != &init_user_ns)
table[0].procname = NULL;
@@ -103861,7 +104051,7 @@ index c10a3ce..dd71f84 100644
if (hdr == NULL)
goto err_reg;
-@@ -786,8 +786,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -789,8 +789,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
return 0;
err_reg:
@@ -104137,7 +104327,7 @@ index 2510c02..cfb34fa 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 04ce671..f13b8c2 100644
+index b94002a..f13b8c2 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -104149,38 +104339,20 @@ index 04ce671..f13b8c2 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk)
+@@ -259,10 +259,9 @@ int ping_init_sock(struct sock *sk)
kgid_t low, high;
int ret = 0;
-+ if (sk->sk_family == AF_INET6)
+-#if IS_ENABLED(CONFIG_IPV6)
+ if (sk->sk_family == AF_INET6)
+- inet6_sk(sk)->ipv6only = 1;
+-#endif
+ sk->sk_ipv6only = 1;
+
inet_get_ping_group_range_net(net, &low, &high);
if (gid_lte(low, group) && gid_lte(group, high))
return 0;
-@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
- if (addr_len < sizeof(*addr))
- return -EINVAL;
-
-+ if (addr->sin_family != AF_INET &&
-+ !(addr->sin_family == AF_UNSPEC &&
-+ addr->sin_addr.s_addr == htonl(INADDR_ANY)))
-+ return -EAFNOSUPPORT;
-+
- pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n",
- sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port));
-
-@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
- return -EINVAL;
-
- if (addr->sin6_family != AF_INET6)
-- return -EINVAL;
-+ return -EAFNOSUPPORT;
-
- pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n",
- sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port));
-@@ -350,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+@@ -359,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
return -ENODEV;
}
}
@@ -104189,7 +104361,7 @@ index 04ce671..f13b8c2 100644
scoped);
rcu_read_unlock();
-@@ -558,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -567,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -104198,7 +104370,7 @@ index 04ce671..f13b8c2 100644
#endif
}
-@@ -576,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -585,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -104207,16 +104379,7 @@ index 04ce671..f13b8c2 100644
info, (u8 *)icmph);
#endif
}
-@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m
- if (msg->msg_namelen < sizeof(*usin))
- return -EINVAL;
- if (usin->sin_family != AF_INET)
-- return -EINVAL;
-+ return -EAFNOSUPPORT;
- daddr = usin->sin_addr.s_addr;
- /* no remote port */
- } else {
-@@ -860,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -869,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
return ip_recv_error(sk, msg, len, addr_len);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -104225,7 +104388,7 @@ index 04ce671..f13b8c2 100644
addr_len);
#endif
}
-@@ -918,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -927,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
}
if (inet6_sk(sk)->rxopt.all)
@@ -104238,7 +104401,7 @@ index 04ce671..f13b8c2 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1116,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -1125,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -105345,23 +105508,10 @@ index 767ab8d..c5ec70a 100644
return -ENOMEM;
}
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
-index bda7429..5b5bbe3 100644
+index 4611995..5b5bbe3 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
-@@ -103,9 +103,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
-
- if (msg->msg_name) {
- DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name);
-- if (msg->msg_namelen < sizeof(struct sockaddr_in6) ||
-- u->sin6_family != AF_INET6) {
-+ if (msg->msg_namelen < sizeof(*u))
- return -EINVAL;
-+ if (u->sin6_family != AF_INET6) {
-+ return -EAFNOSUPPORT;
- }
- if (sk->sk_bound_dev_if &&
- sk->sk_bound_dev_if != u->sin6_scope_id) {
-@@ -246,6 +247,24 @@ static struct pernet_operations ping_v6_net_ops = {
+@@ -247,6 +247,24 @@ static struct pernet_operations ping_v6_net_ops = {
};
#endif
@@ -105386,7 +105536,7 @@ index bda7429..5b5bbe3 100644
int __init pingv6_init(void)
{
#ifdef CONFIG_PROC_FS
-@@ -253,13 +272,7 @@ int __init pingv6_init(void)
+@@ -254,13 +272,7 @@ int __init pingv6_init(void)
if (ret)
return ret;
#endif
@@ -105401,7 +105551,7 @@ index bda7429..5b5bbe3 100644
return inet6_register_protosw(&pingv6_protosw);
}
-@@ -268,14 +281,9 @@ int __init pingv6_init(void)
+@@ -269,14 +281,9 @@ int __init pingv6_init(void)
*/
void pingv6_exit(void)
{
@@ -105548,7 +105698,7 @@ index cc85a9b..526a133 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 6f1b850..50e95c7 100644
+index 3809ca2..fdda6b4 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2970,7 +2970,7 @@ struct ctl_table ipv6_route_table_template[] = {
@@ -105865,7 +106015,7 @@ index e15c16a..7cf07aa 100644
if (!ipx_proc_dir)
goto out;
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
-index 2ba8b97..6d33010 100644
+index fdcb968..2b6cc59 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -317,11 +317,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
@@ -105921,7 +106071,7 @@ index 2ba8b97..6d33010 100644
/* Not really used by us, but lets do it anyway */
self->port.low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
-@@ -987,7 +987,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
+@@ -989,7 +989,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
tty_kref_put(port->tty);
}
port->tty = NULL;
@@ -105930,7 +106080,7 @@ index 2ba8b97..6d33010 100644
spin_unlock_irqrestore(&port->lock, flags);
wake_up_interruptible(&port->open_wait);
-@@ -1344,7 +1344,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
+@@ -1346,7 +1346,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
seq_putc(m, '\n');
seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
@@ -106249,18 +106399,6 @@ index 6ff1346..936ca9a 100644
return -EFAULT;
return p;
-diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
-index e5a7ac2..dca076f 100644
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -562,6 +562,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
- if (tx->sdata->control_port_no_encrypt)
- info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
- info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
-+ info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
- }
-
- return TX_CONTINUE;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 6427625..afa5a5a 100644
--- a/net/mac80211/util.c
@@ -107126,6 +107264,94 @@ index a91e1db..cf3053f 100644
#else
ic->i_ack_next = 0;
#endif
+diff --git a/net/rds/iw_rdma.c b/net/rds/iw_rdma.c
+index a817705..dba8d08 100644
+--- a/net/rds/iw_rdma.c
++++ b/net/rds/iw_rdma.c
+@@ -88,7 +88,9 @@ static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool,
+ int *unpinned);
+ static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr);
+
+-static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwdev, struct rdma_cm_id **cm_id)
++static int rds_iw_get_device(struct sockaddr_in *src, struct sockaddr_in *dst,
++ struct rds_iw_device **rds_iwdev,
++ struct rdma_cm_id **cm_id)
+ {
+ struct rds_iw_device *iwdev;
+ struct rds_iw_cm_id *i_cm_id;
+@@ -112,15 +114,15 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd
+ src_addr->sin_port,
+ dst_addr->sin_addr.s_addr,
+ dst_addr->sin_port,
+- rs->rs_bound_addr,
+- rs->rs_bound_port,
+- rs->rs_conn_addr,
+- rs->rs_conn_port);
++ src->sin_addr.s_addr,
++ src->sin_port,
++ dst->sin_addr.s_addr,
++ dst->sin_port);
+ #ifdef WORKING_TUPLE_DETECTION
+- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr &&
+- src_addr->sin_port == rs->rs_bound_port &&
+- dst_addr->sin_addr.s_addr == rs->rs_conn_addr &&
+- dst_addr->sin_port == rs->rs_conn_port) {
++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr &&
++ src_addr->sin_port == src->sin_port &&
++ dst_addr->sin_addr.s_addr == dst->sin_addr.s_addr &&
++ dst_addr->sin_port == dst->sin_port) {
+ #else
+ /* FIXME - needs to compare the local and remote
+ * ipaddr/port tuple, but the ipaddr is the only
+@@ -128,7 +130,7 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd
+ * zero'ed. It doesn't appear to be properly populated
+ * during connection setup...
+ */
+- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr) {
++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr) {
+ #endif
+ spin_unlock_irq(&iwdev->spinlock);
+ *rds_iwdev = iwdev;
+@@ -180,19 +182,13 @@ int rds_iw_update_cm_id(struct rds_iw_device *rds_iwdev, struct rdma_cm_id *cm_i
+ {
+ struct sockaddr_in *src_addr, *dst_addr;
+ struct rds_iw_device *rds_iwdev_old;
+- struct rds_sock rs;
+ struct rdma_cm_id *pcm_id;
+ int rc;
+
+ src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr;
+ dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr;
+
+- rs.rs_bound_addr = src_addr->sin_addr.s_addr;
+- rs.rs_bound_port = src_addr->sin_port;
+- rs.rs_conn_addr = dst_addr->sin_addr.s_addr;
+- rs.rs_conn_port = dst_addr->sin_port;
+-
+- rc = rds_iw_get_device(&rs, &rds_iwdev_old, &pcm_id);
++ rc = rds_iw_get_device(src_addr, dst_addr, &rds_iwdev_old, &pcm_id);
+ if (rc)
+ rds_iw_remove_cm_id(rds_iwdev, cm_id);
+
+@@ -598,9 +594,17 @@ void *rds_iw_get_mr(struct scatterlist *sg, unsigned long nents,
+ struct rds_iw_device *rds_iwdev;
+ struct rds_iw_mr *ibmr = NULL;
+ struct rdma_cm_id *cm_id;
++ struct sockaddr_in src = {
++ .sin_addr.s_addr = rs->rs_bound_addr,
++ .sin_port = rs->rs_bound_port,
++ };
++ struct sockaddr_in dst = {
++ .sin_addr.s_addr = rs->rs_conn_addr,
++ .sin_port = rs->rs_conn_port,
++ };
+ int ret;
+
+- ret = rds_iw_get_device(rs, &rds_iwdev, &cm_id);
++ ret = rds_iw_get_device(&src, &dst, &rds_iwdev, &cm_id);
+ if (ret || !cm_id) {
+ ret = -ENODEV;
+ goto out;
diff --git a/net/rds/iw_recv.c b/net/rds/iw_recv.c
index 4503335..db566b4 100644
--- a/net/rds/iw_recv.c
@@ -108165,7 +108391,7 @@ index 0f73f45..a96aa52 100644
/* make a copy for the caller */
*handle = ctxh;
diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
-index ae333c1..18521f0 100644
+index 0adc66c..1dca80d 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -1609,7 +1609,7 @@ static int create_cache_proc_entries(struct cache_detail *cd, struct net *net)
@@ -108489,7 +108715,7 @@ index 6424372..afd36e9 100644
sub->evt.event = htohl(event, sub->swap);
sub->evt.found_lower = htohl(found_lower, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 94404f1..5782191 100644
+index 94404f1..5c1346e 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -791,6 +791,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -108538,7 +108764,24 @@ index 94404f1..5782191 100644
done_path_create(&path, dentry);
return err;
}
-@@ -2344,9 +2363,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2243,11 +2262,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
+ writable = unix_writable(sk);
+ other = unix_peer_get(sk);
+ if (other) {
+- if (unix_peer(other) != sk) {
++ unix_state_lock(other);
++ if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) != sk) {
++ unix_state_unlock(other);
+ sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
+ if (unix_recvq_full(other))
+ writable = 0;
+- }
++ } else
++ unix_state_unlock(other);
+ sock_put(other);
+ }
+
+@@ -2344,9 +2366,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -108553,7 +108796,7 @@ index 94404f1..5782191 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2373,8 +2396,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2373,8 +2399,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -111335,10 +111578,10 @@ index c4ac3c1..5266261 100644
if (err < 0)
return err;
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index 566b0f6..636730b 100644
+index ee24057..3114985 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
-@@ -2811,11 +2811,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
+@@ -2813,11 +2813,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
switch (substream->stream) {
case SNDRV_PCM_STREAM_PLAYBACK:
result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
@@ -112352,10 +112595,10 @@ index 0000000..54461af
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..82bc5a8
+index 0000000..3b5af59
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,557 @@
+@@ -0,0 +1,558 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
+ * Copyright 2011-2014 by PaX Team <pageexec@freemail.hu>
@@ -112789,7 +113032,8 @@ index 0000000..82bc5a8
+#if BUILDING_GCC_VERSION >= 4008
+ .optinfo_flags = OPTGROUP_NONE,
+#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION >= 4009
+ .has_gate = false,
+ .has_execute = true,
+#else
@@ -112897,8 +113141,8 @@ index 0000000..82bc5a8
+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
+ }
+
-+ if (strcmp(lang_hooks.name, "GNU C")) {
-+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) {
++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name);
+ constify = false;
+ }
+
@@ -112915,10 +113159,10 @@ index 0000000..82bc5a8
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..e90c205
+index 0000000..cd95c07
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,295 @@
+@@ -0,0 +1,375 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -112955,7 +113199,13 @@ index 0000000..e90c205
+#include "timevar.h"
+
+#include "params.h"
++
++#if BUILDING_GCC_VERSION <= 4009
+#include "pointer-set.h"
++#else
++#include "hash-map.h"
++#endif
++
+#include "emit-rtl.h"
+//#include "reload.h"
+//#include "ira.h"
@@ -112970,11 +113220,21 @@ index 0000000..e90c205
+//#include "coverage.h"
+//#include "value-prof.h"
+
++#if BUILDING_GCC_VERSION == 4005
++#include <sys/mman.h>
++#endif
++
+#if BUILDING_GCC_VERSION >= 4007
+#include "tree-pretty-print.h"
+#include "gimple-pretty-print.h"
-+#include "c-tree.h"
-+//#include "alloc-pool.h"
++#endif
++
++#if BUILDING_GCC_VERSION >= 4006
++//#include "c-tree.h"
++//#include "cp/cp-tree.h"
++#include "c-family/c-common.h"
++#else
++#include "c-common.h"
+#endif
+
+#if BUILDING_GCC_VERSION <= 4008
@@ -112996,6 +113256,7 @@ index 0000000..e90c205
+#include "stor-layout.h"
+#include "internal-fn.h"
+#include "gimple-expr.h"
++#include "gimple-fold.h"
+//#include "diagnostic-color.h"
+#include "context.h"
+#include "tree-ssa-alias.h"
@@ -113018,7 +113279,11 @@ index 0000000..e90c205
+#endif
+
+//#include "lto/lto.h"
++#if BUILDING_GCC_VERSION >= 4007
+//#include "data-streamer.h"
++#else
++//#include "lto-streamer.h"
++#endif
+//#include "lto-compress.h"
+
+//#include "expr.h" where are you...
@@ -113028,6 +113293,15 @@ index 0000000..e90c205
+extern void debug_dominance_info(enum cdi_direction dir);
+extern void debug_dominance_tree(enum cdi_direction dir, basic_block root);
+
++#ifdef __cplusplus
++static inline void debug_tree(const_tree t)
++{
++ debug_tree(CONST_CAST_TREE(t));
++}
++#else
++#define debug_tree(t) debug_tree(CONST_CAST_TREE(t))
++#endif
++
+#define __unused __attribute__((__unused__))
+
+#define DECL_NAME_POINTER(node) IDENTIFIER_POINTER(DECL_NAME(node))
@@ -113035,12 +113309,20 @@ index 0000000..e90c205
+#define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node))
+#define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node))
+
++// should come from c-tree.h if only it were installed for gcc 4.5...
++#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
++
+#if BUILDING_GCC_VERSION == 4005
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
++#define FOR_EACH_VEC_ELT_REVERSE(T,V,I,P) for (I = VEC_length(T, (V)) - 1; VEC_iterate(T, (V), (I), (P)); (I)--)
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) FOR_EACH_VEC_ELT_REVERSE(tree, (FUN)->local_decls, I, D)
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
+#define TODO_rebuild_cgraph_edges 0
+
++#ifndef O_BINARY
++#define O_BINARY 0
++#endif
++
+static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code)
+{
+ tree fndecl;
@@ -113090,17 +113372,32 @@ index 0000000..e90c205
+#if BUILDING_GCC_VERSION <= 4006
+#define ANY_RETURN_P(rtx) (GET_CODE(rtx) == RETURN)
+#define C_DECL_REGISTER(EXP) DECL_LANG_FLAG_4(EXP)
-+
-+// should come from c-tree.h if only it were installed for gcc 4.5...
-+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
++#define EDGE_PRESERVE 0ULL
++#define HOST_WIDE_INT_PRINT_HEX_PURE "%" HOST_WIDE_INT_PRINT "x"
++#define flag_fat_lto_objects true
+
+#define get_random_seed(noinit) ({ \
+ unsigned HOST_WIDE_INT seed; \
+ sscanf(get_random_seed(noinit), "%" HOST_WIDE_INT_PRINT "x", &seed); \
+ seed * seed; })
+
-+static inline bool gimple_clobber_p(gimple s)
++#define int_const_binop(code, arg1, arg2) int_const_binop((code), (arg1), (arg2), 0)
++
++static inline bool gimple_clobber_p(gimple s __unused)
++{
++ return false;
++}
++
++static inline bool gimple_asm_clobbers_memory_p(const_gimple stmt)
+{
++ unsigned i;
++
++ for (i = 0; i < gimple_asm_nclobbers(stmt); i++) {
++ tree op = gimple_asm_clobber_op(stmt, i);
++ if (!strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "memory"))
++ return true;
++ }
++
+ return false;
+}
+
@@ -113109,6 +113406,11 @@ index 0000000..e90c205
+ return implicit_built_in_decls[fncode];
+}
+
++static inline int ipa_reverse_postorder(struct cgraph_node **order)
++{
++ return cgraph_postorder(order);
++}
++
+static inline struct cgraph_node *cgraph_get_create_node(tree decl)
+{
+ struct cgraph_node *node = cgraph_get_node(decl);
@@ -113154,8 +113456,11 @@ index 0000000..e90c205
+#endif
+
+#if BUILDING_GCC_VERSION <= 4007
++#define FOR_EACH_FUNCTION(node) for (node = cgraph_nodes; node; node = node->next)
+#define FOR_EACH_VARIABLE(node) for (node = varpool_nodes; node; node = node->next)
+#define PROP_loops 0
++#define NODE_SYMBOL(node) (node)
++#define NODE_DECL(node) (node)->decl
+
+static inline int bb_loop_depth(const_basic_block bb)
+{
@@ -113185,6 +113490,8 @@ index 0000000..e90c205
+#define last_basic_block_for_fn(FN) ((FN)->cfg->x_last_basic_block)
+#define label_to_block_map_for_fn(FN) ((FN)->cfg->x_label_to_block_map)
+#define profile_status_for_fn(FN) ((FN)->cfg->x_profile_status)
++#define BASIC_BLOCK_FOR_FN(FN, N) BASIC_BLOCK_FOR_FUNCTION((FN), (N))
++#define NODE_IMPLICIT_ALIAS(node) (node)->same_body_alias
+
+static inline const char *get_tree_code_name(enum tree_code code)
+{
@@ -113196,9 +113503,8 @@ index 0000000..e90c205
+#endif
+
+#if BUILDING_GCC_VERSION == 4008
-+#define NODE_DECL(node) node->symbol.decl
-+#else
-+#define NODE_DECL(node) node->decl
++#define NODE_SYMBOL(node) (&(node)->symbol)
++#define NODE_DECL(node) (node)->symbol.decl
+#endif
+
+#if BUILDING_GCC_VERSION >= 4008
@@ -113209,8 +113515,26 @@ index 0000000..e90c205
+#define TODO_dump_cgraph 0
+#endif
+
++#if BUILDING_GCC_VERSION <= 4009
++#define TODO_verify_il 0
++#endif
++
+#if BUILDING_GCC_VERSION >= 4009
+#define TODO_ggc_collect 0
++#define NODE_SYMBOL(node) (node)
++#define NODE_DECL(node) (node)->decl
++#define cgraph_node_name(node) (node)->name()
++#define NODE_IMPLICIT_ALIAS(node) (node)->cpp_implicit_alias
++#endif
++
++#if BUILDING_GCC_VERSION >= 5000
++#define TODO_verify_ssa TODO_verify_il
++#define TODO_verify_flow TODO_verify_il
++#define TODO_verify_stmts TODO_verify_il
++#define TODO_verify_rtl_sharing TODO_verify_il
++
++#define debug_cgraph_node(node) (node)->debug()
++#define cgraph_get_node(decl) cgraph_node::get(decl)
+#endif
+
+#endif
@@ -119682,10 +120006,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..3d3508d
+index 0000000..f084dc7
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,6042 @@
+@@ -0,0 +1,6045 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -124178,6 +124502,7 @@ index 0000000..3d3508d
+joydev_handle_JSIOCSAXMAP_48898 joydev_handle_JSIOCSAXMAP 3 48898 NULL
+xdi_copy_to_user_48900 xdi_copy_to_user 4 48900 NULL
+msg_hdr_sz_48908 msg_hdr_sz 0 48908 NULL
++rts51x_ctrl_transfer_48914 rts51x_ctrl_transfer 8 48914 NULL
+sep_crypto_dma_48937 sep_crypto_dma 0 48937 NULL
+si5351_write_parameters_48940 si5351_write_parameters 2 48940 NULL
+event_heart_beat_read_48961 event_heart_beat_read 3 48961 NULL
@@ -124320,6 +124645,7 @@ index 0000000..3d3508d
+lpfc_idiag_pcicfg_read_50334 lpfc_idiag_pcicfg_read 3 50334 NULL
+snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 NULL
+tpm_read_50344 tpm_read 3 50344 NULL
++rts51x_bulk_transfer_buf_50352 rts51x_bulk_transfer_buf 4 50352 NULL
+isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL
+iwl_dbgfs_echo_test_write_50362 iwl_dbgfs_echo_test_write 3 50362 NULL
+xfrm_send_migrate_50365 xfrm_send_migrate 5 50365 NULL
@@ -125188,6 +125514,7 @@ index 0000000..3d3508d
+journal_init_dev_59384 journal_init_dev 5 59384 NULL
+__net_get_random_once_59389 __net_get_random_once 2 59389 NULL
+isku_sysfs_read_keys_function_59412 isku_sysfs_read_keys_function 6 59412 NULL
++rts51x_transfer_data_59416 rts51x_transfer_data 4 59416 NULL
+pci_ctrl_read_59424 pci_ctrl_read 0 59424 NULL
+vxge_hw_ring_rxds_per_block_get_59425 vxge_hw_ring_rxds_per_block_get 0 59425 NULL
+SyS_sched_setaffinity_59442 SyS_sched_setaffinity 2 59442 NULL