aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/linux-grsec/APKBUILD18
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.23-201410312212.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.22-201410192047.patch)1074
2 files changed, 824 insertions, 268 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index fb2d9bc2c1..5a74c96a7b 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,12 +2,12 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.14.22
+pkgver=3.14.23
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=1
+pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.14.22-201410192047.patch
+ grsecurity-3.0-3.14.23-201410312212.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -165,24 +165,24 @@ dev() {
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
-6634fc5051468ef7ff96187edc108825 patch-3.14.22.xz
-2a930c98841c849c7517828395d2583f grsecurity-3.0-3.14.22-201410192047.patch
+45a2b9fbe6c9075093fb015f818b4e37 patch-3.14.23.xz
+0de7fd3ed253841e486817250f09dfee grsecurity-3.0-3.14.23-201410312212.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
870b91f0eb07294ba453ac61b052c0b6 kernelconfig.x86
38b50cd1a7670f886c5e9fe9f1f91496 kernelconfig.x86_64
3d79d27ce4aea637042bb70055c35a3d kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
-459d9a5d38d496a6448c896e39c342c71fee29c49da38192104d3acc4f0cdd43 patch-3.14.22.xz
-816f9fee2e551b16a20aff3123325194299c03f8a397539fa72d2654016bd538 grsecurity-3.0-3.14.22-201410192047.patch
+451199487f3e311ff57729f9104c23eeab1db528f15f2091da74cb2fd565f56e patch-3.14.23.xz
+55333d8467e557925bb0116c6ff92ba39c075374a12b7125970364389182f0a5 grsecurity-3.0-3.14.23-201410312212.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
bf953a65ba047b5316509da5bc7a6dbcee12767e343d26e8360369d27bfdbe78 kernelconfig.x86
d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x86_64
a2dc0e30e1d1d691768543a17b51efccfc11ef17c04ac08f2b54c95f25dab75d kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
-ccd02031badafe9c981cfc65d10eee674f76cd8bbcfd8d9765ec057b87dcb7d56583fb2b75eb0a6d14fa7aa028e15061aa79fe1618b40fb79dae6c0479e9202b patch-3.14.22.xz
-8a673850de30772dedd1323fdaab02e3c0ad15669c9330c1b64b485b6b2153e651915e221f9a8f7d96098540b4aa95a15fd65a0e9a1e7c7b29a49c927e4dd448 grsecurity-3.0-3.14.22-201410192047.patch
+31883f947d93e8b489f75d3508efab24f3d5c94f75f6f0e66e34ad8f54de2511eb22e92b8a27bde19bba3c1a510435f3ba181157bdef726120226eba18bd825a patch-3.14.23.xz
+7f17d47ffc78e23a80b84921742cfbbc9afff551ad75bfbb4e1399aba6eca6fd8c8b6262232d57cd6c7165ba2bafe80c7f6e1689e495fa3a61740930808a3d53 grsecurity-3.0-3.14.23-201410312212.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
dde402be39f68955f9395f807631f1457e90cda76a80e0e198695c8f946cdba02a00fe12a59a77bf5e8b40f5ecb52efbe364449f3e58d8996f27e07b719ac6a4 kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.22-201410192047.patch b/main/linux-grsec/grsecurity-3.0-3.14.23-201410312212.patch
index 8d0df77a72..2b0f9bd7fc 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.22-201410192047.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.23-201410312212.patch
@@ -235,7 +235,7 @@ index b89a739..e289b9b 100644
+zconf.lex.c
zoffset.h
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 7116fda..d8ed6e8 100644
+index 7116fda..2f71588 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1084,6 +1084,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
@@ -260,7 +260,7 @@ index 7116fda..d8ed6e8 100644
nosmap [X86]
Disable SMAP (Supervisor Mode Access Prevention)
even if it is supported by processor.
-@@ -2347,6 +2355,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2347,6 +2355,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
@@ -270,8 +270,13 @@ index 7116fda..d8ed6e8 100644
+ page table updates on X86-64.
+
+ pax_sanitize_slab=
-+ 0/1 to disable/enable slab object sanitization (enabled by
-+ default).
++ Format: { 0 | 1 | off | fast | full }
++ Options '0' and '1' are only provided for backward
++ compatibility, 'off' or 'fast' should be used instead.
++ 0|off : disable slab object sanitization
++ 1|fast: enable slab object sanitization excluding
++ whitelisted slabs (default)
++ full : sanitize all slabs, even the whitelisted ones
+
+ pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
+
@@ -287,7 +292,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index a59980e..46601e4 100644
+index 135a04a..79b5e32 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -854,6 +859,22 @@ index 98838a0..b304fb4 100644
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
+diff --git a/arch/arc/kernel/kgdb.c b/arch/arc/kernel/kgdb.c
+index a2ff5c5..ecf6a78 100644
+--- a/arch/arc/kernel/kgdb.c
++++ b/arch/arc/kernel/kgdb.c
+@@ -158,11 +158,6 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
+ return -1;
+ }
+
+-unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs)
+-{
+- return instruction_pointer(regs);
+-}
+-
+ int kgdb_arch_init(void)
+ {
+ single_step_data.armed = 0;
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 4733d32..b142a40 100644
--- a/arch/arm/Kconfig
@@ -876,10 +897,10 @@ index 4733d32..b142a40 100644
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 62d2cb5..0d7f7f5 100644
+index 62d2cb5..26e43ca 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
-@@ -18,17 +18,35 @@
+@@ -18,17 +18,41 @@
#include <asm/barrier.h>
#include <asm/cmpxchg.h>
@@ -891,6 +912,12 @@ index 62d2cb5..0d7f7f5 100644
#ifdef __KERNEL__
++#ifdef CONFIG_THUMB2_KERNEL
++#define REFCOUNT_TRAP_INSN "bkpt 0xf1"
++#else
++#define REFCOUNT_TRAP_INSN "bkpt 0xf103"
++#endif
++
+#define _ASM_EXTABLE(from, to) \
+" .pushsection __ex_table,\"a\"\n"\
+" .align 3\n" \
@@ -915,7 +942,7 @@ index 62d2cb5..0d7f7f5 100644
#if __LINUX_ARM_ARCH__ >= 6
-@@ -44,6 +62,36 @@ static inline void atomic_add(int i, atomic_t *v)
+@@ -44,6 +68,36 @@ static inline void atomic_add(int i, atomic_t *v)
prefetchw(&v->counter);
__asm__ __volatile__("@ atomic_add\n"
@@ -924,7 +951,7 @@ index 62d2cb5..0d7f7f5 100644
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -952,7 +979,7 @@ index 62d2cb5..0d7f7f5 100644
"1: ldrex %0, [%3]\n"
" add %0, %0, %4\n"
" strex %1, %0, [%3]\n"
-@@ -62,6 +110,42 @@ static inline int atomic_add_return(int i, atomic_t *v)
+@@ -62,6 +116,42 @@ static inline int atomic_add_return(int i, atomic_t *v)
smp_mb();
__asm__ __volatile__("@ atomic_add_return\n"
@@ -962,7 +989,7 @@ index 62d2cb5..0d7f7f5 100644
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
+" mov %0, %1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -995,7 +1022,7 @@ index 62d2cb5..0d7f7f5 100644
"1: ldrex %0, [%3]\n"
" add %0, %0, %4\n"
" strex %1, %0, [%3]\n"
-@@ -83,6 +167,36 @@ static inline void atomic_sub(int i, atomic_t *v)
+@@ -83,6 +173,36 @@ static inline void atomic_sub(int i, atomic_t *v)
prefetchw(&v->counter);
__asm__ __volatile__("@ atomic_sub\n"
@@ -1004,7 +1031,7 @@ index 62d2cb5..0d7f7f5 100644
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -1032,7 +1059,7 @@ index 62d2cb5..0d7f7f5 100644
"1: ldrex %0, [%3]\n"
" sub %0, %0, %4\n"
" strex %1, %0, [%3]\n"
-@@ -101,11 +215,25 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+@@ -101,11 +221,25 @@ static inline int atomic_sub_return(int i, atomic_t *v)
smp_mb();
__asm__ __volatile__("@ atomic_sub_return\n"
@@ -1044,7 +1071,7 @@ index 62d2cb5..0d7f7f5 100644
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
+" mov %0, %1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -1060,7 +1087,7 @@ index 62d2cb5..0d7f7f5 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "Ir" (i)
: "cc");
-@@ -138,6 +266,28 @@ static inline int atomic_cmpxchg(atomic_t *ptr, int old, int new)
+@@ -138,6 +272,28 @@ static inline int atomic_cmpxchg(atomic_t *ptr, int old, int new)
return oldval;
}
@@ -1089,7 +1116,7 @@ index 62d2cb5..0d7f7f5 100644
#else /* ARM_ARCH_6 */
#ifdef CONFIG_SMP
-@@ -156,7 +306,17 @@ static inline int atomic_add_return(int i, atomic_t *v)
+@@ -156,7 +312,17 @@ static inline int atomic_add_return(int i, atomic_t *v)
return val;
}
@@ -1107,7 +1134,7 @@ index 62d2cb5..0d7f7f5 100644
static inline int atomic_sub_return(int i, atomic_t *v)
{
-@@ -171,6 +331,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+@@ -171,6 +337,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)
return val;
}
#define atomic_sub(i, v) (void) atomic_sub_return(i, v)
@@ -1118,7 +1145,7 @@ index 62d2cb5..0d7f7f5 100644
static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
{
-@@ -186,9 +350,18 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+@@ -186,9 +356,18 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
return ret;
}
@@ -1137,7 +1164,7 @@ index 62d2cb5..0d7f7f5 100644
static inline int __atomic_add_unless(atomic_t *v, int a, int u)
{
-@@ -201,11 +374,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -201,11 +380,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
}
#define atomic_inc(v) atomic_add(1, v)
@@ -1165,7 +1192,7 @@ index 62d2cb5..0d7f7f5 100644
#define atomic_dec_return(v) (atomic_sub_return(1, v))
#define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
-@@ -221,6 +410,14 @@ typedef struct {
+@@ -221,6 +416,14 @@ typedef struct {
long long counter;
} atomic64_t;
@@ -1180,7 +1207,7 @@ index 62d2cb5..0d7f7f5 100644
#define ATOMIC64_INIT(i) { (i) }
#ifdef CONFIG_ARM_LPAE
-@@ -237,6 +434,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -237,6 +440,19 @@ static inline long long atomic64_read(const atomic64_t *v)
return result;
}
@@ -1200,7 +1227,7 @@ index 62d2cb5..0d7f7f5 100644
static inline void atomic64_set(atomic64_t *v, long long i)
{
__asm__ __volatile__("@ atomic64_set\n"
-@@ -245,6 +455,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -245,6 +461,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
: "r" (&v->counter), "r" (i)
);
}
@@ -1216,7 +1243,7 @@ index 62d2cb5..0d7f7f5 100644
#else
static inline long long atomic64_read(const atomic64_t *v)
{
-@@ -259,6 +478,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -259,6 +484,19 @@ static inline long long atomic64_read(const atomic64_t *v)
return result;
}
@@ -1236,7 +1263,7 @@ index 62d2cb5..0d7f7f5 100644
static inline void atomic64_set(atomic64_t *v, long long i)
{
long long tmp;
-@@ -273,6 +505,21 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -273,6 +511,21 @@ static inline void atomic64_set(atomic64_t *v, long long i)
: "r" (&v->counter), "r" (i)
: "cc");
}
@@ -1258,7 +1285,7 @@ index 62d2cb5..0d7f7f5 100644
#endif
static inline void atomic64_add(long long i, atomic64_t *v)
-@@ -284,6 +531,37 @@ static inline void atomic64_add(long long i, atomic64_t *v)
+@@ -284,6 +537,37 @@ static inline void atomic64_add(long long i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_add\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %Q0, %Q0, %Q4\n"
@@ -1266,7 +1293,7 @@ index 62d2cb5..0d7f7f5 100644
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -1296,7 +1323,7 @@ index 62d2cb5..0d7f7f5 100644
" adc %R0, %R0, %R4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -303,6 +581,44 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
+@@ -303,6 +587,44 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_add_return\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %Q0, %Q0, %Q4\n"
@@ -1306,7 +1333,7 @@ index 62d2cb5..0d7f7f5 100644
+" bvc 3f\n"
+" mov %0, %1\n"
+" mov %H0, %H1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -1341,7 +1368,7 @@ index 62d2cb5..0d7f7f5 100644
" adc %R0, %R0, %R4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -325,6 +641,37 @@ static inline void atomic64_sub(long long i, atomic64_t *v)
+@@ -325,6 +647,37 @@ static inline void atomic64_sub(long long i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %Q0, %Q0, %Q4\n"
@@ -1349,7 +1376,7 @@ index 62d2cb5..0d7f7f5 100644
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -1379,7 +1406,7 @@ index 62d2cb5..0d7f7f5 100644
" sbc %R0, %R0, %R4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -344,10 +691,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)
+@@ -344,10 +697,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub_return\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %Q0, %Q0, %Q4\n"
@@ -1390,7 +1417,7 @@ index 62d2cb5..0d7f7f5 100644
+" bvc 3f\n"
+" mov %0, %1\n"
+" mov %H0, %H1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -1406,7 +1433,7 @@ index 62d2cb5..0d7f7f5 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (i)
: "cc");
-@@ -382,6 +744,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,
+@@ -382,6 +750,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,
return oldval;
}
@@ -1438,7 +1465,7 @@ index 62d2cb5..0d7f7f5 100644
static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
{
long long result;
-@@ -406,20 +793,34 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
+@@ -406,20 +799,34 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
static inline long long atomic64_dec_if_positive(atomic64_t *v)
{
long long result;
@@ -1459,7 +1486,7 @@ index 62d2cb5..0d7f7f5 100644
+" bvc 3f\n"
+" mov %Q0, %Q1\n"
+" mov %R0, %R1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -1479,7 +1506,7 @@ index 62d2cb5..0d7f7f5 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter)
: "cc");
-@@ -442,13 +843,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -442,13 +849,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
" teq %0, %5\n"
" teqeq %H0, %H5\n"
" moveq %1, #0\n"
@@ -1491,7 +1518,7 @@ index 62d2cb5..0d7f7f5 100644
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
@@ -1508,7 +1535,7 @@ index 62d2cb5..0d7f7f5 100644
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (u), "r" (a)
: "cc");
-@@ -461,10 +874,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -461,10 +880,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
#define atomic64_inc(v) atomic64_add(1LL, (v))
@@ -3916,7 +3943,7 @@ index 6eb97b3..ac509f6 100644
atomic64_set(&mm->context.id, asid);
}
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index eb8830a..5360ce7 100644
+index eb8830a..e8ff52e 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -25,6 +25,7 @@
@@ -4030,7 +4057,7 @@ index eb8830a..5360ce7 100644
printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
inf->name, fsr, addr);
-@@ -574,15 +647,98 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
+@@ -574,15 +647,104 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
ifsr_info[nr].name = name;
}
@@ -4110,9 +4137,15 @@ index eb8830a..5360ce7 100644
+
+#ifdef CONFIG_PAX_REFCOUNT
+ if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) {
++#ifdef CONFIG_THUMB2_KERNEL
++ unsigned short bkpt;
++
++ if (!probe_kernel_address(pc, bkpt) && cpu_to_le16(bkpt) == 0xbef1) {
++#else
+ unsigned int bkpt;
+
+ if (!probe_kernel_address(pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) {
++#endif
+ current->thread.error_code = ifsr;
+ current->thread.trap_no = 0;
+ pax_report_refcount_overflow(regs);
@@ -9859,16 +9892,16 @@ index 9b1c36d..209298b 100644
static inline pmd_t *pmd_alloc_one(struct mm_struct *mm,
unsigned long address)
diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
-index bcfe063..b333142 100644
+index 2c8d41f..06b1206 100644
--- a/arch/sparc/include/asm/pgalloc_64.h
+++ b/arch/sparc/include/asm/pgalloc_64.h
-@@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
+@@ -38,6 +38,7 @@ static inline void __pud_populate(pud_t *pud, pmd_t *pmd)
}
- #define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD)
+ #define pud_populate(MM, PUD, PMD) __pud_populate(PUD, PMD)
+#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD))
- static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
+ static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
{
diff --git a/arch/sparc/include/asm/pgtable.h b/arch/sparc/include/asm/pgtable.h
index 59ba6f6..4518128 100644
@@ -10053,22 +10086,19 @@ index 96efa7a..16858bf 100644
/*
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
-index a5f01ac..a8811dd 100644
+index cc6275c..7eb8e21 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
-@@ -63,7 +63,10 @@ struct thread_info {
+@@ -63,6 +63,8 @@ struct thread_info {
struct pt_regs *kern_una_regs;
unsigned int kern_una_insn;
-- unsigned long fpregs[0] __attribute__ ((aligned(64)));
+ unsigned long lowest_stack;
+
-+ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
-+ __attribute__ ((aligned(64)));
+ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
+ __attribute__ ((aligned(64)));
};
-
- #endif /* !(__ASSEMBLY__) */
-@@ -188,12 +191,13 @@ register struct thread_info *current_thread_info_reg asm("g6");
+@@ -190,12 +192,13 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
/* flag bit 4 is available */
#define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */
@@ -10083,7 +10113,7 @@ index a5f01ac..a8811dd 100644
/* NOTE: Thread flags >= 12 should be ones we have no interest
* in using in assembly, else we can't use the mask as
* an immediate value in instructions such as andcc.
-@@ -213,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6");
+@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
#define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
@@ -10258,7 +10288,7 @@ index 510baec..9ff2607 100644
} while (++count < 16);
printk("\n");
diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
-index d7b4967..2edf827 100644
+index c6f7113..9299700 100644
--- a/arch/sparc/kernel/process_64.c
+++ b/arch/sparc/kernel/process_64.c
@@ -161,7 +161,7 @@ static void show_regwindow(struct pt_regs *regs)
@@ -10350,7 +10380,7 @@ index c13c9f2..d572c34 100644
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
-index 8416d7f..f83823c 100644
+index 50c3dd03..adff164 100644
--- a/arch/sparc/kernel/smp_64.c
+++ b/arch/sparc/kernel/smp_64.c
@@ -870,8 +870,8 @@ extern unsigned long xcall_flush_dcache_page_cheetah;
@@ -10660,7 +10690,7 @@ index 6629829..036032d 100644
}
diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
-index 4ced92f..965eeed 100644
+index 25d0c7e..b571456 100644
--- a/arch/sparc/kernel/traps_64.c
+++ b/arch/sparc/kernel/traps_64.c
@@ -77,7 +77,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p)
@@ -10778,8 +10808,8 @@ index 4ced92f..965eeed 100644
+ atomic_inc_unchecked(&sun4v_nonresum_oflow_cnt);
}
- unsigned long sun4v_err_itlb_vaddr;
-@@ -2114,9 +2125,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
+ static void sun4v_tlb_error(struct pt_regs *regs)
+@@ -2118,9 +2129,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
regs->tpc, tl);
@@ -10791,7 +10821,7 @@ index 4ced92f..965eeed 100644
(void *) regs->u_regs[UREG_I7]);
printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] "
"pte[%lx] error[%lx]\n",
-@@ -2138,9 +2149,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
+@@ -2141,9 +2152,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
regs->tpc, tl);
@@ -10803,7 +10833,7 @@ index 4ced92f..965eeed 100644
(void *) regs->u_regs[UREG_I7]);
printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] "
"pte[%lx] error[%lx]\n",
-@@ -2359,13 +2370,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
+@@ -2362,13 +2373,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
fp = (unsigned long)sf->fp + STACK_BIAS;
}
@@ -10819,7 +10849,7 @@ index 4ced92f..965eeed 100644
graph++;
}
}
-@@ -2383,6 +2394,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)
+@@ -2386,6 +2397,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)
return (struct reg_window *) (fp + STACK_BIAS);
}
@@ -10828,7 +10858,7 @@ index 4ced92f..965eeed 100644
void die_if_kernel(char *str, struct pt_regs *regs)
{
static int die_counter;
-@@ -2411,7 +2424,7 @@ void die_if_kernel(char *str, struct pt_regs *regs)
+@@ -2414,7 +2427,7 @@ void die_if_kernel(char *str, struct pt_regs *regs)
while (rw &&
count++ < 30 &&
kstack_valid(tp, (unsigned long) rw)) {
@@ -10837,7 +10867,7 @@ index 4ced92f..965eeed 100644
(void *) rw->ins[7]);
rw = kernel_stack_up(rw);
-@@ -2424,8 +2437,10 @@ void die_if_kernel(char *str, struct pt_regs *regs)
+@@ -2427,8 +2440,10 @@ void die_if_kernel(char *str, struct pt_regs *regs)
}
user_instruction_dump ((unsigned int __user *) regs->tpc);
}
@@ -11443,7 +11473,7 @@ index 59dbd46..1dd7f5e 100644
if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
goto bad_area;
diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
-index 4ced3fc..234f1e4 100644
+index 45a413e..fff0231 100644
--- a/arch/sparc/mm/fault_64.c
+++ b/arch/sparc/mm/fault_64.c
@@ -22,6 +22,9 @@
@@ -11932,7 +11962,7 @@ index 4ced3fc..234f1e4 100644
asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
{
enum ctx_state prev_state = exception_enter();
-@@ -352,6 +815,29 @@ retry:
+@@ -355,6 +818,29 @@ retry:
if (!vma)
goto bad_area;
@@ -12069,10 +12099,10 @@ index d329537..2c3746a 100644
pte_t *huge_pte_alloc(struct mm_struct *mm,
diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
-index 9686224..dfbdb10 100644
+index 34506f2..0621e68 100644
--- a/arch/sparc/mm/init_64.c
+++ b/arch/sparc/mm/init_64.c
-@@ -188,9 +188,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;
+@@ -184,9 +184,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;
int num_kernel_image_mappings;
#ifdef CONFIG_DEBUG_DCFLUSH
@@ -12084,7 +12114,7 @@ index 9686224..dfbdb10 100644
#endif
#endif
-@@ -198,7 +198,7 @@ inline void flush_dcache_page_impl(struct page *page)
+@@ -194,7 +194,7 @@ inline void flush_dcache_page_impl(struct page *page)
{
BUG_ON(tlb_type == hypervisor);
#ifdef CONFIG_DEBUG_DCFLUSH
@@ -12093,7 +12123,7 @@ index 9686224..dfbdb10 100644
#endif
#ifdef DCACHE_ALIASING_POSSIBLE
-@@ -470,10 +470,10 @@ void mmu_info(struct seq_file *m)
+@@ -466,10 +466,10 @@ void mmu_info(struct seq_file *m)
#ifdef CONFIG_DEBUG_DCFLUSH
seq_printf(m, "DCPageFlushes\t: %d\n",
@@ -33139,7 +33169,7 @@ index f35c66c..84b95ef 100644
if (vma == &gate_vma)
return "[vsyscall]";
diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c
-index 7b179b4..6bd17777 100644
+index 7b179b49..6bd17777 100644
--- a/arch/x86/mm/iomap_32.c
+++ b/arch/x86/mm/iomap_32.c
@@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot)
@@ -34108,7 +34138,7 @@ index 0149575..f746de8 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index af2d431..3cf24f0b 100644
+index af2d431..bc63cba 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
@@ -34400,7 +34430,7 @@ index af2d431..3cf24f0b 100644
fp->bpf_func = (void *)image;
}
out:
-@@ -782,10 +887,9 @@ static void bpf_jit_free_deferred(struct work_struct *work)
+@@ -782,10 +887,8 @@ static void bpf_jit_free_deferred(struct work_struct *work)
{
struct sk_filter *fp = container_of(work, struct sk_filter, work);
unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
@@ -34408,7 +34438,6 @@ index af2d431..3cf24f0b 100644
- set_memory_rw(addr, header->pages);
- module_free(NULL, header);
-+ set_memory_rw(addr, 1);
+ module_free_exec(NULL, (void *)addr);
kfree(fp);
}
@@ -35205,6 +35234,56 @@ index 1bbedc4..eb795b5 100644
}
static unsigned long __init intel_mid_calibrate_tsc(void)
+diff --git a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
+index 46aa25c..59a68ed 100644
+--- a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
++++ b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
+@@ -10,10 +10,9 @@
+ */
+
+
+-/* __attribute__((weak)) makes these declarations overridable */
+ /* For every CPU addition a new get_<cpuname>_ops interface needs
+ * to be added.
+ */
+-extern void *get_penwell_ops(void) __attribute__((weak));
+-extern void *get_cloverview_ops(void) __attribute__((weak));
+-extern void *get_tangier_ops(void) __attribute__((weak));
++extern const void *get_penwell_ops(void);
++extern const void *get_cloverview_ops(void);
++extern const void *get_tangier_ops(void);
+diff --git a/arch/x86/platform/intel-mid/mfld.c b/arch/x86/platform/intel-mid/mfld.c
+index 23381d2..8ddc10e 100644
+--- a/arch/x86/platform/intel-mid/mfld.c
++++ b/arch/x86/platform/intel-mid/mfld.c
+@@ -64,12 +64,12 @@ static void __init penwell_arch_setup(void)
+ pm_power_off = mfld_power_off;
+ }
+
+-void *get_penwell_ops(void)
++const void *get_penwell_ops(void)
+ {
+ return &penwell_ops;
+ }
+
+-void *get_cloverview_ops(void)
++const void *get_cloverview_ops(void)
+ {
+ return &penwell_ops;
+ }
+diff --git a/arch/x86/platform/intel-mid/mrfl.c b/arch/x86/platform/intel-mid/mrfl.c
+index aaca917..66eadbc 100644
+--- a/arch/x86/platform/intel-mid/mrfl.c
++++ b/arch/x86/platform/intel-mid/mrfl.c
+@@ -97,7 +97,7 @@ static struct intel_mid_ops tangier_ops = {
+ .arch_setup = tangier_arch_setup,
+ };
+
+-void *get_tangier_ops(void)
++const void *get_tangier_ops(void)
+ {
+ return &tangier_ops;
+ }
diff --git a/arch/x86/platform/olpc/olpc_dt.c b/arch/x86/platform/olpc/olpc_dt.c
index d6ee929..3637cb5 100644
--- a/arch/x86/platform/olpc/olpc_dt.c
@@ -36473,6 +36552,20 @@ index 7bdd61b..afec999 100644
static void cryptd_queue_worker(struct work_struct *work);
+diff --git a/crypto/cts.c b/crypto/cts.c
+index 042223f..133f087 100644
+--- a/crypto/cts.c
++++ b/crypto/cts.c
+@@ -202,7 +202,8 @@ static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx,
+ /* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */
+ memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn);
+ /* 6. Decrypt En to create Pn-1 */
+- memset(iv, 0, sizeof(iv));
++ memzero_explicit(iv, sizeof(iv));
++
+ sg_set_buf(&sgsrc[0], s + bsize, bsize);
+ sg_set_buf(&sgdst[0], d, bsize);
+ err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index 309d345..1632720 100644
--- a/crypto/pcrypt.c
@@ -36486,6 +36579,118 @@ index 309d345..1632720 100644
if (!ret)
kobject_uevent(&pinst->kobj, KOBJ_ADD);
+diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
+index 4279480..7bb0474 100644
+--- a/crypto/sha1_generic.c
++++ b/crypto/sha1_generic.c
+@@ -64,7 +64,7 @@ int crypto_sha1_update(struct shash_desc *desc, const u8 *data,
+ src = data + done;
+ } while (done + SHA1_BLOCK_SIZE <= len);
+
+- memset(temp, 0, sizeof(temp));
++ memzero_explicit(temp, sizeof(temp));
+ partial = 0;
+ }
+ memcpy(sctx->buffer + partial, src, len - done);
+diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
+index 5433667..32c5e5e 100644
+--- a/crypto/sha256_generic.c
++++ b/crypto/sha256_generic.c
+@@ -210,10 +210,9 @@ static void sha256_transform(u32 *state, const u8 *input)
+
+ /* clear any sensitive info... */
+ a = b = c = d = e = f = g = h = t1 = t2 = 0;
+- memset(W, 0, 64 * sizeof(u32));
++ memzero_explicit(W, 64 * sizeof(u32));
+ }
+
+-
+ static int sha224_init(struct shash_desc *desc)
+ {
+ struct sha256_state *sctx = shash_desc_ctx(desc);
+@@ -316,7 +315,7 @@ static int sha224_final(struct shash_desc *desc, u8 *hash)
+ sha256_final(desc, D);
+
+ memcpy(hash, D, SHA224_DIGEST_SIZE);
+- memset(D, 0, SHA256_DIGEST_SIZE);
++ memzero_explicit(D, SHA256_DIGEST_SIZE);
+
+ return 0;
+ }
+diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
+index 6ed124f..04d295a 100644
+--- a/crypto/sha512_generic.c
++++ b/crypto/sha512_generic.c
+@@ -238,7 +238,7 @@ static int sha384_final(struct shash_desc *desc, u8 *hash)
+ sha512_final(desc, D);
+
+ memcpy(hash, D, 48);
+- memset(D, 0, 64);
++ memzero_explicit(D, 64);
+
+ return 0;
+ }
+diff --git a/crypto/tgr192.c b/crypto/tgr192.c
+index 8740355..3c7af0d 100644
+--- a/crypto/tgr192.c
++++ b/crypto/tgr192.c
+@@ -612,7 +612,7 @@ static int tgr160_final(struct shash_desc *desc, u8 * out)
+
+ tgr192_final(desc, D);
+ memcpy(out, D, TGR160_DIGEST_SIZE);
+- memset(D, 0, TGR192_DIGEST_SIZE);
++ memzero_explicit(D, TGR192_DIGEST_SIZE);
+
+ return 0;
+ }
+@@ -623,7 +623,7 @@ static int tgr128_final(struct shash_desc *desc, u8 * out)
+
+ tgr192_final(desc, D);
+ memcpy(out, D, TGR128_DIGEST_SIZE);
+- memset(D, 0, TGR192_DIGEST_SIZE);
++ memzero_explicit(D, TGR192_DIGEST_SIZE);
+
+ return 0;
+ }
+diff --git a/crypto/vmac.c b/crypto/vmac.c
+index 2eb11a3..d84c24b 100644
+--- a/crypto/vmac.c
++++ b/crypto/vmac.c
+@@ -613,7 +613,7 @@ static int vmac_final(struct shash_desc *pdesc, u8 *out)
+ }
+ mac = vmac(ctx->partial, ctx->partial_size, nonce, NULL, ctx);
+ memcpy(out, &mac, sizeof(vmac_t));
+- memset(&mac, 0, sizeof(vmac_t));
++ memzero_explicit(&mac, sizeof(vmac_t));
+ memset(&ctx->__vmac_ctx, 0, sizeof(struct vmac_ctx));
+ ctx->partial_size = 0;
+ return 0;
+diff --git a/crypto/wp512.c b/crypto/wp512.c
+index 180f1d6..ec64e77 100644
+--- a/crypto/wp512.c
++++ b/crypto/wp512.c
+@@ -1102,8 +1102,8 @@ static int wp384_final(struct shash_desc *desc, u8 *out)
+ u8 D[64];
+
+ wp512_final(desc, D);
+- memcpy (out, D, WP384_DIGEST_SIZE);
+- memset (D, 0, WP512_DIGEST_SIZE);
++ memcpy(out, D, WP384_DIGEST_SIZE);
++ memzero_explicit(D, WP512_DIGEST_SIZE);
+
+ return 0;
+ }
+@@ -1113,8 +1113,8 @@ static int wp256_final(struct shash_desc *desc, u8 *out)
+ u8 D[64];
+
+ wp512_final(desc, D);
+- memcpy (out, D, WP256_DIGEST_SIZE);
+- memset (D, 0, WP512_DIGEST_SIZE);
++ memcpy(out, D, WP256_DIGEST_SIZE);
++ memzero_explicit(D, WP512_DIGEST_SIZE);
+
+ return 0;
+ }
diff --git a/drivers/acpi/acpica/hwxfsleep.c b/drivers/acpi/acpica/hwxfsleep.c
index 15dddc1..b61cf0c 100644
--- a/drivers/acpi/acpica/hwxfsleep.c
@@ -39176,7 +39381,7 @@ index 8320abd..ec48108 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 429b75b..de805d0 100644
+index 429b75b..58488cc 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -284,9 +284,6 @@
@@ -39222,6 +39427,35 @@ index 429b75b..de805d0 100644
unsigned int add =
((pool_size - entropy_count)*anfrac*3) >> s;
+@@ -1063,8 +1060,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+ * pool while mixing, and hash one final time.
+ */
+ sha_transform(hash.w, extract, workspace);
+- memset(extract, 0, sizeof(extract));
+- memset(workspace, 0, sizeof(workspace));
++ memzero_explicit(extract, sizeof(extract));
++ memzero_explicit(workspace, sizeof(workspace));
+
+ /*
+ * In case the hash function has some recognizable output
+@@ -1076,7 +1073,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+ hash.w[2] ^= rol32(hash.w[2], 16);
+
+ memcpy(out, &hash, EXTRACT_SIZE);
+- memset(&hash, 0, sizeof(hash));
++ memzero_explicit(&hash, sizeof(hash));
+ }
+
+ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -1124,7 +1121,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+ }
+
+ /* Wipe data just returned from memory */
+- memset(tmp, 0, sizeof(tmp));
++ memzero_explicit(tmp, sizeof(tmp));
+
+ return ret;
+ }
@@ -1151,7 +1148,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
@@ -39231,6 +39465,15 @@ index 429b75b..de805d0 100644
ret = -EFAULT;
break;
}
+@@ -1162,7 +1159,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+ }
+
+ /* Wipe data just returned from memory */
+- memset(tmp, 0, sizeof(tmp));
++ memzero_explicit(tmp, sizeof(tmp));
+
+ return ret;
+ }
@@ -1507,7 +1504,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
@@ -42048,12 +42291,12 @@ index cedc6da..2c3da2a 100644
if (atomic_read(&uhid->report_done))
goto unlock;
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
-index 69ea36f..8dbf4bb 100644
+index e99e71a..e4ae549 100644
--- a/drivers/hv/channel.c
+++ b/drivers/hv/channel.c
-@@ -364,8 +364,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
+@@ -365,8 +365,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
+ unsigned long flags;
int ret = 0;
- int t;
- next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle);
- atomic_inc(&vmbus_connection.next_gpadl_handle);
@@ -49054,7 +49297,7 @@ index fb02fc2..83dc2c3 100644
kfree(msi_dev_attr);
++count;
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 276ef9c..1d33a36 100644
+index 39a207a..d1ec78a 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -1112,7 +1112,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)
@@ -50822,7 +51065,7 @@ index 1f42662..bf9836c 100644
extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool);
extern void qla2x00_init_host_attr(scsi_qla_host_t *);
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
-index 83cb612..9b7b08c 100644
+index 23c1b0c..e8035ca 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -1491,8 +1491,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
@@ -58614,10 +58857,10 @@ index f70119f..ab5894d 100644
spin_lock_init(&delayed_root->lock);
init_waitqueue_head(&delayed_root->wait);
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index a6d8efa..2f062cf 100644
+index 0b72006..264c7de 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -3491,9 +3491,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3494,9 +3494,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
@@ -58630,7 +58873,7 @@ index a6d8efa..2f062cf 100644
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -3515,10 +3518,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3518,10 +3521,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
@@ -59723,7 +59966,7 @@ index a93f7e6..d58bcbe 100644
return 0;
while (nr) {
diff --git a/fs/dcache.c b/fs/dcache.c
-index 58d57da..f91b141 100644
+index 58d57da..a3f889f 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -250,7 +250,7 @@ static void __d_free(struct rcu_head *head)
@@ -59800,7 +60043,15 @@ index 58d57da..f91b141 100644
d_lru_isolate(dentry);
spin_unlock(&dentry->d_lock);
return LRU_REMOVED;
-@@ -1268,7 +1268,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)
+@@ -1159,6 +1159,7 @@ out_unlock:
+ return;
+
+ rename_retry:
++ done_seqretry(&rename_lock, seq);
+ if (!retry)
+ return;
+ seq = 1;
+@@ -1268,7 +1269,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)
* loop in shrink_dcache_parent() might not make any progress
* and loop forever.
*/
@@ -59809,7 +60060,7 @@ index 58d57da..f91b141 100644
dentry_lru_del(dentry);
} else if (!(dentry->d_flags & DCACHE_SHRINK_LIST)) {
/*
-@@ -1322,11 +1322,11 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry)
+@@ -1322,11 +1323,11 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry)
struct select_data *data = _data;
enum d_walk_ret ret = D_WALK_CONTINUE;
@@ -59823,7 +60074,7 @@ index 58d57da..f91b141 100644
goto out;
printk(KERN_ERR
"BUG: Dentry %p{i=%lx,n=%s}"
-@@ -1336,7 +1336,7 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry)
+@@ -1336,7 +1337,7 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry)
dentry->d_inode ?
dentry->d_inode->i_ino : 0UL,
dentry->d_name.name,
@@ -59832,7 +60083,7 @@ index 58d57da..f91b141 100644
dentry->d_sb->s_type->name,
dentry->d_sb->s_id);
BUG();
-@@ -1494,7 +1494,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
+@@ -1494,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
*/
dentry->d_iname[DNAME_INLINE_LEN-1] = 0;
if (name->len > DNAME_INLINE_LEN-1) {
@@ -59841,7 +60092,7 @@ index 58d57da..f91b141 100644
if (!dname) {
kmem_cache_free(dentry_cache, dentry);
return NULL;
-@@ -1512,7 +1512,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
+@@ -1512,7 +1513,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
smp_wmb();
dentry->d_name.name = dname;
@@ -59850,7 +60101,7 @@ index 58d57da..f91b141 100644
dentry->d_flags = 0;
spin_lock_init(&dentry->d_lock);
seqcount_init(&dentry->d_seq);
-@@ -2275,7 +2275,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
+@@ -2275,7 +2276,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
goto next;
}
@@ -59859,7 +60110,7 @@ index 58d57da..f91b141 100644
found = dentry;
spin_unlock(&dentry->d_lock);
break;
-@@ -2374,7 +2374,7 @@ again:
+@@ -2374,7 +2375,7 @@ again:
spin_lock(&dentry->d_lock);
inode = dentry->d_inode;
isdir = S_ISDIR(inode->i_mode);
@@ -59868,7 +60119,7 @@ index 58d57da..f91b141 100644
if (!spin_trylock(&inode->i_lock)) {
spin_unlock(&dentry->d_lock);
cpu_relax();
-@@ -3313,7 +3313,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
+@@ -3313,7 +3314,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
if (!(dentry->d_flags & DCACHE_GENOCIDE)) {
dentry->d_flags |= DCACHE_GENOCIDE;
@@ -59877,7 +60128,7 @@ index 58d57da..f91b141 100644
}
}
return D_WALK_CONTINUE;
-@@ -3429,7 +3429,8 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3429,7 +3430,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -59904,7 +60155,7 @@ index 1576195..49a19ae 100644
}
EXPORT_SYMBOL_GPL(debugfs_create_dir);
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
-index b167ca4..a224e19 100644
+index a85ceb7..5097313b 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -673,7 +673,7 @@ static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
@@ -63648,10 +63899,10 @@ index dd2f2c5..27e6c48 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index 75536db..7ec079e 100644
+index c7d4a0a..93207ab 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -1369,6 +1369,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1371,6 +1371,9 @@ static int do_umount(struct mount *mnt, int flags)
if (!(sb->s_flags & MS_RDONLY))
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
up_write(&sb->s_umount);
@@ -63661,7 +63912,7 @@ index 75536db..7ec079e 100644
return retval;
}
-@@ -1391,6 +1394,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1393,6 +1396,9 @@ static int do_umount(struct mount *mnt, int flags)
}
unlock_mount_hash();
namespace_unlock();
@@ -63671,7 +63922,7 @@ index 75536db..7ec079e 100644
return retval;
}
-@@ -1410,7 +1416,7 @@ static inline bool may_mount(void)
+@@ -1412,7 +1418,7 @@ static inline bool may_mount(void)
* unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
*/
@@ -63680,7 +63931,7 @@ index 75536db..7ec079e 100644
{
struct path path;
struct mount *mnt;
-@@ -1452,7 +1458,7 @@ out:
+@@ -1454,7 +1460,7 @@ out:
/*
* The 2.0 compatible umount. No flags.
*/
@@ -63689,7 +63940,7 @@ index 75536db..7ec079e 100644
{
return sys_umount(name, 0);
}
-@@ -2501,6 +2507,16 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2503,6 +2509,16 @@ long do_mount(const char *dev_name, const char *dir_name,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
@@ -63706,7 +63957,7 @@ index 75536db..7ec079e 100644
if (flags & MS_REMOUNT)
retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
data_page);
-@@ -2515,6 +2531,9 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2517,6 +2533,9 @@ long do_mount(const char *dev_name, const char *dir_name,
dev_name, data_page);
dput_out:
path_put(&path);
@@ -63716,7 +63967,7 @@ index 75536db..7ec079e 100644
return retval;
}
-@@ -2532,7 +2551,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
+@@ -2534,7 +2553,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
* number incrementing at 10Ghz will take 12,427 years to wrap which
* is effectively never, so we can ignore the possibility.
*/
@@ -63725,7 +63976,7 @@ index 75536db..7ec079e 100644
static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
{
-@@ -2547,7 +2566,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2549,7 +2568,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
kfree(new_ns);
return ERR_PTR(ret);
}
@@ -63734,7 +63985,7 @@ index 75536db..7ec079e 100644
atomic_set(&new_ns->count, 1);
new_ns->root = NULL;
INIT_LIST_HEAD(&new_ns->list);
-@@ -2557,7 +2576,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2559,7 +2578,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
return new_ns;
}
@@ -63743,7 +63994,7 @@ index 75536db..7ec079e 100644
struct user_namespace *user_ns, struct fs_struct *new_fs)
{
struct mnt_namespace *new_ns;
-@@ -2678,8 +2697,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+@@ -2680,8 +2699,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
}
EXPORT_SYMBOL(mount_subtree);
@@ -63754,7 +64005,7 @@ index 75536db..7ec079e 100644
{
int ret;
char *kernel_type;
-@@ -2792,6 +2811,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2794,6 +2813,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
@@ -63766,7 +64017,7 @@ index 75536db..7ec079e 100644
get_fs_root(current->fs, &root);
old_mp = lock_mount(&old);
error = PTR_ERR(old_mp);
-@@ -2829,6 +2853,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2831,6 +2855,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
/* make sure we can reach put_old from new_root */
if (!is_path_reachable(old_mnt, old.dentry, &new))
goto out4;
@@ -63776,7 +64027,7 @@ index 75536db..7ec079e 100644
root_mp->m_count++; /* pin it so it won't go away */
lock_mount_hash();
detach_mnt(new_mnt, &parent_path);
-@@ -3060,7 +3087,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
+@@ -3062,7 +3089,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
return -EPERM;
@@ -64019,7 +64270,7 @@ index a80a741..7b96e1b 100644
}
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
-index 287a22c..4e56e4e 100644
+index de6323e..4931489 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -251,8 +251,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
@@ -64151,6 +64402,19 @@ index 0440134..d52c93a 100644
bail:
if (handle)
+diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
+index feed025f..cee9402 100644
+--- a/fs/ocfs2/namei.c
++++ b/fs/ocfs2/namei.c
+@@ -158,7 +158,7 @@ bail_add:
+ * NOTE: This dentry already has ->d_op set from
+ * ocfs2_get_parent() and ocfs2_get_dentry()
+ */
+- if (ret)
++ if (!IS_ERR_OR_NULL(ret))
+ dentry = ret;
+
+ status = ocfs2_dentry_attach_lock(dentry, inode,
diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
index 553f53c..aaf5133 100644
--- a/fs/ocfs2/ocfs2.h
@@ -64708,7 +64972,7 @@ index 2183fcf..3c32a98 100644
help
Various /proc files exist to monitor process memory utilization:
diff --git a/fs/proc/array.c b/fs/proc/array.c
-index baf3464..6873520 100644
+index baf3464..5b394ec 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -60,6 +60,7 @@
@@ -64846,14 +65110,22 @@ index baf3464..6873520 100644
if (mm) {
size = task_statm(mm, &shared, &text, &data, &resident);
mmput(mm);
-@@ -581,6 +649,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+@@ -581,6 +649,21 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
return 0;
}
+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
+int proc_pid_ipaddr(struct task_struct *task, char *buffer)
+{
-+ return sprintf(buffer, "%pI4\n", &task->signal->curr_ip);
++ unsigned long flags;
++ u32 curr_ip = 0;
++
++ if (lock_task_sighand(task, &flags)) {
++ curr_ip = task->signal->curr_ip;
++ unlock_task_sighand(task, &flags);
++ }
++
++ return sprintf(buffer, "%pI4\n", &curr_ip);
+}
+#endif
+
@@ -77402,7 +77674,7 @@ index 0000000..3860c7e
+}
diff --git a/grsecurity/grsec_sock.c b/grsecurity/grsec_sock.c
new file mode 100644
-index 0000000..c0aef3a
+index 0000000..e3650b6
--- /dev/null
+++ b/grsecurity/grsec_sock.c
@@ -0,0 +1,244 @@
@@ -77529,10 +77801,10 @@ index 0000000..c0aef3a
+
+#endif
+
-+void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet)
++void gr_update_task_in_ip_table(const struct inet_sock *inet)
+{
+#ifdef CONFIG_GRKERNSEC
-+ struct signal_struct *sig = task->signal;
++ struct signal_struct *sig = current->signal;
+ struct conn_table_entry *newent;
+
+ newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
@@ -79383,6 +79655,19 @@ index 939533d..cf0a57c 100644
/**
* struct clk_init_data - holds init data that's common to all clocks and is
+diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h
+index 67301a4..879065d 100644
+--- a/include/linux/clocksource.h
++++ b/include/linux/clocksource.h
+@@ -289,7 +289,7 @@ extern struct clocksource* clocksource_get_next(void);
+ extern void clocksource_change_rating(struct clocksource *cs, int rating);
+ extern void clocksource_suspend(void);
+ extern void clocksource_resume(void);
+-extern struct clocksource * __init __weak clocksource_default_clock(void);
++extern struct clocksource * __init clocksource_default_clock(void);
+ extern void clocksource_mark_unstable(struct clocksource *cs);
+
+ extern u64
diff --git a/include/linux/compat.h b/include/linux/compat.h
index 3f448c6..df3ce1d 100644
--- a/include/linux/compat.h
@@ -79717,6 +80002,32 @@ index d08e4d2..95fad61 100644
int cpumask_any_but(const struct cpumask *mask, unsigned int cpu);
/**
+diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
+index 7032518..60023e5 100644
+--- a/include/linux/crash_dump.h
++++ b/include/linux/crash_dump.h
+@@ -14,14 +14,13 @@
+ extern unsigned long long elfcorehdr_addr;
+ extern unsigned long long elfcorehdr_size;
+
+-extern int __weak elfcorehdr_alloc(unsigned long long *addr,
+- unsigned long long *size);
+-extern void __weak elfcorehdr_free(unsigned long long addr);
+-extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos);
+-extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
+-extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma,
+- unsigned long from, unsigned long pfn,
+- unsigned long size, pgprot_t prot);
++extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size);
++extern void elfcorehdr_free(unsigned long long addr);
++extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos);
++extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
++extern int remap_oldmem_pfn_range(struct vm_area_struct *vma,
++ unsigned long from, unsigned long pfn,
++ unsigned long size, pgprot_t prot);
+
+ extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
+ unsigned long, int);
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 04421e8..a85afd4 100644
--- a/include/linux/cred.h
@@ -81917,7 +82228,7 @@ index a74c3a8..28d3f21 100644
extern struct key_type key_type_keyring;
diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
-index 6b06d37..c134867 100644
+index 6b06d37..19f605f 100644
--- a/include/linux/kgdb.h
+++ b/include/linux/kgdb.h
@@ -52,7 +52,7 @@ extern int kgdb_connected;
@@ -81938,7 +82249,7 @@ index 6b06d37..c134867 100644
/**
* struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
-@@ -279,7 +279,7 @@ struct kgdb_io {
+@@ -279,11 +279,11 @@ struct kgdb_io {
void (*pre_exception) (void);
void (*post_exception) (void);
int is_console;
@@ -81947,6 +82258,11 @@ index 6b06d37..c134867 100644
extern struct kgdb_arch arch_kgdb_ops;
+-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
++extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs);
+
+ #ifdef CONFIG_SERIAL_KGDB_NMI
+ extern int kgdb_register_nmi_console(void);
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
index 0555cc6..40116ce 100644
--- a/include/linux/kmod.h
@@ -82196,6 +82512,19 @@ index c45c089..298841c 100644
{
u32 remainder;
return div_u64_rem(dividend, divisor, &remainder);
+diff --git a/include/linux/memory.h b/include/linux/memory.h
+index bb7384e..8b8d8d1 100644
+--- a/include/linux/memory.h
++++ b/include/linux/memory.h
+@@ -35,7 +35,7 @@ struct memory_block {
+ };
+
+ int arch_get_memory_phys_device(unsigned long start_pfn);
+-unsigned long __weak memory_block_size_bytes(void);
++unsigned long memory_block_size_bytes(void);
+
+ /* These states are exposed to userspace as text strings in sysfs */
+ #define MEM_ONLINE (1<<0) /* exposed to userspace */
diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
index 5bba088..7ad4ae7 100644
--- a/include/linux/mempolicy.h
@@ -83646,7 +83975,7 @@ index a964f72..b475afb 100644
}
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index d7ca410..8b39a0c 100644
+index 218b058..1ce7ad0 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -133,6 +133,7 @@ struct fs_struct;
@@ -83892,7 +84221,7 @@ index d7ca410..8b39a0c 100644
{
return tsk->pid;
}
-@@ -2013,6 +2127,25 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2015,6 +2129,25 @@ extern u64 sched_clock_cpu(int cpu);
extern void sched_clock_init(void);
@@ -83918,7 +84247,7 @@ index d7ca410..8b39a0c 100644
#ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
static inline void sched_clock_tick(void)
{
-@@ -2137,7 +2270,9 @@ void yield(void);
+@@ -2139,7 +2272,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
@@ -83928,7 +84257,7 @@ index d7ca410..8b39a0c 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2170,6 +2305,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2172,6 +2307,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -83936,7 +84265,7 @@ index d7ca410..8b39a0c 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2332,7 +2468,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2334,7 +2470,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -83945,7 +84274,7 @@ index d7ca410..8b39a0c 100644
extern int allow_signal(int);
extern int disallow_signal(int);
-@@ -2533,9 +2669,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2535,9 +2671,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
@@ -84304,6 +84633,29 @@ index 680f9a3..f13aeb0 100644
__SONET_ITEMS
#undef __HANDLE_ITEM
};
+diff --git a/include/linux/string.h b/include/linux/string.h
+index ac889c5..0ed878d 100644
+--- a/include/linux/string.h
++++ b/include/linux/string.h
+@@ -129,7 +129,7 @@ int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4);
+ #endif
+
+ extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos,
+- const void *from, size_t available);
++ const void *from, size_t available);
+
+ /**
+ * strstarts - does @str start with @prefix?
+@@ -141,7 +141,8 @@ static inline bool strstarts(const char *str, const char *prefix)
+ return strncmp(str, prefix, strlen(prefix)) == 0;
+ }
+
+-extern size_t memweight(const void *ptr, size_t bytes);
++size_t memweight(const void *ptr, size_t bytes);
++void memzero_explicit(void *s, size_t count);
+
+ /**
+ * kbasename - return the last part of a pathname.
diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h
index 07d8e53..dc934c9 100644
--- a/include/linux/sunrpc/addr.h
@@ -88457,7 +88809,7 @@ index e2c6853..9a6397e 100644
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index 0b0dc02..5f3eb62 100644
+index fda2950..5f3eb62 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -54,6 +54,7 @@
@@ -88486,16 +88838,7 @@ index 0b0dc02..5f3eb62 100644
static const struct futex_q futex_q_init = {
/* list gets initialized in queue_me()*/
-@@ -329,6 +330,8 @@ static void get_futex_key_refs(union futex_key *key)
- case FUT_OFF_MMSHARED:
- futex_get_mm(key); /* implies MB (B) */
- break;
-+ default:
-+ smp_mb(); /* explicit MB (B) */
- }
- }
-
-@@ -380,6 +383,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
+@@ -382,6 +383,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
struct page *page, *page_head;
int err, ro = 0;
@@ -88507,7 +88850,7 @@ index 0b0dc02..5f3eb62 100644
/*
* The futex address must be "naturally" aligned.
*/
-@@ -579,7 +587,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr,
+@@ -581,7 +587,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr,
static int get_futex_value_locked(u32 *dest, u32 __user *from)
{
@@ -88516,7 +88859,7 @@ index 0b0dc02..5f3eb62 100644
pagefault_disable();
ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
-@@ -3020,6 +3028,7 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3022,6 +3028,7 @@ static void __init futex_detect_cmpxchg(void)
{
#ifndef CONFIG_HAVE_FUTEX_CMPXCHG
u32 curval;
@@ -88524,7 +88867,7 @@ index 0b0dc02..5f3eb62 100644
/*
* This will fail and we want it. Some arch implementations do
-@@ -3031,8 +3040,11 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3033,8 +3040,11 @@ static void __init futex_detect_cmpxchg(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
@@ -93330,10 +93673,32 @@ index 114d1be..ab0350c 100644
(val << avg->factor)) >> avg->weight :
(val << avg->factor);
diff --git a/lib/bitmap.c b/lib/bitmap.c
-index 06f7e4f..f3cf2b0 100644
+index 06f7e4f..9078e42 100644
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
-@@ -422,7 +422,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
+@@ -131,7 +131,9 @@ void __bitmap_shift_right(unsigned long *dst,
+ lower = src[off + k];
+ if (left && off + k == lim - 1)
+ lower &= mask;
+- dst[k] = upper << (BITS_PER_LONG - rem) | lower >> rem;
++ dst[k] = lower >> rem;
++ if (rem)
++ dst[k] |= upper << (BITS_PER_LONG - rem);
+ if (left && k == lim - 1)
+ dst[k] &= mask;
+ }
+@@ -172,7 +174,9 @@ void __bitmap_shift_left(unsigned long *dst,
+ upper = src[k];
+ if (left && k == lim - 1)
+ upper &= (1UL << left) - 1;
+- dst[k + off] = lower >> (BITS_PER_LONG - rem) | upper << rem;
++ dst[k + off] = upper << rem;
++ if (rem)
++ dst[k + off] |= lower >> (BITS_PER_LONG - rem);
+ if (left && k + off == lim - 1)
+ dst[k + off] &= (1UL << left) - 1;
+ }
+@@ -422,7 +426,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
{
int c, old_c, totaldigits, ndigits, nchunks, nbits;
u32 chunk;
@@ -93342,7 +93707,7 @@ index 06f7e4f..f3cf2b0 100644
bitmap_zero(maskp, nmaskbits);
-@@ -507,7 +507,7 @@ int bitmap_parse_user(const char __user *ubuf,
+@@ -507,7 +511,7 @@ int bitmap_parse_user(const char __user *ubuf,
{
if (!access_ok(VERIFY_READ, ubuf, ulen))
return -EFAULT;
@@ -93351,7 +93716,7 @@ index 06f7e4f..f3cf2b0 100644
ulen, 1, maskp, nmaskbits);
}
-@@ -598,7 +598,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
+@@ -598,7 +602,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
{
unsigned a, b;
int c, old_c, totaldigits;
@@ -93360,7 +93725,7 @@ index 06f7e4f..f3cf2b0 100644
int exp_digit, in_range;
totaldigits = c = 0;
-@@ -698,7 +698,7 @@ int bitmap_parselist_user(const char __user *ubuf,
+@@ -698,7 +702,7 @@ int bitmap_parselist_user(const char __user *ubuf,
{
if (!access_ok(VERIFY_READ, ubuf, ulen))
return -EFAULT;
@@ -93941,10 +94306,33 @@ index 0922579..9d7adb9 100644
#endif
}
diff --git a/lib/string.c b/lib/string.c
-index e5878de..315fad2 100644
+index e5878de..64941b2 100644
--- a/lib/string.c
+++ b/lib/string.c
-@@ -789,9 +789,9 @@ void *memchr_inv(const void *start, int c, size_t bytes)
+@@ -586,6 +586,22 @@ void *memset(void *s, int c, size_t count)
+ EXPORT_SYMBOL(memset);
+ #endif
+
++/**
++ * memzero_explicit - Fill a region of memory (e.g. sensitive
++ * keying data) with 0s.
++ * @s: Pointer to the start of the area.
++ * @count: The size of the area.
++ *
++ * memzero_explicit() doesn't need an arch-specific version as
++ * it just invokes the one of memset() implicitly.
++ */
++void memzero_explicit(void *s, size_t count)
++{
++ memset(s, 0, count);
++ OPTIMIZER_HIDE_VAR(s);
++}
++EXPORT_SYMBOL(memzero_explicit);
++
+ #ifndef __HAVE_ARCH_MEMCPY
+ /**
+ * memcpy - Copy one area of memory to another
+@@ -789,9 +805,9 @@ void *memchr_inv(const void *start, int c, size_t bytes)
return check_bytes8(start, value, bytes);
value64 = value;
@@ -94697,7 +95085,7 @@ index 33365e9..2234ef9 100644
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index 492e36f..3771c0a 100644
+index 492e36f..b153792 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -94734,7 +95122,32 @@ index 492e36f..3771c0a 100644
}
/*
-@@ -1636,12 +1642,6 @@ no_page_table:
+@@ -679,10 +685,10 @@ static void print_bad_pte(struct vm_area_struct *vma, unsigned long addr,
+ * Choose text because data symbols depend on CONFIG_KALLSYMS_ALL=y
+ */
+ if (vma->vm_ops)
+- printk(KERN_ALERT "vma->vm_ops->fault: %pSR\n",
++ printk(KERN_ALERT "vma->vm_ops->fault: %pAR\n",
+ vma->vm_ops->fault);
+ if (vma->vm_file)
+- printk(KERN_ALERT "vma->vm_file->f_op->mmap: %pSR\n",
++ printk(KERN_ALERT "vma->vm_file->f_op->mmap: %pAR\n",
+ vma->vm_file->f_op->mmap);
+ dump_stack();
+ add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
+@@ -1137,8 +1143,10 @@ again:
+ if (unlikely(page_mapcount(page) < 0))
+ print_bad_pte(vma, addr, ptent, page);
+ force_flush = !__tlb_remove_page(tlb, page);
+- if (force_flush)
++ if (force_flush) {
++ addr += PAGE_SIZE;
+ break;
++ }
+ continue;
+ }
+ /*
+@@ -1636,12 +1644,6 @@ no_page_table:
return page;
}
@@ -94747,7 +95160,7 @@ index 492e36f..3771c0a 100644
/**
* __get_user_pages() - pin user pages in memory
* @tsk: task_struct of target task
-@@ -1728,10 +1728,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1728,10 +1730,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
i = 0;
@@ -94760,7 +95173,7 @@ index 492e36f..3771c0a 100644
if (!vma && in_gate_area(mm, start)) {
unsigned long pg = start & PAGE_MASK;
pgd_t *pgd;
-@@ -1780,7 +1780,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1780,7 +1782,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
goto next_page;
}
@@ -94769,7 +95182,7 @@ index 492e36f..3771c0a 100644
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1809,11 +1809,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1809,11 +1811,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int ret;
unsigned int fault_flags = 0;
@@ -94781,7 +95194,7 @@ index 492e36f..3771c0a 100644
if (foll_flags & FOLL_WRITE)
fault_flags |= FAULT_FLAG_WRITE;
if (nonblocking)
-@@ -1893,7 +1888,7 @@ next_page:
+@@ -1893,7 +1890,7 @@ next_page:
start += page_increm * PAGE_SIZE;
nr_pages -= page_increm;
} while (nr_pages && start < vma->vm_end);
@@ -94790,7 +95203,7 @@ index 492e36f..3771c0a 100644
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -2105,6 +2100,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2105,6 +2102,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
@@ -94801,7 +95214,7 @@ index 492e36f..3771c0a 100644
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2149,9 +2148,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2149,9 +2150,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
if (!page_count(page))
return -EINVAL;
if (!(vma->vm_flags & VM_MIXEDMAP)) {
@@ -94823,7 +95236,7 @@ index 492e36f..3771c0a 100644
}
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2234,6 +2245,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2234,6 +2247,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -94831,7 +95244,7 @@ index 492e36f..3771c0a 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2481,7 +2493,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -2481,7 +2495,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
@@ -94842,7 +95255,7 @@ index 492e36f..3771c0a 100644
if (!pmd)
return -ENOMEM;
do {
-@@ -2501,7 +2515,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -2501,7 +2517,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
@@ -94853,7 +95266,7 @@ index 492e36f..3771c0a 100644
if (!pud)
return -ENOMEM;
do {
-@@ -2591,6 +2607,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2591,6 +2609,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
@@ -95040,7 +95453,7 @@ index 492e36f..3771c0a 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2815,6 +3011,12 @@ gotten:
+@@ -2815,6 +3013,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -95053,7 +95466,7 @@ index 492e36f..3771c0a 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2866,6 +3068,10 @@ gotten:
+@@ -2866,6 +3070,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -95064,7 +95477,7 @@ index 492e36f..3771c0a 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -3143,6 +3349,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3143,6 +3351,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -95076,7 +95489,7 @@ index 492e36f..3771c0a 100644
unlock_page(page);
if (page != swapcache) {
/*
-@@ -3166,6 +3377,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3166,6 +3379,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -95088,7 +95501,7 @@ index 492e36f..3771c0a 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -3185,40 +3401,6 @@ out_release:
+@@ -3185,40 +3403,6 @@ out_release:
}
/*
@@ -95129,7 +95542,7 @@ index 492e36f..3771c0a 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3227,27 +3409,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3227,27 +3411,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -95162,7 +95575,7 @@ index 492e36f..3771c0a 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3271,6 +3449,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3271,6 +3451,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -95174,7 +95587,7 @@ index 492e36f..3771c0a 100644
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -3278,6 +3461,12 @@ setpte:
+@@ -3278,6 +3463,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -95187,7 +95600,7 @@ index 492e36f..3771c0a 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -3422,6 +3611,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3422,6 +3613,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -95200,7 +95613,7 @@ index 492e36f..3771c0a 100644
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -3443,6 +3638,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3443,6 +3640,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, page_table);
@@ -95215,7 +95628,7 @@ index 492e36f..3771c0a 100644
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3690,6 +3893,12 @@ static int handle_pte_fault(struct mm_struct *mm,
+@@ -3690,6 +3895,12 @@ static int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -95228,7 +95641,7 @@ index 492e36f..3771c0a 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3706,9 +3915,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3706,9 +3917,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -95270,7 +95683,7 @@ index 492e36f..3771c0a 100644
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3836,6 +4077,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3836,6 +4079,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -95294,7 +95707,7 @@ index 492e36f..3771c0a 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3866,6 +4124,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3866,6 +4126,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -95325,7 +95738,7 @@ index 492e36f..3771c0a 100644
#endif /* __PAGETABLE_PMD_FOLDED */
#if !defined(__HAVE_ARCH_GATE_AREA)
-@@ -3879,7 +4161,7 @@ static int __init gate_vma_init(void)
+@@ -3879,7 +4163,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -95334,7 +95747,7 @@ index 492e36f..3771c0a 100644
return 0;
}
-@@ -4013,8 +4295,8 @@ out:
+@@ -4013,8 +4297,8 @@ out:
return ret;
}
@@ -95345,7 +95758,7 @@ index 492e36f..3771c0a 100644
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -4040,8 +4322,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
+@@ -4040,8 +4324,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
@@ -95356,7 +95769,7 @@ index 492e36f..3771c0a 100644
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -4049,7 +4331,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4049,7 +4333,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
@@ -95365,7 +95778,7 @@ index 492e36f..3771c0a 100644
void *maddr;
struct page *page = NULL;
-@@ -4108,8 +4390,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4108,8 +4392,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -95376,7 +95789,7 @@ index 492e36f..3771c0a 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -4119,11 +4401,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4119,11 +4403,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
@@ -97593,7 +98006,7 @@ index f0d698b..7037c25 100644
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 0b1c2a5..819c6bc 100644
+index 0b1c2a5..4deff8e 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -300,10 +300,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
@@ -97646,29 +98059,28 @@ index 0b1c2a5..819c6bc 100644
slab_early_init = 0;
-@@ -3477,6 +3481,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
+@@ -3477,6 +3481,20 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
struct array_cache *ac = cpu_cache_get(cachep);
check_irq_off();
+
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ if (pax_sanitize_slab) {
-+ if (!(cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))) {
-+ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);
++ if (cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))
++ STATS_INC_NOT_SANITIZED(cachep);
++ else {
++ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);
+
-+ if (cachep->ctor)
-+ cachep->ctor(objp);
++ if (cachep->ctor)
++ cachep->ctor(objp);
+
-+ STATS_INC_SANITIZED(cachep);
-+ } else
-+ STATS_INC_NOT_SANITIZED(cachep);
++ STATS_INC_SANITIZED(cachep);
+ }
+#endif
+
kmemleak_free_recursive(objp, cachep->flags);
objp = cache_free_debugcheck(cachep, objp, caller);
-@@ -3705,6 +3724,7 @@ void kfree(const void *objp)
+@@ -3705,6 +3723,7 @@ void kfree(const void *objp)
if (unlikely(ZERO_OR_NULL_PTR(objp)))
return;
@@ -97676,7 +98088,7 @@ index 0b1c2a5..819c6bc 100644
local_irq_save(flags);
kfree_debugcheck(objp);
c = virt_to_cache(objp);
-@@ -4146,14 +4166,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
+@@ -4146,14 +4165,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
}
/* cpu stats */
{
@@ -97703,7 +98115,7 @@ index 0b1c2a5..819c6bc 100644
#endif
}
-@@ -4374,13 +4402,69 @@ static const struct file_operations proc_slabstats_operations = {
+@@ -4374,13 +4401,69 @@ static const struct file_operations proc_slabstats_operations = {
static int __init slab_proc_init(void)
{
#ifdef CONFIG_DEBUG_SLAB_LEAK
@@ -97775,10 +98187,10 @@ index 0b1c2a5..819c6bc 100644
* ksize - get the actual amount of memory allocated for a given object
* @objp: Pointer to the object
diff --git a/mm/slab.h b/mm/slab.h
-index 8184a7c..ab27737 100644
+index 8184a7c..81ed62c 100644
--- a/mm/slab.h
+++ b/mm/slab.h
-@@ -32,6 +32,15 @@ extern struct list_head slab_caches;
+@@ -32,6 +32,20 @@ extern struct list_head slab_caches;
/* The slab cache that manages slab cache information */
extern struct kmem_cache *kmem_cache;
@@ -97788,13 +98200,18 @@ index 8184a7c..ab27737 100644
+#else
+#define PAX_MEMORY_SANITIZE_VALUE '\xff'
+#endif
-+extern bool pax_sanitize_slab;
++enum pax_sanitize_mode {
++ PAX_SANITIZE_SLAB_OFF = 0,
++ PAX_SANITIZE_SLAB_FAST,
++ PAX_SANITIZE_SLAB_FULL,
++};
++extern enum pax_sanitize_mode pax_sanitize_slab;
+#endif
+
unsigned long calculate_alignment(unsigned long flags,
unsigned long align, unsigned long size);
-@@ -67,7 +76,8 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
+@@ -67,7 +81,8 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
/* Legal flag mask for kmem_cache_create(), for various configurations */
#define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
@@ -97804,7 +98221,7 @@ index 8184a7c..ab27737 100644
#if defined(CONFIG_DEBUG_SLAB)
#define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
-@@ -257,6 +267,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
+@@ -257,6 +272,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
return s;
page = virt_to_head_page(x);
@@ -97815,10 +98232,10 @@ index 8184a7c..ab27737 100644
if (slab_equal_or_root(cachep, s))
return cachep;
diff --git a/mm/slab_common.c b/mm/slab_common.c
-index f149e67..b366f92 100644
+index f149e67..97a8b4b 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
-@@ -23,11 +23,22 @@
+@@ -23,11 +23,35 @@
#include "slab.h"
@@ -97829,20 +98246,47 @@ index f149e67..b366f92 100644
struct kmem_cache *kmem_cache;
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+bool pax_sanitize_slab __read_only = true;
++enum pax_sanitize_mode pax_sanitize_slab __read_only = PAX_SANITIZE_SLAB_FAST;
+static int __init pax_sanitize_slab_setup(char *str)
+{
-+ pax_sanitize_slab = !!simple_strtol(str, NULL, 0);
-+ printk("%sabled PaX slab sanitization\n", pax_sanitize_slab ? "En" : "Dis");
-+ return 1;
++ if (!str)
++ return 0;
++
++ if (!strcmp(str, "0") || !strcmp(str, "off")) {
++ pr_info("PaX slab sanitization: %s\n", "disabled");
++ pax_sanitize_slab = PAX_SANITIZE_SLAB_OFF;
++ } else if (!strcmp(str, "1") || !strcmp(str, "fast")) {
++ pr_info("PaX slab sanitization: %s\n", "fast");
++ pax_sanitize_slab = PAX_SANITIZE_SLAB_FAST;
++ } else if (!strcmp(str, "full")) {
++ pr_info("PaX slab sanitization: %s\n", "full");
++ pax_sanitize_slab = PAX_SANITIZE_SLAB_FULL;
++ } else
++ pr_err("PaX slab sanitization: unsupported option '%s'\n", str);
++
++ return 0;
+}
-+__setup("pax_sanitize_slab=", pax_sanitize_slab_setup);
++early_param("pax_sanitize_slab", pax_sanitize_slab_setup);
+#endif
+
#ifdef CONFIG_DEBUG_VM
static int kmem_cache_sanity_check(struct mem_cgroup *memcg, const char *name,
size_t size)
-@@ -225,7 +236,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size,
+@@ -200,6 +224,13 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size,
+ */
+ flags &= CACHE_CREATE_MASK;
+
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU))
++ flags |= SLAB_NO_SANITIZE;
++ else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL)
++ flags &= ~SLAB_NO_SANITIZE;
++#endif
++
+ s = __kmem_cache_alias(memcg, name, size, align, flags, ctor);
+ if (s)
+ goto out_unlock;
+@@ -225,7 +256,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size,
if (err)
goto out_free_cache;
@@ -97851,7 +98295,7 @@ index f149e67..b366f92 100644
list_add(&s->list, &slab_caches);
memcg_register_cache(s);
-@@ -278,8 +289,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+@@ -278,8 +309,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
get_online_cpus();
mutex_lock(&slab_mutex);
@@ -97861,7 +98305,7 @@ index f149e67..b366f92 100644
list_del(&s->list);
if (!__kmem_cache_shutdown(s)) {
-@@ -326,7 +336,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
+@@ -326,7 +356,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
name, size, err);
@@ -97870,7 +98314,7 @@ index f149e67..b366f92 100644
}
struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
-@@ -339,7 +349,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
+@@ -339,7 +369,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
create_boot_cache(s, name, size, flags);
list_add(&s->list, &slab_caches);
@@ -97879,7 +98323,7 @@ index f149e67..b366f92 100644
return s;
}
-@@ -351,6 +361,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
+@@ -351,6 +381,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
EXPORT_SYMBOL(kmalloc_dma_caches);
#endif
@@ -97891,7 +98335,7 @@ index f149e67..b366f92 100644
/*
* Conversion table for small slabs sizes / 8 to the index in the
* kmalloc array. This is necessary for slabs < 192 since we have non power
-@@ -415,6 +430,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
+@@ -415,6 +450,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
return kmalloc_dma_caches[index];
#endif
@@ -97905,7 +98349,7 @@ index f149e67..b366f92 100644
return kmalloc_caches[index];
}
-@@ -471,7 +493,7 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -471,7 +513,7 @@ void __init create_kmalloc_caches(unsigned long flags)
for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
if (!kmalloc_caches[i]) {
kmalloc_caches[i] = create_kmalloc_cache(NULL,
@@ -97914,7 +98358,7 @@ index f149e67..b366f92 100644
}
/*
-@@ -480,10 +502,10 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -480,10 +522,10 @@ void __init create_kmalloc_caches(unsigned long flags)
* earlier power of two caches
*/
if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)
@@ -97927,7 +98371,7 @@ index f149e67..b366f92 100644
}
/* Kmalloc array is now usable */
-@@ -516,6 +538,23 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -516,6 +558,23 @@ void __init create_kmalloc_caches(unsigned long flags)
}
}
#endif
@@ -97951,7 +98395,7 @@ index f149e67..b366f92 100644
}
#endif /* !CONFIG_SLOB */
-@@ -556,6 +595,9 @@ void print_slabinfo_header(struct seq_file *m)
+@@ -556,6 +615,9 @@ void print_slabinfo_header(struct seq_file *m)
seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
"<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
@@ -97962,7 +98406,7 @@ index f149e67..b366f92 100644
seq_putc(m, '\n');
}
diff --git a/mm/slob.c b/mm/slob.c
-index 4bf8809..98a6914 100644
+index 4bf8809..a0a0b9f 100644
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
@@ -98043,6 +98487,15 @@ index 4bf8809..98a6914 100644
INIT_LIST_HEAD(&sp->list);
set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
set_slob_page_free(sp, slob_list);
+@@ -337,7 +341,7 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
+ /*
+ * slob_free: entry point into the slob allocator.
+ */
+-static void slob_free(void *block, int size)
++static void slob_free(struct kmem_cache *c, void *block, int size)
+ {
+ struct page *sp;
+ slob_t *prev, *next, *b = (slob_t *)block;
@@ -359,12 +363,15 @@ static void slob_free(void *block, int size)
if (slob_page_free(sp))
clear_slob_page_free(sp);
@@ -98055,7 +98508,7 @@ index 4bf8809..98a6914 100644
}
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ if (pax_sanitize_slab)
++ if (pax_sanitize_slab && !(c && (c->flags & SLAB_NO_SANITIZE)))
+ memset(block, PAX_MEMORY_SANITIZE_VALUE, size);
+#endif
+
@@ -98136,7 +98589,7 @@ index 4bf8809..98a6914 100644
- slob_free(m, *m + align);
- } else
+ slob_t *m = (slob_t *)(block - align);
-+ slob_free(m, m[0].units + align);
++ slob_free(NULL, m, m[0].units + align);
+ } else {
+ __ClearPageSlab(sp);
+ page_mapcount_reset(sp);
@@ -98280,24 +98733,34 @@ index 4bf8809..98a6914 100644
if (b && c->ctor)
c->ctor(b);
-@@ -584,10 +696,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
+@@ -582,12 +694,16 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
+ EXPORT_SYMBOL(kmem_cache_alloc_node);
+ #endif
- static void __kmem_cache_free(void *b, int size)
+-static void __kmem_cache_free(void *b, int size)
++static void __kmem_cache_free(struct kmem_cache *c, void *b, int size)
{
- if (size < PAGE_SIZE)
+- slob_free(b, size);
+ struct page *sp;
+
+ sp = virt_to_page(b);
+ BUG_ON(!PageSlab(sp));
+ if (!sp->private)
- slob_free(b, size);
++ slob_free(c, b, size);
else
- slob_free_pages(b, get_order(size));
+ slob_free_pages(sp, get_order(size));
}
static void kmem_rcu_free(struct rcu_head *head)
-@@ -600,17 +716,31 @@ static void kmem_rcu_free(struct rcu_head *head)
+@@ -595,22 +711,36 @@ static void kmem_rcu_free(struct rcu_head *head)
+ struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
+ void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
+
+- __kmem_cache_free(b, slob_rcu->size);
++ __kmem_cache_free(NULL, b, slob_rcu->size);
+ }
void kmem_cache_free(struct kmem_cache *c, void *b)
{
@@ -98320,7 +98783,7 @@ index 4bf8809..98a6914 100644
call_rcu(&slob_rcu->head, kmem_rcu_free);
} else {
- __kmem_cache_free(b, c->size);
-+ __kmem_cache_free(b, size);
++ __kmem_cache_free(c, b, size);
}
+#ifdef CONFIG_PAX_USERCOPY_SLABS
@@ -98333,7 +98796,7 @@ index 4bf8809..98a6914 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 7611f14..dfe9298 100644
+index 7611f14..3d5e216 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -207,7 +207,7 @@ struct track {
@@ -98359,7 +98822,7 @@ index 7611f14..dfe9298 100644
slab_free_hook(s, x);
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ if (pax_sanitize_slab && !(s->flags & SLAB_NO_SANITIZE)) {
++ if (!(s->flags & SLAB_NO_SANITIZE)) {
+ memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size);
+ if (s->ctor)
+ s->ctor(x);
@@ -98383,7 +98846,7 @@ index 7611f14..dfe9298 100644
if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ (pax_sanitize_slab && !(flags & SLAB_NO_SANITIZE)) ||
++ (!(flags & SLAB_NO_SANITIZE)) ||
+#endif
s->ctor)) {
/*
@@ -98538,7 +99001,7 @@ index 7611f14..dfe9298 100644
}
SLAB_ATTR_RO(aliases);
-@@ -4605,6 +4678,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
+@@ -4605,6 +4678,22 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
SLAB_ATTR_RO(cache_dma);
#endif
@@ -98550,20 +99013,31 @@ index 7611f14..dfe9298 100644
+SLAB_ATTR_RO(usercopy);
+#endif
+
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++static ssize_t sanitize_show(struct kmem_cache *s, char *buf)
++{
++ return sprintf(buf, "%d\n", !(s->flags & SLAB_NO_SANITIZE));
++}
++SLAB_ATTR_RO(sanitize);
++#endif
++
static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
{
return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU));
-@@ -4939,6 +5020,9 @@ static struct attribute *slab_attrs[] = {
+@@ -4939,6 +5028,12 @@ static struct attribute *slab_attrs[] = {
#ifdef CONFIG_ZONE_DMA
&cache_dma_attr.attr,
#endif
+#ifdef CONFIG_PAX_USERCOPY_SLABS
+ &usercopy_attr.attr,
+#endif
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ &sanitize_attr.attr,
++#endif
#ifdef CONFIG_NUMA
&remote_node_defrag_ratio_attr.attr,
#endif
-@@ -5171,6 +5255,7 @@ static char *create_unique_id(struct kmem_cache *s)
+@@ -5171,6 +5266,7 @@ static char *create_unique_id(struct kmem_cache *s)
return name;
}
@@ -98571,7 +99045,7 @@ index 7611f14..dfe9298 100644
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
-@@ -5228,6 +5313,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
+@@ -5228,6 +5324,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
}
@@ -98579,7 +99053,7 @@ index 7611f14..dfe9298 100644
/*
* Need to buffer aliases during bootup until sysfs becomes
-@@ -5241,6 +5327,7 @@ struct saved_alias {
+@@ -5241,6 +5338,7 @@ struct saved_alias {
static struct saved_alias *alias_list;
@@ -98587,7 +99061,7 @@ index 7611f14..dfe9298 100644
static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
{
struct saved_alias *al;
-@@ -5263,6 +5350,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+@@ -5263,6 +5361,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
alias_list = al;
return 0;
}
@@ -99509,10 +99983,10 @@ index 7552f9e..074ce29 100644
err = -EFAULT;
break;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 6afa3b4..7a14180 100644
+index 0007c9e..f11541b 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
-@@ -3740,8 +3740,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
+@@ -3736,8 +3736,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
break;
case L2CAP_CONF_RFC:
@@ -100952,7 +101426,7 @@ index 0d1e2cb..4501a2c 100644
void inet_get_local_port_range(struct net *net, int *low, int *high)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
-index 8b9cf27..0d8d592 100644
+index 8b9cf27..9c17cab 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -18,6 +18,7 @@
@@ -100967,7 +101441,7 @@ index 8b9cf27..0d8d592 100644
return inet_ehashfn(net, laddr, lport, faddr, fport);
}
-+extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet);
++extern void gr_update_task_in_ip_table(const struct inet_sock *inet);
+
/*
* Allocate and initialize a new local port bind bucket.
@@ -100976,7 +101450,7 @@ index 8b9cf27..0d8d592 100644
twrefcnt += inet_twsk_bind_unhash(tw, hinfo);
spin_unlock(&head->lock);
-+ gr_update_task_in_ip_table(current, inet_sk(sk));
++ gr_update_task_in_ip_table(inet_sk(sk));
+
if (tw) {
inet_twsk_deschedule(tw, death_row);
@@ -102786,10 +103260,45 @@ index 20b63d2..31a777d 100644
kfree_skb(skb);
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
-index 5f8e128..865d38e 100644
+index 5f8e128..d32ac8c 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
-@@ -212,11 +212,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+@@ -170,8 +170,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+ case IPPROTO_DCCP:
+ if (!onlyproto && (nh + offset + 4 < skb->data ||
+ pskb_may_pull(skb, nh + offset + 4 - skb->data))) {
+- __be16 *ports = (__be16 *)exthdr;
++ __be16 *ports;
+
++ nh = skb_network_header(skb);
++ ports = (__be16 *)(nh + offset);
+ fl6->fl6_sport = ports[!!reverse];
+ fl6->fl6_dport = ports[!reverse];
+ }
+@@ -180,8 +182,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+
+ case IPPROTO_ICMPV6:
+ if (!onlyproto && pskb_may_pull(skb, nh + offset + 2 - skb->data)) {
+- u8 *icmp = (u8 *)exthdr;
++ u8 *icmp;
+
++ nh = skb_network_header(skb);
++ icmp = (u8 *)(nh + offset);
+ fl6->fl6_icmp_type = icmp[0];
+ fl6->fl6_icmp_code = icmp[1];
+ }
+@@ -192,8 +196,9 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+ case IPPROTO_MH:
+ if (!onlyproto && pskb_may_pull(skb, nh + offset + 3 - skb->data)) {
+ struct ip6_mh *mh;
+- mh = (struct ip6_mh *)exthdr;
+
++ nh = skb_network_header(skb);
++ mh = (struct ip6_mh *)(nh + offset);
+ fl6->fl6_mh_type = mh->ip6mh_type;
+ }
+ fl6->flowi6_proto = nexthdr;
+@@ -212,11 +217,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
}
}
@@ -102803,7 +103312,7 @@ index 5f8e128..865d38e 100644
return dst_entries_get_fast(ops) > ops->gc_thresh * 2;
}
-@@ -329,19 +329,19 @@ static struct ctl_table xfrm6_policy_table[] = {
+@@ -329,19 +334,19 @@ static struct ctl_table xfrm6_policy_table[] = {
static int __net_init xfrm6_net_init(struct net *net)
{
@@ -102828,7 +103337,7 @@ index 5f8e128..865d38e 100644
if (!hdr)
goto err_reg;
-@@ -349,8 +349,7 @@ static int __net_init xfrm6_net_init(struct net *net)
+@@ -349,8 +354,7 @@ static int __net_init xfrm6_net_init(struct net *net)
return 0;
err_reg:
@@ -106237,10 +106746,10 @@ index 8fac3fd..32ff38d 100644
unsigned int secindex_strings;
diff --git a/security/Kconfig b/security/Kconfig
-index beb86b5..9becb4a 100644
+index beb86b5..e66c504 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,965 @@
+@@ -4,6 +4,969 @@
menu "Security options"
@@ -107003,10 +107512,14 @@ index beb86b5..9becb4a 100644
+ and you are advised to test this feature on your expected workload
+ before deploying it.
+
++ The slab sanitization feature excludes a few slab caches per default
++ for performance reasons. To extend the feature to cover those as
++ well, pass "pax_sanitize_slab=full" as kernel command line parameter.
++
+ To reduce the performance penalty by sanitizing pages only, albeit
+ limiting the effectiveness of this feature at the same time, slab
-+ sanitization can be disabled with the kernel commandline parameter
-+ "pax_sanitize_slab=0".
++ sanitization can be disabled with the kernel command line parameter
++ "pax_sanitize_slab=off".
+
+ Note that this feature does not protect data stored in live pages,
+ e.g., process memory swapped to disk may stay there for a long time.
@@ -107206,7 +107719,7 @@ index beb86b5..9becb4a 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1062,7 @@ config INTEL_TXT
+@@ -103,7 +1066,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -108024,7 +108537,7 @@ index af49721..e85058e 100644
if (err < 0)
return err;
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index 01a5e05..c6bb425 100644
+index 566b0f6..636730b 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -2811,11 +2811,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
@@ -116371,10 +116884,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..d832fcc
+index 0000000..2f37382
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,5991 @@
+@@ -0,0 +1,5996 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -117364,6 +117877,7 @@ index 0000000..d832fcc
+page_offset_11120 page_offset 0 11120 NULL
+cea_db_payload_len_11124 cea_db_payload_len 0 11124 NULL nohasharray
+tracing_buffers_read_11124 tracing_buffers_read 3 11124 &cea_db_payload_len_11124
++alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL
+snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 4-3 11172 NULL
+il_dbgfs_rx_queue_read_11221 il_dbgfs_rx_queue_read 3 11221 NULL
+comedi_alloc_spriv_11234 comedi_alloc_spriv 2 11234 NULL
@@ -117725,6 +118239,7 @@ index 0000000..d832fcc
+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
+security_inode_rename_14805 security_inode_rename 0 14805 NULL
+xfs_btree_kill_iroot_14824 xfs_btree_kill_iroot 0 14824 NULL
++do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL
+mrp_attr_create_14853 mrp_attr_create 3 14853 NULL
+lcd_write_14857 lcd_write 3 14857 NULL
+get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL
@@ -118062,7 +118577,8 @@ index 0000000..d832fcc
+smk_write_rules_list_18565 smk_write_rules_list 3 18565 NULL
+debug_output_18575 debug_output 3 18575 NULL
+xfs_btree_read_bufl_18597 xfs_btree_read_bufl 0 18597 NULL
-+filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL
++filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL nohasharray
++slabinfo_write_18600 slabinfo_write 3 18600 &filemap_fdatawait_range_18600
+iowarrior_write_18604 iowarrior_write 3 18604 NULL
+nvc0_ram_create__18624 nvc0_ram_create_ 4 18624 NULL
+from_buffer_18625 from_buffer 3 18625 NULL
@@ -120694,6 +121210,7 @@ index 0000000..d832fcc
+nvme_trans_send_fw_cmd_47479 nvme_trans_send_fw_cmd 4 47479 NULL
+newpart_47485 newpart 6-4 47485 NULL
+core_sys_select_47494 core_sys_select 1 47494 NULL
++alloc_arraycache_47505 alloc_arraycache 2 47505 NULL
+unlink_simple_47506 unlink_simple 3 47506 NULL
+pstore_decompress_47510 pstore_decompress 0 47510 NULL
+__proc_lnet_portal_rotor_47529 __proc_lnet_portal_rotor 5 47529 NULL
@@ -122031,6 +122548,7 @@ index 0000000..d832fcc
+insert_one_name_61668 insert_one_name 7 61668 NULL
+qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL
+lock_loop_61681 lock_loop 1 61681 NULL
++__do_tune_cpucache_61684 __do_tune_cpucache 2 61684 NULL
+filter_read_61692 filter_read 3 61692 NULL
+iov_length_61716 iov_length 0 61716 NULL
+fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL
@@ -123835,11 +124353,49 @@ index 0a578fe..b81f62d 100644
0; \
})
+diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
+index 714b949..1f0dc1e 100644
+--- a/virt/kvm/iommu.c
++++ b/virt/kvm/iommu.c
+@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
+ gfn_t base_gfn, unsigned long npages);
+
+ static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
+- unsigned long size)
++ unsigned long npages)
+ {
+ gfn_t end_gfn;
+ pfn_t pfn;
+
+ pfn = gfn_to_pfn_memslot(slot, gfn);
+- end_gfn = gfn + (size >> PAGE_SHIFT);
++ end_gfn = gfn + npages;
+ gfn += 1;
+
+ if (is_error_noslot_pfn(pfn))
+@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+ * Pin all pages we are about to map in memory. This is
+ * important because we unmap and unpin in 4kb steps later.
+ */
+- pfn = kvm_pin_pages(slot, gfn, page_size);
++ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT);
+ if (is_error_noslot_pfn(pfn)) {
+ gfn += 1;
+ continue;
+@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+ if (r) {
+ printk(KERN_ERR "kvm_iommu_map_address:"
+ "iommu failed to map pfn=%llx\n", pfn);
+- kvm_unpin_pages(kvm, pfn, page_size);
++ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT);
+ goto unmap_pages;
+ }
+
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 03a0381..8b31923 100644
+index 6611253..eb4bc0f 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
-@@ -76,12 +76,17 @@ LIST_HEAD(vm_list);
+@@ -77,12 +77,17 @@ LIST_HEAD(vm_list);
static cpumask_var_t cpus_hardware_enabled;
static int kvm_usage_count = 0;
@@ -123859,7 +124415,7 @@ index 03a0381..8b31923 100644
struct dentry *kvm_debugfs_dir;
-@@ -758,7 +763,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
+@@ -768,7 +773,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
/* We can read the guest memory with __xxx_user() later on. */
if ((mem->slot < KVM_USER_MEM_SLOTS) &&
((mem->userspace_addr & (PAGE_SIZE - 1)) ||
@@ -123868,7 +124424,7 @@ index 03a0381..8b31923 100644
(void __user *)(unsigned long)mem->userspace_addr,
mem->memory_size)))
goto out;
-@@ -1615,9 +1620,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
+@@ -1625,9 +1630,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
{
@@ -123888,7 +124444,7 @@ index 03a0381..8b31923 100644
}
EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
-@@ -1867,7 +1880,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -1877,7 +1890,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
return 0;
}
@@ -123897,7 +124453,7 @@ index 03a0381..8b31923 100644
.release = kvm_vcpu_release,
.unlocked_ioctl = kvm_vcpu_ioctl,
#ifdef CONFIG_COMPAT
-@@ -2532,7 +2545,7 @@ out:
+@@ -2545,7 +2558,7 @@ out:
}
#endif
@@ -123906,7 +124462,7 @@ index 03a0381..8b31923 100644
.release = kvm_vm_release,
.unlocked_ioctl = kvm_vm_ioctl,
#ifdef CONFIG_COMPAT
-@@ -2632,7 +2645,7 @@ out:
+@@ -2645,7 +2658,7 @@ out:
return r;
}
@@ -123915,7 +124471,7 @@ index 03a0381..8b31923 100644
.unlocked_ioctl = kvm_dev_ioctl,
.compat_ioctl = kvm_dev_ioctl,
.llseek = noop_llseek,
-@@ -2658,7 +2671,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2671,7 +2684,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -123924,7 +124480,7 @@ index 03a0381..8b31923 100644
printk(KERN_INFO "kvm: enabling virtualization on "
"CPU%d failed\n", cpu);
}
-@@ -2714,10 +2727,10 @@ static int hardware_enable_all(void)
+@@ -2727,10 +2740,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
@@ -123937,7 +124493,7 @@ index 03a0381..8b31923 100644
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -3121,7 +3134,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -3134,7 +3147,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
kvm_arch_vcpu_put(vcpu);
}
@@ -123946,7 +124502,7 @@ index 03a0381..8b31923 100644
struct module *module)
{
int r;
-@@ -3168,7 +3181,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3181,7 +3194,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
@@ -123955,7 +124511,7 @@ index 03a0381..8b31923 100644
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -3178,9 +3191,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3191,9 +3204,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
@@ -123967,7 +124523,7 @@ index 03a0381..8b31923 100644
r = misc_register(&kvm_dev);
if (r) {
-@@ -3190,9 +3205,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3203,9 +3218,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
register_syscore_ops(&kvm_syscore_ops);