diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-10-08 12:26:39 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-10-08 12:26:39 +0000 |
commit | 5b7cdb7e02ef3c35216f5870c53771b4e2edad37 (patch) | |
tree | 32a102fc5f7330f7d631ef4f6c673efa3f1d7aea | |
parent | b50fb977e1b4a16393af34ae034c3fb362fef6e6 (diff) | |
download | aports-5b7cdb7e02ef3c35216f5870c53771b4e2edad37.tar.bz2 aports-5b7cdb7e02ef3c35216f5870c53771b4e2edad37.tar.xz |
main/linux-virt-grsec: upgrade to 3.14.20
-rw-r--r-- | main/linux-virt-grsec/APKBUILD | 16 | ||||
-rw-r--r-- | main/linux-virt-grsec/grsecurity-3.0-3.14.20-201410062037.patch (renamed from main/linux-virt-grsec/grsecurity-3.0-3.14.17-201408260041.patch) | 2754 |
2 files changed, 1961 insertions, 809 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD index 3d969e13c..e5265b1e9 100644 --- a/main/linux-virt-grsec/APKBUILD +++ b/main/linux-virt-grsec/APKBUILD @@ -3,7 +3,7 @@ _flavor=virt-grsec pkgname=linux-${_flavor} -pkgver=3.14.17 +pkgver=3.14.20 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-$pkgver-201408260041.patch + grsecurity-3.0-$pkgver-201410062037.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -146,22 +146,22 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -a9a6539c8df7245c2ab9bfca56f2ef04 patch-3.14.17.xz -25066c4bc665d172b980d09435f18432 grsecurity-3.0-3.14.17-201408260041.patch +e581089540b747c39d528fc4c47b70b6 patch-3.14.20.xz +149cb0b654a5eb6122c7e47b0f113c98 grsecurity-3.0-3.14.20-201410062037.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 6b30dd8284f37ecc244d556bebf32046 kernelconfig.x86 8df8378d305bdd302b01293ff44e982d kernelconfig.x86_64" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -50b0e2a6812597b401a417bd1269b5388fdd980b6009d564fff09605100f0df8 patch-3.14.17.xz -40352c8bd115d91089444670999925e2a383c66c42ae11d94ec295d656772caf grsecurity-3.0-3.14.17-201408260041.patch +b01ba521cce12d3b9e8c25807567837dd88878b861f27c453c29cee80b6cb84b patch-3.14.20.xz +578f55546016f72c9ed3afedebb0cf6e74ab613f25c29d0a2f3a6b4bfbd1456f grsecurity-3.0-3.14.20-201410062037.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 5e06e22ca723e50ae9f4bfabdda2e738f7b28cbbfe77b6be295285d6cd75c916 kernelconfig.x86 0ec1e1eb4445bd9751cb98a55afd4a430bed08e8d8c3c0a107d2f14ec5746dd2 kernelconfig.x86_64" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -03638215934a08a67e3d92d051b6a341e1874872388de910870021934f11f8ed20502a1afbff89a24f0e14053a02f4e40441e2f9878b099ddd1504159ff19872 patch-3.14.17.xz -6c54a9f120dd896b595239f984c326933e50ba2e324215fb8e4bb6092cb624771dc301e78424f7be3f1d42c542fda086e5d8fe84cf9e06dc8106d3b16c0a69bd grsecurity-3.0-3.14.17-201408260041.patch +91231ec4e8e10a09b407d8db123e29a87ef4bf03fa3707f7ed511f22248de7d7b9cfc5169de5e9630854c97166594d3a00293571529d9b7a529118e6d2295b4f patch-3.14.20.xz +2a515f7ef49df5ef1d1de725884f541438f980d364db94789eb8381bf10a7902c7a5647ef1d7e296952980e6918e6697d0212b61cc1b7e171137ca6abba56504 grsecurity-3.0-3.14.20-201410062037.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 29dc4bbde6052bb16200d87b7137717a053ad3c716a305a51d2b523531f35c1a7e144099f7a251c85849c9117a65ed961262dd314e0832f58750f489aeb1440e kernelconfig.x86 diff --git a/main/linux-virt-grsec/grsecurity-3.0-3.14.17-201408260041.patch b/main/linux-virt-grsec/grsecurity-3.0-3.14.20-201410062037.patch index c27879a61..07a0783ba 100644 --- a/main/linux-virt-grsec/grsecurity-3.0-3.14.17-201408260041.patch +++ b/main/linux-virt-grsec/grsecurity-3.0-3.14.20-201410062037.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 12aac03..33d9e9f 100644 +index beb7e6f..70db31f 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -876,7 +876,7 @@ index 4733d32..b142a40 100644 kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index 62d2cb5..09d45e3 100644 +index 62d2cb5..0d7f7f5 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -18,17 +18,35 @@ @@ -1379,7 +1379,7 @@ index 62d2cb5..09d45e3 100644 " sbc %R0, %R0, %R4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -344,16 +691,29 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v) +@@ -344,10 +691,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub_return\n" "1: ldrexd %0, %H0, [%3]\n" " subs %Q0, %Q0, %Q4\n" @@ -1406,13 +1406,7 @@ index 62d2cb5..09d45e3 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (i) : "cc"); - -- smp_mb(); -- - return result; - } - -@@ -382,6 +742,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old, +@@ -382,6 +744,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old, return oldval; } @@ -1444,7 +1438,7 @@ index 62d2cb5..09d45e3 100644 static inline long long atomic64_xchg(atomic64_t *ptr, long long new) { long long result; -@@ -406,20 +791,34 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new) +@@ -406,20 +793,34 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new) static inline long long atomic64_dec_if_positive(atomic64_t *v) { long long result; @@ -1485,7 +1479,7 @@ index 62d2cb5..09d45e3 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -442,13 +841,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) +@@ -442,13 +843,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1514,7 +1508,7 @@ index 62d2cb5..09d45e3 100644 : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -461,10 +872,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) +@@ -461,10 +874,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -2172,6 +2166,28 @@ index 71a06b2..8bb9ae1 100644 /* * Change these and you break ASM code in entry-common.S +diff --git a/arch/arm/include/asm/tls.h b/arch/arm/include/asm/tls.h +index 5f833f7..76e6644 100644 +--- a/arch/arm/include/asm/tls.h ++++ b/arch/arm/include/asm/tls.h +@@ -3,6 +3,7 @@ + + #include <linux/compiler.h> + #include <asm/thread_info.h> ++#include <asm/pgtable.h> + + #ifdef __ASSEMBLY__ + #include <asm/asm-offsets.h> +@@ -89,7 +90,9 @@ static inline void set_tls(unsigned long val) + * at 0xffff0fe0 must be used instead. (see + * entry-armv.S for details) + */ ++ pax_open_kernel(); + *((unsigned int *)0xffff0ff0) = val; ++ pax_close_kernel(); + #endif + } + diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 7f3f3cc..bdf0665 100644 --- a/arch/arm/include/asm/uaccess.h @@ -2847,7 +2863,7 @@ index 07314af..c46655c 100644 flush_icache_range((uintptr_t)(addr), (uintptr_t)(addr) + size); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 92f7b15..7048500 100644 +index 5f6e650..b5e6630 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -217,6 +217,7 @@ void machine_power_off(void) @@ -2878,7 +2894,7 @@ index 92f7b15..7048500 100644 printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n" "sp : %08lx ip : %08lx fp : %08lx\n", regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr, -@@ -425,12 +426,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -427,12 +428,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -2891,7 +2907,7 @@ index 92f7b15..7048500 100644 #ifdef CONFIG_MMU #ifdef CONFIG_KUSER_HELPERS /* -@@ -446,7 +441,7 @@ static struct vm_area_struct gate_vma = { +@@ -448,7 +443,7 @@ static struct vm_area_struct gate_vma = { static int __init gate_vma_init(void) { @@ -2900,7 +2916,7 @@ index 92f7b15..7048500 100644 return 0; } arch_initcall(gate_vma_init); -@@ -472,41 +467,16 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -474,41 +469,16 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -3146,7 +3162,7 @@ index 7a3be1d..b00c7de 100644 start, end); itcm_present = true; diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 172ee18..ce4ec3d 100644 +index 9265b8b..381ce44 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -62,7 +62,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); @@ -3177,17 +3193,7 @@ index 172ee18..ce4ec3d 100644 if (signr) do_exit(signr); } -@@ -642,7 +647,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) - * The user helper at 0xffff0fe0 must be used instead. - * (see entry-armv.S for details) - */ -+ pax_open_kernel(); - *((unsigned int *)0xffff0ff0) = regs->ARM_r0; -+ pax_close_kernel(); - } - return 0; - -@@ -899,7 +906,11 @@ void __init early_trap_init(void *vectors_base) +@@ -884,7 +889,11 @@ void __init early_trap_init(void *vectors_base) kuser_init(vectors_base); flush_icache_range(vectors, vectors + PAGE_SIZE * 2); @@ -3271,7 +3277,7 @@ index 7bcee5c..e2f3249 100644 __data_loc = .; #endif diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c -index bd18bb8..87ede26 100644 +index bd18bb8..2bf342f 100644 --- a/arch/arm/kvm/arm.c +++ b/arch/arm/kvm/arm.c @@ -57,7 +57,7 @@ static unsigned long hyp_default_vectors; @@ -3310,6 +3316,15 @@ index bd18bb8..87ede26 100644 kvm->arch.vmid = kvm_next_vmid; kvm_next_vmid++; +@@ -1033,7 +1033,7 @@ static void check_kvm_target_cpu(void *ret) + /** + * Initialize Hyp-mode and memory mappings on all CPUs. + */ +-int kvm_arch_init(void *opaque) ++int kvm_arch_init(const void *opaque) + { + int err; + int ret, cpu; diff --git a/arch/arm/lib/clear_user.S b/arch/arm/lib/clear_user.S index 14a0d98..7771a7d 100644 --- a/arch/arm/lib/clear_user.S @@ -3643,7 +3658,7 @@ index 78c02b3..c94109a 100644 struct omap_device *omap_device_alloc(struct platform_device *pdev, struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 66c60fe..c78950d 100644 +index 4551efd..d487c24 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops { @@ -3775,10 +3790,10 @@ index ca8ecde..58ba893 100644 If all of the binaries and libraries which run on your platform diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c -index 9240364..a2b8cf3 100644 +index d301662..a6ef72c 100644 --- a/arch/arm/mm/alignment.c +++ b/arch/arm/mm/alignment.c -@@ -212,10 +212,12 @@ union offset_union { +@@ -213,10 +213,12 @@ union offset_union { #define __get16_unaligned_check(ins,val,addr) \ do { \ unsigned int err = 0, v, a = addr; \ @@ -3791,7 +3806,7 @@ index 9240364..a2b8cf3 100644 if (err) \ goto fault; \ } while (0) -@@ -229,6 +231,7 @@ union offset_union { +@@ -230,6 +232,7 @@ union offset_union { #define __get32_unaligned_check(ins,val,addr) \ do { \ unsigned int err = 0, v, a = addr; \ @@ -3799,7 +3814,7 @@ index 9240364..a2b8cf3 100644 __get8_unaligned_check(ins,v,a,err); \ val = v << ((BE) ? 24 : 0); \ __get8_unaligned_check(ins,v,a,err); \ -@@ -237,6 +240,7 @@ union offset_union { +@@ -238,6 +241,7 @@ union offset_union { val |= v << ((BE) ? 8 : 16); \ __get8_unaligned_check(ins,v,a,err); \ val |= v << ((BE) ? 0 : 24); \ @@ -3807,7 +3822,7 @@ index 9240364..a2b8cf3 100644 if (err) \ goto fault; \ } while (0) -@@ -250,6 +254,7 @@ union offset_union { +@@ -251,6 +255,7 @@ union offset_union { #define __put16_unaligned_check(ins,val,addr) \ do { \ unsigned int err = 0, v = val, a = addr; \ @@ -3815,7 +3830,7 @@ index 9240364..a2b8cf3 100644 __asm__( FIRST_BYTE_16 \ ARM( "1: "ins" %1, [%2], #1\n" ) \ THUMB( "1: "ins" %1, [%2]\n" ) \ -@@ -269,6 +274,7 @@ union offset_union { +@@ -270,6 +275,7 @@ union offset_union { " .popsection\n" \ : "=r" (err), "=&r" (v), "=&r" (a) \ : "0" (err), "1" (v), "2" (a)); \ @@ -3823,7 +3838,7 @@ index 9240364..a2b8cf3 100644 if (err) \ goto fault; \ } while (0) -@@ -282,6 +288,7 @@ union offset_union { +@@ -283,6 +289,7 @@ union offset_union { #define __put32_unaligned_check(ins,val,addr) \ do { \ unsigned int err = 0, v = val, a = addr; \ @@ -3831,7 +3846,7 @@ index 9240364..a2b8cf3 100644 __asm__( FIRST_BYTE_32 \ ARM( "1: "ins" %1, [%2], #1\n" ) \ THUMB( "1: "ins" %1, [%2]\n" ) \ -@@ -311,6 +318,7 @@ union offset_union { +@@ -312,6 +319,7 @@ union offset_union { " .popsection\n" \ : "=r" (err), "=&r" (v), "=&r" (a) \ : "0" (err), "1" (v), "2" (a)); \ @@ -5040,6 +5055,17 @@ index 0c8e553..112d734 100644 help kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot +diff --git a/arch/ia64/Makefile b/arch/ia64/Makefile +index f37238f..810b95f 100644 +--- a/arch/ia64/Makefile ++++ b/arch/ia64/Makefile +@@ -99,5 +99,6 @@ endef + archprepare: make_nr_irqs_h FORCE + PHONY += make_nr_irqs_h FORCE + ++make_nr_irqs_h: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) + make_nr_irqs_h: FORCE + $(Q)$(MAKE) $(build)=arch/ia64/kernel include/generated/nr-irqs.h diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h index 6e6fe18..a6ae668 100644 --- a/arch/ia64/include/asm/atomic.h @@ -6833,7 +6859,7 @@ index 1188e00..41cf144 100644 #include <linux/module.h> #include <linux/elfcore.h> diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c -index 7faf5f2..f3d3cf4 100644 +index 71df942..199dd19 100644 --- a/arch/mips/kernel/binfmt_elfo32.c +++ b/arch/mips/kernel/binfmt_elfo32.c @@ -70,6 +70,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; @@ -6849,7 +6875,7 @@ index 7faf5f2..f3d3cf4 100644 + #include <asm/processor.h> - /* + /* These MUST be defined before elf.h gets included */ diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c index 2b91fe8..fe4f6b4 100644 --- a/arch/mips/kernel/i8259.c @@ -6941,10 +6967,10 @@ index 6ae540e..b7396dc 100644 - return sp & ALMASK; -} diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c -index 7da9b76..21578be 100644 +index 60f48fe..a2df508 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c -@@ -658,6 +658,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -790,6 +790,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -6955,7 +6981,7 @@ index 7da9b76..21578be 100644 /* * Notification of system call entry/exit * - triggered by current->work.syscall_trace -@@ -674,6 +678,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) +@@ -806,6 +810,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) tracehook_report_syscall_entry(regs)) ret = -1; @@ -7136,6 +7162,19 @@ index 81e6ae0..6ab6e79 100644 info.si_code = FPE_INTOVF; info.si_signo = SIGFPE; +diff --git a/arch/mips/kvm/kvm_mips.c b/arch/mips/kvm/kvm_mips.c +index 3e0ff8d..9eafbf0b 100644 +--- a/arch/mips/kvm/kvm_mips.c ++++ b/arch/mips/kvm/kvm_mips.c +@@ -832,7 +832,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) + return r; + } + +-int kvm_arch_init(void *opaque) ++int kvm_arch_init(const void *opaque) + { + int ret; + diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c index becc42b..9e43d4b 100644 --- a/arch/mips/mm/fault.c @@ -12269,10 +12308,18 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index c718d9f..511e6fa 100644 +index e409891..8ec65be 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -126,7 +126,7 @@ config X86 +@@ -22,6 +22,7 @@ config X86_64 + config X86 + def_bool y + select ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS ++ select ARCH_HAS_FAST_MULTIPLIER + select ARCH_MIGHT_HAVE_PC_PARPORT + select ARCH_MIGHT_HAVE_PC_SERIO + select HAVE_AOUT if X86_32 +@@ -126,7 +127,7 @@ config X86 select RTC_LIB select HAVE_DEBUG_STACKOVERFLOW select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 @@ -12281,7 +12328,7 @@ index c718d9f..511e6fa 100644 select ARCH_SUPPORTS_ATOMIC_RMW config INSTRUCTION_DECODER -@@ -252,7 +252,7 @@ config X86_HT +@@ -252,7 +253,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -12290,7 +12337,7 @@ index c718d9f..511e6fa 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -590,6 +590,7 @@ config SCHED_OMIT_FRAME_POINTER +@@ -590,6 +591,7 @@ config SCHED_OMIT_FRAME_POINTER menuconfig HYPERVISOR_GUEST bool "Linux guest support" @@ -12298,7 +12345,7 @@ index c718d9f..511e6fa 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -1129,7 +1130,7 @@ choice +@@ -1129,7 +1131,7 @@ choice config NOHIGHMEM bool "off" @@ -12307,7 +12354,7 @@ index c718d9f..511e6fa 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1166,7 +1167,7 @@ config NOHIGHMEM +@@ -1166,7 +1168,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12316,7 +12363,7 @@ index c718d9f..511e6fa 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1219,7 +1220,7 @@ config PAGE_OFFSET +@@ -1219,7 +1221,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12325,7 +12372,7 @@ index c718d9f..511e6fa 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz +@@ -1624,6 +1626,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12333,7 +12380,7 @@ index c718d9f..511e6fa 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS +@@ -1775,7 +1778,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12344,7 +12391,7 @@ index c718d9f..511e6fa 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1855,9 +1860,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -15762,7 +15809,7 @@ index 69bbb48..32517fe 100644 #define smp_load_acquire(p) \ diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h -index 9fc1af7..776d75a 100644 +index 9fc1af7..98cab0b 100644 --- a/arch/x86/include/asm/bitops.h +++ b/arch/x86/include/asm/bitops.h @@ -49,7 +49,7 @@ @@ -15846,6 +15893,15 @@ index 9fc1af7..776d75a 100644 { int bitpos = -1; /* +@@ -499,8 +499,6 @@ static __always_inline int fls64(__u64 x) + + #include <asm-generic/bitops/sched.h> + +-#define ARCH_HAS_FAST_MULTIPLIER 1 +- + #include <asm/arch_hweight.h> + + #include <asm-generic/bitops/const_hweight.h> diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h index 4fa687a..60f2d39 100644 --- a/arch/x86/include/asm/boot.h @@ -17672,7 +17728,7 @@ index 81bb91b..9392125 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index bbc8b12..f228861 100644 +index bbc8b12..a614983 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -17683,7 +17739,7 @@ index bbc8b12..f228861 100644 #define pgd_clear(pgd) native_pgd_clear(pgd) #endif -@@ -82,12 +83,51 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); +@@ -82,12 +83,53 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); #define arch_end_context_switch(prev) do {} while(0) @@ -17704,6 +17760,7 @@ index bbc8b12..f228861 100644 + cr0 = read_cr0() ^ X86_CR0_WP; + BUG_ON(cr0 & X86_CR0_WP); + write_cr0(cr0); ++ barrier(); + return cr0 ^ X86_CR0_WP; +} + @@ -17711,6 +17768,7 @@ index bbc8b12..f228861 100644 +{ + unsigned long cr0; + ++ barrier(); + cr0 = read_cr0() ^ X86_CR0_WP; + BUG_ON(!(cr0 & X86_CR0_WP)); + write_cr0(cr0); @@ -17735,7 +17793,7 @@ index bbc8b12..f228861 100644 static inline int pte_dirty(pte_t pte) { return pte_flags(pte) & _PAGE_DIRTY; -@@ -148,6 +188,11 @@ static inline unsigned long pud_pfn(pud_t pud) +@@ -148,6 +190,11 @@ static inline unsigned long pud_pfn(pud_t pud) return (pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT; } @@ -17747,7 +17805,7 @@ index bbc8b12..f228861 100644 #define pte_page(pte) pfn_to_page(pte_pfn(pte)) static inline int pmd_large(pmd_t pte) -@@ -201,9 +246,29 @@ static inline pte_t pte_wrprotect(pte_t pte) +@@ -201,9 +248,29 @@ static inline pte_t pte_wrprotect(pte_t pte) return pte_clear_flags(pte, _PAGE_RW); } @@ -17778,7 +17836,7 @@ index bbc8b12..f228861 100644 } static inline pte_t pte_mkdirty(pte_t pte) -@@ -430,6 +495,16 @@ pte_t *populate_extra_pte(unsigned long vaddr); +@@ -430,6 +497,16 @@ pte_t *populate_extra_pte(unsigned long vaddr); #endif #ifndef __ASSEMBLY__ @@ -17795,7 +17853,7 @@ index bbc8b12..f228861 100644 #include <linux/mm_types.h> #include <linux/mmdebug.h> #include <linux/log2.h> -@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) +@@ -570,7 +647,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17804,7 +17862,7 @@ index bbc8b12..f228861 100644 /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) -@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) +@@ -610,7 +687,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17813,7 +17871,7 @@ index bbc8b12..f228861 100644 /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -625,7 +702,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -17822,7 +17880,7 @@ index bbc8b12..f228861 100644 } static inline int pgd_none(pgd_t pgd) -@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -648,7 +725,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -17836,7 +17894,7 @@ index bbc8b12..f228861 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) +@@ -659,6 +741,23 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -17860,7 +17918,7 @@ index bbc8b12..f228861 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -825,11 +924,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -17966,10 +18024,10 @@ index ed5903b..c7fe163 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index e22c1db..23a625a 100644 +index d869931..82f2923 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h -@@ -16,10 +16,14 @@ +@@ -16,11 +16,15 @@ extern pud_t level3_kernel_pgt[512]; extern pud_t level3_ident_pgt[512]; @@ -17980,13 +18038,14 @@ index e22c1db..23a625a 100644 extern pmd_t level2_kernel_pgt[512]; extern pmd_t level2_fixmap_pgt[512]; -extern pmd_t level2_ident_pgt[512]; --extern pgd_t init_level4_pgt[]; +extern pmd_t level2_ident_pgt[512*2]; + extern pte_t level1_fixmap_pgt[512]; +-extern pgd_t init_level4_pgt[]; +extern pgd_t init_level4_pgt[512]; #define swapper_pg_dir init_level4_pgt -@@ -61,7 +65,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) +@@ -62,7 +66,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) { @@ -17996,7 +18055,7 @@ index e22c1db..23a625a 100644 } static inline void native_pmd_clear(pmd_t *pmd) -@@ -97,7 +103,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) +@@ -98,7 +104,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) static inline void native_set_pud(pud_t *pudp, pud_t pud) { @@ -18006,7 +18065,7 @@ index e22c1db..23a625a 100644 } static inline void native_pud_clear(pud_t *pud) -@@ -107,6 +115,13 @@ static inline void native_pud_clear(pud_t *pud) +@@ -108,6 +116,13 @@ static inline void native_pud_clear(pud_t *pud) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -18168,7 +18227,7 @@ index b39e194..9d44fd1 100644 /* diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index fdedd38..95c02c2 100644 +index fdedd38..129b180 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -128,7 +128,7 @@ struct cpuinfo_x86 { @@ -18190,7 +18249,7 @@ index fdedd38..95c02c2 100644 +#define INVPCID_SINGLE_ADDRESS 0UL +#define INVPCID_SINGLE_CONTEXT 1UL +#define INVPCID_ALL_GLOBAL 2UL -+#define INVPCID_ALL_MONGLOBAL 3UL ++#define INVPCID_ALL_NONGLOBAL 3UL + +#define PCID_KERNEL 0UL +#define PCID_USER 1UL @@ -19295,7 +19354,7 @@ index e1940c0..ac50dd8 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index 04905bf..49203ca 100644 +index 04905bf..1178cdf 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -17,18 +17,44 @@ @@ -19306,7 +19365,7 @@ index 04905bf..49203ca 100644 + u64 descriptor[2]; + + descriptor[0] = PCID_KERNEL; -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory"); ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_NONGLOBAL) : "memory"); + return; + } + @@ -21615,7 +21674,7 @@ index 1340ebf..fc6d5c9 100644 intel_ds_init(); diff --git a/arch/x86/kernel/cpu/perf_event_intel_rapl.c b/arch/x86/kernel/cpu/perf_event_intel_rapl.c -index 5ad35ad..e0a3960 100644 +index 95700e5..19779f8 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_rapl.c +++ b/arch/x86/kernel/cpu/perf_event_intel_rapl.c @@ -425,7 +425,7 @@ static struct attribute *rapl_events_cln_attr[] = { @@ -21731,7 +21790,7 @@ index f6dfd93..892ade4 100644 .__cr3 = __pa_nodebug(swapper_pg_dir), diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index d9c12d3..7858b62 100644 +index d9c12d3..3e70198 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -2,6 +2,9 @@ @@ -21744,7 +21803,15 @@ index d9c12d3..7858b62 100644 #include <linux/kallsyms.h> #include <linux/kprobes.h> #include <linux/uaccess.h> -@@ -40,16 +43,14 @@ void printk_address(unsigned long address) +@@ -33,23 +36,21 @@ static void printk_stack_address(unsigned long address, int reliable) + + void printk_address(unsigned long address) + { +- pr_cont(" [<%p>] %pS\n", (void *)address, (void *)address); ++ pr_cont(" [<%p>] %pA\n", (void *)address, (void *)address); + } + + #ifdef CONFIG_FUNCTION_GRAPH_TRACER static void print_ftrace_graph_addr(unsigned long addr, void *data, const struct stacktrace_ops *ops, @@ -22894,7 +22961,7 @@ index c5a9cb9..228d280 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 03cd2a8..05a9aed 100644 +index 03cd2a8..d236ccb 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -60,6 +60,8 @@ @@ -23815,7 +23882,7 @@ index 03cd2a8..05a9aed 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */ +@@ -1027,12 +1500,35 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -23828,11 +23895,30 @@ index 03cd2a8..05a9aed 100644 retint_restore_args: /* return to kernel space */ DISABLE_INTERRUPTS(CLBR_ANY) + pax_exit_kernel ++ ++#if defined(CONFIG_EFI) && defined(CONFIG_PAX_KERNEXEC) ++ /* This is a quirk to allow IRQs/NMIs/MCEs during early EFI setup, ++ * namely calling EFI runtime services with a phys mapping. We're ++ * starting off with NOPs and patch in the real instrumentation ++ * (BTS/OR) before starting any userland process; even before starting ++ * up the APs. ++ */ ++ .pushsection .altinstr_replacement, "a" ++ 601: pax_force_retaddr (RIP-ARGOFFSET) ++ 602: ++ .popsection ++ 603: .fill 602b-601b, 1, 0x90 ++ .pushsection .altinstructions, "a" ++ altinstruction_entry 603b, 601b, X86_FEATURE_ALWAYS, 602b-601b, 602b-601b ++ .popsection ++#else + pax_force_retaddr (RIP-ARGOFFSET) ++#endif ++ /* * The iretq could re-enable interrupts: */ -@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel) +@@ -1145,7 +1641,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -23841,7 +23927,7 @@ index 03cd2a8..05a9aed 100644 /* * If IRET takes a fault on the espfix stack, then we -@@ -1167,13 +1644,13 @@ __do_double_fault: +@@ -1167,13 +1663,13 @@ __do_double_fault: cmpq $native_irq_return_iret,%rax jne do_double_fault /* This shouldn't happen... */ movq PER_CPU_VAR(kernel_stack),%rax @@ -23857,7 +23943,7 @@ index 03cd2a8..05a9aed 100644 #else # define __do_double_fault do_double_fault #endif -@@ -1195,7 +1672,7 @@ ENTRY(\sym) +@@ -1195,7 +1691,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -23866,7 +23952,7 @@ index 03cd2a8..05a9aed 100644 .endm #ifdef CONFIG_TRACING -@@ -1283,7 +1760,7 @@ ENTRY(\sym) +@@ -1283,7 +1779,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23875,7 +23961,7 @@ index 03cd2a8..05a9aed 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1301,10 +1778,10 @@ ENTRY(\sym) +@@ -1301,10 +1797,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23888,7 +23974,7 @@ index 03cd2a8..05a9aed 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1317,12 +1794,18 @@ ENTRY(\sym) +@@ -1317,12 +1813,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -23908,7 +23994,7 @@ index 03cd2a8..05a9aed 100644 .endm .macro errorentry sym do_sym -@@ -1340,7 +1823,7 @@ ENTRY(\sym) +@@ -1340,7 +1842,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23917,7 +24003,7 @@ index 03cd2a8..05a9aed 100644 .endm #ifdef CONFIG_TRACING -@@ -1371,7 +1854,7 @@ ENTRY(\sym) +@@ -1371,7 +1873,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -23926,7 +24012,7 @@ index 03cd2a8..05a9aed 100644 .endm zeroentry divide_error do_divide_error -@@ -1401,9 +1884,10 @@ gs_change: +@@ -1401,9 +1903,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -23938,7 +24024,7 @@ index 03cd2a8..05a9aed 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack) +@@ -1431,9 +1934,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -23950,7 +24036,7 @@ index 03cd2a8..05a9aed 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1471,7 +1975,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -23959,7 +24045,7 @@ index 03cd2a8..05a9aed 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback) +@@ -1530,7 +2034,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -23968,7 +24054,7 @@ index 03cd2a8..05a9aed 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit) +@@ -1582,18 +2086,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24004,7 +24090,7 @@ index 03cd2a8..05a9aed 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1622,7 +2122,7 @@ paranoid_schedule: +@@ -1622,7 +2141,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24013,7 +24099,7 @@ index 03cd2a8..05a9aed 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1649,12 +2149,23 @@ ENTRY(error_entry) +@@ -1649,12 +2168,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -24038,7 +24124,7 @@ index 03cd2a8..05a9aed 100644 ret /* -@@ -1681,7 +2192,7 @@ bstep_iret: +@@ -1681,7 +2211,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -24047,7 +24133,7 @@ index 03cd2a8..05a9aed 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1692,7 +2203,7 @@ ENTRY(error_exit) +@@ -1692,7 +2222,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24056,7 +24142,7 @@ index 03cd2a8..05a9aed 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1701,7 +2212,7 @@ ENTRY(error_exit) +@@ -1701,7 +2231,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24065,7 +24151,7 @@ index 03cd2a8..05a9aed 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1759,9 +2270,11 @@ ENTRY(nmi) +@@ -1759,9 +2289,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24078,7 +24164,7 @@ index 03cd2a8..05a9aed 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1795,8 +2308,7 @@ nested_nmi: +@@ -1795,8 +2327,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24088,7 +24174,7 @@ index 03cd2a8..05a9aed 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1814,6 +2326,7 @@ nested_nmi_out: +@@ -1814,6 +2345,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24096,7 +24182,7 @@ index 03cd2a8..05a9aed 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1910,13 +2423,13 @@ end_repeat_nmi: +@@ -1910,13 +2442,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24112,7 +24198,7 @@ index 03cd2a8..05a9aed 100644 DEFAULT_FRAME 0 /* -@@ -1926,9 +2439,9 @@ end_repeat_nmi: +@@ -1926,9 +2458,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24124,7 +24210,7 @@ index 03cd2a8..05a9aed 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1937,31 +2450,36 @@ end_repeat_nmi: +@@ -1937,31 +2469,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -24705,7 +24791,7 @@ index f36bd42..0ab4474 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index a468c0a..c7dec74 100644 +index a468c0a..8b5a879 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -24757,7 +24843,11 @@ index a468c0a..c7dec74 100644 /* * Set up the identity mapping for the switchover. These -@@ -177,8 +198,8 @@ ENTRY(secondary_startup_64) +@@ -174,11 +195,12 @@ ENTRY(secondary_startup_64) + * after the boot processor executes this code. + */ + ++ orq $-1, %rbp movq $(init_level4_pgt - __START_KERNEL_map), %rax 1: @@ -24768,7 +24858,7 @@ index a468c0a..c7dec74 100644 movq %rcx, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -199,10 +220,19 @@ ENTRY(secondary_startup_64) +@@ -199,10 +221,19 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -24776,10 +24866,10 @@ index a468c0a..c7dec74 100644 + btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */ jnc 1f btsl $_EFER_NX, %eax ++ cmpq $-1, %rbp ++ je 1f btsq $_PAGE_BIT_NX,early_pmd_flags(%rip) -+#ifndef CONFIG_EFI + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_PAGE_OFFSET(%rip) -+#endif + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_START(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_END(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMEMMAP_START(%rip) @@ -24789,7 +24879,7 @@ index a468c0a..c7dec74 100644 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -282,6 +312,7 @@ ENTRY(secondary_startup_64) +@@ -282,6 +313,7 @@ ENTRY(secondary_startup_64) * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, * address given in m16:64. */ @@ -24797,7 +24887,7 @@ index a468c0a..c7dec74 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -313,7 +344,7 @@ ENDPROC(start_cpu0) +@@ -313,7 +345,7 @@ ENDPROC(start_cpu0) .quad INIT_PER_CPU_VAR(irq_stack_union) GLOBAL(stack_start) @@ -24806,7 +24896,7 @@ index a468c0a..c7dec74 100644 .word 0 __FINITDATA -@@ -391,7 +422,7 @@ ENTRY(early_idt_handler) +@@ -391,7 +423,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS leaq early_idt_ripmsg(%rip),%rdi @@ -24815,7 +24905,7 @@ index a468c0a..c7dec74 100644 call __print_symbol #endif #endif /* EARLY_PRINTK */ -@@ -420,6 +451,7 @@ ENDPROC(early_idt_handler) +@@ -420,6 +452,7 @@ ENDPROC(early_idt_handler) early_recursion_flag: .long 0 @@ -24823,7 +24913,7 @@ index a468c0a..c7dec74 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -447,29 +479,52 @@ NEXT_PAGE(early_level4_pgt) +@@ -447,29 +480,52 @@ NEXT_PAGE(early_level4_pgt) NEXT_PAGE(early_dynamic_pgts) .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0 @@ -24885,7 +24975,7 @@ index a468c0a..c7dec74 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -477,6 +532,9 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -477,6 +533,9 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -24895,7 +24985,7 @@ index a468c0a..c7dec74 100644 NEXT_PAGE(level2_kernel_pgt) /* * 512 MB kernel mapping. We spend a full page on this pagetable -@@ -494,28 +552,64 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -494,28 +553,64 @@ NEXT_PAGE(level2_kernel_pgt) NEXT_PAGE(level2_fixmap_pgt) .fill 506,8,0 .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -27118,7 +27208,7 @@ index 7c3a5a6..f0a8961 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 395be6d..11665af 100644 +index 68287653..3597685 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused) @@ -28195,7 +28285,7 @@ index da6b35a..977e9cf 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index 1f96f93..6f29be7 100644 +index 09ce23a..9293938 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -56,15 +56,13 @@ @@ -28401,7 +28491,7 @@ index c697625..a032162 100644 out: diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 0069118..c28ec0a 100644 +index 453e5fb..214168f 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -29147,7 +29237,7 @@ index f5cc9eb..51fa319 100644 CFI_ENDPROC ENDPROC(atomic64_inc_not_zero_cx8) diff --git a/arch/x86/lib/checksum_32.S b/arch/x86/lib/checksum_32.S -index e78b8ee..7e173a8 100644 +index e78b8eee..7e173a8 100644 --- a/arch/x86/lib/checksum_32.S +++ b/arch/x86/lib/checksum_32.S @@ -29,7 +29,8 @@ @@ -34796,7 +34886,7 @@ index 9ee3491..872192f 100644 local_irq_restore(efi_rt_eflags); diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c -index 666b74a..673d88f 100644 +index 666b74a..7c90b04 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -97,6 +97,11 @@ void __init efi_call_phys_prelog(void) @@ -34823,6 +34913,31 @@ index 666b74a..673d88f 100644 __flush_tlb_all(); local_irq_restore(efi_flags); early_code_mapping_set_exec(0); +@@ -141,8 +151,23 @@ int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) + { + pgd_t *pgd; + +- if (efi_enabled(EFI_OLD_MEMMAP)) ++ if (efi_enabled(EFI_OLD_MEMMAP)) { ++ /* PaX: We need to disable the NX bit in the PGD, otherwise we won't be ++ * able to execute the EFI services. ++ */ ++ if (__supported_pte_mask & _PAGE_NX) { ++ unsigned long addr = (unsigned long) __va(0); ++ pgd_t pe = __pgd(pgd_val(*pgd_offset_k(addr)) & ~_PAGE_NX); ++ ++ pr_alert("PAX: Disabling NX protection for low memory map. Try booting without \"efi=old_map\"\n"); ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ set_pgd(pgd_offset_cpu(0, kernel, addr), pe); ++#endif ++ set_pgd(pgd_offset_k(addr), pe); ++ } ++ + return 0; ++ } + + efi_scratch.efi_pgt = (pgd_t *)(unsigned long)real_mode_header->trampoline_pgd; + pgd = __va(efi_scratch.efi_pgt); diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S index fbe66e6..eae5e38 100644 --- a/arch/x86/platform/efi/efi_stub_32.S @@ -35765,7 +35880,7 @@ index 201d09a..e4723e5 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 2423ef0..4f6fb5b 100644 +index c83da6f..a5f0379 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) @@ -35777,17 +35892,17 @@ index 2423ef0..4f6fb5b 100644 { if (val & _PAGE_PRESENT) { unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; -@@ -1904,6 +1904,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) +@@ -1903,6 +1903,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) /* L3_k[510] -> level2_kernel_pgt - * L3_i[511] -> level2_fixmap_pgt */ + * L3_k[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); + convert_pfn_mfn(level3_vmalloc_start_pgt); + convert_pfn_mfn(level3_vmalloc_end_pgt); + convert_pfn_mfn(level3_vmemmap_pgt); - } - /* We get [511][511] and have Xen's version of level2_kernel_pgt */ - l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); -@@ -1933,8 +1936,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) + + /* L3_k[511][506] -> level1_fixmap_pgt */ + convert_pfn_mfn(level2_fixmap_pgt); +@@ -1929,8 +1932,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); @@ -35799,8 +35914,8 @@ index 2423ef0..4f6fb5b 100644 + set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO); set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); - -@@ -2123,6 +2130,7 @@ static void __init xen_post_allocator_init(void) + set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO); +@@ -2120,6 +2127,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -35808,7 +35923,7 @@ index 2423ef0..4f6fb5b 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2201,6 +2209,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2198,6 +2206,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -36028,6 +36143,18 @@ index d8f80e7..5f41702 100644 done: spin_lock_init(&blkcg->lock); INIT_RADIX_TREE(&blkcg->blkg_tree, GFP_ATOMIC); +diff --git a/block/blk-exec.c b/block/blk-exec.c +index dbf4502..3394b6e 100644 +--- a/block/blk-exec.c ++++ b/block/blk-exec.c +@@ -56,6 +56,7 @@ void blk_execute_rq_nowait(struct request_queue *q, struct gendisk *bd_disk, + bool is_pm_resume; + + WARN_ON(irqs_disabled()); ++ WARN_ON(rq->cmd_type == REQ_TYPE_FS); + + rq->rq_disk = bd_disk; + rq->end_io = done; diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c index 1855bf5..af12b06 100644 --- a/block/blk-iopoll.c @@ -36054,6 +36181,28 @@ index ae4ae10..c470b8d 100644 if (do_copy) bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else +diff --git a/block/blk-mq.c b/block/blk-mq.c +index 883f720..37322f0 100644 +--- a/block/blk-mq.c ++++ b/block/blk-mq.c +@@ -710,14 +710,9 @@ void blk_mq_insert_request(struct request *rq, bool at_head, bool run_queue, + + hctx = q->mq_ops->map_queue(q, ctx->cpu); + +- if (rq->cmd_flags & (REQ_FLUSH | REQ_FUA) && +- !(rq->cmd_flags & (REQ_FLUSH_SEQ))) { +- blk_insert_flush(rq); +- } else { +- spin_lock(&ctx->lock); +- __blk_mq_insert_request(hctx, rq, at_head); +- spin_unlock(&ctx->lock); +- } ++ spin_lock(&ctx->lock); ++ __blk_mq_insert_request(hctx, rq, at_head); ++ spin_unlock(&ctx->lock); + + blk_mq_put_ctx(current_ctx); + diff --git a/block/blk-softirq.c b/block/blk-softirq.c index 57790c1..5e988dd 100644 --- a/block/blk-softirq.c @@ -36121,10 +36270,10 @@ index a0926a6..b2b14b2 100644 err = -EFAULT; goto out; diff --git a/block/genhd.c b/block/genhd.c -index 791f419..89f21c4 100644 +index e6723bd..703e4ac 100644 --- a/block/genhd.c +++ b/block/genhd.c -@@ -467,21 +467,24 @@ static char *bdevt_str(dev_t devt, char *buf) +@@ -469,21 +469,24 @@ static char *bdevt_str(dev_t devt, char *buf) /* * Register device numbers dev..(dev+range-1) @@ -36388,7 +36537,7 @@ index c68e724..e863008 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index 3dca36d..abaf070 100644 +index 17f9ec5..d9a455e 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -952,7 +952,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) @@ -36432,7 +36581,7 @@ index 36605ab..6ef6d4b 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index f761603..3042d5c 100644 +index 538574f..4344396 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -38005,8 +38154,21 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; +diff --git a/drivers/block/drbd/drbd_bitmap.c b/drivers/block/drbd/drbd_bitmap.c +index 597f111..c700970 100644 +--- a/drivers/block/drbd/drbd_bitmap.c ++++ b/drivers/block/drbd/drbd_bitmap.c +@@ -1042,7 +1042,7 @@ static void bm_page_io_async(struct bm_aio_ctx *ctx, int page_nr, int rw) __must + submit_bio(rw, bio); + /* this should not count as user activity and cause the + * resync to throttle -- see drbd_rs_should_slow_down(). */ +- atomic_add(len >> 9, &mdev->rs_sect_ev); ++ atomic_add_unchecked(len >> 9, &mdev->rs_sect_ev); + } + } + diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index 0e06f0c..c47b81d 100644 +index 0e06f0c..d98cde3 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h @@ -582,7 +582,7 @@ struct drbd_epoch { @@ -38027,6 +38189,17 @@ index 0e06f0c..c47b81d 100644 unsigned int peer_seq; spinlock_t peer_seq_lock; unsigned int minor; +@@ -1032,8 +1032,8 @@ struct drbd_conf { + struct mutex own_state_mutex; + struct mutex *state_mutex; /* either own_state_mutex or mdev->tconn->cstate_mutex */ + char congestion_reason; /* Why we where congested... */ +- atomic_t rs_sect_in; /* for incoming resync data rate, SyncTarget */ +- atomic_t rs_sect_ev; /* for submitted resync data rate, both */ ++ atomic_unchecked_t rs_sect_in; /* for incoming resync data rate, SyncTarget */ ++ atomic_unchecked_t rs_sect_ev; /* for submitted resync data rate, both */ + int rs_last_sect_ev; /* counter to compare with */ + int rs_last_events; /* counter of read or write "events" (unit sectors) + * on the lower level device when we last looked. */ @@ -1573,7 +1573,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -38054,7 +38227,7 @@ index 89c497c..9c736ae 100644 /** diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index 929468e..7d934eb 100644 +index 929468e..efb12f0 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd, @@ -38075,6 +38248,17 @@ index 929468e..7d934eb 100644 dp_flags = bio_flags_to_wire(mdev, req->master_bio->bi_rw); if (mdev->state.conn >= C_SYNC_SOURCE && mdev->state.conn <= C_PAUSED_SYNC_T) +@@ -1886,8 +1886,8 @@ void drbd_init_set_defaults(struct drbd_conf *mdev) + atomic_set(&mdev->unacked_cnt, 0); + atomic_set(&mdev->local_cnt, 0); + atomic_set(&mdev->pp_in_use_by_net, 0); +- atomic_set(&mdev->rs_sect_in, 0); +- atomic_set(&mdev->rs_sect_ev, 0); ++ atomic_set_unchecked(&mdev->rs_sect_in, 0); ++ atomic_set_unchecked(&mdev->rs_sect_ev, 0); + atomic_set(&mdev->ap_in_flight, 0); + atomic_set(&mdev->md_io_in_use, 0); + @@ -2577,8 +2577,8 @@ void conn_destroy(struct kref *kref) { struct drbd_tconn *tconn = container_of(kref, struct drbd_tconn, kref); @@ -38109,7 +38293,7 @@ index c706d50..5e1b472 100644 if (!msg) goto failed; diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c -index d073305..4998fea 100644 +index d073305..958be8f 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c @@ -834,7 +834,7 @@ int drbd_connected(struct drbd_conf *mdev) @@ -38162,6 +38346,24 @@ index d073305..4998fea 100644 list_add(&epoch->list, &tconn->current_epoch->list); tconn->current_epoch = epoch; tconn->epochs++; +@@ -1688,7 +1688,7 @@ static int recv_resync_read(struct drbd_conf *mdev, sector_t sector, int data_si + list_add(&peer_req->w.list, &mdev->sync_ee); + spin_unlock_irq(&mdev->tconn->req_lock); + +- atomic_add(data_size >> 9, &mdev->rs_sect_ev); ++ atomic_add_unchecked(data_size >> 9, &mdev->rs_sect_ev); + if (drbd_submit_peer_request(mdev, peer_req, WRITE, DRBD_FAULT_RS_WR) == 0) + return 0; + +@@ -1782,7 +1782,7 @@ static int receive_RSDataReply(struct drbd_tconn *tconn, struct packet_info *pi) + drbd_send_ack_dp(mdev, P_NEG_ACK, p, pi->size); + } + +- atomic_add(pi->size >> 9, &mdev->rs_sect_in); ++ atomic_add_unchecked(pi->size >> 9, &mdev->rs_sect_in); + + return err; + } @@ -2164,7 +2164,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) err = wait_for_and_update_peer_seq(mdev, peer_seq); @@ -38180,6 +38382,33 @@ index d073305..4998fea 100644 atomic_inc(&peer_req->epoch->active); spin_unlock(&tconn->epoch_lock); +@@ -2326,7 +2326,7 @@ int drbd_rs_should_slow_down(struct drbd_conf *mdev, sector_t sector) + + curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + + (int)part_stat_read(&disk->part0, sectors[1]) - +- atomic_read(&mdev->rs_sect_ev); ++ atomic_read_unchecked(&mdev->rs_sect_ev); + + if (!mdev->rs_last_events || curr_events - mdev->rs_last_events > 64) { + unsigned long rs_left; +@@ -2459,7 +2459,7 @@ static int receive_DataRequest(struct drbd_tconn *tconn, struct packet_info *pi) + mdev->bm_resync_fo = BM_SECT_TO_BIT(sector); + } else if (pi->cmd == P_OV_REPLY) { + /* track progress, we may need to throttle */ +- atomic_add(size >> 9, &mdev->rs_sect_in); ++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_in); + peer_req->w.cb = w_e_end_ov_reply; + dec_rs_pending(mdev); + /* drbd_rs_begin_io done when we sent this request, +@@ -2520,7 +2520,7 @@ static int receive_DataRequest(struct drbd_tconn *tconn, struct packet_info *pi) + goto out_free_e; + + submit_for_resync: +- atomic_add(size >> 9, &mdev->rs_sect_ev); ++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_ev); + + submit: + inc_unacked(mdev); @@ -4345,7 +4345,7 @@ struct data_cmd { int expect_payload; size_t pkt_size; @@ -38198,6 +38427,15 @@ index d073305..4998fea 100644 tconn->send.seen_any_write_yet = false; conn_info(tconn, "Connection closed\n"); +@@ -4947,7 +4947,7 @@ static int got_IsInSync(struct drbd_tconn *tconn, struct packet_info *pi) + put_ldev(mdev); + } + dec_rs_pending(mdev); +- atomic_add(blksize >> 9, &mdev->rs_sect_in); ++ atomic_add_unchecked(blksize >> 9, &mdev->rs_sect_in); + + return 0; + } @@ -5221,7 +5221,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn) struct asender_cmd { size_t pkt_size; @@ -38207,6 +38445,39 @@ index d073305..4998fea 100644 static struct asender_cmd asender_tbl[] = { [P_PING] = { 0, got_Ping }, +diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c +index 84d3175..ccea188 100644 +--- a/drivers/block/drbd/drbd_worker.c ++++ b/drivers/block/drbd/drbd_worker.c +@@ -400,7 +400,7 @@ static int read_for_csum(struct drbd_conf *mdev, sector_t sector, int size) + list_add(&peer_req->w.list, &mdev->read_ee); + spin_unlock_irq(&mdev->tconn->req_lock); + +- atomic_add(size >> 9, &mdev->rs_sect_ev); ++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_ev); + if (drbd_submit_peer_request(mdev, peer_req, READ, DRBD_FAULT_RS_RD) == 0) + return 0; + +@@ -498,7 +498,7 @@ static int drbd_rs_controller(struct drbd_conf *mdev) + int max_sect; + struct fifo_buffer *plan; + +- sect_in = atomic_xchg(&mdev->rs_sect_in, 0); /* Number of sectors that came in */ ++ sect_in = atomic_xchg_unchecked(&mdev->rs_sect_in, 0); /* Number of sectors that came in */ + mdev->rs_in_flight -= sect_in; + + dc = rcu_dereference(mdev->ldev->disk_conf); +@@ -1561,8 +1561,8 @@ void drbd_rs_controller_reset(struct drbd_conf *mdev) + { + struct fifo_buffer *plan; + +- atomic_set(&mdev->rs_sect_in, 0); +- atomic_set(&mdev->rs_sect_ev, 0); ++ atomic_set_unchecked(&mdev->rs_sect_in, 0); ++ atomic_set_unchecked(&mdev->rs_sect_ev, 0); + mdev->rs_in_flight = 0; + + /* Updating the RCU protected object in place is necessary since diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 66e8c3b..9b68dd9 100644 --- a/drivers/block/loop.c @@ -39130,10 +39401,10 @@ index 18448a7..d5fad43 100644 /* Force all MSRs to the same value */ diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 153f4b9..d47054a 100644 +index 4159236..b850472 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -1972,7 +1972,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) +@@ -1974,7 +1974,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) #endif mutex_lock(&cpufreq_governor_mutex); @@ -39142,7 +39413,7 @@ index 153f4b9..d47054a 100644 mutex_unlock(&cpufreq_governor_mutex); return; } -@@ -2202,7 +2202,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -2204,7 +2204,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -39151,7 +39422,7 @@ index 153f4b9..d47054a 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -2242,13 +2242,17 @@ int cpufreq_boost_trigger_state(int state) +@@ -2244,13 +2244,17 @@ int cpufreq_boost_trigger_state(int state) return 0; write_lock_irqsave(&cpufreq_driver_lock, flags); @@ -39171,7 +39442,7 @@ index 153f4b9..d47054a 100644 write_unlock_irqrestore(&cpufreq_driver_lock, flags); pr_err("%s: Cannot %s BOOST\n", __func__, -@@ -2302,8 +2306,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2304,8 +2308,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -39185,7 +39456,7 @@ index 153f4b9..d47054a 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { -@@ -2318,8 +2325,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2320,8 +2327,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) * Check if driver provides function to enable boost - * if not, use cpufreq_boost_set_sw as default */ @@ -40728,10 +40999,10 @@ index 4c3feaa..26391ce 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index 23ca7a5..b6c955d 100644 +index 74ed08a..e81b8c5 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h -@@ -97,7 +97,6 @@ struct nouveau_drm { +@@ -99,7 +99,6 @@ struct nouveau_drm { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -40808,7 +41079,7 @@ index d45d50d..72a5dd2 100644 int diff --git a/drivers/gpu/drm/nouveau/nouveau_vga.c b/drivers/gpu/drm/nouveau/nouveau_vga.c -index 471347e..5adc6b9 100644 +index a92fb01..35e0602 100644 --- a/drivers/gpu/drm/nouveau/nouveau_vga.c +++ b/drivers/gpu/drm/nouveau/nouveau_vga.c @@ -67,7 +67,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev) @@ -41170,7 +41441,7 @@ index 4a85bb6..aaea819 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 0bf6f4a..18e2437 100644 +index e39026c..b32e98e 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c @@ -1128,7 +1128,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) @@ -41390,22 +41661,6 @@ index dbc2def..0a9f710 100644 if (unlikely(ret != 0)) { kobject_put(&zone->kobj); return ret; -diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c -index 863bef9..cba15cf 100644 ---- a/drivers/gpu/drm/ttm/ttm_page_alloc.c -+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c -@@ -391,9 +391,9 @@ out: - static unsigned long - ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) - { -- static atomic_t start_pool = ATOMIC_INIT(0); -+ static atomic_unchecked_t start_pool = ATOMIC_INIT(0); - unsigned i; -- unsigned pool_offset = atomic_add_return(1, &start_pool); -+ unsigned pool_offset = atomic_add_return_unchecked(1, &start_pool); - struct ttm_page_pool *pool; - int shrink_pages = sc->nr_to_scan; - unsigned long freed = 0; diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c index dbadd49..1b7457b 100644 --- a/drivers/gpu/drm/udl/udl_fb.c @@ -41528,7 +41783,7 @@ index 0783155..b29e18e 100644 wait_queue_head_t fifo_queue; int fence_queue_waiters; /* Protected by hw_mutex */ diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c -index 6ccd993..618d592 100644 +index 6eae14d..aa311b3 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c @@ -154,7 +154,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo) @@ -41540,7 +41795,7 @@ index 6ccd993..618d592 100644 iowrite32(dev_priv->last_read_seqno, fifo_mem + SVGA_FIFO_FENCE); vmw_marker_queue_init(&fifo->marker_queue); return vmw_fifo_send_fence(dev_priv, &dummy); -@@ -372,7 +372,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes) +@@ -373,7 +373,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes) if (reserveable) iowrite32(bytes, fifo_mem + SVGA_FIFO_RESERVED); @@ -41549,7 +41804,7 @@ index 6ccd993..618d592 100644 } else { need_bounce = true; } -@@ -492,7 +492,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) +@@ -493,7 +493,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) fm = vmw_fifo_reserve(dev_priv, bytes); if (unlikely(fm == NULL)) { @@ -41558,7 +41813,7 @@ index 6ccd993..618d592 100644 ret = -ENOMEM; (void)vmw_fallback_wait(dev_priv, false, true, *seqno, false, 3*HZ); -@@ -500,7 +500,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) +@@ -501,7 +501,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) } do { @@ -41644,7 +41899,7 @@ index 8a8725c2..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/gpu/vga/vga_switcheroo.c b/drivers/gpu/vga/vga_switcheroo.c -index 6866448..2ad2b34 100644 +index 37ac7b5..d52a5c9 100644 --- a/drivers/gpu/vga/vga_switcheroo.c +++ b/drivers/gpu/vga/vga_switcheroo.c @@ -644,7 +644,7 @@ static int vga_switcheroo_runtime_resume(struct device *dev) @@ -41656,7 +41911,7 @@ index 6866448..2ad2b34 100644 { /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { -@@ -689,7 +689,7 @@ static int vga_switcheroo_runtime_resume_hdmi_audio(struct device *dev) +@@ -695,7 +695,7 @@ static int vga_switcheroo_runtime_resume_hdmi_audio(struct device *dev) return ret; } @@ -41665,19 +41920,6 @@ index 6866448..2ad2b34 100644 { /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { -diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c -index 1bdcccc..f745d2c 100644 ---- a/drivers/hid/hid-cherry.c -+++ b/drivers/hid/hid-cherry.c -@@ -28,7 +28,7 @@ - static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { -+ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { - hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n"); - rdesc[11] = rdesc[16] = 0xff; - rdesc[12] = rdesc[17] = 0x03; diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 7cd42ea..a367c48 100644 --- a/drivers/hid/hid-core.c @@ -41700,110 +41942,6 @@ index 7cd42ea..a367c48 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); -diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c -index e776963..b92bf01 100644 ---- a/drivers/hid/hid-kye.c -+++ b/drivers/hid/hid-kye.c -@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc, - * - change the button usage range to 4-7 for the extra - * buttons - */ -- if (*rsize >= 74 && -+ if (*rsize >= 75 && - rdesc[61] == 0x05 && rdesc[62] == 0x08 && - rdesc[63] == 0x19 && rdesc[64] == 0x08 && - rdesc[65] == 0x29 && rdesc[66] == 0x0f && -diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c -index 9fe9d4a..b8207e0 100644 ---- a/drivers/hid/hid-lg.c -+++ b/drivers/hid/hid-lg.c -@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc, - struct usb_device_descriptor *udesc; - __u16 bcdDevice, rev_maj, rev_min; - -- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 && -+ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 && - rdesc[84] == 0x8c && rdesc[85] == 0x02) { - hid_info(hdev, - "fixing up Logitech keyboard report descriptor\n"); - rdesc[84] = rdesc[89] = 0x4d; - rdesc[85] = rdesc[90] = 0x10; - } -- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 && -+ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 && - rdesc[32] == 0x81 && rdesc[33] == 0x06 && - rdesc[49] == 0x81 && rdesc[50] == 0x06) { - hid_info(hdev, -diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c -index f45279c..0b14d32 100644 ---- a/drivers/hid/hid-logitech-dj.c -+++ b/drivers/hid/hid-logitech-dj.c -@@ -237,13 +237,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev, - return; - } - -- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n", -- __func__, dj_report->device_index); -- return; -- } -- - if (djrcv_dev->paired_dj_devices[dj_report->device_index]) { - /* The device is already known. No need to reallocate it. */ - dbg_hid("%s: device is already known\n", __func__); -@@ -721,6 +714,12 @@ static int logi_dj_raw_event(struct hid_device *hdev, - * device (via hid_input_report() ) and return 1 so hid-core does not do - * anything else with it. - */ -+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -+ dev_err(&hdev->dev, "%s: invalid device index:%d\n", -+ __func__, dj_report->device_index); -+ return false; -+ } - - spin_lock_irqsave(&djrcv_dev->lock, flags); - if (dj_report->report_id == REPORT_ID_DJ_SHORT) { -diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c -index 9e14c00..25daf28 100644 ---- a/drivers/hid/hid-monterey.c -+++ b/drivers/hid/hid-monterey.c -@@ -24,7 +24,7 @@ - static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { -+ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { - hid_info(hdev, "fixing up button/consumer in HID report descriptor\n"); - rdesc[30] = 0x0c; - } -diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c -index 736b250..6aca4f2 100644 ---- a/drivers/hid/hid-petalynx.c -+++ b/drivers/hid/hid-petalynx.c -@@ -25,7 +25,7 @@ - static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && -+ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && - rdesc[41] == 0x00 && rdesc[59] == 0x26 && - rdesc[60] == 0xf9 && rdesc[61] == 0x00) { - hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n"); -diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c -index 87fc91e..91072fa 100644 ---- a/drivers/hid/hid-sunplus.c -+++ b/drivers/hid/hid-sunplus.c -@@ -24,7 +24,7 @@ - static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && -+ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && - rdesc[106] == 0x03) { - hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n"); - rdesc[105] = rdesc[110] = 0x03; diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c index c13fb5b..55a3802 100644 --- a/drivers/hid/hid-wiimote-debug.c @@ -44513,10 +44651,10 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 56e24c0..e1c8e1f 100644 +index 55de4f6..b1c57fe 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1936,7 +1936,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -44525,8 +44663,8 @@ index 56e24c0..e1c8e1f 100644 } sectors -= s; sect += s; -@@ -2165,7 +2165,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, - test_bit(In_sync, &rdev->flags)) { +@@ -2170,7 +2170,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, + !test_bit(Faulty, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { - atomic_add(s, &rdev->corrected_errors); @@ -44535,10 +44673,10 @@ index 56e24c0..e1c8e1f 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index cb882aa..cb8aeca 100644 +index a46124e..caf0bd55 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1948,7 +1948,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -44547,7 +44685,7 @@ index cb882aa..cb8aeca 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2307,7 +2307,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2306,7 +2306,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -44556,7 +44694,7 @@ index cb882aa..cb8aeca 100644 ktime_get_ts(&cur_time_mon); -@@ -2329,9 +2329,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2328,9 +2328,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -44568,7 +44706,7 @@ index cb882aa..cb8aeca 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2385,8 +2385,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2384,8 +2384,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -44579,7 +44717,7 @@ index cb882aa..cb8aeca 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2394,7 +2394,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2393,7 +2393,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -44588,7 +44726,7 @@ index cb882aa..cb8aeca 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2549,7 +2549,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2548,7 +2548,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -44597,25 +44735,8 @@ index cb882aa..cb8aeca 100644 } rdev_dec_pending(rdev, mddev); -@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, - */ - if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) { - end_reshape(conf); -+ close_sync(conf); - return 0; - } - -@@ -4411,7 +4412,7 @@ read_more: - read_bio->bi_private = r10_bio; - read_bio->bi_end_io = end_sync_read; - read_bio->bi_rw = READ; -- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1); -+ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS); - read_bio->bi_flags |= 1 << BIO_UPTODATE; - read_bio->bi_vcnt = 0; - read_bio->bi_iter.bi_size = 0; diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 16f5c21..c5d72c7 100644 +index 18cda77..c5d72c7 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -44676,15 +44797,6 @@ index 16f5c21..c5d72c7 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", -@@ -3779,6 +3787,8 @@ static void handle_stripe(struct stripe_head *sh) - set_bit(R5_Wantwrite, &dev->flags); - if (prexor) - continue; -+ if (s.failed > 1) -+ continue; - if (!test_bit(R5_Insync, &dev->flags) || - ((i == sh->pd_idx || i == sh->qd_idx) && - s.failed == 0)) diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c index 983db75..ef9248c 100644 --- a/drivers/media/dvb-core/dvbdev.c @@ -45018,6 +45130,433 @@ index 2fd9009..278cc1e 100644 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL); if (!radio) +diff --git a/drivers/media/usb/dvb-usb/cinergyT2-core.c b/drivers/media/usb/dvb-usb/cinergyT2-core.c +index 9fd1527..8927230 100644 +--- a/drivers/media/usb/dvb-usb/cinergyT2-core.c ++++ b/drivers/media/usb/dvb-usb/cinergyT2-core.c +@@ -50,29 +50,73 @@ static struct dvb_usb_device_properties cinergyt2_properties; + + static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable) + { +- char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 }; +- char result[64]; +- return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result, +- sizeof(result), 0); ++ char *buf; ++ char *result; ++ int retval; ++ ++ buf = kmalloc(2, GFP_KERNEL); ++ if (buf == NULL) ++ return -ENOMEM; ++ result = kmalloc(64, GFP_KERNEL); ++ if (result == NULL) { ++ kfree(buf); ++ return -ENOMEM; ++ } ++ ++ buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER; ++ buf[1] = enable ? 1 : 0; ++ ++ retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0); ++ ++ kfree(buf); ++ kfree(result); ++ return retval; + } + + static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable) + { +- char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 }; +- char state[3]; +- return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0); ++ char *buf; ++ char *state; ++ int retval; ++ ++ buf = kmalloc(2, GFP_KERNEL); ++ if (buf == NULL) ++ return -ENOMEM; ++ state = kmalloc(3, GFP_KERNEL); ++ if (state == NULL) { ++ kfree(buf); ++ return -ENOMEM; ++ } ++ ++ buf[0] = CINERGYT2_EP1_SLEEP_MODE; ++ buf[1] = enable ? 1 : 0; ++ ++ retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0); ++ ++ kfree(buf); ++ kfree(state); ++ return retval; + } + + static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap) + { +- char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION }; +- char state[3]; ++ char *query; ++ char *state; + int ret; ++ query = kmalloc(1, GFP_KERNEL); ++ if (query == NULL) ++ return -ENOMEM; ++ state = kmalloc(3, GFP_KERNEL); ++ if (state == NULL) { ++ kfree(query); ++ return -ENOMEM; ++ } ++ ++ query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION; + + adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev); + +- ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state, +- sizeof(state), 0); ++ ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0); + if (ret < 0) { + deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep " + "state info\n"); +@@ -80,7 +124,8 @@ static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap) + + /* Copy this pointer as we are gonna need it in the release phase */ + cinergyt2_usb_device = adap->dev; +- ++ kfree(query); ++ kfree(state); + return 0; + } + +@@ -141,12 +186,23 @@ static int repeatable_keys[] = { + static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state) + { + struct cinergyt2_state *st = d->priv; +- u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS; ++ u8 *key, *cmd; + int i; + ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -EINVAL; ++ key = kzalloc(5, GFP_KERNEL); ++ if (key == NULL) { ++ kfree(cmd); ++ return -EINVAL; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS; ++ + *state = REMOTE_NO_KEY_PRESSED; + +- dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0); ++ dvb_usb_generic_rw(d, cmd, 1, key, 5, 0); + if (key[4] == 0xff) { + /* key repeat */ + st->rc_counter++; +@@ -157,12 +213,12 @@ static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state) + *event = d->last_event; + deb_rc("repeat key, event %x\n", + *event); +- return 0; ++ goto out; + } + } + deb_rc("repeated key (non repeatable)\n"); + } +- return 0; ++ goto out; + } + + /* hack to pass checksum on the custom field */ +@@ -174,6 +230,9 @@ static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state) + + deb_rc("key: %*ph\n", 5, key); + } ++out: ++ kfree(cmd); ++ kfree(key); + return 0; + } + +diff --git a/drivers/media/usb/dvb-usb/cinergyT2-fe.c b/drivers/media/usb/dvb-usb/cinergyT2-fe.c +index c890fe4..f9b2ae6 100644 +--- a/drivers/media/usb/dvb-usb/cinergyT2-fe.c ++++ b/drivers/media/usb/dvb-usb/cinergyT2-fe.c +@@ -145,103 +145,176 @@ static int cinergyt2_fe_read_status(struct dvb_frontend *fe, + fe_status_t *status) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg result; +- u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *result; ++ u8 *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result, +- sizeof(result), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ result = kmalloc(sizeof(*result), GFP_KERNEL); ++ if (result == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result, ++ sizeof(*result), 0); + if (ret < 0) +- return ret; ++ goto out; + + *status = 0; + +- if (0xffff - le16_to_cpu(result.gain) > 30) ++ if (0xffff - le16_to_cpu(result->gain) > 30) + *status |= FE_HAS_SIGNAL; +- if (result.lock_bits & (1 << 6)) ++ if (result->lock_bits & (1 << 6)) + *status |= FE_HAS_LOCK; +- if (result.lock_bits & (1 << 5)) ++ if (result->lock_bits & (1 << 5)) + *status |= FE_HAS_SYNC; +- if (result.lock_bits & (1 << 4)) ++ if (result->lock_bits & (1 << 4)) + *status |= FE_HAS_CARRIER; +- if (result.lock_bits & (1 << 1)) ++ if (result->lock_bits & (1 << 1)) + *status |= FE_HAS_VITERBI; + + if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) != + (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) + *status &= ~FE_HAS_LOCK; + +- return 0; ++out: ++ kfree(cmd); ++ kfree(result); ++ return ret; + } + + static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg status; +- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *status; ++ char *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, +- sizeof(status), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (status == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, ++ sizeof(*status), 0); + if (ret < 0) +- return ret; ++ goto out; + +- *ber = le32_to_cpu(status.viterbi_error_rate); ++ *ber = le32_to_cpu(status->viterbi_error_rate); ++out: ++ kfree(cmd); ++ kfree(status); + return 0; + } + + static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg status; +- u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *status; ++ u8 *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status, +- sizeof(status), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (status == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status, ++ sizeof(*status), 0); + if (ret < 0) { + err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n", + ret); +- return ret; ++ goto out; + } +- *unc = le32_to_cpu(status.uncorrected_block_count); +- return 0; ++ *unc = le32_to_cpu(status->uncorrected_block_count); ++ ++out: ++ kfree(cmd); ++ kfree(status); ++ return ret; + } + + static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe, + u16 *strength) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg status; +- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *status; ++ char *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, +- sizeof(status), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (status == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, ++ sizeof(*status), 0); + if (ret < 0) { + err("cinergyt2_fe_read_signal_strength() Failed!" + " (Error=%d)\n", ret); +- return ret; ++ goto out; + } +- *strength = (0xffff - le16_to_cpu(status.gain)); ++ *strength = (0xffff - le16_to_cpu(status->gain)); ++ ++out: ++ kfree(cmd); ++ kfree(status); + return 0; + } + + static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr) + { + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_get_status_msg status; +- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; ++ struct dvbt_get_status_msg *status; ++ char *cmd; + int ret; + +- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, +- sizeof(status), 0); ++ cmd = kmalloc(1, GFP_KERNEL); ++ if (cmd == NULL) ++ return -ENOMEM; ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (status == NULL) { ++ kfree(cmd); ++ return -ENOMEM; ++ } ++ ++ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; ++ ++ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, ++ sizeof(*status), 0); + if (ret < 0) { + err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret); +- return ret; ++ goto out; + } +- *snr = (status.snr << 8) | status.snr; +- return 0; ++ *snr = (status->snr << 8) | status->snr; ++ ++out: ++ kfree(cmd); ++ kfree(status); ++ return ret; + } + + static int cinergyt2_fe_init(struct dvb_frontend *fe) +@@ -266,35 +339,46 @@ static int cinergyt2_fe_set_frontend(struct dvb_frontend *fe) + { + struct dtv_frontend_properties *fep = &fe->dtv_property_cache; + struct cinergyt2_fe_state *state = fe->demodulator_priv; +- struct dvbt_set_parameters_msg param; +- char result[2]; ++ struct dvbt_set_parameters_msg *param; ++ char *result; + int err; + +- param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS; +- param.tps = cpu_to_le16(compute_tps(fep)); +- param.freq = cpu_to_le32(fep->frequency / 1000); +- param.flags = 0; ++ result = kmalloc(2, GFP_KERNEL); ++ if (result == NULL) ++ return -ENOMEM; ++ param = kmalloc(sizeof(*param), GFP_KERNEL); ++ if (param == NULL) { ++ kfree(result); ++ return -ENOMEM; ++ } ++ ++ param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS; ++ param->tps = cpu_to_le16(compute_tps(fep)); ++ param->freq = cpu_to_le32(fep->frequency / 1000); ++ param->flags = 0; + + switch (fep->bandwidth_hz) { + default: + case 8000000: +- param.bandwidth = 8; ++ param->bandwidth = 8; + break; + case 7000000: +- param.bandwidth = 7; ++ param->bandwidth = 7; + break; + case 6000000: +- param.bandwidth = 6; ++ param->bandwidth = 6; + break; + } + + err = dvb_usb_generic_rw(state->d, +- (char *)¶m, sizeof(param), +- result, sizeof(result), 0); ++ (char *)param, sizeof(*param), ++ result, 2, 0); + if (err < 0) + err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err); + +- return (err < 0) ? err : 0; ++ kfree(result); ++ kfree(param); ++ return err; + } + + static void cinergyt2_fe_release(struct dvb_frontend *fe) diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c index a1c641e..3007da9 100644 --- a/drivers/media/usb/dvb-usb/cxusb.c @@ -49319,7 +49858,7 @@ index ff75ef8..2dfe00a 100644 /* * fcs_port_sm FCS logical port state machine diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h -index 2e28392..9d865b6 100644 +index a38aafa0..fe8f03b 100644 --- a/drivers/scsi/bfa/bfa_ioc.h +++ b/drivers/scsi/bfa/bfa_ioc.h @@ -258,7 +258,7 @@ struct bfa_ioc_cbfn_s { @@ -49430,7 +49969,7 @@ index f28ea07..34b16d3 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 868318a..e07ef3b 100644 +index 528bff5..84963854 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -571,7 +571,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) @@ -50323,7 +50862,7 @@ index fd8ffe6..fd0bebf 100644 err = class_register(&iscsi_transport_class); if (err) diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c -index d47ffc8..30f46a9 100644 +index e3e794e..f72f20c 100644 --- a/drivers/scsi/scsi_transport_srp.c +++ b/drivers/scsi/scsi_transport_srp.c @@ -36,7 +36,7 @@ @@ -50344,7 +50883,7 @@ index d47ffc8..30f46a9 100644 return 0; } -@@ -734,7 +734,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, +@@ -735,7 +735,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, rport_fast_io_fail_timedout); INIT_DELAYED_WORK(&rport->dev_loss_work, rport_dev_loss_timedout); @@ -50354,10 +50893,10 @@ index d47ffc8..30f46a9 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 36d1a23..3f33303 100644 +index e8abb73..faa6fbe 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2962,7 +2962,7 @@ static int sd_probe(struct device *dev) +@@ -2967,7 +2967,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -50649,6 +51188,19 @@ index 52b7731..d604da0 100644 op_data = ll_prep_md_op_data(NULL, dir, NULL, filename, strlen(filename), mode, LUSTRE_OPC_MKDIR, lump); +diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c b/drivers/staging/lustre/lustre/llite/llite_lib.c +index 6cfdb9e..1ddab59 100644 +--- a/drivers/staging/lustre/lustre/llite/llite_lib.c ++++ b/drivers/staging/lustre/lustre/llite/llite_lib.c +@@ -576,7 +576,7 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, + if (sb->s_root == NULL) { + CERROR("%s: can't make root dentry\n", + ll_get_fsname(sb, NULL, 0)); +- GOTO(out_root, err = -ENOMEM); ++ GOTO(out_lock_cn_cb, err = -ENOMEM); + } + + /* kernel >= 2.6.38 store dentry operations in sb->s_d_op. */ diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c b/drivers/staging/media/solo6x10/solo6x10-core.c index 480b7c4..6846324 100644 --- a/drivers/staging/media/solo6x10/solo6x10-core.c @@ -50863,7 +51415,7 @@ index d07fcb5..358e1e1 100644 return; } diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c -index 6eecd53..29317c6 100644 +index 6eecd53..1025c8b 100644 --- a/drivers/staging/vt6655/hostap.c +++ b/drivers/staging/vt6655/hostap.c @@ -69,14 +69,13 @@ static int msglevel = MSG_LEVEL_INFO; @@ -50892,6 +51444,16 @@ index 6eecd53..29317c6 100644 pDevice->apdev->netdev_ops = &apdev_netdev_ops; pDevice->apdev->type = ARPHRD_IEEE80211; +@@ -385,6 +386,9 @@ static int hostap_set_generic_element(PSDevice pDevice, + { + PSMgmtObject pMgmt = pDevice->pMgmt; + ++ if (param->u.generic_elem.len > sizeof(pMgmt->abyWPAIE)) ++ return -EINVAL; ++ + memcpy(pMgmt->abyWPAIE, + param->u.generic_elem.data, + param->u.generic_elem.len diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c index 67ba48b..24e602f 100644 --- a/drivers/staging/vt6656/hostap.c @@ -51721,10 +52283,10 @@ index 9cd706d..6ff2de7 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index ece2049b..fba2524 100644 +index 25b8f68..3e23c14 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -1448,7 +1448,7 @@ static void uart_hangup(struct tty_struct *tty) +@@ -1451,7 +1451,7 @@ static void uart_hangup(struct tty_struct *tty) uart_flush_buffer(tty); uart_shutdown(tty, state); spin_lock_irqsave(&port->lock, flags); @@ -51733,7 +52295,7 @@ index ece2049b..fba2524 100644 clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); spin_unlock_irqrestore(&port->lock, flags); tty_port_tty_set(port, NULL); -@@ -1544,7 +1544,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1547,7 +1547,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) goto end; } @@ -51742,7 +52304,7 @@ index ece2049b..fba2524 100644 if (!state->uart_port || state->uart_port->flags & UPF_DEAD) { retval = -ENXIO; goto err_dec_count; -@@ -1572,7 +1572,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1575,7 +1575,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) /* * Make sure the device is in D0 state. */ @@ -51751,7 +52313,7 @@ index ece2049b..fba2524 100644 uart_change_pm(state, UART_PM_STATE_ON); /* -@@ -1590,7 +1590,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1593,7 +1593,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) end: return retval; err_dec_count: @@ -52561,7 +53123,7 @@ index 2a3bbdf..91d72cf 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index 90e18f6..5eeda46 100644 +index 9ca7716..a2ccc2e 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, @@ -52623,7 +53185,7 @@ index 2518c32..1c201bb 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 36b1e85..18fb0a4 100644 +index 263612c..dbc0f3d 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -52634,7 +53196,7 @@ index 36b1e85..18fb0a4 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4502,6 +4503,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4549,6 +4550,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -52866,7 +53428,7 @@ index 7a55fea..cc0ed4f 100644 #include "u_uac1.h" diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c -index 7ae0c4d..35521b7 100644 +index 7d6f64c..37a1efc 100644 --- a/drivers/usb/host/ehci-hub.c +++ b/drivers/usb/host/ehci-hub.c @@ -780,7 +780,7 @@ static struct urb *request_single_step_set_feature_urb( @@ -56637,10 +57199,10 @@ index ce25d75..dc09eeb 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 6d68e01..573d8dc 100644 +index f45ddaa..0160abc 100644 --- a/fs/aio.c +++ b/fs/aio.c -@@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx) +@@ -381,7 +381,7 @@ static int aio_setup_ring(struct kioctx *ctx) size += sizeof(struct io_event) * nr_events; nr_pages = PFN_UP(size); @@ -57953,10 +58515,10 @@ index ff286f3..8153a14 100644 .attrs = attrs, }; diff --git a/fs/buffer.c b/fs/buffer.c -index 27265a8..289f488 100644 +index 71e2d0e..8673b7b 100644 --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -3428,7 +3428,7 @@ void __init buffer_init(void) +@@ -3430,7 +3430,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -58120,10 +58682,33 @@ index ebaff36..7e3ea26 100644 kunmap(page); file_end_write(file); diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 5e0982a..b7e82bc 100644 +index 5e0982a..ca18377 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c -@@ -248,7 +248,7 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) +@@ -128,6 +128,8 @@ static int __dcache_readdir(struct file *file, struct dir_context *ctx) + struct dentry *dentry, *last; + struct ceph_dentry_info *di; + int err = 0; ++ char d_name[DNAME_INLINE_LEN]; ++ const unsigned char *name; + + /* claim ref on last dentry we returned */ + last = fi->dentry; +@@ -183,7 +185,12 @@ more: + dout(" %llu (%llu) dentry %p %.*s %p\n", di->offset, ctx->pos, + dentry, dentry->d_name.len, dentry->d_name.name, dentry->d_inode); + ctx->pos = di->offset; +- if (!dir_emit(ctx, dentry->d_name.name, ++ name = dentry->d_name.name; ++ if (name == dentry->d_iname) { ++ memcpy(d_name, name, dentry->d_name.len); ++ name = d_name; ++ } ++ if (!dir_emit(ctx, name, + dentry->d_name.len, + ceph_translate_ino(dentry->d_sb, dentry->d_inode->i_ino), + dentry->d_inode->i_mode >> 12)) { +@@ -248,7 +255,7 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) struct ceph_fs_client *fsc = ceph_inode_to_client(inode); struct ceph_mds_client *mdsc = fsc->mdsc; unsigned frag = fpos_frag(ctx->pos); @@ -58232,10 +58817,10 @@ index 7c6b73c..a8f0db2 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 30f6e92..e915ba5 100644 +index f15d435..0f61ef5 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -806,35 +806,35 @@ struct cifs_tcon { +@@ -801,35 +801,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -58295,7 +58880,7 @@ index 30f6e92..e915ba5 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1170,7 +1170,7 @@ convert_delimiter(char *path, char delim) +@@ -1165,7 +1165,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -58304,7 +58889,7 @@ index 30f6e92..e915ba5 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1536,8 +1536,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1531,8 +1531,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -58316,7 +58901,7 @@ index 30f6e92..e915ba5 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 87c4dd0..a90f115 100644 +index 8175b18..9525542 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, @@ -58360,9 +58945,18 @@ index 3b0c62e..f7d090c 100644 } diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index d1fdfa8..94558f8 100644 +index d1fdfa8..186defc 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c +@@ -586,7 +586,7 @@ cifs_query_path_info(const unsigned int xid, struct cifs_tcon *tcon, + tmprc = CIFS_open(xid, &oparms, &oplock, NULL); + if (tmprc == -EOPNOTSUPP) + *symlink = true; +- else ++ else if (tmprc == 0) + CIFSSMBClose(xid, tcon, fid.netfid); + } + @@ -626,27 +626,27 @@ static void cifs_clear_stats(struct cifs_tcon *tcon) { @@ -58468,8 +59062,21 @@ index d1fdfa8..94558f8 100644 #endif } +diff --git a/fs/cifs/smb2maperror.c b/fs/cifs/smb2maperror.c +index e31a9df..1007867 100644 +--- a/fs/cifs/smb2maperror.c ++++ b/fs/cifs/smb2maperror.c +@@ -256,6 +256,8 @@ static const struct status_to_posix_error smb2_error_map_table[] = { + {STATUS_DLL_MIGHT_BE_INCOMPATIBLE, -EIO, + "STATUS_DLL_MIGHT_BE_INCOMPATIBLE"}, + {STATUS_STOPPED_ON_SYMLINK, -EOPNOTSUPP, "STATUS_STOPPED_ON_SYMLINK"}, ++ {STATUS_IO_REPARSE_TAG_NOT_HANDLED, -EOPNOTSUPP, ++ "STATUS_REPARSE_NOT_HANDLED"}, + {STATUS_DEVICE_REQUIRES_CLEANING, -EIO, + "STATUS_DEVICE_REQUIRES_CLEANING"}, + {STATUS_DEVICE_DOOR_OPEN, -EIO, "STATUS_DEVICE_DOOR_OPEN"}, diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index 35ddc3e..563e809 100644 +index f8977b2..bb38079 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) @@ -58590,10 +59197,10 @@ index 35ddc3e..563e809 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 049a3f2..0f41305 100644 +index 9aab8fe..2bd5f3b 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -2099,8 +2099,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -2100,8 +2100,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: cifs_dbg(VFS, "info level %u isn't supported\n", srch_inf->info_level); @@ -58960,10 +59567,116 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index 7f3b400..9c911f2 100644 +index 58d57da..f91b141 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -250,7 +250,7 @@ static void __d_free(struct rcu_head *head) + */ + static void d_free(struct dentry *dentry) + { +- BUG_ON((int)dentry->d_lockref.count > 0); ++ BUG_ON((int)__lockref_read(&dentry->d_lockref) > 0); + this_cpu_dec(nr_dentry); + if (dentry->d_op && dentry->d_op->d_release) + dentry->d_op->d_release(dentry); +@@ -596,7 +596,7 @@ repeat: + dentry->d_flags |= DCACHE_REFERENCED; + dentry_lru_add(dentry); + +- dentry->d_lockref.count--; ++ __lockref_dec(&dentry->d_lockref); + spin_unlock(&dentry->d_lock); + return; + +@@ -651,7 +651,7 @@ int d_invalidate(struct dentry * dentry) + * We also need to leave mountpoints alone, + * directory or not. + */ +- if (dentry->d_lockref.count > 1 && dentry->d_inode) { ++ if (__lockref_read(&dentry->d_lockref) > 1 && dentry->d_inode) { + if (S_ISDIR(dentry->d_inode->i_mode) || d_mountpoint(dentry)) { + spin_unlock(&dentry->d_lock); + return -EBUSY; +@@ -667,7 +667,7 @@ EXPORT_SYMBOL(d_invalidate); + /* This must be called with d_lock held */ + static inline void __dget_dlock(struct dentry *dentry) + { +- dentry->d_lockref.count++; ++ __lockref_inc(&dentry->d_lockref); + } + + static inline void __dget(struct dentry *dentry) +@@ -708,8 +708,8 @@ repeat: + goto repeat; + } + rcu_read_unlock(); +- BUG_ON(!ret->d_lockref.count); +- ret->d_lockref.count++; ++ BUG_ON(!__lockref_read(&ret->d_lockref)); ++ __lockref_inc(&ret->d_lockref); + spin_unlock(&ret->d_lock); + return ret; + } +@@ -792,7 +792,7 @@ restart: + spin_lock(&inode->i_lock); + hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { + spin_lock(&dentry->d_lock); +- if (!dentry->d_lockref.count) { ++ if (!__lockref_read(&dentry->d_lockref)) { + /* + * inform the fs via d_prune that this dentry + * is about to be unhashed and destroyed. +@@ -884,7 +884,7 @@ static void shrink_dentry_list(struct list_head *list) + * We found an inuse dentry which was not removed from + * the LRU because of laziness during lookup. Do not free it. + */ +- if (dentry->d_lockref.count) { ++ if (__lockref_read(&dentry->d_lockref)) { + spin_unlock(&dentry->d_lock); + continue; + } +@@ -930,7 +930,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) + * counts, just remove them from the LRU. Otherwise give them + * another pass through the LRU. + */ +- if (dentry->d_lockref.count) { ++ if (__lockref_read(&dentry->d_lockref) > 0) { + d_lru_isolate(dentry); + spin_unlock(&dentry->d_lock); + return LRU_REMOVED; +@@ -1268,7 +1268,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) + * loop in shrink_dcache_parent() might not make any progress + * and loop forever. + */ +- if (dentry->d_lockref.count) { ++ if (__lockref_read(&dentry->d_lockref)) { + dentry_lru_del(dentry); + } else if (!(dentry->d_flags & DCACHE_SHRINK_LIST)) { + /* +@@ -1322,11 +1322,11 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) + struct select_data *data = _data; + enum d_walk_ret ret = D_WALK_CONTINUE; + +- if (dentry->d_lockref.count) { ++ if (__lockref_read(&dentry->d_lockref)) { + dentry_lru_del(dentry); + if (likely(!list_empty(&dentry->d_subdirs))) + goto out; +- if (dentry == data->start && dentry->d_lockref.count == 1) ++ if (dentry == data->start && __lockref_read(&dentry->d_lockref) == 1) + goto out; + printk(KERN_ERR + "BUG: Dentry %p{i=%lx,n=%s}" +@@ -1336,7 +1336,7 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) + dentry->d_inode ? + dentry->d_inode->i_ino : 0UL, + dentry->d_name.name, +- dentry->d_lockref.count, ++ __lockref_read(&dentry->d_lockref), + dentry->d_sb->s_type->name, + dentry->d_sb->s_id); + BUG(); +@@ -1494,7 +1494,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) */ dentry->d_iname[DNAME_INLINE_LEN-1] = 0; if (name->len > DNAME_INLINE_LEN-1) { @@ -58972,7 +59685,43 @@ index 7f3b400..9c911f2 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -3430,7 +3430,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -1512,7 +1512,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) + smp_wmb(); + dentry->d_name.name = dname; + +- dentry->d_lockref.count = 1; ++ __lockref_set(&dentry->d_lockref, 1); + dentry->d_flags = 0; + spin_lock_init(&dentry->d_lock); + seqcount_init(&dentry->d_seq); +@@ -2275,7 +2275,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) + goto next; + } + +- dentry->d_lockref.count++; ++ __lockref_inc(&dentry->d_lockref); + found = dentry; + spin_unlock(&dentry->d_lock); + break; +@@ -2374,7 +2374,7 @@ again: + spin_lock(&dentry->d_lock); + inode = dentry->d_inode; + isdir = S_ISDIR(inode->i_mode); +- if (dentry->d_lockref.count == 1) { ++ if (__lockref_read(&dentry->d_lockref) == 1) { + if (!spin_trylock(&inode->i_lock)) { + spin_unlock(&dentry->d_lock); + cpu_relax(); +@@ -3313,7 +3313,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) + + if (!(dentry->d_flags & DCACHE_GENOCIDE)) { + dentry->d_flags |= DCACHE_GENOCIDE; +- dentry->d_lockref.count--; ++ __lockref_dec(&dentry->d_lockref); + } + } + return D_WALK_CONTINUE; +@@ -3429,7 +3429,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -58983,7 +59732,7 @@ index 7f3b400..9c911f2 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 9c0444c..628490c 100644 +index 1576195..49a19ae 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -59978,10 +60727,10 @@ index e6574d7..c30cbe2 100644 brelse(bh); bh = NULL; diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 502f0fd..bf3b3c1 100644 +index 242226a..f3eb6c1 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1882,7 +1882,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -59990,7 +60739,7 @@ index 502f0fd..bf3b3c1 100644 break; } -@@ -2189,7 +2189,7 @@ repeat: +@@ -2191,7 +2191,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -59999,7 +60748,7 @@ index 502f0fd..bf3b3c1 100644 goto repeat; } } -@@ -2697,25 +2697,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2699,25 +2699,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -60035,7 +60784,7 @@ index 502f0fd..bf3b3c1 100644 } free_percpu(sbi->s_locality_groups); -@@ -3169,16 +3169,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3171,16 +3171,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -60058,7 +60807,7 @@ index 502f0fd..bf3b3c1 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3583,7 +3583,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3607,7 +3607,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -60067,7 +60816,7 @@ index 502f0fd..bf3b3c1 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3643,7 +3643,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3667,7 +3667,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -60076,7 +60825,7 @@ index 502f0fd..bf3b3c1 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3732,7 +3732,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3756,7 +3756,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -60085,7 +60834,7 @@ index 502f0fd..bf3b3c1 100644 return err; } -@@ -3750,7 +3750,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3774,7 +3774,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -60108,7 +60857,7 @@ index 04434ad..6404663 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 25b327e..56f169d 100644 +index a46030d..1477295 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -61892,185 +62641,6 @@ index e846a32..bb06bd0 100644 put_cpu_var(last_ino); return res; } -diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c -index 4a9e10e..a9daccb 100644 ---- a/fs/isofs/inode.c -+++ b/fs/isofs/inode.c -@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb) - return; - } - --static int isofs_read_inode(struct inode *); -+static int isofs_read_inode(struct inode *, int relocated); - static int isofs_statfs (struct dentry *, struct kstatfs *); - - static struct kmem_cache *isofs_inode_cachep; -@@ -1258,7 +1258,7 @@ out_toomany: - goto out; - } - --static int isofs_read_inode(struct inode *inode) -+static int isofs_read_inode(struct inode *inode, int relocated) - { - struct super_block *sb = inode->i_sb; - struct isofs_sb_info *sbi = ISOFS_SB(sb); -@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode) - */ - - if (!high_sierra) { -- parse_rock_ridge_inode(de, inode); -+ parse_rock_ridge_inode(de, inode, relocated); - /* if we want uid/gid set, override the rock ridge setting */ - if (sbi->s_uid_set) - inode->i_uid = sbi->s_uid; -@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data) - * offset that point to the underlying meta-data for the inode. The - * code below is otherwise similar to the iget() code in - * include/linux/fs.h */ --struct inode *isofs_iget(struct super_block *sb, -- unsigned long block, -- unsigned long offset) -+struct inode *__isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset, -+ int relocated) - { - unsigned long hashval; - struct inode *inode; -@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb, - return ERR_PTR(-ENOMEM); - - if (inode->i_state & I_NEW) { -- ret = isofs_read_inode(inode); -+ ret = isofs_read_inode(inode, relocated); - if (ret < 0) { - iget_failed(inode); - inode = ERR_PTR(ret); -diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h -index 9916723..0ac4c1f 100644 ---- a/fs/isofs/isofs.h -+++ b/fs/isofs/isofs.h -@@ -107,7 +107,7 @@ extern int iso_date(char *, int); - - struct inode; /* To make gcc happy */ - --extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *); -+extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated); - extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *); - extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *); - -@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int - extern struct buffer_head *isofs_bread(struct inode *, sector_t); - extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long); - --extern struct inode *isofs_iget(struct super_block *sb, -- unsigned long block, -- unsigned long offset); -+struct inode *__isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset, -+ int relocated); -+ -+static inline struct inode *isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset) -+{ -+ return __isofs_iget(sb, block, offset, 0); -+} -+ -+static inline struct inode *isofs_iget_reloc(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset) -+{ -+ return __isofs_iget(sb, block, offset, 1); -+} - - /* Because the inode number is no longer relevant to finding the - * underlying meta-data for an inode, we are free to choose a more -diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c -index c0bf424..f488bba 100644 ---- a/fs/isofs/rock.c -+++ b/fs/isofs/rock.c -@@ -288,12 +288,16 @@ eio: - goto out; - } - -+#define RR_REGARD_XA 1 -+#define RR_RELOC_DE 2 -+ - static int - parse_rock_ridge_inode_internal(struct iso_directory_record *de, -- struct inode *inode, int regard_xa) -+ struct inode *inode, int flags) - { - int symlink_len = 0; - int cnt, sig; -+ unsigned int reloc_block; - struct inode *reloc; - struct rock_ridge *rr; - int rootflag; -@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de, - - init_rock_state(&rs, inode); - setup_rock_ridge(de, inode, &rs); -- if (regard_xa) { -+ if (flags & RR_REGARD_XA) { - rs.chr += 14; - rs.len -= 14; - if (rs.len < 0) -@@ -485,12 +489,22 @@ repeat: - "relocated directory\n"); - goto out; - case SIG('C', 'L'): -- ISOFS_I(inode)->i_first_extent = -- isonum_733(rr->u.CL.location); -- reloc = -- isofs_iget(inode->i_sb, -- ISOFS_I(inode)->i_first_extent, -- 0); -+ if (flags & RR_RELOC_DE) { -+ printk(KERN_ERR -+ "ISOFS: Recursive directory relocation " -+ "is not supported\n"); -+ goto eio; -+ } -+ reloc_block = isonum_733(rr->u.CL.location); -+ if (reloc_block == ISOFS_I(inode)->i_iget5_block && -+ ISOFS_I(inode)->i_iget5_offset == 0) { -+ printk(KERN_ERR -+ "ISOFS: Directory relocation points to " -+ "itself\n"); -+ goto eio; -+ } -+ ISOFS_I(inode)->i_first_extent = reloc_block; -+ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0); - if (IS_ERR(reloc)) { - ret = PTR_ERR(reloc); - goto out; -@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) - return rpnt; - } - --int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) -+int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode, -+ int relocated) - { -- int result = parse_rock_ridge_inode_internal(de, inode, 0); -+ int flags = relocated ? RR_RELOC_DE : 0; -+ int result = parse_rock_ridge_inode_internal(de, inode, flags); - - /* - * if rockridge flag was reset and we didn't look for attributes -@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) - */ - if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1) - && (ISOFS_SB(inode->i_sb)->s_rock == 2)) { -- result = parse_rock_ridge_inode_internal(de, inode, 14); -+ result = parse_rock_ridge_inode_internal(de, inode, -+ flags | RR_REGARD_XA); - } - return result; - } diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index 4a6cf28..d3a29d3 100644 --- a/fs/jffs2/erase.c @@ -62306,10 +62876,10 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index bdea109..e242796 100644 +index dd2f2c5..27e6c48 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -330,17 +330,34 @@ int generic_permission(struct inode *inode, int mask) +@@ -331,17 +331,34 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -62347,7 +62917,7 @@ index bdea109..e242796 100644 * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -349,14 +366,6 @@ int generic_permission(struct inode *inode, int mask) +@@ -350,14 +367,6 @@ int generic_permission(struct inode *inode, int mask) if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) return 0; @@ -62362,7 +62932,7 @@ index bdea109..e242796 100644 return -EACCES; } -@@ -822,7 +831,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -821,7 +830,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) { struct dentry *dentry = link->dentry; int error; @@ -62371,7 +62941,7 @@ index bdea109..e242796 100644 BUG_ON(nd->flags & LOOKUP_RCU); -@@ -843,6 +852,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -842,6 +851,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) if (error) goto out_put_nd_path; @@ -62384,7 +62954,45 @@ index bdea109..e242796 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1591,6 +1606,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1131,6 +1146,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, + + static int follow_dotdot_rcu(struct nameidata *nd) + { ++ struct inode *inode = nd->inode; + if (!nd->root.mnt) + set_root_rcu(nd); + +@@ -1144,6 +1160,7 @@ static int follow_dotdot_rcu(struct nameidata *nd) + struct dentry *parent = old->d_parent; + unsigned seq; + ++ inode = parent->d_inode; + seq = read_seqcount_begin(&parent->d_seq); + if (read_seqcount_retry(&old->d_seq, nd->seq)) + goto failed; +@@ -1153,6 +1170,7 @@ static int follow_dotdot_rcu(struct nameidata *nd) + } + if (!follow_up_rcu(&nd->path)) + break; ++ inode = nd->path.dentry->d_inode; + nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); + } + while (d_mountpoint(nd->path.dentry)) { +@@ -1162,11 +1180,12 @@ static int follow_dotdot_rcu(struct nameidata *nd) + break; + nd->path.mnt = &mounted->mnt; + nd->path.dentry = mounted->mnt.mnt_root; ++ inode = nd->path.dentry->d_inode; + nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); + if (!read_seqretry(&mount_lock, nd->m_seq)) + goto failed; + } +- nd->inode = nd->path.dentry->d_inode; ++ nd->inode = inode; + return 0; + + failed: +@@ -1593,6 +1612,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -62393,7 +63001,7 @@ index bdea109..e242796 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1664,7 +1681,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1665,7 +1686,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -62402,7 +63010,23 @@ index bdea109..e242796 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1948,6 +1965,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1894,7 +1915,14 @@ static int path_init(int dfd, const char *name, unsigned int flags, + } + + nd->inode = nd->path.dentry->d_inode; +- return 0; ++ if (!(flags & LOOKUP_RCU)) ++ return 0; ++ if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) ++ return 0; ++ if (!(nd->flags & LOOKUP_ROOT)) ++ nd->root.mnt = NULL; ++ rcu_read_unlock(); ++ return -ECHILD; + } + + static inline int lookup_last(struct nameidata *nd, struct path *path) +@@ -1949,6 +1977,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -62411,7 +63035,7 @@ index bdea109..e242796 100644 put_link(nd, &link, cookie); } } -@@ -1955,6 +1974,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1956,6 +1986,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -62423,9 +63047,9 @@ index bdea109..e242796 100644 + } + if (!err && nd->flags & LOOKUP_DIRECTORY) { - if (!d_is_directory(nd->path.dentry)) { + if (!d_can_lookup(nd->path.dentry)) { path_put(&nd->path); -@@ -1982,8 +2008,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -1983,8 +2020,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -62442,7 +63066,7 @@ index bdea109..e242796 100644 return retval; } -@@ -2558,6 +2591,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2559,6 +2603,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -62456,7 +63080,7 @@ index bdea109..e242796 100644 return 0; } -@@ -2789,7 +2829,7 @@ looked_up: +@@ -2790,7 +2841,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -62465,7 +63089,7 @@ index bdea109..e242796 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2824,6 +2864,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2825,6 +2876,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -62483,7 +63107,7 @@ index bdea109..e242796 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2845,6 +2896,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2846,6 +2908,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -62492,7 +63116,7 @@ index bdea109..e242796 100644 } out_no_open: path->dentry = dentry; -@@ -2859,7 +2912,7 @@ out_dput: +@@ -2860,7 +2924,7 @@ out_dput: /* * Handle the last step of open() */ @@ -62501,7 +63125,7 @@ index bdea109..e242796 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2909,6 +2962,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2910,6 +2974,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -62517,7 +63141,7 @@ index bdea109..e242796 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2928,7 +2990,7 @@ retry_lookup: +@@ -2929,7 +3002,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -62526,7 +63150,7 @@ index bdea109..e242796 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2952,11 +3014,28 @@ retry_lookup: +@@ -2953,11 +3026,28 @@ retry_lookup: goto finish_open_created; } @@ -62556,7 +63180,7 @@ index bdea109..e242796 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2997,6 +3076,11 @@ finish_lookup: +@@ -2998,6 +3088,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -62568,7 +63192,7 @@ index bdea109..e242796 100644 return 1; } -@@ -3006,7 +3090,6 @@ finish_lookup: +@@ -3007,7 +3102,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -62576,7 +63200,7 @@ index bdea109..e242796 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3016,7 +3099,18 @@ finish_open: +@@ -3017,7 +3111,18 @@ finish_open: path_put(&save_parent); return error; } @@ -62593,9 +63217,9 @@ index bdea109..e242796 100644 audit_inode(name, nd->path.dentry, 0); + error = -EISDIR; - if ((open_flag & O_CREAT) && - (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3180,7 +3274,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, + if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) + goto out; +@@ -3180,7 +3285,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -62604,7 +63228,7 @@ index bdea109..e242796 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3198,7 +3292,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3198,7 +3303,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -62613,7 +63237,7 @@ index bdea109..e242796 100644 put_link(nd, &link, cookie); } out: -@@ -3298,9 +3392,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3298,9 +3403,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -62627,7 +63251,7 @@ index bdea109..e242796 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3352,6 +3448,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3352,6 +3459,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -62648,7 +63272,7 @@ index bdea109..e242796 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3414,6 +3524,17 @@ retry: +@@ -3414,6 +3535,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -62666,7 +63290,7 @@ index bdea109..e242796 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3430,6 +3551,8 @@ retry: +@@ -3430,6 +3562,8 @@ retry: break; } out: @@ -62675,7 +63299,7 @@ index bdea109..e242796 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3482,9 +3605,16 @@ retry: +@@ -3482,9 +3616,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -62692,7 +63316,7 @@ index bdea109..e242796 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3565,6 +3695,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3565,6 +3706,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -62701,7 +63325,7 @@ index bdea109..e242796 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3597,10 +3729,21 @@ retry: +@@ -3597,10 +3740,21 @@ retry: error = -ENOENT; goto exit3; } @@ -62723,7 +63347,7 @@ index bdea109..e242796 100644 exit3: dput(dentry); exit2: -@@ -3690,6 +3833,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3690,6 +3844,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -62732,7 +63356,7 @@ index bdea109..e242796 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3716,10 +3861,22 @@ retry_deleg: +@@ -3716,10 +3872,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -62755,7 +63379,7 @@ index bdea109..e242796 100644 exit2: dput(dentry); } -@@ -3807,9 +3964,17 @@ retry: +@@ -3807,9 +3975,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -62773,7 +63397,7 @@ index bdea109..e242796 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3912,6 +4077,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3912,6 +4088,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -62781,7 +63405,7 @@ index bdea109..e242796 100644 int how = 0; int error; -@@ -3935,7 +4101,7 @@ retry: +@@ -3935,7 +4112,7 @@ retry: if (error) return error; @@ -62790,7 +63414,7 @@ index bdea109..e242796 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3947,11 +4113,28 @@ retry: +@@ -3947,11 +4124,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -62819,7 +63443,7 @@ index bdea109..e242796 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4238,6 +4421,12 @@ retry_deleg: +@@ -4238,6 +4432,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -62832,7 +63456,7 @@ index bdea109..e242796 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4245,6 +4434,9 @@ retry_deleg: +@@ -4245,6 +4445,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -62842,7 +63466,7 @@ index bdea109..e242796 100644 exit5: dput(new_dentry); exit4: -@@ -4281,6 +4473,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4281,6 +4484,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -62851,7 +63475,7 @@ index bdea109..e242796 100644 int len; len = PTR_ERR(link); -@@ -4290,7 +4484,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4290,7 +4495,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -62868,10 +63492,10 @@ index bdea109..e242796 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 65233a5..82ac953 100644 +index 75536db..5cda729 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1339,6 +1339,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1369,6 +1369,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -62881,7 +63505,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -1361,6 +1364,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1391,6 +1394,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -62891,7 +63515,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -1380,7 +1386,7 @@ static inline bool may_mount(void) +@@ -1410,7 +1416,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -62900,7 +63524,7 @@ index 65233a5..82ac953 100644 { struct path path; struct mount *mnt; -@@ -1422,7 +1428,7 @@ out: +@@ -1452,7 +1458,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -62909,7 +63533,7 @@ index 65233a5..82ac953 100644 { return sys_umount(name, 0); } -@@ -2431,6 +2437,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2501,6 +2507,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -62926,7 +63550,7 @@ index 65233a5..82ac953 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2445,6 +2461,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2515,6 +2531,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -62936,7 +63560,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -2462,7 +2481,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2532,7 +2551,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -62945,7 +63569,7 @@ index 65233a5..82ac953 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2477,7 +2496,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2547,7 +2566,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -62954,7 +63578,7 @@ index 65233a5..82ac953 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2487,7 +2506,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2557,7 +2576,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -62963,7 +63587,7 @@ index 65233a5..82ac953 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2608,8 +2627,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2678,8 +2697,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -62974,7 +63598,7 @@ index 65233a5..82ac953 100644 { int ret; char *kernel_type; -@@ -2722,6 +2741,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2792,6 +2811,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -62986,7 +63610,7 @@ index 65233a5..82ac953 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -2990,7 +3014,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -3060,7 +3084,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -63032,19 +63656,6 @@ index 15f9d98..082c625 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) -diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c -index 8f854dd..d0fec26 100644 ---- a/fs/nfs/nfs3acl.c -+++ b/fs/nfs/nfs3acl.c -@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data, - char *p = data + *result; - - acl = get_acl(inode, type); -- if (!acl) -+ if (IS_ERR_OR_NULL(acl)) - return 0; - - posix_acl_release(acl); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index f23a6ca..730ddcc 100644 --- a/fs/nfsd/nfs4proc.c @@ -63072,7 +63683,7 @@ index 8657335..cd3e37f 100644 [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index f8f060f..c4ba09a 100644 +index f8f060f..d9a7258 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c @@ -519,14 +519,17 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) @@ -63096,6 +63707,15 @@ index f8f060f..c4ba09a 100644 /* Don't cache excessive amounts of data and XDR failures */ if (!statp || len > (256 >> 2)) { +@@ -537,7 +540,7 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) + switch (cachetype) { + case RC_REPLSTAT: + if (len != 1) +- printk("nfsd: RC_REPLSTAT/reply len %d!\n",len); ++ printk("nfsd: RC_REPLSTAT/reply len %ld!\n",len); + rp->c_replstat = *statp; + break; + case RC_REPLBUFF: diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index eea5ad1..5a84ac7 100644 --- a/fs/nfsd/vfs.c @@ -63128,7 +63748,7 @@ index eea5ad1..5a84ac7 100644 if (host_err < 0) diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c -index 52ccd34..43a53b1 100644 +index 52ccd34..7a6b202 100644 --- a/fs/nls/nls_base.c +++ b/fs/nls/nls_base.c @@ -234,21 +234,25 @@ EXPORT_SYMBOL(utf16s_to_utf8s); @@ -63180,6 +63800,24 @@ index 52ccd34..43a53b1 100644 spin_unlock(&nls_lock); return 0; } +@@ -272,7 +278,7 @@ int unregister_nls(struct nls_table * nls) + return -EINVAL; + } + +-static struct nls_table *find_nls(char *charset) ++static struct nls_table *find_nls(const char *charset) + { + struct nls_table *nls; + spin_lock(&nls_lock); +@@ -288,7 +294,7 @@ static struct nls_table *find_nls(char *charset) + return nls; + } + +-struct nls_table *load_nls(char *charset) ++struct nls_table *load_nls(const char *charset) + { + return try_then_request_module(find_nls(charset), "nls_%s", charset); + } diff --git a/fs/nls/nls_euc-jp.c b/fs/nls/nls_euc-jp.c index 162b3f1..6076a7c 100644 --- a/fs/nls/nls_euc-jp.c @@ -63887,7 +64525,7 @@ index 2183fcf..3c32a98 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 656e401..b5b86b9 100644 +index baf3464..6873520 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -63898,7 +64536,7 @@ index 656e401..b5b86b9 100644 #include <linux/proc_fs.h> #include <linux/ioport.h> #include <linux/uaccess.h> -@@ -356,6 +357,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) +@@ -347,6 +348,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) seq_putc(m, '\n'); } @@ -63920,7 +64558,7 @@ index 656e401..b5b86b9 100644 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -@@ -374,9 +390,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -365,9 +381,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); @@ -63945,7 +64583,7 @@ index 656e401..b5b86b9 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -398,6 +429,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -389,6 +420,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, char tcomm[sizeof(task->comm)]; unsigned long flags; @@ -63959,7 +64597,7 @@ index 656e401..b5b86b9 100644 state = *get_task_state(task); vsize = eip = esp = 0; permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); -@@ -468,6 +506,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -459,6 +497,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task_gtime(task); } @@ -63979,7 +64617,7 @@ index 656e401..b5b86b9 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -504,9 +555,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -495,9 +546,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', vsize); seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0); seq_put_decimal_ull(m, ' ', rsslim); @@ -63995,7 +64633,7 @@ index 656e401..b5b86b9 100644 seq_put_decimal_ull(m, ' ', esp); seq_put_decimal_ull(m, ' ', eip); /* The signal information here is obsolete. -@@ -528,7 +585,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -519,7 +576,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); @@ -64008,7 +64646,7 @@ index 656e401..b5b86b9 100644 seq_put_decimal_ull(m, ' ', mm->start_data); seq_put_decimal_ull(m, ' ', mm->end_data); seq_put_decimal_ull(m, ' ', mm->start_brk); -@@ -566,8 +627,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -557,8 +618,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -64025,7 +64663,7 @@ index 656e401..b5b86b9 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -590,6 +658,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -581,6 +649,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -66171,6 +66809,133 @@ index e18b988..f1d4ad0f 100644 { int err; +diff --git a/fs/udf/inode.c b/fs/udf/inode.c +index 982ce05..c693331 100644 +--- a/fs/udf/inode.c ++++ b/fs/udf/inode.c +@@ -51,7 +51,6 @@ MODULE_LICENSE("GPL"); + + static umode_t udf_convert_permissions(struct fileEntry *); + static int udf_update_inode(struct inode *, int); +-static void udf_fill_inode(struct inode *, struct buffer_head *); + static int udf_sync_inode(struct inode *inode); + static int udf_alloc_i_data(struct inode *inode, size_t size); + static sector_t inode_getblk(struct inode *, sector_t, int *, int *); +@@ -1271,13 +1270,25 @@ update_time: + return 0; + } + ++/* ++ * Maximum length of linked list formed by ICB hierarchy. The chosen number is ++ * arbitrary - just that we hopefully don't limit any real use of rewritten ++ * inode on write-once media but avoid looping for too long on corrupted media. ++ */ ++#define UDF_MAX_ICB_NESTING 1024 ++ + static void __udf_read_inode(struct inode *inode) + { + struct buffer_head *bh = NULL; + struct fileEntry *fe; ++ struct extendedFileEntry *efe; + uint16_t ident; + struct udf_inode_info *iinfo = UDF_I(inode); ++ struct udf_sb_info *sbi = UDF_SB(inode->i_sb); ++ unsigned int link_count; ++ unsigned int indirections = 0; + ++reread: + /* + * Set defaults, but the inode is still incomplete! + * Note: get_new_inode() sets the following on a new inode: +@@ -1307,6 +1318,7 @@ static void __udf_read_inode(struct inode *inode) + } + + fe = (struct fileEntry *)bh->b_data; ++ efe = (struct extendedFileEntry *)bh->b_data; + + if (fe->icbTag.strategyType == cpu_to_le16(4096)) { + struct buffer_head *ibh; +@@ -1314,28 +1326,26 @@ static void __udf_read_inode(struct inode *inode) + ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1, + &ident); + if (ident == TAG_IDENT_IE && ibh) { +- struct buffer_head *nbh = NULL; + struct kernel_lb_addr loc; + struct indirectEntry *ie; + + ie = (struct indirectEntry *)ibh->b_data; + loc = lelb_to_cpu(ie->indirectICB.extLocation); + +- if (ie->indirectICB.extLength && +- (nbh = udf_read_ptagged(inode->i_sb, &loc, 0, +- &ident))) { +- if (ident == TAG_IDENT_FE || +- ident == TAG_IDENT_EFE) { +- memcpy(&iinfo->i_location, +- &loc, +- sizeof(struct kernel_lb_addr)); +- brelse(bh); +- brelse(ibh); +- brelse(nbh); +- __udf_read_inode(inode); ++ if (ie->indirectICB.extLength) { ++ brelse(bh); ++ brelse(ibh); ++ memcpy(&iinfo->i_location, &loc, ++ sizeof(struct kernel_lb_addr)); ++ if (++indirections > UDF_MAX_ICB_NESTING) { ++ udf_err(inode->i_sb, ++ "too many ICBs in ICB hierarchy" ++ " (max %d supported)\n", ++ UDF_MAX_ICB_NESTING); ++ make_bad_inode(inode); + return; + } +- brelse(nbh); ++ goto reread; + } + } + brelse(ibh); +@@ -1346,22 +1356,6 @@ static void __udf_read_inode(struct inode *inode) + make_bad_inode(inode); + return; + } +- udf_fill_inode(inode, bh); +- +- brelse(bh); +-} +- +-static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) +-{ +- struct fileEntry *fe; +- struct extendedFileEntry *efe; +- struct udf_sb_info *sbi = UDF_SB(inode->i_sb); +- struct udf_inode_info *iinfo = UDF_I(inode); +- unsigned int link_count; +- +- fe = (struct fileEntry *)bh->b_data; +- efe = (struct extendedFileEntry *)bh->b_data; +- + if (fe->icbTag.strategyType == cpu_to_le16(4)) + iinfo->i_strat4096 = 0; + else /* if (fe->icbTag.strategyType == cpu_to_le16(4096)) */ +@@ -1551,6 +1545,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) + } else + make_bad_inode(inode); + } ++ brelse(bh); + } + + static int udf_alloc_i_data(struct inode *inode, size_t size) +@@ -1664,7 +1659,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) + FE_PERM_U_DELETE | FE_PERM_U_CHATTR)); + fe->permissions = cpu_to_le32(udfperms); + +- if (S_ISDIR(inode->i_mode)) ++ if (S_ISDIR(inode->i_mode) && inode->i_nlink > 0) + fe->fileLinkCount = cpu_to_le16(inode->i_nlink - 1); + else + fe->fileLinkCount = cpu_to_le16(inode->i_nlink); diff --git a/fs/udf/misc.c b/fs/udf/misc.c index c175b4d..8f36a16 100644 --- a/fs/udf/misc.c @@ -78421,10 +79186,10 @@ index 17e7e82..1d7da26 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index 84b13ad..d7b6550 100644 +index aa93e5e..18bb953 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -212,8 +212,13 @@ extern bool capable(int cap); +@@ -215,8 +215,13 @@ extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); @@ -78892,7 +79657,7 @@ index 653589e..4ef254a 100644 return c | 0x20; } diff --git a/include/linux/dcache.h b/include/linux/dcache.h -index bf72e9a..4ca7927 100644 +index 3b50cac..71a4cec 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h @@ -133,7 +133,7 @@ struct dentry { @@ -80661,10 +81426,28 @@ index 0000000..e7ffaaf + +#endif diff --git a/include/linux/hash.h b/include/linux/hash.h -index bd1754c..8240892 100644 +index bd1754c..69b7715 100644 --- a/include/linux/hash.h +++ b/include/linux/hash.h -@@ -83,7 +83,7 @@ static inline u32 hash32_ptr(const void *ptr) +@@ -37,6 +37,9 @@ static __always_inline u64 hash_64(u64 val, unsigned int bits) + { + u64 hash = val; + ++#if defined(CONFIG_ARCH_HAS_FAST_MULTIPLIER) && BITS_PER_LONG == 64 ++ hash = hash * GOLDEN_RATIO_PRIME_64; ++#else + /* Sigh, gcc can't optimise this alone like it does for 32 bits. */ + u64 n = hash; + n <<= 18; +@@ -51,6 +54,7 @@ static __always_inline u64 hash_64(u64 val, unsigned int bits) + hash += n; + n <<= 2; + hash += n; ++#endif + + /* High bits are more random, so use them. */ + return hash >> (64 - bits); +@@ -83,7 +87,7 @@ static inline u32 hash32_ptr(const void *ptr) struct fast_hash_ops { u32 (*hash)(const void *data, u32 len, u32 seed); u32 (*hash2)(const u32 *data, u32 len, u32 seed); @@ -81180,6 +81963,47 @@ index ef95941..82db65a 100644 /** * list_move - delete from one list and add as another's head * @list: the entry to move +diff --git a/include/linux/lockref.h b/include/linux/lockref.h +index 4bfde0e..d6e2e09 100644 +--- a/include/linux/lockref.h ++++ b/include/linux/lockref.h +@@ -47,4 +47,36 @@ static inline int __lockref_is_dead(const struct lockref *l) + return ((int)l->count < 0); + } + ++static inline unsigned int __lockref_read(struct lockref *lockref) ++{ ++ return lockref->count; ++} ++ ++static inline void __lockref_set(struct lockref *lockref, unsigned int count) ++{ ++ lockref->count = count; ++} ++ ++static inline void __lockref_inc(struct lockref *lockref) ++{ ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ atomic_inc((atomic_t *)&lockref->count); ++#else ++ lockref->count++; ++#endif ++ ++} ++ ++static inline void __lockref_dec(struct lockref *lockref) ++{ ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ atomic_dec((atomic_t *)&lockref->count); ++#else ++ lockref->count--; ++#endif ++ ++} ++ + #endif /* __LINUX_LOCKREF_H */ diff --git a/include/linux/math64.h b/include/linux/math64.h index c45c089..298841c 100644 --- a/include/linux/math64.h @@ -81832,10 +82656,10 @@ index c3eb102..073c4a6 100644 .ops = ¶m_ops_##type, \ .elemsize = sizeof(array[0]), .elem = array }; \ diff --git a/include/linux/mount.h b/include/linux/mount.h -index 839bac2..a96b37c 100644 +index b0c1e65..fd6baf1 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h -@@ -59,7 +59,7 @@ struct vfsmount { +@@ -66,7 +66,7 @@ struct vfsmount { struct dentry *mnt_root; /* root of the mounted tree */ struct super_block *mnt_sb; /* pointer to superblock */ int mnt_flags; @@ -81948,7 +82772,7 @@ index 0000000..33f4af8 + +#endif diff --git a/include/linux/nls.h b/include/linux/nls.h -index 520681b..1d67ed2 100644 +index 520681b..2b7fabb 100644 --- a/include/linux/nls.h +++ b/include/linux/nls.h @@ -31,7 +31,7 @@ struct nls_table { @@ -81960,6 +82784,15 @@ index 520681b..1d67ed2 100644 /* this value hold the maximum octet of charset */ #define NLS_MAX_CHARSET_SIZE 6 /* for UTF-8 */ +@@ -46,7 +46,7 @@ enum utf16_endian { + /* nls_base.c */ + extern int __register_nls(struct nls_table *, struct module *); + extern int unregister_nls(struct nls_table *); +-extern struct nls_table *load_nls(char *); ++extern struct nls_table *load_nls(const char *); + extern void unload_nls(struct nls_table *); + extern struct nls_table *load_nls_default(void); + #define register_nls(nls) __register_nls((nls), THIS_MODULE) diff --git a/include/linux/notifier.h b/include/linux/notifier.h index d14a4c3..a078786 100644 --- a/include/linux/notifier.h @@ -83897,27 +84730,29 @@ index 6f8fbcf..4efc177 100644 + MODULE_GRSEC MODULE_RANDSTRUCT_PLUGIN diff --git a/include/linux/vga_switcheroo.h b/include/linux/vga_switcheroo.h -index 502073a..a7de024 100644 +index b483abd..af305ad 100644 --- a/include/linux/vga_switcheroo.h +++ b/include/linux/vga_switcheroo.h -@@ -63,8 +63,8 @@ int vga_switcheroo_get_client_state(struct pci_dev *dev); +@@ -63,9 +63,9 @@ int vga_switcheroo_get_client_state(struct pci_dev *dev); void vga_switcheroo_set_dynamic_switch(struct pci_dev *pdev, enum vga_switcheroo_state dynamic); -int vga_switcheroo_init_domain_pm_ops(struct device *dev, struct dev_pm_domain *domain); --int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, struct dev_pm_domain *domain); +int vga_switcheroo_init_domain_pm_ops(struct device *dev, dev_pm_domain_no_const *domain); + void vga_switcheroo_fini_domain_pm_ops(struct device *dev); +-int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, struct dev_pm_domain *domain); +int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, dev_pm_domain_no_const *domain); #else static inline void vga_switcheroo_unregister_client(struct pci_dev *dev) {} -@@ -81,8 +81,8 @@ static inline int vga_switcheroo_get_client_state(struct pci_dev *dev) { return +@@ -82,9 +82,9 @@ static inline int vga_switcheroo_get_client_state(struct pci_dev *dev) { return static inline void vga_switcheroo_set_dynamic_switch(struct pci_dev *pdev, enum vga_switcheroo_state dynamic) {} -static inline int vga_switcheroo_init_domain_pm_ops(struct device *dev, struct dev_pm_domain *domain) { return -EINVAL; } --static inline int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, struct dev_pm_domain *domain) { return -EINVAL; } +static inline int vga_switcheroo_init_domain_pm_ops(struct device *dev, dev_pm_domain_no_const *domain) { return -EINVAL; } + static inline void vga_switcheroo_fini_domain_pm_ops(struct device *dev) {} +-static inline int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, struct dev_pm_domain *domain) { return -EINVAL; } +static inline int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, dev_pm_domain_no_const *domain) { return -EINVAL; } #endif @@ -84215,7 +85050,7 @@ index c55aeed..b3393f4 100644 /** inet_connection_sock - INET connection oriented sock * diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h -index 823ec7b..1af4453 100644 +index 823ec7b..44c938c 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h @@ -47,7 +47,7 @@ struct inet_peer { @@ -84223,7 +85058,7 @@ index 823ec7b..1af4453 100644 union { struct { - atomic_t rid; /* Frag reception counter */ -+ atomic_unchecked_t rid; /* Frag reception counter */ ++ atomic_unchecked_t rid; /* Frag reception counter */ }; struct rcu_head rcu; struct inet_peer *gc_next; @@ -84890,10 +85725,10 @@ index 52beadf..598734c 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index b4f1eff..7fdbd46 100644 +index 409fafb..efc53b0 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -180,9 +180,9 @@ struct scsi_device { +@@ -181,9 +181,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -85305,7 +86140,7 @@ index fe94bb9..c9e51c2 100644 } __attribute__ ((packed)); diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h -index c38355c..17a57bc 100644 +index 1590c49..5eab462 100644 --- a/include/uapi/linux/xattr.h +++ b/include/uapi/linux/xattr.h @@ -73,5 +73,9 @@ @@ -86190,7 +87025,7 @@ index 8d6e145..33e0b1e 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 0c9dc86..a891393 100644 +index 2c0ecd1..80d068a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -122,7 +122,7 @@ u32 audit_sig_sid = 0; @@ -86252,7 +87087,7 @@ index 619b58d..e58d957 100644 task->sessionid = sessionid; task->loginuid = loginuid; diff --git a/kernel/capability.c b/kernel/capability.c -index 1191a44..7c81292 100644 +index 00adb21..d5954a8 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -86265,7 +87100,7 @@ index 1191a44..7c81292 100644 if (copy_to_user(dataptr, kdata, tocopy * sizeof(struct __user_cap_data_struct))) { return -EFAULT; -@@ -303,10 +306,11 @@ bool has_ns_capability(struct task_struct *t, +@@ -307,10 +310,11 @@ bool has_ns_capability(struct task_struct *t, int ret; rcu_read_lock(); @@ -86279,7 +87114,7 @@ index 1191a44..7c81292 100644 } /** -@@ -343,10 +347,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, +@@ -347,10 +351,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, int ret; rcu_read_lock(); @@ -86292,7 +87127,7 @@ index 1191a44..7c81292 100644 } /** -@@ -384,7 +388,7 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -388,7 +392,7 @@ bool ns_capable(struct user_namespace *ns, int cap) BUG(); } @@ -86301,7 +87136,7 @@ index 1191a44..7c81292 100644 current->flags |= PF_SUPERPRIV; return true; } -@@ -392,6 +396,21 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -396,6 +400,21 @@ bool ns_capable(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable); @@ -86323,7 +87158,7 @@ index 1191a44..7c81292 100644 /** * file_ns_capable - Determine if the file's opener had a capability in effect * @file: The file we want to check -@@ -432,6 +451,12 @@ bool capable(int cap) +@@ -436,6 +455,12 @@ bool capable(int cap) } EXPORT_SYMBOL(capable); @@ -86336,7 +87171,7 @@ index 1191a44..7c81292 100644 /** * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped * @inode: The inode in question -@@ -449,3 +474,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) +@@ -453,3 +478,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) kgid_has_mapping(ns, inode->i_gid); } EXPORT_SYMBOL(capable_wrt_inode_uidgid); @@ -86350,10 +87185,10 @@ index 1191a44..7c81292 100644 +} +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 0c753dd..3ce8cca 100644 +index 550e205..b0a7f7d 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5190,6 +5190,14 @@ static void cgroup_release_agent(struct work_struct *work) +@@ -5189,6 +5189,14 @@ static void cgroup_release_agent(struct work_struct *work) release_list); list_del_init(&cgrp->release_list); raw_spin_unlock(&release_list_lock); @@ -86368,7 +87203,7 @@ index 0c753dd..3ce8cca 100644 pathbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); if (!pathbuf) goto continue_free; -@@ -5372,7 +5380,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) +@@ -5371,7 +5379,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) struct css_set *cset = link->cset; struct task_struct *task; int count = 0; @@ -86794,7 +87629,7 @@ index 0b097c8..11dd5c5 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index f774e93..c602612 100644 +index 3a140ca..6624485 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu; @@ -86832,7 +87667,7 @@ index f774e93..c602612 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -3000,7 +3007,7 @@ static void __perf_event_read(void *info) +@@ -3010,7 +3017,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -86841,7 +87676,7 @@ index f774e93..c602612 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3365,9 +3372,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3375,9 +3382,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -86853,7 +87688,7 @@ index f774e93..c602612 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3796,10 +3803,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3806,10 +3813,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -86866,7 +87701,7 @@ index f774e93..c602612 100644 arch_perf_update_userpage(userpg, now); -@@ -4350,7 +4357,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, +@@ -4360,7 +4367,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, /* Data. */ sp = perf_user_stack_pointer(regs); @@ -86875,7 +87710,7 @@ index f774e93..c602612 100644 dyn_size = dump_size - rem; perf_output_skip(handle, rem); -@@ -4441,11 +4448,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -4451,11 +4458,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -86889,7 +87724,7 @@ index f774e93..c602612 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -6724,7 +6731,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6734,7 +6741,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(task_active_pid_ns(current)); @@ -86898,7 +87733,7 @@ index f774e93..c602612 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -7024,6 +7031,11 @@ SYSCALL_DEFINE5(perf_event_open, +@@ -7034,6 +7041,11 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; @@ -86910,7 +87745,7 @@ index f774e93..c602612 100644 err = perf_copy_attr(attr_uptr, &attr); if (err) return err; -@@ -7362,10 +7374,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -7372,10 +7384,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -86924,6 +87759,18 @@ index f774e93..c602612 100644 &parent_event->child_total_time_running); /* +@@ -7836,8 +7848,10 @@ int perf_event_init_task(struct task_struct *child) + + for_each_task_context_nr(ctxn) { + ret = perf_event_init_context(child, ctxn); +- if (ret) ++ if (ret) { ++ perf_event_free_task(child); + return ret; ++ } + } + + return 0; diff --git a/kernel/events/internal.h b/kernel/events/internal.h index 569b2187..19940d9 100644 --- a/kernel/events/internal.h @@ -87042,7 +87889,7 @@ index 81b3d67..ef189a4 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index c44bff8..a3c5876 100644 +index c44bff8..7361260 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -180,6 +180,48 @@ void thread_info_cache_init(void) @@ -87412,6 +88259,15 @@ index c44bff8..a3c5876 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (p->real_cred->user != INIT_USER && +@@ -1323,7 +1428,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, + goto bad_fork_cleanup_policy; + retval = audit_alloc(p); + if (retval) +- goto bad_fork_cleanup_policy; ++ goto bad_fork_cleanup_perf; + /* copy all the process information */ + retval = copy_semundo(clone_flags, p); + if (retval) @@ -1449,6 +1554,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -87424,7 +88280,18 @@ index c44bff8..a3c5876 100644 if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); -@@ -1539,6 +1649,8 @@ bad_fork_cleanup_count: +@@ -1522,8 +1632,9 @@ bad_fork_cleanup_semundo: + exit_sem(p); + bad_fork_cleanup_audit: + audit_free(p); +-bad_fork_cleanup_policy: ++bad_fork_cleanup_perf: + perf_event_free_task(p); ++bad_fork_cleanup_policy: + #ifdef CONFIG_NUMA + mpol_put(p->mempolicy); + bad_fork_cleanup_cgroup: +@@ -1539,6 +1650,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -87433,7 +88300,7 @@ index c44bff8..a3c5876 100644 return ERR_PTR(retval); } -@@ -1600,6 +1712,7 @@ long do_fork(unsigned long clone_flags, +@@ -1600,6 +1713,7 @@ long do_fork(unsigned long clone_flags, p = copy_process(clone_flags, stack_start, stack_size, child_tidptr, NULL, trace); @@ -87441,7 +88308,7 @@ index c44bff8..a3c5876 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1616,6 +1729,8 @@ long do_fork(unsigned long clone_flags, +@@ -1616,6 +1730,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -87450,7 +88317,7 @@ index c44bff8..a3c5876 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1734,7 +1849,7 @@ void __init proc_caches_init(void) +@@ -1734,7 +1850,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -87459,7 +88326,7 @@ index c44bff8..a3c5876 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1774,7 +1889,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1774,7 +1890,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -87468,7 +88335,7 @@ index c44bff8..a3c5876 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1881,7 +1996,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1881,7 +1997,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -87479,7 +88346,7 @@ index c44bff8..a3c5876 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index e3087af..8e3b90f 100644 +index 0b0dc02..4730710 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -87529,7 +88396,7 @@ index e3087af..8e3b90f 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -3019,6 +3025,7 @@ static void __init futex_detect_cmpxchg(void) +@@ -3020,6 +3026,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; @@ -87537,7 +88404,7 @@ index e3087af..8e3b90f 100644 /* * This will fail and we want it. Some arch implementations do -@@ -3030,8 +3037,11 @@ static void __init futex_detect_cmpxchg(void) +@@ -3031,8 +3038,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -87771,10 +88638,10 @@ index 3127ad5..159d880 100644 return -ENOMEM; reset_iter(iter, 0); diff --git a/kernel/kcmp.c b/kernel/kcmp.c -index e30ac0f..3528cac 100644 +index 0aa69ea..a7fcafb 100644 --- a/kernel/kcmp.c +++ b/kernel/kcmp.c -@@ -99,6 +99,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, +@@ -100,6 +100,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, struct task_struct *task1, *task2; int ret; @@ -90564,7 +91431,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 515e212..268a828 100644 +index 677ebad..e39b352 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -90615,7 +91482,7 @@ index 515e212..268a828 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4726,8 +4732,10 @@ void idle_task_exit(void) +@@ -4727,8 +4733,10 @@ void idle_task_exit(void) BUG_ON(cpu_online(smp_processor_id())); @@ -90627,7 +91494,7 @@ index 515e212..268a828 100644 mmdrop(mm); } -@@ -4805,7 +4813,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4806,7 +4814,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -90636,7 +91503,7 @@ index 515e212..268a828 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4822,17 +4830,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4823,17 +4831,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -90658,7 +91525,7 @@ index 515e212..268a828 100644 /* * In the intermediate directories, both the child directory and -@@ -4840,22 +4848,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4841,22 +4849,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -90690,7 +91557,7 @@ index 515e212..268a828 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4875,7 +4886,7 @@ set_table_entry(struct ctl_table *entry, +@@ -4876,7 +4887,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -90699,7 +91566,7 @@ index 515e212..268a828 100644 if (table == NULL) return NULL; -@@ -4910,9 +4921,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -4911,9 +4922,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -90711,7 +91578,7 @@ index 515e212..268a828 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -4939,11 +4950,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -4940,11 +4951,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -90726,7 +91593,7 @@ index 515e212..268a828 100644 if (entry == NULL) return; -@@ -4966,8 +4979,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -4967,8 +4980,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -91463,10 +92330,10 @@ index 7c7964c..2a0d412 100644 update_vsyscall_tz(); if (firsttime) { diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index fe75444..190c528 100644 +index cd45a07..b8a1463 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c -@@ -811,7 +811,7 @@ static int __init alarmtimer_init(void) +@@ -823,7 +823,7 @@ static int __init alarmtimer_init(void) struct platform_device *pdev; int error = 0; int i; @@ -91730,7 +92597,7 @@ index e3be87e..7480b36 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 0954450..0ed035c 100644 +index 773aba8..0e70660 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -91756,7 +92623,7 @@ index 0954450..0ed035c 100644 local_t dropped_events; local_t committing; local_t commits; -@@ -991,8 +991,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1005,8 +1005,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -91767,7 +92634,7 @@ index 0954450..0ed035c 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -1020,8 +1020,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1034,8 +1034,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -91778,7 +92645,7 @@ index 0954450..0ed035c 100644 /* * No need to worry about races with clearing out the commit. -@@ -1385,12 +1385,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1399,12 +1399,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -91793,7 +92660,7 @@ index 0954450..0ed035c 100644 } static int -@@ -1485,7 +1485,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1499,7 +1499,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -91802,7 +92669,7 @@ index 0954450..0ed035c 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -2063,7 +2063,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2077,7 +2077,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -91811,7 +92678,7 @@ index 0954450..0ed035c 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2213,7 +2213,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2227,7 +2227,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -91820,7 +92687,7 @@ index 0954450..0ed035c 100644 return; } -@@ -2248,7 +2248,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2262,7 +2262,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -91829,7 +92696,7 @@ index 0954450..0ed035c 100644 return; } -@@ -2260,7 +2260,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2274,7 +2274,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -91838,7 +92705,7 @@ index 0954450..0ed035c 100644 } /* -@@ -2286,7 +2286,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2300,7 +2300,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -91847,7 +92714,7 @@ index 0954450..0ed035c 100644 goto out_reset; } -@@ -2342,7 +2342,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2356,7 +2356,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -91856,7 +92723,7 @@ index 0954450..0ed035c 100644 goto out_reset; } } -@@ -2390,7 +2390,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2404,7 +2404,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -91865,7 +92732,7 @@ index 0954450..0ed035c 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2414,7 +2414,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2428,7 +2428,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -91874,7 +92741,7 @@ index 0954450..0ed035c 100644 /* * If this is the first commit on the page, then update -@@ -2447,7 +2447,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2461,7 +2461,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -91883,7 +92750,7 @@ index 0954450..0ed035c 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2457,7 +2457,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2471,7 +2471,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -91892,7 +92759,7 @@ index 0954450..0ed035c 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2849,7 +2849,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2863,7 +2863,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -91901,7 +92768,7 @@ index 0954450..0ed035c 100644 return; } -@@ -2861,7 +2861,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2875,7 +2875,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -91910,7 +92777,7 @@ index 0954450..0ed035c 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -3145,7 +3145,7 @@ static inline unsigned long +@@ -3159,7 +3159,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -91919,7 +92786,7 @@ index 0954450..0ed035c 100644 } /** -@@ -3234,7 +3234,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3248,7 +3248,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -91928,7 +92795,7 @@ index 0954450..0ed035c 100644 return ret; } -@@ -3257,7 +3257,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3271,7 +3271,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -91937,7 +92804,7 @@ index 0954450..0ed035c 100644 return ret; } -@@ -3342,7 +3342,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3356,7 +3356,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -91946,7 +92813,7 @@ index 0954450..0ed035c 100644 } return overruns; -@@ -3518,8 +3518,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3527,8 +3527,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -91957,7 +92824,7 @@ index 0954450..0ed035c 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3553,7 +3553,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3562,7 +3562,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -91966,7 +92833,7 @@ index 0954450..0ed035c 100644 /* * Here's the tricky part. -@@ -4123,8 +4123,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4134,8 +4134,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -91977,7 +92844,7 @@ index 0954450..0ed035c 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4134,14 +4134,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4145,14 +4145,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -91996,7 +92863,7 @@ index 0954450..0ed035c 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4546,8 +4546,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4557,8 +4557,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -92226,6 +93093,20 @@ index b4defde..f092808 100644 } spin_unlock_irq(&pool->lock); +diff --git a/lib/Kconfig b/lib/Kconfig +index 991c98b..88061cf 100644 +--- a/lib/Kconfig ++++ b/lib/Kconfig +@@ -51,6 +51,9 @@ config PERCPU_RWSEM + config ARCH_USE_CMPXCHG_LOCKREF + bool + ++config ARCH_HAS_FAST_MULTIPLIER ++ bool ++ + config CRC_CCITT + tristate "CRC-CCITT functions" + help diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index a48abea..e108def 100644 --- a/lib/Kconfig.debug @@ -92463,6 +93344,28 @@ index fea973f..386626f 100644 .hash = jhash, .hash2 = jhash2, }; +diff --git a/lib/hweight.c b/lib/hweight.c +index b7d81ba..9a5c1f2 100644 +--- a/lib/hweight.c ++++ b/lib/hweight.c +@@ -11,7 +11,7 @@ + + unsigned int __sw_hweight32(unsigned int w) + { +-#ifdef ARCH_HAS_FAST_MULTIPLIER ++#ifdef CONFIG_ARCH_HAS_FAST_MULTIPLIER + w -= (w >> 1) & 0x55555555; + w = (w & 0x33333333) + ((w >> 2) & 0x33333333); + w = (w + (w >> 4)) & 0x0f0f0f0f; +@@ -49,7 +49,7 @@ unsigned long __sw_hweight64(__u64 w) + return __sw_hweight32((unsigned int)(w >> 32)) + + __sw_hweight32((unsigned int)w); + #elif BITS_PER_LONG == 64 +-#ifdef ARCH_HAS_FAST_MULTIPLIER ++#ifdef CONFIG_ARCH_HAS_FAST_MULTIPLIER + w -= (w >> 1) & 0x5555555555555555ul; + w = (w & 0x3333333333333333ul) + ((w >> 2) & 0x3333333333333333ul); + w = (w + (w >> 4)) & 0x0f0f0f0f0f0f0f0ful; diff --git a/lib/inflate.c b/lib/inflate.c index 013a761..c28f3fc 100644 --- a/lib/inflate.c @@ -92749,6 +93652,98 @@ index c24c2f7..f0296f4 100644 + pax_close_kernel(); +} +EXPORT_SYMBOL(pax_list_del_rcu); +diff --git a/lib/lockref.c b/lib/lockref.c +index f07a40d..0a445a7 100644 +--- a/lib/lockref.c ++++ b/lib/lockref.c +@@ -49,13 +49,13 @@ + void lockref_get(struct lockref *lockref) + { + CMPXCHG_LOOP( +- new.count++; ++ __lockref_inc(&new); + , + return; + ); + + spin_lock(&lockref->lock); +- lockref->count++; ++ __lockref_inc(lockref); + spin_unlock(&lockref->lock); + } + EXPORT_SYMBOL(lockref_get); +@@ -70,7 +70,7 @@ int lockref_get_not_zero(struct lockref *lockref) + int retval; + + CMPXCHG_LOOP( +- new.count++; ++ __lockref_inc(&new); + if (!old.count) + return 0; + , +@@ -80,7 +80,7 @@ int lockref_get_not_zero(struct lockref *lockref) + spin_lock(&lockref->lock); + retval = 0; + if (lockref->count) { +- lockref->count++; ++ __lockref_inc(lockref); + retval = 1; + } + spin_unlock(&lockref->lock); +@@ -97,7 +97,7 @@ EXPORT_SYMBOL(lockref_get_not_zero); + int lockref_get_or_lock(struct lockref *lockref) + { + CMPXCHG_LOOP( +- new.count++; ++ __lockref_inc(&new); + if (!old.count) + break; + , +@@ -107,7 +107,7 @@ int lockref_get_or_lock(struct lockref *lockref) + spin_lock(&lockref->lock); + if (!lockref->count) + return 0; +- lockref->count++; ++ __lockref_inc(lockref); + spin_unlock(&lockref->lock); + return 1; + } +@@ -121,7 +121,7 @@ EXPORT_SYMBOL(lockref_get_or_lock); + int lockref_put_or_lock(struct lockref *lockref) + { + CMPXCHG_LOOP( +- new.count--; ++ __lockref_dec(&new); + if (old.count <= 1) + break; + , +@@ -131,7 +131,7 @@ int lockref_put_or_lock(struct lockref *lockref) + spin_lock(&lockref->lock); + if (lockref->count <= 1) + return 0; +- lockref->count--; ++ __lockref_dec(lockref); + spin_unlock(&lockref->lock); + return 1; + } +@@ -158,7 +158,7 @@ int lockref_get_not_dead(struct lockref *lockref) + int retval; + + CMPXCHG_LOOP( +- new.count++; ++ __lockref_inc(&new); + if ((int)old.count < 0) + return 0; + , +@@ -168,7 +168,7 @@ int lockref_get_not_dead(struct lockref *lockref) + spin_lock(&lockref->lock); + retval = 0; + if ((int) lockref->count >= 0) { +- lockref->count++; ++ __lockref_inc(lockref); + retval = 1; + } + spin_unlock(&lockref->lock); diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c index 963b703..438bc51 100644 --- a/lib/percpu-refcount.c @@ -92815,6 +93810,22 @@ index 0922579..9d7adb9 100644 + printk("%lu pages hwpoisoned\n", atomic_long_read_unchecked(&num_poisoned_pages)); #endif } +diff --git a/lib/string.c b/lib/string.c +index e5878de..315fad2 100644 +--- a/lib/string.c ++++ b/lib/string.c +@@ -789,9 +789,9 @@ void *memchr_inv(const void *start, int c, size_t bytes) + return check_bytes8(start, value, bytes); + + value64 = value; +-#if defined(ARCH_HAS_FAST_MULTIPLIER) && BITS_PER_LONG == 64 ++#if defined(CONFIG_ARCH_HAS_FAST_MULTIPLIER) && BITS_PER_LONG == 64 + value64 *= 0x0101010101010101; +-#elif defined(ARCH_HAS_FAST_MULTIPLIER) ++#elif defined(CONFIG_ARCH_HAS_FAST_MULTIPLIER) + value64 *= 0x01010101; + value64 |= value64 << 32; + #else diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index bb2b201..46abaf9 100644 --- a/lib/strncpy_from_user.c @@ -93157,6 +94168,31 @@ index b32b70c..e512eb0 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); +diff --git a/mm/huge_memory.c b/mm/huge_memory.c +index 1c42d0c..2a99426 100644 +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -1824,6 +1824,11 @@ static int __split_huge_page_map(struct page *page, + for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { + pte_t *pte, entry; + BUG_ON(PageCompound(page+i)); ++ /* ++ * Note that pmd_numa is not transferred deliberately ++ * to avoid any possibility that pte_numa leaks to ++ * a PROT_NONE VMA by accident. ++ */ + entry = mk_pte(page + i, vma->vm_page_prot); + entry = maybe_mkwrite(pte_mkdirty(entry), vma); + if (!pmd_write(*pmd)) +@@ -1832,8 +1837,6 @@ static int __split_huge_page_map(struct page *page, + BUG_ON(page_mapcount(page) != 1); + if (!pmd_young(*pmd)) + entry = pte_mkold(entry); +- if (pmd_numa(*pmd)) +- entry = pte_mknuma(entry); + pte = pte_offset_map(&_pmd, haddr); + BUG_ON(!pte_none(*pte)); + set_pte_at(mm, haddr, pte, entry); diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 923f38e..74e159a 100644 --- a/mm/hugetlb.c @@ -93568,7 +94604,7 @@ index 33365e9..2234ef9 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 2121d8b8..fa1095a 100644 +index 492e36f..3771c0a 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -94339,10 +95375,23 @@ index 15a8ea0..cb50389 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index bed4880..a493f67 100644 +index bed4880..95c4b9f 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1485,8 +1485,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -148,8 +148,11 @@ static int remove_migration_pte(struct page *new, struct vm_area_struct *vma, + pte = pte_mkold(mk_pte(new, vma->vm_page_prot)); + if (pte_swp_soft_dirty(*ptep)) + pte = pte_mksoft_dirty(pte); ++ ++ /* Recheck VMA as permissions can change since migration started */ + if (is_write_migration_entry(entry)) +- pte = pte_mkwrite(pte); ++ pte = maybe_mkwrite(pte, vma); ++ + #ifdef CONFIG_HUGETLB_PAGE + if (PageHuge(new)) { + pte = pte_mkhuge(pte); +@@ -1485,8 +1488,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -96224,7 +97273,7 @@ index 7c59ef6..1358905 100644 }; diff --git a/mm/percpu.c b/mm/percpu.c -index a2a54a8..43ecb68 100644 +index 8cd4308..ab22f17 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; @@ -96236,6 +97285,19 @@ index a2a54a8..43ecb68 100644 EXPORT_SYMBOL_GPL(pcpu_base_addr); static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ +diff --git a/mm/pgtable-generic.c b/mm/pgtable-generic.c +index a8b9199..dfb79e0 100644 +--- a/mm/pgtable-generic.c ++++ b/mm/pgtable-generic.c +@@ -195,7 +195,7 @@ void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, + pmd_t entry = *pmdp; + if (pmd_numa(entry)) + entry = pmd_mknonnuma(entry); +- set_pmd_at(vma->vm_mm, address, pmdp, pmd_mknotpresent(*pmdp)); ++ set_pmd_at(vma->vm_mm, address, pmdp, pmd_mknotpresent(entry)); + flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE); + } + #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c index fd26d04..0cea1b0 100644 --- a/mm/process_vm_access.c @@ -96391,7 +97453,7 @@ index cdbd312..2e1e0b9 100644 /* diff --git a/mm/shmem.c b/mm/shmem.c -index ff85863..6aa94ab 100644 +index f0d698b..7037c25 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -33,7 +33,7 @@ @@ -96412,7 +97474,7 @@ index ff85863..6aa94ab 100644 /* * shmem_fallocate communicates with shmem_fault or shmem_writepage via -@@ -2298,6 +2298,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { +@@ -2300,6 +2300,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -96424,7 +97486,7 @@ index ff85863..6aa94ab 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2353,6 +2358,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2355,6 +2360,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -96440,7 +97502,7 @@ index ff85863..6aa94ab 100644 return simple_xattr_set(&info->xattrs, name, value, size, flags); } -@@ -2665,8 +2679,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2667,8 +2681,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -96451,7 +97513,7 @@ index ff85863..6aa94ab 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 6dd8d5f..2482a6d 100644 +index ea854eb..673c763 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -300,10 +300,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) @@ -96504,7 +97566,7 @@ index 6dd8d5f..2482a6d 100644 slab_early_init = 0; -@@ -3484,6 +3488,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, +@@ -3477,6 +3481,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, struct array_cache *ac = cpu_cache_get(cachep); check_irq_off(); @@ -96526,7 +97588,7 @@ index 6dd8d5f..2482a6d 100644 kmemleak_free_recursive(objp, cachep->flags); objp = cache_free_debugcheck(cachep, objp, caller); -@@ -3712,6 +3731,7 @@ void kfree(const void *objp) +@@ -3705,6 +3724,7 @@ void kfree(const void *objp) if (unlikely(ZERO_OR_NULL_PTR(objp))) return; @@ -96534,7 +97596,7 @@ index 6dd8d5f..2482a6d 100644 local_irq_save(flags); kfree_debugcheck(objp); c = virt_to_cache(objp); -@@ -4153,14 +4173,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) +@@ -4146,14 +4166,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) } /* cpu stats */ { @@ -96561,7 +97623,7 @@ index 6dd8d5f..2482a6d 100644 #endif } -@@ -4381,13 +4409,69 @@ static const struct file_operations proc_slabstats_operations = { +@@ -4374,13 +4402,69 @@ static const struct file_operations proc_slabstats_operations = { static int __init slab_proc_init(void) { #ifdef CONFIG_DEBUG_SLAB_LEAK @@ -97561,10 +98623,10 @@ index 4a7f7e6..22cddf5 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index a24aa22..a0d41ae 100644 +index c1010cb..91e1a36 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -297,6 +297,12 @@ done: +@@ -294,6 +294,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -98384,7 +99446,7 @@ index 6afa3b4..7a14180 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index 27ae841..e5a8343 100644 +index 06a7a76..86dd829 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -625,7 +625,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, @@ -98435,7 +99497,7 @@ index 27ae841..e5a8343 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 3c2d3e4..884855a 100644 +index a0050de..59c6178 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -672,7 +672,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c @@ -98623,7 +99685,7 @@ index b543470..d2ddae2 100644 if (!can_dir) { printk(KERN_INFO "can: failed to create /proc/net/can . " diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 988721a..947846d 100644 +index 0a31298..241da43 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con); @@ -100203,7 +101265,7 @@ index 11c8d81..d67116b 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index ca5a01e..1f6f4e2 100644 +index ca5a01e..8c5cdb4 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -234,7 +234,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -100233,7 +101295,7 @@ index ca5a01e..1f6f4e2 100644 } static const struct file_operations rt_acct_proc_fops = { -@@ -465,7 +465,7 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, +@@ -465,11 +465,11 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, #define IP_IDENTS_SZ 2048u struct ip_ident_bucket { @@ -100242,6 +101304,11 @@ index ca5a01e..1f6f4e2 100644 u32 stamp32; }; +-static struct ip_ident_bucket *ip_idents __read_mostly; ++static struct ip_ident_bucket ip_idents[IP_IDENTS_SZ] __read_mostly; + + /* In order to protect privacy, we add a perturbation to identifiers + * if one generator is seldom used. This makes hard for an attacker @@ -485,7 +485,7 @@ u32 ip_idents_reserve(u32 hash, int segs) if (old != now && cmpxchg(&bucket->stamp32, old, now) == old) delta = prandom_u32_max(now - old); @@ -100305,6 +101372,19 @@ index ca5a01e..1f6f4e2 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; +@@ -2725,11 +2725,7 @@ int __init ip_rt_init(void) + { + int rc = 0; + +- ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL); +- if (!ip_idents) +- panic("IP: failed to allocate ip_idents\n"); +- +- prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents)); ++ prandom_bytes(ip_idents, sizeof(ip_idents)); + + #ifdef CONFIG_IP_ROUTE_CLASSID + ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct)); diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 44eba05..b36864b 100644 --- a/net/ipv4/sysctl_net_ipv4.c @@ -100773,7 +101853,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 6c7fa08..8a31430 100644 +index 6c7fa08..7c5abd70 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -100828,7 +101908,21 @@ index 6c7fa08..8a31430 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4758,7 +4765,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4746,11 +4753,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) + + rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, + dev->ifindex, 1); +- if (rt) { +- dst_hold(&rt->dst); +- if (ip6_del_rt(rt)) +- dst_free(&rt->dst); +- } ++ if (rt && ip6_del_rt(rt)) ++ dst_free(&rt->dst); + } + dst_hold(&ifp->rt->dst); + +@@ -4758,7 +4762,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -100837,7 +101931,7 @@ index 6c7fa08..8a31430 100644 rt_genid_bump_ipv6(net); } -@@ -4779,7 +4786,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4779,7 +4783,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -100846,7 +101940,7 @@ index 6c7fa08..8a31430 100644 int ret; /* -@@ -4864,7 +4871,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4864,7 +4868,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101080,18 +102174,6 @@ index 767ab8d..c5ec70a 100644 err_alloc: return -ENOMEM; } -diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c -index 798eb0f..ab2f47d 100644 ---- a/net/ipv6/output_core.c -+++ b/net/ipv6/output_core.c -@@ -7,7 +7,6 @@ - #include <net/ip6_fib.h> - #include <net/addrconf.h> - -- - int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) - { - u16 offset = sizeof(struct ipv6hdr); diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c index bda7429..469b26b 100644 --- a/net/ipv6/ping.c @@ -101924,7 +103006,7 @@ index de770ec..3fc49d2 100644 .get_optmin = SO_IP_SET, .get_optmax = SO_IP_SET + 1, diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c -index a8eb0a8..86f2de4 100644 +index 610e19c..08d0c3f 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c @@ -556,7 +556,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) @@ -101936,7 +103018,7 @@ index a8eb0a8..86f2de4 100644 if (cp->protocol != IPPROTO_UDP) conn_flags &= ~IP_VS_CONN_F_ONE_PACKET; flags = cp->flags; -@@ -900,7 +900,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, +@@ -899,7 +899,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, cp->control = NULL; atomic_set(&cp->n_control, 0); @@ -101945,7 +103027,7 @@ index a8eb0a8..86f2de4 100644 cp->packet_xmit = NULL; cp->app = NULL; -@@ -1188,7 +1188,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) +@@ -1187,7 +1187,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) /* Don't drop the entry if its number of incoming packets is not located in [0, 8] */ @@ -101955,7 +103037,7 @@ index a8eb0a8..86f2de4 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 3d2d2c8..c87e4d3 100644 +index 27d3f40..f95d8d0 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -567,7 +567,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, @@ -102110,7 +103192,7 @@ index db80126..ef7110e 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index 7f0e1cf..e9a86e6 100644 +index 1692e75..0d7c8e3 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c @@ -1102,7 +1102,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, @@ -102408,10 +103490,10 @@ index 0000000..c566332 +MODULE_ALIAS("ipt_gradm"); +MODULE_ALIAS("ip6t_gradm"); diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c -index a3910fc..2d2ba14 100644 +index 47dc683..2e0d52c 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c -@@ -870,11 +870,11 @@ static int __net_init hashlimit_proc_net_init(struct net *net) +@@ -871,11 +871,11 @@ static int __net_init hashlimit_proc_net_init(struct net *net) { struct hashlimit_net *hashlimit_net = hashlimit_pernet(net); @@ -102793,6 +103875,43 @@ index 48f8ffc..0ef3eec 100644 struct rds_sock { struct sock rs_sk; +diff --git a/net/rds/send.c b/net/rds/send.c +index a82fb66..1ea9251 100644 +--- a/net/rds/send.c ++++ b/net/rds/send.c +@@ -593,8 +593,11 @@ static void rds_send_remove_from_sock(struct list_head *messages, int status) + sock_put(rds_rs_to_sk(rs)); + } + rs = rm->m_rs; +- sock_hold(rds_rs_to_sk(rs)); ++ if (rs) ++ sock_hold(rds_rs_to_sk(rs)); + } ++ if (!rs) ++ goto unlock_and_drop; + spin_lock(&rs->rs_lock); + + if (test_and_clear_bit(RDS_MSG_ON_SOCK, &rm->m_flags)) { +@@ -638,9 +641,6 @@ unlock_and_drop: + * queue. This means that in the TCP case, the message may not have been + * assigned the m_ack_seq yet - but that's fine as long as tcp_is_acked + * checks the RDS_MSG_HAS_ACK_SEQ bit. +- * +- * XXX It's not clear to me how this is safely serialized with socket +- * destruction. Maybe it should bail if it sees SOCK_DEAD. + */ + void rds_send_drop_acked(struct rds_connection *conn, u64 ack, + is_acked_func is_acked) +@@ -711,6 +711,9 @@ void rds_send_drop_to(struct rds_sock *rs, struct sockaddr_in *dest) + */ + if (!test_and_clear_bit(RDS_MSG_ON_CONN, &rm->m_flags)) { + spin_unlock_irqrestore(&conn->c_lock, flags); ++ spin_lock_irqsave(&rm->m_rs_lock, flags); ++ rm->m_rs = NULL; ++ spin_unlock_irqrestore(&rm->m_rs_lock, flags); + continue; + } + list_del_init(&rm->m_conn_item); diff --git a/net/rds/tcp.c b/net/rds/tcp.c index edac9ef..16bcb98 100644 --- a/net/rds/tcp.c @@ -103310,7 +104429,7 @@ index dfa532f..1dcfb44 100644 } diff --git a/net/socket.c b/net/socket.c -index a19ae19..89554dc 100644 +index a19ae19..edb5c03 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -103494,7 +104613,17 @@ index a19ae19..89554dc 100644 int err, err2; int fput_needed; -@@ -2065,7 +2131,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1987,6 +2053,9 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, + if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) + return -EFAULT; + ++ if (kmsg->msg_name == NULL) ++ kmsg->msg_namelen = 0; ++ + if (kmsg->msg_namelen < 0) + return -EINVAL; + +@@ -2065,7 +2134,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -103503,7 +104632,7 @@ index a19ae19..89554dc 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2216,7 +2282,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2216,7 +2285,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, total_len, len; /* kernel mode address */ @@ -103512,7 +104641,7 @@ index a19ae19..89554dc 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2245,7 +2311,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2245,7 +2314,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) */ @@ -103521,7 +104650,7 @@ index a19ae19..89554dc 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2889,7 +2955,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2889,7 +2958,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) ifr = compat_alloc_user_space(buf_size); rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); @@ -103530,7 +104659,7 @@ index a19ae19..89554dc 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -3000,7 +3066,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -3000,7 +3069,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -103539,7 +104668,7 @@ index a19ae19..89554dc 100644 set_fs(old_fs); return err; -@@ -3093,7 +3159,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3093,7 +3162,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -103548,7 +104677,7 @@ index a19ae19..89554dc 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3177,7 +3243,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3177,7 +3246,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -103557,7 +104686,7 @@ index a19ae19..89554dc 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3404,8 +3470,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3404,8 +3473,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -103568,7 +104697,7 @@ index a19ae19..89554dc 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3425,7 +3491,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3425,7 +3494,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -103849,10 +104978,10 @@ index c1d124d..acfc59e 100644 goto err; return 0; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c -index 62e4f9b..dd3f2d7 100644 +index ed36cb5..c55d17f 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c -@@ -292,7 +292,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -293,7 +293,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_rq_cq, IB_CQ_NEXT_COMP); @@ -103861,7 +104990,7 @@ index 62e4f9b..dd3f2d7 100644 while ((ret = ib_poll_cq(xprt->sc_rq_cq, 1, &wc)) > 0) { ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id; -@@ -314,7 +314,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -315,7 +315,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -103870,7 +104999,7 @@ index 62e4f9b..dd3f2d7 100644 set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags); /* -@@ -386,7 +386,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -387,7 +387,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_sq_cq, IB_CQ_NEXT_COMP); @@ -103879,7 +105008,7 @@ index 62e4f9b..dd3f2d7 100644 while ((ret = ib_poll_cq(cq, 1, &wc)) > 0) { if (wc.status != IB_WC_SUCCESS) /* Close the transport */ -@@ -404,7 +404,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -405,7 +405,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -103888,7 +105017,7 @@ index 62e4f9b..dd3f2d7 100644 } static void sq_comp_handler(struct ib_cq *cq, void *cq_context) -@@ -1262,7 +1262,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) +@@ -1263,7 +1263,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) spin_lock_bh(&xprt->sc_lock); if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) { spin_unlock_bh(&xprt->sc_lock); @@ -104513,11 +105642,11 @@ index 078fe1d..fbdb363 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..3fd3699 +index 0000000..42018ed --- /dev/null +++ b/scripts/gcc-plugin.sh -@@ -0,0 +1,43 @@ -+#!/bin/bash +@@ -0,0 +1,51 @@ ++#!/bin/sh +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) +plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF @@ -104535,15 +105664,23 @@ index 0000000..3fd3699 + exit 1 +fi + -+if [[ "$plugincc" =~ "$1 CC" ]] -+then -+ echo "$1" -+ exit 0 -+fi ++case "$plugincc" in ++ *"$1 CC"*) ++ echo "$1" ++ exit 0 ++ ;; + -+if [[ "$plugincc" =~ "$2 CXX" ]] -+then -+plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++ *"$2 CXX"*) ++ # the c++ compiler needs another test, see below ++ ;; ++ ++ *) ++ exit 1 ++ ;; ++esac ++ ++# we need a c++ compiler that supports the designated initializer GNU extension ++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF +#include "gcc-common.h" +class test { +public: @@ -104553,12 +105690,12 @@ index 0000000..3fd3699 +}; +EOF +) ++ +if [ $? -eq 0 ] +then + echo "$2" + exit 0 +fi -+fi +exit 1 diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh index 5de5660..d3deb89 100644 @@ -104843,10 +105980,10 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..40b1edb 100644 +index beb86b5..9becb4a 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,957 @@ +@@ -4,6 +4,965 @@ menu "Security options" @@ -105435,6 +106572,14 @@ index beb86b5..40b1edb 100644 + that is, enabling this option will make it harder to inject + and execute 'foreign' code in kernel memory itself. + ++ Note that on amd64, CONFIG_EFI enabled with "efi=old_map" on ++ the kernel command-line will result in an RWX physical map. ++ ++ Likewise, the EFI runtime services are necessarily mapped as ++ RWX. If CONFIG_EFI is enabled on an EFI-capable system, it ++ is recommended that you boot with "noefi" on the kernel ++ command-line if possible to eliminate the mapping. ++ +choice + prompt "Return Address Instrumentation Method" + default PAX_KERNEXEC_PLUGIN_METHOD_BTS @@ -105804,7 +106949,7 @@ index beb86b5..40b1edb 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1054,7 @@ config INTEL_TXT +@@ -103,7 +1062,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -105871,10 +107016,10 @@ index 4257b7e..2d0732d 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index b9d613e..f68305c 100644 +index 963dc59..12ebd0c 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data +@@ -427,6 +427,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data return 0; } @@ -105907,7 +107052,7 @@ index b9d613e..f68305c 100644 /* * Attempt to get the on-exec apply capability sets for an executable file from * its xattrs and, if present, apply them to the proposed credentials being -@@ -592,6 +618,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -595,6 +621,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) const struct cred *cred = current_cred(); kuid_t root_uid = make_kuid(cred->user_ns, 0); @@ -109218,10 +110363,10 @@ index 0000000..89f256d +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..39d7cc7 +index 0000000..e48b323 --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,462 @@ +@@ -0,0 +1,466 @@ +/* + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -109250,7 +110395,7 @@ index 0000000..39d7cc7 +static tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { -+ .version = "201403280150", ++ .version = "201409101820", + .help = NULL +}; + @@ -109426,6 +110571,10 @@ index 0000000..39d7cc7 + if (TREE_THIS_VOLATILE(current_function_decl)) + return false; + ++ // gcc-4.5 doesn't discover some trivial noreturn functions ++ if (EDGE_COUNT(EXIT_BLOCK_PTR_FOR_FN(cfun)->preds) == 0) ++ return false; ++ + return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE; +} + @@ -110640,7 +111789,7 @@ index 0000000..1ae2ed5 + +targets += size_overflow_hash.h size_overflow_hash_aux.h diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh -new file mode 100644 +new file mode 100755 index 0000000..12b1e3b --- /dev/null +++ b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh @@ -114949,10 +116098,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..4077712 +index 0000000..e4b26fe --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5988 @@ +@@ -0,0 +1,5991 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -116297,7 +117446,8 @@ index 0000000..4077712 +sta_dev_read_14782 sta_dev_read 3 14782 NULL +keys_proc_write_14792 keys_proc_write 3 14792 NULL +ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL -+__kfifo_in_14797 __kfifo_in 3-0 14797 NULL ++__kfifo_in_14797 __kfifo_in 3-0 14797 NULL nohasharray ++ttm_page_pool_free_14797 ttm_page_pool_free 2 14797 &__kfifo_in_14797 +hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray +snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801 +security_inode_rename_14805 security_inode_rename 0 14805 NULL @@ -116720,6 +117870,7 @@ index 0000000..4077712 +kstrtoll_from_user_19500 kstrtoll_from_user 2 19500 NULL +ext4_add_new_descs_19509 ext4_add_new_descs 3 19509 NULL +batadv_tvlv_container_register_19520 batadv_tvlv_container_register 5 19520 NULL ++ttm_dma_page_pool_free_19527 ttm_dma_page_pool_free 2 19527 NULL +apei_exec_pre_map_gars_19529 apei_exec_pre_map_gars 0 19529 NULL nohasharray +cfc_write_array_to_buffer_19529 cfc_write_array_to_buffer 3 19529 &apei_exec_pre_map_gars_19529 +nfc_llcp_build_tlv_19536 nfc_llcp_build_tlv 3 19536 NULL @@ -119708,6 +120859,7 @@ index 0000000..4077712 +nsm_get_handle_52089 nsm_get_handle 4 52089 NULL +ulist_add_merge_52096 ulist_add_merge 0 52096 NULL +o2net_debug_read_52105 o2net_debug_read 3 52105 NULL ++smsdvb_stats_read_52114 smsdvb_stats_read 3 52114 NULL +split_scan_timeout_write_52128 split_scan_timeout_write 3 52128 NULL +retry_count_read_52129 retry_count_read 3 52129 NULL +xfs_btree_change_owner_52137 xfs_btree_change_owner 0 52137 NULL |