diff options
| -rw-r--r-- | main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch | 29 | ||||
| -rw-r--r-- | main/linux-grsec/APKBUILD | 38 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.9.3-201305201732.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.9.2-201305162327.patch) | 365 | ||||
| -rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 6 | ||||
| -rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 6 | ||||
| -rw-r--r-- | main/linux-grsec/v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 89 |
6 files changed, 306 insertions, 227 deletions
diff --git a/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch b/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch deleted file mode 100644 index 85161ea3a..000000000 --- a/main/linux-grsec/0004-arp-flush-arp-cache-on-device-change.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 8a0e3ea4924059a7268446177d6869e3399adbb2 Mon Sep 17 00:00:00 2001 -From: Timo Teras <timo.teras@iki.fi> -Date: Mon, 12 Apr 2010 13:46:45 +0000 -Subject: [PATCH 04/18] arp: flush arp cache on device change - -If IFF_NOARP is changed, we must flush the arp cache. - -Signed-off-by: Timo Teras <timo.teras@iki.fi> ---- - net/ipv4/arp.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c -index 4e80f33..580bfc3 100644 ---- a/net/ipv4/arp.c -+++ b/net/ipv4/arp.c -@@ -1200,6 +1200,9 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo - neigh_changeaddr(&arp_tbl, dev); - rt_cache_flush(dev_net(dev), 0); - break; -+ case NETDEV_CHANGE: -+ neigh_changeaddr(&arp_tbl, dev); -+ break; - default: - break; - } --- -1.7.0.2 - diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 6eee77349..dda269482 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.9.2 +pkgver=3.9.3 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=2 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,9 +17,9 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9.1-3.9.2-201305162327.patch + grsecurity-2.9.1-3.9.3-201305201732.patch - 0004-arp-flush-arp-cache-on-device-change.patch + v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch leds-leds-gpio-reserve-gpio-before-using-it.patch kernelconfig.x86 @@ -145,23 +145,23 @@ dev() { } md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz -adeb2556568f79e827e7a0ce4c483605 patch-3.9.2.xz -089d16b7c5306ed0d42e344ce1b59615 grsecurity-2.9.1-3.9.2-201305162327.patch -776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch +71b31e29e0cb437a27017c781293b6f4 patch-3.9.3.xz +e881cf0db639205660f237ceea58f708 grsecurity-2.9.1-3.9.3-201305201732.patch +699e92148cc9a55b6fc4d7d81e476717 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch 83db7136608d8101ae130728539dc376 leds-leds-gpio-reserve-gpio-before-using-it.patch -ae4d8b3e917cdea5330ec52048080de3 kernelconfig.x86 -839de81fedd3a6294d42da70a3fb99e0 kernelconfig.x86_64" +fd6fd35309c0e8c1f05cb725df958f22 kernelconfig.x86 +fd61ff58d25155997c0d6f73e7ca7a7d kernelconfig.x86_64" sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz -069126b2b70acbc27fada2bf67235238fd90ff103267b1bb392244a301321996 patch-3.9.2.xz -3de1633f26c46a4c93af8497d889a5acc37db54adaa4f3677cb5c5c027787254 grsecurity-2.9.1-3.9.2-201305162327.patch -e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch +248ab5f9a42b72e5c3d961520a5fff609a625bbf570ad45d7ae97009525b94d7 patch-3.9.3.xz +c1b4310085ff07200131dc841a0a22f84a7f166c3b25464e27dd2694584bc72c grsecurity-2.9.1-3.9.3-201305201732.patch +8e2f41605937eecd47cefe62daefd372dbf1e63cf956ab3ced3213ac2b508ee3 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch 13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4 leds-leds-gpio-reserve-gpio-before-using-it.patch -513a5f387e7453169a7f41c1ba42da3229e47edd58b5ac18da31f04905c5c0bf kernelconfig.x86 -e842cf49decc9a8f5c0f2e4b431382f521fe41db22f2c2e6a1c077b2b158b3ab kernelconfig.x86_64" +b44c6671b344ddae1da94e6c051a0e708af8609c1f2ff40d962301ed5023c83a kernelconfig.x86 +7a6700a6db89f8c2c7f8cce7d77f4ddb3fcad889d72c709c2833af795ef1bc79 kernelconfig.x86_64" sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz -439e32edab86f8b1bd49bc4c9325e11520d78b8182ae88aebf46a4be319c4633d6d896e2ecd3fe0363d9247f5af88a989aafca9103b8e1544262bd191440dae9 patch-3.9.2.xz -652847ba23a7761d6fe90a04deb68f28cdde65d71bd9a53355075ba8410279250d36169359fa759208fcf45b5bfc1cc9505f072e93dd47eae5c464652760aa97 grsecurity-2.9.1-3.9.2-201305162327.patch -b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch +ae2bca3f0d274281d7ae88bb835d129a036350dfd3e9e941d7a0175194b2cbccffb5f8b5a20e5a7498cb5a097c6376d8cb1032ea048051b08ec0dd05309c09eb patch-3.9.3.xz +d6aa751d1fac8c4d758f9479bc6b08f70d8725c6c74b63446def044f42260a8beb1f540ae4473ec57f42538513d3ccb42de41c8cc721b9b85d8cfbaef7ab85d5 grsecurity-2.9.1-3.9.3-201305201732.patch +772c847cd74b12ed22266042c0902d8a3cf09c897b6e1c01148dfcd2f01aed331f292e82c34bb718090dc0898e1ef364196272bff885a32378f7fbc8bfc06a9b v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch 10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d leds-leds-gpio-reserve-gpio-before-using-it.patch -57dc79b8b08a81993e1050197886c7f91a609843ed2f919eabd6769860fb1383e87a433def8f6b544a8c6382180822b863869ef76183c4d9df421465fe13c220 kernelconfig.x86 -0ce361b417821fc3795c4d8e4b3a8eeecbdc7df66261f744c55d288186f9a7d2a367f80bac2ff29c0d5c54f133cbbd74f3ec5e0147b0e7c04462627724dd3572 kernelconfig.x86_64" +2516c47145f53cfa5624a9a8839b3590fd16a980aa4c8c48af4db025960d33abe855a5c698ee701a0d3704a96a9a3f93cd6c3cc8c9b8fdf73f230c15ad2f7611 kernelconfig.x86 +0a3739e5e1fe29fcce8c686d8ac223316467a2efaaa18cb3d1abf6c7a66dc86be12c26755dff1aef6d0f5a028ce4f6dfc5664ab42b484046949f401f3b9198f9 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.2-201305162327.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.3-201305201732.patch index 588c5edc1..b6dd68f75 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.9.2-201305162327.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.9.3-201305201732.patch @@ -259,7 +259,7 @@ index 8ccbf27..afffeb4 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 3e71511..8ff502e 100644 +index 01003d4..da43c4a 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -1509,7 +1509,7 @@ index 6dcc164..b14d917 100644 /* * Fold a partial checksum without adding pseudo headers diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h -index 7eb18c1..e38b6d2 100644 +index 4f009c1..466c59b 100644 --- a/arch/arm/include/asm/cmpxchg.h +++ b/arch/arm/include/asm/cmpxchg.h @@ -102,6 +102,8 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr, int size @@ -10240,10 +10240,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 15b5cef..173babc 100644 +index 6ef2a37..74ad6ad 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -244,7 +244,7 @@ config X86_HT +@@ -243,7 +243,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -10252,7 +10252,7 @@ index 15b5cef..173babc 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1077,6 +1077,7 @@ config MICROCODE_EARLY +@@ -1076,6 +1076,7 @@ config MICROCODE_EARLY config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" @@ -10260,7 +10260,7 @@ index 15b5cef..173babc 100644 ---help--- This device gives privileged processes access to the x86 Model-Specific Registers (MSRs). It is a character device with -@@ -1100,7 +1101,7 @@ choice +@@ -1099,7 +1100,7 @@ choice config NOHIGHMEM bool "off" @@ -10269,7 +10269,7 @@ index 15b5cef..173babc 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1137,7 +1138,7 @@ config NOHIGHMEM +@@ -1136,7 +1137,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -10278,7 +10278,7 @@ index 15b5cef..173babc 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1190,7 +1191,7 @@ config PAGE_OFFSET +@@ -1189,7 +1190,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -10287,7 +10287,7 @@ index 15b5cef..173babc 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1588,6 +1589,7 @@ config SECCOMP +@@ -1587,6 +1588,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection" @@ -10295,7 +10295,7 @@ index 15b5cef..173babc 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1707,6 +1709,8 @@ config X86_NEED_RELOCS +@@ -1706,6 +1708,8 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -10304,7 +10304,7 @@ index 15b5cef..173babc 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1782,9 +1786,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1781,9 +1785,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -14302,7 +14302,7 @@ index 4cc9f2b..5fd9226 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 1e67223..9183226 100644 +index 1e67223..dd6e7ea 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -14365,7 +14365,19 @@ index 1e67223..9183226 100644 static inline int pte_dirty(pte_t pte) { return pte_flags(pte) & _PAGE_DIRTY; -@@ -200,9 +240,29 @@ static inline pte_t pte_wrprotect(pte_t pte) +@@ -147,6 +187,11 @@ static inline unsigned long pud_pfn(pud_t pud) + return (pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT; + } + ++static inline unsigned long pgd_pfn(pgd_t pgd) ++{ ++ return (pgd_val(pgd) & PTE_PFN_MASK) >> PAGE_SHIFT; ++} ++ + #define pte_page(pte) pfn_to_page(pte_pfn(pte)) + + static inline int pmd_large(pmd_t pte) +@@ -200,9 +245,29 @@ static inline pte_t pte_wrprotect(pte_t pte) return pte_clear_flags(pte, _PAGE_RW); } @@ -14396,7 +14408,7 @@ index 1e67223..9183226 100644 } static inline pte_t pte_mkdirty(pte_t pte) -@@ -394,6 +454,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); +@@ -394,6 +459,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); #endif #ifndef __ASSEMBLY__ @@ -14412,7 +14424,25 @@ index 1e67223..9183226 100644 #include <linux/mm_types.h> #include <linux/log2.h> -@@ -584,7 +653,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -529,7 +603,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) + * Currently stuck as a macro due to indirect forward reference to + * linux/mmzone.h's __section_mem_map_addr() definition: + */ +-#define pud_page(pud) pfn_to_page(pud_val(pud) >> PAGE_SHIFT) ++#define pud_page(pud) pfn_to_page((pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT) + + /* Find an entry in the second-level page table.. */ + static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) +@@ -569,7 +643,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) + * Currently stuck as a macro due to indirect forward reference to + * linux/mmzone.h's __section_mem_map_addr() definition: + */ +-#define pgd_page(pgd) pfn_to_page(pgd_val(pgd) >> PAGE_SHIFT) ++#define pgd_page(pgd) pfn_to_page((pgd_val(pgd) & PTE_PFN_MASK) >> PAGE_SHIFT) + + /* to find an entry in a page-table-directory. */ + static inline unsigned long pud_index(unsigned long address) +@@ -584,7 +658,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -14421,7 +14451,7 @@ index 1e67223..9183226 100644 } static inline int pgd_none(pgd_t pgd) -@@ -607,7 +676,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -607,7 +681,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -14435,7 +14465,7 @@ index 1e67223..9183226 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -618,6 +692,22 @@ static inline int pgd_none(pgd_t pgd) +@@ -618,6 +697,22 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -14458,7 +14488,7 @@ index 1e67223..9183226 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -784,11 +874,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -784,11 +879,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -23896,10 +23926,10 @@ index a20ecb5..d0e2194 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index a9c9d3e..9fe214f 100644 +index 59622c9..f338414 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -326,6 +326,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -328,6 +328,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -23907,7 +23937,7 @@ index a9c9d3e..9fe214f 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -340,8 +341,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -342,8 +343,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -23916,7 +23946,7 @@ index a9c9d3e..9fe214f 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -357,7 +356,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -359,7 +358,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -23978,7 +24008,7 @@ index e1b1ce2..f7b4b43 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 6667042..b47ece4 100644 +index 0af1807..06912bb 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1184,12 +1184,12 @@ static void vmcs_write64(unsigned long field, u64 value) @@ -24068,7 +24098,7 @@ index 6667042..b47ece4 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6574,6 +6590,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6580,6 +6596,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -24081,7 +24111,7 @@ index 6667042..b47ece4 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -6626,6 +6648,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6632,6 +6654,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -24093,7 +24123,7 @@ index 6667042..b47ece4 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -6639,7 +6666,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6645,7 +6672,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -24102,7 +24132,7 @@ index 6667042..b47ece4 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -6648,8 +6675,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6654,8 +6681,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -31103,7 +31133,7 @@ index 431e875..cbb23f3 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 2363127..ec09d96 100644 +index cf95e19..17e9f50 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -31115,7 +31145,7 @@ index 2363127..ec09d96 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -496,8 +494,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) +@@ -511,8 +509,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; @@ -31125,7 +31155,7 @@ index 2363127..ec09d96 100644 int f; /* -@@ -545,8 +542,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) +@@ -560,8 +557,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; @@ -31135,7 +31165,7 @@ index 2363127..ec09d96 100644 int f; /* -@@ -554,7 +550,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) +@@ -569,7 +565,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) * 8-byte entries, or 16 4k pages.. */ @@ -31144,7 +31174,7 @@ index 2363127..ec09d96 100644 BUG_ON(va & ~PAGE_MASK); for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) { -@@ -939,7 +935,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) +@@ -954,7 +950,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) return 0; } @@ -31153,7 +31183,7 @@ index 2363127..ec09d96 100644 { apic->read = xen_apic_read; apic->write = xen_apic_write; -@@ -1245,30 +1241,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1260,30 +1256,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -31191,7 +31221,7 @@ index 2363127..ec09d96 100644 { if (pm_power_off) pm_power_off(); -@@ -1370,7 +1366,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1385,7 +1381,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -31210,7 +31240,7 @@ index 2363127..ec09d96 100644 xen_setup_features(); -@@ -1401,13 +1407,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1416,13 +1422,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -31224,7 +31254,7 @@ index 2363127..ec09d96 100644 xen_smp_init(); #ifdef CONFIG_ACPI_NUMA -@@ -1601,7 +1600,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, +@@ -1616,7 +1615,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -33319,7 +33349,7 @@ index 6b51afa..17e1191 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index e98da67..1181716b 100644 +index 54d03d4..332f311 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd, @@ -33352,7 +33382,7 @@ index e98da67..1181716b 100644 idr_destroy(&tconn->volumes); diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c -index a9eccfc..f5efe87 100644 +index 2f5fffd..b22a1ae 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c @@ -833,7 +833,7 @@ int drbd_connected(struct drbd_conf *mdev) @@ -33423,7 +33453,7 @@ index a9eccfc..f5efe87 100644 atomic_inc(&peer_req->epoch->active); spin_unlock(&tconn->epoch_lock); -@@ -4346,7 +4346,7 @@ struct data_cmd { +@@ -4345,7 +4345,7 @@ struct data_cmd { int expect_payload; size_t pkt_size; int (*fn)(struct drbd_tconn *, struct packet_info *); @@ -33432,7 +33462,7 @@ index a9eccfc..f5efe87 100644 static struct data_cmd drbd_cmd_handler[] = { [P_DATA] = { 1, sizeof(struct p_data), receive_Data }, -@@ -4466,7 +4466,7 @@ static void conn_disconnect(struct drbd_tconn *tconn) +@@ -4465,7 +4465,7 @@ static void conn_disconnect(struct drbd_tconn *tconn) if (!list_empty(&tconn->current_epoch->list)) conn_err(tconn, "ASSERTION FAILED: tconn->current_epoch->list not empty\n"); /* ok, no more ee's on the fly, it is safe to reset the epoch_size */ @@ -33441,7 +33471,7 @@ index a9eccfc..f5efe87 100644 tconn->send.seen_any_write_yet = false; conn_info(tconn, "Connection closed\n"); -@@ -5222,7 +5222,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn) +@@ -5221,7 +5221,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn) struct asender_cmd { size_t pkt_size; int (*fn)(struct drbd_tconn *tconn, struct packet_info *); @@ -35986,10 +36016,10 @@ index 8a8725c2..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index aa341d1..ef07090 100644 +index e6dbf09..3dd2540 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2267,7 +2267,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2268,7 +2268,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -35998,7 +36028,7 @@ index aa341d1..ef07090 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2301,7 +2301,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2302,7 +2302,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -37704,7 +37734,7 @@ index d053098..05cc375 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index d8837d3..1f7c341 100644 +index 7b8b2b9..9c7d145 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -37716,7 +37746,7 @@ index d8837d3..1f7c341 100644 }; struct stripe_c { -@@ -184,7 +184,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) +@@ -185,7 +185,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) kfree(sc); return r; } @@ -37725,7 +37755,7 @@ index d8837d3..1f7c341 100644 } ti->private = sc; -@@ -325,7 +325,7 @@ static void stripe_status(struct dm_target *ti, status_type_t type, +@@ -326,7 +326,7 @@ static void stripe_status(struct dm_target *ti, status_type_t type, DMEMIT("%d ", sc->stripes); for (i = 0; i < sc->stripes; i++) { DMEMIT("%s ", sc->stripe[i].dev->name); @@ -37734,7 +37764,7 @@ index d8837d3..1f7c341 100644 'D' : 'A'; } buffer[i] = '\0'; -@@ -370,8 +370,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error) +@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error) */ for (i = 0; i < sc->stripes; i++) if (!strcmp(sc->stripe[i].dev->name, major_minor)) { @@ -37746,7 +37776,7 @@ index d8837d3..1f7c341 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index e50dad0..d9575e2 100644 +index 1ff252a..ee384c1 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -389,7 +389,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, @@ -39575,10 +39605,10 @@ index 8f1c256..a2991d1 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 73abbc1..f25db7c 100644 +index 011062e..ada88e9 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c -@@ -891,13 +891,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -892,13 +892,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -39601,7 +39631,7 @@ index 73abbc1..f25db7c 100644 return rtnl_link_register(ops); }; -@@ -953,7 +955,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -954,7 +956,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -39684,10 +39714,10 @@ index bf34192..fba3500 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 729ed53..9453f99 100644 +index 755fa9e..631fdce 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1838,7 +1838,7 @@ unlock: +@@ -1841,7 +1841,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -39696,7 +39726,7 @@ index 729ed53..9453f99 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1850,6 +1850,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1853,6 +1853,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, int vnet_hdr_sz; int ret; @@ -42166,10 +42196,10 @@ index f379c7f..e8fc69c 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 7992635..609faf8 100644 +index 82910cc..7c350ad 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2909,7 +2909,7 @@ static int sd_probe(struct device *dev) +@@ -2929,7 +2929,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -42468,7 +42498,7 @@ index 2e4d655..fd72e68 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 3243ea7..4f19a6e 100644 +index 0d46276..f327cab5 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1080,7 +1080,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) @@ -50650,7 +50680,7 @@ index 3b83cd6..0f34dcd 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index cf3025c..cac6011 100644 +index f3190ab..84ffb21 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1754,7 +1754,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -50662,7 +50692,7 @@ index cf3025c..cac6011 100644 break; } -@@ -2055,7 +2055,7 @@ repeat: +@@ -2059,7 +2059,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -50671,7 +50701,7 @@ index cf3025c..cac6011 100644 goto repeat; } } -@@ -2563,25 +2563,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2567,25 +2567,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -50707,7 +50737,7 @@ index cf3025c..cac6011 100644 } free_percpu(sbi->s_locality_groups); -@@ -3035,16 +3035,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3039,16 +3039,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -50730,7 +50760,7 @@ index cf3025c..cac6011 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3444,7 +3444,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3448,7 +3448,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -50739,7 +50769,7 @@ index cf3025c..cac6011 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3504,7 +3504,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3508,7 +3508,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -50748,7 +50778,7 @@ index cf3025c..cac6011 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3593,7 +3593,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3597,7 +3597,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -50757,7 +50787,7 @@ index cf3025c..cac6011 100644 return err; } -@@ -3611,7 +3611,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3615,7 +3615,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -52632,7 +52662,7 @@ index cb424a4..850e4dd 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 57ae9c8..b018eba 100644 +index 85e40d1..b66744e 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) @@ -53315,10 +53345,10 @@ index 1f94167..79c4ce4 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index 8288b08..4a140d4 100644 +index d401d01..10b3e62 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c -@@ -1098,7 +1098,7 @@ struct nfsd4_operation { +@@ -1109,7 +1109,7 @@ struct nfsd4_operation { nfsd4op_rsize op_rsize_bop; stateid_getter op_get_currentstateid; stateid_setter op_set_currentstateid; @@ -69129,10 +69159,10 @@ index f66b065..c2c29b4 100644 int kobj_ns_type_register(const struct kobj_ns_type_operations *ops); int kobj_ns_type_registered(enum kobj_ns_type type); diff --git a/include/linux/kref.h b/include/linux/kref.h -index 4972e6e..de4d19b 100644 +index 7419c02..aa2f02d 100644 --- a/include/linux/kref.h +++ b/include/linux/kref.h -@@ -64,7 +64,7 @@ static inline void kref_get(struct kref *kref) +@@ -65,7 +65,7 @@ static inline void kref_get(struct kref *kref) static inline int kref_sub(struct kref *kref, unsigned int count, void (*release)(struct kref *kref)) { @@ -72199,7 +72229,7 @@ index c2e542b..6ca975b 100644 extern __u32 secure_ipv6_id(const __be32 daddr[4]); extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); diff --git a/include/net/sock.h b/include/net/sock.h -index 14f6e9d..7cd56d0 100644 +index 0be480a..586232f 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -325,7 +325,7 @@ struct sock { @@ -72211,7 +72241,7 @@ index 14f6e9d..7cd56d0 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1784,7 +1784,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1796,7 +1796,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -72220,7 +72250,7 @@ index 14f6e9d..7cd56d0 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2043,7 +2043,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2055,7 +2055,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -72230,7 +72260,7 @@ index 14f6e9d..7cd56d0 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index cf0694d..52a6881 100644 +index a345480..3c65cf4 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -529,7 +529,7 @@ extern void tcp_retransmit_timer(struct sock *sk); @@ -73412,7 +73442,7 @@ index 58d31f1..cce7a55 100644 sem_params.flg = semflg; sem_params.u.nsems = nsems; diff --git a/ipc/shm.c b/ipc/shm.c -index 34af1fe..85fc1aa 100644 +index 7e199fa..180a1ca 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -73430,7 +73460,7 @@ index 34af1fe..85fc1aa 100644 void shm_init_ns(struct ipc_namespace *ns) { ns->shm_ctlmax = SHMMAX; -@@ -525,6 +533,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) +@@ -531,6 +539,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); @@ -73445,7 +73475,7 @@ index 34af1fe..85fc1aa 100644 shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -576,18 +592,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, +@@ -582,18 +598,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, return 0; } @@ -73470,7 +73500,7 @@ index 34af1fe..85fc1aa 100644 shm_params.key = key; shm_params.flg = shmflg; shm_params.u.size = size; -@@ -1008,6 +1025,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1014,6 +1031,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { @@ -73483,7 +73513,7 @@ index 34af1fe..85fc1aa 100644 prot |= PROT_EXEC; acc_mode |= S_IXUGO; } -@@ -1031,9 +1054,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1037,9 +1060,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, if (err) goto out_unlock; @@ -73559,10 +73589,10 @@ index d596e53..dbef3c3 100644 audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, &status_set, sizeof(status_set)); diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index a371f85..da826c1 100644 +index c4b72b0..8654c4e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -2292,7 +2292,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -2295,7 +2295,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -73571,7 +73601,7 @@ index a371f85..da826c1 100644 /** * audit_set_loginuid - set current task's audit_context loginuid -@@ -2316,7 +2316,7 @@ int audit_set_loginuid(kuid_t loginuid) +@@ -2319,7 +2319,7 @@ int audit_set_loginuid(kuid_t loginuid) return -EPERM; #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ @@ -74908,7 +74938,7 @@ index ffd4e11..c3ff6bf 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index 56dd349..336e1dc 100644 +index 8985c87..f539dbe 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info) @@ -75045,7 +75075,7 @@ index 56dd349..336e1dc 100644 /* * If ret is 0, either ____call_usermodehelper failed and the -@@ -644,7 +697,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns); +@@ -649,7 +702,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns); static int proc_cap_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -78439,7 +78469,7 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index dbf7a78..e2148f0 100644 +index 1b399c8..90e1849 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1363,7 +1363,7 @@ void update_process_times(int user_tick) @@ -81042,7 +81072,7 @@ index 79b7cf7..c60424f 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index e17fc06..72fc5fd 100644 +index 0dceed8..671951c 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -33,6 +33,7 @@ @@ -81337,7 +81367,7 @@ index e17fc06..72fc5fd 100644 addr = mmap_region(file, addr, len, vm_flags, pgoff); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || -@@ -1392,7 +1509,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1396,7 +1513,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -81346,7 +81376,7 @@ index e17fc06..72fc5fd 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1440,16 +1557,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1444,16 +1561,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long charged = 0; struct inode *inode = file ? file_inode(file) : NULL; @@ -81379,7 +81409,7 @@ index e17fc06..72fc5fd 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) return -ENOMEM; -@@ -1481,6 +1612,16 @@ munmap_back: +@@ -1485,6 +1616,16 @@ munmap_back: goto unacct_error; } @@ -81396,7 +81426,7 @@ index e17fc06..72fc5fd 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1505,6 +1646,13 @@ munmap_back: +@@ -1509,6 +1650,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -81410,7 +81440,7 @@ index e17fc06..72fc5fd 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1543,6 +1691,11 @@ munmap_back: +@@ -1547,6 +1695,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -81422,7 +81452,7 @@ index e17fc06..72fc5fd 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1550,6 +1703,7 @@ out: +@@ -1554,6 +1707,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -81430,7 +81460,7 @@ index e17fc06..72fc5fd 100644 if (vm_flags & VM_LOCKED) { if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))) -@@ -1573,6 +1727,12 @@ unmap_and_free_vma: +@@ -1577,6 +1731,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -81443,7 +81473,7 @@ index e17fc06..72fc5fd 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1580,6 +1740,62 @@ unacct_error: +@@ -1584,6 +1744,62 @@ unacct_error: return error; } @@ -81506,7 +81536,7 @@ index e17fc06..72fc5fd 100644 unsigned long unmapped_area(struct vm_unmapped_area_info *info) { /* -@@ -1799,6 +2015,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1803,6 +2019,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -81514,7 +81544,7 @@ index e17fc06..72fc5fd 100644 if (len > TASK_SIZE) return -ENOMEM; -@@ -1806,29 +2023,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1810,29 +2027,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -81563,7 +81593,7 @@ index e17fc06..72fc5fd 100644 mm->free_area_cache = addr; } -@@ -1846,6 +2079,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1850,6 +2083,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -81571,7 +81601,7 @@ index e17fc06..72fc5fd 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1854,12 +2088,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1858,12 +2092,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -81589,7 +81619,7 @@ index e17fc06..72fc5fd 100644 return addr; } -@@ -1868,6 +2105,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1872,6 +2109,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.low_limit = PAGE_SIZE; info.high_limit = mm->mmap_base; info.align_mask = 0; @@ -81597,7 +81627,7 @@ index e17fc06..72fc5fd 100644 addr = vm_unmapped_area(&info); /* -@@ -1880,6 +2118,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1884,6 +2122,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -81610,7 +81640,7 @@ index e17fc06..72fc5fd 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -1890,6 +2134,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1894,6 +2138,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -81623,7 +81653,7 @@ index e17fc06..72fc5fd 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1897,8 +2147,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1901,8 +2151,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -81635,7 +81665,7 @@ index e17fc06..72fc5fd 100644 } unsigned long -@@ -1997,6 +2249,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -2001,6 +2253,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -81664,7 +81694,7 @@ index e17fc06..72fc5fd 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2013,6 +2287,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2017,6 +2291,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -81672,7 +81702,7 @@ index e17fc06..72fc5fd 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2023,6 +2298,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2027,6 +2302,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -81680,7 +81710,7 @@ index e17fc06..72fc5fd 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2052,37 +2328,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2056,37 +2332,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -81738,7 +81768,7 @@ index e17fc06..72fc5fd 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2117,6 +2404,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2121,6 +2408,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -81747,7 +81777,7 @@ index e17fc06..72fc5fd 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); -@@ -2131,6 +2420,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2135,6 +2424,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -81756,7 +81786,7 @@ index e17fc06..72fc5fd 100644 /* * We must make sure the anon_vma is allocated -@@ -2144,6 +2435,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2148,6 +2439,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -81772,7 +81802,7 @@ index e17fc06..72fc5fd 100644 vma_lock_anon_vma(vma); /* -@@ -2153,9 +2453,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2157,9 +2457,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -81791,7 +81821,7 @@ index e17fc06..72fc5fd 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2180,6 +2488,18 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2184,6 +2492,18 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -81810,7 +81840,7 @@ index e17fc06..72fc5fd 100644 spin_unlock(&vma->vm_mm->page_table_lock); perf_event_mmap(vma); -@@ -2284,6 +2604,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2288,6 +2608,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -81824,7 +81854,7 @@ index e17fc06..72fc5fd 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2329,6 +2656,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2333,6 +2660,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -81841,7 +81871,7 @@ index e17fc06..72fc5fd 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2360,14 +2697,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2364,14 +2701,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -81875,7 +81905,7 @@ index e17fc06..72fc5fd 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2380,6 +2736,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2384,6 +2740,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -81898,7 +81928,7 @@ index e17fc06..72fc5fd 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -2402,6 +2774,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2406,6 +2778,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -81935,7 +81965,7 @@ index e17fc06..72fc5fd 100644 /* Success. */ if (!err) return 0; -@@ -2411,10 +2813,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2415,10 +2817,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -81955,7 +81985,7 @@ index e17fc06..72fc5fd 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2427,6 +2837,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2431,6 +2841,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -81971,7 +82001,7 @@ index e17fc06..72fc5fd 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2438,11 +2857,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2442,11 +2861,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -82002,7 +82032,7 @@ index e17fc06..72fc5fd 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2517,6 +2955,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2521,6 +2959,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -82011,7 +82041,7 @@ index e17fc06..72fc5fd 100644 return 0; } -@@ -2525,6 +2965,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2529,6 +2969,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -82025,7 +82055,7 @@ index e17fc06..72fc5fd 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2538,16 +2985,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2542,16 +2989,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -82042,7 +82072,7 @@ index e17fc06..72fc5fd 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2561,6 +2998,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2565,6 +3002,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -82050,7 +82080,7 @@ index e17fc06..72fc5fd 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2568,16 +3006,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2572,16 +3010,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -82082,7 +82112,7 @@ index e17fc06..72fc5fd 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2594,21 +3046,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2598,21 +3050,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -82107,7 +82137,7 @@ index e17fc06..72fc5fd 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2622,7 +3073,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2626,7 +3077,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -82116,7 +82146,7 @@ index e17fc06..72fc5fd 100644 return -ENOMEM; } -@@ -2636,9 +3087,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2640,9 +3091,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -82129,7 +82159,7 @@ index e17fc06..72fc5fd 100644 return addr; } -@@ -2700,6 +3152,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2704,6 +3156,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -82137,7 +82167,7 @@ index e17fc06..72fc5fd 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2716,6 +3169,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2720,6 +3173,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -82151,7 +82181,7 @@ index e17fc06..72fc5fd 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2739,7 +3199,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2743,7 +3203,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -82173,7 +82203,7 @@ index e17fc06..72fc5fd 100644 return 0; } -@@ -2759,6 +3233,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2763,6 +3237,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct mempolicy *pol; bool faulted_in_anon_vma = true; @@ -82182,7 +82212,7 @@ index e17fc06..72fc5fd 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2825,6 +3301,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2829,6 +3305,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -82222,7 +82252,7 @@ index e17fc06..72fc5fd 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2836,6 +3345,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2840,6 +3349,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -82230,7 +82260,7 @@ index e17fc06..72fc5fd 100644 if (cur + npages > lim) return 0; return 1; -@@ -2906,6 +3416,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2910,6 +3420,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -85015,7 +85045,7 @@ index 368f9c3..f82d4a3 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index b24ab0e9..1c424bc 100644 +index 9a278e9..15f2b9e 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -85352,7 +85382,7 @@ index e61a8bb..6a2f13c 100644 #ifdef CONFIG_INET static u32 seq_scale(u32 seq) diff --git a/net/core/sock.c b/net/core/sock.c -index b261a79..8fe17ab 100644 +index 1432266..1a0d4a1 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -85439,7 +85469,7 @@ index b261a79..8fe17ab 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2296,7 +2296,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2284,7 +2284,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -86482,7 +86512,7 @@ index d09203c..fd5cc91 100644 } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index b83a49c..6c562a7 100644 +index 2f672e7..b8895e9 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -86496,7 +86526,7 @@ index b83a49c..6c562a7 100644 int sysctl_tcp_syncookies __read_mostly = 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); -@@ -744,7 +748,10 @@ embryonic_reset: +@@ -749,7 +753,10 @@ embryonic_reset: * avoid becoming vulnerable to outside attack aiming at * resetting legit local connections. */ @@ -86752,7 +86782,7 @@ index fff5bdd..15194fb 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index e4efffe..791fe2f 100644 +index 95d13c7..791fe2f 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -73,7 +73,7 @@ struct ip6gre_net { @@ -86764,23 +86794,7 @@ index e4efffe..791fe2f 100644 static int ip6gre_tunnel_init(struct net_device *dev); static void ip6gre_tunnel_setup(struct net_device *dev); static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); -@@ -1135,6 +1135,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev, - } - if (t == NULL) - t = netdev_priv(dev); -+ memset(&p, 0, sizeof(p)); - ip6gre_tnl_parm_to_user(&p, &t->parms); - if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) - err = -EFAULT; -@@ -1182,6 +1183,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev, - if (t) { - err = 0; - -+ memset(&p, 0, sizeof(p)); - ip6gre_tnl_parm_to_user(&p, &t->parms); - if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) - err = -EFAULT; -@@ -1335,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) +@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) } @@ -86789,7 +86803,7 @@ index e4efffe..791fe2f 100644 .handler = ip6gre_rcv, .err_handler = ip6gre_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, -@@ -1669,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { +@@ -1671,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_FLAGS] = { .type = NLA_U32 }, }; @@ -86798,7 +86812,7 @@ index e4efffe..791fe2f 100644 .kind = "ip6gre", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, -@@ -1682,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { +@@ -1684,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { .fill_info = ip6gre_fill_info, }; @@ -87108,7 +87122,7 @@ index e85c48b..b8268d3 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 46a5be8..415688d 100644 +index 0fce928..c52a518 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -87167,7 +87181,7 @@ index 46a5be8..415688d 100644 } diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index d8e5e85..5a447f4 100644 +index 27f0f8e..949e7ee 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -52,6 +52,10 @@ @@ -87228,10 +87242,10 @@ index d8e5e85..5a447f4 100644 int udp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c -index 4ef7bdb..9e97017 100644 +index 23ed03d..465a71d 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c -@@ -322,19 +322,19 @@ static struct ctl_table xfrm6_policy_table[] = { +@@ -324,19 +324,19 @@ static struct ctl_table xfrm6_policy_table[] = { static int __net_init xfrm6_net_init(struct net *net) { @@ -87256,7 +87270,7 @@ index 4ef7bdb..9e97017 100644 if (!hdr) goto err_reg; -@@ -342,8 +342,7 @@ static int __net_init xfrm6_net_init(struct net *net) +@@ -344,8 +344,7 @@ static int __net_init xfrm6_net_init(struct net *net) return 0; err_reg: @@ -88195,10 +88209,10 @@ index 103bd70..f21aad3 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 1d6793d..056b191 100644 +index f83e172..b57140d 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1571,7 +1571,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_packets++; @@ -88207,7 +88221,7 @@ index 1d6793d..056b191 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1587,7 +1587,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1580,7 +1580,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_drops++; @@ -88216,7 +88230,7 @@ index 1d6793d..056b191 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -2565,6 +2565,7 @@ out: +@@ -2558,6 +2558,7 @@ out: static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) { @@ -88224,7 +88238,7 @@ index 1d6793d..056b191 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2586,8 +2587,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) +@@ -2579,8 +2580,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -88235,7 +88249,7 @@ index 1d6793d..056b191 100644 msg->msg_flags |= MSG_ERRQUEUE; err = copied; -@@ -3212,7 +3214,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3205,7 +3207,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -88244,7 +88258,7 @@ index 1d6793d..056b191 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3254,7 +3256,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3247,7 +3249,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -102590,10 +102604,10 @@ index 0000000..ac2901e +} diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c new file mode 100644 -index 0000000..b07fe22 +index 0000000..4fae911 --- /dev/null +++ b/tools/gcc/structleak_plugin.c -@@ -0,0 +1,276 @@ +@@ -0,0 +1,277 @@ +/* + * Copyright 2013 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -102734,11 +102748,12 @@ index 0000000..b07fe22 + // first check if the variable is already initialized, warn otherwise + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { + gimple stmt = gsi_stmt(gsi); -+ tree rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs1; + + // we're looking for an assignment of a single rhs... + if (!gimple_assign_single_p(stmt)) + continue; ++ rhs1 = gimple_assign_rhs1(stmt); +#if BUILDING_GCC_VERSION >= 4007 + // ... of a non-clobbering expression... + if (TREE_CLOBBER_P(rhs1)) diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 3f3b6f478..e7d4331a7 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.9.2 Kernel Configuration +# Linux/x86 3.9.3 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -83,7 +83,6 @@ CONFIG_IRQ_DOMAIN=y CONFIG_IRQ_FORCED_THREADING=y CONFIG_SPARSE_IRQ=y CONFIG_CLOCKSOURCE_WATCHDOG=y -CONFIG_ALWAYS_USE_PERSISTENT_CLOCK=y CONFIG_KTIME_SCALAR=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y @@ -4735,6 +4734,9 @@ CONFIG_INFINIBAND_ISER=m # CONFIG_EDAC is not set CONFIG_RTC_LIB=y CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" # CONFIG_RTC_DEBUG is not set # diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index ba51aaf12..561ab2088 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.9.2 Kernel Configuration +# Linux/x86 3.9.3 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -85,7 +85,6 @@ CONFIG_IRQ_FORCED_THREADING=y CONFIG_SPARSE_IRQ=y CONFIG_CLOCKSOURCE_WATCHDOG=y CONFIG_ARCH_CLOCKSOURCE_DATA=y -CONFIG_ALWAYS_USE_PERSISTENT_CLOCK=y CONFIG_GENERIC_TIME_VSYSCALL=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y @@ -4650,6 +4649,9 @@ CONFIG_INFINIBAND_ISER=m # CONFIG_EDAC is not set CONFIG_RTC_LIB=y CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" # CONFIG_RTC_DEBUG is not set # diff --git a/main/linux-grsec/v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch b/main/linux-grsec/v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch new file mode 100644 index 000000000..0fdafec17 --- /dev/null +++ b/main/linux-grsec/v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch @@ -0,0 +1,89 @@ +From patchwork Tue May 21 10:23:44 2013 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: [v2,net-next] arp: flush arp cache on IFF_NOARP change +Date: Tue, 21 May 2013 00:23:44 -0000 +From: =?utf-8?q?Timo_Ter=C3=A4s?= <timo.teras@iki.fi> +X-Patchwork-Id: 245256 +Message-Id: <1369131824-6318-1-git-send-email-timo.teras@iki.fi> +To: David Miller <davem@davemloft.net>, netdev@vger.kernel.org, kaber@trash.net +Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> + +IFF_NOARP affects what kind of neighbor entries are created +(nud NOARP or nud INCOMPLETE). If the flag changes, flush the arp +cache to refresh all entries. + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> + +--- +> This patch makes no sense at all. +> +> The state bit in ->priv_flags is a boolean stating whether the +> notified should do something or not. +> +> But you're setting it to match what IFF_NOARP is. +> +> You should set it any time IFF_NOARP _changes_, and then clear +> the bit when the notifier clears the neighbour entries. + +IFF_NOARP_CHANGED is set according to "changes = dev->flags ^ old_flags;" +which reflect the change. But I agree that the clearing out bit was +misplaced. This is especially true as it seems NETDEV_CHANGE can be +notified from another place too. + +I've updated the if.h comment to state that the bit is valid only during +NETDEV_CHANGE notifier. And __dev_notify_flags is updated to always clear +the bit after notifiers are done. + + include/uapi/linux/if.h | 2 ++ + net/core/dev.c | 6 +++++- + net/ipv4/arp.c | 4 ++++ + 3 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/include/uapi/linux/if.h b/include/uapi/linux/if.h +index 1ec407b..1be8b35 100644 +--- a/include/uapi/linux/if.h ++++ b/include/uapi/linux/if.h +@@ -83,6 +83,8 @@ + #define IFF_SUPP_NOFCS 0x80000 /* device supports sending custom FCS */ + #define IFF_LIVE_ADDR_CHANGE 0x100000 /* device supports hardware address + * change when it's running */ ++#define IFF_NOARP_CHANGED 0x200000 /* Set during NETDEV_CHANGE notifier ++ * if IFF_NOARP has changed */ + + + #define IF_GET_IFACE 0x0001 /* for querying only */ +diff --git a/net/core/dev.c b/net/core/dev.c +index 18e9730..ce30761 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -4699,8 +4699,12 @@ void __dev_notify_flags(struct net_device *dev, unsigned int old_flags) + } + + if (dev->flags & IFF_UP && +- (changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE))) ++ (changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE))) { ++ if (changes & IFF_NOARP) ++ dev->priv_flags |= IFF_NOARP_CHANGED; + call_netdevice_notifiers(NETDEV_CHANGE, dev); ++ dev->priv_flags &= ~IFF_NOARP_CHANGED; ++ } + } + + /** +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index 247ec19..375b2f2 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -1241,6 +1241,10 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, + neigh_changeaddr(&arp_tbl, dev); + rt_cache_flush(dev_net(dev)); + break; ++ case NETDEV_CHANGE: ++ if (dev->priv_flags & IFF_NOARP_CHANGED) ++ neigh_changeaddr(&arp_tbl, dev); ++ break; + default: + break; + } |