summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD28
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch)1214
-rw-r--r--main/linux-grsec/kernelconfig.x867
-rw-r--r--main/linux-grsec/kernelconfig.x86_647
4 files changed, 771 insertions, 485 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 6d3afc84c..c81b72128 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.14.5
+pkgver=3.14.6
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.14.5-201406021708.patch
+ grsecurity-3.0-3.14.6-201406101411.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -165,26 +165,26 @@ dev() {
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
-a56bf05cb9033097198f9269bbcff130 patch-3.14.5.xz
-e3879ccdca92dbec4e42109a9f5552bb grsecurity-3.0-3.14.5-201406021708.patch
+068b814830b45c232340db534bc06e04 patch-3.14.6.xz
+b4bca0946e46ae371b8456f96bb8f979 grsecurity-3.0-3.14.6-201406101411.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
-7dbab6689abe6d34178c40773ea6759d kernelconfig.x86
-21240113d77342def57ea9d6017c2cd6 kernelconfig.x86_64
+78480c85e37624c15d2720233f6c958a kernelconfig.x86
+0ed796d10c7f84faf528a6b4e92fb3d9 kernelconfig.x86_64
727688e12e37262437fc9ca9c1fbd215 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
-ecc00856830c05736b3f99609bc6d80353c29d2db9b0dffb91eb2d169808cac4 patch-3.14.5.xz
-8695054d1a1bd02acd2a08b1268eb65349f6877b1be1a00251dcbc5dd95a5a00 grsecurity-3.0-3.14.5-201406021708.patch
+b8de86f64a62ec1f5d62ef7b0caf302546be0d397e7c7d29e4b1e260220462d7 patch-3.14.6.xz
+abefdcbacb2c78c0de1168915dc26d16e35ec0e6158e0bbbc84fad819b234404 grsecurity-3.0-3.14.6-201406101411.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
-ea60441bed9d50ed3cde8b73c664448b4efebd60c6b58ea0a6df67f087bbc64b kernelconfig.x86
-c87d9045758f474d092e18a77fc936c1fc9007b09564b79a1ecc46c083c7e3c0 kernelconfig.x86_64
+0ed12d0f86d8e03d4bdbc4f9321b22a7ec449ab5fca765f68f3f031dc493ffae kernelconfig.x86
+48589462cfa1a7ea2ae71dd34c896c6d7e7c285197b78bf0519b5c8a9212a498 kernelconfig.x86_64
00fc74f27931d161ecc1c26e5cd000d9aeaf6ebea6e0e1293ecde14a64d80467 kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
-068d139063c94f0e3fd4c24217705628b20f996f6e4cce88366c060150a123381babcfc05c953c58023deff0f7b28b4129b8d381b20dd4e3ac80ce4dbc4ec1e3 patch-3.14.5.xz
-86aa2f621e4fe52eaf498236289b66532f7a8bc087e9100ec168861cead44b7a4329ad609314b6b0bcbf114adf7378ae4eb38b37fc7d8e414473b7de1b84bd2f grsecurity-3.0-3.14.5-201406021708.patch
+ba8784eb4968b639704e225cbd0455768a3d381ade19d37e0cc06cc00606cc9706163b27441f32b1de4a6f71d44b14004e931ea3f9a2d86c20e35dc881e6d451 patch-3.14.6.xz
+ff19d88212682a8a2d3b244313fd54a37728de477038ebac3e118de7a61c122283f44d5bd700f440e3edd597a9f5f1dbd5bb58b57fe8631357b9ce1ceacbb681 grsecurity-3.0-3.14.6-201406101411.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
-e19c081066d5615f3037d66e8cf5074bfa4d448d8db2f32642957eb808e8c26e2a2467d333f8773a02aac44b13d5afe556780bd2303df3a9ac88ad6099a898b2 kernelconfig.x86
-79f7c6890808b9e1f23332c5697e20c5c22e5a12e0e83f697626c96e0fbf7e22b96ed06ffbf398aac716bb0d02e012f7dd5c51bf501d7a1831110c8d0872f1cd kernelconfig.x86_64
+f86584d51e0d449066f9823efc65ed24ba005226c3873ee4a97ff0885956e58157eee6b2d3984b678d0831e8786675687baa2495bdd17f58e26cccf362f1f8bc kernelconfig.x86
+7c74515e4304c371b9f78297a3e624ca24cb116cfb06e6aa920ff2e3551123b5fbc380a3e5dc5a9a6d153287564a7a779c6925fc002ffb6bccf6f66336087309 kernelconfig.x86_64
84cf8bf558d3fa98a46a2dc1bdd5ddbe4b36b210282d939a47123d889a47240469e7b37f1351854a396c58f4366b8267e1e7990fb91be23bc8ddd9f2a33a6257 kernelconfig.armhf"
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch b/main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch
index 400f193d7..274a809e2 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index fa77b0b..dadf5fd 100644
+index 0d499e6..2318683 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -457,15 +457,16 @@ index fa77b0b..dadf5fd 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1112,6 +1189,7 @@ distclean: mrproper
+@@ -1111,7 +1188,7 @@ distclean: mrproper
+ @find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
- -o -name '.*.rej' \
+- -o -name '.*.rej' \
+ -o -name '.*.rej' -o -name '*.so' \
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1273,6 +1351,8 @@ PHONY += $(module-dirs) modules
+@@ -1273,6 +1350,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -474,7 +475,7 @@ index fa77b0b..dadf5fd 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1412,17 +1492,21 @@ else
+@@ -1412,17 +1491,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -500,7 +501,7 @@ index fa77b0b..dadf5fd 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1432,11 +1516,15 @@ endif
+@@ -1432,11 +1515,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -1524,6 +1525,19 @@ index 62d2cb5..09d45e3 100644
#define atomic64_dec_return(v) atomic64_sub_return(1LL, (v))
#define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0)
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL)
+diff --git a/arch/arm/include/asm/barrier.h b/arch/arm/include/asm/barrier.h
+index 2f59f74..1594659 100644
+--- a/arch/arm/include/asm/barrier.h
++++ b/arch/arm/include/asm/barrier.h
+@@ -63,7 +63,7 @@
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ smp_mb(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/arm/include/asm/cache.h b/arch/arm/include/asm/cache.h
index 75fe66b..ba3dee4 100644
--- a/arch/arm/include/asm/cache.h
@@ -4716,6 +4730,19 @@ index ce6d763..cfea917 100644
extern void *samsung_dmadev_get_ops(void);
extern void *s3c_dma_get_ops(void);
+diff --git a/arch/arm64/include/asm/barrier.h b/arch/arm64/include/asm/barrier.h
+index 409ca37..10c87ad 100644
+--- a/arch/arm64/include/asm/barrier.h
++++ b/arch/arm64/include/asm/barrier.h
+@@ -40,7 +40,7 @@
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ smp_mb(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index 6c0f684..5faea9d 100644
--- a/arch/arm64/include/asm/uaccess.h
@@ -5010,6 +5037,19 @@ index 6e6fe18..a6ae668 100644
/* Atomic operations are already serializing */
#define smp_mb__before_atomic_dec() barrier()
#define smp_mb__after_atomic_dec() barrier()
+diff --git a/arch/ia64/include/asm/barrier.h b/arch/ia64/include/asm/barrier.h
+index d0a69aa..142f878 100644
+--- a/arch/ia64/include/asm/barrier.h
++++ b/arch/ia64/include/asm/barrier.h
+@@ -64,7 +64,7 @@
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ barrier(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/ia64/include/asm/cache.h b/arch/ia64/include/asm/cache.h
index 988254a..e1ee885 100644
--- a/arch/ia64/include/asm/cache.h
@@ -5497,6 +5537,19 @@ index 0395c51..5f26031 100644
#define ARCH_DMA_MINALIGN L1_CACHE_BYTES
+diff --git a/arch/metag/include/asm/barrier.h b/arch/metag/include/asm/barrier.h
+index 2d6f0de..de5f5ac 100644
+--- a/arch/metag/include/asm/barrier.h
++++ b/arch/metag/include/asm/barrier.h
+@@ -89,7 +89,7 @@ static inline void fence(void)
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ smp_mb(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
index 0424315..defcca9 100644
--- a/arch/metag/mm/hugetlbpage.c
@@ -6459,6 +6512,19 @@ index 7eed2f2..c4e385d 100644
/*
* atomic64_add_negative - add and test if negative
+diff --git a/arch/mips/include/asm/barrier.h b/arch/mips/include/asm/barrier.h
+index e1aa4e4..670b68b 100644
+--- a/arch/mips/include/asm/barrier.h
++++ b/arch/mips/include/asm/barrier.h
+@@ -184,7 +184,7 @@
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ smp_mb(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/mips/include/asm/cache.h b/arch/mips/include/asm/cache.h
index b4db69f..8f3b093 100644
--- a/arch/mips/include/asm/cache.h
@@ -7684,10 +7750,10 @@ index 31ffa9b..588a798 100644
mm->mmap_base = mm->mmap_legacy_base;
mm->get_unmapped_area = arch_get_unmapped_area;
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
-index 1cd1d0c..44ec918 100644
+index 47ee620..1107387 100644
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
-@@ -722,9 +722,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
+@@ -726,9 +726,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
down_read(&current->mm->mmap_sem);
vma = find_vma(current->mm,regs->iaoq[0]);
@@ -7699,7 +7765,7 @@ index 1cd1d0c..44ec918 100644
fault_space = regs->iasq[0];
diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
-index 9d08c71..e2b4d20 100644
+index d72197f..c017c84 100644
--- a/arch/parisc/mm/fault.c
+++ b/arch/parisc/mm/fault.c
@@ -15,6 +15,7 @@
@@ -7710,7 +7776,7 @@ index 9d08c71..e2b4d20 100644
#include <asm/uaccess.h>
#include <asm/traps.h>
-@@ -52,7 +53,7 @@ DEFINE_PER_CPU(struct exception_data, exception_data);
+@@ -50,7 +51,7 @@ int show_unhandled_signals = 1;
static unsigned long
parisc_acctyp(unsigned long code, unsigned int inst)
{
@@ -7719,7 +7785,7 @@ index 9d08c71..e2b4d20 100644
return VM_EXEC;
switch (inst & 0xf0000000) {
-@@ -138,6 +139,116 @@ parisc_acctyp(unsigned long code, unsigned int inst)
+@@ -136,6 +137,116 @@ parisc_acctyp(unsigned long code, unsigned int inst)
}
#endif
@@ -7836,7 +7902,7 @@ index 9d08c71..e2b4d20 100644
int fixup_exception(struct pt_regs *regs)
{
const struct exception_table_entry *fix;
-@@ -210,8 +321,33 @@ retry:
+@@ -234,8 +345,33 @@ retry:
good_area:
@@ -7904,6 +7970,19 @@ index e3b1d41..8e81edf 100644
#endif /* __powerpc64__ */
#endif /* __KERNEL__ */
+diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h
+index f89da80..7f5b05a 100644
+--- a/arch/powerpc/include/asm/barrier.h
++++ b/arch/powerpc/include/asm/barrier.h
+@@ -73,7 +73,7 @@
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ __lwsync(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/powerpc/include/asm/cache.h b/arch/powerpc/include/asm/cache.h
index ed0afc1..0332825 100644
--- a/arch/powerpc/include/asm/cache.h
@@ -9020,6 +9099,19 @@ index 1d47061..0714963 100644
#define smp_mb__before_atomic_dec() smp_mb()
#define smp_mb__after_atomic_dec() smp_mb()
#define smp_mb__before_atomic_inc() smp_mb()
+diff --git a/arch/s390/include/asm/barrier.h b/arch/s390/include/asm/barrier.h
+index 578680f..0eb3b11 100644
+--- a/arch/s390/include/asm/barrier.h
++++ b/arch/s390/include/asm/barrier.h
+@@ -36,7 +36,7 @@
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ barrier(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/s390/include/asm/cache.h b/arch/s390/include/asm/cache.h
index 4d7ccac..d03d0ad 100644
--- a/arch/s390/include/asm/cache.h
@@ -9623,6 +9715,19 @@ index be56a24..443328f 100644
}
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
+diff --git a/arch/sparc/include/asm/barrier_64.h b/arch/sparc/include/asm/barrier_64.h
+index b5aad96..99d7465 100644
+--- a/arch/sparc/include/asm/barrier_64.h
++++ b/arch/sparc/include/asm/barrier_64.h
+@@ -57,7 +57,7 @@ do { __asm__ __volatile__("ba,pt %%xcc, 1f\n\t" \
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ barrier(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/sparc/include/asm/cache.h b/arch/sparc/include/asm/cache.h
index 5bb6991..5c2132e 100644
--- a/arch/sparc/include/asm/cache.h
@@ -15986,6 +16091,28 @@ index 46e9052..ae45136 100644
}
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
+diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h
+index 69bbb48..32517fe 100644
+--- a/arch/x86/include/asm/barrier.h
++++ b/arch/x86/include/asm/barrier.h
+@@ -107,7 +107,7 @@
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ smp_mb(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
+@@ -124,7 +124,7 @@ do { \
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ barrier(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
index 9fc1af7..fc71228 100644
--- a/arch/x86/include/asm/bitops.h
@@ -16958,18 +17085,6 @@ index b4c1f54..e290c08 100644
pagefault_enable();
-diff --git a/arch/x86/include/asm/hugetlb.h b/arch/x86/include/asm/hugetlb.h
-index a809121..68c0539 100644
---- a/arch/x86/include/asm/hugetlb.h
-+++ b/arch/x86/include/asm/hugetlb.h
-@@ -52,6 +52,7 @@ static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm,
- static inline void huge_ptep_clear_flush(struct vm_area_struct *vma,
- unsigned long addr, pte_t *ptep)
- {
-+ ptep_clear_flush(vma, addr, ptep);
- }
-
- static inline int huge_pte_none(pte_t pte)
diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
index 67d69b8..50e4b77 100644
--- a/arch/x86/include/asm/hw_irq.h
@@ -17593,6 +17708,19 @@ index 0f1ddee..e2fc3d1 100644
{
unsigned long y = x - __START_KERNEL_map;
+diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
+index 8de6d9c..6782051 100644
+--- a/arch/x86/include/asm/page_64_types.h
++++ b/arch/x86/include/asm/page_64_types.h
+@@ -1,7 +1,7 @@
+ #ifndef _ASM_X86_PAGE_64_DEFS_H
+ #define _ASM_X86_PAGE_64_DEFS_H
+
+-#define THREAD_SIZE_ORDER 1
++#define THREAD_SIZE_ORDER 2
+ #define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER)
+ #define CURRENT_MASK (~(THREAD_SIZE - 1))
+
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index cd6e1610..70f4418 100644
--- a/arch/x86/include/asm/paravirt.h
@@ -25823,19 +25951,10 @@ index c2bedae..25e7ab6 100644
.name = "data",
.mode = S_IRUGO,
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index af1d14a..81ae763 100644
+index dcbbaa1..81ae763 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
-@@ -20,6 +20,8 @@
- #include <asm/mmu_context.h>
- #include <asm/syscalls.h>
-
-+int sysctl_ldt16 = 0;
-+
- #ifdef CONFIG_SMP
- static void flush_ldt(void *current_mm)
- {
-@@ -66,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
+@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
if (reload) {
#ifdef CONFIG_SMP
preempt_disable();
@@ -25851,7 +25970,7 @@ index af1d14a..81ae763 100644
#endif
}
if (oldsize) {
-@@ -94,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
+@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
return err;
for (i = 0; i < old->size; i++)
@@ -25860,7 +25979,7 @@ index af1d14a..81ae763 100644
return 0;
}
-@@ -115,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
+@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
retval = copy_ldt(&mm->context, &old_mm->context);
mutex_unlock(&old_mm->context.lock);
}
@@ -25885,7 +26004,7 @@ index af1d14a..81ae763 100644
return retval;
}
-@@ -229,12 +249,19 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
@@ -25899,13 +26018,6 @@ index af1d14a..81ae763 100644
/*
* On x86-64 we do not support 16-bit segments due to
* IRET leaking the high bits of the kernel stack address.
- */
- #ifdef CONFIG_X86_64
-- if (!ldt_info.seg_32bit) {
-+ if (!ldt_info.seg_32bit && !sysctl_ldt16) {
- error = -EINVAL;
- goto out_unlock;
- }
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 1667b1d..16492c5 100644
--- a/arch/x86/kernel/machine_kexec_32.c
@@ -27275,35 +27387,32 @@ index 7c3a5a6..f0a8961 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index a32da80..30c97f1 100644
+index a32da80..041a4ff 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
-@@ -229,14 +229,18 @@ static void notrace start_secondary(void *unused)
+@@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused)
enable_start_cpu0 = 0;
-#ifdef CONFIG_X86_32
-- /* switch away from the initial page table */
-- load_cr3(swapper_pg_dir);
-- __flush_tlb_all();
--#endif
--
- /* otherwise gcc will move up smp_processor_id before the cpu_init */
- barrier();
++ /* otherwise gcc will move up smp_processor_id before the cpu_init */
++ barrier();
+
-+ /* switch away from the initial page table */
+ /* switch away from the initial page table */
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ load_cr3(get_cpu_pgd(smp_processor_id(), kernel));
-+ __flush_tlb_all();
-+#elif defined(CONFIG_X86_32)
-+ load_cr3(swapper_pg_dir);
-+ __flush_tlb_all();
++#else
+ load_cr3(swapper_pg_dir);
+#endif
-+
+ __flush_tlb_all();
+-#endif
+
+- /* otherwise gcc will move up smp_processor_id before the cpu_init */
+- barrier();
/*
* Check TSC synchronization with the BP:
*/
-@@ -749,8 +753,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -749,8 +752,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
alternatives_enable_smp();
idle->thread.sp = (unsigned long) (((struct pt_regs *)
@@ -27314,7 +27423,7 @@ index a32da80..30c97f1 100644
#ifdef CONFIG_X86_32
/* Stack for startup_32 can be just as for start_secondary onwards */
-@@ -758,11 +763,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -758,11 +762,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
#else
clear_tsk_thread_flag(idle, TIF_FORK);
initial_gs = per_cpu_offset(cpu);
@@ -27331,7 +27440,7 @@ index a32da80..30c97f1 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -911,6 +918,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -911,6 +917,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
@@ -35630,7 +35739,7 @@ index fd14be1..e3c79c0 100644
#
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
-index d6bfb87..a75c5f7 100644
+index f1d633a..a75c5f7 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -25,6 +25,7 @@
@@ -35641,15 +35750,7 @@ index d6bfb87..a75c5f7 100644
enum {
VDSO_DISABLED = 0,
-@@ -41,6 +42,7 @@ enum {
- #ifdef CONFIG_X86_64
- #define vdso_enabled sysctl_vsyscall32
- #define arch_setup_additional_pages syscall32_setup_pages
-+extern int sysctl_ldt16;
- #endif
-
- /*
-@@ -226,7 +228,7 @@ static inline void map_compat_vdso(int map)
+@@ -227,7 +228,7 @@ static inline void map_compat_vdso(int map)
void enable_sep_cpu(void)
{
int cpu = get_cpu();
@@ -35658,7 +35759,7 @@ index d6bfb87..a75c5f7 100644
if (!boot_cpu_has(X86_FEATURE_SEP)) {
put_cpu();
-@@ -249,7 +251,7 @@ static int __init gate_vma_init(void)
+@@ -250,7 +251,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -35667,7 +35768,7 @@ index d6bfb87..a75c5f7 100644
return 0;
}
-@@ -330,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
if (compat)
addr = VDSO_HIGH_BASE;
else {
@@ -35684,7 +35785,7 @@ index d6bfb87..a75c5f7 100644
if (compat_uses_vma || !compat) {
/*
-@@ -353,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -354,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
}
current_thread_info()->sysenter_return =
@@ -35698,21 +35799,7 @@ index d6bfb87..a75c5f7 100644
up_write(&mm->mmap_sem);
-@@ -380,6 +382,13 @@ static struct ctl_table abi_table2[] = {
- .mode = 0644,
- .proc_handler = proc_dointvec
- },
-+ {
-+ .procname = "ldt16",
-+ .data = &sysctl_ldt16,
-+ .maxlen = sizeof(int),
-+ .mode = 0644,
-+ .proc_handler = proc_dointvec
-+ },
- {}
- };
-
-@@ -404,8 +413,14 @@ __initcall(ia32_binfmt_init);
+@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init);
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -35728,7 +35815,7 @@ index d6bfb87..a75c5f7 100644
return NULL;
}
-@@ -415,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
+@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
* Check to see if the corresponding task was created in compat vdso
* mode.
*/
@@ -36531,7 +36618,7 @@ index a83e3c6..c3d617f 100644
bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj);
if (!bgrt_kobj)
diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c
-index afec452..c5d8b96 100644
+index 3d8413d..95f638c 100644
--- a/drivers/acpi/blacklist.c
+++ b/drivers/acpi/blacklist.c
@@ -51,7 +51,7 @@ struct acpi_blacklist_item {
@@ -36612,7 +36699,7 @@ index 36605ab..6ef6d4b 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 0a79c54..c1b92ed 100644
+index bb26636..09cbdb4 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
@@ -38757,10 +38844,10 @@ index ec4e10f..f2a763b 100644
intf->proc_dir = NULL;
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 03f4189..e79f5e0 100644
+index 8b4fa2c..5f81848 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
-@@ -280,7 +280,7 @@ struct smi_info {
+@@ -283,7 +283,7 @@ struct smi_info {
unsigned char slave_addr;
/* Counters and things for the proc filesystem. */
@@ -38769,7 +38856,7 @@ index 03f4189..e79f5e0 100644
struct task_struct *thread;
-@@ -289,9 +289,9 @@ struct smi_info {
+@@ -292,9 +292,9 @@ struct smi_info {
};
#define smi_inc_stat(smi, stat) \
@@ -38781,7 +38868,7 @@ index 03f4189..e79f5e0 100644
#define SI_MAX_PARMS 4
-@@ -3339,7 +3339,7 @@ static int try_smi_init(struct smi_info *new_smi)
+@@ -3349,7 +3349,7 @@ static int try_smi_init(struct smi_info *new_smi)
atomic_set(&new_smi->req_events, 0);
new_smi->run_to_completion = 0;
for (i = 0; i < SI_NUM_STATS; i++)
@@ -39505,10 +39592,10 @@ index 18d4091..434be15 100644
}
EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
-index 2cd36b9..8f07fae 100644
+index 9ac3783..652b033 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
-@@ -124,10 +124,10 @@ struct pstate_funcs {
+@@ -126,10 +126,10 @@ struct pstate_funcs {
struct cpu_defaults {
struct pstate_adjust_policy pid_policy;
struct pstate_funcs funcs;
@@ -39521,7 +39608,7 @@ index 2cd36b9..8f07fae 100644
struct perf_limits {
int no_turbo;
-@@ -518,7 +518,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
+@@ -527,7 +527,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
cpu->pstate.current_pstate = pstate;
@@ -39530,7 +39617,7 @@ index 2cd36b9..8f07fae 100644
}
static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps)
-@@ -540,12 +540,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
+@@ -549,12 +549,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
{
sprintf(cpu->name, "Intel 2nd generation core");
@@ -39545,10 +39632,10 @@ index 2cd36b9..8f07fae 100644
- pstate_funcs.get_vid(cpu);
+ if (pstate_funcs->get_vid)
+ pstate_funcs->get_vid(cpu);
+ intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
+ }
- /*
- * goto max pstate so we don't slow up boot if we are built-in if we are
-@@ -832,9 +832,9 @@ static int intel_pstate_msrs_not_valid(void)
+@@ -830,9 +830,9 @@ static int intel_pstate_msrs_not_valid(void)
rdmsrl(MSR_IA32_APERF, aperf);
rdmsrl(MSR_IA32_MPERF, mperf);
@@ -39561,7 +39648,7 @@ index 2cd36b9..8f07fae 100644
return -ENODEV;
rdmsrl(MSR_IA32_APERF, tmp);
-@@ -848,7 +848,7 @@ static int intel_pstate_msrs_not_valid(void)
+@@ -846,7 +846,7 @@ static int intel_pstate_msrs_not_valid(void)
return 0;
}
@@ -39570,7 +39657,7 @@ index 2cd36b9..8f07fae 100644
{
pid_params.sample_rate_ms = policy->sample_rate_ms;
pid_params.p_gain_pct = policy->p_gain_pct;
-@@ -860,11 +860,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
+@@ -858,11 +858,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
static void copy_cpu_funcs(struct pstate_funcs *funcs)
{
@@ -40657,10 +40744,10 @@ index 3c59584..500f2e9 100644
return ret;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index d554169..f4426bb 100644
+index 4050450..f67c5c1 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
-@@ -1438,7 +1438,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
+@@ -1448,7 +1448,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
int pipe;
u32 pipe_stats[I915_MAX_PIPES];
@@ -40669,7 +40756,7 @@ index d554169..f4426bb 100644
while (true) {
iir = I915_READ(VLV_IIR);
-@@ -1751,7 +1751,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
+@@ -1761,7 +1761,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
u32 de_iir, gt_iir, de_ier, sde_ier = 0;
irqreturn_t ret = IRQ_NONE;
@@ -40678,7 +40765,7 @@ index d554169..f4426bb 100644
/* We get interrupts on unclaimed registers, so check for this before we
* do any I915_{READ,WRITE}. */
-@@ -1821,7 +1821,7 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg)
+@@ -1831,7 +1831,7 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg)
uint32_t tmp = 0;
enum pipe pipe;
@@ -40687,7 +40774,7 @@ index d554169..f4426bb 100644
master_ctl = I915_READ(GEN8_MASTER_IRQ);
master_ctl &= ~GEN8_MASTER_IRQ_CONTROL;
-@@ -2645,7 +2645,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -2655,7 +2655,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
@@ -40696,7 +40783,7 @@ index d554169..f4426bb 100644
I915_WRITE(HWSTAM, 0xeffe);
-@@ -2663,7 +2663,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
+@@ -2673,7 +2673,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -40705,7 +40792,7 @@ index d554169..f4426bb 100644
/* VLV magic */
I915_WRITE(VLV_IMR, 0);
-@@ -2694,7 +2694,7 @@ static void gen8_irq_preinstall(struct drm_device *dev)
+@@ -2704,7 +2704,7 @@ static void gen8_irq_preinstall(struct drm_device *dev)
struct drm_i915_private *dev_priv = dev->dev_private;
int pipe;
@@ -40714,7 +40801,7 @@ index d554169..f4426bb 100644
I915_WRITE(GEN8_MASTER_IRQ, 0);
POSTING_READ(GEN8_MASTER_IRQ);
-@@ -3018,7 +3018,7 @@ static void gen8_irq_uninstall(struct drm_device *dev)
+@@ -3028,7 +3028,7 @@ static void gen8_irq_uninstall(struct drm_device *dev)
if (!dev_priv)
return;
@@ -40723,7 +40810,7 @@ index d554169..f4426bb 100644
I915_WRITE(GEN8_MASTER_IRQ, 0);
-@@ -3112,7 +3112,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -3122,7 +3122,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -40732,7 +40819,7 @@ index d554169..f4426bb 100644
for_each_pipe(pipe)
I915_WRITE(PIPESTAT(pipe), 0);
-@@ -3198,7 +3198,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
+@@ -3208,7 +3208,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -40741,7 +40828,7 @@ index d554169..f4426bb 100644
iir = I915_READ16(IIR);
if (iir == 0)
-@@ -3277,7 +3277,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -3287,7 +3287,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -40750,7 +40837,7 @@ index d554169..f4426bb 100644
if (I915_HAS_HOTPLUG(dev)) {
I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -3384,7 +3384,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
+@@ -3394,7 +3394,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
int pipe, ret = IRQ_NONE;
@@ -40759,7 +40846,7 @@ index d554169..f4426bb 100644
iir = I915_READ(IIR);
do {
-@@ -3511,7 +3511,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -3521,7 +3521,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -40768,7 +40855,7 @@ index d554169..f4426bb 100644
I915_WRITE(PORT_HOTPLUG_EN, 0);
I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -3627,7 +3627,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
+@@ -3637,7 +3637,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -40778,10 +40865,10 @@ index d554169..f4426bb 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 963639d..ea0c0cb 100644
+index 9d4d837..6836e22 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -10787,13 +10787,13 @@ struct intel_quirk {
+@@ -10798,13 +10798,13 @@ struct intel_quirk {
int subsystem_vendor;
int subsystem_device;
void (*hook)(struct drm_device *dev);
@@ -40797,7 +40884,7 @@ index 963639d..ea0c0cb 100644
static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
{
-@@ -10801,18 +10801,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
+@@ -10812,18 +10812,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
return 1;
}
@@ -41375,10 +41462,10 @@ index 4a85bb6..aaea819 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 044bc98..50ced9b 100644
+index 7f370b3..4e92ca6 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
-@@ -1125,7 +1125,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1128,7 +1128,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
@@ -42152,7 +42239,7 @@ index ae208f6..48b6c5b 100644
{
sysfs_attr_init(&attr->attr);
diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c
-index bbb0b0d..9fe1332 100644
+index 1599310..cd9525c 100644
--- a/drivers/hwmon/coretemp.c
+++ b/drivers/hwmon/coretemp.c
@@ -823,7 +823,7 @@ static int coretemp_cpu_callback(struct notifier_block *nfb,
@@ -43438,10 +43525,10 @@ index b604564..3f14ae4 100644
return count;
diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c
-index 8f4c4ab..5fc8a45 100644
+index b29134d..394deb0 100644
--- a/drivers/input/serio/serio.c
+++ b/drivers/input/serio/serio.c
-@@ -505,7 +505,7 @@ static void serio_release_port(struct device *dev)
+@@ -514,7 +514,7 @@ static void serio_release_port(struct device *dev)
*/
static void serio_init_port(struct serio *serio)
{
@@ -43450,7 +43537,7 @@ index 8f4c4ab..5fc8a45 100644
__module_get(THIS_MODULE);
-@@ -516,7 +516,7 @@ static void serio_init_port(struct serio *serio)
+@@ -525,7 +525,7 @@ static void serio_init_port(struct serio *serio)
mutex_init(&serio->drv_mutex);
device_initialize(&serio->dev);
dev_set_name(&serio->dev, "serio%ld",
@@ -43525,7 +43612,7 @@ index 228632c9..edfe331 100644
bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip)
diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
-index 341c601..e5f407e 100644
+index ac2d41b..c657aa4 100644
--- a/drivers/irqchip/irq-gic.c
+++ b/drivers/irqchip/irq-gic.c
@@ -84,7 +84,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
@@ -43537,7 +43624,7 @@ index 341c601..e5f407e 100644
.irq_eoi = NULL,
.irq_mask = NULL,
.irq_unmask = NULL,
-@@ -332,7 +332,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
+@@ -336,7 +336,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
chained_irq_exit(chip, desc);
}
@@ -44429,7 +44516,7 @@ index 8c53b09..f1fb2b0 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 4ad5cc4..0f19664 100644
+index 51c431c..be0fbd6 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
@@ -44623,10 +44710,10 @@ index 56e24c0..e1c8e1f 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 33fc408..fc61709 100644
+index cb882aa..9bd076e 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
-@@ -1948,7 +1948,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
*/
@@ -44635,7 +44722,7 @@ index 33fc408..fc61709 100644
&conf->mirrors[d].rdev->corrected_errors);
/* for reconstruct, we always reschedule after a read.
-@@ -2306,7 +2306,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2307,7 +2307,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
{
struct timespec cur_time_mon;
unsigned long hours_since_last;
@@ -44644,7 +44731,7 @@ index 33fc408..fc61709 100644
ktime_get_ts(&cur_time_mon);
-@@ -2328,9 +2328,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2329,9 +2329,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
* overflowing the shift of read_errors by hours_since_last.
*/
if (hours_since_last >= 8 * sizeof(read_errors))
@@ -44656,7 +44743,7 @@ index 33fc408..fc61709 100644
}
static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -2384,8 +2384,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2385,8 +2385,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
return;
check_decay_read_errors(mddev, rdev);
@@ -44667,7 +44754,7 @@ index 33fc408..fc61709 100644
char b[BDEVNAME_SIZE];
bdevname(rdev->bdev, b);
-@@ -2393,7 +2393,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2394,7 +2394,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
"md/raid10:%s: %s: Raid device exceeded "
"read_error threshold [cur %d:max %d]\n",
mdname(mddev), b,
@@ -44676,7 +44763,7 @@ index 33fc408..fc61709 100644
printk(KERN_NOTICE
"md/raid10:%s: %s: Failing raid device\n",
mdname(mddev), b);
-@@ -2548,7 +2548,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2549,7 +2549,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
sect +
choose_data_offset(r10_bio, rdev)),
bdevname(rdev->bdev, b));
@@ -44750,18 +44837,6 @@ index 9b6c3bb..baeb5c7 100644
#if IS_ENABLED(CONFIG_DVB_DIB3000MB)
extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
-diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
-index d5a7a13..703560f 100644
---- a/drivers/media/media-device.c
-+++ b/drivers/media/media-device.c
-@@ -93,6 +93,7 @@ static long media_device_enum_entities(struct media_device *mdev,
- struct media_entity *ent;
- struct media_entity_desc u_ent;
-
-+ memset(&u_ent, 0, sizeof(u_ent));
- if (copy_from_user(&u_ent.id, &uent->id, sizeof(u_ent.id)))
- return -EFAULT;
-
diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c
index ed8cb90..5ef7f79 100644
--- a/drivers/media/pci/cx88/cx88-video.c
@@ -45096,10 +45171,10 @@ index ae0f56a..ec71784 100644
/* debug */
static int dvb_usb_dw2102_debug;
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
-index b63a5e5..b16a062 100644
+index fca336b..fb70ab7 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
-@@ -326,7 +326,7 @@ struct v4l2_buffer32 {
+@@ -328,7 +328,7 @@ struct v4l2_buffer32 {
__u32 reserved;
};
@@ -45108,7 +45183,7 @@ index b63a5e5..b16a062 100644
enum v4l2_memory memory)
{
void __user *up_pln;
-@@ -355,7 +355,7 @@ static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32,
+@@ -357,7 +357,7 @@ static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32,
return 0;
}
@@ -45117,7 +45192,7 @@ index b63a5e5..b16a062 100644
enum v4l2_memory memory)
{
if (copy_in_user(up32, up, 2 * sizeof(__u32)) ||
-@@ -425,7 +425,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
+@@ -427,7 +427,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
* by passing a very big num_planes value */
uplane = compat_alloc_user_space(num_planes *
sizeof(struct v4l2_plane));
@@ -45126,7 +45201,7 @@ index b63a5e5..b16a062 100644
while (--num_planes >= 0) {
ret = get_v4l2_plane32(uplane, uplane32, kp->memory);
-@@ -496,7 +496,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
+@@ -498,7 +498,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
if (num_planes == 0)
return 0;
@@ -45135,7 +45210,7 @@ index b63a5e5..b16a062 100644
if (get_user(p, &up->m.planes))
return -EFAULT;
uplane32 = compat_ptr(p);
-@@ -550,7 +550,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_frame
+@@ -552,7 +552,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_frame
get_user(kp->capability, &up->capability) ||
get_user(kp->flags, &up->flags))
return -EFAULT;
@@ -45144,7 +45219,7 @@ index b63a5e5..b16a062 100644
get_v4l2_pix_format(&kp->fmt, &up->fmt);
return 0;
}
-@@ -656,7 +656,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
+@@ -658,7 +658,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
n * sizeof(struct v4l2_ext_control32)))
return -EFAULT;
kcontrols = compat_alloc_user_space(n * sizeof(struct v4l2_ext_control));
@@ -45153,7 +45228,7 @@ index b63a5e5..b16a062 100644
while (--n >= 0) {
if (copy_in_user(kcontrols, ucontrols, sizeof(*ucontrols)))
return -EFAULT;
-@@ -678,7 +678,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
+@@ -680,7 +680,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up)
{
struct v4l2_ext_control32 __user *ucontrols;
@@ -45162,7 +45237,7 @@ index b63a5e5..b16a062 100644
int n = kp->count;
compat_caddr_t p;
-@@ -772,7 +772,7 @@ static int put_v4l2_subdev_edid32(struct v4l2_subdev_edid *kp, struct v4l2_subde
+@@ -774,7 +774,7 @@ static int put_v4l2_subdev_edid32(struct v4l2_subdev_edid *kp, struct v4l2_subde
put_user(kp->start_block, &up->start_block) ||
put_user(kp->blocks, &up->blocks) ||
put_user(tmp, &up->edid) ||
@@ -45576,18 +45651,6 @@ index d1a22aa..d0f7bf7 100644
static char **event_name;
static u8 avg_sample = SAMPLE_16;
-diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c
-index 81b7d88..95ae998 100644
---- a/drivers/mfd/janz-cmodio.c
-+++ b/drivers/mfd/janz-cmodio.c
-@@ -13,6 +13,7 @@
-
- #include <linux/kernel.h>
- #include <linux/module.h>
-+#include <linux/slab.h>
- #include <linux/init.h>
- #include <linux/pci.h>
- #include <linux/interrupt.h>
diff --git a/drivers/mfd/max8925-i2c.c b/drivers/mfd/max8925-i2c.c
index a83eed5..62a58a9 100644
--- a/drivers/mfd/max8925-i2c.c
@@ -46525,6 +46588,18 @@ index be7d7a6..a8983f8 100644
break;
default:
dev_err(&adapter->pdev->dev, "Invalid Virtual NIC opmode\n");
+diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
+index 7d4f549..3e46c89 100644
+--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
+@@ -1022,6 +1022,7 @@ static int qlcnic_dcb_peer_app_info(struct net_device *netdev,
+ struct qlcnic_dcb_cee *peer;
+ int i;
+
++ memset(info, 0, sizeof(*info));
+ *app_count = 0;
+
+ if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state))
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
index 7763962..c3499a7 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
@@ -47599,7 +47674,7 @@ index ea7e70c..bc0c45f 100644
data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled",
data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled",
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index f950780..be9df93 100644
+index 8d42fd9..d923d65 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
@@ -1365,7 +1365,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
@@ -50157,10 +50232,10 @@ index df5e961..df6b97f 100644
return blk_trace_startstop(sdp->device->request_queue, 1);
case BLKTRACESTOP:
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
-index d0b28bb..a263613 100644
+index fbf3b22..f5c8b60 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
-@@ -1971,7 +1971,7 @@ int spi_bus_unlock(struct spi_master *master)
+@@ -1980,7 +1980,7 @@ int spi_bus_unlock(struct spi_master *master)
EXPORT_SYMBOL_GPL(spi_bus_unlock);
/* portable code must never pass more than 32 bytes */
@@ -50722,10 +50797,10 @@ index 24884ca..26c8220 100644
login->tgt_agt = sbp_target_agent_register(login);
if (IS_ERR(login->tgt_agt)) {
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 65001e1..2ebfbb9 100644
+index 26416c1..e796a3d 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
-@@ -1520,7 +1520,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
+@@ -1524,7 +1524,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
spin_lock_init(&dev->se_tmr_lock);
spin_lock_init(&dev->qf_cmd_lock);
sema_init(&dev->caw_sem, 1);
@@ -50735,10 +50810,10 @@ index 65001e1..2ebfbb9 100644
spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
INIT_LIST_HEAD(&dev->t10_pr.registration_list);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index 2956250..b10f722 100644
+index 98b48d4..f4297e5 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
-@@ -1136,7 +1136,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
+@@ -1137,7 +1137,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
* Used to determine when ORDERED commands should go from
* Dormant to Active status.
*/
@@ -56361,19 +56436,6 @@ index 370b24c..ff0be7b 100644
---help---
A.out (Assembler.OUTput) is a set of formats for libraries and
executables used in the earliest versions of UNIX. Linux used
-diff --git a/fs/affs/super.c b/fs/affs/super.c
-index d098731..9a5b19d 100644
---- a/fs/affs/super.c
-+++ b/fs/affs/super.c
-@@ -336,8 +336,6 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent)
- &blocksize,&sbi->s_prefix,
- sbi->s_volume, &mount_flags)) {
- printk(KERN_ERR "AFFS: Error parsing options\n");
-- kfree(sbi->s_prefix);
-- kfree(sbi);
- return -EINVAL;
- }
- /* N.B. after this point s_prefix must be released */
diff --git a/fs/afs/inode.c b/fs/afs/inode.c
index ce25d75..dc09eeb 100644
--- a/fs/afs/inode.c
@@ -56397,7 +56459,7 @@ index ce25d75..dc09eeb 100644
&data);
if (!inode) {
diff --git a/fs/aio.c b/fs/aio.c
-index 12a3de0e..25949c1 100644
+index 04cd768..25949c1 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -375,7 +375,7 @@ static int aio_setup_ring(struct kioctx *ctx)
@@ -56409,19 +56471,6 @@ index 12a3de0e..25949c1 100644
return -EINVAL;
file = aio_private_file(ctx, nr_pages);
-@@ -1299,10 +1299,8 @@ rw_common:
- &iovec, compat)
- : aio_setup_single_vector(req, rw, buf, &nr_segs,
- iovec);
-- if (ret)
-- return ret;
--
-- ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes);
-+ if (!ret)
-+ ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes);
- if (ret < 0) {
- if (iovec != &inline_vec)
- kfree(iovec);
diff --git a/fs/attr.c b/fs/attr.c
index 5d4e59d..fd02418 100644
--- a/fs/attr.c
@@ -57893,7 +57942,7 @@ index ebaff36..7e3ea26 100644
kunmap(page);
file_end_write(file);
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
-index 45eda6d..9126f7f 100644
+index 5e0982a..b7e82bc 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -248,7 +248,7 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx)
@@ -58627,27 +58676,10 @@ index e081acb..911df21 100644
/*
* We'll have a dentry and an inode for
diff --git a/fs/coredump.c b/fs/coredump.c
-index e3ad709..836c55f 100644
+index 0b2528f..836c55f 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
-@@ -73,10 +73,15 @@ static int expand_corename(struct core_name *cn, int size)
- static int cn_vprintf(struct core_name *cn, const char *fmt, va_list arg)
- {
- int free, need;
-+ va_list arg_copy;
-
- again:
- free = cn->size - cn->used;
-- need = vsnprintf(cn->corename + cn->used, free, fmt, arg);
-+
-+ va_copy(arg_copy, arg);
-+ need = vsnprintf(cn->corename + cn->used, free, fmt, arg_copy);
-+ va_end(arg_copy);
-+
- if (need < free) {
- cn->used += need;
- return 0;
-@@ -437,8 +442,8 @@ static void wait_for_dump_helpers(struct file *file)
+@@ -442,8 +442,8 @@ static void wait_for_dump_helpers(struct file *file)
struct pipe_inode_info *pipe = file->private_data;
pipe_lock(pipe);
@@ -58658,7 +58690,7 @@ index e3ad709..836c55f 100644
wake_up_interruptible_sync(&pipe->wait);
kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
pipe_unlock(pipe);
-@@ -447,11 +452,11 @@ static void wait_for_dump_helpers(struct file *file)
+@@ -452,11 +452,11 @@ static void wait_for_dump_helpers(struct file *file)
* We actually want wait_event_freezable() but then we need
* to clear TIF_SIGPENDING and improve dump_interrupted().
*/
@@ -58673,7 +58705,7 @@ index e3ad709..836c55f 100644
pipe_unlock(pipe);
}
-@@ -498,7 +503,9 @@ void do_coredump(const siginfo_t *siginfo)
+@@ -503,7 +503,9 @@ void do_coredump(const siginfo_t *siginfo)
struct files_struct *displaced;
bool need_nonrelative = false;
bool core_dumped = false;
@@ -58684,7 +58716,7 @@ index e3ad709..836c55f 100644
struct coredump_params cprm = {
.siginfo = siginfo,
.regs = signal_pt_regs(),
-@@ -511,12 +518,17 @@ void do_coredump(const siginfo_t *siginfo)
+@@ -516,12 +518,17 @@ void do_coredump(const siginfo_t *siginfo)
.mm_flags = mm->flags,
};
@@ -58704,7 +58736,7 @@ index e3ad709..836c55f 100644
goto fail;
cred = prepare_creds();
-@@ -535,7 +547,7 @@ void do_coredump(const siginfo_t *siginfo)
+@@ -540,7 +547,7 @@ void do_coredump(const siginfo_t *siginfo)
need_nonrelative = true;
}
@@ -58713,7 +58745,7 @@ index e3ad709..836c55f 100644
if (retval < 0)
goto fail_creds;
-@@ -578,7 +590,7 @@ void do_coredump(const siginfo_t *siginfo)
+@@ -583,7 +590,7 @@ void do_coredump(const siginfo_t *siginfo)
}
cprm.limit = RLIM_INFINITY;
@@ -58722,7 +58754,7 @@ index e3ad709..836c55f 100644
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -610,6 +622,8 @@ void do_coredump(const siginfo_t *siginfo)
+@@ -615,6 +622,8 @@ void do_coredump(const siginfo_t *siginfo)
} else {
struct inode *inode;
@@ -58731,7 +58763,7 @@ index e3ad709..836c55f 100644
if (cprm.limit < binfmt->min_coredump)
goto fail_unlock;
-@@ -668,7 +682,7 @@ close_fail:
+@@ -673,7 +682,7 @@ close_fail:
filp_close(cprm.file, NULL);
fail_dropcount:
if (ispipe)
@@ -58740,7 +58772,7 @@ index e3ad709..836c55f 100644
fail_unlock:
kfree(cn.corename);
coredump_finish(mm, core_dumped);
-@@ -689,6 +703,8 @@ int dump_emit(struct coredump_params *cprm, const void *addr, int nr)
+@@ -694,6 +703,8 @@ int dump_emit(struct coredump_params *cprm, const void *addr, int nr)
struct file *file = cprm->file;
loff_t pos = file->f_pos;
ssize_t n;
@@ -58750,7 +58782,7 @@ index e3ad709..836c55f 100644
return 0;
while (nr) {
diff --git a/fs/dcache.c b/fs/dcache.c
-index ca02c13..7e2b581 100644
+index 7f3b400..9c911f2 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
@@ -58762,7 +58794,7 @@ index ca02c13..7e2b581 100644
if (!dname) {
kmem_cache_free(dentry_cache, dentry);
return NULL;
-@@ -3431,7 +3431,8 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3430,7 +3430,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -58815,7 +58847,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 3d78fcc..75b208f 100644
+index 31e46b1..f5c70a3 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,8 +55,20 @@
@@ -59306,7 +59338,7 @@ index 3d78fcc..75b208f 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1626,3 +1801,311 @@ asmlinkage long compat_sys_execve(const char __user * filename,
+@@ -1626,3 +1801,312 @@ asmlinkage long compat_sys_execve(const char __user * filename,
return compat_do_execve(getname(filename), argv, envp);
}
#endif
@@ -59561,9 +59593,10 @@ index 3d78fcc..75b208f 100644
+#endif
+
+#ifndef CONFIG_STACK_GROWSUP
-+ const void * stackstart = task_stack_page(current);
-+ if (unlikely(current_stack_pointer < stackstart + 512 ||
-+ current_stack_pointer >= stackstart + THREAD_SIZE))
++ unsigned long stackstart = (unsigned long)task_stack_page(current);
++ unsigned long currentsp = (unsigned long)&stackstart;
++ if (unlikely(currentsp < stackstart + 512 ||
++ currentsp >= stackstart + THREAD_SIZE))
+ BUG();
+#endif
+
@@ -61691,7 +61724,7 @@ index 39c0143..d54fad4 100644
unsigned long hash = init_name_hash();
unsigned int len = strlen(name);
diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
-index dbf397b..d624b48 100644
+index d29640b..32d2b6b 100644
--- a/fs/kernfs/file.c
+++ b/fs/kernfs/file.c
@@ -33,7 +33,7 @@ static DEFINE_MUTEX(kernfs_open_file_mutex);
@@ -61728,7 +61761,7 @@ index dbf397b..d624b48 100644
if (!of->vm_ops)
return -EINVAL;
-@@ -557,7 +557,7 @@ static int kernfs_get_open_node(struct kernfs_node *kn,
+@@ -559,7 +559,7 @@ static int kernfs_get_open_node(struct kernfs_node *kn,
return -ENOMEM;
atomic_set(&new_on->refcnt, 0);
@@ -61737,7 +61770,7 @@ index dbf397b..d624b48 100644
init_waitqueue_head(&new_on->poll);
INIT_LIST_HEAD(&new_on->files);
goto retry;
-@@ -754,7 +754,7 @@ static unsigned int kernfs_fop_poll(struct file *filp, poll_table *wait)
+@@ -756,7 +756,7 @@ static unsigned int kernfs_fop_poll(struct file *filp, poll_table *wait)
kernfs_put_active(kn);
@@ -61746,7 +61779,7 @@ index dbf397b..d624b48 100644
goto trigger;
return DEFAULT_POLLMASK;
-@@ -779,7 +779,7 @@ void kernfs_notify(struct kernfs_node *kn)
+@@ -781,7 +781,7 @@ void kernfs_notify(struct kernfs_node *kn)
if (!WARN_ON(kernfs_type(kn) != KERNFS_FILE)) {
on = kn->attr.open;
if (on) {
@@ -61871,7 +61904,7 @@ index b29e42f..5ea7fdf 100644
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index 4b491b4..a0166f9 100644
+index 4a3c105..0d718f4 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -330,16 +330,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -63321,7 +63354,7 @@ index 78fd0d0..f71fc09 100644
ret = -ERESTARTSYS;
goto err;
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
-index 9e363e4..d936d15 100644
+index 0855f77..6787d50 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -20,6 +20,7 @@
@@ -63332,7 +63365,7 @@ index 9e363e4..d936d15 100644
struct posix_acl **acl_by_type(struct inode *inode, int type)
{
-@@ -271,7 +272,7 @@ posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p)
+@@ -277,7 +278,7 @@ posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p)
}
}
if (mode_p)
@@ -63341,7 +63374,7 @@ index 9e363e4..d936d15 100644
return not_equiv;
}
EXPORT_SYMBOL(posix_acl_equiv_mode);
-@@ -421,7 +422,7 @@ static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p)
+@@ -427,7 +428,7 @@ static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p)
mode &= (group_obj->e_perm << 3) | ~S_IRWXG;
}
@@ -63350,7 +63383,7 @@ index 9e363e4..d936d15 100644
return not_equiv;
}
-@@ -479,6 +480,8 @@ __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)
+@@ -485,6 +486,8 @@ __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)
struct posix_acl *clone = posix_acl_clone(*acl, gfp);
int err = -ENOMEM;
if (clone) {
@@ -63359,7 +63392,7 @@ index 9e363e4..d936d15 100644
err = posix_acl_create_masq(clone, mode_p);
if (err < 0) {
posix_acl_release(clone);
-@@ -653,11 +656,12 @@ struct posix_acl *
+@@ -659,11 +662,12 @@ struct posix_acl *
posix_acl_from_xattr(struct user_namespace *user_ns,
const void *value, size_t size)
{
@@ -63374,7 +63407,7 @@ index 9e363e4..d936d15 100644
if (!value)
return NULL;
-@@ -683,12 +687,18 @@ posix_acl_from_xattr(struct user_namespace *user_ns,
+@@ -689,12 +693,18 @@ posix_acl_from_xattr(struct user_namespace *user_ns,
switch(acl_e->e_tag) {
case ACL_USER_OBJ:
@@ -63393,7 +63426,7 @@ index 9e363e4..d936d15 100644
acl_e->e_uid =
make_kuid(user_ns,
le32_to_cpu(entry->e_id));
-@@ -696,6 +706,7 @@ posix_acl_from_xattr(struct user_namespace *user_ns,
+@@ -702,6 +712,7 @@ posix_acl_from_xattr(struct user_namespace *user_ns,
goto fail;
break;
case ACL_GROUP:
@@ -65662,25 +65695,6 @@ index ee0d761..b346c58 100644
return PTR_ERR(kn);
}
-diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
-index 810cf6e..5fd2bf1 100644
---- a/fs/sysfs/file.c
-+++ b/fs/sysfs/file.c
-@@ -47,12 +47,13 @@ static int sysfs_kf_seq_show(struct seq_file *sf, void *v)
- ssize_t count;
- char *buf;
-
-- /* acquire buffer and ensure that it's >= PAGE_SIZE */
-+ /* acquire buffer and ensure that it's >= PAGE_SIZE and clear */
- count = seq_get_buf(sf, &buf);
- if (count < PAGE_SIZE) {
- seq_commit(sf, -1);
- return 0;
- }
-+ memset(buf, 0, PAGE_SIZE);
-
- /*
- * Invoke show(). Control may reach here via seq file lseek even
diff --git a/fs/sysv/sysv.h b/fs/sysv/sysv.h
index 69d4889..a810bd4 100644
--- a/fs/sysv/sysv.h
@@ -77314,6 +77328,19 @@ index b18ce4f..2ee2843 100644
+#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
+
#endif /* _ASM_GENERIC_ATOMIC64_H */
+diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h
+index 6f692f8..2ad9dd2 100644
+--- a/include/asm-generic/barrier.h
++++ b/include/asm-generic/barrier.h
+@@ -66,7 +66,7 @@
+ do { \
+ compiletime_assert_atomic_type(*p); \
+ smp_mb(); \
+- ACCESS_ONCE(*p) = (v); \
++ ACCESS_ONCE_RW(*p) = (v); \
+ } while (0)
+
+ #define smp_load_acquire(p) \
diff --git a/include/asm-generic/bitops/__fls.h b/include/asm-generic/bitops/__fls.h
index a60a7cc..0fe12f2 100644
--- a/include/asm-generic/bitops/__fls.h
@@ -78448,10 +78475,10 @@ index fd4aee2..1f28db9 100644
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
-index c5c92d5..6a5c2b2 100644
+index 0a5f552..6661a5a 100644
--- a/include/linux/dmaengine.h
+++ b/include/linux/dmaengine.h
-@@ -1150,9 +1150,9 @@ struct dma_pinned_list {
+@@ -1151,9 +1151,9 @@ struct dma_pinned_list {
struct dma_pinned_list *dma_pin_iovec_pages(struct iovec *iov, size_t len);
void dma_unpin_iovec_pages(struct dma_pinned_list* pinned_list);
@@ -80277,10 +80304,10 @@ index 6df7f9f..d0bf699 100644
.files = &init_files, \
.signal = &init_signals, \
diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h
-index a2678d3..e411b1b 100644
+index 203c43d..605836b 100644
--- a/include/linux/interrupt.h
+++ b/include/linux/interrupt.h
-@@ -373,8 +373,8 @@ extern const char * const softirq_to_name[NR_SOFTIRQS];
+@@ -411,8 +411,8 @@ extern const char * const softirq_to_name[NR_SOFTIRQS];
struct softirq_action
{
@@ -80291,7 +80318,7 @@ index a2678d3..e411b1b 100644
asmlinkage void do_softirq(void);
asmlinkage void __do_softirq(void);
-@@ -388,7 +388,7 @@ static inline void do_softirq_own_stack(void)
+@@ -426,7 +426,7 @@ static inline void do_softirq_own_stack(void)
}
#endif
@@ -80340,7 +80367,7 @@ index 35e7eca..6afb7ad 100644
extern struct ipc_namespace init_ipc_ns;
extern atomic_t nr_ipc_ns;
diff --git a/include/linux/irq.h b/include/linux/irq.h
-index 7dc1003..407327b 100644
+index ef1ac9f..e1db06c 100644
--- a/include/linux/irq.h
+++ b/include/linux/irq.h
@@ -338,7 +338,8 @@ struct irq_chip {
@@ -81417,6 +81444,36 @@ index 0000000..33f4af8
+};
+
+#endif
+diff --git a/include/linux/netlink.h b/include/linux/netlink.h
+index aad8eea..034cda7 100644
+--- a/include/linux/netlink.h
++++ b/include/linux/netlink.h
+@@ -16,9 +16,10 @@ static inline struct nlmsghdr *nlmsg_hdr(const struct sk_buff *skb)
+ }
+
+ enum netlink_skb_flags {
+- NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */
+- NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */
+- NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */
++ NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */
++ NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */
++ NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */
++ NETLINK_SKB_DST = 0x8, /* Dst set in sendto or sendmsg */
+ };
+
+ struct netlink_skb_parms {
+@@ -169,4 +170,11 @@ struct netlink_tap {
+ extern int netlink_add_tap(struct netlink_tap *nt);
+ extern int netlink_remove_tap(struct netlink_tap *nt);
+
++bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
++ struct user_namespace *ns, int cap);
++bool netlink_ns_capable(const struct sk_buff *skb,
++ struct user_namespace *ns, int cap);
++bool netlink_capable(const struct sk_buff *skb, int cap);
++bool netlink_net_capable(const struct sk_buff *skb, int cap);
++
+ #endif /* __LINUX_NETLINK_H */
diff --git a/include/linux/nls.h b/include/linux/nls.h
index 520681b..1d67ed2 100644
--- a/include/linux/nls.h
@@ -81508,6 +81565,37 @@ index 5f2e559..7d59314 100644
/**
* struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
+diff --git a/include/linux/percpu-refcount.h b/include/linux/percpu-refcount.h
+index 95961f0..0afb48f 100644
+--- a/include/linux/percpu-refcount.h
++++ b/include/linux/percpu-refcount.h
+@@ -110,7 +110,7 @@ static inline void percpu_ref_get(struct percpu_ref *ref)
+ pcpu_count = ACCESS_ONCE(ref->pcpu_count);
+
+ if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR))
+- __this_cpu_inc(*pcpu_count);
++ this_cpu_inc(*pcpu_count);
+ else
+ atomic_inc(&ref->count);
+
+@@ -139,7 +139,7 @@ static inline bool percpu_ref_tryget(struct percpu_ref *ref)
+ pcpu_count = ACCESS_ONCE(ref->pcpu_count);
+
+ if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) {
+- __this_cpu_inc(*pcpu_count);
++ this_cpu_inc(*pcpu_count);
+ ret = true;
+ }
+
+@@ -164,7 +164,7 @@ static inline void percpu_ref_put(struct percpu_ref *ref)
+ pcpu_count = ACCESS_ONCE(ref->pcpu_count);
+
+ if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR))
+- __this_cpu_dec(*pcpu_count);
++ this_cpu_dec(*pcpu_count);
+ else if (unlikely(atomic_dec_and_test(&ref->count)))
+ ref->release(ref);
+
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index e56b07f..aef789b 100644
--- a/include/linux/perf_event.h
@@ -83638,7 +83726,7 @@ index c55aeed..b3393f4 100644
/** inet_connection_sock - INET connection oriented sock
*
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
-index 6efe73c..fa94270 100644
+index 6efe73c..1a44af7 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -47,8 +47,8 @@ struct inet_peer {
@@ -83652,12 +83740,11 @@ index 6efe73c..fa94270 100644
};
struct rcu_head rcu;
struct inet_peer *gc_next;
-@@ -177,16 +177,13 @@ static inline void inet_peer_refcheck(const struct inet_peer *p)
+@@ -177,16 +177,9 @@ static inline void inet_peer_refcheck(const struct inet_peer *p)
/* can be called with or without local BH being disabled */
static inline int inet_getid(struct inet_peer *p, int more)
{
- int old, new;
-+ int id;
more++;
inet_peer_refcheck(p);
- do {
@@ -83667,10 +83754,7 @@ index 6efe73c..fa94270 100644
- new = 1;
- } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old);
- return new;
-+ id = atomic_add_return_unchecked(more, &p->ip_id_count);
-+ if (!id)
-+ id = atomic_inc_return_unchecked(&p->ip_id_count);
-+ return id;
++ return atomic_add_return_unchecked(more, &p->ip_id_count) - more;
}
#endif /* _NET_INETPEER_H */
@@ -83816,7 +83900,7 @@ index a61b98c..aade1eb 100644
int llc_sap_action_unitdata_ind(struct llc_sap *sap, struct sk_buff *skb);
int llc_sap_action_send_ui(struct llc_sap *sap, struct sk_buff *skb);
diff --git a/include/net/llc_s_st.h b/include/net/llc_s_st.h
-index 567c681..cd73ac0 100644
+index 567c681..cd73ac02 100644
--- a/include/net/llc_s_st.h
+++ b/include/net/llc_s_st.h
@@ -20,7 +20,7 @@ struct llc_sap_state_trans {
@@ -85668,10 +85752,68 @@ index d5f31c1..06646e1 100644
s.version = AUDIT_VERSION_LATEST;
s.backlog_wait_time = audit_backlog_wait_time;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 3b29605..f6c85d0 100644
+index 3b29605..3604797 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -1945,7 +1945,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
+@@ -720,6 +720,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
+ return AUDIT_BUILD_CONTEXT;
+ }
+
++static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
++{
++ int word, bit;
++
++ if (val > 0xffffffff)
++ return false;
++
++ word = AUDIT_WORD(val);
++ if (word >= AUDIT_BITMASK_SIZE)
++ return false;
++
++ bit = AUDIT_BIT(val);
++
++ return rule->mask[word] & bit;
++}
++
+ /* At syscall entry and exit time, this filter is called if the
+ * audit_state is not low enough that auditing cannot take place, but is
+ * also not high enough that we already know we have to write an audit
+@@ -737,11 +753,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
+
+ rcu_read_lock();
+ if (!list_empty(list)) {
+- int word = AUDIT_WORD(ctx->major);
+- int bit = AUDIT_BIT(ctx->major);
+-
+ list_for_each_entry_rcu(e, list, list) {
+- if ((e->rule.mask[word] & bit) == bit &&
++ if (audit_in_mask(&e->rule, ctx->major) &&
+ audit_filter_rules(tsk, &e->rule, ctx, NULL,
+ &state, false)) {
+ rcu_read_unlock();
+@@ -761,20 +774,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
+ static int audit_filter_inode_name(struct task_struct *tsk,
+ struct audit_names *n,
+ struct audit_context *ctx) {
+- int word, bit;
+ int h = audit_hash_ino((u32)n->ino);
+ struct list_head *list = &audit_inode_hash[h];
+ struct audit_entry *e;
+ enum audit_state state;
+
+- word = AUDIT_WORD(ctx->major);
+- bit = AUDIT_BIT(ctx->major);
+-
+ if (list_empty(list))
+ return 0;
+
+ list_for_each_entry_rcu(e, list, list) {
+- if ((e->rule.mask[word] & bit) == bit &&
++ if (audit_in_mask(&e->rule, ctx->major) &&
+ audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
+ ctx->current_state = state;
+ return 1;
+@@ -1945,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
}
/* global counter which is incremented every time something logs in */
@@ -85680,7 +85822,7 @@ index 3b29605..f6c85d0 100644
static int audit_set_loginuid_perm(kuid_t loginuid)
{
-@@ -2014,7 +2014,7 @@ int audit_set_loginuid(kuid_t loginuid)
+@@ -2014,7 +2023,7 @@ int audit_set_loginuid(kuid_t loginuid)
/* are we setting or clearing? */
if (uid_valid(loginuid))
@@ -86824,7 +86966,7 @@ index a17621c..d9e4b37 100644
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index 6801b37..bb6becca 100644
+index e3087af..8e3b90f 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -54,6 +54,7 @@
@@ -86835,6 +86977,24 @@ index 6801b37..bb6becca 100644
#include <linux/signal.h>
#include <linux/export.h>
#include <linux/magic.h>
+@@ -188,7 +189,7 @@ struct futex_pi_state {
+ atomic_t refcount;
+
+ union futex_key key;
+-};
++} __randomize_layout;
+
+ /**
+ * struct futex_q - The hashed futex queue entry, one per waiting task
+@@ -222,7 +223,7 @@ struct futex_q {
+ struct rt_mutex_waiter *rt_waiter;
+ union futex_key *requeue_pi_key;
+ u32 bitset;
+-};
++} __randomize_layout;
+
+ static const struct futex_q futex_q_init = {
+ /* list gets initialized in queue_me()*/
@@ -380,6 +381,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
struct page *page, *page_head;
int err, ro = 0;
@@ -86856,7 +87016,7 @@ index 6801b37..bb6becca 100644
pagefault_disable();
ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
-@@ -2886,6 +2892,7 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3019,6 +3025,7 @@ static void __init futex_detect_cmpxchg(void)
{
#ifndef CONFIG_HAVE_FUTEX_CMPXCHG
u32 curval;
@@ -86864,7 +87024,7 @@ index 6801b37..bb6becca 100644
/*
* This will fail and we want it. Some arch implementations do
-@@ -2897,8 +2904,11 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3030,8 +3037,11 @@ static void __init futex_detect_cmpxchg(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
@@ -86915,10 +87075,10 @@ index f45b75b..bfac6d5 100644
if (gcov_events_enabled)
gcov_event(GCOV_REMOVE, info);
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
-index 0909436..6037d22 100644
+index 04d0374..e7c3725 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
-@@ -1439,7 +1439,7 @@ void hrtimer_peek_ahead_timers(void)
+@@ -1461,7 +1461,7 @@ void hrtimer_peek_ahead_timers(void)
local_irq_restore(flags);
}
@@ -87113,7 +87273,7 @@ index e30ac0f..3528cac 100644
/*
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 60bafbe..a120f4f 100644
+index 18ff0b9..40b0eab 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -1045,7 +1045,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
@@ -87667,7 +87827,7 @@ index 1d96dd0..994ff19 100644
default:
diff --git a/kernel/module.c b/kernel/module.c
-index d24fcf2..2af3fd9 100644
+index 6716a1f..9ddc1e1 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -61,6 +61,7 @@
@@ -87715,7 +87875,7 @@ index d24fcf2..2af3fd9 100644
pr_warn("%s: per-cpu alignment %li > %li\n",
mod->name, align, PAGE_SIZE);
align = PAGE_SIZE;
-@@ -1062,7 +1064,7 @@ struct module_attribute module_uevent =
+@@ -1059,7 +1061,7 @@ struct module_attribute module_uevent =
static ssize_t show_coresize(struct module_attribute *mattr,
struct module_kobject *mk, char *buffer)
{
@@ -87724,7 +87884,7 @@ index d24fcf2..2af3fd9 100644
}
static struct module_attribute modinfo_coresize =
-@@ -1071,7 +1073,7 @@ static struct module_attribute modinfo_coresize =
+@@ -1068,7 +1070,7 @@ static struct module_attribute modinfo_coresize =
static ssize_t show_initsize(struct module_attribute *mattr,
struct module_kobject *mk, char *buffer)
{
@@ -87733,7 +87893,7 @@ index d24fcf2..2af3fd9 100644
}
static struct module_attribute modinfo_initsize =
-@@ -1163,12 +1165,29 @@ static int check_version(Elf_Shdr *sechdrs,
+@@ -1160,12 +1162,29 @@ static int check_version(Elf_Shdr *sechdrs,
goto bad_version;
}
@@ -87763,7 +87923,7 @@ index d24fcf2..2af3fd9 100644
return 0;
}
-@@ -1284,7 +1303,7 @@ resolve_symbol_wait(struct module *mod,
+@@ -1281,7 +1300,7 @@ resolve_symbol_wait(struct module *mod,
*/
#ifdef CONFIG_SYSFS
@@ -87772,7 +87932,7 @@ index d24fcf2..2af3fd9 100644
static inline bool sect_empty(const Elf_Shdr *sect)
{
return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
-@@ -1424,7 +1443,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info)
+@@ -1421,7 +1440,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info)
{
unsigned int notes, loaded, i;
struct module_notes_attrs *notes_attrs;
@@ -87781,7 +87941,7 @@ index d24fcf2..2af3fd9 100644
/* failed to create section attributes, so can't create notes */
if (!mod->sect_attrs)
-@@ -1536,7 +1555,7 @@ static void del_usage_links(struct module *mod)
+@@ -1533,7 +1552,7 @@ static void del_usage_links(struct module *mod)
static int module_add_modinfo_attrs(struct module *mod)
{
struct module_attribute *attr;
@@ -87790,7 +87950,7 @@ index d24fcf2..2af3fd9 100644
int error = 0;
int i;
-@@ -1757,21 +1776,21 @@ static void set_section_ro_nx(void *base,
+@@ -1754,21 +1773,21 @@ static void set_section_ro_nx(void *base,
static void unset_module_core_ro_nx(struct module *mod)
{
@@ -87820,7 +87980,7 @@ index d24fcf2..2af3fd9 100644
set_memory_rw);
}
-@@ -1784,14 +1803,14 @@ void set_all_modules_text_rw(void)
+@@ -1781,14 +1800,14 @@ void set_all_modules_text_rw(void)
list_for_each_entry_rcu(mod, &modules, list) {
if (mod->state == MODULE_STATE_UNFORMED)
continue;
@@ -87841,7 +88001,7 @@ index d24fcf2..2af3fd9 100644
set_memory_rw);
}
}
-@@ -1807,14 +1826,14 @@ void set_all_modules_text_ro(void)
+@@ -1804,14 +1823,14 @@ void set_all_modules_text_ro(void)
list_for_each_entry_rcu(mod, &modules, list) {
if (mod->state == MODULE_STATE_UNFORMED)
continue;
@@ -87862,7 +88022,7 @@ index d24fcf2..2af3fd9 100644
set_memory_ro);
}
}
-@@ -1865,16 +1884,19 @@ static void free_module(struct module *mod)
+@@ -1862,16 +1881,19 @@ static void free_module(struct module *mod)
/* This may be NULL, but that's OK */
unset_module_init_ro_nx(mod);
@@ -87885,7 +88045,7 @@ index d24fcf2..2af3fd9 100644
#ifdef CONFIG_MPU
update_protections(current->mm);
-@@ -1943,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1940,9 +1962,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
int ret = 0;
const struct kernel_symbol *ksym;
@@ -87917,7 +88077,7 @@ index d24fcf2..2af3fd9 100644
switch (sym[i].st_shndx) {
case SHN_COMMON:
/* We compiled with -fno-common. These are not
-@@ -1966,7 +2010,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1963,7 +2007,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
ksym = resolve_symbol_wait(mod, info, name);
/* Ok if resolved. */
if (ksym && !IS_ERR(ksym)) {
@@ -87927,7 +88087,7 @@ index d24fcf2..2af3fd9 100644
break;
}
-@@ -1985,11 +2031,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1982,11 +2028,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
secbase = (unsigned long)mod_percpu(mod);
else
secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
@@ -87948,7 +88108,7 @@ index d24fcf2..2af3fd9 100644
return ret;
}
-@@ -2073,22 +2128,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2070,22 +2125,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| strstarts(sname, ".init"))
continue;
@@ -87975,7 +88135,7 @@ index d24fcf2..2af3fd9 100644
}
pr_debug("Init section allocation order:\n");
-@@ -2102,23 +2147,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2099,23 +2144,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| !strstarts(sname, ".init"))
continue;
@@ -88004,7 +88164,7 @@ index d24fcf2..2af3fd9 100644
}
}
-@@ -2291,7 +2326,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2288,7 +2323,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
/* Put symbol section at end of init part of module. */
symsect->sh_flags |= SHF_ALLOC;
@@ -88013,7 +88173,7 @@ index d24fcf2..2af3fd9 100644
info->index.sym) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
-@@ -2308,13 +2343,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2305,13 +2340,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
}
/* Append room for core symbols at end of core part. */
@@ -88031,7 +88191,7 @@ index d24fcf2..2af3fd9 100644
info->index.str) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
}
-@@ -2332,12 +2367,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2329,12 +2364,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
/* Make sure we get permanent strtab: don't use info->strtab. */
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
@@ -88048,7 +88208,7 @@ index d24fcf2..2af3fd9 100644
src = mod->symtab;
for (ndst = i = 0; i < mod->num_symtab; i++) {
if (i == 0 ||
-@@ -2349,6 +2386,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2346,6 +2383,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
}
}
mod->core_num_syms = ndst;
@@ -88057,7 +88217,7 @@ index d24fcf2..2af3fd9 100644
}
#else
static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2382,17 +2421,33 @@ void * __weak module_alloc(unsigned long size)
+@@ -2379,17 +2418,33 @@ void * __weak module_alloc(unsigned long size)
return vmalloc_exec(size);
}
@@ -88096,7 +88256,7 @@ index d24fcf2..2af3fd9 100644
mutex_unlock(&module_mutex);
}
return ret;
-@@ -2649,7 +2704,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2646,7 +2701,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
mod = (void *)info->sechdrs[info->index.mod].sh_addr;
if (info->index.sym == 0) {
@@ -88112,7 +88272,7 @@ index d24fcf2..2af3fd9 100644
return ERR_PTR(-ENOEXEC);
}
-@@ -2665,8 +2728,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2662,8 +2725,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
const char *modmagic = get_modinfo(info, "vermagic");
@@ -88127,7 +88287,7 @@ index d24fcf2..2af3fd9 100644
if (flags & MODULE_INIT_IGNORE_VERMAGIC)
modmagic = NULL;
-@@ -2691,7 +2760,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+@@ -2688,7 +2757,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
}
/* Set up license info based on the info section */
@@ -88136,7 +88296,7 @@ index d24fcf2..2af3fd9 100644
return 0;
}
-@@ -2785,7 +2854,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2782,7 +2851,7 @@ static int move_module(struct module *mod, struct load_info *info)
void *ptr;
/* Do the allocs. */
@@ -88145,7 +88305,7 @@ index d24fcf2..2af3fd9 100644
/*
* The pointer to this block is stored in the module structure
* which is inside the block. Just mark it as not being a
-@@ -2795,11 +2864,11 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2792,11 +2861,11 @@ static int move_module(struct module *mod, struct load_info *info)
if (!ptr)
return -ENOMEM;
@@ -88161,7 +88321,7 @@ index d24fcf2..2af3fd9 100644
/*
* The pointer to this block is stored in the module structure
* which is inside the block. This block doesn't need to be
-@@ -2808,13 +2877,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2805,13 +2874,45 @@ static int move_module(struct module *mod, struct load_info *info)
*/
kmemleak_ignore(ptr);
if (!ptr) {
@@ -88211,7 +88371,7 @@ index d24fcf2..2af3fd9 100644
/* Transfer each section which specifies SHF_ALLOC */
pr_debug("final section addresses:\n");
-@@ -2825,16 +2926,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2822,16 +2923,45 @@ static int move_module(struct module *mod, struct load_info *info)
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
@@ -88264,7 +88424,7 @@ index d24fcf2..2af3fd9 100644
pr_debug("\t0x%lx %s\n",
(long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
-@@ -2891,12 +3021,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2888,12 +3018,12 @@ static void flush_module_icache(const struct module *mod)
* Do it before processing of module parameters, so the module
* can provide parameter accessor functions of its own.
*/
@@ -88283,7 +88443,7 @@ index d24fcf2..2af3fd9 100644
set_fs(old_fs);
}
-@@ -2953,8 +3083,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
+@@ -2950,8 +3080,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
static void module_deallocate(struct module *mod, struct load_info *info)
{
percpu_modfree(mod);
@@ -88296,7 +88456,7 @@ index d24fcf2..2af3fd9 100644
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -2967,7 +3099,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -2964,7 +3096,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
static int post_relocation(struct module *mod, const struct load_info *info)
{
/* Sort exception table now relocations are done. */
@@ -88306,7 +88466,7 @@ index d24fcf2..2af3fd9 100644
/* Copy relocated percpu area over. */
percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
-@@ -3021,16 +3155,16 @@ static int do_init_module(struct module *mod)
+@@ -3018,16 +3152,16 @@ static int do_init_module(struct module *mod)
MODULE_STATE_COMING, mod);
/* Set RO and NX regions for core */
@@ -88331,7 +88491,7 @@ index d24fcf2..2af3fd9 100644
do_mod_ctors(mod);
/* Start the module */
-@@ -3091,11 +3225,12 @@ static int do_init_module(struct module *mod)
+@@ -3088,11 +3222,12 @@ static int do_init_module(struct module *mod)
mod->strtab = mod->core_strtab;
#endif
unset_module_init_ro_nx(mod);
@@ -88349,7 +88509,7 @@ index d24fcf2..2af3fd9 100644
mutex_unlock(&module_mutex);
wake_up_all(&module_wq);
-@@ -3238,9 +3373,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3235,9 +3370,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
if (err)
goto free_unload;
@@ -88388,7 +88548,7 @@ index d24fcf2..2af3fd9 100644
/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(mod, info);
if (err < 0)
-@@ -3256,13 +3420,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3253,13 +3417,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
flush_module_icache(mod);
@@ -88401,7 +88561,7 @@ index d24fcf2..2af3fd9 100644
-
dynamic_debug_setup(info->debug, info->num_debug);
- /* Finally it's fully formed, ready to start executing. */
+ /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */
@@ -3297,11 +3454,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
ddebug_cleanup:
dynamic_debug_remove(info->debug);
@@ -90921,7 +91081,7 @@ index 1fb08f2..ca4bb1e 100644
return -ENOMEM;
return 0;
diff --git a/kernel/timer.c b/kernel/timer.c
-index accfd24..e00f0c0 100644
+index 38f0d40..96b2ebf 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
@@ -1366,7 +1366,7 @@ void update_process_times(int user_tick)
@@ -90974,7 +91134,7 @@ index 4f3a3c03..04b7886 100644
ret = -EIO;
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index cd7f76d..553c805 100644
+index 868633e..921dc41 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1965,12 +1965,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
@@ -91008,7 +91168,7 @@ index cd7f76d..553c805 100644
start_pg = ftrace_allocate_pages(count);
if (!start_pg)
-@@ -4909,8 +4916,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
+@@ -4890,8 +4897,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
static int ftrace_graph_active;
@@ -91017,7 +91177,7 @@ index cd7f76d..553c805 100644
int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace)
{
return 0;
-@@ -5086,6 +5091,10 @@ static void update_function_graph_func(void)
+@@ -5067,6 +5072,10 @@ static void update_function_graph_func(void)
ftrace_graph_entry = ftrace_graph_entry_test;
}
@@ -91028,7 +91188,7 @@ index cd7f76d..553c805 100644
int register_ftrace_graph(trace_func_graph_ret_t retfunc,
trace_func_graph_ent_t entryfunc)
{
-@@ -5099,7 +5108,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
+@@ -5080,7 +5089,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
goto out;
}
@@ -91521,10 +91681,10 @@ index 4431610..4265616 100644
.thread_should_run = watchdog_should_run,
.thread_fn = watchdog,
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
-index 193e977..26dd63f 100644
+index b6a3941..b68f191 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
-@@ -4678,7 +4678,7 @@ static void rebind_workers(struct worker_pool *pool)
+@@ -4702,7 +4702,7 @@ static void rebind_workers(struct worker_pool *pool)
WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
worker_flags |= WORKER_REBOUND;
worker_flags &= ~WORKER_UNBOUND;
@@ -92745,7 +92905,7 @@ index 539eeb9..e24a987 100644
if (end == start)
return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 90002ea..db1452d 100644
+index 66586bb..73ab487 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -92784,16 +92944,16 @@ index 90002ea..db1452d 100644
/*
* We need/can do nothing about count=0 pages.
-@@ -1092,7 +1092,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
- if (!PageHWPoison(hpage)
- || (hwpoison_filter(p) && TestClearPageHWPoison(p))
- || (p != hpage && TestSetPageHWPoison(hpage))) {
-- atomic_long_sub(nr_pages, &num_poisoned_pages);
-+ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages);
- return 0;
- }
- set_page_hwpoison_huge_page(hpage);
-@@ -1161,7 +1161,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1091,7 +1091,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+ if (PageHWPoison(hpage)) {
+ if ((hwpoison_filter(p) && TestClearPageHWPoison(p))
+ || (p != hpage && TestSetPageHWPoison(hpage))) {
+- atomic_long_sub(nr_pages, &num_poisoned_pages);
++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages);
+ unlock_page(hpage);
+ return 0;
+ }
+@@ -1162,7 +1162,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
}
if (hwpoison_filter(p)) {
if (TestClearPageHWPoison(p))
@@ -92802,7 +92962,7 @@ index 90002ea..db1452d 100644
unlock_page(hpage);
put_page(hpage);
return 0;
-@@ -1383,7 +1383,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1384,7 +1384,7 @@ int unpoison_memory(unsigned long pfn)
return 0;
}
if (TestClearPageHWPoison(p))
@@ -92811,7 +92971,7 @@ index 90002ea..db1452d 100644
pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
return 0;
}
-@@ -1397,7 +1397,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1398,7 +1398,7 @@ int unpoison_memory(unsigned long pfn)
*/
if (TestClearPageHWPoison(page)) {
pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
@@ -92820,7 +92980,7 @@ index 90002ea..db1452d 100644
freeit = 1;
if (PageHuge(page))
clear_page_hwpoison_huge_page(page);
-@@ -1522,11 +1522,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
+@@ -1523,11 +1523,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -92834,7 +92994,7 @@ index 90002ea..db1452d 100644
}
}
return ret;
-@@ -1565,7 +1565,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1566,7 +1566,7 @@ static int __soft_offline_page(struct page *page, int flags)
put_page(page);
pr_info("soft_offline: %#lx: invalidated\n", pfn);
SetPageHWPoison(page);
@@ -92843,7 +93003,7 @@ index 90002ea..db1452d 100644
return 0;
}
-@@ -1616,7 +1616,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1617,7 +1617,7 @@ static int __soft_offline_page(struct page *page, int flags)
if (!is_free_buddy_page(page))
pr_info("soft offline: %#lx: page leaked\n",
pfn);
@@ -92852,7 +93012,7 @@ index 90002ea..db1452d 100644
}
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1690,11 +1690,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1691,11 +1691,11 @@ int soft_offline_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -92867,7 +93027,7 @@ index 90002ea..db1452d 100644
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index 22dfa61..90d7ec5 100644
+index 49e930f..90d7ec5 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -92960,25 +93120,7 @@ index 22dfa61..90d7ec5 100644
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -1929,12 +1924,17 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm,
- unsigned long address, unsigned int fault_flags)
- {
- struct vm_area_struct *vma;
-+ vm_flags_t vm_flags;
- int ret;
-
- vma = find_extend_vma(mm, address);
- if (!vma || address < vma->vm_start)
- return -EFAULT;
-
-+ vm_flags = (fault_flags & FAULT_FLAG_WRITE) ? VM_WRITE : VM_READ;
-+ if (!(vm_flags & vma->vm_flags))
-+ return -EFAULT;
-+
- ret = handle_mm_fault(mm, vma, address, fault_flags);
- if (ret & VM_FAULT_ERROR) {
- if (ret & VM_FAULT_OOM)
-@@ -2100,6 +2100,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2105,6 +2100,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
@@ -92989,7 +93131,7 @@ index 22dfa61..90d7ec5 100644
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2144,9 +2148,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2149,9 +2148,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
if (!page_count(page))
return -EINVAL;
if (!(vma->vm_flags & VM_MIXEDMAP)) {
@@ -93011,7 +93153,7 @@ index 22dfa61..90d7ec5 100644
}
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2229,6 +2245,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2234,6 +2245,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -93019,7 +93161,7 @@ index 22dfa61..90d7ec5 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2476,7 +2493,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -2481,7 +2493,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
@@ -93030,7 +93172,7 @@ index 22dfa61..90d7ec5 100644
if (!pmd)
return -ENOMEM;
do {
-@@ -2496,7 +2515,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -2501,7 +2515,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
@@ -93041,7 +93183,7 @@ index 22dfa61..90d7ec5 100644
if (!pud)
return -ENOMEM;
do {
-@@ -2586,6 +2607,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2591,6 +2607,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
@@ -93228,7 +93370,7 @@ index 22dfa61..90d7ec5 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2810,6 +3011,12 @@ gotten:
+@@ -2815,6 +3011,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -93241,7 +93383,7 @@ index 22dfa61..90d7ec5 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2861,6 +3068,10 @@ gotten:
+@@ -2866,6 +3068,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -93252,7 +93394,7 @@ index 22dfa61..90d7ec5 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -3138,6 +3349,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3143,6 +3349,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -93264,7 +93406,7 @@ index 22dfa61..90d7ec5 100644
unlock_page(page);
if (page != swapcache) {
/*
-@@ -3161,6 +3377,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3166,6 +3377,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -93276,7 +93418,7 @@ index 22dfa61..90d7ec5 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -3180,40 +3401,6 @@ out_release:
+@@ -3185,40 +3401,6 @@ out_release:
}
/*
@@ -93317,7 +93459,7 @@ index 22dfa61..90d7ec5 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3222,27 +3409,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3227,27 +3409,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -93350,7 +93492,7 @@ index 22dfa61..90d7ec5 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3266,6 +3449,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3271,6 +3449,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -93362,7 +93504,7 @@ index 22dfa61..90d7ec5 100644
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -3273,6 +3461,12 @@ setpte:
+@@ -3278,6 +3461,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -93375,7 +93517,7 @@ index 22dfa61..90d7ec5 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -3417,6 +3611,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3422,6 +3611,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -93388,7 +93530,7 @@ index 22dfa61..90d7ec5 100644
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -3438,6 +3638,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3443,6 +3638,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, page_table);
@@ -93403,7 +93545,7 @@ index 22dfa61..90d7ec5 100644
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3685,6 +3893,12 @@ static int handle_pte_fault(struct mm_struct *mm,
+@@ -3690,6 +3893,12 @@ static int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -93416,7 +93558,7 @@ index 22dfa61..90d7ec5 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3701,9 +3915,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3706,9 +3915,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -93458,7 +93600,7 @@ index 22dfa61..90d7ec5 100644
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3834,6 +4080,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3839,6 +4080,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -93482,7 +93624,7 @@ index 22dfa61..90d7ec5 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3864,6 +4127,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3869,6 +4127,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -93513,7 +93655,7 @@ index 22dfa61..90d7ec5 100644
#endif /* __PAGETABLE_PMD_FOLDED */
#if !defined(__HAVE_ARCH_GATE_AREA)
-@@ -3877,7 +4164,7 @@ static int __init gate_vma_init(void)
+@@ -3882,7 +4164,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -93522,7 +93664,7 @@ index 22dfa61..90d7ec5 100644
return 0;
}
-@@ -4011,8 +4298,8 @@ out:
+@@ -4016,8 +4298,8 @@ out:
return ret;
}
@@ -93533,7 +93675,7 @@ index 22dfa61..90d7ec5 100644
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -4038,8 +4325,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
+@@ -4043,8 +4325,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
@@ -93544,7 +93686,7 @@ index 22dfa61..90d7ec5 100644
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -4047,7 +4334,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4052,7 +4334,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
@@ -93553,7 +93695,7 @@ index 22dfa61..90d7ec5 100644
void *maddr;
struct page *page = NULL;
-@@ -4106,8 +4393,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4111,8 +4393,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -93564,7 +93706,7 @@ index 22dfa61..90d7ec5 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -4117,11 +4404,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4122,11 +4404,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
@@ -95224,7 +95366,7 @@ index 769a67a..414d24f 100644
if (nstart < prev->vm_end)
diff --git a/mm/mremap.c b/mm/mremap.c
-index 0843feb..c3cde48 100644
+index 05f1180..c3cde48 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -144,6 +144,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
@@ -95240,26 +95382,7 @@ index 0843feb..c3cde48 100644
pte = move_soft_dirty_pte(pte);
set_pte_at(mm, new_addr, new_pte, pte);
}
-@@ -194,10 +200,17 @@ unsigned long move_page_tables(struct vm_area_struct *vma,
- break;
- if (pmd_trans_huge(*old_pmd)) {
- int err = 0;
-- if (extent == HPAGE_PMD_SIZE)
-+ if (extent == HPAGE_PMD_SIZE) {
-+ VM_BUG_ON(vma->vm_file || !vma->anon_vma);
-+ /* See comment in move_ptes() */
-+ if (need_rmap_locks)
-+ anon_vma_lock_write(vma->anon_vma);
- err = move_huge_pmd(vma, new_vma, old_addr,
- new_addr, old_end,
- old_pmd, new_pmd);
-+ if (need_rmap_locks)
-+ anon_vma_unlock_write(vma->anon_vma);
-+ }
- if (err > 0) {
- need_flush = true;
- continue;
-@@ -337,6 +350,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
+@@ -344,6 +350,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
if (is_vm_hugetlb_page(vma))
goto Einval;
@@ -95271,7 +95394,7 @@ index 0843feb..c3cde48 100644
/* We can't remap across vm area boundaries */
if (old_len > vma->vm_end - addr)
goto Efault;
-@@ -392,20 +410,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len,
+@@ -399,20 +410,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len,
unsigned long ret = -EINVAL;
unsigned long charged = 0;
unsigned long map_flags;
@@ -95302,7 +95425,7 @@ index 0843feb..c3cde48 100644
goto out;
ret = do_munmap(mm, new_addr, new_len);
-@@ -474,6 +497,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -481,6 +497,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
unsigned long ret = -EINVAL;
unsigned long charged = 0;
bool locked = false;
@@ -95310,7 +95433,7 @@ index 0843feb..c3cde48 100644
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
return ret;
-@@ -495,6 +519,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -502,6 +519,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
if (!new_len)
return ret;
@@ -95328,7 +95451,7 @@ index 0843feb..c3cde48 100644
down_write(&current->mm->mmap_sem);
if (flags & MREMAP_FIXED) {
-@@ -545,6 +580,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -552,6 +580,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
new_addr = addr;
}
ret = addr;
@@ -95336,7 +95459,7 @@ index 0843feb..c3cde48 100644
goto out;
}
}
-@@ -568,7 +604,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -575,7 +604,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
goto out;
}
@@ -95417,10 +95540,10 @@ index 8740213..f87e25b 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 7106cb1..0805f48 100644
+index 8f6daa6..1f8587c 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
-@@ -685,7 +685,7 @@ static inline long long pos_ratio_polynom(unsigned long setpoint,
+@@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
* card's bdi_dirty may rush to many times higher than bdi_setpoint.
* - the bdi dirty thresh drops quickly due to change of JBOD workload
*/
@@ -95555,7 +95678,7 @@ index 7c59ef6..1358905 100644
};
diff --git a/mm/percpu.c b/mm/percpu.c
-index 036cfe0..980d0fa 100644
+index a2a54a8..43ecb68 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
@@ -95619,7 +95742,7 @@ index fd26d04..0cea1b0 100644
if (!mm || IS_ERR(mm)) {
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index d3cbac5..0788da4 100644
+index d3cbac5..3784601 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
@@ -95721,6 +95844,18 @@ index d3cbac5..0788da4 100644
}
/*
+@@ -1554,10 +1590,9 @@ void __put_anon_vma(struct anon_vma *anon_vma)
+ {
+ struct anon_vma *root = anon_vma->root;
+
++ anon_vma_free(anon_vma);
+ if (root != anon_vma && atomic_dec_and_test(&root->refcount))
+ anon_vma_free(root);
+-
+- anon_vma_free(anon_vma);
+ }
+
+ static struct anon_vma *rmap_walk_anon_lock(struct page *page,
diff --git a/mm/shmem.c b/mm/shmem.c
index 1f18c9d..3e03d33 100644
--- a/mm/shmem.c
@@ -97864,7 +97999,7 @@ index b543470..d2ddae2 100644
if (!can_dir) {
printk(KERN_INFO "can: failed to create /proc/net/can . "
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
-index 30efc5c..cfa1bbc 100644
+index 988721a..947846d 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con);
@@ -100377,7 +100512,7 @@ index 767ab8d..c5ec70a 100644
return -ENOMEM;
}
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
-index 827f795..7e28e82 100644
+index 827f795..bdff9eb 100644
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -9,8 +9,8 @@
@@ -100391,7 +100526,7 @@ index 827f795..7e28e82 100644
#if IS_ENABLED(CONFIG_IPV6)
if (rt && !(rt->dst.flags & DST_NOPEER)) {
-@@ -26,13 +26,10 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
+@@ -26,13 +26,8 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
}
}
#endif
@@ -100403,8 +100538,6 @@ index 827f795..7e28e82 100644
- } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old);
- fhdr->identification = htonl(new);
+ id = atomic_inc_return_unchecked(&ipv6_fragmentation_id);
-+ if (!id)
-+ id = atomic_inc_return_unchecked(&ipv6_fragmentation_id);
+ fhdr->identification = htonl(id);
}
EXPORT_SYMBOL(ipv6_select_ident);
@@ -100950,7 +101083,7 @@ index b9ac598..f88cc56 100644
return;
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index c4b7218..3e83259 100644
+index c4b7218..c7e9f14 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -773,10 +773,10 @@ static int iucv_sock_autobind(struct sock *sk)
@@ -100966,6 +101099,15 @@ index c4b7218..3e83259 100644
}
write_unlock_bh(&iucv_sk_list.lock);
+@@ -1829,7 +1829,7 @@ static void iucv_callback_txdone(struct iucv_path *path,
+ spin_lock_irqsave(&list->lock, flags);
+
+ while (list_skb != (struct sk_buff *)list) {
+- if (msg->tag != IUCV_SKB_CB(list_skb)->tag) {
++ if (msg->tag == IUCV_SKB_CB(list_skb)->tag) {
+ this = list_skb;
+ break;
+ }
diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
index cd5b8ec..f205e6b 100644
--- a/net/iucv/iucv.c
@@ -101065,7 +101207,7 @@ index 453e974..b3a43a5 100644
if (local->use_chanctx)
*chandef = local->monitor_chandef;
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 6bd4984..d8805c5 100644
+index b127902..9dc4947 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -28,6 +28,7 @@
@@ -101076,7 +101218,7 @@ index 6bd4984..d8805c5 100644
#include "key.h"
#include "sta_info.h"
#include "debug.h"
-@@ -994,7 +995,7 @@ struct ieee80211_local {
+@@ -995,7 +996,7 @@ struct ieee80211_local {
/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
spinlock_t queue_stop_reason_lock;
@@ -101232,7 +101374,7 @@ index 6ff1346..936ca9a 100644
return p;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
-index b8700d4..89086d5 100644
+index 6427625..afa5a5a 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1483,7 +1483,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
@@ -101849,7 +101991,7 @@ index 11de55e..f25e448 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 04748ab6..ca8f86f 100644
+index 04748ab6..c72ef1f 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk)
@@ -101861,7 +102003,137 @@ index 04748ab6..ca8f86f 100644
}
static void netlink_rcv_wake(struct sock *sk)
-@@ -2933,7 +2933,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -1360,7 +1360,74 @@ retry:
+ return err;
+ }
+
+-static inline int netlink_capable(const struct socket *sock, unsigned int flag)
++/**
++ * __netlink_ns_capable - General netlink message capability test
++ * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace.
++ * @user_ns: The user namespace of the capability to use
++ * @cap: The capability to use
++ *
++ * Test to see if the opener of the socket we received the message
++ * from had when the netlink socket was created and the sender of the
++ * message has has the capability @cap in the user namespace @user_ns.
++ */
++bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
++ struct user_namespace *user_ns, int cap)
++{
++ return ((nsp->flags & NETLINK_SKB_DST) ||
++ file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) &&
++ ns_capable(user_ns, cap);
++}
++EXPORT_SYMBOL(__netlink_ns_capable);
++
++/**
++ * netlink_ns_capable - General netlink message capability test
++ * @skb: socket buffer holding a netlink command from userspace
++ * @user_ns: The user namespace of the capability to use
++ * @cap: The capability to use
++ *
++ * Test to see if the opener of the socket we received the message
++ * from had when the netlink socket was created and the sender of the
++ * message has has the capability @cap in the user namespace @user_ns.
++ */
++bool netlink_ns_capable(const struct sk_buff *skb,
++ struct user_namespace *user_ns, int cap)
++{
++ return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap);
++}
++EXPORT_SYMBOL(netlink_ns_capable);
++
++/**
++ * netlink_capable - Netlink global message capability test
++ * @skb: socket buffer holding a netlink command from userspace
++ * @cap: The capability to use
++ *
++ * Test to see if the opener of the socket we received the message
++ * from had when the netlink socket was created and the sender of the
++ * message has has the capability @cap in all user namespaces.
++ */
++bool netlink_capable(const struct sk_buff *skb, int cap)
++{
++ return netlink_ns_capable(skb, &init_user_ns, cap);
++}
++EXPORT_SYMBOL(netlink_capable);
++
++/**
++ * netlink_net_capable - Netlink network namespace message capability test
++ * @skb: socket buffer holding a netlink command from userspace
++ * @cap: The capability to use
++ *
++ * Test to see if the opener of the socket we received the message
++ * from had when the netlink socket was created and the sender of the
++ * message has has the capability @cap over the network namespace of
++ * the socket we received the message from.
++ */
++bool netlink_net_capable(const struct sk_buff *skb, int cap)
++{
++ return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap);
++}
++EXPORT_SYMBOL(netlink_net_capable);
++
++static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
+ {
+ return (nl_table[sock->sk->sk_protocol].flags & flag) ||
+ ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
+@@ -1428,7 +1495,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
+
+ /* Only superuser is allowed to listen multicasts */
+ if (nladdr->nl_groups) {
+- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
++ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
+ return -EPERM;
+ err = netlink_realloc_groups(sk);
+ if (err)
+@@ -1490,7 +1557,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
+ return -EINVAL;
+
+ if ((nladdr->nl_groups || nladdr->nl_pid) &&
+- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
++ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
+ return -EPERM;
+
+ if (!nlk->portid)
+@@ -2096,7 +2163,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
+ break;
+ case NETLINK_ADD_MEMBERSHIP:
+ case NETLINK_DROP_MEMBERSHIP: {
+- if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
++ if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
+ return -EPERM;
+ err = netlink_realloc_groups(sk);
+ if (err)
+@@ -2228,6 +2295,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
+ struct sk_buff *skb;
+ int err;
+ struct scm_cookie scm;
++ u32 netlink_skb_flags = 0;
+
+ if (msg->msg_flags&MSG_OOB)
+ return -EOPNOTSUPP;
+@@ -2247,8 +2315,9 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
+ dst_group = ffs(addr->nl_groups);
+ err = -EPERM;
+ if ((dst_group || dst_portid) &&
+- !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
++ !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
+ goto out;
++ netlink_skb_flags |= NETLINK_SKB_DST;
+ } else {
+ dst_portid = nlk->dst_portid;
+ dst_group = nlk->dst_group;
+@@ -2278,6 +2347,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
+ NETLINK_CB(skb).portid = nlk->portid;
+ NETLINK_CB(skb).dst_group = dst_group;
+ NETLINK_CB(skb).creds = siocb->scm->creds;
++ NETLINK_CB(skb).flags = netlink_skb_flags;
+
+ err = -EFAULT;
+ if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
+@@ -2933,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb_running,
atomic_read(&s->sk_refcnt),
@@ -104142,10 +104414,10 @@ index 8fac3fd..32ff38d 100644
unsigned int secindex_strings;
diff --git a/security/Kconfig b/security/Kconfig
-index beb86b5..1ea5a01 100644
+index beb86b5..1776e5eb7 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,960 @@
+@@ -4,6 +4,957 @@
menu "Security options"
@@ -104804,8 +105076,7 @@ index beb86b5..1ea5a01 100644
+ guess them in most cases. Any failed guess will most likely crash
+ the attacked program which allows the kernel to detect such attempts
+ and react on them. PaX itself provides no reaction mechanisms,
-+ instead it is strongly encouraged that you make use of Nergal's
-+ segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's
++ instead it is strongly encouraged that you make use of grsecurity's
+ (http://www.grsecurity.net/) built-in crash detection features or
+ develop one yourself.
+
@@ -104839,30 +105110,28 @@ index beb86b5..1ea5a01 100644
+ configuration, this feature cannot be disabled on a per file basis.
+
+config PAX_RANDUSTACK
-+ bool "Randomize user stack base"
++ bool
++
++config PAX_RANDMMAP
++ bool "Randomize user stack and mmap() bases"
+ default y if GRKERNSEC_CONFIG_AUTO
+ depends on PAX_ASLR
++ select PAX_RANDUSTACK
+ help
+ By saying Y here the kernel will randomize every task's userland
-+ stack. The randomization is done in two steps where the second
++ stack and use a randomized base address for mmap() requests that
++ do not specify one themselves.
++
++ The stack randomization is done in two steps where the second
+ one may apply a big amount of shift to the top of the stack and
+ cause problems for programs that want to use lots of memory (more
+ than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
-+ For this reason the second step can be controlled by 'chpax' or
-+ 'paxctl' on a per file basis.
+
-+config PAX_RANDMMAP
-+ bool "Randomize mmap() base"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on PAX_ASLR
-+ help
-+ By saying Y here the kernel will use a randomized base address for
-+ mmap() requests that do not specify one themselves. As a result
-+ all dynamically loaded libraries will appear at random addresses
-+ and therefore be harder to exploit by a technique where an attacker
-+ attempts to execute library code for his purposes (e.g. spawn a
-+ shell from an exploited program that is running at an elevated
-+ privilege level).
++ As a result of mmap randomization all dynamically loaded libraries
++ will appear at random addresses and therefore be harder to exploit
++ by a technique where an attacker attempts to execute library code
++ for his purposes (e.g. spawn a shell from an exploited program that
++ is running at an elevated privilege level).
+
+ Furthermore, if a program is relinked as a dynamic ELF file, its
+ base address will be randomized as well, completing the full
@@ -105106,7 +105375,7 @@ index beb86b5..1ea5a01 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1057,7 @@ config INTEL_TXT
+@@ -103,7 +1054,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -114236,10 +114505,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..72e9c0e
+index 0000000..8972f81
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,5986 @@
+@@ -0,0 +1,5988 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -114337,6 +114606,7 @@ index 0000000..72e9c0e
+lov_ost_pool_init_1215 lov_ost_pool_init 2 1215 NULL
+fsync_buffers_list_1219 fsync_buffers_list 0 1219 NULL
+kernfs_file_direct_read_1238 kernfs_file_direct_read 3 1238 NULL
++acpi_battery_write_alarm_1240 acpi_battery_write_alarm 3 1240 NULL
+ocfs2_extend_file_1266 ocfs2_extend_file 3 1266 NULL
+qla4xxx_change_queue_depth_1268 qla4xxx_change_queue_depth 2 1268 NULL
+ioctl_private_iw_point_1273 ioctl_private_iw_point 7 1273 NULL
@@ -116620,6 +116890,7 @@ index 0000000..72e9c0e
+keyctl_update_key_26061 keyctl_update_key 3 26061 NULL
+btrfs_wait_ordered_range_26086 btrfs_wait_ordered_range 0 26086 NULL
+rx_rx_wa_density_dropped_frame_read_26095 rx_rx_wa_density_dropped_frame_read 3 26095 NULL
++i8042_pnp_id_to_string_26108 i8042_pnp_id_to_string 3 26108 NULL
+read_sb_page_26119 read_sb_page 5 26119 NULL
+ath9k_hw_name_26146 ath9k_hw_name 3 26146 NULL
+copy_oldmem_page_26164 copy_oldmem_page 3 26164 NULL
@@ -121663,6 +121934,19 @@ index 6789d788..4afd019e 100644
+ .endm
+
#endif
+diff --git a/tools/virtio/linux/uaccess.h b/tools/virtio/linux/uaccess.h
+index 0a578fe..b81f62d 100644
+--- a/tools/virtio/linux/uaccess.h
++++ b/tools/virtio/linux/uaccess.h
+@@ -13,7 +13,7 @@ static inline void __chk_user_ptr(const volatile void *p, size_t size)
+ ({ \
+ typeof(ptr) __pu_ptr = (ptr); \
+ __chk_user_ptr(__pu_ptr, sizeof(*__pu_ptr)); \
+- ACCESS_ONCE(*(__pu_ptr)) = x; \
++ ACCESS_ONCE_RW(*(__pu_ptr)) = x; \
+ 0; \
+ })
+
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 03a0381..8b31923 100644
--- a/virt/kvm/kvm_main.c
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index d5bb11465..db0a92a95 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.4 Kernel Configuration
+# Linux/x86 3.14.6 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -200,6 +200,7 @@ CONFIG_VM_EVENT_COUNTERS=y
CONFIG_SLUB=y
# CONFIG_SLOB is not set
CONFIG_SLUB_CPU_PARTIAL=y
+# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
CONFIG_PROFILING=y
CONFIG_OPROFILE=m
# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
@@ -254,7 +255,6 @@ CONFIG_OLD_SIGACTION=y
CONFIG_HAVE_GENERIC_DMA_COHERENT=y
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=0
-# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
CONFIG_MODULES=y
# CONFIG_MODULE_FORCE_LOAD is not set
CONFIG_MODULE_UNLOAD=y
@@ -501,6 +501,7 @@ CONFIG_PM=y
CONFIG_ACPI=y
CONFIG_ACPI_SLEEP=y
CONFIG_ACPI_PROCFS=y
+# CONFIG_ACPI_PROCFS_POWER is not set
CONFIG_ACPI_EC_DEBUGFS=y
CONFIG_ACPI_AC=m
CONFIG_ACPI_BATTERY=m
@@ -4617,7 +4618,7 @@ CONFIG_USB_WUSB_CBAF=m
#
CONFIG_USB_C67X00_HCD=m
CONFIG_USB_XHCI_HCD=m
-CONFIG_USB_EHCI_HCD=y
+CONFIG_USB_EHCI_HCD=m
# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
# CONFIG_USB_EHCI_TT_NEWSCHED is not set
CONFIG_USB_EHCI_PCI=m
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64
index b966e1ab0..1efcdffe0 100644
--- a/main/linux-grsec/kernelconfig.x86_64
+++ b/main/linux-grsec/kernelconfig.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.4 Kernel Configuration
+# Linux/x86 3.14.6 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -208,6 +208,7 @@ CONFIG_VM_EVENT_COUNTERS=y
CONFIG_SLUB=y
# CONFIG_SLOB is not set
CONFIG_SLUB_CPU_PARTIAL=y
+# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
CONFIG_PROFILING=y
CONFIG_OPROFILE=m
# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
@@ -268,7 +269,6 @@ CONFIG_COMPAT_OLD_SIGACTION=y
# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=0
-# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
CONFIG_MODULES=y
# CONFIG_MODULE_FORCE_LOAD is not set
CONFIG_MODULE_UNLOAD=y
@@ -494,6 +494,7 @@ CONFIG_PM=y
CONFIG_ACPI=y
CONFIG_ACPI_SLEEP=y
CONFIG_ACPI_PROCFS=y
+# CONFIG_ACPI_PROCFS_POWER is not set
CONFIG_ACPI_EC_DEBUGFS=y
CONFIG_ACPI_AC=m
CONFIG_ACPI_BATTERY=m
@@ -4444,7 +4445,7 @@ CONFIG_USB_WUSB_CBAF=m
#
CONFIG_USB_C67X00_HCD=m
CONFIG_USB_XHCI_HCD=m
-CONFIG_USB_EHCI_HCD=y
+CONFIG_USB_EHCI_HCD=m
# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
# CONFIG_USB_EHCI_TT_NEWSCHED is not set
CONFIG_USB_EHCI_PCI=m