summaryrefslogtreecommitdiffstats
path: root/main/linux-virt-grsec
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2013-11-20 16:11:37 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2013-11-20 16:11:54 +0000
commitbe7afbff42941e441138d76b367e898872a2bce2 (patch)
tree3671faa40d350b2b58c6bcee4a3b5830113ed251 /main/linux-virt-grsec
parent3fde020c649c3a90c7e50a0f412af12f551cd09d (diff)
downloadaports-be7afbff42941e441138d76b367e898872a2bce2.tar.bz2
aports-be7afbff42941e441138d76b367e898872a2bce2.tar.xz
main/linux-virt-grsec: upgrade to 3.10.19
Diffstat (limited to 'main/linux-virt-grsec')
-rw-r--r--main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch40
-rw-r--r--main/linux-virt-grsec/APKBUILD33
-rw-r--r--main/linux-virt-grsec/CVE-2013-4348.patch35
-rw-r--r--main/linux-virt-grsec/grsecurity-2.9.1-3.10.19-unofficial.patch (renamed from main/linux-virt-grsec/grsecurity-2.9.1-3.10.17-unofficial.patch)231
-rw-r--r--main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch14
-rw-r--r--main/linux-virt-grsec/sysctl_lxc.patch31
6 files changed, 196 insertions, 188 deletions
diff --git a/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch b/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch
deleted file mode 100644
index da442aae3..000000000
--- a/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From b8bf456d13988fb38cfe248676327f44a2d2ed2e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Wed, 23 Oct 2013 09:54:54 +0300
-Subject: [PATCH] pax: x86_64: fix copy_user_generic
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Pax patch removed r10 from clobbers list as all assembly code was
-updated to not use it. However, in the error path the assembly code
-ends up calling copy_user_handle_tail() C-function that can clobber
-r10. This broke things for certain gcc optimizations (at least for gcc
-4.8.x), as copy_user_generic() is inline function, and the inline
-assembly incorrectly guaranteed not to clobber r10.
-
-Add r10 back to clobbers list like vanilla kernel has it. It is
-needed always due to the possibly C-function call in error path.
-
-Signed-off-by: Timo Teräs <timo.teras@iki.f>
-Acked-by: Natanael Copa <ncopa@alpinelinux.org>
----
- arch/x86/include/asm/uaccess_64.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 1dbe82f..9d398f4 100644
---- a/arch/x86/include/asm/uaccess_64.h
-+++ b/arch/x86/include/asm/uaccess_64.h
-@@ -44,7 +44,7 @@ copy_user_generic(void *to, const void *from, unsigned len)
- ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from),
- "=d" (len)),
- "1" (to), "2" (from), "3" (len)
-- : "memory", "rcx", "r8", "r9", "r11");
-+ : "memory", "rcx", "r8", "r9", "r10", "r11");
- return ret;
- }
-
---
-1.8.4.1
-
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
index e90804166..52f347a1e 100644
--- a/main/linux-virt-grsec/APKBUILD
+++ b/main/linux-virt-grsec/APKBUILD
@@ -3,7 +3,7 @@
_flavor=grsec
pkgname=linux-virt-${_flavor}
-pkgver=3.10.17
+pkgver=3.10.19
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -18,8 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.10.17-unofficial.patch
- 0001-pax-x86_64-fix-copy_user_generic.patch
+ grsecurity-2.9.1-$pkgver-unofficial.patch
0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -27,7 +26,9 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
fix-memory-map-for-PIE-applications.patch
- remove-cap-sys-admin-for-proc-sys.patch
+ sysctl_lxc.patch
+ CVE-2013-4348.patch
+
kernelconfig.x86
kernelconfig.x86_64
"
@@ -151,9 +152,8 @@ dev() {
}
md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz
-8431ee4e2467fdfde47e31701813a265 patch-3.10.17.xz
-6894537e9ccc2b296b27b42c39c64b31 grsecurity-2.9.1-3.10.17-unofficial.patch
-51607abf0a105aebbe65e3df6fb415bd 0001-pax-x86_64-fix-copy_user_generic.patch
+b7f932eecbbf5636ad69add480fa1573 patch-3.10.19.xz
+4440f9004d3b62cf9b526d53c02416ad grsecurity-2.9.1-3.10.19-unofficial.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -161,13 +161,13 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p
6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
-ebb624500d0b89fbf2daadfc7151c693 remove-cap-sys-admin-for-proc-sys.patch
+b3c0153d53e508e03d73b94d15b24a96 sysctl_lxc.patch
+09ae7985af988c75ff35ed503558eb8b CVE-2013-4348.patch
539c848d541c1656851fe865018273df kernelconfig.x86
82cd965fc82651f2e6b35e75c17d8031 kernelconfig.x86_64"
sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
-5552fc6f24a56d13d603ddc7759114a7b52e92ad2fb84a23a1b80b37b739a33b patch-3.10.17.xz
-8e82e71c0da392a601a952aa712b56a5116fcf626c19d69ae9d86dda2d200852 grsecurity-2.9.1-3.10.17-unofficial.patch
-0742780b41ded0837d25f0b2f646b954da9362ac5956886427ad630000c0e335 0001-pax-x86_64-fix-copy_user_generic.patch
+c420b1da0aefe23e4a6953e579374fd377385b6041f967694cf4f828e2f3252e patch-3.10.19.xz
+532870eb3c59200b045efb64463bcc544d394410b2aba63ed5c6dbfe9d974e38 grsecurity-2.9.1-3.10.19-unofficial.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -175,13 +175,13 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush
ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
-01c33a3093d23a6ef5ea50cb91174d524be5bfcc4f3dd9694844cf47697d5287 remove-cap-sys-admin-for-proc-sys.patch
+9ba55b0f45d5aa97503e376a13be6d249a10f32e36687055b2fa1e5a39fa0584 sysctl_lxc.patch
+39acdfc0bb2298e3a9ba62ee42ac2b6556fc31d8eaa2c085f84897cdeaa1a996 CVE-2013-4348.patch
997d4c8a5a2b911047d26fe1bf8ee8d5cd3b7133e6abdc07b7deacd0b3eb2330 kernelconfig.x86
7845194551137fbc3b69a75249696bc843bb7fe7f4a4e6b0582c0ca0856caa64 kernelconfig.x86_64"
sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
-38f9085d67d59cb37c32db69b84714a96f327fe74b69bb4a7304861ea6e474614216067ee08093f41739ce803b83a70400c83f06c695cb1114cf41c0b2dc7aa7 patch-3.10.17.xz
-6d27a986f32f42b12c4291ebb4b7365d8cd90b604ee9bc57344b9f9764efd7c5aae89c5ab4977878a24ae4b6e812c1db6030c3451bd15fdb2ea01a2a50e2ce41 grsecurity-2.9.1-3.10.17-unofficial.patch
-b32903a59cd582c2acf95869640bb34fefee544d242702e04af1db188f381da3889c9db9475e8ffc31628cda0b0641828f609c5ac9a387dd86ac4917be26792f 0001-pax-x86_64-fix-copy_user_generic.patch
+6a8bfb124f90f1c8ed27ce3315629601b1b72d4bc8b1d2b776424e56b3a72e4cd03bcebe6cde35223a3beba75ec6d69e949e217504acc611becb7e62aa88f05c patch-3.10.19.xz
+015b090eedeb4bcd75025690bab264afddc9e5a54a897f918a8c5f260b5ddf46bd6cbf510e6efdeb26cc5d351e8c5ccb3c921738f315e4ee5153e288b86608cd grsecurity-2.9.1-3.10.19-unofficial.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -189,6 +189,7 @@ d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d71
28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
-90d236cb79054751d9081c0ffc002c89cb855e0785c5419449563724e4f9de1c67f763923bdc8c1a5b336ab7850ad33d21fa41ad33b9e2e680badefe40c26626 remove-cap-sys-admin-for-proc-sys.patch
+41071e21c59997604a380575d3c4171d35a12eaae6ddcf158d95e4fd5ccc69d61753cbd38b7bd08d879cce5bfea3fed2df15e5a3dca944f6f7cbd95d5d2daa23 sysctl_lxc.patch
+6c5165692519c630cb96a254088e55d4d7412bd0f45920c0bf514dd9c68d24625da91798158fe502b6c214a7b8d44ae6b2e49b39aed6da3c1344f816f90405a3 CVE-2013-4348.patch
08f5bb86f03415f60e9bb171ffa192fa70fa85dafeada10817a4b8ae7932fffd1b0f2df01750407e576bb71cd6c3f2c5fe76f2613922cd77f398bce134fd3ec2 kernelconfig.x86
7a373bec279fe00601bff7ed64c5a09bb4318bf07557fece194afb426d78bf13191b0510642192518f3ffa68b9a36aa6f971f77f55ea09ae4f42c4a84afc00a5 kernelconfig.x86_64"
diff --git a/main/linux-virt-grsec/CVE-2013-4348.patch b/main/linux-virt-grsec/CVE-2013-4348.patch
new file mode 100644
index 000000000..cce1592eb
--- /dev/null
+++ b/main/linux-virt-grsec/CVE-2013-4348.patch
@@ -0,0 +1,35 @@
+From 6f092343855a71e03b8d209815d8c45bf3a27fcd Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Fri, 01 Nov 2013 07:01:10 +0000
+Subject: net: flow_dissector: fail on evil iph->ihl
+
+We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
+skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
+is evil (less than 5).
+
+This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae
+(rps: support IPIP encapsulation).
+
+Cc: Eric Dumazet <edumazet@google.com>
+Cc: Petr Matousek <pmatouse@redhat.com>
+Cc: Michael S. Tsirkin <mst@redhat.com>
+Cc: Daniel Borkmann <dborkman@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
+index 8d7d0dd..143b6fd 100644
+--- a/net/core/flow_dissector.c
++++ b/net/core/flow_dissector.c
+@@ -40,7 +40,7 @@ again:
+ struct iphdr _iph;
+ ip:
+ iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
+- if (!iph)
++ if (!iph || iph->ihl < 5)
+ return false;
+
+ if (ip_is_fragment(iph))
+--
+cgit v0.9.2
diff --git a/main/linux-virt-grsec/grsecurity-2.9.1-3.10.17-unofficial.patch b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.19-unofficial.patch
index 3a7847821..cf1b0625d 100644
--- a/main/linux-virt-grsec/grsecurity-2.9.1-3.10.17-unofficial.patch
+++ b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.19-unofficial.patch
@@ -281,7 +281,7 @@ index 2fe6e76..889ee23 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 5c7d3d6..aa1c9c3 100644
+index 83a02f5..8673672 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -18579,7 +18579,7 @@ index 7f760a9..04b1c65 100644
}
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 142810c..1dbe82f 100644
+index 142810c..9d398f4 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -10,6 +10,9 @@
@@ -18610,12 +18610,7 @@ index 142810c..1dbe82f 100644
copy_user_generic(void *to, const void *from, unsigned len)
{
unsigned ret;
-@@ -41,142 +44,204 @@ copy_user_generic(void *to, const void *from, unsigned len)
- ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from),
- "=d" (len)),
- "1" (to), "2" (from), "3" (len)
-- : "memory", "rcx", "r8", "r9", "r10", "r11");
-+ : "memory", "rcx", "r8", "r9", "r11");
+@@ -45,138 +48,200 @@ copy_user_generic(void *to, const void *from, unsigned len)
return ret;
}
@@ -19520,7 +19515,7 @@ index 562a76d..a003c0f 100644
.name = "physical x2apic",
.probe = x2apic_phys_probe,
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
-index 794f6eb..67e1db2 100644
+index b32dbb4..6d66648 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -342,7 +342,7 @@ static int uv_probe(void)
@@ -38439,7 +38434,7 @@ index ed1334e..ee0dd42 100644
dev = crtc->dev;
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index 9cc247f..36aa285 100644
+index 2ab782c..d994a37 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -306,7 +306,7 @@ module_exit(drm_core_exit);
@@ -42099,7 +42094,7 @@ index 1c13071..4bb0452 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 51f0345..c77810e 100644
+index d78f1ff..952b9c6 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -234,10 +234,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -42249,10 +42244,10 @@ index 3e6d115..ffecdeb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 6f48244..7d29145 100644
+index afaa5d4..c139824 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1822,7 +1822,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1823,7 +1823,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
@@ -42261,7 +42256,7 @@ index 6f48244..7d29145 100644
}
sectors -= s;
sect += s;
-@@ -2049,7 +2049,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2050,7 +2050,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -42271,10 +42266,10 @@ index 6f48244..7d29145 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 081bb33..3c4b287 100644
+index 0add868..372c6ec 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
-@@ -1940,7 +1940,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1941,7 +1941,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
*/
@@ -42283,7 +42278,7 @@ index 081bb33..3c4b287 100644
&conf->mirrors[d].rdev->corrected_errors);
/* for reconstruct, we always reschedule after a read.
-@@ -2298,7 +2298,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2299,7 +2299,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
{
struct timespec cur_time_mon;
unsigned long hours_since_last;
@@ -42292,7 +42287,7 @@ index 081bb33..3c4b287 100644
ktime_get_ts(&cur_time_mon);
-@@ -2320,9 +2320,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2321,9 +2321,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
* overflowing the shift of read_errors by hours_since_last.
*/
if (hours_since_last >= 8 * sizeof(read_errors))
@@ -42304,7 +42299,7 @@ index 081bb33..3c4b287 100644
}
static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -2376,8 +2376,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2377,8 +2377,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
return;
check_decay_read_errors(mddev, rdev);
@@ -42315,7 +42310,7 @@ index 081bb33..3c4b287 100644
char b[BDEVNAME_SIZE];
bdevname(rdev->bdev, b);
-@@ -2385,7 +2385,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2386,7 +2386,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
"md/raid10:%s: %s: Raid device exceeded "
"read_error threshold [cur %d:max %d]\n",
mdname(mddev), b,
@@ -42324,7 +42319,7 @@ index 081bb33..3c4b287 100644
printk(KERN_NOTICE
"md/raid10:%s: %s: Failing raid device\n",
mdname(mddev), b);
-@@ -2540,7 +2540,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2541,7 +2541,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
sect +
choose_data_offset(r10_bio, rdev)),
bdevname(rdev->bdev, b));
@@ -42334,10 +42329,10 @@ index 081bb33..3c4b287 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index a35b846..e295c6d 100644
+index 4bed545..8d22d0b 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
-@@ -1764,21 +1764,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1776,21 +1776,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
mdname(conf->mddev), STRIPE_SECTORS,
(unsigned long long)s,
bdevname(rdev->bdev, b));
@@ -42363,7 +42358,7 @@ index a35b846..e295c6d 100644
if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
printk_ratelimited(
KERN_WARNING
-@@ -1806,7 +1806,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1818,7 +1818,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
mdname(conf->mddev),
(unsigned long long)s,
bdn);
@@ -46815,7 +46810,7 @@ index f379c7f..e8fc69c 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index c398634..47ccb41 100644
+index 734a29a..6b06e4a 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -2923,7 +2923,7 @@ static int sd_probe(struct device *dev)
@@ -48503,7 +48498,7 @@ index a9af1b9a..1e08e7f 100644
ret = -EPERM;
goto reterr;
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
-index b645c47..a55c182 100644
+index 2d57a00..74d14de 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -25,6 +25,7 @@
@@ -48588,7 +48583,7 @@ index b645c47..a55c182 100644
}
static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
-@@ -809,7 +810,7 @@ int __uio_register_device(struct module *owner,
+@@ -830,7 +831,7 @@ int __uio_register_device(struct module *owner,
idev->owner = owner;
idev->info = info;
init_waitqueue_head(&idev->wait);
@@ -61205,7 +61200,7 @@ index 8c1c96c..a0f9b6d 100644
return -EINVAL;
diff --git a/fs/seq_file.c b/fs/seq_file.c
-index 774c1eb..b67582a 100644
+index 3dd44db..a7da2f2 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -10,6 +10,7 @@
@@ -61262,7 +61257,7 @@ index 774c1eb..b67582a 100644
if (!m->buf)
goto Enomem;
m->count = 0;
-@@ -581,7 +585,7 @@ static void single_stop(struct seq_file *p, void *v)
+@@ -583,7 +587,7 @@ static void single_stop(struct seq_file *p, void *v)
int single_open(struct file *file, int (*show)(struct seq_file *, void *),
void *data)
{
@@ -77273,7 +77268,7 @@ index 2ac423b..237c72e 100644
#define save_altstack_ex(uss, sp) do { \
stack_t __user *__uss = uss; \
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index dec1748..112c1f9 100644
+index eaf6027..2266947 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -640,7 +640,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
@@ -77312,7 +77307,7 @@ index dec1748..112c1f9 100644
}
/**
-@@ -1848,7 +1848,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1853,7 +1853,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
@@ -77321,7 +77316,7 @@ index dec1748..112c1f9 100644
#endif
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-@@ -2443,7 +2443,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
+@@ -2448,7 +2448,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
int noblock, int *err);
extern unsigned int datagram_poll(struct file *file, struct socket *sock,
struct poll_table_struct *wait);
@@ -77330,7 +77325,7 @@ index dec1748..112c1f9 100644
int offset, struct iovec *to,
int size);
extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
-@@ -2733,6 +2733,9 @@ static inline void nf_reset(struct sk_buff *skb)
+@@ -2738,6 +2738,9 @@ static inline void nf_reset(struct sk_buff *skb)
nf_bridge_put(skb->nf_bridge);
skb->nf_bridge = NULL;
#endif
@@ -78881,10 +78876,10 @@ index 1bd4c41..9250b5b 100644
/* Structure to track chunk fragments that have been acked, but peer
diff --git a/include/net/sock.h b/include/net/sock.h
-index 66772cf..25bc45b 100644
+index cec4c72..66ba735 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
-@@ -325,7 +325,7 @@ struct sock {
+@@ -326,7 +326,7 @@ struct sock {
#ifdef CONFIG_RPS
__u32 sk_rxhash;
#endif
@@ -78893,7 +78888,7 @@ index 66772cf..25bc45b 100644
int sk_rcvbuf;
struct sk_filter __rcu *sk_filter;
-@@ -1797,7 +1797,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
+@@ -1799,7 +1799,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
}
static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
@@ -78902,7 +78897,7 @@ index 66772cf..25bc45b 100644
int copy, int offset)
{
if (skb->ip_summed == CHECKSUM_NONE) {
-@@ -2056,7 +2056,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
+@@ -2058,7 +2058,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
}
}
@@ -78912,10 +78907,10 @@ index 66772cf..25bc45b 100644
/**
* sk_page_frag - return an appropriate page_frag
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index 5bba80f..8520a82 100644
+index 3fc77e9..a20155c 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
-@@ -524,7 +524,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
+@@ -525,7 +525,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
extern void tcp_xmit_retransmit_queue(struct sock *);
extern void tcp_simple_retransmit(struct sock *);
extern int tcp_trim_head(struct sock *, struct sk_buff *, u32);
@@ -78924,7 +78919,7 @@ index 5bba80f..8520a82 100644
extern void tcp_send_probe0(struct sock *);
extern void tcp_send_partial(struct sock *);
-@@ -697,8 +697,8 @@ struct tcp_skb_cb {
+@@ -698,8 +698,8 @@ struct tcp_skb_cb {
struct inet6_skb_parm h6;
#endif
} header; /* For incoming frames */
@@ -78935,7 +78930,7 @@ index 5bba80f..8520a82 100644
__u32 when; /* used to compute rtt's */
__u8 tcp_flags; /* TCP header flags. (tcp[13]) */
-@@ -712,7 +712,7 @@ struct tcp_skb_cb {
+@@ -713,7 +713,7 @@ struct tcp_skb_cb {
__u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */
/* 1 byte hole */
@@ -80430,7 +80425,7 @@ index f6c2ce5..982c0f9 100644
+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
+}
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 2e9b387..61817b1 100644
+index b6b26fa..ae2217e 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -5398,7 +5398,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
@@ -87214,7 +87209,7 @@ index ceb0c7f..b2b8e94 100644
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
diff --git a/mm/memory.c b/mm/memory.c
-index 5a35443..7c0340f 100644
+index 4b60011..80b1cba 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -428,6 +428,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -87732,7 +87727,7 @@ index 5a35443..7c0340f 100644
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3752,6 +3955,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3741,6 +3944,12 @@ int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -87745,7 +87740,7 @@ index 5a35443..7c0340f 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3768,6 +3977,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3757,6 +3966,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -87756,7 +87751,7 @@ index 5a35443..7c0340f 100644
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3779,6 +3992,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3768,6 +3981,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -87791,7 +87786,7 @@ index 5a35443..7c0340f 100644
retry:
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
-@@ -3877,6 +4118,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3866,6 +4107,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -87815,7 +87810,7 @@ index 5a35443..7c0340f 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3907,6 +4165,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3896,6 +4154,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -87846,7 +87841,7 @@ index 5a35443..7c0340f 100644
#endif /* __PAGETABLE_PMD_FOLDED */
#if !defined(__HAVE_ARCH_GATE_AREA)
-@@ -3920,7 +4202,7 @@ static int __init gate_vma_init(void)
+@@ -3909,7 +4191,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -87855,7 +87850,7 @@ index 5a35443..7c0340f 100644
return 0;
}
-@@ -4054,8 +4336,8 @@ out:
+@@ -4043,8 +4325,8 @@ out:
return ret;
}
@@ -87866,7 +87861,7 @@ index 5a35443..7c0340f 100644
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -4080,8 +4362,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
+@@ -4070,8 +4352,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
@@ -87877,7 +87872,7 @@ index 5a35443..7c0340f 100644
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -4089,7 +4371,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4079,7 +4361,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
@@ -87886,7 +87881,7 @@ index 5a35443..7c0340f 100644
void *maddr;
struct page *page = NULL;
-@@ -4148,8 +4430,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4138,8 +4420,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -87897,7 +87892,7 @@ index 5a35443..7c0340f 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -4159,11 +4441,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4149,11 +4431,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
@@ -87989,7 +87984,7 @@ index 4baf12e..5497066 100644
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index 25ca7ca..abe1836 100644
+index bf436c1..f571994 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1399,8 +1399,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
@@ -89373,7 +89368,7 @@ index 8d25fdc..bfb7626 100644
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 94722a4..e661e29 100644
+index 2bbb648..1658c46 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -23,10 +23,18 @@
@@ -89779,7 +89774,7 @@ index 298884d..5f74980 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 4514ad7..92eaa1c 100644
+index aca4364..09039c6 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -659,7 +659,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty)
@@ -91263,7 +91258,7 @@ index ab1424d..7c5bd5a 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index d365724..6cae7c2 100644
+index d456560..3ed6863 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -59,8 +59,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -92285,13 +92280,13 @@ index eb0a46a..5f3bae8 100644
switch (ss->ss_family) {
diff --git a/net/compat.c b/net/compat.c
-index f0a1ba6..0541331 100644
+index 8903258..24e30e5 100644
--- a/net/compat.c
+++ b/net/compat.c
-@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
- __get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
- __get_user(kmsg->msg_flags, &umsg->msg_flags))
+@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
return -EFAULT;
+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
+ return -EINVAL;
- kmsg->msg_name = compat_ptr(tmp1);
- kmsg->msg_iov = compat_ptr(tmp2);
- kmsg->msg_control = compat_ptr(tmp3);
@@ -92301,7 +92296,7 @@ index f0a1ba6..0541331 100644
return 0;
}
-@@ -85,7 +85,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -87,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
if (kern_msg->msg_namelen) {
if (mode == VERIFY_READ) {
@@ -92310,7 +92305,7 @@ index f0a1ba6..0541331 100644
kern_msg->msg_namelen,
kern_address);
if (err < 0)
-@@ -96,7 +96,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -98,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
kern_msg->msg_name = NULL;
tot_len = iov_from_user_compat_to_kern(kern_iov,
@@ -92319,7 +92314,7 @@ index f0a1ba6..0541331 100644
kern_msg->msg_iovlen);
if (tot_len >= 0)
kern_msg->msg_iov = kern_iov;
-@@ -116,20 +116,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -118,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
#define CMSG_COMPAT_FIRSTHDR(msg) \
(((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \
@@ -92343,7 +92338,7 @@ index f0a1ba6..0541331 100644
msg->msg_controllen)
return NULL;
return (struct compat_cmsghdr __user *)ptr;
-@@ -219,7 +219,7 @@ Efault:
+@@ -221,7 +221,7 @@ Efault:
int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *data)
{
@@ -92352,7 +92347,7 @@ index f0a1ba6..0541331 100644
struct compat_cmsghdr cmhdr;
struct compat_timeval ctv;
struct compat_timespec cts[3];
-@@ -275,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
+@@ -277,7 +277,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
{
@@ -92361,7 +92356,7 @@ index f0a1ba6..0541331 100644
int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
int fdnum = scm->fp->count;
struct file **fp = scm->fp->fp;
-@@ -363,7 +363,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
+@@ -365,7 +365,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
return -EFAULT;
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -92370,7 +92365,7 @@ index f0a1ba6..0541331 100644
set_fs(old_fs);
return err;
-@@ -424,7 +424,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
+@@ -426,7 +426,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
len = sizeof(ktime);
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -92379,7 +92374,7 @@ index f0a1ba6..0541331 100644
set_fs(old_fs);
if (!err) {
-@@ -567,7 +567,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -569,7 +569,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
case MCAST_JOIN_GROUP:
case MCAST_LEAVE_GROUP:
{
@@ -92388,7 +92383,7 @@ index f0a1ba6..0541331 100644
struct group_req __user *kgr =
compat_alloc_user_space(sizeof(struct group_req));
u32 interface;
-@@ -588,7 +588,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -590,7 +590,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
case MCAST_BLOCK_SOURCE:
case MCAST_UNBLOCK_SOURCE:
{
@@ -92397,7 +92392,7 @@ index f0a1ba6..0541331 100644
struct group_source_req __user *kgsr = compat_alloc_user_space(
sizeof(struct group_source_req));
u32 interface;
-@@ -609,7 +609,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -611,7 +611,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
}
case MCAST_MSFILTER:
{
@@ -92406,7 +92401,7 @@ index f0a1ba6..0541331 100644
struct group_filter __user *kgf;
u32 interface, fmode, numsrc;
-@@ -647,7 +647,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
+@@ -649,7 +649,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
char __user *optval, int __user *optlen,
int (*getsockopt)(struct sock *, int, int, char __user *, int __user *))
{
@@ -92415,7 +92410,7 @@ index f0a1ba6..0541331 100644
struct group_filter __user *kgf;
int __user *koptlen;
u32 interface, fmode, numsrc;
-@@ -805,7 +805,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
+@@ -807,7 +807,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
if (call < SYS_SOCKET || call > SYS_SENDMMSG)
return -EINVAL;
@@ -92843,7 +92838,7 @@ index 1c1738c..4cab7f0 100644
}
diff --git a/net/core/sock.c b/net/core/sock.c
-index d6d024c..6ea7ab4 100644
+index 6565431..4012941 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -92930,7 +92925,7 @@ index d6d024c..6ea7ab4 100644
return -EFAULT;
lenout:
if (put_user(len, optlen))
-@@ -2277,7 +2277,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2278,7 +2278,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
*/
smp_wmb();
atomic_set(&sk->sk_refcnt, 1);
@@ -93297,7 +93292,7 @@ index 6acb541..9ea617d 100644
void inet_get_local_port_range(int *low, int *high)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
-index 6af375a..c493c74 100644
+index c95848d..e561cbd 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -18,12 +18,15 @@
@@ -93446,7 +93441,7 @@ index d9c4f11..02b82dbc 100644
msg.msg_flags = flags;
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
-index 17cc0ff..63856c4 100644
+index 0656041..d6ecb60 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -47,7 +47,7 @@
@@ -93458,7 +93453,7 @@ index 17cc0ff..63856c4 100644
static int vti_net_id __read_mostly;
struct vti_net {
-@@ -840,7 +840,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
+@@ -848,7 +848,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
[IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
};
@@ -93700,7 +93695,7 @@ index 6fb2337..9cd6b20 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index d35bbf0..faa3ab8 100644
+index d11e73c..25c1dc4 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2558,34 +2558,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
@@ -93756,10 +93751,10 @@ index d35bbf0..faa3ab8 100644
sizeof(net->ipv4.dev_addr_genid));
return 0;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
-index 3f25e75..3ae0f4d 100644
+index 90b26be..268b217 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
-@@ -57,7 +57,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
+@@ -58,7 +58,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
{
int ret;
int range[2];
@@ -93768,7 +93763,7 @@ index 3f25e75..3ae0f4d 100644
.data = &range,
.maxlen = sizeof(range),
.mode = table->mode,
-@@ -110,7 +110,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
+@@ -111,7 +111,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
int ret;
gid_t urange[2];
kgid_t low, high;
@@ -93777,7 +93772,7 @@ index 3f25e75..3ae0f4d 100644
.data = &urange,
.maxlen = sizeof(urange),
.mode = table->mode,
-@@ -141,7 +141,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
+@@ -142,7 +142,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
char val[TCP_CA_NAME_MAX];
@@ -93786,7 +93781,7 @@ index 3f25e75..3ae0f4d 100644
.data = val,
.maxlen = TCP_CA_NAME_MAX,
};
-@@ -160,7 +160,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
+@@ -161,7 +161,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
void __user *buffer, size_t *lenp,
loff_t *ppos)
{
@@ -93795,7 +93790,7 @@ index 3f25e75..3ae0f4d 100644
int ret;
tbl.data = kmalloc(tbl.maxlen, GFP_USER);
-@@ -177,7 +177,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
+@@ -178,7 +178,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
void __user *buffer, size_t *lenp,
loff_t *ppos)
{
@@ -93804,7 +93799,7 @@ index 3f25e75..3ae0f4d 100644
int ret;
tbl.data = kmalloc(tbl.maxlen, GFP_USER);
-@@ -203,15 +203,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+@@ -204,15 +204,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
struct mem_cgroup *memcg;
#endif
@@ -93825,7 +93820,7 @@ index 3f25e75..3ae0f4d 100644
}
ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
-@@ -238,7 +240,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+@@ -239,7 +241,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
static int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer,
size_t *lenp, loff_t *ppos)
{
@@ -93834,7 +93829,7 @@ index 3f25e75..3ae0f4d 100644
struct tcp_fastopen_context *ctxt;
int ret;
u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
-@@ -481,7 +483,7 @@ static struct ctl_table ipv4_table[] = {
+@@ -482,7 +484,7 @@ static struct ctl_table ipv4_table[] = {
},
{
.procname = "ip_local_reserved_ports",
@@ -93843,7 +93838,7 @@ index 3f25e75..3ae0f4d 100644
.maxlen = 65536,
.mode = 0644,
.proc_handler = proc_do_large_bitmap,
-@@ -846,11 +848,10 @@ static struct ctl_table ipv4_net_table[] = {
+@@ -856,11 +858,10 @@ static struct ctl_table ipv4_net_table[] = {
static __net_init int ipv4_sysctl_init_net(struct net *net)
{
@@ -93857,7 +93852,7 @@ index 3f25e75..3ae0f4d 100644
if (table == NULL)
goto err_alloc;
-@@ -885,15 +886,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
+@@ -895,15 +896,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
tcp_init_mem(net);
@@ -93878,7 +93873,7 @@ index 3f25e75..3ae0f4d 100644
err_alloc:
return -ENOMEM;
}
-@@ -915,16 +918,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
+@@ -925,16 +928,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
static __init int sysctl_ipv4_init(void)
{
struct ctl_table_header *hdr;
@@ -93896,10 +93891,10 @@ index 3f25e75..3ae0f4d 100644
hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
if (hdr == NULL)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 4b75aad..a4b2833 100644
+index e15d330..c93711a 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
-@@ -4439,7 +4439,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4472,7 +4472,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
* simplifies code)
*/
static void
@@ -93908,7 +93903,7 @@ index 4b75aad..a4b2833 100644
struct sk_buff *head, struct sk_buff *tail,
u32 start, u32 end)
{
-@@ -5525,6 +5525,7 @@ discard:
+@@ -5558,6 +5558,7 @@ discard:
tcp_paws_reject(&tp->rx_opt, 0))
goto discard_and_undo;
@@ -93916,7 +93911,7 @@ index 4b75aad..a4b2833 100644
if (th->syn) {
/* We see SYN without ACK. It is attempt of
* simultaneous connect with crossed SYNs.
-@@ -5575,6 +5576,7 @@ discard:
+@@ -5608,6 +5609,7 @@ discard:
goto discard;
#endif
}
@@ -93924,7 +93919,7 @@ index 4b75aad..a4b2833 100644
/* "fifth, if neither of the SYN or RST bits is set then
* drop the segment and return."
*/
-@@ -5619,7 +5621,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5652,7 +5654,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
goto discard;
if (th->syn) {
@@ -94637,10 +94632,10 @@ index 1aeb473..bea761c 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index bacce6c..9d1741a 100644
+index 3c1f493..4129ccc 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -2903,7 +2903,7 @@ ctl_table ipv6_route_table_template[] = {
+@@ -2931,7 +2931,7 @@ ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
{
@@ -94966,7 +94961,7 @@ index ab8bd2c..cd2d641 100644
return res;
}
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index ae36f8e..09d42ac 100644
+index 5ab17b8..5b0aae4 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -806,7 +806,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
@@ -94999,7 +94994,7 @@ index ae36f8e..09d42ac 100644
if (local->use_chanctx)
*chandef = local->monitor_chandef;
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 9ca8e32..48e4a9b 100644
+index 92ef04c..dab37ef3 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -28,6 +28,7 @@
@@ -95010,7 +95005,7 @@ index 9ca8e32..48e4a9b 100644
#include "key.h"
#include "sta_info.h"
#include "debug.h"
-@@ -891,7 +892,7 @@ struct ieee80211_local {
+@@ -894,7 +895,7 @@ struct ieee80211_local {
/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
spinlock_t queue_stop_reason_lock;
@@ -95175,7 +95170,7 @@ index c97a065..ff61928 100644
return p;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
-index 72e6292..e6319eb 100644
+index 5db8eb5..d0319e8 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1472,7 +1472,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
@@ -96806,7 +96801,7 @@ index 098f1d5f..60da2f7 100644
/* Start T3_rtx timer if it is not already running and update the heartbeat
diff --git a/net/socket.c b/net/socket.c
-index 4ca1526..df83e47 100644
+index 9c467b2..f2cbd27 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -96977,7 +96972,7 @@ index 4ca1526..df83e47 100644
int err, err2;
int fput_needed;
-@@ -2023,7 +2085,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2036,7 +2098,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
@@ -96986,7 +96981,7 @@ index 4ca1526..df83e47 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2174,7 +2236,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2187,7 +2249,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
int err, total_len, len;
/* kernel mode address */
@@ -96995,7 +96990,7 @@ index 4ca1526..df83e47 100644
/* user mode address pointers */
struct sockaddr __user *uaddr;
-@@ -2202,7 +2264,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2218,7 +2280,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
* kernel msghdr to use the kernel address space)
*/
@@ -97004,7 +96999,7 @@ index 4ca1526..df83e47 100644
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags) {
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
-@@ -2955,7 +3017,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2971,7 +3033,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -97013,7 +97008,7 @@ index 4ca1526..df83e47 100644
set_fs(old_fs);
return err;
-@@ -3064,7 +3126,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3080,7 +3142,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -97022,7 +97017,7 @@ index 4ca1526..df83e47 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3169,7 +3231,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3185,7 +3247,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= __get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -97031,7 +97026,7 @@ index 4ca1526..df83e47 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3395,8 +3457,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3411,8 +3473,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
@@ -97042,7 +97037,7 @@ index 4ca1526..df83e47 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3416,7 +3478,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3432,7 +3494,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -97403,7 +97398,7 @@ index 6b42d47..2ac24d5 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 826e099..4fa8c93 100644
+index 0258072..fc6d46d 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -783,6 +783,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -97452,7 +97447,7 @@ index 826e099..4fa8c93 100644
done_path_create(&path, dentry);
return err;
}
-@@ -2324,9 +2343,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2334,9 +2353,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -97467,7 +97462,7 @@ index 826e099..4fa8c93 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2353,8 +2376,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2363,8 +2386,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -97946,10 +97941,10 @@ index 643764f..6cc0137 100644
-e 's@^#include <linux/compiler.h>@@' \
-e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
-index 0149949..d482a0d 100644
+index 32b10f5..0d8d2ee 100644
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
-@@ -158,7 +158,7 @@ else
+@@ -160,7 +160,7 @@ else
fi;
# final build of init/
@@ -100397,7 +100392,7 @@ index 7d8803a..559f8d0 100644
list_add(&s->list, &cs4297a_devs);
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
-index 55108b5..d973e11 100644
+index 31461ba..d700d1a 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -916,14 +916,10 @@ find_codec_preset(struct hda_codec *codec)
diff --git a/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch b/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch
deleted file mode 100644
index 6fa56ba13..000000000
--- a/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index 1e6dc7e..d65d119 100644
---- a/fs/proc/proc_sysctl.c
-+++ b/fs/proc/proc_sysctl.c
-@@ -521,8 +521,6 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
- dput(filp->f_path.dentry);
- if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
- goto out;
-- if (write && !capable(CAP_SYS_ADMIN))
-- goto out;
- #endif
-
- /* careful: calling conventions are nasty here */
-
diff --git a/main/linux-virt-grsec/sysctl_lxc.patch b/main/linux-virt-grsec/sysctl_lxc.patch
new file mode 100644
index 000000000..56279aa03
--- /dev/null
+++ b/main/linux-virt-grsec/sysctl_lxc.patch
@@ -0,0 +1,31 @@
+This patch allows guests to set /proc/sys/net/*/ip_forward without
+needing CAP_SYS_ADMIN.
+
+diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
+index 1e6dc7e..0a5638b 100644
+--- a/fs/proc/proc_sysctl.c
++++ b/fs/proc/proc_sysctl.c
+@@ -11,6 +11,7 @@
+ #include <linux/namei.h>
+ #include <linux/mm.h>
+ #include <linux/module.h>
++#include <linux/nsproxy.h>
+ #include "internal.h"
+
+ extern int gr_handle_chroot_sysctl(const int op);
+@@ -521,8 +522,13 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+ dput(filp->f_path.dentry);
+ if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
+ goto out;
+- if (write && !capable(CAP_SYS_ADMIN))
+- goto out;
++ if (write) {
++ if (current->nsproxy->net_ns != table->extra2) {
++ if (!capable(CAP_SYS_ADMIN))
++ goto out;
++ } else if (!nsown_capable(CAP_NET_ADMIN))
++ goto out;
++ }
+ #endif
+
+ /* careful: calling conventions are nasty here */