summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch40
-rw-r--r--main/linux-virt-grsec/APKBUILD28
-rw-r--r--main/linux-virt-grsec/fix-memory-map-for-PIE-applications.patch68
-rw-r--r--main/linux-virt-grsec/grsecurity-2.9.1-3.10.17-unofficial.patch (renamed from main/linux-virt-grsec/grsecurity-2.9.1-3.10.13-unofficial.patch)705
-rw-r--r--main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch14
5 files changed, 314 insertions, 541 deletions
diff --git a/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch b/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch
new file mode 100644
index 000000000..da442aae3
--- /dev/null
+++ b/main/linux-virt-grsec/0001-pax-x86_64-fix-copy_user_generic.patch
@@ -0,0 +1,40 @@
+From b8bf456d13988fb38cfe248676327f44a2d2ed2e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Wed, 23 Oct 2013 09:54:54 +0300
+Subject: [PATCH] pax: x86_64: fix copy_user_generic
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Pax patch removed r10 from clobbers list as all assembly code was
+updated to not use it. However, in the error path the assembly code
+ends up calling copy_user_handle_tail() C-function that can clobber
+r10. This broke things for certain gcc optimizations (at least for gcc
+4.8.x), as copy_user_generic() is inline function, and the inline
+assembly incorrectly guaranteed not to clobber r10.
+
+Add r10 back to clobbers list like vanilla kernel has it. It is
+needed always due to the possibly C-function call in error path.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.f>
+Acked-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ arch/x86/include/asm/uaccess_64.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
+index 1dbe82f..9d398f4 100644
+--- a/arch/x86/include/asm/uaccess_64.h
++++ b/arch/x86/include/asm/uaccess_64.h
+@@ -44,7 +44,7 @@ copy_user_generic(void *to, const void *from, unsigned len)
+ ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from),
+ "=d" (len)),
+ "1" (to), "2" (from), "3" (len)
+- : "memory", "rcx", "r8", "r9", "r11");
++ : "memory", "rcx", "r8", "r9", "r10", "r11");
+ return ret;
+ }
+
+--
+1.8.4.1
+
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
index fde7eac1c..e90804166 100644
--- a/main/linux-virt-grsec/APKBUILD
+++ b/main/linux-virt-grsec/APKBUILD
@@ -3,7 +3,7 @@
_flavor=grsec
pkgname=linux-virt-${_flavor}
-pkgver=3.10.13
+pkgver=3.10.17
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -18,13 +18,16 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.10.13-unofficial.patch
+ grsecurity-2.9.1-3.10.17-unofficial.patch
+ 0001-pax-x86_64-fix-copy_user_generic.patch
0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+ fix-memory-map-for-PIE-applications.patch
+ remove-cap-sys-admin-for-proc-sys.patch
kernelconfig.x86
kernelconfig.x86_64
"
@@ -148,35 +151,44 @@ dev() {
}
md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz
-573f2c972015880ba5d52e5b123b37d7 patch-3.10.13.xz
-da8e2ebd1ebc0d1e17e7312851d53727 grsecurity-2.9.1-3.10.13-unofficial.patch
+8431ee4e2467fdfde47e31701813a265 patch-3.10.17.xz
+6894537e9ccc2b296b27b42c39c64b31 grsecurity-2.9.1-3.10.17-unofficial.patch
+51607abf0a105aebbe65e3df6fb415bd 0001-pax-x86_64-fix-copy_user_generic.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
+ebb624500d0b89fbf2daadfc7151c693 remove-cap-sys-admin-for-proc-sys.patch
539c848d541c1656851fe865018273df kernelconfig.x86
82cd965fc82651f2e6b35e75c17d8031 kernelconfig.x86_64"
sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
-cf8ec5b47c904f66f715e7ccd5051e15fe9f931fec03847a86d552caf8848be8 patch-3.10.13.xz
-f011a28165e304933cb2254e095af73be7dced6c2d066a06480a9fe1529d9d8f grsecurity-2.9.1-3.10.13-unofficial.patch
+5552fc6f24a56d13d603ddc7759114a7b52e92ad2fb84a23a1b80b37b739a33b patch-3.10.17.xz
+8e82e71c0da392a601a952aa712b56a5116fcf626c19d69ae9d86dda2d200852 grsecurity-2.9.1-3.10.17-unofficial.patch
+0742780b41ded0837d25f0b2f646b954da9362ac5956886427ad630000c0e335 0001-pax-x86_64-fix-copy_user_generic.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
+01c33a3093d23a6ef5ea50cb91174d524be5bfcc4f3dd9694844cf47697d5287 remove-cap-sys-admin-for-proc-sys.patch
997d4c8a5a2b911047d26fe1bf8ee8d5cd3b7133e6abdc07b7deacd0b3eb2330 kernelconfig.x86
7845194551137fbc3b69a75249696bc843bb7fe7f4a4e6b0582c0ca0856caa64 kernelconfig.x86_64"
sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
-482b143ba25e4dc5e73f1ffb40194ba7863215ef5a83743a2a37d74d76f7e9267faa92fa92da441b10973be2156b80afdfa64a00ba24b0fd80dec7e223b0c6bc patch-3.10.13.xz
-9121b6c40e92e3df4418d050bb525f0c5e1df201b5ff225c7568844179eb87a221af4e7431abfa2eeec0e149094042c30b2a8aca60b3cba369b099b6d69e472f grsecurity-2.9.1-3.10.13-unofficial.patch
+38f9085d67d59cb37c32db69b84714a96f327fe74b69bb4a7304861ea6e474614216067ee08093f41739ce803b83a70400c83f06c695cb1114cf41c0b2dc7aa7 patch-3.10.17.xz
+6d27a986f32f42b12c4291ebb4b7365d8cd90b604ee9bc57344b9f9764efd7c5aae89c5ab4977878a24ae4b6e812c1db6030c3451bd15fdb2ea01a2a50e2ce41 grsecurity-2.9.1-3.10.17-unofficial.patch
+b32903a59cd582c2acf95869640bb34fefee544d242702e04af1db188f381da3889c9db9475e8ffc31628cda0b0641828f609c5ac9a387dd86ac4917be26792f 0001-pax-x86_64-fix-copy_user_generic.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
+90d236cb79054751d9081c0ffc002c89cb855e0785c5419449563724e4f9de1c67f763923bdc8c1a5b336ab7850ad33d21fa41ad33b9e2e680badefe40c26626 remove-cap-sys-admin-for-proc-sys.patch
08f5bb86f03415f60e9bb171ffa192fa70fa85dafeada10817a4b8ae7932fffd1b0f2df01750407e576bb71cd6c3f2c5fe76f2613922cd77f398bce134fd3ec2 kernelconfig.x86
7a373bec279fe00601bff7ed64c5a09bb4318bf07557fece194afb426d78bf13191b0510642192518f3ffa68b9a36aa6f971f77f55ea09ae4f42c4a84afc00a5 kernelconfig.x86_64"
diff --git a/main/linux-virt-grsec/fix-memory-map-for-PIE-applications.patch b/main/linux-virt-grsec/fix-memory-map-for-PIE-applications.patch
new file mode 100644
index 000000000..e38716f77
--- /dev/null
+++ b/main/linux-virt-grsec/fix-memory-map-for-PIE-applications.patch
@@ -0,0 +1,68 @@
+From 21f973f87f480e3d24f1cb6c22b71253d25a3ea1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Tue, 1 Oct 2013 13:46:04 +0300
+Subject: [PATCH 3.10-grsec] fs/binfmt_elf: fix memory map for PIE applications
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+arch/*/include/asm/elf.h comments say:
+ ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded
+ if exec'ed. Typical use of this is to invoke "./ld.so someprog"
+ to test out a new version of the loader. We need to make sure
+ that it is out of the way of the program that it will "exec",
+ and that there is sufficient room for the brk.
+
+In case we have main application linked as PIE, this can cause
+problems as the main program itself is being loaded to this
+alternate address. And this allows limited heap size. While
+this is inevitable when exec'ing the interpreter directly,
+we should do better for PIE applications.
+
+This fixes the loader to detect PIE application by checking if
+elf_interpreter is requested. This images are loaded to beginning
+of the address space instead of the specially crafted place for elf
+interpreter. This allows full heap address space for PIE applications
+and fixes random "out of memory" errors.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ fs/binfmt_elf.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
+index 6f036ed..06419af 100644
+--- a/fs/binfmt_elf.c
++++ b/fs/binfmt_elf.c
+@@ -1217,21 +1217,19 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ * default mmap base, as well as whatever program they
+ * might try to exec. This is because the brk will
+ * follow the loader, and is not movable. */
++ if (elf_interpreter)
++ load_bias = 0x00400000UL;
++ else
++ load_bias = ELF_ET_DYN_BASE;
+ #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
+ /* Memory randomization might have been switched off
+ * in runtime via sysctl or explicit setting of
+ * personality flags.
+- * If that is the case, retain the original non-zero
+- * load_bias value in order to establish proper
+- * non-randomized mappings.
+ */
+ if (current->flags & PF_RANDOMIZE)
+- load_bias = 0;
+- else
+- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+-#else
+- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
++ load_bias = (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT;
+ #endif
++ load_bias = ELF_PAGESTART(load_bias - vaddr);
+
+ #ifdef CONFIG_PAX_RANDMMAP
+ /* PaX: randomize base address at the default exe base if requested */
+--
+1.8.4
+
+
diff --git a/main/linux-virt-grsec/grsecurity-2.9.1-3.10.13-unofficial.patch b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.17-unofficial.patch
index 53756c632..3a7847821 100644
--- a/main/linux-virt-grsec/grsecurity-2.9.1-3.10.13-unofficial.patch
+++ b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.17-unofficial.patch
@@ -281,7 +281,7 @@ index 2fe6e76..889ee23 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 25d38b7..7582631 100644
+index 5c7d3d6..aa1c9c3 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -2890,7 +2890,7 @@ index 1f2740e..b36e225 100644
};
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 5bc2615..dcd439f 100644
+index ab1fe3b..dcd439f 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -223,6 +223,7 @@ void machine_power_off(void)
@@ -2943,15 +2943,7 @@ index 5bc2615..dcd439f 100644
return 0;
}
arch_initcall(gate_vma_init);
-@@ -466,48 +461,23 @@ int in_gate_area_no_mm(unsigned long addr)
- {
- return in_gate_area(NULL, addr);
- }
--#define is_gate_vma(vma) ((vma) = &gate_vma)
-+#define is_gate_vma(vma) ((vma) == &gate_vma)
- #else
- #define is_gate_vma(vma) 0
- #endif
+@@ -473,41 +468,16 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -7347,7 +7339,7 @@ index 5dfd248..64914ac 100644
return addr;
}
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
-index 04e47c6..7a8faf6 100644
+index b3f87a3..5d5d03d 100644
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
@@ -727,9 +727,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
@@ -8222,10 +8214,10 @@ index 887e99d..310bc11 100644
} else {
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c
-index e68a845..8b140e6 100644
+index a15fd1a..869d32c 100644
--- a/arch/powerpc/kernel/sysfs.c
+++ b/arch/powerpc/kernel/sysfs.c
-@@ -522,7 +522,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self,
+@@ -536,7 +536,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -9604,7 +9596,7 @@ index d432fb2..6056af1 100644
extra-y := head_$(BITS).o
diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c
-index 5ef48da..11d460f 100644
+index 252f876..2656fdd 100644
--- a/arch/sparc/kernel/ds.c
+++ b/arch/sparc/kernel/ds.c
@@ -783,6 +783,16 @@ void ldom_set_var(const char *var, const char *value)
@@ -9984,7 +9976,7 @@ index 2daaaa6..4fb84dc 100644
mm->unmap_area = arch_unmap_area_topdown;
}
diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
-index 22a1098..6255eb9 100644
+index 73ec8a7..4611979 100644
--- a/arch/sparc/kernel/syscalls.S
+++ b/arch/sparc/kernel/syscalls.S
@@ -52,7 +52,7 @@ sys32_rt_sigreturn:
@@ -9998,13 +9990,13 @@ index 22a1098..6255eb9 100644
call syscall_trace_leave
@@ -184,7 +184,7 @@ linux_sparc_syscall32:
- srl %i5, 0, %o5 ! IEU1
+ srl %i3, 0, %o3 ! IEU0
srl %i2, 0, %o2 ! IEU0 Group
- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0
+ andcc %l0, _TIF_WORK_SYSCALL, %g0
bne,pn %icc, linux_syscall_trace32 ! CTI
mov %i0, %l5 ! IEU1
- call %l7 ! CTI Group brk forced
+ 5: call %l7 ! CTI Group brk forced
@@ -207,7 +207,7 @@ linux_sparc_syscall:
mov %i3, %o3 ! IEU1
@@ -10500,10 +10492,10 @@ index 85c233d..68500e0 100644
cmp %g1, %g7
bne,pn %xcc, BACKOFF_LABEL(2f, 1b)
diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c
-index 0c4e35e..745d3e4 100644
+index 323335b..ed85ea2 100644
--- a/arch/sparc/lib/ksyms.c
+++ b/arch/sparc/lib/ksyms.c
-@@ -109,12 +109,18 @@ EXPORT_SYMBOL(__downgrade_write);
+@@ -100,12 +100,18 @@ EXPORT_SYMBOL(__clear_user);
/* Atomic counter implementation. */
EXPORT_SYMBOL(atomic_add);
@@ -15171,7 +15163,7 @@ index 59c6c40..5e0b22c 100644
struct compat_timespec {
compat_time_t tv_sec;
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index e99ac27..10d834e 100644
+index 4af181d..eb8011f 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -203,7 +203,7 @@
@@ -20774,10 +20766,10 @@ index addb207..99635fa 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
-index d32abea..74daf4f 100644
+index 174da5f..5e55606 100644
--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
-@@ -800,8 +800,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
+@@ -803,8 +803,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
static void early_panic(char *msg)
{
@@ -25220,7 +25212,7 @@ index 2cb9470..ff1fd80 100644
return ret;
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
-index 76fa1e9..abf09ea 100644
+index 90fd119..61aa5d2 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -36,7 +36,7 @@ void (*pm_power_off)(void);
@@ -25275,7 +25267,7 @@ index 76fa1e9..abf09ea 100644
"rm" (real_mode_header->machine_real_restart_asm),
"a" (type));
#else
-@@ -531,7 +558,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
+@@ -547,7 +574,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
* try to force a triple fault and then cycle between hitting the keyboard
* controller and doing that
*/
@@ -25284,7 +25276,7 @@ index 76fa1e9..abf09ea 100644
{
int i;
int attempt = 0;
-@@ -654,13 +681,13 @@ void native_machine_shutdown(void)
+@@ -670,13 +697,13 @@ void native_machine_shutdown(void)
#endif
}
@@ -25300,7 +25292,7 @@ index 76fa1e9..abf09ea 100644
{
pr_notice("machine restart\n");
-@@ -669,7 +696,7 @@ static void native_machine_restart(char *__unused)
+@@ -685,7 +712,7 @@ static void native_machine_restart(char *__unused)
__machine_emergency_restart(0);
}
@@ -25309,7 +25301,7 @@ index 76fa1e9..abf09ea 100644
{
/* Stop other cpus and apics */
machine_shutdown();
-@@ -679,7 +706,7 @@ static void native_machine_halt(void)
+@@ -695,7 +722,7 @@ static void native_machine_halt(void)
stop_this_cpu(NULL);
}
@@ -25318,7 +25310,7 @@ index 76fa1e9..abf09ea 100644
{
if (pm_power_off) {
if (!reboot_force)
-@@ -688,9 +715,10 @@ static void native_machine_power_off(void)
+@@ -704,9 +731,10 @@ static void native_machine_power_off(void)
}
/* A fallback in case there is no PM info available */
tboot_shutdown(TB_SHUTDOWN_HALT);
@@ -25364,7 +25356,7 @@ index f2bb9c9..bed145d7 100644
1:
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 56f7fcf..2cfe4f1 100644
+index 91964c6..bbab1da 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -110,6 +110,7 @@
@@ -25429,16 +25421,16 @@ index 56f7fcf..2cfe4f1 100644
/* Boot loader ID and version as integers, for the benefit of proc_dointvec */
int bootloader_type, bootloader_version;
-@@ -444,7 +483,7 @@ static void __init parse_setup_data(void)
+@@ -442,7 +481,7 @@ static void __init parse_setup_data(void)
- switch (data->type) {
+ switch (data_type) {
case SETUP_E820_EXT:
-- parse_e820_ext(data);
-+ parse_e820_ext((struct setup_data __force_kernel *)data);
+- parse_e820_ext(pa_data, data_len);
++ parse_e820_ext((struct setup_data __force_kernel *)pa_data, data_len);
break;
case SETUP_DTB:
add_dtb(pa_data);
-@@ -771,7 +810,7 @@ static void __init trim_bios_range(void)
+@@ -768,7 +807,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
*/
@@ -25447,7 +25439,7 @@ index 56f7fcf..2cfe4f1 100644
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
}
-@@ -779,7 +818,7 @@ static void __init trim_bios_range(void)
+@@ -776,7 +815,7 @@ static void __init trim_bios_range(void)
/* called before trim_bios_range() to spare extra sanitize */
static void __init e820_add_kernel_range(void)
{
@@ -25456,7 +25448,7 @@ index 56f7fcf..2cfe4f1 100644
u64 size = __pa_symbol(_end) - start;
/*
-@@ -841,8 +880,12 @@ static void __init trim_low_memory_range(void)
+@@ -838,8 +877,12 @@ static void __init trim_low_memory_range(void)
void __init setup_arch(char **cmdline_p)
{
@@ -25469,7 +25461,7 @@ index 56f7fcf..2cfe4f1 100644
early_reserve_initrd();
-@@ -934,14 +977,14 @@ void __init setup_arch(char **cmdline_p)
+@@ -931,14 +974,14 @@ void __init setup_arch(char **cmdline_p)
if (!boot_params.hdr.root_flags)
root_mountflags &= ~MS_RDONLY;
@@ -36418,19 +36410,10 @@ index e8d11b6..7b1b36f 100644
}
EXPORT_SYMBOL_GPL(unregister_syscore_ops);
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
-index 62b6c2c..4a11354 100644
+index 90a4e6b..002d10f 100644
--- a/drivers/block/cciss.c
+++ b/drivers/block/cciss.c
-@@ -1189,6 +1189,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
- int err;
- u32 cp;
-
-+ memset(&arg64, 0, sizeof(arg64));
-+
- err = 0;
- err |=
- copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
-@@ -3010,7 +3012,7 @@ static void start_io(ctlr_info_t *h)
+@@ -3011,7 +3011,7 @@ static void start_io(ctlr_info_t *h)
while (!list_empty(&h->reqQ)) {
c = list_entry(h->reqQ.next, CommandList_struct, list);
/* can't do anything if fifo is full */
@@ -36439,7 +36422,7 @@ index 62b6c2c..4a11354 100644
dev_warn(&h->pdev->dev, "fifo full\n");
break;
}
-@@ -3020,7 +3022,7 @@ static void start_io(ctlr_info_t *h)
+@@ -3021,7 +3021,7 @@ static void start_io(ctlr_info_t *h)
h->Qdepth--;
/* Tell the controller execute command */
@@ -36448,7 +36431,7 @@ index 62b6c2c..4a11354 100644
/* Put job onto the completed Q */
addQ(&h->cmpQ, c);
-@@ -3446,17 +3448,17 @@ startio:
+@@ -3447,17 +3447,17 @@ startio:
static inline unsigned long get_next_completion(ctlr_info_t *h)
{
@@ -36469,7 +36452,7 @@ index 62b6c2c..4a11354 100644
(h->interrupts_enabled == 0));
}
-@@ -3489,7 +3491,7 @@ static inline u32 next_command(ctlr_info_t *h)
+@@ -3490,7 +3490,7 @@ static inline u32 next_command(ctlr_info_t *h)
u32 a;
if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
@@ -36478,7 +36461,7 @@ index 62b6c2c..4a11354 100644
if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) {
a = *(h->reply_pool_head); /* Next cmd in ring buffer */
-@@ -4046,7 +4048,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h)
+@@ -4047,7 +4047,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h)
trans_support & CFGTBL_Trans_use_short_tags);
/* Change the access methods to the performant access methods */
@@ -36487,7 +36470,7 @@ index 62b6c2c..4a11354 100644
h->transMethod = CFGTBL_Trans_Performant;
return;
-@@ -4319,7 +4321,7 @@ static int cciss_pci_init(ctlr_info_t *h)
+@@ -4320,7 +4320,7 @@ static int cciss_pci_init(ctlr_info_t *h)
if (prod_index < 0)
return -ENODEV;
h->product_name = products[prod_index].product_name;
@@ -36496,7 +36479,7 @@ index 62b6c2c..4a11354 100644
if (cciss_board_disabled(h)) {
dev_warn(&h->pdev->dev, "controller appears to be disabled\n");
-@@ -5051,7 +5053,7 @@ reinit_after_soft_reset:
+@@ -5052,7 +5052,7 @@ reinit_after_soft_reset:
}
/* make sure the board interrupts are off */
@@ -36505,7 +36488,7 @@ index 62b6c2c..4a11354 100644
rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx);
if (rc)
goto clean2;
-@@ -5101,7 +5103,7 @@ reinit_after_soft_reset:
+@@ -5102,7 +5102,7 @@ reinit_after_soft_reset:
* fake ones to scoop up any residual completions.
*/
spin_lock_irqsave(&h->lock, flags);
@@ -36514,7 +36497,7 @@ index 62b6c2c..4a11354 100644
spin_unlock_irqrestore(&h->lock, flags);
free_irq(h->intr[h->intr_mode], h);
rc = cciss_request_irq(h, cciss_msix_discard_completions,
-@@ -5121,9 +5123,9 @@ reinit_after_soft_reset:
+@@ -5122,9 +5122,9 @@ reinit_after_soft_reset:
dev_info(&h->pdev->dev, "Board READY.\n");
dev_info(&h->pdev->dev,
"Waiting for stale completions to drain.\n");
@@ -36526,7 +36509,7 @@ index 62b6c2c..4a11354 100644
rc = controller_reset_failed(h->cfgtable);
if (rc)
-@@ -5146,7 +5148,7 @@ reinit_after_soft_reset:
+@@ -5147,7 +5147,7 @@ reinit_after_soft_reset:
cciss_scsi_setup(h);
/* Turn the interrupts on so we can service requests */
@@ -36535,7 +36518,7 @@ index 62b6c2c..4a11354 100644
/* Get the firmware version */
inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
-@@ -5218,7 +5220,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
+@@ -5219,7 +5219,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
kfree(flush_buf);
if (return_code != IO_OK)
dev_warn(&h->pdev->dev, "Error flushing cache\n");
@@ -36558,7 +36541,7 @@ index 7fda30e..eb5dfe0 100644
/* queue and queue Info */
struct list_head reqQ;
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
-index 639d26b..fd6ad1f 100644
+index 2b94403..fd6ad1f 100644
--- a/drivers/block/cpqarray.c
+++ b/drivers/block/cpqarray.c
@@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev)
@@ -36633,15 +36616,7 @@ index 639d26b..fd6ad1f 100644
a1 = a; a &= ~3;
if ((c = h->cmpQ) == NULL)
{
-@@ -1193,6 +1193,7 @@ out_passthru:
- ida_pci_info_struct pciinfo;
-
- if (!arg) return -EINVAL;
-+ memset(&pciinfo, 0, sizeof(pciinfo));
- pciinfo.bus = host->pci_dev->bus->number;
- pciinfo.dev_fn = host->pci_dev->devfn;
- pciinfo.board_id = host->board_id;
-@@ -1447,11 +1448,11 @@ static int sendcmd(
+@@ -1448,11 +1448,11 @@ static int sendcmd(
/*
* Disable interrupt
*/
@@ -36655,7 +36630,7 @@ index 639d26b..fd6ad1f 100644
if (temp != 0) {
break;
}
-@@ -1464,7 +1465,7 @@ DBG(
+@@ -1465,7 +1465,7 @@ DBG(
/*
* Send the cmd
*/
@@ -36664,7 +36639,7 @@ index 639d26b..fd6ad1f 100644
complete = pollcomplete(ctlr);
pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr,
-@@ -1547,9 +1548,9 @@ static int revalidate_allvol(ctlr_info_t *host)
+@@ -1548,9 +1548,9 @@ static int revalidate_allvol(ctlr_info_t *host)
* we check the new geometry. Then turn interrupts back on when
* we're done.
*/
@@ -36676,7 +36651,7 @@ index 639d26b..fd6ad1f 100644
for(i=0; i<NWD; i++) {
struct gendisk *disk = ida_gendisk[ctlr][i];
-@@ -1589,7 +1590,7 @@ static int pollcomplete(int ctlr)
+@@ -1590,7 +1590,7 @@ static int pollcomplete(int ctlr)
/* Wait (up to 2 seconds) for a command to complete */
for (i = 200000; i > 0; i--) {
@@ -37391,7 +37366,7 @@ index 5c5cc00..ac9edb7 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 35487e8..dac8bd1 100644
+index 81eefa1..219a156 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -272,8 +272,13 @@
@@ -38926,7 +38901,7 @@ index 3c59584..500f2e9 100644
return ret;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index e5e32869..1678f36 100644
+index c8d16a6..ca71b5e 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -670,7 +670,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
@@ -38956,7 +38931,7 @@ index e5e32869..1678f36 100644
/* disable master interrupt before clearing iir */
de_ier = I915_READ(DEIER);
-@@ -2089,7 +2089,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -2135,7 +2135,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
@@ -38965,7 +38940,7 @@ index e5e32869..1678f36 100644
I915_WRITE(HWSTAM, 0xeffe);
-@@ -2124,7 +2124,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
+@@ -2170,7 +2170,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -38974,7 +38949,7 @@ index e5e32869..1678f36 100644
/* VLV magic */
I915_WRITE(VLV_IMR, 0);
-@@ -2411,7 +2411,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -2457,7 +2457,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -38983,7 +38958,7 @@ index e5e32869..1678f36 100644
for_each_pipe(pipe)
I915_WRITE(PIPESTAT(pipe), 0);
-@@ -2490,7 +2490,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
+@@ -2536,7 +2536,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -38992,7 +38967,7 @@ index e5e32869..1678f36 100644
iir = I915_READ16(IIR);
if (iir == 0)
-@@ -2565,7 +2565,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -2611,7 +2611,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -39001,7 +38976,7 @@ index e5e32869..1678f36 100644
if (I915_HAS_HOTPLUG(dev)) {
I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -2664,7 +2664,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
+@@ -2710,7 +2710,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
int pipe, ret = IRQ_NONE;
@@ -39010,7 +38985,7 @@ index e5e32869..1678f36 100644
iir = I915_READ(IIR);
do {
-@@ -2791,7 +2791,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -2837,7 +2837,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -39019,7 +38994,7 @@ index e5e32869..1678f36 100644
I915_WRITE(PORT_HOTPLUG_EN, 0);
I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -2898,7 +2898,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
+@@ -2944,7 +2944,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -39029,7 +39004,7 @@ index e5e32869..1678f36 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index eea5982..eeef407 100644
+index ab95259..8898d43 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -8935,13 +8935,13 @@ struct intel_quirk {
@@ -39440,7 +39415,7 @@ index 5a82b6b..9e69c73 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index b0dc0b6..a9bfe9c 100644
+index 8df1525..62e95ef 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -1014,7 +1014,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
@@ -39929,67 +39904,10 @@ index 8c04943..4370ed9 100644
err = drm_debugfs_create_files(dc->debugfs_files,
ARRAY_SIZE(debugfs_files),
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index ed626e0..5340852 100644
+index e04bf0ef..500861b 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -759,6 +759,56 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
- }
- EXPORT_SYMBOL_GPL(hid_parse_report);
-
-+static const char * const hid_report_names[] = {
-+ "HID_INPUT_REPORT",
-+ "HID_OUTPUT_REPORT",
-+ "HID_FEATURE_REPORT",
-+};
-+/**
-+ * hid_validate_report - validate existing device report
-+ *
-+ * @device: hid device
-+ * @type: which report type to examine
-+ * @id: which report ID to examine (0 for first)
-+ * @fields: expected number of fields
-+ * @report_counts: expected number of values per field
-+ *
-+ * Validate the report details after parsing.
-+ */
-+struct hid_report *hid_validate_report(struct hid_device *hid,
-+ unsigned int type, unsigned int id,
-+ unsigned int fields,
-+ unsigned int report_counts)
-+{
-+ struct hid_report *report;
-+ unsigned int i;
-+
-+ if (type > HID_FEATURE_REPORT) {
-+ hid_err(hid, "invalid HID report %u\n", type);
-+ return NULL;
-+ }
-+
-+ report = hid->report_enum[type].report_id_hash[id];
-+ if (!report) {
-+ hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
-+ return NULL;
-+ }
-+ if (report->maxfield < fields) {
-+ hid_err(hid, "not enough fields in %s %u\n",
-+ hid_report_names[type], id);
-+ return NULL;
-+ }
-+ for (i = 0; i < fields; i++) {
-+ if (report->field[i]->report_count < report_counts) {
-+ hid_err(hid, "not enough values in %s %u fields\n",
-+ hid_report_names[type], id);
-+ return NULL;
-+ }
-+ }
-+ return report;
-+}
-+EXPORT_SYMBOL_GPL(hid_validate_report);
-+
- /**
- * hid_open_report - open a driver-specific device report
- *
-@@ -2284,7 +2334,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2358,7 +2358,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
@@ -39998,7 +39916,7 @@ index ed626e0..5340852 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2318,7 +2368,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2392,7 +2392,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -40007,228 +39925,13 @@ index ed626e0..5340852 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
-diff --git a/drivers/hid/hid-lenovo-tpkbd.c b/drivers/hid/hid-lenovo-tpkbd.c
-index 07837f5..b697ada 100644
---- a/drivers/hid/hid-lenovo-tpkbd.c
-+++ b/drivers/hid/hid-lenovo-tpkbd.c
-@@ -341,6 +341,11 @@ static int tpkbd_probe_tp(struct hid_device *hdev)
- char *name_mute, *name_micmute;
- int ret;
-
-+ /* Validate required reports. */
-+ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, 4, 4, 1) ||
-+ !hid_validate_report(hdev, HID_OUTPUT_REPORT, 3, 1, 2))
-+ return -ENODEV;
-+
- if (sysfs_create_group(&hdev->dev.kobj,
- &tpkbd_attr_group_pointer)) {
- hid_warn(hdev, "Could not create sysfs group\n");
-diff --git a/drivers/hid/hid-lg2ff.c b/drivers/hid/hid-lg2ff.c
-index b3cd150..9805197 100644
---- a/drivers/hid/hid-lg2ff.c
-+++ b/drivers/hid/hid-lg2ff.c
-@@ -64,26 +64,13 @@ int lg2ff_init(struct hid_device *hid)
- struct hid_report *report;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
-- struct list_head *report_list =
-- &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
- int error;
-
-- if (list_empty(report_list)) {
-- hid_err(hid, "no output report found\n");
-+ /* Check that the report looks ok */
-+ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7);
-+ if (!report)
- return -ENODEV;
-- }
--
-- report = list_entry(report_list->next, struct hid_report, list);
--
-- if (report->maxfield < 1) {
-- hid_err(hid, "output report is empty\n");
-- return -ENODEV;
-- }
-- if (report->field[0]->report_count < 7) {
-- hid_err(hid, "not enough values in the field\n");
-- return -ENODEV;
-- }
-
- lg2ff = kmalloc(sizeof(struct lg2ff_device), GFP_KERNEL);
- if (!lg2ff)
-diff --git a/drivers/hid/hid-lg3ff.c b/drivers/hid/hid-lg3ff.c
-index e52f181..53ac79b 100644
---- a/drivers/hid/hid-lg3ff.c
-+++ b/drivers/hid/hid-lg3ff.c
-@@ -66,10 +66,11 @@ static int hid_lg3ff_play(struct input_dev *dev, void *data,
- int x, y;
-
- /*
-- * Maxusage should always be 63 (maximum fields)
-- * likely a better way to ensure this data is clean
-+ * Available values in the field should always be 63, but we only use up to
-+ * 35. Instead, clear the entire area, however big it is.
- */
-- memset(report->field[0]->value, 0, sizeof(__s32)*report->field[0]->maxusage);
-+ memset(report->field[0]->value, 0,
-+ sizeof(__s32) * report->field[0]->report_count);
-
- switch (effect->type) {
- case FF_CONSTANT:
-@@ -129,32 +130,14 @@ static const signed short ff3_joystick_ac[] = {
- int lg3ff_init(struct hid_device *hid)
- {
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
-- struct hid_report *report;
-- struct hid_field *field;
- const signed short *ff_bits = ff3_joystick_ac;
- int error;
- int i;
-
-- /* Find the report to use */
-- if (list_empty(report_list)) {
-- hid_err(hid, "No output report found\n");
-- return -1;
-- }
--
- /* Check that the report looks ok */
-- report = list_entry(report_list->next, struct hid_report, list);
-- if (!report) {
-- hid_err(hid, "NULL output report\n");
-- return -1;
-- }
--
-- field = report->field[0];
-- if (!field) {
-- hid_err(hid, "NULL field\n");
-- return -1;
-- }
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 35))
-+ return -ENODEV;
-
- /* Assume single fixed device G940 */
- for (i = 0; ff_bits[i] >= 0; i++)
-diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c
-index 0ddae2a..8b89f0f 100644
---- a/drivers/hid/hid-lg4ff.c
-+++ b/drivers/hid/hid-lg4ff.c
-@@ -484,34 +484,16 @@ static enum led_brightness lg4ff_led_get_brightness(struct led_classdev *led_cde
- int lg4ff_init(struct hid_device *hid)
- {
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
-- struct hid_report *report;
-- struct hid_field *field;
- struct lg4ff_device_entry *entry;
- struct lg_drv_data *drv_data;
- struct usb_device_descriptor *udesc;
- int error, i, j;
- __u16 bcdDevice, rev_maj, rev_min;
-
-- /* Find the report to use */
-- if (list_empty(report_list)) {
-- hid_err(hid, "No output report found\n");
-- return -1;
-- }
--
- /* Check that the report looks ok */
-- report = list_entry(report_list->next, struct hid_report, list);
-- if (!report) {
-- hid_err(hid, "NULL output report\n");
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7))
- return -1;
-- }
--
-- field = report->field[0];
-- if (!field) {
-- hid_err(hid, "NULL field\n");
-- return -1;
-- }
-
- /* Check what wheel has been connected */
- for (i = 0; i < ARRAY_SIZE(lg4ff_devices); i++) {
-diff --git a/drivers/hid/hid-lgff.c b/drivers/hid/hid-lgff.c
-index d7ea8c8..a84fb40 100644
---- a/drivers/hid/hid-lgff.c
-+++ b/drivers/hid/hid-lgff.c
-@@ -128,27 +128,14 @@ static void hid_lgff_set_autocenter(struct input_dev *dev, u16 magnitude)
- int lgff_init(struct hid_device* hid)
- {
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
-- struct hid_report *report;
-- struct hid_field *field;
- const signed short *ff_bits = ff_joystick;
- int error;
- int i;
-
-- /* Find the report to use */
-- if (list_empty(report_list)) {
-- hid_err(hid, "No output report found\n");
-- return -1;
-- }
--
- /* Check that the report looks ok */
-- report = list_entry(report_list->next, struct hid_report, list);
-- field = report->field[0];
-- if (!field) {
-- hid_err(hid, "NULL field\n");
-- return -1;
-- }
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7))
-+ return -ENODEV;
-
- for (i = 0; i < ARRAY_SIZE(devices); i++) {
- if (dev->id.vendor == devices[i].idVendor &&
-diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
-index 5207591a..6c9197f 100644
---- a/drivers/hid/hid-logitech-dj.c
-+++ b/drivers/hid/hid-logitech-dj.c
-@@ -421,7 +421,7 @@ static int logi_dj_recv_send_report(struct dj_receiver_dev *djrcv_dev,
- struct hid_report *report;
- struct hid_report_enum *output_report_enum;
- u8 *data = (u8 *)(&dj_report->device_index);
-- int i;
-+ unsigned int i, length;
-
- output_report_enum = &hdev->report_enum[HID_OUTPUT_REPORT];
- report = output_report_enum->report_id_hash[REPORT_ID_DJ_SHORT];
-@@ -431,7 +431,9 @@ static int logi_dj_recv_send_report(struct dj_receiver_dev *djrcv_dev,
- return -ENODEV;
- }
-
-- for (i = 0; i < report->field[0]->report_count; i++)
-+ length = min_t(size_t, sizeof(*dj_report) - 1,
-+ report->field[0]->report_count);
-+ for (i = 0; i < length; i++)
- report->field[0]->value[i] = data[i];
-
- hid_hw_request(hdev, report, HID_REQ_SET_REPORT);
-@@ -738,6 +740,12 @@ static int logi_dj_probe(struct hid_device *hdev,
- goto hid_parse_fail;
- }
-
-+ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, REPORT_ID_DJ_SHORT,
-+ 1, 3)) {
-+ retval = -ENODEV;
-+ goto hid_parse_fail;
-+ }
-+
- /* Starts the usb device and connects to upper interfaces hiddev and
- * hidraw */
- retval = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
-index d39a5ce..4892dfc 100644
+index b6701ce..720a166 100644
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
-@@ -330,9 +330,18 @@ static void mt_feature_mapping(struct hid_device *hdev,
- break;
- }
+@@ -325,12 +325,21 @@ static void mt_feature_mapping(struct hid_device *hdev,
+ dev_err(&hdev->dev, "HID_DG_INPUTMODE out of range\n");
+ break;
}
+ /* Ignore if value index is out of bounds. */
+ if (td->inputmode_index < 0 ||
@@ -40237,6 +39940,9 @@ index d39a5ce..4892dfc 100644
+ td->inputmode = -1;
+ }
+ td->inputmode = field->report->id;
+ td->inputmode_index = usage->usage_index;
+
break;
case HID_DG_CONTACTMAX:
+ /* Ignore if value count is out of bounds. */
@@ -40245,7 +39951,7 @@ index d39a5ce..4892dfc 100644
td->maxcontact_report_id = field->report->id;
td->maxcontacts = field->value[0];
if (!td->maxcontacts &&
-@@ -743,15 +752,21 @@ static void mt_touch_report(struct hid_device *hid, struct hid_report *report)
+@@ -745,15 +754,21 @@ static void mt_touch_report(struct hid_device *hid, struct hid_report *report)
unsigned count;
int r, n;
@@ -40272,22 +39978,6 @@ index d39a5ce..4892dfc 100644
}
for (r = 0; r < report->maxfield; r++) {
-diff --git a/drivers/hid/hid-steelseries.c b/drivers/hid/hid-steelseries.c
-index d164911..ef42e86 100644
---- a/drivers/hid/hid-steelseries.c
-+++ b/drivers/hid/hid-steelseries.c
-@@ -249,6 +249,11 @@ static int steelseries_srws1_probe(struct hid_device *hdev,
- goto err_free;
- }
-
-+ if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, 0, 1, 16)) {
-+ ret = -ENODEV;
-+ goto err_free;
-+ }
-+
- ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
- if (ret) {
- hid_err(hdev, "hw start failed\n");
diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
index 90124ff..3761764 100644
--- a/drivers/hid/hid-wiimote-debug.c
@@ -40301,37 +39991,8 @@ index 90124ff..3761764 100644
return -EFAULT;
*off += size;
-diff --git a/drivers/hid/hid-zpff.c b/drivers/hid/hid-zpff.c
-index 6ec28a3..b124991 100644
---- a/drivers/hid/hid-zpff.c
-+++ b/drivers/hid/hid-zpff.c
-@@ -68,22 +68,12 @@ static int zpff_init(struct hid_device *hid)
- struct hid_report *report;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
-- struct list_head *report_list =
-- &hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
- int error;
-
-- if (list_empty(report_list)) {
-- hid_err(hid, "no output report found\n");
-+ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 4, 1);
-+ if (!report)
- return -ENODEV;
-- }
--
-- report = list_entry(report_list->next, struct hid_report, list);
--
-- if (report->maxfield < 4) {
-- hid_err(hid, "not enough fields in report\n");
-- return -ENODEV;
-- }
-
- zpff = kzalloc(sizeof(struct zpff_device), GFP_KERNEL);
- if (!zpff)
diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c
-index fc307e0..2b255e8 100644
+index 145a4cb..2353a3e 100644
--- a/drivers/hid/uhid.c
+++ b/drivers/hid/uhid.c
@@ -47,7 +47,7 @@ struct uhid_device {
@@ -40527,10 +40188,10 @@ index 6351aba..dc4aaf4 100644
int res = 0;
diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
-index 62c2e32..8f2859a 100644
+index 3288f13..71cfb4e 100644
--- a/drivers/hwmon/applesmc.c
+++ b/drivers/hwmon/applesmc.c
-@@ -1084,7 +1084,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
+@@ -1106,7 +1106,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
{
struct applesmc_node_group *grp;
struct applesmc_dev_attr *node;
@@ -42380,7 +42041,7 @@ index 60bce43..9b997d0 100644
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 33f2010..23fb84c 100644
+index 1c13071..4bb0452 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -169,9 +169,9 @@ struct mapped_device {
@@ -42415,7 +42076,7 @@ index 33f2010..23fb84c 100644
wake_up(&md->eventq);
}
-@@ -2690,18 +2690,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -2701,18 +2701,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
uint32_t dm_next_uevent_seq(struct mapped_device *md)
{
@@ -43958,10 +43619,10 @@ index f9d5615..99dd95f 100644
struct sm_sysfs_attribute *vendor_attribute;
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
-index 666cf3a..60693be 100644
+index 8395b09..ff4d276 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
-@@ -4876,7 +4876,7 @@ static unsigned int bond_get_num_tx_queues(void)
+@@ -4883,7 +4883,7 @@ static unsigned int bond_get_num_tx_queues(void)
return tx_queues;
}
@@ -43970,7 +43631,7 @@ index 666cf3a..60693be 100644
.kind = "bond",
.priv_size = sizeof(struct bonding),
.setup = bond_setup,
-@@ -5001,8 +5001,8 @@ static void __exit bonding_exit(void)
+@@ -5008,8 +5008,8 @@ static void __exit bonding_exit(void)
bond_destroy_debugfs();
@@ -44299,7 +43960,7 @@ index d3f8797..82a03d3 100644
vlan_req = (struct qlcnic_vlan_req *)&req->words[1];
vlan_req->vlan_id = cpu_to_le16(vlan_id);
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 393f961..d343034 100644
+index 7199d2a..0cae710 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -753,22 +753,22 @@ struct rtl8169_private {
@@ -44515,10 +44176,10 @@ index b305105..8ead6df 100644
};
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index 7b54f4f..1a453eb 100644
+index b18ead5..109dcbd 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
-@@ -1871,7 +1871,7 @@ unlock:
+@@ -1876,7 +1876,7 @@ unlock:
}
static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
@@ -44527,7 +44188,7 @@ index 7b54f4f..1a453eb 100644
{
struct tun_file *tfile = file->private_data;
struct tun_struct *tun;
-@@ -1883,6 +1883,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
+@@ -1888,6 +1888,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
int vnet_hdr_sz;
int ret;
@@ -53109,7 +52770,7 @@ index bce8769..7fc7544 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex)) {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index f8a0b0e..6f036ed 100644
+index 3aac8e9..1fd8b35 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -34,6 +34,7 @@
@@ -53751,12 +53412,12 @@ index f8a0b0e..6f036ed 100644
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
+ unsigned long start, size, flags;
+ vm_flags_t vm_flags;
-+
+
+ start = ELF_PAGEALIGN(elf_brk);
+ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
+ flags = MAP_FIXED | MAP_PRIVATE;
+ vm_flags = VM_DONTEXPAND | VM_DONTDUMP;
-
++
+ down_write(&current->mm->mmap_sem);
+ start = get_unmapped_area(NULL, start, PAGE_ALIGN(size), 0, flags);
+ retval = -ENOMEM;
@@ -53822,7 +53483,7 @@ index f8a0b0e..6f036ed 100644
set_fs(old_fs);
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
}
-@@ -2019,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -2025,14 +2480,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -53839,7 +53500,7 @@ index f8a0b0e..6f036ed 100644
return size;
}
-@@ -2119,7 +2574,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2125,7 +2580,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -53848,7 +53509,7 @@ index f8a0b0e..6f036ed 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -2133,10 +2588,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2139,10 +2594,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -53861,7 +53522,7 @@ index f8a0b0e..6f036ed 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -2150,7 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2156,7 +2613,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -53870,7 +53531,7 @@ index f8a0b0e..6f036ed 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2161,6 +2618,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2167,6 +2624,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -53878,7 +53539,7 @@ index f8a0b0e..6f036ed 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2185,7 +2643,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2191,7 +2649,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -53887,7 +53548,7 @@ index f8a0b0e..6f036ed 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2194,6 +2652,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2200,6 +2658,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -53895,7 +53556,7 @@ index f8a0b0e..6f036ed 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2211,6 +2670,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2217,6 +2676,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -53903,7 +53564,7 @@ index f8a0b0e..6f036ed 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2231,6 +2691,167 @@ out:
+@@ -2237,6 +2697,167 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -54108,7 +53769,7 @@ index d50bbe5..af3b649 100644
goto err;
}
diff --git a/fs/bio.c b/fs/bio.c
-index c5eae72..599e3cf 100644
+index 5e7507d..418c639 100644
--- a/fs/bio.c
+++ b/fs/bio.c
@@ -1106,7 +1106,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
@@ -55291,10 +54952,10 @@ index dafafba..10b3b27 100644
EXPORT_SYMBOL(dump_write);
diff --git a/fs/dcache.c b/fs/dcache.c
-index f09b908..04b9690 100644
+index da89cdf..5347dba 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -3086,7 +3086,8 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3097,7 +3097,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -58050,7 +57711,7 @@ index 62b484e..0f9a140 100644
kfree(s);
}
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
-index a3f868a..bb308ae 100644
+index 4e5f332..3cb6350 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -152,6 +152,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
@@ -73553,7 +73214,7 @@ index ec1aee4..1077986 100644
asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, size_t);
/*
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index 842de22..7f3a41f 100644
+index ded4299..da50e3b 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
@@ -39,9 +39,29 @@
@@ -75576,21 +75237,6 @@ index 0000000..e7ffaaf
+ const int protocol);
+
+#endif
-diff --git a/include/linux/hid.h b/include/linux/hid.h
-index ff545cc..76e41d8 100644
---- a/include/linux/hid.h
-+++ b/include/linux/hid.h
-@@ -749,6 +749,10 @@ void hid_output_report(struct hid_report *report, __u8 *data);
- struct hid_device *hid_allocate_device(void);
- struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id);
- int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size);
-+struct hid_report *hid_validate_report(struct hid_device *hid,
-+ unsigned int type, unsigned int id,
-+ unsigned int fields,
-+ unsigned int report_counts);
- int hid_open_report(struct hid_device *device);
- int hid_check_keys_pressed(struct hid_device *hid);
- int hid_connect(struct hid_device *hid, unsigned int connect_mask);
diff --git a/include/linux/highmem.h b/include/linux/highmem.h
index 7fb31da..08b5114 100644
--- a/include/linux/highmem.h
@@ -77142,10 +76788,10 @@ index 34a1e10..03a6d03 100644
struct proc_ns {
void *ns;
diff --git a/include/linux/random.h b/include/linux/random.h
-index 3b9377d..61b506a 100644
+index 6312dd9..f67904d 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
-@@ -32,6 +32,11 @@ void prandom_seed(u32 seed);
+@@ -33,6 +33,11 @@ void prandom_seed(u32 seed);
u32 prandom_u32_state(struct rnd_state *);
void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes);
@@ -78841,7 +78487,7 @@ index 53f464d..0bd0b49 100644
#endif /* _NET_INETPEER_H */
diff --git a/include/net/ip.h b/include/net/ip.h
-index a68f838..74518ab 100644
+index edfa591..a643b82 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -202,7 +202,7 @@ extern struct local_ports {
@@ -80178,10 +79824,10 @@ index a67ef9d..2d17ed9 100644
#ifdef CONFIG_BLK_DEV_RAM
int fd;
diff --git a/init/main.c b/init/main.c
-index 9484f4b..0eac7c3 100644
+index e83ac04..ddd6ed5 100644
--- a/init/main.c
+++ b/init/main.c
-@@ -100,6 +100,8 @@ static inline void mark_rodata_ro(void) { }
+@@ -101,6 +101,8 @@ static inline void mark_rodata_ro(void) { }
extern void tc_init(void);
#endif
@@ -80190,7 +79836,7 @@ index 9484f4b..0eac7c3 100644
/*
* Debug helper: via this flag we know that we are in 'early bootup code'
* where only the boot processor is running with IRQ disabled. This means
-@@ -153,6 +155,74 @@ static int __init set_reset_devices(char *str)
+@@ -154,6 +156,74 @@ static int __init set_reset_devices(char *str)
__setup("reset_devices", set_reset_devices);
@@ -80265,7 +79911,7 @@ index 9484f4b..0eac7c3 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -655,8 +725,6 @@ static void __init do_ctors(void)
+@@ -656,8 +726,6 @@ static void __init do_ctors(void)
bool initcall_debug;
core_param(initcall_debug, initcall_debug, bool, 0644);
@@ -80274,7 +79920,7 @@ index 9484f4b..0eac7c3 100644
static int __init_or_module do_one_initcall_debug(initcall_t fn)
{
ktime_t calltime, delta, rettime;
-@@ -679,23 +747,22 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -680,23 +748,22 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -80302,7 +79948,7 @@ index 9484f4b..0eac7c3 100644
return ret;
}
-@@ -748,8 +815,14 @@ static void __init do_initcall_level(int level)
+@@ -749,8 +816,14 @@ static void __init do_initcall_level(int level)
level, level,
&repair_env_string);
@@ -80318,7 +79964,7 @@ index 9484f4b..0eac7c3 100644
}
static void __init do_initcalls(void)
-@@ -783,8 +856,14 @@ static void __init do_pre_smp_initcalls(void)
+@@ -785,8 +858,14 @@ static void __init do_pre_smp_initcalls(void)
{
initcall_t *fn;
@@ -80334,7 +79980,7 @@ index 9484f4b..0eac7c3 100644
}
/*
-@@ -802,8 +881,8 @@ static int run_init_process(const char *init_filename)
+@@ -804,8 +883,8 @@ static int run_init_process(const char *init_filename)
{
argv_init[0] = init_filename;
return do_execve(init_filename,
@@ -80345,7 +79991,7 @@ index 9484f4b..0eac7c3 100644
}
static noinline void __init kernel_init_freeable(void);
-@@ -880,7 +959,7 @@ static noinline void __init kernel_init_freeable(void)
+@@ -882,7 +961,7 @@ static noinline void __init kernel_init_freeable(void)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
@@ -80354,7 +80000,7 @@ index 9484f4b..0eac7c3 100644
pr_err("Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -893,11 +972,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -895,11 +974,13 @@ static noinline void __init kernel_init_freeable(void)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -80444,10 +80090,10 @@ index e4e47f6..a85e0ad 100644
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
diff --git a/ipc/msg.c b/ipc/msg.c
-index f8fbe2c..074649e 100644
+index 558aa91..359e718 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
-@@ -296,18 +296,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
+@@ -297,18 +297,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
return security_msg_queue_associate(msq, msgflg);
}
@@ -80473,10 +80119,10 @@ index f8fbe2c..074649e 100644
msg_params.flg = msgflg;
diff --git a/ipc/sem.c b/ipc/sem.c
-index 70480a3..f4e8262 100644
+index 8c4f59b..3a3f4ff 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
-@@ -460,10 +460,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp,
+@@ -562,10 +562,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
@@ -80493,7 +80139,7 @@ index 70480a3..f4e8262 100644
struct ipc_params sem_params;
ns = current->nsproxy->ipc_ns;
-@@ -471,10 +476,6 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg)
+@@ -573,10 +578,6 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg)
if (nsems < 0 || nsems > ns->sc_semmsl)
return -EINVAL;
@@ -80505,10 +80151,10 @@ index 70480a3..f4e8262 100644
sem_params.flg = semflg;
sem_params.u.nsems = nsems;
diff --git a/ipc/shm.c b/ipc/shm.c
-index 7e199fa..180a1ca 100644
+index 7b87bea..fd0b9bd 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
-@@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
+@@ -72,6 +72,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
#endif
@@ -80523,7 +80169,7 @@ index 7e199fa..180a1ca 100644
void shm_init_ns(struct ipc_namespace *ns)
{
ns->shm_ctlmax = SHMMAX;
-@@ -531,6 +539,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+@@ -551,6 +559,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
shp->shm_ctim = get_seconds();
@@ -80538,7 +80184,7 @@ index 7e199fa..180a1ca 100644
shp->shm_segsz = size;
shp->shm_nattch = 0;
shp->shm_file = file;
-@@ -582,18 +598,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
+@@ -604,18 +620,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
@@ -80563,7 +80209,7 @@ index 7e199fa..180a1ca 100644
shm_params.key = key;
shm_params.flg = shmflg;
shm_params.u.size = size;
-@@ -1014,6 +1031,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1076,6 +1093,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
f_mode = FMODE_READ | FMODE_WRITE;
}
if (shmflg & SHM_EXEC) {
@@ -80576,7 +80222,7 @@ index 7e199fa..180a1ca 100644
prot |= PROT_EXEC;
acc_mode |= S_IXUGO;
}
-@@ -1037,9 +1060,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1100,10 +1123,22 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
if (err)
goto out_unlock;
@@ -80589,6 +80235,7 @@ index 7e199fa..180a1ca 100644
+ }
+#endif
+
+ ipc_lock_object(&shp->shm_perm);
path = shp->shm_file->f_path;
path_get(&path);
shp->shm_nattch++;
@@ -80596,8 +80243,8 @@ index 7e199fa..180a1ca 100644
+ shp->shm_lapid = current->pid;
+#endif
size = i_size_read(path.dentry->d_inode);
- shm_unlock(shp);
-
+ ipc_unlock_object(&shp->shm_perm);
+ rcu_read_unlock();
diff --git a/kernel/acct.c b/kernel/acct.c
index 8d6e145..33e0b1e 100644
--- a/kernel/acct.c
@@ -80612,7 +80259,7 @@ index 8d6e145..33e0b1e 100644
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index 91e53d0..d9e3ec4 100644
+index 7b0e23a..861041e 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -118,7 +118,7 @@ u32 audit_sig_sid = 0;
@@ -84778,7 +84425,7 @@ index e8b3350..d83d44e 100644
.priority = CPU_PRI_MIGRATION,
};
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 03b73be..9422b9f 100644
+index 009a62b..ae011f8 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -831,7 +831,7 @@ void task_numa_fault(int node, int pages, bool migrated)
@@ -84986,7 +84633,7 @@ index 02fc5c9..e54c335 100644
mutex_unlock(&smpboot_threads_lock);
put_online_cpus();
diff --git a/kernel/softirq.c b/kernel/softirq.c
-index 3d6833f..da6d93d 100644
+index 787b3a0..07213e9 100644
--- a/kernel/softirq.c
+++ b/kernel/softirq.c
@@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned;
@@ -85012,7 +84659,7 @@ index 3d6833f..da6d93d 100644
trace_softirq_exit(vec_nr);
if (unlikely(prev_count != preempt_count())) {
printk(KERN_ERR "huh, entered softirq %u %s %p"
-@@ -405,7 +405,7 @@ void __raise_softirq_irqoff(unsigned int nr)
+@@ -414,7 +414,7 @@ void __raise_softirq_irqoff(unsigned int nr)
or_softirq_pending(1UL << nr);
}
@@ -85021,7 +84668,7 @@ index 3d6833f..da6d93d 100644
{
softirq_vec[nr].action = action;
}
-@@ -461,7 +461,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
+@@ -470,7 +470,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
EXPORT_SYMBOL(__tasklet_hi_schedule_first);
@@ -85030,7 +84677,7 @@ index 3d6833f..da6d93d 100644
{
struct tasklet_struct *list;
-@@ -496,7 +496,7 @@ static void tasklet_action(struct softirq_action *a)
+@@ -505,7 +505,7 @@ static void tasklet_action(struct softirq_action *a)
}
}
@@ -85039,7 +84686,7 @@ index 3d6833f..da6d93d 100644
{
struct tasklet_struct *list;
-@@ -730,7 +730,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self,
+@@ -739,7 +739,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -85048,7 +84695,7 @@ index 3d6833f..da6d93d 100644
.notifier_call = remote_softirq_cpu_notify,
};
-@@ -847,11 +847,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb,
+@@ -856,11 +856,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -85561,7 +85208,7 @@ index f11d83b..d016d91 100644
.clock_get = alarm_clock_get,
.timer_create = alarm_timer_create,
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index baeeb5c..c22704a 100644
+index fcc261c..119dc3b 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -15,6 +15,7 @@
@@ -88342,7 +87989,7 @@ index 4baf12e..5497066 100644
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index 6f0c244..6d1ae32 100644
+index 25ca7ca..abe1836 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1399,8 +1399,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
@@ -90430,7 +90077,7 @@ index 6280da8..b5c090e 100644
/*
diff --git a/mm/shmem.c b/mm/shmem.c
-index 5e6a842..b41916e 100644
+index 509b393..49ecfea 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -33,7 +33,7 @@
@@ -91535,18 +91182,10 @@ index 1c91f0d3..485470a 100644
}
}
diff --git a/mm/swap.c b/mm/swap.c
-index dfd7d71..ccdf688 100644
+index 9f2225f..393d519 100644
--- a/mm/swap.c
+++ b/mm/swap.c
-@@ -31,6 +31,7 @@
- #include <linux/memcontrol.h>
- #include <linux/gfp.h>
- #include <linux/uio.h>
-+#include <linux/hugetlb.h>
-
- #include "internal.h"
-
-@@ -73,6 +74,8 @@ static void __put_compound_page(struct page *page)
+@@ -74,6 +74,8 @@ static void __put_compound_page(struct page *page)
__page_cache_release(page);
dtor = get_compound_page_dtor(page);
@@ -92339,10 +91978,10 @@ index 0bb3b59..0e3052e 100644
/* inform the destination node that we are still missing a correct route
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
-index ace5e55..a65a1c0 100644
+index 7c88f5f..b65befb 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
-@@ -2211,16 +2211,16 @@ int hci_register_dev(struct hci_dev *hdev)
+@@ -2222,16 +2222,16 @@ int hci_register_dev(struct hci_dev *hdev)
list_add(&hdev->list, &hci_dev_list);
write_unlock(&hci_dev_list_lock);
@@ -92537,7 +92176,7 @@ index 3d110c4..4e1b2eb 100644
break;
}
diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c
-index 2bd4b58..0dc30a1 100644
+index 0f45522..dab651f 100644
--- a/net/caif/cfctrl.c
+++ b/net/caif/cfctrl.c
@@ -10,6 +10,7 @@
@@ -93081,7 +92720,7 @@ index f9765203..9feaef8 100644
return error;
}
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
-index cec074b..a53a938 100644
+index b04f738..452b054 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -428,7 +428,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
@@ -93470,10 +93109,10 @@ index 55e1fd5..fd602b8 100644
*hc06_ptr = tmp;
hc06_ptr += 4;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
-index d01be2a..8976537 100644
+index c4adc31..ba1739f 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
-@@ -1703,13 +1703,9 @@ static int __init inet_init(void)
+@@ -1701,13 +1701,9 @@ static int __init inet_init(void)
BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb));
@@ -93488,7 +93127,7 @@ index d01be2a..8976537 100644
rc = proto_register(&udp_prot, 1);
if (rc)
-@@ -1818,8 +1814,6 @@ out_unregister_udp_proto:
+@@ -1816,8 +1812,6 @@ out_unregister_udp_proto:
proto_unregister(&udp_prot);
out_unregister_tcp_proto:
proto_unregister(&tcp_prot);
@@ -93687,7 +93326,7 @@ index 6af375a..c493c74 100644
inet_twsk_deschedule(tw, death_row);
while (twrefcnt) {
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
-index 000e3d2..5472da3 100644
+index 33d5537..da337a4 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -503,8 +503,8 @@ relookup:
@@ -94006,7 +93645,7 @@ index 7d93d62..cbbf2a3 100644
static int ping_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
-index 61e60d6..d6996cd 100644
+index 6fb2337..9cd6b20 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -309,7 +309,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -94580,7 +94219,7 @@ index 9a459be..086b866 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index d3057f9..80a31d8 100644
+index b78a3ee..8f5113c 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
@@ -94592,7 +94231,7 @@ index d3057f9..80a31d8 100644
net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
-@@ -2378,7 +2378,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
+@@ -2405,7 +2405,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
p.iph.ttl = 64;
@@ -94601,7 +94240,7 @@ index d3057f9..80a31d8 100644
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
-@@ -4000,7 +4000,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
+@@ -4027,7 +4027,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
s_ip_idx = ip_idx = cb->args[2];
rcu_read_lock();
@@ -94610,7 +94249,7 @@ index d3057f9..80a31d8 100644
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
head = &net->dev_index_head[h];
-@@ -4585,7 +4585,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4612,7 +4612,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
dst_free(&ifp->rt->dst);
break;
}
@@ -94619,7 +94258,7 @@ index d3057f9..80a31d8 100644
}
static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
-@@ -4605,7 +4605,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
+@@ -4632,7 +4632,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -94628,7 +94267,7 @@ index d3057f9..80a31d8 100644
int ret;
/*
-@@ -4687,7 +4687,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
+@@ -4714,7 +4714,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -94664,7 +94303,7 @@ index 70e704d..a4293c8 100644
table = kmemdup(ipv6_icmp_table_template,
sizeof(ipv6_icmp_table_template),
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index ecd6073..58162ae 100644
+index 1f9a1a5..413e487 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -74,7 +74,7 @@ struct ip6gre_net {
@@ -94704,7 +94343,7 @@ index ecd6073..58162ae 100644
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
-index 1e55866..b398dab 100644
+index 0516ebb..a5f065b 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -88,7 +88,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
@@ -95011,7 +94650,7 @@ index bacce6c..9d1741a 100644
table = kmemdup(ipv6_route_table_template,
sizeof(ipv6_route_table_template),
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
-index 60df36d..f3ab7c8 100644
+index 0491264..c403222 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
@@ -95023,7 +94662,7 @@ index 60df36d..f3ab7c8 100644
static int sit_net_id __read_mostly;
struct sit_net {
-@@ -1453,7 +1453,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -1507,7 +1507,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = {
#endif
};
@@ -95781,7 +95420,7 @@ index f6046d9..4f10cfd 100644
cp->old_state = cp->state;
/*
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
-index b75ff64..0c51bbe 100644
+index c47444e..b0961c6 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -1102,7 +1102,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
@@ -96943,10 +96582,10 @@ index f226709..0e735a8 100644
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
-index 391a245..296b3d7 100644
+index 422d8bd..2a65859 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
-@@ -981,7 +981,7 @@ static const struct inet6_protocol sctpv6_protocol = {
+@@ -965,7 +965,7 @@ static const struct inet6_protocol sctpv6_protocol = {
.flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
};
@@ -96955,7 +96594,7 @@ index 391a245..296b3d7 100644
.sa_family = AF_INET6,
.sctp_xmit = sctp_v6_xmit,
.setsockopt = ipv6_setsockopt,
-@@ -1013,7 +1013,7 @@ static struct sctp_af sctp_af_inet6 = {
+@@ -997,7 +997,7 @@ static struct sctp_af sctp_af_inet6 = {
#endif
};
@@ -96964,7 +96603,7 @@ index 391a245..296b3d7 100644
.event_msgname = sctp_inet6_event_msgname,
.skb_msgname = sctp_inet6_skb_msgname,
.af_supported = sctp_inet6_af_supported,
-@@ -1038,7 +1038,7 @@ void sctp_v6_pf_init(void)
+@@ -1022,7 +1022,7 @@ void sctp_v6_pf_init(void)
void sctp_v6_pf_exit(void)
{
@@ -97044,10 +96683,10 @@ index 8aab894..f6b7e7d 100644
sctp_generate_t1_cookie_event,
sctp_generate_t1_init_event,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 6abb1ca..1678f8b 100644
+index 79bc251..4530ee0 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -2167,11 +2167,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
+@@ -2170,11 +2170,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
{
struct sctp_association *asoc;
struct sctp_ulpevent *event;
@@ -97062,7 +96701,7 @@ index 6abb1ca..1678f8b 100644
/*
* At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
-@@ -4222,13 +4224,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
+@@ -4225,13 +4227,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
int __user *optlen)
{
@@ -97080,7 +96719,7 @@ index 6abb1ca..1678f8b 100644
return -EFAULT;
return 0;
}
-@@ -4246,6 +4251,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
+@@ -4249,6 +4254,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
*/
static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -97089,7 +96728,7 @@ index 6abb1ca..1678f8b 100644
/* Applicable to UDP-style socket only */
if (sctp_style(sk, TCP))
return -EOPNOTSUPP;
-@@ -4254,7 +4261,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
+@@ -4257,7 +4264,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
len = sizeof(int);
if (put_user(len, optlen))
return -EFAULT;
@@ -97099,7 +96738,7 @@ index 6abb1ca..1678f8b 100644
return -EFAULT;
return 0;
}
-@@ -4626,12 +4634,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
+@@ -4629,12 +4637,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
*/
static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -97116,7 +96755,7 @@ index 6abb1ca..1678f8b 100644
return -EFAULT;
return 0;
}
-@@ -4672,6 +4683,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4675,6 +4686,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
if (space_left < addrlen)
return -ENOMEM;
@@ -97694,7 +97333,7 @@ index 62e4f9b..dd3f2d7 100644
/* See if we can opportunistically reap SQ WR to make room */
sq_cq_reap(xprt);
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
-index 9bc6db0..47ac8c0 100644
+index e7000be..e3b0ba7 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ctl_table_header *head,
@@ -97703,7 +97342,7 @@ index 9bc6db0..47ac8c0 100644
/* Allow network administrator to have same access as root. */
- if (ns_capable(net->user_ns, CAP_NET_ADMIN) ||
+ if (ns_capable_nolog(net->user_ns, CAP_NET_ADMIN) ||
- uid_eq(root_uid, current_uid())) {
+ uid_eq(root_uid, current_euid())) {
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
diff --git a/net/tipc/link.c b/net/tipc/link.c
diff --git a/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch b/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch
new file mode 100644
index 000000000..6fa56ba13
--- /dev/null
+++ b/main/linux-virt-grsec/remove-cap-sys-admin-for-proc-sys.patch
@@ -0,0 +1,14 @@
+diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
+index 1e6dc7e..d65d119 100644
+--- a/fs/proc/proc_sysctl.c
++++ b/fs/proc/proc_sysctl.c
+@@ -521,8 +521,6 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+ dput(filp->f_path.dentry);
+ if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
+ goto out;
+- if (write && !capable(CAP_SYS_ADMIN))
+- goto out;
+ #endif
+
+ /* careful: calling conventions are nasty here */
+