diff options
-rw-r--r-- | main/linux-virtgrsec/APKBUILD | 18 | ||||
-rw-r--r-- | main/linux-virtgrsec/grsecurity-3.1-3.18.9-201503071142.patch (renamed from main/linux-virtgrsec/grsecurity-3.1-3.18.8-201502271843.patch) | 535 |
2 files changed, 339 insertions, 214 deletions
diff --git a/main/linux-virtgrsec/APKBUILD b/main/linux-virtgrsec/APKBUILD index c39cf2b3ff..e1c36488bd 100644 --- a/main/linux-virtgrsec/APKBUILD +++ b/main/linux-virtgrsec/APKBUILD @@ -3,12 +3,12 @@ _flavor=virtgrsec pkgname=linux-${_flavor} -pkgver=3.18.8 +pkgver=3.18.9 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=2 +pkgrel=0 pkgdesc="Linux kernel for virtual guests with grsecurity" url="http://grsecurity.net" depends="mkinitfs linux-firmware" @@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.1-3.18.8-201502271843.patch + grsecurity-3.1-3.18.9-201503071142.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -146,22 +146,22 @@ dev() { } md5sums="9e854df51ca3fef8bfe566dbd7b89241 linux-3.18.tar.xz -b7bd36ce9f4bff165ee776e2b9263257 patch-3.18.8.xz -f78dc7e1f77db3049de30f4d498fb2bc grsecurity-3.1-3.18.8-201502271843.patch +41077062d4b7beefd88d4df6e598e376 patch-3.18.9.xz +e0175adb70da19f3e7fc072d3bcc6527 grsecurity-3.1-3.18.9-201503071142.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 18cb4521f9a8847637292f9f4c9e8256 kernelconfig.x86 2408367e7833084385bff42995dfcd3a kernelconfig.x86_64" sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd linux-3.18.tar.xz -c392e435661b8afebffb4c2badf6a82c3c559dee07d13f76450c952ea8ebb3e3 patch-3.18.8.xz -904daa25b3ac3d23e06c65164d1456a629499dc989f1c62c255250da6a2c404e grsecurity-3.1-3.18.8-201502271843.patch +7b5b2a952c3d956c7ca8945de2e1edd4e689039dfc59fdcda1b23cb7d9a9da5d patch-3.18.9.xz +a2bb4b8b13054cc3b37300bfc6277d18e00a45318b1b4173bbc81f81b6f99929 grsecurity-3.1-3.18.9-201503071142.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 47048993111506ab74db24c92d39b536cf5e684975844907d5cb6198c1dfd87f kernelconfig.x86 0ebd5cf41a8c22fb8fe0c19d38833dc3e2b0b5e58b098e31315fcb766a18570e kernelconfig.x86_64" sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009 linux-3.18.tar.xz -11a075e08f03a33af57a2225b29e0db3d422467dcb23439faa1510e89770ba74af08bc01d9a43caf58c130d5261c13f9b3f018020e40cbfe8ef4411d545331a2 patch-3.18.8.xz -8b487ce70a308d8c27b7b6ed85e6cdee373ff1e7a79711b9c5b3b814b7a54ae8c8ff8cb36ac487c6663d5afb5248ea157e608a463ea35067bec5280c61811ed6 grsecurity-3.1-3.18.8-201502271843.patch +dd8f8c2a88b41e4907c213d3d7bc646f1291b4358ad5a840b652286ac67023f9cac119714b68cb00b295fe80b7efb5dc2b5b4af35f01bbcaa7357f877dad3a72 patch-3.18.9.xz +7af8713508ae9c22e5f65c59254fd0d4da9e2b278eddaf7fdc20580f6e02b2d2e611ce512e34f3859be4447aaab068bc0c47d0cdf67259b0042dd5b4c1b7338b grsecurity-3.1-3.18.9-201503071142.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch c6bebe64953a444bc7d13f932e44d081665c253121189a3ccca9d7f6145b4460e32dc0f21f4700bf6607c5c0cb79de5c8576e4da0c815d60cff0d3b90879c1d9 kernelconfig.x86 diff --git a/main/linux-virtgrsec/grsecurity-3.1-3.18.8-201502271843.patch b/main/linux-virtgrsec/grsecurity-3.1-3.18.9-201503071142.patch index 70b99d6c00..dfa314ece6 100644 --- a/main/linux-virtgrsec/grsecurity-3.1-3.18.8-201502271843.patch +++ b/main/linux-virtgrsec/grsecurity-3.1-3.18.9-201503071142.patch @@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 0b3f8a1..2b1f2b6 100644 +index 62b3338..fba6407 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -1614,7 +1614,7 @@ index abb2c37..96db950 100644 #include <asm-generic/cmpxchg-local.h> diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h -index 6ddbe44..b5e38b1 100644 +index 6ddbe44..b5e38b1a 100644 --- a/arch/arm/include/asm/domain.h +++ b/arch/arm/include/asm/domain.h @@ -48,18 +48,37 @@ @@ -5605,7 +5605,7 @@ index 6b33457..88b5124 100644 return 0; } diff --git a/arch/m32r/include/asm/cache.h b/arch/m32r/include/asm/cache.h -index 40b3ee9..8c2c112 100644 +index 40b3ee98..8c2c112 100644 --- a/arch/m32r/include/asm/cache.h +++ b/arch/m32r/include/asm/cache.h @@ -1,8 +1,10 @@ @@ -6340,7 +6340,7 @@ index b4db69f..8f3b093 100644 #define SMP_CACHE_SHIFT L1_CACHE_SHIFT #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h -index 1d38fe0..9beabc9 100644 +index 1d38fe0..9beabc9d 100644 --- a/arch/mips/include/asm/elf.h +++ b/arch/mips/include/asm/elf.h @@ -381,13 +381,16 @@ extern const char *__elf_platform; @@ -6510,7 +6510,7 @@ index b336037..5b874cc 100644 /* diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h -index d6d1928..ce4f822 100644 +index bc3fc4f..e2483f0 100644 --- a/arch/mips/include/asm/pgtable.h +++ b/arch/mips/include/asm/pgtable.h @@ -20,6 +20,9 @@ @@ -6869,10 +6869,10 @@ index d255a2a..916271c 100644 info.si_code = FPE_INTOVF; info.si_signo = SIGFPE; diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c -index e3b21e5..ea5ff7c 100644 +index 270bbd4..c01932a 100644 --- a/arch/mips/kvm/mips.c +++ b/arch/mips/kvm/mips.c -@@ -805,7 +805,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) +@@ -815,7 +815,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) return r; } @@ -8825,10 +8825,22 @@ index 9485b43..3bd3c16 100644 static inline unsigned long clear_user(void __user *addr, unsigned long size) diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile -index 502cf69..822e63b 100644 +index 502cf69..53936a1 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile -@@ -27,6 +27,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog +@@ -15,6 +15,11 @@ CFLAGS_prom_init.o += -fPIC + CFLAGS_btext.o += -fPIC + endif + ++CFLAGS_REMOVE_cputable.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_prom_init.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_btext.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_REMOVE_prom.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++ + ifdef CONFIG_FUNCTION_TRACER + # Do not trace early boot code + CFLAGS_REMOVE_cputable.o = -pg -mno-sched-epilog +@@ -27,6 +32,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog CFLAGS_REMOVE_time.o = -pg -mno-sched-epilog endif @@ -12770,7 +12782,7 @@ index bd49ec6..94c7f58 100644 } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 6a1a845..0ad2dae 100644 +index 30c0acf..48c3a77 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y) @@ -12825,6 +12837,21 @@ index a53440e..c3dbf1e 100644 ENDPROC(efi_call_phys) .previous +diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S +index 630384a..278e788 100644 +--- a/arch/x86/boot/compressed/efi_thunk_64.S ++++ b/arch/x86/boot/compressed/efi_thunk_64.S +@@ -189,8 +189,8 @@ efi_gdt64: + .long 0 /* Filled out by user */ + .word 0 + .quad 0x0000000000000000 /* NULL descriptor */ +- .quad 0x00af9a000000ffff /* __KERNEL_CS */ +- .quad 0x00cf92000000ffff /* __KERNEL_DS */ ++ .quad 0x00af9b000000ffff /* __KERNEL_CS */ ++ .quad 0x00cf93000000ffff /* __KERNEL_DS */ + .quad 0x0080890000000000 /* TS descriptor */ + .quad 0x0000000000000000 /* TS continued */ + efi_gdt64_end: diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 1d7fbbc..36ecd58 100644 --- a/arch/x86/boot/compressed/head_32.S @@ -20591,10 +20618,10 @@ index 8f1e774..9b4c381 100644 obj-$(CONFIG_X86_64) += mcount_64.o obj-y += syscall_$(BITS).o vsyscall_gtod.o diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c -index a142e77..6222cdd 100644 +index a3eadfd..56fdd27 100644 --- a/arch/x86/kernel/acpi/boot.c +++ b/arch/x86/kernel/acpi/boot.c -@@ -1276,7 +1276,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) +@@ -1282,7 +1282,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) * If your system is blacklisted here, but you find that acpi=force * works for you, please contact linux-acpi@vger.kernel.org */ @@ -20603,7 +20630,7 @@ index a142e77..6222cdd 100644 /* * Boxes that need ACPI disabled */ -@@ -1351,7 +1351,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { +@@ -1357,7 +1357,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { }; /* second table for DMI checks that should run after early-quirks */ @@ -23079,7 +23106,7 @@ index 344b63f..55adf14 100644 #endif diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index c0226ab..0d1dc48 100644 +index c0226ab..386eb53 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -23674,7 +23701,7 @@ index c0226ab..0d1dc48 100644 /* * A newly forked process directly context switches into this address. -@@ -331,7 +793,7 @@ ENTRY(ret_from_fork) +@@ -331,25 +793,26 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23682,9 +23709,19 @@ index c0226ab..0d1dc48 100644 + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? jz 1f - testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -341,15 +803,13 @@ ENTRY(ret_from_fork) - jmp ret_from_sys_call # go to the SYSRET fastpath +- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET +- jnz int_ret_from_sys_call +- +- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET +- jmp ret_from_sys_call # go to the SYSRET fastpath ++ /* ++ * By the time we get here, we have no idea whether our pt_regs, ++ * ti flags, and ti status came from the 64-bit SYSCALL fast path, ++ * the slow path, or one of the ia32entry paths. ++ * Use int_ret_from_sys_call to return, since it can safely handle ++ * all of the above. ++ */ ++ jmp int_ret_from_sys_call 1: - subq $REST_SKIP, %rsp # leave space for volatiles @@ -23700,7 +23737,7 @@ index c0226ab..0d1dc48 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -386,7 +846,7 @@ END(ret_from_fork) +@@ -386,7 +849,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23709,7 +23746,7 @@ index c0226ab..0d1dc48 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -399,16 +859,23 @@ GLOBAL(system_call_after_swapgs) +@@ -399,16 +862,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -23735,7 +23772,7 @@ index c0226ab..0d1dc48 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -432,10 +899,13 @@ sysret_check: +@@ -432,10 +902,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -23750,7 +23787,7 @@ index c0226ab..0d1dc48 100644 /* * sysretq will re-enable interrupts: */ -@@ -494,12 +964,15 @@ sysret_audit: +@@ -494,12 +967,15 @@ sysret_audit: /* Do syscall tracing */ tracesys: @@ -23768,7 +23805,7 @@ index c0226ab..0d1dc48 100644 jmp system_call_fastpath /* and return to the fast path */ tracesys_phase2: -@@ -510,12 +983,14 @@ tracesys_phase2: +@@ -510,12 +986,14 @@ tracesys_phase2: movq %rax,%rdx call syscall_trace_enter_phase2 @@ -23784,7 +23821,7 @@ index c0226ab..0d1dc48 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -545,7 +1020,9 @@ GLOBAL(int_with_check) +@@ -545,7 +1023,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -23795,7 +23832,7 @@ index c0226ab..0d1dc48 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -591,7 +1068,7 @@ int_restore_rest: +@@ -591,7 +1071,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -23804,7 +23841,7 @@ index c0226ab..0d1dc48 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -604,9 +1081,10 @@ ENTRY(stub_\func) +@@ -604,9 +1084,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -23817,7 +23854,7 @@ index c0226ab..0d1dc48 100644 .endm .macro FIXED_FRAME label,func -@@ -616,9 +1094,10 @@ ENTRY(\label) +@@ -616,9 +1097,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -23829,7 +23866,7 @@ index c0226ab..0d1dc48 100644 .endm FORK_LIKE clone -@@ -626,19 +1105,6 @@ END(\label) +@@ -626,19 +1108,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -23849,7 +23886,7 @@ index c0226ab..0d1dc48 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -650,7 +1116,7 @@ ENTRY(stub_execve) +@@ -650,7 +1119,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23858,7 +23895,7 @@ index c0226ab..0d1dc48 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -667,7 +1133,7 @@ ENTRY(stub_rt_sigreturn) +@@ -667,7 +1136,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23867,7 +23904,7 @@ index c0226ab..0d1dc48 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -681,7 +1147,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -681,7 +1150,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23876,7 +23913,7 @@ index c0226ab..0d1dc48 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -695,7 +1161,7 @@ ENTRY(stub_x32_execve) +@@ -695,7 +1164,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23885,7 +23922,7 @@ index c0226ab..0d1dc48 100644 #endif -@@ -732,7 +1198,7 @@ vector=vector+1 +@@ -732,7 +1201,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -23894,7 +23931,7 @@ index c0226ab..0d1dc48 100644 .previous END(interrupt) -@@ -749,8 +1215,8 @@ END(interrupt) +@@ -749,8 +1218,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -23905,7 +23942,7 @@ index c0226ab..0d1dc48 100644 SAVE_ARGS_IRQ call \func .endm -@@ -773,14 +1239,14 @@ ret_from_intr: +@@ -773,14 +1242,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -23924,7 +23961,7 @@ index c0226ab..0d1dc48 100644 je retint_kernel /* Interrupt came from user space */ -@@ -802,12 +1268,35 @@ retint_swapgs: /* return to user-space */ +@@ -802,12 +1271,35 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -23960,7 +23997,7 @@ index c0226ab..0d1dc48 100644 /* * The iretq could re-enable interrupts: */ -@@ -845,15 +1334,15 @@ native_irq_return_ldt: +@@ -845,15 +1337,15 @@ native_irq_return_ldt: SWAPGS movq PER_CPU_VAR(espfix_waddr),%rdi movq %rax,(0*8)(%rdi) /* RAX */ @@ -23981,7 +24018,7 @@ index c0226ab..0d1dc48 100644 movq %rax,(4*8)(%rdi) andl $0xffff0000,%eax popq_cfi %rdi -@@ -907,7 +1396,7 @@ ENTRY(retint_kernel) +@@ -907,7 +1399,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -23990,7 +24027,7 @@ index c0226ab..0d1dc48 100644 /* * APIC interrupts. -@@ -921,7 +1410,7 @@ ENTRY(\sym) +@@ -921,7 +1413,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -23999,7 +24036,7 @@ index c0226ab..0d1dc48 100644 .endm #ifdef CONFIG_TRACING -@@ -994,7 +1483,7 @@ apicinterrupt IRQ_WORK_VECTOR \ +@@ -994,7 +1486,7 @@ apicinterrupt IRQ_WORK_VECTOR \ /* * Exception entry points. */ @@ -24008,7 +24045,7 @@ index c0226ab..0d1dc48 100644 .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1 ENTRY(\sym) -@@ -1045,6 +1534,12 @@ ENTRY(\sym) +@@ -1045,6 +1537,12 @@ ENTRY(\sym) .endif .if \shift_ist != -1 @@ -24021,7 +24058,7 @@ index c0226ab..0d1dc48 100644 subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist) .endif -@@ -1061,7 +1556,7 @@ ENTRY(\sym) +@@ -1061,7 +1559,7 @@ ENTRY(\sym) .endif CFI_ENDPROC @@ -24030,7 +24067,7 @@ index c0226ab..0d1dc48 100644 .endm #ifdef CONFIG_TRACING -@@ -1102,9 +1597,10 @@ gs_change: +@@ -1102,9 +1600,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24042,7 +24079,7 @@ index c0226ab..0d1dc48 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1132,9 +1628,10 @@ ENTRY(do_softirq_own_stack) +@@ -1132,9 +1631,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24054,7 +24091,7 @@ index c0226ab..0d1dc48 100644 #ifdef CONFIG_XEN idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0 -@@ -1172,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1172,7 +1672,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24063,7 +24100,7 @@ index c0226ab..0d1dc48 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1231,7 +1728,7 @@ ENTRY(xen_failsafe_callback) +@@ -1231,7 +1731,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24072,7 +24109,7 @@ index c0226ab..0d1dc48 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1278,18 +1775,33 @@ ENTRY(paranoid_exit) +@@ -1278,18 +1778,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24108,7 +24145,7 @@ index c0226ab..0d1dc48 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1318,7 +1830,7 @@ paranoid_schedule: +@@ -1318,7 +1833,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24117,7 +24154,7 @@ index c0226ab..0d1dc48 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1345,12 +1857,23 @@ ENTRY(error_entry) +@@ -1345,12 +1860,23 @@ ENTRY(error_entry) movq %r14, R14+8(%rsp) movq %r15, R15+8(%rsp) xorl %ebx,%ebx @@ -24142,7 +24179,7 @@ index c0226ab..0d1dc48 100644 ret /* -@@ -1385,7 +1908,7 @@ error_bad_iret: +@@ -1385,7 +1911,7 @@ error_bad_iret: decl %ebx /* Return to usergs */ jmp error_sti CFI_ENDPROC @@ -24151,7 +24188,7 @@ index c0226ab..0d1dc48 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1396,7 +1919,7 @@ ENTRY(error_exit) +@@ -1396,7 +1922,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24160,7 +24197,7 @@ index c0226ab..0d1dc48 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1405,7 +1928,7 @@ ENTRY(error_exit) +@@ -1405,7 +1931,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24169,7 +24206,7 @@ index c0226ab..0d1dc48 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1463,9 +1986,11 @@ ENTRY(nmi) +@@ -1463,9 +1989,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24182,7 +24219,7 @@ index c0226ab..0d1dc48 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1499,8 +2024,7 @@ nested_nmi: +@@ -1499,8 +2027,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24192,7 +24229,7 @@ index c0226ab..0d1dc48 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1518,6 +2042,7 @@ nested_nmi_out: +@@ -1518,6 +2045,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24200,7 +24237,7 @@ index c0226ab..0d1dc48 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1614,13 +2139,13 @@ end_repeat_nmi: +@@ -1614,13 +2142,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24216,7 +24253,7 @@ index c0226ab..0d1dc48 100644 DEFAULT_FRAME 0 /* -@@ -1630,9 +2155,9 @@ end_repeat_nmi: +@@ -1630,9 +2158,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24228,7 +24265,7 @@ index c0226ab..0d1dc48 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1641,29 +2166,34 @@ end_repeat_nmi: +@@ -1641,29 +2169,34 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -28902,7 +28939,7 @@ index ed70394..c629a68 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 506488c..f8df17e 100644 +index 8b92cf4..ee50439 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -732,6 +732,8 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4); @@ -28914,7 +28951,7 @@ index 506488c..f8df17e 100644 if (cr3 == kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) { kvm_mmu_sync_roots(vcpu); kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu); -@@ -1878,8 +1880,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1879,8 +1881,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -28925,7 +28962,7 @@ index 506488c..f8df17e 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2806,6 +2808,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2807,6 +2809,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -28934,7 +28971,7 @@ index 506488c..f8df17e 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -5743,7 +5747,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5744,7 +5748,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -32499,7 +32536,7 @@ index 4d8ee82..ffc1011 100644 + return ret ? -EFAULT : 0; +} diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index 207d9aef..69030980 100644 +index 448ee89..88fe381 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c @@ -268,7 +268,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, @@ -32539,10 +32576,10 @@ index 4500142..53a363c 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 8b977eb..4732c33 100644 +index 006cc91..bf05a83 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c -@@ -80,23 +80,24 @@ int pud_huge(pud_t pud) +@@ -86,23 +86,24 @@ int pud_huge(pud_t pud) #ifdef CONFIG_HUGETLB_PAGE static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, unsigned long addr, unsigned long len, @@ -32570,7 +32607,7 @@ index 8b977eb..4732c33 100644 { struct hstate *h = hstate_file(file); struct vm_unmapped_area_info info; -@@ -108,6 +109,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -114,6 +115,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, info.high_limit = current->mm->mmap_base; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; @@ -32578,7 +32615,7 @@ index 8b977eb..4732c33 100644 addr = vm_unmapped_area(&info); /* -@@ -120,6 +122,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -126,6 +128,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -32591,7 +32628,7 @@ index 8b977eb..4732c33 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -134,10 +142,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -140,10 +148,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -32613,7 +32650,7 @@ index 8b977eb..4732c33 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -146,19 +164,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -152,19 +170,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -33345,10 +33382,10 @@ index b4f2e7e..96c9c3e 100644 pte = kmemcheck_pte_lookup(address); diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c -index 919b912..9267313 100644 +index df4552b..12c129c 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c -@@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void) +@@ -52,7 +52,7 @@ static unsigned long stack_maxrandom_size(void) * Leave an at least ~128 MB hole with possible stack randomization. */ #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) @@ -34949,7 +34986,7 @@ index 040192b..7d3300f 100644 .long 0 efi_rt_function_ptr: diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S -index 5fcda72..cd4dc41 100644 +index 86d0f9e..6d499f4 100644 --- a/arch/x86/platform/efi/efi_stub_64.S +++ b/arch/x86/platform/efi/efi_stub_64.S @@ -11,6 +11,7 @@ @@ -34968,17 +35005,6 @@ index 5fcda72..cd4dc41 100644 ret ENDPROC(efi_call) -@@ -245,8 +247,8 @@ efi_gdt64: - .long 0 /* Filled out by user */ - .word 0 - .quad 0x0000000000000000 /* NULL descriptor */ -- .quad 0x00af9a000000ffff /* __KERNEL_CS */ -- .quad 0x00cf92000000ffff /* __KERNEL_DS */ -+ .quad 0x00af9b000000ffff /* __KERNEL_CS */ -+ .quad 0x00cf93000000ffff /* __KERNEL_DS */ - .quad 0x0080890000000000 /* TS descriptor */ - .quad 0x0000000000000000 /* TS continued */ - efi_gdt64_end: diff --git a/arch/x86/platform/intel-mid/intel-mid.c b/arch/x86/platform/intel-mid/intel-mid.c index 1bbedc4..eb795b5 100644 --- a/arch/x86/platform/intel-mid/intel-mid.c @@ -38948,7 +38974,7 @@ index 0ea9986..e7b07e4 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 04645c0..6416f00 100644 +index 9cd6968..6416f00 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -289,9 +289,6 @@ @@ -38974,30 +39000,6 @@ index 04645c0..6416f00 100644 static struct entropy_store input_pool = { .poolinfo = &poolinfo_table[0], -@@ -569,19 +566,19 @@ static void fast_mix(struct fast_pool *f) - __u32 c = f->pool[2], d = f->pool[3]; - - a += b; c += d; -- b = rol32(a, 6); d = rol32(c, 27); -+ b = rol32(b, 6); d = rol32(d, 27); - d ^= a; b ^= c; - - a += b; c += d; -- b = rol32(a, 16); d = rol32(c, 14); -+ b = rol32(b, 16); d = rol32(d, 14); - d ^= a; b ^= c; - - a += b; c += d; -- b = rol32(a, 6); d = rol32(c, 27); -+ b = rol32(b, 6); d = rol32(d, 27); - d ^= a; b ^= c; - - a += b; c += d; -- b = rol32(a, 16); d = rol32(c, 14); -+ b = rol32(b, 16); d = rol32(d, 14); - d ^= a; b ^= c; - - f->pool[0] = a; f->pool[1] = b; @@ -635,7 +632,7 @@ retry: /* The +2 corresponds to the /4 in the denominator */ @@ -39287,7 +39289,7 @@ index f657c57..31d97ae 100644 ret = cpufreq_register_driver(&dt_cpufreq_driver); if (ret) diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 4473eba..a4c9dc2 100644 +index e3bf702..4dbf06c 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -2122,7 +2122,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) @@ -44876,10 +44878,10 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 40b35be..a327e11 100644 +index 2f2f38f..f6a8ebe 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1932,7 +1932,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -44888,7 +44890,7 @@ index 40b35be..a327e11 100644 } sectors -= s; sect += s; -@@ -2164,7 +2164,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -2165,7 +2165,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, !test_bit(Faulty, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -44961,7 +44963,7 @@ index 32e282f..5cec803 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index b98765f..09e86d5 100644 +index 8577cc7..e80e05d 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1730,6 +1730,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -48537,7 +48539,7 @@ index bfb0b6e..5c396ce 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 880cc09..6a68ba6 100644 +index 880cc09..764aee1 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c @@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev) @@ -48549,7 +48551,33 @@ index 880cc09..6a68ba6 100644 .kind = "macvtap", .setup = macvtap_setup, .newlink = macvtap_newlink, -@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -637,12 +637,15 @@ static void macvtap_skb_to_vnet_hdr(const struct sk_buff *skb, + } /* else everything is zero */ + } + ++/* Neighbour code has some assumptions on HH_DATA_MOD alignment */ ++#define MACVTAP_RESERVE HH_DATA_OFF(ETH_HLEN) ++ + /* Get packet from user space buffer */ + static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, + const struct iovec *iv, unsigned long total_len, + size_t count, int noblock) + { +- int good_linear = SKB_MAX_HEAD(NET_IP_ALIGN); ++ int good_linear = SKB_MAX_HEAD(MACVTAP_RESERVE); + struct sk_buff *skb; + struct macvlan_dev *vlan; + unsigned long len = total_len; +@@ -701,7 +704,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, + linear = vnet_hdr.hdr_len; + } + +- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen, ++ skb = macvtap_alloc_skb(&q->sk, MACVTAP_RESERVE, copylen, + linear, noblock, &err); + if (!skb) + goto err; +@@ -1020,7 +1023,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -48558,7 +48586,7 @@ index 880cc09..6a68ba6 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1190,7 +1193,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -52059,7 +52087,7 @@ index dd8c8d6..4cdf6a1 100644 if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 6035444..c82edd4 100644 +index 843594c..b1dc3b2 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1138,7 +1138,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) @@ -53179,10 +53207,10 @@ index 47ca0f3..3c0b803 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index 7c4447a..70fbc1e 100644 +index 082304d..d8360ec 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -830,8 +830,10 @@ static void __init unix98_pty_init(void) +@@ -833,8 +833,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -54299,7 +54327,7 @@ index 0b59731..46ee7d1 100644 dev->rawdescriptors[i] + (*ppos - pos), min(len, alloclen))) { diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index a6efb41..6f72549b 100644 +index 0009fc8..483f7e5 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1551,7 +1551,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) @@ -54321,7 +54349,7 @@ index a6efb41..6f72549b 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index b649fef..c7107a0 100644 +index 2246954..d75b0b1 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -26,6 +26,7 @@ @@ -54344,7 +54372,7 @@ index b649fef..c7107a0 100644 unit_load = 150; else diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c -index f7b7713..23d07ec 100644 +index f368d20..0c30ac5 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -128,7 +128,7 @@ static int usb_internal_control_msg(struct usb_device *usb_dev, @@ -54388,7 +54416,7 @@ index 1236c60..d47a51c 100644 static DEVICE_ATTR_RO(urbnum); diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c -index 2dd2362..1135437 100644 +index 29ee936..55e3f99 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c @@ -433,7 +433,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, @@ -58550,7 +58578,7 @@ index 929dec0..84bd914 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index d8fc060..cbd44d5 100644 +index e1efcaa..ff55158 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -59067,7 +59095,7 @@ index d8fc060..cbd44d5 100644 * libraries. There is no binary dependent code anywhere else. @@ -556,6 +917,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { - unsigned int random_variable = 0; + unsigned long random_variable = 0; +#ifdef CONFIG_PAX_RANDUSTACK + if (current->mm->pax_flags & MF_PAX_RANDMMAP) @@ -59076,8 +59104,8 @@ index d8fc060..cbd44d5 100644 + if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { - random_variable = get_random_int() & STACK_RND_MASK; -@@ -574,7 +940,7 @@ static int load_elf_binary(struct linux_binprm *bprm) + random_variable = (unsigned long) get_random_int(); +@@ -575,7 +941,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -59086,7 +59114,7 @@ index d8fc060..cbd44d5 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -589,6 +955,7 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -590,6 +956,7 @@ static int load_elf_binary(struct linux_binprm *bprm) struct elfhdr elf_ex; struct elfhdr interp_elf_ex; } *loc; @@ -59094,7 +59122,7 @@ index d8fc060..cbd44d5 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -726,6 +1093,77 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -727,6 +1094,77 @@ static int load_elf_binary(struct linux_binprm *bprm) /* Do this immediately, since STACK_TOP as used in setup_arg_pages may depend on the personality. */ SET_PERSONALITY(loc->elf_ex); @@ -59172,7 +59200,7 @@ index d8fc060..cbd44d5 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -811,6 +1249,20 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -812,6 +1250,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -59193,7 +59221,7 @@ index d8fc060..cbd44d5 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -842,9 +1294,9 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -843,9 +1295,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -59206,7 +59234,7 @@ index d8fc060..cbd44d5 100644 /* set_brk can never work. Avoid overflows. */ retval = -EINVAL; goto out_free_dentry; -@@ -880,16 +1332,43 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -881,16 +1333,43 @@ static int load_elf_binary(struct linux_binprm *bprm) if (retval) goto out_free_dentry; if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -59255,7 +59283,7 @@ index d8fc060..cbd44d5 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1115,7 +1594,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1116,7 +1595,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -59264,7 +59292,7 @@ index d8fc060..cbd44d5 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1153,7 +1632,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1154,7 +1633,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -59273,7 +59301,7 @@ index d8fc060..cbd44d5 100644 goto whole; /* -@@ -1360,9 +1839,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1361,9 +1840,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -59285,7 +59313,7 @@ index d8fc060..cbd44d5 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1371,7 +1850,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1372,7 +1851,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -59294,7 +59322,7 @@ index d8fc060..cbd44d5 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -1995,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1996,14 +2475,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -59311,7 +59339,7 @@ index d8fc060..cbd44d5 100644 return size; } -@@ -2093,7 +2572,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2094,7 +2573,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -59320,7 +59348,7 @@ index d8fc060..cbd44d5 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2121,7 +2600,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2122,7 +2601,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -59329,7 +59357,7 @@ index d8fc060..cbd44d5 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2154,7 +2633,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2155,7 +2634,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -59338,7 +59366,7 @@ index d8fc060..cbd44d5 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2195,6 +2674,167 @@ out: +@@ -2196,6 +2675,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -59520,7 +59548,7 @@ index 1d9c9f3..2905786 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 150822e..75bb326 100644 +index c81ce0c..0d23e5c 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -1173,9 +1173,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -64884,7 +64912,7 @@ index bbde147..f4deeba 100644 get_mnt_ns(mnt_ns); diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c -index f4ccfe6..a5cf064 100644 +index 02f8d09..a5c25d1 100644 --- a/fs/nfs/callback_xdr.c +++ b/fs/nfs/callback_xdr.c @@ -51,7 +51,7 @@ struct callback_op { @@ -67147,7 +67175,7 @@ index 510413eb..34d9a8c 100644 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 4e0388c..fc6a0e1 100644 +index e8972bc..64ee778 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -13,12 +13,19 @@ @@ -67313,7 +67341,7 @@ index 4e0388c..fc6a0e1 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1447,6 +1497,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1451,6 +1501,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) char buffer[64]; int nid; @@ -67327,7 +67355,7 @@ index 4e0388c..fc6a0e1 100644 if (!mm) return 0; -@@ -1468,11 +1525,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1472,11 +1529,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy); } @@ -68255,7 +68283,7 @@ index 64e83ef..b6be154 100644 } fdput(f); diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c -index 79c9819..22226b4 100644 +index 661666e..e1c7ec2 100644 --- a/fs/xfs/libxfs/xfs_bmap.c +++ b/fs/xfs/libxfs/xfs_bmap.c @@ -583,7 +583,7 @@ xfs_bmap_validate_ret( @@ -81386,10 +81414,10 @@ index 115bb81..e7b812b 100644 /* * fscache cached network filesystem type diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h -index 1c804b0..1432c2b 100644 +index 7ee1774..72505b8 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h -@@ -195,6 +195,9 @@ static inline void fsnotify_access(struct file *file) +@@ -197,6 +197,9 @@ static inline void fsnotify_access(struct file *file) struct inode *inode = file_inode(file); __u32 mask = FS_ACCESS; @@ -81399,7 +81427,7 @@ index 1c804b0..1432c2b 100644 if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -@@ -213,6 +216,9 @@ static inline void fsnotify_modify(struct file *file) +@@ -215,6 +218,9 @@ static inline void fsnotify_modify(struct file *file) struct inode *inode = file_inode(file); __u32 mask = FS_MODIFY; @@ -81409,7 +81437,7 @@ index 1c804b0..1432c2b 100644 if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -@@ -315,7 +321,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid) +@@ -317,7 +323,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid) */ static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name) { @@ -84643,7 +84671,7 @@ index 34a1e10..70f6bde 100644 struct proc_ns { void *ns; diff --git a/include/linux/quota.h b/include/linux/quota.h -index 224fb81..9d85c41 100644 +index 8b0877f..b1071c5 100644 --- a/include/linux/quota.h +++ b/include/linux/quota.h @@ -70,7 +70,7 @@ struct kqid { /* Type in which we store the quota identifier */ @@ -85628,7 +85656,7 @@ index 07d8e53..dc934c9 100644 #endif /* _LINUX_SUNRPC_ADDR_H */ diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index 70736b9..37f33db 100644 +index b363a0f..f09861d 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h @@ -97,7 +97,7 @@ struct rpc_procinfo { @@ -86060,10 +86088,10 @@ index 99c1b4d..562e6f3 100644 static inline void put_unaligned_le16(u16 val, void *p) diff --git a/include/linux/usb.h b/include/linux/usb.h -index 447a7e2..9cea7e9 100644 +index 3827bff..f1730fc 100644 --- a/include/linux/usb.h +++ b/include/linux/usb.h -@@ -571,7 +571,7 @@ struct usb_device { +@@ -566,7 +566,7 @@ struct usb_device { int maxchild; u32 quirks; @@ -86072,7 +86100,7 @@ index 447a7e2..9cea7e9 100644 unsigned long active_duration; -@@ -1655,7 +1655,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in, +@@ -1650,7 +1650,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in, extern int usb_control_msg(struct usb_device *dev, unsigned int pipe, __u8 request, __u8 requesttype, __u16 value, __u16 index, @@ -88987,7 +89015,7 @@ index 1adf62b..7736e06 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 379650b..30c5180 100644 +index 6ffdc96..af24441 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1977,7 +1977,7 @@ static int kdb_lsmod(int argc, const char **argv) @@ -89248,10 +89276,17 @@ index 2116aac..d95df2a 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 9b7d746..5b898ab 100644 +index 9b7d746..6083ebb 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -183,6 +183,48 @@ void thread_info_cache_init(void) +@@ -177,12 +177,54 @@ static void free_thread_info(struct thread_info *ti) + void thread_info_cache_init(void) + { + thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE, +- THREAD_SIZE, 0, NULL); ++ THREAD_SIZE, SLAB_USERCOPY, NULL); + BUG_ON(thread_info_cache == NULL); + } # endif #endif @@ -94206,7 +94241,7 @@ index 124e2c7..762ca29 100644 /* make curr_ret_stack visible before we add the ret_stack */ smp_wmb(); diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index a56e07c..d46f0ba 100644 +index f4fbbfc..ebb5622 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -94221,7 +94256,7 @@ index a56e07c..d46f0ba 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -473,8 +473,8 @@ struct ring_buffer_per_cpu { +@@ -476,8 +476,8 @@ struct ring_buffer_per_cpu { unsigned long last_overrun; local_t entries_bytes; local_t entries; @@ -94232,7 +94267,7 @@ index a56e07c..d46f0ba 100644 local_t dropped_events; local_t committing; local_t commits; -@@ -1032,8 +1032,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1050,8 +1050,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -94243,7 +94278,7 @@ index a56e07c..d46f0ba 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -1061,8 +1061,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1079,8 +1079,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -94254,7 +94289,7 @@ index a56e07c..d46f0ba 100644 /* * No need to worry about races with clearing out the commit. -@@ -1429,12 +1429,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1448,12 +1448,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -94269,7 +94304,7 @@ index a56e07c..d46f0ba 100644 } static int -@@ -1529,7 +1529,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1548,7 +1548,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -94278,7 +94313,7 @@ index a56e07c..d46f0ba 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -2091,7 +2091,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2110,7 +2110,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -94287,7 +94322,7 @@ index a56e07c..d46f0ba 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2241,7 +2241,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2260,7 +2260,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -94296,7 +94331,7 @@ index a56e07c..d46f0ba 100644 return; } -@@ -2276,7 +2276,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2295,7 +2295,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -94305,7 +94340,7 @@ index a56e07c..d46f0ba 100644 return; } -@@ -2288,7 +2288,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2307,7 +2307,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -94314,7 +94349,7 @@ index a56e07c..d46f0ba 100644 } /* -@@ -2314,7 +2314,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2333,7 +2333,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -94323,7 +94358,7 @@ index a56e07c..d46f0ba 100644 goto out_reset; } -@@ -2370,7 +2370,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2389,7 +2389,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -94332,7 +94367,7 @@ index a56e07c..d46f0ba 100644 goto out_reset; } } -@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2437,7 +2437,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -94341,7 +94376,7 @@ index a56e07c..d46f0ba 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2442,7 +2442,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2461,7 +2461,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -94350,7 +94385,7 @@ index a56e07c..d46f0ba 100644 /* * If this is the first commit on the page, then update -@@ -2475,7 +2475,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2494,7 +2494,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -94359,7 +94394,7 @@ index a56e07c..d46f0ba 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2485,7 +2485,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2504,7 +2504,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -94368,7 +94403,7 @@ index a56e07c..d46f0ba 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2877,7 +2877,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2907,7 +2907,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -94377,7 +94412,7 @@ index a56e07c..d46f0ba 100644 return; } -@@ -2889,7 +2889,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2919,7 +2919,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -94386,7 +94421,7 @@ index a56e07c..d46f0ba 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -3173,7 +3173,7 @@ static inline unsigned long +@@ -3203,7 +3203,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -94395,7 +94430,7 @@ index a56e07c..d46f0ba 100644 } /** -@@ -3262,7 +3262,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3292,7 +3292,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -94404,7 +94439,7 @@ index a56e07c..d46f0ba 100644 return ret; } -@@ -3285,7 +3285,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3315,7 +3315,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -94413,7 +94448,7 @@ index a56e07c..d46f0ba 100644 return ret; } -@@ -3370,7 +3370,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3400,7 +3400,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -94422,7 +94457,7 @@ index a56e07c..d46f0ba 100644 } return overruns; -@@ -3541,8 +3541,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3571,8 +3571,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -94433,7 +94468,7 @@ index a56e07c..d46f0ba 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3576,7 +3576,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3606,7 +3606,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -94442,7 +94477,7 @@ index a56e07c..d46f0ba 100644 /* * Here's the tricky part. -@@ -4148,8 +4148,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4178,8 +4178,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -94453,7 +94488,7 @@ index a56e07c..d46f0ba 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4159,14 +4159,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4189,14 +4189,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -94472,7 +94507,7 @@ index a56e07c..d46f0ba 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4571,8 +4571,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4601,8 +4601,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -94484,7 +94519,7 @@ index a56e07c..d46f0ba 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 426962b..e8e2d9a 100644 +index 72c7134..581f360 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3488,7 +3488,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) @@ -95786,7 +95821,7 @@ index 123bcd3..0de52ba 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 9fd7227..5628939 100644 +index f08fec7..8742ef8 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2258,6 +2258,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -101330,6 +101365,19 @@ index 8e385a0..a5bdd8e 100644 tty_port_close(&dev->port, tty, filp); } +diff --git a/net/bridge/br.c b/net/bridge/br.c +index 44425af..4ee730e 100644 +--- a/net/bridge/br.c ++++ b/net/bridge/br.c +@@ -147,6 +147,8 @@ static int __init br_init(void) + { + int err; + ++ BUILD_BUG_ON(sizeof(struct br_input_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb)); ++ + err = stp_proto_register(&br_stp_proto); + if (err < 0) { + pr_err("bridge: can't register sap for STP\n"); diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index e5ec470..cbfabd1 100644 --- a/net/bridge/br_netlink.c @@ -102057,7 +102105,7 @@ index 443256b..bbff424 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index ca82629..66264f7 100644 +index ca82629..f168c36 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -102104,6 +102152,17 @@ index ca82629..66264f7 100644 goto nla_put_failure; if (1) { +@@ -2077,6 +2080,10 @@ replay: + if (IS_ERR(dest_net)) + return PTR_ERR(dest_net); + ++ err = -EPERM; ++ if (!netlink_ns_capable(skb, dest_net->user_ns, CAP_NET_ADMIN)) ++ goto out; ++ + dev = rtnl_create_link(dest_net, ifname, name_assign_type, ops, tb); + if (IS_ERR(dev)) { + err = PTR_ERR(dev); diff --git a/net/core/scm.c b/net/core/scm.c index b442e7e..6f5b5a2 100644 --- a/net/core/scm.c @@ -103051,7 +103110,7 @@ index e90f83a..3e6acca 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 5638b17..22c8e65 100644 +index 5638b17..dec7fa3 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -103063,7 +103122,38 @@ index 5638b17..22c8e65 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -350,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk) + kgid_t low, high; + int ret = 0; + ++ if (sk->sk_family == AF_INET6) ++ sk->sk_ipv6only = 1; ++ + inet_get_ping_group_range_net(net, &low, &high); + if (gid_lte(low, group) && gid_lte(group, high)) + return 0; +@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, + if (addr_len < sizeof(*addr)) + return -EINVAL; + ++ if (addr->sin_family != AF_INET && ++ !(addr->sin_family == AF_UNSPEC && ++ addr->sin_addr.s_addr == htonl(INADDR_ANY))) ++ return -EAFNOSUPPORT; ++ + pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n", + sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port)); + +@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, + return -EINVAL; + + if (addr->sin6_family != AF_INET6) +- return -EINVAL; ++ return -EAFNOSUPPORT; + + pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n", + sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port)); +@@ -350,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -103072,7 +103162,7 @@ index 5638b17..22c8e65 100644 scoped); rcu_read_unlock(); -@@ -558,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -558,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -103081,7 +103171,7 @@ index 5638b17..22c8e65 100644 #endif } -@@ -576,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -576,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -103090,7 +103180,16 @@ index 5638b17..22c8e65 100644 info, (u8 *)icmph); #endif } -@@ -910,10 +910,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m + if (msg->msg_namelen < sizeof(*usin)) + return -EINVAL; + if (usin->sin_family != AF_INET) +- return -EINVAL; ++ return -EAFNOSUPPORT; + daddr = usin->sin_addr.s_addr; + /* no remote port */ + } else { +@@ -910,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, } if (inet6_sk(sk)->rxopt.all) @@ -103103,7 +103202,7 @@ index 5638b17..22c8e65 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1108,7 +1108,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1108,7 +1116,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -104114,10 +104213,23 @@ index 6f187c8..34b367f 100644 return -ENOMEM; } diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c -index 5b7a1ed..d9da205 100644 +index 5b7a1ed..83e96de 100644 --- a/net/ipv6/ping.c +++ b/net/ipv6/ping.c -@@ -240,6 +240,24 @@ static struct pernet_operations ping_v6_net_ops = { +@@ -102,9 +102,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + + if (msg->msg_name) { + DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name); +- if (msg->msg_namelen < sizeof(struct sockaddr_in6) || +- u->sin6_family != AF_INET6) { ++ if (msg->msg_namelen < sizeof(*u)) + return -EINVAL; ++ if (u->sin6_family != AF_INET6) { ++ return -EAFNOSUPPORT; + } + if (sk->sk_bound_dev_if && + sk->sk_bound_dev_if != u->sin6_scope_id) { +@@ -240,6 +241,24 @@ static struct pernet_operations ping_v6_net_ops = { }; #endif @@ -104142,7 +104254,7 @@ index 5b7a1ed..d9da205 100644 int __init pingv6_init(void) { #ifdef CONFIG_PROC_FS -@@ -247,13 +265,7 @@ int __init pingv6_init(void) +@@ -247,13 +266,7 @@ int __init pingv6_init(void) if (ret) return ret; #endif @@ -104157,7 +104269,7 @@ index 5b7a1ed..d9da205 100644 return inet6_register_protosw(&pingv6_protosw); } -@@ -262,14 +274,9 @@ int __init pingv6_init(void) +@@ -262,14 +275,9 @@ int __init pingv6_init(void) */ void pingv6_exit(void) { @@ -105023,6 +105135,18 @@ index 6081329..ab23834 100644 return -EBUSY; if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) { +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index 900632a2..80ce44f 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -563,6 +563,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx) + if (tx->sdata->control_port_no_encrypt) + info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; + info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; ++ info->flags |= IEEE80211_TX_CTL_USE_MINRATE; + } + + return TX_CONTINUE; diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 3c61060..7bed2e3 100644 --- a/net/mac80211/util.c @@ -106903,10 +107027,10 @@ index 0663621..c4928d4 100644 goto out_nomem; cd->u.procfs.channel_ent = NULL; diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 9acd6ce..4353a72 100644 +index ae46f01..d337da8 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -1428,7 +1428,9 @@ call_start(struct rpc_task *task) +@@ -1430,7 +1430,9 @@ call_start(struct rpc_task *task) (RPC_IS_ASYNC(task) ? "async" : "sync")); /* Increment call count */ @@ -109689,10 +109813,10 @@ index 1450f85..a91e0bc 100644 } rtnl_unlock(); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index d515ec2..8a4ca71 100644 +index 9d3c64a..76e336e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c -@@ -4079,7 +4079,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +@@ -4081,7 +4081,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) return 0; } @@ -118386,10 +118510,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..f2bd55d +index 0000000..1f45ba9 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,6031 @@ +@@ -0,0 +1,6032 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -119009,6 +119133,7 @@ index 0000000..f2bd55d +tpl_write_6998 tpl_write 3 6998 NULL +cipso_v4_gentag_enum_7006 cipso_v4_gentag_enum 0 7006 NULL +tracing_cpumask_read_7010 tracing_cpumask_read 3 7010 NULL ++copy_items_7012 copy_items 7 7012 NULL +ld_usb_write_7022 ld_usb_write 3 7022 NULL +wimax_msg_7030 wimax_msg 4 7030 NULL +ceph_kvmalloc_7033 ceph_kvmalloc 1 7033 NULL |