aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-virtgrsec/APKBUILD18
-rw-r--r--main/linux-virtgrsec/grsecurity-3.1-3.18.9-201503071142.patch (renamed from main/linux-virtgrsec/grsecurity-3.1-3.18.8-201502271843.patch)535
2 files changed, 339 insertions, 214 deletions
diff --git a/main/linux-virtgrsec/APKBUILD b/main/linux-virtgrsec/APKBUILD
index c39cf2b3ff..e1c36488bd 100644
--- a/main/linux-virtgrsec/APKBUILD
+++ b/main/linux-virtgrsec/APKBUILD
@@ -3,12 +3,12 @@
_flavor=virtgrsec
pkgname=linux-${_flavor}
-pkgver=3.18.8
+pkgver=3.18.9
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=2
+pkgrel=0
pkgdesc="Linux kernel for virtual guests with grsecurity"
url="http://grsecurity.net"
depends="mkinitfs linux-firmware"
@@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.1-3.18.8-201502271843.patch
+ grsecurity-3.1-3.18.9-201503071142.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -146,22 +146,22 @@ dev() {
}
md5sums="9e854df51ca3fef8bfe566dbd7b89241 linux-3.18.tar.xz
-b7bd36ce9f4bff165ee776e2b9263257 patch-3.18.8.xz
-f78dc7e1f77db3049de30f4d498fb2bc grsecurity-3.1-3.18.8-201502271843.patch
+41077062d4b7beefd88d4df6e598e376 patch-3.18.9.xz
+e0175adb70da19f3e7fc072d3bcc6527 grsecurity-3.1-3.18.9-201503071142.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
18cb4521f9a8847637292f9f4c9e8256 kernelconfig.x86
2408367e7833084385bff42995dfcd3a kernelconfig.x86_64"
sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd linux-3.18.tar.xz
-c392e435661b8afebffb4c2badf6a82c3c559dee07d13f76450c952ea8ebb3e3 patch-3.18.8.xz
-904daa25b3ac3d23e06c65164d1456a629499dc989f1c62c255250da6a2c404e grsecurity-3.1-3.18.8-201502271843.patch
+7b5b2a952c3d956c7ca8945de2e1edd4e689039dfc59fdcda1b23cb7d9a9da5d patch-3.18.9.xz
+a2bb4b8b13054cc3b37300bfc6277d18e00a45318b1b4173bbc81f81b6f99929 grsecurity-3.1-3.18.9-201503071142.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
47048993111506ab74db24c92d39b536cf5e684975844907d5cb6198c1dfd87f kernelconfig.x86
0ebd5cf41a8c22fb8fe0c19d38833dc3e2b0b5e58b098e31315fcb766a18570e kernelconfig.x86_64"
sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009 linux-3.18.tar.xz
-11a075e08f03a33af57a2225b29e0db3d422467dcb23439faa1510e89770ba74af08bc01d9a43caf58c130d5261c13f9b3f018020e40cbfe8ef4411d545331a2 patch-3.18.8.xz
-8b487ce70a308d8c27b7b6ed85e6cdee373ff1e7a79711b9c5b3b814b7a54ae8c8ff8cb36ac487c6663d5afb5248ea157e608a463ea35067bec5280c61811ed6 grsecurity-3.1-3.18.8-201502271843.patch
+dd8f8c2a88b41e4907c213d3d7bc646f1291b4358ad5a840b652286ac67023f9cac119714b68cb00b295fe80b7efb5dc2b5b4af35f01bbcaa7357f877dad3a72 patch-3.18.9.xz
+7af8713508ae9c22e5f65c59254fd0d4da9e2b278eddaf7fdc20580f6e02b2d2e611ce512e34f3859be4447aaab068bc0c47d0cdf67259b0042dd5b4c1b7338b grsecurity-3.1-3.18.9-201503071142.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
c6bebe64953a444bc7d13f932e44d081665c253121189a3ccca9d7f6145b4460e32dc0f21f4700bf6607c5c0cb79de5c8576e4da0c815d60cff0d3b90879c1d9 kernelconfig.x86
diff --git a/main/linux-virtgrsec/grsecurity-3.1-3.18.8-201502271843.patch b/main/linux-virtgrsec/grsecurity-3.1-3.18.9-201503071142.patch
index 70b99d6c00..dfa314ece6 100644
--- a/main/linux-virtgrsec/grsecurity-3.1-3.18.8-201502271843.patch
+++ b/main/linux-virtgrsec/grsecurity-3.1-3.18.9-201503071142.patch
@@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 0b3f8a1..2b1f2b6 100644
+index 62b3338..fba6407 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -1614,7 +1614,7 @@ index abb2c37..96db950 100644
#include <asm-generic/cmpxchg-local.h>
diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h
-index 6ddbe44..b5e38b1 100644
+index 6ddbe44..b5e38b1a 100644
--- a/arch/arm/include/asm/domain.h
+++ b/arch/arm/include/asm/domain.h
@@ -48,18 +48,37 @@
@@ -5605,7 +5605,7 @@ index 6b33457..88b5124 100644
return 0;
}
diff --git a/arch/m32r/include/asm/cache.h b/arch/m32r/include/asm/cache.h
-index 40b3ee9..8c2c112 100644
+index 40b3ee98..8c2c112 100644
--- a/arch/m32r/include/asm/cache.h
+++ b/arch/m32r/include/asm/cache.h
@@ -1,8 +1,10 @@
@@ -6340,7 +6340,7 @@ index b4db69f..8f3b093 100644
#define SMP_CACHE_SHIFT L1_CACHE_SHIFT
#define SMP_CACHE_BYTES L1_CACHE_BYTES
diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h
-index 1d38fe0..9beabc9 100644
+index 1d38fe0..9beabc9d 100644
--- a/arch/mips/include/asm/elf.h
+++ b/arch/mips/include/asm/elf.h
@@ -381,13 +381,16 @@ extern const char *__elf_platform;
@@ -6510,7 +6510,7 @@ index b336037..5b874cc 100644
/*
diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h
-index d6d1928..ce4f822 100644
+index bc3fc4f..e2483f0 100644
--- a/arch/mips/include/asm/pgtable.h
+++ b/arch/mips/include/asm/pgtable.h
@@ -20,6 +20,9 @@
@@ -6869,10 +6869,10 @@ index d255a2a..916271c 100644
info.si_code = FPE_INTOVF;
info.si_signo = SIGFPE;
diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
-index e3b21e5..ea5ff7c 100644
+index 270bbd4..c01932a 100644
--- a/arch/mips/kvm/mips.c
+++ b/arch/mips/kvm/mips.c
-@@ -805,7 +805,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg)
+@@ -815,7 +815,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg)
return r;
}
@@ -8825,10 +8825,22 @@ index 9485b43..3bd3c16 100644
static inline unsigned long clear_user(void __user *addr, unsigned long size)
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
-index 502cf69..822e63b 100644
+index 502cf69..53936a1 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
-@@ -27,6 +27,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog
+@@ -15,6 +15,11 @@ CFLAGS_prom_init.o += -fPIC
+ CFLAGS_btext.o += -fPIC
+ endif
+
++CFLAGS_REMOVE_cputable.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS)
++CFLAGS_REMOVE_prom_init.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS)
++CFLAGS_REMOVE_btext.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS)
++CFLAGS_REMOVE_prom.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS)
++
+ ifdef CONFIG_FUNCTION_TRACER
+ # Do not trace early boot code
+ CFLAGS_REMOVE_cputable.o = -pg -mno-sched-epilog
+@@ -27,6 +32,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog
CFLAGS_REMOVE_time.o = -pg -mno-sched-epilog
endif
@@ -12770,7 +12782,7 @@ index bd49ec6..94c7f58 100644
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index 6a1a845..0ad2dae 100644
+index 30c0acf..48c3a77 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)
@@ -12825,6 +12837,21 @@ index a53440e..c3dbf1e 100644
ENDPROC(efi_call_phys)
.previous
+diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S
+index 630384a..278e788 100644
+--- a/arch/x86/boot/compressed/efi_thunk_64.S
++++ b/arch/x86/boot/compressed/efi_thunk_64.S
+@@ -189,8 +189,8 @@ efi_gdt64:
+ .long 0 /* Filled out by user */
+ .word 0
+ .quad 0x0000000000000000 /* NULL descriptor */
+- .quad 0x00af9a000000ffff /* __KERNEL_CS */
+- .quad 0x00cf92000000ffff /* __KERNEL_DS */
++ .quad 0x00af9b000000ffff /* __KERNEL_CS */
++ .quad 0x00cf93000000ffff /* __KERNEL_DS */
+ .quad 0x0080890000000000 /* TS descriptor */
+ .quad 0x0000000000000000 /* TS continued */
+ efi_gdt64_end:
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index 1d7fbbc..36ecd58 100644
--- a/arch/x86/boot/compressed/head_32.S
@@ -20591,10 +20618,10 @@ index 8f1e774..9b4c381 100644
obj-$(CONFIG_X86_64) += mcount_64.o
obj-y += syscall_$(BITS).o vsyscall_gtod.o
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
-index a142e77..6222cdd 100644
+index a3eadfd..56fdd27 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
-@@ -1276,7 +1276,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
+@@ -1282,7 +1282,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
* If your system is blacklisted here, but you find that acpi=force
* works for you, please contact linux-acpi@vger.kernel.org
*/
@@ -20603,7 +20630,7 @@ index a142e77..6222cdd 100644
/*
* Boxes that need ACPI disabled
*/
-@@ -1351,7 +1351,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
+@@ -1357,7 +1357,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
};
/* second table for DMI checks that should run after early-quirks */
@@ -23079,7 +23106,7 @@ index 344b63f..55adf14 100644
#endif
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index c0226ab..0d1dc48 100644
+index c0226ab..386eb53 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -23674,7 +23701,7 @@ index c0226ab..0d1dc48 100644
/*
* A newly forked process directly context switches into this address.
-@@ -331,7 +793,7 @@ ENTRY(ret_from_fork)
+@@ -331,25 +793,26 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23682,9 +23709,19 @@ index c0226ab..0d1dc48 100644
+ testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
jz 1f
- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -341,15 +803,13 @@ ENTRY(ret_from_fork)
- jmp ret_from_sys_call # go to the SYSRET fastpath
+- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
+- jnz int_ret_from_sys_call
+-
+- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET
+- jmp ret_from_sys_call # go to the SYSRET fastpath
++ /*
++ * By the time we get here, we have no idea whether our pt_regs,
++ * ti flags, and ti status came from the 64-bit SYSCALL fast path,
++ * the slow path, or one of the ia32entry paths.
++ * Use int_ret_from_sys_call to return, since it can safely handle
++ * all of the above.
++ */
++ jmp int_ret_from_sys_call
1:
- subq $REST_SKIP, %rsp # leave space for volatiles
@@ -23700,7 +23737,7 @@ index c0226ab..0d1dc48 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -386,7 +846,7 @@ END(ret_from_fork)
+@@ -386,7 +849,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23709,7 +23746,7 @@ index c0226ab..0d1dc48 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -399,16 +859,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -399,16 +862,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23735,7 +23772,7 @@ index c0226ab..0d1dc48 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -432,10 +899,13 @@ sysret_check:
+@@ -432,10 +902,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -23750,7 +23787,7 @@ index c0226ab..0d1dc48 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -494,12 +964,15 @@ sysret_audit:
+@@ -494,12 +967,15 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
@@ -23768,7 +23805,7 @@ index c0226ab..0d1dc48 100644
jmp system_call_fastpath /* and return to the fast path */
tracesys_phase2:
-@@ -510,12 +983,14 @@ tracesys_phase2:
+@@ -510,12 +986,14 @@ tracesys_phase2:
movq %rax,%rdx
call syscall_trace_enter_phase2
@@ -23784,7 +23821,7 @@ index c0226ab..0d1dc48 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -545,7 +1020,9 @@ GLOBAL(int_with_check)
+@@ -545,7 +1023,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -23795,7 +23832,7 @@ index c0226ab..0d1dc48 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -591,7 +1068,7 @@ int_restore_rest:
+@@ -591,7 +1071,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -23804,7 +23841,7 @@ index c0226ab..0d1dc48 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -604,9 +1081,10 @@ ENTRY(stub_\func)
+@@ -604,9 +1084,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -23817,7 +23854,7 @@ index c0226ab..0d1dc48 100644
.endm
.macro FIXED_FRAME label,func
-@@ -616,9 +1094,10 @@ ENTRY(\label)
+@@ -616,9 +1097,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -23829,7 +23866,7 @@ index c0226ab..0d1dc48 100644
.endm
FORK_LIKE clone
-@@ -626,19 +1105,6 @@ END(\label)
+@@ -626,19 +1108,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -23849,7 +23886,7 @@ index c0226ab..0d1dc48 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -650,7 +1116,7 @@ ENTRY(stub_execve)
+@@ -650,7 +1119,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23858,7 +23895,7 @@ index c0226ab..0d1dc48 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -667,7 +1133,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -667,7 +1136,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23867,7 +23904,7 @@ index c0226ab..0d1dc48 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -681,7 +1147,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -681,7 +1150,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23876,7 +23913,7 @@ index c0226ab..0d1dc48 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -695,7 +1161,7 @@ ENTRY(stub_x32_execve)
+@@ -695,7 +1164,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23885,7 +23922,7 @@ index c0226ab..0d1dc48 100644
#endif
-@@ -732,7 +1198,7 @@ vector=vector+1
+@@ -732,7 +1201,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -23894,7 +23931,7 @@ index c0226ab..0d1dc48 100644
.previous
END(interrupt)
-@@ -749,8 +1215,8 @@ END(interrupt)
+@@ -749,8 +1218,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -23905,7 +23942,7 @@ index c0226ab..0d1dc48 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -773,14 +1239,14 @@ ret_from_intr:
+@@ -773,14 +1242,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -23924,7 +23961,7 @@ index c0226ab..0d1dc48 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -802,12 +1268,35 @@ retint_swapgs: /* return to user-space */
+@@ -802,12 +1271,35 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -23960,7 +23997,7 @@ index c0226ab..0d1dc48 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -845,15 +1334,15 @@ native_irq_return_ldt:
+@@ -845,15 +1337,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr),%rdi
movq %rax,(0*8)(%rdi) /* RAX */
@@ -23981,7 +24018,7 @@ index c0226ab..0d1dc48 100644
movq %rax,(4*8)(%rdi)
andl $0xffff0000,%eax
popq_cfi %rdi
-@@ -907,7 +1396,7 @@ ENTRY(retint_kernel)
+@@ -907,7 +1399,7 @@ ENTRY(retint_kernel)
jmp exit_intr
#endif
CFI_ENDPROC
@@ -23990,7 +24027,7 @@ index c0226ab..0d1dc48 100644
/*
* APIC interrupts.
-@@ -921,7 +1410,7 @@ ENTRY(\sym)
+@@ -921,7 +1413,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -23999,7 +24036,7 @@ index c0226ab..0d1dc48 100644
.endm
#ifdef CONFIG_TRACING
-@@ -994,7 +1483,7 @@ apicinterrupt IRQ_WORK_VECTOR \
+@@ -994,7 +1486,7 @@ apicinterrupt IRQ_WORK_VECTOR \
/*
* Exception entry points.
*/
@@ -24008,7 +24045,7 @@ index c0226ab..0d1dc48 100644
.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
ENTRY(\sym)
-@@ -1045,6 +1534,12 @@ ENTRY(\sym)
+@@ -1045,6 +1537,12 @@ ENTRY(\sym)
.endif
.if \shift_ist != -1
@@ -24021,7 +24058,7 @@ index c0226ab..0d1dc48 100644
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist)
.endif
-@@ -1061,7 +1556,7 @@ ENTRY(\sym)
+@@ -1061,7 +1559,7 @@ ENTRY(\sym)
.endif
CFI_ENDPROC
@@ -24030,7 +24067,7 @@ index c0226ab..0d1dc48 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1102,9 +1597,10 @@ gs_change:
+@@ -1102,9 +1600,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -24042,7 +24079,7 @@ index c0226ab..0d1dc48 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1132,9 +1628,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1132,9 +1631,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -24054,7 +24091,7 @@ index c0226ab..0d1dc48 100644
#ifdef CONFIG_XEN
idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
-@@ -1172,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1172,7 +1672,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -24063,7 +24100,7 @@ index c0226ab..0d1dc48 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1231,7 +1728,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1231,7 +1731,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -24072,7 +24109,7 @@ index c0226ab..0d1dc48 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1278,18 +1775,33 @@ ENTRY(paranoid_exit)
+@@ -1278,18 +1778,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -24108,7 +24145,7 @@ index c0226ab..0d1dc48 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1318,7 +1830,7 @@ paranoid_schedule:
+@@ -1318,7 +1833,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -24117,7 +24154,7 @@ index c0226ab..0d1dc48 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1345,12 +1857,23 @@ ENTRY(error_entry)
+@@ -1345,12 +1860,23 @@ ENTRY(error_entry)
movq %r14, R14+8(%rsp)
movq %r15, R15+8(%rsp)
xorl %ebx,%ebx
@@ -24142,7 +24179,7 @@ index c0226ab..0d1dc48 100644
ret
/*
-@@ -1385,7 +1908,7 @@ error_bad_iret:
+@@ -1385,7 +1911,7 @@ error_bad_iret:
decl %ebx /* Return to usergs */
jmp error_sti
CFI_ENDPROC
@@ -24151,7 +24188,7 @@ index c0226ab..0d1dc48 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1396,7 +1919,7 @@ ENTRY(error_exit)
+@@ -1396,7 +1922,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -24160,7 +24197,7 @@ index c0226ab..0d1dc48 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1405,7 +1928,7 @@ ENTRY(error_exit)
+@@ -1405,7 +1931,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -24169,7 +24206,7 @@ index c0226ab..0d1dc48 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1463,9 +1986,11 @@ ENTRY(nmi)
+@@ -1463,9 +1989,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -24182,7 +24219,7 @@ index c0226ab..0d1dc48 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1499,8 +2024,7 @@ nested_nmi:
+@@ -1499,8 +2027,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24192,7 +24229,7 @@ index c0226ab..0d1dc48 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1518,6 +2042,7 @@ nested_nmi_out:
+@@ -1518,6 +2045,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -24200,7 +24237,7 @@ index c0226ab..0d1dc48 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1614,13 +2139,13 @@ end_repeat_nmi:
+@@ -1614,13 +2142,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24216,7 +24253,7 @@ index c0226ab..0d1dc48 100644
DEFAULT_FRAME 0
/*
-@@ -1630,9 +2155,9 @@ end_repeat_nmi:
+@@ -1630,9 +2158,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24228,7 +24265,7 @@ index c0226ab..0d1dc48 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1641,29 +2166,34 @@ end_repeat_nmi:
+@@ -1641,29 +2169,34 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -28902,7 +28939,7 @@ index ed70394..c629a68 100644
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 506488c..f8df17e 100644
+index 8b92cf4..ee50439 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -732,6 +732,8 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4);
@@ -28914,7 +28951,7 @@ index 506488c..f8df17e 100644
if (cr3 == kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) {
kvm_mmu_sync_roots(vcpu);
kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
-@@ -1878,8 +1880,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1879,8 +1881,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
@@ -28925,7 +28962,7 @@ index 506488c..f8df17e 100644
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2806,6 +2808,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2807,6 +2809,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
@@ -28934,7 +28971,7 @@ index 506488c..f8df17e 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -5743,7 +5747,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5744,7 +5748,7 @@ static struct notifier_block pvclock_gtod_notifier = {
};
#endif
@@ -32499,7 +32536,7 @@ index 4d8ee82..ffc1011 100644
+ return ret ? -EFAULT : 0;
+}
diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index 207d9aef..69030980 100644
+index 448ee89..88fe381 100644
--- a/arch/x86/mm/gup.c
+++ b/arch/x86/mm/gup.c
@@ -268,7 +268,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
@@ -32539,10 +32576,10 @@ index 4500142..53a363c 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index 8b977eb..4732c33 100644
+index 006cc91..bf05a83 100644
--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
-@@ -80,23 +80,24 @@ int pud_huge(pud_t pud)
+@@ -86,23 +86,24 @@ int pud_huge(pud_t pud)
#ifdef CONFIG_HUGETLB_PAGE
static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
unsigned long addr, unsigned long len,
@@ -32570,7 +32607,7 @@ index 8b977eb..4732c33 100644
{
struct hstate *h = hstate_file(file);
struct vm_unmapped_area_info info;
-@@ -108,6 +109,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+@@ -114,6 +115,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
info.high_limit = current->mm->mmap_base;
info.align_mask = PAGE_MASK & ~huge_page_mask(h);
info.align_offset = 0;
@@ -32578,7 +32615,7 @@ index 8b977eb..4732c33 100644
addr = vm_unmapped_area(&info);
/*
-@@ -120,6 +122,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+@@ -126,6 +128,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
VM_BUG_ON(addr != -ENOMEM);
info.flags = 0;
info.low_limit = TASK_UNMAPPED_BASE;
@@ -32591,7 +32628,7 @@ index 8b977eb..4732c33 100644
info.high_limit = TASK_SIZE;
addr = vm_unmapped_area(&info);
}
-@@ -134,10 +142,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -140,10 +148,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
struct hstate *h = hstate_file(file);
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
@@ -32613,7 +32650,7 @@ index 8b977eb..4732c33 100644
return -ENOMEM;
if (flags & MAP_FIXED) {
-@@ -146,19 +164,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -152,19 +170,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
return addr;
}
@@ -33345,10 +33382,10 @@ index b4f2e7e..96c9c3e 100644
pte = kmemcheck_pte_lookup(address);
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
-index 919b912..9267313 100644
+index df4552b..12c129c 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
-@@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void)
+@@ -52,7 +52,7 @@ static unsigned long stack_maxrandom_size(void)
* Leave an at least ~128 MB hole with possible stack randomization.
*/
#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
@@ -34949,7 +34986,7 @@ index 040192b..7d3300f 100644
.long 0
efi_rt_function_ptr:
diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S
-index 5fcda72..cd4dc41 100644
+index 86d0f9e..6d499f4 100644
--- a/arch/x86/platform/efi/efi_stub_64.S
+++ b/arch/x86/platform/efi/efi_stub_64.S
@@ -11,6 +11,7 @@
@@ -34968,17 +35005,6 @@ index 5fcda72..cd4dc41 100644
ret
ENDPROC(efi_call)
-@@ -245,8 +247,8 @@ efi_gdt64:
- .long 0 /* Filled out by user */
- .word 0
- .quad 0x0000000000000000 /* NULL descriptor */
-- .quad 0x00af9a000000ffff /* __KERNEL_CS */
-- .quad 0x00cf92000000ffff /* __KERNEL_DS */
-+ .quad 0x00af9b000000ffff /* __KERNEL_CS */
-+ .quad 0x00cf93000000ffff /* __KERNEL_DS */
- .quad 0x0080890000000000 /* TS descriptor */
- .quad 0x0000000000000000 /* TS continued */
- efi_gdt64_end:
diff --git a/arch/x86/platform/intel-mid/intel-mid.c b/arch/x86/platform/intel-mid/intel-mid.c
index 1bbedc4..eb795b5 100644
--- a/arch/x86/platform/intel-mid/intel-mid.c
@@ -38948,7 +38974,7 @@ index 0ea9986..e7b07e4 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 04645c0..6416f00 100644
+index 9cd6968..6416f00 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -289,9 +289,6 @@
@@ -38974,30 +39000,6 @@ index 04645c0..6416f00 100644
static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
-@@ -569,19 +566,19 @@ static void fast_mix(struct fast_pool *f)
- __u32 c = f->pool[2], d = f->pool[3];
-
- a += b; c += d;
-- b = rol32(a, 6); d = rol32(c, 27);
-+ b = rol32(b, 6); d = rol32(d, 27);
- d ^= a; b ^= c;
-
- a += b; c += d;
-- b = rol32(a, 16); d = rol32(c, 14);
-+ b = rol32(b, 16); d = rol32(d, 14);
- d ^= a; b ^= c;
-
- a += b; c += d;
-- b = rol32(a, 6); d = rol32(c, 27);
-+ b = rol32(b, 6); d = rol32(d, 27);
- d ^= a; b ^= c;
-
- a += b; c += d;
-- b = rol32(a, 16); d = rol32(c, 14);
-+ b = rol32(b, 16); d = rol32(d, 14);
- d ^= a; b ^= c;
-
- f->pool[0] = a; f->pool[1] = b;
@@ -635,7 +632,7 @@ retry:
/* The +2 corresponds to the /4 in the denominator */
@@ -39287,7 +39289,7 @@ index f657c57..31d97ae 100644
ret = cpufreq_register_driver(&dt_cpufreq_driver);
if (ret)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index 4473eba..a4c9dc2 100644
+index e3bf702..4dbf06c 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -2122,7 +2122,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
@@ -44876,10 +44878,10 @@ index 3e6d115..ffecdeb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 40b35be..a327e11 100644
+index 2f2f38f..f6a8ebe 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1932,7 +1932,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
@@ -44888,7 +44890,7 @@ index 40b35be..a327e11 100644
}
sectors -= s;
sect += s;
-@@ -2164,7 +2164,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2165,7 +2165,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
!test_bit(Faulty, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -44961,7 +44963,7 @@ index 32e282f..5cec803 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index b98765f..09e86d5 100644
+index 8577cc7..e80e05d 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1730,6 +1730,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash)
@@ -48537,7 +48539,7 @@ index bfb0b6e..5c396ce 100644
};
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index 880cc09..6a68ba6 100644
+index 880cc09..764aee1 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev)
@@ -48549,7 +48551,33 @@ index 880cc09..6a68ba6 100644
.kind = "macvtap",
.setup = macvtap_setup,
.newlink = macvtap_newlink,
-@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
+@@ -637,12 +637,15 @@ static void macvtap_skb_to_vnet_hdr(const struct sk_buff *skb,
+ } /* else everything is zero */
+ }
+
++/* Neighbour code has some assumptions on HH_DATA_MOD alignment */
++#define MACVTAP_RESERVE HH_DATA_OFF(ETH_HLEN)
++
+ /* Get packet from user space buffer */
+ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
+ const struct iovec *iv, unsigned long total_len,
+ size_t count, int noblock)
+ {
+- int good_linear = SKB_MAX_HEAD(NET_IP_ALIGN);
++ int good_linear = SKB_MAX_HEAD(MACVTAP_RESERVE);
+ struct sk_buff *skb;
+ struct macvlan_dev *vlan;
+ unsigned long len = total_len;
+@@ -701,7 +704,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
+ linear = vnet_hdr.hdr_len;
+ }
+
+- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen,
++ skb = macvtap_alloc_skb(&q->sk, MACVTAP_RESERVE, copylen,
+ linear, noblock, &err);
+ if (!skb)
+ goto err;
+@@ -1020,7 +1023,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
}
ret = 0;
@@ -48558,7 +48586,7 @@ index 880cc09..6a68ba6 100644
put_user(q->flags, &ifr->ifr_flags))
ret = -EFAULT;
macvtap_put_vlan(vlan);
-@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1190,7 +1193,7 @@ static int macvtap_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -52059,7 +52087,7 @@ index dd8c8d6..4cdf6a1 100644
if (!sdp->request_queue->rq_timeout) {
if (sdp->type != TYPE_MOD)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index 6035444..c82edd4 100644
+index 843594c..b1dc3b2 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1138,7 +1138,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
@@ -53179,10 +53207,10 @@ index 47ca0f3..3c0b803 100644
}
EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index 7c4447a..70fbc1e 100644
+index 082304d..d8360ec 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
-@@ -830,8 +830,10 @@ static void __init unix98_pty_init(void)
+@@ -833,8 +833,10 @@ static void __init unix98_pty_init(void)
panic("Couldn't register Unix98 pts driver");
/* Now create the /dev/ptmx special device */
@@ -54299,7 +54327,7 @@ index 0b59731..46ee7d1 100644
dev->rawdescriptors[i] + (*ppos - pos),
min(len, alloclen))) {
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index a6efb41..6f72549b 100644
+index 0009fc8..483f7e5 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1551,7 +1551,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
@@ -54321,7 +54349,7 @@ index a6efb41..6f72549b 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index b649fef..c7107a0 100644
+index 2246954..d75b0b1 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -26,6 +26,7 @@
@@ -54344,7 +54372,7 @@ index b649fef..c7107a0 100644
unit_load = 150;
else
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
-index f7b7713..23d07ec 100644
+index f368d20..0c30ac5 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -128,7 +128,7 @@ static int usb_internal_control_msg(struct usb_device *usb_dev,
@@ -54388,7 +54416,7 @@ index 1236c60..d47a51c 100644
static DEVICE_ATTR_RO(urbnum);
diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
-index 2dd2362..1135437 100644
+index 29ee936..55e3f99 100644
--- a/drivers/usb/core/usb.c
+++ b/drivers/usb/core/usb.c
@@ -433,7 +433,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent,
@@ -58550,7 +58578,7 @@ index 929dec0..84bd914 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex))
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index d8fc060..cbd44d5 100644
+index e1efcaa..ff55158 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -34,6 +34,7 @@
@@ -59067,7 +59095,7 @@ index d8fc060..cbd44d5 100644
* libraries. There is no binary dependent code anywhere else.
@@ -556,6 +917,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
{
- unsigned int random_variable = 0;
+ unsigned long random_variable = 0;
+#ifdef CONFIG_PAX_RANDUSTACK
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
@@ -59076,8 +59104,8 @@ index d8fc060..cbd44d5 100644
+
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
- random_variable = get_random_int() & STACK_RND_MASK;
-@@ -574,7 +940,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ random_variable = (unsigned long) get_random_int();
+@@ -575,7 +941,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
@@ -59086,7 +59114,7 @@ index d8fc060..cbd44d5 100644
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int retval, i;
-@@ -589,6 +955,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -590,6 +956,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
struct elfhdr elf_ex;
struct elfhdr interp_elf_ex;
} *loc;
@@ -59094,7 +59122,7 @@ index d8fc060..cbd44d5 100644
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
-@@ -726,6 +1093,77 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -727,6 +1094,77 @@ static int load_elf_binary(struct linux_binprm *bprm)
/* Do this immediately, since STACK_TOP as used in setup_arg_pages
may depend on the personality. */
SET_PERSONALITY(loc->elf_ex);
@@ -59172,7 +59200,7 @@ index d8fc060..cbd44d5 100644
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -811,6 +1249,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -812,6 +1250,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
@@ -59193,7 +59221,7 @@ index d8fc060..cbd44d5 100644
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -842,9 +1294,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -843,9 +1295,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
@@ -59206,7 +59234,7 @@ index d8fc060..cbd44d5 100644
/* set_brk can never work. Avoid overflows. */
retval = -EINVAL;
goto out_free_dentry;
-@@ -880,16 +1332,43 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -881,16 +1333,43 @@ static int load_elf_binary(struct linux_binprm *bprm)
if (retval)
goto out_free_dentry;
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -59255,7 +59283,7 @@ index d8fc060..cbd44d5 100644
load_bias);
if (!IS_ERR((void *)elf_entry)) {
/*
-@@ -1115,7 +1594,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1116,7 +1595,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -59264,7 +59292,7 @@ index d8fc060..cbd44d5 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1153,7 +1632,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1154,7 +1633,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -59273,7 +59301,7 @@ index d8fc060..cbd44d5 100644
goto whole;
/*
-@@ -1360,9 +1839,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1361,9 +1840,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -59285,7 +59313,7 @@ index d8fc060..cbd44d5 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1371,7 +1850,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
+@@ -1372,7 +1851,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
{
mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -59294,7 +59322,7 @@ index d8fc060..cbd44d5 100644
set_fs(old_fs);
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
}
-@@ -1995,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -1996,14 +2475,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -59311,7 +59339,7 @@ index d8fc060..cbd44d5 100644
return size;
}
-@@ -2093,7 +2572,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2094,7 +2573,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -59320,7 +59348,7 @@ index d8fc060..cbd44d5 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -2121,7 +2600,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2122,7 +2601,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -59329,7 +59357,7 @@ index d8fc060..cbd44d5 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2154,7 +2633,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2155,7 +2634,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -59338,7 +59366,7 @@ index d8fc060..cbd44d5 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2195,6 +2674,167 @@ out:
+@@ -2196,6 +2675,167 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -59520,7 +59548,7 @@ index 1d9c9f3..2905786 100644
else if (whole->bd_holder != NULL)
return false; /* is a partition of a held device */
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index 150822e..75bb326 100644
+index c81ce0c..0d23e5c 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1173,9 +1173,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
@@ -64884,7 +64912,7 @@ index bbde147..f4deeba 100644
get_mnt_ns(mnt_ns);
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
-index f4ccfe6..a5cf064 100644
+index 02f8d09..a5c25d1 100644
--- a/fs/nfs/callback_xdr.c
+++ b/fs/nfs/callback_xdr.c
@@ -51,7 +51,7 @@ struct callback_op {
@@ -67147,7 +67175,7 @@ index 510413eb..34d9a8c 100644
seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 4e0388c..fc6a0e1 100644
+index e8972bc..64ee778 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -13,12 +13,19 @@
@@ -67313,7 +67341,7 @@ index 4e0388c..fc6a0e1 100644
mss.resident >> 10,
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
mss.shared_clean >> 10,
-@@ -1447,6 +1497,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1451,6 +1501,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
char buffer[64];
int nid;
@@ -67327,7 +67355,7 @@ index 4e0388c..fc6a0e1 100644
if (!mm)
return 0;
-@@ -1468,11 +1525,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1472,11 +1529,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy);
}
@@ -68255,7 +68283,7 @@ index 64e83ef..b6be154 100644
}
fdput(f);
diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
-index 79c9819..22226b4 100644
+index 661666e..e1c7ec2 100644
--- a/fs/xfs/libxfs/xfs_bmap.c
+++ b/fs/xfs/libxfs/xfs_bmap.c
@@ -583,7 +583,7 @@ xfs_bmap_validate_ret(
@@ -81386,10 +81414,10 @@ index 115bb81..e7b812b 100644
/*
* fscache cached network filesystem type
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
-index 1c804b0..1432c2b 100644
+index 7ee1774..72505b8 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
-@@ -195,6 +195,9 @@ static inline void fsnotify_access(struct file *file)
+@@ -197,6 +197,9 @@ static inline void fsnotify_access(struct file *file)
struct inode *inode = file_inode(file);
__u32 mask = FS_ACCESS;
@@ -81399,7 +81427,7 @@ index 1c804b0..1432c2b 100644
if (S_ISDIR(inode->i_mode))
mask |= FS_ISDIR;
-@@ -213,6 +216,9 @@ static inline void fsnotify_modify(struct file *file)
+@@ -215,6 +218,9 @@ static inline void fsnotify_modify(struct file *file)
struct inode *inode = file_inode(file);
__u32 mask = FS_MODIFY;
@@ -81409,7 +81437,7 @@ index 1c804b0..1432c2b 100644
if (S_ISDIR(inode->i_mode))
mask |= FS_ISDIR;
-@@ -315,7 +321,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid)
+@@ -317,7 +323,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid)
*/
static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name)
{
@@ -84643,7 +84671,7 @@ index 34a1e10..70f6bde 100644
struct proc_ns {
void *ns;
diff --git a/include/linux/quota.h b/include/linux/quota.h
-index 224fb81..9d85c41 100644
+index 8b0877f..b1071c5 100644
--- a/include/linux/quota.h
+++ b/include/linux/quota.h
@@ -70,7 +70,7 @@ struct kqid { /* Type in which we store the quota identifier */
@@ -85628,7 +85656,7 @@ index 07d8e53..dc934c9 100644
#endif /* _LINUX_SUNRPC_ADDR_H */
diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
-index 70736b9..37f33db 100644
+index b363a0f..f09861d 100644
--- a/include/linux/sunrpc/clnt.h
+++ b/include/linux/sunrpc/clnt.h
@@ -97,7 +97,7 @@ struct rpc_procinfo {
@@ -86060,10 +86088,10 @@ index 99c1b4d..562e6f3 100644
static inline void put_unaligned_le16(u16 val, void *p)
diff --git a/include/linux/usb.h b/include/linux/usb.h
-index 447a7e2..9cea7e9 100644
+index 3827bff..f1730fc 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
-@@ -571,7 +571,7 @@ struct usb_device {
+@@ -566,7 +566,7 @@ struct usb_device {
int maxchild;
u32 quirks;
@@ -86072,7 +86100,7 @@ index 447a7e2..9cea7e9 100644
unsigned long active_duration;
-@@ -1655,7 +1655,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
+@@ -1650,7 +1650,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
extern int usb_control_msg(struct usb_device *dev, unsigned int pipe,
__u8 request, __u8 requesttype, __u16 value, __u16 index,
@@ -88987,7 +89015,7 @@ index 1adf62b..7736e06 100644
}
EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint);
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
-index 379650b..30c5180 100644
+index 6ffdc96..af24441 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1977,7 +1977,7 @@ static int kdb_lsmod(int argc, const char **argv)
@@ -89248,10 +89276,17 @@ index 2116aac..d95df2a 100644
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 9b7d746..5b898ab 100644
+index 9b7d746..6083ebb 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -183,6 +183,48 @@ void thread_info_cache_init(void)
+@@ -177,12 +177,54 @@ static void free_thread_info(struct thread_info *ti)
+ void thread_info_cache_init(void)
+ {
+ thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE,
+- THREAD_SIZE, 0, NULL);
++ THREAD_SIZE, SLAB_USERCOPY, NULL);
+ BUG_ON(thread_info_cache == NULL);
+ }
# endif
#endif
@@ -94206,7 +94241,7 @@ index 124e2c7..762ca29 100644
/* make curr_ret_stack visible before we add the ret_stack */
smp_wmb();
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index a56e07c..d46f0ba 100644
+index f4fbbfc..ebb5622 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -352,9 +352,9 @@ struct buffer_data_page {
@@ -94221,7 +94256,7 @@ index a56e07c..d46f0ba 100644
unsigned long real_end; /* real end of data */
struct buffer_data_page *page; /* Actual data page */
};
-@@ -473,8 +473,8 @@ struct ring_buffer_per_cpu {
+@@ -476,8 +476,8 @@ struct ring_buffer_per_cpu {
unsigned long last_overrun;
local_t entries_bytes;
local_t entries;
@@ -94232,7 +94267,7 @@ index a56e07c..d46f0ba 100644
local_t dropped_events;
local_t committing;
local_t commits;
-@@ -1032,8 +1032,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1050,8 +1050,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
*
* We add a counter to the write field to denote this.
*/
@@ -94243,7 +94278,7 @@ index a56e07c..d46f0ba 100644
/*
* Just make sure we have seen our old_write and synchronize
-@@ -1061,8 +1061,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1079,8 +1079,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
* cmpxchg to only update if an interrupt did not already
* do it for us. If the cmpxchg fails, we don't care.
*/
@@ -94254,7 +94289,7 @@ index a56e07c..d46f0ba 100644
/*
* No need to worry about races with clearing out the commit.
-@@ -1429,12 +1429,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
+@@ -1448,12 +1448,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
static inline unsigned long rb_page_entries(struct buffer_page *bpage)
{
@@ -94269,7 +94304,7 @@ index a56e07c..d46f0ba 100644
}
static int
-@@ -1529,7 +1529,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
+@@ -1548,7 +1548,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
* bytes consumed in ring buffer from here.
* Increment overrun to account for the lost events.
*/
@@ -94278,7 +94313,7 @@ index a56e07c..d46f0ba 100644
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
}
-@@ -2091,7 +2091,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2110,7 +2110,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
* it is our responsibility to update
* the counters.
*/
@@ -94287,7 +94322,7 @@ index a56e07c..d46f0ba 100644
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
/*
-@@ -2241,7 +2241,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2260,7 +2260,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
if (tail == BUF_PAGE_SIZE)
tail_page->real_end = 0;
@@ -94296,7 +94331,7 @@ index a56e07c..d46f0ba 100644
return;
}
-@@ -2276,7 +2276,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2295,7 +2295,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
rb_event_set_padding(event);
/* Set the write back to the previous setting */
@@ -94305,7 +94340,7 @@ index a56e07c..d46f0ba 100644
return;
}
-@@ -2288,7 +2288,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2307,7 +2307,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
/* Set write to end of buffer */
length = (tail + length) - BUF_PAGE_SIZE;
@@ -94314,7 +94349,7 @@ index a56e07c..d46f0ba 100644
}
/*
-@@ -2314,7 +2314,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2333,7 +2333,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
* about it.
*/
if (unlikely(next_page == commit_page)) {
@@ -94323,7 +94358,7 @@ index a56e07c..d46f0ba 100644
goto out_reset;
}
-@@ -2370,7 +2370,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2389,7 +2389,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
cpu_buffer->tail_page) &&
(cpu_buffer->commit_page ==
cpu_buffer->reader_page))) {
@@ -94332,7 +94367,7 @@ index a56e07c..d46f0ba 100644
goto out_reset;
}
}
-@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2437,7 +2437,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
length += RB_LEN_TIME_EXTEND;
tail_page = cpu_buffer->tail_page;
@@ -94341,7 +94376,7 @@ index a56e07c..d46f0ba 100644
/* set write to only the index of the write */
write &= RB_WRITE_MASK;
-@@ -2442,7 +2442,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2461,7 +2461,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
kmemcheck_annotate_bitfield(event, bitfield);
rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
@@ -94350,7 +94385,7 @@ index a56e07c..d46f0ba 100644
/*
* If this is the first commit on the page, then update
-@@ -2475,7 +2475,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2494,7 +2494,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
unsigned long write_mask =
@@ -94359,7 +94394,7 @@ index a56e07c..d46f0ba 100644
unsigned long event_length = rb_event_length(event);
/*
* This is on the tail page. It is possible that
-@@ -2485,7 +2485,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2504,7 +2504,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
*/
old_index += write_mask;
new_index += write_mask;
@@ -94368,7 +94403,7 @@ index a56e07c..d46f0ba 100644
if (index == old_index) {
/* update counters */
local_sub(event_length, &cpu_buffer->entries_bytes);
-@@ -2877,7 +2877,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2907,7 +2907,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
/* Do the likely case first */
if (likely(bpage->page == (void *)addr)) {
@@ -94377,7 +94412,7 @@ index a56e07c..d46f0ba 100644
return;
}
-@@ -2889,7 +2889,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2919,7 +2919,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
start = bpage;
do {
if (bpage->page == (void *)addr) {
@@ -94386,7 +94421,7 @@ index a56e07c..d46f0ba 100644
return;
}
rb_inc_page(cpu_buffer, &bpage);
-@@ -3173,7 +3173,7 @@ static inline unsigned long
+@@ -3203,7 +3203,7 @@ static inline unsigned long
rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
{
return local_read(&cpu_buffer->entries) -
@@ -94395,7 +94430,7 @@ index a56e07c..d46f0ba 100644
}
/**
-@@ -3262,7 +3262,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3292,7 +3292,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
@@ -94404,7 +94439,7 @@ index a56e07c..d46f0ba 100644
return ret;
}
-@@ -3285,7 +3285,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3315,7 +3315,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
@@ -94413,7 +94448,7 @@ index a56e07c..d46f0ba 100644
return ret;
}
-@@ -3370,7 +3370,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3400,7 +3400,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
/* if you care about this being correct, lock the buffer */
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
@@ -94422,7 +94457,7 @@ index a56e07c..d46f0ba 100644
}
return overruns;
-@@ -3541,8 +3541,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3571,8 +3571,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
/*
* Reset the reader page to size zero.
*/
@@ -94433,7 +94468,7 @@ index a56e07c..d46f0ba 100644
local_set(&cpu_buffer->reader_page->page->commit, 0);
cpu_buffer->reader_page->real_end = 0;
-@@ -3576,7 +3576,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3606,7 +3606,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
* want to compare with the last_overrun.
*/
smp_mb();
@@ -94442,7 +94477,7 @@ index a56e07c..d46f0ba 100644
/*
* Here's the tricky part.
-@@ -4148,8 +4148,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4178,8 +4178,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
cpu_buffer->head_page
= list_entry(cpu_buffer->pages, struct buffer_page, list);
@@ -94453,7 +94488,7 @@ index a56e07c..d46f0ba 100644
local_set(&cpu_buffer->head_page->page->commit, 0);
cpu_buffer->head_page->read = 0;
-@@ -4159,14 +4159,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4189,14 +4189,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
INIT_LIST_HEAD(&cpu_buffer->new_pages);
@@ -94472,7 +94507,7 @@ index a56e07c..d46f0ba 100644
local_set(&cpu_buffer->dropped_events, 0);
local_set(&cpu_buffer->entries, 0);
local_set(&cpu_buffer->committing, 0);
-@@ -4571,8 +4571,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4601,8 +4601,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
rb_init_page(bpage);
bpage = reader->page;
reader->page = *data_page;
@@ -94484,7 +94519,7 @@ index a56e07c..d46f0ba 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 426962b..e8e2d9a 100644
+index 72c7134..581f360 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -3488,7 +3488,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
@@ -95786,7 +95821,7 @@ index 123bcd3..0de52ba 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 9fd7227..5628939 100644
+index f08fec7..8742ef8 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2258,6 +2258,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -101330,6 +101365,19 @@ index 8e385a0..a5bdd8e 100644
tty_port_close(&dev->port, tty, filp);
}
+diff --git a/net/bridge/br.c b/net/bridge/br.c
+index 44425af..4ee730e 100644
+--- a/net/bridge/br.c
++++ b/net/bridge/br.c
+@@ -147,6 +147,8 @@ static int __init br_init(void)
+ {
+ int err;
+
++ BUILD_BUG_ON(sizeof(struct br_input_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb));
++
+ err = stp_proto_register(&br_stp_proto);
+ if (err < 0) {
+ pr_err("bridge: can't register sap for STP\n");
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index e5ec470..cbfabd1 100644
--- a/net/bridge/br_netlink.c
@@ -102057,7 +102105,7 @@ index 443256b..bbff424 100644
pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index ca82629..66264f7 100644
+index ca82629..f168c36 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -102104,6 +102152,17 @@ index ca82629..66264f7 100644
goto nla_put_failure;
if (1) {
+@@ -2077,6 +2080,10 @@ replay:
+ if (IS_ERR(dest_net))
+ return PTR_ERR(dest_net);
+
++ err = -EPERM;
++ if (!netlink_ns_capable(skb, dest_net->user_ns, CAP_NET_ADMIN))
++ goto out;
++
+ dev = rtnl_create_link(dest_net, ifname, name_assign_type, ops, tb);
+ if (IS_ERR(dev)) {
+ err = PTR_ERR(dev);
diff --git a/net/core/scm.c b/net/core/scm.c
index b442e7e..6f5b5a2 100644
--- a/net/core/scm.c
@@ -103051,7 +103110,7 @@ index e90f83a..3e6acca 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 5638b17..22c8e65 100644
+index 5638b17..dec7fa3 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -103063,7 +103122,38 @@ index 5638b17..22c8e65 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -350,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk)
+ kgid_t low, high;
+ int ret = 0;
+
++ if (sk->sk_family == AF_INET6)
++ sk->sk_ipv6only = 1;
++
+ inet_get_ping_group_range_net(net, &low, &high);
+ if (gid_lte(low, group) && gid_lte(group, high))
+ return 0;
+@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+ if (addr_len < sizeof(*addr))
+ return -EINVAL;
+
++ if (addr->sin_family != AF_INET &&
++ !(addr->sin_family == AF_UNSPEC &&
++ addr->sin_addr.s_addr == htonl(INADDR_ANY)))
++ return -EAFNOSUPPORT;
++
+ pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n",
+ sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port));
+
+@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+ return -EINVAL;
+
+ if (addr->sin6_family != AF_INET6)
+- return -EINVAL;
++ return -EAFNOSUPPORT;
+
+ pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n",
+ sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port));
+@@ -350,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
return -ENODEV;
}
}
@@ -103072,7 +103162,7 @@ index 5638b17..22c8e65 100644
scoped);
rcu_read_unlock();
-@@ -558,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -558,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
}
#if IS_ENABLED(CONFIG_IPV6)
} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -103081,7 +103171,7 @@ index 5638b17..22c8e65 100644
#endif
}
-@@ -576,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -576,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
info, (u8 *)icmph);
#if IS_ENABLED(CONFIG_IPV6)
} else if (family == AF_INET6) {
@@ -103090,7 +103180,16 @@ index 5638b17..22c8e65 100644
info, (u8 *)icmph);
#endif
}
-@@ -910,10 +910,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m
+ if (msg->msg_namelen < sizeof(*usin))
+ return -EINVAL;
+ if (usin->sin_family != AF_INET)
+- return -EINVAL;
++ return -EAFNOSUPPORT;
+ daddr = usin->sin_addr.s_addr;
+ /* no remote port */
+ } else {
+@@ -910,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
}
if (inet6_sk(sk)->rxopt.all)
@@ -103103,7 +103202,7 @@ index 5638b17..22c8e65 100644
else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
ip_cmsg_recv(msg, skb);
#endif
-@@ -1108,7 +1108,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -1108,7 +1116,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -104114,10 +104213,23 @@ index 6f187c8..34b367f 100644
return -ENOMEM;
}
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
-index 5b7a1ed..d9da205 100644
+index 5b7a1ed..83e96de 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
-@@ -240,6 +240,24 @@ static struct pernet_operations ping_v6_net_ops = {
+@@ -102,9 +102,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+
+ if (msg->msg_name) {
+ DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name);
+- if (msg->msg_namelen < sizeof(struct sockaddr_in6) ||
+- u->sin6_family != AF_INET6) {
++ if (msg->msg_namelen < sizeof(*u))
+ return -EINVAL;
++ if (u->sin6_family != AF_INET6) {
++ return -EAFNOSUPPORT;
+ }
+ if (sk->sk_bound_dev_if &&
+ sk->sk_bound_dev_if != u->sin6_scope_id) {
+@@ -240,6 +241,24 @@ static struct pernet_operations ping_v6_net_ops = {
};
#endif
@@ -104142,7 +104254,7 @@ index 5b7a1ed..d9da205 100644
int __init pingv6_init(void)
{
#ifdef CONFIG_PROC_FS
-@@ -247,13 +265,7 @@ int __init pingv6_init(void)
+@@ -247,13 +266,7 @@ int __init pingv6_init(void)
if (ret)
return ret;
#endif
@@ -104157,7 +104269,7 @@ index 5b7a1ed..d9da205 100644
return inet6_register_protosw(&pingv6_protosw);
}
-@@ -262,14 +274,9 @@ int __init pingv6_init(void)
+@@ -262,14 +275,9 @@ int __init pingv6_init(void)
*/
void pingv6_exit(void)
{
@@ -105023,6 +105135,18 @@ index 6081329..ab23834 100644
return -EBUSY;
if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
+diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
+index 900632a2..80ce44f 100644
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -563,6 +563,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
+ if (tx->sdata->control_port_no_encrypt)
+ info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
+ info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
++ info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
+ }
+
+ return TX_CONTINUE;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 3c61060..7bed2e3 100644
--- a/net/mac80211/util.c
@@ -106903,10 +107027,10 @@ index 0663621..c4928d4 100644
goto out_nomem;
cd->u.procfs.channel_ent = NULL;
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index 9acd6ce..4353a72 100644
+index ae46f01..d337da8 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
-@@ -1428,7 +1428,9 @@ call_start(struct rpc_task *task)
+@@ -1430,7 +1430,9 @@ call_start(struct rpc_task *task)
(RPC_IS_ASYNC(task) ? "async" : "sync"));
/* Increment call count */
@@ -109689,10 +109813,10 @@ index 1450f85..a91e0bc 100644
}
rtnl_unlock();
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index d515ec2..8a4ca71 100644
+index 9d3c64a..76e336e 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
-@@ -4079,7 +4079,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+@@ -4081,7 +4081,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
return 0;
}
@@ -118386,10 +118510,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..f2bd55d
+index 0000000..1f45ba9
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,6031 @@
+@@ -0,0 +1,6032 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
+compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
@@ -119009,6 +119133,7 @@ index 0000000..f2bd55d
+tpl_write_6998 tpl_write 3 6998 NULL
+cipso_v4_gentag_enum_7006 cipso_v4_gentag_enum 0 7006 NULL
+tracing_cpumask_read_7010 tracing_cpumask_read 3 7010 NULL
++copy_items_7012 copy_items 7 7012 NULL
+ld_usb_write_7022 ld_usb_write 3 7022 NULL
+wimax_msg_7030 wimax_msg 4 7030 NULL
+ceph_kvmalloc_7033 ceph_kvmalloc 1 7033 NULL