aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-08-23 11:02:59 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-08-23 12:29:21 +0000
commit060652e8ca0e36494f89365ee971e2ce99b464c4 (patch)
tree70955e695bf40dda20621c574704d80127bf9ea1
parent9ed5cf8ffa47c6a4e1bb321b24f7e67f57f14fce (diff)
downloadalpine_aports-060652e8ca0e36494f89365ee971e2ce99b464c4.tar.bz2
alpine_aports-060652e8ca0e36494f89365ee971e2ce99b464c4.tar.xz
alpine_aports-060652e8ca0e36494f89365ee971e2ce99b464c4.zip
main/linux-grsec: upgrade kernel to 3.4.9
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD10
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.4.9-1.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.4.7-201208021520.patch)1371
-rw-r--r--main/linux-grsec/werror.patch11
3 files changed, 653 insertions, 739 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 55863a84a7..c0d2ac93fc 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
2 2
3_flavor=grsec 3_flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=3.4.7 5pkgver=3.4.9
6_kernver=3.4 6_kernver=3.4
7pkgrel=0 7pkgrel=0
8pkgdesc="Linux kernel with grsecurity" 8pkgdesc="Linux kernel with grsecurity"
@@ -14,8 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
14install= 14install=
15source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 15source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
16 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz 16 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
17 grsecurity-2.9.1-3.4.7-201208021520.patch 17 grsecurity-2.9.1-3.4.9-1.patch
18 werror.patch
19 18
20 0004-arp-flush-arp-cache-on-device-change.patch 19 0004-arp-flush-arp-cache-on-device-change.patch
21 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch 20 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch
@@ -141,9 +140,8 @@ dev() {
141} 140}
142 141
143md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz 142md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz
1445258bea05aa6d0a52fcaea28b1b74c29 patch-3.4.7.xz 143ffd1d2010b97fe45a62c9ce856ca224f patch-3.4.9.xz
145c3c70efdc12b99a9e32e3e132977a6d6 grsecurity-2.9.1-3.4.7-201208021520.patch 144eb144eed1f834e81862d7457baad686b grsecurity-2.9.1-3.4.9-1.patch
146bb5680b0268384b67ab5181fa2f9a0bf werror.patch
147776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 145776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
148cb6fcd6e966e73c87a839c4c0183f81f 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch 146cb6fcd6e966e73c87a839c4c0183f81f 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch
14950a13359236dbd676fa355f0b4fd27ff kernelconfig.x86 14750a13359236dbd676fa355f0b4fd27ff kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.4.7-201208021520.patch b/main/linux-grsec/grsecurity-2.9.1-3.4.9-1.patch
index 819bfbc39d..b08bf8c2c4 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.4.7-201208021520.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.4.9-1.patch
@@ -269,7 +269,7 @@ index 88fd7f5..b318a78 100644
269 ============================================================== 269 ==============================================================
270 270
271diff --git a/Makefile b/Makefile 271diff --git a/Makefile b/Makefile
272index e17a98c..e3197fa 100644 272index 9549547..dc17992 100644
273--- a/Makefile 273--- a/Makefile
274+++ b/Makefile 274+++ b/Makefile
275@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ 275@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -1180,13 +1180,11 @@ index 68374ba..cff7196 100644
1180 1180
1181 static inline u64 atomic64_add_return(u64 i, atomic64_t *v) 1181 static inline u64 atomic64_add_return(u64 i, atomic64_t *v)
1182 { 1182 {
1183- u64 result;
1184- unsigned long tmp;
1185+ u64 result, tmp; 1183+ u64 result, tmp;
1186 1184+
1187 smp_mb(); 1185+ smp_mb();
1188 1186+
1189 __asm__ __volatile__("@ atomic64_add_return\n" 1187+ __asm__ __volatile__("@ atomic64_add_return\n"
1190+"1: ldrexd %1, %H1, [%3]\n" 1188+"1: ldrexd %1, %H1, [%3]\n"
1191+" adds %0, %1, %4\n" 1189+" adds %0, %1, %4\n"
1192+" adcs %H0, %H1, %H4\n" 1190+" adcs %H0, %H1, %H4\n"
@@ -1219,19 +1217,21 @@ index 68374ba..cff7196 100644
1219+ 1217+
1220+static inline u64 atomic64_add_return_unchecked(u64 i, atomic64_unchecked_t *v) 1218+static inline u64 atomic64_add_return_unchecked(u64 i, atomic64_unchecked_t *v)
1221+{ 1219+{
1222+ u64 result; 1220 u64 result;
1223+ unsigned long tmp; 1221 unsigned long tmp;
1224+ 1222
1225+ smp_mb(); 1223 smp_mb();
1226+ 1224
1225- __asm__ __volatile__("@ atomic64_add_return\n"
1227+ __asm__ __volatile__("@ atomic64_add_return_unchecked\n" 1226+ __asm__ __volatile__("@ atomic64_add_return_unchecked\n"
1228 "1: ldrexd %0, %H0, [%3]\n" 1227 "1: ldrexd %0, %H0, [%3]\n"
1229 " adds %0, %0, %4\n" 1228 " adds %0, %0, %4\n"
1230 " adc %H0, %H0, %H4\n" 1229 " adc %H0, %H0, %H4\n"
1231@@ -318,6 +607,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) 1230@@ -318,23 +607,34 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
1232 __asm__ __volatile__("@ atomic64_sub\n" 1231 __asm__ __volatile__("@ atomic64_sub\n"
1233 "1: ldrexd %0, %H0, [%3]\n" 1232 "1: ldrexd %0, %H0, [%3]\n"
1234 " subs %0, %0, %4\n" 1233 " subs %0, %0, %4\n"
1234-" sbc %H0, %H0, %H4\n"
1235+" sbcs %H0, %H0, %H4\n" 1235+" sbcs %H0, %H0, %H4\n"
1236+ 1236+
1237+#ifdef CONFIG_PAX_REFCOUNT 1237+#ifdef CONFIG_PAX_REFCOUNT
@@ -1240,45 +1240,46 @@ index 68374ba..cff7196 100644
1240+"3:\n" 1240+"3:\n"
1241+#endif 1241+#endif
1242+ 1242+
1243+" strexd %1, %0, %H0, [%3]\n" 1243 " strexd %1, %0, %H0, [%3]\n"
1244+" teq %1, #0\n" 1244 " teq %1, #0\n"
1245+" bne 1b" 1245 " bne 1b"
1246+ 1246+
1247+#ifdef CONFIG_PAX_REFCOUNT 1247+#ifdef CONFIG_PAX_REFCOUNT
1248+"\n4:\n" 1248+"\n4:\n"
1249+ _ASM_EXTABLE(2b, 4b) 1249+ _ASM_EXTABLE(2b, 4b)
1250+#endif 1250+#endif
1251+ 1251+
1252+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) 1252 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
1253+ : "r" (&v->counter), "r" (i) 1253 : "r" (&v->counter), "r" (i)
1254+ : "cc"); 1254 : "cc");
1255+} 1255 }
1256+ 1256
1257-static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
1257+static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v) 1258+static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v)
1258+{ 1259 {
1259+ u64 result; 1260 u64 result;
1260+ unsigned long tmp; 1261 unsigned long tmp;
1261+ 1262
1263- smp_mb();
1264-
1265- __asm__ __volatile__("@ atomic64_sub_return\n"
1262+ __asm__ __volatile__("@ atomic64_sub_unchecked\n" 1266+ __asm__ __volatile__("@ atomic64_sub_unchecked\n"
1263+"1: ldrexd %0, %H0, [%3]\n" 1267 "1: ldrexd %0, %H0, [%3]\n"
1264+" subs %0, %0, %4\n" 1268 " subs %0, %0, %4\n"
1265 " sbc %H0, %H0, %H4\n" 1269 " sbc %H0, %H0, %H4\n"
1266 " strexd %1, %0, %H0, [%3]\n" 1270@@ -344,6 +644,39 @@ static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
1267 " teq %1, #0\n" 1271 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
1268@@ -329,18 +648,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) 1272 : "r" (&v->counter), "r" (i)
1269 1273 : "cc");
1270 static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) 1274+}
1271 { 1275+
1272- u64 result; 1276+static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
1273- unsigned long tmp; 1277+{
1274+ u64 result, tmp; 1278+ u64 result, tmp;
1275 1279+
1276 smp_mb(); 1280+ smp_mb();
1277 1281+
1278 __asm__ __volatile__("@ atomic64_sub_return\n" 1282+ __asm__ __volatile__("@ atomic64_sub_return\n"
1279-"1: ldrexd %0, %H0, [%3]\n"
1280-" subs %0, %0, %4\n"
1281-" sbc %H0, %H0, %H4\n"
1282+"1: ldrexd %1, %H1, [%3]\n" 1283+"1: ldrexd %1, %H1, [%3]\n"
1283+" subs %0, %1, %4\n" 1284+" subs %0, %1, %4\n"
1284+" sbc %H0, %H1, %H4\n" 1285+" sbc %H0, %H1, %H4\n"
@@ -1291,18 +1292,21 @@ index 68374ba..cff7196 100644
1291+"3:\n" 1292+"3:\n"
1292+#endif 1293+#endif
1293+ 1294+
1294 " strexd %1, %0, %H0, [%3]\n" 1295+" strexd %1, %0, %H0, [%3]\n"
1295 " teq %1, #0\n" 1296+" teq %1, #0\n"
1296 " bne 1b" 1297+" bne 1b"
1297+ 1298+
1298+#ifdef CONFIG_PAX_REFCOUNT 1299+#ifdef CONFIG_PAX_REFCOUNT
1299+"\n4:\n" 1300+"\n4:\n"
1300+ _ASM_EXTABLE(2b, 4b) 1301+ _ASM_EXTABLE(2b, 4b)
1301+#endif 1302+#endif
1302+ 1303+
1303 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) 1304+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
1304 : "r" (&v->counter), "r" (i) 1305+ : "r" (&v->counter), "r" (i)
1305 : "cc"); 1306+ : "cc");
1307
1308 smp_mb();
1309
1306@@ -374,6 +707,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) 1310@@ -374,6 +707,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
1307 return oldval; 1311 return oldval;
1308 } 1312 }
@@ -1435,7 +1439,7 @@ index 75fe66b..2255c86 100644
1435 /* 1439 /*
1436 * Memory returned by kmalloc() may be used for DMA, so we must make 1440 * Memory returned by kmalloc() may be used for DMA, so we must make
1437diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h 1441diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h
1438index 1252a26..9dc17b5 100644 1442index 42dec04..adcf84a 100644
1439--- a/arch/arm/include/asm/cacheflush.h 1443--- a/arch/arm/include/asm/cacheflush.h
1440+++ b/arch/arm/include/asm/cacheflush.h 1444+++ b/arch/arm/include/asm/cacheflush.h
1441@@ -108,7 +108,7 @@ struct cpu_cache_fns { 1445@@ -108,7 +108,7 @@ struct cpu_cache_fns {
@@ -1656,7 +1660,7 @@ index b57c75e..ed2d6b2 100644
1656 1660
1657 EXPORT_SYMBOL(__get_user_1); 1661 EXPORT_SYMBOL(__get_user_1);
1658diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c 1662diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
1659index 2b7b017..c380fa2 100644 1663index 48f3624..eabfb29 100644
1660--- a/arch/arm/kernel/process.c 1664--- a/arch/arm/kernel/process.c
1661+++ b/arch/arm/kernel/process.c 1665+++ b/arch/arm/kernel/process.c
1662@@ -28,7 +28,6 @@ 1666@@ -28,7 +28,6 @@
@@ -1667,7 +1671,7 @@ index 2b7b017..c380fa2 100644
1667 #include <linux/hw_breakpoint.h> 1671 #include <linux/hw_breakpoint.h>
1668 #include <linux/cpuidle.h> 1672 #include <linux/cpuidle.h>
1669 1673
1670@@ -275,9 +274,10 @@ void machine_power_off(void) 1674@@ -276,9 +275,10 @@ void machine_power_off(void)
1671 machine_shutdown(); 1675 machine_shutdown();
1672 if (pm_power_off) 1676 if (pm_power_off)
1673 pm_power_off(); 1677 pm_power_off();
@@ -1679,7 +1683,7 @@ index 2b7b017..c380fa2 100644
1679 { 1683 {
1680 machine_shutdown(); 1684 machine_shutdown();
1681 1685
1682@@ -519,12 +519,6 @@ unsigned long get_wchan(struct task_struct *p) 1686@@ -521,12 +521,6 @@ unsigned long get_wchan(struct task_struct *p)
1683 return 0; 1687 return 0;
1684 } 1688 }
1685 1689
@@ -1738,7 +1742,7 @@ index ebfac78..cbea9c0 100644
1738 #endif 1742 #endif
1739 1743
1740diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c 1744diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
1741index 63d402f..db1d714 100644 1745index a8ad1e3..859d689 100644
1742--- a/arch/arm/kernel/traps.c 1746--- a/arch/arm/kernel/traps.c
1743+++ b/arch/arm/kernel/traps.c 1747+++ b/arch/arm/kernel/traps.c
1744@@ -264,6 +264,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt 1748@@ -264,6 +264,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt
@@ -2363,7 +2367,7 @@ index 0f01de2..d37d309 100644
2363 #define __cacheline_aligned __aligned(L1_CACHE_BYTES) 2367 #define __cacheline_aligned __aligned(L1_CACHE_BYTES)
2364 #define ____cacheline_aligned __aligned(L1_CACHE_BYTES) 2368 #define ____cacheline_aligned __aligned(L1_CACHE_BYTES)
2365diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h 2369diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h
2366index 7d91166..88ab87e 100644 2370index 6e6fe18..a6ae668 100644
2367--- a/arch/ia64/include/asm/atomic.h 2371--- a/arch/ia64/include/asm/atomic.h
2368+++ b/arch/ia64/include/asm/atomic.h 2372+++ b/arch/ia64/include/asm/atomic.h
2369@@ -208,6 +208,16 @@ atomic64_add_negative (__s64 i, atomic64_t *v) 2373@@ -208,6 +208,16 @@ atomic64_add_negative (__s64 i, atomic64_t *v)
@@ -3955,7 +3959,7 @@ index 4aad413..85d86bf 100644
3955 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ 3959 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
3956 #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ 3960 #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
3957diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h 3961diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
3958index 9d7f0fb..a28fe69 100644 3962index cae0ed7..da44a51 100644
3959--- a/arch/powerpc/include/asm/reg.h 3963--- a/arch/powerpc/include/asm/reg.h
3960+++ b/arch/powerpc/include/asm/reg.h 3964+++ b/arch/powerpc/include/asm/reg.h
3961@@ -212,6 +212,7 @@ 3965@@ -212,6 +212,7 @@
@@ -4937,7 +4941,7 @@ index 60055ce..ee4b252 100644
4937- return ret; 4941- return ret;
4938-} 4942-}
4939diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c 4943diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
4940index 2857c48..d047481 100644 4944index a64fe53..5c66963 100644
4941--- a/arch/s390/mm/mmap.c 4945--- a/arch/s390/mm/mmap.c
4942+++ b/arch/s390/mm/mmap.c 4946+++ b/arch/s390/mm/mmap.c
4943@@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) 4947@@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
@@ -4963,7 +4967,7 @@ index 2857c48..d047481 100644
4963 mm->get_unmapped_area = arch_get_unmapped_area_topdown; 4967 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
4964 mm->unmap_area = arch_unmap_area_topdown; 4968 mm->unmap_area = arch_unmap_area_topdown;
4965 } 4969 }
4966@@ -166,10 +178,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) 4970@@ -174,10 +186,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
4967 */ 4971 */
4968 if (mmap_is_legacy()) { 4972 if (mmap_is_legacy()) {
4969 mm->mmap_base = TASK_UNMAPPED_BASE; 4973 mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -5722,13 +5726,13 @@ index a1091afb..380228e 100644
5722 { 5726 {
5723- unsigned long ret = ___copy_to_user(to, from, size); 5727- unsigned long ret = ___copy_to_user(to, from, size);
5724+ unsigned long ret; 5728+ unsigned long ret;
5725 5729+
5726+ if ((long)size < 0 || size > INT_MAX) 5730+ if ((long)size < 0 || size > INT_MAX)
5727+ return size; 5731+ return size;
5728+ 5732+
5729+ if (!__builtin_constant_p(size)) 5733+ if (!__builtin_constant_p(size))
5730+ check_object_size(from, size, true); 5734+ check_object_size(from, size, true);
5731+ 5735
5732+ ret = ___copy_to_user(to, from, size); 5736+ ret = ___copy_to_user(to, from, size);
5733 if (unlikely(ret)) 5737 if (unlikely(ret))
5734 ret = copy_to_user_fixup(to, from, size); 5738 ret = copy_to_user_fixup(to, from, size);
@@ -9607,6 +9611,11 @@ index 58cb6d4..a4b806c 100644
9607-#define atomic_clear_mask(mask, addr) \ 9611-#define atomic_clear_mask(mask, addr) \
9608- asm volatile(LOCK_PREFIX "andl %0,%1" \ 9612- asm volatile(LOCK_PREFIX "andl %0,%1" \
9609- : : "r" (~(mask)), "m" (*(addr)) : "memory") 9613- : : "r" (~(mask)), "m" (*(addr)) : "memory")
9614-
9615-#define atomic_set_mask(mask, addr) \
9616- asm volatile(LOCK_PREFIX "orl %0,%1" \
9617- : : "r" ((unsigned)(mask)), "m" (*(addr)) \
9618- : "memory")
9610+static inline void atomic_clear_mask(unsigned int mask, atomic_t *v) 9619+static inline void atomic_clear_mask(unsigned int mask, atomic_t *v)
9611+{ 9620+{
9612+ asm volatile(LOCK_PREFIX "andl %1,%0" 9621+ asm volatile(LOCK_PREFIX "andl %1,%0"
@@ -9614,11 +9623,7 @@ index 58cb6d4..a4b806c 100644
9614+ : "r" (~(mask)) 9623+ : "r" (~(mask))
9615+ : "memory"); 9624+ : "memory");
9616+} 9625+}
9617 9626+
9618-#define atomic_set_mask(mask, addr) \
9619- asm volatile(LOCK_PREFIX "orl %0,%1" \
9620- : : "r" ((unsigned)(mask)), "m" (*(addr)) \
9621- : "memory")
9622+static inline void atomic_clear_mask_unchecked(unsigned int mask, atomic_unchecked_t *v) 9627+static inline void atomic_clear_mask_unchecked(unsigned int mask, atomic_unchecked_t *v)
9623+{ 9628+{
9624+ asm volatile(LOCK_PREFIX "andl %1,%0" 9629+ asm volatile(LOCK_PREFIX "andl %1,%0"
@@ -11126,9 +11131,9 @@ index 6902152..da4283a 100644
11126+#endif 11131+#endif
11127+ 11132+
11128 } 11133 }
11129+#endif 11134- }
11130 } 11135 #endif
11131-#endif 11136+ }
11132 } 11137 }
11133 11138
11134 #define activate_mm(prev, next) \ 11139 #define activate_mm(prev, next) \
@@ -12422,15 +12427,7 @@ index 70bbe39..4ae2bd4 100644
12422- void *data, 12427- void *data,
12423- unsigned long *end, 12428- unsigned long *end,
12424- int *graph); 12429- int *graph);
12425+typedef unsigned long walk_stack_t(struct task_struct *task, 12430-
12426+ void *stack_start,
12427+ unsigned long *stack,
12428+ unsigned long bp,
12429+ const struct stacktrace_ops *ops,
12430+ void *data,
12431+ unsigned long *end,
12432+ int *graph);
12433
12434-extern unsigned long 12431-extern unsigned long
12435-print_context_stack(struct thread_info *tinfo, 12432-print_context_stack(struct thread_info *tinfo,
12436- unsigned long *stack, unsigned long bp, 12433- unsigned long *stack, unsigned long bp,
@@ -12442,6 +12439,15 @@ index 70bbe39..4ae2bd4 100644
12442- unsigned long *stack, unsigned long bp, 12439- unsigned long *stack, unsigned long bp,
12443- const struct stacktrace_ops *ops, void *data, 12440- const struct stacktrace_ops *ops, void *data,
12444- unsigned long *end, int *graph); 12441- unsigned long *end, int *graph);
12442+typedef unsigned long walk_stack_t(struct task_struct *task,
12443+ void *stack_start,
12444+ unsigned long *stack,
12445+ unsigned long bp,
12446+ const struct stacktrace_ops *ops,
12447+ void *data,
12448+ unsigned long *end,
12449+ int *graph);
12450+
12445+extern walk_stack_t print_context_stack; 12451+extern walk_stack_t print_context_stack;
12446+extern walk_stack_t print_context_stack_bp; 12452+extern walk_stack_t print_context_stack_bp;
12447 12453
@@ -12581,43 +12587,16 @@ index ad6df8c..5e0cf6e 100644
12581 12587
12582 /* Only used for 64 bit */ 12588 /* Only used for 64 bit */
12583 #define _TIF_DO_NOTIFY_MASK \ 12589 #define _TIF_DO_NOTIFY_MASK \
12584@@ -173,45 +171,40 @@ struct thread_info { 12590@@ -173,6 +171,23 @@ struct thread_info {
12585 ret; \ 12591 ret; \
12586 }) 12592 })
12587 12593
12588-#ifdef CONFIG_X86_32
12589-
12590-#define STACK_WARN (THREAD_SIZE/8)
12591-/*
12592- * macros/functions for gaining access to the thread information structure
12593- *
12594- * preempt_count needs to be 1 initially, until the scheduler is functional.
12595- */
12596-#ifndef __ASSEMBLY__
12597-
12598-
12599-/* how to get the current stack pointer from C */
12600-register unsigned long current_stack_pointer asm("esp") __used;
12601-
12602-/* how to get the thread information struct from C */
12603-static inline struct thread_info *current_thread_info(void)
12604-{
12605- return (struct thread_info *)
12606- (current_stack_pointer & ~(THREAD_SIZE - 1));
12607-}
12608-
12609-#else /* !__ASSEMBLY__ */
12610-
12611+#ifdef __ASSEMBLY__ 12594+#ifdef __ASSEMBLY__
12612 /* how to get the thread information struct from ASM */ 12595+/* how to get the thread information struct from ASM */
12613 #define GET_THREAD_INFO(reg) \ 12596+#define GET_THREAD_INFO(reg) \
12614- movl $-THREAD_SIZE, reg; \
12615- andl %esp, reg
12616+ mov PER_CPU_VAR(current_tinfo), reg 12597+ mov PER_CPU_VAR(current_tinfo), reg
12617 12598+
12618 /* use this one if reg already contains %esp */ 12599+/* use this one if reg already contains %esp */
12619-#define GET_THREAD_INFO_WITH_ESP(reg) \
12620- andl $-THREAD_SIZE, reg
12621+#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg) 12600+#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg)
12622+#else 12601+#else
12623+/* how to get the thread information struct from C */ 12602+/* how to get the thread information struct from C */
@@ -12629,19 +12608,35 @@ index ad6df8c..5e0cf6e 100644
12629+} 12608+}
12630+#endif 12609+#endif
12631+ 12610+
12632+#ifdef CONFIG_X86_32 12611 #ifdef CONFIG_X86_32
12633+ 12612
12634+#define STACK_WARN (THREAD_SIZE/8) 12613 #define STACK_WARN (THREAD_SIZE/8)
12635+/* 12614@@ -183,35 +198,13 @@ struct thread_info {
12636+ * macros/functions for gaining access to the thread information structure 12615 */
12637+ * 12616 #ifndef __ASSEMBLY__
12638+ * preempt_count needs to be 1 initially, until the scheduler is functional. 12617
12639+ */ 12618-
12640+#ifndef __ASSEMBLY__ 12619 /* how to get the current stack pointer from C */
12641+ 12620 register unsigned long current_stack_pointer asm("esp") __used;
12642+/* how to get the current stack pointer from C */
12643+register unsigned long current_stack_pointer asm("esp") __used;
12644 12621
12622-/* how to get the thread information struct from C */
12623-static inline struct thread_info *current_thread_info(void)
12624-{
12625- return (struct thread_info *)
12626- (current_stack_pointer & ~(THREAD_SIZE - 1));
12627-}
12628-
12629-#else /* !__ASSEMBLY__ */
12630-
12631-/* how to get the thread information struct from ASM */
12632-#define GET_THREAD_INFO(reg) \
12633- movl $-THREAD_SIZE, reg; \
12634- andl %esp, reg
12635-
12636-/* use this one if reg already contains %esp */
12637-#define GET_THREAD_INFO_WITH_ESP(reg) \
12638- andl $-THREAD_SIZE, reg
12639-
12645 #endif 12640 #endif
12646 12641
12647 #else /* X86_32 */ 12642 #else /* X86_32 */
@@ -13019,18 +13014,18 @@ index 8084bc7..3d6ec37 100644
13019 unsigned long n) 13014 unsigned long n)
13020 { 13015 {
13021- return __copy_from_user_ll_nocache_nozero(to, from, n); 13016- return __copy_from_user_ll_nocache_nozero(to, from, n);
13017-}
13022+ if ((long)n < 0) 13018+ if ((long)n < 0)
13023+ return n; 13019+ return n;
13024+
13025+ return __copy_from_user_ll_nocache_nozero(to, from, n);
13026 }
13027 13020
13028-unsigned long __must_check copy_to_user(void __user *to, 13021-unsigned long __must_check copy_to_user(void __user *to,
13029- const void *from, unsigned long n); 13022- const void *from, unsigned long n);
13030-unsigned long __must_check _copy_from_user(void *to, 13023-unsigned long __must_check _copy_from_user(void *to,
13031- const void __user *from, 13024- const void __user *from,
13032- unsigned long n); 13025- unsigned long n);
13033- 13026+ return __copy_from_user_ll_nocache_nozero(to, from, n);
13027+}
13028
13034+extern void copy_to_user_overflow(void) 13029+extern void copy_to_user_overflow(void)
13035+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS 13030+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
13036+ __compiletime_error("copy_to_user() buffer size is not provably correct") 13031+ __compiletime_error("copy_to_user() buffer size is not provably correct")
@@ -13070,6 +13065,7 @@ index 8084bc7..3d6ec37 100644
13070- if (likely(sz == -1 || sz >= n)) 13065- if (likely(sz == -1 || sz >= n))
13071- n = _copy_from_user(to, from, n); 13066- n = _copy_from_user(to, from, n);
13072- else 13067- else
13068- copy_from_user_overflow();
13073+ if (unlikely(sz != (size_t)-1 && sz < n)) 13069+ if (unlikely(sz != (size_t)-1 && sz < n))
13074+ copy_to_user_overflow(); 13070+ copy_to_user_overflow();
13075+ else if (access_ok(VERIFY_WRITE, to, n)) 13071+ else if (access_ok(VERIFY_WRITE, to, n))
@@ -13097,10 +13093,9 @@ index 8084bc7..3d6ec37 100644
13097+copy_from_user(void *to, const void __user *from, unsigned long n) 13093+copy_from_user(void *to, const void __user *from, unsigned long n)
13098+{ 13094+{
13099+ size_t sz = __compiletime_object_size(to); 13095+ size_t sz = __compiletime_object_size(to);
13100+ 13096
13101+ if (unlikely(sz != (size_t)-1 && sz < n)) 13097+ if (unlikely(sz != (size_t)-1 && sz < n))
13102 copy_from_user_overflow(); 13098+ copy_from_user_overflow();
13103-
13104+ else if (access_ok(VERIFY_READ, from, n)) 13099+ else if (access_ok(VERIFY_READ, from, n))
13105+ n = __copy_from_user(to, from, n); 13100+ n = __copy_from_user(to, from, n);
13106+ else if ((long)n > 0) { 13101+ else if ((long)n > 0) {
@@ -13819,7 +13814,7 @@ index 7261083..5c12053 100644
13819 bogus_magic: 13814 bogus_magic:
13820 jmp bogus_magic 13815 jmp bogus_magic
13821diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c 13816diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
13822index 1f84794..e23f862 100644 13817index 73ef56c..0238021 100644
13823--- a/arch/x86/kernel/alternative.c 13818--- a/arch/x86/kernel/alternative.c
13824+++ b/arch/x86/kernel/alternative.c 13819+++ b/arch/x86/kernel/alternative.c
13825@@ -276,6 +276,13 @@ void __init_or_module apply_alternatives(struct alt_instr *start, 13820@@ -276,6 +276,13 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
@@ -14123,16 +14118,16 @@ index 68de2dc..1f3c720 100644
14123+ 14118+
14124+#ifdef CONFIG_PAX_KERNEXEC 14119+#ifdef CONFIG_PAX_KERNEXEC
14125+ OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0); 14120+ OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
14126 #endif 14121+#endif
14127 14122+
14128+#ifdef CONFIG_PAX_MEMORY_UDEREF 14123+#ifdef CONFIG_PAX_MEMORY_UDEREF
14129+ OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3); 14124+ OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3);
14130+ OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3); 14125+ OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3);
14131+#ifdef CONFIG_X86_64 14126+#ifdef CONFIG_X86_64
14132+ OFFSET(PV_MMU_set_pgd_batched, pv_mmu_ops, set_pgd_batched); 14127+ OFFSET(PV_MMU_set_pgd_batched, pv_mmu_ops, set_pgd_batched);
14133+#endif 14128+#endif
14134+#endif 14129 #endif
14135+ 14130
14136+#endif 14131+#endif
14137+ 14132+
14138+ BLANK(); 14133+ BLANK();
@@ -14350,7 +14345,7 @@ index 3e6ff6c..54b4992 100644
14350 } 14345 }
14351 #endif 14346 #endif
14352diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c 14347diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
14353index 61604ae..98250a5 100644 14348index 0d2db0e..7c1fb04 100644
14354--- a/arch/x86/kernel/cpu/mcheck/mce.c 14349--- a/arch/x86/kernel/cpu/mcheck/mce.c
14355+++ b/arch/x86/kernel/cpu/mcheck/mce.c 14350+++ b/arch/x86/kernel/cpu/mcheck/mce.c
14356@@ -42,6 +42,7 @@ 14351@@ -42,6 +42,7 @@
@@ -14410,7 +14405,7 @@ index 61604ae..98250a5 100644
14410 wait_for_panic(); 14405 wait_for_panic();
14411 if (!monarch_timeout) 14406 if (!monarch_timeout)
14412 goto out; 14407 goto out;
14413@@ -1535,7 +1536,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) 14408@@ -1537,7 +1538,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
14414 } 14409 }
14415 14410
14416 /* Call the installed machine check handler for this CPU setup. */ 14411 /* Call the installed machine check handler for this CPU setup. */
@@ -14419,7 +14414,7 @@ index 61604ae..98250a5 100644
14419 unexpected_machine_check; 14414 unexpected_machine_check;
14420 14415
14421 /* 14416 /*
14422@@ -1558,7 +1559,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) 14417@@ -1560,7 +1561,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
14423 return; 14418 return;
14424 } 14419 }
14425 14420
@@ -14429,7 +14424,7 @@ index 61604ae..98250a5 100644
14429 14424
14430 __mcheck_cpu_init_generic(); 14425 __mcheck_cpu_init_generic();
14431 __mcheck_cpu_init_vendor(c); 14426 __mcheck_cpu_init_vendor(c);
14432@@ -1572,7 +1575,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) 14427@@ -1574,7 +1577,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
14433 */ 14428 */
14434 14429
14435 static DEFINE_SPINLOCK(mce_chrdev_state_lock); 14430 static DEFINE_SPINLOCK(mce_chrdev_state_lock);
@@ -14438,7 +14433,7 @@ index 61604ae..98250a5 100644
14438 static int mce_chrdev_open_exclu; /* already open exclusive? */ 14433 static int mce_chrdev_open_exclu; /* already open exclusive? */
14439 14434
14440 static int mce_chrdev_open(struct inode *inode, struct file *file) 14435 static int mce_chrdev_open(struct inode *inode, struct file *file)
14441@@ -1580,7 +1583,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) 14436@@ -1582,7 +1585,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
14442 spin_lock(&mce_chrdev_state_lock); 14437 spin_lock(&mce_chrdev_state_lock);
14443 14438
14444 if (mce_chrdev_open_exclu || 14439 if (mce_chrdev_open_exclu ||
@@ -14447,7 +14442,7 @@ index 61604ae..98250a5 100644
14447 spin_unlock(&mce_chrdev_state_lock); 14442 spin_unlock(&mce_chrdev_state_lock);
14448 14443
14449 return -EBUSY; 14444 return -EBUSY;
14450@@ -1588,7 +1591,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) 14445@@ -1590,7 +1593,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
14451 14446
14452 if (file->f_flags & O_EXCL) 14447 if (file->f_flags & O_EXCL)
14453 mce_chrdev_open_exclu = 1; 14448 mce_chrdev_open_exclu = 1;
@@ -14456,7 +14451,7 @@ index 61604ae..98250a5 100644
14456 14451
14457 spin_unlock(&mce_chrdev_state_lock); 14452 spin_unlock(&mce_chrdev_state_lock);
14458 14453
14459@@ -1599,7 +1602,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) 14454@@ -1601,7 +1604,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
14460 { 14455 {
14461 spin_lock(&mce_chrdev_state_lock); 14456 spin_lock(&mce_chrdev_state_lock);
14462 14457
@@ -14465,7 +14460,7 @@ index 61604ae..98250a5 100644
14465 mce_chrdev_open_exclu = 0; 14460 mce_chrdev_open_exclu = 0;
14466 14461
14467 spin_unlock(&mce_chrdev_state_lock); 14462 spin_unlock(&mce_chrdev_state_lock);
14468@@ -2324,7 +2327,7 @@ struct dentry *mce_get_debugfs_dir(void) 14463@@ -2326,7 +2329,7 @@ struct dentry *mce_get_debugfs_dir(void)
14469 static void mce_reset(void) 14464 static void mce_reset(void)
14470 { 14465 {
14471 cpu_missing = 0; 14466 cpu_missing = 0;
@@ -17325,12 +17320,8 @@ index 40f4eb3..6d24d9d 100644
17325 17320
17326- addq %rbp, level3_kernel_pgt + (510*8)(%rip) 17321- addq %rbp, level3_kernel_pgt + (510*8)(%rip)
17327- addq %rbp, level3_kernel_pgt + (511*8)(%rip) 17322- addq %rbp, level3_kernel_pgt + (511*8)(%rip)
17328+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) 17323-
17329+ 17324- addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
17330+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
17331+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip)
17332
17333 addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
17334- 17325-
17335- /* Add an Identity mapping if I am above 1G */ 17326- /* Add an Identity mapping if I am above 1G */
17336- leaq _text(%rip), %rdi 17327- leaq _text(%rip), %rdi
@@ -17340,11 +17331,14 @@ index 40f4eb3..6d24d9d 100644
17340- shrq $PUD_SHIFT, %rax 17331- shrq $PUD_SHIFT, %rax
17341- andq $(PTRS_PER_PUD - 1), %rax 17332- andq $(PTRS_PER_PUD - 1), %rax
17342- jz ident_complete 17333- jz ident_complete
17343- 17334+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
17335
17344- leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx 17336- leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx
17345- leaq level3_ident_pgt(%rip), %rbx 17337- leaq level3_ident_pgt(%rip), %rbx
17346- movq %rdx, 0(%rbx, %rax, 8) 17338- movq %rdx, 0(%rbx, %rax, 8)
17347- 17339+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
17340+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip)
17341
17348- movq %rdi, %rax 17342- movq %rdi, %rax
17349- shrq $PMD_SHIFT, %rax 17343- shrq $PMD_SHIFT, %rax
17350- andq $(PTRS_PER_PMD - 1), %rax 17344- andq $(PTRS_PER_PMD - 1), %rax
@@ -17352,6 +17346,7 @@ index 40f4eb3..6d24d9d 100644
17352- leaq level2_spare_pgt(%rip), %rbx 17346- leaq level2_spare_pgt(%rip), %rbx
17353- movq %rdx, 0(%rbx, %rax, 8) 17347- movq %rdx, 0(%rbx, %rax, 8)
17354-ident_complete: 17348-ident_complete:
17349+ addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
17355+ addq %rbp, level2_fixmap_pgt + (507*8)(%rip) 17350+ addq %rbp, level2_fixmap_pgt + (507*8)(%rip)
17356 17351
17357 /* 17352 /*
@@ -17420,9 +17415,9 @@ index 40f4eb3..6d24d9d 100644
17420 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" 17415 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
17421 early_idt_ripmsg: 17416 early_idt_ripmsg:
17422 .asciz "RIP %s\n" 17417 .asciz "RIP %s\n"
17423+ .previous 17418-#endif /* CONFIG_EARLY_PRINTK */
17424 #endif /* CONFIG_EARLY_PRINTK */ 17419 .previous
17425- .previous 17420+#endif /* CONFIG_EARLY_PRINTK */
17426 17421
17427+ .section .rodata,"a",@progbits 17422+ .section .rodata,"a",@progbits
17428 #define NEXT_PAGE(name) \ 17423 #define NEXT_PAGE(name) \
@@ -18410,10 +18405,10 @@ index ab13760..01218e0 100644
18410 ret = paravirt_patch_ident_32(insnbuf, len); 18405 ret = paravirt_patch_ident_32(insnbuf, len);
18411- else if (opfunc == _paravirt_ident_64) 18406- else if (opfunc == _paravirt_ident_64)
18412+ else if (opfunc == (void *)_paravirt_ident_64) 18407+ else if (opfunc == (void *)_paravirt_ident_64)
18413 ret = paravirt_patch_ident_64(insnbuf, len); 18408+ ret = paravirt_patch_ident_64(insnbuf, len);
18414+#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) 18409+#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
18415+ else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64) 18410+ else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64)
18416+ ret = paravirt_patch_ident_64(insnbuf, len); 18411 ret = paravirt_patch_ident_64(insnbuf, len);
18417+#endif 18412+#endif
18418 18413
18419 else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || 18414 else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) ||
@@ -18656,7 +18651,7 @@ index 1d92a5a..7bc8c29 100644
18656+ 18651+
18657+ if (v8086_mode(regs)) 18652+ if (v8086_mode(regs))
18658+ return; 18653+ return;
18659 18654+
18660+ rdtscl(time); 18655+ rdtscl(time);
18661+ 18656+
18662+ /* P4 seems to return a 0 LSB, ignore it */ 18657+ /* P4 seems to return a 0 LSB, ignore it */
@@ -18673,7 +18668,7 @@ index 1d92a5a..7bc8c29 100644
18673+ 18668+
18674+ thread->sp0 ^= time; 18669+ thread->sp0 ^= time;
18675+ load_sp0(init_tss + smp_processor_id(), thread); 18670+ load_sp0(init_tss + smp_processor_id(), thread);
18676+ 18671
18677+#ifdef CONFIG_X86_64 18672+#ifdef CONFIG_X86_64
18678+ percpu_write(kernel_stack, thread->sp0); 18673+ percpu_write(kernel_stack, thread->sp0);
18679+#endif 18674+#endif
@@ -19378,12 +19373,7 @@ index 0b0cb5f..db6b9ed 100644
19378- const char *const argv[], 19373- const char *const argv[],
19379- const char *const envp[]) 19374- const char *const envp[])
19380+int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags) 19375+int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
19381 { 19376+{
19382- long __res;
19383- asm volatile ("int $0x80"
19384- : "=a" (__res)
19385- : "0" (__NR_execve), "b" (filename), "c" (argv), "d" (envp) : "memory");
19386- return __res;
19387+ unsigned long pax_task_size = TASK_SIZE; 19377+ unsigned long pax_task_size = TASK_SIZE;
19388+ 19378+
19389+#ifdef CONFIG_PAX_SEGMEXEC 19379+#ifdef CONFIG_PAX_SEGMEXEC
@@ -19491,7 +19481,12 @@ index 0b0cb5f..db6b9ed 100644
19491+arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, 19481+arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
19492+ const unsigned long len, const unsigned long pgoff, 19482+ const unsigned long len, const unsigned long pgoff,
19493+ const unsigned long flags) 19483+ const unsigned long flags)
19494+{ 19484 {
19485- long __res;
19486- asm volatile ("int $0x80"
19487- : "=a" (__res)
19488- : "0" (__NR_execve), "b" (filename), "c" (argv), "d" (envp) : "memory");
19489- return __res;
19495+ struct vm_area_struct *vma; 19490+ struct vm_area_struct *vma;
19496+ struct mm_struct *mm = current->mm; 19491+ struct mm_struct *mm = current->mm;
19497+ unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE; 19492+ unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE;
@@ -23031,7 +23026,7 @@ index ef2a6a5..3b28862 100644
23031 " addl $-64, %0\n" 23026 " addl $-64, %0\n"
23032 " addl $64, %4\n" 23027 " addl $64, %4\n"
23033 " addl $64, %3\n" 23028 " addl $64, %3\n"
23034@@ -191,10 +195,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) 23029@@ -191,10 +195,119 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
23035 " shrl $2, %0\n" 23030 " shrl $2, %0\n"
23036 " andl $3, %%eax\n" 23031 " andl $3, %%eax\n"
23037 " cld\n" 23032 " cld\n"
@@ -23041,13 +23036,58 @@ index ef2a6a5..3b28862 100644
23041 "37: rep; movsb\n" 23036 "37: rep; movsb\n"
23042 "100:\n" 23037 "100:\n"
23043+ __COPYUSER_RESTORE_ES 23038+ __COPYUSER_RESTORE_ES
23044 ".section .fixup,\"ax\"\n" 23039+ ".section .fixup,\"ax\"\n"
23045 "101: lea 0(%%eax,%0,4),%0\n" 23040+ "101: lea 0(%%eax,%0,4),%0\n"
23046 " jmp 100b\n" 23041+ " jmp 100b\n"
23047@@ -247,46 +253,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) 23042+ ".previous\n"
23048 } 23043+ ".section __ex_table,\"a\"\n"
23049 23044+ " .align 4\n"
23050 static unsigned long 23045+ " .long 1b,100b\n"
23046+ " .long 2b,100b\n"
23047+ " .long 3b,100b\n"
23048+ " .long 4b,100b\n"
23049+ " .long 5b,100b\n"
23050+ " .long 6b,100b\n"
23051+ " .long 7b,100b\n"
23052+ " .long 8b,100b\n"
23053+ " .long 9b,100b\n"
23054+ " .long 10b,100b\n"
23055+ " .long 11b,100b\n"
23056+ " .long 12b,100b\n"
23057+ " .long 13b,100b\n"
23058+ " .long 14b,100b\n"
23059+ " .long 15b,100b\n"
23060+ " .long 16b,100b\n"
23061+ " .long 17b,100b\n"
23062+ " .long 18b,100b\n"
23063+ " .long 19b,100b\n"
23064+ " .long 20b,100b\n"
23065+ " .long 21b,100b\n"
23066+ " .long 22b,100b\n"
23067+ " .long 23b,100b\n"
23068+ " .long 24b,100b\n"
23069+ " .long 25b,100b\n"
23070+ " .long 26b,100b\n"
23071+ " .long 27b,100b\n"
23072+ " .long 28b,100b\n"
23073+ " .long 29b,100b\n"
23074+ " .long 30b,100b\n"
23075+ " .long 31b,100b\n"
23076+ " .long 32b,100b\n"
23077+ " .long 33b,100b\n"
23078+ " .long 34b,100b\n"
23079+ " .long 35b,100b\n"
23080+ " .long 36b,100b\n"
23081+ " .long 37b,100b\n"
23082+ " .long 99b,101b\n"
23083+ ".previous"
23084+ : "=&c"(size), "=&D" (d0), "=&S" (d1)
23085+ : "1"(to), "2"(from), "0"(size)
23086+ : "eax", "edx", "memory");
23087+ return size;
23088+}
23089+
23090+static unsigned long
23051+__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size) 23091+__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
23052+{ 23092+{
23053+ int d0, d1; 23093+ int d0, d1;
@@ -23103,58 +23143,13 @@ index ef2a6a5..3b28862 100644
23103+ "36: movl %%eax, %0\n" 23143+ "36: movl %%eax, %0\n"
23104+ "37: rep; "__copyuser_seg" movsb\n" 23144+ "37: rep; "__copyuser_seg" movsb\n"
23105+ "100:\n" 23145+ "100:\n"
23106+ ".section .fixup,\"ax\"\n" 23146 ".section .fixup,\"ax\"\n"
23107+ "101: lea 0(%%eax,%0,4),%0\n" 23147 "101: lea 0(%%eax,%0,4),%0\n"
23108+ " jmp 100b\n" 23148 " jmp 100b\n"
23109+ ".previous\n" 23149@@ -247,46 +360,48 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
23110+ ".section __ex_table,\"a\"\n" 23150 }
23111+ " .align 4\n" 23151
23112+ " .long 1b,100b\n" 23152 static unsigned long
23113+ " .long 2b,100b\n"
23114+ " .long 3b,100b\n"
23115+ " .long 4b,100b\n"
23116+ " .long 5b,100b\n"
23117+ " .long 6b,100b\n"
23118+ " .long 7b,100b\n"
23119+ " .long 8b,100b\n"
23120+ " .long 9b,100b\n"
23121+ " .long 10b,100b\n"
23122+ " .long 11b,100b\n"
23123+ " .long 12b,100b\n"
23124+ " .long 13b,100b\n"
23125+ " .long 14b,100b\n"
23126+ " .long 15b,100b\n"
23127+ " .long 16b,100b\n"
23128+ " .long 17b,100b\n"
23129+ " .long 18b,100b\n"
23130+ " .long 19b,100b\n"
23131+ " .long 20b,100b\n"
23132+ " .long 21b,100b\n"
23133+ " .long 22b,100b\n"
23134+ " .long 23b,100b\n"
23135+ " .long 24b,100b\n"
23136+ " .long 25b,100b\n"
23137+ " .long 26b,100b\n"
23138+ " .long 27b,100b\n"
23139+ " .long 28b,100b\n"
23140+ " .long 29b,100b\n"
23141+ " .long 30b,100b\n"
23142+ " .long 31b,100b\n"
23143+ " .long 32b,100b\n"
23144+ " .long 33b,100b\n"
23145+ " .long 34b,100b\n"
23146+ " .long 35b,100b\n"
23147+ " .long 36b,100b\n"
23148+ " .long 37b,100b\n"
23149+ " .long 99b,101b\n"
23150+ ".previous"
23151+ : "=&c"(size), "=&D" (d0), "=&S" (d1)
23152+ : "1"(to), "2"(from), "0"(size)
23153+ : "eax", "edx", "memory");
23154+ return size;
23155+}
23156+
23157+static unsigned long
23158+__copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) __size_overflow(3); 23153+__copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) __size_overflow(3);
23159+static unsigned long 23154+static unsigned long
23160 __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) 23155 __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
@@ -23504,13 +23499,16 @@ index ef2a6a5..3b28862 100644
23504- */ 23499- */
23505-unsigned long 23500-unsigned long
23506-copy_to_user(void __user *to, const void *from, unsigned long n) 23501-copy_to_user(void __user *to, const void *from, unsigned long n)
23507-{ 23502+void copy_from_user_overflow(void)
23503 {
23508- if (access_ok(VERIFY_WRITE, to, n)) 23504- if (access_ok(VERIFY_WRITE, to, n))
23509- n = __copy_to_user(to, from, n); 23505- n = __copy_to_user(to, from, n);
23510- return n; 23506- return n;
23511-} 23507+ WARN(1, "Buffer overflow detected!\n");
23508 }
23512-EXPORT_SYMBOL(copy_to_user); 23509-EXPORT_SYMBOL(copy_to_user);
23513- 23510+EXPORT_SYMBOL(copy_from_user_overflow);
23511
23514-/** 23512-/**
23515- * copy_from_user: - Copy a block of data from user space. 23513- * copy_from_user: - Copy a block of data from user space.
23516- * @to: Destination address, in kernel space. 23514- * @to: Destination address, in kernel space.
@@ -23529,30 +23527,23 @@ index ef2a6a5..3b28862 100644
23529- */ 23527- */
23530-unsigned long 23528-unsigned long
23531-_copy_from_user(void *to, const void __user *from, unsigned long n) 23529-_copy_from_user(void *to, const void __user *from, unsigned long n)
23532-{ 23530+void copy_to_user_overflow(void)
23531 {
23533- if (access_ok(VERIFY_READ, from, n)) 23532- if (access_ok(VERIFY_READ, from, n))
23534- n = __copy_from_user(to, from, n); 23533- n = __copy_from_user(to, from, n);
23535- else 23534- else
23536- memset(to, 0, n); 23535- memset(to, 0, n);
23537- return n; 23536- return n;
23538-}
23539-EXPORT_SYMBOL(_copy_from_user);
23540-
23541 void copy_from_user_overflow(void)
23542 {
23543 WARN(1, "Buffer overflow detected!\n");
23544 }
23545 EXPORT_SYMBOL(copy_from_user_overflow);
23546+
23547+void copy_to_user_overflow(void)
23548+{
23549+ WARN(1, "Buffer overflow detected!\n"); 23537+ WARN(1, "Buffer overflow detected!\n");
23550+} 23538 }
23539-EXPORT_SYMBOL(_copy_from_user);
23551+EXPORT_SYMBOL(copy_to_user_overflow); 23540+EXPORT_SYMBOL(copy_to_user_overflow);
23552+ 23541
23542-void copy_from_user_overflow(void)
23553+#ifdef CONFIG_PAX_MEMORY_UDEREF 23543+#ifdef CONFIG_PAX_MEMORY_UDEREF
23554+void __set_fs(mm_segment_t x) 23544+void __set_fs(mm_segment_t x)
23555+{ 23545 {
23546- WARN(1, "Buffer overflow detected!\n");
23556+ switch (x.seg) { 23547+ switch (x.seg) {
23557+ case 0: 23548+ case 0:
23558+ loadsegment(gs, 0); 23549+ loadsegment(gs, 0);
@@ -23567,7 +23558,8 @@ index ef2a6a5..3b28862 100644
23567+ BUG(); 23558+ BUG();
23568+ } 23559+ }
23569+ return; 23560+ return;
23570+} 23561 }
23562-EXPORT_SYMBOL(copy_from_user_overflow);
23571+EXPORT_SYMBOL(__set_fs); 23563+EXPORT_SYMBOL(__set_fs);
23572+ 23564+
23573+void set_fs(mm_segment_t x) 23565+void set_fs(mm_segment_t x)
@@ -24002,7 +23994,7 @@ index 3ecfd1a..304d554 100644
24002 if (error_code & PF_WRITE) { 23994 if (error_code & PF_WRITE) {
24003 /* write, present and write, not present: */ 23995 /* write, present and write, not present: */
24004 if (unlikely(!(vma->vm_flags & VM_WRITE))) 23996 if (unlikely(!(vma->vm_flags & VM_WRITE)))
24005@@ -1005,18 +1197,33 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) 23997@@ -1005,19 +1197,34 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
24006 { 23998 {
24007 struct vm_area_struct *vma; 23999 struct vm_area_struct *vma;
24008 struct task_struct *tsk; 24000 struct task_struct *tsk;
@@ -24013,11 +24005,7 @@ index 3ecfd1a..304d554 100644
24013 unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | 24005 unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE |
24014 (write ? FAULT_FLAG_WRITE : 0); 24006 (write ? FAULT_FLAG_WRITE : 0);
24015 24007
24016- tsk = current; 24008+ /* Get the faulting address: */
24017- mm = tsk->mm;
24018-
24019 /* Get the faulting address: */
24020- address = read_cr2();
24021+ unsigned long address = read_cr2(); 24009+ unsigned long address = read_cr2();
24022+ 24010+
24023+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) 24011+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -24036,11 +24024,15 @@ index 3ecfd1a..304d554 100644
24036+ } 24024+ }
24037+#endif 24025+#endif
24038+ 24026+
24039+ tsk = current; 24027 tsk = current;
24040+ mm = tsk->mm; 24028 mm = tsk->mm;
24041 24029
24030- /* Get the faulting address: */
24031- address = read_cr2();
24032-
24042 /* 24033 /*
24043 * Detect and handle instructions that would cause a page fault for 24034 * Detect and handle instructions that would cause a page fault for
24035 * both a tracked kernel page and a userspace page.
24044@@ -1077,7 +1284,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) 24036@@ -1077,7 +1284,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
24045 * User-mode registers count as a user access even for any 24037 * User-mode registers count as a user access even for any
24046 * potential system fault or CPU buglet: 24038 * potential system fault or CPU buglet:
@@ -24649,6 +24641,7 @@ index 4f0cec7..00976ce 100644
24649+ 24641+
24650 int devmem_is_allowed(unsigned long pagenr) 24642 int devmem_is_allowed(unsigned long pagenr)
24651 { 24643 {
24644- if (pagenr <= 256)
24652+#ifdef CONFIG_GRKERNSEC_KMEM 24645+#ifdef CONFIG_GRKERNSEC_KMEM
24653+ /* allow BDA */ 24646+ /* allow BDA */
24654+ if (!pagenr) 24647+ if (!pagenr)
@@ -24658,7 +24651,7 @@ index 4f0cec7..00976ce 100644
24658+ return 1; 24651+ return 1;
24659+#else 24652+#else
24660+ if (!pagenr) 24653+ if (!pagenr)
24661+ return 1; 24654 return 1;
24662+#ifdef CONFIG_VM86 24655+#ifdef CONFIG_VM86
24663+ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT)) 24656+ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
24664+ return 1; 24657+ return 1;
@@ -24669,8 +24662,7 @@ index 4f0cec7..00976ce 100644
24669+ return 1; 24662+ return 1;
24670+#ifdef CONFIG_GRKERNSEC_KMEM 24663+#ifdef CONFIG_GRKERNSEC_KMEM
24671+ /* throw out everything else below 1MB */ 24664+ /* throw out everything else below 1MB */
24672 if (pagenr <= 256) 24665+ if (pagenr <= 256)
24673- return 1;
24674+ return 0; 24666+ return 0;
24675+#endif 24667+#endif
24676 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) 24668 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
@@ -25647,7 +25639,7 @@ index 8573b83..4f3ed7e 100644
25647+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) 25639+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src)
25648+{ 25640+{
25649+ unsigned int count = USER_PGD_PTRS; 25641+ unsigned int count = USER_PGD_PTRS;
25650 25642+
25651+ while (count--) 25643+ while (count--)
25652+ *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); 25644+ *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER);
25653+} 25645+}
@@ -25670,7 +25662,7 @@ index 8573b83..4f3ed7e 100644
25670+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) 25662+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
25671+ pgd = __pgd(pgd_val(pgd) & clone_pgd_mask); 25663+ pgd = __pgd(pgd_val(pgd) & clone_pgd_mask);
25672+#endif 25664+#endif
25673+ 25665
25674+ *dst++ = pgd; 25666+ *dst++ = pgd;
25675+ } 25667+ }
25676+ 25668+
@@ -27556,20 +27548,18 @@ index 6296b40..417c00f 100644
27556 if (!gpt) 27548 if (!gpt)
27557 return NULL; 27549 return NULL;
27558 27550
27559+ if (!le32_to_cpu(gpt->num_partition_entries)) 27551- count = le32_to_cpu(gpt->num_partition_entries) *
27560+ return NULL; 27552- le32_to_cpu(gpt->sizeof_partition_entry);
27561+ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
27562+ if (!pte)
27563+ return NULL;
27564+
27565 count = le32_to_cpu(gpt->num_partition_entries) *
27566 le32_to_cpu(gpt->sizeof_partition_entry);
27567- if (!count) 27553- if (!count)
27568- return NULL; 27554+ if (!le32_to_cpu(gpt->num_partition_entries))
27555 return NULL;
27569- pte = kzalloc(count, GFP_KERNEL); 27556- pte = kzalloc(count, GFP_KERNEL);
27570- if (!pte) 27557+ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
27571- return NULL; 27558 if (!pte)
27572- 27559 return NULL;
27560
27561+ count = le32_to_cpu(gpt->num_partition_entries) *
27562+ le32_to_cpu(gpt->sizeof_partition_entry);
27573 if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), 27563 if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba),
27574 (u8 *) pte, 27564 (u8 *) pte,
27575 count) < count) { 27565 count) < count) {
@@ -27763,7 +27753,7 @@ index 251c7b62..000462d 100644
27763 bool enable = !device_may_wakeup(&dev->dev); 27753 bool enable = !device_may_wakeup(&dev->dev);
27764 device_set_wakeup_enable(&dev->dev, enable); 27754 device_set_wakeup_enable(&dev->dev, enable);
27765diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c 27755diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c
27766index 0734086..3ad3e4c 100644 27756index bbac51e..4c094f9 100644
27767--- a/drivers/acpi/processor_driver.c 27757--- a/drivers/acpi/processor_driver.c
27768+++ b/drivers/acpi/processor_driver.c 27758+++ b/drivers/acpi/processor_driver.c
27769@@ -556,7 +556,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) 27759@@ -556,7 +556,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
@@ -29725,10 +29715,10 @@ index 9df78e2..01ba9ae 100644
29725 29715
29726 *ppos = i; 29716 *ppos = i;
29727diff --git a/drivers/char/random.c b/drivers/char/random.c 29717diff --git a/drivers/char/random.c b/drivers/char/random.c
29728index 4ec04a7..9918387 100644 29718index d98b2a6..230b4c6 100644
29729--- a/drivers/char/random.c 29719--- a/drivers/char/random.c
29730+++ b/drivers/char/random.c 29720+++ b/drivers/char/random.c
29731@@ -261,8 +261,13 @@ 29721@@ -272,8 +272,13 @@
29732 /* 29722 /*
29733 * Configuration information 29723 * Configuration information
29734 */ 29724 */
@@ -29742,7 +29732,7 @@ index 4ec04a7..9918387 100644
29742 #define SEC_XFER_SIZE 512 29732 #define SEC_XFER_SIZE 512
29743 #define EXTRACT_SIZE 10 29733 #define EXTRACT_SIZE 10
29744 29734
29745@@ -300,10 +305,17 @@ static struct poolinfo { 29735@@ -313,10 +318,17 @@ static struct poolinfo {
29746 int poolwords; 29736 int poolwords;
29747 int tap1, tap2, tap3, tap4, tap5; 29737 int tap1, tap2, tap3, tap4, tap5;
29748 } poolinfo_table[] = { 29738 } poolinfo_table[] = {
@@ -29760,7 +29750,18 @@ index 4ec04a7..9918387 100644
29760 #if 0 29750 #if 0
29761 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ 29751 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
29762 { 2048, 1638, 1231, 819, 411, 1 }, 29752 { 2048, 1638, 1231, 819, 411, 1 },
29763@@ -726,6 +738,17 @@ void add_disk_randomness(struct gendisk *disk) 29753@@ -527,8 +539,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
29754 input_rotate += i ? 7 : 14;
29755 }
29756
29757- ACCESS_ONCE(r->input_rotate) = input_rotate;
29758- ACCESS_ONCE(r->add_ptr) = i;
29759+ ACCESS_ONCE_RW(r->input_rotate) = input_rotate;
29760+ ACCESS_ONCE_RW(r->add_ptr) = i;
29761 smp_wmb();
29762
29763 if (out)
29764@@ -799,6 +811,17 @@ void add_disk_randomness(struct gendisk *disk)
29764 } 29765 }
29765 #endif 29766 #endif
29766 29767
@@ -29778,7 +29779,7 @@ index 4ec04a7..9918387 100644
29778 /********************************************************************* 29779 /*********************************************************************
29779 * 29780 *
29780 * Entropy extraction routines 29781 * Entropy extraction routines
29781@@ -913,7 +936,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, 29782@@ -1008,7 +1031,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
29782 29783
29783 extract_buf(r, tmp); 29784 extract_buf(r, tmp);
29784 i = min_t(int, nbytes, EXTRACT_SIZE); 29785 i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -29787,7 +29788,7 @@ index 4ec04a7..9918387 100644
29787 ret = -EFAULT; 29788 ret = -EFAULT;
29788 break; 29789 break;
29789 } 29790 }
29790@@ -1238,7 +1261,7 @@ EXPORT_SYMBOL(generate_random_uuid); 29791@@ -1342,7 +1365,7 @@ EXPORT_SYMBOL(generate_random_uuid);
29791 #include <linux/sysctl.h> 29792 #include <linux/sysctl.h>
29792 29793
29793 static int min_read_thresh = 8, min_write_thresh; 29794 static int min_read_thresh = 8, min_write_thresh;
@@ -29839,7 +29840,7 @@ index 45713f0..8286d21 100644
29839 29840
29840 return 0; 29841 return 0;
29841diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c 29842diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
29842index ad7c732..5aa8054 100644 29843index 08427ab..1ab10b7 100644
29843--- a/drivers/char/tpm/tpm.c 29844--- a/drivers/char/tpm/tpm.c
29844+++ b/drivers/char/tpm/tpm.c 29845+++ b/drivers/char/tpm/tpm.c
29845@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, 29846@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
@@ -30072,10 +30073,10 @@ index 9047f55..e47c7ff 100644
30072 void fw_card_initialize(struct fw_card *card, 30073 void fw_card_initialize(struct fw_card *card,
30073 const struct fw_card_driver *driver, struct device *device); 30074 const struct fw_card_driver *driver, struct device *device);
30074diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c 30075diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
30075index 153980b..4b4d046 100644 30076index b298158..7ed8432 100644
30076--- a/drivers/firmware/dmi_scan.c 30077--- a/drivers/firmware/dmi_scan.c
30077+++ b/drivers/firmware/dmi_scan.c 30078+++ b/drivers/firmware/dmi_scan.c
30078@@ -449,11 +449,6 @@ void __init dmi_scan_machine(void) 30079@@ -452,11 +452,6 @@ void __init dmi_scan_machine(void)
30079 } 30080 }
30080 } 30081 }
30081 else { 30082 else {
@@ -30087,7 +30088,7 @@ index 153980b..4b4d046 100644
30087 p = dmi_ioremap(0xF0000, 0x10000); 30088 p = dmi_ioremap(0xF0000, 0x10000);
30088 if (p == NULL) 30089 if (p == NULL)
30089 goto error; 30090 goto error;
30090@@ -723,7 +718,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), 30091@@ -726,7 +721,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
30091 if (buf == NULL) 30092 if (buf == NULL)
30092 return -1; 30093 return -1;
30093 30094
@@ -31306,10 +31307,10 @@ index 8a8725c..afed796 100644
31306 marker = list_first_entry(&queue->head, 31307 marker = list_first_entry(&queue->head,
31307 struct vmw_marker, head); 31308 struct vmw_marker, head);
31308diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c 31309diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
31309index 973c238..981f5ed 100644 31310index 41d4437..631c2e5 100644
31310--- a/drivers/hid/hid-core.c 31311--- a/drivers/hid/hid-core.c
31311+++ b/drivers/hid/hid-core.c 31312+++ b/drivers/hid/hid-core.c
31312@@ -2071,7 +2071,7 @@ static bool hid_ignore(struct hid_device *hdev) 31313@@ -2073,7 +2073,7 @@ static bool hid_ignore(struct hid_device *hdev)
31313 31314
31314 int hid_add_device(struct hid_device *hdev) 31315 int hid_add_device(struct hid_device *hdev)
31315 { 31316 {
@@ -31318,7 +31319,7 @@ index 973c238..981f5ed 100644
31318 int ret; 31319 int ret;
31319 31320
31320 if (WARN_ON(hdev->status & HID_STAT_ADDED)) 31321 if (WARN_ON(hdev->status & HID_STAT_ADDED))
31321@@ -2086,7 +2086,7 @@ int hid_add_device(struct hid_device *hdev) 31322@@ -2088,7 +2088,7 @@ int hid_add_device(struct hid_device *hdev)
31322 /* XXX hack, any other cleaner solution after the driver core 31323 /* XXX hack, any other cleaner solution after the driver core
31323 * is converted to allow more than 20 bytes as the device name? */ 31324 * is converted to allow more than 20 bytes as the device name? */
31324 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, 31325 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -33030,7 +33031,7 @@ index b5fdcb7..5b6c59f 100644
33030 33031
33031 printk(KERN_INFO "lguest: mapped switcher at %p\n", 33032 printk(KERN_INFO "lguest: mapped switcher at %p\n",
33032diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c 33033diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c
33033index 39809035..ce25c5e 100644 33034index 3980903..ce25c5e 100644
33034--- a/drivers/lguest/x86/core.c 33035--- a/drivers/lguest/x86/core.c
33035+++ b/drivers/lguest/x86/core.c 33036+++ b/drivers/lguest/x86/core.c
33036@@ -59,7 +59,7 @@ static struct { 33037@@ -59,7 +59,7 @@ static struct {
@@ -33576,7 +33577,7 @@ index 1cbfc6b..56e1dbb 100644
33576 /*----------------------------------------------------------------*/ 33577 /*----------------------------------------------------------------*/
33577 33578
33578diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c 33579diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
33579index d7add9d..68e3dde 100644 33580index 23904d2..c4801f9 100644
33580--- a/drivers/md/raid1.c 33581--- a/drivers/md/raid1.c
33581+++ b/drivers/md/raid1.c 33582+++ b/drivers/md/raid1.c
33582@@ -1688,7 +1688,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) 33583@@ -1688,7 +1688,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
@@ -34341,6 +34342,31 @@ index 5c3ce24..4915ccb 100644
34341- atomic_long_t flush_tlb_gru; 34342- atomic_long_t flush_tlb_gru;
34342- atomic_long_t flush_tlb_gru_tgh; 34343- atomic_long_t flush_tlb_gru_tgh;
34343- atomic_long_t flush_tlb_gru_zero_asid; 34344- atomic_long_t flush_tlb_gru_zero_asid;
34345-
34346- atomic_long_t copy_gpa;
34347- atomic_long_t read_gpa;
34348-
34349- atomic_long_t mesq_receive;
34350- atomic_long_t mesq_receive_none;
34351- atomic_long_t mesq_send;
34352- atomic_long_t mesq_send_failed;
34353- atomic_long_t mesq_noop;
34354- atomic_long_t mesq_send_unexpected_error;
34355- atomic_long_t mesq_send_lb_overflow;
34356- atomic_long_t mesq_send_qlimit_reached;
34357- atomic_long_t mesq_send_amo_nacked;
34358- atomic_long_t mesq_send_put_nacked;
34359- atomic_long_t mesq_page_overflow;
34360- atomic_long_t mesq_qf_locked;
34361- atomic_long_t mesq_qf_noop_not_full;
34362- atomic_long_t mesq_qf_switch_head_failed;
34363- atomic_long_t mesq_qf_unexpected_error;
34364- atomic_long_t mesq_noop_unexpected_error;
34365- atomic_long_t mesq_noop_lb_overflow;
34366- atomic_long_t mesq_noop_qlimit_reached;
34367- atomic_long_t mesq_noop_amo_nacked;
34368- atomic_long_t mesq_noop_put_nacked;
34369- atomic_long_t mesq_noop_page_overflow;
34344+ atomic_long_unchecked_t vdata_alloc; 34370+ atomic_long_unchecked_t vdata_alloc;
34345+ atomic_long_unchecked_t vdata_free; 34371+ atomic_long_unchecked_t vdata_free;
34346+ atomic_long_unchecked_t gts_alloc; 34372+ atomic_long_unchecked_t gts_alloc;
@@ -34392,33 +34418,10 @@ index 5c3ce24..4915ccb 100644
34392+ atomic_long_unchecked_t flush_tlb_gru; 34418+ atomic_long_unchecked_t flush_tlb_gru;
34393+ atomic_long_unchecked_t flush_tlb_gru_tgh; 34419+ atomic_long_unchecked_t flush_tlb_gru_tgh;
34394+ atomic_long_unchecked_t flush_tlb_gru_zero_asid; 34420+ atomic_long_unchecked_t flush_tlb_gru_zero_asid;
34395 34421+
34396- atomic_long_t copy_gpa;
34397- atomic_long_t read_gpa;
34398+ atomic_long_unchecked_t copy_gpa; 34422+ atomic_long_unchecked_t copy_gpa;
34399+ atomic_long_unchecked_t read_gpa; 34423+ atomic_long_unchecked_t read_gpa;
34400 34424+
34401- atomic_long_t mesq_receive;
34402- atomic_long_t mesq_receive_none;
34403- atomic_long_t mesq_send;
34404- atomic_long_t mesq_send_failed;
34405- atomic_long_t mesq_noop;
34406- atomic_long_t mesq_send_unexpected_error;
34407- atomic_long_t mesq_send_lb_overflow;
34408- atomic_long_t mesq_send_qlimit_reached;
34409- atomic_long_t mesq_send_amo_nacked;
34410- atomic_long_t mesq_send_put_nacked;
34411- atomic_long_t mesq_page_overflow;
34412- atomic_long_t mesq_qf_locked;
34413- atomic_long_t mesq_qf_noop_not_full;
34414- atomic_long_t mesq_qf_switch_head_failed;
34415- atomic_long_t mesq_qf_unexpected_error;
34416- atomic_long_t mesq_noop_unexpected_error;
34417- atomic_long_t mesq_noop_lb_overflow;
34418- atomic_long_t mesq_noop_qlimit_reached;
34419- atomic_long_t mesq_noop_amo_nacked;
34420- atomic_long_t mesq_noop_put_nacked;
34421- atomic_long_t mesq_noop_page_overflow;
34422+ atomic_long_unchecked_t mesq_receive; 34425+ atomic_long_unchecked_t mesq_receive;
34423+ atomic_long_unchecked_t mesq_receive_none; 34426+ atomic_long_unchecked_t mesq_receive_none;
34424+ atomic_long_unchecked_t mesq_send; 34427+ atomic_long_unchecked_t mesq_send;
@@ -34527,10 +34530,10 @@ index 2b62232..acfaeeb 100644
34527 st_gdata->list[type]->reserve); 34530 st_gdata->list[type]->reserve);
34528 /* next 2 required for BT only */ 34531 /* next 2 required for BT only */
34529diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c 34532diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c
34530index 69ef0be..f3ef91e 100644 34533index 504da71..9722d43 100644
34531--- a/drivers/mmc/host/sdhci-pci.c 34534--- a/drivers/mmc/host/sdhci-pci.c
34532+++ b/drivers/mmc/host/sdhci-pci.c 34535+++ b/drivers/mmc/host/sdhci-pci.c
34533@@ -652,7 +652,7 @@ static const struct sdhci_pci_fixes sdhci_via = { 34536@@ -653,7 +653,7 @@ static const struct sdhci_pci_fixes sdhci_via = {
34534 .probe = via_probe, 34537 .probe = via_probe,
34535 }; 34538 };
34536 34539
@@ -35082,7 +35085,7 @@ index 4a518a3..936b334 100644
35082 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ 35085 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \
35083 ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) 35086 ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next)
35084diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c 35087diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
35085index 161e045..0bb5b86 100644 35088index a73bbe7..94abcb7 100644
35086--- a/drivers/net/ethernet/realtek/r8169.c 35089--- a/drivers/net/ethernet/realtek/r8169.c
35087+++ b/drivers/net/ethernet/realtek/r8169.c 35090+++ b/drivers/net/ethernet/realtek/r8169.c
35088@@ -708,17 +708,17 @@ struct rtl8169_private { 35091@@ -708,17 +708,17 @@ struct rtl8169_private {
@@ -35608,10 +35611,10 @@ index a66a13b..0ef399e 100644
35608 35611
35609 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) 35612 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
35610diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h 35613diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
35611index e88f182..4e57f5d 100644 35614index f8e1fbb..bbc303c 100644
35612--- a/drivers/net/wireless/ath/ath9k/hw.h 35615--- a/drivers/net/wireless/ath/ath9k/hw.h
35613+++ b/drivers/net/wireless/ath/ath9k/hw.h 35616+++ b/drivers/net/wireless/ath/ath9k/hw.h
35614@@ -614,7 +614,7 @@ struct ath_hw_private_ops { 35617@@ -615,7 +615,7 @@ struct ath_hw_private_ops {
35615 35618
35616 /* ANI */ 35619 /* ANI */
35617 void (*ani_cache_ini_regs)(struct ath_hw *ah); 35620 void (*ani_cache_ini_regs)(struct ath_hw *ah);
@@ -35620,7 +35623,7 @@ index e88f182..4e57f5d 100644
35620 35623
35621 /** 35624 /**
35622 * struct ath_hw_ops - callbacks used by hardware code and driver code 35625 * struct ath_hw_ops - callbacks used by hardware code and driver code
35623@@ -644,7 +644,7 @@ struct ath_hw_ops { 35626@@ -645,7 +645,7 @@ struct ath_hw_ops {
35624 void (*antdiv_comb_conf_set)(struct ath_hw *ah, 35627 void (*antdiv_comb_conf_set)(struct ath_hw *ah,
35625 struct ath_hw_antcomb_conf *antconf); 35628 struct ath_hw_antcomb_conf *antconf);
35626 35629
@@ -35629,7 +35632,7 @@ index e88f182..4e57f5d 100644
35629 35632
35630 struct ath_nf_limits { 35633 struct ath_nf_limits {
35631 s16 max; 35634 s16 max;
35632@@ -664,7 +664,7 @@ enum ath_cal_list { 35635@@ -665,7 +665,7 @@ enum ath_cal_list {
35633 #define AH_FASTCC 0x4 35636 #define AH_FASTCC 0x4
35634 35637
35635 struct ath_hw { 35638 struct ath_hw {
@@ -36379,7 +36382,7 @@ index 1a99d4b..e85d64b 100644
36379 /* 36382 /*
36380 * Queue element to wait for room in request queue. FIFO order is 36383 * Queue element to wait for room in request queue. FIFO order is
36381diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c 36384diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
36382index a3a056a..b9bbc2f 100644 36385index b48c24f..dac0fbc 100644
36383--- a/drivers/scsi/hosts.c 36386--- a/drivers/scsi/hosts.c
36384+++ b/drivers/scsi/hosts.c 36387+++ b/drivers/scsi/hosts.c
36385@@ -42,7 +42,7 @@ 36388@@ -42,7 +42,7 @@
@@ -36391,7 +36394,7 @@ index a3a056a..b9bbc2f 100644
36391 36394
36392 36395
36393 static void scsi_host_cls_release(struct device *dev) 36396 static void scsi_host_cls_release(struct device *dev)
36394@@ -360,7 +360,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) 36397@@ -361,7 +361,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize)
36395 * subtract one because we increment first then return, but we need to 36398 * subtract one because we increment first then return, but we need to
36396 * know what the next host number was before increment 36399 * know what the next host number was before increment
36397 */ 36400 */
@@ -36691,6 +36694,19 @@ index d109cc3..09f4e7d 100644
36691 .qc_prep = ata_noop_qc_prep, 36694 .qc_prep = ata_noop_qc_prep,
36692 .qc_issue = sas_ata_qc_issue, 36695 .qc_issue = sas_ata_qc_issue,
36693 .qc_fill_rtf = sas_ata_qc_fill_rtf, 36696 .qc_fill_rtf = sas_ata_qc_fill_rtf,
36697diff --git a/drivers/scsi/lpfc/Makefile b/drivers/scsi/lpfc/Makefile
36698index fe5d396..e93d526 100644
36699--- a/drivers/scsi/lpfc/Makefile
36700+++ b/drivers/scsi/lpfc/Makefile
36701@@ -22,7 +22,7 @@
36702 ccflags-$(GCOV) := -fprofile-arcs -ftest-coverage
36703 ccflags-$(GCOV) += -O0
36704
36705-ccflags-y += -Werror
36706+#ccflags-y += -Werror
36707
36708 obj-$(CONFIG_SCSI_LPFC) := lpfc.o
36709
36694diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h 36710diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
36695index 3a1ffdd..8eb7c71 100644 36711index 3a1ffdd..8eb7c71 100644
36696--- a/drivers/scsi/lpfc/lpfc.h 36712--- a/drivers/scsi/lpfc/lpfc.h
@@ -37054,10 +37070,10 @@ index 07322ec..91ccc23 100644
37054 /* check if the device is still usable */ 37070 /* check if the device is still usable */
37055 if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { 37071 if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
37056diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c 37072diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
37057index 4037fd5..a19fcc7 100644 37073index 1929146..129e973 100644
37058--- a/drivers/scsi/scsi_lib.c 37074--- a/drivers/scsi/scsi_lib.c
37059+++ b/drivers/scsi/scsi_lib.c 37075+++ b/drivers/scsi/scsi_lib.c
37060@@ -1415,7 +1415,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) 37076@@ -1422,7 +1422,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
37061 shost = sdev->host; 37077 shost = sdev->host;
37062 scsi_init_cmd_errh(cmd); 37078 scsi_init_cmd_errh(cmd);
37063 cmd->result = DID_NO_CONNECT << 16; 37079 cmd->result = DID_NO_CONNECT << 16;
@@ -37066,7 +37082,7 @@ index 4037fd5..a19fcc7 100644
37066 37082
37067 /* 37083 /*
37068 * SCSI request completion path will do scsi_device_unbusy(), 37084 * SCSI request completion path will do scsi_device_unbusy(),
37069@@ -1441,9 +1441,9 @@ static void scsi_softirq_done(struct request *rq) 37085@@ -1448,9 +1448,9 @@ static void scsi_softirq_done(struct request *rq)
37070 37086
37071 INIT_LIST_HEAD(&cmd->eh_entry); 37087 INIT_LIST_HEAD(&cmd->eh_entry);
37072 37088
@@ -37079,7 +37095,7 @@ index 4037fd5..a19fcc7 100644
37079 disposition = scsi_decide_disposition(cmd); 37095 disposition = scsi_decide_disposition(cmd);
37080 if (disposition != SUCCESS && 37096 if (disposition != SUCCESS &&
37081diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c 37097diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
37082index 04c2a27..9d8bd66 100644 37098index bb7c482..7551a95 100644
37083--- a/drivers/scsi/scsi_sysfs.c 37099--- a/drivers/scsi/scsi_sysfs.c
37084+++ b/drivers/scsi/scsi_sysfs.c 37100+++ b/drivers/scsi/scsi_sysfs.c
37085@@ -660,7 +660,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ 37101@@ -660,7 +660,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \
@@ -37544,7 +37560,7 @@ index f015839..b15dfc4 100644
37544 (cmd->transport_state & CMD_T_STOP) != 0, 37560 (cmd->transport_state & CMD_T_STOP) != 0,
37545 (cmd->transport_state & CMD_T_SENT) != 0); 37561 (cmd->transport_state & CMD_T_SENT) != 0);
37546diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c 37562diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
37547index 443704f..92d3517 100644 37563index 0686d61..8c95474 100644
37548--- a/drivers/target/target_core_transport.c 37564--- a/drivers/target/target_core_transport.c
37549+++ b/drivers/target/target_core_transport.c 37565+++ b/drivers/target/target_core_transport.c
37550@@ -1355,7 +1355,7 @@ struct se_device *transport_add_device_to_core_hba( 37566@@ -1355,7 +1355,7 @@ struct se_device *transport_add_device_to_core_hba(
@@ -37574,7 +37590,7 @@ index 443704f..92d3517 100644
37574 atomic_read(&cmd->t_task_cdbs_ex_left), 37590 atomic_read(&cmd->t_task_cdbs_ex_left),
37575 (cmd->transport_state & CMD_T_ACTIVE) != 0, 37591 (cmd->transport_state & CMD_T_ACTIVE) != 0,
37576 (cmd->transport_state & CMD_T_STOP) != 0, 37592 (cmd->transport_state & CMD_T_STOP) != 0,
37577@@ -2216,9 +2216,9 @@ check_depth: 37593@@ -2217,9 +2217,9 @@ check_depth:
37578 cmd = task->task_se_cmd; 37594 cmd = task->task_se_cmd;
37579 spin_lock_irqsave(&cmd->t_state_lock, flags); 37595 spin_lock_irqsave(&cmd->t_state_lock, flags);
37580 task->task_flags |= (TF_ACTIVE | TF_SENT); 37596 task->task_flags |= (TF_ACTIVE | TF_SENT);
@@ -38321,7 +38337,7 @@ index d956965..4179a77 100644
38321 file->f_version = event_count; 38337 file->f_version = event_count;
38322 return POLLIN | POLLRDNORM; 38338 return POLLIN | POLLRDNORM;
38323diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c 38339diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c
38324index 1fc8f12..20647c1 100644 38340index 347bb05..63e1b73 100644
38325--- a/drivers/usb/early/ehci-dbgp.c 38341--- a/drivers/usb/early/ehci-dbgp.c
38326+++ b/drivers/usb/early/ehci-dbgp.c 38342+++ b/drivers/usb/early/ehci-dbgp.c
38327@@ -97,7 +97,8 @@ static inline u32 dbgp_len_update(u32 x, u32 len) 38343@@ -97,7 +97,8 @@ static inline u32 dbgp_len_update(u32 x, u32 len)
@@ -42370,7 +42386,7 @@ index 16f7354..7cc1e24 100644
42370 /* set_brk can never work. Avoid overflows. */ 42386 /* set_brk can never work. Avoid overflows. */
42371 send_sig(SIGKILL, current, 0); 42387 send_sig(SIGKILL, current, 0);
42372 retval = -EINVAL; 42388 retval = -EINVAL;
42373@@ -877,11 +1295,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) 42389@@ -877,10 +1295,39 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
42374 goto out_free_dentry; 42390 goto out_free_dentry;
42375 } 42391 }
42376 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { 42392 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -42382,8 +42398,8 @@ index 16f7354..7cc1e24 100644
42382+ * file specifies odd protections. So 42398+ * file specifies odd protections. So
42383+ * we don't check the return value 42399+ * we don't check the return value
42384+ */ 42400+ */
42385 } 42401+ }
42386 42402+
42387+#ifdef CONFIG_PAX_RANDMMAP 42403+#ifdef CONFIG_PAX_RANDMMAP
42388+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) { 42404+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
42389+ unsigned long start, size; 42405+ unsigned long start, size;
@@ -42408,12 +42424,11 @@ index 16f7354..7cc1e24 100644
42408+ send_sig(SIGKILL, current, 0); 42424+ send_sig(SIGKILL, current, 0);
42409+ goto out_free_dentry; 42425+ goto out_free_dentry;
42410+ } 42426+ }
42411+ } 42427 }
42412+#endif 42428+#endif
42413+ 42429
42414 if (elf_interpreter) { 42430 if (elf_interpreter) {
42415 unsigned long uninitialized_var(interp_map_addr); 42431 unsigned long uninitialized_var(interp_map_addr);
42416
42417@@ -1109,7 +1556,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) 42432@@ -1109,7 +1556,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
42418 * Decide what to dump of a segment, part, all or none. 42433 * Decide what to dump of a segment, part, all or none.
42419 */ 42434 */
@@ -43606,7 +43621,7 @@ index b2a34a1..162fa69 100644
43606 return rc; 43621 return rc;
43607 } 43622 }
43608diff --git a/fs/exec.c b/fs/exec.c 43623diff --git a/fs/exec.c b/fs/exec.c
43609index 29e5f84..7acfbdb 100644 43624index 126e01c..be60c6e 100644
43610--- a/fs/exec.c 43625--- a/fs/exec.c
43611+++ b/fs/exec.c 43626+++ b/fs/exec.c
43612@@ -55,6 +55,15 @@ 43627@@ -55,6 +55,15 @@
@@ -44489,7 +44504,7 @@ index baac1b1..1499b62 100644
44489 } 44504 }
44490 return 1; 44505 return 1;
44491diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c 44506diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
44492index 8da837b..ed3835b 100644 44507index df76291..60a4ad3 100644
44493--- a/fs/ext4/balloc.c 44508--- a/fs/ext4/balloc.c
44494+++ b/fs/ext4/balloc.c 44509+++ b/fs/ext4/balloc.c
44495@@ -463,8 +463,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, 44510@@ -463,8 +463,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
@@ -44504,10 +44519,10 @@ index 8da837b..ed3835b 100644
44504 if (free_clusters >= (nclusters + dirty_clusters)) 44519 if (free_clusters >= (nclusters + dirty_clusters))
44505 return 1; 44520 return 1;
44506diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h 44521diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
44507index 0e01e90..ae2bd5e 100644 44522index 47d1c8c..a8e1cc7 100644
44508--- a/fs/ext4/ext4.h 44523--- a/fs/ext4/ext4.h
44509+++ b/fs/ext4/ext4.h 44524+++ b/fs/ext4/ext4.h
44510@@ -1225,19 +1225,19 @@ struct ext4_sb_info { 44525@@ -1224,19 +1224,19 @@ struct ext4_sb_info {
44511 unsigned long s_mb_last_start; 44526 unsigned long s_mb_last_start;
44512 44527
44513 /* stats for buddy allocator */ 44528 /* stats for buddy allocator */
@@ -45064,26 +45079,13 @@ index f6aad48..88dcf26 100644
45064-extern atomic_t fscache_n_op_gc; 45079-extern atomic_t fscache_n_op_gc;
45065-extern atomic_t fscache_n_op_cancelled; 45080-extern atomic_t fscache_n_op_cancelled;
45066-extern atomic_t fscache_n_op_rejected; 45081-extern atomic_t fscache_n_op_rejected;
45067+extern atomic_unchecked_t fscache_n_op_pend; 45082-
45068+extern atomic_unchecked_t fscache_n_op_run;
45069+extern atomic_unchecked_t fscache_n_op_enqueue;
45070+extern atomic_unchecked_t fscache_n_op_deferred_release;
45071+extern atomic_unchecked_t fscache_n_op_release;
45072+extern atomic_unchecked_t fscache_n_op_gc;
45073+extern atomic_unchecked_t fscache_n_op_cancelled;
45074+extern atomic_unchecked_t fscache_n_op_rejected;
45075
45076-extern atomic_t fscache_n_attr_changed; 45083-extern atomic_t fscache_n_attr_changed;
45077-extern atomic_t fscache_n_attr_changed_ok; 45084-extern atomic_t fscache_n_attr_changed_ok;
45078-extern atomic_t fscache_n_attr_changed_nobufs; 45085-extern atomic_t fscache_n_attr_changed_nobufs;
45079-extern atomic_t fscache_n_attr_changed_nomem; 45086-extern atomic_t fscache_n_attr_changed_nomem;
45080-extern atomic_t fscache_n_attr_changed_calls; 45087-extern atomic_t fscache_n_attr_changed_calls;
45081+extern atomic_unchecked_t fscache_n_attr_changed; 45088-
45082+extern atomic_unchecked_t fscache_n_attr_changed_ok;
45083+extern atomic_unchecked_t fscache_n_attr_changed_nobufs;
45084+extern atomic_unchecked_t fscache_n_attr_changed_nomem;
45085+extern atomic_unchecked_t fscache_n_attr_changed_calls;
45086
45087-extern atomic_t fscache_n_allocs; 45089-extern atomic_t fscache_n_allocs;
45088-extern atomic_t fscache_n_allocs_ok; 45090-extern atomic_t fscache_n_allocs_ok;
45089-extern atomic_t fscache_n_allocs_wait; 45091-extern atomic_t fscache_n_allocs_wait;
@@ -45092,15 +45094,7 @@ index f6aad48..88dcf26 100644
45092-extern atomic_t fscache_n_allocs_object_dead; 45094-extern atomic_t fscache_n_allocs_object_dead;
45093-extern atomic_t fscache_n_alloc_ops; 45095-extern atomic_t fscache_n_alloc_ops;
45094-extern atomic_t fscache_n_alloc_op_waits; 45096-extern atomic_t fscache_n_alloc_op_waits;
45095+extern atomic_unchecked_t fscache_n_allocs; 45097-
45096+extern atomic_unchecked_t fscache_n_allocs_ok;
45097+extern atomic_unchecked_t fscache_n_allocs_wait;
45098+extern atomic_unchecked_t fscache_n_allocs_nobufs;
45099+extern atomic_unchecked_t fscache_n_allocs_intr;
45100+extern atomic_unchecked_t fscache_n_allocs_object_dead;
45101+extern atomic_unchecked_t fscache_n_alloc_ops;
45102+extern atomic_unchecked_t fscache_n_alloc_op_waits;
45103
45104-extern atomic_t fscache_n_retrievals; 45098-extern atomic_t fscache_n_retrievals;
45105-extern atomic_t fscache_n_retrievals_ok; 45099-extern atomic_t fscache_n_retrievals_ok;
45106-extern atomic_t fscache_n_retrievals_wait; 45100-extern atomic_t fscache_n_retrievals_wait;
@@ -45111,17 +45105,7 @@ index f6aad48..88dcf26 100644
45111-extern atomic_t fscache_n_retrievals_object_dead; 45105-extern atomic_t fscache_n_retrievals_object_dead;
45112-extern atomic_t fscache_n_retrieval_ops; 45106-extern atomic_t fscache_n_retrieval_ops;
45113-extern atomic_t fscache_n_retrieval_op_waits; 45107-extern atomic_t fscache_n_retrieval_op_waits;
45114+extern atomic_unchecked_t fscache_n_retrievals; 45108-
45115+extern atomic_unchecked_t fscache_n_retrievals_ok;
45116+extern atomic_unchecked_t fscache_n_retrievals_wait;
45117+extern atomic_unchecked_t fscache_n_retrievals_nodata;
45118+extern atomic_unchecked_t fscache_n_retrievals_nobufs;
45119+extern atomic_unchecked_t fscache_n_retrievals_intr;
45120+extern atomic_unchecked_t fscache_n_retrievals_nomem;
45121+extern atomic_unchecked_t fscache_n_retrievals_object_dead;
45122+extern atomic_unchecked_t fscache_n_retrieval_ops;
45123+extern atomic_unchecked_t fscache_n_retrieval_op_waits;
45124
45125-extern atomic_t fscache_n_stores; 45109-extern atomic_t fscache_n_stores;
45126-extern atomic_t fscache_n_stores_ok; 45110-extern atomic_t fscache_n_stores_ok;
45127-extern atomic_t fscache_n_stores_again; 45111-extern atomic_t fscache_n_stores_again;
@@ -45132,6 +45116,84 @@ index f6aad48..88dcf26 100644
45132-extern atomic_t fscache_n_store_pages; 45116-extern atomic_t fscache_n_store_pages;
45133-extern atomic_t fscache_n_store_radix_deletes; 45117-extern atomic_t fscache_n_store_radix_deletes;
45134-extern atomic_t fscache_n_store_pages_over_limit; 45118-extern atomic_t fscache_n_store_pages_over_limit;
45119-
45120-extern atomic_t fscache_n_store_vmscan_not_storing;
45121-extern atomic_t fscache_n_store_vmscan_gone;
45122-extern atomic_t fscache_n_store_vmscan_busy;
45123-extern atomic_t fscache_n_store_vmscan_cancelled;
45124-
45125-extern atomic_t fscache_n_marks;
45126-extern atomic_t fscache_n_uncaches;
45127-
45128-extern atomic_t fscache_n_acquires;
45129-extern atomic_t fscache_n_acquires_null;
45130-extern atomic_t fscache_n_acquires_no_cache;
45131-extern atomic_t fscache_n_acquires_ok;
45132-extern atomic_t fscache_n_acquires_nobufs;
45133-extern atomic_t fscache_n_acquires_oom;
45134-
45135-extern atomic_t fscache_n_updates;
45136-extern atomic_t fscache_n_updates_null;
45137-extern atomic_t fscache_n_updates_run;
45138-
45139-extern atomic_t fscache_n_relinquishes;
45140-extern atomic_t fscache_n_relinquishes_null;
45141-extern atomic_t fscache_n_relinquishes_waitcrt;
45142-extern atomic_t fscache_n_relinquishes_retire;
45143-
45144-extern atomic_t fscache_n_cookie_index;
45145-extern atomic_t fscache_n_cookie_data;
45146-extern atomic_t fscache_n_cookie_special;
45147-
45148-extern atomic_t fscache_n_object_alloc;
45149-extern atomic_t fscache_n_object_no_alloc;
45150-extern atomic_t fscache_n_object_lookups;
45151-extern atomic_t fscache_n_object_lookups_negative;
45152-extern atomic_t fscache_n_object_lookups_positive;
45153-extern atomic_t fscache_n_object_lookups_timed_out;
45154-extern atomic_t fscache_n_object_created;
45155-extern atomic_t fscache_n_object_avail;
45156-extern atomic_t fscache_n_object_dead;
45157-
45158-extern atomic_t fscache_n_checkaux_none;
45159-extern atomic_t fscache_n_checkaux_okay;
45160-extern atomic_t fscache_n_checkaux_update;
45161-extern atomic_t fscache_n_checkaux_obsolete;
45162+extern atomic_unchecked_t fscache_n_op_pend;
45163+extern atomic_unchecked_t fscache_n_op_run;
45164+extern atomic_unchecked_t fscache_n_op_enqueue;
45165+extern atomic_unchecked_t fscache_n_op_deferred_release;
45166+extern atomic_unchecked_t fscache_n_op_release;
45167+extern atomic_unchecked_t fscache_n_op_gc;
45168+extern atomic_unchecked_t fscache_n_op_cancelled;
45169+extern atomic_unchecked_t fscache_n_op_rejected;
45170+
45171+extern atomic_unchecked_t fscache_n_attr_changed;
45172+extern atomic_unchecked_t fscache_n_attr_changed_ok;
45173+extern atomic_unchecked_t fscache_n_attr_changed_nobufs;
45174+extern atomic_unchecked_t fscache_n_attr_changed_nomem;
45175+extern atomic_unchecked_t fscache_n_attr_changed_calls;
45176+
45177+extern atomic_unchecked_t fscache_n_allocs;
45178+extern atomic_unchecked_t fscache_n_allocs_ok;
45179+extern atomic_unchecked_t fscache_n_allocs_wait;
45180+extern atomic_unchecked_t fscache_n_allocs_nobufs;
45181+extern atomic_unchecked_t fscache_n_allocs_intr;
45182+extern atomic_unchecked_t fscache_n_allocs_object_dead;
45183+extern atomic_unchecked_t fscache_n_alloc_ops;
45184+extern atomic_unchecked_t fscache_n_alloc_op_waits;
45185+
45186+extern atomic_unchecked_t fscache_n_retrievals;
45187+extern atomic_unchecked_t fscache_n_retrievals_ok;
45188+extern atomic_unchecked_t fscache_n_retrievals_wait;
45189+extern atomic_unchecked_t fscache_n_retrievals_nodata;
45190+extern atomic_unchecked_t fscache_n_retrievals_nobufs;
45191+extern atomic_unchecked_t fscache_n_retrievals_intr;
45192+extern atomic_unchecked_t fscache_n_retrievals_nomem;
45193+extern atomic_unchecked_t fscache_n_retrievals_object_dead;
45194+extern atomic_unchecked_t fscache_n_retrieval_ops;
45195+extern atomic_unchecked_t fscache_n_retrieval_op_waits;
45196+
45135+extern atomic_unchecked_t fscache_n_stores; 45197+extern atomic_unchecked_t fscache_n_stores;
45136+extern atomic_unchecked_t fscache_n_stores_ok; 45198+extern atomic_unchecked_t fscache_n_stores_ok;
45137+extern atomic_unchecked_t fscache_n_stores_again; 45199+extern atomic_unchecked_t fscache_n_stores_again;
@@ -45142,66 +45204,35 @@ index f6aad48..88dcf26 100644
45142+extern atomic_unchecked_t fscache_n_store_pages; 45204+extern atomic_unchecked_t fscache_n_store_pages;
45143+extern atomic_unchecked_t fscache_n_store_radix_deletes; 45205+extern atomic_unchecked_t fscache_n_store_radix_deletes;
45144+extern atomic_unchecked_t fscache_n_store_pages_over_limit; 45206+extern atomic_unchecked_t fscache_n_store_pages_over_limit;
45145 45207+
45146-extern atomic_t fscache_n_store_vmscan_not_storing;
45147-extern atomic_t fscache_n_store_vmscan_gone;
45148-extern atomic_t fscache_n_store_vmscan_busy;
45149-extern atomic_t fscache_n_store_vmscan_cancelled;
45150+extern atomic_unchecked_t fscache_n_store_vmscan_not_storing; 45208+extern atomic_unchecked_t fscache_n_store_vmscan_not_storing;
45151+extern atomic_unchecked_t fscache_n_store_vmscan_gone; 45209+extern atomic_unchecked_t fscache_n_store_vmscan_gone;
45152+extern atomic_unchecked_t fscache_n_store_vmscan_busy; 45210+extern atomic_unchecked_t fscache_n_store_vmscan_busy;
45153+extern atomic_unchecked_t fscache_n_store_vmscan_cancelled; 45211+extern atomic_unchecked_t fscache_n_store_vmscan_cancelled;
45154 45212+
45155-extern atomic_t fscache_n_marks;
45156-extern atomic_t fscache_n_uncaches;
45157+extern atomic_unchecked_t fscache_n_marks; 45213+extern atomic_unchecked_t fscache_n_marks;
45158+extern atomic_unchecked_t fscache_n_uncaches; 45214+extern atomic_unchecked_t fscache_n_uncaches;
45159 45215+
45160-extern atomic_t fscache_n_acquires;
45161-extern atomic_t fscache_n_acquires_null;
45162-extern atomic_t fscache_n_acquires_no_cache;
45163-extern atomic_t fscache_n_acquires_ok;
45164-extern atomic_t fscache_n_acquires_nobufs;
45165-extern atomic_t fscache_n_acquires_oom;
45166+extern atomic_unchecked_t fscache_n_acquires; 45216+extern atomic_unchecked_t fscache_n_acquires;
45167+extern atomic_unchecked_t fscache_n_acquires_null; 45217+extern atomic_unchecked_t fscache_n_acquires_null;
45168+extern atomic_unchecked_t fscache_n_acquires_no_cache; 45218+extern atomic_unchecked_t fscache_n_acquires_no_cache;
45169+extern atomic_unchecked_t fscache_n_acquires_ok; 45219+extern atomic_unchecked_t fscache_n_acquires_ok;
45170+extern atomic_unchecked_t fscache_n_acquires_nobufs; 45220+extern atomic_unchecked_t fscache_n_acquires_nobufs;
45171+extern atomic_unchecked_t fscache_n_acquires_oom; 45221+extern atomic_unchecked_t fscache_n_acquires_oom;
45172 45222+
45173-extern atomic_t fscache_n_updates;
45174-extern atomic_t fscache_n_updates_null;
45175-extern atomic_t fscache_n_updates_run;
45176+extern atomic_unchecked_t fscache_n_updates; 45223+extern atomic_unchecked_t fscache_n_updates;
45177+extern atomic_unchecked_t fscache_n_updates_null; 45224+extern atomic_unchecked_t fscache_n_updates_null;
45178+extern atomic_unchecked_t fscache_n_updates_run; 45225+extern atomic_unchecked_t fscache_n_updates_run;
45179 45226+
45180-extern atomic_t fscache_n_relinquishes;
45181-extern atomic_t fscache_n_relinquishes_null;
45182-extern atomic_t fscache_n_relinquishes_waitcrt;
45183-extern atomic_t fscache_n_relinquishes_retire;
45184+extern atomic_unchecked_t fscache_n_relinquishes; 45227+extern atomic_unchecked_t fscache_n_relinquishes;
45185+extern atomic_unchecked_t fscache_n_relinquishes_null; 45228+extern atomic_unchecked_t fscache_n_relinquishes_null;
45186+extern atomic_unchecked_t fscache_n_relinquishes_waitcrt; 45229+extern atomic_unchecked_t fscache_n_relinquishes_waitcrt;
45187+extern atomic_unchecked_t fscache_n_relinquishes_retire; 45230+extern atomic_unchecked_t fscache_n_relinquishes_retire;
45188 45231+
45189-extern atomic_t fscache_n_cookie_index;
45190-extern atomic_t fscache_n_cookie_data;
45191-extern atomic_t fscache_n_cookie_special;
45192+extern atomic_unchecked_t fscache_n_cookie_index; 45232+extern atomic_unchecked_t fscache_n_cookie_index;
45193+extern atomic_unchecked_t fscache_n_cookie_data; 45233+extern atomic_unchecked_t fscache_n_cookie_data;
45194+extern atomic_unchecked_t fscache_n_cookie_special; 45234+extern atomic_unchecked_t fscache_n_cookie_special;
45195 45235+
45196-extern atomic_t fscache_n_object_alloc;
45197-extern atomic_t fscache_n_object_no_alloc;
45198-extern atomic_t fscache_n_object_lookups;
45199-extern atomic_t fscache_n_object_lookups_negative;
45200-extern atomic_t fscache_n_object_lookups_positive;
45201-extern atomic_t fscache_n_object_lookups_timed_out;
45202-extern atomic_t fscache_n_object_created;
45203-extern atomic_t fscache_n_object_avail;
45204-extern atomic_t fscache_n_object_dead;
45205+extern atomic_unchecked_t fscache_n_object_alloc; 45236+extern atomic_unchecked_t fscache_n_object_alloc;
45206+extern atomic_unchecked_t fscache_n_object_no_alloc; 45237+extern atomic_unchecked_t fscache_n_object_no_alloc;
45207+extern atomic_unchecked_t fscache_n_object_lookups; 45238+extern atomic_unchecked_t fscache_n_object_lookups;
@@ -45211,11 +45242,7 @@ index f6aad48..88dcf26 100644
45211+extern atomic_unchecked_t fscache_n_object_created; 45242+extern atomic_unchecked_t fscache_n_object_created;
45212+extern atomic_unchecked_t fscache_n_object_avail; 45243+extern atomic_unchecked_t fscache_n_object_avail;
45213+extern atomic_unchecked_t fscache_n_object_dead; 45244+extern atomic_unchecked_t fscache_n_object_dead;
45214 45245+
45215-extern atomic_t fscache_n_checkaux_none;
45216-extern atomic_t fscache_n_checkaux_okay;
45217-extern atomic_t fscache_n_checkaux_update;
45218-extern atomic_t fscache_n_checkaux_obsolete;
45219+extern atomic_unchecked_t fscache_n_checkaux_none; 45246+extern atomic_unchecked_t fscache_n_checkaux_none;
45220+extern atomic_unchecked_t fscache_n_checkaux_okay; 45247+extern atomic_unchecked_t fscache_n_checkaux_okay;
45221+extern atomic_unchecked_t fscache_n_checkaux_update; 45248+extern atomic_unchecked_t fscache_n_checkaux_update;
@@ -45881,27 +45908,13 @@ index 4765190..2a067f2 100644
45881-atomic_t fscache_n_op_gc; 45908-atomic_t fscache_n_op_gc;
45882-atomic_t fscache_n_op_cancelled; 45909-atomic_t fscache_n_op_cancelled;
45883-atomic_t fscache_n_op_rejected; 45910-atomic_t fscache_n_op_rejected;
45884+atomic_unchecked_t fscache_n_op_pend; 45911-
45885+atomic_unchecked_t fscache_n_op_run;
45886+atomic_unchecked_t fscache_n_op_enqueue;
45887+atomic_unchecked_t fscache_n_op_requeue;
45888+atomic_unchecked_t fscache_n_op_deferred_release;
45889+atomic_unchecked_t fscache_n_op_release;
45890+atomic_unchecked_t fscache_n_op_gc;
45891+atomic_unchecked_t fscache_n_op_cancelled;
45892+atomic_unchecked_t fscache_n_op_rejected;
45893
45894-atomic_t fscache_n_attr_changed; 45912-atomic_t fscache_n_attr_changed;
45895-atomic_t fscache_n_attr_changed_ok; 45913-atomic_t fscache_n_attr_changed_ok;
45896-atomic_t fscache_n_attr_changed_nobufs; 45914-atomic_t fscache_n_attr_changed_nobufs;
45897-atomic_t fscache_n_attr_changed_nomem; 45915-atomic_t fscache_n_attr_changed_nomem;
45898-atomic_t fscache_n_attr_changed_calls; 45916-atomic_t fscache_n_attr_changed_calls;
45899+atomic_unchecked_t fscache_n_attr_changed; 45917-
45900+atomic_unchecked_t fscache_n_attr_changed_ok;
45901+atomic_unchecked_t fscache_n_attr_changed_nobufs;
45902+atomic_unchecked_t fscache_n_attr_changed_nomem;
45903+atomic_unchecked_t fscache_n_attr_changed_calls;
45904
45905-atomic_t fscache_n_allocs; 45918-atomic_t fscache_n_allocs;
45906-atomic_t fscache_n_allocs_ok; 45919-atomic_t fscache_n_allocs_ok;
45907-atomic_t fscache_n_allocs_wait; 45920-atomic_t fscache_n_allocs_wait;
@@ -45910,15 +45923,7 @@ index 4765190..2a067f2 100644
45910-atomic_t fscache_n_allocs_object_dead; 45923-atomic_t fscache_n_allocs_object_dead;
45911-atomic_t fscache_n_alloc_ops; 45924-atomic_t fscache_n_alloc_ops;
45912-atomic_t fscache_n_alloc_op_waits; 45925-atomic_t fscache_n_alloc_op_waits;
45913+atomic_unchecked_t fscache_n_allocs; 45926-
45914+atomic_unchecked_t fscache_n_allocs_ok;
45915+atomic_unchecked_t fscache_n_allocs_wait;
45916+atomic_unchecked_t fscache_n_allocs_nobufs;
45917+atomic_unchecked_t fscache_n_allocs_intr;
45918+atomic_unchecked_t fscache_n_allocs_object_dead;
45919+atomic_unchecked_t fscache_n_alloc_ops;
45920+atomic_unchecked_t fscache_n_alloc_op_waits;
45921
45922-atomic_t fscache_n_retrievals; 45927-atomic_t fscache_n_retrievals;
45923-atomic_t fscache_n_retrievals_ok; 45928-atomic_t fscache_n_retrievals_ok;
45924-atomic_t fscache_n_retrievals_wait; 45929-atomic_t fscache_n_retrievals_wait;
@@ -45929,17 +45934,7 @@ index 4765190..2a067f2 100644
45929-atomic_t fscache_n_retrievals_object_dead; 45934-atomic_t fscache_n_retrievals_object_dead;
45930-atomic_t fscache_n_retrieval_ops; 45935-atomic_t fscache_n_retrieval_ops;
45931-atomic_t fscache_n_retrieval_op_waits; 45936-atomic_t fscache_n_retrieval_op_waits;
45932+atomic_unchecked_t fscache_n_retrievals; 45937-
45933+atomic_unchecked_t fscache_n_retrievals_ok;
45934+atomic_unchecked_t fscache_n_retrievals_wait;
45935+atomic_unchecked_t fscache_n_retrievals_nodata;
45936+atomic_unchecked_t fscache_n_retrievals_nobufs;
45937+atomic_unchecked_t fscache_n_retrievals_intr;
45938+atomic_unchecked_t fscache_n_retrievals_nomem;
45939+atomic_unchecked_t fscache_n_retrievals_object_dead;
45940+atomic_unchecked_t fscache_n_retrieval_ops;
45941+atomic_unchecked_t fscache_n_retrieval_op_waits;
45942
45943-atomic_t fscache_n_stores; 45938-atomic_t fscache_n_stores;
45944-atomic_t fscache_n_stores_ok; 45939-atomic_t fscache_n_stores_ok;
45945-atomic_t fscache_n_stores_again; 45940-atomic_t fscache_n_stores_again;
@@ -45950,6 +45945,85 @@ index 4765190..2a067f2 100644
45950-atomic_t fscache_n_store_pages; 45945-atomic_t fscache_n_store_pages;
45951-atomic_t fscache_n_store_radix_deletes; 45946-atomic_t fscache_n_store_radix_deletes;
45952-atomic_t fscache_n_store_pages_over_limit; 45947-atomic_t fscache_n_store_pages_over_limit;
45948-
45949-atomic_t fscache_n_store_vmscan_not_storing;
45950-atomic_t fscache_n_store_vmscan_gone;
45951-atomic_t fscache_n_store_vmscan_busy;
45952-atomic_t fscache_n_store_vmscan_cancelled;
45953-
45954-atomic_t fscache_n_marks;
45955-atomic_t fscache_n_uncaches;
45956-
45957-atomic_t fscache_n_acquires;
45958-atomic_t fscache_n_acquires_null;
45959-atomic_t fscache_n_acquires_no_cache;
45960-atomic_t fscache_n_acquires_ok;
45961-atomic_t fscache_n_acquires_nobufs;
45962-atomic_t fscache_n_acquires_oom;
45963-
45964-atomic_t fscache_n_updates;
45965-atomic_t fscache_n_updates_null;
45966-atomic_t fscache_n_updates_run;
45967-
45968-atomic_t fscache_n_relinquishes;
45969-atomic_t fscache_n_relinquishes_null;
45970-atomic_t fscache_n_relinquishes_waitcrt;
45971-atomic_t fscache_n_relinquishes_retire;
45972-
45973-atomic_t fscache_n_cookie_index;
45974-atomic_t fscache_n_cookie_data;
45975-atomic_t fscache_n_cookie_special;
45976-
45977-atomic_t fscache_n_object_alloc;
45978-atomic_t fscache_n_object_no_alloc;
45979-atomic_t fscache_n_object_lookups;
45980-atomic_t fscache_n_object_lookups_negative;
45981-atomic_t fscache_n_object_lookups_positive;
45982-atomic_t fscache_n_object_lookups_timed_out;
45983-atomic_t fscache_n_object_created;
45984-atomic_t fscache_n_object_avail;
45985-atomic_t fscache_n_object_dead;
45986-
45987-atomic_t fscache_n_checkaux_none;
45988-atomic_t fscache_n_checkaux_okay;
45989-atomic_t fscache_n_checkaux_update;
45990-atomic_t fscache_n_checkaux_obsolete;
45991+atomic_unchecked_t fscache_n_op_pend;
45992+atomic_unchecked_t fscache_n_op_run;
45993+atomic_unchecked_t fscache_n_op_enqueue;
45994+atomic_unchecked_t fscache_n_op_requeue;
45995+atomic_unchecked_t fscache_n_op_deferred_release;
45996+atomic_unchecked_t fscache_n_op_release;
45997+atomic_unchecked_t fscache_n_op_gc;
45998+atomic_unchecked_t fscache_n_op_cancelled;
45999+atomic_unchecked_t fscache_n_op_rejected;
46000+
46001+atomic_unchecked_t fscache_n_attr_changed;
46002+atomic_unchecked_t fscache_n_attr_changed_ok;
46003+atomic_unchecked_t fscache_n_attr_changed_nobufs;
46004+atomic_unchecked_t fscache_n_attr_changed_nomem;
46005+atomic_unchecked_t fscache_n_attr_changed_calls;
46006+
46007+atomic_unchecked_t fscache_n_allocs;
46008+atomic_unchecked_t fscache_n_allocs_ok;
46009+atomic_unchecked_t fscache_n_allocs_wait;
46010+atomic_unchecked_t fscache_n_allocs_nobufs;
46011+atomic_unchecked_t fscache_n_allocs_intr;
46012+atomic_unchecked_t fscache_n_allocs_object_dead;
46013+atomic_unchecked_t fscache_n_alloc_ops;
46014+atomic_unchecked_t fscache_n_alloc_op_waits;
46015+
46016+atomic_unchecked_t fscache_n_retrievals;
46017+atomic_unchecked_t fscache_n_retrievals_ok;
46018+atomic_unchecked_t fscache_n_retrievals_wait;
46019+atomic_unchecked_t fscache_n_retrievals_nodata;
46020+atomic_unchecked_t fscache_n_retrievals_nobufs;
46021+atomic_unchecked_t fscache_n_retrievals_intr;
46022+atomic_unchecked_t fscache_n_retrievals_nomem;
46023+atomic_unchecked_t fscache_n_retrievals_object_dead;
46024+atomic_unchecked_t fscache_n_retrieval_ops;
46025+atomic_unchecked_t fscache_n_retrieval_op_waits;
46026+
45953+atomic_unchecked_t fscache_n_stores; 46027+atomic_unchecked_t fscache_n_stores;
45954+atomic_unchecked_t fscache_n_stores_ok; 46028+atomic_unchecked_t fscache_n_stores_ok;
45955+atomic_unchecked_t fscache_n_stores_again; 46029+atomic_unchecked_t fscache_n_stores_again;
@@ -45960,66 +46034,35 @@ index 4765190..2a067f2 100644
45960+atomic_unchecked_t fscache_n_store_pages; 46034+atomic_unchecked_t fscache_n_store_pages;
45961+atomic_unchecked_t fscache_n_store_radix_deletes; 46035+atomic_unchecked_t fscache_n_store_radix_deletes;
45962+atomic_unchecked_t fscache_n_store_pages_over_limit; 46036+atomic_unchecked_t fscache_n_store_pages_over_limit;
45963 46037+
45964-atomic_t fscache_n_store_vmscan_not_storing;
45965-atomic_t fscache_n_store_vmscan_gone;
45966-atomic_t fscache_n_store_vmscan_busy;
45967-atomic_t fscache_n_store_vmscan_cancelled;
45968+atomic_unchecked_t fscache_n_store_vmscan_not_storing; 46038+atomic_unchecked_t fscache_n_store_vmscan_not_storing;
45969+atomic_unchecked_t fscache_n_store_vmscan_gone; 46039+atomic_unchecked_t fscache_n_store_vmscan_gone;
45970+atomic_unchecked_t fscache_n_store_vmscan_busy; 46040+atomic_unchecked_t fscache_n_store_vmscan_busy;
45971+atomic_unchecked_t fscache_n_store_vmscan_cancelled; 46041+atomic_unchecked_t fscache_n_store_vmscan_cancelled;
45972 46042+
45973-atomic_t fscache_n_marks;
45974-atomic_t fscache_n_uncaches;
45975+atomic_unchecked_t fscache_n_marks; 46043+atomic_unchecked_t fscache_n_marks;
45976+atomic_unchecked_t fscache_n_uncaches; 46044+atomic_unchecked_t fscache_n_uncaches;
45977 46045+
45978-atomic_t fscache_n_acquires;
45979-atomic_t fscache_n_acquires_null;
45980-atomic_t fscache_n_acquires_no_cache;
45981-atomic_t fscache_n_acquires_ok;
45982-atomic_t fscache_n_acquires_nobufs;
45983-atomic_t fscache_n_acquires_oom;
45984+atomic_unchecked_t fscache_n_acquires; 46046+atomic_unchecked_t fscache_n_acquires;
45985+atomic_unchecked_t fscache_n_acquires_null; 46047+atomic_unchecked_t fscache_n_acquires_null;
45986+atomic_unchecked_t fscache_n_acquires_no_cache; 46048+atomic_unchecked_t fscache_n_acquires_no_cache;
45987+atomic_unchecked_t fscache_n_acquires_ok; 46049+atomic_unchecked_t fscache_n_acquires_ok;
45988+atomic_unchecked_t fscache_n_acquires_nobufs; 46050+atomic_unchecked_t fscache_n_acquires_nobufs;
45989+atomic_unchecked_t fscache_n_acquires_oom; 46051+atomic_unchecked_t fscache_n_acquires_oom;
45990 46052+
45991-atomic_t fscache_n_updates;
45992-atomic_t fscache_n_updates_null;
45993-atomic_t fscache_n_updates_run;
45994+atomic_unchecked_t fscache_n_updates; 46053+atomic_unchecked_t fscache_n_updates;
45995+atomic_unchecked_t fscache_n_updates_null; 46054+atomic_unchecked_t fscache_n_updates_null;
45996+atomic_unchecked_t fscache_n_updates_run; 46055+atomic_unchecked_t fscache_n_updates_run;
45997 46056+
45998-atomic_t fscache_n_relinquishes;
45999-atomic_t fscache_n_relinquishes_null;
46000-atomic_t fscache_n_relinquishes_waitcrt;
46001-atomic_t fscache_n_relinquishes_retire;
46002+atomic_unchecked_t fscache_n_relinquishes; 46057+atomic_unchecked_t fscache_n_relinquishes;
46003+atomic_unchecked_t fscache_n_relinquishes_null; 46058+atomic_unchecked_t fscache_n_relinquishes_null;
46004+atomic_unchecked_t fscache_n_relinquishes_waitcrt; 46059+atomic_unchecked_t fscache_n_relinquishes_waitcrt;
46005+atomic_unchecked_t fscache_n_relinquishes_retire; 46060+atomic_unchecked_t fscache_n_relinquishes_retire;
46006 46061+
46007-atomic_t fscache_n_cookie_index;
46008-atomic_t fscache_n_cookie_data;
46009-atomic_t fscache_n_cookie_special;
46010+atomic_unchecked_t fscache_n_cookie_index; 46062+atomic_unchecked_t fscache_n_cookie_index;
46011+atomic_unchecked_t fscache_n_cookie_data; 46063+atomic_unchecked_t fscache_n_cookie_data;
46012+atomic_unchecked_t fscache_n_cookie_special; 46064+atomic_unchecked_t fscache_n_cookie_special;
46013 46065+
46014-atomic_t fscache_n_object_alloc;
46015-atomic_t fscache_n_object_no_alloc;
46016-atomic_t fscache_n_object_lookups;
46017-atomic_t fscache_n_object_lookups_negative;
46018-atomic_t fscache_n_object_lookups_positive;
46019-atomic_t fscache_n_object_lookups_timed_out;
46020-atomic_t fscache_n_object_created;
46021-atomic_t fscache_n_object_avail;
46022-atomic_t fscache_n_object_dead;
46023+atomic_unchecked_t fscache_n_object_alloc; 46066+atomic_unchecked_t fscache_n_object_alloc;
46024+atomic_unchecked_t fscache_n_object_no_alloc; 46067+atomic_unchecked_t fscache_n_object_no_alloc;
46025+atomic_unchecked_t fscache_n_object_lookups; 46068+atomic_unchecked_t fscache_n_object_lookups;
@@ -46029,11 +46072,7 @@ index 4765190..2a067f2 100644
46029+atomic_unchecked_t fscache_n_object_created; 46072+atomic_unchecked_t fscache_n_object_created;
46030+atomic_unchecked_t fscache_n_object_avail; 46073+atomic_unchecked_t fscache_n_object_avail;
46031+atomic_unchecked_t fscache_n_object_dead; 46074+atomic_unchecked_t fscache_n_object_dead;
46032 46075+
46033-atomic_t fscache_n_checkaux_none;
46034-atomic_t fscache_n_checkaux_okay;
46035-atomic_t fscache_n_checkaux_update;
46036-atomic_t fscache_n_checkaux_obsolete;
46037+atomic_unchecked_t fscache_n_checkaux_none; 46076+atomic_unchecked_t fscache_n_checkaux_none;
46038+atomic_unchecked_t fscache_n_checkaux_okay; 46077+atomic_unchecked_t fscache_n_checkaux_okay;
46039+atomic_unchecked_t fscache_n_checkaux_update; 46078+atomic_unchecked_t fscache_n_checkaux_update;
@@ -46407,36 +46446,9 @@ index 8392cb8..80d6193 100644
46407 memcpy(c->data, &cookie, 4); 46446 memcpy(c->data, &cookie, 4);
46408 c->len=4; 46447 c->len=4;
46409diff --git a/fs/locks.c b/fs/locks.c 46448diff --git a/fs/locks.c b/fs/locks.c
46410index 6a64f15..c3dacf2 100644 46449index fcc50ab..c3dacf2 100644
46411--- a/fs/locks.c 46450--- a/fs/locks.c
46412+++ b/fs/locks.c 46451+++ b/fs/locks.c
46413@@ -308,7 +308,7 @@ static int flock_make_lock(struct file *filp, struct file_lock **lock,
46414 return 0;
46415 }
46416
46417-static int assign_type(struct file_lock *fl, int type)
46418+static int assign_type(struct file_lock *fl, long type)
46419 {
46420 switch (type) {
46421 case F_RDLCK:
46422@@ -445,7 +445,7 @@ static const struct lock_manager_operations lease_manager_ops = {
46423 /*
46424 * Initialize a lease, use the default lock manager operations
46425 */
46426-static int lease_init(struct file *filp, int type, struct file_lock *fl)
46427+static int lease_init(struct file *filp, long type, struct file_lock *fl)
46428 {
46429 if (assign_type(fl, type) != 0)
46430 return -EINVAL;
46431@@ -463,7 +463,7 @@ static int lease_init(struct file *filp, int type, struct file_lock *fl)
46432 }
46433
46434 /* Allocate a file_lock initialised to this type of lease */
46435-static struct file_lock *lease_alloc(struct file *filp, int type)
46436+static struct file_lock *lease_alloc(struct file *filp, long type)
46437 {
46438 struct file_lock *fl = locks_alloc_lock();
46439 int error = -ENOMEM;
46440@@ -2075,16 +2075,16 @@ void locks_remove_flock(struct file *filp) 46452@@ -2075,16 +2075,16 @@ void locks_remove_flock(struct file *filp)
46441 return; 46453 return;
46442 46454
@@ -47929,33 +47941,35 @@ index 9fc77b4..4877d08 100644
47929 put_task_struct(task); 47941 put_task_struct(task);
47930 47942
47931 if (IS_ERR(mm)) 47943 if (IS_ERR(mm))
47932@@ -698,11 +757,24 @@ static int mem_open(struct inode* inode, struct file* file) 47944@@ -698,13 +757,26 @@ static int mem_open(struct inode* inode, struct file* file)
47933 mmput(mm); 47945 mmput(mm);
47934 } 47946 }
47935 47947
47936+ file->private_data = mm; 47948- /* OK to pass negative loff_t, we can catch out-of-range */
47937+ 47949- file->f_mode |= FMODE_UNSIGNED_OFFSET;
47950 file->private_data = mm;
47951
47938+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP 47952+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
47939+ file->f_version = current->exec_id; 47953+ file->f_version = current->exec_id;
47940+#endif 47954+#endif
47941+ 47955+
47942+ return 0; 47956 return 0;
47943+} 47957 }
47944+ 47958
47945+static int mem_open(struct inode *inode, struct file *file) 47959+static int mem_open(struct inode *inode, struct file *file)
47946+{ 47960+{
47947+ int ret; 47961+ int ret;
47948+ ret = __mem_open(inode, file, PTRACE_MODE_ATTACH); 47962+ ret = __mem_open(inode, file, PTRACE_MODE_ATTACH);
47949+ 47963+
47950 /* OK to pass negative loff_t, we can catch out-of-range */ 47964+ /* OK to pass negative loff_t, we can catch out-of-range */
47951 file->f_mode |= FMODE_UNSIGNED_OFFSET; 47965+ file->f_mode |= FMODE_UNSIGNED_OFFSET;
47952- file->private_data = mm; 47966+
47953
47954- return 0;
47955+ return ret; 47967+ return ret;
47956 } 47968+}
47957 47969+
47958 static ssize_t mem_rw(struct file *file, char __user *buf, 47970 static ssize_t mem_rw(struct file *file, char __user *buf,
47971 size_t count, loff_t *ppos, int write)
47972 {
47959@@ -713,6 +785,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, 47973@@ -713,6 +785,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
47960 ssize_t copied; 47974 ssize_t copied;
47961 char *page; 47975 char *page;
@@ -48023,22 +48037,22 @@ index 9fc77b4..4877d08 100644
48023+ goto free; 48037+ goto free;
48024 while (count > 0) { 48038 while (count > 0) {
48025- int this_len, retval, max_len; 48039- int this_len, retval, max_len;
48040-
48041- this_len = mm->env_end - (mm->env_start + src);
48026+ size_t this_len, max_len; 48042+ size_t this_len, max_len;
48027+ int retval; 48043+ int retval;
48028+
48029+ if (src >= (mm->env_end - mm->env_start))
48030+ break;
48031
48032 this_len = mm->env_end - (mm->env_start + src);
48033 48044
48034- if (this_len <= 0) 48045- if (this_len <= 0)
48035- break; 48046+ if (src >= (mm->env_end - mm->env_start))
48036+ max_len = min_t(size_t, PAGE_SIZE, count); 48047 break;
48037+ this_len = min(max_len, this_len);
48038 48048
48039- max_len = (count > PAGE_SIZE) ? PAGE_SIZE : count; 48049- max_len = (count > PAGE_SIZE) ? PAGE_SIZE : count;
48040- this_len = (this_len > max_len) ? max_len : this_len; 48050- this_len = (this_len > max_len) ? max_len : this_len;
48041- 48051+ this_len = mm->env_end - (mm->env_start + src);
48052+
48053+ max_len = min_t(size_t, PAGE_SIZE, count);
48054+ this_len = min(max_len, this_len);
48055
48042- retval = access_process_vm(task, (mm->env_start + src), 48056- retval = access_process_vm(task, (mm->env_start + src),
48043+ retval = access_remote_vm(mm, (mm->env_start + src), 48057+ retval = access_remote_vm(mm, (mm->env_start + src),
48044 page, this_len, 0); 48058 page, this_len, 0);
@@ -48443,9 +48457,7 @@ index 86c67ee..cdca321 100644
48443 } else { 48457 } else {
48444 if (kern_addr_valid(start)) { 48458 if (kern_addr_valid(start)) {
48445- unsigned long n; 48459- unsigned long n;
48446+ char *elf_buf; 48460-
48447+ mm_segment_t oldfs;
48448
48449- n = copy_to_user(buffer, (char *)start, tsz); 48461- n = copy_to_user(buffer, (char *)start, tsz);
48450- /* 48462- /*
48451- * We cannot distinguish between fault on source 48463- * We cannot distinguish between fault on source
@@ -48456,6 +48468,9 @@ index 86c67ee..cdca321 100644
48456- if (n) { 48468- if (n) {
48457- if (clear_user(buffer + tsz - n, 48469- if (clear_user(buffer + tsz - n,
48458- n)) 48470- n))
48471+ char *elf_buf;
48472+ mm_segment_t oldfs;
48473+
48459+ elf_buf = kmalloc(tsz, GFP_KERNEL); 48474+ elf_buf = kmalloc(tsz, GFP_KERNEL);
48460+ if (!elf_buf) 48475+ if (!elf_buf)
48461+ return -ENOMEM; 48476+ return -ENOMEM;
@@ -49100,7 +49115,7 @@ index a59d271..e12d1cf 100644
49100 #define __fs_changed(gen,s) (gen != get_generation (s)) 49115 #define __fs_changed(gen,s) (gen != get_generation (s))
49101 #define fs_changed(gen,s) \ 49116 #define fs_changed(gen,s) \
49102diff --git a/fs/select.c b/fs/select.c 49117diff --git a/fs/select.c b/fs/select.c
49103index 17d33d0..da0bf5c 100644 49118index 0baa0a3..7795e27 100644
49104--- a/fs/select.c 49119--- a/fs/select.c
49105+++ b/fs/select.c 49120+++ b/fs/select.c
49106@@ -20,6 +20,7 @@ 49121@@ -20,6 +20,7 @@
@@ -62157,7 +62172,7 @@ index 9b07725..3d55001 100644
62157 /** 62172 /**
62158 * struct ux500_charger - power supply ux500 charger sub class 62173 * struct ux500_charger - power supply ux500 charger sub class
62159diff --git a/include/linux/mm.h b/include/linux/mm.h 62174diff --git a/include/linux/mm.h b/include/linux/mm.h
62160index 74aa71b..4ae97ba 100644 62175index 441a564..81a3499 100644
62161--- a/include/linux/mm.h 62176--- a/include/linux/mm.h
62162+++ b/include/linux/mm.h 62177+++ b/include/linux/mm.h
62163@@ -116,7 +116,14 @@ extern unsigned int kobjsize(const void *objp); 62178@@ -116,7 +116,14 @@ extern unsigned int kobjsize(const void *objp);
@@ -62317,7 +62332,7 @@ index 74aa71b..4ae97ba 100644
62317 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); 62332 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
62318 int remap_pfn_range(struct vm_area_struct *, unsigned long addr, 62333 int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
62319 unsigned long pfn, unsigned long size, pgprot_t); 62334 unsigned long pfn, unsigned long size, pgprot_t);
62320@@ -1602,7 +1612,7 @@ extern int unpoison_memory(unsigned long pfn); 62335@@ -1603,7 +1613,7 @@ extern int unpoison_memory(unsigned long pfn);
62321 extern int sysctl_memory_failure_early_kill; 62336 extern int sysctl_memory_failure_early_kill;
62322 extern int sysctl_memory_failure_recovery; 62337 extern int sysctl_memory_failure_recovery;
62323 extern void shake_page(struct page *p, int access); 62338 extern void shake_page(struct page *p, int access);
@@ -62326,7 +62341,7 @@ index 74aa71b..4ae97ba 100644
62326 extern int soft_offline_page(struct page *page, int flags); 62341 extern int soft_offline_page(struct page *page, int flags);
62327 62342
62328 extern void dump_page(struct page *page); 62343 extern void dump_page(struct page *page);
62329@@ -1633,5 +1643,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } 62344@@ -1634,5 +1644,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; }
62330 static inline bool page_is_guard(struct page *page) { return false; } 62345 static inline bool page_is_guard(struct page *page) { return false; }
62331 #endif /* CONFIG_DEBUG_PAGEALLOC */ 62346 #endif /* CONFIG_DEBUG_PAGEALLOC */
62332 62347
@@ -62832,20 +62847,20 @@ index 85c5073..51fac8b 100644
62832 struct ctl_table_header; 62847 struct ctl_table_header;
62833 struct ctl_table; 62848 struct ctl_table;
62834diff --git a/include/linux/random.h b/include/linux/random.h 62849diff --git a/include/linux/random.h b/include/linux/random.h
62835index 8f74538..de61694 100644 62850index ac621ce..c1215f3 100644
62836--- a/include/linux/random.h 62851--- a/include/linux/random.h
62837+++ b/include/linux/random.h 62852+++ b/include/linux/random.h
62838@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigned int type, unsigned int code, 62853@@ -53,6 +53,10 @@ extern void add_input_randomness(unsigned int type, unsigned int code,
62839 unsigned int value); 62854 unsigned int value);
62840 extern void add_interrupt_randomness(int irq); 62855 extern void add_interrupt_randomness(int irq, int irq_flags);
62841 62856
62842+#ifdef CONFIG_PAX_LATENT_ENTROPY 62857+#ifdef CONFIG_PAX_LATENT_ENTROPY
62843+extern void transfer_latent_entropy(void); 62858+extern void transfer_latent_entropy(void);
62844+#endif 62859+#endif
62845+ 62860+
62846 extern void get_random_bytes(void *buf, int nbytes); 62861 extern void get_random_bytes(void *buf, int nbytes);
62862 extern void get_random_bytes_arch(void *buf, int nbytes);
62847 void generate_random_uuid(unsigned char uuid_out[16]); 62863 void generate_random_uuid(unsigned char uuid_out[16]);
62848
62849@@ -69,12 +73,17 @@ void srandom32(u32 seed); 62864@@ -69,12 +73,17 @@ void srandom32(u32 seed);
62850 62865
62851 u32 prandom32(struct rnd_state *); 62866 u32 prandom32(struct rnd_state *);
@@ -64424,10 +64439,10 @@ index 4119966..1a4671c 100644
64424 const struct firmware *dsp_microcode; 64439 const struct firmware *dsp_microcode;
64425 const struct firmware *controller_microcode; 64440 const struct firmware *controller_microcode;
64426diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h 64441diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
64427index aaccc5f..092d568 100644 64442index 3ad5b33..1fa86f4 100644
64428--- a/include/target/target_core_base.h 64443--- a/include/target/target_core_base.h
64429+++ b/include/target/target_core_base.h 64444+++ b/include/target/target_core_base.h
64430@@ -447,7 +447,7 @@ struct t10_reservation_ops { 64445@@ -448,7 +448,7 @@ struct t10_reservation_ops {
64431 int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32); 64446 int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32);
64432 int (*t10_pr_register)(struct se_cmd *); 64447 int (*t10_pr_register)(struct se_cmd *);
64433 int (*t10_pr_clear)(struct se_cmd *); 64448 int (*t10_pr_clear)(struct se_cmd *);
@@ -64436,7 +64451,7 @@ index aaccc5f..092d568 100644
64436 64451
64437 struct t10_reservation { 64452 struct t10_reservation {
64438 /* Reservation effects all target ports */ 64453 /* Reservation effects all target ports */
64439@@ -576,7 +576,7 @@ struct se_cmd { 64454@@ -577,7 +577,7 @@ struct se_cmd {
64440 atomic_t t_se_count; 64455 atomic_t t_se_count;
64441 atomic_t t_task_cdbs_left; 64456 atomic_t t_task_cdbs_left;
64442 atomic_t t_task_cdbs_ex_left; 64457 atomic_t t_task_cdbs_ex_left;
@@ -64445,7 +64460,7 @@ index aaccc5f..092d568 100644
64445 unsigned int transport_state; 64460 unsigned int transport_state;
64446 #define CMD_T_ABORTED (1 << 0) 64461 #define CMD_T_ABORTED (1 << 0)
64447 #define CMD_T_ACTIVE (1 << 1) 64462 #define CMD_T_ACTIVE (1 << 1)
64448@@ -802,7 +802,7 @@ struct se_device { 64463@@ -803,7 +803,7 @@ struct se_device {
64449 spinlock_t stats_lock; 64464 spinlock_t stats_lock;
64450 /* Active commands on this virtual SE device */ 64465 /* Active commands on this virtual SE device */
64451 atomic_t simple_cmds; 64466 atomic_t simple_cmds;
@@ -65058,7 +65073,7 @@ index 28bd64d..c66b72a 100644
65058 if (u->mq_bytes + mq_bytes < u->mq_bytes || 65073 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
65059 u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { 65074 u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
65060diff --git a/ipc/msg.c b/ipc/msg.c 65075diff --git a/ipc/msg.c b/ipc/msg.c
65061index 7385de2..a8180e08 100644 65076index 7385de2..a8180e0 100644
65062--- a/ipc/msg.c 65077--- a/ipc/msg.c
65063+++ b/ipc/msg.c 65078+++ b/ipc/msg.c
65064@@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) 65079@@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
@@ -65880,7 +65895,7 @@ index fd126f8..70b755b 100644
65880 65895
65881 /* 65896 /*
65882diff --git a/kernel/exit.c b/kernel/exit.c 65897diff --git a/kernel/exit.c b/kernel/exit.c
65883index 9d81012..d7911f1 100644 65898index bfbd856..0dd1897 100644
65884--- a/kernel/exit.c 65899--- a/kernel/exit.c
65885+++ b/kernel/exit.c 65900+++ b/kernel/exit.c
65886@@ -59,6 +59,10 @@ 65901@@ -59,6 +59,10 @@
@@ -66102,7 +66117,7 @@ index 8163333..aee97f3 100644
66102 if (mpnt->vm_flags & VM_DONTCOPY) { 66117 if (mpnt->vm_flags & VM_DONTCOPY) {
66103 long pages = vma_pages(mpnt); 66118 long pages = vma_pages(mpnt);
66104 mm->total_vm -= pages; 66119 mm->total_vm -= pages;
66105@@ -354,54 +422,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) 66120@@ -354,56 +422,13 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
66106 -pages); 66121 -pages);
66107 continue; 66122 continue;
66108 } 66123 }
@@ -66113,11 +66128,7 @@ index 8163333..aee97f3 100644
66113- if (security_vm_enough_memory_mm(oldmm, len)) /* sic */ 66128- if (security_vm_enough_memory_mm(oldmm, len)) /* sic */
66114- goto fail_nomem; 66129- goto fail_nomem;
66115- charge = len; 66130- charge = len;
66116+ tmp = dup_vma(mm, oldmm, mpnt); 66131- }
66117+ if (!tmp) {
66118+ retval = -ENOMEM;
66119+ goto out;
66120 }
66121- tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL); 66132- tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
66122- if (!tmp) 66133- if (!tmp)
66123- goto fail_nomem; 66134- goto fail_nomem;
@@ -66149,18 +66160,24 @@ index 8163333..aee97f3 100644
66149- vma_prio_tree_add(tmp, mpnt); 66160- vma_prio_tree_add(tmp, mpnt);
66150- flush_dcache_mmap_unlock(mapping); 66161- flush_dcache_mmap_unlock(mapping);
66151- mutex_unlock(&mapping->i_mmap_mutex); 66162- mutex_unlock(&mapping->i_mmap_mutex);
66152- } 66163+ tmp = dup_vma(mm, oldmm, mpnt);
66153- 66164+ if (!tmp) {
66154- /* 66165+ retval = -ENOMEM;
66166+ goto out;
66167 }
66168
66169 /*
66155- * Clear hugetlb-related page reserves for children. This only 66170- * Clear hugetlb-related page reserves for children. This only
66156- * affects MAP_PRIVATE mappings. Faults generated by the child 66171- * affects MAP_PRIVATE mappings. Faults generated by the child
66157- * are not guaranteed to succeed, even if read-only 66172- * are not guaranteed to succeed, even if read-only
66158- */ 66173- */
66159- if (is_vm_hugetlb_page(tmp)) 66174- if (is_vm_hugetlb_page(tmp))
66160- reset_vma_resv_huge_pages(tmp); 66175- reset_vma_resv_huge_pages(tmp);
66161 66176-
66162 /* 66177- /*
66163 * Link in the new vma and copy the page table entries. 66178 * Link in the new vma and copy the page table entries.
66179 */
66180 *pprev = tmp;
66164@@ -424,6 +449,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) 66181@@ -424,6 +449,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
66165 if (retval) 66182 if (retval)
66166 goto out; 66183 goto out;
@@ -66293,7 +66310,7 @@ index 8163333..aee97f3 100644
66293 else 66310 else
66294 new_fs = fs; 66311 new_fs = fs;
66295diff --git a/kernel/futex.c b/kernel/futex.c 66312diff --git a/kernel/futex.c b/kernel/futex.c
66296index e2b0fb9..db818ac 100644 66313index 3717e7b..473c750 100644
66297--- a/kernel/futex.c 66314--- a/kernel/futex.c
66298+++ b/kernel/futex.c 66315+++ b/kernel/futex.c
66299@@ -54,6 +54,7 @@ 66316@@ -54,6 +54,7 @@
@@ -66316,7 +66333,7 @@ index e2b0fb9..db818ac 100644
66316 /* 66333 /*
66317 * The futex address must be "naturally" aligned. 66334 * The futex address must be "naturally" aligned.
66318 */ 66335 */
66319@@ -2711,6 +2717,7 @@ static int __init futex_init(void) 66336@@ -2714,6 +2720,7 @@ static int __init futex_init(void)
66320 { 66337 {
66321 u32 curval; 66338 u32 curval;
66322 int i; 66339 int i;
@@ -66324,7 +66341,7 @@ index e2b0fb9..db818ac 100644
66324 66341
66325 /* 66342 /*
66326 * This will fail and we want it. Some arch implementations do 66343 * This will fail and we want it. Some arch implementations do
66327@@ -2722,8 +2729,11 @@ static int __init futex_init(void) 66344@@ -2725,8 +2732,11 @@ static int __init futex_init(void)
66328 * implementation, the non-functional ones will return 66345 * implementation, the non-functional ones will return
66329 * -ENOSYS. 66346 * -ENOSYS.
66330 */ 66347 */
@@ -67226,10 +67243,8 @@ index 78ac6ec..e87db0e 100644
67226+ kmemleak_not_leak(ptr); 67243+ kmemleak_not_leak(ptr);
67227+ if (!ptr && mod->init_size_rw) { 67244+ if (!ptr && mod->init_size_rw) {
67228+ module_free(mod, mod->module_core_rw); 67245+ module_free(mod, mod->module_core_rw);
67229 return -ENOMEM; 67246+ return -ENOMEM;
67230 } 67247+ }
67231- memset(ptr, 0, mod->init_size);
67232- mod->module_init = ptr;
67233+ memset(ptr, 0, mod->init_size_rw); 67248+ memset(ptr, 0, mod->init_size_rw);
67234+ mod->module_init_rw = ptr; 67249+ mod->module_init_rw = ptr;
67235+ 67250+
@@ -67252,8 +67267,10 @@ index 78ac6ec..e87db0e 100644
67252+ module_free_exec(mod, mod->module_core_rx); 67267+ module_free_exec(mod, mod->module_core_rx);
67253+ module_free(mod, mod->module_init_rw); 67268+ module_free(mod, mod->module_init_rw);
67254+ module_free(mod, mod->module_core_rw); 67269+ module_free(mod, mod->module_core_rw);
67255+ return -ENOMEM; 67270 return -ENOMEM;
67256+ } 67271 }
67272- memset(ptr, 0, mod->init_size);
67273- mod->module_init = ptr;
67257+ 67274+
67258+ pax_open_kernel(); 67275+ pax_open_kernel();
67259+ memset(ptr, 0, mod->init_size_rx); 67276+ memset(ptr, 0, mod->init_size_rx);
@@ -70337,10 +70354,10 @@ index f0e5306..cb9398e 100644
70337 /* if an huge pmd materialized from under us just retry later */ 70354 /* if an huge pmd materialized from under us just retry later */
70338 if (unlikely(pmd_trans_huge(*pmd))) 70355 if (unlikely(pmd_trans_huge(*pmd)))
70339diff --git a/mm/hugetlb.c b/mm/hugetlb.c 70356diff --git a/mm/hugetlb.c b/mm/hugetlb.c
70340index 263e177..3f36aec 100644 70357index a799df5..a987032 100644
70341--- a/mm/hugetlb.c 70358--- a/mm/hugetlb.c
70342+++ b/mm/hugetlb.c 70359+++ b/mm/hugetlb.c
70343@@ -2446,6 +2446,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, 70360@@ -2462,6 +2462,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
70344 return 1; 70361 return 1;
70345 } 70362 }
70346 70363
@@ -70368,7 +70385,7 @@ index 263e177..3f36aec 100644
70368 /* 70385 /*
70369 * Hugetlb_cow() should be called with page lock of the original hugepage held. 70386 * Hugetlb_cow() should be called with page lock of the original hugepage held.
70370 * Called with hugetlb_instantiation_mutex held and pte_page locked so we 70387 * Called with hugetlb_instantiation_mutex held and pte_page locked so we
70371@@ -2558,6 +2579,11 @@ retry_avoidcopy: 70388@@ -2574,6 +2595,11 @@ retry_avoidcopy:
70372 make_huge_pte(vma, new_page, 1)); 70389 make_huge_pte(vma, new_page, 1));
70373 page_remove_rmap(old_page); 70390 page_remove_rmap(old_page);
70374 hugepage_add_new_anon_rmap(new_page, vma, address); 70391 hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -70380,7 +70397,7 @@ index 263e177..3f36aec 100644
70380 /* Make the old page be freed below */ 70397 /* Make the old page be freed below */
70381 new_page = old_page; 70398 new_page = old_page;
70382 mmu_notifier_invalidate_range_end(mm, 70399 mmu_notifier_invalidate_range_end(mm,
70383@@ -2712,6 +2738,10 @@ retry: 70400@@ -2728,6 +2754,10 @@ retry:
70384 && (vma->vm_flags & VM_SHARED))); 70401 && (vma->vm_flags & VM_SHARED)));
70385 set_huge_pte_at(mm, address, ptep, new_pte); 70402 set_huge_pte_at(mm, address, ptep, new_pte);
70386 70403
@@ -70391,7 +70408,7 @@ index 263e177..3f36aec 100644
70391 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { 70408 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
70392 /* Optimization, do the COW without a second fault */ 70409 /* Optimization, do the COW without a second fault */
70393 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); 70410 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
70394@@ -2741,6 +2771,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, 70411@@ -2757,6 +2787,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
70395 static DEFINE_MUTEX(hugetlb_instantiation_mutex); 70412 static DEFINE_MUTEX(hugetlb_instantiation_mutex);
70396 struct hstate *h = hstate_vma(vma); 70413 struct hstate *h = hstate_vma(vma);
70397 70414
@@ -70402,7 +70419,7 @@ index 263e177..3f36aec 100644
70402 address &= huge_page_mask(h); 70419 address &= huge_page_mask(h);
70403 70420
70404 ptep = huge_pte_offset(mm, address); 70421 ptep = huge_pte_offset(mm, address);
70405@@ -2754,6 +2788,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, 70422@@ -2770,6 +2804,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
70406 VM_FAULT_SET_HINDEX(h - hstates); 70423 VM_FAULT_SET_HINDEX(h - hstates);
70407 } 70424 }
70408 70425
@@ -70557,7 +70574,7 @@ index 55f645c..cde5320 100644
70557 if (end == start) 70574 if (end == start)
70558 goto out; 70575 goto out;
70559diff --git a/mm/memory-failure.c b/mm/memory-failure.c 70576diff --git a/mm/memory-failure.c b/mm/memory-failure.c
70560index 97cc273..6ed703f 100644 70577index 274c3cc..4836a70 100644
70561--- a/mm/memory-failure.c 70578--- a/mm/memory-failure.c
70562+++ b/mm/memory-failure.c 70579+++ b/mm/memory-failure.c
70563@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; 70580@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -70578,7 +70595,7 @@ index 97cc273..6ed703f 100644
70578 #ifdef __ARCH_SI_TRAPNO 70595 #ifdef __ARCH_SI_TRAPNO
70579 si.si_trapno = trapno; 70596 si.si_trapno = trapno;
70580 #endif 70597 #endif
70581@@ -1036,7 +1036,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) 70598@@ -1038,7 +1038,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
70582 } 70599 }
70583 70600
70584 nr_pages = 1 << compound_trans_order(hpage); 70601 nr_pages = 1 << compound_trans_order(hpage);
@@ -70587,7 +70604,7 @@ index 97cc273..6ed703f 100644
70587 70604
70588 /* 70605 /*
70589 * We need/can do nothing about count=0 pages. 70606 * We need/can do nothing about count=0 pages.
70590@@ -1066,7 +1066,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) 70607@@ -1068,7 +1068,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
70591 if (!PageHWPoison(hpage) 70608 if (!PageHWPoison(hpage)
70592 || (hwpoison_filter(p) && TestClearPageHWPoison(p)) 70609 || (hwpoison_filter(p) && TestClearPageHWPoison(p))
70593 || (p != hpage && TestSetPageHWPoison(hpage))) { 70610 || (p != hpage && TestSetPageHWPoison(hpage))) {
@@ -70596,7 +70613,7 @@ index 97cc273..6ed703f 100644
70596 return 0; 70613 return 0;
70597 } 70614 }
70598 set_page_hwpoison_huge_page(hpage); 70615 set_page_hwpoison_huge_page(hpage);
70599@@ -1124,7 +1124,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) 70616@@ -1126,7 +1126,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
70600 } 70617 }
70601 if (hwpoison_filter(p)) { 70618 if (hwpoison_filter(p)) {
70602 if (TestClearPageHWPoison(p)) 70619 if (TestClearPageHWPoison(p))
@@ -70605,7 +70622,7 @@ index 97cc273..6ed703f 100644
70605 unlock_page(hpage); 70622 unlock_page(hpage);
70606 put_page(hpage); 70623 put_page(hpage);
70607 return 0; 70624 return 0;
70608@@ -1319,7 +1319,7 @@ int unpoison_memory(unsigned long pfn) 70625@@ -1321,7 +1321,7 @@ int unpoison_memory(unsigned long pfn)
70609 return 0; 70626 return 0;
70610 } 70627 }
70611 if (TestClearPageHWPoison(p)) 70628 if (TestClearPageHWPoison(p))
@@ -70614,7 +70631,7 @@ index 97cc273..6ed703f 100644
70614 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); 70631 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
70615 return 0; 70632 return 0;
70616 } 70633 }
70617@@ -1333,7 +1333,7 @@ int unpoison_memory(unsigned long pfn) 70634@@ -1335,7 +1335,7 @@ int unpoison_memory(unsigned long pfn)
70618 */ 70635 */
70619 if (TestClearPageHWPoison(page)) { 70636 if (TestClearPageHWPoison(page)) {
70620 pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); 70637 pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
@@ -70623,7 +70640,7 @@ index 97cc273..6ed703f 100644
70623 freeit = 1; 70640 freeit = 1;
70624 if (PageHuge(page)) 70641 if (PageHuge(page))
70625 clear_page_hwpoison_huge_page(page); 70642 clear_page_hwpoison_huge_page(page);
70626@@ -1446,7 +1446,7 @@ static int soft_offline_huge_page(struct page *page, int flags) 70643@@ -1448,7 +1448,7 @@ static int soft_offline_huge_page(struct page *page, int flags)
70627 } 70644 }
70628 done: 70645 done:
70629 if (!PageHWPoison(hpage)) 70646 if (!PageHWPoison(hpage))
@@ -70632,7 +70649,7 @@ index 97cc273..6ed703f 100644
70632 set_page_hwpoison_huge_page(hpage); 70649 set_page_hwpoison_huge_page(hpage);
70633 dequeue_hwpoisoned_huge_page(hpage); 70650 dequeue_hwpoisoned_huge_page(hpage);
70634 /* keep elevated page count for bad page */ 70651 /* keep elevated page count for bad page */
70635@@ -1577,7 +1577,7 @@ int soft_offline_page(struct page *page, int flags) 70652@@ -1579,7 +1579,7 @@ int soft_offline_page(struct page *page, int flags)
70636 return ret; 70653 return ret;
70637 70654
70638 done: 70655 done:
@@ -74555,10 +74572,10 @@ index 7db1b9b..e9f6b07 100644
74555 return 0; 74572 return 0;
74556 } 74573 }
74557diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c 74574diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
74558index efea35b..9c8dd0b 100644 74575index cf4a49c..de3b32e 100644
74559--- a/net/8021q/vlan.c 74576--- a/net/8021q/vlan.c
74560+++ b/net/8021q/vlan.c 74577+++ b/net/8021q/vlan.c
74561@@ -554,8 +554,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) 74578@@ -557,8 +557,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
74562 err = -EPERM; 74579 err = -EPERM;
74563 if (!capable(CAP_NET_ADMIN)) 74580 if (!capable(CAP_NET_ADMIN))
74564 break; 74581 break;
@@ -74847,21 +74864,6 @@ index 5fe2ff3..10968b5 100644
74847 BUGPRINT("c2u Didn't work\n"); 74864 BUGPRINT("c2u Didn't work\n");
74848 ret = -EFAULT; 74865 ret = -EFAULT;
74849 break; 74866 break;
74850diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c
74851index aa6f716..7bf4c21 100644
74852--- a/net/caif/caif_dev.c
74853+++ b/net/caif/caif_dev.c
74854@@ -562,9 +562,9 @@ static int __init caif_device_init(void)
74855
74856 static void __exit caif_device_exit(void)
74857 {
74858- unregister_pernet_subsys(&caif_net_ops);
74859 unregister_netdevice_notifier(&caif_device_notifier);
74860 dev_remove_pack(&caif_packet_type);
74861+ unregister_pernet_subsys(&caif_net_ops);
74862 }
74863
74864 module_init(caif_device_init);
74865diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c 74867diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c
74866index 5cf5222..6f704ad 100644 74868index 5cf5222..6f704ad 100644
74867--- a/net/caif/cfctrl.c 74869--- a/net/caif/cfctrl.c
@@ -74919,7 +74921,7 @@ index 3d79b12..8de85fa 100644
74919 74921
74920 74922
74921diff --git a/net/compat.c b/net/compat.c 74923diff --git a/net/compat.c b/net/compat.c
74922index e055708..3f80795 100644 74924index ae6d67a..95dbaf6 100644
74923--- a/net/compat.c 74925--- a/net/compat.c
74924+++ b/net/compat.c 74926+++ b/net/compat.c
74925@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) 74927@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
@@ -74984,8 +74986,8 @@ index e055708..3f80795 100644
74984- struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control; 74986- struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
74985+ struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control; 74987+ struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control;
74986 struct compat_cmsghdr cmhdr; 74988 struct compat_cmsghdr cmhdr;
74987 int cmlen; 74989 struct compat_timeval ctv;
74988 74990 struct compat_timespec cts[3];
74989@@ -275,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat 74991@@ -275,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
74990 74992
74991 void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) 74993 void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
@@ -75063,7 +75065,7 @@ index e4fbfd6..6a6ac94 100644
75063 75065
75064 return err; 75066 return err;
75065diff --git a/net/core/dev.c b/net/core/dev.c 75067diff --git a/net/core/dev.c b/net/core/dev.c
75066index 533c586..f78a55f 100644 75068index c299416..8733baa 100644
75067--- a/net/core/dev.c 75069--- a/net/core/dev.c
75068+++ b/net/core/dev.c 75070+++ b/net/core/dev.c
75069@@ -1136,9 +1136,13 @@ void dev_load(struct net *net, const char *name) 75071@@ -1136,9 +1136,13 @@ void dev_load(struct net *net, const char *name)
@@ -75080,7 +75082,7 @@ index 533c586..f78a55f 100644
75080 } 75082 }
75081 } 75083 }
75082 EXPORT_SYMBOL(dev_load); 75084 EXPORT_SYMBOL(dev_load);
75083@@ -1602,7 +1606,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) 75085@@ -1603,7 +1607,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
75084 { 75086 {
75085 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { 75087 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
75086 if (skb_copy_ubufs(skb, GFP_ATOMIC)) { 75088 if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
@@ -75089,7 +75091,7 @@ index 533c586..f78a55f 100644
75089 kfree_skb(skb); 75091 kfree_skb(skb);
75090 return NET_RX_DROP; 75092 return NET_RX_DROP;
75091 } 75093 }
75092@@ -1612,7 +1616,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) 75094@@ -1613,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
75093 nf_reset(skb); 75095 nf_reset(skb);
75094 75096
75095 if (unlikely(!is_skb_forwardable(dev, skb))) { 75097 if (unlikely(!is_skb_forwardable(dev, skb))) {
@@ -75098,7 +75100,7 @@ index 533c586..f78a55f 100644
75098 kfree_skb(skb); 75100 kfree_skb(skb);
75099 return NET_RX_DROP; 75101 return NET_RX_DROP;
75100 } 75102 }
75101@@ -2042,7 +2046,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) 75103@@ -2043,7 +2047,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
75102 75104
75103 struct dev_gso_cb { 75105 struct dev_gso_cb {
75104 void (*destructor)(struct sk_buff *skb); 75106 void (*destructor)(struct sk_buff *skb);
@@ -75107,7 +75109,7 @@ index 533c586..f78a55f 100644
75107 75109
75108 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) 75110 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
75109 75111
75110@@ -2877,7 +2881,7 @@ enqueue: 75112@@ -2878,7 +2882,7 @@ enqueue:
75111 75113
75112 local_irq_restore(flags); 75114 local_irq_restore(flags);
75113 75115
@@ -75116,7 +75118,7 @@ index 533c586..f78a55f 100644
75116 kfree_skb(skb); 75118 kfree_skb(skb);
75117 return NET_RX_DROP; 75119 return NET_RX_DROP;
75118 } 75120 }
75119@@ -2949,7 +2953,7 @@ int netif_rx_ni(struct sk_buff *skb) 75121@@ -2950,7 +2954,7 @@ int netif_rx_ni(struct sk_buff *skb)
75120 } 75122 }
75121 EXPORT_SYMBOL(netif_rx_ni); 75123 EXPORT_SYMBOL(netif_rx_ni);
75122 75124
@@ -75125,7 +75127,7 @@ index 533c586..f78a55f 100644
75125 { 75127 {
75126 struct softnet_data *sd = &__get_cpu_var(softnet_data); 75128 struct softnet_data *sd = &__get_cpu_var(softnet_data);
75127 75129
75128@@ -3237,7 +3241,7 @@ ncls: 75130@@ -3238,7 +3242,7 @@ ncls:
75129 if (pt_prev) { 75131 if (pt_prev) {
75130 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); 75132 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
75131 } else { 75133 } else {
@@ -75134,7 +75136,7 @@ index 533c586..f78a55f 100644
75134 kfree_skb(skb); 75136 kfree_skb(skb);
75135 /* Jamal, now you will not able to escape explaining 75137 /* Jamal, now you will not able to escape explaining
75136 * me how you were going to use this. :-) 75138 * me how you were going to use this. :-)
75137@@ -3797,7 +3801,7 @@ void netif_napi_del(struct napi_struct *napi) 75139@@ -3798,7 +3802,7 @@ void netif_napi_del(struct napi_struct *napi)
75138 } 75140 }
75139 EXPORT_SYMBOL(netif_napi_del); 75141 EXPORT_SYMBOL(netif_napi_del);
75140 75142
@@ -75143,7 +75145,7 @@ index 533c586..f78a55f 100644
75143 { 75145 {
75144 struct softnet_data *sd = &__get_cpu_var(softnet_data); 75146 struct softnet_data *sd = &__get_cpu_var(softnet_data);
75145 unsigned long time_limit = jiffies + 2; 75147 unsigned long time_limit = jiffies + 2;
75146@@ -4267,8 +4271,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) 75148@@ -4268,8 +4272,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
75147 else 75149 else
75148 seq_printf(seq, "%04x", ntohs(pt->type)); 75150 seq_printf(seq, "%04x", ntohs(pt->type));
75149 75151
@@ -75157,7 +75159,7 @@ index 533c586..f78a55f 100644
75157 } 75159 }
75158 75160
75159 return 0; 75161 return 0;
75160@@ -5818,7 +5827,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, 75162@@ -5821,7 +5830,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
75161 } else { 75163 } else {
75162 netdev_stats_to_stats64(storage, &dev->stats); 75164 netdev_stats_to_stats64(storage, &dev->stats);
75163 } 75165 }
@@ -75229,7 +75231,7 @@ index 7e7aeb0..2a998cb 100644
75229 75231
75230 m->msg_iov = iov; 75232 m->msg_iov = iov;
75231diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c 75233diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
75232index 90430b7..0032ec0 100644 75234index 900fc61..90d0583 100644
75233--- a/net/core/rtnetlink.c 75235--- a/net/core/rtnetlink.c
75234+++ b/net/core/rtnetlink.c 75236+++ b/net/core/rtnetlink.c
75235@@ -56,7 +56,7 @@ struct rtnl_link { 75237@@ -56,7 +56,7 @@ struct rtnl_link {
@@ -75433,23 +75435,6 @@ index 39a2d29..f39c0fe 100644
75433 ---help--- 75435 ---help---
75434 Econet is a fairly old and slow networking protocol mainly used by 75436 Econet is a fairly old and slow networking protocol mainly used by
75435 Acorn computers to access file and print servers. It uses native 75437 Acorn computers to access file and print servers. It uses native
75436diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
75437index c48adc5..667c1d4 100644
75438--- a/net/ipv4/cipso_ipv4.c
75439+++ b/net/ipv4/cipso_ipv4.c
75440@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option)
75441 case CIPSO_V4_TAG_LOCAL:
75442 /* This is a non-standard tag that we only allow for
75443 * local connections, so if the incoming interface is
75444- * not the loopback device drop the packet. */
75445- if (!(skb->dev->flags & IFF_LOOPBACK)) {
75446+ * not the loopback device drop the packet. Further,
75447+ * there is no legitimate reason for setting this from
75448+ * userspace so reject it if skb is NULL. */
75449+ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) {
75450 err_offset = opt_iter;
75451 goto validate_return_locked;
75452 }
75453diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c 75438diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
75454index cbe3a68..a879b75 100644 75439index cbe3a68..a879b75 100644
75455--- a/net/ipv4/fib_frontend.c 75440--- a/net/ipv4/fib_frontend.c
@@ -77553,36 +77538,6 @@ index 7635107..4670276 100644
77553 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); 77538 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
77554 77539
77555 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); 77540 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
77556diff --git a/net/sctp/input.c b/net/sctp/input.c
77557index 80f71af..be772c0 100644
77558--- a/net/sctp/input.c
77559+++ b/net/sctp/input.c
77560@@ -736,15 +736,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep)
77561
77562 epb = &ep->base;
77563
77564- if (hlist_unhashed(&epb->node))
77565- return;
77566-
77567 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port);
77568
77569 head = &sctp_ep_hashtable[epb->hashent];
77570
77571 sctp_write_lock(&head->lock);
77572- __hlist_del(&epb->node);
77573+ hlist_del_init(&epb->node);
77574 sctp_write_unlock(&head->lock);
77575 }
77576
77577@@ -825,7 +822,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc)
77578 head = &sctp_assoc_hashtable[epb->hashent];
77579
77580 sctp_write_lock(&head->lock);
77581- __hlist_del(&epb->node);
77582+ hlist_del_init(&epb->node);
77583 sctp_write_unlock(&head->lock);
77584 }
77585
77586diff --git a/net/sctp/proc.c b/net/sctp/proc.c 77541diff --git a/net/sctp/proc.c b/net/sctp/proc.c
77587index 1e2eee8..ce3967e 100644 77542index 1e2eee8..ce3967e 100644
77588--- a/net/sctp/proc.c 77543--- a/net/sctp/proc.c
@@ -77598,38 +77553,10 @@ index 1e2eee8..ce3967e 100644
77598 assoc->assoc_id, 77553 assoc->assoc_id,
77599 assoc->sndbuf_used, 77554 assoc->sndbuf_used,
77600diff --git a/net/sctp/socket.c b/net/sctp/socket.c 77555diff --git a/net/sctp/socket.c b/net/sctp/socket.c
77601index 92ba71d..9352c05 100644 77556index dba20d6..9352c05 100644
77602--- a/net/sctp/socket.c 77557--- a/net/sctp/socket.c
77603+++ b/net/sctp/socket.c 77558+++ b/net/sctp/socket.c
77604@@ -1231,8 +1231,14 @@ out_free: 77559@@ -4577,7 +4577,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
77605 SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p"
77606 " kaddrs: %p err: %d\n",
77607 asoc, kaddrs, err);
77608- if (asoc)
77609+ if (asoc) {
77610+ /* sctp_primitive_ASSOCIATE may have added this association
77611+ * To the hash table, try to unhash it, just in case, its a noop
77612+ * if it wasn't hashed so we're safe
77613+ */
77614+ sctp_unhash_established(asoc);
77615 sctp_association_free(asoc);
77616+ }
77617 return err;
77618 }
77619
77620@@ -1942,8 +1948,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
77621 goto out_unlock;
77622
77623 out_free:
77624- if (new_asoc)
77625+ if (new_asoc) {
77626+ sctp_unhash_established(asoc);
77627 sctp_association_free(asoc);
77628+ }
77629 out_unlock:
77630 sctp_release_sock(sk);
77631
77632@@ -4569,7 +4577,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
77633 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; 77560 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
77634 if (space_left < addrlen) 77561 if (space_left < addrlen)
77635 return -ENOMEM; 77562 return -ENOMEM;
@@ -77639,7 +77566,7 @@ index 92ba71d..9352c05 100644
77639 to += addrlen; 77566 to += addrlen;
77640 cnt++; 77567 cnt++;
77641diff --git a/net/socket.c b/net/socket.c 77568diff --git a/net/socket.c b/net/socket.c
77642index 851edcd..b786851 100644 77569index 573b261..d7eae32 100644
77643--- a/net/socket.c 77570--- a/net/socket.c
77644+++ b/net/socket.c 77571+++ b/net/socket.c
77645@@ -88,6 +88,7 @@ 77572@@ -88,6 +88,7 @@
@@ -77668,7 +77595,7 @@ index 851edcd..b786851 100644
77668 77595
77669 static struct file_system_type sock_fs_type = { 77596 static struct file_system_type sock_fs_type = {
77670 .name = "sockfs", 77597 .name = "sockfs",
77671@@ -1207,6 +1210,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, 77598@@ -1210,6 +1213,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
77672 return -EAFNOSUPPORT; 77599 return -EAFNOSUPPORT;
77673 if (type < 0 || type >= SOCK_MAX) 77600 if (type < 0 || type >= SOCK_MAX)
77674 return -EINVAL; 77601 return -EINVAL;
@@ -77677,7 +77604,7 @@ index 851edcd..b786851 100644
77677 77604
77678 /* Compatibility. 77605 /* Compatibility.
77679 77606
77680@@ -1339,6 +1344,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) 77607@@ -1342,6 +1347,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
77681 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) 77608 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
77682 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; 77609 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
77683 77610
@@ -77694,7 +77621,7 @@ index 851edcd..b786851 100644
77694 retval = sock_create(family, type, protocol, &sock); 77621 retval = sock_create(family, type, protocol, &sock);
77695 if (retval < 0) 77622 if (retval < 0)
77696 goto out; 77623 goto out;
77697@@ -1451,6 +1466,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) 77624@@ -1454,6 +1469,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
77698 if (sock) { 77625 if (sock) {
77699 err = move_addr_to_kernel(umyaddr, addrlen, &address); 77626 err = move_addr_to_kernel(umyaddr, addrlen, &address);
77700 if (err >= 0) { 77627 if (err >= 0) {
@@ -77709,7 +77636,7 @@ index 851edcd..b786851 100644
77709 err = security_socket_bind(sock, 77636 err = security_socket_bind(sock,
77710 (struct sockaddr *)&address, 77637 (struct sockaddr *)&address,
77711 addrlen); 77638 addrlen);
77712@@ -1459,6 +1482,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) 77639@@ -1462,6 +1485,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
77713 (struct sockaddr *) 77640 (struct sockaddr *)
77714 &address, addrlen); 77641 &address, addrlen);
77715 } 77642 }
@@ -77717,7 +77644,7 @@ index 851edcd..b786851 100644
77717 fput_light(sock->file, fput_needed); 77644 fput_light(sock->file, fput_needed);
77718 } 77645 }
77719 return err; 77646 return err;
77720@@ -1482,10 +1506,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) 77647@@ -1485,10 +1509,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
77721 if ((unsigned)backlog > somaxconn) 77648 if ((unsigned)backlog > somaxconn)
77722 backlog = somaxconn; 77649 backlog = somaxconn;
77723 77650
@@ -77738,7 +77665,7 @@ index 851edcd..b786851 100644
77738 fput_light(sock->file, fput_needed); 77665 fput_light(sock->file, fput_needed);
77739 } 77666 }
77740 return err; 77667 return err;
77741@@ -1529,6 +1563,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, 77668@@ -1532,6 +1566,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
77742 newsock->type = sock->type; 77669 newsock->type = sock->type;
77743 newsock->ops = sock->ops; 77670 newsock->ops = sock->ops;
77744 77671
@@ -77757,7 +77684,7 @@ index 851edcd..b786851 100644
77757 /* 77684 /*
77758 * We don't need try_module_get here, as the listening socket (sock) 77685 * We don't need try_module_get here, as the listening socket (sock)
77759 * has the protocol module (sock->ops->owner) held. 77686 * has the protocol module (sock->ops->owner) held.
77760@@ -1567,6 +1613,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, 77687@@ -1570,6 +1616,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
77761 fd_install(newfd, newfile); 77688 fd_install(newfd, newfile);
77762 err = newfd; 77689 err = newfd;
77763 77690
@@ -77766,7 +77693,7 @@ index 851edcd..b786851 100644
77766 out_put: 77693 out_put:
77767 fput_light(sock->file, fput_needed); 77694 fput_light(sock->file, fput_needed);
77768 out: 77695 out:
77769@@ -1599,6 +1647,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, 77696@@ -1602,6 +1650,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
77770 int, addrlen) 77697 int, addrlen)
77771 { 77698 {
77772 struct socket *sock; 77699 struct socket *sock;
@@ -77774,7 +77701,7 @@ index 851edcd..b786851 100644
77774 struct sockaddr_storage address; 77701 struct sockaddr_storage address;
77775 int err, fput_needed; 77702 int err, fput_needed;
77776 77703
77777@@ -1609,6 +1658,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, 77704@@ -1612,6 +1661,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
77778 if (err < 0) 77705 if (err < 0)
77779 goto out_put; 77706 goto out_put;
77780 77707
@@ -77792,7 +77719,7 @@ index 851edcd..b786851 100644
77792 err = 77719 err =
77793 security_socket_connect(sock, (struct sockaddr *)&address, addrlen); 77720 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
77794 if (err) 77721 if (err)
77795@@ -1966,7 +2026,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, 77722@@ -1969,7 +2029,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
77796 * checking falls down on this. 77723 * checking falls down on this.
77797 */ 77724 */
77798 if (copy_from_user(ctl_buf, 77725 if (copy_from_user(ctl_buf,
@@ -77801,7 +77728,7 @@ index 851edcd..b786851 100644
77801 ctl_len)) 77728 ctl_len))
77802 goto out_freectl; 77729 goto out_freectl;
77803 msg_sys->msg_control = ctl_buf; 77730 msg_sys->msg_control = ctl_buf;
77804@@ -2136,7 +2196,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, 77731@@ -2139,7 +2199,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
77805 * kernel msghdr to use the kernel address space) 77732 * kernel msghdr to use the kernel address space)
77806 */ 77733 */
77807 77734
@@ -77810,7 +77737,7 @@ index 851edcd..b786851 100644
77810 uaddr_len = COMPAT_NAMELEN(msg); 77737 uaddr_len = COMPAT_NAMELEN(msg);
77811 if (MSG_CMSG_COMPAT & flags) { 77738 if (MSG_CMSG_COMPAT & flags) {
77812 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 77739 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
77813@@ -2758,7 +2818,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) 77740@@ -2761,7 +2821,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
77814 } 77741 }
77815 77742
77816 ifr = compat_alloc_user_space(buf_size); 77743 ifr = compat_alloc_user_space(buf_size);
@@ -77819,7 +77746,7 @@ index 851edcd..b786851 100644
77819 77746
77820 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) 77747 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
77821 return -EFAULT; 77748 return -EFAULT;
77822@@ -2782,12 +2842,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) 77749@@ -2785,12 +2845,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
77823 offsetof(struct ethtool_rxnfc, fs.ring_cookie)); 77750 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
77824 77751
77825 if (copy_in_user(rxnfc, compat_rxnfc, 77752 if (copy_in_user(rxnfc, compat_rxnfc,
@@ -77836,7 +77763,7 @@ index 851edcd..b786851 100644
77836 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, 77763 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
77837 sizeof(rxnfc->rule_cnt))) 77764 sizeof(rxnfc->rule_cnt)))
77838 return -EFAULT; 77765 return -EFAULT;
77839@@ -2799,12 +2859,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) 77766@@ -2802,12 +2862,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
77840 77767
77841 if (convert_out) { 77768 if (convert_out) {
77842 if (copy_in_user(compat_rxnfc, rxnfc, 77769 if (copy_in_user(compat_rxnfc, rxnfc,
@@ -77853,7 +77780,7 @@ index 851edcd..b786851 100644
77853 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, 77780 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
77854 sizeof(rxnfc->rule_cnt))) 77781 sizeof(rxnfc->rule_cnt)))
77855 return -EFAULT; 77782 return -EFAULT;
77856@@ -2874,7 +2934,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, 77783@@ -2877,7 +2937,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
77857 old_fs = get_fs(); 77784 old_fs = get_fs();
77858 set_fs(KERNEL_DS); 77785 set_fs(KERNEL_DS);
77859 err = dev_ioctl(net, cmd, 77786 err = dev_ioctl(net, cmd,
@@ -77862,7 +77789,7 @@ index 851edcd..b786851 100644
77862 set_fs(old_fs); 77789 set_fs(old_fs);
77863 77790
77864 return err; 77791 return err;
77865@@ -2983,7 +3043,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, 77792@@ -2986,7 +3046,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
77866 77793
77867 old_fs = get_fs(); 77794 old_fs = get_fs();
77868 set_fs(KERNEL_DS); 77795 set_fs(KERNEL_DS);
@@ -77871,7 +77798,7 @@ index 851edcd..b786851 100644
77871 set_fs(old_fs); 77798 set_fs(old_fs);
77872 77799
77873 if (cmd == SIOCGIFMAP && !err) { 77800 if (cmd == SIOCGIFMAP && !err) {
77874@@ -3088,7 +3148,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, 77801@@ -3091,7 +3151,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
77875 ret |= __get_user(rtdev, &(ur4->rt_dev)); 77802 ret |= __get_user(rtdev, &(ur4->rt_dev));
77876 if (rtdev) { 77803 if (rtdev) {
77877 ret |= copy_from_user(devname, compat_ptr(rtdev), 15); 77804 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -77880,7 +77807,7 @@ index 851edcd..b786851 100644
77880 devname[15] = 0; 77807 devname[15] = 0;
77881 } else 77808 } else
77882 r4.rt_dev = NULL; 77809 r4.rt_dev = NULL;
77883@@ -3314,8 +3374,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, 77810@@ -3317,8 +3377,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
77884 int __user *uoptlen; 77811 int __user *uoptlen;
77885 int err; 77812 int err;
77886 77813
@@ -77891,7 +77818,7 @@ index 851edcd..b786851 100644
77891 77818
77892 set_fs(KERNEL_DS); 77819 set_fs(KERNEL_DS);
77893 if (level == SOL_SOCKET) 77820 if (level == SOL_SOCKET)
77894@@ -3335,7 +3395,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, 77821@@ -3338,7 +3398,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
77895 char __user *uoptval; 77822 char __user *uoptval;
77896 int err; 77823 int err;
77897 77824
@@ -77901,7 +77828,7 @@ index 851edcd..b786851 100644
77901 set_fs(KERNEL_DS); 77828 set_fs(KERNEL_DS);
77902 if (level == SOL_SOCKET) 77829 if (level == SOL_SOCKET)
77903diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c 77830diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
77904index 994cfea..5343b6b 100644 77831index eda32ae..1c9fa7c 100644
77905--- a/net/sunrpc/sched.c 77832--- a/net/sunrpc/sched.c
77906+++ b/net/sunrpc/sched.c 77833+++ b/net/sunrpc/sched.c
77907@@ -240,9 +240,9 @@ static int rpc_wait_bit_killable(void *word) 77834@@ -240,9 +240,9 @@ static int rpc_wait_bit_killable(void *word)
@@ -78241,7 +78168,7 @@ index d510353..26c8a32 100644
78241 dput(path.dentry); 78168 dput(path.dentry);
78242 path.dentry = dentry; 78169 path.dentry = dentry;
78243diff --git a/net/wireless/core.h b/net/wireless/core.h 78170diff --git a/net/wireless/core.h b/net/wireless/core.h
78244index 3ac2dd0..fbe533e 100644 78171index ce5597c..46d01db 100644
78245--- a/net/wireless/core.h 78172--- a/net/wireless/core.h
78246+++ b/net/wireless/core.h 78173+++ b/net/wireless/core.h
78247@@ -27,7 +27,7 @@ struct cfg80211_registered_device { 78174@@ -27,7 +27,7 @@ struct cfg80211_registered_device {
@@ -79854,7 +79781,7 @@ index bf619ff..8179030 100644
79854 79781
79855 /* Save user chosen LSM */ 79782 /* Save user chosen LSM */
79856diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c 79783diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
79857index d85b793..a164832 100644 79784index 5626222..891e275 100644
79858--- a/security/selinux/hooks.c 79785--- a/security/selinux/hooks.c
79859+++ b/security/selinux/hooks.c 79786+++ b/security/selinux/hooks.c
79860@@ -95,8 +95,6 @@ 79787@@ -95,8 +95,6 @@
diff --git a/main/linux-grsec/werror.patch b/main/linux-grsec/werror.patch
deleted file mode 100644
index 86dd652ebf..0000000000
--- a/main/linux-grsec/werror.patch
+++ /dev/null
@@ -1,11 +0,0 @@
1--- ./drivers/scsi/lpfc/Makefile.orig
2+++ ./drivers/scsi/lpfc/Makefile
3@@ -22,7 +22,7 @@
4 ccflags-$(GCOV) := -fprofile-arcs -ftest-coverage
5 ccflags-$(GCOV) += -O0
6
7-ccflags-y += -Werror
8+#ccflags-y += -Werror
9
10 obj-$(CONFIG_SCSI_LPFC) := lpfc.o
11
© 2015 Mike Crute