aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-04-15 06:39:01 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-04-15 06:51:10 +0000
commit73e47de159b631f9e3a0553a7a12523d4a40e7a2 (patch)
tree50d6a3ccf7002d6319d044be286ad1b6805c3499
parent589cf8744233946b999555914e2fe738d0952959 (diff)
downloadalpine_aports-73e47de159b631f9e3a0553a7a12523d4a40e7a2.tar.bz2
alpine_aports-73e47de159b631f9e3a0553a7a12523d4a40e7a2.tar.xz
alpine_aports-73e47de159b631f9e3a0553a7a12523d4a40e7a2.zip
main/linux-grsec: upgrade to 3.13.10
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD20
-rw-r--r--main/linux-grsec/ccache.patch10
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.13.10-201404141717.patch (renamed from main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch)1443
3 files changed, 889 insertions, 584 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 669a058fe0..daf9543aa5 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
2 2
3_flavor=grsec 3_flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=3.13.8 5pkgver=3.13.10
6case $pkgver in 6case $pkgver in
7*.*.*) _kernver=${pkgver%.*};; 7*.*.*) _kernver=${pkgver%.*};;
8*.*) _kernver=${pkgver};; 8*.*) _kernver=${pkgver};;
@@ -17,8 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
17install= 17install=
18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz 19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
20 grsecurity-3.0-3.13.8-201404011912.patch 20 grsecurity-3.0-3.13.10-201404141717.patch
21 ccache.patch
22 21
23 fix-memory-map-for-PIE-applications.patch 22 fix-memory-map-for-PIE-applications.patch
24 platform-introduce-OF-style-modalias-support-for-pla.patch 23 platform-introduce-OF-style-modalias-support-for-pla.patch
@@ -167,9 +166,8 @@ dev() {
167} 166}
168 167
169md5sums="0ecbaf65c00374eb4a826c2f9f37606f linux-3.13.tar.xz 168md5sums="0ecbaf65c00374eb4a826c2f9f37606f linux-3.13.tar.xz
17072b911bfc50de88c67bd0e8732978deb patch-3.13.8.xz 169dcf42b5013a7831d02168fd3eda5cce2 patch-3.13.10.xz
1718d342a525405ccd167eb95a20c0e1062 grsecurity-3.0-3.13.8-201404011912.patch 170da1f46883adb65bc5282565ed6ade3ef grsecurity-3.0-3.13.10-201404141717.patch
1722a1bac5f61da1962dfa90dfb16895eef ccache.patch
173c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 171c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
174f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-for-pla.patch 172f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-for-pla.patch
1751a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 1731a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
@@ -177,9 +175,8 @@ f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-f
1773949ef829d102d36255ff92ff76936d2 kernelconfig.x86_64 1753949ef829d102d36255ff92ff76936d2 kernelconfig.x86_64
1786ea461c60077b09aa75040f7672c7250 kernelconfig.armhf" 1766ea461c60077b09aa75040f7672c7250 kernelconfig.armhf"
179sha256sums="4d5e5eee5f276424c32e9591f1b6c971baedc7b49f28ce03d1f48b1e5d6226a2 linux-3.13.tar.xz 177sha256sums="4d5e5eee5f276424c32e9591f1b6c971baedc7b49f28ce03d1f48b1e5d6226a2 linux-3.13.tar.xz
180073a392f4d156955df26a09c3236faf375da0afc49077e6b805f5788b8fffb10 patch-3.13.8.xz 178c323d141f02b349ac5b37c744e0689c98dc698be81c7c974b182983b8073b03d patch-3.13.10.xz
1819121632468387fa458326d1e05a62f855ba8c8ab49998500f56dca7768208bbb grsecurity-3.0-3.13.8-201404011912.patch 179dd622dc23662c40d747efb1a7fb5ac8975f5e6d133f4c04af71aa87f5e722aef grsecurity-3.0-3.13.10-201404141717.patch
182b6abce04f005314f768707a54f85d150cfde1a738f20c569ffa0d11770ff70dc ccache.patch
183500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 180500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
184e90bb651da4ff16df25565e44ca70e26367bbcbf9d27962c796c6afd5eecea96 platform-introduce-OF-style-modalias-support-for-pla.patch 181e90bb651da4ff16df25565e44ca70e26367bbcbf9d27962c796c6afd5eecea96 platform-introduce-OF-style-modalias-support-for-pla.patch
18521179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 18221179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
@@ -187,9 +184,8 @@ f8297eb16cfbe48d5202072e21fa16ebac95de26c8cfa8ec5a66610504af2f81 kernelconfig.x
187fd55e28d9baf330d6593453da592bcc03779694e7c3fb496fec47cdad1d7bcaa kernelconfig.x86_64 184fd55e28d9baf330d6593453da592bcc03779694e7c3fb496fec47cdad1d7bcaa kernelconfig.x86_64
188c1e583baa6694643f85b8df0924cc7c4fac0f6eef963969615e6e642db0f969a kernelconfig.armhf" 185c1e583baa6694643f85b8df0924cc7c4fac0f6eef963969615e6e642db0f969a kernelconfig.armhf"
189sha512sums="1ba223bb4b885d691a67196d86a8aaf7b4a1c351bf2a762f50f1b0c32da00dd0c28895872a66b49e8d244498d996876609268e64861d28ac4048886ef9f79b87 linux-3.13.tar.xz 186sha512sums="1ba223bb4b885d691a67196d86a8aaf7b4a1c351bf2a762f50f1b0c32da00dd0c28895872a66b49e8d244498d996876609268e64861d28ac4048886ef9f79b87 linux-3.13.tar.xz
190d61fc7e95e461b8f0f09ac6e3456eea160f64555bd0c78449d98a6a06e14929915dd6f739f7c7ee34512fbf9eb44ed17e2d262830f86194cb66a4760d019f8f0 patch-3.13.8.xz 18774d45d35db23915c3a0b3cb73a42e002e84d8c23f1415114004d5315ab8f25d9432882a5b4c2e59ed8b99035045cae9ad972e328d0b46495ebd7c333c831d9cc patch-3.13.10.xz
1910dcb393b94a36fea3698856031e165bc665b5a5f4a080dadcf6f4928e4776780fb16b23c5de8a0446c9a3766afa42f36df67f000b0b020e13c025b474fb68531 grsecurity-3.0-3.13.8-201404011912.patch 188f79fcce8adf4720fde752cbfceddf8e7cd8a00e985b94d99d168a1dd3788a349a3948c123e28feb51bc7a876d9f038475c6f00d7c37996b373e19ce7a21e8ce4 grsecurity-3.0-3.13.10-201404141717.patch
192f6e36cc94cb0c06ba181362f6de6c9fd431e571fbb35acad78d8790ae107531add54f6cb87d78180dd604076d2326885d16127fc4176ed07277ea89c151ce4e0 ccache.patch
1934665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 1894665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
1942ef795ebd70939be346cba824e6af2ca3d8220cdbc54b9fe3a6861cf44bc0df954ca91b7f6e68dcecebdb8a6a1651c12869588cea8c191f9054fe7a8db02f2a4 platform-introduce-OF-style-modalias-support-for-pla.patch 1902ef795ebd70939be346cba824e6af2ca3d8220cdbc54b9fe3a6861cf44bc0df954ca91b7f6e68dcecebdb8a6a1651c12869588cea8c191f9054fe7a8db02f2a4 platform-introduce-OF-style-modalias-support-for-pla.patch
19587d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 19187d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
diff --git a/main/linux-grsec/ccache.patch b/main/linux-grsec/ccache.patch
deleted file mode 100644
index b6c7090b74..0000000000
--- a/main/linux-grsec/ccache.patch
+++ /dev/null
@@ -1,10 +0,0 @@
1--- ./scripts/gcc-plugin.sh.orig 2014-04-02 11:25:17.447803082 +0000
2+++ ./scripts/gcc-plugin.sh 2014-04-02 11:25:35.211351328 +0000
3@@ -1,6 +1,6 @@
4 #!/bin/bash
5 srctree=$(dirname "$0")
6-gccplugins_dir=$("$3" -print-file-name=plugin)
7+gccplugins_dir=$($3 -print-file-name=plugin)
8 plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
9 #include "gcc-common.h"
10 #if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
diff --git a/main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch b/main/linux-grsec/grsecurity-3.0-3.13.10-201404141717.patch
index 9c4aaacd2f..10e9b5bfb5 100644
--- a/main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.13.10-201404141717.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
287 287
288 pcd. [PARIDE] 288 pcd. [PARIDE]
289diff --git a/Makefile b/Makefile 289diff --git a/Makefile b/Makefile
290index 4cab13b..b7d5e41 100644 290index 982ade0..f9cdd67 100644
291--- a/Makefile 291--- a/Makefile
292+++ b/Makefile 292+++ b/Makefile
293@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ 293@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -12500,9 +12500,18 @@ index c337422..2c5be72 100644
12500 .quad 0x0000000000000000 /* TS continued */ 12500 .quad 0x0000000000000000 /* TS continued */
12501 gdt_end: 12501 gdt_end:
12502diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c 12502diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
12503index 434f077..b6b4b38 100644 12503index 434f077..f20f3ff 100644
12504--- a/arch/x86/boot/compressed/misc.c 12504--- a/arch/x86/boot/compressed/misc.c
12505+++ b/arch/x86/boot/compressed/misc.c 12505+++ b/arch/x86/boot/compressed/misc.c
12506@@ -224,7 +224,7 @@ void __putstr(const char *s)
12507
12508 void *memset(void *s, int c, size_t n)
12509 {
12510- int i;
12511+ size_t i;
12512 char *ss = s;
12513
12514 for (i = 0; i < n; i++)
12506@@ -283,7 +283,7 @@ static void handle_relocations(void *output, unsigned long output_len) 12515@@ -283,7 +283,7 @@ static void handle_relocations(void *output, unsigned long output_len)
12507 * Calculate the delta between where vmlinux was linked to load 12516 * Calculate the delta between where vmlinux was linked to load
12508 * and where it was actually loaded. 12517 * and where it was actually loaded.
@@ -12512,7 +12521,16 @@ index 434f077..b6b4b38 100644
12512 if (!delta) { 12521 if (!delta) {
12513 debug_putstr("No relocation needed... "); 12522 debug_putstr("No relocation needed... ");
12514 return; 12523 return;
12515@@ -380,7 +380,7 @@ static void parse_elf(void *output) 12524@@ -353,7 +353,7 @@ static void parse_elf(void *output)
12525 Elf32_Ehdr ehdr;
12526 Elf32_Phdr *phdrs, *phdr;
12527 #endif
12528- void *dest;
12529+ void *dest, *prev;
12530 int i;
12531
12532 memcpy(&ehdr, output, sizeof(ehdr));
12533@@ -380,13 +380,16 @@ static void parse_elf(void *output)
12516 case PT_LOAD: 12534 case PT_LOAD:
12517 #ifdef CONFIG_RELOCATABLE 12535 #ifdef CONFIG_RELOCATABLE
12518 dest = output; 12536 dest = output;
@@ -12521,7 +12539,16 @@ index 434f077..b6b4b38 100644
12521 #else 12539 #else
12522 dest = (void *)(phdr->p_paddr); 12540 dest = (void *)(phdr->p_paddr);
12523 #endif 12541 #endif
12524@@ -432,7 +432,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, 12542 memcpy(dest,
12543 output + phdr->p_offset,
12544 phdr->p_filesz);
12545+ if (i)
12546+ memset(prev, 0xff, dest - prev);
12547+ prev = dest + phdr->p_filesz;
12548 break;
12549 default: /* Ignore other PT_* */ break;
12550 }
12551@@ -432,7 +435,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
12525 error("Destination address too large"); 12552 error("Destination address too large");
12526 #endif 12553 #endif
12527 #ifndef CONFIG_RELOCATABLE 12554 #ifndef CONFIG_RELOCATABLE
@@ -13661,7 +13688,7 @@ index dbc4339..de6e120 100644
13661 13688
13662 ################################################################ 13689 ################################################################
13663diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S 13690diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S
13664index 586f41a..d02851e 100644 13691index 185fad4..ff4cd36 100644
13665--- a/arch/x86/crypto/ghash-clmulni-intel_asm.S 13692--- a/arch/x86/crypto/ghash-clmulni-intel_asm.S
13666+++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S 13693+++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
13667@@ -18,6 +18,7 @@ 13694@@ -18,6 +18,7 @@
@@ -13672,7 +13699,7 @@ index 586f41a..d02851e 100644
13672 13699
13673 .data 13700 .data
13674 13701
13675@@ -93,6 +94,7 @@ __clmul_gf128mul_ble: 13702@@ -89,6 +90,7 @@ __clmul_gf128mul_ble:
13676 psrlq $1, T2 13703 psrlq $1, T2
13677 pxor T2, T1 13704 pxor T2, T1
13678 pxor T1, DATA 13705 pxor T1, DATA
@@ -13680,7 +13707,7 @@ index 586f41a..d02851e 100644
13680 ret 13707 ret
13681 ENDPROC(__clmul_gf128mul_ble) 13708 ENDPROC(__clmul_gf128mul_ble)
13682 13709
13683@@ -105,6 +107,7 @@ ENTRY(clmul_ghash_mul) 13710@@ -101,6 +103,7 @@ ENTRY(clmul_ghash_mul)
13684 call __clmul_gf128mul_ble 13711 call __clmul_gf128mul_ble
13685 PSHUFB_XMM BSWAP DATA 13712 PSHUFB_XMM BSWAP DATA
13686 movups DATA, (%rdi) 13713 movups DATA, (%rdi)
@@ -13688,21 +13715,13 @@ index 586f41a..d02851e 100644
13688 ret 13715 ret
13689 ENDPROC(clmul_ghash_mul) 13716 ENDPROC(clmul_ghash_mul)
13690 13717
13691@@ -132,6 +135,7 @@ ENTRY(clmul_ghash_update) 13718@@ -128,5 +131,6 @@ ENTRY(clmul_ghash_update)
13692 PSHUFB_XMM BSWAP DATA 13719 PSHUFB_XMM BSWAP DATA
13693 movups DATA, (%rdi) 13720 movups DATA, (%rdi)
13694 .Lupdate_just_ret: 13721 .Lupdate_just_ret:
13695+ pax_force_retaddr 13722+ pax_force_retaddr
13696 ret 13723 ret
13697 ENDPROC(clmul_ghash_update) 13724 ENDPROC(clmul_ghash_update)
13698
13699@@ -157,5 +161,6 @@ ENTRY(clmul_ghash_setkey)
13700 pand .Lpoly, %xmm1
13701 pxor %xmm1, %xmm0
13702 movups %xmm0, (%rdi)
13703+ pax_force_retaddr
13704 ret
13705 ENDPROC(clmul_ghash_setkey)
13706diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S 13725diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S
13707index 9279e0b..c4b3d2c 100644 13726index 9279e0b..c4b3d2c 100644
13708--- a/arch/x86/crypto/salsa20-x86_64-asm_64.S 13727--- a/arch/x86/crypto/salsa20-x86_64-asm_64.S
@@ -17549,7 +17568,7 @@ index 81bb91b..9392125 100644
17549 17568
17550 /* 17569 /*
17551diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h 17570diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
17552index 5ad38ad..f228861 100644 17571index bbc8b12..f228861 100644
17553--- a/arch/x86/include/asm/pgtable.h 17572--- a/arch/x86/include/asm/pgtable.h
17554+++ b/arch/x86/include/asm/pgtable.h 17573+++ b/arch/x86/include/asm/pgtable.h
17555@@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); 17574@@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -17672,30 +17691,7 @@ index 5ad38ad..f228861 100644
17672 #include <linux/mm_types.h> 17691 #include <linux/mm_types.h>
17673 #include <linux/mmdebug.h> 17692 #include <linux/mmdebug.h>
17674 #include <linux/log2.h> 17693 #include <linux/log2.h>
17675@@ -445,20 +520,10 @@ static inline int pte_same(pte_t a, pte_t b) 17694@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
17676 return a.pte == b.pte;
17677 }
17678
17679-static inline int pteval_present(pteval_t pteval)
17680-{
17681- /*
17682- * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this
17683- * way clearly states that the intent is that protnone and numa
17684- * hinting ptes are considered present for the purposes of
17685- * pagetable operations like zapping, protection changes, gup etc.
17686- */
17687- return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA);
17688-}
17689-
17690 static inline int pte_present(pte_t a)
17691 {
17692- return pteval_present(pte_flags(a));
17693+ return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE |
17694+ _PAGE_NUMA);
17695 }
17696
17697 #define pte_accessible pte_accessible
17698@@ -580,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
17699 * Currently stuck as a macro due to indirect forward reference to 17695 * Currently stuck as a macro due to indirect forward reference to
17700 * linux/mmzone.h's __section_mem_map_addr() definition: 17696 * linux/mmzone.h's __section_mem_map_addr() definition:
17701 */ 17697 */
@@ -17704,7 +17700,7 @@ index 5ad38ad..f228861 100644
17704 17700
17705 /* Find an entry in the second-level page table.. */ 17701 /* Find an entry in the second-level page table.. */
17706 static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) 17702 static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
17707@@ -620,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) 17703@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
17708 * Currently stuck as a macro due to indirect forward reference to 17704 * Currently stuck as a macro due to indirect forward reference to
17709 * linux/mmzone.h's __section_mem_map_addr() definition: 17705 * linux/mmzone.h's __section_mem_map_addr() definition:
17710 */ 17706 */
@@ -17713,7 +17709,7 @@ index 5ad38ad..f228861 100644
17713 17709
17714 /* to find an entry in a page-table-directory. */ 17710 /* to find an entry in a page-table-directory. */
17715 static inline unsigned long pud_index(unsigned long address) 17711 static inline unsigned long pud_index(unsigned long address)
17716@@ -635,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) 17712@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
17717 17713
17718 static inline int pgd_bad(pgd_t pgd) 17714 static inline int pgd_bad(pgd_t pgd)
17719 { 17715 {
@@ -17722,7 +17718,7 @@ index 5ad38ad..f228861 100644
17722 } 17718 }
17723 17719
17724 static inline int pgd_none(pgd_t pgd) 17720 static inline int pgd_none(pgd_t pgd)
17725@@ -658,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) 17721@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd)
17726 * pgd_offset() returns a (pgd_t *) 17722 * pgd_offset() returns a (pgd_t *)
17727 * pgd_index() is used get the offset into the pgd page's array of pgd_t's; 17723 * pgd_index() is used get the offset into the pgd page's array of pgd_t's;
17728 */ 17724 */
@@ -17736,7 +17732,7 @@ index 5ad38ad..f228861 100644
17736 /* 17732 /*
17737 * a shortcut which implies the use of the kernel's pgd, instead 17733 * a shortcut which implies the use of the kernel's pgd, instead
17738 * of a process's 17734 * of a process's
17739@@ -669,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) 17735@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd)
17740 #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) 17736 #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
17741 #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) 17737 #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
17742 17738
@@ -17760,7 +17756,7 @@ index 5ad38ad..f228861 100644
17760 #ifndef __ASSEMBLY__ 17756 #ifndef __ASSEMBLY__
17761 17757
17762 extern int direct_gbpages; 17758 extern int direct_gbpages;
17763@@ -835,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, 17759@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
17764 * dst and src can be on the same page, but the range must not overlap, 17760 * dst and src can be on the same page, but the range must not overlap,
17765 * and must not cross a page boundary. 17761 * and must not cross a page boundary.
17766 */ 17762 */
@@ -25363,7 +25359,7 @@ index 898160b..758cde8 100644
25363 reset_current_kprobe(); 25359 reset_current_kprobe();
25364 preempt_enable_no_resched(); 25360 preempt_enable_no_resched();
25365diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c 25361diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
25366index ebc9873..1b9724b 100644 25362index ebc9873..37b8776 100644
25367--- a/arch/x86/kernel/ldt.c 25363--- a/arch/x86/kernel/ldt.c
25368+++ b/arch/x86/kernel/ldt.c 25364+++ b/arch/x86/kernel/ldt.c
25369@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) 25365@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
@@ -25416,7 +25412,7 @@ index ebc9873..1b9724b 100644
25416 return retval; 25412 return retval;
25417 } 25413 }
25418 25414
25419@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) 25415@@ -229,6 +247,24 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
25420 } 25416 }
25421 } 25417 }
25422 25418
@@ -25427,6 +25423,17 @@ index ebc9873..1b9724b 100644
25427+ } 25423+ }
25428+#endif 25424+#endif
25429+ 25425+
25426+ /*
25427+ * On x86-64 we do not support 16-bit segments due to
25428+ * IRET leaking the high bits of the kernel stack address.
25429+ */
25430+#ifdef CONFIG_X86_64
25431+ if (!ldt_info.seg_32bit) {
25432+ error = -EINVAL;
25433+ goto out_unlock;
25434+ }
25435+#endif
25436+
25430 fill_ldt(&ldt, &ldt_info); 25437 fill_ldt(&ldt, &ldt_info);
25431 if (oldmode) 25438 if (oldmode)
25432 ldt.avl = 0; 25439 ldt.avl = 0;
@@ -35432,30 +35439,18 @@ index fa6ade7..73da73a5 100644
35432 35439
35433 #ifdef CONFIG_ACPI_NUMA 35440 #ifdef CONFIG_ACPI_NUMA
35434diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c 35441diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
35435index 3c76c3d..7327d91 100644 35442index ce563be..7327d91 100644
35436--- a/arch/x86/xen/mmu.c 35443--- a/arch/x86/xen/mmu.c
35437+++ b/arch/x86/xen/mmu.c 35444+++ b/arch/x86/xen/mmu.c
35438@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr, 35445@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
35439 /* Assume pteval_t is equivalent to all the other *val_t types. */
35440 static pteval_t pte_mfn_to_pfn(pteval_t val)
35441 {
35442- if (pteval_present(val)) {
35443+ if (val & _PAGE_PRESENT) {
35444 unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
35445 unsigned long pfn = mfn_to_pfn(mfn);
35446
35447@@ -379,9 +379,9 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
35448 return val; 35446 return val;
35449 } 35447 }
35450 35448
35451-static pteval_t pte_pfn_to_mfn(pteval_t val) 35449-static pteval_t pte_pfn_to_mfn(pteval_t val)
35452+static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val) 35450+static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val)
35453 { 35451 {
35454- if (pteval_present(val)) { 35452 if (val & _PAGE_PRESENT) {
35455+ if (val & _PAGE_PRESENT) {
35456 unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; 35453 unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
35457 pteval_t flags = val & PTE_FLAGS_MASK;
35458 unsigned long mfn;
35459@@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) 35454@@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
35460 /* L3_k[510] -> level2_kernel_pgt 35455 /* L3_k[510] -> level2_kernel_pgt
35461 * L3_i[511] -> level2_fixmap_pgt */ 35456 * L3_i[511] -> level2_fixmap_pgt */
@@ -40067,19 +40062,6 @@ index a3ba9a8..ee52ddd 100644
40067 unsigned relocs_total = 0; 40062 unsigned relocs_total = 0;
40068 unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry); 40063 unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
40069 40064
40070diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
40071index d3c3b5b..e79720d 100644
40072--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
40073+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
40074@@ -828,7 +828,7 @@ void i915_gem_suspend_gtt_mappings(struct drm_device *dev)
40075 dev_priv->gtt.base.clear_range(&dev_priv->gtt.base,
40076 dev_priv->gtt.base.start / PAGE_SIZE,
40077 dev_priv->gtt.base.total / PAGE_SIZE,
40078- false);
40079+ true);
40080 }
40081
40082 void i915_gem_restore_gtt_mappings(struct drm_device *dev)
40083diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c 40065diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c
40084index 3c59584..500f2e9 100644 40066index 3c59584..500f2e9 100644
40085--- a/drivers/gpu/drm/i915/i915_ioc32.c 40067--- a/drivers/gpu/drm/i915/i915_ioc32.c
@@ -42930,10 +42912,10 @@ index 2f0b39d..7370f13 100644
42930 42912
42931 ssize_t psmouse_attr_show_helper(struct device *dev, struct device_attribute *attr, 42913 ssize_t psmouse_attr_show_helper(struct device *dev, struct device_attribute *attr,
42932diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c 42914diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
42933index 4c842c3..590b0bf 100644 42915index b604564..3f14ae4 100644
42934--- a/drivers/input/mousedev.c 42916--- a/drivers/input/mousedev.c
42935+++ b/drivers/input/mousedev.c 42917+++ b/drivers/input/mousedev.c
42936@@ -738,7 +738,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer, 42918@@ -744,7 +744,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer,
42937 42919
42938 spin_unlock_irq(&client->packet_lock); 42920 spin_unlock_irq(&client->packet_lock);
42939 42921
@@ -44026,6 +44008,28 @@ index 0095ec8..c89277a 100644
44026 } 44008 }
44027 44009
44028 struct md_personality 44010 struct md_personality
44011diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c
44012index 579b582..9fb6185 100644
44013--- a/drivers/md/persistent-data/dm-space-map-metadata.c
44014+++ b/drivers/md/persistent-data/dm-space-map-metadata.c
44015@@ -679,7 +679,7 @@ static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks)
44016 * Flick into a mode where all blocks get allocated in the new area.
44017 */
44018 smm->begin = old_len;
44019- memcpy(sm, &bootstrap_ops, sizeof(*sm));
44020+ memcpy((void *)sm, &bootstrap_ops, sizeof(*sm));
44021
44022 /*
44023 * Extend.
44024@@ -710,7 +710,7 @@ out:
44025 /*
44026 * Switch back to normal behaviour.
44027 */
44028- memcpy(sm, &ops, sizeof(*sm));
44029+ memcpy((void *)sm, &ops, sizeof(*sm));
44030 return r;
44031 }
44032
44029diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h 44033diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h
44030index 3e6d115..ffecdeb 100644 44034index 3e6d115..ffecdeb 100644
44031--- a/drivers/md/persistent-data/dm-space-map.h 44035--- a/drivers/md/persistent-data/dm-space-map.h
@@ -46322,10 +46326,10 @@ index a79e9d3..78cd4fa 100644
46322 46326
46323 /* we will have to manufacture ethernet headers, prepare template */ 46327 /* we will have to manufacture ethernet headers, prepare template */
46324diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c 46328diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
46325index 0247973..088193a 100644 46329index fc5d2b7..48e2984 100644
46326--- a/drivers/net/vxlan.c 46330--- a/drivers/net/vxlan.c
46327+++ b/drivers/net/vxlan.c 46331+++ b/drivers/net/vxlan.c
46328@@ -2615,7 +2615,7 @@ nla_put_failure: 46332@@ -2721,7 +2721,7 @@ nla_put_failure:
46329 return -EMSGSIZE; 46333 return -EMSGSIZE;
46330 } 46334 }
46331 46335
@@ -52105,38 +52109,6 @@ index 1eab4ac..e21efc9 100644
52105 iommu_group_id(group->iommu_group)); 52109 iommu_group_id(group->iommu_group));
52106 52110
52107 return 0; 52111 return 0;
52108diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
52109index b12176f..e5522d9 100644
52110--- a/drivers/vhost/net.c
52111+++ b/drivers/vhost/net.c
52112@@ -528,6 +528,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq,
52113 *iovcount = seg;
52114 if (unlikely(log))
52115 *log_num = nlogs;
52116+
52117+ /* Detect overrun */
52118+ if (unlikely(datalen > 0)) {
52119+ r = UIO_MAXIOV + 1;
52120+ goto err;
52121+ }
52122 return headcount;
52123 err:
52124 vhost_discard_vq_desc(vq, headcount);
52125@@ -583,6 +589,14 @@ static void handle_rx(struct vhost_net *net)
52126 /* On error, stop handling until the next kick. */
52127 if (unlikely(headcount < 0))
52128 break;
52129+ /* On overrun, truncate and discard */
52130+ if (unlikely(headcount > UIO_MAXIOV)) {
52131+ msg.msg_iovlen = 1;
52132+ err = sock->ops->recvmsg(NULL, sock, &msg,
52133+ 1, MSG_DONTWAIT | MSG_TRUNC);
52134+ pr_debug("Discarded rx packet: len %zd\n", sock_len);
52135+ continue;
52136+ }
52137 /* OK, now we need to know about added descriptors. */
52138 if (!headcount) {
52139 if (unlikely(vhost_enable_notify(&net->dev, vq))) {
52140diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c 52112diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
52141index 5174eba..451e6bc 100644 52113index 5174eba..451e6bc 100644
52142--- a/drivers/vhost/vringh.c 52114--- a/drivers/vhost/vringh.c
@@ -55638,54 +55610,6 @@ index 88714ae..16c2e11 100644
55638 55610
55639 55611
55640 static inline u32 get_pll_internal_frequency(u32 ref_freq, 55612 static inline u32 get_pll_internal_frequency(u32 ref_freq,
55641diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
55642index 4c02e2b..2c85267 100644
55643--- a/drivers/xen/balloon.c
55644+++ b/drivers/xen/balloon.c
55645@@ -406,12 +406,26 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
55646 state = BP_EAGAIN;
55647 break;
55648 }
55649-
55650- pfn = page_to_pfn(page);
55651- frame_list[i] = pfn_to_mfn(pfn);
55652-
55653 scrub_page(page);
55654
55655+ frame_list[i] = page_to_pfn(page);
55656+ }
55657+
55658+ /*
55659+ * Ensure that ballooned highmem pages don't have kmaps.
55660+ *
55661+ * Do this before changing the p2m as kmap_flush_unused()
55662+ * reads PTEs to obtain pages (and hence needs the original
55663+ * p2m entry).
55664+ */
55665+ kmap_flush_unused();
55666+
55667+ /* Update direct mapping, invalidate P2M, and add to balloon. */
55668+ for (i = 0; i < nr_pages; i++) {
55669+ pfn = frame_list[i];
55670+ frame_list[i] = pfn_to_mfn(pfn);
55671+ page = pfn_to_page(pfn);
55672+
55673 #ifdef CONFIG_XEN_HAVE_PVMMU
55674 /*
55675 * Ballooned out frames are effectively replaced with
55676@@ -436,11 +450,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
55677 }
55678 #endif
55679
55680- balloon_append(pfn_to_page(pfn));
55681+ balloon_append(page);
55682 }
55683
55684- /* Ensure that ballooned highmem pages don't have kmaps. */
55685- kmap_flush_unused();
55686 flush_tlb_all();
55687
55688 set_xen_guest_handle(reservation.extent_start, frame_list);
55689diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c 55613diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c
55690index fef20db..d28b1ab 100644 55614index fef20db..d28b1ab 100644
55691--- a/drivers/xen/xenfs/xenstored.c 55615--- a/drivers/xen/xenfs/xenstored.c
@@ -58166,7 +58090,7 @@ index bc3fbcd..6031650 100644
58166 return 0; 58090 return 0;
58167 while (nr) { 58091 while (nr) {
58168diff --git a/fs/dcache.c b/fs/dcache.c 58092diff --git a/fs/dcache.c b/fs/dcache.c
58169index fdbe230..d852932 100644 58093index f7ad6d7..d852932 100644
58170--- a/fs/dcache.c 58094--- a/fs/dcache.c
58171+++ b/fs/dcache.c 58095+++ b/fs/dcache.c
58172@@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) 58096@@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
@@ -58178,18 +58102,6 @@ index fdbe230..d852932 100644
58178 if (!dname) { 58102 if (!dname) {
58179 kmem_cache_free(dentry_cache, dentry); 58103 kmem_cache_free(dentry_cache, dentry);
58180 return NULL; 58104 return NULL;
58181@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name)
58182 u32 dlen = ACCESS_ONCE(name->len);
58183 char *p;
58184
58185- if (*buflen < dlen + 1)
58186- return -ENAMETOOLONG;
58187 *buflen -= dlen + 1;
58188+ if (*buflen < 0)
58189+ return -ENAMETOOLONG;
58190 p = *buffer -= dlen + 1;
58191 *p++ = '/';
58192 while (dlen--) {
58193@@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages) 58105@@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages)
58194 mempages -= reserve; 58106 mempages -= reserve;
58195 58107
@@ -61162,7 +61074,7 @@ index 92a0f0a..45a48f0 100644
61162 61074
61163 spin_lock(&inode->i_lock); 61075 spin_lock(&inode->i_lock);
61164diff --git a/fs/mount.h b/fs/mount.h 61076diff --git a/fs/mount.h b/fs/mount.h
61165index a17458c..e69fb5b 100644 61077index b29e42f..5ea7fdf 100644
61166--- a/fs/mount.h 61078--- a/fs/mount.h
61167+++ b/fs/mount.h 61079+++ b/fs/mount.h
61168@@ -11,7 +11,7 @@ struct mnt_namespace { 61080@@ -11,7 +11,7 @@ struct mnt_namespace {
@@ -61184,7 +61096,7 @@ index a17458c..e69fb5b 100644
61184 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ 61096 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
61185 61097
61186diff --git a/fs/namei.c b/fs/namei.c 61098diff --git a/fs/namei.c b/fs/namei.c
61187index cfe6608..a24748c 100644 61099index 399f637..a24748c 100644
61188--- a/fs/namei.c 61100--- a/fs/namei.c
61189+++ b/fs/namei.c 61101+++ b/fs/namei.c
61190@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) 61102@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -61260,57 +61172,7 @@ index cfe6608..a24748c 100644
61260 nd->last_type = LAST_BIND; 61172 nd->last_type = LAST_BIND;
61261 *p = dentry->d_inode->i_op->follow_link(dentry, nd); 61173 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
61262 error = PTR_ERR(*p); 61174 error = PTR_ERR(*p);
61263@@ -1098,7 +1112,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, 61175@@ -1579,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
61264 return false;
61265
61266 if (!d_mountpoint(path->dentry))
61267- break;
61268+ return true;
61269
61270 mounted = __lookup_mnt(path->mnt, path->dentry);
61271 if (!mounted)
61272@@ -1114,20 +1128,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
61273 */
61274 *inode = path->dentry->d_inode;
61275 }
61276- return true;
61277-}
61278-
61279-static void follow_mount_rcu(struct nameidata *nd)
61280-{
61281- while (d_mountpoint(nd->path.dentry)) {
61282- struct mount *mounted;
61283- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
61284- if (!mounted)
61285- break;
61286- nd->path.mnt = &mounted->mnt;
61287- nd->path.dentry = mounted->mnt.mnt_root;
61288- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
61289- }
61290+ return read_seqretry(&mount_lock, nd->m_seq);
61291 }
61292
61293 static int follow_dotdot_rcu(struct nameidata *nd)
61294@@ -1155,7 +1156,17 @@ static int follow_dotdot_rcu(struct nameidata *nd)
61295 break;
61296 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
61297 }
61298- follow_mount_rcu(nd);
61299+ while (d_mountpoint(nd->path.dentry)) {
61300+ struct mount *mounted;
61301+ mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
61302+ if (!mounted)
61303+ break;
61304+ nd->path.mnt = &mounted->mnt;
61305+ nd->path.dentry = mounted->mnt.mnt_root;
61306+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
61307+ if (!read_seqretry(&mount_lock, nd->m_seq))
61308+ goto failed;
61309+ }
61310 nd->inode = nd->path.dentry->d_inode;
61311 return 0;
61312
61313@@ -1582,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
61314 if (res) 61176 if (res)
61315 break; 61177 break;
61316 res = walk_component(nd, path, LOOKUP_FOLLOW); 61178 res = walk_component(nd, path, LOOKUP_FOLLOW);
@@ -61319,7 +61181,7 @@ index cfe6608..a24748c 100644
61319 put_link(nd, &link, cookie); 61181 put_link(nd, &link, cookie);
61320 } while (res > 0); 61182 } while (res > 0);
61321 61183
61322@@ -1655,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash); 61184@@ -1652,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash);
61323 static inline unsigned long hash_name(const char *name, unsigned int *hashp) 61185 static inline unsigned long hash_name(const char *name, unsigned int *hashp)
61324 { 61186 {
61325 unsigned long a, b, adata, bdata, mask, hash, len; 61187 unsigned long a, b, adata, bdata, mask, hash, len;
@@ -61328,7 +61190,7 @@ index cfe6608..a24748c 100644
61328 61190
61329 hash = a = 0; 61191 hash = a = 0;
61330 len = -sizeof(unsigned long); 61192 len = -sizeof(unsigned long);
61331@@ -1939,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name, 61193@@ -1936,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name,
61332 if (err) 61194 if (err)
61333 break; 61195 break;
61334 err = lookup_last(nd, &path); 61196 err = lookup_last(nd, &path);
@@ -61337,7 +61199,7 @@ index cfe6608..a24748c 100644
61337 put_link(nd, &link, cookie); 61199 put_link(nd, &link, cookie);
61338 } 61200 }
61339 } 61201 }
61340@@ -1946,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name, 61202@@ -1943,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name,
61341 if (!err) 61203 if (!err)
61342 err = complete_walk(nd); 61204 err = complete_walk(nd);
61343 61205
@@ -61351,7 +61213,7 @@ index cfe6608..a24748c 100644
61351 if (!err && nd->flags & LOOKUP_DIRECTORY) { 61213 if (!err && nd->flags & LOOKUP_DIRECTORY) {
61352 if (!d_is_directory(nd->path.dentry)) { 61214 if (!d_is_directory(nd->path.dentry)) {
61353 path_put(&nd->path); 61215 path_put(&nd->path);
61354@@ -1973,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name, 61216@@ -1970,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name,
61355 retval = path_lookupat(dfd, name->name, 61217 retval = path_lookupat(dfd, name->name,
61356 flags | LOOKUP_REVAL, nd); 61218 flags | LOOKUP_REVAL, nd);
61357 61219
@@ -61368,7 +61230,7 @@ index cfe6608..a24748c 100644
61368 return retval; 61230 return retval;
61369 } 61231 }
61370 61232
61371@@ -2548,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag) 61233@@ -2545,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
61372 if (flag & O_NOATIME && !inode_owner_or_capable(inode)) 61234 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
61373 return -EPERM; 61235 return -EPERM;
61374 61236
@@ -61382,7 +61244,7 @@ index cfe6608..a24748c 100644
61382 return 0; 61244 return 0;
61383 } 61245 }
61384 61246
61385@@ -2779,7 +2815,7 @@ looked_up: 61247@@ -2776,7 +2815,7 @@ looked_up:
61386 * cleared otherwise prior to returning. 61248 * cleared otherwise prior to returning.
61387 */ 61249 */
61388 static int lookup_open(struct nameidata *nd, struct path *path, 61250 static int lookup_open(struct nameidata *nd, struct path *path,
@@ -61391,7 +61253,7 @@ index cfe6608..a24748c 100644
61391 const struct open_flags *op, 61253 const struct open_flags *op,
61392 bool got_write, int *opened) 61254 bool got_write, int *opened)
61393 { 61255 {
61394@@ -2814,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, 61256@@ -2811,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
61395 /* Negative dentry, just create the file */ 61257 /* Negative dentry, just create the file */
61396 if (!dentry->d_inode && (op->open_flag & O_CREAT)) { 61258 if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
61397 umode_t mode = op->mode; 61259 umode_t mode = op->mode;
@@ -61409,7 +61271,7 @@ index cfe6608..a24748c 100644
61409 if (!IS_POSIXACL(dir->d_inode)) 61271 if (!IS_POSIXACL(dir->d_inode))
61410 mode &= ~current_umask(); 61272 mode &= ~current_umask();
61411 /* 61273 /*
61412@@ -2835,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, 61274@@ -2832,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
61413 nd->flags & LOOKUP_EXCL); 61275 nd->flags & LOOKUP_EXCL);
61414 if (error) 61276 if (error)
61415 goto out_dput; 61277 goto out_dput;
@@ -61418,7 +61280,7 @@ index cfe6608..a24748c 100644
61418 } 61280 }
61419 out_no_open: 61281 out_no_open:
61420 path->dentry = dentry; 61282 path->dentry = dentry;
61421@@ -2849,7 +2898,7 @@ out_dput: 61283@@ -2846,7 +2898,7 @@ out_dput:
61422 /* 61284 /*
61423 * Handle the last step of open() 61285 * Handle the last step of open()
61424 */ 61286 */
@@ -61427,7 +61289,7 @@ index cfe6608..a24748c 100644
61427 struct file *file, const struct open_flags *op, 61289 struct file *file, const struct open_flags *op,
61428 int *opened, struct filename *name) 61290 int *opened, struct filename *name)
61429 { 61291 {
61430@@ -2899,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path, 61292@@ -2896,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path,
61431 if (error) 61293 if (error)
61432 return error; 61294 return error;
61433 61295
@@ -61443,7 +61305,7 @@ index cfe6608..a24748c 100644
61443 audit_inode(name, dir, LOOKUP_PARENT); 61305 audit_inode(name, dir, LOOKUP_PARENT);
61444 error = -EISDIR; 61306 error = -EISDIR;
61445 /* trailing slashes? */ 61307 /* trailing slashes? */
61446@@ -2918,7 +2976,7 @@ retry_lookup: 61308@@ -2915,7 +2976,7 @@ retry_lookup:
61447 */ 61309 */
61448 } 61310 }
61449 mutex_lock(&dir->d_inode->i_mutex); 61311 mutex_lock(&dir->d_inode->i_mutex);
@@ -61452,7 +61314,7 @@ index cfe6608..a24748c 100644
61452 mutex_unlock(&dir->d_inode->i_mutex); 61314 mutex_unlock(&dir->d_inode->i_mutex);
61453 61315
61454 if (error <= 0) { 61316 if (error <= 0) {
61455@@ -2942,11 +3000,28 @@ retry_lookup: 61317@@ -2939,11 +3000,28 @@ retry_lookup:
61456 goto finish_open_created; 61318 goto finish_open_created;
61457 } 61319 }
61458 61320
@@ -61482,7 +61344,7 @@ index cfe6608..a24748c 100644
61482 61344
61483 /* 61345 /*
61484 * If atomic_open() acquired write access it is dropped now due to 61346 * If atomic_open() acquired write access it is dropped now due to
61485@@ -2987,6 +3062,11 @@ finish_lookup: 61347@@ -2984,6 +3062,11 @@ finish_lookup:
61486 } 61348 }
61487 } 61349 }
61488 BUG_ON(inode != path->dentry->d_inode); 61350 BUG_ON(inode != path->dentry->d_inode);
@@ -61494,7 +61356,7 @@ index cfe6608..a24748c 100644
61494 return 1; 61356 return 1;
61495 } 61357 }
61496 61358
61497@@ -2996,7 +3076,6 @@ finish_lookup: 61359@@ -2993,7 +3076,6 @@ finish_lookup:
61498 save_parent.dentry = nd->path.dentry; 61360 save_parent.dentry = nd->path.dentry;
61499 save_parent.mnt = mntget(path->mnt); 61361 save_parent.mnt = mntget(path->mnt);
61500 nd->path.dentry = path->dentry; 61362 nd->path.dentry = path->dentry;
@@ -61502,7 +61364,7 @@ index cfe6608..a24748c 100644
61502 } 61364 }
61503 nd->inode = inode; 61365 nd->inode = inode;
61504 /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ 61366 /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
61505@@ -3006,7 +3085,18 @@ finish_open: 61367@@ -3003,7 +3085,18 @@ finish_open:
61506 path_put(&save_parent); 61368 path_put(&save_parent);
61507 return error; 61369 return error;
61508 } 61370 }
@@ -61521,7 +61383,7 @@ index cfe6608..a24748c 100644
61521 error = -EISDIR; 61383 error = -EISDIR;
61522 if ((open_flag & O_CREAT) && 61384 if ((open_flag & O_CREAT) &&
61523 (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) 61385 (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry)))
61524@@ -3170,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, 61386@@ -3167,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
61525 if (unlikely(error)) 61387 if (unlikely(error))
61526 goto out; 61388 goto out;
61527 61389
@@ -61530,7 +61392,7 @@ index cfe6608..a24748c 100644
61530 while (unlikely(error > 0)) { /* trailing symlink */ 61392 while (unlikely(error > 0)) { /* trailing symlink */
61531 struct path link = path; 61393 struct path link = path;
61532 void *cookie; 61394 void *cookie;
61533@@ -3188,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, 61395@@ -3185,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
61534 error = follow_link(&link, nd, &cookie); 61396 error = follow_link(&link, nd, &cookie);
61535 if (unlikely(error)) 61397 if (unlikely(error))
61536 break; 61398 break;
@@ -61539,7 +61401,7 @@ index cfe6608..a24748c 100644
61539 put_link(nd, &link, cookie); 61401 put_link(nd, &link, cookie);
61540 } 61402 }
61541 out: 61403 out:
61542@@ -3288,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, 61404@@ -3285,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
61543 goto unlock; 61405 goto unlock;
61544 61406
61545 error = -EEXIST; 61407 error = -EEXIST;
@@ -61553,7 +61415,7 @@ index cfe6608..a24748c 100644
61553 /* 61415 /*
61554 * Special case - lookup gave negative, but... we had foo/bar/ 61416 * Special case - lookup gave negative, but... we had foo/bar/
61555 * From the vfs_mknod() POV we just have a negative dentry - 61417 * From the vfs_mknod() POV we just have a negative dentry -
61556@@ -3342,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, 61418@@ -3339,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
61557 } 61419 }
61558 EXPORT_SYMBOL(user_path_create); 61420 EXPORT_SYMBOL(user_path_create);
61559 61421
@@ -61574,7 +61436,7 @@ index cfe6608..a24748c 100644
61574 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) 61436 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
61575 { 61437 {
61576 int error = may_create(dir, dentry); 61438 int error = may_create(dir, dentry);
61577@@ -3404,6 +3510,17 @@ retry: 61439@@ -3401,6 +3510,17 @@ retry:
61578 61440
61579 if (!IS_POSIXACL(path.dentry->d_inode)) 61441 if (!IS_POSIXACL(path.dentry->d_inode))
61580 mode &= ~current_umask(); 61442 mode &= ~current_umask();
@@ -61592,7 +61454,7 @@ index cfe6608..a24748c 100644
61592 error = security_path_mknod(&path, dentry, mode, dev); 61454 error = security_path_mknod(&path, dentry, mode, dev);
61593 if (error) 61455 if (error)
61594 goto out; 61456 goto out;
61595@@ -3420,6 +3537,8 @@ retry: 61457@@ -3417,6 +3537,8 @@ retry:
61596 break; 61458 break;
61597 } 61459 }
61598 out: 61460 out:
@@ -61601,7 +61463,7 @@ index cfe6608..a24748c 100644
61601 done_path_create(&path, dentry); 61463 done_path_create(&path, dentry);
61602 if (retry_estale(error, lookup_flags)) { 61464 if (retry_estale(error, lookup_flags)) {
61603 lookup_flags |= LOOKUP_REVAL; 61465 lookup_flags |= LOOKUP_REVAL;
61604@@ -3472,9 +3591,16 @@ retry: 61466@@ -3469,9 +3591,16 @@ retry:
61605 61467
61606 if (!IS_POSIXACL(path.dentry->d_inode)) 61468 if (!IS_POSIXACL(path.dentry->d_inode))
61607 mode &= ~current_umask(); 61469 mode &= ~current_umask();
@@ -61618,7 +61480,7 @@ index cfe6608..a24748c 100644
61618 done_path_create(&path, dentry); 61480 done_path_create(&path, dentry);
61619 if (retry_estale(error, lookup_flags)) { 61481 if (retry_estale(error, lookup_flags)) {
61620 lookup_flags |= LOOKUP_REVAL; 61482 lookup_flags |= LOOKUP_REVAL;
61621@@ -3555,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname) 61483@@ -3552,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
61622 struct filename *name; 61484 struct filename *name;
61623 struct dentry *dentry; 61485 struct dentry *dentry;
61624 struct nameidata nd; 61486 struct nameidata nd;
@@ -61627,7 +61489,7 @@ index cfe6608..a24748c 100644
61627 unsigned int lookup_flags = 0; 61489 unsigned int lookup_flags = 0;
61628 retry: 61490 retry:
61629 name = user_path_parent(dfd, pathname, &nd, lookup_flags); 61491 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
61630@@ -3587,10 +3715,21 @@ retry: 61492@@ -3584,10 +3715,21 @@ retry:
61631 error = -ENOENT; 61493 error = -ENOENT;
61632 goto exit3; 61494 goto exit3;
61633 } 61495 }
@@ -61649,7 +61511,7 @@ index cfe6608..a24748c 100644
61649 exit3: 61511 exit3:
61650 dput(dentry); 61512 dput(dentry);
61651 exit2: 61513 exit2:
61652@@ -3680,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) 61514@@ -3677,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
61653 struct nameidata nd; 61515 struct nameidata nd;
61654 struct inode *inode = NULL; 61516 struct inode *inode = NULL;
61655 struct inode *delegated_inode = NULL; 61517 struct inode *delegated_inode = NULL;
@@ -61658,7 +61520,7 @@ index cfe6608..a24748c 100644
61658 unsigned int lookup_flags = 0; 61520 unsigned int lookup_flags = 0;
61659 retry: 61521 retry:
61660 name = user_path_parent(dfd, pathname, &nd, lookup_flags); 61522 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
61661@@ -3706,10 +3847,22 @@ retry_deleg: 61523@@ -3703,10 +3847,22 @@ retry_deleg:
61662 if (d_is_negative(dentry)) 61524 if (d_is_negative(dentry))
61663 goto slashes; 61525 goto slashes;
61664 ihold(inode); 61526 ihold(inode);
@@ -61681,7 +61543,7 @@ index cfe6608..a24748c 100644
61681 exit2: 61543 exit2:
61682 dput(dentry); 61544 dput(dentry);
61683 } 61545 }
61684@@ -3797,9 +3950,17 @@ retry: 61546@@ -3794,9 +3950,17 @@ retry:
61685 if (IS_ERR(dentry)) 61547 if (IS_ERR(dentry))
61686 goto out_putname; 61548 goto out_putname;
61687 61549
@@ -61699,7 +61561,7 @@ index cfe6608..a24748c 100644
61699 done_path_create(&path, dentry); 61561 done_path_create(&path, dentry);
61700 if (retry_estale(error, lookup_flags)) { 61562 if (retry_estale(error, lookup_flags)) {
61701 lookup_flags |= LOOKUP_REVAL; 61563 lookup_flags |= LOOKUP_REVAL;
61702@@ -3902,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, 61564@@ -3899,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
61703 struct dentry *new_dentry; 61565 struct dentry *new_dentry;
61704 struct path old_path, new_path; 61566 struct path old_path, new_path;
61705 struct inode *delegated_inode = NULL; 61567 struct inode *delegated_inode = NULL;
@@ -61707,7 +61569,7 @@ index cfe6608..a24748c 100644
61707 int how = 0; 61569 int how = 0;
61708 int error; 61570 int error;
61709 61571
61710@@ -3925,7 +4087,7 @@ retry: 61572@@ -3922,7 +4087,7 @@ retry:
61711 if (error) 61573 if (error)
61712 return error; 61574 return error;
61713 61575
@@ -61716,7 +61578,7 @@ index cfe6608..a24748c 100644
61716 (how & LOOKUP_REVAL)); 61578 (how & LOOKUP_REVAL));
61717 error = PTR_ERR(new_dentry); 61579 error = PTR_ERR(new_dentry);
61718 if (IS_ERR(new_dentry)) 61580 if (IS_ERR(new_dentry))
61719@@ -3937,11 +4099,28 @@ retry: 61581@@ -3934,11 +4099,28 @@ retry:
61720 error = may_linkat(&old_path); 61582 error = may_linkat(&old_path);
61721 if (unlikely(error)) 61583 if (unlikely(error))
61722 goto out_dput; 61584 goto out_dput;
@@ -61745,7 +61607,7 @@ index cfe6608..a24748c 100644
61745 done_path_create(&new_path, new_dentry); 61607 done_path_create(&new_path, new_dentry);
61746 if (delegated_inode) { 61608 if (delegated_inode) {
61747 error = break_deleg_wait(&delegated_inode); 61609 error = break_deleg_wait(&delegated_inode);
61748@@ -4228,6 +4407,12 @@ retry_deleg: 61610@@ -4225,6 +4407,12 @@ retry_deleg:
61749 if (new_dentry == trap) 61611 if (new_dentry == trap)
61750 goto exit5; 61612 goto exit5;
61751 61613
@@ -61758,7 +61620,7 @@ index cfe6608..a24748c 100644
61758 error = security_path_rename(&oldnd.path, old_dentry, 61620 error = security_path_rename(&oldnd.path, old_dentry,
61759 &newnd.path, new_dentry); 61621 &newnd.path, new_dentry);
61760 if (error) 61622 if (error)
61761@@ -4235,6 +4420,9 @@ retry_deleg: 61623@@ -4232,6 +4420,9 @@ retry_deleg:
61762 error = vfs_rename(old_dir->d_inode, old_dentry, 61624 error = vfs_rename(old_dir->d_inode, old_dentry,
61763 new_dir->d_inode, new_dentry, 61625 new_dir->d_inode, new_dentry,
61764 &delegated_inode); 61626 &delegated_inode);
@@ -61768,7 +61630,7 @@ index cfe6608..a24748c 100644
61768 exit5: 61630 exit5:
61769 dput(new_dentry); 61631 dput(new_dentry);
61770 exit4: 61632 exit4:
61771@@ -4271,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna 61633@@ -4268,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
61772 61634
61773 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) 61635 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
61774 { 61636 {
@@ -61777,7 +61639,7 @@ index cfe6608..a24748c 100644
61777 int len; 61639 int len;
61778 61640
61779 len = PTR_ERR(link); 61641 len = PTR_ERR(link);
61780@@ -4280,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c 61642@@ -4277,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
61781 len = strlen(link); 61643 len = strlen(link);
61782 if (len > (unsigned) buflen) 61644 if (len > (unsigned) buflen)
61783 len = buflen; 61645 len = buflen;
@@ -61794,10 +61656,10 @@ index cfe6608..a24748c 100644
61794 out: 61656 out:
61795 return len; 61657 return len;
61796diff --git a/fs/namespace.c b/fs/namespace.c 61658diff --git a/fs/namespace.c b/fs/namespace.c
61797index be32ebc..c595734 100644 61659index 6d0e54e..4c1f85e 100644
61798--- a/fs/namespace.c 61660--- a/fs/namespace.c
61799+++ b/fs/namespace.c 61661+++ b/fs/namespace.c
61800@@ -1293,6 +1293,9 @@ static int do_umount(struct mount *mnt, int flags) 61662@@ -1339,6 +1339,9 @@ static int do_umount(struct mount *mnt, int flags)
61801 if (!(sb->s_flags & MS_RDONLY)) 61663 if (!(sb->s_flags & MS_RDONLY))
61802 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); 61664 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
61803 up_write(&sb->s_umount); 61665 up_write(&sb->s_umount);
@@ -61807,7 +61669,7 @@ index be32ebc..c595734 100644
61807 return retval; 61669 return retval;
61808 } 61670 }
61809 61671
61810@@ -1315,6 +1318,9 @@ static int do_umount(struct mount *mnt, int flags) 61672@@ -1361,6 +1364,9 @@ static int do_umount(struct mount *mnt, int flags)
61811 } 61673 }
61812 unlock_mount_hash(); 61674 unlock_mount_hash();
61813 namespace_unlock(); 61675 namespace_unlock();
@@ -61817,7 +61679,7 @@ index be32ebc..c595734 100644
61817 return retval; 61679 return retval;
61818 } 61680 }
61819 61681
61820@@ -1334,7 +1340,7 @@ static inline bool may_mount(void) 61682@@ -1380,7 +1386,7 @@ static inline bool may_mount(void)
61821 * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD 61683 * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
61822 */ 61684 */
61823 61685
@@ -61826,7 +61688,7 @@ index be32ebc..c595734 100644
61826 { 61688 {
61827 struct path path; 61689 struct path path;
61828 struct mount *mnt; 61690 struct mount *mnt;
61829@@ -1376,7 +1382,7 @@ out: 61691@@ -1422,7 +1428,7 @@ out:
61830 /* 61692 /*
61831 * The 2.0 compatible umount. No flags. 61693 * The 2.0 compatible umount. No flags.
61832 */ 61694 */
@@ -61835,7 +61697,7 @@ index be32ebc..c595734 100644
61835 { 61697 {
61836 return sys_umount(name, 0); 61698 return sys_umount(name, 0);
61837 } 61699 }
61838@@ -2379,6 +2385,16 @@ long do_mount(const char *dev_name, const char *dir_name, 61700@@ -2426,6 +2432,16 @@ long do_mount(const char *dev_name, const char *dir_name,
61839 MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | 61701 MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
61840 MS_STRICTATIME); 61702 MS_STRICTATIME);
61841 61703
@@ -61852,7 +61714,7 @@ index be32ebc..c595734 100644
61852 if (flags & MS_REMOUNT) 61714 if (flags & MS_REMOUNT)
61853 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, 61715 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
61854 data_page); 61716 data_page);
61855@@ -2393,6 +2409,9 @@ long do_mount(const char *dev_name, const char *dir_name, 61717@@ -2440,6 +2456,9 @@ long do_mount(const char *dev_name, const char *dir_name,
61856 dev_name, data_page); 61718 dev_name, data_page);
61857 dput_out: 61719 dput_out:
61858 path_put(&path); 61720 path_put(&path);
@@ -61862,7 +61724,7 @@ index be32ebc..c595734 100644
61862 return retval; 61724 return retval;
61863 } 61725 }
61864 61726
61865@@ -2410,7 +2429,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) 61727@@ -2457,7 +2476,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
61866 * number incrementing at 10Ghz will take 12,427 years to wrap which 61728 * number incrementing at 10Ghz will take 12,427 years to wrap which
61867 * is effectively never, so we can ignore the possibility. 61729 * is effectively never, so we can ignore the possibility.
61868 */ 61730 */
@@ -61871,7 +61733,7 @@ index be32ebc..c595734 100644
61871 61733
61872 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) 61734 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
61873 { 61735 {
61874@@ -2425,7 +2444,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) 61736@@ -2472,7 +2491,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
61875 kfree(new_ns); 61737 kfree(new_ns);
61876 return ERR_PTR(ret); 61738 return ERR_PTR(ret);
61877 } 61739 }
@@ -61880,7 +61742,7 @@ index be32ebc..c595734 100644
61880 atomic_set(&new_ns->count, 1); 61742 atomic_set(&new_ns->count, 1);
61881 new_ns->root = NULL; 61743 new_ns->root = NULL;
61882 INIT_LIST_HEAD(&new_ns->list); 61744 INIT_LIST_HEAD(&new_ns->list);
61883@@ -2435,7 +2454,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) 61745@@ -2482,7 +2501,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
61884 return new_ns; 61746 return new_ns;
61885 } 61747 }
61886 61748
@@ -61889,7 +61751,7 @@ index be32ebc..c595734 100644
61889 struct user_namespace *user_ns, struct fs_struct *new_fs) 61751 struct user_namespace *user_ns, struct fs_struct *new_fs)
61890 { 61752 {
61891 struct mnt_namespace *new_ns; 61753 struct mnt_namespace *new_ns;
61892@@ -2556,8 +2575,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) 61754@@ -2603,8 +2622,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
61893 } 61755 }
61894 EXPORT_SYMBOL(mount_subtree); 61756 EXPORT_SYMBOL(mount_subtree);
61895 61757
@@ -61900,7 +61762,7 @@ index be32ebc..c595734 100644
61900 { 61762 {
61901 int ret; 61763 int ret;
61902 char *kernel_type; 61764 char *kernel_type;
61903@@ -2670,6 +2689,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, 61765@@ -2717,6 +2736,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
61904 if (error) 61766 if (error)
61905 goto out2; 61767 goto out2;
61906 61768
@@ -61912,7 +61774,7 @@ index be32ebc..c595734 100644
61912 get_fs_root(current->fs, &root); 61774 get_fs_root(current->fs, &root);
61913 old_mp = lock_mount(&old); 61775 old_mp = lock_mount(&old);
61914 error = PTR_ERR(old_mp); 61776 error = PTR_ERR(old_mp);
61915@@ -2930,7 +2954,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) 61777@@ -2983,7 +3007,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
61916 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) 61778 !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
61917 return -EPERM; 61779 return -EPERM;
61918 61780
@@ -61958,6 +61820,58 @@ index 5d94c02..630214f 100644
61958 } 61820 }
61959 61821
61960 void nfs_fattr_init(struct nfs_fattr *fattr) 61822 void nfs_fattr_init(struct nfs_fattr *fattr)
61823diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
61824index 0e90bf0..134691e 100644
61825--- a/fs/nfs/nfs4proc.c
61826+++ b/fs/nfs/nfs4proc.c
61827@@ -1070,6 +1070,7 @@ static void nfs4_opendata_free(struct kref *kref)
61828 dput(p->dentry);
61829 nfs_sb_deactive(sb);
61830 nfs_fattr_free_names(&p->f_attr);
61831+ kfree(p->f_attr.mdsthreshold);
61832 kfree(p);
61833 }
61834
61835@@ -2246,10 +2247,12 @@ static int _nfs4_do_open(struct inode *dir,
61836 }
61837 }
61838
61839- if (ctx_th && server->attr_bitmask[2] & FATTR4_WORD2_MDSTHRESHOLD) {
61840- opendata->f_attr.mdsthreshold = pnfs_mdsthreshold_alloc();
61841- if (!opendata->f_attr.mdsthreshold)
61842- goto err_free_label;
61843+ if (server->attr_bitmask[2] & FATTR4_WORD2_MDSTHRESHOLD) {
61844+ if (!opendata->f_attr.mdsthreshold) {
61845+ opendata->f_attr.mdsthreshold = pnfs_mdsthreshold_alloc();
61846+ if (!opendata->f_attr.mdsthreshold)
61847+ goto err_free_label;
61848+ }
61849 opendata->o_arg.open_bitmap = &nfs4_pnfs_open_bitmap[0];
61850 }
61851 if (dentry->d_inode != NULL)
61852@@ -2277,11 +2280,10 @@ static int _nfs4_do_open(struct inode *dir,
61853 if (opendata->file_created)
61854 *opened |= FILE_CREATED;
61855
61856- if (pnfs_use_threshold(ctx_th, opendata->f_attr.mdsthreshold, server))
61857+ if (pnfs_use_threshold(ctx_th, opendata->f_attr.mdsthreshold, server)) {
61858 *ctx_th = opendata->f_attr.mdsthreshold;
61859- else
61860- kfree(opendata->f_attr.mdsthreshold);
61861- opendata->f_attr.mdsthreshold = NULL;
61862+ opendata->f_attr.mdsthreshold = NULL;
61863+ }
61864
61865 nfs4_label_free(olabel);
61866
61867@@ -2291,7 +2293,6 @@ static int _nfs4_do_open(struct inode *dir,
61868 err_free_label:
61869 nfs4_label_free(olabel);
61870 err_opendata_put:
61871- kfree(opendata->f_attr.mdsthreshold);
61872 nfs4_opendata_put(opendata);
61873 err_put_state_owner:
61874 nfs4_put_state_owner(sp);
61961diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c 61875diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
61962index 419572f..5414a23 100644 61876index 419572f..5414a23 100644
61963--- a/fs/nfsd/nfs4proc.c 61877--- a/fs/nfsd/nfs4proc.c
@@ -65163,10 +65077,10 @@ index 104455b..764c512 100644
65163 kfree(s); 65077 kfree(s);
65164diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig 65078diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
65165new file mode 100644 65079new file mode 100644
65166index 0000000..13b7885 65080index 0000000..3abaf02
65167--- /dev/null 65081--- /dev/null
65168+++ b/grsecurity/Kconfig 65082+++ b/grsecurity/Kconfig
65169@@ -0,0 +1,1155 @@ 65083@@ -0,0 +1,1161 @@
65170+# 65084+#
65171+# grecurity configuration 65085+# grecurity configuration
65172+# 65086+#
@@ -65222,7 +65136,8 @@ index 0000000..13b7885
65222+ the most notable of which are XFree86 and hwclock. hwclock can be 65136+ the most notable of which are XFree86 and hwclock. hwclock can be
65223+ remedied by having RTC support in the kernel, so real-time 65137+ remedied by having RTC support in the kernel, so real-time
65224+ clock support is enabled if this option is enabled, to ensure 65138+ clock support is enabled if this option is enabled, to ensure
65225+ that hwclock operates correctly. 65139+ that hwclock operates correctly. If hwclock still does not work,
65140+ either update udev or symlink /dev/rtc to /dev/rtc0.
65226+ 65141+
65227+ If you're using XFree86 or a version of Xorg from 2012 or earlier, 65142+ If you're using XFree86 or a version of Xorg from 2012 or earlier,
65228+ you may not be able to boot into a graphical environment with this 65143+ you may not be able to boot into a graphical environment with this
@@ -65647,6 +65562,11 @@ index 0000000..13b7885
65647+ encounter no software incompatibilities with the following options, it 65562+ encounter no software incompatibilities with the following options, it
65648+ is recommended that you enable each one. 65563+ is recommended that you enable each one.
65649+ 65564+
65565+ Note that the chroot restrictions are not intended to apply to "chroots"
65566+ to directories that are simple bind mounts of the global root filesystem.
65567+ For several other reasons, a user shouldn't expect any significant
65568+ security by performing such a chroot.
65569+
65650+config GRKERNSEC_CHROOT_MOUNT 65570+config GRKERNSEC_CHROOT_MOUNT
65651+ bool "Deny mounts" 65571+ bool "Deny mounts"
65652+ default y if GRKERNSEC_CONFIG_AUTO 65572+ default y if GRKERNSEC_CONFIG_AUTO
@@ -76941,9 +76861,18 @@ index bf1ef22..2a55e1b 100644
76941 static inline kuid_t audit_get_loginuid(struct task_struct *tsk) 76861 static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
76942 { 76862 {
76943diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h 76863diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
76944index fd8bf32..2cccd5a 100644 76864index fd8bf32..49a5f5c 100644
76945--- a/include/linux/binfmts.h 76865--- a/include/linux/binfmts.h
76946+++ b/include/linux/binfmts.h 76866+++ b/include/linux/binfmts.h
76867@@ -45,7 +45,7 @@ struct linux_binprm {
76868 unsigned interp_data;
76869 unsigned long loader, exec;
76870 char tcomm[TASK_COMM_LEN];
76871-};
76872+} __randomize_layout;
76873
76874 #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
76875 #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT)
76947@@ -74,8 +74,10 @@ struct linux_binfmt { 76876@@ -74,8 +74,10 @@ struct linux_binfmt {
76948 int (*load_binary)(struct linux_binprm *); 76877 int (*load_binary)(struct linux_binprm *);
76949 int (*load_shlib)(struct file *); 76878 int (*load_shlib)(struct file *);
@@ -76952,12 +76881,12 @@ index fd8bf32..2cccd5a 100644
76952+ void (*handle_mmap)(struct file *); 76881+ void (*handle_mmap)(struct file *);
76953 unsigned long min_coredump; /* minimal dump size */ 76882 unsigned long min_coredump; /* minimal dump size */
76954-}; 76883-};
76955+} __do_const; 76884+} __do_const __randomize_layout;
76956 76885
76957 extern void __register_binfmt(struct linux_binfmt *fmt, int insert); 76886 extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
76958 76887
76959diff --git a/include/linux/bitops.h b/include/linux/bitops.h 76888diff --git a/include/linux/bitops.h b/include/linux/bitops.h
76960index abc9ca7..e54ee27 100644 76889index be5fd38..d71192a 100644
76961--- a/include/linux/bitops.h 76890--- a/include/linux/bitops.h
76962+++ b/include/linux/bitops.h 76891+++ b/include/linux/bitops.h
76963@@ -102,7 +102,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift) 76892@@ -102,7 +102,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift)
@@ -79839,7 +79768,7 @@ index 9fe426b..8148be6 100644
79839 static inline int 79768 static inline int
79840 vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) 79769 vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
79841diff --git a/include/linux/mm.h b/include/linux/mm.h 79770diff --git a/include/linux/mm.h b/include/linux/mm.h
79842index 0ab5439..2859c61 100644 79771index 5360b82..4eedf45 100644
79843--- a/include/linux/mm.h 79772--- a/include/linux/mm.h
79844+++ b/include/linux/mm.h 79773+++ b/include/linux/mm.h
79845@@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp); 79774@@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp);
@@ -79873,7 +79802,7 @@ index 0ab5439..2859c61 100644
79873 79802
79874 struct mmu_gather; 79803 struct mmu_gather;
79875 struct inode; 79804 struct inode;
79876@@ -1064,8 +1070,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, 79805@@ -1074,8 +1080,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
79877 unsigned long *pfn); 79806 unsigned long *pfn);
79878 int follow_phys(struct vm_area_struct *vma, unsigned long address, 79807 int follow_phys(struct vm_area_struct *vma, unsigned long address,
79879 unsigned int flags, unsigned long *prot, resource_size_t *phys); 79808 unsigned int flags, unsigned long *prot, resource_size_t *phys);
@@ -79884,7 +79813,7 @@ index 0ab5439..2859c61 100644
79884 79813
79885 static inline void unmap_shared_mapping_range(struct address_space *mapping, 79814 static inline void unmap_shared_mapping_range(struct address_space *mapping,
79886 loff_t const holebegin, loff_t const holelen) 79815 loff_t const holebegin, loff_t const holelen)
79887@@ -1104,9 +1110,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, 79816@@ -1114,9 +1120,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
79888 } 79817 }
79889 #endif 79818 #endif
79890 79819
@@ -79897,7 +79826,7 @@ index 0ab5439..2859c61 100644
79897 79826
79898 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 79827 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
79899 unsigned long start, unsigned long nr_pages, 79828 unsigned long start, unsigned long nr_pages,
79900@@ -1138,34 +1144,6 @@ int set_page_dirty(struct page *page); 79829@@ -1148,34 +1154,6 @@ int set_page_dirty(struct page *page);
79901 int set_page_dirty_lock(struct page *page); 79830 int set_page_dirty_lock(struct page *page);
79902 int clear_page_dirty_for_io(struct page *page); 79831 int clear_page_dirty_for_io(struct page *page);
79903 79832
@@ -79932,7 +79861,7 @@ index 0ab5439..2859c61 100644
79932 extern pid_t 79861 extern pid_t
79933 vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); 79862 vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
79934 79863
79935@@ -1265,6 +1243,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) 79864@@ -1275,6 +1253,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
79936 } 79865 }
79937 #endif 79866 #endif
79938 79867
@@ -79948,7 +79877,7 @@ index 0ab5439..2859c61 100644
79948 int vma_wants_writenotify(struct vm_area_struct *vma); 79877 int vma_wants_writenotify(struct vm_area_struct *vma);
79949 79878
79950 extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, 79879 extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
79951@@ -1283,8 +1270,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, 79880@@ -1293,8 +1280,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
79952 { 79881 {
79953 return 0; 79882 return 0;
79954 } 79883 }
@@ -79964,7 +79893,7 @@ index 0ab5439..2859c61 100644
79964 #endif 79893 #endif
79965 79894
79966 #ifdef __PAGETABLE_PMD_FOLDED 79895 #ifdef __PAGETABLE_PMD_FOLDED
79967@@ -1293,8 +1287,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, 79896@@ -1303,8 +1297,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
79968 { 79897 {
79969 return 0; 79898 return 0;
79970 } 79899 }
@@ -79980,7 +79909,7 @@ index 0ab5439..2859c61 100644
79980 #endif 79909 #endif
79981 79910
79982 int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, 79911 int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
79983@@ -1312,11 +1313,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a 79912@@ -1322,11 +1323,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
79984 NULL: pud_offset(pgd, address); 79913 NULL: pud_offset(pgd, address);
79985 } 79914 }
79986 79915
@@ -80004,7 +79933,7 @@ index 0ab5439..2859c61 100644
80004 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ 79933 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
80005 79934
80006 #if USE_SPLIT_PTE_PTLOCKS 79935 #if USE_SPLIT_PTE_PTLOCKS
80007@@ -1694,7 +1707,7 @@ extern int install_special_mapping(struct mm_struct *mm, 79936@@ -1704,7 +1717,7 @@ extern int install_special_mapping(struct mm_struct *mm,
80008 unsigned long addr, unsigned long len, 79937 unsigned long addr, unsigned long len,
80009 unsigned long flags, struct page **pages); 79938 unsigned long flags, struct page **pages);
80010 79939
@@ -80013,7 +79942,7 @@ index 0ab5439..2859c61 100644
80013 79942
80014 extern unsigned long mmap_region(struct file *file, unsigned long addr, 79943 extern unsigned long mmap_region(struct file *file, unsigned long addr,
80015 unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); 79944 unsigned long len, vm_flags_t vm_flags, unsigned long pgoff);
80016@@ -1702,6 +1715,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, 79945@@ -1712,6 +1725,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
80017 unsigned long len, unsigned long prot, unsigned long flags, 79946 unsigned long len, unsigned long prot, unsigned long flags,
80018 unsigned long pgoff, unsigned long *populate); 79947 unsigned long pgoff, unsigned long *populate);
80019 extern int do_munmap(struct mm_struct *, unsigned long, size_t); 79948 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
@@ -80021,7 +79950,7 @@ index 0ab5439..2859c61 100644
80021 79950
80022 #ifdef CONFIG_MMU 79951 #ifdef CONFIG_MMU
80023 extern int __mm_populate(unsigned long addr, unsigned long len, 79952 extern int __mm_populate(unsigned long addr, unsigned long len,
80024@@ -1730,10 +1744,11 @@ struct vm_unmapped_area_info { 79953@@ -1740,10 +1754,11 @@ struct vm_unmapped_area_info {
80025 unsigned long high_limit; 79954 unsigned long high_limit;
80026 unsigned long align_mask; 79955 unsigned long align_mask;
80027 unsigned long align_offset; 79956 unsigned long align_offset;
@@ -80035,7 +79964,7 @@ index 0ab5439..2859c61 100644
80035 79964
80036 /* 79965 /*
80037 * Search for an unmapped address range. 79966 * Search for an unmapped address range.
80038@@ -1745,7 +1760,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); 79967@@ -1755,7 +1770,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
80039 * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) 79968 * - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
80040 */ 79969 */
80041 static inline unsigned long 79970 static inline unsigned long
@@ -80044,7 +79973,7 @@ index 0ab5439..2859c61 100644
80044 { 79973 {
80045 if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) 79974 if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
80046 return unmapped_area(info); 79975 return unmapped_area(info);
80047@@ -1808,6 +1823,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add 79976@@ -1818,6 +1833,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
80048 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, 79977 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
80049 struct vm_area_struct **pprev); 79978 struct vm_area_struct **pprev);
80050 79979
@@ -80055,7 +79984,7 @@ index 0ab5439..2859c61 100644
80055 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, 79984 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
80056 NULL if none. Assume start_addr < end_addr. */ 79985 NULL if none. Assume start_addr < end_addr. */
80057 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) 79986 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
80058@@ -1836,15 +1855,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, 79987@@ -1846,15 +1865,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
80059 return vma; 79988 return vma;
80060 } 79989 }
80061 79990
@@ -80071,7 +80000,7 @@ index 0ab5439..2859c61 100644
80071 #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE 80000 #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE
80072 unsigned long change_prot_numa(struct vm_area_struct *vma, 80001 unsigned long change_prot_numa(struct vm_area_struct *vma,
80073 unsigned long start, unsigned long end); 80002 unsigned long start, unsigned long end);
80074@@ -1896,6 +1906,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); 80003@@ -1906,6 +1916,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
80075 static inline void vm_stat_account(struct mm_struct *mm, 80004 static inline void vm_stat_account(struct mm_struct *mm,
80076 unsigned long flags, struct file *file, long pages) 80005 unsigned long flags, struct file *file, long pages)
80077 { 80006 {
@@ -80083,7 +80012,7 @@ index 0ab5439..2859c61 100644
80083 mm->total_vm += pages; 80012 mm->total_vm += pages;
80084 } 80013 }
80085 #endif /* CONFIG_PROC_FS */ 80014 #endif /* CONFIG_PROC_FS */
80086@@ -1977,7 +1992,7 @@ extern int unpoison_memory(unsigned long pfn); 80015@@ -1987,7 +2002,7 @@ extern int unpoison_memory(unsigned long pfn);
80087 extern int sysctl_memory_failure_early_kill; 80016 extern int sysctl_memory_failure_early_kill;
80088 extern int sysctl_memory_failure_recovery; 80017 extern int sysctl_memory_failure_recovery;
80089 extern void shake_page(struct page *p, int access); 80018 extern void shake_page(struct page *p, int access);
@@ -80092,7 +80021,7 @@ index 0ab5439..2859c61 100644
80092 extern int soft_offline_page(struct page *page, int flags); 80021 extern int soft_offline_page(struct page *page, int flags);
80093 80022
80094 extern void dump_page(struct page *page); 80023 extern void dump_page(struct page *page);
80095@@ -2014,5 +2029,11 @@ void __init setup_nr_node_ids(void); 80024@@ -2024,5 +2039,11 @@ void __init setup_nr_node_ids(void);
80096 static inline void setup_nr_node_ids(void) {} 80025 static inline void setup_nr_node_ids(void) {}
80097 #endif 80026 #endif
80098 80027
@@ -80596,6 +80525,27 @@ index 4386946..f50c615 100644
80596 struct padata_cpumask cpumask; 80525 struct padata_cpumask cpumask;
80597 spinlock_t lock ____cacheline_aligned; 80526 spinlock_t lock ____cacheline_aligned;
80598 unsigned int processed; 80527 unsigned int processed;
80528diff --git a/include/linux/path.h b/include/linux/path.h
80529index d137218..be0c176 100644
80530--- a/include/linux/path.h
80531+++ b/include/linux/path.h
80532@@ -1,13 +1,15 @@
80533 #ifndef _LINUX_PATH_H
80534 #define _LINUX_PATH_H
80535
80536+#include <linux/compiler.h>
80537+
80538 struct dentry;
80539 struct vfsmount;
80540
80541 struct path {
80542 struct vfsmount *mnt;
80543 struct dentry *dentry;
80544-};
80545+} __randomize_layout;
80546
80547 extern void path_get(const struct path *);
80548 extern void path_put(const struct path *);
80599diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h 80549diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h
80600index a2e2f1d..8a391d2 100644 80550index a2e2f1d..8a391d2 100644
80601--- a/include/linux/pci_hotplug.h 80551--- a/include/linux/pci_hotplug.h
@@ -81448,7 +81398,7 @@ index e3347c5..f682891 100644
81448 extern unsigned int sysctl_sched_latency; 81398 extern unsigned int sysctl_sched_latency;
81449 extern unsigned int sysctl_sched_min_granularity; 81399 extern unsigned int sysctl_sched_min_granularity;
81450diff --git a/include/linux/security.h b/include/linux/security.h 81400diff --git a/include/linux/security.h b/include/linux/security.h
81451index 5623a7f..b352409 100644 81401index 5623a7f..7ae77be 100644
81452--- a/include/linux/security.h 81402--- a/include/linux/security.h
81453+++ b/include/linux/security.h 81403+++ b/include/linux/security.h
81454@@ -27,6 +27,7 @@ 81404@@ -27,6 +27,7 @@
@@ -81468,6 +81418,15 @@ index 5623a7f..b352409 100644
81468 #ifdef CONFIG_MMU 81418 #ifdef CONFIG_MMU
81469 extern unsigned long mmap_min_addr; 81419 extern unsigned long mmap_min_addr;
81470 extern unsigned long dac_mmap_min_addr; 81420 extern unsigned long dac_mmap_min_addr;
81421@@ -1718,7 +1717,7 @@ struct security_operations {
81422 struct audit_context *actx);
81423 void (*audit_rule_free) (void *lsmrule);
81424 #endif /* CONFIG_AUDIT */
81425-};
81426+} __randomize_layout;
81427
81428 /* prototypes */
81429 extern int security_init(void);
81471diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h 81430diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h
81472index dc368b8..e895209 100644 81431index dc368b8..e895209 100644
81473--- a/include/linux/semaphore.h 81432--- a/include/linux/semaphore.h
@@ -82096,7 +82055,7 @@ index 97d660e..6356755 100644
82096 82055
82097 extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc); 82056 extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc);
82098diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h 82057diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h
82099index 756a609..f61242d 100644 82058index 756a609..89db85e 100644
82100--- a/include/linux/tty_driver.h 82059--- a/include/linux/tty_driver.h
82101+++ b/include/linux/tty_driver.h 82060+++ b/include/linux/tty_driver.h
82102@@ -285,7 +285,7 @@ struct tty_operations { 82061@@ -285,7 +285,7 @@ struct tty_operations {
@@ -82104,7 +82063,7 @@ index 756a609..f61242d 100644
82104 #endif 82063 #endif
82105 const struct file_operations *proc_fops; 82064 const struct file_operations *proc_fops;
82106-}; 82065-};
82107+} __do_const; 82066+} __do_const __randomize_layout;
82108 82067
82109 struct tty_driver { 82068 struct tty_driver {
82110 int magic; /* magic number for this structure */ 82069 int magic; /* magic number for this structure */
@@ -82560,6 +82519,19 @@ index 9a36d92..0aafe2a 100644
82560 82519
82561 void v9fs_register_trans(struct p9_trans_module *m); 82520 void v9fs_register_trans(struct p9_trans_module *m);
82562 void v9fs_unregister_trans(struct p9_trans_module *m); 82521 void v9fs_unregister_trans(struct p9_trans_module *m);
82522diff --git a/include/net/af_unix.h b/include/net/af_unix.h
82523index a175ba4..196eb82 100644
82524--- a/include/net/af_unix.h
82525+++ b/include/net/af_unix.h
82526@@ -36,7 +36,7 @@ struct unix_skb_parms {
82527 u32 secid; /* Security ID */
82528 #endif
82529 u32 consumed;
82530-};
82531+} __randomize_layout;
82532
82533 #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb))
82534 #define UNIXSID(skb) (&UNIXCB((skb)).secid)
82563diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h 82535diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
82564index c853b16d..37fccb7 100644 82536index c853b16d..37fccb7 100644
82565--- a/include/net/bluetooth/l2cap.h 82537--- a/include/net/bluetooth/l2cap.h
@@ -82974,6 +82946,21 @@ index 8ba8ce2..99b7fff 100644
82974 struct sk_buff *skb, int offset, struct iovec *to, 82946 struct sk_buff *skb, int offset, struct iovec *to,
82975 size_t len, struct dma_pinned_list *pinned_list); 82947 size_t len, struct dma_pinned_list *pinned_list);
82976 82948
82949diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
82950index 956b175..55d1504 100644
82951--- a/include/net/netfilter/nf_conntrack_extend.h
82952+++ b/include/net/netfilter/nf_conntrack_extend.h
82953@@ -47,8 +47,8 @@ enum nf_ct_ext_id {
82954 /* Extensions: optional stuff which isn't permanently in struct. */
82955 struct nf_ct_ext {
82956 struct rcu_head rcu;
82957- u8 offset[NF_CT_EXT_NUM];
82958- u8 len;
82959+ u16 offset[NF_CT_EXT_NUM];
82960+ u16 len;
82961 char data[0];
82962 };
82963
82977diff --git a/include/net/netlink.h b/include/net/netlink.h 82964diff --git a/include/net/netlink.h b/include/net/netlink.h
82978index 2b47eaa..6d5bcc2 100644 82965index 2b47eaa..6d5bcc2 100644
82979--- a/include/net/netlink.h 82966--- a/include/net/netlink.h
@@ -83148,7 +83135,7 @@ index 0a248b3..4dcbe5c 100644
83148 83135
83149 /* Structure to track chunk fragments that have been acked, but peer 83136 /* Structure to track chunk fragments that have been acked, but peer
83150diff --git a/include/net/sock.h b/include/net/sock.h 83137diff --git a/include/net/sock.h b/include/net/sock.h
83151index 2ef3c3e..e02013e 100644 83138index a2b3d4e..466983f 100644
83152--- a/include/net/sock.h 83139--- a/include/net/sock.h
83153+++ b/include/net/sock.h 83140+++ b/include/net/sock.h
83154@@ -348,7 +348,7 @@ struct sock { 83141@@ -348,7 +348,7 @@ struct sock {
@@ -83160,6 +83147,15 @@ index 2ef3c3e..e02013e 100644
83160 int sk_rcvbuf; 83147 int sk_rcvbuf;
83161 83148
83162 struct sk_filter __rcu *sk_filter; 83149 struct sk_filter __rcu *sk_filter;
83150@@ -1022,7 +1022,7 @@ struct proto {
83151 void (*destroy_cgroup)(struct mem_cgroup *memcg);
83152 struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg);
83153 #endif
83154-};
83155+} __randomize_layout;
83156
83157 /*
83158 * Bits in struct cg_proto.flags
83163@@ -1209,7 +1209,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) 83159@@ -1209,7 +1209,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot)
83164 return ret >> PAGE_SHIFT; 83160 return ret >> PAGE_SHIFT;
83165 } 83161 }
@@ -83169,7 +83165,16 @@ index 2ef3c3e..e02013e 100644
83169 sk_memory_allocated(const struct sock *sk) 83165 sk_memory_allocated(const struct sock *sk)
83170 { 83166 {
83171 struct proto *prot = sk->sk_prot; 83167 struct proto *prot = sk->sk_prot;
83172@@ -1813,7 +1813,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) 83168@@ -1354,7 +1354,7 @@ struct sock_iocb {
83169 struct scm_cookie *scm;
83170 struct msghdr *msg, async_msg;
83171 struct kiocb *kiocb;
83172-};
83173+} __randomize_layout;
83174
83175 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
83176 {
83177@@ -1818,7 +1818,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
83173 } 83178 }
83174 83179
83175 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, 83180 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
@@ -83178,7 +83183,7 @@ index 2ef3c3e..e02013e 100644
83178 int copy, int offset) 83183 int copy, int offset)
83179 { 83184 {
83180 if (skb->ip_summed == CHECKSUM_NONE) { 83185 if (skb->ip_summed == CHECKSUM_NONE) {
83181@@ -2075,7 +2075,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) 83186@@ -2080,7 +2080,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
83182 } 83187 }
83183 } 83188 }
83184 83189
@@ -83188,37 +83193,10 @@ index 2ef3c3e..e02013e 100644
83188 /** 83193 /**
83189 * sk_page_frag - return an appropriate page_frag 83194 * sk_page_frag - return an appropriate page_frag
83190diff --git a/include/net/tcp.h b/include/net/tcp.h 83195diff --git a/include/net/tcp.h b/include/net/tcp.h
83191index 9250d62..10a7f03 100644 83196index 197b020..10a7f03 100644
83192--- a/include/net/tcp.h 83197--- a/include/net/tcp.h
83193+++ b/include/net/tcp.h 83198+++ b/include/net/tcp.h
83194@@ -480,20 +480,21 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 83199@@ -541,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk);
83195 #ifdef CONFIG_SYN_COOKIES
83196 #include <linux/ktime.h>
83197
83198-/* Syncookies use a monotonic timer which increments every 64 seconds.
83199+/* Syncookies use a monotonic timer which increments every 60 seconds.
83200 * This counter is used both as a hash input and partially encoded into
83201 * the cookie value. A cookie is only validated further if the delta
83202 * between the current counter value and the encoded one is less than this,
83203- * i.e. a sent cookie is valid only at most for 128 seconds (or less if
83204+ * i.e. a sent cookie is valid only at most for 2*60 seconds (or less if
83205 * the counter advances immediately after a cookie is generated).
83206 */
83207 #define MAX_SYNCOOKIE_AGE 2
83208
83209 static inline u32 tcp_cookie_time(void)
83210 {
83211- struct timespec now;
83212- getnstimeofday(&now);
83213- return now.tv_sec >> 6; /* 64 seconds granularity */
83214+ u64 val = get_jiffies_64();
83215+
83216+ do_div(val, 60 * HZ);
83217+ return val;
83218 }
83219
83220 u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th,
83221@@ -540,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk);
83222 void tcp_xmit_retransmit_queue(struct sock *); 83200 void tcp_xmit_retransmit_queue(struct sock *);
83223 void tcp_simple_retransmit(struct sock *); 83201 void tcp_simple_retransmit(struct sock *);
83224 int tcp_trim_head(struct sock *, struct sk_buff *, u32); 83202 int tcp_trim_head(struct sock *, struct sk_buff *, u32);
@@ -83227,7 +83205,7 @@ index 9250d62..10a7f03 100644
83227 83205
83228 void tcp_send_probe0(struct sock *); 83206 void tcp_send_probe0(struct sock *);
83229 void tcp_send_partial(struct sock *); 83207 void tcp_send_partial(struct sock *);
83230@@ -711,8 +712,8 @@ struct tcp_skb_cb { 83208@@ -712,8 +712,8 @@ struct tcp_skb_cb {
83231 struct inet6_skb_parm h6; 83209 struct inet6_skb_parm h6;
83232 #endif 83210 #endif
83233 } header; /* For incoming frames */ 83211 } header; /* For incoming frames */
@@ -83238,7 +83216,7 @@ index 9250d62..10a7f03 100644
83238 __u32 when; /* used to compute rtt's */ 83216 __u32 when; /* used to compute rtt's */
83239 __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ 83217 __u8 tcp_flags; /* TCP header flags. (tcp[13]) */
83240 83218
83241@@ -726,7 +727,7 @@ struct tcp_skb_cb { 83219@@ -727,7 +727,7 @@ struct tcp_skb_cb {
83242 83220
83243 __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ 83221 __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */
83244 /* 1 byte hole */ 83222 /* 1 byte hole */
@@ -83785,7 +83763,7 @@ index 30f5362..8ed8ac9 100644
83785 void *pmi_pal; 83763 void *pmi_pal;
83786 u8 *vbe_state_orig; /* 83764 u8 *vbe_state_orig; /*
83787diff --git a/init/Kconfig b/init/Kconfig 83765diff --git a/init/Kconfig b/init/Kconfig
83788index 4e5d96a..93cd8a1 100644 83766index 66e6759..1333b01 100644
83789--- a/init/Kconfig 83767--- a/init/Kconfig
83790+++ b/init/Kconfig 83768+++ b/init/Kconfig
83791@@ -1079,6 +1079,7 @@ endif # CGROUPS 83769@@ -1079,6 +1079,7 @@ endif # CGROUPS
@@ -83796,7 +83774,7 @@ index 4e5d96a..93cd8a1 100644
83796 default n 83774 default n
83797 help 83775 help
83798 Enables additional kernel features in a sake of checkpoint/restore. 83776 Enables additional kernel features in a sake of checkpoint/restore.
83799@@ -1550,7 +1551,7 @@ config SLUB_DEBUG 83777@@ -1557,7 +1558,7 @@ config SLUB_DEBUG
83800 83778
83801 config COMPAT_BRK 83779 config COMPAT_BRK
83802 bool "Disable heap randomization" 83780 bool "Disable heap randomization"
@@ -83805,7 +83783,7 @@ index 4e5d96a..93cd8a1 100644
83805 help 83783 help
83806 Randomizing heap placement makes heap exploits harder, but it 83784 Randomizing heap placement makes heap exploits harder, but it
83807 also breaks ancient binaries (including anything libc5 based). 83785 also breaks ancient binaries (including anything libc5 based).
83808@@ -1838,7 +1839,7 @@ config INIT_ALL_POSSIBLE 83786@@ -1845,7 +1846,7 @@ config INIT_ALL_POSSIBLE
83809 config STOP_MACHINE 83787 config STOP_MACHINE
83810 bool 83788 bool
83811 default y 83789 default y
@@ -84802,7 +84780,7 @@ index 4e66bf9..cdccecf 100644
84802+} 84780+}
84803+EXPORT_SYMBOL(inode_capable_nolog); 84781+EXPORT_SYMBOL(inode_capable_nolog);
84804diff --git a/kernel/cgroup.c b/kernel/cgroup.c 84782diff --git a/kernel/cgroup.c b/kernel/cgroup.c
84805index 271acd8..54b70fe 100644 84783index b44dd49..94c2826 100644
84806--- a/kernel/cgroup.c 84784--- a/kernel/cgroup.c
84807+++ b/kernel/cgroup.c 84785+++ b/kernel/cgroup.c
84808@@ -5609,7 +5609,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css, 84786@@ -5609,7 +5609,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css,
@@ -85794,7 +85772,7 @@ index dfa736c..d170f9b 100644
85794 else 85772 else
85795 new_fs = fs; 85773 new_fs = fs;
85796diff --git a/kernel/futex.c b/kernel/futex.c 85774diff --git a/kernel/futex.c b/kernel/futex.c
85797index f6ff019..ac53307 100644 85775index 0d74e3a..59bea40 100644
85798--- a/kernel/futex.c 85776--- a/kernel/futex.c
85799+++ b/kernel/futex.c 85777+++ b/kernel/futex.c
85800@@ -54,6 +54,7 @@ 85778@@ -54,6 +54,7 @@
@@ -85805,7 +85783,7 @@ index f6ff019..ac53307 100644
85805 #include <linux/signal.h> 85783 #include <linux/signal.h>
85806 #include <linux/export.h> 85784 #include <linux/export.h>
85807 #include <linux/magic.h> 85785 #include <linux/magic.h>
85808@@ -243,6 +244,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) 85786@@ -245,6 +246,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
85809 struct page *page, *page_head; 85787 struct page *page, *page_head;
85810 int err, ro = 0; 85788 int err, ro = 0;
85811 85789
@@ -85817,7 +85795,7 @@ index f6ff019..ac53307 100644
85817 /* 85795 /*
85818 * The futex address must be "naturally" aligned. 85796 * The futex address must be "naturally" aligned.
85819 */ 85797 */
85820@@ -442,7 +448,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, 85798@@ -444,7 +450,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr,
85821 85799
85822 static int get_futex_value_locked(u32 *dest, u32 __user *from) 85800 static int get_futex_value_locked(u32 *dest, u32 __user *from)
85823 { 85801 {
@@ -85826,15 +85804,15 @@ index f6ff019..ac53307 100644
85826 85804
85827 pagefault_disable(); 85805 pagefault_disable();
85828 ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); 85806 ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
85829@@ -2735,6 +2741,7 @@ static int __init futex_init(void) 85807@@ -2737,6 +2743,7 @@ static void __init futex_detect_cmpxchg(void)
85830 { 85808 {
85809 #ifndef CONFIG_HAVE_FUTEX_CMPXCHG
85831 u32 curval; 85810 u32 curval;
85832 int i;
85833+ mm_segment_t oldfs; 85811+ mm_segment_t oldfs;
85834 85812
85835 /* 85813 /*
85836 * This will fail and we want it. Some arch implementations do 85814 * This will fail and we want it. Some arch implementations do
85837@@ -2746,8 +2753,11 @@ static int __init futex_init(void) 85815@@ -2748,8 +2755,11 @@ static void __init futex_detect_cmpxchg(void)
85838 * implementation, the non-functional ones will return 85816 * implementation, the non-functional ones will return
85839 * -ENOSYS. 85817 * -ENOSYS.
85840 */ 85818 */
@@ -85843,9 +85821,9 @@ index f6ff019..ac53307 100644
85843 if (cmpxchg_futex_value_locked(&curval, NULL, 0, 0) == -EFAULT) 85821 if (cmpxchg_futex_value_locked(&curval, NULL, 0, 0) == -EFAULT)
85844 futex_cmpxchg_enabled = 1; 85822 futex_cmpxchg_enabled = 1;
85845+ set_fs(oldfs); 85823+ set_fs(oldfs);
85824 #endif
85825 }
85846 85826
85847 for (i = 0; i < ARRAY_SIZE(futex_queues); i++) {
85848 plist_head_init(&futex_queues[i].chain);
85849diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c 85827diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
85850index f9f44fd..29885e4 100644 85828index f9f44fd..29885e4 100644
85851--- a/kernel/futex_compat.c 85829--- a/kernel/futex_compat.c
@@ -87650,7 +87628,7 @@ index 9b9a266..c20ef80 100644
87650 { 87628 {
87651 struct pid *pid; 87629 struct pid *pid;
87652diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c 87630diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
87653index 06c62de..b08cc6c 100644 87631index 06c62de..a0ca23f 100644
87654--- a/kernel/pid_namespace.c 87632--- a/kernel/pid_namespace.c
87655+++ b/kernel/pid_namespace.c 87633+++ b/kernel/pid_namespace.c
87656@@ -253,7 +253,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, 87634@@ -253,7 +253,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
@@ -87662,6 +87640,17 @@ index 06c62de..b08cc6c 100644
87662 87640
87663 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) 87641 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN))
87664 return -EPERM; 87642 return -EPERM;
87643@@ -318,7 +318,9 @@ static void *pidns_get(struct task_struct *task)
87644 struct pid_namespace *ns;
87645
87646 rcu_read_lock();
87647- ns = get_pid_ns(task_active_pid_ns(task));
87648+ ns = task_active_pid_ns(task);
87649+ if (ns)
87650+ get_pid_ns(ns);
87651 rcu_read_unlock();
87652
87653 return ns;
87665diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c 87654diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
87666index c7f31aa..2b44977 100644 87655index c7f31aa..2b44977 100644
87667--- a/kernel/posix-cpu-timers.c 87656--- a/kernel/posix-cpu-timers.c
@@ -91001,7 +90990,7 @@ index 7811ed3..f80ca19 100644
91001 static inline void *ptr_to_indirect(void *ptr) 90990 static inline void *ptr_to_indirect(void *ptr)
91002 { 90991 {
91003diff --git a/lib/random32.c b/lib/random32.c 90992diff --git a/lib/random32.c b/lib/random32.c
91004index 1e5b2df..009bfe8 100644 90993index 6148967..009bfe8 100644
91005--- a/lib/random32.c 90994--- a/lib/random32.c
91006+++ b/lib/random32.c 90995+++ b/lib/random32.c
91007@@ -44,7 +44,7 @@ 90996@@ -44,7 +44,7 @@
@@ -91013,27 +91002,6 @@ index 1e5b2df..009bfe8 100644
91013 91002
91014 /** 91003 /**
91015 * prandom_u32_state - seeded pseudo-random number generator. 91004 * prandom_u32_state - seeded pseudo-random number generator.
91016@@ -244,8 +244,19 @@ static void __prandom_reseed(bool late)
91017 static bool latch = false;
91018 static DEFINE_SPINLOCK(lock);
91019
91020+ /* Asking for random bytes might result in bytes getting
91021+ * moved into the nonblocking pool and thus marking it
91022+ * as initialized. In this case we would double back into
91023+ * this function and attempt to do a late reseed.
91024+ * Ignore the pointless attempt to reseed again if we're
91025+ * already waiting for bytes when the nonblocking pool
91026+ * got initialized.
91027+ */
91028+
91029 /* only allow initial seeding (late == false) once */
91030- spin_lock_irqsave(&lock, flags);
91031+ if (!spin_trylock_irqsave(&lock, flags))
91032+ return;
91033+
91034 if (latch && !late)
91035 goto out;
91036 latch = true;
91037diff --git a/lib/rbtree.c b/lib/rbtree.c 91005diff --git a/lib/rbtree.c b/lib/rbtree.c
91038index 65f4eff..2cfa167 100644 91006index 65f4eff..2cfa167 100644
91039--- a/lib/rbtree.c 91007--- a/lib/rbtree.c
@@ -91658,7 +91626,7 @@ index 539eeb9..e24a987 100644
91658 if (end == start) 91626 if (end == start)
91659 return error; 91627 return error;
91660diff --git a/mm/memory-failure.c b/mm/memory-failure.c 91628diff --git a/mm/memory-failure.c b/mm/memory-failure.c
91661index 90977ac..487ab84 100644 91629index 4566e8f..46be98c 100644
91662--- a/mm/memory-failure.c 91630--- a/mm/memory-failure.c
91663+++ b/mm/memory-failure.c 91631+++ b/mm/memory-failure.c
91664@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; 91632@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -94309,7 +94277,7 @@ index 7106cb1..0805f48 100644
94309 unsigned long bg_thresh, 94277 unsigned long bg_thresh,
94310 unsigned long dirty, 94278 unsigned long dirty,
94311diff --git a/mm/page_alloc.c b/mm/page_alloc.c 94279diff --git a/mm/page_alloc.c b/mm/page_alloc.c
94312index 56f268d..4d35ec4 100644 94280index 589521d..314053a 100644
94313--- a/mm/page_alloc.c 94281--- a/mm/page_alloc.c
94314+++ b/mm/page_alloc.c 94282+++ b/mm/page_alloc.c
94315@@ -61,6 +61,7 @@ 94283@@ -61,6 +61,7 @@
@@ -94329,7 +94297,7 @@ index 56f268d..4d35ec4 100644
94329 { 94297 {
94330 __free_pages_ok(page, compound_order(page)); 94298 __free_pages_ok(page, compound_order(page));
94331 } 94299 }
94332@@ -712,6 +713,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) 94300@@ -714,6 +715,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
94333 int i; 94301 int i;
94334 int bad = 0; 94302 int bad = 0;
94335 94303
@@ -94340,7 +94308,7 @@ index 56f268d..4d35ec4 100644
94340 trace_mm_page_free(page, order); 94308 trace_mm_page_free(page, order);
94341 kmemcheck_free_shadow(page, order); 94309 kmemcheck_free_shadow(page, order);
94342 94310
94343@@ -728,6 +733,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) 94311@@ -730,6 +735,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
94344 debug_check_no_obj_freed(page_address(page), 94312 debug_check_no_obj_freed(page_address(page),
94345 PAGE_SIZE << order); 94313 PAGE_SIZE << order);
94346 } 94314 }
@@ -94353,7 +94321,7 @@ index 56f268d..4d35ec4 100644
94353 arch_free_page(page, order); 94321 arch_free_page(page, order);
94354 kernel_map_pages(page, 1 << order, 0); 94322 kernel_map_pages(page, 1 << order, 0);
94355 94323
94356@@ -750,6 +761,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) 94324@@ -752,6 +763,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
94357 local_irq_restore(flags); 94325 local_irq_restore(flags);
94358 } 94326 }
94359 94327
@@ -94374,7 +94342,7 @@ index 56f268d..4d35ec4 100644
94374 void __init __free_pages_bootmem(struct page *page, unsigned int order) 94342 void __init __free_pages_bootmem(struct page *page, unsigned int order)
94375 { 94343 {
94376 unsigned int nr_pages = 1 << order; 94344 unsigned int nr_pages = 1 << order;
94377@@ -765,6 +790,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) 94345@@ -767,6 +792,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)
94378 __ClearPageReserved(p); 94346 __ClearPageReserved(p);
94379 set_page_count(p, 0); 94347 set_page_count(p, 0);
94380 94348
@@ -94394,7 +94362,7 @@ index 56f268d..4d35ec4 100644
94394 page_zone(page)->managed_pages += nr_pages; 94362 page_zone(page)->managed_pages += nr_pages;
94395 set_page_refcounted(page); 94363 set_page_refcounted(page);
94396 __free_pages(page, order); 94364 __free_pages(page, order);
94397@@ -870,8 +908,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) 94365@@ -872,8 +910,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
94398 arch_alloc_page(page, order); 94366 arch_alloc_page(page, order);
94399 kernel_map_pages(page, 1 << order, 1); 94367 kernel_map_pages(page, 1 << order, 1);
94400 94368
@@ -95671,7 +95639,7 @@ index 8cc7be0..d0f7d7a 100644
95671 } 95639 }
95672 } 95640 }
95673diff --git a/mm/swap.c b/mm/swap.c 95641diff --git a/mm/swap.c b/mm/swap.c
95674index 84b26aa..ce39899 100644 95642index 7010cf4..f0a56a4 100644
95675--- a/mm/swap.c 95643--- a/mm/swap.c
95676+++ b/mm/swap.c 95644+++ b/mm/swap.c
95677@@ -77,6 +77,8 @@ static void __put_compound_page(struct page *page) 95645@@ -77,6 +77,8 @@ static void __put_compound_page(struct page *page)
@@ -96036,10 +96004,10 @@ index 7249614..2639fc7 100644
96036 return 0; 96004 return 0;
96037 } 96005 }
96038diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c 96006diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
96039index b3d17d1..e8e4cdd 100644 96007index 9a87f5a..67aeeb2 100644
96040--- a/net/8021q/vlan.c 96008--- a/net/8021q/vlan.c
96041+++ b/net/8021q/vlan.c 96009+++ b/net/8021q/vlan.c
96042@@ -472,7 +472,7 @@ out: 96010@@ -474,7 +474,7 @@ out:
96043 return NOTIFY_DONE; 96011 return NOTIFY_DONE;
96044 } 96012 }
96045 96013
@@ -96048,7 +96016,7 @@ index b3d17d1..e8e4cdd 100644
96048 .notifier_call = vlan_device_event, 96016 .notifier_call = vlan_device_event,
96049 }; 96017 };
96050 96018
96051@@ -547,8 +547,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) 96019@@ -549,8 +549,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
96052 err = -EPERM; 96020 err = -EPERM;
96053 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 96021 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
96054 break; 96022 break;
@@ -96923,10 +96891,94 @@ index 5b7d0e1..cb960fc 100644
96923 } 96891 }
96924 EXPORT_SYMBOL(dev_load); 96892 EXPORT_SYMBOL(dev_load);
96925diff --git a/net/core/filter.c b/net/core/filter.c 96893diff --git a/net/core/filter.c b/net/core/filter.c
96926index ad30d62..c2757df 100644 96894index ad30d62..21c0743 100644
96927--- a/net/core/filter.c 96895--- a/net/core/filter.c
96928+++ b/net/core/filter.c 96896+++ b/net/core/filter.c
96929@@ -679,7 +679,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp, 96897@@ -126,7 +126,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb,
96898 void *ptr;
96899 u32 A = 0; /* Accumulator */
96900 u32 X = 0; /* Index Register */
96901- u32 mem[BPF_MEMWORDS]; /* Scratch Memory Store */
96902+ u32 mem[BPF_MEMWORDS] = {}; /* Scratch Memory Store */
96903 u32 tmp;
96904 int k;
96905
96906@@ -292,10 +292,10 @@ load_b:
96907 X = K;
96908 continue;
96909 case BPF_S_LD_MEM:
96910- A = mem[K];
96911+ A = mem[K&15];
96912 continue;
96913 case BPF_S_LDX_MEM:
96914- X = mem[K];
96915+ X = mem[K&15];
96916 continue;
96917 case BPF_S_MISC_TAX:
96918 X = A;
96919@@ -308,10 +308,10 @@ load_b:
96920 case BPF_S_RET_A:
96921 return A;
96922 case BPF_S_ST:
96923- mem[K] = A;
96924+ mem[K&15] = A;
96925 continue;
96926 case BPF_S_STX:
96927- mem[K] = X;
96928+ mem[K&15] = X;
96929 continue;
96930 case BPF_S_ANC_PROTOCOL:
96931 A = ntohs(skb->protocol);
96932@@ -355,6 +355,10 @@ load_b:
96933
96934 if (skb_is_nonlinear(skb))
96935 return 0;
96936+
96937+ if (skb->len < sizeof(struct nlattr))
96938+ return 0;
96939+
96940 if (A > skb->len - sizeof(struct nlattr))
96941 return 0;
96942
96943@@ -371,11 +375,15 @@ load_b:
96944
96945 if (skb_is_nonlinear(skb))
96946 return 0;
96947+
96948+ if (skb->len < sizeof(struct nlattr))
96949+ return 0;
96950+
96951 if (A > skb->len - sizeof(struct nlattr))
96952 return 0;
96953
96954 nla = (struct nlattr *)&skb->data[A];
96955- if (nla->nla_len > A - skb->len)
96956+ if (nla->nla_len > skb->len - A)
96957 return 0;
96958
96959 nla = nla_find_nested(nla, X);
96960@@ -391,9 +399,10 @@ load_b:
96961 continue;
96962 #endif
96963 default:
96964- WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n",
96965+ WARN(1, KERN_ALERT "Unknown sock filter code:%u jt:%u tf:%u k:%u\n",
96966 fentry->code, fentry->jt,
96967 fentry->jf, fentry->k);
96968+ BUG();
96969 return 0;
96970 }
96971 }
96972@@ -416,7 +425,7 @@ static int check_load_and_stores(struct sock_filter *filter, int flen)
96973 u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */
96974 int pc, ret = 0;
96975
96976- BUILD_BUG_ON(BPF_MEMWORDS > 16);
96977+ BUILD_BUG_ON(BPF_MEMWORDS != 16);
96978 masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL);
96979 if (!masks)
96980 return -ENOMEM;
96981@@ -679,7 +688,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp,
96930 fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL); 96982 fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL);
96931 if (!fp) 96983 if (!fp)
96932 return -ENOMEM; 96984 return -ENOMEM;
@@ -97099,7 +97151,7 @@ index 81d3a9a..a0bd7a8 100644
97099 return error; 97151 return error;
97100 } 97152 }
97101diff --git a/net/core/netpoll.c b/net/core/netpoll.c 97153diff --git a/net/core/netpoll.c b/net/core/netpoll.c
97102index 81975f2..9ef3531 100644 97154index 9a46671..6b8cb72 100644
97103--- a/net/core/netpoll.c 97155--- a/net/core/netpoll.c
97104+++ b/net/core/netpoll.c 97156+++ b/net/core/netpoll.c
97105@@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) 97157@@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
@@ -97121,7 +97173,7 @@ index 81975f2..9ef3531 100644
97121 iph->ttl = 64; 97173 iph->ttl = 64;
97122 iph->protocol = IPPROTO_UDP; 97174 iph->protocol = IPPROTO_UDP;
97123diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c 97175diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
97124index cf67144..12bf94c 100644 97176index cc706c9..21fcd84 100644
97125--- a/net/core/rtnetlink.c 97177--- a/net/core/rtnetlink.c
97126+++ b/net/core/rtnetlink.c 97178+++ b/net/core/rtnetlink.c
97127@@ -58,7 +58,7 @@ struct rtnl_link { 97179@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -97200,7 +97252,7 @@ index b442e7e..6f5b5a2 100644
97200 { 97252 {
97201 struct socket *sock; 97253 struct socket *sock;
97202diff --git a/net/core/skbuff.c b/net/core/skbuff.c 97254diff --git a/net/core/skbuff.c b/net/core/skbuff.c
97203index deffb37..213db0a 100644 97255index 9a9898e..38cc3e3 100644
97204--- a/net/core/skbuff.c 97256--- a/net/core/skbuff.c
97205+++ b/net/core/skbuff.c 97257+++ b/net/core/skbuff.c
97206@@ -2006,7 +2006,7 @@ EXPORT_SYMBOL(__skb_checksum); 97258@@ -2006,7 +2006,7 @@ EXPORT_SYMBOL(__skb_checksum);
@@ -97212,7 +97264,7 @@ index deffb37..213db0a 100644
97212 .update = csum_partial_ext, 97264 .update = csum_partial_ext,
97213 .combine = csum_block_add_ext, 97265 .combine = csum_block_add_ext,
97214 }; 97266 };
97215@@ -3119,13 +3119,15 @@ void __init skb_init(void) 97267@@ -3124,13 +3124,15 @@ void __init skb_init(void)
97216 skbuff_head_cache = kmem_cache_create("skbuff_head_cache", 97268 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
97217 sizeof(struct sk_buff), 97269 sizeof(struct sk_buff),
97218 0, 97270 0,
@@ -97231,7 +97283,7 @@ index deffb37..213db0a 100644
97231 } 97283 }
97232 97284
97233diff --git a/net/core/sock.c b/net/core/sock.c 97285diff --git a/net/core/sock.c b/net/core/sock.c
97234index fbc5cfb..6d7e8c3 100644 97286index 50db733..8e4aeb4 100644
97235--- a/net/core/sock.c 97287--- a/net/core/sock.c
97236+++ b/net/core/sock.c 97288+++ b/net/core/sock.c
97237@@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 97289@@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -97327,7 +97379,7 @@ index fbc5cfb..6d7e8c3 100644
97327 } 97379 }
97328 EXPORT_SYMBOL(sock_init_data); 97380 EXPORT_SYMBOL(sock_init_data);
97329 97381
97330@@ -2478,6 +2478,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) 97382@@ -2481,6 +2481,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
97331 int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, 97383 int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
97332 int level, int type) 97384 int level, int type)
97333 { 97385 {
@@ -97335,7 +97387,7 @@ index fbc5cfb..6d7e8c3 100644
97335 struct sock_exterr_skb *serr; 97387 struct sock_exterr_skb *serr;
97336 struct sk_buff *skb, *skb2; 97388 struct sk_buff *skb, *skb2;
97337 int copied, err; 97389 int copied, err;
97338@@ -2499,7 +2500,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, 97390@@ -2502,7 +2503,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
97339 sock_recv_timestamp(msg, sk, skb); 97391 sock_recv_timestamp(msg, sk, skb);
97340 97392
97341 serr = SKB_EXT_ERR(skb); 97393 serr = SKB_EXT_ERR(skb);
@@ -97691,23 +97743,6 @@ index fc0e649..febfa65 100644
97691 EXPORT_SYMBOL(sysctl_local_reserved_ports); 97743 EXPORT_SYMBOL(sysctl_local_reserved_ports);
97692 97744
97693 void inet_get_local_port_range(struct net *net, int *low, int *high) 97745 void inet_get_local_port_range(struct net *net, int *low, int *high)
97694diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
97695index bb075fc..322dceb 100644
97696--- a/net/ipv4/inet_fragment.c
97697+++ b/net/ipv4/inet_fragment.c
97698@@ -278,9 +278,10 @@ static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf,
97699
97700 atomic_inc(&qp->refcnt);
97701 hlist_add_head(&qp->list, &hb->chain);
97702- spin_unlock(&hb->chain_lock);
97703- read_unlock(&f->lock);
97704 inet_frag_lru_add(nf, qp);
97705+ spin_unlock(&hb->chain_lock);
97706+ read_unlock(&f->lock);
97707+
97708 return qp;
97709 }
97710
97711diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c 97746diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
97712index 8b9cf27..0d8d592 100644 97747index 8b9cf27..0d8d592 100644
97713--- a/net/ipv4/inet_hashtables.c 97748--- a/net/ipv4/inet_hashtables.c
@@ -98032,7 +98067,7 @@ index 718dfbd..cef4152 100644
98032 98067
98033 case IPT_SO_GET_ENTRIES: 98068 case IPT_SO_GET_ENTRIES:
98034diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c 98069diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
98035index 242e7f4..a084e95 100644 98070index 242e7f4..76cc7ee 100644
98036--- a/net/ipv4/ping.c 98071--- a/net/ipv4/ping.c
98037+++ b/net/ipv4/ping.c 98072+++ b/net/ipv4/ping.c
98038@@ -55,7 +55,7 @@ 98073@@ -55,7 +55,7 @@
@@ -98044,7 +98079,39 @@ index 242e7f4..a084e95 100644
98044 EXPORT_SYMBOL_GPL(pingv6_ops); 98079 EXPORT_SYMBOL_GPL(pingv6_ops);
98045 98080
98046 static u16 ping_port_rover; 98081 static u16 ping_port_rover;
98047@@ -334,7 +334,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, 98082@@ -251,23 +251,28 @@ int ping_init_sock(struct sock *sk)
98083 struct group_info *group_info = get_current_groups();
98084 int i, j, count = group_info->ngroups;
98085 kgid_t low, high;
98086+ int ret = 0;
98087
98088 inet_get_ping_group_range_net(net, &low, &high);
98089 if (gid_lte(low, group) && gid_lte(group, high))
98090- return 0;
98091+ goto out_release_group;
98092
98093 for (i = 0; i < group_info->nblocks; i++) {
98094 int cp_count = min_t(int, NGROUPS_PER_BLOCK, count);
98095 for (j = 0; j < cp_count; j++) {
98096 kgid_t gid = group_info->blocks[i][j];
98097 if (gid_lte(low, gid) && gid_lte(gid, high))
98098- return 0;
98099+ goto out_release_group;
98100 }
98101
98102 count -= cp_count;
98103 }
98104
98105- return -EACCES;
98106+ ret = -EACCES;
98107+
98108+out_release_group:
98109+ put_group_info(group_info);
98110+ return ret;
98111 }
98112 EXPORT_SYMBOL_GPL(ping_init_sock);
98113
98114@@ -334,7 +339,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
98048 return -ENODEV; 98115 return -ENODEV;
98049 } 98116 }
98050 } 98117 }
@@ -98053,7 +98120,7 @@ index 242e7f4..a084e95 100644
98053 scoped); 98120 scoped);
98054 rcu_read_unlock(); 98121 rcu_read_unlock();
98055 98122
98056@@ -542,7 +542,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) 98123@@ -542,7 +547,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
98057 } 98124 }
98058 #if IS_ENABLED(CONFIG_IPV6) 98125 #if IS_ENABLED(CONFIG_IPV6)
98059 } else if (skb->protocol == htons(ETH_P_IPV6)) { 98126 } else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -98062,7 +98129,7 @@ index 242e7f4..a084e95 100644
98062 #endif 98129 #endif
98063 } 98130 }
98064 98131
98065@@ -560,7 +560,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) 98132@@ -560,7 +565,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
98066 info, (u8 *)icmph); 98133 info, (u8 *)icmph);
98067 #if IS_ENABLED(CONFIG_IPV6) 98134 #if IS_ENABLED(CONFIG_IPV6)
98068 } else if (family == AF_INET6) { 98135 } else if (family == AF_INET6) {
@@ -98071,7 +98138,7 @@ index 242e7f4..a084e95 100644
98071 info, (u8 *)icmph); 98138 info, (u8 *)icmph);
98072 #endif 98139 #endif
98073 } 98140 }
98074@@ -830,6 +830,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 98141@@ -830,6 +835,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
98075 { 98142 {
98076 struct inet_sock *isk = inet_sk(sk); 98143 struct inet_sock *isk = inet_sk(sk);
98077 int family = sk->sk_family; 98144 int family = sk->sk_family;
@@ -98080,7 +98147,7 @@ index 242e7f4..a084e95 100644
98080 struct sk_buff *skb; 98147 struct sk_buff *skb;
98081 int copied, err; 98148 int copied, err;
98082 98149
98083@@ -839,12 +841,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 98150@@ -839,12 +846,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
98084 if (flags & MSG_OOB) 98151 if (flags & MSG_OOB)
98085 goto out; 98152 goto out;
98086 98153
@@ -98101,7 +98168,7 @@ index 242e7f4..a084e95 100644
98101 addr_len); 98168 addr_len);
98102 #endif 98169 #endif
98103 } 98170 }
98104@@ -876,7 +885,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 98171@@ -876,7 +890,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
98105 sin->sin_port = 0 /* skb->h.uh->source */; 98172 sin->sin_port = 0 /* skb->h.uh->source */;
98106 sin->sin_addr.s_addr = ip_hdr(skb)->saddr; 98173 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
98107 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 98174 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
@@ -98109,7 +98176,7 @@ index 242e7f4..a084e95 100644
98109 } 98176 }
98110 98177
98111 if (isk->cmsg_flags) 98178 if (isk->cmsg_flags)
98112@@ -899,11 +907,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 98179@@ -899,11 +912,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
98113 sin6->sin6_scope_id = 98180 sin6->sin6_scope_id =
98114 ipv6_iface_scope_id(&sin6->sin6_addr, 98181 ipv6_iface_scope_id(&sin6->sin6_addr,
98115 IP6CB(skb)->iif); 98182 IP6CB(skb)->iif);
@@ -98122,7 +98189,7 @@ index 242e7f4..a084e95 100644
98122 #endif 98189 #endif
98123 } else { 98190 } else {
98124 BUG(); 98191 BUG();
98125@@ -1093,7 +1100,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, 98192@@ -1093,7 +1105,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
98126 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 98193 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
98127 0, sock_i_ino(sp), 98194 0, sock_i_ino(sp),
98128 atomic_read(&sp->sk_refcnt), sp, 98195 atomic_read(&sp->sk_refcnt), sp,
@@ -98431,7 +98498,7 @@ index c53b7f3..a89aadd 100644
98431 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) 98498 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
98432 return 1; 98499 return 1;
98433diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c 98500diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
98434index 0672139..cacc17d 100644 98501index 1d7b9dd..66749f8 100644
98435--- a/net/ipv4/tcp_ipv4.c 98502--- a/net/ipv4/tcp_ipv4.c
98436+++ b/net/ipv4/tcp_ipv4.c 98503+++ b/net/ipv4/tcp_ipv4.c
98437@@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly; 98504@@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly;
@@ -98751,7 +98818,7 @@ index e1a6393..f634ce5 100644
98751 return -ENOMEM; 98818 return -ENOMEM;
98752 } 98819 }
98753diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c 98820diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
98754index 9c05d77..9cfa714 100644 98821index 0e8ae69..0fc7350 100644
98755--- a/net/ipv6/addrconf.c 98822--- a/net/ipv6/addrconf.c
98756+++ b/net/ipv6/addrconf.c 98823+++ b/net/ipv6/addrconf.c
98757@@ -589,7 +589,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, 98824@@ -589,7 +589,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
@@ -98763,7 +98830,7 @@ index 9c05d77..9cfa714 100644
98763 net->dev_base_seq; 98830 net->dev_base_seq;
98764 hlist_for_each_entry_rcu(dev, head, index_hlist) { 98831 hlist_for_each_entry_rcu(dev, head, index_hlist) {
98765 if (idx < s_idx) 98832 if (idx < s_idx)
98766@@ -2334,7 +2334,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) 98833@@ -2337,7 +2337,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
98767 p.iph.ihl = 5; 98834 p.iph.ihl = 5;
98768 p.iph.protocol = IPPROTO_IPV6; 98835 p.iph.protocol = IPPROTO_IPV6;
98769 p.iph.ttl = 64; 98836 p.iph.ttl = 64;
@@ -98772,7 +98839,7 @@ index 9c05d77..9cfa714 100644
98772 98839
98773 if (ops->ndo_do_ioctl) { 98840 if (ops->ndo_do_ioctl) {
98774 mm_segment_t oldfs = get_fs(); 98841 mm_segment_t oldfs = get_fs();
98775@@ -3964,7 +3964,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, 98842@@ -3967,7 +3967,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
98776 s_ip_idx = ip_idx = cb->args[2]; 98843 s_ip_idx = ip_idx = cb->args[2];
98777 98844
98778 rcu_read_lock(); 98845 rcu_read_lock();
@@ -98781,7 +98848,7 @@ index 9c05d77..9cfa714 100644
98781 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { 98848 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
98782 idx = 0; 98849 idx = 0;
98783 head = &net->dev_index_head[h]; 98850 head = &net->dev_index_head[h];
98784@@ -4571,7 +4571,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) 98851@@ -4574,7 +4574,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
98785 dst_free(&ifp->rt->dst); 98852 dst_free(&ifp->rt->dst);
98786 break; 98853 break;
98787 } 98854 }
@@ -98790,7 +98857,7 @@ index 9c05d77..9cfa714 100644
98790 rt_genid_bump_ipv6(net); 98857 rt_genid_bump_ipv6(net);
98791 } 98858 }
98792 98859
98793@@ -4592,7 +4592,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, 98860@@ -4595,7 +4595,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
98794 int *valp = ctl->data; 98861 int *valp = ctl->data;
98795 int val = *valp; 98862 int val = *valp;
98796 loff_t pos = *ppos; 98863 loff_t pos = *ppos;
@@ -98799,7 +98866,7 @@ index 9c05d77..9cfa714 100644
98799 int ret; 98866 int ret;
98800 98867
98801 /* 98868 /*
98802@@ -4677,7 +4677,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, 98869@@ -4680,7 +4680,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
98803 int *valp = ctl->data; 98870 int *valp = ctl->data;
98804 int val = *valp; 98871 int val = *valp;
98805 loff_t pos = *ppos; 98872 loff_t pos = *ppos;
@@ -98833,7 +98900,7 @@ index 93b1aa3..e902855 100644
98833+ atomic_read_unchecked(&sp->sk_drops)); 98900+ atomic_read_unchecked(&sp->sk_drops));
98834 } 98901 }
98835diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c 98902diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
98836index eef8d94..cfa1852 100644 98903index e2c9ff8..1e40285 100644
98837--- a/net/ipv6/icmp.c 98904--- a/net/ipv6/icmp.c
98838+++ b/net/ipv6/icmp.c 98905+++ b/net/ipv6/icmp.c
98839@@ -997,7 +997,7 @@ struct ctl_table ipv6_icmp_table_template[] = { 98906@@ -997,7 +997,7 @@ struct ctl_table ipv6_icmp_table_template[] = {
@@ -99067,7 +99134,7 @@ index 827f795..7e28e82 100644
99067 EXPORT_SYMBOL(ipv6_select_ident); 99134 EXPORT_SYMBOL(ipv6_select_ident);
99068 99135
99069diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c 99136diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
99070index a83243c..a1ca589 100644 99137index 3a1f1f3..11d95bf 100644
99071--- a/net/ipv6/ping.c 99138--- a/net/ipv6/ping.c
99072+++ b/net/ipv6/ping.c 99139+++ b/net/ipv6/ping.c
99073@@ -246,6 +246,22 @@ static struct pernet_operations ping_v6_net_ops = { 99140@@ -246,6 +246,22 @@ static struct pernet_operations ping_v6_net_ops = {
@@ -99255,18 +99322,9 @@ index cc85a9b..526a133 100644
99255 return -ENOMEM; 99322 return -ENOMEM;
99256 } 99323 }
99257diff --git a/net/ipv6/route.c b/net/ipv6/route.c 99324diff --git a/net/ipv6/route.c b/net/ipv6/route.c
99258index 4b4944c..d346b14 100644 99325index 40b6e69..d346b14 100644
99259--- a/net/ipv6/route.c 99326--- a/net/ipv6/route.c
99260+++ b/net/ipv6/route.c 99327+++ b/net/ipv6/route.c
99261@@ -1495,7 +1495,7 @@ int ip6_route_add(struct fib6_config *cfg)
99262 if (!table)
99263 goto out;
99264
99265- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table);
99266+ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table);
99267
99268 if (!rt) {
99269 err = -ENOMEM;
99270@@ -2954,7 +2954,7 @@ struct ctl_table ipv6_route_table_template[] = { 99328@@ -2954,7 +2954,7 @@ struct ctl_table ipv6_route_table_template[] = {
99271 99329
99272 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) 99330 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
@@ -100194,18 +100252,9 @@ index ce30041..3861b5d 100644
100194 { 100252 {
100195 if (users > 0) 100253 if (users > 0)
100196diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c 100254diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
100197index a99b6c3..cb372f9 100644 100255index 59359be..cb372f9 100644
100198--- a/net/netfilter/nf_conntrack_proto_dccp.c 100256--- a/net/netfilter/nf_conntrack_proto_dccp.c
100199+++ b/net/netfilter/nf_conntrack_proto_dccp.c 100257+++ b/net/netfilter/nf_conntrack_proto_dccp.c
100200@@ -428,7 +428,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
100201 const char *msg;
100202 u_int8_t state;
100203
100204- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
100205+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
100206 BUG_ON(dh == NULL);
100207
100208 state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
100209@@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, 100258@@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
100210 out_invalid: 100259 out_invalid:
100211 if (LOG_INVALID(net, IPPROTO_DCCP)) 100260 if (LOG_INVALID(net, IPPROTO_DCCP))
@@ -100215,24 +100264,6 @@ index a99b6c3..cb372f9 100644
100215 return false; 100264 return false;
100216 } 100265 }
100217 100266
100218@@ -486,7 +486,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
100219 u_int8_t type, old_state, new_state;
100220 enum ct_dccp_roles role;
100221
100222- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
100223+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
100224 BUG_ON(dh == NULL);
100225 type = dh->dccph_type;
100226
100227@@ -577,7 +577,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
100228 unsigned int cscov;
100229 const char *msg;
100230
100231- dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
100232+ dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
100233 if (dh == NULL) {
100234 msg = "nf_ct_dccp: short packet ";
100235 goto out_invalid;
100236@@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, 100267@@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
100237 100268
100238 out_invalid: 100269 out_invalid:
@@ -100323,6 +100354,31 @@ index f042ae5..30ea486 100644
100323 mutex_unlock(&nf_sockopt_mutex); 100354 mutex_unlock(&nf_sockopt_mutex);
100324 } 100355 }
100325 EXPORT_SYMBOL(nf_unregister_sockopt); 100356 EXPORT_SYMBOL(nf_unregister_sockopt);
100357diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
100358index 71a9f49..c09b60c 100644
100359--- a/net/netfilter/nf_tables_api.c
100360+++ b/net/netfilter/nf_tables_api.c
100361@@ -148,8 +148,8 @@ static int nf_tables_chain_type_lookup(const struct nft_af_info *afi,
100362 #ifdef CONFIG_MODULES
100363 if (type < 0 && autoload) {
100364 nfnl_unlock(NFNL_SUBSYS_NFTABLES);
100365- request_module("nft-chain-%u-%*.s", afi->family,
100366- nla_len(nla)-1, (const char *)nla_data(nla));
100367+ request_module("nft-chain-%u-%.*s", afi->family,
100368+ nla_len(nla), (const char *)nla_data(nla));
100369 nfnl_lock(NFNL_SUBSYS_NFTABLES);
100370 type = __nf_tables_chain_type_lookup(afi->family, nla);
100371 }
100372@@ -1916,7 +1916,8 @@ static const struct nft_set_ops *nft_select_set_ops(const struct nlattr * const
100373
100374 static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
100375 [NFTA_SET_TABLE] = { .type = NLA_STRING },
100376- [NFTA_SET_NAME] = { .type = NLA_STRING },
100377+ [NFTA_SET_NAME] = { .type = NLA_STRING,
100378+ .len = IFNAMSIZ - 1 },
100379 [NFTA_SET_FLAGS] = { .type = NLA_U32 },
100380 [NFTA_SET_KEY_TYPE] = { .type = NLA_U32 },
100381 [NFTA_SET_KEY_LEN] = { .type = NLA_U32 },
100326diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c 100382diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
100327index a155d19..726b0f2 100644 100383index a155d19..726b0f2 100644
100328--- a/net/netfilter/nfnetlink_log.c 100384--- a/net/netfilter/nfnetlink_log.c
@@ -101263,7 +101319,7 @@ index b0565af..d135e6e 100644
101263 101319
101264 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); 101320 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
101265diff --git a/net/socket.c b/net/socket.c 101321diff --git a/net/socket.c b/net/socket.c
101266index e83c416..f87df4c 100644 101322index dc57dae..5b883e0 100644
101267--- a/net/socket.c 101323--- a/net/socket.c
101268+++ b/net/socket.c 101324+++ b/net/socket.c
101269@@ -88,6 +88,7 @@ 101325@@ -88,6 +88,7 @@
@@ -101438,18 +101494,16 @@ index e83c416..f87df4c 100644
101438 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, 101494 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
101439 unsigned int, flags, struct sockaddr __user *, addr, 101495 unsigned int, flags, struct sockaddr __user *, addr,
101440 int, addr_len) 101496 int, addr_len)
101441@@ -1972,6 +2038,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, 101497@@ -1825,7 +1891,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
101442 { 101498 struct socket *sock;
101443 if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) 101499 struct iovec iov;
101444 return -EFAULT; 101500 struct msghdr msg;
101445+ 101501- struct sockaddr_storage address;
101446+ if (kmsg->msg_namelen < 0) 101502+ struct sockaddr_storage address = { };
101447+ return -EINVAL; 101503 int err, err2;
101448+ 101504 int fput_needed;
101449 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) 101505
101450 kmsg->msg_namelen = sizeof(struct sockaddr_storage); 101506@@ -2051,7 +2117,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
101451 return 0;
101452@@ -2047,7 +2117,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
101453 * checking falls down on this. 101507 * checking falls down on this.
101454 */ 101508 */
101455 if (copy_from_user(ctl_buf, 101509 if (copy_from_user(ctl_buf,
@@ -101458,7 +101512,16 @@ index e83c416..f87df4c 100644
101458 ctl_len)) 101512 ctl_len))
101459 goto out_freectl; 101513 goto out_freectl;
101460 msg_sys->msg_control = ctl_buf; 101514 msg_sys->msg_control = ctl_buf;
101461@@ -2227,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, 101515@@ -2202,7 +2268,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
101516 int err, total_len, len;
101517
101518 /* kernel mode address */
101519- struct sockaddr_storage addr;
101520+ struct sockaddr_storage addr = { };
101521
101522 /* user mode address pointers */
101523 struct sockaddr __user *uaddr;
101524@@ -2231,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
101462 /* Save the user-mode address (verify_iovec will change the 101525 /* Save the user-mode address (verify_iovec will change the
101463 * kernel msghdr to use the kernel address space) 101526 * kernel msghdr to use the kernel address space)
101464 */ 101527 */
@@ -101467,7 +101530,7 @@ index e83c416..f87df4c 100644
101467 uaddr_len = COMPAT_NAMELEN(msg); 101530 uaddr_len = COMPAT_NAMELEN(msg);
101468 if (MSG_CMSG_COMPAT & flags) 101531 if (MSG_CMSG_COMPAT & flags)
101469 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 101532 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
101470@@ -2871,7 +2941,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) 101533@@ -2875,7 +2941,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
101471 ifr = compat_alloc_user_space(buf_size); 101534 ifr = compat_alloc_user_space(buf_size);
101472 rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); 101535 rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
101473 101536
@@ -101476,7 +101539,7 @@ index e83c416..f87df4c 100644
101476 return -EFAULT; 101539 return -EFAULT;
101477 101540
101478 if (put_user(convert_in ? rxnfc : compat_ptr(data), 101541 if (put_user(convert_in ? rxnfc : compat_ptr(data),
101479@@ -2985,14 +3055,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd, 101542@@ -2989,14 +3055,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
101480 old_fs = get_fs(); 101543 old_fs = get_fs();
101481 set_fs(KERNEL_DS); 101544 set_fs(KERNEL_DS);
101482 err = dev_ioctl(net, cmd, 101545 err = dev_ioctl(net, cmd,
@@ -101493,7 +101556,7 @@ index e83c416..f87df4c 100644
101493 return -EFAULT; 101556 return -EFAULT;
101494 101557
101495 if (get_user(data, &ifr32->ifr_ifru.ifru_data)) 101558 if (get_user(data, &ifr32->ifr_ifru.ifru_data))
101496@@ -3094,7 +3164,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, 101559@@ -3098,7 +3164,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
101497 101560
101498 old_fs = get_fs(); 101561 old_fs = get_fs();
101499 set_fs(KERNEL_DS); 101562 set_fs(KERNEL_DS);
@@ -101502,7 +101565,7 @@ index e83c416..f87df4c 100644
101502 set_fs(old_fs); 101565 set_fs(old_fs);
101503 101566
101504 if (cmd == SIOCGIFMAP && !err) { 101567 if (cmd == SIOCGIFMAP && !err) {
101505@@ -3199,7 +3269,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, 101568@@ -3203,7 +3269,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
101506 ret |= get_user(rtdev, &(ur4->rt_dev)); 101569 ret |= get_user(rtdev, &(ur4->rt_dev));
101507 if (rtdev) { 101570 if (rtdev) {
101508 ret |= copy_from_user(devname, compat_ptr(rtdev), 15); 101571 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -101511,7 +101574,7 @@ index e83c416..f87df4c 100644
101511 devname[15] = 0; 101574 devname[15] = 0;
101512 } else 101575 } else
101513 r4.rt_dev = NULL; 101576 r4.rt_dev = NULL;
101514@@ -3425,8 +3495,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, 101577@@ -3429,8 +3495,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
101515 int __user *uoptlen; 101578 int __user *uoptlen;
101516 int err; 101579 int err;
101517 101580
@@ -101522,7 +101585,7 @@ index e83c416..f87df4c 100644
101522 101585
101523 set_fs(KERNEL_DS); 101586 set_fs(KERNEL_DS);
101524 if (level == SOL_SOCKET) 101587 if (level == SOL_SOCKET)
101525@@ -3446,7 +3516,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, 101588@@ -3450,7 +3516,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
101526 char __user *uoptval; 101589 char __user *uoptval;
101527 int err; 101590 int err;
101528 101591
@@ -101871,20 +101934,20 @@ index e7000be..e3b0ba7 100644
101871 int mode = (table->mode >> 6) & 7; 101934 int mode = (table->mode >> 6) & 7;
101872 return (mode << 6) | (mode << 3) | mode; 101935 return (mode << 6) | (mode << 3) | mode;
101873diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c 101936diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
101874index d38bb45..38d5df5 100644 101937index c2a37aa..c195fef 100644
101875--- a/net/tipc/subscr.c 101938--- a/net/tipc/subscr.c
101876+++ b/net/tipc/subscr.c 101939+++ b/net/tipc/subscr.c
101877@@ -98,7 +98,7 @@ static void subscr_send_event(struct tipc_subscription *sub, u32 found_lower, 101940@@ -97,7 +97,7 @@ static void subscr_send_event(struct tipc_subscription *sub, u32 found_lower,
101941 struct tipc_subscriber *subscriber = sub->subscriber;
101878 struct kvec msg_sect; 101942 struct kvec msg_sect;
101879 int ret;
101880 101943
101881- msg_sect.iov_base = (void *)&sub->evt; 101944- msg_sect.iov_base = (void *)&sub->evt;
101882+ msg_sect.iov_base = &sub->evt; 101945+ msg_sect.iov_base = &sub->evt;
101883 msg_sect.iov_len = sizeof(struct tipc_event); 101946 msg_sect.iov_len = sizeof(struct tipc_event);
101884
101885 sub->evt.event = htohl(event, sub->swap); 101947 sub->evt.event = htohl(event, sub->swap);
101948 sub->evt.found_lower = htohl(found_lower, sub->swap);
101886diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c 101949diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
101887index d7c1ac6..b0fc322 100644 101950index c3975bc..b0fc322 100644
101888--- a/net/unix/af_unix.c 101951--- a/net/unix/af_unix.c
101889+++ b/net/unix/af_unix.c 101952+++ b/net/unix/af_unix.c
101890@@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net, 101953@@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -101933,52 +101996,7 @@ index d7c1ac6..b0fc322 100644
101933 done_path_create(&path, dentry); 101996 done_path_create(&path, dentry);
101934 return err; 101997 return err;
101935 } 101998 }
101936@@ -1785,8 +1804,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, 101999@@ -2342,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
101937 goto out;
101938
101939 err = mutex_lock_interruptible(&u->readlock);
101940- if (err) {
101941- err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
101942+ if (unlikely(err)) {
101943+ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
101944+ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
101945+ */
101946+ err = noblock ? -EAGAIN : -ERESTARTSYS;
101947 goto out;
101948 }
101949
101950@@ -1911,6 +1933,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
101951 struct unix_sock *u = unix_sk(sk);
101952 struct sockaddr_un *sunaddr = msg->msg_name;
101953 int copied = 0;
101954+ int noblock = flags & MSG_DONTWAIT;
101955 int check_creds = 0;
101956 int target;
101957 int err = 0;
101958@@ -1926,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
101959 goto out;
101960
101961 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
101962- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
101963+ timeo = sock_rcvtimeo(sk, noblock);
101964
101965 /* Lock the socket to prevent queue disordering
101966 * while sleeps in memcpy_tomsg
101967@@ -1938,8 +1961,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
101968 }
101969
101970 err = mutex_lock_interruptible(&u->readlock);
101971- if (err) {
101972- err = sock_intr_errno(timeo);
101973+ if (unlikely(err)) {
101974+ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
101975+ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
101976+ */
101977+ err = noblock ? -EAGAIN : -ERESTARTSYS;
101978 goto out;
101979 }
101980
101981@@ -2335,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
101982 seq_puts(seq, "Num RefCount Protocol Flags Type St " 102000 seq_puts(seq, "Num RefCount Protocol Flags Type St "
101983 "Inode Path\n"); 102001 "Inode Path\n");
101984 else { 102002 else {
@@ -101993,7 +102011,7 @@ index d7c1ac6..b0fc322 100644
101993 102011
101994 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", 102012 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
101995 s, 102013 s,
101996@@ -2364,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) 102014@@ -2371,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
101997 } 102015 }
101998 for ( ; i < len; i++) 102016 for ( ; i < len; i++)
101999 seq_putc(seq, u->addr->name->sun_path[i]); 102017 seq_putc(seq, u->addr->name->sun_path[i]);
@@ -102532,14 +102550,14 @@ index 078fe1d..fbdb363 100644
102532 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", 102550 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
102533diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh 102551diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
102534new file mode 100644 102552new file mode 100644
102535index 0000000..3c23999 102553index 0000000..edcbc3a
102536--- /dev/null 102554--- /dev/null
102537+++ b/scripts/gcc-plugin.sh 102555+++ b/scripts/gcc-plugin.sh
102538@@ -0,0 +1,16 @@ 102556@@ -0,0 +1,16 @@
102539+#!/bin/bash 102557+#!/bin/bash
102540+srctree=$(dirname "$0") 102558+srctree=$(dirname "$0")
102541+gccplugins_dir=$("$3" -print-file-name=plugin) 102559+gccplugins_dir=$($3 -print-file-name=plugin)
102542+plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF 102560+plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
102543+#include "gcc-common.h" 102561+#include "gcc-common.h"
102544+#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) 102562+#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
102545+#warning $2 102563+#warning $2
@@ -103808,10 +103826,54 @@ index e9c6ac7..75578c4 100644
103808 default 65536 103826 default 65536
103809 help 103827 help
103810 This is the portion of low virtual memory which should be protected 103828 This is the portion of low virtual memory which should be protected
103829diff --git a/security/apparmor/file.c b/security/apparmor/file.c
103830index fdaa50c..2761dcb 100644
103831--- a/security/apparmor/file.c
103832+++ b/security/apparmor/file.c
103833@@ -348,8 +348,8 @@ static inline bool xindex_is_subset(u32 link, u32 target)
103834 int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
103835 struct path *new_dir, struct dentry *new_dentry)
103836 {
103837- struct path link = { new_dir->mnt, new_dentry };
103838- struct path target = { new_dir->mnt, old_dentry };
103839+ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };
103840+ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry };
103841 struct path_cond cond = {
103842 old_dentry->d_inode->i_uid,
103843 old_dentry->d_inode->i_mode
103811diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c 103844diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
103812index 4257b7e..f0c9438 100644 103845index 4257b7e..2d0732d 100644
103813--- a/security/apparmor/lsm.c 103846--- a/security/apparmor/lsm.c
103814+++ b/security/apparmor/lsm.c 103847+++ b/security/apparmor/lsm.c
103848@@ -186,7 +186,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
103849 struct dentry *dentry, u32 mask,
103850 struct path_cond *cond)
103851 {
103852- struct path path = { dir->mnt, dentry };
103853+ struct path path = { .mnt = dir->mnt, .dentry = dentry };
103854
103855 return common_perm(op, &path, mask, cond);
103856 }
103857@@ -203,7 +203,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
103858 static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
103859 struct dentry *dentry, u32 mask)
103860 {
103861- struct path path = { mnt, dentry };
103862+ struct path path = { .mnt = mnt, .dentry = dentry };
103863 struct path_cond cond = { dentry->d_inode->i_uid,
103864 dentry->d_inode->i_mode
103865 };
103866@@ -325,8 +325,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
103867
103868 profile = aa_current_profile();
103869 if (!unconfined(profile)) {
103870- struct path old_path = { old_dir->mnt, old_dentry };
103871- struct path new_path = { new_dir->mnt, new_dentry };
103872+ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry };
103873+ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry };
103874 struct path_cond cond = { old_dentry->d_inode->i_uid,
103875 old_dentry->d_inode->i_mode
103876 };
103815@@ -615,7 +615,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, 103877@@ -615,7 +615,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
103816 return error; 103878 return error;
103817 } 103879 }
@@ -104147,7 +104209,7 @@ index fc3e662..7844c60 100644
104147 lock = &avc_cache.slots_lock[hvalue]; 104209 lock = &avc_cache.slots_lock[hvalue];
104148 104210
104149diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c 104211diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
104150index 57b0b49..402063e 100644 104212index 019749c..0648215 100644
104151--- a/security/selinux/hooks.c 104213--- a/security/selinux/hooks.c
104152+++ b/security/selinux/hooks.c 104214+++ b/security/selinux/hooks.c
104153@@ -96,8 +96,6 @@ 104215@@ -96,8 +96,6 @@
@@ -104159,7 +104221,7 @@ index 57b0b49..402063e 100644
104159 /* SECMARK reference count */ 104221 /* SECMARK reference count */
104160 static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); 104222 static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
104161 104223
104162@@ -5745,7 +5743,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) 104224@@ -5763,7 +5761,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
104163 104225
104164 #endif 104226 #endif
104165 104227
@@ -104168,7 +104230,7 @@ index 57b0b49..402063e 100644
104168 .name = "selinux", 104230 .name = "selinux",
104169 104231
104170 .ptrace_access_check = selinux_ptrace_access_check, 104232 .ptrace_access_check = selinux_ptrace_access_check,
104171@@ -6098,6 +6096,9 @@ static void selinux_nf_ip_exit(void) 104233@@ -6116,6 +6114,9 @@ static void selinux_nf_ip_exit(void)
104172 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 104234 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
104173 static int selinux_disabled; 104235 static int selinux_disabled;
104174 104236
@@ -104178,7 +104240,7 @@ index 57b0b49..402063e 100644
104178 int selinux_disable(void) 104240 int selinux_disable(void)
104179 { 104241 {
104180 if (ss_initialized) { 104242 if (ss_initialized) {
104181@@ -6115,7 +6116,9 @@ int selinux_disable(void) 104243@@ -6133,7 +6134,9 @@ int selinux_disable(void)
104182 selinux_disabled = 1; 104244 selinux_disabled = 1;
104183 selinux_enabled = 0; 104245 selinux_enabled = 0;
104184 104246
@@ -104215,6 +104277,57 @@ index b0be893..646bd94 100644
104215 .name = "smack", 104277 .name = "smack",
104216 104278
104217 .ptrace_access_check = smack_ptrace_access_check, 104279 .ptrace_access_check = smack_ptrace_access_check,
104280diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
104281index 4003907..13a2b55 100644
104282--- a/security/tomoyo/file.c
104283+++ b/security/tomoyo/file.c
104284@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
104285 {
104286 struct tomoyo_request_info r;
104287 struct tomoyo_obj_info obj = {
104288- .path1 = *path,
104289+ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
104290 };
104291 int error = -ENOMEM;
104292 struct tomoyo_path_info buf;
104293@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
104294 struct tomoyo_path_info buf;
104295 struct tomoyo_request_info r;
104296 struct tomoyo_obj_info obj = {
104297- .path1 = *path,
104298+ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
104299 };
104300 int idx;
104301
104302@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path, const char *target)
104303 {
104304 struct tomoyo_request_info r;
104305 struct tomoyo_obj_info obj = {
104306- .path1 = *path,
104307+ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
104308 };
104309 int error;
104310 struct tomoyo_path_info buf;
104311@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
104312 {
104313 struct tomoyo_request_info r;
104314 struct tomoyo_obj_info obj = {
104315- .path1 = *path,
104316+ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
104317 };
104318 int error = -ENOMEM;
104319 struct tomoyo_path_info buf;
104320@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
104321 struct tomoyo_path_info buf2;
104322 struct tomoyo_request_info r;
104323 struct tomoyo_obj_info obj = {
104324- .path1 = *path1,
104325- .path2 = *path2,
104326+ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry },
104327+ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry }
104328 };
104329 int idx;
104330
104218diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c 104331diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
104219index 390c646..f2f8db3 100644 104332index 390c646..f2f8db3 100644
104220--- a/security/tomoyo/mount.c 104333--- a/security/tomoyo/mount.c
@@ -104231,9 +104344,94 @@ index 390c646..f2f8db3 100644
104231 if (!fstype) { 104344 if (!fstype) {
104232 error = -ENODEV; 104345 error = -ENODEV;
104233diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c 104346diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
104234index f0b756e..b129202 100644 104347index f0b756e..8aa497b 100644
104235--- a/security/tomoyo/tomoyo.c 104348--- a/security/tomoyo/tomoyo.c
104236+++ b/security/tomoyo/tomoyo.c 104349+++ b/security/tomoyo/tomoyo.c
104350@@ -146,7 +146,7 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
104351 */
104352 static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
104353 {
104354- struct path path = { mnt, dentry };
104355+ struct path path = { .mnt = mnt, .dentry = dentry };
104356 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
104357 }
104358
104359@@ -172,7 +172,7 @@ static int tomoyo_path_truncate(struct path *path)
104360 */
104361 static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
104362 {
104363- struct path path = { parent->mnt, dentry };
104364+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
104365 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
104366 }
104367
104368@@ -188,7 +188,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
104369 static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
104370 umode_t mode)
104371 {
104372- struct path path = { parent->mnt, dentry };
104373+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
104374 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
104375 mode & S_IALLUGO);
104376 }
104377@@ -203,7 +203,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
104378 */
104379 static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
104380 {
104381- struct path path = { parent->mnt, dentry };
104382+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
104383 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
104384 }
104385
104386@@ -219,7 +219,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
104387 static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
104388 const char *old_name)
104389 {
104390- struct path path = { parent->mnt, dentry };
104391+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
104392 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
104393 }
104394
104395@@ -236,7 +236,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
104396 static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
104397 umode_t mode, unsigned int dev)
104398 {
104399- struct path path = { parent->mnt, dentry };
104400+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
104401 int type = TOMOYO_TYPE_CREATE;
104402 const unsigned int perm = mode & S_IALLUGO;
104403
104404@@ -275,8 +275,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
104405 static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
104406 struct dentry *new_dentry)
104407 {
104408- struct path path1 = { new_dir->mnt, old_dentry };
104409- struct path path2 = { new_dir->mnt, new_dentry };
104410+ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
104411+ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
104412 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
104413 }
104414
104415@@ -295,8 +295,8 @@ static int tomoyo_path_rename(struct path *old_parent,
104416 struct path *new_parent,
104417 struct dentry *new_dentry)
104418 {
104419- struct path path1 = { old_parent->mnt, old_dentry };
104420- struct path path2 = { new_parent->mnt, new_dentry };
104421+ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
104422+ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
104423 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
104424 }
104425
104426@@ -424,7 +424,7 @@ static int tomoyo_sb_mount(const char *dev_name, struct path *path,
104427 */
104428 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
104429 {
104430- struct path path = { mnt, mnt->mnt_root };
104431+ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
104432 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
104433 }
104434
104237@@ -503,7 +503,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, 104435@@ -503,7 +503,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
104238 * tomoyo_security_ops is a "struct security_operations" which is used for 104436 * tomoyo_security_ops is a "struct security_operations" which is used for
104239 * registering TOMOYO. 104437 * registering TOMOYO.
@@ -105007,10 +105205,10 @@ index 0000000..4c2c45c
105007+size_overflow_hash.h 105205+size_overflow_hash.h
105008diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile 105206diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
105009new file mode 100644 105207new file mode 100644
105010index 0000000..b198b6d 105208index 0000000..d25d472
105011--- /dev/null 105209--- /dev/null
105012+++ b/tools/gcc/Makefile 105210+++ b/tools/gcc/Makefile
105013@@ -0,0 +1,54 @@ 105211@@ -0,0 +1,60 @@
105014+#CC := gcc 105212+#CC := gcc
105015+#PLUGIN_SOURCE_FILES := pax_plugin.c 105213+#PLUGIN_SOURCE_FILES := pax_plugin.c
105016+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) 105214+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -105049,22 +105247,28 @@ index 0000000..b198b6d
105049+structleak_plugin-objs := structleak_plugin.o 105247+structleak_plugin-objs := structleak_plugin.o
105050+randomize_layout_plugin-objs := randomize_layout_plugin.o 105248+randomize_layout_plugin-objs := randomize_layout_plugin.o
105051+ 105249+
105052+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h 105250+$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h $(objtree)/$(obj)/size_overflow_hash_aux.h
105053+$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h 105251+$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h
105054+ 105252+
105055+quiet_cmd_build_size_overflow_hash = GENHASH $@ 105253+quiet_cmd_build_size_overflow_hash = GENHASH $@
105056+ cmd_build_size_overflow_hash = \ 105254+ cmd_build_size_overflow_hash = \
105057+ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -d $< -o $@ 105255+ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash -d $< -o $@
105058+$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE 105256+$(objtree)/$(obj)/size_overflow_hash.h: $(src)/size_overflow_hash.data FORCE
105059+ $(call if_changed,build_size_overflow_hash) 105257+ $(call if_changed,build_size_overflow_hash)
105060+ 105258+
105259+quiet_cmd_build_size_overflow_hash_aux = GENHASH $@
105260+ cmd_build_size_overflow_hash_aux = \
105261+ $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s size_overflow_hash_aux -d $< -o $@
105262+$(objtree)/$(obj)/size_overflow_hash_aux.h: $(src)/size_overflow_hash_aux.data FORCE
105263+ $(call if_changed,build_size_overflow_hash_aux)
105264+
105061+quiet_cmd_create_randomize_layout_seed = GENSEED $@ 105265+quiet_cmd_create_randomize_layout_seed = GENSEED $@
105062+ cmd_create_randomize_layout_seed = \ 105266+ cmd_create_randomize_layout_seed = \
105063+ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h 105267+ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
105064+$(objtree)/$(obj)/randomize_layout_seed.h: FORCE 105268+$(objtree)/$(obj)/randomize_layout_seed.h: FORCE
105065+ $(call if_changed,create_randomize_layout_seed) 105269+ $(call if_changed,create_randomize_layout_seed)
105066+ 105270+
105067+targets += size_overflow_hash.h randomize_layout_seed.h randomize_layout_hash.h 105271+targets += size_overflow_hash.h size_overflow_hash_aux.h randomize_layout_seed.h randomize_layout_hash.h
105068diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c 105272diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
105069new file mode 100644 105273new file mode 100644
105070index 0000000..5452feea 105274index 0000000..5452feea
@@ -105956,10 +106160,10 @@ index 0000000..4f67ac1
105956+} 106160+}
105957diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h 106161diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
105958new file mode 100644 106162new file mode 100644
105959index 0000000..6dbb502 106163index 0000000..8af3693
105960--- /dev/null 106164--- /dev/null
105961+++ b/tools/gcc/gcc-common.h 106165+++ b/tools/gcc/gcc-common.h
105962@@ -0,0 +1,286 @@ 106166@@ -0,0 +1,287 @@
105963+#ifndef GCC_COMMON_H_INCLUDED 106167+#ifndef GCC_COMMON_H_INCLUDED
105964+#define GCC_COMMON_H_INCLUDED 106168+#define GCC_COMMON_H_INCLUDED
105965+ 106169+
@@ -106074,6 +106278,7 @@ index 0000000..6dbb502
106074+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) 106278+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
106075+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) 106279+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
106076+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) 106280+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
106281+#define TODO_rebuild_cgraph_edges 0
106077+ 106282+
106078+static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code) 106283+static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code)
106079+{ 106284+{
@@ -106262,10 +106467,10 @@ index 0000000..7514850
106262+fi 106467+fi
106263diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh 106468diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh
106264new file mode 100644 106469new file mode 100644
106265index 0000000..e518932 106470index 0000000..791ca76
106266--- /dev/null 106471--- /dev/null
106267+++ b/tools/gcc/generate_size_overflow_hash.sh 106472+++ b/tools/gcc/generate_size_overflow_hash.sh
106268@@ -0,0 +1,94 @@ 106473@@ -0,0 +1,97 @@
106269+#!/bin/bash 106474+#!/bin/bash
106270+ 106475+
106271+# This script generates the hash table (size_overflow_hash.h) for the size_overflow gcc plugin (size_overflow_plugin.c). 106476+# This script generates the hash table (size_overflow_hash.h) for the size_overflow gcc plugin (size_overflow_plugin.c).
@@ -106273,6 +106478,7 @@ index 0000000..e518932
106273+header1="size_overflow_hash.h" 106478+header1="size_overflow_hash.h"
106274+database="size_overflow_hash.data" 106479+database="size_overflow_hash.data"
106275+n=65536 106480+n=65536
106481+hashtable_name="size_overflow_hash"
106276+ 106482+
106277+usage() { 106483+usage() {
106278+cat <<EOF 106484+cat <<EOF
@@ -106282,6 +106488,7 @@ index 0000000..e518932
106282+ -o header file 106488+ -o header file
106283+ -d database file 106489+ -d database file
106284+ -n hash array size 106490+ -n hash array size
106491+ -s name of the hash table
106285+EOF 106492+EOF
106286+ return 0 106493+ return 0
106287+} 106494+}
@@ -106293,6 +106500,7 @@ index 0000000..e518932
106293+ -n) n=$2; shift 2;; 106500+ -n) n=$2; shift 2;;
106294+ -o) header1="$2"; shift 2;; 106501+ -o) header1="$2"; shift 2;;
106295+ -d) database="$2"; shift 2;; 106502+ -d) database="$2"; shift 2;;
106503+ -s) hashtable_name="$2"; shift 2;;
106296+ --) shift 1; break ;; 106504+ --) shift 1; break ;;
106297+ *) break ;; 106505+ *) break ;;
106298+ esac 106506+ esac
@@ -106334,7 +106542,7 @@ index 0000000..e518932
106334+} 106542+}
106335+ 106543+
106336+create_headers() { 106544+create_headers() {
106337+ echo "const struct size_overflow_hash * const size_overflow_hash[$n] = {" >> "$header1" 106545+ echo "const struct size_overflow_hash * const $hashtable_name[$n] = {" >> "$header1"
106338+} 106546+}
106339+ 106547+
106340+create_array_elements() { 106548+create_array_elements() {
@@ -114167,12 +114375,101 @@ index 0000000..9529806
114167+lookup_inline_extent_backref_65493 lookup_inline_extent_backref 9 65493 NULL 114375+lookup_inline_extent_backref_65493 lookup_inline_extent_backref 9 65493 NULL
114168+nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL 114376+nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL
114169+tree_mod_log_eb_copy_65535 tree_mod_log_eb_copy 6 65535 NULL 114377+tree_mod_log_eb_copy_65535 tree_mod_log_eb_copy 6 65535 NULL
114378diff --git a/tools/gcc/size_overflow_hash_aux.data b/tools/gcc/size_overflow_hash_aux.data
114379new file mode 100644
114380index 0000000..5dd8a8f
114381--- /dev/null
114382+++ b/tools/gcc/size_overflow_hash_aux.data
114383@@ -0,0 +1,83 @@
114384+spa_set_aux_vdevs_746 spa_set_aux_vdevs 3 746 NULL
114385+mappedread_2627 mappedread 2 2627 NULL
114386+vdev_disk_dio_alloc_2957 vdev_disk_dio_alloc 1 2957 NULL
114387+nv_alloc_pushpage_spl_4286 nv_alloc_pushpage_spl 2 4286 NULL
114388+zpl_xattr_get_4574 zpl_xattr_get 0 4574 NULL
114389+sa_replace_all_by_template_5699 sa_replace_all_by_template 3 5699 NULL
114390+dmu_write_6048 dmu_write 4-3 6048 NULL
114391+dmu_buf_hold_array_6095 dmu_buf_hold_array 4-3 6095 NULL
114392+update_pages_6225 update_pages 2-3 6225 NULL
114393+bio_nr_pages_7117 bio_nr_pages 0-2 7117 NULL
114394+dmu_buf_hold_array_by_bonus_8562 dmu_buf_hold_array_by_bonus 3-2 8562 NULL
114395+zpios_dmu_write_8858 zpios_dmu_write 4-5 8858 NULL
114396+ddi_copyout_9401 ddi_copyout 3 9401 NULL
114397+avl_numnodes_12384 avl_numnodes 0 12384 NULL
114398+dmu_write_uio_dnode_12473 dmu_write_uio_dnode 3 12473 NULL
114399+dmu_xuio_init_12866 dmu_xuio_init 2 12866 NULL
114400+dmu_snapshot_realname_14632 dmu_snapshot_realname 4 14632 NULL
114401+kmem_alloc_debug_14852 kmem_alloc_debug 1 14852 NULL
114402+kmalloc_node_nofail_15151 kmalloc_node_nofail 1 15151 NULL
114403+dmu_write_uio_16351 dmu_write_uio 4 16351 NULL
114404+zfs_log_write_16524 zfs_log_write 6-5 16524 NULL
114405+sa_build_layouts_16910 sa_build_layouts 3 16910 NULL
114406+dsl_dir_namelen_17053 dsl_dir_namelen 0 17053 NULL
114407+sa_add_layout_entry_17507 sa_add_layout_entry 3 17507 NULL
114408+sa_attr_table_setup_18029 sa_attr_table_setup 3 18029 NULL
114409+uiocopy_18680 uiocopy 2 18680 NULL
114410+dmu_buf_hold_array_by_dnode_19125 dmu_buf_hold_array_by_dnode 2-3 19125 NULL
114411+zpl_acl_from_xattr_21141 zpl_acl_from_xattr 2 21141 NULL
114412+dsl_pool_tx_assign_init_22518 dsl_pool_tx_assign_init 2 22518 NULL
114413+sa_replace_all_by_template_locked_22533 sa_replace_all_by_template_locked 3 22533 NULL
114414+tsd_hash_table_init_22559 tsd_hash_table_init 1 22559 NULL
114415+spa_vdev_remove_aux_23966 spa_vdev_remove_aux 4 23966 NULL
114416+zpl_xattr_acl_set_access_24129 zpl_xattr_acl_set_access 4 24129 NULL
114417+dmu_assign_arcbuf_24622 dmu_assign_arcbuf 2 24622 NULL
114418+zap_lookup_norm_25166 zap_lookup_norm 9 25166 NULL
114419+dmu_prealloc_25456 dmu_prealloc 4-3 25456 NULL
114420+kmalloc_nofail_26347 kmalloc_nofail 1 26347 NULL
114421+zfsctl_snapshot_zpath_27578 zfsctl_snapshot_zpath 2 27578 NULL
114422+zpios_dmu_read_30015 zpios_dmu_read 4-5 30015 NULL
114423+splat_write_30943 splat_write 3 30943 NULL
114424+zpl_xattr_get_sa_31183 zpl_xattr_get_sa 0 31183 NULL
114425+dmu_read_uio_31467 dmu_read_uio 4 31467 NULL
114426+zfs_replay_fuids_31479 zfs_replay_fuids 4 31479 NULL
114427+spa_history_log_to_phys_31632 spa_history_log_to_phys 0-1 31632 NULL
114428+__zpl_xattr_get_32601 __zpl_xattr_get 0 32601 NULL
114429+proc_copyout_string_34049 proc_copyout_string 2 34049 NULL
114430+nv_alloc_sleep_spl_34544 nv_alloc_sleep_spl 2 34544 NULL
114431+nv_alloc_nosleep_spl_34761 nv_alloc_nosleep_spl 2 34761 NULL
114432+zap_leaf_array_match_36922 zap_leaf_array_match 4 36922 NULL
114433+copyinstr_36980 copyinstr 3 36980 NULL
114434+zpl_xattr_acl_set_default_37864 zpl_xattr_acl_set_default 4 37864 NULL
114435+splat_read_38116 splat_read 3 38116 NULL
114436+sa_setup_38756 sa_setup 4 38756 NULL
114437+vdev_disk_physio_39898 vdev_disk_physio 3 39898 NULL
114438+arc_buf_size_39982 arc_buf_size 0 39982 NULL
114439+kzalloc_nofail_40719 kzalloc_nofail 1 40719 NULL
114440+fuidstr_to_sid_40777 fuidstr_to_sid 4 40777 NULL
114441+vdev_raidz_matrix_reconstruct_40852 vdev_raidz_matrix_reconstruct 2-3 40852 NULL
114442+sa_find_layout_40892 sa_find_layout 4 40892 NULL
114443+zpl_xattr_get_dir_41918 zpl_xattr_get_dir 0 41918 NULL
114444+zpl_xattr_acl_set_42808 zpl_xattr_acl_set 4 42808 NULL
114445+xdr_dec_array_43091 xdr_dec_array 5 43091 NULL
114446+dsl_dataset_namelen_43136 dsl_dataset_namelen 0 43136 NULL
114447+uiomove_44355 uiomove 2 44355 NULL
114448+dmu_read_44418 dmu_read 4-3 44418 NULL
114449+ddi_copyin_44846 ddi_copyin 3 44846 NULL
114450+copyin_45945 copyin 3 45945 NULL
114451+zil_itx_create_46555 zil_itx_create 2 46555 NULL
114452+dmu_write_uio_dbuf_48064 dmu_write_uio_dbuf 3 48064 NULL
114453+spa_history_write_49650 spa_history_write 3 49650 NULL
114454+zfs_log_write_50162 zfs_log_write 6-5 50162 NULL
114455+i_fm_alloc_51038 i_fm_alloc 2 51038 NULL
114456+copyout_51409 copyout 3 51409 NULL
114457+zvol_log_write_54898 zvol_log_write 4-3 54898 NULL
114458+zfs_acl_node_alloc_55641 zfs_acl_node_alloc 1 55641 NULL
114459+get_nvlist_56685 get_nvlist 2 56685 NULL
114460+zprop_get_numprops_56820 zprop_get_numprops 0 56820 NULL
114461+splat_taskq_test4_common_59829 splat_taskq_test4_common 5 59829 NULL
114462+zfs_replay_domain_cnt_61399 zfs_replay_domain_cnt 0 61399 NULL
114463+zpios_write_61823 zpios_write 3 61823 NULL
114464+proc_copyin_string_62019 proc_copyin_string 4 62019 NULL
114465+random_get_pseudo_bytes_64611 random_get_pseudo_bytes 2 64611 NULL
114466+zpios_read_64734 zpios_read 3 64734 NULL
114170diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c 114467diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
114171new file mode 100644 114468new file mode 100644
114172index 0000000..fa0524c 114469index 0000000..0a9dd22
114173--- /dev/null 114470--- /dev/null
114174+++ b/tools/gcc/size_overflow_plugin.c 114471+++ b/tools/gcc/size_overflow_plugin.c
114175@@ -0,0 +1,4101 @@ 114472@@ -0,0 +1,4110 @@
114176+/* 114473+/*
114177+ * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com> 114474+ * Copyright 2011-2014 by Emese Revfy <re.emese@gmail.com>
114178+ * Licensed under the GPL v2, or (at your option) v3 114475+ * Licensed under the GPL v2, or (at your option) v3
@@ -114201,7 +114498,7 @@ index 0000000..fa0524c
114201+int plugin_is_GPL_compatible; 114498+int plugin_is_GPL_compatible;
114202+ 114499+
114203+static struct plugin_info size_overflow_plugin_info = { 114500+static struct plugin_info size_overflow_plugin_info = {
114204+ .version = "20140317", 114501+ .version = "20140402",
114205+ .help = "no-size-overflow\tturn off size overflow checking\n", 114502+ .help = "no-size-overflow\tturn off size overflow checking\n",
114206+}; 114503+};
114207+ 114504+
@@ -114229,6 +114526,7 @@ index 0000000..fa0524c
114229+}; 114526+};
114230+ 114527+
114231+#include "size_overflow_hash.h" 114528+#include "size_overflow_hash.h"
114529+#include "size_overflow_hash_aux.h"
114232+ 114530+
114233+enum mark { 114531+enum mark {
114234+ MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF 114532+ MARK_NO, MARK_YES, MARK_NOT_INTENTIONAL, MARK_TURN_OFF
@@ -114620,6 +114918,16 @@ index 0000000..fa0524c
114620+ set_node_codes(TREE_VALUE(arg), fn_hash_data); 114918+ set_node_codes(TREE_VALUE(arg), fn_hash_data);
114621+} 114919+}
114622+ 114920+
114921+static const struct size_overflow_hash *get_proper_hash_chain(const struct size_overflow_hash *entry, const char *func_name)
114922+{
114923+ while (entry) {
114924+ if (!strcmp(entry->name, func_name))
114925+ return entry;
114926+ entry = entry->next;
114927+ }
114928+ return NULL;
114929+}
114930+
114623+static const struct size_overflow_hash *get_function_hash(const_tree fndecl) 114931+static const struct size_overflow_hash *get_function_hash(const_tree fndecl)
114624+{ 114932+{
114625+ const struct size_overflow_hash *entry; 114933+ const struct size_overflow_hash *entry;
@@ -114640,13 +114948,11 @@ index 0000000..fa0524c
114640+ set_hash(func_name, &fn_hash_data); 114948+ set_hash(func_name, &fn_hash_data);
114641+ 114949+
114642+ entry = size_overflow_hash[fn_hash_data.hash]; 114950+ entry = size_overflow_hash[fn_hash_data.hash];
114643+ 114951+ entry = get_proper_hash_chain(entry, func_name);
114644+ while (entry) { 114952+ if (entry)
114645+ if (!strcmp(entry->name, func_name)) 114953+ return entry;
114646+ return entry; 114954+ entry = size_overflow_hash_aux[fn_hash_data.hash];
114647+ entry = entry->next; 114955+ return get_proper_hash_chain(entry, func_name);
114648+ }
114649+ return NULL;
114650+} 114956+}
114651+ 114957+
114652+static void print_missing_msg(const_tree func, unsigned int argnum) 114958+static void print_missing_msg(const_tree func, unsigned int argnum)
@@ -118975,6 +119281,19 @@ index b003ad7..c0a02f8 100644
118975+#endif 119281+#endif
118976+ 119282+
118977 #endif 119283 #endif
119284diff --git a/virt/kvm/ioapic.c b/virt/kvm/ioapic.c
119285index 2d68297..39dc5bc 100644
119286--- a/virt/kvm/ioapic.c
119287+++ b/virt/kvm/ioapic.c
119288@@ -306,7 +306,7 @@ static int ioapic_deliver(struct kvm_ioapic *ioapic, int irq, bool line_status)
119289 BUG_ON(ioapic->rtc_status.pending_eoi != 0);
119290 ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe,
119291 ioapic->rtc_status.dest_map);
119292- ioapic->rtc_status.pending_eoi = ret;
119293+ ioapic->rtc_status.pending_eoi = (ret < 0 ? 0 : ret);
119294 } else
119295 ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, NULL);
119296
118978diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c 119297diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
118979index 4f588bc..a543c97 100644 119298index 4f588bc..a543c97 100644
118980--- a/virt/kvm/kvm_main.c 119299--- a/virt/kvm/kvm_main.c
© 2015 Mike Crute