aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-06-03 06:43:42 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-06-03 07:44:26 +0000
commit5e97f1b32fc2e7c6050335b29e36641eb719f4d0 (patch)
treeb8efeaadd96c926826edf03ed23818e96202b647
parent72dfeb01ba1e25b20d8c063aef48a8e34c45e162 (diff)
downloadalpine_aports-5e97f1b32fc2e7c6050335b29e36641eb719f4d0.tar.bz2
alpine_aports-5e97f1b32fc2e7c6050335b29e36641eb719f4d0.tar.xz
alpine_aports-5e97f1b32fc2e7c6050335b29e36641eb719f4d0.zip
main/linux-grsec: upgrade to 3.14.5
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD18
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.4-201405271114.patch)608
2 files changed, 280 insertions, 346 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 48c9fad10a..6d3afc84c3 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,12 +2,12 @@
2 2
3_flavor=grsec 3_flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=3.14.4 5pkgver=3.14.5
6case $pkgver in 6case $pkgver in
7*.*.*) _kernver=${pkgver%.*};; 7*.*.*) _kernver=${pkgver%.*};;
8*.*) _kernver=${pkgver};; 8*.*) _kernver=${pkgver};;
9esac 9esac
10pkgrel=2 10pkgrel=0
11pkgdesc="Linux kernel with grsecurity" 11pkgdesc="Linux kernel with grsecurity"
12url=http://grsecurity.net 12url=http://grsecurity.net
13depends="mkinitfs linux-firmware" 13depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
17install= 17install=
18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz 19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
20 grsecurity-3.0-3.14.4-201405271114.patch 20 grsecurity-3.0-3.14.5-201406021708.patch
21 21
22 fix-memory-map-for-PIE-applications.patch 22 fix-memory-map-for-PIE-applications.patch
23 imx6q-no-unclocked-sleep.patch 23 imx6q-no-unclocked-sleep.patch
@@ -165,24 +165,24 @@ dev() {
165} 165}
166 166
167md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz 167md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
168116f27cf17c3522716b6678b17516067 patch-3.14.4.xz 168a56bf05cb9033097198f9269bbcff130 patch-3.14.5.xz
16960e4f370c3543eb4634c84c24009b92d grsecurity-3.0-3.14.4-201405271114.patch 169e3879ccdca92dbec4e42109a9f5552bb grsecurity-3.0-3.14.5-201406021708.patch
170c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 170c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1711a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 1711a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
1727dbab6689abe6d34178c40773ea6759d kernelconfig.x86 1727dbab6689abe6d34178c40773ea6759d kernelconfig.x86
17321240113d77342def57ea9d6017c2cd6 kernelconfig.x86_64 17321240113d77342def57ea9d6017c2cd6 kernelconfig.x86_64
174727688e12e37262437fc9ca9c1fbd215 kernelconfig.armhf" 174727688e12e37262437fc9ca9c1fbd215 kernelconfig.armhf"
175sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz 175sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
176af640ea64e923d525a8238832e8452381e6dc76a3bf28046411cadd67c408114 patch-3.14.4.xz 176ecc00856830c05736b3f99609bc6d80353c29d2db9b0dffb91eb2d169808cac4 patch-3.14.5.xz
17776daa7e437ab5fedc51c1fec3a84b7e6901a073b083a94e3a55671bca9e67d34 grsecurity-3.0-3.14.4-201405271114.patch 1778695054d1a1bd02acd2a08b1268eb65349f6877b1be1a00251dcbc5dd95a5a00 grsecurity-3.0-3.14.5-201406021708.patch
178500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 178500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
17921179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 17921179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
180ea60441bed9d50ed3cde8b73c664448b4efebd60c6b58ea0a6df67f087bbc64b kernelconfig.x86 180ea60441bed9d50ed3cde8b73c664448b4efebd60c6b58ea0a6df67f087bbc64b kernelconfig.x86
181c87d9045758f474d092e18a77fc936c1fc9007b09564b79a1ecc46c083c7e3c0 kernelconfig.x86_64 181c87d9045758f474d092e18a77fc936c1fc9007b09564b79a1ecc46c083c7e3c0 kernelconfig.x86_64
18200fc74f27931d161ecc1c26e5cd000d9aeaf6ebea6e0e1293ecde14a64d80467 kernelconfig.armhf" 18200fc74f27931d161ecc1c26e5cd000d9aeaf6ebea6e0e1293ecde14a64d80467 kernelconfig.armhf"
183sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz 183sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
18461eca26d57f7d7caa78d157582d4b98fbba1c85af73f1773fb51eab3db4381de53f4fbfbc202083e45297c0b4487bc58880a518e7ee9c0d616cddf0b3909b303 patch-3.14.4.xz 184068d139063c94f0e3fd4c24217705628b20f996f6e4cce88366c060150a123381babcfc05c953c58023deff0f7b28b4129b8d381b20dd4e3ac80ce4dbc4ec1e3 patch-3.14.5.xz
1854276c7f2d533b62074180efb069047f562336647078cd47b8a0abb70123fe05f3b2d30c3a212358bfde9897f8b5592d63057f66c2b47718691474cbc77f09d5a grsecurity-3.0-3.14.4-201405271114.patch 18586aa2f621e4fe52eaf498236289b66532f7a8bc087e9100ec168861cead44b7a4329ad609314b6b0bcbf114adf7378ae4eb38b37fc7d8e414473b7de1b84bd2f grsecurity-3.0-3.14.5-201406021708.patch
1864665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 1864665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
18787d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 18787d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
188e19c081066d5615f3037d66e8cf5074bfa4d448d8db2f32642957eb808e8c26e2a2467d333f8773a02aac44b13d5afe556780bd2303df3a9ac88ad6099a898b2 kernelconfig.x86 188e19c081066d5615f3037d66e8cf5074bfa4d448d8db2f32642957eb808e8c26e2a2467d333f8773a02aac44b13d5afe556780bd2303df3a9ac88ad6099a898b2 kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.4-201405271114.patch b/main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch
index 3537db8395..400f193d7c 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.4-201405271114.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.5-201406021708.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
287 287
288 pcd. [PARIDE] 288 pcd. [PARIDE]
289diff --git a/Makefile b/Makefile 289diff --git a/Makefile b/Makefile
290index d7c07fd..1ad8228 100644 290index fa77b0b..dadf5fd 100644
291--- a/Makefile 291--- a/Makefile
292+++ b/Makefile 292+++ b/Makefile
293@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ 293@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -7508,18 +7508,6 @@ index 4006964..fcb3cc2 100644
7508 ret = __copy_from_user(to, from, n); 7508 ret = __copy_from_user(to, from, n);
7509 else 7509 else
7510 copy_from_user_overflow(); 7510 copy_from_user_overflow();
7511diff --git a/arch/parisc/include/uapi/asm/resource.h b/arch/parisc/include/uapi/asm/resource.h
7512index 8b06343..090483c 100644
7513--- a/arch/parisc/include/uapi/asm/resource.h
7514+++ b/arch/parisc/include/uapi/asm/resource.h
7515@@ -1,7 +1,6 @@
7516 #ifndef _ASM_PARISC_RESOURCE_H
7517 #define _ASM_PARISC_RESOURCE_H
7518
7519-#define _STK_LIM_MAX 10 * _STK_LIM
7520 #include <asm-generic/resource.h>
7521
7522 #endif
7523diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c 7511diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
7524index 50dfafc..b9fc230 100644 7512index 50dfafc..b9fc230 100644
7525--- a/arch/parisc/kernel/module.c 7513--- a/arch/parisc/kernel/module.c
@@ -7624,7 +7612,7 @@ index 50dfafc..b9fc230 100644
7624 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", 7612 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
7625 me->arch.unwind_section, table, end, gp); 7613 me->arch.unwind_section, table, end, gp);
7626diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c 7614diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
7627index b7cadc4..bf4a32d 100644 7615index 31ffa9b..588a798 100644
7628--- a/arch/parisc/kernel/sys_parisc.c 7616--- a/arch/parisc/kernel/sys_parisc.c
7629+++ b/arch/parisc/kernel/sys_parisc.c 7617+++ b/arch/parisc/kernel/sys_parisc.c
7630@@ -89,6 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, 7618@@ -89,6 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
@@ -7648,7 +7636,7 @@ index b7cadc4..bf4a32d 100644
7648 addr = COLOR_ALIGN(addr, last_mmap, pgoff); 7636 addr = COLOR_ALIGN(addr, last_mmap, pgoff);
7649@@ -124,6 +129,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, 7637@@ -124,6 +129,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
7650 info.high_limit = mmap_upper_limit(); 7638 info.high_limit = mmap_upper_limit();
7651 info.align_mask = last_mmap ? (PAGE_MASK & (SHMLBA - 1)) : 0; 7639 info.align_mask = last_mmap ? (PAGE_MASK & (SHM_COLOUR - 1)) : 0;
7652 info.align_offset = shared_align_offset(last_mmap, pgoff); 7640 info.align_offset = shared_align_offset(last_mmap, pgoff);
7653+ info.threadstack_offset = offset; 7641+ info.threadstack_offset = offset;
7654 addr = vm_unmapped_area(&info); 7642 addr = vm_unmapped_area(&info);
@@ -7675,7 +7663,7 @@ index b7cadc4..bf4a32d 100644
7675 addr = COLOR_ALIGN(addr, last_mmap, pgoff); 7663 addr = COLOR_ALIGN(addr, last_mmap, pgoff);
7676@@ -184,6 +195,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, 7664@@ -184,6 +195,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
7677 info.high_limit = mm->mmap_base; 7665 info.high_limit = mm->mmap_base;
7678 info.align_mask = last_mmap ? (PAGE_MASK & (SHMLBA - 1)) : 0; 7666 info.align_mask = last_mmap ? (PAGE_MASK & (SHM_COLOUR - 1)) : 0;
7679 info.align_offset = shared_align_offset(last_mmap, pgoff); 7667 info.align_offset = shared_align_offset(last_mmap, pgoff);
7680+ info.threadstack_offset = offset; 7668+ info.threadstack_offset = offset;
7681 addr = vm_unmapped_area(&info); 7669 addr = vm_unmapped_area(&info);
@@ -18365,10 +18353,10 @@ index 94e40f1..ebd03e4 100644
18365 #define pgprot_writecombine pgprot_writecombine 18353 #define pgprot_writecombine pgprot_writecombine
18366 extern pgprot_t pgprot_writecombine(pgprot_t prot); 18354 extern pgprot_t pgprot_writecombine(pgprot_t prot);
18367diff --git a/arch/x86/include/asm/preempt.h b/arch/x86/include/asm/preempt.h 18355diff --git a/arch/x86/include/asm/preempt.h b/arch/x86/include/asm/preempt.h
18368index c8b0519..fd29e73 100644 18356index b39e194..9d44fd1 100644
18369--- a/arch/x86/include/asm/preempt.h 18357--- a/arch/x86/include/asm/preempt.h
18370+++ b/arch/x86/include/asm/preempt.h 18358+++ b/arch/x86/include/asm/preempt.h
18371@@ -87,7 +87,7 @@ static __always_inline void __preempt_count_sub(int val) 18359@@ -99,7 +99,7 @@ static __always_inline void __preempt_count_sub(int val)
18372 */ 18360 */
18373 static __always_inline bool __preempt_count_dec_and_test(void) 18361 static __always_inline bool __preempt_count_dec_and_test(void)
18374 { 18362 {
@@ -19602,7 +19590,7 @@ index 04905bf..49203ca 100644
19602 } 19590 }
19603 19591
19604diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h 19592diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
19605index 0d592e0..f58a222 100644 19593index 0d592e0..7437fcc 100644
19606--- a/arch/x86/include/asm/uaccess.h 19594--- a/arch/x86/include/asm/uaccess.h
19607+++ b/arch/x86/include/asm/uaccess.h 19595+++ b/arch/x86/include/asm/uaccess.h
19608@@ -7,6 +7,7 @@ 19596@@ -7,6 +7,7 @@
@@ -19626,7 +19614,7 @@ index 0d592e0..f58a222 100644
19626 19614
19627 #define segment_eq(a, b) ((a).seg == (b).seg) 19615 #define segment_eq(a, b) ((a).seg == (b).seg)
19628 19616
19629@@ -85,8 +91,34 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un 19617@@ -85,8 +91,36 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
19630 * checks that the pointer is in the user space range - after calling 19618 * checks that the pointer is in the user space range - after calling
19631 * this function, memory access functions may still return -EFAULT. 19619 * this function, memory access functions may still return -EFAULT.
19632 */ 19620 */
@@ -19636,26 +19624,28 @@ index 0d592e0..f58a222 100644
19636+#define access_ok_noprefault(type, addr, size) (likely(!__range_not_ok(addr, size, user_addr_max()))) 19624+#define access_ok_noprefault(type, addr, size) (likely(!__range_not_ok(addr, size, user_addr_max())))
19637+#define access_ok(type, addr, size) \ 19625+#define access_ok(type, addr, size) \
19638+({ \ 19626+({ \
19639+ long __size = size; \ 19627+ unsigned long __size = size; \
19640+ unsigned long __addr = (unsigned long)addr; \ 19628+ unsigned long __addr = (unsigned long)addr; \
19641+ unsigned long __addr_ao = __addr & PAGE_MASK; \
19642+ unsigned long __end_ao = __addr + __size - 1; \
19643+ bool __ret_ao = __range_not_ok(__addr, __size, user_addr_max()) == 0;\ 19629+ bool __ret_ao = __range_not_ok(__addr, __size, user_addr_max()) == 0;\
19644+ if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \ 19630+ if (__ret_ao && __size) { \
19645+ while(__addr_ao <= __end_ao) { \ 19631+ unsigned long __addr_ao = __addr & PAGE_MASK; \
19646+ char __c_ao; \ 19632+ unsigned long __end_ao = __addr + __size - 1; \
19647+ __addr_ao += PAGE_SIZE; \ 19633+ if (unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
19648+ if (__size > PAGE_SIZE) \ 19634+ while (__addr_ao <= __end_ao) { \
19649+ _cond_resched(); \ 19635+ char __c_ao; \
19650+ if (__get_user(__c_ao, (char __user *)__addr)) \ 19636+ __addr_ao += PAGE_SIZE; \
19651+ break; \ 19637+ if (__size > PAGE_SIZE) \
19652+ if (type != VERIFY_WRITE) { \ 19638+ _cond_resched(); \
19639+ if (__get_user(__c_ao, (char __user *)__addr)) \
19640+ break; \
19641+ if (type != VERIFY_WRITE) { \
19642+ __addr = __addr_ao; \
19643+ continue; \
19644+ } \
19645+ if (__put_user(__c_ao, (char __user *)__addr)) \
19646+ break; \
19653+ __addr = __addr_ao; \ 19647+ __addr = __addr_ao; \
19654+ continue; \
19655+ } \ 19648+ } \
19656+ if (__put_user(__c_ao, (char __user *)__addr)) \
19657+ break; \
19658+ __addr = __addr_ao; \
19659+ } \ 19649+ } \
19660+ } \ 19650+ } \
19661+ __ret_ao; \ 19651+ __ret_ao; \
@@ -19663,7 +19653,7 @@ index 0d592e0..f58a222 100644
19663 19653
19664 /* 19654 /*
19665 * The exception table consists of pairs of addresses relative to the 19655 * The exception table consists of pairs of addresses relative to the
19666@@ -176,10 +208,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) 19656@@ -176,10 +210,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
19667 register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX); \ 19657 register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX); \
19668 __chk_user_ptr(ptr); \ 19658 __chk_user_ptr(ptr); \
19669 might_fault(); \ 19659 might_fault(); \
@@ -19676,7 +19666,7 @@ index 0d592e0..f58a222 100644
19676 __ret_gu; \ 19666 __ret_gu; \
19677 }) 19667 })
19678 19668
19679@@ -187,13 +221,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) 19669@@ -187,13 +223,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
19680 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ 19670 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
19681 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") 19671 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
19682 19672
@@ -19701,7 +19691,7 @@ index 0d592e0..f58a222 100644
19701 "3: " ASM_CLAC "\n" \ 19691 "3: " ASM_CLAC "\n" \
19702 ".section .fixup,\"ax\"\n" \ 19692 ".section .fixup,\"ax\"\n" \
19703 "4: movl %3,%0\n" \ 19693 "4: movl %3,%0\n" \
19704@@ -206,8 +248,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) 19694@@ -206,8 +250,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
19705 19695
19706 #define __put_user_asm_ex_u64(x, addr) \ 19696 #define __put_user_asm_ex_u64(x, addr) \
19707 asm volatile(ASM_STAC "\n" \ 19697 asm volatile(ASM_STAC "\n" \
@@ -19712,7 +19702,7 @@ index 0d592e0..f58a222 100644
19712 "3: " ASM_CLAC "\n" \ 19702 "3: " ASM_CLAC "\n" \
19713 _ASM_EXTABLE_EX(1b, 2b) \ 19703 _ASM_EXTABLE_EX(1b, 2b) \
19714 _ASM_EXTABLE_EX(2b, 3b) \ 19704 _ASM_EXTABLE_EX(2b, 3b) \
19715@@ -257,7 +299,8 @@ extern void __put_user_8(void); 19705@@ -257,7 +301,8 @@ extern void __put_user_8(void);
19716 __typeof__(*(ptr)) __pu_val; \ 19706 __typeof__(*(ptr)) __pu_val; \
19717 __chk_user_ptr(ptr); \ 19707 __chk_user_ptr(ptr); \
19718 might_fault(); \ 19708 might_fault(); \
@@ -19722,7 +19712,7 @@ index 0d592e0..f58a222 100644
19722 switch (sizeof(*(ptr))) { \ 19712 switch (sizeof(*(ptr))) { \
19723 case 1: \ 19713 case 1: \
19724 __put_user_x(1, __pu_val, ptr, __ret_pu); \ 19714 __put_user_x(1, __pu_val, ptr, __ret_pu); \
19725@@ -275,6 +318,7 @@ extern void __put_user_8(void); 19715@@ -275,6 +320,7 @@ extern void __put_user_8(void);
19726 __put_user_x(X, __pu_val, ptr, __ret_pu); \ 19716 __put_user_x(X, __pu_val, ptr, __ret_pu); \
19727 break; \ 19717 break; \
19728 } \ 19718 } \
@@ -19730,7 +19720,7 @@ index 0d592e0..f58a222 100644
19730 __ret_pu; \ 19720 __ret_pu; \
19731 }) 19721 })
19732 19722
19733@@ -355,8 +399,10 @@ do { \ 19723@@ -355,8 +401,10 @@ do { \
19734 } while (0) 19724 } while (0)
19735 19725
19736 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ 19726 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -19742,7 +19732,7 @@ index 0d592e0..f58a222 100644
19742 "2: " ASM_CLAC "\n" \ 19732 "2: " ASM_CLAC "\n" \
19743 ".section .fixup,\"ax\"\n" \ 19733 ".section .fixup,\"ax\"\n" \
19744 "3: mov %3,%0\n" \ 19734 "3: mov %3,%0\n" \
19745@@ -364,8 +410,10 @@ do { \ 19735@@ -364,8 +412,10 @@ do { \
19746 " jmp 2b\n" \ 19736 " jmp 2b\n" \
19747 ".previous\n" \ 19737 ".previous\n" \
19748 _ASM_EXTABLE(1b, 3b) \ 19738 _ASM_EXTABLE(1b, 3b) \
@@ -19755,7 +19745,7 @@ index 0d592e0..f58a222 100644
19755 19745
19756 #define __get_user_size_ex(x, ptr, size) \ 19746 #define __get_user_size_ex(x, ptr, size) \
19757 do { \ 19747 do { \
19758@@ -389,7 +437,7 @@ do { \ 19748@@ -389,7 +439,7 @@ do { \
19759 } while (0) 19749 } while (0)
19760 19750
19761 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ 19751 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
@@ -19764,7 +19754,7 @@ index 0d592e0..f58a222 100644
19764 "2:\n" \ 19754 "2:\n" \
19765 _ASM_EXTABLE_EX(1b, 2b) \ 19755 _ASM_EXTABLE_EX(1b, 2b) \
19766 : ltype(x) : "m" (__m(addr))) 19756 : ltype(x) : "m" (__m(addr)))
19767@@ -406,13 +454,24 @@ do { \ 19757@@ -406,13 +456,24 @@ do { \
19768 int __gu_err; \ 19758 int __gu_err; \
19769 unsigned long __gu_val; \ 19759 unsigned long __gu_val; \
19770 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ 19760 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
@@ -19791,7 +19781,7 @@ index 0d592e0..f58a222 100644
19791 19781
19792 /* 19782 /*
19793 * Tell gcc we read from memory instead of writing: this is because 19783 * Tell gcc we read from memory instead of writing: this is because
19794@@ -420,8 +479,10 @@ struct __large_struct { unsigned long buf[100]; }; 19784@@ -420,8 +481,10 @@ struct __large_struct { unsigned long buf[100]; };
19795 * aliasing issues. 19785 * aliasing issues.
19796 */ 19786 */
19797 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ 19787 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -19803,7 +19793,7 @@ index 0d592e0..f58a222 100644
19803 "2: " ASM_CLAC "\n" \ 19793 "2: " ASM_CLAC "\n" \
19804 ".section .fixup,\"ax\"\n" \ 19794 ".section .fixup,\"ax\"\n" \
19805 "3: mov %3,%0\n" \ 19795 "3: mov %3,%0\n" \
19806@@ -429,10 +490,12 @@ struct __large_struct { unsigned long buf[100]; }; 19796@@ -429,10 +492,12 @@ struct __large_struct { unsigned long buf[100]; };
19807 ".previous\n" \ 19797 ".previous\n" \
19808 _ASM_EXTABLE(1b, 3b) \ 19798 _ASM_EXTABLE(1b, 3b) \
19809 : "=r"(err) \ 19799 : "=r"(err) \
@@ -19818,7 +19808,7 @@ index 0d592e0..f58a222 100644
19818 "2:\n" \ 19808 "2:\n" \
19819 _ASM_EXTABLE_EX(1b, 2b) \ 19809 _ASM_EXTABLE_EX(1b, 2b) \
19820 : : ltype(x), "m" (__m(addr))) 19810 : : ltype(x), "m" (__m(addr)))
19821@@ -442,11 +505,13 @@ struct __large_struct { unsigned long buf[100]; }; 19811@@ -442,11 +507,13 @@ struct __large_struct { unsigned long buf[100]; };
19822 */ 19812 */
19823 #define uaccess_try do { \ 19813 #define uaccess_try do { \
19824 current_thread_info()->uaccess_err = 0; \ 19814 current_thread_info()->uaccess_err = 0; \
@@ -19832,7 +19822,7 @@ index 0d592e0..f58a222 100644
19832 (err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \ 19822 (err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \
19833 } while (0) 19823 } while (0)
19834 19824
19835@@ -471,8 +536,12 @@ struct __large_struct { unsigned long buf[100]; }; 19825@@ -471,8 +538,12 @@ struct __large_struct { unsigned long buf[100]; };
19836 * On error, the variable @x is set to zero. 19826 * On error, the variable @x is set to zero.
19837 */ 19827 */
19838 19828
@@ -19845,7 +19835,7 @@ index 0d592e0..f58a222 100644
19845 19835
19846 /** 19836 /**
19847 * __put_user: - Write a simple value into user space, with less checking. 19837 * __put_user: - Write a simple value into user space, with less checking.
19848@@ -494,8 +563,12 @@ struct __large_struct { unsigned long buf[100]; }; 19838@@ -494,8 +565,12 @@ struct __large_struct { unsigned long buf[100]; };
19849 * Returns zero on success, or -EFAULT on error. 19839 * Returns zero on success, or -EFAULT on error.
19850 */ 19840 */
19851 19841
@@ -19858,7 +19848,7 @@ index 0d592e0..f58a222 100644
19858 19848
19859 #define __get_user_unaligned __get_user 19849 #define __get_user_unaligned __get_user
19860 #define __put_user_unaligned __put_user 19850 #define __put_user_unaligned __put_user
19861@@ -513,7 +586,7 @@ struct __large_struct { unsigned long buf[100]; }; 19851@@ -513,7 +588,7 @@ struct __large_struct { unsigned long buf[100]; };
19862 #define get_user_ex(x, ptr) do { \ 19852 #define get_user_ex(x, ptr) do { \
19863 unsigned long __gue_val; \ 19853 unsigned long __gue_val; \
19864 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ 19854 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
@@ -19867,7 +19857,7 @@ index 0d592e0..f58a222 100644
19867 } while (0) 19857 } while (0)
19868 19858
19869 #define put_user_try uaccess_try 19859 #define put_user_try uaccess_try
19870@@ -542,18 +615,19 @@ extern void __cmpxchg_wrong_size(void) 19860@@ -542,18 +617,19 @@ extern void __cmpxchg_wrong_size(void)
19871 __typeof__(ptr) __uval = (uval); \ 19861 __typeof__(ptr) __uval = (uval); \
19872 __typeof__(*(ptr)) __old = (old); \ 19862 __typeof__(*(ptr)) __old = (old); \
19873 __typeof__(*(ptr)) __new = (new); \ 19863 __typeof__(*(ptr)) __new = (new); \
@@ -19889,7 +19879,7 @@ index 0d592e0..f58a222 100644
19889 : "i" (-EFAULT), "q" (__new), "1" (__old) \ 19879 : "i" (-EFAULT), "q" (__new), "1" (__old) \
19890 : "memory" \ 19880 : "memory" \
19891 ); \ 19881 ); \
19892@@ -562,14 +636,14 @@ extern void __cmpxchg_wrong_size(void) 19882@@ -562,14 +638,14 @@ extern void __cmpxchg_wrong_size(void)
19893 case 2: \ 19883 case 2: \
19894 { \ 19884 { \
19895 asm volatile("\t" ASM_STAC "\n" \ 19885 asm volatile("\t" ASM_STAC "\n" \
@@ -19906,7 +19896,7 @@ index 0d592e0..f58a222 100644
19906 : "i" (-EFAULT), "r" (__new), "1" (__old) \ 19896 : "i" (-EFAULT), "r" (__new), "1" (__old) \
19907 : "memory" \ 19897 : "memory" \
19908 ); \ 19898 ); \
19909@@ -578,14 +652,14 @@ extern void __cmpxchg_wrong_size(void) 19899@@ -578,14 +654,14 @@ extern void __cmpxchg_wrong_size(void)
19910 case 4: \ 19900 case 4: \
19911 { \ 19901 { \
19912 asm volatile("\t" ASM_STAC "\n" \ 19902 asm volatile("\t" ASM_STAC "\n" \
@@ -19923,7 +19913,7 @@ index 0d592e0..f58a222 100644
19923 : "i" (-EFAULT), "r" (__new), "1" (__old) \ 19913 : "i" (-EFAULT), "r" (__new), "1" (__old) \
19924 : "memory" \ 19914 : "memory" \
19925 ); \ 19915 ); \
19926@@ -597,14 +671,14 @@ extern void __cmpxchg_wrong_size(void) 19916@@ -597,14 +673,14 @@ extern void __cmpxchg_wrong_size(void)
19927 __cmpxchg_wrong_size(); \ 19917 __cmpxchg_wrong_size(); \
19928 \ 19918 \
19929 asm volatile("\t" ASM_STAC "\n" \ 19919 asm volatile("\t" ASM_STAC "\n" \
@@ -19940,7 +19930,7 @@ index 0d592e0..f58a222 100644
19940 : "i" (-EFAULT), "r" (__new), "1" (__old) \ 19930 : "i" (-EFAULT), "r" (__new), "1" (__old) \
19941 : "memory" \ 19931 : "memory" \
19942 ); \ 19932 ); \
19943@@ -613,6 +687,7 @@ extern void __cmpxchg_wrong_size(void) 19933@@ -613,6 +689,7 @@ extern void __cmpxchg_wrong_size(void)
19944 default: \ 19934 default: \
19945 __cmpxchg_wrong_size(); \ 19935 __cmpxchg_wrong_size(); \
19946 } \ 19936 } \
@@ -19948,7 +19938,7 @@ index 0d592e0..f58a222 100644
19948 *__uval = __old; \ 19938 *__uval = __old; \
19949 __ret; \ 19939 __ret; \
19950 }) 19940 })
19951@@ -636,17 +711,6 @@ extern struct movsl_mask { 19941@@ -636,17 +713,6 @@ extern struct movsl_mask {
19952 19942
19953 #define ARCH_HAS_NOCACHE_UACCESS 1 19943 #define ARCH_HAS_NOCACHE_UACCESS 1
19954 19944
@@ -19966,7 +19956,7 @@ index 0d592e0..f58a222 100644
19966 #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS 19956 #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
19967 # define copy_user_diag __compiletime_error 19957 # define copy_user_diag __compiletime_error
19968 #else 19958 #else
19969@@ -656,7 +720,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from, 19959@@ -656,7 +722,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
19970 extern void copy_user_diag("copy_from_user() buffer size is too small") 19960 extern void copy_user_diag("copy_from_user() buffer size is too small")
19971 copy_from_user_overflow(void); 19961 copy_from_user_overflow(void);
19972 extern void copy_user_diag("copy_to_user() buffer size is too small") 19962 extern void copy_user_diag("copy_to_user() buffer size is too small")
@@ -19975,7 +19965,7 @@ index 0d592e0..f58a222 100644
19975 19965
19976 #undef copy_user_diag 19966 #undef copy_user_diag
19977 19967
19978@@ -669,7 +733,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow"); 19968@@ -669,7 +735,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
19979 19969
19980 extern void 19970 extern void
19981 __compiletime_warning("copy_to_user() buffer size is not provably correct") 19971 __compiletime_warning("copy_to_user() buffer size is not provably correct")
@@ -19984,7 +19974,7 @@ index 0d592e0..f58a222 100644
19984 #define __copy_to_user_overflow(size, count) __copy_to_user_overflow() 19974 #define __copy_to_user_overflow(size, count) __copy_to_user_overflow()
19985 19975
19986 #else 19976 #else
19987@@ -684,10 +748,16 @@ __copy_from_user_overflow(int size, unsigned long count) 19977@@ -684,10 +750,16 @@ __copy_from_user_overflow(int size, unsigned long count)
19988 19978
19989 #endif 19979 #endif
19990 19980
@@ -20002,7 +19992,7 @@ index 0d592e0..f58a222 100644
20002 19992
20003 might_fault(); 19993 might_fault();
20004 19994
20005@@ -709,12 +779,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n) 19995@@ -709,12 +781,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
20006 * case, and do only runtime checking for non-constant sizes. 19996 * case, and do only runtime checking for non-constant sizes.
20007 */ 19997 */
20008 19998
@@ -20024,7 +20014,7 @@ index 0d592e0..f58a222 100644
20024 20014
20025 return n; 20015 return n;
20026 } 20016 }
20027@@ -722,17 +795,18 @@ copy_from_user(void *to, const void __user *from, unsigned long n) 20017@@ -722,17 +797,18 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
20028 static inline unsigned long __must_check 20018 static inline unsigned long __must_check
20029 copy_to_user(void __user *to, const void *from, unsigned long n) 20019 copy_to_user(void __user *to, const void *from, unsigned long n)
20030 { 20020 {
@@ -28784,10 +28774,10 @@ index 3927528..fc19971 100644
28784 28774
28785 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) 28775 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
28786diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c 28776diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
28787index 2b85784..ad70e19 100644 28777index ee0c3b5..773bb94 100644
28788--- a/arch/x86/kvm/x86.c 28778--- a/arch/x86/kvm/x86.c
28789+++ b/arch/x86/kvm/x86.c 28779+++ b/arch/x86/kvm/x86.c
28790@@ -1777,8 +1777,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) 28780@@ -1776,8 +1776,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
28791 { 28781 {
28792 struct kvm *kvm = vcpu->kvm; 28782 struct kvm *kvm = vcpu->kvm;
28793 int lm = is_long_mode(vcpu); 28783 int lm = is_long_mode(vcpu);
@@ -28798,7 +28788,7 @@ index 2b85784..ad70e19 100644
28798 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 28788 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
28799 : kvm->arch.xen_hvm_config.blob_size_32; 28789 : kvm->arch.xen_hvm_config.blob_size_32;
28800 u32 page_num = data & ~PAGE_MASK; 28790 u32 page_num = data & ~PAGE_MASK;
28801@@ -2689,6 +2689,8 @@ long kvm_arch_dev_ioctl(struct file *filp, 28791@@ -2688,6 +2688,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
28802 if (n < msr_list.nmsrs) 28792 if (n < msr_list.nmsrs)
28803 goto out; 28793 goto out;
28804 r = -EFAULT; 28794 r = -EFAULT;
@@ -28807,7 +28797,7 @@ index 2b85784..ad70e19 100644
28807 if (copy_to_user(user_msr_list->indices, &msrs_to_save, 28797 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
28808 num_msrs_to_save * sizeof(u32))) 28798 num_msrs_to_save * sizeof(u32)))
28809 goto out; 28799 goto out;
28810@@ -5503,7 +5505,7 @@ static struct notifier_block pvclock_gtod_notifier = { 28800@@ -5502,7 +5504,7 @@ static struct notifier_block pvclock_gtod_notifier = {
28811 }; 28801 };
28812 #endif 28802 #endif
28813 28803
@@ -34132,7 +34122,7 @@ index 0149575..f746de8 100644
34132+ pax_force_retaddr 34122+ pax_force_retaddr
34133 ret 34123 ret
34134diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c 34124diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
34135index 4ed75dd..3cf24f0b 100644 34125index af2d431..3cf24f0b 100644
34136--- a/arch/x86/net/bpf_jit_comp.c 34126--- a/arch/x86/net/bpf_jit_comp.c
34137+++ b/arch/x86/net/bpf_jit_comp.c 34127+++ b/arch/x86/net/bpf_jit_comp.c
34138@@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) 34128@@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
@@ -34298,7 +34288,7 @@ index 4ed75dd..3cf24f0b 100644
34298+ pax_close_kernel(); 34288+ pax_close_kernel();
34299 34289
34300- header->pages = sz / PAGE_SIZE; 34290- header->pages = sz / PAGE_SIZE;
34301- hole = sz - (proglen + sizeof(*header)); 34291- hole = min(sz - (proglen + sizeof(*header)), PAGE_SIZE - sizeof(*header));
34302+ hole = PAGE_SIZE - (proglen & ~PAGE_MASK); 34292+ hole = PAGE_SIZE - (proglen & ~PAGE_MASK);
34303 34293
34304 /* insert a random number of int3 instructions before BPF code */ 34294 /* insert a random number of int3 instructions before BPF code */
@@ -40603,10 +40593,10 @@ index 15a74f9..4278889 100644
40603 return can_switch; 40593 return can_switch;
40604 } 40594 }
40605diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h 40595diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
40606index df77e20..d3fda9f 100644 40596index 697f215..6f89b7f 100644
40607--- a/drivers/gpu/drm/i915/i915_drv.h 40597--- a/drivers/gpu/drm/i915/i915_drv.h
40608+++ b/drivers/gpu/drm/i915/i915_drv.h 40598+++ b/drivers/gpu/drm/i915/i915_drv.h
40609@@ -1361,7 +1361,7 @@ typedef struct drm_i915_private { 40599@@ -1362,7 +1362,7 @@ typedef struct drm_i915_private {
40610 drm_dma_handle_t *status_page_dmah; 40600 drm_dma_handle_t *status_page_dmah;
40611 struct resource mch_res; 40601 struct resource mch_res;
40612 40602
@@ -40788,10 +40778,10 @@ index d554169..f4426bb 100644
40788 iir = I915_READ(IIR); 40778 iir = I915_READ(IIR);
40789 40779
40790diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c 40780diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
40791index 9b8a7c7..60f6003 100644 40781index 963639d..ea0c0cb 100644
40792--- a/drivers/gpu/drm/i915/intel_display.c 40782--- a/drivers/gpu/drm/i915/intel_display.c
40793+++ b/drivers/gpu/drm/i915/intel_display.c 40783+++ b/drivers/gpu/drm/i915/intel_display.c
40794@@ -10776,13 +10776,13 @@ struct intel_quirk { 40784@@ -10787,13 +10787,13 @@ struct intel_quirk {
40795 int subsystem_vendor; 40785 int subsystem_vendor;
40796 int subsystem_device; 40786 int subsystem_device;
40797 void (*hook)(struct drm_device *dev); 40787 void (*hook)(struct drm_device *dev);
@@ -40807,7 +40797,7 @@ index 9b8a7c7..60f6003 100644
40807 40797
40808 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) 40798 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
40809 { 40799 {
40810@@ -10790,18 +10790,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) 40800@@ -10801,18 +10801,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
40811 return 1; 40801 return 1;
40812 } 40802 }
40813 40803
@@ -41191,7 +41181,7 @@ index 28f84b4..fb3e224 100644
41191 ret = drm_irq_install(qdev->ddev); 41181 ret = drm_irq_install(qdev->ddev);
41192 qdev->ram_header->int_mask = QXL_INTERRUPT_MASK; 41182 qdev->ram_header->int_mask = QXL_INTERRUPT_MASK;
41193diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c 41183diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c
41194index c7e7e65..7dddd4d 100644 41184index c82c1d6a9..6158c02 100644
41195--- a/drivers/gpu/drm/qxl/qxl_ttm.c 41185--- a/drivers/gpu/drm/qxl/qxl_ttm.c
41196+++ b/drivers/gpu/drm/qxl/qxl_ttm.c 41186+++ b/drivers/gpu/drm/qxl/qxl_ttm.c
41197@@ -103,7 +103,7 @@ static void qxl_ttm_global_fini(struct qxl_device *qdev) 41187@@ -103,7 +103,7 @@ static void qxl_ttm_global_fini(struct qxl_device *qdev)
@@ -41214,7 +41204,7 @@ index c7e7e65..7dddd4d 100644
41214 } 41204 }
41215 vma->vm_ops = &qxl_ttm_vm_ops; 41205 vma->vm_ops = &qxl_ttm_vm_ops;
41216 return 0; 41206 return 0;
41217@@ -560,25 +562,23 @@ static int qxl_mm_dump_table(struct seq_file *m, void *data) 41207@@ -561,25 +563,23 @@ static int qxl_mm_dump_table(struct seq_file *m, void *data)
41218 static int qxl_ttm_debugfs_init(struct qxl_device *qdev) 41208 static int qxl_ttm_debugfs_init(struct qxl_device *qdev)
41219 { 41209 {
41220 #if defined(CONFIG_DEBUG_FS) 41210 #if defined(CONFIG_DEBUG_FS)
@@ -41881,10 +41871,10 @@ index ec0ae2d..dc0780b 100644
41881 /* copy over all the bus versions */ 41871 /* copy over all the bus versions */
41882 if (dev->bus && dev->bus->pm) { 41872 if (dev->bus && dev->bus->pm) {
41883diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c 41873diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
41884index cc32a6f..02a4b1c 100644 41874index 8a5384c..cf63c18 100644
41885--- a/drivers/hid/hid-core.c 41875--- a/drivers/hid/hid-core.c
41886+++ b/drivers/hid/hid-core.c 41876+++ b/drivers/hid/hid-core.c
41887@@ -2421,7 +2421,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); 41877@@ -2422,7 +2422,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
41888 41878
41889 int hid_add_device(struct hid_device *hdev) 41879 int hid_add_device(struct hid_device *hdev)
41890 { 41880 {
@@ -41893,7 +41883,7 @@ index cc32a6f..02a4b1c 100644
41893 int ret; 41883 int ret;
41894 41884
41895 if (WARN_ON(hdev->status & HID_STAT_ADDED)) 41885 if (WARN_ON(hdev->status & HID_STAT_ADDED))
41896@@ -2455,7 +2455,7 @@ int hid_add_device(struct hid_device *hdev) 41886@@ -2456,7 +2456,7 @@ int hid_add_device(struct hid_device *hdev)
41897 /* XXX hack, any other cleaner solution after the driver core 41887 /* XXX hack, any other cleaner solution after the driver core
41898 * is converted to allow more than 20 bytes as the device name? */ 41888 * is converted to allow more than 20 bytes as the device name? */
41899 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, 41889 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -44611,10 +44601,10 @@ index 3e6d115..ffecdeb 100644
44611 /*----------------------------------------------------------------*/ 44601 /*----------------------------------------------------------------*/
44612 44602
44613diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c 44603diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
44614index 4a6ca1c..e952750 100644 44604index 56e24c0..e1c8e1f 100644
44615--- a/drivers/md/raid1.c 44605--- a/drivers/md/raid1.c
44616+++ b/drivers/md/raid1.c 44606+++ b/drivers/md/raid1.c
44617@@ -1922,7 +1922,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) 44607@@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
44618 if (r1_sync_page_io(rdev, sect, s, 44608 if (r1_sync_page_io(rdev, sect, s,
44619 bio->bi_io_vec[idx].bv_page, 44609 bio->bi_io_vec[idx].bv_page,
44620 READ) != 0) 44610 READ) != 0)
@@ -44623,7 +44613,7 @@ index 4a6ca1c..e952750 100644
44623 } 44613 }
44624 sectors -= s; 44614 sectors -= s;
44625 sect += s; 44615 sect += s;
44626@@ -2156,7 +2156,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, 44616@@ -2165,7 +2165,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
44627 test_bit(In_sync, &rdev->flags)) { 44617 test_bit(In_sync, &rdev->flags)) {
44628 if (r1_sync_page_io(rdev, sect, s, 44618 if (r1_sync_page_io(rdev, sect, s,
44629 conf->tmppage, READ)) { 44619 conf->tmppage, READ)) {
@@ -46214,10 +46204,10 @@ index cf49c22..971b133 100644
46214 struct sm_sysfs_attribute *vendor_attribute; 46204 struct sm_sysfs_attribute *vendor_attribute;
46215 char *vendor; 46205 char *vendor;
46216diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c 46206diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
46217index e5628fc..ffe54d1 100644 46207index 91ec8cd..562ff5f 100644
46218--- a/drivers/net/bonding/bond_main.c 46208--- a/drivers/net/bonding/bond_main.c
46219+++ b/drivers/net/bonding/bond_main.c 46209+++ b/drivers/net/bonding/bond_main.c
46220@@ -4551,6 +4551,7 @@ static void __exit bonding_exit(void) 46210@@ -4552,6 +4552,7 @@ static void __exit bonding_exit(void)
46221 46211
46222 bond_netlink_fini(); 46212 bond_netlink_fini();
46223 unregister_pernet_subsys(&bond_net_ops); 46213 unregister_pernet_subsys(&bond_net_ops);
@@ -46656,10 +46646,10 @@ index bf0d55e..82bcfbd1 100644
46656 priv = netdev_priv(dev); 46646 priv = netdev_priv(dev);
46657 priv->phy = phy; 46647 priv->phy = phy;
46658diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c 46648diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
46659index 1831fb7..9c24bca 100644 46649index 20bb669..9a0e17e 100644
46660--- a/drivers/net/macvlan.c 46650--- a/drivers/net/macvlan.c
46661+++ b/drivers/net/macvlan.c 46651+++ b/drivers/net/macvlan.c
46662@@ -984,13 +984,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { 46652@@ -991,13 +991,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
46663 int macvlan_link_register(struct rtnl_link_ops *ops) 46653 int macvlan_link_register(struct rtnl_link_ops *ops)
46664 { 46654 {
46665 /* common fields */ 46655 /* common fields */
@@ -46682,7 +46672,7 @@ index 1831fb7..9c24bca 100644
46682 46672
46683 return rtnl_link_register(ops); 46673 return rtnl_link_register(ops);
46684 }; 46674 };
46685@@ -1045,7 +1047,7 @@ static int macvlan_device_event(struct notifier_block *unused, 46675@@ -1052,7 +1054,7 @@ static int macvlan_device_event(struct notifier_block *unused,
46686 return NOTIFY_DONE; 46676 return NOTIFY_DONE;
46687 } 46677 }
46688 46678
@@ -46692,10 +46682,10 @@ index 1831fb7..9c24bca 100644
46692 }; 46682 };
46693 46683
46694diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c 46684diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
46695index ff111a8..c4c3ac4 100644 46685index 3381c4f..dea5fd5 100644
46696--- a/drivers/net/macvtap.c 46686--- a/drivers/net/macvtap.c
46697+++ b/drivers/net/macvtap.c 46687+++ b/drivers/net/macvtap.c
46698@@ -1011,7 +1011,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, 46688@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
46699 } 46689 }
46700 46690
46701 ret = 0; 46691 ret = 0;
@@ -46704,7 +46694,7 @@ index ff111a8..c4c3ac4 100644
46704 put_user(q->flags, &ifr->ifr_flags)) 46694 put_user(q->flags, &ifr->ifr_flags))
46705 ret = -EFAULT; 46695 ret = -EFAULT;
46706 macvtap_put_vlan(vlan); 46696 macvtap_put_vlan(vlan);
46707@@ -1181,7 +1181,7 @@ static int macvtap_device_event(struct notifier_block *unused, 46697@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused,
46708 return NOTIFY_DONE; 46698 return NOTIFY_DONE;
46709 } 46699 }
46710 46700
@@ -46796,19 +46786,6 @@ index 26f8635..c237839 100644
46796 if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) { 46786 if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
46797 if (copy_from_user(&ifr, argp, ifreq_len)) 46787 if (copy_from_user(&ifr, argp, ifreq_len))
46798 return -EFAULT; 46788 return -EFAULT;
46799diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
46800index d350d27..75d7d9d 100644
46801--- a/drivers/net/usb/cdc_ncm.c
46802+++ b/drivers/net/usb/cdc_ncm.c
46803@@ -768,7 +768,7 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign)
46804 skb_out->len > CDC_NCM_MIN_TX_PKT)
46805 memset(skb_put(skb_out, ctx->tx_max - skb_out->len), 0,
46806 ctx->tx_max - skb_out->len);
46807- else if ((skb_out->len % dev->maxpacket) == 0)
46808+ else if (skb_out->len < ctx->tx_max && (skb_out->len % dev->maxpacket) == 0)
46809 *skb_put(skb_out, 1) = 0; /* force short packet */
46810
46811 /* set final frame length */
46812diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c 46789diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
46813index 660bd5e..ac59452 100644 46790index 660bd5e..ac59452 100644
46814--- a/drivers/net/usb/hso.c 46791--- a/drivers/net/usb/hso.c
@@ -50026,10 +50003,10 @@ index 62ec84b..93159d8 100644
50026 disposition = scsi_decide_disposition(cmd); 50003 disposition = scsi_decide_disposition(cmd);
50027 if (disposition != SUCCESS && 50004 if (disposition != SUCCESS &&
50028diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c 50005diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
50029index 9117d0b..d289a7a 100644 50006index 665acbf..d18fab4 100644
50030--- a/drivers/scsi/scsi_sysfs.c 50007--- a/drivers/scsi/scsi_sysfs.c
50031+++ b/drivers/scsi/scsi_sysfs.c 50008+++ b/drivers/scsi/scsi_sysfs.c
50032@@ -739,7 +739,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ 50009@@ -734,7 +734,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \
50033 char *buf) \ 50010 char *buf) \
50034 { \ 50011 { \
50035 struct scsi_device *sdev = to_scsi_device(dev); \ 50012 struct scsi_device *sdev = to_scsi_device(dev); \
@@ -57622,7 +57599,7 @@ index 1e86823..8e34695 100644
57622 else if (whole->bd_holder != NULL) 57599 else if (whole->bd_holder != NULL)
57623 return false; /* is a partition of a held device */ 57600 return false; /* is a partition of a held device */
57624diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c 57601diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
57625index cbd3a7d..c6a2881 100644 57602index cbd3a7d6f..c6a2881 100644
57626--- a/fs/btrfs/ctree.c 57603--- a/fs/btrfs/ctree.c
57627+++ b/fs/btrfs/ctree.c 57604+++ b/fs/btrfs/ctree.c
57628@@ -1216,9 +1216,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, 57605@@ -1216,9 +1216,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
@@ -57995,10 +57972,10 @@ index f3ac415..3d2420c 100644
57995 server->ops->print_stats(m, tcon); 57972 server->ops->print_stats(m, tcon);
57996 } 57973 }
57997diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c 57974diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
57998index 849f613..eae6dec 100644 57975index 7c6b73c..a8f0db2 100644
57999--- a/fs/cifs/cifsfs.c 57976--- a/fs/cifs/cifsfs.c
58000+++ b/fs/cifs/cifsfs.c 57977+++ b/fs/cifs/cifsfs.c
58001@@ -1056,7 +1056,7 @@ cifs_init_request_bufs(void) 57978@@ -1068,7 +1068,7 @@ cifs_init_request_bufs(void)
58002 */ 57979 */
58003 cifs_req_cachep = kmem_cache_create("cifs_request", 57980 cifs_req_cachep = kmem_cache_create("cifs_request",
58004 CIFSMaxBufSize + max_hdr_size, 0, 57981 CIFSMaxBufSize + max_hdr_size, 0,
@@ -58007,7 +57984,7 @@ index 849f613..eae6dec 100644
58007 if (cifs_req_cachep == NULL) 57984 if (cifs_req_cachep == NULL)
58008 return -ENOMEM; 57985 return -ENOMEM;
58009 57986
58010@@ -1083,7 +1083,7 @@ cifs_init_request_bufs(void) 57987@@ -1095,7 +1095,7 @@ cifs_init_request_bufs(void)
58011 efficient to alloc 1 per page off the slab compared to 17K (5page) 57988 efficient to alloc 1 per page off the slab compared to 17K (5page)
58012 alloc of large cifs buffers even when page debugging is on */ 57989 alloc of large cifs buffers even when page debugging is on */
58013 cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", 57990 cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq",
@@ -58016,7 +57993,7 @@ index 849f613..eae6dec 100644
58016 NULL); 57993 NULL);
58017 if (cifs_sm_req_cachep == NULL) { 57994 if (cifs_sm_req_cachep == NULL) {
58018 mempool_destroy(cifs_req_poolp); 57995 mempool_destroy(cifs_req_poolp);
58019@@ -1168,8 +1168,8 @@ init_cifs(void) 57996@@ -1180,8 +1180,8 @@ init_cifs(void)
58020 atomic_set(&bufAllocCount, 0); 57997 atomic_set(&bufAllocCount, 0);
58021 atomic_set(&smBufAllocCount, 0); 57998 atomic_set(&smBufAllocCount, 0);
58022 #ifdef CONFIG_CIFS_STATS2 57999 #ifdef CONFIG_CIFS_STATS2
@@ -58028,10 +58005,10 @@ index 849f613..eae6dec 100644
58028 58005
58029 atomic_set(&midCount, 0); 58006 atomic_set(&midCount, 0);
58030diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h 58007diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
58031index c0f3718..6afed7d 100644 58008index 30f6e92..e915ba5 100644
58032--- a/fs/cifs/cifsglob.h 58009--- a/fs/cifs/cifsglob.h
58033+++ b/fs/cifs/cifsglob.h 58010+++ b/fs/cifs/cifsglob.h
58034@@ -804,35 +804,35 @@ struct cifs_tcon { 58011@@ -806,35 +806,35 @@ struct cifs_tcon {
58035 __u16 Flags; /* optional support bits */ 58012 __u16 Flags; /* optional support bits */
58036 enum statusEnum tidStatus; 58013 enum statusEnum tidStatus;
58037 #ifdef CONFIG_CIFS_STATS 58014 #ifdef CONFIG_CIFS_STATS
@@ -58091,7 +58068,7 @@ index c0f3718..6afed7d 100644
58091 } smb2_stats; 58068 } smb2_stats;
58092 #endif /* CONFIG_CIFS_SMB2 */ 58069 #endif /* CONFIG_CIFS_SMB2 */
58093 } stats; 58070 } stats;
58094@@ -1162,7 +1162,7 @@ convert_delimiter(char *path, char delim) 58071@@ -1170,7 +1170,7 @@ convert_delimiter(char *path, char delim)
58095 } 58072 }
58096 58073
58097 #ifdef CONFIG_CIFS_STATS 58074 #ifdef CONFIG_CIFS_STATS
@@ -58100,7 +58077,7 @@ index c0f3718..6afed7d 100644
58100 58077
58101 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, 58078 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
58102 unsigned int bytes) 58079 unsigned int bytes)
58103@@ -1528,8 +1528,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; 58080@@ -1536,8 +1536,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
58104 /* Various Debug counters */ 58081 /* Various Debug counters */
58105 GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ 58082 GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
58106 #ifdef CONFIG_CIFS_STATS2 58083 #ifdef CONFIG_CIFS_STATS2
@@ -58112,7 +58089,7 @@ index c0f3718..6afed7d 100644
58112 GLOBAL_EXTERN atomic_t smBufAllocCount; 58089 GLOBAL_EXTERN atomic_t smBufAllocCount;
58113 GLOBAL_EXTERN atomic_t midCount; 58090 GLOBAL_EXTERN atomic_t midCount;
58114diff --git a/fs/cifs/file.c b/fs/cifs/file.c 58091diff --git a/fs/cifs/file.c b/fs/cifs/file.c
58115index 834fce7..8a314b5 100644 58092index 87c4dd0..a90f115 100644
58116--- a/fs/cifs/file.c 58093--- a/fs/cifs/file.c
58117+++ b/fs/cifs/file.c 58094+++ b/fs/cifs/file.c
58118@@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, 58095@@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping,
@@ -58134,7 +58111,7 @@ index 834fce7..8a314b5 100644
58134 } 58111 }
58135 retry: 58112 retry:
58136diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c 58113diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
58137index 2f9f379..43f8025 100644 58114index 3b0c62e..f7d090c 100644
58138--- a/fs/cifs/misc.c 58115--- a/fs/cifs/misc.c
58139+++ b/fs/cifs/misc.c 58116+++ b/fs/cifs/misc.c
58140@@ -170,7 +170,7 @@ cifs_buf_get(void) 58117@@ -170,7 +170,7 @@ cifs_buf_get(void)
@@ -58156,10 +58133,10 @@ index 2f9f379..43f8025 100644
58156 58133
58157 } 58134 }
58158diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c 58135diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
58159index 526fb89..ecdbf5a 100644 58136index d1fdfa8..94558f8 100644
58160--- a/fs/cifs/smb1ops.c 58137--- a/fs/cifs/smb1ops.c
58161+++ b/fs/cifs/smb1ops.c 58138+++ b/fs/cifs/smb1ops.c
58162@@ -616,27 +616,27 @@ static void 58139@@ -626,27 +626,27 @@ static void
58163 cifs_clear_stats(struct cifs_tcon *tcon) 58140 cifs_clear_stats(struct cifs_tcon *tcon)
58164 { 58141 {
58165 #ifdef CONFIG_CIFS_STATS 58142 #ifdef CONFIG_CIFS_STATS
@@ -58208,7 +58185,7 @@ index 526fb89..ecdbf5a 100644
58208 #endif 58185 #endif
58209 } 58186 }
58210 58187
58211@@ -645,36 +645,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon) 58188@@ -655,36 +655,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
58212 { 58189 {
58213 #ifdef CONFIG_CIFS_STATS 58190 #ifdef CONFIG_CIFS_STATS
58214 seq_printf(m, " Oplocks breaks: %d", 58191 seq_printf(m, " Oplocks breaks: %d",
@@ -58265,7 +58242,7 @@ index 526fb89..ecdbf5a 100644
58265 } 58242 }
58266 58243
58267diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c 58244diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
58268index 192f51a..539307e 100644 58245index 35ddc3e..563e809 100644
58269--- a/fs/cifs/smb2ops.c 58246--- a/fs/cifs/smb2ops.c
58270+++ b/fs/cifs/smb2ops.c 58247+++ b/fs/cifs/smb2ops.c
58271@@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) 58248@@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon)
@@ -58838,7 +58815,7 @@ index e4141f2..d8263e8 100644
58838 i += packet_length_size; 58815 i += packet_length_size;
58839 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) 58816 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
58840diff --git a/fs/exec.c b/fs/exec.c 58817diff --git a/fs/exec.c b/fs/exec.c
58841index 3d78fcc..cd4f983 100644 58818index 3d78fcc..75b208f 100644
58842--- a/fs/exec.c 58819--- a/fs/exec.c
58843+++ b/fs/exec.c 58820+++ b/fs/exec.c
58844@@ -55,8 +55,20 @@ 58821@@ -55,8 +55,20 @@
@@ -59329,7 +59306,7 @@ index 3d78fcc..cd4f983 100644
59329 out: 59306 out:
59330 if (bprm->mm) { 59307 if (bprm->mm) {
59331 acct_arg_size(bprm, 0); 59308 acct_arg_size(bprm, 0);
59332@@ -1626,3 +1801,296 @@ asmlinkage long compat_sys_execve(const char __user * filename, 59309@@ -1626,3 +1801,311 @@ asmlinkage long compat_sys_execve(const char __user * filename,
59333 return compat_do_execve(getname(filename), argv, envp); 59310 return compat_do_execve(getname(filename), argv, envp);
59334 } 59311 }
59335 #endif 59312 #endif
@@ -59577,12 +59554,25 @@ index 3d78fcc..cd4f983 100644
59577+} 59554+}
59578+#endif 59555+#endif
59579+ 59556+
59580+void __check_object_size(const void *ptr, unsigned long n, bool to_user) 59557+void __check_object_size(const void *ptr, unsigned long n, bool to_user, bool const_size)
59581+{ 59558+{
59582+
59583+#ifdef CONFIG_PAX_USERCOPY 59559+#ifdef CONFIG_PAX_USERCOPY
59584+ const char *type; 59560+ const char *type;
59561+#endif
59562+
59563+#ifndef CONFIG_STACK_GROWSUP
59564+ const void * stackstart = task_stack_page(current);
59565+ if (unlikely(current_stack_pointer < stackstart + 512 ||
59566+ current_stack_pointer >= stackstart + THREAD_SIZE))
59567+ BUG();
59568+#endif
59585+ 59569+
59570+#ifndef CONFIG_PAX_USERCOPY_DEBUG
59571+ if (const_size)
59572+ return;
59573+#endif
59574+
59575+#ifdef CONFIG_PAX_USERCOPY
59586+ if (!n) 59576+ if (!n)
59587+ return; 59577+ return;
59588+ 59578+
@@ -59613,6 +59603,8 @@ index 3d78fcc..cd4f983 100644
59613+ if (sp < current_thread_info()->lowest_stack && 59603+ if (sp < current_thread_info()->lowest_stack &&
59614+ sp > (unsigned long)task_stack_page(current)) 59604+ sp > (unsigned long)task_stack_page(current))
59615+ current_thread_info()->lowest_stack = sp; 59605+ current_thread_info()->lowest_stack = sp;
59606+ if (unlikely((sp & ~(THREAD_SIZE - 1)) < (THREAD_SIZE/16)))
59607+ BUG();
59616+} 59608+}
59617+EXPORT_SYMBOL(pax_track_stack); 59609+EXPORT_SYMBOL(pax_track_stack);
59618+#endif 59610+#endif
@@ -63006,7 +62998,7 @@ index 49d84f8..4807e0b 100644
63006 /* Copy the blockcheck stats from the superblock probe */ 62998 /* Copy the blockcheck stats from the superblock probe */
63007 osb->osb_ecc_stats = *stats; 62999 osb->osb_ecc_stats = *stats;
63008diff --git a/fs/open.c b/fs/open.c 63000diff --git a/fs/open.c b/fs/open.c
63009index b9ed8b2..0d5c7a0 100644 63001index 2ed7325..4e77ac3 100644
63010--- a/fs/open.c 63002--- a/fs/open.c
63011+++ b/fs/open.c 63003+++ b/fs/open.c
63012@@ -32,6 +32,8 @@ 63004@@ -32,6 +32,8 @@
@@ -63110,7 +63102,7 @@ index b9ed8b2..0d5c7a0 100644
63110 newattrs.ia_valid = ATTR_CTIME; 63102 newattrs.ia_valid = ATTR_CTIME;
63111 if (user != (uid_t) -1) { 63103 if (user != (uid_t) -1) {
63112 if (!uid_valid(uid)) 63104 if (!uid_valid(uid))
63113@@ -994,6 +1031,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) 63105@@ -982,6 +1019,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
63114 } else { 63106 } else {
63115 fsnotify_open(f); 63107 fsnotify_open(f);
63116 fd_install(fd, f); 63108 fd_install(fd, f);
@@ -77538,10 +77530,10 @@ index 810431d..0ec4804f 100644
77538 * (puds are folded into pgds so this doesn't get actually called, 77530 * (puds are folded into pgds so this doesn't get actually called,
77539 * but the define is needed for a generic inline function.) 77531 * but the define is needed for a generic inline function.)
77540diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h 77532diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
77541index 34c7bdc..38d4f3b 100644 77533index 38a7437..47f62a4 100644
77542--- a/include/asm-generic/pgtable.h 77534--- a/include/asm-generic/pgtable.h
77543+++ b/include/asm-generic/pgtable.h 77535+++ b/include/asm-generic/pgtable.h
77544@@ -787,6 +787,22 @@ static inline void pmdp_set_numa(struct mm_struct *mm, unsigned long addr, 77536@@ -802,6 +802,22 @@ static inline void pmdp_set_numa(struct mm_struct *mm, unsigned long addr,
77545 } 77537 }
77546 #endif /* CONFIG_NUMA_BALANCING */ 77538 #endif /* CONFIG_NUMA_BALANCING */
77547 77539
@@ -78286,7 +78278,7 @@ index d08e4d2..95fad61 100644
78286 78278
78287 /** 78279 /**
78288diff --git a/include/linux/cred.h b/include/linux/cred.h 78280diff --git a/include/linux/cred.h b/include/linux/cred.h
78289index 04421e8..117e17a 100644 78281index 04421e8..a85afd4 100644
78290--- a/include/linux/cred.h 78282--- a/include/linux/cred.h
78291+++ b/include/linux/cred.h 78283+++ b/include/linux/cred.h
78292@@ -35,7 +35,7 @@ struct group_info { 78284@@ -35,7 +35,7 @@ struct group_info {
@@ -78317,6 +78309,14 @@ index 04421e8..117e17a 100644
78317 #endif 78309 #endif
78318 78310
78319 /** 78311 /**
78312@@ -322,6 +325,7 @@ static inline void put_cred(const struct cred *_cred)
78313
78314 #define task_uid(task) (task_cred_xxx((task), uid))
78315 #define task_euid(task) (task_cred_xxx((task), euid))
78316+#define task_securebits(task) (task_cred_xxx((task), securebits))
78317
78318 #define current_cred_xxx(xxx) \
78319 ({ \
78320diff --git a/include/linux/crypto.h b/include/linux/crypto.h 78320diff --git a/include/linux/crypto.h b/include/linux/crypto.h
78321index b92eadf..b4ecdc1 100644 78321index b92eadf..b4ecdc1 100644
78322--- a/include/linux/crypto.h 78322--- a/include/linux/crypto.h
@@ -81343,7 +81343,7 @@ index 492de72..1bddcd4 100644
81343 return nd->saved_names[nd->depth]; 81343 return nd->saved_names[nd->depth];
81344 } 81344 }
81345diff --git a/include/linux/net.h b/include/linux/net.h 81345diff --git a/include/linux/net.h b/include/linux/net.h
81346index 94734a6..d8d6931 100644 81346index 17d8339..81656c0 100644
81347--- a/include/linux/net.h 81347--- a/include/linux/net.h
81348+++ b/include/linux/net.h 81348+++ b/include/linux/net.h
81349@@ -192,7 +192,7 @@ struct net_proto_family { 81349@@ -192,7 +192,7 @@ struct net_proto_family {
@@ -81356,18 +81356,18 @@ index 94734a6..d8d6931 100644
81356 struct iovec; 81356 struct iovec;
81357 struct kvec; 81357 struct kvec;
81358diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h 81358diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
81359index daafd95..74c5d1e 100644 81359index 911718f..f673407 100644
81360--- a/include/linux/netdevice.h 81360--- a/include/linux/netdevice.h
81361+++ b/include/linux/netdevice.h 81361+++ b/include/linux/netdevice.h
81362@@ -1146,6 +1146,7 @@ struct net_device_ops { 81362@@ -1147,6 +1147,7 @@ struct net_device_ops {
81363 struct net_device *dev,
81364 void *priv); 81363 void *priv);
81364 int (*ndo_get_lock_subclass)(struct net_device *dev);
81365 }; 81365 };
81366+typedef struct net_device_ops __no_const net_device_ops_no_const; 81366+typedef struct net_device_ops __no_const net_device_ops_no_const;
81367 81367
81368 /* 81368 /*
81369 * The DEVICE structure. 81369 * The DEVICE structure.
81370@@ -1228,7 +1229,7 @@ struct net_device { 81370@@ -1229,7 +1230,7 @@ struct net_device {
81371 int iflink; 81371 int iflink;
81372 81372
81373 struct net_device_stats stats; 81373 struct net_device_stats stats;
@@ -81710,10 +81710,10 @@ index 4ea1d37..80f4b33 100644
81710 /* 81710 /*
81711 * The return value from decompress routine is the length of the 81711 * The return value from decompress routine is the length of the
81712diff --git a/include/linux/preempt.h b/include/linux/preempt.h 81712diff --git a/include/linux/preempt.h b/include/linux/preempt.h
81713index de83b4e..c4b997d 100644 81713index 1841b58..fbeebf8 100644
81714--- a/include/linux/preempt.h 81714--- a/include/linux/preempt.h
81715+++ b/include/linux/preempt.h 81715+++ b/include/linux/preempt.h
81716@@ -27,11 +27,16 @@ extern void preempt_count_sub(int val); 81716@@ -29,11 +29,16 @@ extern void preempt_count_sub(int val);
81717 #define preempt_count_dec_and_test() __preempt_count_dec_and_test() 81717 #define preempt_count_dec_and_test() __preempt_count_dec_and_test()
81718 #endif 81718 #endif
81719 81719
@@ -81730,7 +81730,7 @@ index de83b4e..c4b997d 100644
81730 81730
81731 #ifdef CONFIG_PREEMPT_COUNT 81731 #ifdef CONFIG_PREEMPT_COUNT
81732 81732
81733@@ -41,6 +46,12 @@ do { \ 81733@@ -43,6 +48,12 @@ do { \
81734 barrier(); \ 81734 barrier(); \
81735 } while (0) 81735 } while (0)
81736 81736
@@ -81743,7 +81743,7 @@ index de83b4e..c4b997d 100644
81743 #define sched_preempt_enable_no_resched() \ 81743 #define sched_preempt_enable_no_resched() \
81744 do { \ 81744 do { \
81745 barrier(); \ 81745 barrier(); \
81746@@ -49,6 +60,12 @@ do { \ 81746@@ -51,6 +62,12 @@ do { \
81747 81747
81748 #define preempt_enable_no_resched() sched_preempt_enable_no_resched() 81748 #define preempt_enable_no_resched() sched_preempt_enable_no_resched()
81749 81749
@@ -81756,7 +81756,7 @@ index de83b4e..c4b997d 100644
81756 #ifdef CONFIG_PREEMPT 81756 #ifdef CONFIG_PREEMPT
81757 #define preempt_enable() \ 81757 #define preempt_enable() \
81758 do { \ 81758 do { \
81759@@ -113,8 +130,10 @@ do { \ 81759@@ -115,8 +132,10 @@ do { \
81760 * region. 81760 * region.
81761 */ 81761 */
81762 #define preempt_disable() barrier() 81762 #define preempt_disable() barrier()
@@ -81767,7 +81767,7 @@ index de83b4e..c4b997d 100644
81767 #define preempt_enable() barrier() 81767 #define preempt_enable() barrier()
81768 #define preempt_check_resched() do { } while (0) 81768 #define preempt_check_resched() do { } while (0)
81769 81769
81770@@ -128,11 +147,13 @@ do { \ 81770@@ -130,11 +149,13 @@ do { \
81771 /* 81771 /*
81772 * Modules have no business playing preemption tricks. 81772 * Modules have no business playing preemption tricks.
81773 */ 81773 */
@@ -82106,7 +82106,7 @@ index b66c211..13d2915 100644
82106 static inline void anon_vma_merge(struct vm_area_struct *vma, 82106 static inline void anon_vma_merge(struct vm_area_struct *vma,
82107 struct vm_area_struct *next) 82107 struct vm_area_struct *next)
82108diff --git a/include/linux/sched.h b/include/linux/sched.h 82108diff --git a/include/linux/sched.h b/include/linux/sched.h
82109index a781dec..2c03225 100644 82109index ccd0c6f..39c28a4 100644
82110--- a/include/linux/sched.h 82110--- a/include/linux/sched.h
82111+++ b/include/linux/sched.h 82111+++ b/include/linux/sched.h
82112@@ -129,6 +129,7 @@ struct fs_struct; 82112@@ -129,6 +129,7 @@ struct fs_struct;
@@ -82342,7 +82342,7 @@ index a781dec..2c03225 100644
82342 { 82342 {
82343 return tsk->pid; 82343 return tsk->pid;
82344 } 82344 }
82345@@ -1988,6 +2099,25 @@ extern u64 sched_clock_cpu(int cpu); 82345@@ -2006,6 +2117,25 @@ extern u64 sched_clock_cpu(int cpu);
82346 82346
82347 extern void sched_clock_init(void); 82347 extern void sched_clock_init(void);
82348 82348
@@ -82368,7 +82368,7 @@ index a781dec..2c03225 100644
82368 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK 82368 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
82369 static inline void sched_clock_tick(void) 82369 static inline void sched_clock_tick(void)
82370 { 82370 {
82371@@ -2112,7 +2242,9 @@ void yield(void); 82371@@ -2130,7 +2260,9 @@ void yield(void);
82372 extern struct exec_domain default_exec_domain; 82372 extern struct exec_domain default_exec_domain;
82373 82373
82374 union thread_union { 82374 union thread_union {
@@ -82378,7 +82378,7 @@ index a781dec..2c03225 100644
82378 unsigned long stack[THREAD_SIZE/sizeof(long)]; 82378 unsigned long stack[THREAD_SIZE/sizeof(long)];
82379 }; 82379 };
82380 82380
82381@@ -2145,6 +2277,7 @@ extern struct pid_namespace init_pid_ns; 82381@@ -2163,6 +2295,7 @@ extern struct pid_namespace init_pid_ns;
82382 */ 82382 */
82383 82383
82384 extern struct task_struct *find_task_by_vpid(pid_t nr); 82384 extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -82386,7 +82386,7 @@ index a781dec..2c03225 100644
82386 extern struct task_struct *find_task_by_pid_ns(pid_t nr, 82386 extern struct task_struct *find_task_by_pid_ns(pid_t nr,
82387 struct pid_namespace *ns); 82387 struct pid_namespace *ns);
82388 82388
82389@@ -2307,7 +2440,7 @@ extern void __cleanup_sighand(struct sighand_struct *); 82389@@ -2325,7 +2458,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
82390 extern void exit_itimers(struct signal_struct *); 82390 extern void exit_itimers(struct signal_struct *);
82391 extern void flush_itimer_signals(void); 82391 extern void flush_itimer_signals(void);
82392 82392
@@ -82395,7 +82395,7 @@ index a781dec..2c03225 100644
82395 82395
82396 extern int allow_signal(int); 82396 extern int allow_signal(int);
82397 extern int disallow_signal(int); 82397 extern int disallow_signal(int);
82398@@ -2508,9 +2641,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) 82398@@ -2526,9 +2659,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
82399 82399
82400 #endif 82400 #endif
82401 82401
@@ -82729,7 +82729,7 @@ index 6ae004e..2743532 100644
82729 /* 82729 /*
82730 * Callback to arch code if there's nosmp or maxcpus=0 on the 82730 * Callback to arch code if there's nosmp or maxcpus=0 on the
82731diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h 82731diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
82732index 54f91d3..be2c379 100644 82732index 302ab80..3233276 100644
82733--- a/include/linux/sock_diag.h 82733--- a/include/linux/sock_diag.h
82734+++ b/include/linux/sock_diag.h 82734+++ b/include/linux/sock_diag.h
82735@@ -11,7 +11,7 @@ struct sock; 82735@@ -11,7 +11,7 @@ struct sock;
@@ -83015,30 +83015,18 @@ index 387fa7d..3fcde6b 100644
83015 #ifdef CONFIG_MAGIC_SYSRQ 83015 #ifdef CONFIG_MAGIC_SYSRQ
83016 83016
83017diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h 83017diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
83018index fddbe20..e4cce53 100644 83018index a629e4b..3fea3d9 100644
83019--- a/include/linux/thread_info.h 83019--- a/include/linux/thread_info.h
83020+++ b/include/linux/thread_info.h 83020+++ b/include/linux/thread_info.h
83021@@ -161,6 +161,25 @@ static inline bool test_and_clear_restore_sigmask(void) 83021@@ -159,6 +159,13 @@ static inline bool test_and_clear_restore_sigmask(void)
83022 #error "no set_restore_sigmask() provided and default one won't work" 83022 #error "no set_restore_sigmask() provided and default one won't work"
83023 #endif 83023 #endif
83024 83024
83025+extern void __check_object_size(const void *ptr, unsigned long n, bool to_user); 83025+extern void __check_object_size(const void *ptr, unsigned long n, bool to_user, bool const_size);
83026+
83027+#if defined(CONFIG_X86) && defined(CONFIG_PAX_USERCOPY)
83028+extern void pax_check_alloca(unsigned long size);
83029+#endif
83030+ 83026+
83031+static inline void check_object_size(const void *ptr, unsigned long n, bool to_user) 83027+static inline void check_object_size(const void *ptr, unsigned long n, bool to_user)
83032+{ 83028+{
83033+#if defined(CONFIG_X86) && defined(CONFIG_PAX_USERCOPY) 83029+ __check_object_size(ptr, n, to_user, __builtin_constant_p(n));
83034+ /* always check if we've overflowed the stack in a copy*user */
83035+ pax_check_alloca(sizeof(unsigned long));
83036+#endif
83037+
83038+#ifndef CONFIG_PAX_USERCOPY_DEBUG
83039+ if (!__builtin_constant_p(n))
83040+#endif
83041+ __check_object_size(ptr, n, to_user);
83042+} 83030+}
83043+ 83031+
83044 #endif /* __KERNEL__ */ 83032 #endif /* __KERNEL__ */
@@ -83975,21 +83963,6 @@ index 8ba8ce2..99b7fff 100644
83975 struct sk_buff *skb, int offset, struct iovec *to, 83963 struct sk_buff *skb, int offset, struct iovec *to,
83976 size_t len, struct dma_pinned_list *pinned_list); 83964 size_t len, struct dma_pinned_list *pinned_list);
83977 83965
83978diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
83979index 956b175..55d1504 100644
83980--- a/include/net/netfilter/nf_conntrack_extend.h
83981+++ b/include/net/netfilter/nf_conntrack_extend.h
83982@@ -47,8 +47,8 @@ enum nf_ct_ext_id {
83983 /* Extensions: optional stuff which isn't permanently in struct. */
83984 struct nf_ct_ext {
83985 struct rcu_head rcu;
83986- u8 offset[NF_CT_EXT_NUM];
83987- u8 len;
83988+ u16 offset[NF_CT_EXT_NUM];
83989+ u16 len;
83990 char data[0];
83991 };
83992
83993diff --git a/include/net/netlink.h b/include/net/netlink.h 83966diff --git a/include/net/netlink.h b/include/net/netlink.h
83994index 2b47eaa..6d5bcc2 100644 83967index 2b47eaa..6d5bcc2 100644
83995--- a/include/net/netlink.h 83968--- a/include/net/netlink.h
@@ -84151,7 +84124,7 @@ index 7f4eeb3..37e8fe1 100644
84151 84124
84152 /* Get the size of a DATA chunk payload. */ 84125 /* Get the size of a DATA chunk payload. */
84153diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h 84126diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
84154index 6ee76c8..45f2609 100644 84127index 0dfcc92..7967849 100644
84155--- a/include/net/sctp/structs.h 84128--- a/include/net/sctp/structs.h
84156+++ b/include/net/sctp/structs.h 84129+++ b/include/net/sctp/structs.h
84157@@ -507,7 +507,7 @@ struct sctp_pf { 84130@@ -507,7 +507,7 @@ struct sctp_pf {
@@ -84355,7 +84328,7 @@ index 52beadf..598734c 100644
84355 u8 qfull; 84328 u8 qfull;
84356 enum fc_lport_state state; 84329 enum fc_lport_state state;
84357diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h 84330diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
84358index d65fbec..f80fef2 100644 84331index b4f1eff..7fdbd46 100644
84359--- a/include/scsi/scsi_device.h 84332--- a/include/scsi/scsi_device.h
84360+++ b/include/scsi/scsi_device.h 84333+++ b/include/scsi/scsi_device.h
84361@@ -180,9 +180,9 @@ struct scsi_device { 84334@@ -180,9 +180,9 @@ struct scsi_device {
@@ -84815,7 +84788,7 @@ index 30f5362..8ed8ac9 100644
84815 void *pmi_pal; 84788 void *pmi_pal;
84816 u8 *vbe_state_orig; /* 84789 u8 *vbe_state_orig; /*
84817diff --git a/init/Kconfig b/init/Kconfig 84790diff --git a/init/Kconfig b/init/Kconfig
84818index d56cb03..7e6d5dc 100644 84791index 93c5ef0..ac92caa 100644
84819--- a/init/Kconfig 84792--- a/init/Kconfig
84820+++ b/init/Kconfig 84793+++ b/init/Kconfig
84821@@ -1079,6 +1079,7 @@ endif # CGROUPS 84794@@ -1079,6 +1079,7 @@ endif # CGROUPS
@@ -85655,7 +85628,7 @@ index 8d6e145..33e0b1e 100644
85655 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; 85628 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
85656 set_fs(fs); 85629 set_fs(fs);
85657diff --git a/kernel/audit.c b/kernel/audit.c 85630diff --git a/kernel/audit.c b/kernel/audit.c
85658index 95a20f3..e1cb300 100644 85631index d5f31c1..06646e1 100644
85659--- a/kernel/audit.c 85632--- a/kernel/audit.c
85660+++ b/kernel/audit.c 85633+++ b/kernel/audit.c
85661@@ -122,7 +122,7 @@ u32 audit_sig_sid = 0; 85634@@ -122,7 +122,7 @@ u32 audit_sig_sid = 0;
@@ -85695,7 +85668,7 @@ index 95a20f3..e1cb300 100644
85695 s.version = AUDIT_VERSION_LATEST; 85668 s.version = AUDIT_VERSION_LATEST;
85696 s.backlog_wait_time = audit_backlog_wait_time; 85669 s.backlog_wait_time = audit_backlog_wait_time;
85697diff --git a/kernel/auditsc.c b/kernel/auditsc.c 85670diff --git a/kernel/auditsc.c b/kernel/auditsc.c
85698index 7aef2f4..db6ced2 100644 85671index 3b29605..f6c85d0 100644
85699--- a/kernel/auditsc.c 85672--- a/kernel/auditsc.c
85700+++ b/kernel/auditsc.c 85673+++ b/kernel/auditsc.c
85701@@ -1945,7 +1945,7 @@ int auditsc_get_stamp(struct audit_context *ctx, 85674@@ -1945,7 +1945,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
@@ -86009,7 +85982,7 @@ index c18b1f1..b9a0132 100644
86009 return -ENOMEM; 85982 return -ENOMEM;
86010 85983
86011diff --git a/kernel/cred.c b/kernel/cred.c 85984diff --git a/kernel/cred.c b/kernel/cred.c
86012index e0573a4..3874e41 100644 85985index e0573a4..20fb164 100644
86013--- a/kernel/cred.c 85986--- a/kernel/cred.c
86014+++ b/kernel/cred.c 85987+++ b/kernel/cred.c
86015@@ -164,6 +164,16 @@ void exit_creds(struct task_struct *tsk) 85988@@ -164,6 +164,16 @@ void exit_creds(struct task_struct *tsk)
@@ -86047,7 +86020,7 @@ index e0573a4..3874e41 100644
86047 /* dumpability changes */ 86020 /* dumpability changes */
86048 if (!uid_eq(old->euid, new->euid) || 86021 if (!uid_eq(old->euid, new->euid) ||
86049 !gid_eq(old->egid, new->egid) || 86022 !gid_eq(old->egid, new->egid) ||
86050@@ -479,6 +491,102 @@ int commit_creds(struct cred *new) 86023@@ -479,6 +491,108 @@ int commit_creds(struct cred *new)
86051 put_cred(old); 86024 put_cred(old);
86052 return 0; 86025 return 0;
86053 } 86026 }
@@ -86116,6 +86089,7 @@ index e0573a4..3874e41 100644
86116+ int ret; 86089+ int ret;
86117+ int schedule_it = 0; 86090+ int schedule_it = 0;
86118+ struct task_struct *t; 86091+ struct task_struct *t;
86092+ unsigned oldsecurebits = current_cred()->securebits;
86119+ 86093+
86120+ /* we won't get called with tasklist_lock held for writing 86094+ /* we won't get called with tasklist_lock held for writing
86121+ and interrupts disabled as the cred struct in that case is 86095+ and interrupts disabled as the cred struct in that case is
@@ -86132,7 +86106,11 @@ index e0573a4..3874e41 100644
86132+ read_lock(&tasklist_lock); 86106+ read_lock(&tasklist_lock);
86133+ for (t = next_thread(current); t != current; 86107+ for (t = next_thread(current); t != current;
86134+ t = next_thread(t)) { 86108+ t = next_thread(t)) {
86135+ if (t->delayed_cred == NULL) { 86109+ /* we'll check if the thread has uid 0 in
86110+ * the delayed worker routine
86111+ */
86112+ if (task_securebits(t) == oldsecurebits &&
86113+ t->delayed_cred == NULL) {
86136+ t->delayed_cred = get_cred(new); 86114+ t->delayed_cred = get_cred(new);
86137+ set_tsk_thread_flag(t, TIF_GRSEC_SETXID); 86115+ set_tsk_thread_flag(t, TIF_GRSEC_SETXID);
86138+ set_tsk_need_resched(t); 86116+ set_tsk_need_resched(t);
@@ -86141,6 +86119,7 @@ index e0573a4..3874e41 100644
86141+ read_unlock(&tasklist_lock); 86119+ read_unlock(&tasklist_lock);
86142+ rcu_read_unlock(); 86120+ rcu_read_unlock();
86143+ } 86121+ }
86122+
86144+ return ret; 86123+ return ret;
86145+#else 86124+#else
86146+ return __commit_creds(new); 86125+ return __commit_creds(new);
@@ -90964,7 +90943,7 @@ index accfd24..e00f0c0 100644
90964 struct timer_list timer; 90943 struct timer_list timer;
90965 unsigned long expire; 90944 unsigned long expire;
90966diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c 90945diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
90967index b418cb0..f879a3d 100644 90946index 4f3a3c03..04b7886 100644
90968--- a/kernel/trace/blktrace.c 90947--- a/kernel/trace/blktrace.c
90969+++ b/kernel/trace/blktrace.c 90948+++ b/kernel/trace/blktrace.c
90970@@ -328,7 +328,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, 90949@@ -328,7 +328,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer,
@@ -92486,10 +92465,10 @@ index b32b70c..e512eb0 100644
92486 set_page_address(page, (void *)vaddr); 92465 set_page_address(page, (void *)vaddr);
92487 92466
92488diff --git a/mm/hugetlb.c b/mm/hugetlb.c 92467diff --git a/mm/hugetlb.c b/mm/hugetlb.c
92489index 2de3c84..4ecaf1b 100644 92468index 06a9bc0..cfbba83 100644
92490--- a/mm/hugetlb.c 92469--- a/mm/hugetlb.c
92491+++ b/mm/hugetlb.c 92470+++ b/mm/hugetlb.c
92492@@ -2069,15 +2069,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, 92471@@ -2070,15 +2070,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
92493 struct hstate *h = &default_hstate; 92472 struct hstate *h = &default_hstate;
92494 unsigned long tmp; 92473 unsigned long tmp;
92495 int ret; 92474 int ret;
@@ -92510,7 +92489,7 @@ index 2de3c84..4ecaf1b 100644
92510 if (ret) 92489 if (ret)
92511 goto out; 92490 goto out;
92512 92491
92513@@ -2122,15 +2124,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, 92492@@ -2123,15 +2125,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
92514 struct hstate *h = &default_hstate; 92493 struct hstate *h = &default_hstate;
92515 unsigned long tmp; 92494 unsigned long tmp;
92516 int ret; 92495 int ret;
@@ -92531,7 +92510,7 @@ index 2de3c84..4ecaf1b 100644
92531 if (ret) 92510 if (ret)
92532 goto out; 92511 goto out;
92533 92512
92534@@ -2599,6 +2603,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, 92513@@ -2600,6 +2604,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
92535 return 1; 92514 return 1;
92536 } 92515 }
92537 92516
@@ -92559,7 +92538,7 @@ index 2de3c84..4ecaf1b 100644
92559 /* 92538 /*
92560 * Hugetlb_cow() should be called with page lock of the original hugepage held. 92539 * Hugetlb_cow() should be called with page lock of the original hugepage held.
92561 * Called with hugetlb_instantiation_mutex held and pte_page locked so we 92540 * Called with hugetlb_instantiation_mutex held and pte_page locked so we
92562@@ -2715,6 +2740,11 @@ retry_avoidcopy: 92541@@ -2716,6 +2741,11 @@ retry_avoidcopy:
92563 make_huge_pte(vma, new_page, 1)); 92542 make_huge_pte(vma, new_page, 1));
92564 page_remove_rmap(old_page); 92543 page_remove_rmap(old_page);
92565 hugepage_add_new_anon_rmap(new_page, vma, address); 92544 hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -92571,7 +92550,7 @@ index 2de3c84..4ecaf1b 100644
92571 /* Make the old page be freed below */ 92550 /* Make the old page be freed below */
92572 new_page = old_page; 92551 new_page = old_page;
92573 } 92552 }
92574@@ -2879,6 +2909,10 @@ retry: 92553@@ -2880,6 +2910,10 @@ retry:
92575 && (vma->vm_flags & VM_SHARED))); 92554 && (vma->vm_flags & VM_SHARED)));
92576 set_huge_pte_at(mm, address, ptep, new_pte); 92555 set_huge_pte_at(mm, address, ptep, new_pte);
92577 92556
@@ -92582,7 +92561,7 @@ index 2de3c84..4ecaf1b 100644
92582 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { 92561 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
92583 /* Optimization, do the COW without a second fault */ 92562 /* Optimization, do the COW without a second fault */
92584 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); 92563 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl);
92585@@ -2909,6 +2943,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, 92564@@ -2910,6 +2944,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
92586 static DEFINE_MUTEX(hugetlb_instantiation_mutex); 92565 static DEFINE_MUTEX(hugetlb_instantiation_mutex);
92587 struct hstate *h = hstate_vma(vma); 92566 struct hstate *h = hstate_vma(vma);
92588 92567
@@ -92593,7 +92572,7 @@ index 2de3c84..4ecaf1b 100644
92593 address &= huge_page_mask(h); 92572 address &= huge_page_mask(h);
92594 92573
92595 ptep = huge_pte_offset(mm, address); 92574 ptep = huge_pte_offset(mm, address);
92596@@ -2922,6 +2960,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, 92575@@ -2923,6 +2961,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
92597 VM_FAULT_SET_HINDEX(hstate_index(h)); 92576 VM_FAULT_SET_HINDEX(hstate_index(h));
92598 } 92577 }
92599 92578
@@ -97227,10 +97206,10 @@ index def5dd2..4ce55cec 100644
97227 return 0; 97206 return 0;
97228 } 97207 }
97229diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c 97208diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
97230index 175273f..1c63e05 100644 97209index 44ebd5c..1f732bae 100644
97231--- a/net/8021q/vlan.c 97210--- a/net/8021q/vlan.c
97232+++ b/net/8021q/vlan.c 97211+++ b/net/8021q/vlan.c
97233@@ -474,7 +474,7 @@ out: 97212@@ -475,7 +475,7 @@ out:
97234 return NOTIFY_DONE; 97213 return NOTIFY_DONE;
97235 } 97214 }
97236 97215
@@ -97239,7 +97218,7 @@ index 175273f..1c63e05 100644
97239 .notifier_call = vlan_device_event, 97218 .notifier_call = vlan_device_event,
97240 }; 97219 };
97241 97220
97242@@ -549,8 +549,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) 97221@@ -550,8 +550,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
97243 err = -EPERM; 97222 err = -EPERM;
97244 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 97223 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
97245 break; 97224 break;
@@ -97507,7 +97486,7 @@ index 919a5ce..cc6b444 100644
97507 table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL); 97486 table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL);
97508 if (!table) 97487 if (!table)
97509diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c 97488diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
97510index 8323bce..a03130d 100644 97489index d074d06..ad3cfcf 100644
97511--- a/net/batman-adv/bat_iv_ogm.c 97490--- a/net/batman-adv/bat_iv_ogm.c
97512+++ b/net/batman-adv/bat_iv_ogm.c 97491+++ b/net/batman-adv/bat_iv_ogm.c
97513@@ -312,7 +312,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) 97492@@ -312,7 +312,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
@@ -97531,7 +97510,7 @@ index 8323bce..a03130d 100644
97531 97510
97532 batadv_iv_ogm_slide_own_bcast_window(hard_iface); 97511 batadv_iv_ogm_slide_own_bcast_window(hard_iface);
97533 97512
97534@@ -1594,7 +1594,7 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset, 97513@@ -1596,7 +1596,7 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset,
97535 return; 97514 return;
97536 97515
97537 /* could be changed by schedule_own_packet() */ 97516 /* could be changed by schedule_own_packet() */
@@ -97541,10 +97520,10 @@ index 8323bce..a03130d 100644
97541 if (ogm_packet->flags & BATADV_DIRECTLINK) 97520 if (ogm_packet->flags & BATADV_DIRECTLINK)
97542 has_directlink_flag = true; 97521 has_directlink_flag = true;
97543diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c 97522diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
97544index 88df9b1..69cf7c0 100644 97523index cc1cfd6..7a68e022 100644
97545--- a/net/batman-adv/fragmentation.c 97524--- a/net/batman-adv/fragmentation.c
97546+++ b/net/batman-adv/fragmentation.c 97525+++ b/net/batman-adv/fragmentation.c
97547@@ -445,7 +445,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb, 97526@@ -446,7 +446,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
97548 frag_header.packet_type = BATADV_UNICAST_FRAG; 97527 frag_header.packet_type = BATADV_UNICAST_FRAG;
97549 frag_header.version = BATADV_COMPAT_VERSION; 97528 frag_header.version = BATADV_COMPAT_VERSION;
97550 frag_header.ttl = BATADV_TTL; 97529 frag_header.ttl = BATADV_TTL;
@@ -97741,10 +97720,10 @@ index f9c0980a..fcbbfeb 100644
97741 tty_port_close(&dev->port, tty, filp); 97720 tty_port_close(&dev->port, tty, filp);
97742 } 97721 }
97743diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c 97722diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
97744index 0e474b1..fb7109c 100644 97723index 1059ed3..d70846a 100644
97745--- a/net/bridge/netfilter/ebtables.c 97724--- a/net/bridge/netfilter/ebtables.c
97746+++ b/net/bridge/netfilter/ebtables.c 97725+++ b/net/bridge/netfilter/ebtables.c
97747@@ -1525,7 +1525,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 97726@@ -1524,7 +1524,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
97748 tmp.valid_hooks = t->table->valid_hooks; 97727 tmp.valid_hooks = t->table->valid_hooks;
97749 } 97728 }
97750 mutex_unlock(&ebt_mutex); 97729 mutex_unlock(&ebt_mutex);
@@ -97753,7 +97732,7 @@ index 0e474b1..fb7109c 100644
97753 BUGPRINT("c2u Didn't work\n"); 97732 BUGPRINT("c2u Didn't work\n");
97754 ret = -EFAULT; 97733 ret = -EFAULT;
97755 break; 97734 break;
97756@@ -2331,7 +2331,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, 97735@@ -2330,7 +2330,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
97757 goto out; 97736 goto out;
97758 tmp.valid_hooks = t->valid_hooks; 97737 tmp.valid_hooks = t->valid_hooks;
97759 97738
@@ -97762,7 +97741,7 @@ index 0e474b1..fb7109c 100644
97762 ret = -EFAULT; 97741 ret = -EFAULT;
97763 break; 97742 break;
97764 } 97743 }
97765@@ -2342,7 +2342,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, 97744@@ -2341,7 +2341,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
97766 tmp.entries_size = t->table->entries_size; 97745 tmp.entries_size = t->table->entries_size;
97767 tmp.valid_hooks = t->table->valid_hooks; 97746 tmp.valid_hooks = t->table->valid_hooks;
97768 97747
@@ -98060,7 +98039,7 @@ index a16ed7b..eb44d17 100644
98060 98039
98061 return err; 98040 return err;
98062diff --git a/net/core/dev.c b/net/core/dev.c 98041diff --git a/net/core/dev.c b/net/core/dev.c
98063index 45fa2f1..f3e28ec 100644 98042index fccc195..c8486ab 100644
98064--- a/net/core/dev.c 98043--- a/net/core/dev.c
98065+++ b/net/core/dev.c 98044+++ b/net/core/dev.c
98066@@ -1688,14 +1688,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) 98045@@ -1688,14 +1688,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -98116,7 +98095,7 @@ index 45fa2f1..f3e28ec 100644
98116 kfree_skb(skb); 98095 kfree_skb(skb);
98117 /* Jamal, now you will not able to escape explaining 98096 /* Jamal, now you will not able to escape explaining
98118 * me how you were going to use this. :-) 98097 * me how you were going to use this. :-)
98119@@ -4331,7 +4331,7 @@ void netif_napi_del(struct napi_struct *napi) 98098@@ -4333,7 +4333,7 @@ void netif_napi_del(struct napi_struct *napi)
98120 } 98099 }
98121 EXPORT_SYMBOL(netif_napi_del); 98100 EXPORT_SYMBOL(netif_napi_del);
98122 98101
@@ -98125,7 +98104,7 @@ index 45fa2f1..f3e28ec 100644
98125 { 98104 {
98126 struct softnet_data *sd = &__get_cpu_var(softnet_data); 98105 struct softnet_data *sd = &__get_cpu_var(softnet_data);
98127 unsigned long time_limit = jiffies + 2; 98106 unsigned long time_limit = jiffies + 2;
98128@@ -6250,7 +6250,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, 98107@@ -6302,7 +6302,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
98129 } else { 98108 } else {
98130 netdev_stats_to_stats64(storage, &dev->stats); 98109 netdev_stats_to_stats64(storage, &dev->stats);
98131 } 98110 }
@@ -98153,7 +98132,7 @@ index cf999e0..c59a975 100644
98153 } 98132 }
98154 EXPORT_SYMBOL(dev_load); 98133 EXPORT_SYMBOL(dev_load);
98155diff --git a/net/core/filter.c b/net/core/filter.c 98134diff --git a/net/core/filter.c b/net/core/filter.c
98156index ad30d62..21c0743 100644 98135index ebce437..9fed9d0 100644
98157--- a/net/core/filter.c 98136--- a/net/core/filter.c
98158+++ b/net/core/filter.c 98137+++ b/net/core/filter.c
98159@@ -126,7 +126,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb, 98138@@ -126,7 +126,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb,
@@ -98191,35 +98170,7 @@ index ad30d62..21c0743 100644
98191 continue; 98170 continue;
98192 case BPF_S_ANC_PROTOCOL: 98171 case BPF_S_ANC_PROTOCOL:
98193 A = ntohs(skb->protocol); 98172 A = ntohs(skb->protocol);
98194@@ -355,6 +355,10 @@ load_b: 98173@@ -395,9 +395,10 @@ load_b:
98195
98196 if (skb_is_nonlinear(skb))
98197 return 0;
98198+
98199+ if (skb->len < sizeof(struct nlattr))
98200+ return 0;
98201+
98202 if (A > skb->len - sizeof(struct nlattr))
98203 return 0;
98204
98205@@ -371,11 +375,15 @@ load_b:
98206
98207 if (skb_is_nonlinear(skb))
98208 return 0;
98209+
98210+ if (skb->len < sizeof(struct nlattr))
98211+ return 0;
98212+
98213 if (A > skb->len - sizeof(struct nlattr))
98214 return 0;
98215
98216 nla = (struct nlattr *)&skb->data[A];
98217- if (nla->nla_len > A - skb->len)
98218+ if (nla->nla_len > skb->len - A)
98219 return 0;
98220
98221 nla = nla_find_nested(nla, X);
98222@@ -391,9 +399,10 @@ load_b:
98223 continue; 98174 continue;
98224 #endif 98175 #endif
98225 default: 98176 default:
@@ -98231,7 +98182,7 @@ index ad30d62..21c0743 100644
98231 return 0; 98182 return 0;
98232 } 98183 }
98233 } 98184 }
98234@@ -416,7 +425,7 @@ static int check_load_and_stores(struct sock_filter *filter, int flen) 98185@@ -420,7 +421,7 @@ static int check_load_and_stores(struct sock_filter *filter, int flen)
98235 u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */ 98186 u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */
98236 int pc, ret = 0; 98187 int pc, ret = 0;
98237 98188
@@ -98240,7 +98191,7 @@ index ad30d62..21c0743 100644
98240 masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL); 98191 masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL);
98241 if (!masks) 98192 if (!masks)
98242 return -ENOMEM; 98193 return -ENOMEM;
98243@@ -679,7 +688,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp, 98194@@ -683,7 +684,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp,
98244 fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL); 98195 fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL);
98245 if (!fp) 98196 if (!fp)
98246 return -ENOMEM; 98197 return -ENOMEM;
@@ -98312,7 +98263,7 @@ index b618694..192bbba 100644
98312 98263
98313 m->msg_iov = iov; 98264 m->msg_iov = iov;
98314diff --git a/net/core/neighbour.c b/net/core/neighbour.c 98265diff --git a/net/core/neighbour.c b/net/core/neighbour.c
98315index e161290..8149aea 100644 98266index 7d95f69..a6065de 100644
98316--- a/net/core/neighbour.c 98267--- a/net/core/neighbour.c
98317+++ b/net/core/neighbour.c 98268+++ b/net/core/neighbour.c
98318@@ -2824,7 +2824,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write, 98269@@ -2824,7 +2824,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
@@ -98402,7 +98353,7 @@ index 2bf8329..2eb1423 100644
98402 98353
98403 return 0; 98354 return 0;
98404diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c 98355diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
98405index 81d3a9a..a0bd7a8 100644 98356index 7c8ffd9..0cb3687 100644
98406--- a/net/core/net_namespace.c 98357--- a/net/core/net_namespace.c
98407+++ b/net/core/net_namespace.c 98358+++ b/net/core/net_namespace.c
98408@@ -443,7 +443,7 @@ static int __register_pernet_operations(struct list_head *list, 98359@@ -443,7 +443,7 @@ static int __register_pernet_operations(struct list_head *list,
@@ -98477,7 +98428,7 @@ index fdac61c..e5e5b46 100644
98477 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); 98428 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
98478 return -ENODEV; 98429 return -ENODEV;
98479diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c 98430diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
98480index 120eecc..cd1ec44 100644 98431index 83b9d6a..cff1ce7 100644
98481--- a/net/core/rtnetlink.c 98432--- a/net/core/rtnetlink.c
98482+++ b/net/core/rtnetlink.c 98433+++ b/net/core/rtnetlink.c
98483@@ -58,7 +58,7 @@ struct rtnl_link { 98434@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -98556,7 +98507,7 @@ index b442e7e..6f5b5a2 100644
98556 { 98507 {
98557 struct socket *sock; 98508 struct socket *sock;
98558diff --git a/net/core/skbuff.c b/net/core/skbuff.c 98509diff --git a/net/core/skbuff.c b/net/core/skbuff.c
98559index 90b96a1..cd18f16d 100644 98510index e5ae776e..15c90cb 100644
98560--- a/net/core/skbuff.c 98511--- a/net/core/skbuff.c
98561+++ b/net/core/skbuff.c 98512+++ b/net/core/skbuff.c
98562@@ -2003,7 +2003,7 @@ EXPORT_SYMBOL(__skb_checksum); 98513@@ -2003,7 +2003,7 @@ EXPORT_SYMBOL(__skb_checksum);
@@ -98702,7 +98653,7 @@ index c0fc6bd..51d8326 100644
98702 msg->msg_flags |= MSG_ERRQUEUE; 98653 msg->msg_flags |= MSG_ERRQUEUE;
98703 err = copied; 98654 err = copied;
98704diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c 98655diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
98705index a0e9cf6..ef7f9ed 100644 98656index 6a7fae2..d7c22e6 100644
98706--- a/net/core/sock_diag.c 98657--- a/net/core/sock_diag.c
98707+++ b/net/core/sock_diag.c 98658+++ b/net/core/sock_diag.c
98708@@ -9,26 +9,33 @@ 98659@@ -9,26 +9,33 @@
@@ -99022,7 +98973,7 @@ index c7539e2..b455e51 100644
99022 break; 98973 break;
99023 case NETDEV_DOWN: 98974 case NETDEV_DOWN:
99024diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c 98975diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
99025index b53f0bf..3585b33 100644 98976index 9d43468..ffa28cc 100644
99026--- a/net/ipv4/fib_semantics.c 98977--- a/net/ipv4/fib_semantics.c
99027+++ b/net/ipv4/fib_semantics.c 98978+++ b/net/ipv4/fib_semantics.c
99028@@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) 98979@@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
@@ -99144,7 +99095,7 @@ index c10a3ce..dd71f84 100644
99144 return -ENOMEM; 99095 return -ENOMEM;
99145 } 99096 }
99146diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c 99097diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
99147index ec4f762..4ce3645 100644 99098index 94213c8..8bdb342 100644
99148--- a/net/ipv4/ip_gre.c 99099--- a/net/ipv4/ip_gre.c
99149+++ b/net/ipv4/ip_gre.c 99100+++ b/net/ipv4/ip_gre.c
99150@@ -115,7 +115,7 @@ static bool log_ecn_error = true; 99101@@ -115,7 +115,7 @@ static bool log_ecn_error = true;
@@ -99198,7 +99149,7 @@ index 580dd96..9fcef7e 100644
99198 msg.msg_flags = flags; 99149 msg.msg_flags = flags;
99199 99150
99200diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c 99151diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
99201index 48eafae..defff53 100644 99152index e4a8f76..dd8ad72 100644
99202--- a/net/ipv4/ip_vti.c 99153--- a/net/ipv4/ip_vti.c
99203+++ b/net/ipv4/ip_vti.c 99154+++ b/net/ipv4/ip_vti.c
99204@@ -44,7 +44,7 @@ 99155@@ -44,7 +44,7 @@
@@ -99273,7 +99224,7 @@ index 812b183..56cbe9c 100644
99273 .maxtype = IFLA_IPTUN_MAX, 99224 .maxtype = IFLA_IPTUN_MAX,
99274 .policy = ipip_policy, 99225 .policy = ipip_policy,
99275diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c 99226diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
99276index 59da7cd..e318de1 100644 99227index f95b6f9..2ee2097 100644
99277--- a/net/ipv4/netfilter/arp_tables.c 99228--- a/net/ipv4/netfilter/arp_tables.c
99278+++ b/net/ipv4/netfilter/arp_tables.c 99229+++ b/net/ipv4/netfilter/arp_tables.c
99279@@ -885,14 +885,14 @@ static int compat_table_info(const struct xt_table_info *info, 99230@@ -885,14 +885,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -99303,7 +99254,7 @@ index 59da7cd..e318de1 100644
99303 ret = -EFAULT; 99254 ret = -EFAULT;
99304 else 99255 else
99305 ret = 0; 99256 ret = 0;
99306@@ -1688,7 +1688,7 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, 99257@@ -1690,7 +1690,7 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
99307 99258
99308 switch (cmd) { 99259 switch (cmd) {
99309 case ARPT_SO_GET_INFO: 99260 case ARPT_SO_GET_INFO:
@@ -99312,7 +99263,7 @@ index 59da7cd..e318de1 100644
99312 break; 99263 break;
99313 case ARPT_SO_GET_ENTRIES: 99264 case ARPT_SO_GET_ENTRIES:
99314 ret = compat_get_entries(sock_net(sk), user, len); 99265 ret = compat_get_entries(sock_net(sk), user, len);
99315@@ -1733,7 +1733,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len 99266@@ -1735,7 +1735,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
99316 99267
99317 switch (cmd) { 99268 switch (cmd) {
99318 case ARPT_SO_GET_INFO: 99269 case ARPT_SO_GET_INFO:
@@ -99322,7 +99273,7 @@ index 59da7cd..e318de1 100644
99322 99273
99323 case ARPT_SO_GET_ENTRIES: 99274 case ARPT_SO_GET_ENTRIES:
99324diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c 99275diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
99325index 718dfbd..cef4152 100644 99276index 99e810f..3711b81 100644
99326--- a/net/ipv4/netfilter/ip_tables.c 99277--- a/net/ipv4/netfilter/ip_tables.c
99327+++ b/net/ipv4/netfilter/ip_tables.c 99278+++ b/net/ipv4/netfilter/ip_tables.c
99328@@ -1073,14 +1073,14 @@ static int compat_table_info(const struct xt_table_info *info, 99279@@ -1073,14 +1073,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -99352,7 +99303,7 @@ index 718dfbd..cef4152 100644
99352 ret = -EFAULT; 99303 ret = -EFAULT;
99353 else 99304 else
99354 ret = 0; 99305 ret = 0;
99355@@ -1971,7 +1971,7 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 99306@@ -1973,7 +1973,7 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
99356 99307
99357 switch (cmd) { 99308 switch (cmd) {
99358 case IPT_SO_GET_INFO: 99309 case IPT_SO_GET_INFO:
@@ -99361,7 +99312,7 @@ index 718dfbd..cef4152 100644
99361 break; 99312 break;
99362 case IPT_SO_GET_ENTRIES: 99313 case IPT_SO_GET_ENTRIES:
99363 ret = compat_get_entries(sock_net(sk), user, len); 99314 ret = compat_get_entries(sock_net(sk), user, len);
99364@@ -2018,7 +2018,7 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 99315@@ -2020,7 +2020,7 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
99365 99316
99366 switch (cmd) { 99317 switch (cmd) {
99367 case IPT_SO_GET_INFO: 99318 case IPT_SO_GET_INFO:
@@ -99384,7 +99335,7 @@ index 2510c02..cfb34fa 100644
99384 pr_err("Unable to proc dir entry\n"); 99335 pr_err("Unable to proc dir entry\n");
99385 return -ENOMEM; 99336 return -ENOMEM;
99386diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c 99337diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
99387index 2d11c09..3f153f8 100644 99338index e21934b..16f52a6 100644
99388--- a/net/ipv4/ping.c 99339--- a/net/ipv4/ping.c
99389+++ b/net/ipv4/ping.c 99340+++ b/net/ipv4/ping.c
99390@@ -59,7 +59,7 @@ struct ping_table { 99341@@ -59,7 +59,7 @@ struct ping_table {
@@ -99396,39 +99347,16 @@ index 2d11c09..3f153f8 100644
99396 EXPORT_SYMBOL_GPL(pingv6_ops); 99347 EXPORT_SYMBOL_GPL(pingv6_ops);
99397 99348
99398 static u16 ping_port_rover; 99349 static u16 ping_port_rover;
99399@@ -255,23 +255,28 @@ int ping_init_sock(struct sock *sk) 99350@@ -259,7 +259,7 @@ int ping_init_sock(struct sock *sk)
99400 struct group_info *group_info = get_current_groups();
99401 int i, j, count = group_info->ngroups;
99402 kgid_t low, high;
99403+ int ret = 0;
99404 99351
99405 inet_get_ping_group_range_net(net, &low, &high); 99352 inet_get_ping_group_range_net(net, &low, &high);
99406 if (gid_lte(low, group) && gid_lte(group, high)) 99353 if (gid_lte(low, group) && gid_lte(group, high))
99407- return 0; 99354- return 0;
99408+ goto out_release_group; 99355+ goto out_release_group;
99409 99356
99410 for (i = 0; i < group_info->nblocks; i++) { 99357 group_info = get_current_groups();
99411 int cp_count = min_t(int, NGROUPS_PER_BLOCK, count); 99358 count = group_info->ngroups;
99412 for (j = 0; j < cp_count; j++) { 99359@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
99413 kgid_t gid = group_info->blocks[i][j];
99414 if (gid_lte(low, gid) && gid_lte(gid, high))
99415- return 0;
99416+ goto out_release_group;
99417 }
99418
99419 count -= cp_count;
99420 }
99421
99422- return -EACCES;
99423+ ret = -EACCES;
99424+
99425+out_release_group:
99426+ put_group_info(group_info);
99427+ return ret;
99428 }
99429 EXPORT_SYMBOL_GPL(ping_init_sock);
99430
99431@@ -341,7 +346,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
99432 return -ENODEV; 99360 return -ENODEV;
99433 } 99361 }
99434 } 99362 }
@@ -99437,7 +99365,7 @@ index 2d11c09..3f153f8 100644
99437 scoped); 99365 scoped);
99438 rcu_read_unlock(); 99366 rcu_read_unlock();
99439 99367
99440@@ -549,7 +554,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) 99368@@ -556,7 +556,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
99441 } 99369 }
99442 #if IS_ENABLED(CONFIG_IPV6) 99370 #if IS_ENABLED(CONFIG_IPV6)
99443 } else if (skb->protocol == htons(ETH_P_IPV6)) { 99371 } else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -99446,7 +99374,7 @@ index 2d11c09..3f153f8 100644
99446 #endif 99374 #endif
99447 } 99375 }
99448 99376
99449@@ -567,7 +572,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) 99377@@ -574,7 +574,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
99450 info, (u8 *)icmph); 99378 info, (u8 *)icmph);
99451 #if IS_ENABLED(CONFIG_IPV6) 99379 #if IS_ENABLED(CONFIG_IPV6)
99452 } else if (family == AF_INET6) { 99380 } else if (family == AF_INET6) {
@@ -99455,7 +99383,7 @@ index 2d11c09..3f153f8 100644
99455 info, (u8 *)icmph); 99383 info, (u8 *)icmph);
99456 #endif 99384 #endif
99457 } 99385 }
99458@@ -837,6 +842,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 99386@@ -844,6 +844,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
99459 { 99387 {
99460 struct inet_sock *isk = inet_sk(sk); 99388 struct inet_sock *isk = inet_sk(sk);
99461 int family = sk->sk_family; 99389 int family = sk->sk_family;
@@ -99464,7 +99392,7 @@ index 2d11c09..3f153f8 100644
99464 struct sk_buff *skb; 99392 struct sk_buff *skb;
99465 int copied, err; 99393 int copied, err;
99466 99394
99467@@ -846,12 +853,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 99395@@ -853,12 +855,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
99468 if (flags & MSG_OOB) 99396 if (flags & MSG_OOB)
99469 goto out; 99397 goto out;
99470 99398
@@ -99485,7 +99413,7 @@ index 2d11c09..3f153f8 100644
99485 addr_len); 99413 addr_len);
99486 #endif 99414 #endif
99487 } 99415 }
99488@@ -883,7 +897,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 99416@@ -890,7 +899,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
99489 sin->sin_port = 0 /* skb->h.uh->source */; 99417 sin->sin_port = 0 /* skb->h.uh->source */;
99490 sin->sin_addr.s_addr = ip_hdr(skb)->saddr; 99418 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
99491 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 99419 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
@@ -99493,7 +99421,7 @@ index 2d11c09..3f153f8 100644
99493 } 99421 }
99494 99422
99495 if (isk->cmsg_flags) 99423 if (isk->cmsg_flags)
99496@@ -905,14 +918,13 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 99424@@ -912,14 +920,13 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
99497 sin6->sin6_scope_id = 99425 sin6->sin6_scope_id =
99498 ipv6_iface_scope_id(&sin6->sin6_addr, 99426 ipv6_iface_scope_id(&sin6->sin6_addr,
99499 IP6CB(skb)->iif); 99427 IP6CB(skb)->iif);
@@ -99510,7 +99438,7 @@ index 2d11c09..3f153f8 100644
99510 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) 99438 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
99511 ip_cmsg_recv(msg, skb); 99439 ip_cmsg_recv(msg, skb);
99512 #endif 99440 #endif
99513@@ -1104,7 +1116,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, 99441@@ -1111,7 +1118,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
99514 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 99442 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
99515 0, sock_i_ino(sp), 99443 0, sock_i_ino(sp),
99516 atomic_read(&sp->sk_refcnt), sp, 99444 atomic_read(&sp->sk_refcnt), sp,
@@ -99593,7 +99521,7 @@ index c04518f..824ebe5 100644
99593 99521
99594 static int raw_seq_show(struct seq_file *seq, void *v) 99522 static int raw_seq_show(struct seq_file *seq, void *v)
99595diff --git a/net/ipv4/route.c b/net/ipv4/route.c 99523diff --git a/net/ipv4/route.c b/net/ipv4/route.c
99596index 4c011ec..8fae66b 100644 99524index 1344373..02f339e 100644
99597--- a/net/ipv4/route.c 99525--- a/net/ipv4/route.c
99598+++ b/net/ipv4/route.c 99526+++ b/net/ipv4/route.c
99599@@ -233,7 +233,7 @@ static const struct seq_operations rt_cache_seq_ops = { 99527@@ -233,7 +233,7 @@ static const struct seq_operations rt_cache_seq_ops = {
@@ -100261,7 +100189,7 @@ index 7b32652..0bc348b 100644
100261 table = kmemdup(ipv6_icmp_table_template, 100189 table = kmemdup(ipv6_icmp_table_template,
100262 sizeof(ipv6_icmp_table_template), 100190 sizeof(ipv6_icmp_table_template),
100263diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c 100191diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
100264index f3ffb43..1172ba7 100644 100192index 2465d18..bc5bf7f 100644
100265--- a/net/ipv6/ip6_gre.c 100193--- a/net/ipv6/ip6_gre.c
100266+++ b/net/ipv6/ip6_gre.c 100194+++ b/net/ipv6/ip6_gre.c
100267@@ -71,7 +71,7 @@ struct ip6gre_net { 100195@@ -71,7 +71,7 @@ struct ip6gre_net {
@@ -100282,7 +100210,7 @@ index f3ffb43..1172ba7 100644
100282 .handler = ip6gre_rcv, 100210 .handler = ip6gre_rcv,
100283 .err_handler = ip6gre_err, 100211 .err_handler = ip6gre_err,
100284 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 100212 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
100285@@ -1634,7 +1634,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { 100213@@ -1643,7 +1643,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
100286 [IFLA_GRE_FLAGS] = { .type = NLA_U32 }, 100214 [IFLA_GRE_FLAGS] = { .type = NLA_U32 },
100287 }; 100215 };
100288 100216
@@ -100291,7 +100219,7 @@ index f3ffb43..1172ba7 100644
100291 .kind = "ip6gre", 100219 .kind = "ip6gre",
100292 .maxtype = IFLA_GRE_MAX, 100220 .maxtype = IFLA_GRE_MAX,
100293 .policy = ip6gre_policy, 100221 .policy = ip6gre_policy,
100294@@ -1647,7 +1647,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { 100222@@ -1657,7 +1657,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
100295 .fill_info = ip6gre_fill_info, 100223 .fill_info = ip6gre_fill_info,
100296 }; 100224 };
100297 100225
@@ -100301,7 +100229,7 @@ index f3ffb43..1172ba7 100644
100301 .maxtype = IFLA_GRE_MAX, 100229 .maxtype = IFLA_GRE_MAX,
100302 .policy = ip6gre_policy, 100230 .policy = ip6gre_policy,
100303diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c 100231diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
100304index 5db8d31..4a72c26 100644 100232index 0e51f68..1f501e1 100644
100305--- a/net/ipv6/ip6_tunnel.c 100233--- a/net/ipv6/ip6_tunnel.c
100306+++ b/net/ipv6/ip6_tunnel.c 100234+++ b/net/ipv6/ip6_tunnel.c
100307@@ -85,7 +85,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) 100235@@ -85,7 +85,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
@@ -100358,7 +100286,7 @@ index 0a00f44..bec42b2 100644
100358 msg.msg_flags = flags; 100286 msg.msg_flags = flags;
100359 100287
100360diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c 100288diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
100361index 710238f..0fd1816 100644 100289index e080fbb..412b3cf 100644
100362--- a/net/ipv6/netfilter/ip6_tables.c 100290--- a/net/ipv6/netfilter/ip6_tables.c
100363+++ b/net/ipv6/netfilter/ip6_tables.c 100291+++ b/net/ipv6/netfilter/ip6_tables.c
100364@@ -1083,14 +1083,14 @@ static int compat_table_info(const struct xt_table_info *info, 100292@@ -1083,14 +1083,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -100388,7 +100316,7 @@ index 710238f..0fd1816 100644
100388 ret = -EFAULT; 100316 ret = -EFAULT;
100389 else 100317 else
100390 ret = 0; 100318 ret = 0;
100391@@ -1981,7 +1981,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 100319@@ -1983,7 +1983,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
100392 100320
100393 switch (cmd) { 100321 switch (cmd) {
100394 case IP6T_SO_GET_INFO: 100322 case IP6T_SO_GET_INFO:
@@ -100397,7 +100325,7 @@ index 710238f..0fd1816 100644
100397 break; 100325 break;
100398 case IP6T_SO_GET_ENTRIES: 100326 case IP6T_SO_GET_ENTRIES:
100399 ret = compat_get_entries(sock_net(sk), user, len); 100327 ret = compat_get_entries(sock_net(sk), user, len);
100400@@ -2028,7 +2028,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) 100328@@ -2030,7 +2030,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
100401 100329
100402 switch (cmd) { 100330 switch (cmd) {
100403 case IP6T_SO_GET_INFO: 100331 case IP6T_SO_GET_INFO:
@@ -100690,10 +100618,10 @@ index cc85a9b..526a133 100644
100690 return -ENOMEM; 100618 return -ENOMEM;
100691 } 100619 }
100692diff --git a/net/ipv6/route.c b/net/ipv6/route.c 100620diff --git a/net/ipv6/route.c b/net/ipv6/route.c
100693index fba54a4..73e374e 100644 100621index 7cc1102..7785931 100644
100694--- a/net/ipv6/route.c 100622--- a/net/ipv6/route.c
100695+++ b/net/ipv6/route.c 100623+++ b/net/ipv6/route.c
100696@@ -2972,7 +2972,7 @@ struct ctl_table ipv6_route_table_template[] = { 100624@@ -2973,7 +2973,7 @@ struct ctl_table ipv6_route_table_template[] = {
100697 100625
100698 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) 100626 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
100699 { 100627 {
@@ -101740,7 +101668,7 @@ index f042ae5..30ea486 100644
101740 } 101668 }
101741 EXPORT_SYMBOL(nf_unregister_sockopt); 101669 EXPORT_SYMBOL(nf_unregister_sockopt);
101742diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c 101670diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
101743index adce01e..8d52d50 100644 101671index c68e5e0..8d52d50 100644
101744--- a/net/netfilter/nf_tables_api.c 101672--- a/net/netfilter/nf_tables_api.c
101745+++ b/net/netfilter/nf_tables_api.c 101673+++ b/net/netfilter/nf_tables_api.c
101746@@ -152,8 +152,8 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi, 101674@@ -152,8 +152,8 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi,
@@ -101754,16 +101682,6 @@ index adce01e..8d52d50 100644
101754 nfnl_lock(NFNL_SUBSYS_NFTABLES); 101682 nfnl_lock(NFNL_SUBSYS_NFTABLES);
101755 type = __nf_tables_chain_type_lookup(afi->family, nla); 101683 type = __nf_tables_chain_type_lookup(afi->family, nla);
101756 if (type != NULL) 101684 if (type != NULL)
101757@@ -1934,7 +1934,8 @@ static const struct nft_set_ops *nft_select_set_ops(const struct nlattr * const
101758
101759 static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
101760 [NFTA_SET_TABLE] = { .type = NLA_STRING },
101761- [NFTA_SET_NAME] = { .type = NLA_STRING },
101762+ [NFTA_SET_NAME] = { .type = NLA_STRING,
101763+ .len = IFNAMSIZ - 1 },
101764 [NFTA_SET_FLAGS] = { .type = NLA_U32 },
101765 [NFTA_SET_KEY_TYPE] = { .type = NLA_U32 },
101766 [NFTA_SET_KEY_LEN] = { .type = NLA_U32 },
101767diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c 101685diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
101768index a155d19..726b0f2 100644 101686index a155d19..726b0f2 100644
101769--- a/net/netfilter/nfnetlink_log.c 101687--- a/net/netfilter/nfnetlink_log.c
@@ -102519,10 +102437,10 @@ index 2b1738e..a9d0fc9 100644
102519 102437
102520 /* Initialize IPv6 support and register with socket layer. */ 102438 /* Initialize IPv6 support and register with socket layer. */
102521diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c 102439diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
102522index 4e1d0fc..068fef7 100644 102440index a62a215..0976540 100644
102523--- a/net/sctp/protocol.c 102441--- a/net/sctp/protocol.c
102524+++ b/net/sctp/protocol.c 102442+++ b/net/sctp/protocol.c
102525@@ -831,8 +831,10 @@ int sctp_register_af(struct sctp_af *af) 102443@@ -836,8 +836,10 @@ int sctp_register_af(struct sctp_af *af)
102526 return 0; 102444 return 0;
102527 } 102445 }
102528 102446
@@ -102534,7 +102452,7 @@ index 4e1d0fc..068fef7 100644
102534 return 1; 102452 return 1;
102535 } 102453 }
102536 102454
102537@@ -962,7 +964,7 @@ static inline int sctp_v4_xmit(struct sk_buff *skb, 102455@@ -967,7 +969,7 @@ static inline int sctp_v4_xmit(struct sk_buff *skb,
102538 102456
102539 static struct sctp_af sctp_af_inet; 102457 static struct sctp_af sctp_af_inet;
102540 102458
@@ -102543,7 +102461,7 @@ index 4e1d0fc..068fef7 100644
102543 .event_msgname = sctp_inet_event_msgname, 102461 .event_msgname = sctp_inet_event_msgname,
102544 .skb_msgname = sctp_inet_skb_msgname, 102462 .skb_msgname = sctp_inet_skb_msgname,
102545 .af_supported = sctp_inet_af_supported, 102463 .af_supported = sctp_inet_af_supported,
102546@@ -1034,7 +1036,7 @@ static const struct net_protocol sctp_protocol = { 102464@@ -1039,7 +1041,7 @@ static const struct net_protocol sctp_protocol = {
102547 }; 102465 };
102548 102466
102549 /* IPv4 address related functions. */ 102467 /* IPv4 address related functions. */
@@ -102552,7 +102470,7 @@ index 4e1d0fc..068fef7 100644
102552 .sa_family = AF_INET, 102470 .sa_family = AF_INET,
102553 .sctp_xmit = sctp_v4_xmit, 102471 .sctp_xmit = sctp_v4_xmit,
102554 .setsockopt = ip_setsockopt, 102472 .setsockopt = ip_setsockopt,
102555@@ -1119,7 +1121,7 @@ static void sctp_v4_pf_init(void) 102473@@ -1124,7 +1126,7 @@ static void sctp_v4_pf_init(void)
102556 102474
102557 static void sctp_v4_pf_exit(void) 102475 static void sctp_v4_pf_exit(void)
102558 { 102476 {
@@ -102562,7 +102480,7 @@ index 4e1d0fc..068fef7 100644
102562 102480
102563 static int sctp_v4_protosw_init(void) 102481 static int sctp_v4_protosw_init(void)
102564diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c 102482diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
102565index 5d6883f..394a102 100644 102483index fef2acd..c705c4f 100644
102566--- a/net/sctp/sm_sideeffect.c 102484--- a/net/sctp/sm_sideeffect.c
102567+++ b/net/sctp/sm_sideeffect.c 102485+++ b/net/sctp/sm_sideeffect.c
102568@@ -439,7 +439,7 @@ static void sctp_generate_sack_event(unsigned long data) 102486@@ -439,7 +439,7 @@ static void sctp_generate_sack_event(unsigned long data)
@@ -102575,10 +102493,10 @@ index 5d6883f..394a102 100644
102575 sctp_generate_t1_cookie_event, 102493 sctp_generate_t1_cookie_event,
102576 sctp_generate_t1_init_event, 102494 sctp_generate_t1_init_event,
102577diff --git a/net/sctp/socket.c b/net/sctp/socket.c 102495diff --git a/net/sctp/socket.c b/net/sctp/socket.c
102578index 981aaf8..5bc016d 100644 102496index 604a6ac..f87f0a3 100644
102579--- a/net/sctp/socket.c 102497--- a/net/sctp/socket.c
102580+++ b/net/sctp/socket.c 102498+++ b/net/sctp/socket.c
102581@@ -2169,11 +2169,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, 102499@@ -2175,11 +2175,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
102582 { 102500 {
102583 struct sctp_association *asoc; 102501 struct sctp_association *asoc;
102584 struct sctp_ulpevent *event; 102502 struct sctp_ulpevent *event;
@@ -102593,7 +102511,7 @@ index 981aaf8..5bc016d 100644
102593 102511
102594 /* 102512 /*
102595 * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, 102513 * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
102596@@ -4255,13 +4257,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, 102514@@ -4259,13 +4261,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
102597 static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, 102515 static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
102598 int __user *optlen) 102516 int __user *optlen)
102599 { 102517 {
@@ -102611,7 +102529,7 @@ index 981aaf8..5bc016d 100644
102611 return -EFAULT; 102529 return -EFAULT;
102612 return 0; 102530 return 0;
102613 } 102531 }
102614@@ -4279,6 +4284,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, 102532@@ -4283,6 +4288,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
102615 */ 102533 */
102616 static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) 102534 static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
102617 { 102535 {
@@ -102620,7 +102538,7 @@ index 981aaf8..5bc016d 100644
102620 /* Applicable to UDP-style socket only */ 102538 /* Applicable to UDP-style socket only */
102621 if (sctp_style(sk, TCP)) 102539 if (sctp_style(sk, TCP))
102622 return -EOPNOTSUPP; 102540 return -EOPNOTSUPP;
102623@@ -4287,7 +4294,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv 102541@@ -4291,7 +4298,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
102624 len = sizeof(int); 102542 len = sizeof(int);
102625 if (put_user(len, optlen)) 102543 if (put_user(len, optlen))
102626 return -EFAULT; 102544 return -EFAULT;
@@ -102630,7 +102548,7 @@ index 981aaf8..5bc016d 100644
102630 return -EFAULT; 102548 return -EFAULT;
102631 return 0; 102549 return 0;
102632 } 102550 }
102633@@ -4662,12 +4670,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, 102551@@ -4666,12 +4674,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
102634 */ 102552 */
102635 static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) 102553 static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
102636 { 102554 {
@@ -102647,7 +102565,7 @@ index 981aaf8..5bc016d 100644
102647 return -EFAULT; 102565 return -EFAULT;
102648 return 0; 102566 return 0;
102649 } 102567 }
102650@@ -4708,6 +4719,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, 102568@@ -4712,6 +4723,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
102651 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; 102569 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
102652 if (space_left < addrlen) 102570 if (space_left < addrlen)
102653 return -ENOMEM; 102571 return -ENOMEM;
@@ -102657,10 +102575,10 @@ index 981aaf8..5bc016d 100644
102657 return -EFAULT; 102575 return -EFAULT;
102658 to += addrlen; 102576 to += addrlen;
102659diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c 102577diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
102660index 35c8923..536614e 100644 102578index c82fdc1..4ca1f95 100644
102661--- a/net/sctp/sysctl.c 102579--- a/net/sctp/sysctl.c
102662+++ b/net/sctp/sysctl.c 102580+++ b/net/sctp/sysctl.c
102663@@ -305,7 +305,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write, 102581@@ -308,7 +308,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
102664 { 102582 {
102665 struct net *net = current->nsproxy->net_ns; 102583 struct net *net = current->nsproxy->net_ns;
102666 char tmp[8]; 102584 char tmp[8];
@@ -102669,7 +102587,7 @@ index 35c8923..536614e 100644
102669 int ret; 102587 int ret;
102670 int changed = 0; 102588 int changed = 0;
102671 char *none = "none"; 102589 char *none = "none";
102672@@ -352,7 +352,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write, 102590@@ -355,7 +355,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
102673 { 102591 {
102674 struct net *net = current->nsproxy->net_ns; 102592 struct net *net = current->nsproxy->net_ns;
102675 int new_value; 102593 int new_value;
@@ -102678,7 +102596,7 @@ index 35c8923..536614e 100644
102678 unsigned int min = *(unsigned int *) ctl->extra1; 102596 unsigned int min = *(unsigned int *) ctl->extra1;
102679 unsigned int max = *(unsigned int *) ctl->extra2; 102597 unsigned int max = *(unsigned int *) ctl->extra2;
102680 int ret; 102598 int ret;
102681@@ -379,7 +379,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, 102599@@ -382,7 +382,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
102682 { 102600 {
102683 struct net *net = current->nsproxy->net_ns; 102601 struct net *net = current->nsproxy->net_ns;
102684 int new_value; 102602 int new_value;
@@ -102687,7 +102605,16 @@ index 35c8923..536614e 100644
102687 unsigned int min = *(unsigned int *) ctl->extra1; 102605 unsigned int min = *(unsigned int *) ctl->extra1;
102688 unsigned int max = *(unsigned int *) ctl->extra2; 102606 unsigned int max = *(unsigned int *) ctl->extra2;
102689 int ret; 102607 int ret;
102690@@ -402,7 +402,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, 102608@@ -408,7 +408,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
102609 loff_t *ppos)
102610 {
102611 struct net *net = current->nsproxy->net_ns;
102612- struct ctl_table tbl;
102613+ ctl_table_no_const tbl;
102614 int new_value, ret;
102615
102616 memset(&tbl, 0, sizeof(struct ctl_table));
102617@@ -436,7 +436,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
102691 102618
102692 int sctp_sysctl_net_register(struct net *net) 102619 int sctp_sysctl_net_register(struct net *net)
102693 { 102620 {
@@ -102696,7 +102623,7 @@ index 35c8923..536614e 100644
102696 102623
102697 if (!net_eq(net, &init_net)) { 102624 if (!net_eq(net, &init_net)) {
102698 int i; 102625 int i;
102699@@ -415,7 +415,10 @@ int sctp_sysctl_net_register(struct net *net) 102626@@ -449,7 +449,10 @@ int sctp_sysctl_net_register(struct net *net)
102700 table[i].data += (char *)(&net->sctp) - (char *)&init_net.sctp; 102627 table[i].data += (char *)(&net->sctp) - (char *)&init_net.sctp;
102701 } 102628 }
102702 102629
@@ -104215,10 +104142,10 @@ index 8fac3fd..32ff38d 100644
104215 unsigned int secindex_strings; 104142 unsigned int secindex_strings;
104216 104143
104217diff --git a/security/Kconfig b/security/Kconfig 104144diff --git a/security/Kconfig b/security/Kconfig
104218index beb86b5..55198cd 100644 104145index beb86b5..1ea5a01 100644
104219--- a/security/Kconfig 104146--- a/security/Kconfig
104220+++ b/security/Kconfig 104147+++ b/security/Kconfig
104221@@ -4,6 +4,961 @@ 104148@@ -4,6 +4,960 @@
104222 104149
104223 menu "Security options" 104150 menu "Security options"
104224 104151
@@ -104255,7 +104182,6 @@ index beb86b5..55198cd 100644
104255+ select TTY 104182+ select TTY
104256+ select DEBUG_KERNEL 104183+ select DEBUG_KERNEL
104257+ select DEBUG_LIST 104184+ select DEBUG_LIST
104258+ select DEBUG_STACKOVERFLOW if HAVE_DEBUG_STACKOVERFLOW
104259+ help 104185+ help
104260+ If you say Y here, you will be able to configure many features 104186+ If you say Y here, you will be able to configure many features
104261+ that will enhance the security of your system. It is highly 104187+ that will enhance the security of your system. It is highly
@@ -105180,7 +105106,7 @@ index beb86b5..55198cd 100644
105180 source security/keys/Kconfig 105106 source security/keys/Kconfig
105181 105107
105182 config SECURITY_DMESG_RESTRICT 105108 config SECURITY_DMESG_RESTRICT
105183@@ -103,7 +1058,7 @@ config INTEL_TXT 105109@@ -103,7 +1057,7 @@ config INTEL_TXT
105184 config LSM_MMAP_MIN_ADDR 105110 config LSM_MMAP_MIN_ADDR
105185 int "Low address space for LSM to protect from user allocation" 105111 int "Low address space for LSM to protect from user allocation"
105186 depends on SECURITY && SECURITY_SELINUX 105112 depends on SECURITY && SECURITY_SELINUX
@@ -107562,10 +107488,10 @@ index 0000000..82bc5a8
107562+} 107488+}
107563diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h 107489diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
107564new file mode 100644 107490new file mode 100644
107565index 0000000..8af3693 107491index 0000000..e90c205
107566--- /dev/null 107492--- /dev/null
107567+++ b/tools/gcc/gcc-common.h 107493+++ b/tools/gcc/gcc-common.h
107568@@ -0,0 +1,287 @@ 107494@@ -0,0 +1,295 @@
107569+#ifndef GCC_COMMON_H_INCLUDED 107495+#ifndef GCC_COMMON_H_INCLUDED
107570+#define GCC_COMMON_H_INCLUDED 107496+#define GCC_COMMON_H_INCLUDED
107571+ 107497+
@@ -107636,7 +107562,6 @@ index 0000000..8af3693
107636+#include "tree-pass.h" 107562+#include "tree-pass.h"
107637+//#include "df.h" 107563+//#include "df.h"
107638+#include "predict.h" 107564+#include "predict.h"
107639+//#include "lto-streamer.h"
107640+#include "ipa-utils.h" 107565+#include "ipa-utils.h"
107641+ 107566+
107642+#if BUILDING_GCC_VERSION >= 4009 107567+#if BUILDING_GCC_VERSION >= 4009
@@ -107651,6 +107576,7 @@ index 0000000..8af3693
107651+#include "tree-ssanames.h" 107576+#include "tree-ssanames.h"
107652+#include "print-tree.h" 107577+#include "print-tree.h"
107653+#include "tree-eh.h" 107578+#include "tree-eh.h"
107579+#include "stmt.h"
107654+#endif 107580+#endif
107655+ 107581+
107656+#include "gimple.h" 107582+#include "gimple.h"
@@ -107664,6 +107590,10 @@ index 0000000..8af3693
107664+#include "ssa-iterators.h" 107590+#include "ssa-iterators.h"
107665+#endif 107591+#endif
107666+ 107592+
107593+//#include "lto/lto.h"
107594+//#include "data-streamer.h"
107595+//#include "lto-compress.h"
107596+
107667+//#include "expr.h" where are you... 107597+//#include "expr.h" where are you...
107668+extern rtx emit_move_insn(rtx x, rtx y); 107598+extern rtx emit_move_insn(rtx x, rtx y);
107669+ 107599+
@@ -107675,6 +107605,8 @@ index 0000000..8af3693
107675+ 107605+
107676+#define DECL_NAME_POINTER(node) IDENTIFIER_POINTER(DECL_NAME(node)) 107606+#define DECL_NAME_POINTER(node) IDENTIFIER_POINTER(DECL_NAME(node))
107677+#define DECL_NAME_LENGTH(node) IDENTIFIER_LENGTH(DECL_NAME(node)) 107607+#define DECL_NAME_LENGTH(node) IDENTIFIER_LENGTH(DECL_NAME(node))
107608+#define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node))
107609+#define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node))
107678+ 107610+
107679+#if BUILDING_GCC_VERSION == 4005 107611+#if BUILDING_GCC_VERSION == 4005
107680+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) 107612+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
@@ -107813,6 +107745,8 @@ index 0000000..8af3693
107813+#if BUILDING_GCC_VERSION >= 4007 107745+#if BUILDING_GCC_VERSION >= 4007
107814+#define cgraph_create_edge(caller, callee, call_stmt, count, freq, nest) \ 107746+#define cgraph_create_edge(caller, callee, call_stmt, count, freq, nest) \
107815+ cgraph_create_edge((caller), (callee), (call_stmt), (count), (freq)) 107747+ cgraph_create_edge((caller), (callee), (call_stmt), (count), (freq))
107748+#define cgraph_create_edge_including_clones(caller, callee, old_call_stmt, call_stmt, count, freq, nest, reason) \
107749+ cgraph_create_edge_including_clones((caller), (callee), (old_call_stmt), (call_stmt), (count), (freq), (reason))
107816+#endif 107750+#endif
107817+ 107751+
107818+#if BUILDING_GCC_VERSION <= 4008 107752+#if BUILDING_GCC_VERSION <= 4008
@@ -121718,7 +121652,7 @@ index ed2f51e..cc2d8f6 100644
121718 ALL_CFLAGS = $(CFLAGS) $(BASIC_CFLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 121652 ALL_CFLAGS = $(CFLAGS) $(BASIC_CFLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
121719 ALL_LDFLAGS = $(LDFLAGS) 121653 ALL_LDFLAGS = $(LDFLAGS)
121720diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h 121654diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h
121721index 6789d78..4afd019e 100644 121655index 6789d788..4afd019e 100644
121722--- a/tools/perf/util/include/asm/alternative-asm.h 121656--- a/tools/perf/util/include/asm/alternative-asm.h
121723+++ b/tools/perf/util/include/asm/alternative-asm.h 121657+++ b/tools/perf/util/include/asm/alternative-asm.h
121724@@ -5,4 +5,7 @@ 121658@@ -5,4 +5,7 @@
© 2015 Mike Crute