aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-11-25 15:07:14 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-11-25 15:07:14 +0000
commite7824a9a885ea50d16556cc268f930f0ee7a8834 (patch)
treeb18a45005ccb93ca19c841d1e46411fd6a7b2509
parent5dd84514e810cc8ae00140aa5e0a09f34d32a962 (diff)
downloadalpine_aports-e7824a9a885ea50d16556cc268f930f0ee7a8834.tar.bz2
alpine_aports-e7824a9a885ea50d16556cc268f930f0ee7a8834.tar.xz
alpine_aports-e7824a9a885ea50d16556cc268f930f0ee7a8834.zip
main/linux-grsec: upgrade to 3.14.25
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD16
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.25-201411231452.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.24-201411150026.patch)1182
2 files changed, 245 insertions, 953 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 41ef488e4b..6941efcb5d 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
2 2
3_flavor=grsec 3_flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=3.14.24 5pkgver=3.14.25
6case $pkgver in 6case $pkgver in
7*.*.*) _kernver=${pkgver%.*};; 7*.*.*) _kernver=${pkgver%.*};;
8*.*) _kernver=${pkgver};; 8*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
17install= 17install=
18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz 19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
20 grsecurity-3.0-3.14.24-201411150026.patch 20 grsecurity-3.0-3.14.25-201411231452.patch
21 21
22 fix-memory-map-for-PIE-applications.patch 22 fix-memory-map-for-PIE-applications.patch
23 imx6q-no-unclocked-sleep.patch 23 imx6q-no-unclocked-sleep.patch
@@ -165,24 +165,24 @@ dev() {
165} 165}
166 166
167md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz 167md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
168651a92fc1d45c02fa02358bb07e80697 patch-3.14.24.xz 168fffe78a513fa84a15c15a243cac35ca3 patch-3.14.25.xz
169384982d028a3d484345ef780c11a464f grsecurity-3.0-3.14.24-201411150026.patch 16981df75eb4303065d37894fb034f9e19a grsecurity-3.0-3.14.25-201411231452.patch
170c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 170c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1711a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 1711a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
172870b91f0eb07294ba453ac61b052c0b6 kernelconfig.x86 172870b91f0eb07294ba453ac61b052c0b6 kernelconfig.x86
17338b50cd1a7670f886c5e9fe9f1f91496 kernelconfig.x86_64 17338b50cd1a7670f886c5e9fe9f1f91496 kernelconfig.x86_64
1743d79d27ce4aea637042bb70055c35a3d kernelconfig.armhf" 1743d79d27ce4aea637042bb70055c35a3d kernelconfig.armhf"
175sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz 175sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
17680013321b6891216fcff6d0746cb977bd7e8438b02ca13ff261659f3dfa76d51 patch-3.14.24.xz 176c1a13dbaaabc0fe1330c7e0f0f6e10fbf7d384ccf7f1d15061fec4602233b142 patch-3.14.25.xz
17736f3dfd5237966661fef9bf18bc3779c3f5e852df48889902e6be94d708b3aef grsecurity-3.0-3.14.24-201411150026.patch 177ff89a9d2887f3d5a50e458b5ab3a3a1726b8c69af175714e1be662c01e3d710c grsecurity-3.0-3.14.25-201411231452.patch
178500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 178500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
17921179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 17921179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
180bf953a65ba047b5316509da5bc7a6dbcee12767e343d26e8360369d27bfdbe78 kernelconfig.x86 180bf953a65ba047b5316509da5bc7a6dbcee12767e343d26e8360369d27bfdbe78 kernelconfig.x86
181d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x86_64 181d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x86_64
182a2dc0e30e1d1d691768543a17b51efccfc11ef17c04ac08f2b54c95f25dab75d kernelconfig.armhf" 182a2dc0e30e1d1d691768543a17b51efccfc11ef17c04ac08f2b54c95f25dab75d kernelconfig.armhf"
183sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz 183sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
1847f45dfd7340a41c360c7521b573adbb8569825aa078f7ef067a27f19be5c749e42965badde7cdf9c413374953e776e4cce43cd1856f9e08870793a50ba6ad0fb patch-3.14.24.xz 1840ba7ac8b4bc56115d2d88258573f334cb6d1dd7d302f24ae12c1ed693fc3a568801ffa75719ac7622dedf6673e6db6827bf31066b8afde97bc36d8c897e8cfa8 patch-3.14.25.xz
18535f27312fc83d0c4380742bca33ad2c9d8313d87c9e2299d58f422b15af993f2221e3d2332ad13d3a3151fafb055e738cec23c9de5d0d84d218cdcad70379030 grsecurity-3.0-3.14.24-201411150026.patch 185baaf39b0d2c07a7b3a9829ec944349a4e687dfa78fd52fbdbfda8fed60755de959f133bb2fcc9c61cdd75c20b42160300b043082616b98612631030569d9ceb6 grsecurity-3.0-3.14.25-201411231452.patch
1864665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 1864665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
18787d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 18787d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
188dde402be39f68955f9395f807631f1457e90cda76a80e0e198695c8f946cdba02a00fe12a59a77bf5e8b40f5ecb52efbe364449f3e58d8996f27e07b719ac6a4 kernelconfig.x86 188dde402be39f68955f9395f807631f1457e90cda76a80e0e198695c8f946cdba02a00fe12a59a77bf5e8b40f5ecb52efbe364449f3e58d8996f27e07b719ac6a4 kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.24-201411150026.patch b/main/linux-grsec/grsecurity-3.0-3.14.25-201411231452.patch
index b8fbeb3c9e..ddf2dae84b 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.24-201411150026.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.25-201411231452.patch
@@ -292,7 +292,7 @@ index 7116fda..2f71588 100644
292 292
293 pcd. [PARIDE] 293 pcd. [PARIDE]
294diff --git a/Makefile b/Makefile 294diff --git a/Makefile b/Makefile
295index 8fd0610..914c673 100644 295index eb96e40..b2742ca 100644
296--- a/Makefile 296--- a/Makefile
297+++ b/Makefile 297+++ b/Makefile
298@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ 298@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3780,7 +3780,7 @@ index 2dea8b5..6499da2 100644
3780 extern void ux500_cpu_die(unsigned int cpu); 3780 extern void ux500_cpu_die(unsigned int cpu);
3781 3781
3782diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig 3782diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
3783index ca8ecde..58ba893 100644 3783index e9c290c..d0e3d41 100644
3784--- a/arch/arm/mm/Kconfig 3784--- a/arch/arm/mm/Kconfig
3785+++ b/arch/arm/mm/Kconfig 3785+++ b/arch/arm/mm/Kconfig
3786@@ -446,6 +446,7 @@ config CPU_32v5 3786@@ -446,6 +446,7 @@ config CPU_32v5
@@ -3799,15 +3799,16 @@ index ca8ecde..58ba893 100644
3799 help 3799 help
3800 This option enables or disables the use of domain switching 3800 This option enables or disables the use of domain switching
3801 via the set_fs() function. 3801 via the set_fs() function.
3802@@ -799,6 +801,7 @@ config NEED_KUSER_HELPERS 3802@@ -798,7 +800,7 @@ config NEED_KUSER_HELPERS
3803
3803 config KUSER_HELPERS 3804 config KUSER_HELPERS
3804 bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS 3805 bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS
3806- depends on MMU
3807+ depends on MMU && (!(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND)
3805 default y 3808 default y
3806+ depends on !(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND
3807 help 3809 help
3808 Warning: disabling this option may break user programs. 3810 Warning: disabling this option may break user programs.
3809 3811@@ -812,7 +814,7 @@ config KUSER_HELPERS
3810@@ -811,7 +814,7 @@ config KUSER_HELPERS
3811 See Documentation/arm/kernel_user_helpers.txt for details. 3812 See Documentation/arm/kernel_user_helpers.txt for details.
3812 3813
3813 However, the fixed address nature of these helpers can be used 3814 However, the fixed address nature of these helpers can be used
@@ -4827,19 +4828,6 @@ index 6c0f684..5faea9d 100644
4827 #define access_ok(type, addr, size) __range_ok(addr, size) 4828 #define access_ok(type, addr, size) __range_ok(addr, size)
4828 #define user_addr_max get_fs 4829 #define user_addr_max get_fs
4829 4830
4830diff --git a/arch/arm64/lib/clear_user.S b/arch/arm64/lib/clear_user.S
4831index 6e0ed93..c17967f 100644
4832--- a/arch/arm64/lib/clear_user.S
4833+++ b/arch/arm64/lib/clear_user.S
4834@@ -46,7 +46,7 @@ USER(9f, strh wzr, [x0], #2 )
4835 sub x1, x1, #2
4836 4: adds x1, x1, #1
4837 b.mi 5f
4838- strb wzr, [x0]
4839+USER(9f, strb wzr, [x0] )
4840 5: mov x0, #0
4841 ret
4842 ENDPROC(__clear_user)
4843diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h 4831diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h
4844index c3a58a1..78fbf54 100644 4832index c3a58a1..78fbf54 100644
4845--- a/arch/avr32/include/asm/cache.h 4833--- a/arch/avr32/include/asm/cache.h
@@ -5013,7 +5001,7 @@ index b86329d..6709906 100644
5013 { 5001 {
5014 int c, old; 5002 int c, old;
5015diff --git a/arch/frv/include/asm/cache.h b/arch/frv/include/asm/cache.h 5003diff --git a/arch/frv/include/asm/cache.h b/arch/frv/include/asm/cache.h
5016index 2797163..c2a401d 100644 5004index 2797163..c2a401df9 100644
5017--- a/arch/frv/include/asm/cache.h 5005--- a/arch/frv/include/asm/cache.h
5018+++ b/arch/frv/include/asm/cache.h 5006+++ b/arch/frv/include/asm/cache.h
5019@@ -12,10 +12,11 @@ 5007@@ -12,10 +12,11 @@
@@ -10393,10 +10381,10 @@ index c13c9f2..d572c34 100644
10393 10381
10394 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) 10382 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
10395diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c 10383diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
10396index 50c3dd03..adff164 100644 10384index 9af0a5d..06e12f4 100644
10397--- a/arch/sparc/kernel/smp_64.c 10385--- a/arch/sparc/kernel/smp_64.c
10398+++ b/arch/sparc/kernel/smp_64.c 10386+++ b/arch/sparc/kernel/smp_64.c
10399@@ -870,8 +870,8 @@ extern unsigned long xcall_flush_dcache_page_cheetah; 10387@@ -874,8 +874,8 @@ extern unsigned long xcall_flush_dcache_page_cheetah;
10400 extern unsigned long xcall_flush_dcache_page_spitfire; 10388 extern unsigned long xcall_flush_dcache_page_spitfire;
10401 10389
10402 #ifdef CONFIG_DEBUG_DCFLUSH 10390 #ifdef CONFIG_DEBUG_DCFLUSH
@@ -10407,7 +10395,7 @@ index 50c3dd03..adff164 100644
10407 #endif 10395 #endif
10408 10396
10409 static inline void __local_flush_dcache_page(struct page *page) 10397 static inline void __local_flush_dcache_page(struct page *page)
10410@@ -895,7 +895,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) 10398@@ -899,7 +899,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
10411 return; 10399 return;
10412 10400
10413 #ifdef CONFIG_DEBUG_DCFLUSH 10401 #ifdef CONFIG_DEBUG_DCFLUSH
@@ -10416,7 +10404,7 @@ index 50c3dd03..adff164 100644
10416 #endif 10404 #endif
10417 10405
10418 this_cpu = get_cpu(); 10406 this_cpu = get_cpu();
10419@@ -919,7 +919,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) 10407@@ -923,7 +923,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
10420 xcall_deliver(data0, __pa(pg_addr), 10408 xcall_deliver(data0, __pa(pg_addr),
10421 (u64) pg_addr, cpumask_of(cpu)); 10409 (u64) pg_addr, cpumask_of(cpu));
10422 #ifdef CONFIG_DEBUG_DCFLUSH 10410 #ifdef CONFIG_DEBUG_DCFLUSH
@@ -10425,7 +10413,7 @@ index 50c3dd03..adff164 100644
10425 #endif 10413 #endif
10426 } 10414 }
10427 } 10415 }
10428@@ -938,7 +938,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page) 10416@@ -942,7 +942,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
10429 preempt_disable(); 10417 preempt_disable();
10430 10418
10431 #ifdef CONFIG_DEBUG_DCFLUSH 10419 #ifdef CONFIG_DEBUG_DCFLUSH
@@ -10434,7 +10422,7 @@ index 50c3dd03..adff164 100644
10434 #endif 10422 #endif
10435 data0 = 0; 10423 data0 = 0;
10436 pg_addr = page_address(page); 10424 pg_addr = page_address(page);
10437@@ -955,7 +955,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page) 10425@@ -959,7 +959,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
10438 xcall_deliver(data0, __pa(pg_addr), 10426 xcall_deliver(data0, __pa(pg_addr),
10439 (u64) pg_addr, cpu_online_mask); 10427 (u64) pg_addr, cpu_online_mask);
10440 #ifdef CONFIG_DEBUG_DCFLUSH 10428 #ifdef CONFIG_DEBUG_DCFLUSH
@@ -12598,7 +12586,7 @@ index 50f8c5e..4f84fff 100644
12598 return diff; 12586 return diff;
12599 } 12587 }
12600diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile 12588diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
12601index 0fcd913..3bb5c42 100644 12589index 14fe7cb..829b962 100644
12602--- a/arch/x86/boot/compressed/Makefile 12590--- a/arch/x86/boot/compressed/Makefile
12603+++ b/arch/x86/boot/compressed/Makefile 12591+++ b/arch/x86/boot/compressed/Makefile
12604@@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y) 12592@@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)
@@ -12654,7 +12642,7 @@ index a53440e..c3dbf1e 100644
12654 .previous 12642 .previous
12655 12643
12656diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S 12644diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
12657index f45ab7a..ebc015f 100644 12645index c5b56ed..9f79ed3 100644
12658--- a/arch/x86/boot/compressed/head_32.S 12646--- a/arch/x86/boot/compressed/head_32.S
12659+++ b/arch/x86/boot/compressed/head_32.S 12647+++ b/arch/x86/boot/compressed/head_32.S
12660@@ -119,10 +119,10 @@ preferred_addr: 12648@@ -119,10 +119,10 @@ preferred_addr:
@@ -12671,7 +12659,7 @@ index f45ab7a..ebc015f 100644
12671 12659
12672 /* Target address to relocate to for decompression */ 12660 /* Target address to relocate to for decompression */
12673diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S 12661diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
12674index b10fa66..5ee0472 100644 12662index 34bbc09..c126b87 100644
12675--- a/arch/x86/boot/compressed/head_64.S 12663--- a/arch/x86/boot/compressed/head_64.S
12676+++ b/arch/x86/boot/compressed/head_64.S 12664+++ b/arch/x86/boot/compressed/head_64.S
12677@@ -94,10 +94,10 @@ ENTRY(startup_32) 12665@@ -94,10 +94,10 @@ ENTRY(startup_32)
@@ -12700,7 +12688,7 @@ index b10fa66..5ee0472 100644
12700 1: 12688 1:
12701 12689
12702 /* Target address to relocate to for decompression */ 12690 /* Target address to relocate to for decompression */
12703@@ -363,8 +363,8 @@ gdt: 12691@@ -366,8 +366,8 @@ gdt:
12704 .long gdt 12692 .long gdt
12705 .word 0 12693 .word 0
12706 .quad 0x0000000000000000 /* NULL descriptor */ 12694 .quad 0x0000000000000000 /* NULL descriptor */
@@ -12712,7 +12700,7 @@ index b10fa66..5ee0472 100644
12712 .quad 0x0000000000000000 /* TS continued */ 12700 .quad 0x0000000000000000 /* TS continued */
12713 gdt_end: 12701 gdt_end:
12714diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c 12702diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
12715index 196eaf3..c96716d 100644 12703index eb25ca1..3de0f7c 100644
12716--- a/arch/x86/boot/compressed/misc.c 12704--- a/arch/x86/boot/compressed/misc.c
12717+++ b/arch/x86/boot/compressed/misc.c 12705+++ b/arch/x86/boot/compressed/misc.c
12718@@ -218,7 +218,7 @@ void __putstr(const char *s) 12706@@ -218,7 +218,7 @@ void __putstr(const char *s)
@@ -12760,7 +12748,7 @@ index 196eaf3..c96716d 100644
12760 break; 12748 break;
12761 default: /* Ignore other PT_* */ break; 12749 default: /* Ignore other PT_* */ break;
12762 } 12750 }
12763@@ -430,7 +433,7 @@ asmlinkage void *decompress_kernel(void *rmode, memptr heap, 12751@@ -437,7 +440,7 @@ asmlinkage void *decompress_kernel(void *rmode, memptr heap,
12764 error("Destination address too large"); 12752 error("Destination address too large");
12765 #endif 12753 #endif
12766 #ifndef CONFIG_RELOCATABLE 12754 #ifndef CONFIG_RELOCATABLE
@@ -21710,7 +21698,7 @@ index 639d128..e92d7e5 100644
21710 21698
21711 while (amd_iommu_v2_event_descs[i].attr.attr.name) 21699 while (amd_iommu_v2_event_descs[i].attr.attr.name)
21712diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c 21700diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
21713index 1340ebf..fc6d5c9 100644 21701index 5ee8064..4d32df9 100644
21714--- a/arch/x86/kernel/cpu/perf_event_intel.c 21702--- a/arch/x86/kernel/cpu/perf_event_intel.c
21715+++ b/arch/x86/kernel/cpu/perf_event_intel.c 21703+++ b/arch/x86/kernel/cpu/perf_event_intel.c
21716@@ -2318,10 +2318,10 @@ __init int intel_pmu_init(void) 21704@@ -2318,10 +2318,10 @@ __init int intel_pmu_init(void)
@@ -26667,7 +26655,7 @@ index 9c0280f..5bbb1c0 100644
26667 ip = *(u64 *)(fp+8); 26655 ip = *(u64 *)(fp+8);
26668 if (!in_sched_functions(ip)) 26656 if (!in_sched_functions(ip))
26669diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c 26657diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
26670index 7461f50..01d0b9c 100644 26658index 0686fe3..836eed3 100644
26671--- a/arch/x86/kernel/ptrace.c 26659--- a/arch/x86/kernel/ptrace.c
26672+++ b/arch/x86/kernel/ptrace.c 26660+++ b/arch/x86/kernel/ptrace.c
26673@@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) 26661@@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
@@ -26781,9 +26769,9 @@ index 7461f50..01d0b9c 100644
26781 } 26769 }
26782 26770
26783 void user_single_step_siginfo(struct task_struct *tsk, 26771 void user_single_step_siginfo(struct task_struct *tsk,
26784@@ -1450,6 +1463,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, 26772@@ -1441,6 +1454,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
26785 # define IS_IA32 0 26773 force_sig_info(SIGTRAP, &info, tsk);
26786 #endif 26774 }
26787 26775
26788+#ifdef CONFIG_GRKERNSEC_SETXID 26776+#ifdef CONFIG_GRKERNSEC_SETXID
26789+extern void gr_delayed_cred_worker(void); 26777+extern void gr_delayed_cred_worker(void);
@@ -26792,7 +26780,7 @@ index 7461f50..01d0b9c 100644
26792 /* 26780 /*
26793 * We must return the syscall number to actually look up in the table. 26781 * We must return the syscall number to actually look up in the table.
26794 * This can be -1L to skip running any syscall at all. 26782 * This can be -1L to skip running any syscall at all.
26795@@ -1460,6 +1477,11 @@ long syscall_trace_enter(struct pt_regs *regs) 26783@@ -1451,6 +1468,11 @@ long syscall_trace_enter(struct pt_regs *regs)
26796 26784
26797 user_exit(); 26785 user_exit();
26798 26786
@@ -26804,7 +26792,7 @@ index 7461f50..01d0b9c 100644
26804 /* 26792 /*
26805 * If we stepped into a sysenter/syscall insn, it trapped in 26793 * If we stepped into a sysenter/syscall insn, it trapped in
26806 * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. 26794 * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
26807@@ -1515,6 +1537,11 @@ void syscall_trace_leave(struct pt_regs *regs) 26795@@ -1506,6 +1528,11 @@ void syscall_trace_leave(struct pt_regs *regs)
26808 */ 26796 */
26809 user_exit(); 26797 user_exit();
26810 26798
@@ -28796,7 +28784,7 @@ index 0c90f4b..9fca4d7 100644
28796 28784
28797 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) 28785 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
28798diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c 28786diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
28799index 51c2851..394306f 100644 28787index fab97ad..394306f 100644
28800--- a/arch/x86/kvm/x86.c 28788--- a/arch/x86/kvm/x86.c
28801+++ b/arch/x86/kvm/x86.c 28789+++ b/arch/x86/kvm/x86.c
28802@@ -1806,8 +1806,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) 28790@@ -1806,8 +1806,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
@@ -28819,15 +28807,6 @@ index 51c2851..394306f 100644
28819 if (copy_to_user(user_msr_list->indices, &msrs_to_save, 28807 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
28820 num_msrs_to_save * sizeof(u32))) 28808 num_msrs_to_save * sizeof(u32)))
28821 goto out; 28809 goto out;
28822@@ -4911,7 +4913,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu)
28823
28824 ++vcpu->stat.insn_emulation_fail;
28825 trace_kvm_emulate_insn_failed(vcpu);
28826- if (!is_guest_mode(vcpu)) {
28827+ if (!is_guest_mode(vcpu) && kvm_x86_ops->get_cpl(vcpu) == 0) {
28828 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
28829 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
28830 vcpu->run->internal.ndata = 0;
28831@@ -5532,7 +5534,7 @@ static struct notifier_block pvclock_gtod_notifier = { 28810@@ -5532,7 +5534,7 @@ static struct notifier_block pvclock_gtod_notifier = {
28832 }; 28811 };
28833 #endif 28812 #endif
@@ -33634,7 +33613,7 @@ index 9f0614d..92ae64a 100644
33634 p += get_opcode(p, &opcode); 33613 p += get_opcode(p, &opcode);
33635 for (i = 0; i < ARRAY_SIZE(imm_wop); i++) 33614 for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
33636diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c 33615diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
33637index c96314a..433b127 100644 33616index 0004ac7..2ab49d0 100644
33638--- a/arch/x86/mm/pgtable.c 33617--- a/arch/x86/mm/pgtable.c
33639+++ b/arch/x86/mm/pgtable.c 33618+++ b/arch/x86/mm/pgtable.c
33640@@ -97,10 +97,71 @@ static inline void pgd_list_del(pgd_t *pgd) 33619@@ -97,10 +97,71 @@ static inline void pgd_list_del(pgd_t *pgd)
@@ -40402,20 +40381,6 @@ index 57ea7f4..af06b76 100644
40402 40381
40403 card->driver->update_phy_reg(card, 4, 40382 card->driver->update_phy_reg(card, 4,
40404 PHY_LINK_ACTIVE | PHY_CONTENDER, 0); 40383 PHY_LINK_ACTIVE | PHY_CONTENDER, 0);
40405diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
40406index d7d5c8a..6d44568 100644
40407--- a/drivers/firewire/core-cdev.c
40408+++ b/drivers/firewire/core-cdev.c
40409@@ -1637,8 +1637,7 @@ static int dispatch_ioctl(struct client *client,
40410 _IOC_SIZE(cmd) > sizeof(buffer))
40411 return -ENOTTY;
40412
40413- if (_IOC_DIR(cmd) == _IOC_READ)
40414- memset(&buffer, 0, _IOC_SIZE(cmd));
40415+ memset(&buffer, 0, sizeof(buffer));
40416
40417 if (_IOC_DIR(cmd) & _IOC_WRITE)
40418 if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd)))
40419diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c 40384diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
40420index 2c6d5e1..a2cca6b 100644 40385index 2c6d5e1..a2cca6b 100644
40421--- a/drivers/firewire/core-device.c 40386--- a/drivers/firewire/core-device.c
@@ -44779,7 +44744,7 @@ index 65ee3a0..1852af9 100644
44779 44744
44780 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) 44745 void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
44781diff --git a/drivers/md/md.c b/drivers/md/md.c 44746diff --git a/drivers/md/md.c b/drivers/md/md.c
44782index 73aedcb..424968a 100644 44747index 40959ee..ba57756 100644
44783--- a/drivers/md/md.c 44748--- a/drivers/md/md.c
44784+++ b/drivers/md/md.c 44749+++ b/drivers/md/md.c
44785@@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); 44750@@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
@@ -44851,7 +44816,7 @@ index 73aedcb..424968a 100644
44851 44816
44852 INIT_LIST_HEAD(&rdev->same_set); 44817 INIT_LIST_HEAD(&rdev->same_set);
44853 init_waitqueue_head(&rdev->blocked_wait); 44818 init_waitqueue_head(&rdev->blocked_wait);
44854@@ -7075,7 +7075,7 @@ static int md_seq_show(struct seq_file *seq, void *v) 44819@@ -7079,7 +7079,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
44855 44820
44856 spin_unlock(&pers_lock); 44821 spin_unlock(&pers_lock);
44857 seq_printf(seq, "\n"); 44822 seq_printf(seq, "\n");
@@ -44860,7 +44825,7 @@ index 73aedcb..424968a 100644
44860 return 0; 44825 return 0;
44861 } 44826 }
44862 if (v == (void*)2) { 44827 if (v == (void*)2) {
44863@@ -7178,7 +7178,7 @@ static int md_seq_open(struct inode *inode, struct file *file) 44828@@ -7182,7 +7182,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
44864 return error; 44829 return error;
44865 44830
44866 seq = file->private_data; 44831 seq = file->private_data;
@@ -44869,7 +44834,7 @@ index 73aedcb..424968a 100644
44869 return error; 44834 return error;
44870 } 44835 }
44871 44836
44872@@ -7192,7 +7192,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) 44837@@ -7196,7 +7196,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
44873 /* always allow read */ 44838 /* always allow read */
44874 mask = POLLIN | POLLRDNORM; 44839 mask = POLLIN | POLLRDNORM;
44875 44840
@@ -44878,7 +44843,7 @@ index 73aedcb..424968a 100644
44878 mask |= POLLERR | POLLPRI; 44843 mask |= POLLERR | POLLPRI;
44879 return mask; 44844 return mask;
44880 } 44845 }
44881@@ -7236,7 +7236,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) 44846@@ -7240,7 +7240,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
44882 struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; 44847 struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
44883 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + 44848 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
44884 (int)part_stat_read(&disk->part0, sectors[1]) - 44849 (int)part_stat_read(&disk->part0, sectors[1]) -
@@ -46162,20 +46127,6 @@ index 98d24ae..bc22415 100644
46162 return 1; 46127 return 1;
46163 } 46128 }
46164 46129
46165diff --git a/drivers/media/usb/ttusb-dec/ttusbdecfe.c b/drivers/media/usb/ttusb-dec/ttusbdecfe.c
46166index 5c45c9d..9c29552 100644
46167--- a/drivers/media/usb/ttusb-dec/ttusbdecfe.c
46168+++ b/drivers/media/usb/ttusb-dec/ttusbdecfe.c
46169@@ -156,6 +156,9 @@ static int ttusbdecfe_dvbs_diseqc_send_master_cmd(struct dvb_frontend* fe, struc
46170 0x00, 0x00, 0x00, 0x00,
46171 0x00, 0x00 };
46172
46173+ if (cmd->msg_len > sizeof(b) - 4)
46174+ return -EINVAL;
46175+
46176 memcpy(&b[4], cmd->msg, cmd->msg_len);
46177
46178 state->config->send_command(fe, 0x72,
46179diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 46130diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
46180index fca336b..fb70ab7 100644 46131index fca336b..fb70ab7 100644
46181--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 46132--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -47773,7 +47724,7 @@ index fbf7dcd..ad71499 100644
47773 }; 47724 };
47774 47725
47775diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c 47726diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
47776index f30ceb1..81c589c 100644 47727index 07c942b..bce8b8a 100644
47777--- a/drivers/net/macvtap.c 47728--- a/drivers/net/macvtap.c
47778+++ b/drivers/net/macvtap.c 47729+++ b/drivers/net/macvtap.c
47779@@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev) 47730@@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev)
@@ -47785,7 +47736,7 @@ index f30ceb1..81c589c 100644
47785 .kind = "macvtap", 47736 .kind = "macvtap",
47786 .setup = macvtap_setup, 47737 .setup = macvtap_setup,
47787 .newlink = macvtap_newlink, 47738 .newlink = macvtap_newlink,
47788@@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, 47739@@ -1023,7 +1023,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
47789 } 47740 }
47790 47741
47791 ret = 0; 47742 ret = 0;
@@ -47794,7 +47745,7 @@ index f30ceb1..81c589c 100644
47794 put_user(q->flags, &ifr->ifr_flags)) 47745 put_user(q->flags, &ifr->ifr_flags))
47795 ret = -EFAULT; 47746 ret = -EFAULT;
47796 macvtap_put_vlan(vlan); 47747 macvtap_put_vlan(vlan);
47797@@ -1188,7 +1188,7 @@ static int macvtap_device_event(struct notifier_block *unused, 47748@@ -1193,7 +1193,7 @@ static int macvtap_device_event(struct notifier_block *unused,
47798 return NOTIFY_DONE; 47749 return NOTIFY_DONE;
47799 } 47750 }
47800 47751
@@ -47825,6 +47776,21 @@ index 5a1897d..e860630 100644
47825 break; 47776 break;
47826 err = 0; 47777 err = 0;
47827 break; 47778 break;
47779diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
47780index 1aff970..cc2ee29 100644
47781--- a/drivers/net/ppp/pptp.c
47782+++ b/drivers/net/ppp/pptp.c
47783@@ -506,7 +506,9 @@ static int pptp_getname(struct socket *sock, struct sockaddr *uaddr,
47784 int len = sizeof(struct sockaddr_pppox);
47785 struct sockaddr_pppox sp;
47786
47787- sp.sa_family = AF_PPPOX;
47788+ memset(&sp.sa_addr, 0, sizeof(sp.sa_addr));
47789+
47790+ sp.sa_family = AF_PPPOX;
47791 sp.sa_protocol = PX_PROTO_PPTP;
47792 sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr;
47793
47828diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c 47794diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
47829index 1252d9c..80e660b 100644 47795index 1252d9c..80e660b 100644
47830--- a/drivers/net/slip/slhc.c 47796--- a/drivers/net/slip/slhc.c
@@ -47852,10 +47818,10 @@ index 979fe43..1f1230c 100644
47852 }; 47818 };
47853 47819
47854diff --git a/drivers/net/tun.c b/drivers/net/tun.c 47820diff --git a/drivers/net/tun.c b/drivers/net/tun.c
47855index 2c8b1c2..9942a89 100644 47821index ec63314..17810e8 100644
47856--- a/drivers/net/tun.c 47822--- a/drivers/net/tun.c
47857+++ b/drivers/net/tun.c 47823+++ b/drivers/net/tun.c
47858@@ -1883,7 +1883,7 @@ unlock: 47824@@ -1882,7 +1882,7 @@ unlock:
47859 } 47825 }
47860 47826
47861 static long __tun_chr_ioctl(struct file *file, unsigned int cmd, 47827 static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
@@ -47864,7 +47830,7 @@ index 2c8b1c2..9942a89 100644
47864 { 47830 {
47865 struct tun_file *tfile = file->private_data; 47831 struct tun_file *tfile = file->private_data;
47866 struct tun_struct *tun; 47832 struct tun_struct *tun;
47867@@ -1896,6 +1896,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, 47833@@ -1895,6 +1895,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
47868 unsigned int ifindex; 47834 unsigned int ifindex;
47869 int ret; 47835 int ret;
47870 47836
@@ -48001,7 +47967,7 @@ index a2515887..6d13233 100644
48001 47967
48002 /* we will have to manufacture ethernet headers, prepare template */ 47968 /* we will have to manufacture ethernet headers, prepare template */
48003diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c 47969diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
48004index 07a3255..4c59b30 100644 47970index 841b608..198a8b7 100644
48005--- a/drivers/net/virtio_net.c 47971--- a/drivers/net/virtio_net.c
48006+++ b/drivers/net/virtio_net.c 47972+++ b/drivers/net/virtio_net.c
48007@@ -47,7 +47,7 @@ module_param(gso, bool, 0444); 47973@@ -47,7 +47,7 @@ module_param(gso, bool, 0444);
@@ -48014,10 +47980,10 @@ index 07a3255..4c59b30 100644
48014 #define VIRTNET_DRIVER_VERSION "1.0.0" 47980 #define VIRTNET_DRIVER_VERSION "1.0.0"
48015 47981
48016diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c 47982diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
48017index 0704a04..4208d2d 100644 47983index 5441b49..d8030d2 100644
48018--- a/drivers/net/vxlan.c 47984--- a/drivers/net/vxlan.c
48019+++ b/drivers/net/vxlan.c 47985+++ b/drivers/net/vxlan.c
48020@@ -2847,7 +2847,7 @@ nla_put_failure: 47986@@ -2855,7 +2855,7 @@ nla_put_failure:
48021 return -EMSGSIZE; 47987 return -EMSGSIZE;
48022 } 47988 }
48023 47989
@@ -48026,7 +47992,7 @@ index 0704a04..4208d2d 100644
48026 .kind = "vxlan", 47992 .kind = "vxlan",
48027 .maxtype = IFLA_VXLAN_MAX, 47993 .maxtype = IFLA_VXLAN_MAX,
48028 .policy = vxlan_policy, 47994 .policy = vxlan_policy,
48029@@ -2894,7 +2894,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, 47995@@ -2902,7 +2902,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused,
48030 return NOTIFY_DONE; 47996 return NOTIFY_DONE;
48031 } 47997 }
48032 47998
@@ -48718,10 +48684,10 @@ index ea7e70c..bc0c45f 100644
48718 data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled", 48684 data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled",
48719 data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled", 48685 data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled",
48720diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c 48686diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
48721index 16be0c0..eb0bc12 100644 48687index fb62927..2748d8c 100644
48722--- a/drivers/net/wireless/iwlwifi/pcie/trans.c 48688--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
48723+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c 48689+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
48724@@ -1371,7 +1371,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, 48690@@ -1373,7 +1373,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
48725 struct isr_statistics *isr_stats = &trans_pcie->isr_stats; 48691 struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
48726 48692
48727 char buf[8]; 48693 char buf[8];
@@ -48730,7 +48696,7 @@ index 16be0c0..eb0bc12 100644
48730 u32 reset_flag; 48696 u32 reset_flag;
48731 48697
48732 memset(buf, 0, sizeof(buf)); 48698 memset(buf, 0, sizeof(buf));
48733@@ -1392,7 +1392,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, 48699@@ -1394,7 +1394,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
48734 { 48700 {
48735 struct iwl_trans *trans = file->private_data; 48701 struct iwl_trans *trans = file->private_data;
48736 char buf[8]; 48702 char buf[8];
@@ -48740,10 +48706,10 @@ index 16be0c0..eb0bc12 100644
48740 48706
48741 memset(buf, 0, sizeof(buf)); 48707 memset(buf, 0, sizeof(buf));
48742diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c 48708diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
48743index 69d4c31..bd0b316 100644 48709index 505ff60..6a1c9aa 100644
48744--- a/drivers/net/wireless/mac80211_hwsim.c 48710--- a/drivers/net/wireless/mac80211_hwsim.c
48745+++ b/drivers/net/wireless/mac80211_hwsim.c 48711+++ b/drivers/net/wireless/mac80211_hwsim.c
48746@@ -2541,20 +2541,20 @@ static int __init init_mac80211_hwsim(void) 48712@@ -2543,20 +2543,20 @@ static int __init init_mac80211_hwsim(void)
48747 if (channels < 1) 48713 if (channels < 1)
48748 return -EINVAL; 48714 return -EINVAL;
48749 48715
@@ -64028,7 +63994,7 @@ index f4ccfe6..a5cf064 100644
64028 static struct callback_op callback_ops[]; 63994 static struct callback_op callback_ops[];
64029 63995
64030diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c 63996diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
64031index 15f9d98..082c625 100644 63997index 6659ce5..1e6de9b 100644
64032--- a/fs/nfs/inode.c 63998--- a/fs/nfs/inode.c
64033+++ b/fs/nfs/inode.c 63999+++ b/fs/nfs/inode.c
64034@@ -1189,16 +1189,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt 64000@@ -1189,16 +1189,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
@@ -79642,19 +79608,6 @@ index 939533d..cf0a57c 100644
79642 79608
79643 /** 79609 /**
79644 * struct clk_init_data - holds init data that's common to all clocks and is 79610 * struct clk_init_data - holds init data that's common to all clocks and is
79645diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h
79646index 67301a4..879065d 100644
79647--- a/include/linux/clocksource.h
79648+++ b/include/linux/clocksource.h
79649@@ -289,7 +289,7 @@ extern struct clocksource* clocksource_get_next(void);
79650 extern void clocksource_change_rating(struct clocksource *cs, int rating);
79651 extern void clocksource_suspend(void);
79652 extern void clocksource_resume(void);
79653-extern struct clocksource * __init __weak clocksource_default_clock(void);
79654+extern struct clocksource * __init clocksource_default_clock(void);
79655 extern void clocksource_mark_unstable(struct clocksource *cs);
79656
79657 extern u64
79658diff --git a/include/linux/compat.h b/include/linux/compat.h 79611diff --git a/include/linux/compat.h b/include/linux/compat.h
79659index 3f448c6..df3ce1d 100644 79612index 3f448c6..df3ce1d 100644
79660--- a/include/linux/compat.h 79613--- a/include/linux/compat.h
@@ -79989,32 +79942,6 @@ index d08e4d2..95fad61 100644
79989 int cpumask_any_but(const struct cpumask *mask, unsigned int cpu); 79942 int cpumask_any_but(const struct cpumask *mask, unsigned int cpu);
79990 79943
79991 /** 79944 /**
79992diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
79993index 7032518..60023e5 100644
79994--- a/include/linux/crash_dump.h
79995+++ b/include/linux/crash_dump.h
79996@@ -14,14 +14,13 @@
79997 extern unsigned long long elfcorehdr_addr;
79998 extern unsigned long long elfcorehdr_size;
79999
80000-extern int __weak elfcorehdr_alloc(unsigned long long *addr,
80001- unsigned long long *size);
80002-extern void __weak elfcorehdr_free(unsigned long long addr);
80003-extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos);
80004-extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
80005-extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma,
80006- unsigned long from, unsigned long pfn,
80007- unsigned long size, pgprot_t prot);
80008+extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size);
80009+extern void elfcorehdr_free(unsigned long long addr);
80010+extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos);
80011+extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
80012+extern int remap_oldmem_pfn_range(struct vm_area_struct *vma,
80013+ unsigned long from, unsigned long pfn,
80014+ unsigned long size, pgprot_t prot);
80015
80016 extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
80017 unsigned long, int);
80018diff --git a/include/linux/cred.h b/include/linux/cred.h 79945diff --git a/include/linux/cred.h b/include/linux/cred.h
80019index 04421e8..a85afd4 100644 79946index 04421e8..a85afd4 100644
80020--- a/include/linux/cred.h 79947--- a/include/linux/cred.h
@@ -82215,7 +82142,7 @@ index a74c3a8..28d3f21 100644
82215 extern struct key_type key_type_keyring; 82142 extern struct key_type key_type_keyring;
82216 82143
82217diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h 82144diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
82218index 6b06d37..19f605f 100644 82145index e465bb1..19f605f 100644
82219--- a/include/linux/kgdb.h 82146--- a/include/linux/kgdb.h
82220+++ b/include/linux/kgdb.h 82147+++ b/include/linux/kgdb.h
82221@@ -52,7 +52,7 @@ extern int kgdb_connected; 82148@@ -52,7 +52,7 @@ extern int kgdb_connected;
@@ -82236,7 +82163,7 @@ index 6b06d37..19f605f 100644
82236 82163
82237 /** 82164 /**
82238 * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB. 82165 * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
82239@@ -279,11 +279,11 @@ struct kgdb_io { 82166@@ -279,7 +279,7 @@ struct kgdb_io {
82240 void (*pre_exception) (void); 82167 void (*pre_exception) (void);
82241 void (*post_exception) (void); 82168 void (*post_exception) (void);
82242 int is_console; 82169 int is_console;
@@ -82245,11 +82172,6 @@ index 6b06d37..19f605f 100644
82245 82172
82246 extern struct kgdb_arch arch_kgdb_ops; 82173 extern struct kgdb_arch arch_kgdb_ops;
82247 82174
82248-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
82249+extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs);
82250
82251 #ifdef CONFIG_SERIAL_KGDB_NMI
82252 extern int kgdb_register_nmi_console(void);
82253diff --git a/include/linux/kmod.h b/include/linux/kmod.h 82175diff --git a/include/linux/kmod.h b/include/linux/kmod.h
82254index 0555cc6..40116ce 100644 82176index 0555cc6..40116ce 100644
82255--- a/include/linux/kmod.h 82177--- a/include/linux/kmod.h
@@ -82499,19 +82421,6 @@ index c45c089..298841c 100644
82499 { 82421 {
82500 u32 remainder; 82422 u32 remainder;
82501 return div_u64_rem(dividend, divisor, &remainder); 82423 return div_u64_rem(dividend, divisor, &remainder);
82502diff --git a/include/linux/memory.h b/include/linux/memory.h
82503index bb7384e..8b8d8d1 100644
82504--- a/include/linux/memory.h
82505+++ b/include/linux/memory.h
82506@@ -35,7 +35,7 @@ struct memory_block {
82507 };
82508
82509 int arch_get_memory_phys_device(unsigned long start_pfn);
82510-unsigned long __weak memory_block_size_bytes(void);
82511+unsigned long memory_block_size_bytes(void);
82512
82513 /* These states are exposed to userspace as text strings in sysfs */
82514 #define MEM_ONLINE (1<<0) /* exposed to userspace */
82515diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h 82424diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
82516index 5bba088..7ad4ae7 100644 82425index 5bba088..7ad4ae7 100644
82517--- a/include/linux/mempolicy.h 82426--- a/include/linux/mempolicy.h
@@ -82538,7 +82447,7 @@ index 5bba088..7ad4ae7 100644
82538 static inline int 82447 static inline int
82539 vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) 82448 vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
82540diff --git a/include/linux/mm.h b/include/linux/mm.h 82449diff --git a/include/linux/mm.h b/include/linux/mm.h
82541index 0a0b024..ebee54f 100644 82450index d5039da..71096b6 100644
82542--- a/include/linux/mm.h 82451--- a/include/linux/mm.h
82543+++ b/include/linux/mm.h 82452+++ b/include/linux/mm.h
82544@@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp); 82453@@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp);
@@ -82572,7 +82481,7 @@ index 0a0b024..ebee54f 100644
82572 82481
82573 struct mmu_gather; 82482 struct mmu_gather;
82574 struct inode; 82483 struct inode;
82575@@ -1112,8 +1118,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, 82484@@ -1120,8 +1126,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
82576 unsigned long *pfn); 82485 unsigned long *pfn);
82577 int follow_phys(struct vm_area_struct *vma, unsigned long address, 82486 int follow_phys(struct vm_area_struct *vma, unsigned long address,
82578 unsigned int flags, unsigned long *prot, resource_size_t *phys); 82487 unsigned int flags, unsigned long *prot, resource_size_t *phys);
@@ -82583,7 +82492,7 @@ index 0a0b024..ebee54f 100644
82583 82492
82584 static inline void unmap_shared_mapping_range(struct address_space *mapping, 82493 static inline void unmap_shared_mapping_range(struct address_space *mapping,
82585 loff_t const holebegin, loff_t const holelen) 82494 loff_t const holebegin, loff_t const holelen)
82586@@ -1153,9 +1159,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, 82495@@ -1161,9 +1167,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
82587 } 82496 }
82588 #endif 82497 #endif
82589 82498
@@ -82596,7 +82505,7 @@ index 0a0b024..ebee54f 100644
82596 82505
82597 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 82506 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
82598 unsigned long start, unsigned long nr_pages, 82507 unsigned long start, unsigned long nr_pages,
82599@@ -1187,34 +1193,6 @@ int set_page_dirty(struct page *page); 82508@@ -1195,34 +1201,6 @@ int set_page_dirty(struct page *page);
82600 int set_page_dirty_lock(struct page *page); 82509 int set_page_dirty_lock(struct page *page);
82601 int clear_page_dirty_for_io(struct page *page); 82510 int clear_page_dirty_for_io(struct page *page);
82602 82511
@@ -82631,7 +82540,7 @@ index 0a0b024..ebee54f 100644
82631 extern pid_t 82540 extern pid_t
82632 vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); 82541 vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
82633 82542
82634@@ -1314,6 +1292,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) 82543@@ -1322,6 +1300,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
82635 } 82544 }
82636 #endif 82545 #endif
82637 82546
@@ -82647,7 +82556,7 @@ index 0a0b024..ebee54f 100644
82647 int vma_wants_writenotify(struct vm_area_struct *vma); 82556 int vma_wants_writenotify(struct vm_area_struct *vma);
82648 82557
82649 extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, 82558 extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
82650@@ -1332,8 +1319,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, 82559@@ -1340,8 +1327,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
82651 { 82560 {
82652 return 0; 82561 return 0;
82653 } 82562 }
@@ -82663,7 +82572,7 @@ index 0a0b024..ebee54f 100644
82663 #endif 82572 #endif
82664 82573
82665 #ifdef __PAGETABLE_PMD_FOLDED 82574 #ifdef __PAGETABLE_PMD_FOLDED
82666@@ -1342,8 +1336,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, 82575@@ -1350,8 +1344,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
82667 { 82576 {
82668 return 0; 82577 return 0;
82669 } 82578 }
@@ -82679,7 +82588,7 @@ index 0a0b024..ebee54f 100644
82679 #endif 82588 #endif
82680 82589
82681 int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, 82590 int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
82682@@ -1361,11 +1362,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a 82591@@ -1369,11 +1370,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
82683 NULL: pud_offset(pgd, address); 82592 NULL: pud_offset(pgd, address);
82684 } 82593 }
82685 82594
@@ -82703,7 +82612,7 @@ index 0a0b024..ebee54f 100644
82703 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ 82612 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
82704 82613
82705 #if USE_SPLIT_PTE_PTLOCKS 82614 #if USE_SPLIT_PTE_PTLOCKS
82706@@ -1755,7 +1768,7 @@ extern int install_special_mapping(struct mm_struct *mm, 82615@@ -1763,7 +1776,7 @@ extern int install_special_mapping(struct mm_struct *mm,
82707 unsigned long addr, unsigned long len, 82616 unsigned long addr, unsigned long len,
82708 unsigned long flags, struct page **pages); 82617 unsigned long flags, struct page **pages);
82709 82618
@@ -82712,7 +82621,7 @@ index 0a0b024..ebee54f 100644
82712 82621
82713 extern unsigned long mmap_region(struct file *file, unsigned long addr, 82622 extern unsigned long mmap_region(struct file *file, unsigned long addr,
82714 unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); 82623 unsigned long len, vm_flags_t vm_flags, unsigned long pgoff);
82715@@ -1763,6 +1776,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, 82624@@ -1771,6 +1784,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
82716 unsigned long len, unsigned long prot, unsigned long flags, 82625 unsigned long len, unsigned long prot, unsigned long flags,
82717 unsigned long pgoff, unsigned long *populate); 82626 unsigned long pgoff, unsigned long *populate);
82718 extern int do_munmap(struct mm_struct *, unsigned long, size_t); 82627 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
@@ -82720,7 +82629,7 @@ index 0a0b024..ebee54f 100644
82720 82629
82721 #ifdef CONFIG_MMU 82630 #ifdef CONFIG_MMU
82722 extern int __mm_populate(unsigned long addr, unsigned long len, 82631 extern int __mm_populate(unsigned long addr, unsigned long len,
82723@@ -1791,10 +1805,11 @@ struct vm_unmapped_area_info { 82632@@ -1799,10 +1813,11 @@ struct vm_unmapped_area_info {
82724 unsigned long high_limit; 82633 unsigned long high_limit;
82725 unsigned long align_mask; 82634 unsigned long align_mask;
82726 unsigned long align_offset; 82635 unsigned long align_offset;
@@ -82734,7 +82643,7 @@ index 0a0b024..ebee54f 100644
82734 82643
82735 /* 82644 /*
82736 * Search for an unmapped address range. 82645 * Search for an unmapped address range.
82737@@ -1806,7 +1821,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); 82646@@ -1814,7 +1829,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
82738 * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) 82647 * - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
82739 */ 82648 */
82740 static inline unsigned long 82649 static inline unsigned long
@@ -82743,7 +82652,7 @@ index 0a0b024..ebee54f 100644
82743 { 82652 {
82744 if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) 82653 if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
82745 return unmapped_area(info); 82654 return unmapped_area(info);
82746@@ -1869,6 +1884,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add 82655@@ -1874,6 +1889,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
82747 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, 82656 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
82748 struct vm_area_struct **pprev); 82657 struct vm_area_struct **pprev);
82749 82658
@@ -82754,7 +82663,7 @@ index 0a0b024..ebee54f 100644
82754 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, 82663 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
82755 NULL if none. Assume start_addr < end_addr. */ 82664 NULL if none. Assume start_addr < end_addr. */
82756 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) 82665 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
82757@@ -1897,15 +1916,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, 82666@@ -1902,15 +1921,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
82758 return vma; 82667 return vma;
82759 } 82668 }
82760 82669
@@ -82770,7 +82679,7 @@ index 0a0b024..ebee54f 100644
82770 #ifdef CONFIG_NUMA_BALANCING 82679 #ifdef CONFIG_NUMA_BALANCING
82771 unsigned long change_prot_numa(struct vm_area_struct *vma, 82680 unsigned long change_prot_numa(struct vm_area_struct *vma,
82772 unsigned long start, unsigned long end); 82681 unsigned long start, unsigned long end);
82773@@ -1957,6 +1967,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); 82682@@ -1962,6 +1972,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
82774 static inline void vm_stat_account(struct mm_struct *mm, 82683 static inline void vm_stat_account(struct mm_struct *mm,
82775 unsigned long flags, struct file *file, long pages) 82684 unsigned long flags, struct file *file, long pages)
82776 { 82685 {
@@ -82782,7 +82691,7 @@ index 0a0b024..ebee54f 100644
82782 mm->total_vm += pages; 82691 mm->total_vm += pages;
82783 } 82692 }
82784 #endif /* CONFIG_PROC_FS */ 82693 #endif /* CONFIG_PROC_FS */
82785@@ -2038,7 +2053,7 @@ extern int unpoison_memory(unsigned long pfn); 82694@@ -2043,7 +2058,7 @@ extern int unpoison_memory(unsigned long pfn);
82786 extern int sysctl_memory_failure_early_kill; 82695 extern int sysctl_memory_failure_early_kill;
82787 extern int sysctl_memory_failure_recovery; 82696 extern int sysctl_memory_failure_recovery;
82788 extern void shake_page(struct page *p, int access); 82697 extern void shake_page(struct page *p, int access);
@@ -82791,7 +82700,7 @@ index 0a0b024..ebee54f 100644
82791 extern int soft_offline_page(struct page *page, int flags); 82700 extern int soft_offline_page(struct page *page, int flags);
82792 82701
82793 #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS) 82702 #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS)
82794@@ -2073,5 +2088,11 @@ void __init setup_nr_node_ids(void); 82703@@ -2078,5 +2093,11 @@ void __init setup_nr_node_ids(void);
82795 static inline void setup_nr_node_ids(void) {} 82704 static inline void setup_nr_node_ids(void) {}
82796 #endif 82705 #endif
82797 82706
@@ -82868,10 +82777,10 @@ index c5d5278..f0b68c8 100644
82868 } 82777 }
82869 82778
82870diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h 82779diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
82871index e6800f0..d59674e 100644 82780index 1884353..626ca6b 100644
82872--- a/include/linux/mmzone.h 82781--- a/include/linux/mmzone.h
82873+++ b/include/linux/mmzone.h 82782+++ b/include/linux/mmzone.h
82874@@ -400,7 +400,7 @@ struct zone { 82783@@ -401,7 +401,7 @@ struct zone {
82875 unsigned long flags; /* zone flags, see below */ 82784 unsigned long flags; /* zone flags, see below */
82876 82785
82877 /* Zone statistics */ 82786 /* Zone statistics */
@@ -85957,24 +85866,8 @@ index 4a5b9a3..ca27d73 100644
85957 .update = sctp_csum_update, 85866 .update = sctp_csum_update,
85958 .combine = sctp_csum_combine, 85867 .combine = sctp_csum_combine,
85959 }; 85868 };
85960diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
85961index a3353f4..ba41e01 100644
85962--- a/include/net/sctp/sctp.h
85963+++ b/include/net/sctp/sctp.h
85964@@ -433,6 +433,11 @@ static inline void sctp_assoc_pending_pmtu(struct sock *sk, struct sctp_associat
85965 asoc->pmtu_pending = 0;
85966 }
85967
85968+static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk)
85969+{
85970+ return !list_empty(&chunk->list);
85971+}
85972+
85973 /* Walk through a list of TLV parameters. Don't trust the
85974 * individual parameter lengths and instead depend on
85975 * the chunk length to indicate when to stop. Make sure
85976diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h 85869diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
85977index 7f4eeb3..aaa63d9 100644 85870index 72a31db..aaa63d9 100644
85978--- a/include/net/sctp/sm.h 85871--- a/include/net/sctp/sm.h
85979+++ b/include/net/sctp/sm.h 85872+++ b/include/net/sctp/sm.h
85980@@ -80,7 +80,7 @@ typedef void (sctp_timer_event_t) (unsigned long); 85873@@ -80,7 +80,7 @@ typedef void (sctp_timer_event_t) (unsigned long);
@@ -85986,19 +85879,6 @@ index 7f4eeb3..aaa63d9 100644
85986 85879
85987 /* A naming convention of "sctp_sf_xxx" applies to all the state functions 85880 /* A naming convention of "sctp_sf_xxx" applies to all the state functions
85988 * currently in use. 85881 * currently in use.
85989@@ -248,9 +248,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *,
85990 int, __be16);
85991 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
85992 union sctp_addr *addr);
85993-int sctp_verify_asconf(const struct sctp_association *asoc,
85994- struct sctp_paramhdr *param_hdr, void *chunk_end,
85995- struct sctp_paramhdr **errp);
85996+bool sctp_verify_asconf(const struct sctp_association *asoc,
85997+ struct sctp_chunk *chunk, bool addr_param_needed,
85998+ struct sctp_paramhdr **errp);
85999 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
86000 struct sctp_chunk *asconf);
86001 int sctp_process_asconf_ack(struct sctp_association *asoc,
86002@@ -292,7 +292,7 @@ __u32 sctp_generate_tag(const struct sctp_endpoint *); 85882@@ -292,7 +292,7 @@ __u32 sctp_generate_tag(const struct sctp_endpoint *);
86003 __u32 sctp_generate_tsn(const struct sctp_endpoint *); 85883 __u32 sctp_generate_tsn(const struct sctp_endpoint *);
86004 85884
@@ -87234,7 +87114,7 @@ index f486b00..442867f 100644
87234 case SHMDT: 87114 case SHMDT:
87235 return sys_shmdt(compat_ptr(ptr)); 87115 return sys_shmdt(compat_ptr(ptr));
87236diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c 87116diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
87237index 1702864..797fa84 100644 87117index cadddc8..c263084 100644
87238--- a/ipc/ipc_sysctl.c 87118--- a/ipc/ipc_sysctl.c
87239+++ b/ipc/ipc_sysctl.c 87119+++ b/ipc/ipc_sysctl.c
87240@@ -30,7 +30,7 @@ static void *get_ipc(ctl_table *table) 87120@@ -30,7 +30,7 @@ static void *get_ipc(ctl_table *table)
@@ -87279,9 +87159,9 @@ index 1702864..797fa84 100644
87279 { 87159 {
87280- struct ctl_table ipc_table; 87160- struct ctl_table ipc_table;
87281+ ctl_table_no_const ipc_table; 87161+ ctl_table_no_const ipc_table;
87282 size_t lenp_bef = *lenp;
87283 int oldval; 87162 int oldval;
87284 int rc; 87163 int rc;
87164
87285diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c 87165diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
87286index 5bb8bfe..a38ec05 100644 87166index 5bb8bfe..a38ec05 100644
87287--- a/ipc/mq_sysctl.c 87167--- a/ipc/mq_sysctl.c
@@ -87513,7 +87393,7 @@ index 8d6e145..33e0b1e 100644
87513 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; 87393 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
87514 set_fs(fs); 87394 set_fs(fs);
87515diff --git a/kernel/audit.c b/kernel/audit.c 87395diff --git a/kernel/audit.c b/kernel/audit.c
87516index 2c0ecd1..80d068a 100644 87396index b45b2da..159e8c4 100644
87517--- a/kernel/audit.c 87397--- a/kernel/audit.c
87518+++ b/kernel/audit.c 87398+++ b/kernel/audit.c
87519@@ -122,7 +122,7 @@ u32 audit_sig_sid = 0; 87399@@ -122,7 +122,7 @@ u32 audit_sig_sid = 0;
@@ -88117,10 +87997,10 @@ index 0b097c8..11dd5c5 100644
88117 #ifdef CONFIG_MODULE_UNLOAD 87997 #ifdef CONFIG_MODULE_UNLOAD
88118 { 87998 {
88119diff --git a/kernel/events/core.c b/kernel/events/core.c 87999diff --git a/kernel/events/core.c b/kernel/events/core.c
88120index 4ced342f..6624485 100644 88000index 4bbb27a..decf605 100644
88121--- a/kernel/events/core.c 88001--- a/kernel/events/core.c
88122+++ b/kernel/events/core.c 88002+++ b/kernel/events/core.c
88123@@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu; 88003@@ -159,8 +159,15 @@ static struct srcu_struct pmus_srcu;
88124 * 0 - disallow raw tracepoint access for unpriv 88004 * 0 - disallow raw tracepoint access for unpriv
88125 * 1 - disallow cpu events for unpriv 88005 * 1 - disallow cpu events for unpriv
88126 * 2 - disallow kernel profiling for unpriv 88006 * 2 - disallow kernel profiling for unpriv
@@ -88137,7 +88017,7 @@ index 4ced342f..6624485 100644
88137 88017
88138 /* Minimum for 512 kiB + 1 user control page */ 88018 /* Minimum for 512 kiB + 1 user control page */
88139 int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ 88019 int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
88140@@ -185,7 +192,7 @@ void update_perf_cpu_limits(void) 88020@@ -186,7 +193,7 @@ void update_perf_cpu_limits(void)
88141 88021
88142 tmp *= sysctl_perf_cpu_time_max_percent; 88022 tmp *= sysctl_perf_cpu_time_max_percent;
88143 do_div(tmp, 100); 88023 do_div(tmp, 100);
@@ -88146,7 +88026,7 @@ index 4ced342f..6624485 100644
88146 } 88026 }
88147 88027
88148 static int perf_rotate_context(struct perf_cpu_context *cpuctx); 88028 static int perf_rotate_context(struct perf_cpu_context *cpuctx);
88149@@ -272,7 +279,7 @@ void perf_sample_event_took(u64 sample_len_ns) 88029@@ -273,7 +280,7 @@ void perf_sample_event_took(u64 sample_len_ns)
88150 update_perf_cpu_limits(); 88030 update_perf_cpu_limits();
88151 } 88031 }
88152 88032
@@ -88155,7 +88035,7 @@ index 4ced342f..6624485 100644
88155 88035
88156 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, 88036 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
88157 enum event_type_t event_type); 88037 enum event_type_t event_type);
88158@@ -3010,7 +3017,7 @@ static void __perf_event_read(void *info) 88038@@ -3011,7 +3018,7 @@ static void __perf_event_read(void *info)
88159 88039
88160 static inline u64 perf_event_count(struct perf_event *event) 88040 static inline u64 perf_event_count(struct perf_event *event)
88161 { 88041 {
@@ -88164,7 +88044,7 @@ index 4ced342f..6624485 100644
88164 } 88044 }
88165 88045
88166 static u64 perf_event_read(struct perf_event *event) 88046 static u64 perf_event_read(struct perf_event *event)
88167@@ -3375,9 +3382,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) 88047@@ -3376,9 +3383,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
88168 mutex_lock(&event->child_mutex); 88048 mutex_lock(&event->child_mutex);
88169 total += perf_event_read(event); 88049 total += perf_event_read(event);
88170 *enabled += event->total_time_enabled + 88050 *enabled += event->total_time_enabled +
@@ -88176,7 +88056,7 @@ index 4ced342f..6624485 100644
88176 88056
88177 list_for_each_entry(child, &event->child_list, child_list) { 88057 list_for_each_entry(child, &event->child_list, child_list) {
88178 total += perf_event_read(child); 88058 total += perf_event_read(child);
88179@@ -3806,10 +3813,10 @@ void perf_event_update_userpage(struct perf_event *event) 88059@@ -3827,10 +3834,10 @@ void perf_event_update_userpage(struct perf_event *event)
88180 userpg->offset -= local64_read(&event->hw.prev_count); 88060 userpg->offset -= local64_read(&event->hw.prev_count);
88181 88061
88182 userpg->time_enabled = enabled + 88062 userpg->time_enabled = enabled +
@@ -88189,7 +88069,7 @@ index 4ced342f..6624485 100644
88189 88069
88190 arch_perf_update_userpage(userpg, now); 88070 arch_perf_update_userpage(userpg, now);
88191 88071
88192@@ -4360,7 +4367,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, 88072@@ -4381,7 +4388,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
88193 88073
88194 /* Data. */ 88074 /* Data. */
88195 sp = perf_user_stack_pointer(regs); 88075 sp = perf_user_stack_pointer(regs);
@@ -88198,7 +88078,7 @@ index 4ced342f..6624485 100644
88198 dyn_size = dump_size - rem; 88078 dyn_size = dump_size - rem;
88199 88079
88200 perf_output_skip(handle, rem); 88080 perf_output_skip(handle, rem);
88201@@ -4451,11 +4458,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, 88081@@ -4472,11 +4479,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
88202 values[n++] = perf_event_count(event); 88082 values[n++] = perf_event_count(event);
88203 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { 88083 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
88204 values[n++] = enabled + 88084 values[n++] = enabled +
@@ -88212,7 +88092,7 @@ index 4ced342f..6624485 100644
88212 } 88092 }
88213 if (read_format & PERF_FORMAT_ID) 88093 if (read_format & PERF_FORMAT_ID)
88214 values[n++] = primary_event_id(event); 88094 values[n++] = primary_event_id(event);
88215@@ -6734,7 +6741,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, 88095@@ -6755,7 +6762,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
88216 event->parent = parent_event; 88096 event->parent = parent_event;
88217 88097
88218 event->ns = get_pid_ns(task_active_pid_ns(current)); 88098 event->ns = get_pid_ns(task_active_pid_ns(current));
@@ -88221,7 +88101,7 @@ index 4ced342f..6624485 100644
88221 88101
88222 event->state = PERF_EVENT_STATE_INACTIVE; 88102 event->state = PERF_EVENT_STATE_INACTIVE;
88223 88103
88224@@ -7034,6 +7041,11 @@ SYSCALL_DEFINE5(perf_event_open, 88104@@ -7055,6 +7062,11 @@ SYSCALL_DEFINE5(perf_event_open,
88225 if (flags & ~PERF_FLAG_ALL) 88105 if (flags & ~PERF_FLAG_ALL)
88226 return -EINVAL; 88106 return -EINVAL;
88227 88107
@@ -88233,7 +88113,7 @@ index 4ced342f..6624485 100644
88233 err = perf_copy_attr(attr_uptr, &attr); 88113 err = perf_copy_attr(attr_uptr, &attr);
88234 if (err) 88114 if (err)
88235 return err; 88115 return err;
88236@@ -7372,10 +7384,10 @@ static void sync_child_event(struct perf_event *child_event, 88116@@ -7393,10 +7405,10 @@ static void sync_child_event(struct perf_event *child_event,
88237 /* 88117 /*
88238 * Add back the child's count to the parent's count: 88118 * Add back the child's count to the parent's count:
88239 */ 88119 */
@@ -91264,7 +91144,7 @@ index 732f8ae..42c1919 100644
91264 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { 91144 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
91265 per_cpu(rcu_torture_count, cpu)[i] = 0; 91145 per_cpu(rcu_torture_count, cpu)[i] = 0;
91266diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c 91146diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
91267index b3d116c..ebf6598 100644 91147index 6705d94..137e56f 100644
91268--- a/kernel/rcu/tree.c 91148--- a/kernel/rcu/tree.c
91269+++ b/kernel/rcu/tree.c 91149+++ b/kernel/rcu/tree.c
91270@@ -390,9 +390,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, 91150@@ -390,9 +390,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
@@ -91349,7 +91229,7 @@ index b3d116c..ebf6598 100644
91349 snap = (unsigned int)rdp->dynticks_snap; 91229 snap = (unsigned int)rdp->dynticks_snap;
91350 91230
91351 /* 91231 /*
91352@@ -1450,9 +1450,9 @@ static int rcu_gp_init(struct rcu_state *rsp) 91232@@ -1466,9 +1466,9 @@ static int rcu_gp_init(struct rcu_state *rsp)
91353 rdp = this_cpu_ptr(rsp->rda); 91233 rdp = this_cpu_ptr(rsp->rda);
91354 rcu_preempt_check_blocked_tasks(rnp); 91234 rcu_preempt_check_blocked_tasks(rnp);
91355 rnp->qsmask = rnp->qsmaskinit; 91235 rnp->qsmask = rnp->qsmaskinit;
@@ -91361,7 +91241,7 @@ index b3d116c..ebf6598 100644
91361 if (rnp == rdp->mynode) 91241 if (rnp == rdp->mynode)
91362 __note_gp_changes(rsp, rnp, rdp); 91242 __note_gp_changes(rsp, rnp, rdp);
91363 rcu_preempt_boost_start_gp(rnp); 91243 rcu_preempt_boost_start_gp(rnp);
91364@@ -1546,7 +1546,7 @@ static void rcu_gp_cleanup(struct rcu_state *rsp) 91244@@ -1562,7 +1562,7 @@ static void rcu_gp_cleanup(struct rcu_state *rsp)
91365 rcu_for_each_node_breadth_first(rsp, rnp) { 91245 rcu_for_each_node_breadth_first(rsp, rnp) {
91366 raw_spin_lock_irq(&rnp->lock); 91246 raw_spin_lock_irq(&rnp->lock);
91367 smp_mb__after_unlock_lock(); 91247 smp_mb__after_unlock_lock();
@@ -91370,7 +91250,7 @@ index b3d116c..ebf6598 100644
91370 rdp = this_cpu_ptr(rsp->rda); 91250 rdp = this_cpu_ptr(rsp->rda);
91371 if (rnp == rdp->mynode) 91251 if (rnp == rdp->mynode)
91372 __note_gp_changes(rsp, rnp, rdp); 91252 __note_gp_changes(rsp, rnp, rdp);
91373@@ -1912,7 +1912,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, 91253@@ -1928,7 +1928,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp,
91374 rsp->qlen += rdp->qlen; 91254 rsp->qlen += rdp->qlen;
91375 rdp->n_cbs_orphaned += rdp->qlen; 91255 rdp->n_cbs_orphaned += rdp->qlen;
91376 rdp->qlen_lazy = 0; 91256 rdp->qlen_lazy = 0;
@@ -91379,7 +91259,7 @@ index b3d116c..ebf6598 100644
91379 } 91259 }
91380 91260
91381 /* 91261 /*
91382@@ -2159,7 +2159,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) 91262@@ -2175,7 +2175,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
91383 } 91263 }
91384 smp_mb(); /* List handling before counting for rcu_barrier(). */ 91264 smp_mb(); /* List handling before counting for rcu_barrier(). */
91385 rdp->qlen_lazy -= count_lazy; 91265 rdp->qlen_lazy -= count_lazy;
@@ -91388,7 +91268,7 @@ index b3d116c..ebf6598 100644
91388 rdp->n_cbs_invoked += count; 91268 rdp->n_cbs_invoked += count;
91389 91269
91390 /* Reinstate batch limit if we have worked down the excess. */ 91270 /* Reinstate batch limit if we have worked down the excess. */
91391@@ -2362,7 +2362,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) 91271@@ -2378,7 +2378,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
91392 /* 91272 /*
91393 * Do RCU core processing for the current CPU. 91273 * Do RCU core processing for the current CPU.
91394 */ 91274 */
@@ -91397,7 +91277,7 @@ index b3d116c..ebf6598 100644
91397 { 91277 {
91398 struct rcu_state *rsp; 91278 struct rcu_state *rsp;
91399 91279
91400@@ -2470,7 +2470,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), 91280@@ -2486,7 +2486,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
91401 WARN_ON_ONCE((unsigned long)head & 0x3); /* Misaligned rcu_head! */ 91281 WARN_ON_ONCE((unsigned long)head & 0x3); /* Misaligned rcu_head! */
91402 if (debug_rcu_head_queue(head)) { 91282 if (debug_rcu_head_queue(head)) {
91403 /* Probable double call_rcu(), so leak the callback. */ 91283 /* Probable double call_rcu(), so leak the callback. */
@@ -91406,7 +91286,7 @@ index b3d116c..ebf6598 100644
91406 WARN_ONCE(1, "__call_rcu(): Leaked duplicate callback\n"); 91286 WARN_ONCE(1, "__call_rcu(): Leaked duplicate callback\n");
91407 return; 91287 return;
91408 } 91288 }
91409@@ -2498,7 +2498,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), 91289@@ -2514,7 +2514,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
91410 local_irq_restore(flags); 91290 local_irq_restore(flags);
91411 return; 91291 return;
91412 } 91292 }
@@ -91415,7 +91295,7 @@ index b3d116c..ebf6598 100644
91415 if (lazy) 91295 if (lazy)
91416 rdp->qlen_lazy++; 91296 rdp->qlen_lazy++;
91417 else 91297 else
91418@@ -2707,11 +2707,11 @@ void synchronize_sched_expedited(void) 91298@@ -2723,11 +2723,11 @@ void synchronize_sched_expedited(void)
91419 * counter wrap on a 32-bit system. Quite a few more CPUs would of 91299 * counter wrap on a 32-bit system. Quite a few more CPUs would of
91420 * course be required on a 64-bit system. 91300 * course be required on a 64-bit system.
91421 */ 91301 */
@@ -91429,7 +91309,7 @@ index b3d116c..ebf6598 100644
91429 return; 91309 return;
91430 } 91310 }
91431 91311
91432@@ -2719,7 +2719,7 @@ void synchronize_sched_expedited(void) 91312@@ -2735,7 +2735,7 @@ void synchronize_sched_expedited(void)
91433 * Take a ticket. Note that atomic_inc_return() implies a 91313 * Take a ticket. Note that atomic_inc_return() implies a
91434 * full memory barrier. 91314 * full memory barrier.
91435 */ 91315 */
@@ -91438,7 +91318,7 @@ index b3d116c..ebf6598 100644
91438 firstsnap = snap; 91318 firstsnap = snap;
91439 get_online_cpus(); 91319 get_online_cpus();
91440 WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id())); 91320 WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id()));
91441@@ -2732,14 +2732,14 @@ void synchronize_sched_expedited(void) 91321@@ -2748,14 +2748,14 @@ void synchronize_sched_expedited(void)
91442 synchronize_sched_expedited_cpu_stop, 91322 synchronize_sched_expedited_cpu_stop,
91443 NULL) == -EAGAIN) { 91323 NULL) == -EAGAIN) {
91444 put_online_cpus(); 91324 put_online_cpus();
@@ -91455,7 +91335,7 @@ index b3d116c..ebf6598 100644
91455 return; 91335 return;
91456 } 91336 }
91457 91337
91458@@ -2748,7 +2748,7 @@ void synchronize_sched_expedited(void) 91338@@ -2764,7 +2764,7 @@ void synchronize_sched_expedited(void)
91459 udelay(trycount * num_online_cpus()); 91339 udelay(trycount * num_online_cpus());
91460 } else { 91340 } else {
91461 wait_rcu_gp(call_rcu_sched); 91341 wait_rcu_gp(call_rcu_sched);
@@ -91464,7 +91344,7 @@ index b3d116c..ebf6598 100644
91464 return; 91344 return;
91465 } 91345 }
91466 91346
91467@@ -2757,7 +2757,7 @@ void synchronize_sched_expedited(void) 91347@@ -2773,7 +2773,7 @@ void synchronize_sched_expedited(void)
91468 if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) { 91348 if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) {
91469 /* ensure test happens before caller kfree */ 91349 /* ensure test happens before caller kfree */
91470 smp_mb__before_atomic_inc(); /* ^^^ */ 91350 smp_mb__before_atomic_inc(); /* ^^^ */
@@ -91473,7 +91353,7 @@ index b3d116c..ebf6598 100644
91473 return; 91353 return;
91474 } 91354 }
91475 91355
91476@@ -2769,10 +2769,10 @@ void synchronize_sched_expedited(void) 91356@@ -2785,10 +2785,10 @@ void synchronize_sched_expedited(void)
91477 * period works for us. 91357 * period works for us.
91478 */ 91358 */
91479 get_online_cpus(); 91359 get_online_cpus();
@@ -91486,7 +91366,7 @@ index b3d116c..ebf6598 100644
91486 91366
91487 /* 91367 /*
91488 * Everyone up to our most recent fetch is covered by our grace 91368 * Everyone up to our most recent fetch is covered by our grace
91489@@ -2781,16 +2781,16 @@ void synchronize_sched_expedited(void) 91369@@ -2797,16 +2797,16 @@ void synchronize_sched_expedited(void)
91490 * than we did already did their update. 91370 * than we did already did their update.
91491 */ 91371 */
91492 do { 91372 do {
@@ -91506,7 +91386,7 @@ index b3d116c..ebf6598 100644
91506 91386
91507 put_online_cpus(); 91387 put_online_cpus();
91508 } 91388 }
91509@@ -2996,7 +2996,7 @@ static void _rcu_barrier(struct rcu_state *rsp) 91389@@ -3012,7 +3012,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
91510 * ACCESS_ONCE() to prevent the compiler from speculating 91390 * ACCESS_ONCE() to prevent the compiler from speculating
91511 * the increment to precede the early-exit check. 91391 * the increment to precede the early-exit check.
91512 */ 91392 */
@@ -91515,7 +91395,7 @@ index b3d116c..ebf6598 100644
91515 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1); 91395 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1);
91516 _rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done); 91396 _rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done);
91517 smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */ 91397 smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */
91518@@ -3046,7 +3046,7 @@ static void _rcu_barrier(struct rcu_state *rsp) 91398@@ -3062,7 +3062,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
91519 91399
91520 /* Increment ->n_barrier_done to prevent duplicate work. */ 91400 /* Increment ->n_barrier_done to prevent duplicate work. */
91521 smp_mb(); /* Keep increment after above mechanism. */ 91401 smp_mb(); /* Keep increment after above mechanism. */
@@ -91524,7 +91404,7 @@ index b3d116c..ebf6598 100644
91524 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0); 91404 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0);
91525 _rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done); 91405 _rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done);
91526 smp_mb(); /* Keep increment before caller's subsequent code. */ 91406 smp_mb(); /* Keep increment before caller's subsequent code. */
91527@@ -3091,10 +3091,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) 91407@@ -3107,10 +3107,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
91528 rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo); 91408 rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo);
91529 init_callback_list(rdp); 91409 init_callback_list(rdp);
91530 rdp->qlen_lazy = 0; 91410 rdp->qlen_lazy = 0;
@@ -91537,7 +91417,7 @@ index b3d116c..ebf6598 100644
91537 rdp->cpu = cpu; 91417 rdp->cpu = cpu;
91538 rdp->rsp = rsp; 91418 rdp->rsp = rsp;
91539 rcu_boot_init_nocb_percpu_data(rdp); 91419 rcu_boot_init_nocb_percpu_data(rdp);
91540@@ -3128,8 +3128,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) 91420@@ -3144,8 +3144,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
91541 init_callback_list(rdp); /* Re-enable callbacks on this CPU. */ 91421 init_callback_list(rdp); /* Re-enable callbacks on this CPU. */
91542 rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE; 91422 rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE;
91543 rcu_sysidle_init_percpu_data(rdp->dynticks); 91423 rcu_sysidle_init_percpu_data(rdp->dynticks);
@@ -94254,7 +94134,7 @@ index 963b703..438bc51 100644
94254 /** 94134 /**
94255 * percpu_ref_init - initialize a percpu refcount 94135 * percpu_ref_init - initialize a percpu refcount
94256diff --git a/lib/radix-tree.c b/lib/radix-tree.c 94136diff --git a/lib/radix-tree.c b/lib/radix-tree.c
94257index bd4a8df..9e4804f 100644 94137index 7e30d2a..eccc695 100644
94258--- a/lib/radix-tree.c 94138--- a/lib/radix-tree.c
94259+++ b/lib/radix-tree.c 94139+++ b/lib/radix-tree.c
94260@@ -93,7 +93,7 @@ struct radix_tree_preload { 94140@@ -93,7 +93,7 @@ struct radix_tree_preload {
@@ -94550,10 +94430,10 @@ index 09d9591..165bb75 100644
94550 bdi_destroy(bdi); 94430 bdi_destroy(bdi);
94551 return err; 94431 return err;
94552diff --git a/mm/filemap.c b/mm/filemap.c 94432diff --git a/mm/filemap.c b/mm/filemap.c
94553index c2cc7c9..50ef696 100644 94433index bdaa215..2949940 100644
94554--- a/mm/filemap.c 94434--- a/mm/filemap.c
94555+++ b/mm/filemap.c 94435+++ b/mm/filemap.c
94556@@ -1768,7 +1768,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) 94436@@ -1998,7 +1998,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
94557 struct address_space *mapping = file->f_mapping; 94437 struct address_space *mapping = file->f_mapping;
94558 94438
94559 if (!mapping->a_ops->readpage) 94439 if (!mapping->a_ops->readpage)
@@ -94562,7 +94442,7 @@ index c2cc7c9..50ef696 100644
94562 file_accessed(file); 94442 file_accessed(file);
94563 vma->vm_ops = &generic_file_vm_ops; 94443 vma->vm_ops = &generic_file_vm_ops;
94564 return 0; 94444 return 0;
94565@@ -1950,7 +1950,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, 94445@@ -2162,7 +2162,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr,
94566 94446
94567 while (bytes) { 94447 while (bytes) {
94568 char __user *buf = iov->iov_base + base; 94448 char __user *buf = iov->iov_base + base;
@@ -94571,8 +94451,8 @@ index c2cc7c9..50ef696 100644
94571 94451
94572 base = 0; 94452 base = 0;
94573 left = __copy_from_user_inatomic(vaddr, buf, copy); 94453 left = __copy_from_user_inatomic(vaddr, buf, copy);
94574@@ -1979,7 +1979,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, 94454@@ -2190,7 +2190,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page,
94575 BUG_ON(!in_atomic()); 94455
94576 kaddr = kmap_atomic(page); 94456 kaddr = kmap_atomic(page);
94577 if (likely(i->nr_segs == 1)) { 94457 if (likely(i->nr_segs == 1)) {
94578- int left; 94458- int left;
@@ -94580,7 +94460,7 @@ index c2cc7c9..50ef696 100644
94580 char __user *buf = i->iov->iov_base + i->iov_offset; 94460 char __user *buf = i->iov->iov_base + i->iov_offset;
94581 left = __copy_from_user_inatomic(kaddr + offset, buf, bytes); 94461 left = __copy_from_user_inatomic(kaddr + offset, buf, bytes);
94582 copied = bytes - left; 94462 copied = bytes - left;
94583@@ -2007,7 +2007,7 @@ size_t iov_iter_copy_from_user(struct page *page, 94463@@ -2218,7 +2218,7 @@ size_t iov_iter_copy_from_user(struct page *page,
94584 94464
94585 kaddr = kmap(page); 94465 kaddr = kmap(page);
94586 if (likely(i->nr_segs == 1)) { 94466 if (likely(i->nr_segs == 1)) {
@@ -94589,7 +94469,7 @@ index c2cc7c9..50ef696 100644
94589 char __user *buf = i->iov->iov_base + i->iov_offset; 94469 char __user *buf = i->iov->iov_base + i->iov_offset;
94590 left = __copy_from_user(kaddr + offset, buf, bytes); 94470 left = __copy_from_user(kaddr + offset, buf, bytes);
94591 copied = bytes - left; 94471 copied = bytes - left;
94592@@ -2037,7 +2037,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) 94472@@ -2248,7 +2248,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes)
94593 * zero-length segments (without overruning the iovec). 94473 * zero-length segments (without overruning the iovec).
94594 */ 94474 */
94595 while (bytes || unlikely(i->count && !iov->iov_len)) { 94475 while (bytes || unlikely(i->count && !iov->iov_len)) {
@@ -94598,7 +94478,7 @@ index c2cc7c9..50ef696 100644
94598 94478
94599 copy = min(bytes, iov->iov_len - base); 94479 copy = min(bytes, iov->iov_len - base);
94600 BUG_ON(!i->count || i->count < copy); 94480 BUG_ON(!i->count || i->count < copy);
94601@@ -2108,6 +2108,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i 94481@@ -2319,6 +2319,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
94602 *pos = i_size_read(inode); 94482 *pos = i_size_read(inode);
94603 94483
94604 if (limit != RLIM_INFINITY) { 94484 if (limit != RLIM_INFINITY) {
@@ -94788,10 +94668,10 @@ index 67d0c17..b22c193 100644
94788 if (!ptep) 94668 if (!ptep)
94789 return VM_FAULT_OOM; 94669 return VM_FAULT_OOM;
94790diff --git a/mm/internal.h b/mm/internal.h 94670diff --git a/mm/internal.h b/mm/internal.h
94791index 3e91000..4741a60 100644 94671index 1a8a0d4..2c580ef 100644
94792--- a/mm/internal.h 94672--- a/mm/internal.h
94793+++ b/mm/internal.h 94673+++ b/mm/internal.h
94794@@ -94,6 +94,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); 94674@@ -109,6 +109,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address);
94795 * in mm/page_alloc.c 94675 * in mm/page_alloc.c
94796 */ 94676 */
94797 extern void __free_pages_bootmem(struct page *page, unsigned int order); 94677 extern void __free_pages_bootmem(struct page *page, unsigned int order);
@@ -94799,7 +94679,7 @@ index 3e91000..4741a60 100644
94799 extern void prep_compound_page(struct page *page, unsigned long order); 94679 extern void prep_compound_page(struct page *page, unsigned long order);
94800 #ifdef CONFIG_MEMORY_FAILURE 94680 #ifdef CONFIG_MEMORY_FAILURE
94801 extern bool is_free_buddy_page(struct page *page); 94681 extern bool is_free_buddy_page(struct page *page);
94802@@ -352,7 +353,7 @@ extern u32 hwpoison_filter_enable; 94682@@ -370,7 +371,7 @@ extern u32 hwpoison_filter_enable;
94803 94683
94804 extern unsigned long vm_mmap_pgoff(struct file *, unsigned long, 94684 extern unsigned long vm_mmap_pgoff(struct file *, unsigned long,
94805 unsigned long, unsigned long, 94685 unsigned long, unsigned long,
@@ -94853,7 +94733,7 @@ index d53adf9..03a24bf 100644
94853 set_fs(old_fs); 94733 set_fs(old_fs);
94854 94734
94855diff --git a/mm/madvise.c b/mm/madvise.c 94735diff --git a/mm/madvise.c b/mm/madvise.c
94856index 539eeb9..e24a987 100644 94736index a402f8f..f5e5daa 100644
94857--- a/mm/madvise.c 94737--- a/mm/madvise.c
94858+++ b/mm/madvise.c 94738+++ b/mm/madvise.c
94859@@ -51,6 +51,10 @@ static long madvise_behavior(struct vm_area_struct *vma, 94739@@ -51,6 +51,10 @@ static long madvise_behavior(struct vm_area_struct *vma,
@@ -94933,7 +94813,7 @@ index 539eeb9..e24a987 100644
94933 if (end == start) 94813 if (end == start)
94934 return error; 94814 return error;
94935diff --git a/mm/memory-failure.c b/mm/memory-failure.c 94815diff --git a/mm/memory-failure.c b/mm/memory-failure.c
94936index 33365e9..2234ef9 100644 94816index a98c7fc..393f8f1 100644
94937--- a/mm/memory-failure.c 94817--- a/mm/memory-failure.c
94938+++ b/mm/memory-failure.c 94818+++ b/mm/memory-failure.c
94939@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; 94819@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -95783,7 +95663,7 @@ index 492e36f..b153792 100644
95783 mm = get_task_mm(tsk); 95663 mm = get_task_mm(tsk);
95784 if (!mm) 95664 if (!mm)
95785diff --git a/mm/mempolicy.c b/mm/mempolicy.c 95665diff --git a/mm/mempolicy.c b/mm/mempolicy.c
95786index 796c7e6..3e6ec8a 100644 95666index e8fff0f..8d10fb5 100644
95787--- a/mm/mempolicy.c 95667--- a/mm/mempolicy.c
95788+++ b/mm/mempolicy.c 95668+++ b/mm/mempolicy.c
95789@@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, 95669@@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -95859,10 +95739,10 @@ index 796c7e6..3e6ec8a 100644
95859 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); 95739 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
95860 95740
95861diff --git a/mm/migrate.c b/mm/migrate.c 95741diff --git a/mm/migrate.c b/mm/migrate.c
95862index 13f47fb..95c4b9f 100644 95742index 3acac4a..a186f71 100644
95863--- a/mm/migrate.c 95743--- a/mm/migrate.c
95864+++ b/mm/migrate.c 95744+++ b/mm/migrate.c
95865@@ -1488,8 +1488,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, 95745@@ -1511,8 +1511,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
95866 */ 95746 */
95867 tcred = __task_cred(task); 95747 tcred = __task_cred(task);
95868 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && 95748 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -97619,7 +97499,7 @@ index 9f45f87..749bfd8 100644
97619 unsigned long bg_thresh, 97499 unsigned long bg_thresh,
97620 unsigned long dirty, 97500 unsigned long dirty,
97621diff --git a/mm/page_alloc.c b/mm/page_alloc.c 97501diff --git a/mm/page_alloc.c b/mm/page_alloc.c
97622index 7b2611a..4407637 100644 97502index 4b25829..382c9bd 100644
97623--- a/mm/page_alloc.c 97503--- a/mm/page_alloc.c
97624+++ b/mm/page_alloc.c 97504+++ b/mm/page_alloc.c
97625@@ -61,6 +61,7 @@ 97505@@ -61,6 +61,7 @@
@@ -97715,7 +97595,7 @@ index 7b2611a..4407637 100644
97715 97595
97716 if (order && (gfp_flags & __GFP_COMP)) 97596 if (order && (gfp_flags & __GFP_COMP))
97717 prep_compound_page(page, order); 97597 prep_compound_page(page, order);
97718@@ -1957,7 +1997,7 @@ zonelist_scan: 97598@@ -1960,7 +2000,7 @@ zonelist_scan:
97719 if (alloc_flags & ALLOC_FAIR) { 97599 if (alloc_flags & ALLOC_FAIR) {
97720 if (!zone_local(preferred_zone, zone)) 97600 if (!zone_local(preferred_zone, zone))
97721 continue; 97601 continue;
@@ -97724,7 +97604,7 @@ index 7b2611a..4407637 100644
97724 continue; 97604 continue;
97725 } 97605 }
97726 /* 97606 /*
97727@@ -2422,7 +2462,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, 97607@@ -2424,7 +2464,7 @@ static void reset_alloc_batches(struct zonelist *zonelist,
97728 continue; 97608 continue;
97729 mod_zone_page_state(zone, NR_ALLOC_BATCH, 97609 mod_zone_page_state(zone, NR_ALLOC_BATCH,
97730 high_wmark_pages(zone) - low_wmark_pages(zone) - 97610 high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -97733,7 +97613,7 @@ index 7b2611a..4407637 100644
97733 } 97613 }
97734 } 97614 }
97735 97615
97736@@ -5671,7 +5711,7 @@ static void __setup_per_zone_wmarks(void) 97616@@ -5669,7 +5709,7 @@ static void __setup_per_zone_wmarks(void)
97737 97617
97738 __mod_zone_page_state(zone, NR_ALLOC_BATCH, 97618 __mod_zone_page_state(zone, NR_ALLOC_BATCH,
97739 high_wmark_pages(zone) - low_wmark_pages(zone) - 97619 high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -97742,7 +97622,7 @@ index 7b2611a..4407637 100644
97742 97622
97743 setup_zone_migrate_reserve(zone); 97623 setup_zone_migrate_reserve(zone);
97744 spin_unlock_irqrestore(&zone->lock, flags); 97624 spin_unlock_irqrestore(&zone->lock, flags);
97745@@ -6613,4 +6653,4 @@ void dump_page(struct page *page, char *reason) 97625@@ -6611,4 +6651,4 @@ void dump_page(struct page *page, char *reason)
97746 { 97626 {
97747 dump_page_badflags(page, reason, 0); 97627 dump_page_badflags(page, reason, 0);
97748 } 97628 }
@@ -97942,7 +97822,7 @@ index cdbd312..2e1e0b9 100644
97942 97822
97943 /* 97823 /*
97944diff --git a/mm/shmem.c b/mm/shmem.c 97824diff --git a/mm/shmem.c b/mm/shmem.c
97945index f0d698b..7037c25 100644 97825index 0f14475..c469130d 100644
97946--- a/mm/shmem.c 97826--- a/mm/shmem.c
97947+++ b/mm/shmem.c 97827+++ b/mm/shmem.c
97948@@ -33,7 +33,7 @@ 97828@@ -33,7 +33,7 @@
@@ -97963,7 +97843,7 @@ index f0d698b..7037c25 100644
97963 97843
97964 /* 97844 /*
97965 * shmem_fallocate communicates with shmem_fault or shmem_writepage via 97845 * shmem_fallocate communicates with shmem_fault or shmem_writepage via
97966@@ -2300,6 +2300,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { 97846@@ -2240,6 +2240,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
97967 static int shmem_xattr_validate(const char *name) 97847 static int shmem_xattr_validate(const char *name)
97968 { 97848 {
97969 struct { const char *prefix; size_t len; } arr[] = { 97849 struct { const char *prefix; size_t len; } arr[] = {
@@ -97975,7 +97855,7 @@ index f0d698b..7037c25 100644
97975 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, 97855 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
97976 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } 97856 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
97977 }; 97857 };
97978@@ -2355,6 +2360,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, 97858@@ -2295,6 +2300,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
97979 if (err) 97859 if (err)
97980 return err; 97860 return err;
97981 97861
@@ -97991,7 +97871,7 @@ index f0d698b..7037c25 100644
97991 return simple_xattr_set(&info->xattrs, name, value, size, flags); 97871 return simple_xattr_set(&info->xattrs, name, value, size, flags);
97992 } 97872 }
97993 97873
97994@@ -2667,8 +2681,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) 97874@@ -2607,8 +2621,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
97995 int err = -ENOMEM; 97875 int err = -ENOMEM;
97996 97876
97997 /* Round up to L1_CACHE_BYTES to resist false sharing */ 97877 /* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -99101,7 +98981,7 @@ index 63c3ea5..95c0858 100644
99101 } 98981 }
99102 } 98982 }
99103diff --git a/mm/swap.c b/mm/swap.c 98983diff --git a/mm/swap.c b/mm/swap.c
99104index 0092097..33361ff 100644 98984index c8048d7..099d1a3 100644
99105--- a/mm/swap.c 98985--- a/mm/swap.c
99106+++ b/mm/swap.c 98986+++ b/mm/swap.c
99107@@ -31,6 +31,7 @@ 98987@@ -31,6 +31,7 @@
@@ -100234,323 +100114,6 @@ index b543470..d2ddae2 100644
100234 100114
100235 if (!can_dir) { 100115 if (!can_dir) {
100236 printk(KERN_INFO "can: failed to create /proc/net/can . " 100116 printk(KERN_INFO "can: failed to create /proc/net/can . "
100237diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
100238index 6e7a236..06f19b9 100644
100239--- a/net/ceph/crypto.c
100240+++ b/net/ceph/crypto.c
100241@@ -89,11 +89,82 @@ static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void)
100242
100243 static const u8 *aes_iv = (u8 *)CEPH_AES_IV;
100244
100245+/*
100246+ * Should be used for buffers allocated with ceph_kvmalloc().
100247+ * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
100248+ * in-buffer (msg front).
100249+ *
100250+ * Dispose of @sgt with teardown_sgtable().
100251+ *
100252+ * @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
100253+ * in cases where a single sg is sufficient. No attempt to reduce the
100254+ * number of sgs by squeezing physically contiguous pages together is
100255+ * made though, for simplicity.
100256+ */
100257+static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg,
100258+ const void *buf, unsigned int buf_len)
100259+{
100260+ struct scatterlist *sg;
100261+ const bool is_vmalloc = is_vmalloc_addr(buf);
100262+ unsigned int off = offset_in_page(buf);
100263+ unsigned int chunk_cnt = 1;
100264+ unsigned int chunk_len = PAGE_ALIGN(off + buf_len);
100265+ int i;
100266+ int ret;
100267+
100268+ if (buf_len == 0) {
100269+ memset(sgt, 0, sizeof(*sgt));
100270+ return -EINVAL;
100271+ }
100272+
100273+ if (is_vmalloc) {
100274+ chunk_cnt = chunk_len >> PAGE_SHIFT;
100275+ chunk_len = PAGE_SIZE;
100276+ }
100277+
100278+ if (chunk_cnt > 1) {
100279+ ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS);
100280+ if (ret)
100281+ return ret;
100282+ } else {
100283+ WARN_ON(chunk_cnt != 1);
100284+ sg_init_table(prealloc_sg, 1);
100285+ sgt->sgl = prealloc_sg;
100286+ sgt->nents = sgt->orig_nents = 1;
100287+ }
100288+
100289+ for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {
100290+ struct page *page;
100291+ unsigned int len = min(chunk_len - off, buf_len);
100292+
100293+ if (is_vmalloc)
100294+ page = vmalloc_to_page(buf);
100295+ else
100296+ page = virt_to_page(buf);
100297+
100298+ sg_set_page(sg, page, len, off);
100299+
100300+ off = 0;
100301+ buf += len;
100302+ buf_len -= len;
100303+ }
100304+ WARN_ON(buf_len != 0);
100305+
100306+ return 0;
100307+}
100308+
100309+static void teardown_sgtable(struct sg_table *sgt)
100310+{
100311+ if (sgt->orig_nents > 1)
100312+ sg_free_table(sgt);
100313+}
100314+
100315 static int ceph_aes_encrypt(const void *key, int key_len,
100316 void *dst, size_t *dst_len,
100317 const void *src, size_t src_len)
100318 {
100319- struct scatterlist sg_in[2], sg_out[1];
100320+ struct scatterlist sg_in[2], prealloc_sg;
100321+ struct sg_table sg_out;
100322 struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
100323 struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
100324 int ret;
100325@@ -109,16 +180,18 @@ static int ceph_aes_encrypt(const void *key, int key_len,
100326
100327 *dst_len = src_len + zero_padding;
100328
100329- crypto_blkcipher_setkey((void *)tfm, key, key_len);
100330 sg_init_table(sg_in, 2);
100331 sg_set_buf(&sg_in[0], src, src_len);
100332 sg_set_buf(&sg_in[1], pad, zero_padding);
100333- sg_init_table(sg_out, 1);
100334- sg_set_buf(sg_out, dst, *dst_len);
100335+ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len);
100336+ if (ret)
100337+ goto out_tfm;
100338+
100339+ crypto_blkcipher_setkey((void *)tfm, key, key_len);
100340 iv = crypto_blkcipher_crt(tfm)->iv;
100341 ivsize = crypto_blkcipher_ivsize(tfm);
100342-
100343 memcpy(iv, aes_iv, ivsize);
100344+
100345 /*
100346 print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
100347 key, key_len, 1);
100348@@ -127,16 +200,22 @@ static int ceph_aes_encrypt(const void *key, int key_len,
100349 print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
100350 pad, zero_padding, 1);
100351 */
100352- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
100353+ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in,
100354 src_len + zero_padding);
100355- crypto_free_blkcipher(tfm);
100356- if (ret < 0)
100357+ if (ret < 0) {
100358 pr_err("ceph_aes_crypt failed %d\n", ret);
100359+ goto out_sg;
100360+ }
100361 /*
100362 print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1,
100363 dst, *dst_len, 1);
100364 */
100365- return 0;
100366+
100367+out_sg:
100368+ teardown_sgtable(&sg_out);
100369+out_tfm:
100370+ crypto_free_blkcipher(tfm);
100371+ return ret;
100372 }
100373
100374 static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
100375@@ -144,7 +223,8 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
100376 const void *src1, size_t src1_len,
100377 const void *src2, size_t src2_len)
100378 {
100379- struct scatterlist sg_in[3], sg_out[1];
100380+ struct scatterlist sg_in[3], prealloc_sg;
100381+ struct sg_table sg_out;
100382 struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
100383 struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
100384 int ret;
100385@@ -160,17 +240,19 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
100386
100387 *dst_len = src1_len + src2_len + zero_padding;
100388
100389- crypto_blkcipher_setkey((void *)tfm, key, key_len);
100390 sg_init_table(sg_in, 3);
100391 sg_set_buf(&sg_in[0], src1, src1_len);
100392 sg_set_buf(&sg_in[1], src2, src2_len);
100393 sg_set_buf(&sg_in[2], pad, zero_padding);
100394- sg_init_table(sg_out, 1);
100395- sg_set_buf(sg_out, dst, *dst_len);
100396+ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len);
100397+ if (ret)
100398+ goto out_tfm;
100399+
100400+ crypto_blkcipher_setkey((void *)tfm, key, key_len);
100401 iv = crypto_blkcipher_crt(tfm)->iv;
100402 ivsize = crypto_blkcipher_ivsize(tfm);
100403-
100404 memcpy(iv, aes_iv, ivsize);
100405+
100406 /*
100407 print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
100408 key, key_len, 1);
100409@@ -181,23 +263,30 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
100410 print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
100411 pad, zero_padding, 1);
100412 */
100413- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
100414+ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in,
100415 src1_len + src2_len + zero_padding);
100416- crypto_free_blkcipher(tfm);
100417- if (ret < 0)
100418+ if (ret < 0) {
100419 pr_err("ceph_aes_crypt2 failed %d\n", ret);
100420+ goto out_sg;
100421+ }
100422 /*
100423 print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1,
100424 dst, *dst_len, 1);
100425 */
100426- return 0;
100427+
100428+out_sg:
100429+ teardown_sgtable(&sg_out);
100430+out_tfm:
100431+ crypto_free_blkcipher(tfm);
100432+ return ret;
100433 }
100434
100435 static int ceph_aes_decrypt(const void *key, int key_len,
100436 void *dst, size_t *dst_len,
100437 const void *src, size_t src_len)
100438 {
100439- struct scatterlist sg_in[1], sg_out[2];
100440+ struct sg_table sg_in;
100441+ struct scatterlist sg_out[2], prealloc_sg;
100442 struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
100443 struct blkcipher_desc desc = { .tfm = tfm };
100444 char pad[16];
100445@@ -209,16 +298,16 @@ static int ceph_aes_decrypt(const void *key, int key_len,
100446 if (IS_ERR(tfm))
100447 return PTR_ERR(tfm);
100448
100449- crypto_blkcipher_setkey((void *)tfm, key, key_len);
100450- sg_init_table(sg_in, 1);
100451 sg_init_table(sg_out, 2);
100452- sg_set_buf(sg_in, src, src_len);
100453 sg_set_buf(&sg_out[0], dst, *dst_len);
100454 sg_set_buf(&sg_out[1], pad, sizeof(pad));
100455+ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len);
100456+ if (ret)
100457+ goto out_tfm;
100458
100459+ crypto_blkcipher_setkey((void *)tfm, key, key_len);
100460 iv = crypto_blkcipher_crt(tfm)->iv;
100461 ivsize = crypto_blkcipher_ivsize(tfm);
100462-
100463 memcpy(iv, aes_iv, ivsize);
100464
100465 /*
100466@@ -227,12 +316,10 @@ static int ceph_aes_decrypt(const void *key, int key_len,
100467 print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1,
100468 src, src_len, 1);
100469 */
100470-
100471- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len);
100472- crypto_free_blkcipher(tfm);
100473+ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len);
100474 if (ret < 0) {
100475 pr_err("ceph_aes_decrypt failed %d\n", ret);
100476- return ret;
100477+ goto out_sg;
100478 }
100479
100480 if (src_len <= *dst_len)
100481@@ -250,7 +337,12 @@ static int ceph_aes_decrypt(const void *key, int key_len,
100482 print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1,
100483 dst, *dst_len, 1);
100484 */
100485- return 0;
100486+
100487+out_sg:
100488+ teardown_sgtable(&sg_in);
100489+out_tfm:
100490+ crypto_free_blkcipher(tfm);
100491+ return ret;
100492 }
100493
100494 static int ceph_aes_decrypt2(const void *key, int key_len,
100495@@ -258,7 +350,8 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
100496 void *dst2, size_t *dst2_len,
100497 const void *src, size_t src_len)
100498 {
100499- struct scatterlist sg_in[1], sg_out[3];
100500+ struct sg_table sg_in;
100501+ struct scatterlist sg_out[3], prealloc_sg;
100502 struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
100503 struct blkcipher_desc desc = { .tfm = tfm };
100504 char pad[16];
100505@@ -270,17 +363,17 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
100506 if (IS_ERR(tfm))
100507 return PTR_ERR(tfm);
100508
100509- sg_init_table(sg_in, 1);
100510- sg_set_buf(sg_in, src, src_len);
100511 sg_init_table(sg_out, 3);
100512 sg_set_buf(&sg_out[0], dst1, *dst1_len);
100513 sg_set_buf(&sg_out[1], dst2, *dst2_len);
100514 sg_set_buf(&sg_out[2], pad, sizeof(pad));
100515+ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len);
100516+ if (ret)
100517+ goto out_tfm;
100518
100519 crypto_blkcipher_setkey((void *)tfm, key, key_len);
100520 iv = crypto_blkcipher_crt(tfm)->iv;
100521 ivsize = crypto_blkcipher_ivsize(tfm);
100522-
100523 memcpy(iv, aes_iv, ivsize);
100524
100525 /*
100526@@ -289,12 +382,10 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
100527 print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1,
100528 src, src_len, 1);
100529 */
100530-
100531- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len);
100532- crypto_free_blkcipher(tfm);
100533+ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len);
100534 if (ret < 0) {
100535 pr_err("ceph_aes_decrypt failed %d\n", ret);
100536- return ret;
100537+ goto out_sg;
100538 }
100539
100540 if (src_len <= *dst1_len)
100541@@ -324,7 +415,11 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
100542 dst2, *dst2_len, 1);
100543 */
100544
100545- return 0;
100546+out_sg:
100547+ teardown_sgtable(&sg_in);
100548+out_tfm:
100549+ crypto_free_blkcipher(tfm);
100550+ return ret;
100551 }
100552
100553
100554diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c 100117diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
100555index 2e87eec..6301eb0 100644 100118index 2e87eec..6301eb0 100644
100556--- a/net/ceph/messenger.c 100119--- a/net/ceph/messenger.c
@@ -101593,10 +101156,30 @@ index 07bd8ed..c574801 100644
101593 } 101156 }
101594 101157
101595diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c 101158diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
101596index bdbf68b..deb4759 100644 101159index bdbf68b..f0d9c83 100644
101597--- a/net/ipv4/devinet.c 101160--- a/net/ipv4/devinet.c
101598+++ b/net/ipv4/devinet.c 101161+++ b/net/ipv4/devinet.c
101599@@ -1543,7 +1543,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 101162@@ -69,7 +69,8 @@
101163
101164 static struct ipv4_devconf ipv4_devconf = {
101165 .data = {
101166- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
101167+ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
101168+ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
101169 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
101170 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
101171 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
101172@@ -80,7 +81,8 @@ static struct ipv4_devconf ipv4_devconf = {
101173
101174 static struct ipv4_devconf ipv4_devconf_dflt = {
101175 .data = {
101176- [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
101177+ [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 0,
101178+ [IPV4_DEVCONF_RP_FILTER - 1] = 1,
101179 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
101180 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
101181 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
101182@@ -1543,7 +1545,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
101600 idx = 0; 101183 idx = 0;
101601 head = &net->dev_index_head[h]; 101184 head = &net->dev_index_head[h];
101602 rcu_read_lock(); 101185 rcu_read_lock();
@@ -101605,7 +101188,7 @@ index bdbf68b..deb4759 100644
101605 net->dev_base_seq; 101188 net->dev_base_seq;
101606 hlist_for_each_entry_rcu(dev, head, index_hlist) { 101189 hlist_for_each_entry_rcu(dev, head, index_hlist) {
101607 if (idx < s_idx) 101190 if (idx < s_idx)
101608@@ -1861,7 +1861,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, 101191@@ -1861,7 +1863,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
101609 idx = 0; 101192 idx = 0;
101610 head = &net->dev_index_head[h]; 101193 head = &net->dev_index_head[h];
101611 rcu_read_lock(); 101194 rcu_read_lock();
@@ -101614,7 +101197,7 @@ index bdbf68b..deb4759 100644
101614 net->dev_base_seq; 101197 net->dev_base_seq;
101615 hlist_for_each_entry_rcu(dev, head, index_hlist) { 101198 hlist_for_each_entry_rcu(dev, head, index_hlist) {
101616 if (idx < s_idx) 101199 if (idx < s_idx)
101617@@ -2096,7 +2096,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, 101200@@ -2096,7 +2098,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
101618 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ 101201 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
101619 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) 101202 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
101620 101203
@@ -101623,7 +101206,7 @@ index bdbf68b..deb4759 100644
101623 struct ctl_table_header *sysctl_header; 101206 struct ctl_table_header *sysctl_header;
101624 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; 101207 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
101625 } devinet_sysctl = { 101208 } devinet_sysctl = {
101626@@ -2218,7 +2218,7 @@ static __net_init int devinet_init_net(struct net *net) 101209@@ -2218,7 +2220,7 @@ static __net_init int devinet_init_net(struct net *net)
101627 int err; 101210 int err;
101628 struct ipv4_devconf *all, *dflt; 101211 struct ipv4_devconf *all, *dflt;
101629 #ifdef CONFIG_SYSCTL 101212 #ifdef CONFIG_SYSCTL
@@ -101632,7 +101215,7 @@ index bdbf68b..deb4759 100644
101632 struct ctl_table_header *forw_hdr; 101215 struct ctl_table_header *forw_hdr;
101633 #endif 101216 #endif
101634 101217
101635@@ -2236,7 +2236,7 @@ static __net_init int devinet_init_net(struct net *net) 101218@@ -2236,7 +2238,7 @@ static __net_init int devinet_init_net(struct net *net)
101636 goto err_alloc_dflt; 101219 goto err_alloc_dflt;
101637 101220
101638 #ifdef CONFIG_SYSCTL 101221 #ifdef CONFIG_SYSCTL
@@ -101641,7 +101224,7 @@ index bdbf68b..deb4759 100644
101641 if (tbl == NULL) 101224 if (tbl == NULL)
101642 goto err_alloc_ctl; 101225 goto err_alloc_ctl;
101643 101226
101644@@ -2256,7 +2256,10 @@ static __net_init int devinet_init_net(struct net *net) 101227@@ -2256,7 +2258,10 @@ static __net_init int devinet_init_net(struct net *net)
101645 goto err_reg_dflt; 101228 goto err_reg_dflt;
101646 101229
101647 err = -ENOMEM; 101230 err = -ENOMEM;
@@ -101653,7 +101236,7 @@ index bdbf68b..deb4759 100644
101653 if (forw_hdr == NULL) 101236 if (forw_hdr == NULL)
101654 goto err_reg_ctl; 101237 goto err_reg_ctl;
101655 net->ipv4.forw_hdr = forw_hdr; 101238 net->ipv4.forw_hdr = forw_hdr;
101656@@ -2272,8 +2275,7 @@ err_reg_ctl: 101239@@ -2272,8 +2277,7 @@ err_reg_ctl:
101657 err_reg_dflt: 101240 err_reg_dflt:
101658 __devinet_sysctl_unregister(all); 101241 __devinet_sysctl_unregister(all);
101659 err_reg_all: 101242 err_reg_all:
@@ -102812,9 +102395,27 @@ index e1a6393..f634ce5 100644
102812 return -ENOMEM; 102395 return -ENOMEM;
102813 } 102396 }
102814diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c 102397diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
102815index 3f0ec06..495548c 100644 102398index 3f0ec06..5aad945 100644
102816--- a/net/ipv6/addrconf.c 102399--- a/net/ipv6/addrconf.c
102817+++ b/net/ipv6/addrconf.c 102400+++ b/net/ipv6/addrconf.c
102401@@ -170,7 +170,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
102402 .hop_limit = IPV6_DEFAULT_HOPLIMIT,
102403 .mtu6 = IPV6_MIN_MTU,
102404 .accept_ra = 1,
102405- .accept_redirects = 1,
102406+ .accept_redirects = 0,
102407 .autoconf = 1,
102408 .force_mld_version = 0,
102409 .mldv1_unsolicited_report_interval = 10 * HZ,
102410@@ -206,7 +206,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
102411 .hop_limit = IPV6_DEFAULT_HOPLIMIT,
102412 .mtu6 = IPV6_MIN_MTU,
102413 .accept_ra = 1,
102414- .accept_redirects = 1,
102415+ .accept_redirects = 0,
102416 .autoconf = 1,
102417 .force_mld_version = 0,
102418 .mldv1_unsolicited_report_interval = 10 * HZ,
102818@@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, 102419@@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
102819 idx = 0; 102420 idx = 0;
102820 head = &net->dev_index_head[h]; 102421 head = &net->dev_index_head[h];
@@ -102946,7 +102547,7 @@ index 7b32652..0bc348b 100644
102946 table = kmemdup(ipv6_icmp_table_template, 102547 table = kmemdup(ipv6_icmp_table_template,
102947 sizeof(ipv6_icmp_table_template), 102548 sizeof(ipv6_icmp_table_template),
102948diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c 102549diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
102949index cb57aa8..01c248e 100644 102550index b27f6d3..1a2977b 100644
102950--- a/net/ipv6/ip6_gre.c 102551--- a/net/ipv6/ip6_gre.c
102951+++ b/net/ipv6/ip6_gre.c 102552+++ b/net/ipv6/ip6_gre.c
102952@@ -71,7 +71,7 @@ struct ip6gre_net { 102553@@ -71,7 +71,7 @@ struct ip6gre_net {
@@ -102958,7 +102559,7 @@ index cb57aa8..01c248e 100644
102958 static int ip6gre_tunnel_init(struct net_device *dev); 102559 static int ip6gre_tunnel_init(struct net_device *dev);
102959 static void ip6gre_tunnel_setup(struct net_device *dev); 102560 static void ip6gre_tunnel_setup(struct net_device *dev);
102960 static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); 102561 static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
102961@@ -1291,7 +1291,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) 102562@@ -1290,7 +1290,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
102962 } 102563 }
102963 102564
102964 102565
@@ -102967,7 +102568,7 @@ index cb57aa8..01c248e 100644
102967 .handler = ip6gre_rcv, 102568 .handler = ip6gre_rcv,
102968 .err_handler = ip6gre_err, 102569 .err_handler = ip6gre_err,
102969 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 102570 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
102970@@ -1643,7 +1643,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { 102571@@ -1644,7 +1644,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
102971 [IFLA_GRE_FLAGS] = { .type = NLA_U32 }, 102572 [IFLA_GRE_FLAGS] = { .type = NLA_U32 },
102972 }; 102573 };
102973 102574
@@ -102976,7 +102577,7 @@ index cb57aa8..01c248e 100644
102976 .kind = "ip6gre", 102577 .kind = "ip6gre",
102977 .maxtype = IFLA_GRE_MAX, 102578 .maxtype = IFLA_GRE_MAX,
102978 .policy = ip6gre_policy, 102579 .policy = ip6gre_policy,
102979@@ -1657,7 +1657,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { 102580@@ -1658,7 +1658,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
102980 .fill_info = ip6gre_fill_info, 102581 .fill_info = ip6gre_fill_info,
102981 }; 102582 };
102982 102583
@@ -102998,7 +102599,7 @@ index b2f0915..066db10 100644
102998 __skb_pull(skb, len); 102599 __skb_pull(skb, len);
102999 } 102600 }
103000diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c 102601diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
103001index 9120339..cfdd84f 100644 102602index 657639d..8b609c5 100644
103002--- a/net/ipv6/ip6_tunnel.c 102603--- a/net/ipv6/ip6_tunnel.c
103003+++ b/net/ipv6/ip6_tunnel.c 102604+++ b/net/ipv6/ip6_tunnel.c
103004@@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) 102605@@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
@@ -103010,7 +102611,7 @@ index 9120339..cfdd84f 100644
103010 102611
103011 static int ip6_tnl_net_id __read_mostly; 102612 static int ip6_tnl_net_id __read_mostly;
103012 struct ip6_tnl_net { 102613 struct ip6_tnl_net {
103013@@ -1715,7 +1715,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { 102614@@ -1707,7 +1707,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
103014 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, 102615 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
103015 }; 102616 };
103016 102617
@@ -103020,7 +102621,7 @@ index 9120339..cfdd84f 100644
103020 .maxtype = IFLA_IPTUN_MAX, 102621 .maxtype = IFLA_IPTUN_MAX,
103021 .policy = ip6_tnl_policy, 102622 .policy = ip6_tnl_policy,
103022diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c 102623diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
103023index 2d19272..3a46322 100644 102624index 9a5339f..8fc3c37 100644
103024--- a/net/ipv6/ip6_vti.c 102625--- a/net/ipv6/ip6_vti.c
103025+++ b/net/ipv6/ip6_vti.c 102626+++ b/net/ipv6/ip6_vti.c
103026@@ -62,7 +62,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) 102627@@ -62,7 +62,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
@@ -103032,7 +102633,7 @@ index 2d19272..3a46322 100644
103032 102633
103033 static int vti6_net_id __read_mostly; 102634 static int vti6_net_id __read_mostly;
103034 struct vti6_net { 102635 struct vti6_net {
103035@@ -901,7 +901,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = { 102636@@ -892,7 +892,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
103036 [IFLA_VTI_OKEY] = { .type = NLA_U32 }, 102637 [IFLA_VTI_OKEY] = { .type = NLA_U32 },
103037 }; 102638 };
103038 102639
@@ -103349,7 +102950,7 @@ index 7cc1102..7785931 100644
103349 table = kmemdup(ipv6_route_table_template, 102950 table = kmemdup(ipv6_route_table_template,
103350 sizeof(ipv6_route_table_template), 102951 sizeof(ipv6_route_table_template),
103351diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c 102952diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
103352index b12b11b..13856f9 100644 102953index 317b6db..9dbd284 100644
103353--- a/net/ipv6/sit.c 102954--- a/net/ipv6/sit.c
103354+++ b/net/ipv6/sit.c 102955+++ b/net/ipv6/sit.c
103355@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); 102956@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
@@ -103361,7 +102962,7 @@ index b12b11b..13856f9 100644
103361 102962
103362 static int sit_net_id __read_mostly; 102963 static int sit_net_id __read_mostly;
103363 struct sit_net { 102964 struct sit_net {
103364@@ -484,11 +484,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev) 102965@@ -483,11 +483,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
103365 */ 102966 */
103366 static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) 102967 static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
103367 { 102968 {
@@ -103375,7 +102976,7 @@ index b12b11b..13856f9 100644
103375 return 1; 102976 return 1;
103376 102977
103377 skb2 = skb_clone(skb, GFP_ATOMIC); 102978 skb2 = skb_clone(skb, GFP_ATOMIC);
103378@@ -497,7 +497,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) 102979@@ -496,7 +496,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
103379 return 1; 102980 return 1;
103380 102981
103381 skb_dst_drop(skb2); 102982 skb_dst_drop(skb2);
@@ -103384,7 +102985,7 @@ index b12b11b..13856f9 100644
103384 skb_reset_network_header(skb2); 102985 skb_reset_network_header(skb2);
103385 102986
103386 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0); 102987 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
103387@@ -1683,7 +1683,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) 102988@@ -1680,7 +1680,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head)
103388 unregister_netdevice_queue(dev, head); 102989 unregister_netdevice_queue(dev, head);
103389 } 102990 }
103390 102991
@@ -103800,7 +103401,7 @@ index 453e974..b3a43a5 100644
103800 if (local->use_chanctx) 103401 if (local->use_chanctx)
103801 *chandef = local->monitor_chandef; 103402 *chandef = local->monitor_chandef;
103802diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h 103403diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
103803index b127902..9dc4947 100644 103404index bf7a1bb..1619d8e 100644
103804--- a/net/mac80211/ieee80211_i.h 103405--- a/net/mac80211/ieee80211_i.h
103805+++ b/net/mac80211/ieee80211_i.h 103406+++ b/net/mac80211/ieee80211_i.h
103806@@ -28,6 +28,7 @@ 103407@@ -28,6 +28,7 @@
@@ -103821,7 +103422,7 @@ index b127902..9dc4947 100644
103821 /* number of interfaces with corresponding FIF_ flags */ 103422 /* number of interfaces with corresponding FIF_ flags */
103822 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, 103423 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
103823diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c 103424diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
103824index 8f7fabc..e400523 100644 103425index 06f5de4..f2e0437 100644
103825--- a/net/mac80211/iface.c 103426--- a/net/mac80211/iface.c
103826+++ b/net/mac80211/iface.c 103427+++ b/net/mac80211/iface.c
103827@@ -529,7 +529,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) 103428@@ -529,7 +529,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
@@ -103860,7 +103461,7 @@ index 8f7fabc..e400523 100644
103860 drv_stop(local); 103461 drv_stop(local);
103861 err_del_bss: 103462 err_del_bss:
103862 sdata->bss = NULL; 103463 sdata->bss = NULL;
103863@@ -874,7 +874,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, 103464@@ -876,7 +876,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
103864 } 103465 }
103865 103466
103866 if (going_down) 103467 if (going_down)
@@ -103869,7 +103470,7 @@ index 8f7fabc..e400523 100644
103869 103470
103870 switch (sdata->vif.type) { 103471 switch (sdata->vif.type) {
103871 case NL80211_IFTYPE_AP_VLAN: 103472 case NL80211_IFTYPE_AP_VLAN:
103872@@ -933,7 +933,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, 103473@@ -935,7 +935,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
103873 } 103474 }
103874 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 103475 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
103875 103476
@@ -103878,16 +103479,16 @@ index 8f7fabc..e400523 100644
103878 ieee80211_clear_tx_pending(local); 103479 ieee80211_clear_tx_pending(local);
103879 103480
103880 /* 103481 /*
103881@@ -973,7 +973,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, 103482@@ -978,7 +978,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
103882 103483 if (cancel_scan)
103883 ieee80211_recalc_ps(local, -1); 103484 flush_delayed_work(&local->scan_work);
103884 103485
103885- if (local->open_count == 0) { 103486- if (local->open_count == 0) {
103886+ if (local_read(&local->open_count) == 0) { 103487+ if (local_read(&local->open_count) == 0) {
103887 ieee80211_stop_device(local); 103488 ieee80211_stop_device(local);
103888 103489
103889 /* no reconfiguring after stop! */ 103490 /* no reconfiguring after stop! */
103890@@ -984,7 +984,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, 103491@@ -989,7 +989,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
103891 ieee80211_configure_filter(local); 103492 ieee80211_configure_filter(local);
103892 ieee80211_hw_config(local, hw_reconf_flags); 103493 ieee80211_hw_config(local, hw_reconf_flags);
103893 103494
@@ -104022,7 +103623,7 @@ index bffdad7..f9317d1 100644
104022 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o 103623 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
104023 obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o 103624 obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
104024diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c 103625diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
104025index de770ec..3fc49d2 100644 103626index cf99377..c09b5b7 100644
104026--- a/net/netfilter/ipset/ip_set_core.c 103627--- a/net/netfilter/ipset/ip_set_core.c
104027+++ b/net/netfilter/ipset/ip_set_core.c 103628+++ b/net/netfilter/ipset/ip_set_core.c
104028@@ -1922,7 +1922,7 @@ done: 103629@@ -1922,7 +1922,7 @@ done:
@@ -104418,10 +104019,10 @@ index c68e5e0..8d52d50 100644
104418 type = __nf_tables_chain_type_lookup(afi->family, nla); 104019 type = __nf_tables_chain_type_lookup(afi->family, nla);
104419 if (type != NULL) 104020 if (type != NULL)
104420diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c 104021diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
104421index a155d19..726b0f2 100644 104022index 6ff12a1..d1815b6 100644
104422--- a/net/netfilter/nfnetlink_log.c 104023--- a/net/netfilter/nfnetlink_log.c
104423+++ b/net/netfilter/nfnetlink_log.c 104024+++ b/net/netfilter/nfnetlink_log.c
104424@@ -82,7 +82,7 @@ static int nfnl_log_net_id __read_mostly; 104025@@ -83,7 +83,7 @@ static int nfnl_log_net_id __read_mostly;
104425 struct nfnl_log_net { 104026 struct nfnl_log_net {
104426 spinlock_t instances_lock; 104027 spinlock_t instances_lock;
104427 struct hlist_head instance_table[INSTANCE_BUCKETS]; 104028 struct hlist_head instance_table[INSTANCE_BUCKETS];
@@ -104430,7 +104031,7 @@ index a155d19..726b0f2 100644
104430 }; 104031 };
104431 104032
104432 static struct nfnl_log_net *nfnl_log_pernet(struct net *net) 104033 static struct nfnl_log_net *nfnl_log_pernet(struct net *net)
104433@@ -564,7 +564,7 @@ __build_packet_message(struct nfnl_log_net *log, 104034@@ -566,7 +566,7 @@ __build_packet_message(struct nfnl_log_net *log,
104434 /* global sequence number */ 104035 /* global sequence number */
104435 if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) && 104036 if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) &&
104436 nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL, 104037 nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL,
@@ -104440,7 +104041,7 @@ index a155d19..726b0f2 100644
104440 104041
104441 if (data_len) { 104042 if (data_len) {
104442diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c 104043diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
104443index 82cb823..5685dd5 100644 104044index ad97961..a312654 100644
104444--- a/net/netfilter/nft_compat.c 104045--- a/net/netfilter/nft_compat.c
104445+++ b/net/netfilter/nft_compat.c 104046+++ b/net/netfilter/nft_compat.c
104446@@ -216,7 +216,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in) 104047@@ -216,7 +216,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in)
@@ -105213,87 +104814,6 @@ index f226709..0e735a8 100644
105213 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); 104814 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
105214 104815
105215 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); 104816 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
105216diff --git a/net/sctp/associola.c b/net/sctp/associola.c
105217index 5d97d8f..d477d47 100644
105218--- a/net/sctp/associola.c
105219+++ b/net/sctp/associola.c
105220@@ -1627,6 +1627,8 @@ struct sctp_chunk *sctp_assoc_lookup_asconf_ack(
105221 * ack chunk whose serial number matches that of the request.
105222 */
105223 list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) {
105224+ if (sctp_chunk_pending(ack))
105225+ continue;
105226 if (ack->subh.addip_hdr->serial == serial) {
105227 sctp_chunk_hold(ack);
105228 return ack;
105229diff --git a/net/sctp/auth.c b/net/sctp/auth.c
105230index 0e85291..fb7976a 100644
105231--- a/net/sctp/auth.c
105232+++ b/net/sctp/auth.c
105233@@ -862,8 +862,6 @@ int sctp_auth_set_key(struct sctp_endpoint *ep,
105234 list_add(&cur_key->key_list, sh_keys);
105235
105236 cur_key->key = key;
105237- sctp_auth_key_hold(key);
105238-
105239 return 0;
105240 nomem:
105241 if (!replace)
105242diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c
105243index 4de12af..7e8a16c 100644
105244--- a/net/sctp/inqueue.c
105245+++ b/net/sctp/inqueue.c
105246@@ -140,18 +140,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
105247 } else {
105248 /* Nothing to do. Next chunk in the packet, please. */
105249 ch = (sctp_chunkhdr_t *) chunk->chunk_end;
105250-
105251 /* Force chunk->skb->data to chunk->chunk_end. */
105252- skb_pull(chunk->skb,
105253- chunk->chunk_end - chunk->skb->data);
105254-
105255- /* Verify that we have at least chunk headers
105256- * worth of buffer left.
105257- */
105258- if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) {
105259- sctp_chunk_free(chunk);
105260- chunk = queue->in_progress = NULL;
105261- }
105262+ skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data);
105263+ /* We are guaranteed to pull a SCTP header. */
105264 }
105265 }
105266
105267@@ -187,24 +178,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
105268 skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t));
105269 chunk->subh.v = NULL; /* Subheader is no longer valid. */
105270
105271- if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) {
105272+ if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) <
105273+ skb_tail_pointer(chunk->skb)) {
105274 /* This is not a singleton */
105275 chunk->singleton = 0;
105276 } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) {
105277- /* RFC 2960, Section 6.10 Bundling
105278- *
105279- * Partial chunks MUST NOT be placed in an SCTP packet.
105280- * If the receiver detects a partial chunk, it MUST drop
105281- * the chunk.
105282- *
105283- * Since the end of the chunk is past the end of our buffer
105284- * (which contains the whole packet, we can freely discard
105285- * the whole packet.
105286- */
105287- sctp_chunk_free(chunk);
105288- chunk = queue->in_progress = NULL;
105289-
105290- return NULL;
105291+ /* Discard inside state machine. */
105292+ chunk->pdiscard = 1;
105293+ chunk->chunk_end = skb_tail_pointer(chunk->skb);
105294 } else {
105295 /* We are at the end of the packet, so mark the chunk
105296 * in case we need to send a SACK.
105297diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c 104817diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
105298index 2b1738e..a9d0fc9 100644 104818index 2b1738e..a9d0fc9 100644
105299--- a/net/sctp/ipv6.c 104819--- a/net/sctp/ipv6.c
@@ -105368,182 +104888,6 @@ index a62a215..0976540 100644
105368 } 104888 }
105369 104889
105370 static int sctp_v4_protosw_init(void) 104890 static int sctp_v4_protosw_init(void)
105371diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
105372index fee5552..43abb64 100644
105373--- a/net/sctp/sm_make_chunk.c
105374+++ b/net/sctp/sm_make_chunk.c
105375@@ -2609,6 +2609,9 @@ do_addr_param:
105376 addr_param = param.v + sizeof(sctp_addip_param_t);
105377
105378 af = sctp_get_af_specific(param_type2af(param.p->type));
105379+ if (af == NULL)
105380+ break;
105381+
105382 af->from_addr_param(&addr, addr_param,
105383 htons(asoc->peer.port), 0);
105384
105385@@ -3110,50 +3113,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
105386 return SCTP_ERROR_NO_ERROR;
105387 }
105388
105389-/* Verify the ASCONF packet before we process it. */
105390-int sctp_verify_asconf(const struct sctp_association *asoc,
105391- struct sctp_paramhdr *param_hdr, void *chunk_end,
105392- struct sctp_paramhdr **errp) {
105393- sctp_addip_param_t *asconf_param;
105394+/* Verify the ASCONF packet before we process it. */
105395+bool sctp_verify_asconf(const struct sctp_association *asoc,
105396+ struct sctp_chunk *chunk, bool addr_param_needed,
105397+ struct sctp_paramhdr **errp)
105398+{
105399+ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr;
105400 union sctp_params param;
105401- int length, plen;
105402+ bool addr_param_seen = false;
105403+
105404+ sctp_walk_params(param, addip, addip_hdr.params) {
105405+ size_t length = ntohs(param.p->length);
105406
105407- param.v = (sctp_paramhdr_t *) param_hdr;
105408- while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
105409- length = ntohs(param.p->length);
105410 *errp = param.p;
105411-
105412- if (param.v > chunk_end - length ||
105413- length < sizeof(sctp_paramhdr_t))
105414- return 0;
105415-
105416 switch (param.p->type) {
105417+ case SCTP_PARAM_ERR_CAUSE:
105418+ break;
105419+ case SCTP_PARAM_IPV4_ADDRESS:
105420+ if (length != sizeof(sctp_ipv4addr_param_t))
105421+ return false;
105422+ addr_param_seen = true;
105423+ break;
105424+ case SCTP_PARAM_IPV6_ADDRESS:
105425+ if (length != sizeof(sctp_ipv6addr_param_t))
105426+ return false;
105427+ addr_param_seen = true;
105428+ break;
105429 case SCTP_PARAM_ADD_IP:
105430 case SCTP_PARAM_DEL_IP:
105431 case SCTP_PARAM_SET_PRIMARY:
105432- asconf_param = (sctp_addip_param_t *)param.v;
105433- plen = ntohs(asconf_param->param_hdr.length);
105434- if (plen < sizeof(sctp_addip_param_t) +
105435- sizeof(sctp_paramhdr_t))
105436- return 0;
105437+ /* In ASCONF chunks, these need to be first. */
105438+ if (addr_param_needed && !addr_param_seen)
105439+ return false;
105440+ length = ntohs(param.addip->param_hdr.length);
105441+ if (length < sizeof(sctp_addip_param_t) +
105442+ sizeof(sctp_paramhdr_t))
105443+ return false;
105444 break;
105445 case SCTP_PARAM_SUCCESS_REPORT:
105446 case SCTP_PARAM_ADAPTATION_LAYER_IND:
105447 if (length != sizeof(sctp_addip_param_t))
105448- return 0;
105449-
105450+ return false;
105451 break;
105452 default:
105453- break;
105454+ /* This is unkown to us, reject! */
105455+ return false;
105456 }
105457-
105458- param.v += WORD_ROUND(length);
105459 }
105460
105461- if (param.v != chunk_end)
105462- return 0;
105463+ /* Remaining sanity checks. */
105464+ if (addr_param_needed && !addr_param_seen)
105465+ return false;
105466+ if (!addr_param_needed && addr_param_seen)
105467+ return false;
105468+ if (param.v != chunk->chunk_end)
105469+ return false;
105470
105471- return 1;
105472+ return true;
105473 }
105474
105475 /* Process an incoming ASCONF chunk with the next expected serial no. and
105476@@ -3162,16 +3178,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc,
105477 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
105478 struct sctp_chunk *asconf)
105479 {
105480+ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr;
105481+ bool all_param_pass = true;
105482+ union sctp_params param;
105483 sctp_addiphdr_t *hdr;
105484 union sctp_addr_param *addr_param;
105485 sctp_addip_param_t *asconf_param;
105486 struct sctp_chunk *asconf_ack;
105487-
105488 __be16 err_code;
105489 int length = 0;
105490 int chunk_len;
105491 __u32 serial;
105492- int all_param_pass = 1;
105493
105494 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
105495 hdr = (sctp_addiphdr_t *)asconf->skb->data;
105496@@ -3199,9 +3216,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
105497 goto done;
105498
105499 /* Process the TLVs contained within the ASCONF chunk. */
105500- while (chunk_len > 0) {
105501+ sctp_walk_params(param, addip, addip_hdr.params) {
105502+ /* Skip preceeding address parameters. */
105503+ if (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
105504+ param.p->type == SCTP_PARAM_IPV6_ADDRESS)
105505+ continue;
105506+
105507 err_code = sctp_process_asconf_param(asoc, asconf,
105508- asconf_param);
105509+ param.addip);
105510 /* ADDIP 4.1 A7)
105511 * If an error response is received for a TLV parameter,
105512 * all TLVs with no response before the failed TLV are
105513@@ -3209,28 +3231,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
105514 * the failed response are considered unsuccessful unless
105515 * a specific success indication is present for the parameter.
105516 */
105517- if (SCTP_ERROR_NO_ERROR != err_code)
105518- all_param_pass = 0;
105519-
105520+ if (err_code != SCTP_ERROR_NO_ERROR)
105521+ all_param_pass = false;
105522 if (!all_param_pass)
105523- sctp_add_asconf_response(asconf_ack,
105524- asconf_param->crr_id, err_code,
105525- asconf_param);
105526+ sctp_add_asconf_response(asconf_ack, param.addip->crr_id,
105527+ err_code, param.addip);
105528
105529 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add
105530 * an IP address sends an 'Out of Resource' in its response, it
105531 * MUST also fail any subsequent add or delete requests bundled
105532 * in the ASCONF.
105533 */
105534- if (SCTP_ERROR_RSRC_LOW == err_code)
105535+ if (err_code == SCTP_ERROR_RSRC_LOW)
105536 goto done;
105537-
105538- /* Move to the next ASCONF param. */
105539- length = ntohs(asconf_param->param_hdr.length);
105540- asconf_param = (void *)asconf_param + length;
105541- chunk_len -= length;
105542 }
105543-
105544 done:
105545 asoc->peer.addip_serial++;
105546
105547diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c 104891diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
105548index fef2acd..c705c4f 100644 104892index fef2acd..c705c4f 100644
105549--- a/net/sctp/sm_sideeffect.c 104893--- a/net/sctp/sm_sideeffect.c
@@ -105557,61 +104901,6 @@ index fef2acd..c705c4f 100644
105557 NULL, 104901 NULL,
105558 sctp_generate_t1_cookie_event, 104902 sctp_generate_t1_cookie_event,
105559 sctp_generate_t1_init_event, 104903 sctp_generate_t1_init_event,
105560diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
105561index 7194fe85..3e287a3 100644
105562--- a/net/sctp/sm_statefuns.c
105563+++ b/net/sctp/sm_statefuns.c
105564@@ -170,6 +170,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk,
105565 {
105566 __u16 chunk_length = ntohs(chunk->chunk_hdr->length);
105567
105568+ /* Previously already marked? */
105569+ if (unlikely(chunk->pdiscard))
105570+ return 0;
105571 if (unlikely(chunk_length < required_length))
105572 return 0;
105573
105574@@ -3591,9 +3594,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net,
105575 struct sctp_chunk *asconf_ack = NULL;
105576 struct sctp_paramhdr *err_param = NULL;
105577 sctp_addiphdr_t *hdr;
105578- union sctp_addr_param *addr_param;
105579 __u32 serial;
105580- int length;
105581
105582 if (!sctp_vtag_verify(chunk, asoc)) {
105583 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
105584@@ -3618,17 +3619,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net,
105585 hdr = (sctp_addiphdr_t *)chunk->skb->data;
105586 serial = ntohl(hdr->serial);
105587
105588- addr_param = (union sctp_addr_param *)hdr->params;
105589- length = ntohs(addr_param->p.length);
105590- if (length < sizeof(sctp_paramhdr_t))
105591- return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
105592- (void *)addr_param, commands);
105593-
105594 /* Verify the ASCONF chunk before processing it. */
105595- if (!sctp_verify_asconf(asoc,
105596- (sctp_paramhdr_t *)((void *)addr_param + length),
105597- (void *)chunk->chunk_end,
105598- &err_param))
105599+ if (!sctp_verify_asconf(asoc, chunk, true, &err_param))
105600 return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
105601 (void *)err_param, commands);
105602
105603@@ -3745,10 +3737,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net,
105604 rcvd_serial = ntohl(addip_hdr->serial);
105605
105606 /* Verify the ASCONF-ACK chunk before processing it. */
105607- if (!sctp_verify_asconf(asoc,
105608- (sctp_paramhdr_t *)addip_hdr->params,
105609- (void *)asconf_ack->chunk_end,
105610- &err_param))
105611+ if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param))
105612 return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
105613 (void *)err_param, commands);
105614
105615diff --git a/net/sctp/socket.c b/net/sctp/socket.c 104904diff --git a/net/sctp/socket.c b/net/sctp/socket.c
105616index 604a6ac..f87f0a3 100644 104905index 604a6ac..f87f0a3 100644
105617--- a/net/sctp/socket.c 104906--- a/net/sctp/socket.c
@@ -107260,13 +106549,14 @@ index 152d4d2..791684c 100644
107260 mkdir -p "$destdir" 106549 mkdir -p "$destdir"
107261 (cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -) 106550 (cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -)
107262diff --git a/scripts/package/mkspec b/scripts/package/mkspec 106551diff --git a/scripts/package/mkspec b/scripts/package/mkspec
107263index 1395760..e4f4ac4 100755 106552index 1395760..6fb75f2 100755
107264--- a/scripts/package/mkspec 106553--- a/scripts/package/mkspec
107265+++ b/scripts/package/mkspec 106554+++ b/scripts/package/mkspec
107266@@ -82,6 +82,16 @@ echo "" 106555@@ -129,6 +129,18 @@ echo ""
107267 fi 106556 echo "%clean"
107268 106557 echo 'rm -rf $RPM_BUILD_ROOT'
107269 echo "%install" 106558 echo ""
106559+echo "%pre"
107270+echo 'chmod -f 0500 /boot' 106560+echo 'chmod -f 0500 /boot'
107271+echo 'if [ -d /lib/modules ]; then' 106561+echo 'if [ -d /lib/modules ]; then'
107272+echo 'chmod -f 0500 /lib/modules' 106562+echo 'chmod -f 0500 /lib/modules'
@@ -107277,10 +106567,11 @@ index 1395760..e4f4ac4 100755
107277+echo 'if [ -d /lib64/modules ]; then' 106567+echo 'if [ -d /lib64/modules ]; then'
107278+echo 'chmod -f 0500 /lib64/modules' 106568+echo 'chmod -f 0500 /lib64/modules'
107279+echo 'fi' 106569+echo 'fi'
107280 echo 'KBUILD_IMAGE=$(make image_name)' 106570+echo ""
107281 echo "%ifarch ia64" 106571 echo "%post"
107282 echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules' 106572 echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
107283@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm 106573 echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/vmlinuz-$KERNELRELEASE-rpm"
106574@@ -139,7 +151,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
107284 echo "fi" 106575 echo "fi"
107285 echo "" 106576 echo ""
107286 echo "%files" 106577 echo "%files"
@@ -107289,7 +106580,7 @@ index 1395760..e4f4ac4 100755
107289 echo "%dir /lib/modules" 106580 echo "%dir /lib/modules"
107290 echo "/lib/modules/$KERNELRELEASE" 106581 echo "/lib/modules/$KERNELRELEASE"
107291 echo "%exclude /lib/modules/$KERNELRELEASE/build" 106582 echo "%exclude /lib/modules/$KERNELRELEASE/build"
107292@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)' 106583@@ -152,7 +164,7 @@ echo '%defattr (-, root, root)'
107293 echo "/usr/include" 106584 echo "/usr/include"
107294 echo "" 106585 echo ""
107295 echo "%files devel" 106586 echo "%files devel"
@@ -107346,7 +106637,7 @@ index 8fac3fd..32ff38d 100644
107346 unsigned int secindex_strings; 106637 unsigned int secindex_strings;
107347 106638
107348diff --git a/security/Kconfig b/security/Kconfig 106639diff --git a/security/Kconfig b/security/Kconfig
107349index beb86b5..e66c504 100644 106640index beb86b5..addbccd 100644
107350--- a/security/Kconfig 106641--- a/security/Kconfig
107351+++ b/security/Kconfig 106642+++ b/security/Kconfig
107352@@ -4,6 +4,969 @@ 106643@@ -4,6 +4,969 @@
@@ -107980,7 +107271,7 @@ index beb86b5..e66c504 100644
107980+ 107271+
107981+config PAX_KERNEXEC_MODULE_TEXT 107272+config PAX_KERNEXEC_MODULE_TEXT
107982+ int "Minimum amount of memory reserved for module code" 107273+ int "Minimum amount of memory reserved for module code"
107983+ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) 107274+ default "8" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
107984+ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) 107275+ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
107985+ depends on PAX_KERNEXEC && X86_32 107276+ depends on PAX_KERNEXEC && X86_32
107986+ help 107277+ help
@@ -117468,10 +116759,10 @@ index 0000000..4378111
117468+} 116759+}
117469diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data 116760diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
117470new file mode 100644 116761new file mode 100644
117471index 0000000..d14887a6 116762index 0000000..bbd5d8e
117472--- /dev/null 116763--- /dev/null
117473+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data 116764+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
117474@@ -0,0 +1,6033 @@ 116765@@ -0,0 +1,6034 @@
117475+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL 116766+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
117476+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL 116767+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
117477+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL 116768+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -119201,6 +118492,7 @@ index 0000000..d14887a6
119201+ieee80211_if_read_element_ttl_18869 ieee80211_if_read_element_ttl 3 18869 NULL 118492+ieee80211_if_read_element_ttl_18869 ieee80211_if_read_element_ttl 3 18869 NULL
119202+xlog_find_verify_log_record_18870 xlog_find_verify_log_record 2 18870 NULL 118493+xlog_find_verify_log_record_18870 xlog_find_verify_log_record 2 18870 NULL
119203+ceph_setxattr_18913 ceph_setxattr 4 18913 NULL 118494+ceph_setxattr_18913 ceph_setxattr 4 18913 NULL
118495+page_cache_tree_insert_18916 page_cache_tree_insert 0 18916 NULL
119204+ieee80211_rx_mgmt_disassoc_18927 ieee80211_rx_mgmt_disassoc 3 18927 NULL 118496+ieee80211_rx_mgmt_disassoc_18927 ieee80211_rx_mgmt_disassoc 3 18927 NULL
119205+snapshot_write_next_18937 snapshot_write_next 0 18937 NULL 118497+snapshot_write_next_18937 snapshot_write_next 0 18937 NULL
119206+clean_journal_18955 clean_journal 0 18955 NULL 118498+clean_journal_18955 clean_journal 0 18955 NULL
© 2015 Mike Crute