aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-06-30 13:47:50 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-07-02 12:17:41 +0000
commit78be1870e0d06800585803e45edd3890b783b649 (patch)
tree516f6d7d33ca777f82467693a780393b55c40218
parent70807f221a141a1f6ec1316dd0e50d1a79bcac14 (diff)
downloadalpine_aports-78be1870e0d06800585803e45edd3890b783b649.tar.bz2
alpine_aports-78be1870e0d06800585803e45edd3890b783b649.tar.xz
alpine_aports-78be1870e0d06800585803e45edd3890b783b649.zip
main/linux-grsec: upgrade to 3.9.8 kernel
(cherry picked from commit 880edc4d94f2c63f6f002a6392bf7a2b7316eca2)
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD28
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.9.8-201306272057.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch)1224
-rw-r--r--main/linux-grsec/kernelconfig.x863
-rw-r--r--main/linux-grsec/kernelconfig.x86_643
4 files changed, 516 insertions, 742 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 1b93d5b90a..ebbddba2a3 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
2 2
3_flavor=grsec 3_flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=3.9.7 5pkgver=3.9.8
6case $pkgver in 6case $pkgver in
7*.*.*) _kernver=${pkgver%.*};; 7*.*.*) _kernver=${pkgver%.*};;
8*.*) _kernver=${pkgver};; 8*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
17install= 17install=
18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz 19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
20 grsecurity-2.9.1-3.9.7-201306231443.patch 20 grsecurity-2.9.1-3.9.8-201306272057.patch
21 21
22 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 22 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
23 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 23 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
@@ -149,35 +149,35 @@ dev() {
149} 149}
150 150
151md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz 151md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
15274005c469fbd309ab631d981e2d3a6e7 patch-3.9.7.xz 152c5f2166686a913abf550bfed8b77df27 patch-3.9.8.xz
153a5db3ef848185c32ad4b0bbfe19106aa grsecurity-2.9.1-3.9.7-201306231443.patch 15353d60133a86b812060b048275f928041 grsecurity-2.9.1-3.9.8-201306272057.patch
154a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 154a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
155656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 155656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
156aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 156aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
1572a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 1572a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
1586ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 1586ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1591a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 1591a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
160bfb5ddcfbc1c9f30253de200ec2a0eb0 kernelconfig.x86 160d89089b3c7eb94dd9f65cf8a357fc36d kernelconfig.x86
1610b6534366d8abbd36c40744163c81e5a kernelconfig.x86_64" 161eb147f09fef5996a488c247790205cd6 kernelconfig.x86_64"
162sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz 162sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
16323db9de5ffa2f8f36d61da85ee46656a3373f8868415c1f3c77c51c41fabfda8 patch-3.9.7.xz 1632eda9068e81269467e3c247f3343a146731fc45284b12b4bc546bc44dbb263e7 patch-3.9.8.xz
1640aa3ec9d60640ee06ca6c6aed877ce2ee99c2b8a2ee8be50ad92c43ed6570617 grsecurity-2.9.1-3.9.7-201306231443.patch 164587022b1fc72157e43011551404c7d664dcc3b6c95b72a853ef2ce721e474057 grsecurity-2.9.1-3.9.8-201306272057.patch
1656af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 1656af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
166dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 166dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
1670985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 1670985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
168260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 168260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
169ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 169ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
170fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 170fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
171c017c0a47fa0dfdefe148aa73e8a19fabb1957dc699de0f94d8d4d9a45bf5abe kernelconfig.x86 171de3c17420664ae4e52826c6e602aade0deeae94f72253f85b3e48771491ed5d6 kernelconfig.x86
172aafae208fc72eaad9d09fcd8220e0d70379d8c7c7f658c10aa96990dc0b36207 kernelconfig.x86_64" 172e1cce320f207cc2ba72b9d154c7060c8cbed52c664319dfd21f24e8956d0bf3e kernelconfig.x86_64"
173sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz 173sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
174dcf38bca1ee1b90bffd97c74c00720613dbab9183aa600401a821fe20ea665629bc43544053bd2ffe18ebfe1ee2d72d139f22d2f070374f5e231831ed6c89251 patch-3.9.7.xz 17460b7d694d39faf937e7b732eb3117b8442059c5c8857c9d439eec8a87d5bc185505e64062f5ae02c3512acf5af778caf615c35d3499cb8089a4569c05da65b9c patch-3.9.8.xz
17573f819bd44c724bbdc2e01ed4154c9fd53d0a8d1099ffabf56e995d82a9dbcb03c742e1c048cae9b0052d43dbda4d1c2150f6c14a1b958c25eef8b5571047f80 grsecurity-2.9.1-3.9.7-201306231443.patch 1754ca36180a1fc325a558acf73ec9fe3808542498a8f808f73b87a9f6b05ff290d5a5ab20ce39c547a18ce37d093a9857f5c77c495796e62fef986dfa301a9e566 grsecurity-2.9.1-3.9.8-201306272057.patch
17681e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 17681e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
17751ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 17751ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
17857d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 17857d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
179d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 179d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
18028a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 18028a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
181249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 181249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
182bcf675bafd3aac174195a2d38571b9b54f4b6e0635ab3363699ae8845794dc44bcfe952585fae881d81065d4a25333a3e033808c99c977aa4a797b81e5a36c3f kernelconfig.x86 182c51ac429c3e811976318a7ca2a4f7fc48bcf290e885ceeb09a1a56ee32c37b673f6e789789cf36876747bd54e4dc55d340ad888ba0eb8e7f45f60e8ef7ea67b4 kernelconfig.x86
183a8bf4cc1cdb4d1bde9fe4cd4040a596a52a24817fad15b29785ba10ab1d80fd4ae9589ac92f98c8b6b3b5e5510f01b9c9b96b11a2cf05c9684eb0bd62ee6676e kernelconfig.x86_64" 183584e778f96a05388051b05eb6f1c20377bc8aad72d0cd678323af7aaaab85ecc992244fe6bf3f27ab88131903490fd8af3c3fb56062490dd90dca1ba91d4da21 kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.8-201306272057.patch
index 5af3232471..3efd0e4c4b 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.9.8-201306272057.patch
@@ -263,7 +263,7 @@ index 8ccbf27..afffeb4 100644
263 263
264 pcd. [PARIDE] 264 pcd. [PARIDE]
265diff --git a/Makefile b/Makefile 265diff --git a/Makefile b/Makefile
266index a129b15..548231d 100644 266index b013cbe..4ca639b 100644
267--- a/Makefile 267--- a/Makefile
268+++ b/Makefile 268+++ b/Makefile
269@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ 269@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -811,10 +811,10 @@ index 0c4132d..88f0d53 100644
811 /* Allow reads even for write-only mappings */ 811 /* Allow reads even for write-only mappings */
812 if (!(vma->vm_flags & (VM_READ | VM_WRITE))) 812 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
813diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig 813diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
814index 1cacda4..2cef624 100644 814index 70cd012..71b82cd 100644
815--- a/arch/arm/Kconfig 815--- a/arch/arm/Kconfig
816+++ b/arch/arm/Kconfig 816+++ b/arch/arm/Kconfig
817@@ -1850,7 +1850,7 @@ config ALIGNMENT_TRAP 817@@ -1860,7 +1860,7 @@ config ALIGNMENT_TRAP
818 818
819 config UACCESS_WITH_MEMCPY 819 config UACCESS_WITH_MEMCPY
820 bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" 820 bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
@@ -3799,7 +3799,7 @@ index 04d9006..c547d85 100644
3799 return __arm_ioremap_caller(phys_addr, size, mtype, 3799 return __arm_ioremap_caller(phys_addr, size, mtype,
3800 __builtin_return_address(0)); 3800 __builtin_return_address(0));
3801diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c 3801diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
3802index 10062ce..cd34fb9 100644 3802index 10062ce..8695745 100644
3803--- a/arch/arm/mm/mmap.c 3803--- a/arch/arm/mm/mmap.c
3804+++ b/arch/arm/mm/mmap.c 3804+++ b/arch/arm/mm/mmap.c
3805@@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, 3805@@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
@@ -3876,20 +3876,7 @@ index 10062ce..cd34fb9 100644
3876 addr = vm_unmapped_area(&info); 3876 addr = vm_unmapped_area(&info);
3877 3877
3878 /* 3878 /*
3879@@ -162,6 +172,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, 3879@@ -173,6 +183,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
3880 VM_BUG_ON(addr != -ENOMEM);
3881 info.flags = 0;
3882 info.low_limit = mm->mmap_base;
3883+
3884+#ifdef CONFIG_PAX_RANDMMAP
3885+ if (mm->pax_flags & MF_PAX_RANDMMAP)
3886+ info.low_limit += mm->delta_mmap;
3887+#endif
3888+
3889 info.high_limit = TASK_SIZE;
3890 addr = vm_unmapped_area(&info);
3891 }
3892@@ -173,6 +189,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
3893 { 3880 {
3894 unsigned long random_factor = 0UL; 3881 unsigned long random_factor = 0UL;
3895 3882
@@ -3900,7 +3887,7 @@ index 10062ce..cd34fb9 100644
3900 /* 8 bits of randomness in 20 address space bits */ 3887 /* 8 bits of randomness in 20 address space bits */
3901 if ((current->flags & PF_RANDOMIZE) && 3888 if ((current->flags & PF_RANDOMIZE) &&
3902 !(current->personality & ADDR_NO_RANDOMIZE)) 3889 !(current->personality & ADDR_NO_RANDOMIZE))
3903@@ -180,10 +200,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) 3890@@ -180,10 +194,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
3904 3891
3905 if (mmap_is_legacy()) { 3892 if (mmap_is_legacy()) {
3906 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; 3893 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
@@ -5767,19 +5754,6 @@ index e0a8235..ce2f1e1 100644
5767 ret = __copy_from_user(to, from, n); 5754 ret = __copy_from_user(to, from, n);
5768 else 5755 else
5769 copy_from_user_overflow(); 5756 copy_from_user_overflow();
5770diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c
5771index 5709c5e..14285ca 100644
5772--- a/arch/parisc/kernel/drivers.c
5773+++ b/arch/parisc/kernel/drivers.c
5774@@ -394,7 +394,7 @@ EXPORT_SYMBOL(print_pci_hwpath);
5775 static void setup_bus_id(struct parisc_device *padev)
5776 {
5777 struct hardware_path path;
5778- char name[20];
5779+ char name[28];
5780 char *output = name;
5781 int i;
5782
5783diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c 5757diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
5784index 2a625fb..9908930 100644 5758index 2a625fb..9908930 100644
5785--- a/arch/parisc/kernel/module.c 5759--- a/arch/parisc/kernel/module.c
@@ -5883,20 +5857,6 @@ index 2a625fb..9908930 100644
5883 5857
5884 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", 5858 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
5885 me->arch.unwind_section, table, end, gp); 5859 me->arch.unwind_section, table, end, gp);
5886diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c
5887index a3328c2..3b812eb 100644
5888--- a/arch/parisc/kernel/setup.c
5889+++ b/arch/parisc/kernel/setup.c
5890@@ -69,7 +69,8 @@ void __init setup_cmdline(char **cmdline_p)
5891 /* called from hpux boot loader */
5892 boot_command_line[0] = '\0';
5893 } else {
5894- strcpy(boot_command_line, (char *)__va(boot_args[1]));
5895+ strlcpy(boot_command_line, (char *)__va(boot_args[1]),
5896+ COMMAND_LINE_SIZE);
5897
5898 #ifdef CONFIG_BLK_DEV_INITRD
5899 if (boot_args[2] != 0) /* did palo pass us a ramdisk? */
5900diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c 5860diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
5901index 5dfd248..64914ac 100644 5861index 5dfd248..64914ac 100644
5902--- a/arch/parisc/kernel/sys_parisc.c 5862--- a/arch/parisc/kernel/sys_parisc.c
@@ -5972,10 +5932,10 @@ index 5dfd248..64914ac 100644
5972 return addr; 5932 return addr;
5973 } 5933 }
5974diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c 5934diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
5975index aeb8f8f..27a6c2f 100644 5935index c6ae9f5..e9c3cf4 100644
5976--- a/arch/parisc/kernel/traps.c 5936--- a/arch/parisc/kernel/traps.c
5977+++ b/arch/parisc/kernel/traps.c 5937+++ b/arch/parisc/kernel/traps.c
5978@@ -732,9 +732,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) 5938@@ -733,9 +733,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
5979 5939
5980 down_read(&current->mm->mmap_sem); 5940 down_read(&current->mm->mmap_sem);
5981 vma = find_vma(current->mm,regs->iaoq[0]); 5941 vma = find_vma(current->mm,regs->iaoq[0]);
@@ -10285,7 +10245,7 @@ index ad8f795..2c7eec6 100644
10285 /* 10245 /*
10286 * Memory returned by kmalloc() may be used for DMA, so we must make 10246 * Memory returned by kmalloc() may be used for DMA, so we must make
10287diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig 10247diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
10288index 6ef2a37..74ad6ad 100644 10248index de80b33..c0f0899 100644
10289--- a/arch/x86/Kconfig 10249--- a/arch/x86/Kconfig
10290+++ b/arch/x86/Kconfig 10250+++ b/arch/x86/Kconfig
10291@@ -243,7 +243,7 @@ config X86_HT 10251@@ -243,7 +243,7 @@ config X86_HT
@@ -19028,7 +18988,7 @@ index 8f3e2de..934870f 100644
19028 18988
19029 /* 18989 /*
19030diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S 18990diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
19031index c1d01e6..1bef85a 100644 18991index c1d01e6..7f633850 100644
19032--- a/arch/x86/kernel/entry_64.S 18992--- a/arch/x86/kernel/entry_64.S
19033+++ b/arch/x86/kernel/entry_64.S 18993+++ b/arch/x86/kernel/entry_64.S
19034@@ -59,6 +59,8 @@ 18994@@ -59,6 +59,8 @@
@@ -19115,7 +19075,7 @@ index c1d01e6..1bef85a 100644
19115 #endif 19075 #endif
19116 19076
19117 19077
19118@@ -284,6 +293,311 @@ ENTRY(native_usergs_sysret64) 19078@@ -284,6 +293,309 @@ ENTRY(native_usergs_sysret64)
19119 ENDPROC(native_usergs_sysret64) 19079 ENDPROC(native_usergs_sysret64)
19120 #endif /* CONFIG_PARAVIRT */ 19080 #endif /* CONFIG_PARAVIRT */
19121 19081
@@ -19245,9 +19205,9 @@ index c1d01e6..1bef85a 100644
19245+ sub phys_base(%rip),%rbx 19205+ sub phys_base(%rip),%rbx
19246+ 19206+
19247+#ifdef CONFIG_PARAVIRT 19207+#ifdef CONFIG_PARAVIRT
19248+ pushq %rdi
19249+ cmpl $0, pv_info+PARAVIRT_enabled 19208+ cmpl $0, pv_info+PARAVIRT_enabled
19250+ jz 1f 19209+ jz 1f
19210+ pushq %rdi
19251+ i = 0 19211+ i = 0
19252+ .rept USER_PGD_PTRS 19212+ .rept USER_PGD_PTRS
19253+ mov i*8(%rbx),%rsi 19213+ mov i*8(%rbx),%rsi
@@ -19256,6 +19216,7 @@ index c1d01e6..1bef85a 100644
19256+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) 19216+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
19257+ i = i + 1 19217+ i = i + 1
19258+ .endr 19218+ .endr
19219+ popq %rdi
19259+ jmp 2f 19220+ jmp 2f
19260+1: 19221+1:
19261+#endif 19222+#endif
@@ -19267,7 +19228,7 @@ index c1d01e6..1bef85a 100644
19267+ .endr 19228+ .endr
19268+ 19229+
19269+#ifdef CONFIG_PARAVIRT 19230+#ifdef CONFIG_PARAVIRT
19270+2: popq %rdi 19231+2:
19271+#endif 19232+#endif
19272+ SET_RDI_INTO_CR3 19233+ SET_RDI_INTO_CR3
19273+ 19234+
@@ -19308,7 +19269,6 @@ index c1d01e6..1bef85a 100644
19308+ sub phys_base(%rip),%rbx 19269+ sub phys_base(%rip),%rbx
19309+ 19270+
19310+#ifdef CONFIG_PARAVIRT 19271+#ifdef CONFIG_PARAVIRT
19311+ pushq %rdi
19312+ cmpl $0, pv_info+PARAVIRT_enabled 19272+ cmpl $0, pv_info+PARAVIRT_enabled
19313+ jz 1f 19273+ jz 1f
19314+ i = 0 19274+ i = 0
@@ -19319,8 +19279,6 @@ index c1d01e6..1bef85a 100644
19319+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) 19279+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
19320+ i = i + 1 19280+ i = i + 1
19321+ .endr 19281+ .endr
19322+ popq %rdi
19323+ PV_RESTORE_REGS(CLBR_RDI)
19324+ jmp 2f 19282+ jmp 2f
19325+1: 19283+1:
19326+#endif 19284+#endif
@@ -19332,7 +19290,7 @@ index c1d01e6..1bef85a 100644
19332+ .endr 19290+ .endr
19333+ 19291+
19334+#ifdef CONFIG_PARAVIRT 19292+#ifdef CONFIG_PARAVIRT
19335+2: 19293+2: PV_RESTORE_REGS(CLBR_RDI)
19336+#endif 19294+#endif
19337+ 19295+
19338+ popq %rbx 19296+ popq %rbx
@@ -19350,8 +19308,8 @@ index c1d01e6..1bef85a 100644
19350+#ifdef CONFIG_PAX_KERNEXEC 19308+#ifdef CONFIG_PAX_KERNEXEC
19351+ GET_CR0_INTO_RDI 19309+ GET_CR0_INTO_RDI
19352+ bts $16,%rdi 19310+ bts $16,%rdi
19353+ SET_RDI_INTO_CR0
19354+ jc 110f 19311+ jc 110f
19312+ SET_RDI_INTO_CR0
19355+ or $2,%ebx 19313+ or $2,%ebx
19356+110: 19314+110:
19357+#endif 19315+#endif
@@ -19359,8 +19317,8 @@ index c1d01e6..1bef85a 100644
19359+ 19317+
19360+ .macro pax_exit_kernel_nmi 19318+ .macro pax_exit_kernel_nmi
19361+#ifdef CONFIG_PAX_KERNEXEC 19319+#ifdef CONFIG_PAX_KERNEXEC
19362+ test $2,%ebx 19320+ btr $1,%ebx
19363+ jz 110f 19321+ jnc 110f
19364+ GET_CR0_INTO_RDI 19322+ GET_CR0_INTO_RDI
19365+ btr $16,%rdi 19323+ btr $16,%rdi
19366+ SET_RDI_INTO_CR0 19324+ SET_RDI_INTO_CR0
@@ -19427,7 +19385,7 @@ index c1d01e6..1bef85a 100644
19427 19385
19428 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET 19386 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
19429 #ifdef CONFIG_TRACE_IRQFLAGS 19387 #ifdef CONFIG_TRACE_IRQFLAGS
19430@@ -375,8 +689,8 @@ ENDPROC(native_usergs_sysret64) 19388@@ -375,8 +687,8 @@ ENDPROC(native_usergs_sysret64)
19431 .endm 19389 .endm
19432 19390
19433 .macro UNFAKE_STACK_FRAME 19391 .macro UNFAKE_STACK_FRAME
@@ -19438,7 +19396,7 @@ index c1d01e6..1bef85a 100644
19438 .endm 19396 .endm
19439 19397
19440 /* 19398 /*
19441@@ -463,7 +777,7 @@ ENDPROC(native_usergs_sysret64) 19399@@ -463,7 +775,7 @@ ENDPROC(native_usergs_sysret64)
19442 movq %rsp, %rsi 19400 movq %rsp, %rsi
19443 19401
19444 leaq -RBP(%rsp),%rdi /* arg1 for handler */ 19402 leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -19447,7 +19405,7 @@ index c1d01e6..1bef85a 100644
19447 je 1f 19405 je 1f
19448 SWAPGS 19406 SWAPGS
19449 /* 19407 /*
19450@@ -498,9 +812,10 @@ ENTRY(save_rest) 19408@@ -498,9 +810,10 @@ ENTRY(save_rest)
19451 movq_cfi r15, R15+16 19409 movq_cfi r15, R15+16
19452 movq %r11, 8(%rsp) /* return address */ 19410 movq %r11, 8(%rsp) /* return address */
19453 FIXUP_TOP_OF_STACK %r11, 16 19411 FIXUP_TOP_OF_STACK %r11, 16
@@ -19459,7 +19417,7 @@ index c1d01e6..1bef85a 100644
19459 19417
19460 /* save complete stack frame */ 19418 /* save complete stack frame */
19461 .pushsection .kprobes.text, "ax" 19419 .pushsection .kprobes.text, "ax"
19462@@ -529,9 +844,10 @@ ENTRY(save_paranoid) 19420@@ -529,9 +842,10 @@ ENTRY(save_paranoid)
19463 js 1f /* negative -> in kernel */ 19421 js 1f /* negative -> in kernel */
19464 SWAPGS 19422 SWAPGS
19465 xorl %ebx,%ebx 19423 xorl %ebx,%ebx
@@ -19472,7 +19430,7 @@ index c1d01e6..1bef85a 100644
19472 .popsection 19430 .popsection
19473 19431
19474 /* 19432 /*
19475@@ -553,7 +869,7 @@ ENTRY(ret_from_fork) 19433@@ -553,7 +867,7 @@ ENTRY(ret_from_fork)
19476 19434
19477 RESTORE_REST 19435 RESTORE_REST
19478 19436
@@ -19481,7 +19439,7 @@ index c1d01e6..1bef85a 100644
19481 jz 1f 19439 jz 1f
19482 19440
19483 testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET 19441 testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
19484@@ -571,7 +887,7 @@ ENTRY(ret_from_fork) 19442@@ -571,7 +885,7 @@ ENTRY(ret_from_fork)
19485 RESTORE_REST 19443 RESTORE_REST
19486 jmp int_ret_from_sys_call 19444 jmp int_ret_from_sys_call
19487 CFI_ENDPROC 19445 CFI_ENDPROC
@@ -19490,7 +19448,7 @@ index c1d01e6..1bef85a 100644
19490 19448
19491 /* 19449 /*
19492 * System call entry. Up to 6 arguments in registers are supported. 19450 * System call entry. Up to 6 arguments in registers are supported.
19493@@ -608,7 +924,7 @@ END(ret_from_fork) 19451@@ -608,7 +922,7 @@ END(ret_from_fork)
19494 ENTRY(system_call) 19452 ENTRY(system_call)
19495 CFI_STARTPROC simple 19453 CFI_STARTPROC simple
19496 CFI_SIGNAL_FRAME 19454 CFI_SIGNAL_FRAME
@@ -19499,7 +19457,7 @@ index c1d01e6..1bef85a 100644
19499 CFI_REGISTER rip,rcx 19457 CFI_REGISTER rip,rcx
19500 /*CFI_REGISTER rflags,r11*/ 19458 /*CFI_REGISTER rflags,r11*/
19501 SWAPGS_UNSAFE_STACK 19459 SWAPGS_UNSAFE_STACK
19502@@ -621,16 +937,23 @@ GLOBAL(system_call_after_swapgs) 19460@@ -621,16 +935,23 @@ GLOBAL(system_call_after_swapgs)
19503 19461
19504 movq %rsp,PER_CPU_VAR(old_rsp) 19462 movq %rsp,PER_CPU_VAR(old_rsp)
19505 movq PER_CPU_VAR(kernel_stack),%rsp 19463 movq PER_CPU_VAR(kernel_stack),%rsp
@@ -19525,7 +19483,7 @@ index c1d01e6..1bef85a 100644
19525 jnz tracesys 19483 jnz tracesys
19526 system_call_fastpath: 19484 system_call_fastpath:
19527 #if __SYSCALL_MASK == ~0 19485 #if __SYSCALL_MASK == ~0
19528@@ -640,7 +963,7 @@ system_call_fastpath: 19486@@ -640,7 +961,7 @@ system_call_fastpath:
19529 cmpl $__NR_syscall_max,%eax 19487 cmpl $__NR_syscall_max,%eax
19530 #endif 19488 #endif
19531 ja badsys 19489 ja badsys
@@ -19534,7 +19492,7 @@ index c1d01e6..1bef85a 100644
19534 call *sys_call_table(,%rax,8) # XXX: rip relative 19492 call *sys_call_table(,%rax,8) # XXX: rip relative
19535 movq %rax,RAX-ARGOFFSET(%rsp) 19493 movq %rax,RAX-ARGOFFSET(%rsp)
19536 /* 19494 /*
19537@@ -654,10 +977,13 @@ sysret_check: 19495@@ -654,10 +975,13 @@ sysret_check:
19538 LOCKDEP_SYS_EXIT 19496 LOCKDEP_SYS_EXIT
19539 DISABLE_INTERRUPTS(CLBR_NONE) 19497 DISABLE_INTERRUPTS(CLBR_NONE)
19540 TRACE_IRQS_OFF 19498 TRACE_IRQS_OFF
@@ -19549,7 +19507,7 @@ index c1d01e6..1bef85a 100644
19549 /* 19507 /*
19550 * sysretq will re-enable interrupts: 19508 * sysretq will re-enable interrupts:
19551 */ 19509 */
19552@@ -709,14 +1035,18 @@ badsys: 19510@@ -709,14 +1033,18 @@ badsys:
19553 * jump back to the normal fast path. 19511 * jump back to the normal fast path.
19554 */ 19512 */
19555 auditsys: 19513 auditsys:
@@ -19569,7 +19527,7 @@ index c1d01e6..1bef85a 100644
19569 jmp system_call_fastpath 19527 jmp system_call_fastpath
19570 19528
19571 /* 19529 /*
19572@@ -737,7 +1067,7 @@ sysret_audit: 19530@@ -737,7 +1065,7 @@ sysret_audit:
19573 /* Do syscall tracing */ 19531 /* Do syscall tracing */
19574 tracesys: 19532 tracesys:
19575 #ifdef CONFIG_AUDITSYSCALL 19533 #ifdef CONFIG_AUDITSYSCALL
@@ -19578,7 +19536,7 @@ index c1d01e6..1bef85a 100644
19578 jz auditsys 19536 jz auditsys
19579 #endif 19537 #endif
19580 SAVE_REST 19538 SAVE_REST
19581@@ -745,12 +1075,16 @@ tracesys: 19539@@ -745,12 +1073,16 @@ tracesys:
19582 FIXUP_TOP_OF_STACK %rdi 19540 FIXUP_TOP_OF_STACK %rdi
19583 movq %rsp,%rdi 19541 movq %rsp,%rdi
19584 call syscall_trace_enter 19542 call syscall_trace_enter
@@ -19595,7 +19553,7 @@ index c1d01e6..1bef85a 100644
19595 RESTORE_REST 19553 RESTORE_REST
19596 #if __SYSCALL_MASK == ~0 19554 #if __SYSCALL_MASK == ~0
19597 cmpq $__NR_syscall_max,%rax 19555 cmpq $__NR_syscall_max,%rax
19598@@ -759,7 +1093,7 @@ tracesys: 19556@@ -759,7 +1091,7 @@ tracesys:
19599 cmpl $__NR_syscall_max,%eax 19557 cmpl $__NR_syscall_max,%eax
19600 #endif 19558 #endif
19601 ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ 19559 ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */
@@ -19604,7 +19562,7 @@ index c1d01e6..1bef85a 100644
19604 call *sys_call_table(,%rax,8) 19562 call *sys_call_table(,%rax,8)
19605 movq %rax,RAX-ARGOFFSET(%rsp) 19563 movq %rax,RAX-ARGOFFSET(%rsp)
19606 /* Use IRET because user could have changed frame */ 19564 /* Use IRET because user could have changed frame */
19607@@ -780,7 +1114,9 @@ GLOBAL(int_with_check) 19565@@ -780,7 +1112,9 @@ GLOBAL(int_with_check)
19608 andl %edi,%edx 19566 andl %edi,%edx
19609 jnz int_careful 19567 jnz int_careful
19610 andl $~TS_COMPAT,TI_status(%rcx) 19568 andl $~TS_COMPAT,TI_status(%rcx)
@@ -19615,7 +19573,7 @@ index c1d01e6..1bef85a 100644
19615 19573
19616 /* Either reschedule or signal or syscall exit tracking needed. */ 19574 /* Either reschedule or signal or syscall exit tracking needed. */
19617 /* First do a reschedule test. */ 19575 /* First do a reschedule test. */
19618@@ -826,7 +1162,7 @@ int_restore_rest: 19576@@ -826,7 +1160,7 @@ int_restore_rest:
19619 TRACE_IRQS_OFF 19577 TRACE_IRQS_OFF
19620 jmp int_with_check 19578 jmp int_with_check
19621 CFI_ENDPROC 19579 CFI_ENDPROC
@@ -19624,7 +19582,7 @@ index c1d01e6..1bef85a 100644
19624 19582
19625 .macro FORK_LIKE func 19583 .macro FORK_LIKE func
19626 ENTRY(stub_\func) 19584 ENTRY(stub_\func)
19627@@ -839,9 +1175,10 @@ ENTRY(stub_\func) 19585@@ -839,9 +1173,10 @@ ENTRY(stub_\func)
19628 DEFAULT_FRAME 0 8 /* offset 8: return address */ 19586 DEFAULT_FRAME 0 8 /* offset 8: return address */
19629 call sys_\func 19587 call sys_\func
19630 RESTORE_TOP_OF_STACK %r11, 8 19588 RESTORE_TOP_OF_STACK %r11, 8
@@ -19636,7 +19594,7 @@ index c1d01e6..1bef85a 100644
19636 .endm 19594 .endm
19637 19595
19638 .macro FIXED_FRAME label,func 19596 .macro FIXED_FRAME label,func
19639@@ -851,9 +1188,10 @@ ENTRY(\label) 19597@@ -851,9 +1186,10 @@ ENTRY(\label)
19640 FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET 19598 FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
19641 call \func 19599 call \func
19642 RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET 19600 RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -19648,7 +19606,7 @@ index c1d01e6..1bef85a 100644
19648 .endm 19606 .endm
19649 19607
19650 FORK_LIKE clone 19608 FORK_LIKE clone
19651@@ -870,9 +1208,10 @@ ENTRY(ptregscall_common) 19609@@ -870,9 +1206,10 @@ ENTRY(ptregscall_common)
19652 movq_cfi_restore R12+8, r12 19610 movq_cfi_restore R12+8, r12
19653 movq_cfi_restore RBP+8, rbp 19611 movq_cfi_restore RBP+8, rbp
19654 movq_cfi_restore RBX+8, rbx 19612 movq_cfi_restore RBX+8, rbx
@@ -19660,7 +19618,7 @@ index c1d01e6..1bef85a 100644
19660 19618
19661 ENTRY(stub_execve) 19619 ENTRY(stub_execve)
19662 CFI_STARTPROC 19620 CFI_STARTPROC
19663@@ -885,7 +1224,7 @@ ENTRY(stub_execve) 19621@@ -885,7 +1222,7 @@ ENTRY(stub_execve)
19664 RESTORE_REST 19622 RESTORE_REST
19665 jmp int_ret_from_sys_call 19623 jmp int_ret_from_sys_call
19666 CFI_ENDPROC 19624 CFI_ENDPROC
@@ -19669,7 +19627,7 @@ index c1d01e6..1bef85a 100644
19669 19627
19670 /* 19628 /*
19671 * sigreturn is special because it needs to restore all registers on return. 19629 * sigreturn is special because it needs to restore all registers on return.
19672@@ -902,7 +1241,7 @@ ENTRY(stub_rt_sigreturn) 19630@@ -902,7 +1239,7 @@ ENTRY(stub_rt_sigreturn)
19673 RESTORE_REST 19631 RESTORE_REST
19674 jmp int_ret_from_sys_call 19632 jmp int_ret_from_sys_call
19675 CFI_ENDPROC 19633 CFI_ENDPROC
@@ -19678,7 +19636,7 @@ index c1d01e6..1bef85a 100644
19678 19636
19679 #ifdef CONFIG_X86_X32_ABI 19637 #ifdef CONFIG_X86_X32_ABI
19680 ENTRY(stub_x32_rt_sigreturn) 19638 ENTRY(stub_x32_rt_sigreturn)
19681@@ -916,7 +1255,7 @@ ENTRY(stub_x32_rt_sigreturn) 19639@@ -916,7 +1253,7 @@ ENTRY(stub_x32_rt_sigreturn)
19682 RESTORE_REST 19640 RESTORE_REST
19683 jmp int_ret_from_sys_call 19641 jmp int_ret_from_sys_call
19684 CFI_ENDPROC 19642 CFI_ENDPROC
@@ -19687,7 +19645,7 @@ index c1d01e6..1bef85a 100644
19687 19645
19688 ENTRY(stub_x32_execve) 19646 ENTRY(stub_x32_execve)
19689 CFI_STARTPROC 19647 CFI_STARTPROC
19690@@ -930,7 +1269,7 @@ ENTRY(stub_x32_execve) 19648@@ -930,7 +1267,7 @@ ENTRY(stub_x32_execve)
19691 RESTORE_REST 19649 RESTORE_REST
19692 jmp int_ret_from_sys_call 19650 jmp int_ret_from_sys_call
19693 CFI_ENDPROC 19651 CFI_ENDPROC
@@ -19696,7 +19654,7 @@ index c1d01e6..1bef85a 100644
19696 19654
19697 #endif 19655 #endif
19698 19656
19699@@ -967,7 +1306,7 @@ vector=vector+1 19657@@ -967,7 +1304,7 @@ vector=vector+1
19700 2: jmp common_interrupt 19658 2: jmp common_interrupt
19701 .endr 19659 .endr
19702 CFI_ENDPROC 19660 CFI_ENDPROC
@@ -19705,7 +19663,7 @@ index c1d01e6..1bef85a 100644
19705 19663
19706 .previous 19664 .previous
19707 END(interrupt) 19665 END(interrupt)
19708@@ -987,6 +1326,16 @@ END(interrupt) 19666@@ -987,6 +1324,16 @@ END(interrupt)
19709 subq $ORIG_RAX-RBP, %rsp 19667 subq $ORIG_RAX-RBP, %rsp
19710 CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP 19668 CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
19711 SAVE_ARGS_IRQ 19669 SAVE_ARGS_IRQ
@@ -19722,7 +19680,7 @@ index c1d01e6..1bef85a 100644
19722 call \func 19680 call \func
19723 .endm 19681 .endm
19724 19682
19725@@ -1019,7 +1368,7 @@ ret_from_intr: 19683@@ -1019,7 +1366,7 @@ ret_from_intr:
19726 19684
19727 exit_intr: 19685 exit_intr:
19728 GET_THREAD_INFO(%rcx) 19686 GET_THREAD_INFO(%rcx)
@@ -19731,7 +19689,7 @@ index c1d01e6..1bef85a 100644
19731 je retint_kernel 19689 je retint_kernel
19732 19690
19733 /* Interrupt came from user space */ 19691 /* Interrupt came from user space */
19734@@ -1041,12 +1390,16 @@ retint_swapgs: /* return to user-space */ 19692@@ -1041,12 +1388,16 @@ retint_swapgs: /* return to user-space */
19735 * The iretq could re-enable interrupts: 19693 * The iretq could re-enable interrupts:
19736 */ 19694 */
19737 DISABLE_INTERRUPTS(CLBR_ANY) 19695 DISABLE_INTERRUPTS(CLBR_ANY)
@@ -19748,7 +19706,7 @@ index c1d01e6..1bef85a 100644
19748 /* 19706 /*
19749 * The iretq could re-enable interrupts: 19707 * The iretq could re-enable interrupts:
19750 */ 19708 */
19751@@ -1129,7 +1482,7 @@ ENTRY(retint_kernel) 19709@@ -1129,7 +1480,7 @@ ENTRY(retint_kernel)
19752 #endif 19710 #endif
19753 19711
19754 CFI_ENDPROC 19712 CFI_ENDPROC
@@ -19757,7 +19715,7 @@ index c1d01e6..1bef85a 100644
19757 /* 19715 /*
19758 * End of kprobes section 19716 * End of kprobes section
19759 */ 19717 */
19760@@ -1147,7 +1500,7 @@ ENTRY(\sym) 19718@@ -1147,7 +1498,7 @@ ENTRY(\sym)
19761 interrupt \do_sym 19719 interrupt \do_sym
19762 jmp ret_from_intr 19720 jmp ret_from_intr
19763 CFI_ENDPROC 19721 CFI_ENDPROC
@@ -19766,7 +19724,7 @@ index c1d01e6..1bef85a 100644
19766 .endm 19724 .endm
19767 19725
19768 #ifdef CONFIG_SMP 19726 #ifdef CONFIG_SMP
19769@@ -1203,12 +1556,22 @@ ENTRY(\sym) 19727@@ -1203,12 +1554,22 @@ ENTRY(\sym)
19770 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 19728 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
19771 call error_entry 19729 call error_entry
19772 DEFAULT_FRAME 0 19730 DEFAULT_FRAME 0
@@ -19790,7 +19748,7 @@ index c1d01e6..1bef85a 100644
19790 .endm 19748 .endm
19791 19749
19792 .macro paranoidzeroentry sym do_sym 19750 .macro paranoidzeroentry sym do_sym
19793@@ -1221,15 +1584,25 @@ ENTRY(\sym) 19751@@ -1221,15 +1582,25 @@ ENTRY(\sym)
19794 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 19752 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
19795 call save_paranoid 19753 call save_paranoid
19796 TRACE_IRQS_OFF 19754 TRACE_IRQS_OFF
@@ -19818,7 +19776,7 @@ index c1d01e6..1bef85a 100644
19818 .macro paranoidzeroentry_ist sym do_sym ist 19776 .macro paranoidzeroentry_ist sym do_sym ist
19819 ENTRY(\sym) 19777 ENTRY(\sym)
19820 INTR_FRAME 19778 INTR_FRAME
19821@@ -1240,14 +1613,30 @@ ENTRY(\sym) 19779@@ -1240,14 +1611,30 @@ ENTRY(\sym)
19822 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 19780 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
19823 call save_paranoid 19781 call save_paranoid
19824 TRACE_IRQS_OFF_DEBUG 19782 TRACE_IRQS_OFF_DEBUG
@@ -19850,7 +19808,7 @@ index c1d01e6..1bef85a 100644
19850 .endm 19808 .endm
19851 19809
19852 .macro errorentry sym do_sym 19810 .macro errorentry sym do_sym
19853@@ -1259,13 +1648,23 @@ ENTRY(\sym) 19811@@ -1259,13 +1646,23 @@ ENTRY(\sym)
19854 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 19812 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
19855 call error_entry 19813 call error_entry
19856 DEFAULT_FRAME 0 19814 DEFAULT_FRAME 0
@@ -19875,7 +19833,7 @@ index c1d01e6..1bef85a 100644
19875 .endm 19833 .endm
19876 19834
19877 /* error code is on the stack already */ 19835 /* error code is on the stack already */
19878@@ -1279,13 +1678,23 @@ ENTRY(\sym) 19836@@ -1279,13 +1676,23 @@ ENTRY(\sym)
19879 call save_paranoid 19837 call save_paranoid
19880 DEFAULT_FRAME 0 19838 DEFAULT_FRAME 0
19881 TRACE_IRQS_OFF 19839 TRACE_IRQS_OFF
@@ -19900,7 +19858,7 @@ index c1d01e6..1bef85a 100644
19900 .endm 19858 .endm
19901 19859
19902 zeroentry divide_error do_divide_error 19860 zeroentry divide_error do_divide_error
19903@@ -1315,9 +1724,10 @@ gs_change: 19861@@ -1315,9 +1722,10 @@ gs_change:
19904 2: mfence /* workaround */ 19862 2: mfence /* workaround */
19905 SWAPGS 19863 SWAPGS
19906 popfq_cfi 19864 popfq_cfi
@@ -19912,7 +19870,7 @@ index c1d01e6..1bef85a 100644
19912 19870
19913 _ASM_EXTABLE(gs_change,bad_gs) 19871 _ASM_EXTABLE(gs_change,bad_gs)
19914 .section .fixup,"ax" 19872 .section .fixup,"ax"
19915@@ -1345,9 +1755,10 @@ ENTRY(call_softirq) 19873@@ -1345,9 +1753,10 @@ ENTRY(call_softirq)
19916 CFI_DEF_CFA_REGISTER rsp 19874 CFI_DEF_CFA_REGISTER rsp
19917 CFI_ADJUST_CFA_OFFSET -8 19875 CFI_ADJUST_CFA_OFFSET -8
19918 decl PER_CPU_VAR(irq_count) 19876 decl PER_CPU_VAR(irq_count)
@@ -19924,7 +19882,7 @@ index c1d01e6..1bef85a 100644
19924 19882
19925 #ifdef CONFIG_XEN 19883 #ifdef CONFIG_XEN
19926 zeroentry xen_hypervisor_callback xen_do_hypervisor_callback 19884 zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
19927@@ -1385,7 +1796,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) 19885@@ -1385,7 +1794,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
19928 decl PER_CPU_VAR(irq_count) 19886 decl PER_CPU_VAR(irq_count)
19929 jmp error_exit 19887 jmp error_exit
19930 CFI_ENDPROC 19888 CFI_ENDPROC
@@ -19933,7 +19891,7 @@ index c1d01e6..1bef85a 100644
19933 19891
19934 /* 19892 /*
19935 * Hypervisor uses this for application faults while it executes. 19893 * Hypervisor uses this for application faults while it executes.
19936@@ -1444,7 +1855,7 @@ ENTRY(xen_failsafe_callback) 19894@@ -1444,7 +1853,7 @@ ENTRY(xen_failsafe_callback)
19937 SAVE_ALL 19895 SAVE_ALL
19938 jmp error_exit 19896 jmp error_exit
19939 CFI_ENDPROC 19897 CFI_ENDPROC
@@ -19942,7 +19900,7 @@ index c1d01e6..1bef85a 100644
19942 19900
19943 apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ 19901 apicinterrupt HYPERVISOR_CALLBACK_VECTOR \
19944 xen_hvm_callback_vector xen_evtchn_do_upcall 19902 xen_hvm_callback_vector xen_evtchn_do_upcall
19945@@ -1498,16 +1909,31 @@ ENTRY(paranoid_exit) 19903@@ -1498,16 +1907,31 @@ ENTRY(paranoid_exit)
19946 TRACE_IRQS_OFF_DEBUG 19904 TRACE_IRQS_OFF_DEBUG
19947 testl %ebx,%ebx /* swapgs needed? */ 19905 testl %ebx,%ebx /* swapgs needed? */
19948 jnz paranoid_restore 19906 jnz paranoid_restore
@@ -19975,7 +19933,7 @@ index c1d01e6..1bef85a 100644
19975 jmp irq_return 19933 jmp irq_return
19976 paranoid_userspace: 19934 paranoid_userspace:
19977 GET_THREAD_INFO(%rcx) 19935 GET_THREAD_INFO(%rcx)
19978@@ -1536,7 +1962,7 @@ paranoid_schedule: 19936@@ -1536,7 +1960,7 @@ paranoid_schedule:
19979 TRACE_IRQS_OFF 19937 TRACE_IRQS_OFF
19980 jmp paranoid_userspace 19938 jmp paranoid_userspace
19981 CFI_ENDPROC 19939 CFI_ENDPROC
@@ -19984,7 +19942,7 @@ index c1d01e6..1bef85a 100644
19984 19942
19985 /* 19943 /*
19986 * Exception entry point. This expects an error code/orig_rax on the stack. 19944 * Exception entry point. This expects an error code/orig_rax on the stack.
19987@@ -1563,12 +1989,13 @@ ENTRY(error_entry) 19945@@ -1563,12 +1987,13 @@ ENTRY(error_entry)
19988 movq_cfi r14, R14+8 19946 movq_cfi r14, R14+8
19989 movq_cfi r15, R15+8 19947 movq_cfi r15, R15+8
19990 xorl %ebx,%ebx 19948 xorl %ebx,%ebx
@@ -19999,7 +19957,7 @@ index c1d01e6..1bef85a 100644
19999 ret 19957 ret
20000 19958
20001 /* 19959 /*
20002@@ -1595,7 +2022,7 @@ bstep_iret: 19960@@ -1595,7 +2020,7 @@ bstep_iret:
20003 movq %rcx,RIP+8(%rsp) 19961 movq %rcx,RIP+8(%rsp)
20004 jmp error_swapgs 19962 jmp error_swapgs
20005 CFI_ENDPROC 19963 CFI_ENDPROC
@@ -20008,7 +19966,7 @@ index c1d01e6..1bef85a 100644
20008 19966
20009 19967
20010 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ 19968 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
20011@@ -1615,7 +2042,7 @@ ENTRY(error_exit) 19969@@ -1615,7 +2040,7 @@ ENTRY(error_exit)
20012 jnz retint_careful 19970 jnz retint_careful
20013 jmp retint_swapgs 19971 jmp retint_swapgs
20014 CFI_ENDPROC 19972 CFI_ENDPROC
@@ -20017,7 +19975,7 @@ index c1d01e6..1bef85a 100644
20017 19975
20018 /* 19976 /*
20019 * Test if a given stack is an NMI stack or not. 19977 * Test if a given stack is an NMI stack or not.
20020@@ -1673,9 +2100,11 @@ ENTRY(nmi) 19978@@ -1673,9 +2098,11 @@ ENTRY(nmi)
20021 * If %cs was not the kernel segment, then the NMI triggered in user 19979 * If %cs was not the kernel segment, then the NMI triggered in user
20022 * space, which means it is definitely not nested. 19980 * space, which means it is definitely not nested.
20023 */ 19981 */
@@ -20030,7 +19988,7 @@ index c1d01e6..1bef85a 100644
20030 /* 19988 /*
20031 * Check the special variable on the stack to see if NMIs are 19989 * Check the special variable on the stack to see if NMIs are
20032 * executing. 19990 * executing.
20033@@ -1709,8 +2138,7 @@ nested_nmi: 19991@@ -1709,8 +2136,7 @@ nested_nmi:
20034 19992
20035 1: 19993 1:
20036 /* Set up the interrupted NMIs stack to jump to repeat_nmi */ 19994 /* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -20040,7 +19998,7 @@ index c1d01e6..1bef85a 100644
20040 CFI_ADJUST_CFA_OFFSET 1*8 19998 CFI_ADJUST_CFA_OFFSET 1*8
20041 leaq -10*8(%rsp), %rdx 19999 leaq -10*8(%rsp), %rdx
20042 pushq_cfi $__KERNEL_DS 20000 pushq_cfi $__KERNEL_DS
20043@@ -1728,6 +2156,7 @@ nested_nmi_out: 20001@@ -1728,6 +2154,7 @@ nested_nmi_out:
20044 CFI_RESTORE rdx 20002 CFI_RESTORE rdx
20045 20003
20046 /* No need to check faults here */ 20004 /* No need to check faults here */
@@ -20048,7 +20006,7 @@ index c1d01e6..1bef85a 100644
20048 INTERRUPT_RETURN 20006 INTERRUPT_RETURN
20049 20007
20050 CFI_RESTORE_STATE 20008 CFI_RESTORE_STATE
20051@@ -1844,6 +2273,8 @@ end_repeat_nmi: 20009@@ -1844,6 +2271,8 @@ end_repeat_nmi:
20052 */ 20010 */
20053 movq %cr2, %r12 20011 movq %cr2, %r12
20054 20012
@@ -20057,7 +20015,7 @@ index c1d01e6..1bef85a 100644
20057 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ 20015 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
20058 movq %rsp,%rdi 20016 movq %rsp,%rdi
20059 movq $-1,%rsi 20017 movq $-1,%rsi
20060@@ -1856,26 +2287,31 @@ end_repeat_nmi: 20018@@ -1856,26 +2285,31 @@ end_repeat_nmi:
20061 movq %r12, %cr2 20019 movq %r12, %cr2
20062 1: 20020 1:
20063 20021
@@ -20604,7 +20562,7 @@ index 73afd11..d1670f5 100644
20604+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0 20562+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
20605+ .endr 20563+ .endr
20606diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S 20564diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
20607index 321d65e..e9437f7 100644 20565index 321d65e..7830f05 100644
20608--- a/arch/x86/kernel/head_64.S 20566--- a/arch/x86/kernel/head_64.S
20609+++ b/arch/x86/kernel/head_64.S 20567+++ b/arch/x86/kernel/head_64.S
20610@@ -20,6 +20,8 @@ 20568@@ -20,6 +20,8 @@
@@ -20770,7 +20728,7 @@ index 321d65e..e9437f7 100644
20770 NEXT_PAGE(level2_kernel_pgt) 20728 NEXT_PAGE(level2_kernel_pgt)
20771 /* 20729 /*
20772 * 512 MB kernel mapping. We spend a full page on this pagetable 20730 * 512 MB kernel mapping. We spend a full page on this pagetable
20773@@ -488,38 +536,64 @@ NEXT_PAGE(level2_kernel_pgt) 20731@@ -488,39 +536,64 @@ NEXT_PAGE(level2_kernel_pgt)
20774 KERNEL_IMAGE_SIZE/PMD_SIZE) 20732 KERNEL_IMAGE_SIZE/PMD_SIZE)
20775 20733
20776 NEXT_PAGE(level2_fixmap_pgt) 20734 NEXT_PAGE(level2_fixmap_pgt)
@@ -20844,8 +20802,9 @@ index 321d65e..e9437f7 100644
20844- .skip IDT_ENTRIES * 16 20802- .skip IDT_ENTRIES * 16
20845+ .fill 512,8,0 20803+ .fill 512,8,0
20846 20804
20847 __PAGE_ALIGNED_BSS 20805- __PAGE_ALIGNED_BSS
20848 NEXT_PAGE(empty_zero_page) 20806 NEXT_PAGE(empty_zero_page)
20807 .skip PAGE_SIZE
20849diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c 20808diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
20850index 0fa6912..37fce70 100644 20809index 0fa6912..37fce70 100644
20851--- a/arch/x86/kernel/i386_ksyms_32.c 20810--- a/arch/x86/kernel/i386_ksyms_32.c
@@ -22601,7 +22560,7 @@ index f2bb9c9..bed145d7 100644
22601 22560
22602 1: 22561 1:
22603diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c 22562diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
22604index fae9134..f8e4a47 100644 22563index fae9134..8fcd87c 100644
22605--- a/arch/x86/kernel/setup.c 22564--- a/arch/x86/kernel/setup.c
22606+++ b/arch/x86/kernel/setup.c 22565+++ b/arch/x86/kernel/setup.c
22607@@ -111,6 +111,7 @@ 22566@@ -111,6 +111,7 @@
@@ -22644,7 +22603,7 @@ index fae9134..f8e4a47 100644
22644 void __init setup_arch(char **cmdline_p) 22603 void __init setup_arch(char **cmdline_p)
22645 { 22604 {
22646+#ifdef CONFIG_X86_32 22605+#ifdef CONFIG_X86_32
22647+ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(__bss_stop) - ____LOAD_PHYSICAL_ADDR); 22606+ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(__bss_stop) - LOAD_PHYSICAL_ADDR);
22648+#else 22607+#else
22649 memblock_reserve(__pa_symbol(_text), 22608 memblock_reserve(__pa_symbol(_text),
22650 (unsigned long)__bss_stop - (unsigned long)_text); 22609 (unsigned long)__bss_stop - (unsigned long)_text);
@@ -22923,10 +22882,10 @@ index 9b4d51d..5d28b58 100644
22923 switch (opcode[i]) { 22882 switch (opcode[i]) {
22924diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c 22883diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c
22925new file mode 100644 22884new file mode 100644
22926index 0000000..207bec6 22885index 0000000..5877189
22927--- /dev/null 22886--- /dev/null
22928+++ b/arch/x86/kernel/sys_i386_32.c 22887+++ b/arch/x86/kernel/sys_i386_32.c
22929@@ -0,0 +1,250 @@ 22888@@ -0,0 +1,189 @@
22930+/* 22889+/*
22931+ * This file contains various random system calls that 22890+ * This file contains various random system calls that
22932+ * have a non-standard calling sequence on the Linux/i386 22891+ * have a non-standard calling sequence on the Linux/i386
@@ -22947,6 +22906,7 @@ index 0000000..207bec6
22947+#include <linux/file.h> 22906+#include <linux/file.h>
22948+#include <linux/utsname.h> 22907+#include <linux/utsname.h>
22949+#include <linux/ipc.h> 22908+#include <linux/ipc.h>
22909+#include <linux/elf.h>
22950+ 22910+
22951+#include <linux/uaccess.h> 22911+#include <linux/uaccess.h>
22952+#include <linux/unistd.h> 22912+#include <linux/unistd.h>
@@ -22969,13 +22929,28 @@ index 0000000..207bec6
22969+ return 0; 22929+ return 0;
22970+} 22930+}
22971+ 22931+
22932+/*
22933+ * Align a virtual address to avoid aliasing in the I$ on AMD F15h.
22934+ */
22935+static unsigned long get_align_mask(void)
22936+{
22937+ if (va_align.flags < 0 || !(va_align.flags & ALIGN_VA_32))
22938+ return 0;
22939+
22940+ if (!(current->flags & PF_RANDOMIZE))
22941+ return 0;
22942+
22943+ return va_align.mask;
22944+}
22945+
22972+unsigned long 22946+unsigned long
22973+arch_get_unmapped_area(struct file *filp, unsigned long addr, 22947+arch_get_unmapped_area(struct file *filp, unsigned long addr,
22974+ unsigned long len, unsigned long pgoff, unsigned long flags) 22948+ unsigned long len, unsigned long pgoff, unsigned long flags)
22975+{ 22949+{
22976+ struct mm_struct *mm = current->mm; 22950+ struct mm_struct *mm = current->mm;
22977+ struct vm_area_struct *vma; 22951+ struct vm_area_struct *vma;
22978+ unsigned long start_addr, pax_task_size = TASK_SIZE; 22952+ unsigned long pax_task_size = TASK_SIZE;
22953+ struct vm_unmapped_area_info info;
22979+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); 22954+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
22980+ 22955+
22981+#ifdef CONFIG_PAX_SEGMEXEC 22956+#ifdef CONFIG_PAX_SEGMEXEC
@@ -23003,61 +22978,35 @@ index 0000000..207bec6
23003+ return addr; 22978+ return addr;
23004+ } 22979+ }
23005+ } 22980+ }
23006+ if (len > mm->cached_hole_size) { 22981+
23007+ start_addr = addr = mm->free_area_cache; 22982+ info.flags = 0;
23008+ } else { 22983+ info.length = len;
23009+ start_addr = addr = mm->mmap_base; 22984+ info.align_mask = filp ? get_align_mask() : 0;
23010+ mm->cached_hole_size = 0; 22985+ info.align_offset = pgoff << PAGE_SHIFT;
23011+ } 22986+ info.threadstack_offset = offset;
23012+ 22987+
23013+#ifdef CONFIG_PAX_PAGEEXEC 22988+#ifdef CONFIG_PAX_PAGEEXEC
23014+ if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) { 22989+ if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE)) {
23015+ start_addr = 0x00110000UL; 22990+ info.low_limit = 0x00110000UL;
22991+ info.high_limit = mm->start_code;
23016+ 22992+
23017+#ifdef CONFIG_PAX_RANDMMAP 22993+#ifdef CONFIG_PAX_RANDMMAP
23018+ if (mm->pax_flags & MF_PAX_RANDMMAP) 22994+ if (mm->pax_flags & MF_PAX_RANDMMAP)
23019+ start_addr += mm->delta_mmap & 0x03FFF000UL; 22995+ info.low_limit += mm->delta_mmap & 0x03FFF000UL;
23020+#endif 22996+#endif
23021+ 22997+
23022+ if (mm->start_brk <= start_addr && start_addr < mm->mmap_base) 22998+ if (info.low_limit < info.high_limit) {
23023+ start_addr = addr = mm->mmap_base; 22999+ addr = vm_unmapped_area(&info);
23024+ else 23000+ if (!IS_ERR_VALUE(addr))
23025+ addr = start_addr; 23001+ return addr;
23026+ } 23002+ }
23003+ } else
23027+#endif 23004+#endif
23028+ 23005+
23029+full_search: 23006+ info.low_limit = mm->mmap_base;
23030+ for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { 23007+ info.high_limit = pax_task_size;
23031+ /* At this point: (!vma || addr < vma->vm_end). */
23032+ if (pax_task_size - len < addr) {
23033+ /*
23034+ * Start a new search - just in case we missed
23035+ * some holes.
23036+ */
23037+ if (start_addr != mm->mmap_base) {
23038+ start_addr = addr = mm->mmap_base;
23039+ mm->cached_hole_size = 0;
23040+ goto full_search;
23041+ }
23042+ return -ENOMEM;
23043+ }
23044+ if (check_heap_stack_gap(vma, addr, len, offset))
23045+ break;
23046+ if (addr + mm->cached_hole_size < vma->vm_start)
23047+ mm->cached_hole_size = vma->vm_start - addr;
23048+ addr = vma->vm_end;
23049+ if (mm->start_brk <= addr && addr < mm->mmap_base) {
23050+ start_addr = addr = mm->mmap_base;
23051+ mm->cached_hole_size = 0;
23052+ goto full_search;
23053+ }
23054+ }
23055+ 23008+
23056+ /* 23009+ return vm_unmapped_area(&info);
23057+ * Remember the place where we stopped the search:
23058+ */
23059+ mm->free_area_cache = addr + len;
23060+ return addr;
23061+} 23010+}
23062+ 23011+
23063+unsigned long 23012+unsigned long
@@ -23067,7 +23016,8 @@ index 0000000..207bec6
23067+{ 23016+{
23068+ struct vm_area_struct *vma; 23017+ struct vm_area_struct *vma;
23069+ struct mm_struct *mm = current->mm; 23018+ struct mm_struct *mm = current->mm;
23070+ unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE; 23019+ unsigned long addr = addr0, pax_task_size = TASK_SIZE;
23020+ struct vm_unmapped_area_info info;
23071+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); 23021+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
23072+ 23022+
23073+#ifdef CONFIG_PAX_SEGMEXEC 23023+#ifdef CONFIG_PAX_SEGMEXEC
@@ -23103,46 +23053,18 @@ index 0000000..207bec6
23103+ } 23053+ }
23104+ } 23054+ }
23105+ 23055+
23106+ /* check if free_area_cache is useful for us */ 23056+ info.flags = VM_UNMAPPED_AREA_TOPDOWN;
23107+ if (len <= mm->cached_hole_size) { 23057+ info.length = len;
23108+ mm->cached_hole_size = 0; 23058+ info.low_limit = PAGE_SIZE;
23109+ mm->free_area_cache = mm->mmap_base; 23059+ info.high_limit = mm->mmap_base;
23110+ } 23060+ info.align_mask = filp ? get_align_mask() : 0;
23111+ 23061+ info.align_offset = pgoff << PAGE_SHIFT;
23112+ /* either no address requested or can't fit in requested address hole */ 23062+ info.threadstack_offset = offset;
23113+ addr = mm->free_area_cache;
23114+
23115+ /* make sure it can fit in the remaining address space */
23116+ if (addr > len) {
23117+ vma = find_vma(mm, addr-len);
23118+ if (check_heap_stack_gap(vma, addr - len, len, offset))
23119+ /* remember the address as a hint for next time */
23120+ return (mm->free_area_cache = addr-len);
23121+ }
23122+
23123+ if (mm->mmap_base < len)
23124+ goto bottomup;
23125+
23126+ addr = mm->mmap_base-len;
23127+
23128+ do {
23129+ /*
23130+ * Lookup failure means no vma is above this address,
23131+ * else if new region fits below vma->vm_start,
23132+ * return with success:
23133+ */
23134+ vma = find_vma(mm, addr);
23135+ if (check_heap_stack_gap(vma, addr, len, offset))
23136+ /* remember the address as a hint for next time */
23137+ return (mm->free_area_cache = addr);
23138+
23139+ /* remember the largest hole we saw so far */
23140+ if (addr + mm->cached_hole_size < vma->vm_start)
23141+ mm->cached_hole_size = vma->vm_start - addr;
23142+ 23063+
23143+ /* try just below the current vma->vm_start */ 23064+ addr = vm_unmapped_area(&info);
23144+ addr = skip_heap_stack_gap(vma, len, offset); 23065+ if (!(addr & ~PAGE_MASK))
23145+ } while (!IS_ERR_VALUE(addr)); 23066+ return addr;
23067+ VM_BUG_ON(addr != -ENOMEM);
23146+ 23068+
23147+bottomup: 23069+bottomup:
23148+ /* 23070+ /*
@@ -23151,31 +23073,7 @@ index 0000000..207bec6
23151+ * can happen with large stack limits and large mmap() 23073+ * can happen with large stack limits and large mmap()
23152+ * allocations. 23074+ * allocations.
23153+ */ 23075+ */
23154+ 23076+ return arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
23155+#ifdef CONFIG_PAX_SEGMEXEC
23156+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
23157+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
23158+ else
23159+#endif
23160+
23161+ mm->mmap_base = TASK_UNMAPPED_BASE;
23162+
23163+#ifdef CONFIG_PAX_RANDMMAP
23164+ if (mm->pax_flags & MF_PAX_RANDMMAP)
23165+ mm->mmap_base += mm->delta_mmap;
23166+#endif
23167+
23168+ mm->free_area_cache = mm->mmap_base;
23169+ mm->cached_hole_size = ~0UL;
23170+ addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
23171+ /*
23172+ * Restore the topdown base:
23173+ */
23174+ mm->mmap_base = base;
23175+ mm->free_area_cache = base;
23176+ mm->cached_hole_size = ~0UL;
23177+
23178+ return addr;
23179+} 23077+}
23180diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c 23078diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
23181index dbded5a..ace2781 100644 23079index dbded5a..ace2781 100644
@@ -24301,10 +24199,10 @@ index 0af1807..06912bb 100644
24301 24199
24302 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) 24200 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
24303diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c 24201diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
24304index e172132..c3d3e27 100644 24202index 8563b45..272f1fe 100644
24305--- a/arch/x86/kvm/x86.c 24203--- a/arch/x86/kvm/x86.c
24306+++ b/arch/x86/kvm/x86.c 24204+++ b/arch/x86/kvm/x86.c
24307@@ -1686,8 +1686,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) 24205@@ -1685,8 +1685,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
24308 { 24206 {
24309 struct kvm *kvm = vcpu->kvm; 24207 struct kvm *kvm = vcpu->kvm;
24310 int lm = is_long_mode(vcpu); 24208 int lm = is_long_mode(vcpu);
@@ -24315,7 +24213,7 @@ index e172132..c3d3e27 100644
24315 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 24213 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
24316 : kvm->arch.xen_hvm_config.blob_size_32; 24214 : kvm->arch.xen_hvm_config.blob_size_32;
24317 u32 page_num = data & ~PAGE_MASK; 24215 u32 page_num = data & ~PAGE_MASK;
24318@@ -2567,6 +2567,8 @@ long kvm_arch_dev_ioctl(struct file *filp, 24216@@ -2566,6 +2566,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
24319 if (n < msr_list.nmsrs) 24217 if (n < msr_list.nmsrs)
24320 goto out; 24218 goto out;
24321 r = -EFAULT; 24219 r = -EFAULT;
@@ -24324,7 +24222,7 @@ index e172132..c3d3e27 100644
24324 if (copy_to_user(user_msr_list->indices, &msrs_to_save, 24222 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
24325 num_msrs_to_save * sizeof(u32))) 24223 num_msrs_to_save * sizeof(u32)))
24326 goto out; 24224 goto out;
24327@@ -2696,7 +2698,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, 24225@@ -2695,7 +2697,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
24328 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, 24226 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
24329 struct kvm_interrupt *irq) 24227 struct kvm_interrupt *irq)
24330 { 24228 {
@@ -24333,7 +24231,7 @@ index e172132..c3d3e27 100644
24333 return -EINVAL; 24231 return -EINVAL;
24334 if (irqchip_in_kernel(vcpu->kvm)) 24232 if (irqchip_in_kernel(vcpu->kvm))
24335 return -ENXIO; 24233 return -ENXIO;
24336@@ -5247,7 +5249,7 @@ static struct notifier_block pvclock_gtod_notifier = { 24234@@ -5246,7 +5248,7 @@ static struct notifier_block pvclock_gtod_notifier = {
24337 }; 24235 };
24338 #endif 24236 #endif
24339 24237
@@ -30491,31 +30389,6 @@ index c77b24a..c979855 100644
30491 return !(ret & 0xff00); 30389 return !(ret & 0xff00);
30492 } 30390 }
30493 EXPORT_SYMBOL(pcibios_set_irq_routing); 30391 EXPORT_SYMBOL(pcibios_set_irq_routing);
30494diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
30495index 90f3a52..714e825 100644
30496--- a/arch/x86/platform/efi/efi.c
30497+++ b/arch/x86/platform/efi/efi.c
30498@@ -1059,7 +1059,10 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
30499 * that by attempting to use more space than is available.
30500 */
30501 unsigned long dummy_size = remaining_size + 1024;
30502- void *dummy = kmalloc(dummy_size, GFP_ATOMIC);
30503+ void *dummy = kzalloc(dummy_size, GFP_ATOMIC);
30504+
30505+ if (!dummy)
30506+ return EFI_OUT_OF_RESOURCES;
30507
30508 status = efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID,
30509 EFI_VARIABLE_NON_VOLATILE |
30510@@ -1079,6 +1082,8 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
30511 0, dummy);
30512 }
30513
30514+ kfree(dummy);
30515+
30516 /*
30517 * The runtime code may now have triggered a garbage collection
30518 * run, so check the variable info again
30519diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c 30392diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
30520index 40e4469..1ab536e 100644 30393index 40e4469..1ab536e 100644
30521--- a/arch/x86/platform/efi/efi_32.c 30394--- a/arch/x86/platform/efi/efi_32.c
@@ -37668,7 +37541,7 @@ index 04c69af..5f92d00 100644
37668 #include <linux/input.h> 37541 #include <linux/input.h>
37669 #include <linux/gameport.h> 37542 #include <linux/gameport.h>
37670diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c 37543diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
37671index d6cbfe9..6225402 100644 37544index fa061d4..4a6957c 100644
37672--- a/drivers/input/joystick/xpad.c 37545--- a/drivers/input/joystick/xpad.c
37673+++ b/drivers/input/joystick/xpad.c 37546+++ b/drivers/input/joystick/xpad.c
37674@@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, 37547@@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev,
@@ -38029,7 +37902,7 @@ index 64e204e..c6bf189 100644
38029 .callback = ss4200_led_dmi_callback, 37902 .callback = ss4200_led_dmi_callback,
38030 .ident = "Intel SS4200-E", 37903 .ident = "Intel SS4200-E",
38031diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c 37904diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
38032index a5ebc00..982886f 100644 37905index a5ebc00..3de3364 100644
38033--- a/drivers/lguest/core.c 37906--- a/drivers/lguest/core.c
38034+++ b/drivers/lguest/core.c 37907+++ b/drivers/lguest/core.c
38035@@ -92,9 +92,17 @@ static __init int map_switcher(void) 37908@@ -92,9 +92,17 @@ static __init int map_switcher(void)
@@ -38037,7 +37910,7 @@ index a5ebc00..982886f 100644
38037 * allocates an extra guard page, so we need space for that. 37910 * allocates an extra guard page, so we need space for that.
38038 */ 37911 */
38039+ 37912+
38040+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) 37913+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
38041+ switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE, 37914+ switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
38042+ VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR 37915+ VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR
38043+ + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE); 37916+ + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
@@ -40147,7 +40020,7 @@ index b0c3de9..fc5857e 100644
40147 return -EIO; 40020 return -EIO;
40148 } 40021 }
40149diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c 40022diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
40150index 15ba8c4..3f56838 100644 40023index 54fd2ef..33c8a4f 100644
40151--- a/drivers/net/ethernet/realtek/r8169.c 40024--- a/drivers/net/ethernet/realtek/r8169.c
40152+++ b/drivers/net/ethernet/realtek/r8169.c 40025+++ b/drivers/net/ethernet/realtek/r8169.c
40153@@ -740,22 +740,22 @@ struct rtl8169_private { 40026@@ -740,22 +740,22 @@ struct rtl8169_private {
@@ -40290,10 +40163,23 @@ index 011062e..ada88e9 100644
40290 }; 40163 };
40291 40164
40292diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c 40165diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
40293index a449439..1e468fe 100644 40166index acf6450..8f771b7 100644
40294--- a/drivers/net/macvtap.c 40167--- a/drivers/net/macvtap.c
40295+++ b/drivers/net/macvtap.c 40168+++ b/drivers/net/macvtap.c
40296@@ -1090,7 +1090,7 @@ static int macvtap_device_event(struct notifier_block *unused, 40169@@ -525,8 +525,10 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
40170 return -EMSGSIZE;
40171 num_pages = get_user_pages_fast(base, size, 0, &page[i]);
40172 if (num_pages != size) {
40173- for (i = 0; i < num_pages; i++)
40174- put_page(page[i]);
40175+ int j;
40176+
40177+ for (j = 0; j < num_pages; j++)
40178+ put_page(page[i + j]);
40179 return -EFAULT;
40180 }
40181 truesize = size * PAGE_SIZE;
40182@@ -1099,7 +1101,7 @@ static int macvtap_device_event(struct notifier_block *unused,
40297 return NOTIFY_DONE; 40183 return NOTIFY_DONE;
40298 } 40184 }
40299 40185
@@ -40350,7 +40236,7 @@ index 1252d9c..80e660b 100644
40350 40236
40351 /* We've got a compressed packet; read the change byte */ 40237 /* We've got a compressed packet; read the change byte */
40352diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c 40238diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
40353index bf34192..fba3500 100644 40239index 0017b67..ab8f595 100644
40354--- a/drivers/net/team/team.c 40240--- a/drivers/net/team/team.c
40355+++ b/drivers/net/team/team.c 40241+++ b/drivers/net/team/team.c
40356@@ -2668,7 +2668,7 @@ static int team_device_event(struct notifier_block *unused, 40242@@ -2668,7 +2668,7 @@ static int team_device_event(struct notifier_block *unused,
@@ -40363,10 +40249,23 @@ index bf34192..fba3500 100644
40363 }; 40249 };
40364 40250
40365diff --git a/drivers/net/tun.c b/drivers/net/tun.c 40251diff --git a/drivers/net/tun.c b/drivers/net/tun.c
40366index 755fa9e..631fdce 100644 40252index 8ad822e..eb895f1 100644
40367--- a/drivers/net/tun.c 40253--- a/drivers/net/tun.c
40368+++ b/drivers/net/tun.c 40254+++ b/drivers/net/tun.c
40369@@ -1841,7 +1841,7 @@ unlock: 40255@@ -1013,8 +1013,10 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
40256 return -EMSGSIZE;
40257 num_pages = get_user_pages_fast(base, size, 0, &page[i]);
40258 if (num_pages != size) {
40259- for (i = 0; i < num_pages; i++)
40260- put_page(page[i]);
40261+ int j;
40262+
40263+ for (j = 0; j < num_pages; j++)
40264+ put_page(page[i + j]);
40265 return -EFAULT;
40266 }
40267 truesize = size * PAGE_SIZE;
40268@@ -1859,7 +1861,7 @@ unlock:
40370 } 40269 }
40371 40270
40372 static long __tun_chr_ioctl(struct file *file, unsigned int cmd, 40271 static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
@@ -40375,7 +40274,7 @@ index 755fa9e..631fdce 100644
40375 { 40274 {
40376 struct tun_file *tfile = file->private_data; 40275 struct tun_file *tfile = file->private_data;
40377 struct tun_struct *tun; 40276 struct tun_struct *tun;
40378@@ -1853,6 +1853,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, 40277@@ -1871,6 +1873,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
40379 int vnet_hdr_sz; 40278 int vnet_hdr_sz;
40380 int ret; 40279 int ret;
40381 40280
@@ -40477,10 +40376,10 @@ index e2dd324..be92fcf 100644
40477 hso_start_serial_device(serial_table[i], GFP_NOIO); 40376 hso_start_serial_device(serial_table[i], GFP_NOIO);
40478 hso_kick_transmit(dev2ser(serial_table[i])); 40377 hso_kick_transmit(dev2ser(serial_table[i]));
40479diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c 40378diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
40480index 7cee7a3..1eb9f3b 100644 40379index a4fe5f1..6c9e77f 100644
40481--- a/drivers/net/vxlan.c 40380--- a/drivers/net/vxlan.c
40482+++ b/drivers/net/vxlan.c 40381+++ b/drivers/net/vxlan.c
40483@@ -1443,7 +1443,7 @@ nla_put_failure: 40382@@ -1454,7 +1454,7 @@ nla_put_failure:
40484 return -EMSGSIZE; 40383 return -EMSGSIZE;
40485 } 40384 }
40486 40385
@@ -40489,6 +40388,62 @@ index 7cee7a3..1eb9f3b 100644
40489 .kind = "vxlan", 40388 .kind = "vxlan",
40490 .maxtype = IFLA_VXLAN_MAX, 40389 .maxtype = IFLA_VXLAN_MAX,
40491 .policy = vxlan_policy, 40390 .policy = vxlan_policy,
40391diff --git a/drivers/net/wan/dlci.c b/drivers/net/wan/dlci.c
40392index 147614e..6a8a382 100644
40393--- a/drivers/net/wan/dlci.c
40394+++ b/drivers/net/wan/dlci.c
40395@@ -384,21 +384,37 @@ static int dlci_del(struct dlci_add *dlci)
40396 struct frad_local *flp;
40397 struct net_device *master, *slave;
40398 int err;
40399+ bool found = false;
40400+
40401+ rtnl_lock();
40402
40403 /* validate slave device */
40404 master = __dev_get_by_name(&init_net, dlci->devname);
40405- if (!master)
40406- return -ENODEV;
40407+ if (!master) {
40408+ err = -ENODEV;
40409+ goto out;
40410+ }
40411+
40412+ list_for_each_entry(dlp, &dlci_devs, list) {
40413+ if (dlp->master == master) {
40414+ found = true;
40415+ break;
40416+ }
40417+ }
40418+ if (!found) {
40419+ err = -ENODEV;
40420+ goto out;
40421+ }
40422
40423 if (netif_running(master)) {
40424- return -EBUSY;
40425+ err = -EBUSY;
40426+ goto out;
40427 }
40428
40429 dlp = netdev_priv(master);
40430 slave = dlp->slave;
40431 flp = netdev_priv(slave);
40432
40433- rtnl_lock();
40434 err = (*flp->deassoc)(slave, master);
40435 if (!err) {
40436 list_del(&dlp->list);
40437@@ -407,8 +423,8 @@ static int dlci_del(struct dlci_add *dlci)
40438
40439 dev_put(slave);
40440 }
40441+out:
40442 rtnl_unlock();
40443-
40444 return err;
40445 }
40446
40492diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c 40447diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c
40493index 5ac5f7a..5f82012 100644 40448index 5ac5f7a..5f82012 100644
40494--- a/drivers/net/wireless/at76c50x-usb.c 40449--- a/drivers/net/wireless/at76c50x-usb.c
@@ -43581,10 +43536,10 @@ index 1f8cba6..47b06c2 100644
43581 } 43536 }
43582 EXPORT_SYMBOL_GPL(n_tty_inherit_ops); 43537 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
43583diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c 43538diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
43584index 125e0fd..8c50690 100644 43539index 74a5e8b..40c36a7 100644
43585--- a/drivers/tty/pty.c 43540--- a/drivers/tty/pty.c
43586+++ b/drivers/tty/pty.c 43541+++ b/drivers/tty/pty.c
43587@@ -800,8 +800,10 @@ static void __init unix98_pty_init(void) 43542@@ -797,8 +797,10 @@ static void __init unix98_pty_init(void)
43588 panic("Couldn't register Unix98 pts driver"); 43543 panic("Couldn't register Unix98 pts driver");
43589 43544
43590 /* Now create the /dev/ptmx special device */ 43545 /* Now create the /dev/ptmx special device */
@@ -44398,7 +44353,7 @@ index a9af1b9a..1e08e7f 100644
44398 ret = -EPERM; 44353 ret = -EPERM;
44399 goto reterr; 44354 goto reterr;
44400diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c 44355diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
44401index c8b9262..7e824e6 100644 44356index b645c47..a55c182 100644
44402--- a/drivers/uio/uio.c 44357--- a/drivers/uio/uio.c
44403+++ b/drivers/uio/uio.c 44358+++ b/drivers/uio/uio.c
44404@@ -25,6 +25,7 @@ 44359@@ -25,6 +25,7 @@
@@ -44431,7 +44386,7 @@ index c8b9262..7e824e6 100644
44431 } 44386 }
44432 44387
44433 static struct device_attribute uio_class_attributes[] = { 44388 static struct device_attribute uio_class_attributes[] = {
44434@@ -397,7 +398,7 @@ void uio_event_notify(struct uio_info *info) 44389@@ -398,7 +399,7 @@ void uio_event_notify(struct uio_info *info)
44435 { 44390 {
44436 struct uio_device *idev = info->uio_dev; 44391 struct uio_device *idev = info->uio_dev;
44437 44392
@@ -44440,7 +44395,7 @@ index c8b9262..7e824e6 100644
44440 wake_up_interruptible(&idev->wait); 44395 wake_up_interruptible(&idev->wait);
44441 kill_fasync(&idev->async_queue, SIGIO, POLL_IN); 44396 kill_fasync(&idev->async_queue, SIGIO, POLL_IN);
44442 } 44397 }
44443@@ -450,7 +451,7 @@ static int uio_open(struct inode *inode, struct file *filep) 44398@@ -451,7 +452,7 @@ static int uio_open(struct inode *inode, struct file *filep)
44444 } 44399 }
44445 44400
44446 listener->dev = idev; 44401 listener->dev = idev;
@@ -44449,7 +44404,7 @@ index c8b9262..7e824e6 100644
44449 filep->private_data = listener; 44404 filep->private_data = listener;
44450 44405
44451 if (idev->info->open) { 44406 if (idev->info->open) {
44452@@ -501,7 +502,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait) 44407@@ -502,7 +503,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait)
44453 return -EIO; 44408 return -EIO;
44454 44409
44455 poll_wait(filep, &idev->wait, wait); 44410 poll_wait(filep, &idev->wait, wait);
@@ -44458,7 +44413,7 @@ index c8b9262..7e824e6 100644
44458 return POLLIN | POLLRDNORM; 44413 return POLLIN | POLLRDNORM;
44459 return 0; 44414 return 0;
44460 } 44415 }
44461@@ -526,7 +527,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf, 44416@@ -527,7 +528,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf,
44462 do { 44417 do {
44463 set_current_state(TASK_INTERRUPTIBLE); 44418 set_current_state(TASK_INTERRUPTIBLE);
44464 44419
@@ -44467,7 +44422,7 @@ index c8b9262..7e824e6 100644
44467 if (event_count != listener->event_count) { 44422 if (event_count != listener->event_count) {
44468 if (copy_to_user(buf, &event_count, count)) 44423 if (copy_to_user(buf, &event_count, count))
44469 retval = -EFAULT; 44424 retval = -EFAULT;
44470@@ -595,13 +596,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma) 44425@@ -596,13 +597,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
44471 static void uio_vma_open(struct vm_area_struct *vma) 44426 static void uio_vma_open(struct vm_area_struct *vma)
44472 { 44427 {
44473 struct uio_device *idev = vma->vm_private_data; 44428 struct uio_device *idev = vma->vm_private_data;
@@ -44483,7 +44438,7 @@ index c8b9262..7e824e6 100644
44483 } 44438 }
44484 44439
44485 static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) 44440 static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
44486@@ -808,7 +809,7 @@ int __uio_register_device(struct module *owner, 44441@@ -809,7 +810,7 @@ int __uio_register_device(struct module *owner,
44487 idev->owner = owner; 44442 idev->owner = owner;
44488 idev->info = info; 44443 idev->info = info;
44489 init_waitqueue_head(&idev->wait); 44444 init_waitqueue_head(&idev->wait);
@@ -57045,7 +57000,7 @@ index ca9ecaa..60100c7 100644
57045 kfree(s); 57000 kfree(s);
57046diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig 57001diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
57047new file mode 100644 57002new file mode 100644
57048index 0000000..ba9c5e3 57003index 0000000..4fb1dde
57049--- /dev/null 57004--- /dev/null
57050+++ b/grsecurity/Kconfig 57005+++ b/grsecurity/Kconfig
57051@@ -0,0 +1,1053 @@ 57006@@ -0,0 +1,1053 @@
@@ -57156,7 +57111,7 @@ index 0000000..ba9c5e3
57156+config GRKERNSEC_RAND_THREADSTACK 57111+config GRKERNSEC_RAND_THREADSTACK
57157+ bool "Insert random gaps between thread stacks" 57112+ bool "Insert random gaps between thread stacks"
57158+ default y if GRKERNSEC_CONFIG_AUTO 57113+ default y if GRKERNSEC_CONFIG_AUTO
57159+ depends on PAX_RANDMMAP && !PPC && BROKEN 57114+ depends on PAX_RANDMMAP && !PPC
57160+ help 57115+ help
57161+ If you say Y here, a random-sized gap will be enforced between allocated 57116+ If you say Y here, a random-sized gap will be enforced between allocated
57162+ thread stacks. Glibc's NPTL and other threading libraries that 57117+ thread stacks. Glibc's NPTL and other threading libraries that
@@ -70255,7 +70210,7 @@ index b8ba855..0148090 100644
70255 u32 remainder; 70210 u32 remainder;
70256 return div_u64_rem(dividend, divisor, &remainder); 70211 return div_u64_rem(dividend, divisor, &remainder);
70257diff --git a/include/linux/mm.h b/include/linux/mm.h 70212diff --git a/include/linux/mm.h b/include/linux/mm.h
70258index e2091b8..821db54 100644 70213index e2091b8..3c7b38c 100644
70259--- a/include/linux/mm.h 70214--- a/include/linux/mm.h
70260+++ b/include/linux/mm.h 70215+++ b/include/linux/mm.h
70261@@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp); 70216@@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp);
@@ -70428,14 +70383,29 @@ index e2091b8..821db54 100644
70428 70383
70429 #ifdef CONFIG_MMU 70384 #ifdef CONFIG_MMU
70430 extern int __mm_populate(unsigned long addr, unsigned long len, 70385 extern int __mm_populate(unsigned long addr, unsigned long len,
70431@@ -1483,6 +1497,7 @@ struct vm_unmapped_area_info { 70386@@ -1483,10 +1497,11 @@ struct vm_unmapped_area_info {
70432 unsigned long high_limit; 70387 unsigned long high_limit;
70433 unsigned long align_mask; 70388 unsigned long align_mask;
70434 unsigned long align_offset; 70389 unsigned long align_offset;
70435+ unsigned long threadstack_offset; 70390+ unsigned long threadstack_offset;
70436 }; 70391 };
70437 70392
70438 extern unsigned long unmapped_area(struct vm_unmapped_area_info *info); 70393-extern unsigned long unmapped_area(struct vm_unmapped_area_info *info);
70394-extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
70395+extern unsigned long unmapped_area(const struct vm_unmapped_area_info *info);
70396+extern unsigned long unmapped_area_topdown(const struct vm_unmapped_area_info *info);
70397
70398 /*
70399 * Search for an unmapped address range.
70400@@ -1498,7 +1513,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
70401 * - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
70402 */
70403 static inline unsigned long
70404-vm_unmapped_area(struct vm_unmapped_area_info *info)
70405+vm_unmapped_area(const struct vm_unmapped_area_info *info)
70406 {
70407 if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
70408 return unmapped_area(info);
70439@@ -1561,6 +1576,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add 70409@@ -1561,6 +1576,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
70440 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, 70410 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
70441 struct vm_area_struct **pprev); 70411 struct vm_area_struct **pprev);
@@ -70968,7 +70938,7 @@ index 45fc162..01a4068 100644
70968 /** 70938 /**
70969 * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot 70939 * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
70970diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h 70940diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
70971index 1d795df..b0a6449 100644 70941index 2f522a3..494e45f 100644
70972--- a/include/linux/perf_event.h 70942--- a/include/linux/perf_event.h
70973+++ b/include/linux/perf_event.h 70943+++ b/include/linux/perf_event.h
70974@@ -333,8 +333,8 @@ struct perf_event { 70944@@ -333,8 +333,8 @@ struct perf_event {
@@ -70993,7 +70963,7 @@ index 1d795df..b0a6449 100644
70993 70963
70994 /* 70964 /*
70995 * Protect attach/detach and child_list: 70965 * Protect attach/detach and child_list:
70996@@ -704,7 +704,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 70966@@ -703,7 +703,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64
70997 entry->ip[entry->nr++] = ip; 70967 entry->ip[entry->nr++] = ip;
70998 } 70968 }
70999 70969
@@ -71002,7 +70972,7 @@ index 1d795df..b0a6449 100644
71002 extern int sysctl_perf_event_mlock; 70972 extern int sysctl_perf_event_mlock;
71003 extern int sysctl_perf_event_sample_rate; 70973 extern int sysctl_perf_event_sample_rate;
71004 70974
71005@@ -712,19 +712,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, 70975@@ -711,19 +711,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
71006 void __user *buffer, size_t *lenp, 70976 void __user *buffer, size_t *lenp,
71007 loff_t *ppos); 70977 loff_t *ppos);
71008 70978
@@ -71030,7 +71000,7 @@ index 1d795df..b0a6449 100644
71030 } 71000 }
71031 71001
71032 extern void perf_event_init(void); 71002 extern void perf_event_init(void);
71033@@ -812,7 +817,7 @@ static inline void perf_restore_debug_store(void) { } 71003@@ -811,7 +816,7 @@ static inline void perf_restore_debug_store(void) { }
71034 */ 71004 */
71035 #define perf_cpu_notifier(fn) \ 71005 #define perf_cpu_notifier(fn) \
71036 do { \ 71006 do { \
@@ -71039,7 +71009,7 @@ index 1d795df..b0a6449 100644
71039 { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ 71009 { .notifier_call = fn, .priority = CPU_PRI_PERF }; \
71040 unsigned long cpu = smp_processor_id(); \ 71010 unsigned long cpu = smp_processor_id(); \
71041 unsigned long flags; \ 71011 unsigned long flags; \
71042@@ -831,7 +836,7 @@ do { \ 71012@@ -830,7 +835,7 @@ do { \
71043 struct perf_pmu_events_attr { 71013 struct perf_pmu_events_attr {
71044 struct device_attribute attr; 71014 struct device_attribute attr;
71045 u64 id; 71015 u64 id;
@@ -71702,7 +71672,7 @@ index 429c199..4d42e38 100644
71702 71672
71703 /* shm_mode upper byte flags */ 71673 /* shm_mode upper byte flags */
71704diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h 71674diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
71705index b8292d8..96db310 100644 71675index 1f2803c..4858a3d 100644
71706--- a/include/linux/skbuff.h 71676--- a/include/linux/skbuff.h
71707+++ b/include/linux/skbuff.h 71677+++ b/include/linux/skbuff.h
71708@@ -599,7 +599,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, 71678@@ -599,7 +599,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
@@ -72023,20 +71993,6 @@ index e8d702e..0a56eb4 100644
72023 71993
72024 int sock_diag_register(const struct sock_diag_handler *h); 71994 int sock_diag_register(const struct sock_diag_handler *h);
72025 void sock_diag_unregister(const struct sock_diag_handler *h); 71995 void sock_diag_unregister(const struct sock_diag_handler *h);
72026diff --git a/include/linux/socket.h b/include/linux/socket.h
72027index 2b9f74b..e897bdc 100644
72028--- a/include/linux/socket.h
72029+++ b/include/linux/socket.h
72030@@ -321,6 +321,9 @@ extern int put_cmsg(struct msghdr*, int level, int type, int len, void *data);
72031
72032 struct timespec;
72033
72034+/* The __sys_...msg variants allow MSG_CMSG_COMPAT */
72035+extern long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags);
72036+extern long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags);
72037 extern int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
72038 unsigned int flags, struct timespec *timeout);
72039 extern int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg,
72040diff --git a/include/linux/sonet.h b/include/linux/sonet.h 71996diff --git a/include/linux/sonet.h b/include/linux/sonet.h
72041index 680f9a3..f13aeb0 100644 71997index 680f9a3..f13aeb0 100644
72042--- a/include/linux/sonet.h 71998--- a/include/linux/sonet.h
@@ -75189,7 +75145,7 @@ index 00eb8f7..d7e3244 100644
75189 #ifdef CONFIG_MODULE_UNLOAD 75145 #ifdef CONFIG_MODULE_UNLOAD
75190 { 75146 {
75191diff --git a/kernel/events/core.c b/kernel/events/core.c 75147diff --git a/kernel/events/core.c b/kernel/events/core.c
75192index 9fcb094..353baaaf 100644 75148index f8ddcfb..77c06ec 100644
75193--- a/kernel/events/core.c 75149--- a/kernel/events/core.c
75194+++ b/kernel/events/core.c 75150+++ b/kernel/events/core.c
75195@@ -154,8 +154,15 @@ static struct srcu_struct pmus_srcu; 75151@@ -154,8 +154,15 @@ static struct srcu_struct pmus_srcu;
@@ -75218,7 +75174,7 @@ index 9fcb094..353baaaf 100644
75218 75174
75219 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, 75175 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
75220 enum event_type_t event_type); 75176 enum event_type_t event_type);
75221@@ -2677,7 +2684,7 @@ static void __perf_event_read(void *info) 75177@@ -2674,7 +2681,7 @@ static void __perf_event_read(void *info)
75222 75178
75223 static inline u64 perf_event_count(struct perf_event *event) 75179 static inline u64 perf_event_count(struct perf_event *event)
75224 { 75180 {
@@ -75227,7 +75183,7 @@ index 9fcb094..353baaaf 100644
75227 } 75183 }
75228 75184
75229 static u64 perf_event_read(struct perf_event *event) 75185 static u64 perf_event_read(struct perf_event *event)
75230@@ -3007,9 +3014,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) 75186@@ -3020,9 +3027,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
75231 mutex_lock(&event->child_mutex); 75187 mutex_lock(&event->child_mutex);
75232 total += perf_event_read(event); 75188 total += perf_event_read(event);
75233 *enabled += event->total_time_enabled + 75189 *enabled += event->total_time_enabled +
@@ -75239,7 +75195,7 @@ index 9fcb094..353baaaf 100644
75239 75195
75240 list_for_each_entry(child, &event->child_list, child_list) { 75196 list_for_each_entry(child, &event->child_list, child_list) {
75241 total += perf_event_read(child); 75197 total += perf_event_read(child);
75242@@ -3412,10 +3419,10 @@ void perf_event_update_userpage(struct perf_event *event) 75198@@ -3408,10 +3415,10 @@ void perf_event_update_userpage(struct perf_event *event)
75243 userpg->offset -= local64_read(&event->hw.prev_count); 75199 userpg->offset -= local64_read(&event->hw.prev_count);
75244 75200
75245 userpg->time_enabled = enabled + 75201 userpg->time_enabled = enabled +
@@ -75252,7 +75208,7 @@ index 9fcb094..353baaaf 100644
75252 75208
75253 arch_perf_update_userpage(userpg, now); 75209 arch_perf_update_userpage(userpg, now);
75254 75210
75255@@ -3886,7 +3893,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, 75211@@ -3961,7 +3968,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
75256 75212
75257 /* Data. */ 75213 /* Data. */
75258 sp = perf_user_stack_pointer(regs); 75214 sp = perf_user_stack_pointer(regs);
@@ -75261,7 +75217,7 @@ index 9fcb094..353baaaf 100644
75261 dyn_size = dump_size - rem; 75217 dyn_size = dump_size - rem;
75262 75218
75263 perf_output_skip(handle, rem); 75219 perf_output_skip(handle, rem);
75264@@ -3974,11 +3981,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, 75220@@ -4049,11 +4056,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
75265 values[n++] = perf_event_count(event); 75221 values[n++] = perf_event_count(event);
75266 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { 75222 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
75267 values[n++] = enabled + 75223 values[n++] = enabled +
@@ -75275,7 +75231,7 @@ index 9fcb094..353baaaf 100644
75275 } 75231 }
75276 if (read_format & PERF_FORMAT_ID) 75232 if (read_format & PERF_FORMAT_ID)
75277 values[n++] = primary_event_id(event); 75233 values[n++] = primary_event_id(event);
75278@@ -4726,12 +4733,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) 75234@@ -4801,12 +4808,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
75279 * need to add enough zero bytes after the string to handle 75235 * need to add enough zero bytes after the string to handle
75280 * the 64bit alignment we do later. 75236 * the 64bit alignment we do later.
75281 */ 75237 */
@@ -75290,7 +75246,7 @@ index 9fcb094..353baaaf 100644
75290 if (IS_ERR(name)) { 75246 if (IS_ERR(name)) {
75291 name = strncpy(tmp, "//toolong", sizeof(tmp)); 75247 name = strncpy(tmp, "//toolong", sizeof(tmp));
75292 goto got_name; 75248 goto got_name;
75293@@ -6167,7 +6174,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, 75249@@ -6242,7 +6249,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
75294 event->parent = parent_event; 75250 event->parent = parent_event;
75295 75251
75296 event->ns = get_pid_ns(task_active_pid_ns(current)); 75252 event->ns = get_pid_ns(task_active_pid_ns(current));
@@ -75299,7 +75255,7 @@ index 9fcb094..353baaaf 100644
75299 75255
75300 event->state = PERF_EVENT_STATE_INACTIVE; 75256 event->state = PERF_EVENT_STATE_INACTIVE;
75301 75257
75302@@ -6463,6 +6470,11 @@ SYSCALL_DEFINE5(perf_event_open, 75258@@ -6552,6 +6559,11 @@ SYSCALL_DEFINE5(perf_event_open,
75303 if (flags & ~PERF_FLAG_ALL) 75259 if (flags & ~PERF_FLAG_ALL)
75304 return -EINVAL; 75260 return -EINVAL;
75305 75261
@@ -75311,7 +75267,7 @@ index 9fcb094..353baaaf 100644
75311 err = perf_copy_attr(attr_uptr, &attr); 75267 err = perf_copy_attr(attr_uptr, &attr);
75312 if (err) 75268 if (err)
75313 return err; 75269 return err;
75314@@ -6795,10 +6807,10 @@ static void sync_child_event(struct perf_event *child_event, 75270@@ -6884,10 +6896,10 @@ static void sync_child_event(struct perf_event *child_event,
75315 /* 75271 /*
75316 * Add back the child's count to the parent's count: 75272 * Add back the child's count to the parent's count:
75317 */ 75273 */
@@ -75326,10 +75282,10 @@ index 9fcb094..353baaaf 100644
75326 75282
75327 /* 75283 /*
75328diff --git a/kernel/events/internal.h b/kernel/events/internal.h 75284diff --git a/kernel/events/internal.h b/kernel/events/internal.h
75329index eb675c4..54912ff 100644 75285index ca65997..cc8cee4 100644
75330--- a/kernel/events/internal.h 75286--- a/kernel/events/internal.h
75331+++ b/kernel/events/internal.h 75287+++ b/kernel/events/internal.h
75332@@ -77,10 +77,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb) 75288@@ -81,10 +81,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb)
75333 return rb->nr_pages << (PAGE_SHIFT + page_order(rb)); 75289 return rb->nr_pages << (PAGE_SHIFT + page_order(rb));
75334 } 75290 }
75335 75291
@@ -75342,7 +75298,7 @@ index eb675c4..54912ff 100644
75342 { \ 75298 { \
75343 unsigned long size, written; \ 75299 unsigned long size, written; \
75344 \ 75300 \
75345@@ -112,17 +112,17 @@ static inline int memcpy_common(void *dst, const void *src, size_t n) 75301@@ -116,17 +116,17 @@ static inline int memcpy_common(void *dst, const void *src, size_t n)
75346 return n; 75302 return n;
75347 } 75303 }
75348 75304
@@ -82244,7 +82200,7 @@ index 79b7cf7..9944291 100644
82244 capable(CAP_IPC_LOCK)) 82200 capable(CAP_IPC_LOCK))
82245 ret = do_mlockall(flags); 82201 ret = do_mlockall(flags);
82246diff --git a/mm/mmap.c b/mm/mmap.c 82202diff --git a/mm/mmap.c b/mm/mmap.c
82247index 0dceed8..e7cfc40 100644 82203index 0dceed8..bfcaf45 100644
82248--- a/mm/mmap.c 82204--- a/mm/mmap.c
82249+++ b/mm/mmap.c 82205+++ b/mm/mmap.c
82250@@ -33,6 +33,7 @@ 82206@@ -33,6 +33,7 @@
@@ -82645,10 +82601,11 @@ index 0dceed8..e7cfc40 100644
82645 kmem_cache_free(vm_area_cachep, vma); 82601 kmem_cache_free(vm_area_cachep, vma);
82646 unacct_error: 82602 unacct_error:
82647 if (charged) 82603 if (charged)
82648@@ -1584,6 +1744,62 @@ unacct_error: 82604@@ -1584,7 +1744,63 @@ unacct_error:
82649 return error; 82605 return error;
82650 } 82606 }
82651 82607
82608-unsigned long unmapped_area(struct vm_unmapped_area_info *info)
82652+#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK 82609+#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK
82653+unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags) 82610+unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags)
82654+{ 82611+{
@@ -82705,10 +82662,76 @@ index 0dceed8..e7cfc40 100644
82705+ return -ENOMEM; 82662+ return -ENOMEM;
82706+} 82663+}
82707+ 82664+
82708 unsigned long unmapped_area(struct vm_unmapped_area_info *info) 82665+unsigned long unmapped_area(const struct vm_unmapped_area_info *info)
82709 { 82666 {
82710 /* 82667 /*
82711@@ -1803,6 +2019,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, 82668 * We implement the search by looking for an rbtree node that
82669@@ -1632,11 +1848,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
82670 }
82671 }
82672
82673- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0;
82674+ gap_start = vma->vm_prev ? vma->vm_prev->vm_end: 0;
82675 check_current:
82676 /* Check if current node has a suitable gap */
82677 if (gap_start > high_limit)
82678 return -ENOMEM;
82679+
82680+ if (gap_end - gap_start > info->threadstack_offset)
82681+ gap_start += info->threadstack_offset;
82682+ else
82683+ gap_start = gap_end;
82684+
82685+ if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP)) {
82686+ if (gap_end - gap_start > sysctl_heap_stack_gap)
82687+ gap_start += sysctl_heap_stack_gap;
82688+ else
82689+ gap_start = gap_end;
82690+ }
82691+ if (vma->vm_flags & VM_GROWSDOWN) {
82692+ if (gap_end - gap_start > sysctl_heap_stack_gap)
82693+ gap_end -= sysctl_heap_stack_gap;
82694+ else
82695+ gap_end = gap_start;
82696+ }
82697 if (gap_end >= low_limit && gap_end - gap_start >= length)
82698 goto found;
82699
82700@@ -1686,7 +1920,7 @@ found:
82701 return gap_start;
82702 }
82703
82704-unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info)
82705+unsigned long unmapped_area_topdown(const struct vm_unmapped_area_info *info)
82706 {
82707 struct mm_struct *mm = current->mm;
82708 struct vm_area_struct *vma;
82709@@ -1740,6 +1974,24 @@ check_current:
82710 gap_end = vma->vm_start;
82711 if (gap_end < low_limit)
82712 return -ENOMEM;
82713+
82714+ if (gap_end - gap_start > info->threadstack_offset)
82715+ gap_end -= info->threadstack_offset;
82716+ else
82717+ gap_end = gap_start;
82718+
82719+ if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP)) {
82720+ if (gap_end - gap_start > sysctl_heap_stack_gap)
82721+ gap_start += sysctl_heap_stack_gap;
82722+ else
82723+ gap_start = gap_end;
82724+ }
82725+ if (vma->vm_flags & VM_GROWSDOWN) {
82726+ if (gap_end - gap_start > sysctl_heap_stack_gap)
82727+ gap_end -= sysctl_heap_stack_gap;
82728+ else
82729+ gap_end = gap_start;
82730+ }
82731 if (gap_start <= high_limit && gap_end - gap_start >= length)
82732 goto found;
82733
82734@@ -1803,6 +2055,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
82712 struct mm_struct *mm = current->mm; 82735 struct mm_struct *mm = current->mm;
82713 struct vm_area_struct *vma; 82736 struct vm_area_struct *vma;
82714 struct vm_unmapped_area_info info; 82737 struct vm_unmapped_area_info info;
@@ -82716,7 +82739,7 @@ index 0dceed8..e7cfc40 100644
82716 82739
82717 if (len > TASK_SIZE) 82740 if (len > TASK_SIZE)
82718 return -ENOMEM; 82741 return -ENOMEM;
82719@@ -1810,29 +2027,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, 82742@@ -1810,29 +2063,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
82720 if (flags & MAP_FIXED) 82743 if (flags & MAP_FIXED)
82721 return addr; 82744 return addr;
82722 82745
@@ -82765,7 +82788,7 @@ index 0dceed8..e7cfc40 100644
82765 mm->free_area_cache = addr; 82788 mm->free_area_cache = addr;
82766 } 82789 }
82767 82790
82768@@ -1850,6 +2083,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, 82791@@ -1850,6 +2119,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
82769 struct mm_struct *mm = current->mm; 82792 struct mm_struct *mm = current->mm;
82770 unsigned long addr = addr0; 82793 unsigned long addr = addr0;
82771 struct vm_unmapped_area_info info; 82794 struct vm_unmapped_area_info info;
@@ -82773,7 +82796,7 @@ index 0dceed8..e7cfc40 100644
82773 82796
82774 /* requested length too big for entire address space */ 82797 /* requested length too big for entire address space */
82775 if (len > TASK_SIZE) 82798 if (len > TASK_SIZE)
82776@@ -1858,12 +2092,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, 82799@@ -1858,12 +2128,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
82777 if (flags & MAP_FIXED) 82800 if (flags & MAP_FIXED)
82778 return addr; 82801 return addr;
82779 82802
@@ -82791,7 +82814,7 @@ index 0dceed8..e7cfc40 100644
82791 return addr; 82814 return addr;
82792 } 82815 }
82793 82816
82794@@ -1872,6 +2109,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, 82817@@ -1872,6 +2145,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
82795 info.low_limit = PAGE_SIZE; 82818 info.low_limit = PAGE_SIZE;
82796 info.high_limit = mm->mmap_base; 82819 info.high_limit = mm->mmap_base;
82797 info.align_mask = 0; 82820 info.align_mask = 0;
@@ -82799,7 +82822,7 @@ index 0dceed8..e7cfc40 100644
82799 addr = vm_unmapped_area(&info); 82822 addr = vm_unmapped_area(&info);
82800 82823
82801 /* 82824 /*
82802@@ -1884,6 +2122,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, 82825@@ -1884,6 +2158,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
82803 VM_BUG_ON(addr != -ENOMEM); 82826 VM_BUG_ON(addr != -ENOMEM);
82804 info.flags = 0; 82827 info.flags = 0;
82805 info.low_limit = TASK_UNMAPPED_BASE; 82828 info.low_limit = TASK_UNMAPPED_BASE;
@@ -82812,7 +82835,7 @@ index 0dceed8..e7cfc40 100644
82812 info.high_limit = TASK_SIZE; 82835 info.high_limit = TASK_SIZE;
82813 addr = vm_unmapped_area(&info); 82836 addr = vm_unmapped_area(&info);
82814 } 82837 }
82815@@ -1894,6 +2138,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, 82838@@ -1894,6 +2174,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
82816 82839
82817 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) 82840 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
82818 { 82841 {
@@ -82825,7 +82848,7 @@ index 0dceed8..e7cfc40 100644
82825 /* 82848 /*
82826 * Is this a new hole at the highest possible address? 82849 * Is this a new hole at the highest possible address?
82827 */ 82850 */
82828@@ -1901,8 +2151,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) 82851@@ -1901,8 +2187,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
82829 mm->free_area_cache = addr; 82852 mm->free_area_cache = addr;
82830 82853
82831 /* dont allow allocations above current base */ 82854 /* dont allow allocations above current base */
@@ -82837,7 +82860,7 @@ index 0dceed8..e7cfc40 100644
82837 } 82860 }
82838 82861
82839 unsigned long 82862 unsigned long
82840@@ -2001,6 +2253,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, 82863@@ -2001,6 +2289,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
82841 return vma; 82864 return vma;
82842 } 82865 }
82843 82866
@@ -82866,7 +82889,7 @@ index 0dceed8..e7cfc40 100644
82866 /* 82889 /*
82867 * Verify that the stack growth is acceptable and 82890 * Verify that the stack growth is acceptable and
82868 * update accounting. This is shared with both the 82891 * update accounting. This is shared with both the
82869@@ -2017,6 +2291,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns 82892@@ -2017,6 +2327,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
82870 return -ENOMEM; 82893 return -ENOMEM;
82871 82894
82872 /* Stack limit test */ 82895 /* Stack limit test */
@@ -82874,7 +82897,7 @@ index 0dceed8..e7cfc40 100644
82874 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) 82897 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
82875 return -ENOMEM; 82898 return -ENOMEM;
82876 82899
82877@@ -2027,6 +2302,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns 82900@@ -2027,6 +2338,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
82878 locked = mm->locked_vm + grow; 82901 locked = mm->locked_vm + grow;
82879 limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); 82902 limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
82880 limit >>= PAGE_SHIFT; 82903 limit >>= PAGE_SHIFT;
@@ -82882,7 +82905,7 @@ index 0dceed8..e7cfc40 100644
82882 if (locked > limit && !capable(CAP_IPC_LOCK)) 82905 if (locked > limit && !capable(CAP_IPC_LOCK))
82883 return -ENOMEM; 82906 return -ENOMEM;
82884 } 82907 }
82885@@ -2056,37 +2332,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns 82908@@ -2056,37 +2368,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
82886 * PA-RISC uses this for its stack; IA64 for its Register Backing Store. 82909 * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
82887 * vma is the last one with address > vma->vm_end. Have to extend vma. 82910 * vma is the last one with address > vma->vm_end. Have to extend vma.
82888 */ 82911 */
@@ -82940,7 +82963,7 @@ index 0dceed8..e7cfc40 100644
82940 unsigned long size, grow; 82963 unsigned long size, grow;
82941 82964
82942 size = address - vma->vm_start; 82965 size = address - vma->vm_start;
82943@@ -2121,6 +2408,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) 82966@@ -2121,6 +2444,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
82944 } 82967 }
82945 } 82968 }
82946 } 82969 }
@@ -82949,7 +82972,7 @@ index 0dceed8..e7cfc40 100644
82949 vma_unlock_anon_vma(vma); 82972 vma_unlock_anon_vma(vma);
82950 khugepaged_enter_vma_merge(vma); 82973 khugepaged_enter_vma_merge(vma);
82951 validate_mm(vma->vm_mm); 82974 validate_mm(vma->vm_mm);
82952@@ -2135,6 +2424,8 @@ int expand_downwards(struct vm_area_struct *vma, 82975@@ -2135,6 +2460,8 @@ int expand_downwards(struct vm_area_struct *vma,
82953 unsigned long address) 82976 unsigned long address)
82954 { 82977 {
82955 int error; 82978 int error;
@@ -82958,7 +82981,7 @@ index 0dceed8..e7cfc40 100644
82958 82981
82959 /* 82982 /*
82960 * We must make sure the anon_vma is allocated 82983 * We must make sure the anon_vma is allocated
82961@@ -2148,6 +2439,15 @@ int expand_downwards(struct vm_area_struct *vma, 82984@@ -2148,6 +2475,15 @@ int expand_downwards(struct vm_area_struct *vma,
82962 if (error) 82985 if (error)
82963 return error; 82986 return error;
82964 82987
@@ -82974,7 +82997,7 @@ index 0dceed8..e7cfc40 100644
82974 vma_lock_anon_vma(vma); 82997 vma_lock_anon_vma(vma);
82975 82998
82976 /* 82999 /*
82977@@ -2157,9 +2457,17 @@ int expand_downwards(struct vm_area_struct *vma, 83000@@ -2157,9 +2493,17 @@ int expand_downwards(struct vm_area_struct *vma,
82978 */ 83001 */
82979 83002
82980 /* Somebody else might have raced and expanded it already */ 83003 /* Somebody else might have raced and expanded it already */
@@ -82993,7 +83016,7 @@ index 0dceed8..e7cfc40 100644
82993 size = vma->vm_end - address; 83016 size = vma->vm_end - address;
82994 grow = (vma->vm_start - address) >> PAGE_SHIFT; 83017 grow = (vma->vm_start - address) >> PAGE_SHIFT;
82995 83018
82996@@ -2184,13 +2492,27 @@ int expand_downwards(struct vm_area_struct *vma, 83019@@ -2184,13 +2528,27 @@ int expand_downwards(struct vm_area_struct *vma,
82997 vma->vm_pgoff -= grow; 83020 vma->vm_pgoff -= grow;
82998 anon_vma_interval_tree_post_update_vma(vma); 83021 anon_vma_interval_tree_post_update_vma(vma);
82999 vma_gap_update(vma); 83022 vma_gap_update(vma);
@@ -83021,7 +83044,7 @@ index 0dceed8..e7cfc40 100644
83021 khugepaged_enter_vma_merge(vma); 83044 khugepaged_enter_vma_merge(vma);
83022 validate_mm(vma->vm_mm); 83045 validate_mm(vma->vm_mm);
83023 return error; 83046 return error;
83024@@ -2288,6 +2610,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) 83047@@ -2288,6 +2646,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
83025 do { 83048 do {
83026 long nrpages = vma_pages(vma); 83049 long nrpages = vma_pages(vma);
83027 83050
@@ -83035,7 +83058,7 @@ index 0dceed8..e7cfc40 100644
83035 if (vma->vm_flags & VM_ACCOUNT) 83058 if (vma->vm_flags & VM_ACCOUNT)
83036 nr_accounted += nrpages; 83059 nr_accounted += nrpages;
83037 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); 83060 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
83038@@ -2333,6 +2662,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, 83061@@ -2333,6 +2698,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
83039 insertion_point = (prev ? &prev->vm_next : &mm->mmap); 83062 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
83040 vma->vm_prev = NULL; 83063 vma->vm_prev = NULL;
83041 do { 83064 do {
@@ -83052,7 +83075,7 @@ index 0dceed8..e7cfc40 100644
83052 vma_rb_erase(vma, &mm->mm_rb); 83075 vma_rb_erase(vma, &mm->mm_rb);
83053 mm->map_count--; 83076 mm->map_count--;
83054 tail_vma = vma; 83077 tail_vma = vma;
83055@@ -2364,14 +2703,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, 83078@@ -2364,14 +2739,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
83056 struct vm_area_struct *new; 83079 struct vm_area_struct *new;
83057 int err = -ENOMEM; 83080 int err = -ENOMEM;
83058 83081
@@ -83086,7 +83109,7 @@ index 0dceed8..e7cfc40 100644
83086 /* most fields are the same, copy all, and then fixup */ 83109 /* most fields are the same, copy all, and then fixup */
83087 *new = *vma; 83110 *new = *vma;
83088 83111
83089@@ -2384,6 +2742,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, 83112@@ -2384,6 +2778,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
83090 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); 83113 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
83091 } 83114 }
83092 83115
@@ -83109,7 +83132,7 @@ index 0dceed8..e7cfc40 100644
83109 pol = mpol_dup(vma_policy(vma)); 83132 pol = mpol_dup(vma_policy(vma));
83110 if (IS_ERR(pol)) { 83133 if (IS_ERR(pol)) {
83111 err = PTR_ERR(pol); 83134 err = PTR_ERR(pol);
83112@@ -2406,6 +2780,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, 83135@@ -2406,6 +2816,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
83113 else 83136 else
83114 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); 83137 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
83115 83138
@@ -83146,7 +83169,7 @@ index 0dceed8..e7cfc40 100644
83146 /* Success. */ 83169 /* Success. */
83147 if (!err) 83170 if (!err)
83148 return 0; 83171 return 0;
83149@@ -2415,10 +2819,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, 83172@@ -2415,10 +2855,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
83150 new->vm_ops->close(new); 83173 new->vm_ops->close(new);
83151 if (new->vm_file) 83174 if (new->vm_file)
83152 fput(new->vm_file); 83175 fput(new->vm_file);
@@ -83166,7 +83189,7 @@ index 0dceed8..e7cfc40 100644
83166 kmem_cache_free(vm_area_cachep, new); 83189 kmem_cache_free(vm_area_cachep, new);
83167 out_err: 83190 out_err:
83168 return err; 83191 return err;
83169@@ -2431,6 +2843,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, 83192@@ -2431,6 +2879,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
83170 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, 83193 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
83171 unsigned long addr, int new_below) 83194 unsigned long addr, int new_below)
83172 { 83195 {
@@ -83182,7 +83205,7 @@ index 0dceed8..e7cfc40 100644
83182 if (mm->map_count >= sysctl_max_map_count) 83205 if (mm->map_count >= sysctl_max_map_count)
83183 return -ENOMEM; 83206 return -ENOMEM;
83184 83207
83185@@ -2442,11 +2863,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, 83208@@ -2442,11 +2899,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
83186 * work. This now handles partial unmappings. 83209 * work. This now handles partial unmappings.
83187 * Jeremy Fitzhardinge <jeremy@goop.org> 83210 * Jeremy Fitzhardinge <jeremy@goop.org>
83188 */ 83211 */
@@ -83213,7 +83236,7 @@ index 0dceed8..e7cfc40 100644
83213 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) 83236 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
83214 return -EINVAL; 83237 return -EINVAL;
83215 83238
83216@@ -2521,6 +2961,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) 83239@@ -2521,6 +2997,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
83217 /* Fix up all other VM information */ 83240 /* Fix up all other VM information */
83218 remove_vma_list(mm, vma); 83241 remove_vma_list(mm, vma);
83219 83242
@@ -83222,7 +83245,7 @@ index 0dceed8..e7cfc40 100644
83222 return 0; 83245 return 0;
83223 } 83246 }
83224 83247
83225@@ -2529,6 +2971,13 @@ int vm_munmap(unsigned long start, size_t len) 83248@@ -2529,6 +3007,13 @@ int vm_munmap(unsigned long start, size_t len)
83226 int ret; 83249 int ret;
83227 struct mm_struct *mm = current->mm; 83250 struct mm_struct *mm = current->mm;
83228 83251
@@ -83236,7 +83259,7 @@ index 0dceed8..e7cfc40 100644
83236 down_write(&mm->mmap_sem); 83259 down_write(&mm->mmap_sem);
83237 ret = do_munmap(mm, start, len); 83260 ret = do_munmap(mm, start, len);
83238 up_write(&mm->mmap_sem); 83261 up_write(&mm->mmap_sem);
83239@@ -2542,16 +2991,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) 83262@@ -2542,16 +3027,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
83240 return vm_munmap(addr, len); 83263 return vm_munmap(addr, len);
83241 } 83264 }
83242 83265
@@ -83253,7 +83276,7 @@ index 0dceed8..e7cfc40 100644
83253 /* 83276 /*
83254 * this is really a simplified "do_mmap". it only handles 83277 * this is really a simplified "do_mmap". it only handles
83255 * anonymous maps. eventually we may be able to do some 83278 * anonymous maps. eventually we may be able to do some
83256@@ -2565,6 +3004,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) 83279@@ -2565,6 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
83257 struct rb_node ** rb_link, * rb_parent; 83280 struct rb_node ** rb_link, * rb_parent;
83258 pgoff_t pgoff = addr >> PAGE_SHIFT; 83281 pgoff_t pgoff = addr >> PAGE_SHIFT;
83259 int error; 83282 int error;
@@ -83261,7 +83284,7 @@ index 0dceed8..e7cfc40 100644
83261 83284
83262 len = PAGE_ALIGN(len); 83285 len = PAGE_ALIGN(len);
83263 if (!len) 83286 if (!len)
83264@@ -2572,16 +3012,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) 83287@@ -2572,16 +3048,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
83265 83288
83266 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; 83289 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
83267 83290
@@ -83293,7 +83316,7 @@ index 0dceed8..e7cfc40 100644
83293 locked += mm->locked_vm; 83316 locked += mm->locked_vm;
83294 lock_limit = rlimit(RLIMIT_MEMLOCK); 83317 lock_limit = rlimit(RLIMIT_MEMLOCK);
83295 lock_limit >>= PAGE_SHIFT; 83318 lock_limit >>= PAGE_SHIFT;
83296@@ -2598,21 +3052,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) 83319@@ -2598,21 +3088,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
83297 /* 83320 /*
83298 * Clear old maps. this also does some error checking for us 83321 * Clear old maps. this also does some error checking for us
83299 */ 83322 */
@@ -83318,7 +83341,7 @@ index 0dceed8..e7cfc40 100644
83318 return -ENOMEM; 83341 return -ENOMEM;
83319 83342
83320 /* Can we just expand an old private anonymous mapping? */ 83343 /* Can we just expand an old private anonymous mapping? */
83321@@ -2626,7 +3079,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) 83344@@ -2626,7 +3115,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
83322 */ 83345 */
83323 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); 83346 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
83324 if (!vma) { 83347 if (!vma) {
@@ -83327,7 +83350,7 @@ index 0dceed8..e7cfc40 100644
83327 return -ENOMEM; 83350 return -ENOMEM;
83328 } 83351 }
83329 83352
83330@@ -2640,9 +3093,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) 83353@@ -2640,9 +3129,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
83331 vma_link(mm, vma, prev, rb_link, rb_parent); 83354 vma_link(mm, vma, prev, rb_link, rb_parent);
83332 out: 83355 out:
83333 perf_event_mmap(vma); 83356 perf_event_mmap(vma);
@@ -83340,7 +83363,7 @@ index 0dceed8..e7cfc40 100644
83340 return addr; 83363 return addr;
83341 } 83364 }
83342 83365
83343@@ -2704,6 +3158,7 @@ void exit_mmap(struct mm_struct *mm) 83366@@ -2704,6 +3194,7 @@ void exit_mmap(struct mm_struct *mm)
83344 while (vma) { 83367 while (vma) {
83345 if (vma->vm_flags & VM_ACCOUNT) 83368 if (vma->vm_flags & VM_ACCOUNT)
83346 nr_accounted += vma_pages(vma); 83369 nr_accounted += vma_pages(vma);
@@ -83348,7 +83371,7 @@ index 0dceed8..e7cfc40 100644
83348 vma = remove_vma(vma); 83371 vma = remove_vma(vma);
83349 } 83372 }
83350 vm_unacct_memory(nr_accounted); 83373 vm_unacct_memory(nr_accounted);
83351@@ -2720,6 +3175,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) 83374@@ -2720,6 +3211,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
83352 struct vm_area_struct *prev; 83375 struct vm_area_struct *prev;
83353 struct rb_node **rb_link, *rb_parent; 83376 struct rb_node **rb_link, *rb_parent;
83354 83377
@@ -83362,7 +83385,7 @@ index 0dceed8..e7cfc40 100644
83362 /* 83385 /*
83363 * The vm_pgoff of a purely anonymous vma should be irrelevant 83386 * The vm_pgoff of a purely anonymous vma should be irrelevant
83364 * until its first write fault, when page's anon_vma and index 83387 * until its first write fault, when page's anon_vma and index
83365@@ -2743,7 +3205,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) 83388@@ -2743,7 +3241,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
83366 security_vm_enough_memory_mm(mm, vma_pages(vma))) 83389 security_vm_enough_memory_mm(mm, vma_pages(vma)))
83367 return -ENOMEM; 83390 return -ENOMEM;
83368 83391
@@ -83384,7 +83407,7 @@ index 0dceed8..e7cfc40 100644
83384 return 0; 83407 return 0;
83385 } 83408 }
83386 83409
83387@@ -2763,6 +3239,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, 83410@@ -2763,6 +3275,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
83388 struct mempolicy *pol; 83411 struct mempolicy *pol;
83389 bool faulted_in_anon_vma = true; 83412 bool faulted_in_anon_vma = true;
83390 83413
@@ -83393,7 +83416,7 @@ index 0dceed8..e7cfc40 100644
83393 /* 83416 /*
83394 * If anonymous vma has not yet been faulted, update new pgoff 83417 * If anonymous vma has not yet been faulted, update new pgoff
83395 * to match new location, to increase its chance of merging. 83418 * to match new location, to increase its chance of merging.
83396@@ -2829,6 +3307,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, 83419@@ -2829,6 +3343,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
83397 return NULL; 83420 return NULL;
83398 } 83421 }
83399 83422
@@ -83433,7 +83456,7 @@ index 0dceed8..e7cfc40 100644
83433 /* 83456 /*
83434 * Return true if the calling process may expand its vm space by the passed 83457 * Return true if the calling process may expand its vm space by the passed
83435 * number of pages 83458 * number of pages
83436@@ -2840,6 +3351,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) 83459@@ -2840,6 +3387,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
83437 83460
83438 lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; 83461 lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
83439 83462
@@ -83441,7 +83464,7 @@ index 0dceed8..e7cfc40 100644
83441 if (cur + npages > lim) 83464 if (cur + npages > lim)
83442 return 0; 83465 return 0;
83443 return 1; 83466 return 1;
83444@@ -2910,6 +3422,22 @@ int install_special_mapping(struct mm_struct *mm, 83467@@ -2910,6 +3458,22 @@ int install_special_mapping(struct mm_struct *mm,
83445 vma->vm_start = addr; 83468 vma->vm_start = addr;
83446 vma->vm_end = addr + len; 83469 vma->vm_end = addr + len;
83447 83470
@@ -85864,10 +85887,20 @@ index 6a93614..1415549 100644
85864 err = -EFAULT; 85887 err = -EFAULT;
85865 break; 85888 break;
85866diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c 85889diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
85867index c5f9cd6..8d23158 100644 85890index c5f9cd6..dfc8ec1 100644
85868--- a/net/bluetooth/l2cap_core.c 85891--- a/net/bluetooth/l2cap_core.c
85869+++ b/net/bluetooth/l2cap_core.c 85892+++ b/net/bluetooth/l2cap_core.c
85870@@ -3395,8 +3395,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, 85893@@ -2743,6 +2743,9 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
85894 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %u",
85895 conn, code, ident, dlen);
85896
85897+ if (conn->mtu < L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE)
85898+ return NULL;
85899+
85900 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
85901 count = min_t(unsigned int, conn->mtu, len);
85902
85903@@ -3395,8 +3398,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
85871 break; 85904 break;
85872 85905
85873 case L2CAP_CONF_RFC: 85906 case L2CAP_CONF_RFC:
@@ -85880,6 +85913,15 @@ index c5f9cd6..8d23158 100644
85880 85913
85881 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && 85914 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
85882 rfc.mode != chan->mode) 85915 rfc.mode != chan->mode)
85916@@ -4221,7 +4226,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn,
85917 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
85918 u16 type, result;
85919
85920- if (cmd_len != sizeof(*rsp))
85921+ if (cmd_len < sizeof(*rsp))
85922 return -EPROTO;
85923
85924 type = __le16_to_cpu(rsp->type);
85883diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c 85925diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
85884index 1bcfb84..dad9f98 100644 85926index 1bcfb84..dad9f98 100644
85885--- a/net/bluetooth/l2cap_sock.c 85927--- a/net/bluetooth/l2cap_sock.c
@@ -86111,7 +86153,7 @@ index 117814a..ad4fb73 100644
86111 86153
86112 if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { 86154 if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) {
86113diff --git a/net/compat.c b/net/compat.c 86155diff --git a/net/compat.c b/net/compat.c
86114index 79ae884..0541331 100644 86156index f0a1ba6..0541331 100644
86115--- a/net/compat.c 86157--- a/net/compat.c
86116+++ b/net/compat.c 86158+++ b/net/compat.c
86117@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) 86159@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
@@ -86241,45 +86283,7 @@ index 79ae884..0541331 100644
86241 struct group_filter __user *kgf; 86283 struct group_filter __user *kgf;
86242 int __user *koptlen; 86284 int __user *koptlen;
86243 u32 interface, fmode, numsrc; 86285 u32 interface, fmode, numsrc;
86244@@ -734,19 +734,25 @@ static unsigned char nas[21] = { 86286@@ -805,7 +805,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
86245
86246 asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags)
86247 {
86248- return sys_sendmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
86249+ if (flags & MSG_CMSG_COMPAT)
86250+ return -EINVAL;
86251+ return __sys_sendmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
86252 }
86253
86254 asmlinkage long compat_sys_sendmmsg(int fd, struct compat_mmsghdr __user *mmsg,
86255 unsigned int vlen, unsigned int flags)
86256 {
86257+ if (flags & MSG_CMSG_COMPAT)
86258+ return -EINVAL;
86259 return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
86260 flags | MSG_CMSG_COMPAT);
86261 }
86262
86263 asmlinkage long compat_sys_recvmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags)
86264 {
86265- return sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
86266+ if (flags & MSG_CMSG_COMPAT)
86267+ return -EINVAL;
86268+ return __sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
86269 }
86270
86271 asmlinkage long compat_sys_recv(int fd, void __user *buf, size_t len, unsigned int flags)
86272@@ -768,6 +774,9 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg,
86273 int datagrams;
86274 struct timespec ktspec;
86275
86276+ if (flags & MSG_CMSG_COMPAT)
86277+ return -EINVAL;
86278+
86279 if (COMPAT_USE_64BIT_TIME)
86280 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
86281 flags | MSG_CMSG_COMPAT,
86282@@ -796,7 +805,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
86283 86287
86284 if (call < SYS_SOCKET || call > SYS_SENDMMSG) 86288 if (call < SYS_SOCKET || call > SYS_SENDMMSG)
86285 return -EINVAL; 86289 return -EINVAL;
@@ -86302,7 +86306,7 @@ index 368f9c3..f82d4a3 100644
86302 86306
86303 return err; 86307 return err;
86304diff --git a/net/core/dev.c b/net/core/dev.c 86308diff --git a/net/core/dev.c b/net/core/dev.c
86305index 9a278e9..15f2b9e 100644 86309index c9eb9e6..922c789 100644
86306--- a/net/core/dev.c 86310--- a/net/core/dev.c
86307+++ b/net/core/dev.c 86311+++ b/net/core/dev.c
86308@@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) 86312@@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -86332,7 +86336,7 @@ index 9a278e9..15f2b9e 100644
86332 86336
86333 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) 86337 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
86334 86338
86335@@ -3093,7 +3093,7 @@ enqueue: 86339@@ -3099,7 +3099,7 @@ enqueue:
86336 86340
86337 local_irq_restore(flags); 86341 local_irq_restore(flags);
86338 86342
@@ -86341,7 +86345,7 @@ index 9a278e9..15f2b9e 100644
86341 kfree_skb(skb); 86345 kfree_skb(skb);
86342 return NET_RX_DROP; 86346 return NET_RX_DROP;
86343 } 86347 }
86344@@ -3165,7 +3165,7 @@ int netif_rx_ni(struct sk_buff *skb) 86348@@ -3171,7 +3171,7 @@ int netif_rx_ni(struct sk_buff *skb)
86345 } 86349 }
86346 EXPORT_SYMBOL(netif_rx_ni); 86350 EXPORT_SYMBOL(netif_rx_ni);
86347 86351
@@ -86350,7 +86354,7 @@ index 9a278e9..15f2b9e 100644
86350 { 86354 {
86351 struct softnet_data *sd = &__get_cpu_var(softnet_data); 86355 struct softnet_data *sd = &__get_cpu_var(softnet_data);
86352 86356
86353@@ -3490,7 +3490,7 @@ ncls: 86357@@ -3496,7 +3496,7 @@ ncls:
86354 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); 86358 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
86355 } else { 86359 } else {
86356 drop: 86360 drop:
@@ -86359,7 +86363,7 @@ index 9a278e9..15f2b9e 100644
86359 kfree_skb(skb); 86363 kfree_skb(skb);
86360 /* Jamal, now you will not able to escape explaining 86364 /* Jamal, now you will not able to escape explaining
86361 * me how you were going to use this. :-) 86365 * me how you were going to use this. :-)
86362@@ -4095,7 +4095,7 @@ void netif_napi_del(struct napi_struct *napi) 86366@@ -4101,7 +4101,7 @@ void netif_napi_del(struct napi_struct *napi)
86363 } 86367 }
86364 EXPORT_SYMBOL(netif_napi_del); 86368 EXPORT_SYMBOL(netif_napi_del);
86365 86369
@@ -86368,7 +86372,7 @@ index 9a278e9..15f2b9e 100644
86368 { 86372 {
86369 struct softnet_data *sd = &__get_cpu_var(softnet_data); 86373 struct softnet_data *sd = &__get_cpu_var(softnet_data);
86370 unsigned long time_limit = jiffies + 2; 86374 unsigned long time_limit = jiffies + 2;
86371@@ -5522,7 +5522,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, 86375@@ -5528,7 +5528,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
86372 } else { 86376 } else {
86373 netdev_stats_to_stats64(storage, &dev->stats); 86377 netdev_stats_to_stats64(storage, &dev->stats);
86374 } 86378 }
@@ -86639,7 +86643,7 @@ index e61a8bb..6a2f13c 100644
86639 #ifdef CONFIG_INET 86643 #ifdef CONFIG_INET
86640 static u32 seq_scale(u32 seq) 86644 static u32 seq_scale(u32 seq)
86641diff --git a/net/core/sock.c b/net/core/sock.c 86645diff --git a/net/core/sock.c b/net/core/sock.c
86642index 1432266..1a0d4a1 100644 86646index 684c37d..b541900 100644
86643--- a/net/core/sock.c 86647--- a/net/core/sock.c
86644+++ b/net/core/sock.c 86648+++ b/net/core/sock.c
86645@@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 86649@@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -87168,7 +87172,7 @@ index 52c273e..579060b 100644
87168 return -ENOMEM; 87172 return -ENOMEM;
87169 } 87173 }
87170diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c 87174diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
87171index 91d66db..4af7d99 100644 87175index c7e8c04..56cb4c1 100644
87172--- a/net/ipv4/ip_gre.c 87176--- a/net/ipv4/ip_gre.c
87173+++ b/net/ipv4/ip_gre.c 87177+++ b/net/ipv4/ip_gre.c
87174@@ -124,7 +124,7 @@ static bool log_ecn_error = true; 87178@@ -124,7 +124,7 @@ static bool log_ecn_error = true;
@@ -87298,7 +87302,7 @@ index bf6c5cf..ab2e9c6 100644
87298 return res; 87302 return res;
87299 } 87303 }
87300diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c 87304diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
87301index 8f024d4..8b3500c 100644 87305index 7533846..d2361d1 100644
87302--- a/net/ipv4/ipip.c 87306--- a/net/ipv4/ipip.c
87303+++ b/net/ipv4/ipip.c 87307+++ b/net/ipv4/ipip.c
87304@@ -138,7 +138,7 @@ struct ipip_net { 87308@@ -138,7 +138,7 @@ struct ipip_net {
@@ -87486,10 +87490,10 @@ index dd44e0a..06dcca4 100644
87486 87490
87487 static int raw_seq_show(struct seq_file *seq, void *v) 87491 static int raw_seq_show(struct seq_file *seq, void *v)
87488diff --git a/net/ipv4/route.c b/net/ipv4/route.c 87492diff --git a/net/ipv4/route.c b/net/ipv4/route.c
87489index 6e28514..5e1b055 100644 87493index cfede9a..22248f9 100644
87490--- a/net/ipv4/route.c 87494--- a/net/ipv4/route.c
87491+++ b/net/ipv4/route.c 87495+++ b/net/ipv4/route.c
87492@@ -2553,34 +2553,34 @@ static struct ctl_table ipv4_route_flush_table[] = { 87496@@ -2558,34 +2558,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
87493 .maxlen = sizeof(int), 87497 .maxlen = sizeof(int),
87494 .mode = 0200, 87498 .mode = 0200,
87495 .proc_handler = ipv4_sysctl_rtcache_flush, 87499 .proc_handler = ipv4_sysctl_rtcache_flush,
@@ -87532,7 +87536,7 @@ index 6e28514..5e1b055 100644
87532 err_dup: 87536 err_dup:
87533 return -ENOMEM; 87537 return -ENOMEM;
87534 } 87538 }
87535@@ -2603,7 +2603,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { 87539@@ -2608,7 +2608,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
87536 87540
87537 static __net_init int rt_genid_init(struct net *net) 87541 static __net_init int rt_genid_init(struct net *net)
87538 { 87542 {
@@ -87681,29 +87685,11 @@ index 960fd29..d55bf64 100644
87681 87685
87682 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 87686 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
87683 if (hdr == NULL) 87687 if (hdr == NULL)
87684diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
87685index e220207..cdeb839 100644
87686--- a/net/ipv4/tcp.c
87687+++ b/net/ipv4/tcp.c
87688@@ -3383,8 +3383,11 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
87689
87690 for (i = 0; i < shi->nr_frags; ++i) {
87691 const struct skb_frag_struct *f = &shi->frags[i];
87692- struct page *page = skb_frag_page(f);
87693- sg_set_page(&sg, page, skb_frag_size(f), f->page_offset);
87694+ unsigned int offset = f->page_offset;
87695+ struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT);
87696+
87697+ sg_set_page(&sg, page, skb_frag_size(f),
87698+ offset_in_page(offset));
87699 if (crypto_hash_update(desc, &sg, skb_frag_size(f)))
87700 return 1;
87701 }
87702diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c 87688diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
87703index 13b9c08..d33a8d0 100644 87689index 59163c8..8277c51 100644
87704--- a/net/ipv4/tcp_input.c 87690--- a/net/ipv4/tcp_input.c
87705+++ b/net/ipv4/tcp_input.c 87691+++ b/net/ipv4/tcp_input.c
87706@@ -4724,7 +4724,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, 87692@@ -4727,7 +4727,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
87707 * simplifies code) 87693 * simplifies code)
87708 */ 87694 */
87709 static void 87695 static void
@@ -87712,7 +87698,7 @@ index 13b9c08..d33a8d0 100644
87712 struct sk_buff *head, struct sk_buff *tail, 87698 struct sk_buff *head, struct sk_buff *tail,
87713 u32 start, u32 end) 87699 u32 start, u32 end)
87714 { 87700 {
87715@@ -5838,6 +5838,7 @@ discard: 87701@@ -5841,6 +5841,7 @@ discard:
87716 tcp_paws_reject(&tp->rx_opt, 0)) 87702 tcp_paws_reject(&tp->rx_opt, 0))
87717 goto discard_and_undo; 87703 goto discard_and_undo;
87718 87704
@@ -87720,7 +87706,7 @@ index 13b9c08..d33a8d0 100644
87720 if (th->syn) { 87706 if (th->syn) {
87721 /* We see SYN without ACK. It is attempt of 87707 /* We see SYN without ACK. It is attempt of
87722 * simultaneous connect with crossed SYNs. 87708 * simultaneous connect with crossed SYNs.
87723@@ -5888,6 +5889,7 @@ discard: 87709@@ -5891,6 +5892,7 @@ discard:
87724 goto discard; 87710 goto discard;
87725 #endif 87711 #endif
87726 } 87712 }
@@ -87728,7 +87714,7 @@ index 13b9c08..d33a8d0 100644
87728 /* "fifth, if neither of the SYN or RST bits is set then 87714 /* "fifth, if neither of the SYN or RST bits is set then
87729 * drop the segment and return." 87715 * drop the segment and return."
87730 */ 87716 */
87731@@ -5932,7 +5934,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, 87717@@ -5935,7 +5937,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
87732 goto discard; 87718 goto discard;
87733 87719
87734 if (th->syn) { 87720 if (th->syn) {
@@ -88023,7 +88009,7 @@ index 9a459be..086b866 100644
88023 return -ENOMEM; 88009 return -ENOMEM;
88024 } 88010 }
88025diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c 88011diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
88026index dae802c..bfa4baa 100644 88012index 50a4c7c..50a27e6 100644
88027--- a/net/ipv6/addrconf.c 88013--- a/net/ipv6/addrconf.c
88028+++ b/net/ipv6/addrconf.c 88014+++ b/net/ipv6/addrconf.c
88029@@ -2274,7 +2274,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) 88015@@ -2274,7 +2274,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
@@ -88035,7 +88021,7 @@ index dae802c..bfa4baa 100644
88035 88021
88036 if (ops->ndo_do_ioctl) { 88022 if (ops->ndo_do_ioctl) {
88037 mm_segment_t oldfs = get_fs(); 88023 mm_segment_t oldfs = get_fs();
88038@@ -4410,7 +4410,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, 88024@@ -4412,7 +4412,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
88039 int *valp = ctl->data; 88025 int *valp = ctl->data;
88040 int val = *valp; 88026 int val = *valp;
88041 loff_t pos = *ppos; 88027 loff_t pos = *ppos;
@@ -88044,7 +88030,7 @@ index dae802c..bfa4baa 100644
88044 int ret; 88030 int ret;
88045 88031
88046 /* 88032 /*
88047@@ -4492,7 +4492,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, 88033@@ -4494,7 +4494,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
88048 int *valp = ctl->data; 88034 int *valp = ctl->data;
88049 int val = *valp; 88035 int val = *valp;
88050 loff_t pos = *ppos; 88036 loff_t pos = *ppos;
@@ -88107,18 +88093,28 @@ index 95d13c7..791fe2f 100644
88107 .maxtype = IFLA_GRE_MAX, 88093 .maxtype = IFLA_GRE_MAX,
88108 .policy = ip6gre_policy, 88094 .policy = ip6gre_policy,
88109diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c 88095diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
88110index 155eccf..851fdae 100644 88096index 851fdae..9d4d1fd 100644
88111--- a/net/ipv6/ip6_output.c 88097--- a/net/ipv6/ip6_output.c
88112+++ b/net/ipv6/ip6_output.c 88098+++ b/net/ipv6/ip6_output.c
88113@@ -1147,7 +1147,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, 88099@@ -822,11 +822,17 @@ static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
88114 if (WARN_ON(np->cork.opt)) 88100 const struct flowi6 *fl6)
88115 return -EINVAL; 88101 {
88102 struct ipv6_pinfo *np = inet6_sk(sk);
88103- struct rt6_info *rt = (struct rt6_info *)dst;
88104+ struct rt6_info *rt;
88116 88105
88117- np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation); 88106 if (!dst)
88118+ np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation); 88107 goto out;
88119 if (unlikely(np->cork.opt == NULL))
88120 return -ENOBUFS;
88121 88108
88109+ if (dst->ops->family != AF_INET6) {
88110+ dst_release(dst);
88111+ return NULL;
88112+ }
88113+
88114+ rt = (struct rt6_info *)dst;
88115 /* Yes, checking route validity in not connected
88116 * case is not very simple. Take into account,
88117 * that we do not support routing by source, TOS,
88122diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c 88118diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
88123index fff83cb..82d49dd 100644 88119index fff83cb..82d49dd 100644
88124--- a/net/ipv6/ip6_tunnel.c 88120--- a/net/ipv6/ip6_tunnel.c
@@ -88697,10 +88693,26 @@ index 4fe76ff..426a904 100644
88697 }; 88693 };
88698 88694
88699diff --git a/net/key/af_key.c b/net/key/af_key.c 88695diff --git a/net/key/af_key.c b/net/key/af_key.c
88700index 5b1e5af..2358147 100644 88696index 5b1e5af..1b929e7 100644
88701--- a/net/key/af_key.c 88697--- a/net/key/af_key.c
88702+++ b/net/key/af_key.c 88698+++ b/net/key/af_key.c
88703@@ -3041,10 +3041,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc 88699@@ -1710,6 +1710,7 @@ static int key_notify_sa_flush(const struct km_event *c)
88700 hdr->sadb_msg_version = PF_KEY_V2;
88701 hdr->sadb_msg_errno = (uint8_t) 0;
88702 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
88703+ hdr->sadb_msg_reserved = 0;
88704
88705 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
88706
88707@@ -2695,6 +2696,7 @@ static int key_notify_policy_flush(const struct km_event *c)
88708 hdr->sadb_msg_errno = (uint8_t) 0;
88709 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
88710 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
88711+ hdr->sadb_msg_reserved = 0;
88712 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
88713 return 0;
88714
88715@@ -3041,10 +3043,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
88704 static u32 get_acqseq(void) 88716 static u32 get_acqseq(void)
88705 { 88717 {
88706 u32 res; 88718 u32 res;
@@ -88713,33 +88725,6 @@ index 5b1e5af..2358147 100644
88713 } while (!res); 88725 } while (!res);
88714 return res; 88726 return res;
88715 } 88727 }
88716diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
88717index 637a341..8dec687 100644
88718--- a/net/l2tp/l2tp_ppp.c
88719+++ b/net/l2tp/l2tp_ppp.c
88720@@ -346,19 +346,19 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
88721 skb_put(skb, 2);
88722
88723 /* Copy user data into skb */
88724- error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
88725+ error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov,
88726+ total_len);
88727 if (error < 0) {
88728 kfree_skb(skb);
88729 goto error_put_sess_tun;
88730 }
88731- skb_put(skb, total_len);
88732
88733 l2tp_xmit_skb(session, skb, session->hdr_len);
88734
88735 sock_put(ps->tunnel_sock);
88736 sock_put(sk);
88737
88738- return error;
88739+ return total_len;
88740
88741 error_put_sess_tun:
88742 sock_put(ps->tunnel_sock);
88743diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c 88728diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
88744index 843d8c4..cb04fa1 100644 88729index 843d8c4..cb04fa1 100644
88745--- a/net/mac80211/cfg.c 88730--- a/net/mac80211/cfg.c
@@ -89356,6 +89341,22 @@ index 9e31269..bc4c1b7 100644
89356 mutex_unlock(&nf_log_mutex); 89341 mutex_unlock(&nf_log_mutex);
89357 } 89342 }
89358 89343
89344diff --git a/net/netfilter/nf_nat_sip.c b/net/netfilter/nf_nat_sip.c
89345index 96ccdf7..dac11f7 100644
89346--- a/net/netfilter/nf_nat_sip.c
89347+++ b/net/netfilter/nf_nat_sip.c
89348@@ -230,9 +230,10 @@ static unsigned int nf_nat_sip(struct sk_buff *skb, unsigned int protoff,
89349 &ct->tuplehash[!dir].tuple.src.u3,
89350 false);
89351 if (!mangle_packet(skb, protoff, dataoff, dptr, datalen,
89352- poff, plen, buffer, buflen))
89353+ poff, plen, buffer, buflen)) {
89354 nf_ct_helper_log(skb, ct, "cannot mangle received");
89355 return NF_DROP;
89356+ }
89357 }
89358
89359 /* The rport= parameter (RFC 3581) contains the port number
89359diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c 89360diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c
89360index f042ae5..30ea486 100644 89361index f042ae5..30ea486 100644
89361--- a/net/netfilter/nf_sockopt.c 89362--- a/net/netfilter/nf_sockopt.c
@@ -89576,10 +89577,10 @@ index 103bd70..f21aad3 100644
89576 *uaddr_len = sizeof(struct sockaddr_ax25); 89577 *uaddr_len = sizeof(struct sockaddr_ax25);
89577 } 89578 }
89578diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c 89579diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
89579index f83e172..223ffe1 100644 89580index e50f72a..f71867d 100644
89580--- a/net/packet/af_packet.c 89581--- a/net/packet/af_packet.c
89581+++ b/net/packet/af_packet.c 89582+++ b/net/packet/af_packet.c
89582@@ -1571,7 +1571,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, 89583@@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
89583 89584
89584 spin_lock(&sk->sk_receive_queue.lock); 89585 spin_lock(&sk->sk_receive_queue.lock);
89585 po->stats.tp_packets++; 89586 po->stats.tp_packets++;
@@ -89588,7 +89589,7 @@ index f83e172..223ffe1 100644
89588 __skb_queue_tail(&sk->sk_receive_queue, skb); 89589 __skb_queue_tail(&sk->sk_receive_queue, skb);
89589 spin_unlock(&sk->sk_receive_queue.lock); 89590 spin_unlock(&sk->sk_receive_queue.lock);
89590 sk->sk_data_ready(sk, skb->len); 89591 sk->sk_data_ready(sk, skb->len);
89591@@ -1580,7 +1580,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, 89592@@ -1587,7 +1587,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
89592 drop_n_acct: 89593 drop_n_acct:
89593 spin_lock(&sk->sk_receive_queue.lock); 89594 spin_lock(&sk->sk_receive_queue.lock);
89594 po->stats.tp_drops++; 89595 po->stats.tp_drops++;
@@ -89597,7 +89598,7 @@ index f83e172..223ffe1 100644
89597 spin_unlock(&sk->sk_receive_queue.lock); 89598 spin_unlock(&sk->sk_receive_queue.lock);
89598 89599
89599 drop_n_restore: 89600 drop_n_restore:
89600@@ -2558,6 +2558,7 @@ out: 89601@@ -2579,6 +2579,7 @@ out:
89601 89602
89602 static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) 89603 static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
89603 { 89604 {
@@ -89605,7 +89606,7 @@ index f83e172..223ffe1 100644
89605 struct sock_exterr_skb *serr; 89606 struct sock_exterr_skb *serr;
89606 struct sk_buff *skb, *skb2; 89607 struct sk_buff *skb, *skb2;
89607 int copied, err; 89608 int copied, err;
89608@@ -2579,8 +2580,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) 89609@@ -2600,8 +2601,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
89609 sock_recv_timestamp(msg, sk, skb); 89610 sock_recv_timestamp(msg, sk, skb);
89610 89611
89611 serr = SKB_EXT_ERR(skb); 89612 serr = SKB_EXT_ERR(skb);
@@ -89616,22 +89617,7 @@ index f83e172..223ffe1 100644
89616 89617
89617 msg->msg_flags |= MSG_ERRQUEUE; 89618 msg->msg_flags |= MSG_ERRQUEUE;
89618 err = copied; 89619 err = copied;
89619@@ -2769,12 +2771,11 @@ static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, 89620@@ -3225,7 +3227,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
89620 return -EOPNOTSUPP;
89621
89622 uaddr->sa_family = AF_PACKET;
89623+ memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data));
89624 rcu_read_lock();
89625 dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex);
89626 if (dev)
89627- strncpy(uaddr->sa_data, dev->name, 14);
89628- else
89629- memset(uaddr->sa_data, 0, 14);
89630+ strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data));
89631 rcu_read_unlock();
89632 *uaddr_len = sizeof(*uaddr);
89633
89634@@ -3205,7 +3206,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
89635 case PACKET_HDRLEN: 89621 case PACKET_HDRLEN:
89636 if (len > sizeof(int)) 89622 if (len > sizeof(int))
89637 len = sizeof(int); 89623 len = sizeof(int);
@@ -89640,7 +89626,7 @@ index f83e172..223ffe1 100644
89640 return -EFAULT; 89626 return -EFAULT;
89641 switch (val) { 89627 switch (val) {
89642 case TPACKET_V1: 89628 case TPACKET_V1:
89643@@ -3247,7 +3248,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, 89629@@ -3267,7 +3269,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
89644 len = lv; 89630 len = lv;
89645 if (put_user(len, optlen)) 89631 if (put_user(len, optlen))
89646 return -EFAULT; 89632 return -EFAULT;
@@ -90176,33 +90162,6 @@ index 391a245..296b3d7 100644
90176 } 90162 }
90177 90163
90178 /* Initialize IPv6 support and register with socket layer. */ 90164 /* Initialize IPv6 support and register with socket layer. */
90179diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
90180index 01dca75..e9426bb 100644
90181--- a/net/sctp/outqueue.c
90182+++ b/net/sctp/outqueue.c
90183@@ -206,6 +206,8 @@ static inline int sctp_cacc_skip(struct sctp_transport *primary,
90184 */
90185 void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q)
90186 {
90187+ memset(q, 0, sizeof(struct sctp_outq));
90188+
90189 q->asoc = asoc;
90190 INIT_LIST_HEAD(&q->out_chunk_list);
90191 INIT_LIST_HEAD(&q->control_chunk_list);
90192@@ -213,13 +215,7 @@ void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q)
90193 INIT_LIST_HEAD(&q->sacked);
90194 INIT_LIST_HEAD(&q->abandoned);
90195
90196- q->fast_rtx = 0;
90197- q->outstanding_bytes = 0;
90198 q->empty = 1;
90199- q->cork = 0;
90200-
90201- q->malloced = 0;
90202- q->out_qlen = 0;
90203 }
90204
90205 /* Free the outqueue structure and any related pending chunks.
90206diff --git a/net/sctp/probe.c b/net/sctp/probe.c 90165diff --git a/net/sctp/probe.c b/net/sctp/probe.c
90207index ad0dba8..e62c225 100644 90166index ad0dba8..e62c225 100644
90208--- a/net/sctp/probe.c 90167--- a/net/sctp/probe.c
@@ -90287,7 +90246,7 @@ index 8aab894..f6b7e7d 100644
90287 sctp_generate_t1_cookie_event, 90246 sctp_generate_t1_cookie_event,
90288 sctp_generate_t1_init_event, 90247 sctp_generate_t1_init_event,
90289diff --git a/net/sctp/socket.c b/net/sctp/socket.c 90248diff --git a/net/sctp/socket.c b/net/sctp/socket.c
90290index b907073..7bea2ca 100644 90249index 02c43e4..7bea2ca 100644
90291--- a/net/sctp/socket.c 90250--- a/net/sctp/socket.c
90292+++ b/net/sctp/socket.c 90251+++ b/net/sctp/socket.c
90293@@ -2166,11 +2166,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, 90252@@ -2166,11 +2166,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
@@ -90305,20 +90264,7 @@ index b907073..7bea2ca 100644
90305 90264
90306 /* 90265 /*
90307 * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, 90266 * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
90308@@ -4002,6 +4004,12 @@ SCTP_STATIC void sctp_destroy_sock(struct sock *sk) 90267@@ -4221,13 +4223,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
90309
90310 /* Release our hold on the endpoint. */
90311 sp = sctp_sk(sk);
90312+ /* This could happen during socket init, thus we bail out
90313+ * early, since the rest of the below is not setup either.
90314+ */
90315+ if (sp->ep == NULL)
90316+ return;
90317+
90318 if (sp->do_auto_asconf) {
90319 sp->do_auto_asconf = 0;
90320 list_del(&sp->auto_asconf_list);
90321@@ -4215,13 +4223,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
90322 static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, 90268 static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
90323 int __user *optlen) 90269 int __user *optlen)
90324 { 90270 {
@@ -90336,7 +90282,7 @@ index b907073..7bea2ca 100644
90336 return -EFAULT; 90282 return -EFAULT;
90337 return 0; 90283 return 0;
90338 } 90284 }
90339@@ -4239,6 +4250,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, 90285@@ -4245,6 +4250,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
90340 */ 90286 */
90341 static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) 90287 static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
90342 { 90288 {
@@ -90345,7 +90291,7 @@ index b907073..7bea2ca 100644
90345 /* Applicable to UDP-style socket only */ 90291 /* Applicable to UDP-style socket only */
90346 if (sctp_style(sk, TCP)) 90292 if (sctp_style(sk, TCP))
90347 return -EOPNOTSUPP; 90293 return -EOPNOTSUPP;
90348@@ -4247,7 +4260,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv 90294@@ -4253,7 +4260,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
90349 len = sizeof(int); 90295 len = sizeof(int);
90350 if (put_user(len, optlen)) 90296 if (put_user(len, optlen))
90351 return -EFAULT; 90297 return -EFAULT;
@@ -90355,7 +90301,7 @@ index b907073..7bea2ca 100644
90355 return -EFAULT; 90301 return -EFAULT;
90356 return 0; 90302 return 0;
90357 } 90303 }
90358@@ -4619,12 +4633,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, 90304@@ -4625,12 +4633,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
90359 */ 90305 */
90360 static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) 90306 static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
90361 { 90307 {
@@ -90372,7 +90318,7 @@ index b907073..7bea2ca 100644
90372 return -EFAULT; 90318 return -EFAULT;
90373 return 0; 90319 return 0;
90374 } 90320 }
90375@@ -4665,6 +4682,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, 90321@@ -4671,6 +4682,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
90376 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; 90322 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
90377 if (space_left < addrlen) 90323 if (space_left < addrlen)
90378 return -ENOMEM; 90324 return -ENOMEM;
@@ -90404,7 +90350,7 @@ index bf3c6e8..376d8d0 100644
90404 90350
90405 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); 90351 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
90406diff --git a/net/socket.c b/net/socket.c 90352diff --git a/net/socket.c b/net/socket.c
90407index 88f759a..74be616 100644 90353index e216502..74be616 100644
90408--- a/net/socket.c 90354--- a/net/socket.c
90409+++ b/net/socket.c 90355+++ b/net/socket.c
90410@@ -88,6 +88,7 @@ 90356@@ -88,6 +88,7 @@
@@ -90575,16 +90521,7 @@ index 88f759a..74be616 100644
90575 int err, err2; 90521 int err, err2;
90576 int fput_needed; 90522 int fput_needed;
90577 90523
90578@@ -1978,7 +2040,7 @@ struct used_address { 90524@@ -2045,7 +2107,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
90579 unsigned int name_len;
90580 };
90581
90582-static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
90583+static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
90584 struct msghdr *msg_sys, unsigned int flags,
90585 struct used_address *used_address)
90586 {
90587@@ -2045,7 +2107,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
90588 * checking falls down on this. 90525 * checking falls down on this.
90589 */ 90526 */
90590 if (copy_from_user(ctl_buf, 90527 if (copy_from_user(ctl_buf,
@@ -90593,83 +90530,7 @@ index 88f759a..74be616 100644
90593 ctl_len)) 90530 ctl_len))
90594 goto out_freectl; 90531 goto out_freectl;
90595 msg_sys->msg_control = ctl_buf; 90532 msg_sys->msg_control = ctl_buf;
90596@@ -2093,20 +2155,28 @@ out: 90533@@ -2196,7 +2258,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
90597 * BSD sendmsg interface
90598 */
90599
90600+long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
90601+{
90602+ int fput_needed, err;
90603+ struct msghdr msg_sys;
90604+ struct socket *sock;
90605+
90606+ sock = sockfd_lookup_light(fd, &err, &fput_needed);
90607+ if (!sock)
90608+ goto out;
90609+
90610+ err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL);
90611+
90612+ fput_light(sock->file, fput_needed);
90613+out:
90614+ return err;
90615+}
90616+
90617 SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned int, flags)
90618 {
90619- int fput_needed, err;
90620- struct msghdr msg_sys;
90621- struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed);
90622-
90623- if (!sock)
90624- goto out;
90625-
90626- err = __sys_sendmsg(sock, msg, &msg_sys, flags, NULL);
90627-
90628- fput_light(sock->file, fput_needed);
90629-out:
90630- return err;
90631+ if (flags & MSG_CMSG_COMPAT)
90632+ return -EINVAL;
90633+ return __sys_sendmsg(fd, msg, flags);
90634 }
90635
90636 /*
90637@@ -2139,15 +2209,16 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
90638
90639 while (datagrams < vlen) {
90640 if (MSG_CMSG_COMPAT & flags) {
90641- err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry,
90642- &msg_sys, flags, &used_address);
90643+ err = ___sys_sendmsg(sock, (struct msghdr __user *)compat_entry,
90644+ &msg_sys, flags, &used_address);
90645 if (err < 0)
90646 break;
90647 err = __put_user(err, &compat_entry->msg_len);
90648 ++compat_entry;
90649 } else {
90650- err = __sys_sendmsg(sock, (struct msghdr __user *)entry,
90651- &msg_sys, flags, &used_address);
90652+ err = ___sys_sendmsg(sock,
90653+ (struct msghdr __user *)entry,
90654+ &msg_sys, flags, &used_address);
90655 if (err < 0)
90656 break;
90657 err = put_user(err, &entry->msg_len);
90658@@ -2171,10 +2242,12 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
90659 SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
90660 unsigned int, vlen, unsigned int, flags)
90661 {
90662+ if (flags & MSG_CMSG_COMPAT)
90663+ return -EINVAL;
90664 return __sys_sendmmsg(fd, mmsg, vlen, flags);
90665 }
90666
90667-static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
90668+static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
90669 struct msghdr *msg_sys, unsigned int flags, int nosec)
90670 {
90671 struct compat_msghdr __user *msg_compat =
90672@@ -2185,7 +2258,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
90673 int err, total_len, len; 90534 int err, total_len, len;
90674 90535
90675 /* kernel mode address */ 90536 /* kernel mode address */
@@ -90678,7 +90539,7 @@ index 88f759a..74be616 100644
90678 90539
90679 /* user mode address pointers */ 90540 /* user mode address pointers */
90680 struct sockaddr __user *uaddr; 90541 struct sockaddr __user *uaddr;
90681@@ -2213,7 +2286,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, 90542@@ -2224,7 +2286,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
90682 * kernel msghdr to use the kernel address space) 90543 * kernel msghdr to use the kernel address space)
90683 */ 90544 */
90684 90545
@@ -90687,84 +90548,7 @@ index 88f759a..74be616 100644
90687 uaddr_len = COMPAT_NAMELEN(msg); 90548 uaddr_len = COMPAT_NAMELEN(msg);
90688 if (MSG_CMSG_COMPAT & flags) { 90549 if (MSG_CMSG_COMPAT & flags) {
90689 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 90550 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
90690@@ -2266,21 +2339,29 @@ out: 90551@@ -2975,7 +3037,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
90691 * BSD recvmsg interface
90692 */
90693
90694+long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags)
90695+{
90696+ int fput_needed, err;
90697+ struct msghdr msg_sys;
90698+ struct socket *sock;
90699+
90700+ sock = sockfd_lookup_light(fd, &err, &fput_needed);
90701+ if (!sock)
90702+ goto out;
90703+
90704+ err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
90705+
90706+ fput_light(sock->file, fput_needed);
90707+out:
90708+ return err;
90709+}
90710+
90711 SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
90712 unsigned int, flags)
90713 {
90714- int fput_needed, err;
90715- struct msghdr msg_sys;
90716- struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed);
90717-
90718- if (!sock)
90719- goto out;
90720-
90721- err = __sys_recvmsg(sock, msg, &msg_sys, flags, 0);
90722-
90723- fput_light(sock->file, fput_needed);
90724-out:
90725- return err;
90726+ if (flags & MSG_CMSG_COMPAT)
90727+ return -EINVAL;
90728+ return __sys_recvmsg(fd, msg, flags);
90729 }
90730
90731 /*
90732@@ -2320,17 +2401,18 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
90733 * No need to ask LSM for more than the first datagram.
90734 */
90735 if (MSG_CMSG_COMPAT & flags) {
90736- err = __sys_recvmsg(sock, (struct msghdr __user *)compat_entry,
90737- &msg_sys, flags & ~MSG_WAITFORONE,
90738- datagrams);
90739+ err = ___sys_recvmsg(sock, (struct msghdr __user *)compat_entry,
90740+ &msg_sys, flags & ~MSG_WAITFORONE,
90741+ datagrams);
90742 if (err < 0)
90743 break;
90744 err = __put_user(err, &compat_entry->msg_len);
90745 ++compat_entry;
90746 } else {
90747- err = __sys_recvmsg(sock, (struct msghdr __user *)entry,
90748- &msg_sys, flags & ~MSG_WAITFORONE,
90749- datagrams);
90750+ err = ___sys_recvmsg(sock,
90751+ (struct msghdr __user *)entry,
90752+ &msg_sys, flags & ~MSG_WAITFORONE,
90753+ datagrams);
90754 if (err < 0)
90755 break;
90756 err = put_user(err, &entry->msg_len);
90757@@ -2397,6 +2479,9 @@ SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
90758 int datagrams;
90759 struct timespec timeout_sys;
90760
90761+ if (flags & MSG_CMSG_COMPAT)
90762+ return -EINVAL;
90763+
90764 if (!timeout)
90765 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL);
90766
90767@@ -2952,7 +3037,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
90768 old_fs = get_fs(); 90552 old_fs = get_fs();
90769 set_fs(KERNEL_DS); 90553 set_fs(KERNEL_DS);
90770 err = dev_ioctl(net, cmd, 90554 err = dev_ioctl(net, cmd,
@@ -90773,7 +90557,7 @@ index 88f759a..74be616 100644
90773 set_fs(old_fs); 90557 set_fs(old_fs);
90774 90558
90775 return err; 90559 return err;
90776@@ -3061,7 +3146,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, 90560@@ -3084,7 +3146,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
90777 90561
90778 old_fs = get_fs(); 90562 old_fs = get_fs();
90779 set_fs(KERNEL_DS); 90563 set_fs(KERNEL_DS);
@@ -90782,7 +90566,7 @@ index 88f759a..74be616 100644
90782 set_fs(old_fs); 90566 set_fs(old_fs);
90783 90567
90784 if (cmd == SIOCGIFMAP && !err) { 90568 if (cmd == SIOCGIFMAP && !err) {
90785@@ -3166,7 +3251,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, 90569@@ -3189,7 +3251,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
90786 ret |= __get_user(rtdev, &(ur4->rt_dev)); 90570 ret |= __get_user(rtdev, &(ur4->rt_dev));
90787 if (rtdev) { 90571 if (rtdev) {
90788 ret |= copy_from_user(devname, compat_ptr(rtdev), 15); 90572 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -90791,7 +90575,7 @@ index 88f759a..74be616 100644
90791 devname[15] = 0; 90575 devname[15] = 0;
90792 } else 90576 } else
90793 r4.rt_dev = NULL; 90577 r4.rt_dev = NULL;
90794@@ -3392,8 +3477,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, 90578@@ -3415,8 +3477,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
90795 int __user *uoptlen; 90579 int __user *uoptlen;
90796 int err; 90580 int err;
90797 90581
@@ -90802,7 +90586,7 @@ index 88f759a..74be616 100644
90802 90586
90803 set_fs(KERNEL_DS); 90587 set_fs(KERNEL_DS);
90804 if (level == SOL_SOCKET) 90588 if (level == SOL_SOCKET)
90805@@ -3413,7 +3498,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, 90589@@ -3436,7 +3498,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
90806 char __user *uoptval; 90590 char __user *uoptval;
90807 int err; 90591 int err;
90808 90592
@@ -91300,18 +91084,6 @@ index c8717c1..08539f5 100644
91300 err = handler(dev, info, (union iwreq_data *) iwp, extra); 91084 err = handler(dev, info, (union iwreq_data *) iwp, extra);
91301 91085
91302 iwp->length += essid_compat; 91086 iwp->length += essid_compat;
91303diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
91304index bcfda89..0cf003d 100644
91305--- a/net/xfrm/xfrm_output.c
91306+++ b/net/xfrm/xfrm_output.c
91307@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
91308
91309 if (unlikely(x->km.state != XFRM_STATE_VALID)) {
91310 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID);
91311+ err = -EINVAL;
91312 goto error;
91313 }
91314
91315diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c 91087diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
91316index 167c67d..3f2ae427 100644 91088index 167c67d..3f2ae427 100644
91317--- a/net/xfrm/xfrm_policy.c 91089--- a/net/xfrm/xfrm_policy.c
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index 3f50316571..de622fca84 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1,6 +1,6 @@
1# 1#
2# Automatically generated file; DO NOT EDIT. 2# Automatically generated file; DO NOT EDIT.
3# Linux/x86 3.9.7 Kernel Configuration 3# Linux/x86 3.9.8 Kernel Configuration
4# 4#
5# CONFIG_64BIT is not set 5# CONFIG_64BIT is not set
6CONFIG_X86_32=y 6CONFIG_X86_32=y
@@ -5523,6 +5523,7 @@ CONFIG_GRKERNSEC_KMEM=y
5523# CONFIG_GRKERNSEC_VM86 is not set 5523# CONFIG_GRKERNSEC_VM86 is not set
5524# CONFIG_GRKERNSEC_IO is not set 5524# CONFIG_GRKERNSEC_IO is not set
5525CONFIG_GRKERNSEC_PERF_HARDEN=y 5525CONFIG_GRKERNSEC_PERF_HARDEN=y
5526# CONFIG_GRKERNSEC_RAND_THREADSTACK is not set
5526CONFIG_GRKERNSEC_PROC_MEMMAP=y 5527CONFIG_GRKERNSEC_PROC_MEMMAP=y
5527# CONFIG_GRKERNSEC_BRUTE is not set 5528# CONFIG_GRKERNSEC_BRUTE is not set
5528# CONFIG_GRKERNSEC_MODHARDEN is not set 5529# CONFIG_GRKERNSEC_MODHARDEN is not set
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64
index f338d7ad0b..feaf716d88 100644
--- a/main/linux-grsec/kernelconfig.x86_64
+++ b/main/linux-grsec/kernelconfig.x86_64
@@ -1,6 +1,6 @@
1# 1#
2# Automatically generated file; DO NOT EDIT. 2# Automatically generated file; DO NOT EDIT.
3# Linux/x86 3.9.7 Kernel Configuration 3# Linux/x86 3.9.8 Kernel Configuration
4# 4#
5CONFIG_64BIT=y 5CONFIG_64BIT=y
6CONFIG_X86_64=y 6CONFIG_X86_64=y
@@ -5460,6 +5460,7 @@ CONFIG_GRKERNSEC_KMEM=y
5460# CONFIG_GRKERNSEC_IO is not set 5460# CONFIG_GRKERNSEC_IO is not set
5461CONFIG_GRKERNSEC_JIT_HARDEN=y 5461CONFIG_GRKERNSEC_JIT_HARDEN=y
5462CONFIG_GRKERNSEC_PERF_HARDEN=y 5462CONFIG_GRKERNSEC_PERF_HARDEN=y
5463# CONFIG_GRKERNSEC_RAND_THREADSTACK is not set
5463CONFIG_GRKERNSEC_PROC_MEMMAP=y 5464CONFIG_GRKERNSEC_PROC_MEMMAP=y
5464# CONFIG_GRKERNSEC_BRUTE is not set 5465# CONFIG_GRKERNSEC_BRUTE is not set
5465# CONFIG_GRKERNSEC_MODHARDEN is not set 5466# CONFIG_GRKERNSEC_MODHARDEN is not set
© 2015 Mike Crute