* [gentoo-commits] proj/hardened-patchset:master commit in: 3.8.10/, 2.6.32/, 3.8.11/, 3.2.44/
@ 2013-05-04 20:07 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2013-05-04 20:07 UTC (permalink / raw
To: gentoo-commits
commit: 0a1edb909716e16373c79d2ac96decf47790482f
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat May 4 20:06:48 2013 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat May 4 20:06:48 2013 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=0a1edb90
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.44,3.8.11}-201305011917
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.9.1-2.6.32.60-201304292054.patch} | 22 +-
3.2.44/0000_README | 2 +-
...420_grsecurity-2.9.1-3.2.44-201304292055.patch} | 233 +++-
3.8.10/1008_linux-3.8.9.patch | 1649 --------------------
3.8.10/1009_linux-3.8.10.patch | 67 -
{3.8.10 => 3.8.11}/0000_README | 10 +-
3.8.11/1010_linux-3.8.11.patch | 1556 ++++++++++++++++++
...4420_grsecurity-2.9.1-3.8.11-201305011917.patch | 1131 +++-----------
{3.8.10 => 3.8.11}/4425_grsec_remove_EI_PAX.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.8.10 => 3.8.11}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.8.10 => 3.8.11}/4470_disable-compat_vdso.patch | 0
16 files changed, 1997 insertions(+), 2675 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 2b44ed9..3b25af8 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304262205.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304292054.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304262205.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304292054.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304262205.patch
rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304292054.patch
index 2f14145..31c0020 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304262205.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304292054.patch
@@ -76580,10 +76580,18 @@ index cb2849f..3718fb4 100644
if (entry->bitmap && entry->bytes > bytes + empty_size) {
ret = btrfs_bitmap_cluster(block_group, entry, cluster,
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index e03a836..323837e 100644
+index e03a836..d4e4e69 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
-@@ -63,7 +63,7 @@ static const struct inode_operations btrfs_file_inode_operations;
+@@ -17,6 +17,7 @@
+ */
+
+ #include <linux/kernel.h>
++#include <linux/module.h>
+ #include <linux/bio.h>
+ #include <linux/buffer_head.h>
+ #include <linux/file.h>
+@@ -63,7 +64,7 @@ static const struct inode_operations btrfs_file_inode_operations;
static const struct address_space_operations btrfs_aops;
static const struct address_space_operations btrfs_symlink_aops;
static const struct file_operations btrfs_dir_file_operations;
@@ -76592,7 +76600,7 @@ index e03a836..323837e 100644
static struct kmem_cache *btrfs_inode_cachep;
struct kmem_cache *btrfs_trans_handle_cachep;
-@@ -925,6 +925,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page,
+@@ -925,6 +926,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page,
1, 0, NULL, GFP_NOFS);
while (start < end) {
async_cow = kmalloc(sizeof(*async_cow), GFP_NOFS);
@@ -76600,7 +76608,7 @@ index e03a836..323837e 100644
async_cow->inode = inode;
async_cow->root = root;
async_cow->locked_page = locked_page;
-@@ -4591,6 +4592,8 @@ static noinline int uncompress_inline(struct btrfs_path *path,
+@@ -4591,6 +4593,8 @@ static noinline int uncompress_inline(struct btrfs_path *path,
inline_size = btrfs_file_extent_inline_item_len(leaf,
btrfs_item_nr(leaf, path->slots[0]));
tmp = kmalloc(inline_size, GFP_NOFS);
@@ -76609,7 +76617,7 @@ index e03a836..323837e 100644
ptr = btrfs_file_extent_inline_start(item);
read_extent_buffer(leaf, tmp, ptr, inline_size);
-@@ -5410,7 +5413,7 @@ fail:
+@@ -5410,7 +5414,7 @@ fail:
return -ENOMEM;
}
@@ -76618,7 +76626,7 @@ index e03a836..323837e 100644
struct dentry *dentry, struct kstat *stat)
{
struct inode *inode = dentry->d_inode;
-@@ -5422,6 +5425,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
+@@ -5422,6 +5426,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
return 0;
}
@@ -76633,7 +76641,7 @@ index e03a836..323837e 100644
static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry)
{
-@@ -5972,7 +5983,7 @@ static const struct file_operations btrfs_dir_file_operations = {
+@@ -5972,7 +5984,7 @@ static const struct file_operations btrfs_dir_file_operations = {
.fsync = btrfs_sync_file,
};
diff --git a/3.2.44/0000_README b/3.2.44/0000_README
index 91b9efe..1b7cbd6 100644
--- a/3.2.44/0000_README
+++ b/3.2.44/0000_README
@@ -94,7 +94,7 @@ Patch: 1043_linux-3.2.44.patch
From: http://www.kernel.org
Desc: Linux 3.2.44
-Patch: 4420_grsecurity-2.9.1-3.2.44-201304271916.patch
+Patch: 4420_grsecurity-2.9.1-3.2.44-201304292055.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.44/4420_grsecurity-2.9.1-3.2.44-201304271916.patch b/3.2.44/4420_grsecurity-2.9.1-3.2.44-201304292055.patch
similarity index 99%
rename from 3.2.44/4420_grsecurity-2.9.1-3.2.44-201304271916.patch
rename to 3.2.44/4420_grsecurity-2.9.1-3.2.44-201304292055.patch
index 062dff7..258f868 100644
--- a/3.2.44/4420_grsecurity-2.9.1-3.2.44-201304271916.patch
+++ b/3.2.44/4420_grsecurity-2.9.1-3.2.44-201304292055.patch
@@ -17034,7 +17034,7 @@ index d2d488b8..a4f589f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 6274f5f..3d36291 100644
+index 6274f5f..7342ebb 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -55,6 +55,8 @@
@@ -17110,7 +17110,7 @@ index 6274f5f..3d36291 100644
jmp *%rdi
#endif
-@@ -178,6 +186,273 @@ ENTRY(native_usergs_sysret64)
+@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -17165,7 +17165,7 @@ index 6274f5f..3d36291 100644
+ pax_force_retaddr
+ retq
+
-+2: ljmpq __KERNEL_CS,1f
++2: ljmpq __KERNEL_CS,1b
+3: ljmpq __KERNEXEC_KERNEL_CS,4f
+4: SET_RDI_INTO_CR0
+ jmp 1b
@@ -17181,6 +17181,9 @@ index 6274f5f..3d36291 100644
+ mov %cs,%rdi
+ cmp $__KERNEXEC_KERNEL_CS,%edi
+ jz 2f
++ GET_CR0_INTO_RDI
++ bts $16,%rdi
++ jnc 4f
+1:
+
+#ifdef CONFIG_PARAVIRT
@@ -17193,9 +17196,12 @@ index 6274f5f..3d36291 100644
+
+2: GET_CR0_INTO_RDI
+ btr $16,%rdi
++ jnc 4f
+ ljmpq __KERNEL_CS,3f
+3: SET_RDI_INTO_CR0
+ jmp 1b
++4: ud2
++ jmp 4b
+ENDPROC(pax_exit_kernel)
+#endif
+
@@ -17285,6 +17291,7 @@ index 6274f5f..3d36291 100644
+#ifdef CONFIG_PAX_KERNEXEC
+ GET_CR0_INTO_RDI
+ btr $16,%rdi
++ jnc 3f
+ SET_RDI_INTO_CR0
+#endif
+
@@ -17322,6 +17329,8 @@ index 6274f5f..3d36291 100644
+ popq %rdi
+ pax_force_retaddr
+ retq
++3: ud2
++ jmp 3b
+ENDPROC(pax_exit_kernel_user)
+#endif
+
@@ -17384,7 +17393,7 @@ index 6274f5f..3d36291 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -231,8 +506,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
@@ -17395,7 +17404,7 @@ index 6274f5f..3d36291 100644
.endm
/*
-@@ -319,7 +594,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -17404,7 +17413,7 @@ index 6274f5f..3d36291 100644
je 1f
SWAPGS
/*
-@@ -355,9 +630,10 @@ ENTRY(save_rest)
+@@ -355,9 +639,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
@@ -17416,7 +17425,7 @@ index 6274f5f..3d36291 100644
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -386,9 +662,10 @@ ENTRY(save_paranoid)
+@@ -386,9 +671,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -17429,7 +17438,7 @@ index 6274f5f..3d36291 100644
.popsection
/*
-@@ -410,7 +687,7 @@ ENTRY(ret_from_fork)
+@@ -410,7 +696,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -17438,7 +17447,7 @@ index 6274f5f..3d36291 100644
je int_ret_from_sys_call
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -420,7 +697,7 @@ ENTRY(ret_from_fork)
+@@ -420,7 +706,7 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
CFI_ENDPROC
@@ -17447,7 +17456,7 @@ index 6274f5f..3d36291 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -456,7 +733,7 @@ END(ret_from_fork)
+@@ -456,7 +742,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -17456,7 +17465,7 @@ index 6274f5f..3d36291 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -469,12 +746,18 @@ ENTRY(system_call_after_swapgs)
+@@ -469,12 +755,18 @@ ENTRY(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -17476,7 +17485,7 @@ index 6274f5f..3d36291 100644
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -484,7 +767,7 @@ ENTRY(system_call_after_swapgs)
+@@ -484,7 +776,7 @@ ENTRY(system_call_after_swapgs)
system_call_fastpath:
cmpq $__NR_syscall_max,%rax
ja badsys
@@ -17485,7 +17494,7 @@ index 6274f5f..3d36291 100644
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -503,6 +786,8 @@ sysret_check:
+@@ -503,6 +795,8 @@ sysret_check:
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
@@ -17494,7 +17503,7 @@ index 6274f5f..3d36291 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -554,14 +839,18 @@ badsys:
+@@ -554,14 +848,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
@@ -17514,7 +17523,7 @@ index 6274f5f..3d36291 100644
jmp system_call_fastpath
/*
-@@ -591,16 +880,20 @@ tracesys:
+@@ -591,16 +889,20 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -17536,7 +17545,7 @@ index 6274f5f..3d36291 100644
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -612,7 +905,7 @@ tracesys:
+@@ -612,7 +914,7 @@ tracesys:
GLOBAL(int_ret_from_sys_call)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -17545,7 +17554,7 @@ index 6274f5f..3d36291 100644
je retint_restore_args
movl $_TIF_ALLWORK_MASK,%edi
/* edi: mask to check */
-@@ -623,7 +916,9 @@ GLOBAL(int_with_check)
+@@ -623,7 +925,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -17556,7 +17565,7 @@ index 6274f5f..3d36291 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -669,7 +964,7 @@ int_restore_rest:
+@@ -669,7 +973,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -17565,7 +17574,7 @@ index 6274f5f..3d36291 100644
/*
* Certain special system calls that need to save a complete full stack frame.
-@@ -685,7 +980,7 @@ ENTRY(\label)
+@@ -685,7 +989,7 @@ ENTRY(\label)
call \func
jmp ptregscall_common
CFI_ENDPROC
@@ -17574,7 +17583,7 @@ index 6274f5f..3d36291 100644
.endm
PTREGSCALL stub_clone, sys_clone, %r8
-@@ -703,9 +998,10 @@ ENTRY(ptregscall_common)
+@@ -703,9 +1007,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
@@ -17586,7 +17595,7 @@ index 6274f5f..3d36291 100644
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -720,7 +1016,7 @@ ENTRY(stub_execve)
+@@ -720,7 +1025,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -17595,7 +17604,7 @@ index 6274f5f..3d36291 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -738,7 +1034,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -738,7 +1043,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -17604,7 +17613,7 @@ index 6274f5f..3d36291 100644
/*
* Build the entry stubs and pointer table with some assembler magic.
-@@ -773,7 +1069,7 @@ vector=vector+1
+@@ -773,7 +1078,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -17613,7 +17622,7 @@ index 6274f5f..3d36291 100644
.previous
END(interrupt)
-@@ -793,6 +1089,16 @@ END(interrupt)
+@@ -793,6 +1098,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
@@ -17630,7 +17639,7 @@ index 6274f5f..3d36291 100644
call \func
.endm
-@@ -824,7 +1130,7 @@ ret_from_intr:
+@@ -824,7 +1139,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -17639,7 +17648,7 @@ index 6274f5f..3d36291 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -846,12 +1152,16 @@ retint_swapgs: /* return to user-space */
+@@ -846,12 +1161,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -17656,7 +17665,7 @@ index 6274f5f..3d36291 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -940,7 +1250,7 @@ ENTRY(retint_kernel)
+@@ -940,7 +1259,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -17665,7 +17674,7 @@ index 6274f5f..3d36291 100644
/*
* End of kprobes section
*/
-@@ -956,7 +1266,7 @@ ENTRY(\sym)
+@@ -956,7 +1275,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -17674,7 +17683,7 @@ index 6274f5f..3d36291 100644
.endm
#ifdef CONFIG_SMP
-@@ -1021,12 +1331,22 @@ ENTRY(\sym)
+@@ -1021,12 +1340,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -17698,7 +17707,7 @@ index 6274f5f..3d36291 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1038,15 +1358,25 @@ ENTRY(\sym)
+@@ -1038,15 +1367,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -17726,7 +17735,7 @@ index 6274f5f..3d36291 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1056,14 +1386,30 @@ ENTRY(\sym)
+@@ -1056,14 +1395,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -17758,7 +17767,7 @@ index 6274f5f..3d36291 100644
.endm
.macro errorentry sym do_sym
-@@ -1074,13 +1420,23 @@ ENTRY(\sym)
+@@ -1074,13 +1429,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -17783,7 +17792,7 @@ index 6274f5f..3d36291 100644
.endm
/* error code is on the stack already */
-@@ -1093,13 +1449,23 @@ ENTRY(\sym)
+@@ -1093,13 +1458,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -17808,7 +17817,7 @@ index 6274f5f..3d36291 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1129,9 +1495,10 @@ gs_change:
+@@ -1129,9 +1504,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -17820,7 +17829,7 @@ index 6274f5f..3d36291 100644
.section __ex_table,"a"
.align 8
-@@ -1153,13 +1520,14 @@ ENTRY(kernel_thread_helper)
+@@ -1153,13 +1529,14 @@ ENTRY(kernel_thread_helper)
* Here we are in the child and the registers are set as they were
* at kernel_thread() invocation in the parent.
*/
@@ -17836,7 +17845,7 @@ index 6274f5f..3d36291 100644
/*
* execve(). This function needs to use IRET, not SYSRET, to set up all state properly.
-@@ -1186,11 +1554,11 @@ ENTRY(kernel_execve)
+@@ -1186,11 +1563,11 @@ ENTRY(kernel_execve)
RESTORE_REST
testq %rax,%rax
je int_ret_from_sys_call
@@ -17850,7 +17859,7 @@ index 6274f5f..3d36291 100644
/* Call softirq on interrupt stack. Interrupts are off. */
ENTRY(call_softirq)
-@@ -1208,9 +1576,10 @@ ENTRY(call_softirq)
+@@ -1208,9 +1585,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -17862,7 +17871,7 @@ index 6274f5f..3d36291 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1248,7 +1617,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1248,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -17871,7 +17880,7 @@ index 6274f5f..3d36291 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1307,7 +1676,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1307,7 +1685,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -17880,7 +17889,7 @@ index 6274f5f..3d36291 100644
apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1356,16 +1725,31 @@ ENTRY(paranoid_exit)
+@@ -1356,16 +1734,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -17913,7 +17922,7 @@ index 6274f5f..3d36291 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1394,7 +1778,7 @@ paranoid_schedule:
+@@ -1394,7 +1787,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -17922,7 +17931,7 @@ index 6274f5f..3d36291 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1421,12 +1805,13 @@ ENTRY(error_entry)
+@@ -1421,12 +1814,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -17937,7 +17946,7 @@ index 6274f5f..3d36291 100644
ret
/*
-@@ -1453,7 +1838,7 @@ bstep_iret:
+@@ -1453,7 +1847,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -17946,7 +17955,7 @@ index 6274f5f..3d36291 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1473,7 +1858,7 @@ ENTRY(error_exit)
+@@ -1473,7 +1867,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -17955,7 +17964,7 @@ index 6274f5f..3d36291 100644
/* runs on exception stack */
-@@ -1485,6 +1870,16 @@ ENTRY(nmi)
+@@ -1485,6 +1879,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
DEFAULT_FRAME 0
@@ -17972,7 +17981,7 @@ index 6274f5f..3d36291 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1495,12 +1890,28 @@ ENTRY(nmi)
+@@ -1495,12 +1899,28 @@ ENTRY(nmi)
DISABLE_INTERRUPTS(CLBR_NONE)
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
@@ -18002,7 +18011,7 @@ index 6274f5f..3d36291 100644
jmp irq_return
nmi_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1529,14 +1940,14 @@ nmi_schedule:
+@@ -1529,14 +1949,14 @@ nmi_schedule:
jmp paranoid_exit
CFI_ENDPROC
#endif
@@ -18878,9 +18887,18 @@ index 9c3bd4a..e1d9b35 100644
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
-index 6104852..567e2fb 100644
+index 6104852..47826ae 100644
--- a/arch/x86/kernel/i8259.c
+++ b/arch/x86/kernel/i8259.c
+@@ -111,7 +111,7 @@ static int i8259A_irq_pending(unsigned int irq)
+ static void make_8259A_irq(unsigned int irq)
+ {
+ disable_irq_nosync(irq);
+- io_apic_irqs &= ~(1<<irq);
++ io_apic_irqs &= ~(1UL<<irq);
+ irq_set_chip_and_handler_name(irq, &i8259A_chip, handle_level_irq,
+ i8259A_chip.name);
+ enable_irq(irq);
@@ -210,7 +210,7 @@ spurious_8259A_irq:
"spurious 8259A interrupt: IRQ%d.\n", irq);
spurious_irq_mask |= irqmask;
@@ -19987,6 +20005,19 @@ index 84c938f..09fb3e0 100644
};
EXPORT_SYMBOL_GPL(pv_time_ops);
+diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c
+index 726494b..5d942a3 100644
+--- a/arch/x86/kernel/pci-calgary_64.c
++++ b/arch/x86/kernel/pci-calgary_64.c
+@@ -1341,7 +1341,7 @@ static void __init get_tce_space_from_tar(void)
+ tce_space = be64_to_cpu(readq(target));
+ tce_space = tce_space & TAR_SW_BITS;
+
+- tce_space = tce_space & (~specified_table_size);
++ tce_space = tce_space & (~(unsigned long)specified_table_size);
+ info->tce_space = (u64 *)__va(tce_space);
+ }
+ }
diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c
index 35ccf75..7a15747 100644
--- a/arch/x86/kernel/pci-iommu_table.c
@@ -22243,9 +22274,24 @@ index 94a4672..5c6b853 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 407789b..5570a86 100644
+index 407789b..8bde3e2 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
+@@ -1099,12 +1099,12 @@ static void vmcs_write64(unsigned long field, u64 value)
+ #endif
+ }
+
+-static void vmcs_clear_bits(unsigned long field, u32 mask)
++static void vmcs_clear_bits(unsigned long field, unsigned long mask)
+ {
+ vmcs_writel(field, vmcs_readl(field) & ~mask);
+ }
+
+-static void vmcs_set_bits(unsigned long field, u32 mask)
++static void vmcs_set_bits(unsigned long field, unsigned long mask)
+ {
+ vmcs_writel(field, vmcs_readl(field) | mask);
+ }
@@ -1305,7 +1305,11 @@ static void reload_tss(void)
struct desc_struct *descs;
@@ -31868,6 +31914,19 @@ index a365562..933bbbd 100644
set_fs(old_fs);
if (likely(bw == len))
return 0;
+diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
+index a63b0a2..30228d1 100644
+--- a/drivers/block/pktcdvd.c
++++ b/drivers/block/pktcdvd.c
+@@ -83,7 +83,7 @@
+
+ #define MAX_SPEED 0xffff
+
+-#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1))
++#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1UL))
+
+ static DEFINE_MUTEX(pktcdvd_mutex);
+ static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 2678b6f..374ae19 100644
--- a/drivers/cdrom/cdrom.c
@@ -48309,11 +48368,32 @@ index dede441..f2a2507 100644
parent_start = 0;
WARN_ON(trans->transid != btrfs_header_generation(parent));
+diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
+index 8d4d53d..d0dec4c 100644
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -5642,7 +5642,7 @@ again:
+
+ if (ret == -ENOSPC && num_bytes > min_alloc_size) {
+ num_bytes = num_bytes >> 1;
+- num_bytes = num_bytes & ~(root->sectorsize - 1);
++ num_bytes = num_bytes & ~((u64)root->sectorsize - 1);
+ num_bytes = max(num_bytes, min_alloc_size);
+ do_chunk_alloc(trans, root->fs_info->extent_root,
+ num_bytes, data, CHUNK_ALLOC_FORCE);
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index 1372634..f1db831 100644
+index 1372634..3960bb0 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
-@@ -6909,7 +6909,7 @@ fail:
+@@ -17,6 +17,7 @@
+ */
+
+ #include <linux/kernel.h>
++#include <linux/module.h>
+ #include <linux/bio.h>
+ #include <linux/buffer_head.h>
+ #include <linux/file.h>
+@@ -6909,7 +6910,7 @@ fail:
return -ENOMEM;
}
@@ -48322,7 +48402,7 @@ index 1372634..f1db831 100644
struct dentry *dentry, struct kstat *stat)
{
struct inode *inode = dentry->d_inode;
-@@ -6923,6 +6923,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
+@@ -6923,6 +6924,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
return 0;
}
@@ -53509,6 +53589,23 @@ index 24afa96..a92d930 100644
int nops;
};
+diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
+index 2cbac34..6dc3889 100644
+--- a/fs/nfsd/nfscache.c
++++ b/fs/nfsd/nfscache.c
+@@ -264,8 +264,10 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+ if (!(rp = rqstp->rq_cacherep) || cache_disabled)
+ return;
+
+- len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
+- len >>= 2;
++ if (statp) {
++ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
++ len >>= 2;
++ }
+
+ /* Don't cache excessive amounts of data and XDR failures */
+ if (!statp || len > (256 >> 2)) {
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index c45a2ea..1a6bd66 100644
--- a/fs/nfsd/nfsctl.c
@@ -79225,9 +79322,18 @@ index 6fdc629..55739fe 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 17edb14..a73e6fc 100644
+index 17edb14..8cc9713 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
+@@ -2645,7 +2645,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+ return 0;
+ }
+
+-int set_tracer_flag(unsigned int mask, int enabled)
++int set_tracer_flag(unsigned long mask, int enabled)
+ {
+ /* do nothing if flag is already set */
+ if (!!(trace_flags & mask) == !!enabled)
@@ -4236,10 +4236,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
@@ -79252,6 +79358,19 @@ index 17edb14..a73e6fc 100644
static int once;
struct dentry *d_tracer;
+diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
+index c3c3f6b..7d8dbdc 100644
+--- a/kernel/trace/trace.h
++++ b/kernel/trace/trace.h
+@@ -820,7 +820,7 @@ extern const char *__start___trace_bprintk_fmt[];
+ extern const char *__stop___trace_bprintk_fmt[];
+
+ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set);
+-int set_tracer_flag(unsigned int mask, int enabled);
++int set_tracer_flag(unsigned long mask, int enabled);
+
+ #undef FTRACE_ENTRY
+ #define FTRACE_ENTRY(call, struct_name, id, tstruct, print) \
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index c212a7f..a2560bc 100644
--- a/kernel/trace/trace_events.c
@@ -102872,10 +102991,10 @@ index 0000000..ac2901e
+}
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c
new file mode 100644
-index 0000000..41770fc
+index 0000000..b07fe22
--- /dev/null
+++ b/tools/gcc/structleak_plugin.c
-@@ -0,0 +1,272 @@
+@@ -0,0 +1,276 @@
+/*
+ * Copyright 2013 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -103010,6 +103129,7 @@ index 0000000..41770fc
+ gimple init_stmt;
+
+ // this is the original entry bb before the forced split
++ // TODO: check further BBs in case more splits occured before us
+ bb = ENTRY_BLOCK_PTR->next_bb->next_bb;
+
+ // first check if the variable is already initialized, warn otherwise
@@ -103033,6 +103153,9 @@ index 0000000..41770fc
+ return;
+ }
+
++ // these aren't the 0days you're looking for
++// inform(DECL_SOURCE_LOCATION(var), "userspace variable will be forcibly initialized");
++
+ // build the initializer expression
+ initializer = build_constructor(TREE_TYPE(var), NULL);
+
diff --git a/3.8.10/1008_linux-3.8.9.patch b/3.8.10/1008_linux-3.8.9.patch
deleted file mode 100644
index 6162889..0000000
--- a/3.8.10/1008_linux-3.8.9.patch
+++ /dev/null
@@ -1,1649 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 7684f95..3ae4796 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 3
- PATCHLEVEL = 8
--SUBLEVEL = 8
-+SUBLEVEL = 9
- EXTRAVERSION =
- NAME = Displaced Humerus Anterior
-
-diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
-index f9e8657..23fa6a2 100644
---- a/arch/arm/kernel/perf_event.c
-+++ b/arch/arm/kernel/perf_event.c
-@@ -261,7 +261,10 @@ validate_event(struct pmu_hw_events *hw_events,
- struct arm_pmu *armpmu = to_arm_pmu(event->pmu);
- struct pmu *leader_pmu = event->group_leader->pmu;
-
-- if (event->pmu != leader_pmu || event->state <= PERF_EVENT_STATE_OFF)
-+ if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF)
-+ return 1;
-+
-+ if (event->state == PERF_EVENT_STATE_OFF && !event->attr.enable_on_exec)
- return 1;
-
- return armpmu->get_event_idx(hw_events, event) >= 0;
-diff --git a/arch/arm/mach-imx/clk-imx35.c b/arch/arm/mach-imx/clk-imx35.c
-index 0edce4b..5e3ca7a 100644
---- a/arch/arm/mach-imx/clk-imx35.c
-+++ b/arch/arm/mach-imx/clk-imx35.c
-@@ -265,6 +265,8 @@ int __init mx35_clocks_init()
- clk_prepare_enable(clk[gpio3_gate]);
- clk_prepare_enable(clk[iim_gate]);
- clk_prepare_enable(clk[emi_gate]);
-+ clk_prepare_enable(clk[max_gate]);
-+ clk_prepare_enable(clk[iomuxc_gate]);
-
- /*
- * SCC is needed to boot via mmc after a watchdog reset. The clock code
-diff --git a/arch/arm/mm/cache-feroceon-l2.c b/arch/arm/mm/cache-feroceon-l2.c
-index dd3d591..48bc3c0 100644
---- a/arch/arm/mm/cache-feroceon-l2.c
-+++ b/arch/arm/mm/cache-feroceon-l2.c
-@@ -343,6 +343,7 @@ void __init feroceon_l2_init(int __l2_wt_override)
- outer_cache.inv_range = feroceon_l2_inv_range;
- outer_cache.clean_range = feroceon_l2_clean_range;
- outer_cache.flush_range = feroceon_l2_flush_range;
-+ outer_cache.inv_all = l2_inv_all;
-
- enable_l2();
-
-diff --git a/arch/arm/mm/proc-arm920.S b/arch/arm/mm/proc-arm920.S
-index 2c3b942..2556cf1 100644
---- a/arch/arm/mm/proc-arm920.S
-+++ b/arch/arm/mm/proc-arm920.S
-@@ -387,7 +387,7 @@ ENTRY(cpu_arm920_set_pte_ext)
- /* Suspend/resume support: taken from arch/arm/plat-s3c24xx/sleep.S */
- .globl cpu_arm920_suspend_size
- .equ cpu_arm920_suspend_size, 4 * 3
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ARM_CPU_SUSPEND
- ENTRY(cpu_arm920_do_suspend)
- stmfd sp!, {r4 - r6, lr}
- mrc p15, 0, r4, c13, c0, 0 @ PID
-diff --git a/arch/arm/mm/proc-arm926.S b/arch/arm/mm/proc-arm926.S
-index f1803f7e..344c8a5 100644
---- a/arch/arm/mm/proc-arm926.S
-+++ b/arch/arm/mm/proc-arm926.S
-@@ -402,7 +402,7 @@ ENTRY(cpu_arm926_set_pte_ext)
- /* Suspend/resume support: taken from arch/arm/plat-s3c24xx/sleep.S */
- .globl cpu_arm926_suspend_size
- .equ cpu_arm926_suspend_size, 4 * 3
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ARM_CPU_SUSPEND
- ENTRY(cpu_arm926_do_suspend)
- stmfd sp!, {r4 - r6, lr}
- mrc p15, 0, r4, c13, c0, 0 @ PID
-diff --git a/arch/arm/mm/proc-mohawk.S b/arch/arm/mm/proc-mohawk.S
-index 82f9cdc..0b60dd3 100644
---- a/arch/arm/mm/proc-mohawk.S
-+++ b/arch/arm/mm/proc-mohawk.S
-@@ -350,7 +350,7 @@ ENTRY(cpu_mohawk_set_pte_ext)
-
- .globl cpu_mohawk_suspend_size
- .equ cpu_mohawk_suspend_size, 4 * 6
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ARM_CPU_SUSPEND
- ENTRY(cpu_mohawk_do_suspend)
- stmfd sp!, {r4 - r9, lr}
- mrc p14, 0, r4, c6, c0, 0 @ clock configuration, for turbo mode
-diff --git a/arch/arm/mm/proc-sa1100.S b/arch/arm/mm/proc-sa1100.S
-index 3aa0da1..d92dfd0 100644
---- a/arch/arm/mm/proc-sa1100.S
-+++ b/arch/arm/mm/proc-sa1100.S
-@@ -172,7 +172,7 @@ ENTRY(cpu_sa1100_set_pte_ext)
-
- .globl cpu_sa1100_suspend_size
- .equ cpu_sa1100_suspend_size, 4 * 3
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ARM_CPU_SUSPEND
- ENTRY(cpu_sa1100_do_suspend)
- stmfd sp!, {r4 - r6, lr}
- mrc p15, 0, r4, c3, c0, 0 @ domain ID
-diff --git a/arch/arm/mm/proc-v6.S b/arch/arm/mm/proc-v6.S
-index 09c5233..d222215 100644
---- a/arch/arm/mm/proc-v6.S
-+++ b/arch/arm/mm/proc-v6.S
-@@ -138,7 +138,7 @@ ENTRY(cpu_v6_set_pte_ext)
- /* Suspend/resume support: taken from arch/arm/mach-s3c64xx/sleep.S */
- .globl cpu_v6_suspend_size
- .equ cpu_v6_suspend_size, 4 * 6
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ARM_CPU_SUSPEND
- ENTRY(cpu_v6_do_suspend)
- stmfd sp!, {r4 - r9, lr}
- mrc p15, 0, r4, c13, c0, 0 @ FCSE/PID
-diff --git a/arch/arm/mm/proc-xsc3.S b/arch/arm/mm/proc-xsc3.S
-index eb93d64..e8efd83 100644
---- a/arch/arm/mm/proc-xsc3.S
-+++ b/arch/arm/mm/proc-xsc3.S
-@@ -413,7 +413,7 @@ ENTRY(cpu_xsc3_set_pte_ext)
-
- .globl cpu_xsc3_suspend_size
- .equ cpu_xsc3_suspend_size, 4 * 6
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ARM_CPU_SUSPEND
- ENTRY(cpu_xsc3_do_suspend)
- stmfd sp!, {r4 - r9, lr}
- mrc p14, 0, r4, c6, c0, 0 @ clock configuration, for turbo mode
-diff --git a/arch/arm/mm/proc-xscale.S b/arch/arm/mm/proc-xscale.S
-index 2551036..e766f88 100644
---- a/arch/arm/mm/proc-xscale.S
-+++ b/arch/arm/mm/proc-xscale.S
-@@ -528,7 +528,7 @@ ENTRY(cpu_xscale_set_pte_ext)
-
- .globl cpu_xscale_suspend_size
- .equ cpu_xscale_suspend_size, 4 * 6
--#ifdef CONFIG_PM_SLEEP
-+#ifdef CONFIG_ARM_CPU_SUSPEND
- ENTRY(cpu_xscale_do_suspend)
- stmfd sp!, {r4 - r9, lr}
- mrc p14, 0, r4, c6, c0, 0 @ clock configuration, for turbo mode
-diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h
-index dbaec94..21bff32 100644
---- a/arch/mips/include/asm/page.h
-+++ b/arch/mips/include/asm/page.h
-@@ -31,7 +31,7 @@
- #define PAGE_SHIFT 16
- #endif
- #define PAGE_SIZE (_AC(1,UL) << PAGE_SHIFT)
--#define PAGE_MASK (~(PAGE_SIZE - 1))
-+#define PAGE_MASK (~((1 << PAGE_SHIFT) - 1))
-
- #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
- #define HPAGE_SHIFT (PAGE_SHIFT + PAGE_SHIFT - 3)
-diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
-index 3d990d3..e0822a3 100644
---- a/arch/powerpc/kernel/entry_64.S
-+++ b/arch/powerpc/kernel/entry_64.S
-@@ -634,7 +634,7 @@ resume_kernel:
- /* Clear _TIF_EMULATE_STACK_STORE flag */
- lis r11,_TIF_EMULATE_STACK_STORE@h
- addi r5,r9,TI_FLAGS
-- ldarx r4,0,r5
-+0: ldarx r4,0,r5
- andc r4,r4,r11
- stdcx. r4,0,r5
- bne- 0b
-diff --git a/arch/powerpc/kvm/e500mc.c b/arch/powerpc/kvm/e500mc.c
-index 1f89d26..2f4baa0 100644
---- a/arch/powerpc/kvm/e500mc.c
-+++ b/arch/powerpc/kvm/e500mc.c
-@@ -108,6 +108,8 @@ void kvmppc_mmu_msr_notify(struct kvm_vcpu *vcpu, u32 old_msr)
- {
- }
-
-+static DEFINE_PER_CPU(struct kvm_vcpu *, last_vcpu_on_cpu);
-+
- void kvmppc_core_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
- {
- struct kvmppc_vcpu_e500 *vcpu_e500 = to_e500(vcpu);
-@@ -136,8 +138,11 @@ void kvmppc_core_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
- mtspr(SPRN_GDEAR, vcpu->arch.shared->dar);
- mtspr(SPRN_GESR, vcpu->arch.shared->esr);
-
-- if (vcpu->arch.oldpir != mfspr(SPRN_PIR))
-+ if (vcpu->arch.oldpir != mfspr(SPRN_PIR) ||
-+ __get_cpu_var(last_vcpu_on_cpu) != vcpu) {
- kvmppc_e500_tlbil_all(vcpu_e500);
-+ __get_cpu_var(last_vcpu_on_cpu) = vcpu;
-+ }
-
- kvmppc_load_guest_fp(vcpu);
- }
-diff --git a/arch/s390/include/asm/io.h b/arch/s390/include/asm/io.h
-index 27cb321..379d96e 100644
---- a/arch/s390/include/asm/io.h
-+++ b/arch/s390/include/asm/io.h
-@@ -50,10 +50,6 @@ void unxlate_dev_mem_ptr(unsigned long phys, void *addr);
- #define ioremap_nocache(addr, size) ioremap(addr, size)
- #define ioremap_wc ioremap_nocache
-
--/* TODO: s390 cannot support io_remap_pfn_range... */
--#define io_remap_pfn_range(vma, vaddr, pfn, size, prot) \
-- remap_pfn_range(vma, vaddr, pfn, size, prot)
--
- static inline void __iomem *ioremap(unsigned long offset, unsigned long size)
- {
- return (void __iomem *) offset;
-diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h
-index 098adbb..1532d7f 100644
---- a/arch/s390/include/asm/pgtable.h
-+++ b/arch/s390/include/asm/pgtable.h
-@@ -56,6 +56,10 @@ extern unsigned long zero_page_mask;
- (((unsigned long)(vaddr)) &zero_page_mask))))
- #define __HAVE_COLOR_ZERO_PAGE
-
-+/* TODO: s390 cannot support io_remap_pfn_range... */
-+#define io_remap_pfn_range(vma, vaddr, pfn, size, prot) \
-+ remap_pfn_range(vma, vaddr, pfn, size, prot)
-+
- #endif /* !__ASSEMBLY__ */
-
- /*
-diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index dc87b65..85039f9 100644
---- a/arch/x86/include/asm/kvm_host.h
-+++ b/arch/x86/include/asm/kvm_host.h
-@@ -419,8 +419,8 @@ struct kvm_vcpu_arch {
- gpa_t time;
- struct pvclock_vcpu_time_info hv_clock;
- unsigned int hw_tsc_khz;
-- unsigned int time_offset;
-- struct page *time_page;
-+ struct gfn_to_hva_cache pv_time;
-+ bool pv_time_enabled;
- /* set guest stopped flag in pvclock flags field */
- bool pvclock_set_guest_stopped_request;
-
-diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
-index 4914e94..70602f8 100644
---- a/arch/x86/kernel/cpu/perf_event_intel.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel.c
-@@ -128,8 +128,14 @@ static struct event_constraint intel_gen_event_constraints[] __read_mostly =
- };
-
- static struct extra_reg intel_snb_extra_regs[] __read_mostly = {
-- INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3fffffffffull, RSP_0),
-- INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3fffffffffull, RSP_1),
-+ INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3f807f8fffull, RSP_0),
-+ INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3f807f8fffull, RSP_1),
-+ EVENT_EXTRA_END
-+};
-+
-+static struct extra_reg intel_snbep_extra_regs[] __read_mostly = {
-+ INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3fffff8fffull, RSP_0),
-+ INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3fffff8fffull, RSP_1),
- EVENT_EXTRA_END
- };
-
-@@ -2072,7 +2078,10 @@ __init int intel_pmu_init(void)
- x86_pmu.event_constraints = intel_snb_event_constraints;
- x86_pmu.pebs_constraints = intel_snb_pebs_event_constraints;
- x86_pmu.pebs_aliases = intel_pebs_aliases_snb;
-- x86_pmu.extra_regs = intel_snb_extra_regs;
-+ if (boot_cpu_data.x86_model == 45)
-+ x86_pmu.extra_regs = intel_snbep_extra_regs;
-+ else
-+ x86_pmu.extra_regs = intel_snb_extra_regs;
- /* all extra regs are per-cpu when HT is on */
- x86_pmu.er_flags |= ERF_HAS_RSP_1;
- x86_pmu.er_flags |= ERF_NO_HT_SHARING;
-@@ -2098,7 +2107,10 @@ __init int intel_pmu_init(void)
- x86_pmu.event_constraints = intel_snb_event_constraints;
- x86_pmu.pebs_constraints = intel_ivb_pebs_event_constraints;
- x86_pmu.pebs_aliases = intel_pebs_aliases_snb;
-- x86_pmu.extra_regs = intel_snb_extra_regs;
-+ if (boot_cpu_data.x86_model == 62)
-+ x86_pmu.extra_regs = intel_snbep_extra_regs;
-+ else
-+ x86_pmu.extra_regs = intel_snb_extra_regs;
- /* all extra regs are per-cpu when HT is on */
- x86_pmu.er_flags |= ERF_HAS_RSP_1;
- x86_pmu.er_flags |= ERF_NO_HT_SHARING;
-diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 9392f52..a2f492c 100644
---- a/arch/x86/kvm/lapic.c
-+++ b/arch/x86/kvm/lapic.c
-@@ -1781,7 +1781,7 @@ int kvm_lapic_enable_pv_eoi(struct kvm_vcpu *vcpu, u64 data)
- if (!pv_eoi_enabled(vcpu))
- return 0;
- return kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.pv_eoi.data,
-- addr);
-+ addr, sizeof(u8));
- }
-
- void kvm_lapic_init(void)
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index c243b81..9a51121 100644
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -1408,10 +1408,9 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
- unsigned long flags, this_tsc_khz;
- struct kvm_vcpu_arch *vcpu = &v->arch;
- struct kvm_arch *ka = &v->kvm->arch;
-- void *shared_kaddr;
- s64 kernel_ns, max_kernel_ns;
- u64 tsc_timestamp, host_tsc;
-- struct pvclock_vcpu_time_info *guest_hv_clock;
-+ struct pvclock_vcpu_time_info guest_hv_clock;
- u8 pvclock_flags;
- bool use_master_clock;
-
-@@ -1465,7 +1464,7 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
-
- local_irq_restore(flags);
-
-- if (!vcpu->time_page)
-+ if (!vcpu->pv_time_enabled)
- return 0;
-
- /*
-@@ -1527,12 +1526,12 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
- */
- vcpu->hv_clock.version += 2;
-
-- shared_kaddr = kmap_atomic(vcpu->time_page);
--
-- guest_hv_clock = shared_kaddr + vcpu->time_offset;
-+ if (unlikely(kvm_read_guest_cached(v->kvm, &vcpu->pv_time,
-+ &guest_hv_clock, sizeof(guest_hv_clock))))
-+ return 0;
-
- /* retain PVCLOCK_GUEST_STOPPED if set in guest copy */
-- pvclock_flags = (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED);
-+ pvclock_flags = (guest_hv_clock.flags & PVCLOCK_GUEST_STOPPED);
-
- if (vcpu->pvclock_set_guest_stopped_request) {
- pvclock_flags |= PVCLOCK_GUEST_STOPPED;
-@@ -1545,12 +1544,9 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
-
- vcpu->hv_clock.flags = pvclock_flags;
-
-- memcpy(shared_kaddr + vcpu->time_offset, &vcpu->hv_clock,
-- sizeof(vcpu->hv_clock));
--
-- kunmap_atomic(shared_kaddr);
--
-- mark_page_dirty(v->kvm, vcpu->time >> PAGE_SHIFT);
-+ kvm_write_guest_cached(v->kvm, &vcpu->pv_time,
-+ &vcpu->hv_clock,
-+ sizeof(vcpu->hv_clock));
- return 0;
- }
-
-@@ -1829,7 +1825,8 @@ static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data)
- return 0;
- }
-
-- if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa))
-+ if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa,
-+ sizeof(u32)))
- return 1;
-
- vcpu->arch.apf.send_user_only = !(data & KVM_ASYNC_PF_SEND_ALWAYS);
-@@ -1839,10 +1836,7 @@ static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data)
-
- static void kvmclock_reset(struct kvm_vcpu *vcpu)
- {
-- if (vcpu->arch.time_page) {
-- kvm_release_page_dirty(vcpu->arch.time_page);
-- vcpu->arch.time_page = NULL;
-- }
-+ vcpu->arch.pv_time_enabled = false;
- }
-
- static void accumulate_steal_time(struct kvm_vcpu *vcpu)
-@@ -1948,6 +1942,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
- break;
- case MSR_KVM_SYSTEM_TIME_NEW:
- case MSR_KVM_SYSTEM_TIME: {
-+ u64 gpa_offset;
- kvmclock_reset(vcpu);
-
- vcpu->arch.time = data;
-@@ -1957,14 +1952,14 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
- if (!(data & 1))
- break;
-
-- /* ...but clean it before doing the actual write */
-- vcpu->arch.time_offset = data & ~(PAGE_MASK | 1);
--
-- vcpu->arch.time_page =
-- gfn_to_page(vcpu->kvm, data >> PAGE_SHIFT);
-+ gpa_offset = data & ~(PAGE_MASK | 1);
-
-- if (is_error_page(vcpu->arch.time_page))
-- vcpu->arch.time_page = NULL;
-+ if (kvm_gfn_to_hva_cache_init(vcpu->kvm,
-+ &vcpu->arch.pv_time, data & ~1ULL,
-+ sizeof(struct pvclock_vcpu_time_info)))
-+ vcpu->arch.pv_time_enabled = false;
-+ else
-+ vcpu->arch.pv_time_enabled = true;
-
- break;
- }
-@@ -1981,7 +1976,8 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
- return 1;
-
- if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime,
-- data & KVM_STEAL_VALID_BITS))
-+ data & KVM_STEAL_VALID_BITS,
-+ sizeof(struct kvm_steal_time)))
- return 1;
-
- vcpu->arch.st.msr_val = data;
-@@ -2967,7 +2963,7 @@ static int kvm_vcpu_ioctl_x86_set_xcrs(struct kvm_vcpu *vcpu,
- */
- static int kvm_set_guest_paused(struct kvm_vcpu *vcpu)
- {
-- if (!vcpu->arch.time_page)
-+ if (!vcpu->arch.pv_time_enabled)
- return -EINVAL;
- vcpu->arch.pvclock_set_guest_stopped_request = true;
- kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
-@@ -6661,6 +6657,7 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
- goto fail_free_wbinvd_dirty_mask;
-
- vcpu->arch.ia32_tsc_adjust_msr = 0x0;
-+ vcpu->arch.pv_time_enabled = false;
- kvm_async_pf_hash_reset(vcpu);
- kvm_pmu_init(vcpu);
-
-diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
-index ef5356c..0262210 100644
---- a/crypto/algif_hash.c
-+++ b/crypto/algif_hash.c
-@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
- else if (len < ds)
- msg->msg_flags |= MSG_TRUNC;
-
-+ msg->msg_namelen = 0;
-+
- lock_sock(sk);
- if (ctx->more) {
- ctx->more = 0;
-diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
-index 6a6dfc0..a1c4f0a 100644
---- a/crypto/algif_skcipher.c
-+++ b/crypto/algif_skcipher.c
-@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
- long copied = 0;
-
- lock_sock(sk);
-+ msg->msg_namelen = 0;
- for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
- iovlen--, iov++) {
- unsigned long seglen = iov->iov_len;
-diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
-index fe6d4be..615d262 100644
---- a/drivers/char/hpet.c
-+++ b/drivers/char/hpet.c
-@@ -373,26 +373,14 @@ static int hpet_mmap(struct file *file, struct vm_area_struct *vma)
- struct hpet_dev *devp;
- unsigned long addr;
-
-- if (((vma->vm_end - vma->vm_start) != PAGE_SIZE) || vma->vm_pgoff)
-- return -EINVAL;
--
- devp = file->private_data;
- addr = devp->hd_hpets->hp_hpet_phys;
-
- if (addr & (PAGE_SIZE - 1))
- return -ENOSYS;
-
-- vma->vm_flags |= VM_IO;
- vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
--
-- if (io_remap_pfn_range(vma, vma->vm_start, addr >> PAGE_SHIFT,
-- PAGE_SIZE, vma->vm_page_prot)) {
-- printk(KERN_ERR "%s: io_remap_pfn_range failed\n",
-- __func__);
-- return -EAGAIN;
-- }
--
-- return 0;
-+ return vm_iomap_memory(vma, addr, PAGE_SIZE);
- #else
- return -ENOSYS;
- #endif
-diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 75b1f89..fd86b37 100644
---- a/drivers/md/raid1.c
-+++ b/drivers/md/raid1.c
-@@ -1001,6 +1001,7 @@ static void make_request(struct mddev *mddev, struct bio * bio)
- const unsigned long do_flush_fua = (bio->bi_rw & (REQ_FLUSH | REQ_FUA));
- const unsigned long do_discard = (bio->bi_rw
- & (REQ_DISCARD | REQ_SECURE));
-+ const unsigned long do_same = (bio->bi_rw & REQ_WRITE_SAME);
- struct md_rdev *blocked_rdev;
- struct blk_plug_cb *cb;
- struct raid1_plug_cb *plug = NULL;
-@@ -1302,7 +1303,8 @@ read_again:
- conf->mirrors[i].rdev->data_offset);
- mbio->bi_bdev = conf->mirrors[i].rdev->bdev;
- mbio->bi_end_io = raid1_end_write_request;
-- mbio->bi_rw = WRITE | do_flush_fua | do_sync | do_discard;
-+ mbio->bi_rw =
-+ WRITE | do_flush_fua | do_sync | do_discard | do_same;
- mbio->bi_private = r1_bio;
-
- atomic_inc(&r1_bio->remaining);
-@@ -2819,6 +2821,9 @@ static int run(struct mddev *mddev)
- if (IS_ERR(conf))
- return PTR_ERR(conf);
-
-+ if (mddev->queue)
-+ blk_queue_max_write_same_sectors(mddev->queue,
-+ mddev->chunk_sectors);
- rdev_for_each(rdev, mddev) {
- if (!mddev->gendisk)
- continue;
-diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 8d925dc..b3898d4 100644
---- a/drivers/md/raid10.c
-+++ b/drivers/md/raid10.c
-@@ -1106,6 +1106,7 @@ static void make_request(struct mddev *mddev, struct bio * bio)
- const unsigned long do_fua = (bio->bi_rw & REQ_FUA);
- const unsigned long do_discard = (bio->bi_rw
- & (REQ_DISCARD | REQ_SECURE));
-+ const unsigned long do_same = (bio->bi_rw & REQ_WRITE_SAME);
- unsigned long flags;
- struct md_rdev *blocked_rdev;
- struct blk_plug_cb *cb;
-@@ -1461,7 +1462,8 @@ retry_write:
- rdev));
- mbio->bi_bdev = rdev->bdev;
- mbio->bi_end_io = raid10_end_write_request;
-- mbio->bi_rw = WRITE | do_sync | do_fua | do_discard;
-+ mbio->bi_rw =
-+ WRITE | do_sync | do_fua | do_discard | do_same;
- mbio->bi_private = r10_bio;
-
- atomic_inc(&r10_bio->remaining);
-@@ -1503,7 +1505,8 @@ retry_write:
- r10_bio, rdev));
- mbio->bi_bdev = rdev->bdev;
- mbio->bi_end_io = raid10_end_write_request;
-- mbio->bi_rw = WRITE | do_sync | do_fua | do_discard;
-+ mbio->bi_rw =
-+ WRITE | do_sync | do_fua | do_discard | do_same;
- mbio->bi_private = r10_bio;
-
- atomic_inc(&r10_bio->remaining);
-@@ -3570,6 +3573,8 @@ static int run(struct mddev *mddev)
- if (mddev->queue) {
- blk_queue_max_discard_sectors(mddev->queue,
- mddev->chunk_sectors);
-+ blk_queue_max_write_same_sectors(mddev->queue,
-+ mddev->chunk_sectors);
- blk_queue_io_min(mddev->queue, chunk_size);
- if (conf->geo.raid_disks % conf->geo.near_copies)
- blk_queue_io_opt(mddev->queue, chunk_size * conf->geo.raid_disks);
-diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
-index 82c0616..6e3d6dc 100644
---- a/drivers/mtd/mtdchar.c
-+++ b/drivers/mtd/mtdchar.c
-@@ -1159,45 +1159,17 @@ static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma)
- struct mtd_file_info *mfi = file->private_data;
- struct mtd_info *mtd = mfi->mtd;
- struct map_info *map = mtd->priv;
-- resource_size_t start, off;
-- unsigned long len, vma_len;
-
- /* This is broken because it assumes the MTD device is map-based
- and that mtd->priv is a valid struct map_info. It should be
- replaced with something that uses the mtd_get_unmapped_area()
- operation properly. */
- if (0 /*mtd->type == MTD_RAM || mtd->type == MTD_ROM*/) {
-- off = get_vm_offset(vma);
-- start = map->phys;
-- len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size);
-- start &= PAGE_MASK;
-- vma_len = get_vm_size(vma);
--
-- /* Overflow in off+len? */
-- if (vma_len + off < off)
-- return -EINVAL;
-- /* Does it fit in the mapping? */
-- if (vma_len + off > len)
-- return -EINVAL;
--
-- off += start;
-- /* Did that overflow? */
-- if (off < start)
-- return -EINVAL;
-- if (set_vm_offset(vma, off) < 0)
-- return -EINVAL;
-- vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP;
--
- #ifdef pgprot_noncached
-- if (file->f_flags & O_DSYNC || off >= __pa(high_memory))
-+ if (file->f_flags & O_DSYNC || map->phys >= __pa(high_memory))
- vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
- #endif
-- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
-- vma->vm_end - vma->vm_start,
-- vma->vm_page_prot))
-- return -EAGAIN;
--
-- return 0;
-+ return vm_iomap_memory(vma, map->phys, map->size);
- }
- return -ENOSYS;
- #else
-diff --git a/drivers/net/can/mcp251x.c b/drivers/net/can/mcp251x.c
-index 5eaf47b..42b6d69 100644
---- a/drivers/net/can/mcp251x.c
-+++ b/drivers/net/can/mcp251x.c
-@@ -922,6 +922,7 @@ static int mcp251x_open(struct net_device *net)
- struct mcp251x_priv *priv = netdev_priv(net);
- struct spi_device *spi = priv->spi;
- struct mcp251x_platform_data *pdata = spi->dev.platform_data;
-+ unsigned long flags;
- int ret;
-
- ret = open_candev(net);
-@@ -938,9 +939,14 @@ static int mcp251x_open(struct net_device *net)
- priv->tx_skb = NULL;
- priv->tx_len = 0;
-
-+ flags = IRQF_ONESHOT;
-+ if (pdata->irq_flags)
-+ flags |= pdata->irq_flags;
-+ else
-+ flags |= IRQF_TRIGGER_FALLING;
-+
- ret = request_threaded_irq(spi->irq, NULL, mcp251x_can_ist,
-- pdata->irq_flags ? pdata->irq_flags : IRQF_TRIGGER_FALLING,
-- DEVICE_NAME, priv);
-+ flags, DEVICE_NAME, priv);
- if (ret) {
- dev_err(&spi->dev, "failed to acquire irq %d\n", spi->irq);
- if (pdata->transceiver_enable)
-diff --git a/drivers/net/can/sja1000/sja1000_of_platform.c b/drivers/net/can/sja1000/sja1000_of_platform.c
-index 6433b81..8e0c4a0 100644
---- a/drivers/net/can/sja1000/sja1000_of_platform.c
-+++ b/drivers/net/can/sja1000/sja1000_of_platform.c
-@@ -96,8 +96,8 @@ static int sja1000_ofp_probe(struct platform_device *ofdev)
- struct net_device *dev;
- struct sja1000_priv *priv;
- struct resource res;
-- const u32 *prop;
-- int err, irq, res_size, prop_size;
-+ u32 prop;
-+ int err, irq, res_size;
- void __iomem *base;
-
- err = of_address_to_resource(np, 0, &res);
-@@ -138,27 +138,27 @@ static int sja1000_ofp_probe(struct platform_device *ofdev)
- priv->read_reg = sja1000_ofp_read_reg;
- priv->write_reg = sja1000_ofp_write_reg;
-
-- prop = of_get_property(np, "nxp,external-clock-frequency", &prop_size);
-- if (prop && (prop_size == sizeof(u32)))
-- priv->can.clock.freq = *prop / 2;
-+ err = of_property_read_u32(np, "nxp,external-clock-frequency", &prop);
-+ if (!err)
-+ priv->can.clock.freq = prop / 2;
- else
- priv->can.clock.freq = SJA1000_OFP_CAN_CLOCK; /* default */
-
-- prop = of_get_property(np, "nxp,tx-output-mode", &prop_size);
-- if (prop && (prop_size == sizeof(u32)))
-- priv->ocr |= *prop & OCR_MODE_MASK;
-+ err = of_property_read_u32(np, "nxp,tx-output-mode", &prop);
-+ if (!err)
-+ priv->ocr |= prop & OCR_MODE_MASK;
- else
- priv->ocr |= OCR_MODE_NORMAL; /* default */
-
-- prop = of_get_property(np, "nxp,tx-output-config", &prop_size);
-- if (prop && (prop_size == sizeof(u32)))
-- priv->ocr |= (*prop << OCR_TX_SHIFT) & OCR_TX_MASK;
-+ err = of_property_read_u32(np, "nxp,tx-output-config", &prop);
-+ if (!err)
-+ priv->ocr |= (prop << OCR_TX_SHIFT) & OCR_TX_MASK;
- else
- priv->ocr |= OCR_TX0_PULLDOWN; /* default */
-
-- prop = of_get_property(np, "nxp,clock-out-frequency", &prop_size);
-- if (prop && (prop_size == sizeof(u32)) && *prop) {
-- u32 divider = priv->can.clock.freq * 2 / *prop;
-+ err = of_property_read_u32(np, "nxp,clock-out-frequency", &prop);
-+ if (!err && prop) {
-+ u32 divider = priv->can.clock.freq * 2 / prop;
-
- if (divider > 1)
- priv->cdr |= divider / 2 - 1;
-@@ -168,8 +168,7 @@ static int sja1000_ofp_probe(struct platform_device *ofdev)
- priv->cdr |= CDR_CLK_OFF; /* default */
- }
-
-- prop = of_get_property(np, "nxp,no-comparator-bypass", NULL);
-- if (!prop)
-+ if (!of_property_read_bool(np, "nxp,no-comparator-bypass"))
- priv->cdr |= CDR_CBP; /* default */
-
- priv->irq_flags = IRQF_SHARED;
-diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
-index 8a5253c..6917998 100644
---- a/drivers/net/ethernet/broadcom/tg3.c
-+++ b/drivers/net/ethernet/broadcom/tg3.c
-@@ -330,6 +330,7 @@ static DEFINE_PCI_DEVICE_TABLE(tg3_pci_tbl) = {
- {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, TG3PCI_DEVICE_TIGON3_5719)},
- {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, TG3PCI_DEVICE_TIGON3_5720)},
- {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, TG3PCI_DEVICE_TIGON3_57762)},
-+ {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, TG3PCI_DEVICE_TIGON3_57766)},
- {PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9DXX)},
- {PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9MXX)},
- {PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1000)},
-@@ -9103,7 +9104,14 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy)
- }
-
- if (GET_CHIP_REV(tp->pci_chip_rev_id) != CHIPREV_57765_AX) {
-- u32 grc_mode = tr32(GRC_MODE);
-+ u32 grc_mode;
-+
-+ /* Fix transmit hangs */
-+ val = tr32(TG3_CPMU_PADRNG_CTL);
-+ val |= TG3_CPMU_PADRNG_CTL_RDIV2;
-+ tw32(TG3_CPMU_PADRNG_CTL, val);
-+
-+ grc_mode = tr32(GRC_MODE);
-
- /* Access the lower 1K of DL PCIE block registers. */
- val = grc_mode & ~GRC_MODE_PCIE_PORT_MASK;
-@@ -9413,6 +9421,14 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy)
- if (tg3_flag(tp, PCI_EXPRESS))
- rdmac_mode |= RDMAC_MODE_FIFO_LONG_BURST;
-
-+ if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_57766) {
-+ tp->dma_limit = 0;
-+ if (tp->dev->mtu <= ETH_DATA_LEN) {
-+ rdmac_mode |= RDMAC_MODE_JMB_2K_MMRR;
-+ tp->dma_limit = TG3_TX_BD_DMA_MAX_2K;
-+ }
-+ }
-+
- if (tg3_flag(tp, HW_TSO_1) ||
- tg3_flag(tp, HW_TSO_2) ||
- tg3_flag(tp, HW_TSO_3))
-diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
-index d330e81..6f9b74c 100644
---- a/drivers/net/ethernet/broadcom/tg3.h
-+++ b/drivers/net/ethernet/broadcom/tg3.h
-@@ -1159,6 +1159,8 @@
- #define CPMU_MUTEX_GNT_DRIVER 0x00001000
- #define TG3_CPMU_PHY_STRAP 0x00003664
- #define TG3_CPMU_PHY_STRAP_IS_SERDES 0x00000020
-+#define TG3_CPMU_PADRNG_CTL 0x00003668
-+#define TG3_CPMU_PADRNG_CTL_RDIV2 0x00040000
- /* 0x3664 --> 0x36b0 unused */
-
- #define TG3_CPMU_EEE_MODE 0x000036b0
-diff --git a/drivers/net/wireless/ath/ath9k/ar9580_1p0_initvals.h b/drivers/net/wireless/ath/ath9k/ar9580_1p0_initvals.h
-index 6e1915a..c00c13a 100644
---- a/drivers/net/wireless/ath/ath9k/ar9580_1p0_initvals.h
-+++ b/drivers/net/wireless/ath/ath9k/ar9580_1p0_initvals.h
-@@ -519,7 +519,7 @@ static const u32 ar9580_1p0_mac_core[][2] = {
- {0x00008258, 0x00000000},
- {0x0000825c, 0x40000000},
- {0x00008260, 0x00080922},
-- {0x00008264, 0x9bc00010},
-+ {0x00008264, 0x9d400010},
- {0x00008268, 0xffffffff},
- {0x0000826c, 0x0000ffff},
- {0x00008270, 0x00000000},
-diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_init.c b/drivers/net/wireless/ath/ath9k/htc_drv_init.c
-index 05d5ba6..0663653 100644
---- a/drivers/net/wireless/ath/ath9k/htc_drv_init.c
-+++ b/drivers/net/wireless/ath/ath9k/htc_drv_init.c
-@@ -796,7 +796,7 @@ static int ath9k_init_firmware_version(struct ath9k_htc_priv *priv)
- * required version.
- */
- if (priv->fw_version_major != MAJOR_VERSION_REQ ||
-- priv->fw_version_minor != MINOR_VERSION_REQ) {
-+ priv->fw_version_minor < MINOR_VERSION_REQ) {
- dev_err(priv->dev, "ath9k_htc: Please upgrade to FW version %d.%d\n",
- MAJOR_VERSION_REQ, MINOR_VERSION_REQ);
- return -EINVAL;
-diff --git a/drivers/net/wireless/b43/phy_n.c b/drivers/net/wireless/b43/phy_n.c
-index e8486c1..b70f220 100644
---- a/drivers/net/wireless/b43/phy_n.c
-+++ b/drivers/net/wireless/b43/phy_n.c
-@@ -5165,7 +5165,8 @@ static void b43_nphy_pmu_spur_avoid(struct b43_wldev *dev, bool avoid)
- #endif
- #ifdef CONFIG_B43_SSB
- case B43_BUS_SSB:
-- /* FIXME */
-+ ssb_pmu_spuravoid_pllupdate(&dev->dev->sdev->bus->chipco,
-+ avoid);
- break;
- #endif
- }
-diff --git a/drivers/ssb/driver_chipcommon_pmu.c b/drivers/ssb/driver_chipcommon_pmu.c
-index a43415a..bc75528 100644
---- a/drivers/ssb/driver_chipcommon_pmu.c
-+++ b/drivers/ssb/driver_chipcommon_pmu.c
-@@ -675,3 +675,32 @@ u32 ssb_pmu_get_controlclock(struct ssb_chipcommon *cc)
- return 0;
- }
- }
-+
-+void ssb_pmu_spuravoid_pllupdate(struct ssb_chipcommon *cc, int spuravoid)
-+{
-+ u32 pmu_ctl = 0;
-+
-+ switch (cc->dev->bus->chip_id) {
-+ case 0x4322:
-+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL0, 0x11100070);
-+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL1, 0x1014140a);
-+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL5, 0x88888854);
-+ if (spuravoid == 1)
-+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL2, 0x05201828);
-+ else
-+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL2, 0x05001828);
-+ pmu_ctl = SSB_CHIPCO_PMU_CTL_PLL_UPD;
-+ break;
-+ case 43222:
-+ /* TODO: BCM43222 requires updating PLLs too */
-+ return;
-+ default:
-+ ssb_printk(KERN_ERR PFX
-+ "Unknown spuravoidance settings for chip 0x%04X, not changing PLL\n",
-+ cc->dev->bus->chip_id);
-+ return;
-+ }
-+
-+ chipco_set32(cc, SSB_CHIPCO_PMU_CTL, pmu_ctl);
-+}
-+EXPORT_SYMBOL_GPL(ssb_pmu_spuravoid_pllupdate);
-diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index dc61c12..0a49456 100644
---- a/drivers/video/fbmem.c
-+++ b/drivers/video/fbmem.c
-@@ -1373,15 +1373,12 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
- {
- struct fb_info *info = file_fb_info(file);
- struct fb_ops *fb;
-- unsigned long off;
-+ unsigned long mmio_pgoff;
- unsigned long start;
- u32 len;
-
- if (!info)
- return -ENODEV;
-- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT))
-- return -EINVAL;
-- off = vma->vm_pgoff << PAGE_SHIFT;
- fb = info->fbops;
- if (!fb)
- return -ENODEV;
-@@ -1393,32 +1390,24 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
- return res;
- }
-
-- /* frame buffer memory */
-+ /*
-+ * Ugh. This can be either the frame buffer mapping, or
-+ * if pgoff points past it, the mmio mapping.
-+ */
- start = info->fix.smem_start;
-- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.smem_len);
-- if (off >= len) {
-- /* memory mapped io */
-- off -= len;
-- if (info->var.accel_flags) {
-- mutex_unlock(&info->mm_lock);
-- return -EINVAL;
-- }
-+ len = info->fix.smem_len;
-+ mmio_pgoff = PAGE_ALIGN((start & ~PAGE_MASK) + len) >> PAGE_SHIFT;
-+ if (vma->vm_pgoff >= mmio_pgoff) {
-+ vma->vm_pgoff -= mmio_pgoff;
- start = info->fix.mmio_start;
-- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.mmio_len);
-+ len = info->fix.mmio_len;
- }
- mutex_unlock(&info->mm_lock);
-- start &= PAGE_MASK;
-- if ((vma->vm_end - vma->vm_start + off) > len)
-- return -EINVAL;
-- off += start;
-- vma->vm_pgoff = off >> PAGE_SHIFT;
-- /* VM_IO | VM_DONTEXPAND | VM_DONTDUMP are set by io_remap_pfn_range()*/
-+
- vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
-- fb_pgprotect(file, vma, off);
-- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
-- vma->vm_end - vma->vm_start, vma->vm_page_prot))
-- return -EAGAIN;
-- return 0;
-+ fb_pgprotect(file, vma, start);
-+
-+ return vm_iomap_memory(vma, start, len);
- }
-
- static int
-diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 0c42cdb..5843a47 100644
---- a/fs/binfmt_elf.c
-+++ b/fs/binfmt_elf.c
-@@ -1132,6 +1132,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
- goto whole;
- if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
- goto whole;
-+ return 0;
- }
-
- /* Do not dump I/O mapped devices or special mappings */
-diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
-index 744a69b..8a00e2f 100644
---- a/fs/btrfs/tree-log.c
-+++ b/fs/btrfs/tree-log.c
-@@ -318,6 +318,7 @@ static noinline int overwrite_item(struct btrfs_trans_handle *trans,
- unsigned long src_ptr;
- unsigned long dst_ptr;
- int overwrite_root = 0;
-+ bool inode_item = key->type == BTRFS_INODE_ITEM_KEY;
-
- if (root->root_key.objectid != BTRFS_TREE_LOG_OBJECTID)
- overwrite_root = 1;
-@@ -327,6 +328,9 @@ static noinline int overwrite_item(struct btrfs_trans_handle *trans,
-
- /* look for the key in the destination tree */
- ret = btrfs_search_slot(NULL, root, key, path, 0, 0);
-+ if (ret < 0)
-+ return ret;
-+
- if (ret == 0) {
- char *src_copy;
- char *dst_copy;
-@@ -368,6 +372,30 @@ static noinline int overwrite_item(struct btrfs_trans_handle *trans,
- return 0;
- }
-
-+ /*
-+ * We need to load the old nbytes into the inode so when we
-+ * replay the extents we've logged we get the right nbytes.
-+ */
-+ if (inode_item) {
-+ struct btrfs_inode_item *item;
-+ u64 nbytes;
-+
-+ item = btrfs_item_ptr(path->nodes[0], path->slots[0],
-+ struct btrfs_inode_item);
-+ nbytes = btrfs_inode_nbytes(path->nodes[0], item);
-+ item = btrfs_item_ptr(eb, slot,
-+ struct btrfs_inode_item);
-+ btrfs_set_inode_nbytes(eb, item, nbytes);
-+ }
-+ } else if (inode_item) {
-+ struct btrfs_inode_item *item;
-+
-+ /*
-+ * New inode, set nbytes to 0 so that the nbytes comes out
-+ * properly when we replay the extents.
-+ */
-+ item = btrfs_item_ptr(eb, slot, struct btrfs_inode_item);
-+ btrfs_set_inode_nbytes(eb, item, 0);
- }
- insert:
- btrfs_release_path(path);
-@@ -488,7 +516,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans,
- u64 mask = root->sectorsize - 1;
- u64 extent_end;
- u64 start = key->offset;
-- u64 saved_nbytes;
-+ u64 nbytes = 0;
- struct btrfs_file_extent_item *item;
- struct inode *inode = NULL;
- unsigned long size;
-@@ -498,10 +526,19 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans,
- found_type = btrfs_file_extent_type(eb, item);
-
- if (found_type == BTRFS_FILE_EXTENT_REG ||
-- found_type == BTRFS_FILE_EXTENT_PREALLOC)
-- extent_end = start + btrfs_file_extent_num_bytes(eb, item);
-- else if (found_type == BTRFS_FILE_EXTENT_INLINE) {
-+ found_type == BTRFS_FILE_EXTENT_PREALLOC) {
-+ nbytes = btrfs_file_extent_num_bytes(eb, item);
-+ extent_end = start + nbytes;
-+
-+ /*
-+ * We don't add to the inodes nbytes if we are prealloc or a
-+ * hole.
-+ */
-+ if (btrfs_file_extent_disk_bytenr(eb, item) == 0)
-+ nbytes = 0;
-+ } else if (found_type == BTRFS_FILE_EXTENT_INLINE) {
- size = btrfs_file_extent_inline_len(eb, item);
-+ nbytes = btrfs_file_extent_ram_bytes(eb, item);
- extent_end = (start + size + mask) & ~mask;
- } else {
- ret = 0;
-@@ -550,7 +587,6 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans,
- }
- btrfs_release_path(path);
-
-- saved_nbytes = inode_get_bytes(inode);
- /* drop any overlapping extents */
- ret = btrfs_drop_extents(trans, root, inode, start, extent_end, 1);
- BUG_ON(ret);
-@@ -637,7 +673,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans,
- BUG_ON(ret);
- }
-
-- inode_set_bytes(inode, saved_nbytes);
-+ inode_add_bytes(inode, nbytes);
- ret = btrfs_update_inode(trans, root, inode);
- out:
- if (inode)
-diff --git a/fs/hfsplus/extents.c b/fs/hfsplus/extents.c
-index eba76ea..fc8ddc1 100644
---- a/fs/hfsplus/extents.c
-+++ b/fs/hfsplus/extents.c
-@@ -533,7 +533,7 @@ void hfsplus_file_truncate(struct inode *inode)
- struct address_space *mapping = inode->i_mapping;
- struct page *page;
- void *fsdata;
-- u32 size = inode->i_size;
-+ loff_t size = inode->i_size;
-
- res = pagecache_write_begin(NULL, mapping, size, 0,
- AOP_FLAG_UNINTERRUPTIBLE,
-diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
-index 78bde32..ccee8cc 100644
---- a/fs/hugetlbfs/inode.c
-+++ b/fs/hugetlbfs/inode.c
-@@ -110,7 +110,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma)
- * way when do_mmap_pgoff unwinds (may be important on powerpc
- * and ia64).
- */
-- vma->vm_flags |= VM_HUGETLB | VM_DONTEXPAND | VM_DONTDUMP;
-+ vma->vm_flags |= VM_HUGETLB | VM_DONTEXPAND;
- vma->vm_ops = &hugetlb_vm_ops;
-
- if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT))
-diff --git a/fs/proc/array.c b/fs/proc/array.c
-index 6a91e6f..be3c22f 100644
---- a/fs/proc/array.c
-+++ b/fs/proc/array.c
-@@ -143,6 +143,7 @@ static const char * const task_state_array[] = {
- "x (dead)", /* 64 */
- "K (wakekill)", /* 128 */
- "W (waking)", /* 256 */
-+ "P (parked)", /* 512 */
- };
-
- static inline const char *get_task_state(struct task_struct *tsk)
-diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index 2c497ab..ffdf8b7 100644
---- a/include/linux/kvm_host.h
-+++ b/include/linux/kvm_host.h
-@@ -511,7 +511,7 @@ int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data,
- int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
- void *data, unsigned long len);
- int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
-- gpa_t gpa);
-+ gpa_t gpa, unsigned long len);
- int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len);
- int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len);
- struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn);
-diff --git a/include/linux/kvm_types.h b/include/linux/kvm_types.h
-index fa7cc72..b0bcce0 100644
---- a/include/linux/kvm_types.h
-+++ b/include/linux/kvm_types.h
-@@ -71,6 +71,7 @@ struct gfn_to_hva_cache {
- u64 generation;
- gpa_t gpa;
- unsigned long hva;
-+ unsigned long len;
- struct kvm_memory_slot *memslot;
- };
-
-diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 66e2f7c..9568b90 100644
---- a/include/linux/mm.h
-+++ b/include/linux/mm.h
-@@ -1623,6 +1623,8 @@ int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr,
- unsigned long pfn);
- int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
- unsigned long pfn);
-+int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len);
-+
-
- struct page *follow_page(struct vm_area_struct *, unsigned long address,
- unsigned int foll_flags);
-diff --git a/include/linux/sched.h b/include/linux/sched.h
-index d211247..7e49270 100644
---- a/include/linux/sched.h
-+++ b/include/linux/sched.h
-@@ -163,9 +163,10 @@ print_cfs_rq(struct seq_file *m, int cpu, struct cfs_rq *cfs_rq)
- #define TASK_DEAD 64
- #define TASK_WAKEKILL 128
- #define TASK_WAKING 256
--#define TASK_STATE_MAX 512
-+#define TASK_PARKED 512
-+#define TASK_STATE_MAX 1024
-
--#define TASK_STATE_TO_CHAR_STR "RSDTtZXxKW"
-+#define TASK_STATE_TO_CHAR_STR "RSDTtZXxKWP"
-
- extern char ___assert_task_state[1 - 2*!!(
- sizeof(TASK_STATE_TO_CHAR_STR)-1 != ilog2(TASK_STATE_MAX)+1)];
-diff --git a/include/linux/ssb/ssb_driver_chipcommon.h b/include/linux/ssb/ssb_driver_chipcommon.h
-index 9e492be..6fcfe99 100644
---- a/include/linux/ssb/ssb_driver_chipcommon.h
-+++ b/include/linux/ssb/ssb_driver_chipcommon.h
-@@ -219,6 +219,7 @@
- #define SSB_CHIPCO_PMU_CTL 0x0600 /* PMU control */
- #define SSB_CHIPCO_PMU_CTL_ILP_DIV 0xFFFF0000 /* ILP div mask */
- #define SSB_CHIPCO_PMU_CTL_ILP_DIV_SHIFT 16
-+#define SSB_CHIPCO_PMU_CTL_PLL_UPD 0x00000400
- #define SSB_CHIPCO_PMU_CTL_NOILPONW 0x00000200 /* No ILP on wait */
- #define SSB_CHIPCO_PMU_CTL_HTREQEN 0x00000100 /* HT req enable */
- #define SSB_CHIPCO_PMU_CTL_ALPREQEN 0x00000080 /* ALP req enable */
-@@ -667,5 +668,6 @@ enum ssb_pmu_ldo_volt_id {
- void ssb_pmu_set_ldo_voltage(struct ssb_chipcommon *cc,
- enum ssb_pmu_ldo_volt_id id, u32 voltage);
- void ssb_pmu_set_ldo_paref(struct ssb_chipcommon *cc, bool on);
-+void ssb_pmu_spuravoid_pllupdate(struct ssb_chipcommon *cc, int spuravoid);
-
- #endif /* LINUX_SSB_CHIPCO_H_ */
-diff --git a/include/trace/events/sched.h b/include/trace/events/sched.h
-index 5a8671e..e5586ca 100644
---- a/include/trace/events/sched.h
-+++ b/include/trace/events/sched.h
-@@ -147,7 +147,7 @@ TRACE_EVENT(sched_switch,
- __print_flags(__entry->prev_state & (TASK_STATE_MAX-1), "|",
- { 1, "S"} , { 2, "D" }, { 4, "T" }, { 8, "t" },
- { 16, "Z" }, { 32, "X" }, { 64, "x" },
-- { 128, "W" }) : "R",
-+ { 128, "K" }, { 256, "W" }, { 512, "P" }) : "R",
- __entry->prev_state & TASK_STATE_MAX ? "+" : "",
- __entry->next_comm, __entry->next_pid, __entry->next_prio)
- );
-diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 7b6646a..0600d3b 100644
---- a/kernel/events/core.c
-+++ b/kernel/events/core.c
-@@ -5328,7 +5328,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
-
- static int perf_swevent_init(struct perf_event *event)
- {
-- int event_id = event->attr.config;
-+ u64 event_id = event->attr.config;
-
- if (event->attr.type != PERF_TYPE_SOFTWARE)
- return -ENOENT;
-diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
-index cdd5607..e4cee8d 100644
---- a/kernel/hrtimer.c
-+++ b/kernel/hrtimer.c
-@@ -61,6 +61,7 @@
- DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) =
- {
-
-+ .lock = __RAW_SPIN_LOCK_UNLOCKED(hrtimer_bases.lock),
- .clock_base =
- {
- {
-@@ -1640,8 +1641,6 @@ static void __cpuinit init_hrtimers_cpu(int cpu)
- struct hrtimer_cpu_base *cpu_base = &per_cpu(hrtimer_bases, cpu);
- int i;
-
-- raw_spin_lock_init(&cpu_base->lock);
--
- for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++) {
- cpu_base->clock_base[i].cpu_base = cpu_base;
- timerqueue_init_head(&cpu_base->clock_base[i].active);
-diff --git a/kernel/kthread.c b/kernel/kthread.c
-index 691dc2e..9eb7fed 100644
---- a/kernel/kthread.c
-+++ b/kernel/kthread.c
-@@ -124,12 +124,12 @@ void *kthread_data(struct task_struct *task)
-
- static void __kthread_parkme(struct kthread *self)
- {
-- __set_current_state(TASK_INTERRUPTIBLE);
-+ __set_current_state(TASK_PARKED);
- while (test_bit(KTHREAD_SHOULD_PARK, &self->flags)) {
- if (!test_and_set_bit(KTHREAD_IS_PARKED, &self->flags))
- complete(&self->parked);
- schedule();
-- __set_current_state(TASK_INTERRUPTIBLE);
-+ __set_current_state(TASK_PARKED);
- }
- clear_bit(KTHREAD_IS_PARKED, &self->flags);
- __set_current_state(TASK_RUNNING);
-@@ -256,8 +256,13 @@ struct task_struct *kthread_create_on_node(int (*threadfn)(void *data),
- }
- EXPORT_SYMBOL(kthread_create_on_node);
-
--static void __kthread_bind(struct task_struct *p, unsigned int cpu)
-+static void __kthread_bind(struct task_struct *p, unsigned int cpu, long state)
- {
-+ /* Must have done schedule() in kthread() before we set_task_cpu */
-+ if (!wait_task_inactive(p, state)) {
-+ WARN_ON(1);
-+ return;
-+ }
- /* It's safe because the task is inactive. */
- do_set_cpus_allowed(p, cpumask_of(cpu));
- p->flags |= PF_THREAD_BOUND;
-@@ -274,12 +279,7 @@ static void __kthread_bind(struct task_struct *p, unsigned int cpu)
- */
- void kthread_bind(struct task_struct *p, unsigned int cpu)
- {
-- /* Must have done schedule() in kthread() before we set_task_cpu */
-- if (!wait_task_inactive(p, TASK_UNINTERRUPTIBLE)) {
-- WARN_ON(1);
-- return;
-- }
-- __kthread_bind(p, cpu);
-+ __kthread_bind(p, cpu, TASK_UNINTERRUPTIBLE);
- }
- EXPORT_SYMBOL(kthread_bind);
-
-@@ -324,6 +324,22 @@ static struct kthread *task_get_live_kthread(struct task_struct *k)
- return NULL;
- }
-
-+static void __kthread_unpark(struct task_struct *k, struct kthread *kthread)
-+{
-+ clear_bit(KTHREAD_SHOULD_PARK, &kthread->flags);
-+ /*
-+ * We clear the IS_PARKED bit here as we don't wait
-+ * until the task has left the park code. So if we'd
-+ * park before that happens we'd see the IS_PARKED bit
-+ * which might be about to be cleared.
-+ */
-+ if (test_and_clear_bit(KTHREAD_IS_PARKED, &kthread->flags)) {
-+ if (test_bit(KTHREAD_IS_PER_CPU, &kthread->flags))
-+ __kthread_bind(k, kthread->cpu, TASK_PARKED);
-+ wake_up_state(k, TASK_PARKED);
-+ }
-+}
-+
- /**
- * kthread_unpark - unpark a thread created by kthread_create().
- * @k: thread created by kthread_create().
-@@ -336,20 +352,8 @@ void kthread_unpark(struct task_struct *k)
- {
- struct kthread *kthread = task_get_live_kthread(k);
-
-- if (kthread) {
-- clear_bit(KTHREAD_SHOULD_PARK, &kthread->flags);
-- /*
-- * We clear the IS_PARKED bit here as we don't wait
-- * until the task has left the park code. So if we'd
-- * park before that happens we'd see the IS_PARKED bit
-- * which might be about to be cleared.
-- */
-- if (test_and_clear_bit(KTHREAD_IS_PARKED, &kthread->flags)) {
-- if (test_bit(KTHREAD_IS_PER_CPU, &kthread->flags))
-- __kthread_bind(k, kthread->cpu);
-- wake_up_process(k);
-- }
-- }
-+ if (kthread)
-+ __kthread_unpark(k, kthread);
- put_task_struct(k);
- }
-
-@@ -407,7 +411,7 @@ int kthread_stop(struct task_struct *k)
- trace_sched_kthread_stop(k);
- if (kthread) {
- set_bit(KTHREAD_SHOULD_STOP, &kthread->flags);
-- clear_bit(KTHREAD_SHOULD_PARK, &kthread->flags);
-+ __kthread_unpark(k, kthread);
- wake_up_process(k);
- wait_for_completion(&kthread->exited);
- }
-diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 26058d0..5e2f7c3 100644
---- a/kernel/sched/core.c
-+++ b/kernel/sched/core.c
-@@ -1488,8 +1488,10 @@ static void try_to_wake_up_local(struct task_struct *p)
- {
- struct rq *rq = task_rq(p);
-
-- BUG_ON(rq != this_rq());
-- BUG_ON(p == current);
-+ if (WARN_ON_ONCE(rq != this_rq()) ||
-+ WARN_ON_ONCE(p == current))
-+ return;
-+
- lockdep_assert_held(&rq->lock);
-
- if (!raw_spin_trylock(&p->pi_lock)) {
-@@ -4948,7 +4950,7 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
- }
-
- static int min_load_idx = 0;
--static int max_load_idx = CPU_LOAD_IDX_MAX;
-+static int max_load_idx = CPU_LOAD_IDX_MAX-1;
-
- static void
- set_table_entry(struct ctl_table *entry,
-diff --git a/kernel/signal.c b/kernel/signal.c
-index dec9c30..50e425c 100644
---- a/kernel/signal.c
-+++ b/kernel/signal.c
-@@ -2880,7 +2880,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
-
- static int do_tkill(pid_t tgid, pid_t pid, int sig)
- {
-- struct siginfo info;
-+ struct siginfo info = {};
-
- info.si_signo = sig;
- info.si_errno = 0;
-diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index f45e128..f359dc7 100644
---- a/kernel/user_namespace.c
-+++ b/kernel/user_namespace.c
-@@ -25,7 +25,8 @@
-
- static struct kmem_cache *user_ns_cachep __read_mostly;
-
--static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid,
-+static bool new_idmap_permitted(const struct file *file,
-+ struct user_namespace *ns, int cap_setid,
- struct uid_gid_map *map);
-
- static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
-@@ -575,10 +576,10 @@ static ssize_t map_write(struct file *file, const char __user *buf,
- if (map->nr_extents != 0)
- goto out;
-
-- /* Require the appropriate privilege CAP_SETUID or CAP_SETGID
-- * over the user namespace in order to set the id mapping.
-+ /*
-+ * Adjusting namespace settings requires capabilities on the target.
- */
-- if (cap_valid(cap_setid) && !ns_capable(ns, cap_setid))
-+ if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
- goto out;
-
- /* Get a buffer */
-@@ -666,7 +667,7 @@ static ssize_t map_write(struct file *file, const char __user *buf,
-
- ret = -EPERM;
- /* Validate the user is allowed to use user id's mapped to. */
-- if (!new_idmap_permitted(ns, cap_setid, &new_map))
-+ if (!new_idmap_permitted(file, ns, cap_setid, &new_map))
- goto out;
-
- /* Map the lower ids from the parent user namespace to the
-@@ -753,7 +754,8 @@ ssize_t proc_projid_map_write(struct file *file, const char __user *buf, size_t
- &ns->projid_map, &ns->parent->projid_map);
- }
-
--static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid,
-+static bool new_idmap_permitted(const struct file *file,
-+ struct user_namespace *ns, int cap_setid,
- struct uid_gid_map *new_map)
- {
- /* Allow mapping to your own filesystem ids */
-@@ -761,12 +763,12 @@ static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid,
- u32 id = new_map->extent[0].lower_first;
- if (cap_setid == CAP_SETUID) {
- kuid_t uid = make_kuid(ns->parent, id);
-- if (uid_eq(uid, current_fsuid()))
-+ if (uid_eq(uid, file->f_cred->fsuid))
- return true;
- }
- else if (cap_setid == CAP_SETGID) {
- kgid_t gid = make_kgid(ns->parent, id);
-- if (gid_eq(gid, current_fsgid()))
-+ if (gid_eq(gid, file->f_cred->fsgid))
- return true;
- }
- }
-@@ -777,8 +779,10 @@ static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid,
-
- /* Allow the specified ids if we have the appropriate capability
- * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
-+ * And the opener of the id file also had the approprpiate capability.
- */
-- if (ns_capable(ns->parent, cap_setid))
-+ if (ns_capable(ns->parent, cap_setid) &&
-+ file_ns_capable(file, ns->parent, cap_setid))
- return true;
-
- return false;
-diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index d7cec92..88eb939 100644
---- a/mm/hugetlb.c
-+++ b/mm/hugetlb.c
-@@ -2965,7 +2965,17 @@ int follow_hugetlb_page(struct mm_struct *mm, struct vm_area_struct *vma,
- break;
- }
-
-- if (absent ||
-+ /*
-+ * We need call hugetlb_fault for both hugepages under migration
-+ * (in which case hugetlb_fault waits for the migration,) and
-+ * hwpoisoned hugepages (in which case we need to prevent the
-+ * caller from accessing to them.) In order to do this, we use
-+ * here is_swap_pte instead of is_hugetlb_entry_migration and
-+ * is_hugetlb_entry_hwpoisoned. This is because it simply covers
-+ * both cases, and because we can't follow correct pages
-+ * directly from any kind of swap entries.
-+ */
-+ if (absent || is_swap_pte(huge_ptep_get(pte)) ||
- ((flags & FOLL_WRITE) && !pte_write(huge_ptep_get(pte)))) {
- int ret;
-
-diff --git a/mm/memory.c b/mm/memory.c
-index f8b734a..32a495a 100644
---- a/mm/memory.c
-+++ b/mm/memory.c
-@@ -2358,6 +2358,53 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
- }
- EXPORT_SYMBOL(remap_pfn_range);
-
-+/**
-+ * vm_iomap_memory - remap memory to userspace
-+ * @vma: user vma to map to
-+ * @start: start of area
-+ * @len: size of area
-+ *
-+ * This is a simplified io_remap_pfn_range() for common driver use. The
-+ * driver just needs to give us the physical memory range to be mapped,
-+ * we'll figure out the rest from the vma information.
-+ *
-+ * NOTE! Some drivers might want to tweak vma->vm_page_prot first to get
-+ * whatever write-combining details or similar.
-+ */
-+int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len)
-+{
-+ unsigned long vm_len, pfn, pages;
-+
-+ /* Check that the physical memory area passed in looks valid */
-+ if (start + len < start)
-+ return -EINVAL;
-+ /*
-+ * You *really* shouldn't map things that aren't page-aligned,
-+ * but we've historically allowed it because IO memory might
-+ * just have smaller alignment.
-+ */
-+ len += start & ~PAGE_MASK;
-+ pfn = start >> PAGE_SHIFT;
-+ pages = (len + ~PAGE_MASK) >> PAGE_SHIFT;
-+ if (pfn + pages < pfn)
-+ return -EINVAL;
-+
-+ /* We start the mapping 'vm_pgoff' pages into the area */
-+ if (vma->vm_pgoff > pages)
-+ return -EINVAL;
-+ pfn += vma->vm_pgoff;
-+ pages -= vma->vm_pgoff;
-+
-+ /* Can we fit all of the mapping? */
-+ vm_len = vma->vm_end - vma->vm_start;
-+ if (vm_len >> PAGE_SHIFT > pages)
-+ return -EINVAL;
-+
-+ /* Ok, let it rip */
-+ return io_remap_pfn_range(vma, vma->vm_start, pfn, vm_len, vma->vm_page_prot);
-+}
-+EXPORT_SYMBOL(vm_iomap_memory);
-+
- static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd,
- unsigned long addr, unsigned long end,
- pte_fn_t fn, void *data)
-diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
-index e14e676..a1a7997 100644
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -3723,8 +3723,16 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
- /* prep auth_data so we don't go into idle on disassoc */
- ifmgd->auth_data = auth_data;
-
-- if (ifmgd->associated)
-- ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
-+ if (ifmgd->associated) {
-+ u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
-+
-+ ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
-+ WLAN_REASON_UNSPECIFIED,
-+ false, frame_buf);
-+
-+ __cfg80211_send_deauth(sdata->dev, frame_buf,
-+ sizeof(frame_buf));
-+ }
-
- sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
-
-@@ -3783,8 +3791,16 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
-
- mutex_lock(&ifmgd->mtx);
-
-- if (ifmgd->associated)
-- ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
-+ if (ifmgd->associated) {
-+ u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
-+
-+ ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
-+ WLAN_REASON_UNSPECIFIED,
-+ false, frame_buf);
-+
-+ __cfg80211_send_deauth(sdata->dev, frame_buf,
-+ sizeof(frame_buf));
-+ }
-
- if (ifmgd->auth_data && !ifmgd->auth_data->done) {
- err = -EBUSY;
-diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index 09b4286..f4aaf5a 100644
---- a/sound/core/pcm_native.c
-+++ b/sound/core/pcm_native.c
-@@ -3222,18 +3222,10 @@ EXPORT_SYMBOL_GPL(snd_pcm_lib_default_mmap);
- int snd_pcm_lib_mmap_iomem(struct snd_pcm_substream *substream,
- struct vm_area_struct *area)
- {
-- long size;
-- unsigned long offset;
-+ struct snd_pcm_runtime *runtime = substream->runtime;;
-
- area->vm_page_prot = pgprot_noncached(area->vm_page_prot);
-- area->vm_flags |= VM_IO;
-- size = area->vm_end - area->vm_start;
-- offset = area->vm_pgoff << PAGE_SHIFT;
-- if (io_remap_pfn_range(area, area->vm_start,
-- (substream->runtime->dma_addr + offset) >> PAGE_SHIFT,
-- size, area->vm_page_prot))
-- return -EAGAIN;
-- return 0;
-+ return vm_iomap_memory(area, runtime->dma_addr, runtime->dma_bytes);
- }
-
- EXPORT_SYMBOL(snd_pcm_lib_mmap_iomem);
-diff --git a/virt/kvm/ioapic.c b/virt/kvm/ioapic.c
-index cfb7e4d..52058f0 100644
---- a/virt/kvm/ioapic.c
-+++ b/virt/kvm/ioapic.c
-@@ -73,9 +73,12 @@ static unsigned long ioapic_read_indirect(struct kvm_ioapic *ioapic,
- u32 redir_index = (ioapic->ioregsel - 0x10) >> 1;
- u64 redir_content;
-
-- ASSERT(redir_index < IOAPIC_NUM_PINS);
-+ if (redir_index < IOAPIC_NUM_PINS)
-+ redir_content =
-+ ioapic->redirtbl[redir_index].bits;
-+ else
-+ redir_content = ~0ULL;
-
-- redir_content = ioapic->redirtbl[redir_index].bits;
- result = (ioapic->ioregsel & 0x1) ?
- (redir_content >> 32) & 0xffffffff :
- redir_content & 0xffffffff;
-diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 1cd693a..10afa34 100644
---- a/virt/kvm/kvm_main.c
-+++ b/virt/kvm/kvm_main.c
-@@ -1476,21 +1476,38 @@ int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data,
- }
-
- int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
-- gpa_t gpa)
-+ gpa_t gpa, unsigned long len)
- {
- struct kvm_memslots *slots = kvm_memslots(kvm);
- int offset = offset_in_page(gpa);
-- gfn_t gfn = gpa >> PAGE_SHIFT;
-+ gfn_t start_gfn = gpa >> PAGE_SHIFT;
-+ gfn_t end_gfn = (gpa + len - 1) >> PAGE_SHIFT;
-+ gfn_t nr_pages_needed = end_gfn - start_gfn + 1;
-+ gfn_t nr_pages_avail;
-
- ghc->gpa = gpa;
- ghc->generation = slots->generation;
-- ghc->memslot = gfn_to_memslot(kvm, gfn);
-- ghc->hva = gfn_to_hva_many(ghc->memslot, gfn, NULL);
-- if (!kvm_is_error_hva(ghc->hva))
-+ ghc->len = len;
-+ ghc->memslot = gfn_to_memslot(kvm, start_gfn);
-+ ghc->hva = gfn_to_hva_many(ghc->memslot, start_gfn, &nr_pages_avail);
-+ if (!kvm_is_error_hva(ghc->hva) && nr_pages_avail >= nr_pages_needed) {
- ghc->hva += offset;
-- else
-- return -EFAULT;
--
-+ } else {
-+ /*
-+ * If the requested region crosses two memslots, we still
-+ * verify that the entire region is valid here.
-+ */
-+ while (start_gfn <= end_gfn) {
-+ ghc->memslot = gfn_to_memslot(kvm, start_gfn);
-+ ghc->hva = gfn_to_hva_many(ghc->memslot, start_gfn,
-+ &nr_pages_avail);
-+ if (kvm_is_error_hva(ghc->hva))
-+ return -EFAULT;
-+ start_gfn += nr_pages_avail;
-+ }
-+ /* Use the slow path for cross page reads and writes. */
-+ ghc->memslot = NULL;
-+ }
- return 0;
- }
- EXPORT_SYMBOL_GPL(kvm_gfn_to_hva_cache_init);
-@@ -1501,8 +1518,13 @@ int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
- struct kvm_memslots *slots = kvm_memslots(kvm);
- int r;
-
-+ BUG_ON(len > ghc->len);
-+
- if (slots->generation != ghc->generation)
-- kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa);
-+ kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa, ghc->len);
-+
-+ if (unlikely(!ghc->memslot))
-+ return kvm_write_guest(kvm, ghc->gpa, data, len);
-
- if (kvm_is_error_hva(ghc->hva))
- return -EFAULT;
-@@ -1522,8 +1544,13 @@ int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
- struct kvm_memslots *slots = kvm_memslots(kvm);
- int r;
-
-+ BUG_ON(len > ghc->len);
-+
- if (slots->generation != ghc->generation)
-- kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa);
-+ kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa, ghc->len);
-+
-+ if (unlikely(!ghc->memslot))
-+ return kvm_read_guest(kvm, ghc->gpa, data, len);
-
- if (kvm_is_error_hva(ghc->hva))
- return -EFAULT;
diff --git a/3.8.10/1009_linux-3.8.10.patch b/3.8.10/1009_linux-3.8.10.patch
deleted file mode 100644
index 330becd..0000000
--- a/3.8.10/1009_linux-3.8.10.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 3ae4796..e2b10b9 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 3
- PATCHLEVEL = 8
--SUBLEVEL = 9
-+SUBLEVEL = 10
- EXTRAVERSION =
- NAME = Displaced Humerus Anterior
-
-diff --git a/include/linux/capability.h b/include/linux/capability.h
-index 98503b7..d9a4f7f4 100644
---- a/include/linux/capability.h
-+++ b/include/linux/capability.h
-@@ -35,6 +35,7 @@ struct cpu_vfs_cap_data {
- #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
-
-
-+struct file;
- struct inode;
- struct dentry;
- struct user_namespace;
-@@ -211,6 +212,7 @@ extern bool capable(int cap);
- extern bool ns_capable(struct user_namespace *ns, int cap);
- extern bool nsown_capable(int cap);
- extern bool inode_capable(const struct inode *inode, int cap);
-+extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
-
- /* audit system wants to get cap info from files as well */
- extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
-diff --git a/kernel/capability.c b/kernel/capability.c
-index 493d972..f6c2ce5 100644
---- a/kernel/capability.c
-+++ b/kernel/capability.c
-@@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap)
- EXPORT_SYMBOL(ns_capable);
-
- /**
-+ * file_ns_capable - Determine if the file's opener had a capability in effect
-+ * @file: The file we want to check
-+ * @ns: The usernamespace we want the capability in
-+ * @cap: The capability to be tested for
-+ *
-+ * Return true if task that opened the file had a capability in effect
-+ * when the file was opened.
-+ *
-+ * This does not set PF_SUPERPRIV because the caller may not
-+ * actually be privileged.
-+ */
-+bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap)
-+{
-+ if (WARN_ON_ONCE(!cap_valid(cap)))
-+ return false;
-+
-+ if (security_capable(file->f_cred, ns, cap) == 0)
-+ return true;
-+
-+ return false;
-+}
-+EXPORT_SYMBOL(file_ns_capable);
-+
-+/**
- * capable - Determine if the current task has a superior capability in effect
- * @cap: The capability to be tested for
- *
diff --git a/3.8.10/0000_README b/3.8.11/0000_README
similarity index 89%
rename from 3.8.10/0000_README
rename to 3.8.11/0000_README
index 0fb80bd..40dc014 100644
--- a/3.8.10/0000_README
+++ b/3.8.11/0000_README
@@ -2,15 +2,11 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1008_linux-3.8.9.patch
+Patch: 1010_linux-3.8.11.patch
From: http://www.kernel.org
-Desc: Linux 3.8.9
+Desc: Linux 3.8.11
-Patch: 1009_linux-3.8.10.patch
-From: http://www.kernel.org
-Desc: Linux 3.8.10
-
-Patch: 4420_grsecurity-2.9.1-3.8.10-201304262208.patch
+Patch: 4420_grsecurity-2.9.1-3.8.11-201305011917.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.8.11/1010_linux-3.8.11.patch b/3.8.11/1010_linux-3.8.11.patch
new file mode 100644
index 0000000..244c734
--- /dev/null
+++ b/3.8.11/1010_linux-3.8.11.patch
@@ -0,0 +1,1556 @@
+diff --git a/Makefile b/Makefile
+index e2b10b9..7e4eee5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 3
+ PATCHLEVEL = 8
+-SUBLEVEL = 10
++SUBLEVEL = 11
+ EXTRAVERSION =
+ NAME = Displaced Humerus Anterior
+
+diff --git a/arch/arm/include/asm/hardware/iop3xx.h b/arch/arm/include/asm/hardware/iop3xx.h
+index 02fe2fb..ed94b1a 100644
+--- a/arch/arm/include/asm/hardware/iop3xx.h
++++ b/arch/arm/include/asm/hardware/iop3xx.h
+@@ -37,7 +37,7 @@ extern int iop3xx_get_init_atu(void);
+ * IOP3XX processor registers
+ */
+ #define IOP3XX_PERIPHERAL_PHYS_BASE 0xffffe000
+-#define IOP3XX_PERIPHERAL_VIRT_BASE 0xfeffe000
++#define IOP3XX_PERIPHERAL_VIRT_BASE 0xfedfe000
+ #define IOP3XX_PERIPHERAL_SIZE 0x00002000
+ #define IOP3XX_PERIPHERAL_UPPER_PA (IOP3XX_PERIPHERAL_PHYS_BASE +\
+ IOP3XX_PERIPHERAL_SIZE - 1)
+diff --git a/arch/arm/kernel/sched_clock.c b/arch/arm/kernel/sched_clock.c
+index bd6f56b..59d2adb 100644
+--- a/arch/arm/kernel/sched_clock.c
++++ b/arch/arm/kernel/sched_clock.c
+@@ -45,12 +45,12 @@ static u32 notrace jiffy_sched_clock_read(void)
+
+ static u32 __read_mostly (*read_sched_clock)(void) = jiffy_sched_clock_read;
+
+-static inline u64 cyc_to_ns(u64 cyc, u32 mult, u32 shift)
++static inline u64 notrace cyc_to_ns(u64 cyc, u32 mult, u32 shift)
+ {
+ return (cyc * mult) >> shift;
+ }
+
+-static unsigned long long cyc_to_sched_clock(u32 cyc, u32 mask)
++static unsigned long long notrace cyc_to_sched_clock(u32 cyc, u32 mask)
+ {
+ u64 epoch_ns;
+ u32 epoch_cyc;
+diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
+index 08fcce9..7619f2f 100644
+--- a/arch/sparc/include/asm/pgtable_64.h
++++ b/arch/sparc/include/asm/pgtable_64.h
+@@ -915,6 +915,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma,
+ return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot);
+ }
+
++#include <asm/tlbflush.h>
+ #include <asm-generic/pgtable.h>
+
+ /* We provide our own get_unmapped_area to cope with VA holes and
+diff --git a/arch/sparc/include/asm/switch_to_64.h b/arch/sparc/include/asm/switch_to_64.h
+index cad36f5..c7de332 100644
+--- a/arch/sparc/include/asm/switch_to_64.h
++++ b/arch/sparc/include/asm/switch_to_64.h
+@@ -18,8 +18,7 @@ do { \
+ * and 2 stores in this critical code path. -DaveM
+ */
+ #define switch_to(prev, next, last) \
+-do { flush_tlb_pending(); \
+- save_and_clear_fpu(); \
++do { save_and_clear_fpu(); \
+ /* If you are tempted to conditionalize the following */ \
+ /* so that ASI is only written if it changes, think again. */ \
+ __asm__ __volatile__("wr %%g0, %0, %%asi" \
+diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h
+index 2ef4634..f0d6a97 100644
+--- a/arch/sparc/include/asm/tlbflush_64.h
++++ b/arch/sparc/include/asm/tlbflush_64.h
+@@ -11,24 +11,40 @@
+ struct tlb_batch {
+ struct mm_struct *mm;
+ unsigned long tlb_nr;
++ unsigned long active;
+ unsigned long vaddrs[TLB_BATCH_NR];
+ };
+
+ extern void flush_tsb_kernel_range(unsigned long start, unsigned long end);
+ extern void flush_tsb_user(struct tlb_batch *tb);
++extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr);
+
+ /* TLB flush operations. */
+
+-extern void flush_tlb_pending(void);
++static inline void flush_tlb_mm(struct mm_struct *mm)
++{
++}
++
++static inline void flush_tlb_page(struct vm_area_struct *vma,
++ unsigned long vmaddr)
++{
++}
++
++static inline void flush_tlb_range(struct vm_area_struct *vma,
++ unsigned long start, unsigned long end)
++{
++}
++
++#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE
+
+-#define flush_tlb_range(vma,start,end) \
+- do { (void)(start); flush_tlb_pending(); } while (0)
+-#define flush_tlb_page(vma,addr) flush_tlb_pending()
+-#define flush_tlb_mm(mm) flush_tlb_pending()
++extern void flush_tlb_pending(void);
++extern void arch_enter_lazy_mmu_mode(void);
++extern void arch_leave_lazy_mmu_mode(void);
++#define arch_flush_lazy_mmu_mode() do {} while (0)
+
+ /* Local cpu only. */
+ extern void __flush_tlb_all(void);
+-
++extern void __flush_tlb_page(unsigned long context, unsigned long vaddr);
+ extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end);
+
+ #ifndef CONFIG_SMP
+@@ -38,15 +54,24 @@ do { flush_tsb_kernel_range(start,end); \
+ __flush_tlb_kernel_range(start,end); \
+ } while (0)
+
++static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
++{
++ __flush_tlb_page(CTX_HWBITS(mm->context), vaddr);
++}
++
+ #else /* CONFIG_SMP */
+
+ extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end);
++extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr);
+
+ #define flush_tlb_kernel_range(start, end) \
+ do { flush_tsb_kernel_range(start,end); \
+ smp_flush_tlb_kernel_range(start, end); \
+ } while (0)
+
++#define global_flush_tlb_page(mm, vaddr) \
++ smp_flush_tlb_page(mm, vaddr)
++
+ #endif /* ! CONFIG_SMP */
+
+ #endif /* _SPARC64_TLBFLUSH_H */
+diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
+index 537eb66..ca64d2a 100644
+--- a/arch/sparc/kernel/smp_64.c
++++ b/arch/sparc/kernel/smp_64.c
+@@ -849,7 +849,7 @@ void smp_tsb_sync(struct mm_struct *mm)
+ }
+
+ extern unsigned long xcall_flush_tlb_mm;
+-extern unsigned long xcall_flush_tlb_pending;
++extern unsigned long xcall_flush_tlb_page;
+ extern unsigned long xcall_flush_tlb_kernel_range;
+ extern unsigned long xcall_fetch_glob_regs;
+ extern unsigned long xcall_fetch_glob_pmu;
+@@ -1074,23 +1074,56 @@ local_flush_and_out:
+ put_cpu();
+ }
+
++struct tlb_pending_info {
++ unsigned long ctx;
++ unsigned long nr;
++ unsigned long *vaddrs;
++};
++
++static void tlb_pending_func(void *info)
++{
++ struct tlb_pending_info *t = info;
++
++ __flush_tlb_pending(t->ctx, t->nr, t->vaddrs);
++}
++
+ void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs)
+ {
+ u32 ctx = CTX_HWBITS(mm->context);
++ struct tlb_pending_info info;
+ int cpu = get_cpu();
+
++ info.ctx = ctx;
++ info.nr = nr;
++ info.vaddrs = vaddrs;
++
+ if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
+ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
+ else
+- smp_cross_call_masked(&xcall_flush_tlb_pending,
+- ctx, nr, (unsigned long) vaddrs,
+- mm_cpumask(mm));
++ smp_call_function_many(mm_cpumask(mm), tlb_pending_func,
++ &info, 1);
+
+ __flush_tlb_pending(ctx, nr, vaddrs);
+
+ put_cpu();
+ }
+
++void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
++{
++ unsigned long context = CTX_HWBITS(mm->context);
++ int cpu = get_cpu();
++
++ if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
++ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
++ else
++ smp_cross_call_masked(&xcall_flush_tlb_page,
++ context, vaddr, 0,
++ mm_cpumask(mm));
++ __flush_tlb_page(context, vaddr);
++
++ put_cpu();
++}
++
+ void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end)
+ {
+ start &= PAGE_MASK;
+diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
+index ba6ae7f..83d89bc 100644
+--- a/arch/sparc/mm/tlb.c
++++ b/arch/sparc/mm/tlb.c
+@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch);
+ void flush_tlb_pending(void)
+ {
+ struct tlb_batch *tb = &get_cpu_var(tlb_batch);
++ struct mm_struct *mm = tb->mm;
+
+- if (tb->tlb_nr) {
+- flush_tsb_user(tb);
++ if (!tb->tlb_nr)
++ goto out;
+
+- if (CTX_VALID(tb->mm->context)) {
++ flush_tsb_user(tb);
++
++ if (CTX_VALID(mm->context)) {
++ if (tb->tlb_nr == 1) {
++ global_flush_tlb_page(mm, tb->vaddrs[0]);
++ } else {
+ #ifdef CONFIG_SMP
+ smp_flush_tlb_pending(tb->mm, tb->tlb_nr,
+ &tb->vaddrs[0]);
+@@ -37,12 +43,30 @@ void flush_tlb_pending(void)
+ tb->tlb_nr, &tb->vaddrs[0]);
+ #endif
+ }
+- tb->tlb_nr = 0;
+ }
+
++ tb->tlb_nr = 0;
++
++out:
+ put_cpu_var(tlb_batch);
+ }
+
++void arch_enter_lazy_mmu_mode(void)
++{
++ struct tlb_batch *tb = &__get_cpu_var(tlb_batch);
++
++ tb->active = 1;
++}
++
++void arch_leave_lazy_mmu_mode(void)
++{
++ struct tlb_batch *tb = &__get_cpu_var(tlb_batch);
++
++ if (tb->tlb_nr)
++ flush_tlb_pending();
++ tb->active = 0;
++}
++
+ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
+ bool exec)
+ {
+@@ -60,6 +84,12 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
+ nr = 0;
+ }
+
++ if (!tb->active) {
++ global_flush_tlb_page(mm, vaddr);
++ flush_tsb_user_page(mm, vaddr);
++ goto out;
++ }
++
+ if (nr == 0)
+ tb->mm = mm;
+
+@@ -68,6 +98,7 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
+ if (nr >= TLB_BATCH_NR)
+ flush_tlb_pending();
+
++out:
+ put_cpu_var(tlb_batch);
+ }
+
+diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c
+index 428982b..2cc3bce 100644
+--- a/arch/sparc/mm/tsb.c
++++ b/arch/sparc/mm/tsb.c
+@@ -7,11 +7,10 @@
+ #include <linux/preempt.h>
+ #include <linux/slab.h>
+ #include <asm/page.h>
+-#include <asm/tlbflush.h>
+-#include <asm/tlb.h>
+-#include <asm/mmu_context.h>
+ #include <asm/pgtable.h>
++#include <asm/mmu_context.h>
+ #include <asm/tsb.h>
++#include <asm/tlb.h>
+ #include <asm/oplib.h>
+
+ extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
+@@ -46,23 +45,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end)
+ }
+ }
+
+-static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift,
+- unsigned long tsb, unsigned long nentries)
++static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v,
++ unsigned long hash_shift,
++ unsigned long nentries)
+ {
+- unsigned long i;
++ unsigned long tag, ent, hash;
+
+- for (i = 0; i < tb->tlb_nr; i++) {
+- unsigned long v = tb->vaddrs[i];
+- unsigned long tag, ent, hash;
++ v &= ~0x1UL;
++ hash = tsb_hash(v, hash_shift, nentries);
++ ent = tsb + (hash * sizeof(struct tsb));
++ tag = (v >> 22UL);
+
+- v &= ~0x1UL;
++ tsb_flush(ent, tag);
++}
+
+- hash = tsb_hash(v, hash_shift, nentries);
+- ent = tsb + (hash * sizeof(struct tsb));
+- tag = (v >> 22UL);
++static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift,
++ unsigned long tsb, unsigned long nentries)
++{
++ unsigned long i;
+
+- tsb_flush(ent, tag);
+- }
++ for (i = 0; i < tb->tlb_nr; i++)
++ __flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries);
+ }
+
+ void flush_tsb_user(struct tlb_batch *tb)
+@@ -90,6 +93,30 @@ void flush_tsb_user(struct tlb_batch *tb)
+ spin_unlock_irqrestore(&mm->context.lock, flags);
+ }
+
++void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr)
++{
++ unsigned long nentries, base, flags;
++
++ spin_lock_irqsave(&mm->context.lock, flags);
++
++ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
++ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
++ if (tlb_type == cheetah_plus || tlb_type == hypervisor)
++ base = __pa(base);
++ __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries);
++
++#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
++ if (mm->context.tsb_block[MM_TSB_HUGE].tsb) {
++ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb;
++ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries;
++ if (tlb_type == cheetah_plus || tlb_type == hypervisor)
++ base = __pa(base);
++ __flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries);
++ }
++#endif
++ spin_unlock_irqrestore(&mm->context.lock, flags);
++}
++
+ #define HV_PGSZ_IDX_BASE HV_PGSZ_IDX_8K
+ #define HV_PGSZ_MASK_BASE HV_PGSZ_MASK_8K
+
+diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S
+index f8e13d4..29b9608 100644
+--- a/arch/sparc/mm/ultra.S
++++ b/arch/sparc/mm/ultra.S
+@@ -53,6 +53,33 @@ __flush_tlb_mm: /* 18 insns */
+ nop
+
+ .align 32
++ .globl __flush_tlb_page
++__flush_tlb_page: /* 22 insns */
++ /* %o0 = context, %o1 = vaddr */
++ rdpr %pstate, %g7
++ andn %g7, PSTATE_IE, %g2
++ wrpr %g2, %pstate
++ mov SECONDARY_CONTEXT, %o4
++ ldxa [%o4] ASI_DMMU, %g2
++ stxa %o0, [%o4] ASI_DMMU
++ andcc %o1, 1, %g0
++ andn %o1, 1, %o3
++ be,pn %icc, 1f
++ or %o3, 0x10, %o3
++ stxa %g0, [%o3] ASI_IMMU_DEMAP
++1: stxa %g0, [%o3] ASI_DMMU_DEMAP
++ membar #Sync
++ stxa %g2, [%o4] ASI_DMMU
++ sethi %hi(KERNBASE), %o4
++ flush %o4
++ retl
++ wrpr %g7, 0x0, %pstate
++ nop
++ nop
++ nop
++ nop
++
++ .align 32
+ .globl __flush_tlb_pending
+ __flush_tlb_pending: /* 26 insns */
+ /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
+@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */
+ retl
+ wrpr %g7, 0x0, %pstate
+
++__cheetah_flush_tlb_page: /* 22 insns */
++ /* %o0 = context, %o1 = vaddr */
++ rdpr %pstate, %g7
++ andn %g7, PSTATE_IE, %g2
++ wrpr %g2, 0x0, %pstate
++ wrpr %g0, 1, %tl
++ mov PRIMARY_CONTEXT, %o4
++ ldxa [%o4] ASI_DMMU, %g2
++ srlx %g2, CTX_PGSZ1_NUC_SHIFT, %o3
++ sllx %o3, CTX_PGSZ1_NUC_SHIFT, %o3
++ or %o0, %o3, %o0 /* Preserve nucleus page size fields */
++ stxa %o0, [%o4] ASI_DMMU
++ andcc %o1, 1, %g0
++ be,pn %icc, 1f
++ andn %o1, 1, %o3
++ stxa %g0, [%o3] ASI_IMMU_DEMAP
++1: stxa %g0, [%o3] ASI_DMMU_DEMAP
++ membar #Sync
++ stxa %g2, [%o4] ASI_DMMU
++ sethi %hi(KERNBASE), %o4
++ flush %o4
++ wrpr %g0, 0, %tl
++ retl
++ wrpr %g7, 0x0, %pstate
++
+ __cheetah_flush_tlb_pending: /* 27 insns */
+ /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
+ rdpr %pstate, %g7
+@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */
+ retl
+ nop
+
++__hypervisor_flush_tlb_page: /* 11 insns */
++ /* %o0 = context, %o1 = vaddr */
++ mov %o0, %g2
++ mov %o1, %o0 /* ARG0: vaddr + IMMU-bit */
++ mov %g2, %o1 /* ARG1: mmu context */
++ mov HV_MMU_ALL, %o2 /* ARG2: flags */
++ srlx %o0, PAGE_SHIFT, %o0
++ sllx %o0, PAGE_SHIFT, %o0
++ ta HV_MMU_UNMAP_ADDR_TRAP
++ brnz,pn %o0, __hypervisor_tlb_tl0_error
++ mov HV_MMU_UNMAP_ADDR_TRAP, %o1
++ retl
++ nop
++
+ __hypervisor_flush_tlb_pending: /* 16 insns */
+ /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
+ sllx %o1, 3, %g1
+@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops:
+ call tlb_patch_one
+ mov 19, %o2
+
++ sethi %hi(__flush_tlb_page), %o0
++ or %o0, %lo(__flush_tlb_page), %o0
++ sethi %hi(__cheetah_flush_tlb_page), %o1
++ or %o1, %lo(__cheetah_flush_tlb_page), %o1
++ call tlb_patch_one
++ mov 22, %o2
++
+ sethi %hi(__flush_tlb_pending), %o0
+ or %o0, %lo(__flush_tlb_pending), %o0
+ sethi %hi(__cheetah_flush_tlb_pending), %o1
+@@ -397,10 +470,9 @@ xcall_flush_tlb_mm: /* 21 insns */
+ nop
+ nop
+
+- .globl xcall_flush_tlb_pending
+-xcall_flush_tlb_pending: /* 21 insns */
+- /* %g5=context, %g1=nr, %g7=vaddrs[] */
+- sllx %g1, 3, %g1
++ .globl xcall_flush_tlb_page
++xcall_flush_tlb_page: /* 17 insns */
++ /* %g5=context, %g1=vaddr */
+ mov PRIMARY_CONTEXT, %g4
+ ldxa [%g4] ASI_DMMU, %g2
+ srlx %g2, CTX_PGSZ1_NUC_SHIFT, %g4
+@@ -408,20 +480,16 @@ xcall_flush_tlb_pending: /* 21 insns */
+ or %g5, %g4, %g5
+ mov PRIMARY_CONTEXT, %g4
+ stxa %g5, [%g4] ASI_DMMU
+-1: sub %g1, (1 << 3), %g1
+- ldx [%g7 + %g1], %g5
+- andcc %g5, 0x1, %g0
++ andcc %g1, 0x1, %g0
+ be,pn %icc, 2f
+-
+- andn %g5, 0x1, %g5
++ andn %g1, 0x1, %g5
+ stxa %g0, [%g5] ASI_IMMU_DEMAP
+ 2: stxa %g0, [%g5] ASI_DMMU_DEMAP
+ membar #Sync
+- brnz,pt %g1, 1b
+- nop
+ stxa %g2, [%g4] ASI_DMMU
+ retry
+ nop
++ nop
+
+ .globl xcall_flush_tlb_kernel_range
+ xcall_flush_tlb_kernel_range: /* 25 insns */
+@@ -656,15 +724,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */
+ membar #Sync
+ retry
+
+- .globl __hypervisor_xcall_flush_tlb_pending
+-__hypervisor_xcall_flush_tlb_pending: /* 21 insns */
+- /* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */
+- sllx %g1, 3, %g1
++ .globl __hypervisor_xcall_flush_tlb_page
++__hypervisor_xcall_flush_tlb_page: /* 17 insns */
++ /* %g5=ctx, %g1=vaddr */
+ mov %o0, %g2
+ mov %o1, %g3
+ mov %o2, %g4
+-1: sub %g1, (1 << 3), %g1
+- ldx [%g7 + %g1], %o0 /* ARG0: virtual address */
++ mov %g1, %o0 /* ARG0: virtual address */
+ mov %g5, %o1 /* ARG1: mmu context */
+ mov HV_MMU_ALL, %o2 /* ARG2: flags */
+ srlx %o0, PAGE_SHIFT, %o0
+@@ -673,8 +739,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */
+ mov HV_MMU_UNMAP_ADDR_TRAP, %g6
+ brnz,a,pn %o0, __hypervisor_tlb_xcall_error
+ mov %o0, %g5
+- brnz,pt %g1, 1b
+- nop
+ mov %g2, %o0
+ mov %g3, %o1
+ mov %g4, %o2
+@@ -757,6 +821,13 @@ hypervisor_patch_cachetlbops:
+ call tlb_patch_one
+ mov 10, %o2
+
++ sethi %hi(__flush_tlb_page), %o0
++ or %o0, %lo(__flush_tlb_page), %o0
++ sethi %hi(__hypervisor_flush_tlb_page), %o1
++ or %o1, %lo(__hypervisor_flush_tlb_page), %o1
++ call tlb_patch_one
++ mov 11, %o2
++
+ sethi %hi(__flush_tlb_pending), %o0
+ or %o0, %lo(__flush_tlb_pending), %o0
+ sethi %hi(__hypervisor_flush_tlb_pending), %o1
+@@ -788,12 +859,12 @@ hypervisor_patch_cachetlbops:
+ call tlb_patch_one
+ mov 21, %o2
+
+- sethi %hi(xcall_flush_tlb_pending), %o0
+- or %o0, %lo(xcall_flush_tlb_pending), %o0
+- sethi %hi(__hypervisor_xcall_flush_tlb_pending), %o1
+- or %o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1
++ sethi %hi(xcall_flush_tlb_page), %o0
++ or %o0, %lo(xcall_flush_tlb_page), %o0
++ sethi %hi(__hypervisor_xcall_flush_tlb_page), %o1
++ or %o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1
+ call tlb_patch_one
+- mov 21, %o2
++ mov 17, %o2
+
+ sethi %hi(xcall_flush_tlb_kernel_range), %o0
+ or %o0, %lo(xcall_flush_tlb_kernel_range), %o0
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
+index 27cdf1f..045dc53 100644
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -1888,6 +1888,7 @@ err_detach:
+ write_unlock_bh(&bond->lock);
+
+ err_close:
++ slave_dev->priv_flags &= ~IFF_BONDING;
+ dev_close(slave_dev);
+
+ err_unset_master:
+@@ -3379,20 +3380,22 @@ static int bond_xmit_hash_policy_l2(struct sk_buff *skb, int count)
+ */
+ static int bond_xmit_hash_policy_l23(struct sk_buff *skb, int count)
+ {
+- struct ethhdr *data = (struct ethhdr *)skb->data;
+- struct iphdr *iph;
+- struct ipv6hdr *ipv6h;
++ const struct ethhdr *data;
++ const struct iphdr *iph;
++ const struct ipv6hdr *ipv6h;
+ u32 v6hash;
+- __be32 *s, *d;
++ const __be32 *s, *d;
+
+ if (skb->protocol == htons(ETH_P_IP) &&
+- skb_network_header_len(skb) >= sizeof(*iph)) {
++ pskb_network_may_pull(skb, sizeof(*iph))) {
+ iph = ip_hdr(skb);
++ data = (struct ethhdr *)skb->data;
+ return ((ntohl(iph->saddr ^ iph->daddr) & 0xffff) ^
+ (data->h_dest[5] ^ data->h_source[5])) % count;
+ } else if (skb->protocol == htons(ETH_P_IPV6) &&
+- skb_network_header_len(skb) >= sizeof(*ipv6h)) {
++ pskb_network_may_pull(skb, sizeof(*ipv6h))) {
+ ipv6h = ipv6_hdr(skb);
++ data = (struct ethhdr *)skb->data;
+ s = &ipv6h->saddr.s6_addr32[0];
+ d = &ipv6h->daddr.s6_addr32[0];
+ v6hash = (s[1] ^ d[1]) ^ (s[2] ^ d[2]) ^ (s[3] ^ d[3]);
+@@ -3411,33 +3414,36 @@ static int bond_xmit_hash_policy_l23(struct sk_buff *skb, int count)
+ static int bond_xmit_hash_policy_l34(struct sk_buff *skb, int count)
+ {
+ u32 layer4_xor = 0;
+- struct iphdr *iph;
+- struct ipv6hdr *ipv6h;
+- __be32 *s, *d;
+- __be16 *layer4hdr;
++ const struct iphdr *iph;
++ const struct ipv6hdr *ipv6h;
++ const __be32 *s, *d;
++ const __be16 *l4 = NULL;
++ __be16 _l4[2];
++ int noff = skb_network_offset(skb);
++ int poff;
+
+ if (skb->protocol == htons(ETH_P_IP) &&
+- skb_network_header_len(skb) >= sizeof(*iph)) {
++ pskb_may_pull(skb, noff + sizeof(*iph))) {
+ iph = ip_hdr(skb);
+- if (!ip_is_fragment(iph) &&
+- (iph->protocol == IPPROTO_TCP ||
+- iph->protocol == IPPROTO_UDP) &&
+- (skb_headlen(skb) - skb_network_offset(skb) >=
+- iph->ihl * sizeof(u32) + sizeof(*layer4hdr) * 2)) {
+- layer4hdr = (__be16 *)((u32 *)iph + iph->ihl);
+- layer4_xor = ntohs(*layer4hdr ^ *(layer4hdr + 1));
++ poff = proto_ports_offset(iph->protocol);
++
++ if (!ip_is_fragment(iph) && poff >= 0) {
++ l4 = skb_header_pointer(skb, noff + (iph->ihl << 2) + poff,
++ sizeof(_l4), &_l4);
++ if (l4)
++ layer4_xor = ntohs(l4[0] ^ l4[1]);
+ }
+ return (layer4_xor ^
+ ((ntohl(iph->saddr ^ iph->daddr)) & 0xffff)) % count;
+ } else if (skb->protocol == htons(ETH_P_IPV6) &&
+- skb_network_header_len(skb) >= sizeof(*ipv6h)) {
++ pskb_may_pull(skb, noff + sizeof(*ipv6h))) {
+ ipv6h = ipv6_hdr(skb);
+- if ((ipv6h->nexthdr == IPPROTO_TCP ||
+- ipv6h->nexthdr == IPPROTO_UDP) &&
+- (skb_headlen(skb) - skb_network_offset(skb) >=
+- sizeof(*ipv6h) + sizeof(*layer4hdr) * 2)) {
+- layer4hdr = (__be16 *)(ipv6h + 1);
+- layer4_xor = ntohs(*layer4hdr ^ *(layer4hdr + 1));
++ poff = proto_ports_offset(ipv6h->nexthdr);
++ if (poff >= 0) {
++ l4 = skb_header_pointer(skb, noff + sizeof(*ipv6h) + poff,
++ sizeof(_l4), &_l4);
++ if (l4)
++ layer4_xor = ntohs(l4[0] ^ l4[1]);
+ }
+ s = &ipv6h->saddr.s6_addr32[0];
+ d = &ipv6h->daddr.s6_addr32[0];
+@@ -4919,9 +4925,18 @@ static int __net_init bond_net_init(struct net *net)
+ static void __net_exit bond_net_exit(struct net *net)
+ {
+ struct bond_net *bn = net_generic(net, bond_net_id);
++ struct bonding *bond, *tmp_bond;
++ LIST_HEAD(list);
+
+ bond_destroy_sysfs(bn);
+ bond_destroy_proc_dir(bn);
++
++ /* Kill off any bonds created after unregistering bond rtnl ops */
++ rtnl_lock();
++ list_for_each_entry_safe(bond, tmp_bond, &bn->dev_list, bond_list)
++ unregister_netdevice_queue(bond->dev, &list);
++ unregister_netdevice_many(&list);
++ rtnl_unlock();
+ }
+
+ static struct pernet_operations bond_net_ops = {
+diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e.h b/drivers/net/ethernet/atheros/atl1e/atl1e.h
+index edfdf6b..b5fd934 100644
+--- a/drivers/net/ethernet/atheros/atl1e/atl1e.h
++++ b/drivers/net/ethernet/atheros/atl1e/atl1e.h
+@@ -186,7 +186,7 @@ struct atl1e_tpd_desc {
+ /* how about 0x2000 */
+ #define MAX_TX_BUF_LEN 0x2000
+ #define MAX_TX_BUF_SHIFT 13
+-/*#define MAX_TX_BUF_LEN 0x3000 */
++#define MAX_TSO_SEG_SIZE 0x3c00
+
+ /* rrs word 1 bit 0:31 */
+ #define RRS_RX_CSUM_MASK 0xFFFF
+diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+index 35faab7..ca33b28 100644
+--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
++++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+@@ -2332,6 +2332,7 @@ static int atl1e_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
+
+ INIT_WORK(&adapter->reset_task, atl1e_reset_task);
+ INIT_WORK(&adapter->link_chg_task, atl1e_link_chg_task);
++ netif_set_gso_max_size(netdev, MAX_TSO_SEG_SIZE);
+ err = register_netdev(netdev);
+ if (err) {
+ netdev_err(netdev, "register netdevice failed\n");
+diff --git a/drivers/net/ethernet/marvell/Kconfig b/drivers/net/ethernet/marvell/Kconfig
+index edfba93..434e33c 100644
+--- a/drivers/net/ethernet/marvell/Kconfig
++++ b/drivers/net/ethernet/marvell/Kconfig
+@@ -33,6 +33,7 @@ config MV643XX_ETH
+
+ config MVMDIO
+ tristate "Marvell MDIO interface support"
++ select PHYLIB
+ ---help---
+ This driver supports the MDIO interface found in the network
+ interface units of the Marvell EBU SoCs (Kirkwood, Orion5x,
+@@ -45,7 +46,6 @@ config MVMDIO
+ config MVNETA
+ tristate "Marvell Armada 370/XP network interface support"
+ depends on MACH_ARMADA_370_XP
+- select PHYLIB
+ select MVMDIO
+ ---help---
+ This driver supports the network interface units in the
+diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
+index b6025c3..84b312ea 100644
+--- a/drivers/net/ethernet/marvell/mvneta.c
++++ b/drivers/net/ethernet/marvell/mvneta.c
+@@ -375,7 +375,6 @@ static int rxq_number = 8;
+ static int txq_number = 8;
+
+ static int rxq_def;
+-static int txq_def;
+
+ #define MVNETA_DRIVER_NAME "mvneta"
+ #define MVNETA_DRIVER_VERSION "1.0"
+@@ -1476,7 +1475,8 @@ error:
+ static int mvneta_tx(struct sk_buff *skb, struct net_device *dev)
+ {
+ struct mvneta_port *pp = netdev_priv(dev);
+- struct mvneta_tx_queue *txq = &pp->txqs[txq_def];
++ u16 txq_id = skb_get_queue_mapping(skb);
++ struct mvneta_tx_queue *txq = &pp->txqs[txq_id];
+ struct mvneta_tx_desc *tx_desc;
+ struct netdev_queue *nq;
+ int frags = 0;
+@@ -1486,7 +1486,7 @@ static int mvneta_tx(struct sk_buff *skb, struct net_device *dev)
+ goto out;
+
+ frags = skb_shinfo(skb)->nr_frags + 1;
+- nq = netdev_get_tx_queue(dev, txq_def);
++ nq = netdev_get_tx_queue(dev, txq_id);
+
+ /* Get a descriptor for the first part of the packet */
+ tx_desc = mvneta_txq_next_desc_get(txq);
+@@ -2690,7 +2690,7 @@ static int mvneta_probe(struct platform_device *pdev)
+ return -EINVAL;
+ }
+
+- dev = alloc_etherdev_mq(sizeof(struct mvneta_port), 8);
++ dev = alloc_etherdev_mqs(sizeof(struct mvneta_port), txq_number, rxq_number);
+ if (!dev)
+ return -ENOMEM;
+
+@@ -2844,4 +2844,3 @@ module_param(rxq_number, int, S_IRUGO);
+ module_param(txq_number, int, S_IRUGO);
+
+ module_param(rxq_def, int, S_IRUGO);
+-module_param(txq_def, int, S_IRUGO);
+diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c
+index 16c8429..6bd9167 100644
+--- a/drivers/net/usb/cdc_mbim.c
++++ b/drivers/net/usb/cdc_mbim.c
+@@ -134,7 +134,7 @@ static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb
+ goto error;
+
+ if (skb) {
+- if (skb->len <= sizeof(ETH_HLEN))
++ if (skb->len <= ETH_HLEN)
+ goto error;
+
+ /* mapping VLANs to MBIM sessions:
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
+index da9fde8..892ecda 100644
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -941,6 +941,14 @@ void start_tty(struct tty_struct *tty)
+
+ EXPORT_SYMBOL(start_tty);
+
++static void tty_update_time(struct timespec *time)
++{
++ unsigned long sec = get_seconds();
++ sec -= sec % 60;
++ if ((long)(sec - time->tv_sec) > 0)
++ time->tv_sec = sec;
++}
++
+ /**
+ * tty_read - read method for tty device files
+ * @file: pointer to tty file
+@@ -977,8 +985,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
+ else
+ i = -EIO;
+ tty_ldisc_deref(ld);
++
+ if (i > 0)
+- inode->i_atime = current_fs_time(inode->i_sb);
++ tty_update_time(&inode->i_atime);
++
+ return i;
+ }
+
+@@ -1081,7 +1091,7 @@ static inline ssize_t do_tty_write(
+ }
+ if (written) {
+ struct inode *inode = file->f_path.dentry->d_inode;
+- inode->i_mtime = current_fs_time(inode->i_sb);
++ tty_update_time(&inode->i_mtime);
+ ret = written;
+ }
+ out:
+diff --git a/fs/aio.c b/fs/aio.c
+index 71f613c..ed762ae 100644
+--- a/fs/aio.c
++++ b/fs/aio.c
+@@ -1027,9 +1027,9 @@ static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent)
+ spin_unlock(&info->ring_lock);
+
+ out:
+- kunmap_atomic(ring);
+ dprintk("leaving aio_read_evt: %d h%lu t%lu\n", ret,
+ (unsigned long)ring->head, (unsigned long)ring->tail);
++ kunmap_atomic(ring);
+ return ret;
+ }
+
+diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
+index 9ef07d0..0e182f9 100644
+--- a/include/linux/netdevice.h
++++ b/include/linux/netdevice.h
+@@ -208,9 +208,9 @@ struct netdev_hw_addr {
+ #define NETDEV_HW_ADDR_T_SLAVE 3
+ #define NETDEV_HW_ADDR_T_UNICAST 4
+ #define NETDEV_HW_ADDR_T_MULTICAST 5
+- bool synced;
+ bool global_use;
+ int refcount;
++ int synced;
+ struct rcu_head rcu_head;
+ };
+
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+index 98399e2..9fe54b6 100644
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -2597,6 +2597,13 @@ static inline void nf_reset(struct sk_buff *skb)
+ #endif
+ }
+
++static inline void nf_reset_trace(struct sk_buff *skb)
++{
++#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
++ skb->nf_trace = 0;
++#endif
++}
++
+ /* Note: This doesn't put any conntrack and bridge info in dst. */
+ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
+ {
+diff --git a/include/net/scm.h b/include/net/scm.h
+index 975cca0..b117081 100644
+--- a/include/net/scm.h
++++ b/include/net/scm.h
+@@ -56,8 +56,8 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm,
+ scm->pid = get_pid(pid);
+ scm->cred = cred ? get_cred(cred) : NULL;
+ scm->creds.pid = pid_vnr(pid);
+- scm->creds.uid = cred ? cred->euid : INVALID_UID;
+- scm->creds.gid = cred ? cred->egid : INVALID_GID;
++ scm->creds.uid = cred ? cred->uid : INVALID_UID;
++ scm->creds.gid = cred ? cred->gid : INVALID_GID;
+ }
+
+ static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
+diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c
+index 4762316..5fc7aa5 100644
+--- a/kernel/trace/trace_selftest.c
++++ b/kernel/trace/trace_selftest.c
+@@ -452,7 +452,6 @@ trace_selftest_function_recursion(void)
+ char *func_name;
+ int len;
+ int ret;
+- int cnt;
+
+ /* The previous test PASSED */
+ pr_cont("PASSED\n");
+@@ -510,19 +509,10 @@ trace_selftest_function_recursion(void)
+
+ unregister_ftrace_function(&test_recsafe_probe);
+
+- /*
+- * If arch supports all ftrace features, and no other task
+- * was on the list, we should be fine.
+- */
+- if (!ftrace_nr_registered_ops() && !FTRACE_FORCE_LIST_FUNC)
+- cnt = 2; /* Should have recursed */
+- else
+- cnt = 1;
+-
+ ret = -1;
+- if (trace_selftest_recursion_cnt != cnt) {
+- pr_cont("*callback not called expected %d times (%d)* ",
+- cnt, trace_selftest_recursion_cnt);
++ if (trace_selftest_recursion_cnt != 2) {
++ pr_cont("*callback not called expected 2 times (%d)* ",
++ trace_selftest_recursion_cnt);
+ goto out;
+ }
+
+diff --git a/net/atm/common.c b/net/atm/common.c
+index 806fc0a..cf4b7e6 100644
+--- a/net/atm/common.c
++++ b/net/atm/common.c
+@@ -532,6 +532,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
+ struct sk_buff *skb;
+ int copied, error = -EINVAL;
+
++ msg->msg_namelen = 0;
++
+ if (sock->state != SS_CONNECTED)
+ return -ENOTCONN;
+
+diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
+index 779095d..d53a123 100644
+--- a/net/ax25/af_ax25.c
++++ b/net/ax25/af_ax25.c
+@@ -1647,6 +1647,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
+ ax25_address src;
+ const unsigned char *mac = skb_mac_header(skb);
+
++ memset(sax, 0, sizeof(struct full_sockaddr_ax25));
+ ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
+ &digi, NULL, NULL);
+ sax->sax25_family = AF_AX25;
+diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
+index 5355df6..b04795e 100644
+--- a/net/bluetooth/af_bluetooth.c
++++ b/net/bluetooth/af_bluetooth.c
+@@ -230,6 +230,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+ if (flags & (MSG_OOB))
+ return -EOPNOTSUPP;
+
++ msg->msg_namelen = 0;
++
+ skb = skb_recv_datagram(sk, flags, noblock, &err);
+ if (!skb) {
+ if (sk->sk_shutdown & RCV_SHUTDOWN)
+@@ -237,8 +239,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+ return err;
+ }
+
+- msg->msg_namelen = 0;
+-
+ copied = skb->len;
+ if (len < copied) {
+ msg->msg_flags |= MSG_TRUNC;
+diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
+index ce3f665..970fc13 100644
+--- a/net/bluetooth/rfcomm/sock.c
++++ b/net/bluetooth/rfcomm/sock.c
+@@ -610,6 +610,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+
+ if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
+ rfcomm_dlc_accept(d);
++ msg->msg_namelen = 0;
+ return 0;
+ }
+
+diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
+index aaf1957..cc16d1b 100644
+--- a/net/bluetooth/sco.c
++++ b/net/bluetooth/sco.c
+@@ -667,6 +667,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+ test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
+ hci_conn_accept(pi->conn->hcon, 0);
+ sk->sk_state = BT_CONFIG;
++ msg->msg_namelen = 0;
+
+ release_sock(sk);
+ return 0;
+diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
+index 095259f..ff2ff3c 100644
+--- a/net/caif/caif_socket.c
++++ b/net/caif/caif_socket.c
+@@ -286,6 +286,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
+ if (m->msg_flags&MSG_OOB)
+ goto read_error;
+
++ m->msg_namelen = 0;
++
+ skb = skb_recv_datagram(sk, flags, 0 , &ret);
+ if (!skb)
+ goto read_error;
+diff --git a/net/core/dev.c b/net/core/dev.c
+index 5d9c43d..d592214 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -1737,6 +1737,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+ skb->mark = 0;
+ secpath_reset(skb);
+ nf_reset(skb);
++ nf_reset_trace(skb);
+ return netif_rx(skb);
+ }
+ EXPORT_SYMBOL_GPL(dev_forward_skb);
+@@ -2017,6 +2018,9 @@ static void skb_warn_bad_offload(const struct sk_buff *skb)
+ struct net_device *dev = skb->dev;
+ const char *driver = "";
+
++ if (!net_ratelimit())
++ return;
++
+ if (dev && dev->dev.parent)
+ driver = dev_driver_string(dev->dev.parent);
+
+diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
+index b079c7b..7841d87 100644
+--- a/net/core/dev_addr_lists.c
++++ b/net/core/dev_addr_lists.c
+@@ -38,7 +38,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list,
+ ha->type = addr_type;
+ ha->refcount = 1;
+ ha->global_use = global;
+- ha->synced = false;
++ ha->synced = 0;
+ list_add_tail_rcu(&ha->list, &list->list);
+ list->count++;
+
+@@ -166,7 +166,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list,
+ addr_len, ha->type);
+ if (err)
+ break;
+- ha->synced = true;
++ ha->synced++;
+ ha->refcount++;
+ } else if (ha->refcount == 1) {
+ __hw_addr_del(to_list, ha->addr, addr_len, ha->type);
+@@ -187,7 +187,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list,
+ if (ha->synced) {
+ __hw_addr_del(to_list, ha->addr,
+ addr_len, ha->type);
+- ha->synced = false;
++ ha->synced--;
+ __hw_addr_del(from_list, ha->addr,
+ addr_len, ha->type);
+ }
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
+index 6212ec9..055fb13 100644
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -1068,7 +1068,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
+ rcu_read_lock();
+ cb->seq = net->dev_base_seq;
+
+- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
++ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+ ifla_policy) >= 0) {
+
+ if (tb[IFLA_EXT_MASK])
+@@ -1924,7 +1924,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
+ u32 ext_filter_mask = 0;
+ u16 min_ifinfo_dump_size = 0;
+
+- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
++ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+ ifla_policy) >= 0) {
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index 3b4f0cd..4cfe34d 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+
+ /* skb is pure payload to encrypt */
+
+- err = -ENOMEM;
+-
+ esp = x->data;
+ aead = esp->aead;
+ alen = crypto_aead_authsize(aead);
+@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+ }
+
+ tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
+- if (!tmp)
++ if (!tmp) {
++ err = -ENOMEM;
+ goto error;
++ }
+
+ seqhi = esp_tmp_seqhi(tmp);
+ iv = esp_tmp_iv(aead, tmp, seqhilen);
+diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
+index a8fc332..0fcfee3 100644
+--- a/net/ipv4/ip_fragment.c
++++ b/net/ipv4/ip_fragment.c
+@@ -255,8 +255,7 @@ static void ip_expire(unsigned long arg)
+ if (!head->dev)
+ goto out_rcu_unlock;
+
+- /* skb dst is stale, drop it, and perform route lookup again */
+- skb_dst_drop(head);
++ /* skb has no dst, perform route lookup again */
+ iph = ip_hdr(head);
+ err = ip_route_input_noref(head, iph->daddr, iph->saddr,
+ iph->tos, head->dev);
+@@ -525,8 +524,16 @@ found:
+ qp->q.max_size = skb->len + ihl;
+
+ if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
+- qp->q.meat == qp->q.len)
+- return ip_frag_reasm(qp, prev, dev);
++ qp->q.meat == qp->q.len) {
++ unsigned long orefdst = skb->_skb_refdst;
++
++ skb->_skb_refdst = 0UL;
++ err = ip_frag_reasm(qp, prev, dev);
++ skb->_skb_refdst = orefdst;
++ return err;
++ }
++
++ skb_dst_drop(skb);
+
+ write_lock(&ip4_frags.lock);
+ list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list);
+diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
+index b236ef0..f962f19 100644
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ * hasn't changed since we received the original syn, but I see
+ * no easy way to do this.
+ */
+- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
+- RT_SCOPE_UNIVERSE, IPPROTO_TCP,
++ flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark,
++ RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP,
+ inet_sk_flowi_flags(sk),
+ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
+ ireq->loc_addr, th->source, th->dest);
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
+index 9841a71..b4e8b79 100644
+--- a/net/ipv4/tcp_input.c
++++ b/net/ipv4/tcp_input.c
+@@ -116,6 +116,7 @@ int sysctl_tcp_early_retrans __read_mostly = 2;
+ #define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */
+ #define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */
+ #define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */
++#define FLAG_UPDATE_TS_RECENT 0x4000 /* tcp_replace_ts_recent() */
+
+ #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED)
+ #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED)
+@@ -3572,6 +3573,27 @@ static void tcp_send_challenge_ack(struct sock *sk)
+ }
+ }
+
++static void tcp_store_ts_recent(struct tcp_sock *tp)
++{
++ tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
++ tp->rx_opt.ts_recent_stamp = get_seconds();
++}
++
++static void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
++{
++ if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) {
++ /* PAWS bug workaround wrt. ACK frames, the PAWS discard
++ * extra check below makes sure this can only happen
++ * for pure ACK frames. -DaveM
++ *
++ * Not only, also it occurs for expired timestamps.
++ */
++
++ if (tcp_paws_check(&tp->rx_opt, 0))
++ tcp_store_ts_recent(tp);
++ }
++}
++
+ /* This routine deals with incoming acks, but not outgoing ones. */
+ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
+ {
+@@ -3624,6 +3646,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
+ prior_fackets = tp->fackets_out;
+ prior_in_flight = tcp_packets_in_flight(tp);
+
++ /* ts_recent update must be made after we are sure that the packet
++ * is in window.
++ */
++ if (flag & FLAG_UPDATE_TS_RECENT)
++ tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
++
+ if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) {
+ /* Window is constant, pure forward advance.
+ * No more checks are required.
+@@ -3940,27 +3968,6 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th)
+ EXPORT_SYMBOL(tcp_parse_md5sig_option);
+ #endif
+
+-static inline void tcp_store_ts_recent(struct tcp_sock *tp)
+-{
+- tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
+- tp->rx_opt.ts_recent_stamp = get_seconds();
+-}
+-
+-static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
+-{
+- if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) {
+- /* PAWS bug workaround wrt. ACK frames, the PAWS discard
+- * extra check below makes sure this can only happen
+- * for pure ACK frames. -DaveM
+- *
+- * Not only, also it occurs for expired timestamps.
+- */
+-
+- if (tcp_paws_check(&tp->rx_opt, 0))
+- tcp_store_ts_recent(tp);
+- }
+-}
+-
+ /* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM
+ *
+ * It is not fatal. If this ACK does _not_ change critical state (seqs, window)
+@@ -5556,14 +5563,9 @@ slow_path:
+ return 0;
+
+ step5:
+- if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
++ if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0)
+ goto discard;
+
+- /* ts_recent update must be made after we are sure that the packet
+- * is in window.
+- */
+- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
+-
+ tcp_rcv_rtt_measure_ts(sk, skb);
+
+ /* Process urgent data. */
+@@ -5997,7 +5999,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+
+ /* step 5: check the ACK field */
+ if (true) {
+- int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0;
++ int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH |
++ FLAG_UPDATE_TS_RECENT) > 0;
+
+ switch (sk->sk_state) {
+ case TCP_SYN_RECV:
+@@ -6148,11 +6151,6 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+ }
+ }
+
+- /* ts_recent update must be made after we are sure that the packet
+- * is in window.
+- */
+- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
+-
+ /* step 6: check the URG bit */
+ tcp_urg(sk, skb, th);
+
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
+index 17d659e..a9f50ee 100644
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
+ */
+ TCP_SKB_CB(skb)->when = tcp_time_stamp;
+
+- /* make sure skb->data is aligned on arches that require it */
+- if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) {
++ /* make sure skb->data is aligned on arches that require it
++ * and check if ack-trimming & collapsing extended the headroom
++ * beyond what csum_start can cover.
++ */
++ if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) ||
++ skb_headroom(skb) >= 0xFFFF)) {
+ struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER,
+ GFP_ATOMIC);
+ return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
+diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
+index a36d17e..e8676c2 100644
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -2525,6 +2525,9 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
+ static void init_loopback(struct net_device *dev)
+ {
+ struct inet6_dev *idev;
++ struct net_device *sp_dev;
++ struct inet6_ifaddr *sp_ifa;
++ struct rt6_info *sp_rt;
+
+ /* ::1 */
+
+@@ -2536,6 +2539,30 @@ static void init_loopback(struct net_device *dev)
+ }
+
+ add_addr(idev, &in6addr_loopback, 128, IFA_HOST);
++
++ /* Add routes to other interface's IPv6 addresses */
++ for_each_netdev(dev_net(dev), sp_dev) {
++ if (!strcmp(sp_dev->name, dev->name))
++ continue;
++
++ idev = __in6_dev_get(sp_dev);
++ if (!idev)
++ continue;
++
++ read_lock_bh(&idev->lock);
++ list_for_each_entry(sp_ifa, &idev->addr_list, if_list) {
++
++ if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE))
++ continue;
++
++ sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0);
++
++ /* Failure cases are ignored */
++ if (!IS_ERR(sp_rt))
++ ip6_ins_rt(sp_rt);
++ }
++ read_unlock_bh(&idev->lock);
++ }
+ }
+
+ static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr)
+diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
+index d9ba8a2..7a610a6 100644
+--- a/net/ipv6/reassembly.c
++++ b/net/ipv6/reassembly.c
+@@ -342,8 +342,17 @@ found:
+ }
+
+ if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
+- fq->q.meat == fq->q.len)
+- return ip6_frag_reasm(fq, prev, dev);
++ fq->q.meat == fq->q.len) {
++ int res;
++ unsigned long orefdst = skb->_skb_refdst;
++
++ skb->_skb_refdst = 0UL;
++ res = ip6_frag_reasm(fq, prev, dev);
++ skb->_skb_refdst = orefdst;
++ return res;
++ }
++
++ skb_dst_drop(skb);
+
+ write_lock(&ip6_frags.lock);
+ list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list);
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
+index 8d19346..89dfedd 100644
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+
+ if (dst)
+ dst->ops->redirect(dst, sk, skb);
++ goto out;
+ }
+
+ if (type == ICMPV6_PKT_TOOBIG) {
+diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
+index 4d04105..3c9bd59 100644
+--- a/net/irda/af_irda.c
++++ b/net/irda/af_irda.c
+@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
+
+ IRDA_DEBUG(4, "%s()\n", __func__);
+
++ msg->msg_namelen = 0;
++
+ skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
+ flags & MSG_DONTWAIT, &err);
+ if (!skb)
+diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
+index cd6f7a9..625bc50 100644
+--- a/net/iucv/af_iucv.c
++++ b/net/iucv/af_iucv.c
+@@ -1331,6 +1331,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+ struct sk_buff *skb, *rskb, *cskb;
+ int err = 0;
+
++ msg->msg_namelen = 0;
++
+ if ((sk->sk_state == IUCV_DISCONN) &&
+ skb_queue_empty(&iucv->backlog_skb_q) &&
+ skb_queue_empty(&sk->sk_receive_queue) &&
+diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
+index 8ee4a86..9e1822e 100644
+--- a/net/l2tp/l2tp_ip6.c
++++ b/net/l2tp/l2tp_ip6.c
+@@ -684,6 +684,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk,
+ lsa->l2tp_addr = ipv6_hdr(skb)->saddr;
+ lsa->l2tp_flowinfo = 0;
+ lsa->l2tp_scope_id = 0;
++ lsa->l2tp_conn_id = 0;
+ if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL)
+ lsa->l2tp_scope_id = IP6CB(skb)->iif;
+ }
+diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
+index 8870988..48aaa89 100644
+--- a/net/llc/af_llc.c
++++ b/net/llc/af_llc.c
+@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
+ int target; /* Read at least this many bytes */
+ long timeo;
+
++ msg->msg_namelen = 0;
++
+ lock_sock(sk);
+ copied = -ENOTCONN;
+ if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
+diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
+index 7261eb8..14c106b 100644
+--- a/net/netrom/af_netrom.c
++++ b/net/netrom/af_netrom.c
+@@ -1177,6 +1177,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
+ }
+
+ if (sax != NULL) {
++ memset(sax, 0, sizeof(sax));
+ sax->sax25_family = AF_NETROM;
+ skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
+ AX25_ADDR_LEN);
+diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
+index fea22eb..48fb1de 100644
+--- a/net/nfc/llcp/sock.c
++++ b/net/nfc/llcp/sock.c
+@@ -644,6 +644,8 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+
+ pr_debug("%p %zu\n", sk, len);
+
++ msg->msg_namelen = 0;
++
+ lock_sock(sk);
+
+ if (sk->sk_state == LLCP_CLOSED &&
+@@ -684,6 +686,7 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+
+ pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap);
+
++ memset(&sockaddr, 0, sizeof(sockaddr));
+ sockaddr.sa_family = AF_NFC;
+ sockaddr.nfc_protocol = NFC_PROTO_NFC_DEP;
+ sockaddr.dsap = ui_cb->dsap;
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
+index c4719ce..7f645d1 100644
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -1257,6 +1257,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
+ skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
+
+ if (srose != NULL) {
++ memset(srose, 0, msg->msg_namelen);
+ srose->srose_family = AF_ROSE;
+ srose->srose_addr = rose->dest_addr;
+ srose->srose_call = rose->dest_call;
+diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
+index 0e19948..ced81a1 100644
+--- a/net/sched/sch_cbq.c
++++ b/net/sched/sch_cbq.c
+@@ -962,8 +962,11 @@ cbq_dequeue(struct Qdisc *sch)
+ cbq_update(q);
+ if ((incr -= incr2) < 0)
+ incr = 0;
++ q->now += incr;
++ } else {
++ if (now > q->now)
++ q->now = now;
+ }
+- q->now += incr;
+ q->now_rt = now;
+
+ for (;;) {
+diff --git a/net/tipc/socket.c b/net/tipc/socket.c
+index 9b4e483..fc906d9 100644
+--- a/net/tipc/socket.c
++++ b/net/tipc/socket.c
+@@ -806,6 +806,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg)
+ if (addr) {
+ addr->family = AF_TIPC;
+ addr->addrtype = TIPC_ADDR_ID;
++ memset(&addr->addr, 0, sizeof(addr->addr));
+ addr->addr.id.ref = msg_origport(msg);
+ addr->addr.id.node = msg_orignode(msg);
+ addr->addr.name.domain = 0; /* could leave uninitialized */
+@@ -920,6 +921,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
+ goto exit;
+ }
+
++ /* will be updated in set_orig_addr() if needed */
++ m->msg_namelen = 0;
++
+ timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
+ restart:
+
+@@ -1029,6 +1033,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
+ goto exit;
+ }
+
++ /* will be updated in set_orig_addr() if needed */
++ m->msg_namelen = 0;
++
+ target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
+ timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
+
+diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
+index b45eb65..f347754 100644
+--- a/net/unix/af_unix.c
++++ b/net/unix/af_unix.c
+@@ -1995,7 +1995,7 @@ again:
+ if ((UNIXCB(skb).pid != siocb->scm->pid) ||
+ (UNIXCB(skb).cred != siocb->scm->cred))
+ break;
+- } else {
++ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
+ /* Copy credentials */
+ scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
+ check_creds = 1;
diff --git a/3.8.10/4420_grsecurity-2.9.1-3.8.10-201304262208.patch b/3.8.11/4420_grsecurity-2.9.1-3.8.11-201305011917.patch
similarity index 99%
rename from 3.8.10/4420_grsecurity-2.9.1-3.8.10-201304262208.patch
rename to 3.8.11/4420_grsecurity-2.9.1-3.8.11-201305011917.patch
index d87332f..3b5ee11 100644
--- a/3.8.10/4420_grsecurity-2.9.1-3.8.10-201304262208.patch
+++ b/3.8.11/4420_grsecurity-2.9.1-3.8.11-201305011917.patch
@@ -259,7 +259,7 @@ index 986614d..e8bfedc 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index e2b10b9..f916aa5 100644
+index 7e4eee5..271e75e 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -1559,33 +1559,6 @@ index 7eb18c1..e38b6d2 100644
#include <asm-generic/cmpxchg-local.h>
-diff --git a/arch/arm/include/asm/delay.h b/arch/arm/include/asm/delay.h
-index 720799f..2f67631 100644
---- a/arch/arm/include/asm/delay.h
-+++ b/arch/arm/include/asm/delay.h
-@@ -25,9 +25,9 @@ extern struct arm_delay_ops {
- void (*const_udelay)(unsigned long);
- void (*udelay)(unsigned long);
- bool const_clock;
--} arm_delay_ops;
-+} *arm_delay_ops;
-
--#define __delay(n) arm_delay_ops.delay(n)
-+#define __delay(n) arm_delay_ops->delay(n)
-
- /*
- * This function intentionally does not exist; if you see references to
-@@ -48,8 +48,8 @@ extern void __bad_udelay(void);
- * first constant multiplications gets optimized away if the delay is
- * a constant)
- */
--#define __udelay(n) arm_delay_ops.udelay(n)
--#define __const_udelay(n) arm_delay_ops.const_udelay(n)
-+#define __udelay(n) arm_delay_ops->udelay(n)
-+#define __const_udelay(n) arm_delay_ops->const_udelay(n)
-
- #define udelay(n) \
- (__builtin_constant_p(n) ? \
diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h
index 6ddbe44..b5e38b1 100644
--- a/arch/arm/include/asm/domain.h
@@ -3478,52 +3451,18 @@ index 7d08b43..f7ca7ea 100644
#include "csumpartialcopygeneric.S"
diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c
-index 6b93f6a..1aa92d0 100644
+index 6b93f6a..4aa5e85 100644
--- a/arch/arm/lib/delay.c
+++ b/arch/arm/lib/delay.c
-@@ -28,12 +28,15 @@
+@@ -28,7 +28,7 @@
/*
* Default to the loop-based delay implementation.
*/
-struct arm_delay_ops arm_delay_ops = {
-+static struct arm_delay_ops arm_loop_delay_ops = {
++struct arm_delay_ops arm_delay_ops __read_only = {
.delay = __loop_delay,
.const_udelay = __loop_const_udelay,
.udelay = __loop_udelay,
-+ .const_clock = false,
- };
-
-+struct arm_delay_ops *arm_delay_ops __read_only = &arm_loop_delay_ops;
-+
- static const struct delay_timer *delay_timer;
- static bool delay_calibrated;
-
-@@ -67,6 +70,13 @@ static void __timer_udelay(unsigned long usecs)
- __timer_const_udelay(usecs * UDELAY_MULT);
- }
-
-+static struct arm_delay_ops arm_timer_delay_ops = {
-+ .delay = __timer_delay,
-+ .const_udelay = __timer_const_udelay,
-+ .udelay = __timer_udelay,
-+ .const_clock = true,
-+};
-+
- void __init register_current_timer_delay(const struct delay_timer *timer)
- {
- if (!delay_calibrated) {
-@@ -74,10 +84,7 @@ void __init register_current_timer_delay(const struct delay_timer *timer)
- delay_timer = timer;
- lpj_fine = timer->freq / HZ;
- loops_per_jiffy = lpj_fine;
-- arm_delay_ops.delay = __timer_delay;
-- arm_delay_ops.const_udelay = __timer_const_udelay;
-- arm_delay_ops.udelay = __timer_udelay;
-- arm_delay_ops.const_clock = true;
-+ arm_delay_ops = &arm_timer_delay_ops;
- delay_calibrated = true;
- } else {
- pr_info("Ignoring duplicate/late registration of read_current_timer delay\n");
diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c
index 025f742..8432b08 100644
--- a/arch/arm/lib/uaccess_with_memcpy.c
@@ -8356,18 +8295,6 @@ index 6fc1348..390c50a 100644
#define __S100 PAGE_READONLY
#define __S101 PAGE_READONLY
#define __S110 PAGE_SHARED
-diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
-index 08fcce9..7619f2f 100644
---- a/arch/sparc/include/asm/pgtable_64.h
-+++ b/arch/sparc/include/asm/pgtable_64.h
-@@ -915,6 +915,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma,
- return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot);
- }
-
-+#include <asm/tlbflush.h>
- #include <asm-generic/pgtable.h>
-
- /* We provide our own get_unmapped_area to cope with VA holes and
diff --git a/arch/sparc/include/asm/pgtsrmmu.h b/arch/sparc/include/asm/pgtsrmmu.h
index 79da178..c2eede8 100644
--- a/arch/sparc/include/asm/pgtsrmmu.h
@@ -8485,20 +8412,6 @@ index 9689176..63c18ea 100644
{
unsigned long mask, tmp1, tmp2, result;
-diff --git a/arch/sparc/include/asm/switch_to_64.h b/arch/sparc/include/asm/switch_to_64.h
-index cad36f5..c7de332 100644
---- a/arch/sparc/include/asm/switch_to_64.h
-+++ b/arch/sparc/include/asm/switch_to_64.h
-@@ -18,8 +18,7 @@ do { \
- * and 2 stores in this critical code path. -DaveM
- */
- #define switch_to(prev, next, last) \
--do { flush_tlb_pending(); \
-- save_and_clear_fpu(); \
-+do { save_and_clear_fpu(); \
- /* If you are tempted to conditionalize the following */ \
- /* so that ASI is only written if it changes, think again. */ \
- __asm__ __volatile__("wr %%g0, %0, %%asi" \
diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h
index 25849ae..924c54b 100644
--- a/arch/sparc/include/asm/thread_info_32.h
@@ -8557,82 +8470,6 @@ index 269bd92..e46a9b8 100644
/*
* Thread-synchronous status.
*
-diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h
-index 2ef4634..f0d6a97 100644
---- a/arch/sparc/include/asm/tlbflush_64.h
-+++ b/arch/sparc/include/asm/tlbflush_64.h
-@@ -11,24 +11,40 @@
- struct tlb_batch {
- struct mm_struct *mm;
- unsigned long tlb_nr;
-+ unsigned long active;
- unsigned long vaddrs[TLB_BATCH_NR];
- };
-
- extern void flush_tsb_kernel_range(unsigned long start, unsigned long end);
- extern void flush_tsb_user(struct tlb_batch *tb);
-+extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr);
-
- /* TLB flush operations. */
-
-+static inline void flush_tlb_mm(struct mm_struct *mm)
-+{
-+}
-+
-+static inline void flush_tlb_page(struct vm_area_struct *vma,
-+ unsigned long vmaddr)
-+{
-+}
-+
-+static inline void flush_tlb_range(struct vm_area_struct *vma,
-+ unsigned long start, unsigned long end)
-+{
-+}
-+
-+#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE
-+
- extern void flush_tlb_pending(void);
--
--#define flush_tlb_range(vma,start,end) \
-- do { (void)(start); flush_tlb_pending(); } while (0)
--#define flush_tlb_page(vma,addr) flush_tlb_pending()
--#define flush_tlb_mm(mm) flush_tlb_pending()
-+extern void arch_enter_lazy_mmu_mode(void);
-+extern void arch_leave_lazy_mmu_mode(void);
-+#define arch_flush_lazy_mmu_mode() do {} while (0)
-
- /* Local cpu only. */
- extern void __flush_tlb_all(void);
--
-+extern void __flush_tlb_page(unsigned long context, unsigned long vaddr);
- extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end);
-
- #ifndef CONFIG_SMP
-@@ -38,15 +54,24 @@ do { flush_tsb_kernel_range(start,end); \
- __flush_tlb_kernel_range(start,end); \
- } while (0)
-
-+static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
-+{
-+ __flush_tlb_page(CTX_HWBITS(mm->context), vaddr);
-+}
-+
- #else /* CONFIG_SMP */
-
- extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end);
-+extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr);
-
- #define flush_tlb_kernel_range(start, end) \
- do { flush_tsb_kernel_range(start,end); \
- smp_flush_tlb_kernel_range(start, end); \
- } while (0)
-
-+#define global_flush_tlb_page(mm, vaddr) \
-+ smp_flush_tlb_page(mm, vaddr)
-+
- #endif /* ! CONFIG_SMP */
-
- #endif /* _SPARC64_TLBFLUSH_H */
diff --git a/arch/sparc/include/asm/uaccess.h b/arch/sparc/include/asm/uaccess.h
index 0167d26..767bb0c 100644
--- a/arch/sparc/include/asm/uaccess.h
@@ -8879,79 +8716,6 @@ index 7ff45e4..a58f271 100644
audit_syscall_exit(regs);
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
-diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
-index 537eb66..ca64d2a 100644
---- a/arch/sparc/kernel/smp_64.c
-+++ b/arch/sparc/kernel/smp_64.c
-@@ -849,7 +849,7 @@ void smp_tsb_sync(struct mm_struct *mm)
- }
-
- extern unsigned long xcall_flush_tlb_mm;
--extern unsigned long xcall_flush_tlb_pending;
-+extern unsigned long xcall_flush_tlb_page;
- extern unsigned long xcall_flush_tlb_kernel_range;
- extern unsigned long xcall_fetch_glob_regs;
- extern unsigned long xcall_fetch_glob_pmu;
-@@ -1074,23 +1074,56 @@ local_flush_and_out:
- put_cpu();
- }
-
-+struct tlb_pending_info {
-+ unsigned long ctx;
-+ unsigned long nr;
-+ unsigned long *vaddrs;
-+};
-+
-+static void tlb_pending_func(void *info)
-+{
-+ struct tlb_pending_info *t = info;
-+
-+ __flush_tlb_pending(t->ctx, t->nr, t->vaddrs);
-+}
-+
- void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs)
- {
- u32 ctx = CTX_HWBITS(mm->context);
-+ struct tlb_pending_info info;
- int cpu = get_cpu();
-
-+ info.ctx = ctx;
-+ info.nr = nr;
-+ info.vaddrs = vaddrs;
-+
- if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
- cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
- else
-- smp_cross_call_masked(&xcall_flush_tlb_pending,
-- ctx, nr, (unsigned long) vaddrs,
-- mm_cpumask(mm));
-+ smp_call_function_many(mm_cpumask(mm), tlb_pending_func,
-+ &info, 1);
-
- __flush_tlb_pending(ctx, nr, vaddrs);
-
- put_cpu();
- }
-
-+void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
-+{
-+ unsigned long context = CTX_HWBITS(mm->context);
-+ int cpu = get_cpu();
-+
-+ if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
-+ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
-+ else
-+ smp_cross_call_masked(&xcall_flush_tlb_page,
-+ context, vaddr, 0,
-+ mm_cpumask(mm));
-+ __flush_tlb_page(context, vaddr);
-+
-+ put_cpu();
-+}
-+
- void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end)
- {
- start &= PAGE_MASK;
diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c
index 2da0bdc..79128d2 100644
--- a/arch/sparc/kernel/sys_sparc_32.c
@@ -10627,377 +10391,6 @@ index d2b5944..bd813f2 100644
return addr;
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
-diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
-index ba6ae7f..83d89bc 100644
---- a/arch/sparc/mm/tlb.c
-+++ b/arch/sparc/mm/tlb.c
-@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch);
- void flush_tlb_pending(void)
- {
- struct tlb_batch *tb = &get_cpu_var(tlb_batch);
-+ struct mm_struct *mm = tb->mm;
-
-- if (tb->tlb_nr) {
-- flush_tsb_user(tb);
-+ if (!tb->tlb_nr)
-+ goto out;
-
-- if (CTX_VALID(tb->mm->context)) {
-+ flush_tsb_user(tb);
-+
-+ if (CTX_VALID(mm->context)) {
-+ if (tb->tlb_nr == 1) {
-+ global_flush_tlb_page(mm, tb->vaddrs[0]);
-+ } else {
- #ifdef CONFIG_SMP
- smp_flush_tlb_pending(tb->mm, tb->tlb_nr,
- &tb->vaddrs[0]);
-@@ -37,12 +43,30 @@ void flush_tlb_pending(void)
- tb->tlb_nr, &tb->vaddrs[0]);
- #endif
- }
-- tb->tlb_nr = 0;
- }
-
-+ tb->tlb_nr = 0;
-+
-+out:
- put_cpu_var(tlb_batch);
- }
-
-+void arch_enter_lazy_mmu_mode(void)
-+{
-+ struct tlb_batch *tb = &__get_cpu_var(tlb_batch);
-+
-+ tb->active = 1;
-+}
-+
-+void arch_leave_lazy_mmu_mode(void)
-+{
-+ struct tlb_batch *tb = &__get_cpu_var(tlb_batch);
-+
-+ if (tb->tlb_nr)
-+ flush_tlb_pending();
-+ tb->active = 0;
-+}
-+
- static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
- bool exec)
- {
-@@ -60,6 +84,12 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
- nr = 0;
- }
-
-+ if (!tb->active) {
-+ global_flush_tlb_page(mm, vaddr);
-+ flush_tsb_user_page(mm, vaddr);
-+ goto out;
-+ }
-+
- if (nr == 0)
- tb->mm = mm;
-
-@@ -68,6 +98,7 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
- if (nr >= TLB_BATCH_NR)
- flush_tlb_pending();
-
-+out:
- put_cpu_var(tlb_batch);
- }
-
-diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c
-index 428982b..2cc3bce 100644
---- a/arch/sparc/mm/tsb.c
-+++ b/arch/sparc/mm/tsb.c
-@@ -7,11 +7,10 @@
- #include <linux/preempt.h>
- #include <linux/slab.h>
- #include <asm/page.h>
--#include <asm/tlbflush.h>
--#include <asm/tlb.h>
--#include <asm/mmu_context.h>
- #include <asm/pgtable.h>
-+#include <asm/mmu_context.h>
- #include <asm/tsb.h>
-+#include <asm/tlb.h>
- #include <asm/oplib.h>
-
- extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
-@@ -46,23 +45,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end)
- }
- }
-
-+static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v,
-+ unsigned long hash_shift,
-+ unsigned long nentries)
-+{
-+ unsigned long tag, ent, hash;
-+
-+ v &= ~0x1UL;
-+ hash = tsb_hash(v, hash_shift, nentries);
-+ ent = tsb + (hash * sizeof(struct tsb));
-+ tag = (v >> 22UL);
-+
-+ tsb_flush(ent, tag);
-+}
-+
- static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift,
- unsigned long tsb, unsigned long nentries)
- {
- unsigned long i;
-
-- for (i = 0; i < tb->tlb_nr; i++) {
-- unsigned long v = tb->vaddrs[i];
-- unsigned long tag, ent, hash;
--
-- v &= ~0x1UL;
--
-- hash = tsb_hash(v, hash_shift, nentries);
-- ent = tsb + (hash * sizeof(struct tsb));
-- tag = (v >> 22UL);
--
-- tsb_flush(ent, tag);
-- }
-+ for (i = 0; i < tb->tlb_nr; i++)
-+ __flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries);
- }
-
- void flush_tsb_user(struct tlb_batch *tb)
-@@ -90,6 +93,30 @@ void flush_tsb_user(struct tlb_batch *tb)
- spin_unlock_irqrestore(&mm->context.lock, flags);
- }
-
-+void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr)
-+{
-+ unsigned long nentries, base, flags;
-+
-+ spin_lock_irqsave(&mm->context.lock, flags);
-+
-+ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
-+ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
-+ if (tlb_type == cheetah_plus || tlb_type == hypervisor)
-+ base = __pa(base);
-+ __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries);
-+
-+#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
-+ if (mm->context.tsb_block[MM_TSB_HUGE].tsb) {
-+ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb;
-+ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries;
-+ if (tlb_type == cheetah_plus || tlb_type == hypervisor)
-+ base = __pa(base);
-+ __flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries);
-+ }
-+#endif
-+ spin_unlock_irqrestore(&mm->context.lock, flags);
-+}
-+
- #define HV_PGSZ_IDX_BASE HV_PGSZ_IDX_8K
- #define HV_PGSZ_MASK_BASE HV_PGSZ_MASK_8K
-
-diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S
-index f8e13d4..432aa0c 100644
---- a/arch/sparc/mm/ultra.S
-+++ b/arch/sparc/mm/ultra.S
-@@ -53,6 +53,33 @@ __flush_tlb_mm: /* 18 insns */
- nop
-
- .align 32
-+ .globl __flush_tlb_page
-+__flush_tlb_page: /* 22 insns */
-+ /* %o0 = context, %o1 = vaddr */
-+ rdpr %pstate, %g7
-+ andn %g7, PSTATE_IE, %g2
-+ wrpr %g2, %pstate
-+ mov SECONDARY_CONTEXT, %o4
-+ ldxa [%o4] ASI_DMMU, %g2
-+ stxa %o0, [%o4] ASI_DMMU
-+ andcc %o1, 1, %g0
-+ andn %o1, 1, %o3
-+ be,pn %icc, 1f
-+ or %o3, 0x10, %o3
-+ stxa %g0, [%o3] ASI_IMMU_DEMAP
-+1: stxa %g0, [%o3] ASI_DMMU_DEMAP
-+ membar #Sync
-+ stxa %g2, [%o4] ASI_DMMU
-+ sethi %hi(KERNBASE), %o4
-+ flush %o4
-+ retl
-+ wrpr %g7, 0x0, %pstate
-+ nop
-+ nop
-+ nop
-+ nop
-+
-+ .align 32
- .globl __flush_tlb_pending
- __flush_tlb_pending: /* 26 insns */
- /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
-@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */
- retl
- wrpr %g7, 0x0, %pstate
-
-+__cheetah_flush_tlb_page: /* 22 insns */
-+ /* %o0 = context, %o1 = vaddr */
-+ rdpr %pstate, %g7
-+ andn %g7, PSTATE_IE, %g2
-+ wrpr %g2, 0x0, %pstate
-+ wrpr %g0, 1, %tl
-+ mov PRIMARY_CONTEXT, %o4
-+ ldxa [%o4] ASI_DMMU, %g2
-+ srlx %g2, CTX_PGSZ1_NUC_SHIFT, %o3
-+ sllx %o3, CTX_PGSZ1_NUC_SHIFT, %o3
-+ or %o0, %o3, %o0 /* Preserve nucleus page size fields */
-+ stxa %o0, [%o4] ASI_DMMU
-+ andcc %o1, 1, %g0
-+ be,pn %icc, 1f
-+ andn %o1, 1, %o3
-+ stxa %g0, [%o3] ASI_IMMU_DEMAP
-+1: stxa %g0, [%o3] ASI_DMMU_DEMAP
-+ membar #Sync
-+ stxa %g2, [%o4] ASI_DMMU
-+ sethi %hi(KERNBASE), %o4
-+ flush %o4
-+ wrpr %g0, 0, %tl
-+ retl
-+ wrpr %g7, 0x0, %pstate
-+
- __cheetah_flush_tlb_pending: /* 27 insns */
- /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
- rdpr %pstate, %g7
-@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */
- retl
- nop
-
-+__hypervisor_flush_tlb_page: /* 11 insns */
-+ /* %o0 = context, %o1 = vaddr */
-+ mov %o0, %g2
-+ mov %o1, %o0 /* ARG0: vaddr + IMMU-bit */
-+ mov %g2, %o1 /* ARG1: mmu context */
-+ mov HV_MMU_ALL, %o2 /* ARG2: flags */
-+ srlx %o0, PAGE_SHIFT, %o0
-+ sllx %o0, PAGE_SHIFT, %o0
-+ ta HV_MMU_UNMAP_ADDR_TRAP
-+ brnz,pn %o0, __hypervisor_tlb_tl0_error
-+ mov HV_MMU_UNMAP_ADDR_TRAP, %o1
-+ retl
-+ nop
-+
- __hypervisor_flush_tlb_pending: /* 16 insns */
- /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
- sllx %o1, 3, %g1
-@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops:
- call tlb_patch_one
- mov 19, %o2
-
-+ sethi %hi(__flush_tlb_page), %o0
-+ or %o0, %lo(__flush_tlb_page), %o0
-+ sethi %hi(__cheetah_flush_tlb_page), %o1
-+ or %o1, %lo(__cheetah_flush_tlb_page), %o1
-+ call tlb_patch_one
-+ mov 22, %o2
-+
- sethi %hi(__flush_tlb_pending), %o0
- or %o0, %lo(__flush_tlb_pending), %o0
- sethi %hi(__cheetah_flush_tlb_pending), %o1
-@@ -397,10 +470,9 @@ xcall_flush_tlb_mm: /* 21 insns */
- nop
- nop
-
-- .globl xcall_flush_tlb_pending
--xcall_flush_tlb_pending: /* 21 insns */
-- /* %g5=context, %g1=nr, %g7=vaddrs[] */
-- sllx %g1, 3, %g1
-+ .globl xcall_flush_tlb_page
-+xcall_flush_tlb_page: /* 17 insns */
-+ /* %g5=context, %g1=vaddr */
- mov PRIMARY_CONTEXT, %g4
- ldxa [%g4] ASI_DMMU, %g2
- srlx %g2, CTX_PGSZ1_NUC_SHIFT, %g4
-@@ -408,20 +480,16 @@ xcall_flush_tlb_pending: /* 21 insns */
- or %g5, %g4, %g5
- mov PRIMARY_CONTEXT, %g4
- stxa %g5, [%g4] ASI_DMMU
--1: sub %g1, (1 << 3), %g1
-- ldx [%g7 + %g1], %g5
-- andcc %g5, 0x1, %g0
-+ andcc %g1, 0x1, %g0
- be,pn %icc, 2f
--
-- andn %g5, 0x1, %g5
-+ andn %g1, 0x1, %g5
- stxa %g0, [%g5] ASI_IMMU_DEMAP
- 2: stxa %g0, [%g5] ASI_DMMU_DEMAP
- membar #Sync
-- brnz,pt %g1, 1b
-- nop
- stxa %g2, [%g4] ASI_DMMU
- retry
- nop
-+ nop
-
- .globl xcall_flush_tlb_kernel_range
- xcall_flush_tlb_kernel_range: /* 25 insns */
-@@ -656,15 +724,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */
- membar #Sync
- retry
-
-- .globl __hypervisor_xcall_flush_tlb_pending
--__hypervisor_xcall_flush_tlb_pending: /* 21 insns */
-- /* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */
-- sllx %g1, 3, %g1
-+ .globl __hypervisor_xcall_flush_tlb_page
-+__hypervisor_xcall_flush_tlb_page: /* 17 insns */
-+ /* %g5=ctx, %g1=vaddr */
- mov %o0, %g2
- mov %o1, %g3
- mov %o2, %g4
--1: sub %g1, (1 << 3), %g1
-- ldx [%g7 + %g1], %o0 /* ARG0: virtual address */
-+ mov %g1, %o0 /* ARG0: virtual address */
- mov %g5, %o1 /* ARG1: mmu context */
- mov HV_MMU_ALL, %o2 /* ARG2: flags */
- srlx %o0, PAGE_SHIFT, %o0
-@@ -673,8 +739,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */
- mov HV_MMU_UNMAP_ADDR_TRAP, %g6
- brnz,a,pn %o0, __hypervisor_tlb_xcall_error
- mov %o0, %g5
-- brnz,pt %g1, 1b
-- nop
- mov %g2, %o0
- mov %g3, %o1
- mov %g4, %o2
-@@ -757,6 +821,13 @@ hypervisor_patch_cachetlbops:
- call tlb_patch_one
- mov 10, %o2
-
-+ sethi %hi(__flush_tlb_page), %o0
-+ or %o0, %lo(__flush_tlb_page), %o0
-+ sethi %hi(__hypervisor_flush_tlb_page), %o1
-+ or %o1, %lo(__hypervisor_flush_tlb_page), %o1
-+ call tlb_patch_one
-+ mov 11, %o2
-+
- sethi %hi(__flush_tlb_pending), %o0
- or %o0, %lo(__flush_tlb_pending), %o0
- sethi %hi(__hypervisor_flush_tlb_pending), %o1
-@@ -788,12 +859,12 @@ hypervisor_patch_cachetlbops:
- call tlb_patch_one
- mov 21, %o2
-
-- sethi %hi(xcall_flush_tlb_pending), %o0
-- or %o0, %lo(xcall_flush_tlb_pending), %o0
-- sethi %hi(__hypervisor_xcall_flush_tlb_pending), %o1
-- or %o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1
-+ sethi %hi(xcall_flush_tlb_page), %o0
-+ or %o0, %lo(xcall_flush_tlb_page), %o0
-+ sethi %hi(__hypervisor_xcall_flush_tlb_page), %o1
-+ or %o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1
- call tlb_patch_one
-- mov 21, %o2
-+ mov 17, %o2
-
- sethi %hi(xcall_flush_tlb_kernel_range), %o0
- or %o0, %lo(xcall_flush_tlb_kernel_range), %o0
diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h
index f4500c6..889656c 100644
--- a/arch/tile/include/asm/atomic_64.h
@@ -11068,6 +10461,18 @@ index 133f7de..1d6f2f1 100644
#This will adjust *FLAGS accordingly to the platform.
include $(srctree)/$(ARCH_DIR)/Makefile-os-$(OS)
+diff --git a/arch/um/defconfig b/arch/um/defconfig
+index 08107a7..ab22afe 100644
+--- a/arch/um/defconfig
++++ b/arch/um/defconfig
+@@ -51,7 +51,6 @@ CONFIG_X86_CMPXCHG=y
+ CONFIG_X86_L1_CACHE_SHIFT=5
+ CONFIG_X86_XADD=y
+ CONFIG_X86_PPRO_FENCE=y
+-CONFIG_X86_WP_WORKS_OK=y
+ CONFIG_X86_INVLPG=y
+ CONFIG_X86_BSWAP=y
+ CONFIG_X86_POPAD_OK=y
diff --git a/arch/um/include/asm/cache.h b/arch/um/include/asm/cache.h
index 19e1bdd..3665b77 100644
--- a/arch/um/include/asm/cache.h
@@ -19893,7 +19298,7 @@ index 6ed91d9..6cc365b 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index cb3c591..7ba137c 100644
+index cb3c591..0617fa7 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -19980,7 +19385,7 @@ index cb3c591..7ba137c 100644
#endif
-@@ -284,6 +293,273 @@ ENTRY(native_usergs_sysret64)
+@@ -284,6 +293,282 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -20051,6 +19456,9 @@ index cb3c591..7ba137c 100644
+ mov %cs,%rdi
+ cmp $__KERNEXEC_KERNEL_CS,%edi
+ jz 2f
++ GET_CR0_INTO_RDI
++ bts $16,%rdi
++ jnc 4f
+1:
+
+#ifdef CONFIG_PARAVIRT
@@ -20063,9 +19471,12 @@ index cb3c591..7ba137c 100644
+
+2: GET_CR0_INTO_RDI
+ btr $16,%rdi
++ jnc 4f
+ ljmpq __KERNEL_CS,3f
+3: SET_RDI_INTO_CR0
+ jmp 1b
++4: ud2
++ jmp 4b
+ENDPROC(pax_exit_kernel)
+#endif
+
@@ -20155,6 +19566,7 @@ index cb3c591..7ba137c 100644
+#ifdef CONFIG_PAX_KERNEXEC
+ GET_CR0_INTO_RDI
+ btr $16,%rdi
++ jnc 3f
+ SET_RDI_INTO_CR0
+#endif
+
@@ -20192,6 +19604,8 @@ index cb3c591..7ba137c 100644
+ popq %rdi
+ pax_force_retaddr
+ retq
++3: ud2
++ jmp 3b
+ENDPROC(pax_exit_kernel_user)
+#endif
+
@@ -20254,7 +19668,7 @@ index cb3c591..7ba137c 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -375,8 +651,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -375,8 +660,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
@@ -20265,7 +19679,7 @@ index cb3c591..7ba137c 100644
.endm
/*
-@@ -463,7 +739,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -463,7 +748,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -20274,7 +19688,7 @@ index cb3c591..7ba137c 100644
je 1f
SWAPGS
/*
-@@ -498,9 +774,10 @@ ENTRY(save_rest)
+@@ -498,9 +783,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
@@ -20286,7 +19700,7 @@ index cb3c591..7ba137c 100644
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -529,9 +806,10 @@ ENTRY(save_paranoid)
+@@ -529,9 +815,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -20299,7 +19713,7 @@ index cb3c591..7ba137c 100644
.popsection
/*
-@@ -553,7 +831,7 @@ ENTRY(ret_from_fork)
+@@ -553,7 +840,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -20308,7 +19722,7 @@ index cb3c591..7ba137c 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -571,7 +849,7 @@ ENTRY(ret_from_fork)
+@@ -571,7 +858,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -20317,7 +19731,7 @@ index cb3c591..7ba137c 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -608,7 +886,7 @@ END(ret_from_fork)
+@@ -608,7 +895,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -20326,7 +19740,7 @@ index cb3c591..7ba137c 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -621,16 +899,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -621,16 +908,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -20352,7 +19766,7 @@ index cb3c591..7ba137c 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -640,7 +925,7 @@ system_call_fastpath:
+@@ -640,7 +934,7 @@ system_call_fastpath:
cmpl $__NR_syscall_max,%eax
#endif
ja badsys
@@ -20361,7 +19775,7 @@ index cb3c591..7ba137c 100644
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -654,10 +939,13 @@ sysret_check:
+@@ -654,10 +948,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -20376,7 +19790,7 @@ index cb3c591..7ba137c 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -709,14 +997,18 @@ badsys:
+@@ -709,14 +1006,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
@@ -20396,7 +19810,7 @@ index cb3c591..7ba137c 100644
jmp system_call_fastpath
/*
-@@ -737,7 +1029,7 @@ sysret_audit:
+@@ -737,7 +1038,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -20405,7 +19819,7 @@ index cb3c591..7ba137c 100644
jz auditsys
#endif
SAVE_REST
-@@ -745,12 +1037,16 @@ tracesys:
+@@ -745,12 +1046,16 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -20422,7 +19836,7 @@ index cb3c591..7ba137c 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -759,7 +1055,7 @@ tracesys:
+@@ -759,7 +1064,7 @@ tracesys:
cmpl $__NR_syscall_max,%eax
#endif
ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */
@@ -20431,7 +19845,7 @@ index cb3c591..7ba137c 100644
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -780,7 +1076,9 @@ GLOBAL(int_with_check)
+@@ -780,7 +1085,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -20442,7 +19856,7 @@ index cb3c591..7ba137c 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -826,7 +1124,7 @@ int_restore_rest:
+@@ -826,7 +1133,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -20451,7 +19865,7 @@ index cb3c591..7ba137c 100644
/*
* Certain special system calls that need to save a complete full stack frame.
-@@ -842,7 +1140,7 @@ ENTRY(\label)
+@@ -842,7 +1149,7 @@ ENTRY(\label)
call \func
jmp ptregscall_common
CFI_ENDPROC
@@ -20460,7 +19874,7 @@ index cb3c591..7ba137c 100644
.endm
.macro FORK_LIKE func
-@@ -856,9 +1154,10 @@ ENTRY(stub_\func)
+@@ -856,9 +1163,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -20472,7 +19886,7 @@ index cb3c591..7ba137c 100644
.endm
FORK_LIKE clone
-@@ -875,9 +1174,10 @@ ENTRY(ptregscall_common)
+@@ -875,9 +1183,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
@@ -20484,7 +19898,7 @@ index cb3c591..7ba137c 100644
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -891,7 +1191,7 @@ ENTRY(stub_execve)
+@@ -891,7 +1200,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -20493,7 +19907,7 @@ index cb3c591..7ba137c 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -909,7 +1209,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -909,7 +1218,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -20502,7 +19916,7 @@ index cb3c591..7ba137c 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -975,7 +1275,7 @@ vector=vector+1
+@@ -975,7 +1284,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -20511,7 +19925,7 @@ index cb3c591..7ba137c 100644
.previous
END(interrupt)
-@@ -995,6 +1295,16 @@ END(interrupt)
+@@ -995,6 +1304,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
@@ -20528,7 +19942,7 @@ index cb3c591..7ba137c 100644
call \func
.endm
-@@ -1027,7 +1337,7 @@ ret_from_intr:
+@@ -1027,7 +1346,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -20537,7 +19951,7 @@ index cb3c591..7ba137c 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1049,12 +1359,16 @@ retint_swapgs: /* return to user-space */
+@@ -1049,12 +1368,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -20554,7 +19968,7 @@ index cb3c591..7ba137c 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1137,7 +1451,7 @@ ENTRY(retint_kernel)
+@@ -1137,7 +1460,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -20563,7 +19977,7 @@ index cb3c591..7ba137c 100644
/*
* End of kprobes section
*/
-@@ -1155,7 +1469,7 @@ ENTRY(\sym)
+@@ -1155,7 +1478,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -20572,7 +19986,7 @@ index cb3c591..7ba137c 100644
.endm
#ifdef CONFIG_SMP
-@@ -1211,12 +1525,22 @@ ENTRY(\sym)
+@@ -1211,12 +1534,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -20596,7 +20010,7 @@ index cb3c591..7ba137c 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1229,15 +1553,25 @@ ENTRY(\sym)
+@@ -1229,15 +1562,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -20624,7 +20038,7 @@ index cb3c591..7ba137c 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1248,14 +1582,30 @@ ENTRY(\sym)
+@@ -1248,14 +1591,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF_DEBUG
@@ -20656,7 +20070,7 @@ index cb3c591..7ba137c 100644
.endm
.macro errorentry sym do_sym
-@@ -1267,13 +1617,23 @@ ENTRY(\sym)
+@@ -1267,13 +1626,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -20681,7 +20095,7 @@ index cb3c591..7ba137c 100644
.endm
/* error code is on the stack already */
-@@ -1287,13 +1647,23 @@ ENTRY(\sym)
+@@ -1287,13 +1656,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -20706,7 +20120,7 @@ index cb3c591..7ba137c 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1323,9 +1693,10 @@ gs_change:
+@@ -1323,9 +1702,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -20718,7 +20132,7 @@ index cb3c591..7ba137c 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1353,9 +1724,10 @@ ENTRY(call_softirq)
+@@ -1353,9 +1733,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -20730,7 +20144,7 @@ index cb3c591..7ba137c 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1393,7 +1765,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1393,7 +1774,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -20739,7 +20153,7 @@ index cb3c591..7ba137c 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1452,7 +1824,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1452,7 +1833,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -20748,7 +20162,7 @@ index cb3c591..7ba137c 100644
apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1501,16 +1873,31 @@ ENTRY(paranoid_exit)
+@@ -1501,16 +1882,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF_DEBUG
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -20781,7 +20195,7 @@ index cb3c591..7ba137c 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1539,7 +1926,7 @@ paranoid_schedule:
+@@ -1539,7 +1935,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -20790,7 +20204,7 @@ index cb3c591..7ba137c 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1566,12 +1953,13 @@ ENTRY(error_entry)
+@@ -1566,12 +1962,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -20805,7 +20219,7 @@ index cb3c591..7ba137c 100644
ret
/*
-@@ -1598,7 +1986,7 @@ bstep_iret:
+@@ -1598,7 +1995,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -20814,7 +20228,7 @@ index cb3c591..7ba137c 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1618,7 +2006,7 @@ ENTRY(error_exit)
+@@ -1618,7 +2015,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -20823,7 +20237,7 @@ index cb3c591..7ba137c 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1676,9 +2064,11 @@ ENTRY(nmi)
+@@ -1676,9 +2073,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -20836,7 +20250,7 @@ index cb3c591..7ba137c 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1712,14 +2102,13 @@ nested_nmi:
+@@ -1712,8 +2111,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -20846,14 +20260,7 @@ index cb3c591..7ba137c 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
- pushq_cfi %rdx
- pushfq_cfi
-- pushq_cfi $__KERNEL_CS
-+ pushq_cfi 6*8(%rsp)
- pushq_cfi $repeat_nmi
-
- /* Put stack back */
-@@ -1731,6 +2120,7 @@ nested_nmi_out:
+@@ -1731,6 +2129,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -20861,7 +20268,7 @@ index cb3c591..7ba137c 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1847,6 +2237,17 @@ end_repeat_nmi:
+@@ -1847,6 +2246,17 @@ end_repeat_nmi:
*/
movq %cr2, %r12
@@ -20879,7 +20286,7 @@ index cb3c591..7ba137c 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1862,23 +2263,34 @@ end_repeat_nmi:
+@@ -1862,23 +2272,34 @@ end_repeat_nmi:
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
nmi_swapgs:
@@ -21782,9 +21189,18 @@ index 245a71d..89d9ce4 100644
/*
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
-index 9a5c460..b332a4b 100644
+index 9a5c460..84868423 100644
--- a/arch/x86/kernel/i8259.c
+++ b/arch/x86/kernel/i8259.c
+@@ -110,7 +110,7 @@ static int i8259A_irq_pending(unsigned int irq)
+ static void make_8259A_irq(unsigned int irq)
+ {
+ disable_irq_nosync(irq);
+- io_apic_irqs &= ~(1<<irq);
++ io_apic_irqs &= ~(1UL<<irq);
+ irq_set_chip_and_handler_name(irq, &i8259A_chip, handle_level_irq,
+ i8259A_chip.name);
+ enable_irq(irq);
@@ -209,7 +209,7 @@ spurious_8259A_irq:
"spurious 8259A interrupt: IRQ%d.\n", irq);
spurious_irq_mask |= irqmask;
@@ -22865,6 +22281,19 @@ index 8bfb335..c1463c6 100644
};
EXPORT_SYMBOL_GPL(pv_time_ops);
+diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c
+index 299d493..2ccb0ee 100644
+--- a/arch/x86/kernel/pci-calgary_64.c
++++ b/arch/x86/kernel/pci-calgary_64.c
+@@ -1339,7 +1339,7 @@ static void __init get_tce_space_from_tar(void)
+ tce_space = be64_to_cpu(readq(target));
+ tce_space = tce_space & TAR_SW_BITS;
+
+- tce_space = tce_space & (~specified_table_size);
++ tce_space = tce_space & (~(unsigned long)specified_table_size);
+ info->tce_space = (u64 *)__va(tce_space);
+ }
+ }
diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c
index 35ccf75..7a15747 100644
--- a/arch/x86/kernel/pci-iommu_table.c
@@ -24938,9 +24367,24 @@ index d29d3cd..ec9d522 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 9120ae1..238abc0 100644
+index 9120ae1..aca46d0 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
+@@ -1164,12 +1164,12 @@ static void vmcs_write64(unsigned long field, u64 value)
+ #endif
+ }
+
+-static void vmcs_clear_bits(unsigned long field, u32 mask)
++static void vmcs_clear_bits(unsigned long field, unsigned long mask)
+ {
+ vmcs_writel(field, vmcs_readl(field) & ~mask);
+ }
+
+-static void vmcs_set_bits(unsigned long field, u32 mask)
++static void vmcs_set_bits(unsigned long field, unsigned long mask)
+ {
+ vmcs_writel(field, vmcs_readl(field) | mask);
+ }
@@ -1370,7 +1370,11 @@ static void reload_tss(void)
struct desc_struct *descs;
@@ -34457,6 +33901,19 @@ index f74f2c0..bb668af 100644
set_fs(old_fs);
if (likely(bw == len))
return 0;
+diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
+index 2e7de7a..ed86dc0 100644
+--- a/drivers/block/pktcdvd.c
++++ b/drivers/block/pktcdvd.c
+@@ -83,7 +83,7 @@
+
+ #define MAX_SPEED 0xffff
+
+-#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1))
++#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1UL))
+
+ static DEFINE_MUTEX(pktcdvd_mutex);
+ static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index d620b44..587561e 100644
--- a/drivers/cdrom/cdrom.c
@@ -40194,10 +39651,10 @@ index 8dd6ba5..419cc1d 100644
struct sm_sysfs_attribute *vendor_attribute;
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
-index 27cdf1f..8c37357 100644
+index 045dc53..b1e5473 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
-@@ -4859,7 +4859,7 @@ static unsigned int bond_get_num_tx_queues(void)
+@@ -4865,7 +4865,7 @@ static unsigned int bond_get_num_tx_queues(void)
return tx_queues;
}
@@ -40206,7 +39663,7 @@ index 27cdf1f..8c37357 100644
.kind = "bond",
.priv_size = sizeof(struct bonding),
.setup = bond_setup,
-@@ -4975,8 +4975,8 @@ static void __exit bonding_exit(void)
+@@ -4990,8 +4990,8 @@ static void __exit bonding_exit(void)
bond_destroy_debugfs();
@@ -40899,19 +40356,6 @@ index cb95fe5..16909e2 100644
if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
if (copy_from_user(&ifr, argp, ifreq_len))
return -EFAULT;
-diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c
-index 16c8429..6bd9167 100644
---- a/drivers/net/usb/cdc_mbim.c
-+++ b/drivers/net/usb/cdc_mbim.c
-@@ -134,7 +134,7 @@ static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb
- goto error;
-
- if (skb) {
-- if (skb->len <= sizeof(ETH_HLEN))
-+ if (skb->len <= ETH_HLEN)
- goto error;
-
- /* mapping VLANs to MBIM sessions:
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
index cd8ccb2..cff5144 100644
--- a/drivers/net/usb/hso.c
@@ -44868,47 +44312,10 @@ index b3c4a25..723916f 100644
if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index da9fde8..621d6dc 100644
+index 892ecda..90cbf36 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
-@@ -941,6 +941,14 @@ void start_tty(struct tty_struct *tty)
-
- EXPORT_SYMBOL(start_tty);
-
-+static void tty_update_time(struct timespec *time)
-+{
-+ unsigned long sec = get_seconds();
-+ sec -= sec % 60;
-+ if ((long)(sec - time->tv_sec) > 0)
-+ time->tv_sec = sec;
-+}
-+
- /**
- * tty_read - read method for tty device files
- * @file: pointer to tty file
-@@ -977,8 +985,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
- else
- i = -EIO;
- tty_ldisc_deref(ld);
-+
- if (i > 0)
-- inode->i_atime = current_fs_time(inode->i_sb);
-+ tty_update_time(&inode->i_atime);
-+
- return i;
- }
-
-@@ -1080,8 +1090,7 @@ static inline ssize_t do_tty_write(
- cond_resched();
- }
- if (written) {
-- struct inode *inode = file->f_path.dentry->d_inode;
-- inode->i_mtime = current_fs_time(inode->i_sb);
-+ tty_update_time(&file->f_path.dentry->d_inode->i_mtime);
- ret = written;
- }
- out:
-@@ -3391,7 +3400,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3401,7 +3401,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
void tty_default_fops(struct file_operations *fops)
{
@@ -48976,7 +48383,7 @@ index 0efd152..b5802ad 100644
A.out (Assembler.OUTput) is a set of formats for libraries and
executables used in the earliest versions of UNIX. Linux used
diff --git a/fs/aio.c b/fs/aio.c
-index 71f613c..ee07789 100644
+index ed762ae..ee07789 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -111,7 +111,7 @@ static int aio_setup_ring(struct kioctx *ctx)
@@ -48988,17 +48395,6 @@ index 71f613c..ee07789 100644
return -EINVAL;
nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
-@@ -1027,9 +1027,9 @@ static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent)
- spin_unlock(&info->ring_lock);
-
- out:
-- kunmap_atomic(ring);
- dprintk("leaving aio_read_evt: %d h%lu t%lu\n", ret,
- (unsigned long)ring->head, (unsigned long)ring->tail);
-+ kunmap_atomic(ring);
- return ret;
- }
-
@@ -1373,18 +1373,19 @@ static ssize_t aio_fsync(struct kiocb *iocb)
static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat)
{
@@ -50171,11 +49567,32 @@ index ce1c169..1ef484f 100644
parent_start = 0;
WARN_ON(trans->transid != btrfs_header_generation(parent));
+diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
+index d170412..a575d77 100644
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -6019,7 +6019,7 @@ again:
+ if (ret == -ENOSPC) {
+ if (!final_tried) {
+ num_bytes = num_bytes >> 1;
+- num_bytes = num_bytes & ~(root->sectorsize - 1);
++ num_bytes = num_bytes & ~((u64)root->sectorsize - 1);
+ num_bytes = max(num_bytes, min_alloc_size);
+ if (num_bytes == min_alloc_size)
+ final_tried = true;
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index 7c4e6cc..27bd5c2 100644
+index 7c4e6cc..8ad78b2 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
-@@ -7314,7 +7314,7 @@ fail:
+@@ -17,6 +17,7 @@
+ */
+
+ #include <linux/kernel.h>
++#include <linux/module.h>
+ #include <linux/bio.h>
+ #include <linux/buffer_head.h>
+ #include <linux/file.h>
+@@ -7314,7 +7315,7 @@ fail:
return -ENOMEM;
}
@@ -50184,7 +49601,7 @@ index 7c4e6cc..27bd5c2 100644
struct dentry *dentry, struct kstat *stat)
{
struct inode *inode = dentry->d_inode;
-@@ -7328,6 +7328,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
+@@ -7328,6 +7329,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
return 0;
}
@@ -54975,6 +54392,23 @@ index d1dd710..32ac0e8 100644
int nops;
};
+diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
+index 2cbac34..6dc3889 100644
+--- a/fs/nfsd/nfscache.c
++++ b/fs/nfsd/nfscache.c
+@@ -264,8 +264,10 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+ if (!(rp = rqstp->rq_cacherep) || cache_disabled)
+ return;
+
+- len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
+- len >>= 2;
++ if (statp) {
++ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
++ len >>= 2;
++ }
+
+ /* Don't cache excessive amounts of data and XDR failures */
+ if (!statp || len > (256 >> 2)) {
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 69c6413..c0408d2 100644
--- a/fs/nfsd/vfs.c
@@ -71340,7 +70774,7 @@ index aa16731..514b875 100644
struct iovec;
struct kvec;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 9ef07d0..130a5d9 100644
+index 0e182f9..bd5d452 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1012,6 +1012,7 @@ struct net_device_ops {
@@ -72153,7 +71587,7 @@ index 429c199..4d42e38 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 98399e2..7c74c41 100644
+index 9fe54b6..a9de68d 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -590,7 +590,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
@@ -72219,7 +71653,7 @@ index 98399e2..7c74c41 100644
+#endif
}
- /* Note: This doesn't put any conntrack and bridge info in dst. */
+ static inline void nf_reset_trace(struct sk_buff *skb)
diff --git a/include/linux/slab.h b/include/linux/slab.h
index 5d168d7..720bff3 100644
--- a/include/linux/slab.h
@@ -73639,21 +73073,6 @@ index 5a15fab..d799ea7 100644
extern int __rtnl_link_register(struct rtnl_link_ops *ops);
extern void __rtnl_link_unregister(struct rtnl_link_ops *ops);
-diff --git a/include/net/scm.h b/include/net/scm.h
-index 975cca0..b117081 100644
---- a/include/net/scm.h
-+++ b/include/net/scm.h
-@@ -56,8 +56,8 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm,
- scm->pid = get_pid(pid);
- scm->cred = cred ? get_cred(cred) : NULL;
- scm->creds.pid = pid_vnr(pid);
-- scm->creds.uid = cred ? cred->euid : INVALID_UID;
-- scm->creds.gid = cred ? cred->egid : INVALID_GID;
-+ scm->creds.uid = cred ? cred->uid : INVALID_UID;
-+ scm->creds.gid = cred ? cred->gid : INVALID_GID;
- }
-
- static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index 7fdf298..197e9f7 100644
--- a/include/net/sctp/sctp.h
@@ -80419,9 +79838,18 @@ index ce8514f..8233573 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index fe1d581..43a0f38 100644
+index fe1d581..ea543f1b 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
+@@ -2845,7 +2845,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+ return 0;
+ }
+
+-int set_tracer_flag(unsigned int mask, int enabled)
++int set_tracer_flag(unsigned long mask, int enabled)
+ {
+ /* do nothing if flag is already set */
+ if (!!(trace_flags & mask) == !!enabled)
@@ -4494,10 +4494,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
@@ -80446,6 +79874,19 @@ index fe1d581..43a0f38 100644
static int once;
struct dentry *d_tracer;
+diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
+index 23f1d2c..6ca7a9b 100644
+--- a/kernel/trace/trace.h
++++ b/kernel/trace/trace.h
+@@ -840,7 +840,7 @@ extern const char *__stop___trace_bprintk_fmt[];
+ void trace_printk_init_buffers(void);
+ void trace_printk_start_comm(void);
+ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set);
+-int set_tracer_flag(unsigned int mask, int enabled);
++int set_tracer_flag(unsigned long mask, int enabled);
+
+ #undef FTRACE_ENTRY
+ #define FTRACE_ENTRY(call, struct_name, id, tstruct, print, filter) \
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index 880073d..42db7c3 100644
--- a/kernel/trace/trace_events.c
@@ -86276,10 +85717,10 @@ index 1bcfb84..dad9f98 100644
err = -EFAULT;
break;
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
-index ce3f665..2c7d08f 100644
+index 970fc13..cf0161d 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
-@@ -667,7 +667,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
+@@ -668,7 +668,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
struct sock *sk = sock->sk;
struct bt_security sec;
int err = 0;
@@ -86288,7 +85729,7 @@ index ce3f665..2c7d08f 100644
u32 opt;
BT_DBG("sk %p", sk);
-@@ -689,7 +689,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
+@@ -690,7 +690,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
sec.level = BT_SECURITY_LOW;
@@ -86621,7 +86062,7 @@ index 368f9c3..f82d4a3 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 5d9c43d..b471558 100644
+index d592214..2764363 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1250,9 +1250,13 @@ void dev_load(struct net *net, const char *name)
@@ -86656,7 +86097,7 @@ index 5d9c43d..b471558 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2179,7 +2183,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2183,7 +2187,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
struct dev_gso_cb {
void (*destructor)(struct sk_buff *skb);
@@ -86665,7 +86106,7 @@ index 5d9c43d..b471558 100644
#define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
-@@ -3052,7 +3056,7 @@ enqueue:
+@@ -3056,7 +3060,7 @@ enqueue:
local_irq_restore(flags);
@@ -86674,7 +86115,7 @@ index 5d9c43d..b471558 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -3124,7 +3128,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -3128,7 +3132,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
@@ -86683,7 +86124,7 @@ index 5d9c43d..b471558 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
-@@ -3462,7 +3466,7 @@ ncls:
+@@ -3466,7 +3470,7 @@ ncls:
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
drop:
@@ -86692,7 +86133,7 @@ index 5d9c43d..b471558 100644
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -4045,7 +4049,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -4049,7 +4053,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
@@ -86701,7 +86142,7 @@ index 5d9c43d..b471558 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -4529,8 +4533,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
+@@ -4533,8 +4537,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
else
seq_printf(seq, "%04x", ntohs(pt->type));
@@ -86715,7 +86156,7 @@ index 5d9c43d..b471558 100644
}
return 0;
-@@ -6102,7 +6111,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -6106,7 +6115,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -86853,7 +86294,7 @@ index 8acce01..2e306bb 100644
return error;
}
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 6212ec9..5ee16b2 100644
+index 055fb13..5ee16b2 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -86891,24 +86332,6 @@ index 6212ec9..5ee16b2 100644
}
EXPORT_SYMBOL_GPL(__rtnl_link_unregister);
-@@ -1068,7 +1071,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
- rcu_read_lock();
- cb->seq = net->dev_base_seq;
-
-- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
-+ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
- ifla_policy) >= 0) {
-
- if (tb[IFLA_EXT_MASK])
-@@ -1924,7 +1927,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
- u32 ext_filter_mask = 0;
- u16 min_ifinfo_dump_size = 0;
-
-- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
-+ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
- ifla_policy) >= 0) {
- if (tb[IFLA_EXT_MASK])
- ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
diff --git a/net/core/scm.c b/net/core/scm.c
index 2dc6cda..2159524 100644
--- a/net/core/scm.c
@@ -87336,30 +86759,9 @@ index a8e4f26..25e5f40 100644
#endif
if (dflt != &ipv4_devconf_dflt)
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
-index 3b4f0cd..a6ba66e 100644
+index 4cfe34d..a6ba66e 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
-@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
-
- /* skb is pure payload to encrypt */
-
-- err = -ENOMEM;
--
- esp = x->data;
- aead = esp->aead;
- alen = crypto_aead_authsize(aead);
-@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
- }
-
- tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
-- if (!tmp)
-+ if (!tmp) {
-+ err = -ENOMEM;
- goto error;
-+ }
-
- seqhi = esp_tmp_seqhi(tmp);
- iv = esp_tmp_iv(aead, tmp, seqhilen);
@@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info)
return;
@@ -87468,10 +86870,10 @@ index 000e3d2..5472da3 100644
secure_ip_id(daddr->addr.a4) :
secure_ipv6_id(daddr->addr.a6));
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index a8fc332..4ca4ca65 100644
+index 0fcfee3..66e86c9 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
-@@ -319,7 +319,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
+@@ -318,7 +318,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
return 0;
start = qp->rid;
@@ -87480,7 +86882,7 @@ index a8fc332..4ca4ca65 100644
qp->rid = end;
rc = qp->q.fragments && (end - start) > max;
-@@ -786,12 +786,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
+@@ -793,12 +793,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
static int __net_init ip4_frags_ns_ctl_register(struct net *net)
{
@@ -87495,7 +86897,7 @@ index a8fc332..4ca4ca65 100644
if (table == NULL)
goto err_alloc;
-@@ -802,9 +801,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -809,9 +808,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
/* Don't export sysctls to unprivileged users */
if (net->user_ns != &init_user_ns)
table[0].procname = NULL;
@@ -87508,7 +86910,7 @@ index a8fc332..4ca4ca65 100644
if (hdr == NULL)
goto err_reg;
-@@ -812,8 +812,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -819,8 +819,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
return 0;
err_reg:
@@ -87882,21 +87284,6 @@ index a0fcc47..32e2c89 100644
get_random_bytes(&net->ipv4.dev_addr_genid,
sizeof(net->ipv4.dev_addr_genid));
return 0;
-diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
-index b236ef04..f962f19 100644
---- a/net/ipv4/syncookies.c
-+++ b/net/ipv4/syncookies.c
-@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- * hasn't changed since we received the original syn, but I see
- * no easy way to do this.
- */
-- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
-- RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-+ flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark,
-+ RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP,
- inet_sk_flowi_flags(sk),
- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
- ireq->loc_addr, th->source, th->dest);
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index d84400b..62e066e 100644
--- a/net/ipv4/sysctl_net_ipv4.c
@@ -88038,10 +87425,10 @@ index d84400b..62e066e 100644
hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
if (hdr == NULL)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 9841a71..ef60409 100644
+index b4e8b79..617d6aa 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
-@@ -4730,7 +4730,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4737,7 +4737,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
* simplifies code)
*/
static void
@@ -88050,7 +87437,7 @@ index 9841a71..ef60409 100644
struct sk_buff *head, struct sk_buff *tail,
u32 start, u32 end)
{
-@@ -5847,6 +5847,7 @@ discard:
+@@ -5849,6 +5849,7 @@ discard:
tcp_paws_reject(&tp->rx_opt, 0))
goto discard_and_undo;
@@ -88058,7 +87445,7 @@ index 9841a71..ef60409 100644
if (th->syn) {
/* We see SYN without ACK. It is attempt of
* simultaneous connect with crossed SYNs.
-@@ -5897,6 +5898,7 @@ discard:
+@@ -5899,6 +5900,7 @@ discard:
goto discard;
#endif
}
@@ -88066,7 +87453,7 @@ index 9841a71..ef60409 100644
/* "fifth, if neither of the SYN or RST bits is set then
* drop the segment and return."
*/
-@@ -5941,7 +5943,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5943,7 +5945,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
goto discard;
if (th->syn) {
@@ -88161,25 +87548,6 @@ index f35f2df..ccb5ca6 100644
} else if (fastopen) { /* received a valid RST pkt */
reqsk_fastopen_remove(sk, req, true);
tcp_reset(sk);
-diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
-index 17d659e..a9f50ee 100644
---- a/net/ipv4/tcp_output.c
-+++ b/net/ipv4/tcp_output.c
-@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
- */
- TCP_SKB_CB(skb)->when = tcp_time_stamp;
-
-- /* make sure skb->data is aligned on arches that require it */
-- if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) {
-+ /* make sure skb->data is aligned on arches that require it
-+ * and check if ack-trimming & collapsing extended the headroom
-+ * beyond what csum_start can cover.
-+ */
-+ if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) ||
-+ skb_headroom(skb) >= 0xFFFF)) {
- struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER,
- GFP_ATOMIC);
- return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
index 4526fe6..1a34e43 100644
--- a/net/ipv4/tcp_probe.c
@@ -88341,7 +87709,7 @@ index 1f4d405..3524677 100644
int udp4_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index a36d17e..96d099f 100644
+index e8676c2..0a164f6 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2272,7 +2272,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
@@ -88353,7 +87721,7 @@ index a36d17e..96d099f 100644
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
-@@ -4388,7 +4388,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
+@@ -4415,7 +4415,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -88362,7 +87730,7 @@ index a36d17e..96d099f 100644
int ret;
/*
-@@ -4470,7 +4470,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
+@@ -4497,7 +4497,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -88648,10 +88016,10 @@ index 70fa814..d70c28c 100644
static int raw6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
-index d9ba8a2..f3f9e14 100644
+index 7a610a6..202dff9 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
-@@ -608,12 +608,11 @@ static struct ctl_table ip6_frags_ctl_table[] = {
+@@ -617,12 +617,11 @@ static struct ctl_table ip6_frags_ctl_table[] = {
static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
{
@@ -88666,7 +88034,7 @@ index d9ba8a2..f3f9e14 100644
if (table == NULL)
goto err_alloc;
-@@ -624,9 +623,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+@@ -633,9 +632,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
/* Don't export sysctls to unprivileged users */
if (net->user_ns != &init_user_ns)
table[0].procname = NULL;
@@ -88679,7 +88047,7 @@ index d9ba8a2..f3f9e14 100644
if (hdr == NULL)
goto err_reg;
-@@ -634,8 +634,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+@@ -643,8 +643,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
return 0;
err_reg:
@@ -88738,7 +88106,7 @@ index e85c48b..b8268d3 100644
struct ctl_table *ipv6_icmp_table;
int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 8d19346..f122ba5 100644
+index 89dfedd..f122ba5 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
@@ -88752,15 +88120,7 @@ index 8d19346..f122ba5 100644
static void tcp_v6_hash(struct sock *sk)
{
if (sk->sk_state != TCP_CLOSE) {
-@@ -386,6 +390,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
-
- if (dst)
- dst->ops->redirect(dst, sk, skb);
-+ goto out;
- }
-
- if (type == ICMPV6_PKT_TOOBIG) {
-@@ -1440,6 +1445,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1441,6 +1445,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -88770,7 +88130,7 @@ index 8d19346..f122ba5 100644
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1521,12 +1529,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1522,12 +1529,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -88793,7 +88153,7 @@ index 8d19346..f122ba5 100644
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1575,6 +1591,10 @@ no_tcp_socket:
+@@ -1576,6 +1591,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -88961,7 +88321,7 @@ index e71e85b..29340a9 100644
/* Aborting, close connection! */
iriap_disconnect_request(self);
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index cd6f7a9..e63fe89 100644
+index 625bc50..ac6eef9 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -782,10 +782,10 @@ static int iucv_sock_autobind(struct sock *sk)
@@ -89812,7 +89172,7 @@ index 5a55be3..7630745 100644
}
}
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
-index 7261eb8..44e8ac6 100644
+index 14c106b..2d58b38 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -838,6 +838,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
@@ -91274,7 +90634,7 @@ index 6b42d47..2ac24d5 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index b45eb65..bb4b223 100644
+index f347754..bb4b223 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -785,6 +785,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -91323,15 +90683,6 @@ index b45eb65..bb4b223 100644
done_path_create(&path, dentry);
return err;
}
-@@ -1995,7 +2014,7 @@ again:
- if ((UNIXCB(skb).pid != siocb->scm->pid) ||
- (UNIXCB(skb).cred != siocb->scm->cred))
- break;
-- } else {
-+ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
- /* Copy credentials */
- scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
- check_creds = 1;
@@ -2325,9 +2344,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
@@ -92066,7 +91417,7 @@ index e4fd45b..2eeb5c4 100644
shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..4cb4ecc 100644
+index e9c6ac7..eef8ada 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -4,6 +4,943 @@
@@ -92649,7 +92000,7 @@ index e9c6ac7..4cb4ecc 100644
+config PAX_KERNEXEC
+ bool "Enforce non-executable kernel pages"
+ default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM))
-+ depends on ((X86 && (!X86_32 || X86_WP_WORKS_OK)) || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
++ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ select PAX_KERNEXEC_PLUGIN if X86_64
+ help
@@ -104316,10 +103667,10 @@ index 0000000..ac2901e
+}
diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c
new file mode 100644
-index 0000000..41770fc
+index 0000000..b07fe22
--- /dev/null
+++ b/tools/gcc/structleak_plugin.c
-@@ -0,0 +1,272 @@
+@@ -0,0 +1,276 @@
+/*
+ * Copyright 2013 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -104454,6 +103805,7 @@ index 0000000..41770fc
+ gimple init_stmt;
+
+ // this is the original entry bb before the forced split
++ // TODO: check further BBs in case more splits occured before us
+ bb = ENTRY_BLOCK_PTR->next_bb->next_bb;
+
+ // first check if the variable is already initialized, warn otherwise
@@ -104477,6 +103829,9 @@ index 0000000..41770fc
+ return;
+ }
+
++ // these aren't the 0days you're looking for
++// inform(DECL_SOURCE_LOCATION(var), "userspace variable will be forcibly initialized");
++
+ // build the initializer expression
+ initializer = build_constructor(TREE_TYPE(var), NULL);
+
diff --git a/3.8.10/4425_grsec_remove_EI_PAX.patch b/3.8.11/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.8.10/4425_grsec_remove_EI_PAX.patch
rename to 3.8.11/4425_grsec_remove_EI_PAX.patch
diff --git a/3.8.10/4430_grsec-remove-localversion-grsec.patch b/3.8.11/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.8.10/4430_grsec-remove-localversion-grsec.patch
rename to 3.8.11/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.8.10/4435_grsec-mute-warnings.patch b/3.8.11/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.8.10/4435_grsec-mute-warnings.patch
rename to 3.8.11/4435_grsec-mute-warnings.patch
diff --git a/3.8.10/4440_grsec-remove-protected-paths.patch b/3.8.11/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.8.10/4440_grsec-remove-protected-paths.patch
rename to 3.8.11/4440_grsec-remove-protected-paths.patch
diff --git a/3.8.10/4450_grsec-kconfig-default-gids.patch b/3.8.11/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.8.10/4450_grsec-kconfig-default-gids.patch
rename to 3.8.11/4450_grsec-kconfig-default-gids.patch
diff --git a/3.8.10/4465_selinux-avc_audit-log-curr_ip.patch b/3.8.11/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.8.10/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.8.11/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.8.10/4470_disable-compat_vdso.patch b/3.8.11/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.8.10/4470_disable-compat_vdso.patch
rename to 3.8.11/4470_disable-compat_vdso.patch
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2013-05-04 20:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-04 20:07 [gentoo-commits] proj/hardened-patchset:master commit in: 3.8.10/, 2.6.32/, 3.8.11/, 3.2.44/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox