* [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.55/, 3.13.5/, 3.13.6/
@ 2014-03-16 23:20 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2014-03-16 23:20 UTC (permalink / raw
To: gentoo-commits
commit: 7d38603b7484977e86f9f626ee789660d8e5833b
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 16 23:20:29 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Mar 16 23:20:29 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=7d38603b
Grsec/PaX: 3.0-{3.2.55,3.13.6}-201403142112
---
{3.13.5 => 3.13.6}/0000_README | 2 +-
.../4420_grsecurity-3.0-3.13.6-201403142112.patch | 1097 +++++++++-----------
{3.13.5 => 3.13.6}/4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.13.5 => 3.13.6}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.13.5 => 3.13.6}/4470_disable-compat_vdso.patch | 0
{3.13.5 => 3.13.6}/4475_emutramp_default_on.patch | 6 +-
3.2.55/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.55-201403142107.patch} | 515 ++++++++-
3.2.55/4475_emutramp_default_on.patch | 6 +-
14 files changed, 954 insertions(+), 674 deletions(-)
diff --git a/3.13.5/0000_README b/3.13.6/0000_README
similarity index 96%
rename from 3.13.5/0000_README
rename to 3.13.6/0000_README
index c20a3d4..9a10b46 100644
--- a/3.13.5/0000_README
+++ b/3.13.6/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.13.5-201403041938.patch
+Patch: 4420_grsecurity-3.0-3.13.6-201403142112.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.13.5/4420_grsecurity-3.0-3.13.5-201403041938.patch b/3.13.6/4420_grsecurity-3.0-3.13.6-201403142112.patch
similarity index 99%
rename from 3.13.5/4420_grsecurity-3.0-3.13.5-201403041938.patch
rename to 3.13.6/4420_grsecurity-3.0-3.13.6-201403142112.patch
index 9efbd6a..3ef5afe 100644
--- a/3.13.5/4420_grsecurity-3.0-3.13.5-201403041938.patch
+++ b/3.13.6/4420_grsecurity-3.0-3.13.6-201403142112.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index a03bbf9..0817ef1 100644
+index dfe5fec..b8d23eb 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -1571,7 +1571,7 @@ index 75fe66b..ba3dee4 100644
#endif
diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h
-index ee753f1..2c2afeb 100644
+index ab91ebb..2c2afeb 100644
--- a/arch/arm/include/asm/cacheflush.h
+++ b/arch/arm/include/asm/cacheflush.h
@@ -116,7 +116,7 @@ struct cpu_cache_fns {
@@ -1583,14 +1583,6 @@ index ee753f1..2c2afeb 100644
/*
* Select the calling method
-@@ -212,6 +212,7 @@ extern void copy_to_user_page(struct vm_area_struct *, struct page *,
- static inline void __flush_icache_all(void)
- {
- __flush_icache_preferred();
-+ dsb();
- }
-
- /*
diff --git a/arch/arm/include/asm/checksum.h b/arch/arm/include/asm/checksum.h
index 6dcc164..b14d917 100644
--- a/arch/arm/include/asm/checksum.h
@@ -1989,7 +1981,7 @@ index 626989f..9d67a33 100644
/*
diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
-index 4f95039..04d626a 100644
+index 1d15673..04d626a 100644
--- a/arch/arm/include/asm/pgtable-3level.h
+++ b/arch/arm/include/asm/pgtable-3level.h
@@ -82,6 +82,7 @@
@@ -2008,29 +2000,6 @@ index 4f95039..04d626a 100644
#define L_PTE_XN_HIGH (1 << (54 - 32))
#define L_PTE_DIRTY_HIGH (1 << (55 - 32))
-@@ -120,13 +122,16 @@
- /*
- * 2nd stage PTE definitions for LPAE.
- */
--#define L_PTE_S2_MT_UNCACHED (_AT(pteval_t, 0x5) << 2) /* MemAttr[3:0] */
--#define L_PTE_S2_MT_WRITETHROUGH (_AT(pteval_t, 0xa) << 2) /* MemAttr[3:0] */
--#define L_PTE_S2_MT_WRITEBACK (_AT(pteval_t, 0xf) << 2) /* MemAttr[3:0] */
--#define L_PTE_S2_RDONLY (_AT(pteval_t, 1) << 6) /* HAP[1] */
--#define L_PTE_S2_RDWR (_AT(pteval_t, 3) << 6) /* HAP[2:1] */
-+#define L_PTE_S2_MT_UNCACHED (_AT(pteval_t, 0x0) << 2) /* strongly ordered */
-+#define L_PTE_S2_MT_WRITETHROUGH (_AT(pteval_t, 0xa) << 2) /* normal inner write-through */
-+#define L_PTE_S2_MT_WRITEBACK (_AT(pteval_t, 0xf) << 2) /* normal inner write-back */
-+#define L_PTE_S2_MT_DEV_SHARED (_AT(pteval_t, 0x1) << 2) /* device */
-+#define L_PTE_S2_MT_MASK (_AT(pteval_t, 0xf) << 2)
-
--#define L_PMD_S2_RDWR (_AT(pmdval_t, 3) << 6) /* HAP[2:1] */
-+#define L_PTE_S2_RDONLY (_AT(pteval_t, 1) << 6) /* HAP[1] */
-+#define L_PTE_S2_RDWR (_AT(pteval_t, 3) << 6) /* HAP[2:1] */
-+
-+#define L_PMD_S2_RDWR (_AT(pmdval_t, 3) << 6) /* HAP[2:1] */
-
- /*
- * Hyp-mode PL2 PTE definitions for LPAE.
diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
index 1571d12..b8a9b43 100644
--- a/arch/arm/include/asm/pgtable.h
@@ -2150,32 +2119,6 @@ index 22a3b9b..7f214ee 100644
/*
* set platform specific SMP operations
-diff --git a/arch/arm/include/asm/spinlock.h b/arch/arm/include/asm/spinlock.h
-index ef3c607..ac4bfae 100644
---- a/arch/arm/include/asm/spinlock.h
-+++ b/arch/arm/include/asm/spinlock.h
-@@ -37,18 +37,9 @@
-
- static inline void dsb_sev(void)
- {
--#if __LINUX_ARM_ARCH__ >= 7
-- __asm__ __volatile__ (
-- "dsb ishst\n"
-- SEV
-- );
--#else
-- __asm__ __volatile__ (
-- "mcr p15, 0, %0, c7, c10, 4\n"
-- SEV
-- : : "r" (0)
-- );
--#endif
-+
-+ dsb(ishst);
-+ __asm__(SEV);
- }
-
- /*
diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
index 71a06b2..8bb9ae1 100644
--- a/arch/arm/include/asm/thread_info.h
@@ -3512,7 +3455,7 @@ index 827d1500..2885dc6 100644
};
diff --git a/arch/arm/mach-omap2/gpmc.c b/arch/arm/mach-omap2/gpmc.c
-index d24926e..a7645a6 100644
+index ab43755..ccfa231 100644
--- a/arch/arm/mach-omap2/gpmc.c
+++ b/arch/arm/mach-omap2/gpmc.c
@@ -148,7 +148,6 @@ struct omap3_gpmc_regs {
@@ -4213,18 +4156,6 @@ index f123d6e..04bf569 100644
return __arm_ioremap_caller(phys_addr, size, mtype,
__builtin_return_address(0));
-diff --git a/arch/arm/mm/mm.h b/arch/arm/mm/mm.h
-index d5a982d..7ea641b7 100644
---- a/arch/arm/mm/mm.h
-+++ b/arch/arm/mm/mm.h
-@@ -38,6 +38,7 @@ static inline pmd_t *pmd_off_k(unsigned long virt)
-
- struct mem_type {
- pteval_t prot_pte;
-+ pteval_t prot_pte_s2;
- pmdval_t prot_l1;
- pmdval_t prot_sect;
- unsigned int domain;
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
index 5e85ed3..b10a7ed 100644
--- a/arch/arm/mm/mmap.c
@@ -4337,7 +4268,7 @@ index 5e85ed3..b10a7ed 100644
}
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index 580ef2d..4ed7f76 100644
+index 911d433..8580952 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -38,6 +38,22 @@
@@ -4363,13 +4294,13 @@ index 580ef2d..4ed7f76 100644
/*
* empty_zero_page is a special page that is used for
* zero-initialized data and COW.
-@@ -230,13 +246,25 @@ __setup("noalign", noalign_setup);
+@@ -230,11 +246,19 @@ __setup("noalign", noalign_setup);
#endif /* ifdef CONFIG_CPU_CP15 / else */
-#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY|L_PTE_XN
+#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY
-+#define PROT_PTE_S2_DEVICE PROT_PTE_DEVICE|L_PTE_XN
+ #define PROT_PTE_S2_DEVICE PROT_PTE_DEVICE
#define PROT_SECT_DEVICE PMD_TYPE_SECT|PMD_SECT_AP_WRITE
-static struct mem_type mem_types[] = {
@@ -4385,13 +4316,7 @@ index 580ef2d..4ed7f76 100644
[MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */
.prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED |
L_PTE_SHARED,
-+ .prot_pte_s2 = s2_policy(PROT_PTE_S2_DEVICE) |
-+ s2_policy(L_PTE_S2_MT_DEV_SHARED) |
-+ L_PTE_SHARED,
- .prot_l1 = PMD_TYPE_TABLE,
- .prot_sect = PROT_SECT_DEVICE | PMD_SECT_S,
- .domain = DOMAIN_IO,
-@@ -262,16 +290,16 @@ static struct mem_type mem_types[] = {
+@@ -266,16 +290,16 @@ static struct mem_type mem_types[] = {
[MT_UNCACHED] = {
.prot_pte = PROT_PTE_DEVICE,
.prot_l1 = PMD_TYPE_TABLE,
@@ -4411,7 +4336,7 @@ index 580ef2d..4ed7f76 100644
.domain = DOMAIN_KERNEL,
},
#endif
-@@ -279,36 +307,54 @@ static struct mem_type mem_types[] = {
+@@ -283,36 +307,54 @@ static struct mem_type mem_types[] = {
.prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
L_PTE_RDONLY,
.prot_l1 = PMD_TYPE_TABLE,
@@ -4474,7 +4399,7 @@ index 580ef2d..4ed7f76 100644
.domain = DOMAIN_KERNEL,
},
[MT_MEMORY_ITCM] = {
-@@ -318,10 +364,10 @@ static struct mem_type mem_types[] = {
+@@ -322,10 +364,10 @@ static struct mem_type mem_types[] = {
},
[MT_MEMORY_SO] = {
.prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
@@ -4487,7 +4412,7 @@ index 580ef2d..4ed7f76 100644
.domain = DOMAIN_KERNEL,
},
[MT_MEMORY_DMA_READY] = {
-@@ -407,9 +453,35 @@ static void __init build_mem_type_table(void)
+@@ -411,9 +453,35 @@ static void __init build_mem_type_table(void)
* to prevent speculative instruction fetches.
*/
mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN;
@@ -4523,17 +4448,7 @@ index 580ef2d..4ed7f76 100644
}
if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
/*
-@@ -458,7 +530,8 @@ static void __init build_mem_type_table(void)
- cp = &cache_policies[cachepolicy];
- vecs_pgprot = kern_pgprot = user_pgprot = cp->pte;
- s2_pgprot = cp->pte_s2;
-- hyp_device_pgprot = s2_device_pgprot = mem_types[MT_DEVICE].prot_pte;
-+ hyp_device_pgprot = mem_types[MT_DEVICE].prot_pte;
-+ s2_device_pgprot = mem_types[MT_DEVICE].prot_pte_s2;
-
- /*
- * ARMv6 and above have extended page tables.
-@@ -470,6 +543,9 @@ static void __init build_mem_type_table(void)
+@@ -475,6 +543,9 @@ static void __init build_mem_type_table(void)
* from SVC mode and no access from userspace.
*/
mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
@@ -4543,7 +4458,7 @@ index 580ef2d..4ed7f76 100644
mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
#endif
-@@ -487,11 +563,17 @@ static void __init build_mem_type_table(void)
+@@ -492,11 +563,17 @@ static void __init build_mem_type_table(void)
mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED;
mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S;
mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED;
@@ -4565,7 +4480,7 @@ index 580ef2d..4ed7f76 100644
}
}
-@@ -502,15 +584,20 @@ static void __init build_mem_type_table(void)
+@@ -507,15 +584,20 @@ static void __init build_mem_type_table(void)
if (cpu_arch >= CPU_ARCH_ARMv6) {
if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
/* Non-cacheable Normal is XCB = 001 */
@@ -4589,7 +4504,7 @@ index 580ef2d..4ed7f76 100644
}
#ifdef CONFIG_ARM_LPAE
-@@ -526,6 +613,8 @@ static void __init build_mem_type_table(void)
+@@ -531,6 +613,8 @@ static void __init build_mem_type_table(void)
vecs_pgprot |= PTE_EXT_AF;
#endif
@@ -4598,7 +4513,7 @@ index 580ef2d..4ed7f76 100644
for (i = 0; i < 16; i++) {
pteval_t v = pgprot_val(protection_map[i]);
protection_map[i] = __pgprot(v | user_pgprot);
-@@ -543,10 +632,15 @@ static void __init build_mem_type_table(void)
+@@ -548,10 +632,15 @@ static void __init build_mem_type_table(void)
mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask;
mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask;
@@ -4617,7 +4532,7 @@ index 580ef2d..4ed7f76 100644
mem_types[MT_ROM].prot_sect |= cp->pmd;
switch (cp->pmd) {
-@@ -1188,18 +1282,15 @@ void __init arm_mm_memblock_reserve(void)
+@@ -1193,18 +1282,15 @@ void __init arm_mm_memblock_reserve(void)
* called function. This means you can't use any function or debugging
* method which may touch any device, otherwise the kernel _will_ crash.
*/
@@ -4640,7 +4555,7 @@ index 580ef2d..4ed7f76 100644
for (addr = VMALLOC_START; addr; addr += PMD_SIZE)
pmd_clear(pmd_off_k(addr));
-@@ -1239,7 +1330,7 @@ static void __init devicemaps_init(const struct machine_desc *mdesc)
+@@ -1244,7 +1330,7 @@ static void __init devicemaps_init(const struct machine_desc *mdesc)
* location (0xffff0000). If we aren't using high-vectors, also
* create a mapping at the low-vectors virtual address.
*/
@@ -4649,7 +4564,7 @@ index 580ef2d..4ed7f76 100644
map.virtual = 0xffff0000;
map.length = PAGE_SIZE;
#ifdef CONFIG_KUSER_HELPERS
-@@ -1311,8 +1402,39 @@ static void __init map_lowmem(void)
+@@ -1316,8 +1402,39 @@ static void __init map_lowmem(void)
map.pfn = __phys_to_pfn(start);
map.virtual = __phys_to_virt(start);
map.length = end - start;
@@ -4690,47 +4605,6 @@ index 580ef2d..4ed7f76 100644
create_mapping(&map);
}
}
-diff --git a/arch/arm/mm/proc-v6.S b/arch/arm/mm/proc-v6.S
-index 45dc29f..32b3558 100644
---- a/arch/arm/mm/proc-v6.S
-+++ b/arch/arm/mm/proc-v6.S
-@@ -208,7 +208,6 @@ __v6_setup:
- mcr p15, 0, r0, c7, c14, 0 @ clean+invalidate D cache
- mcr p15, 0, r0, c7, c5, 0 @ invalidate I cache
- mcr p15, 0, r0, c7, c15, 0 @ clean+invalidate cache
-- mcr p15, 0, r0, c7, c10, 4 @ drain write buffer
- #ifdef CONFIG_MMU
- mcr p15, 0, r0, c8, c7, 0 @ invalidate I + D TLBs
- mcr p15, 0, r0, c2, c0, 2 @ TTB control register
-@@ -218,6 +217,8 @@ __v6_setup:
- ALT_UP(orr r8, r8, #TTB_FLAGS_UP)
- mcr p15, 0, r8, c2, c0, 1 @ load TTB1
- #endif /* CONFIG_MMU */
-+ mcr p15, 0, r0, c7, c10, 4 @ drain write buffer and
-+ @ complete invalidations
- adr r5, v6_crval
- ldmia r5, {r5, r6}
- ARM_BE8(orr r6, r6, #1 << 25) @ big-endian page tables
-diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S
-index bd17819..74f6033 100644
---- a/arch/arm/mm/proc-v7.S
-+++ b/arch/arm/mm/proc-v7.S
-@@ -351,7 +351,6 @@ __v7_setup:
-
- 4: mov r10, #0
- mcr p15, 0, r10, c7, c5, 0 @ I+BTB cache invalidate
-- dsb
- #ifdef CONFIG_MMU
- mcr p15, 0, r10, c8, c7, 0 @ invalidate I + D TLBs
- v7_ttb_setup r10, r4, r8, r5 @ TTBCR, TTBRx setup
-@@ -360,6 +359,7 @@ __v7_setup:
- mcr p15, 0, r5, c10, c2, 0 @ write PRRR
- mcr p15, 0, r6, c10, c2, 1 @ write NMRR
- #endif
-+ dsb @ Complete invalidations
- #ifndef CONFIG_ARM_THUMBEE
- mrc p15, 0, r0, c0, c1, 0 @ read ID_PFR0 for ThumbEE
- and r0, r0, #(0xf << 12) @ ThumbEE enabled field
diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c
index a5bc92d..0bb4730 100644
--- a/arch/arm/plat-omap/sram.c
@@ -5560,6 +5434,19 @@ index 650de39..6982b02 100644
help
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
+diff --git a/arch/mips/cavium-octeon/dma-octeon.c b/arch/mips/cavium-octeon/dma-octeon.c
+index 02f2444..506969c 100644
+--- a/arch/mips/cavium-octeon/dma-octeon.c
++++ b/arch/mips/cavium-octeon/dma-octeon.c
+@@ -199,7 +199,7 @@ static void octeon_dma_free_coherent(struct device *dev, size_t size,
+ if (dma_release_from_coherent(dev, order, vaddr))
+ return;
+
+- swiotlb_free_coherent(dev, size, vaddr, dma_handle);
++ swiotlb_free_coherent(dev, size, vaddr, dma_handle, attrs);
+ }
+
+ static dma_addr_t octeon_unity_phys_to_dma(struct device *dev, phys_addr_t paddr)
diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h
index 7eed2f2..c4e385d 100644
--- a/arch/mips/include/asm/atomic.h
@@ -6521,6 +6408,19 @@ index c1f6afa..38cc6e9 100644
+#define arch_align_stack(x) ((x) & ~0xfUL)
#endif /* _ASM_EXEC_H */
+diff --git a/arch/mips/include/asm/hw_irq.h b/arch/mips/include/asm/hw_irq.h
+index 9e8ef59..1139d6b 100644
+--- a/arch/mips/include/asm/hw_irq.h
++++ b/arch/mips/include/asm/hw_irq.h
+@@ -10,7 +10,7 @@
+
+ #include <linux/atomic.h>
+
+-extern atomic_t irq_err_count;
++extern atomic_unchecked_t irq_err_count;
+
+ /*
+ * interrupt-retrigger: NOP for now. This may not be appropriate for all
diff --git a/arch/mips/include/asm/local.h b/arch/mips/include/asm/local.h
index d44622c..64990d2 100644
--- a/arch/mips/include/asm/local.h
@@ -6728,6 +6628,32 @@ index 202e581..689ca79 100644
#include <asm/processor.h>
/*
+diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c
+index 2b91fe8..fe4f6b4 100644
+--- a/arch/mips/kernel/i8259.c
++++ b/arch/mips/kernel/i8259.c
+@@ -205,7 +205,7 @@ spurious_8259A_irq:
+ printk(KERN_DEBUG "spurious 8259A interrupt: IRQ%d.\n", irq);
+ spurious_irq_mask |= irqmask;
+ }
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ /*
+ * Theoretically we do not have to handle this IRQ,
+ * but in Linux this does not cause problems and is
+diff --git a/arch/mips/kernel/irq-gt641xx.c b/arch/mips/kernel/irq-gt641xx.c
+index 44a1f79..2bd6aa3 100644
+--- a/arch/mips/kernel/irq-gt641xx.c
++++ b/arch/mips/kernel/irq-gt641xx.c
+@@ -110,7 +110,7 @@ void gt641xx_irq_dispatch(void)
+ }
+ }
+
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ }
+
+ void __init gt641xx_irq_init(void)
diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c
index d1fea7a..45602ea 100644
--- a/arch/mips/kernel/irq.c
@@ -6800,6 +6726,38 @@ index b52e1d2..1a3ca09 100644
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
trace_sys_enter(regs, regs->regs[2]);
+diff --git a/arch/mips/kernel/reset.c b/arch/mips/kernel/reset.c
+index 07fc524..b9d7f28 100644
+--- a/arch/mips/kernel/reset.c
++++ b/arch/mips/kernel/reset.c
+@@ -13,6 +13,7 @@
+ #include <linux/reboot.h>
+
+ #include <asm/reboot.h>
++#include <asm/bug.h>
+
+ /*
+ * Urgs ... Too many MIPS machines to handle this in a generic way.
+@@ -29,16 +30,19 @@ void machine_restart(char *command)
+ {
+ if (_machine_restart)
+ _machine_restart(command);
++ BUG();
+ }
+
+ void machine_halt(void)
+ {
+ if (_machine_halt)
+ _machine_halt();
++ BUG();
+ }
+
+ void machine_power_off(void)
+ {
+ if (pm_power_off)
+ pm_power_off();
++ BUG();
+ }
diff --git a/arch/mips/kernel/smtc-proc.c b/arch/mips/kernel/smtc-proc.c
index c10aa84..9ec2e60 100644
--- a/arch/mips/kernel/smtc-proc.c
@@ -6981,7 +6939,7 @@ index becc42b..9e43d4b 100644
tsk->thread.error_code = write;
#if 0
diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
-index f1baadd..8537544 100644
+index f1baadd..5472dca 100644
--- a/arch/mips/mm/mmap.c
+++ b/arch/mips/mm/mmap.c
@@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
@@ -7010,7 +6968,7 @@ index f1baadd..8537544 100644
vma = find_vma(mm, addr);
- if (TASK_SIZE - len >= addr &&
- (!vma || addr + len <= vma->vm_start))
-+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vmm, addr, len, offset))
++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
return addr;
}
@@ -7085,6 +7043,58 @@ index f1baadd..8537544 100644
int __virt_addr_valid(const volatile void *kaddr)
{
return pfn_valid(PFN_DOWN(virt_to_phys(kaddr)));
+diff --git a/arch/mips/pci/pci-octeon.c b/arch/mips/pci/pci-octeon.c
+index 59cccd9..f39ac2f 100644
+--- a/arch/mips/pci/pci-octeon.c
++++ b/arch/mips/pci/pci-octeon.c
+@@ -327,8 +327,8 @@ static int octeon_write_config(struct pci_bus *bus, unsigned int devfn,
+
+
+ static struct pci_ops octeon_pci_ops = {
+- octeon_read_config,
+- octeon_write_config,
++ .read = octeon_read_config,
++ .write = octeon_write_config,
+ };
+
+ static struct resource octeon_pci_mem_resource = {
+diff --git a/arch/mips/pci/pcie-octeon.c b/arch/mips/pci/pcie-octeon.c
+index 5e36c33..eb4a17b 100644
+--- a/arch/mips/pci/pcie-octeon.c
++++ b/arch/mips/pci/pcie-octeon.c
+@@ -1792,8 +1792,8 @@ static int octeon_dummy_write_config(struct pci_bus *bus, unsigned int devfn,
+ }
+
+ static struct pci_ops octeon_pcie0_ops = {
+- octeon_pcie0_read_config,
+- octeon_pcie0_write_config,
++ .read = octeon_pcie0_read_config,
++ .write = octeon_pcie0_write_config,
+ };
+
+ static struct resource octeon_pcie0_mem_resource = {
+@@ -1813,8 +1813,8 @@ static struct pci_controller octeon_pcie0_controller = {
+ };
+
+ static struct pci_ops octeon_pcie1_ops = {
+- octeon_pcie1_read_config,
+- octeon_pcie1_write_config,
++ .read = octeon_pcie1_read_config,
++ .write = octeon_pcie1_write_config,
+ };
+
+ static struct resource octeon_pcie1_mem_resource = {
+@@ -1834,8 +1834,8 @@ static struct pci_controller octeon_pcie1_controller = {
+ };
+
+ static struct pci_ops octeon_dummy_ops = {
+- octeon_dummy_read_config,
+- octeon_dummy_write_config,
++ .read = octeon_dummy_read_config,
++ .write = octeon_dummy_write_config,
+ };
+
+ static struct resource octeon_dummy_mem_resource = {
diff --git a/arch/mips/sgi-ip27/ip27-nmi.c b/arch/mips/sgi-ip27/ip27-nmi.c
index a2358b4..7cead4f 100644
--- a/arch/mips/sgi-ip27/ip27-nmi.c
@@ -7110,6 +7120,54 @@ index a2358b4..7cead4f 100644
#endif
/*
+diff --git a/arch/mips/sni/rm200.c b/arch/mips/sni/rm200.c
+index a046b30..6799527 100644
+--- a/arch/mips/sni/rm200.c
++++ b/arch/mips/sni/rm200.c
+@@ -270,7 +270,7 @@ spurious_8259A_irq:
+ "spurious RM200 8259A interrupt: IRQ%d.\n", irq);
+ spurious_irq_mask |= irqmask;
+ }
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ /*
+ * Theoretically we do not have to handle this IRQ,
+ * but in Linux this does not cause problems and is
+diff --git a/arch/mips/vr41xx/common/icu.c b/arch/mips/vr41xx/common/icu.c
+index 41e873b..34d33a7 100644
+--- a/arch/mips/vr41xx/common/icu.c
++++ b/arch/mips/vr41xx/common/icu.c
+@@ -653,7 +653,7 @@ static int icu_get_irq(unsigned int irq)
+
+ printk(KERN_ERR "spurious ICU interrupt: %04x,%04x\n", pend1, pend2);
+
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+
+ return -1;
+ }
+diff --git a/arch/mips/vr41xx/common/irq.c b/arch/mips/vr41xx/common/irq.c
+index ae0e4ee..e8f0692 100644
+--- a/arch/mips/vr41xx/common/irq.c
++++ b/arch/mips/vr41xx/common/irq.c
+@@ -64,7 +64,7 @@ static void irq_dispatch(unsigned int irq)
+ irq_cascade_t *cascade;
+
+ if (irq >= NR_IRQS) {
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ return;
+ }
+
+@@ -84,7 +84,7 @@ static void irq_dispatch(unsigned int irq)
+ ret = cascade->get_irq(irq);
+ irq = ret;
+ if (ret < 0)
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ else
+ irq_dispatch(irq);
+ if (!irqd_irq_disabled(idata) && chip->irq_unmask)
diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h
index 967d144..db12197 100644
--- a/arch/mn10300/proc-mn103e010/include/proc/cache.h
@@ -8356,7 +8414,7 @@ index 68027bf..b26fd31 100644
tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp;
} else {
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
-index 4299104..29e2c51 100644
+index 448245f..b9bae83 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
@@ -758,7 +758,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
@@ -20926,10 +20984,10 @@ index df5e41f..816c719 100644
extern int generic_get_free_region(unsigned long base, unsigned long size,
int replace_reg);
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
-index 8e13293..9bfd68c 100644
+index db6cdbe..faaf834 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
-@@ -1348,7 +1348,7 @@ static void __init pmu_check_apic(void)
+@@ -1351,7 +1351,7 @@ static void __init pmu_check_apic(void)
pr_info("no hardware sampling interrupt available.\n");
}
@@ -20938,7 +20996,7 @@ index 8e13293..9bfd68c 100644
.name = "format",
.attrs = NULL,
};
-@@ -1447,7 +1447,7 @@ static struct attribute *events_attr[] = {
+@@ -1450,7 +1450,7 @@ static struct attribute *events_attr[] = {
NULL,
};
@@ -20947,7 +21005,7 @@ index 8e13293..9bfd68c 100644
.name = "events",
.attrs = events_attr,
};
-@@ -1958,7 +1958,7 @@ static unsigned long get_segment_base(unsigned int segment)
+@@ -1961,7 +1961,7 @@ static unsigned long get_segment_base(unsigned int segment)
if (idx > GDT_ENTRIES)
return 0;
@@ -20956,7 +21014,7 @@ index 8e13293..9bfd68c 100644
}
return get_desc_base(desc + idx);
-@@ -2048,7 +2048,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
+@@ -2051,7 +2051,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
break;
perf_callchain_store(entry, frame.return_address);
@@ -27723,7 +27781,7 @@ index c7168a5..09070fc 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index da7837e..86c6ebf 100644
+index dcc4de3..6bf73f4 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1316,12 +1316,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -27883,7 +27941,7 @@ index da7837e..86c6ebf 100644
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index d89d51b..fa94855 100644
+index 4e33b85..fa94855 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1791,8 +1791,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
@@ -27915,15 +27973,6 @@ index d89d51b..fa94855 100644
{
int r;
struct kvm_x86_ops *ops = opaque;
-@@ -6163,7 +6165,7 @@ static int complete_emulated_mmio(struct kvm_vcpu *vcpu)
- frag->len -= len;
- }
-
-- if (vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments) {
-+ if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) {
- vcpu->mmio_needed = 0;
-
- /* FIXME: return into emulator if single-stepping. */
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index bdf8532..f63c587 100644
--- a/arch/x86/lguest/boot.c
@@ -33134,7 +33183,7 @@ index 0000000..dace51c
+EXPORT_SYMBOL(__pax_close_userland);
+#endif
diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
-index 877b9a1..a8ecf42 100644
+index 877b9a1..f746de8 100644
--- a/arch/x86/net/bpf_jit.S
+++ b/arch/x86/net/bpf_jit.S
@@ -9,6 +9,7 @@
@@ -33208,6 +33257,15 @@ index 877b9a1..a8ecf42 100644
ret
#define sk_negative_common(SIZE) \
+@@ -140,7 +149,7 @@ bpf_slow_path_byte_msh:
+ push %r9; \
+ push SKBDATA; \
+ /* rsi already has offset */ \
+- mov $SIZE,%ecx; /* size */ \
++ mov $SIZE,%edx; /* size */ \
+ call bpf_internal_load_pointer_neg_helper; \
+ test %rax,%rax; \
+ pop SKBDATA; \
@@ -157,6 +166,7 @@ sk_load_word_negative_offset:
sk_negative_common(4)
mov (%rax), %eax
@@ -33247,7 +33305,7 @@ index 877b9a1..a8ecf42 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 4ed75dd..8dfe0d5 100644
+index 4ed75dd..3cf24f0b 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
@@ -33446,14 +33504,9 @@ index 4ed75dd..8dfe0d5 100644
if (!bpf_jit_enable)
return;
-@@ -202,11 +297,15 @@ void bpf_jit_compile(struct sk_filter *fp)
- if (addrs == NULL)
+@@ -203,10 +298,10 @@ void bpf_jit_compile(struct sk_filter *fp)
return;
-+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN
-+ randkey = get_random_int();
-+#endif
-+
/* Before first pass, make a rough estimation of addrs[]
- * each bpf instruction is translated to less than 64 bytes
+ * each bpf instruction is translated to less than MAX_INSTR_CODE_SIZE bytes
@@ -33464,6 +33517,17 @@ index 4ed75dd..8dfe0d5 100644
addrs[i] = proglen;
}
cleanup_addr = proglen; /* epilogue address */
+@@ -285,6 +380,10 @@ void bpf_jit_compile(struct sk_filter *fp)
+ for (i = 0; i < flen; i++) {
+ unsigned int K = filter[i].k;
+
++#ifdef CONFIG_GRKERNSEC_JIT_HARDEN
++ randkey = prandom_u32();
++#endif
++
+ switch (filter[i].code) {
+ case BPF_S_ALU_ADD_X: /* A += X; */
+ seen |= SEEN_XREG;
@@ -317,10 +416,8 @@ void bpf_jit_compile(struct sk_filter *fp)
case BPF_S_ALU_MUL_K: /* A *= K */
if (is_imm8(K))
@@ -38550,7 +38614,7 @@ index 4cf0d28..5830372 100644
.priority = 1,
};
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
-index d51f17ed..9f43b15 100644
+index aa366ec..f34f555 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -112,10 +112,10 @@ struct pstate_funcs {
@@ -39780,10 +39844,10 @@ index a209177..842a89a 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 2bde35d..529646c 100644
+index 3c5ff7a..ae759ca 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -10492,13 +10492,13 @@ struct intel_quirk {
+@@ -10506,13 +10506,13 @@ struct intel_quirk {
int subsystem_vendor;
int subsystem_device;
void (*hook)(struct drm_device *dev);
@@ -39799,7 +39863,7 @@ index 2bde35d..529646c 100644
static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
{
-@@ -10506,18 +10506,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
+@@ -10520,18 +10520,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
return 1;
}
@@ -43343,7 +43407,7 @@ index 3ba6a38..b0fa9b0 100644
"start=%llu, len=%llu, dev_size=%llu",
dm_device_name(ti->table->md), bdevname(bdev, b),
diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
-index 7da3476..f75839e 100644
+index 3bb4506..56e20cc 100644
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
@@ -49358,7 +49422,7 @@ index f1bbb8c..a73eaba 100644
unsigned int p2m_timeouts;
diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c
-index 0315f60..2ecae10 100644
+index 0315f60..ce93f406 100644
--- a/drivers/staging/octeon/ethernet-rx.c
+++ b/drivers/staging/octeon/ethernet-rx.c
@@ -418,11 +418,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget)
@@ -49382,7 +49446,7 @@ index 0315f60..2ecae10 100644
*/
#ifdef CONFIG_64BIT
- atomic64_add(1, (atomic64_t *)&priv->stats.rx_dropped);
-+ atomic64_unchecked_add(1, (atomic64_unchecked_t *)&priv->stats.rx_dropped);
++ atomic64_add_unchecked(1, (atomic64_unchecked_t *)&priv->stats.rx_dropped);
#else
- atomic_add(1, (atomic_t *)&priv->stats.rx_dropped);
+ atomic_add_unchecked(1, (atomic_unchecked_t *)&priv->stats.rx_dropped);
@@ -51421,10 +51485,10 @@ index b369292..9f3ba40 100644
gs_free_requests(gser->out, &port->read_pool, NULL);
gs_free_requests(gser->out, &port->read_queue, NULL);
diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c
-index 835fc08..f8b22bf 100644
+index 1bb85be..29e28d9 100644
--- a/drivers/usb/host/ehci-hub.c
+++ b/drivers/usb/host/ehci-hub.c
-@@ -762,7 +762,7 @@ static struct urb *request_single_step_set_feature_urb(
+@@ -780,7 +780,7 @@ static struct urb *request_single_step_set_feature_urb(
urb->transfer_flags = URB_DIR_IN;
usb_get_urb(urb);
atomic_inc(&urb->use_count);
@@ -51433,7 +51497,7 @@ index 835fc08..f8b22bf 100644
urb->setup_dma = dma_map_single(
hcd->self.controller,
urb->setup_packet,
-@@ -829,7 +829,7 @@ static int ehset_single_step_set_feature(struct usb_hcd *hcd, int port)
+@@ -847,7 +847,7 @@ static int ehset_single_step_set_feature(struct usb_hcd *hcd, int port)
urb->status = -EINPROGRESS;
usb_get_urb(urb);
atomic_inc(&urb->use_count);
@@ -55158,7 +55222,7 @@ index 062a5f6..e5618e0 100644
file = aio_private_file(ctx, nr_pages);
diff --git a/fs/attr.c b/fs/attr.c
-index 267968d..5dd8f96 100644
+index 5d4e59d..fd02418 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset)
@@ -56847,7 +56911,7 @@ index 579c6d5..95b6d03353 100644
GLOBAL_EXTERN atomic_t smBufAllocCount;
GLOBAL_EXTERN atomic_t midCount;
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
-index 5a5a872..63e4c62 100644
+index a1c9ead..63e4c62 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping,
@@ -56868,63 +56932,6 @@ index 5a5a872..63e4c62 100644
scanned = true;
}
retry:
-@@ -2381,7 +2385,7 @@ cifs_iovec_write(struct file *file, const struct iovec *iov,
- unsigned long nr_segs, loff_t *poffset)
- {
- unsigned long nr_pages, i;
-- size_t copied, len, cur_len;
-+ size_t bytes, copied, len, cur_len;
- ssize_t total_written = 0;
- loff_t offset;
- struct iov_iter it;
-@@ -2436,14 +2440,45 @@ cifs_iovec_write(struct file *file, const struct iovec *iov,
-
- save_len = cur_len;
- for (i = 0; i < nr_pages; i++) {
-- copied = min_t(const size_t, cur_len, PAGE_SIZE);
-+ bytes = min_t(const size_t, cur_len, PAGE_SIZE);
- copied = iov_iter_copy_from_user(wdata->pages[i], &it,
-- 0, copied);
-+ 0, bytes);
- cur_len -= copied;
- iov_iter_advance(&it, copied);
-+ /*
-+ * If we didn't copy as much as we expected, then that
-+ * may mean we trod into an unmapped area. Stop copying
-+ * at that point. On the next pass through the big
-+ * loop, we'll likely end up getting a zero-length
-+ * write and bailing out of it.
-+ */
-+ if (copied < bytes)
-+ break;
- }
- cur_len = save_len - cur_len;
-
-+ /*
-+ * If we have no data to send, then that probably means that
-+ * the copy above failed altogether. That's most likely because
-+ * the address in the iovec was bogus. Set the rc to -EFAULT,
-+ * free anything we allocated and bail out.
-+ */
-+ if (!cur_len) {
-+ for (i = 0; i < nr_pages; i++)
-+ put_page(wdata->pages[i]);
-+ kfree(wdata);
-+ rc = -EFAULT;
-+ break;
-+ }
-+
-+ /*
-+ * i + 1 now represents the number of pages we actually used in
-+ * the copy phase above. Bring nr_pages down to that, and free
-+ * any pages that we didn't use.
-+ */
-+ for ( ; nr_pages > i + 1; nr_pages--)
-+ put_page(wdata->pages[nr_pages - 1]);
-+
- wdata->sync_mode = WB_SYNC_ALL;
- wdata->nr_pages = nr_pages;
- wdata->offset = (__u64)offset;
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 2f9f379..43f8025 100644
--- a/fs/cifs/misc.c
@@ -57057,10 +57064,10 @@ index ffc9ef9..b3c992b 100644
}
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
-index 757da3e..07bf1ed 100644
+index 192f51a..539307e 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
-@@ -370,8 +370,8 @@ smb2_clear_stats(struct cifs_tcon *tcon)
+@@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon)
#ifdef CONFIG_CIFS_STATS
int i;
for (i = 0; i < NUMBER_OF_SMB2_COMMANDS; i++) {
@@ -57071,7 +57078,7 @@ index 757da3e..07bf1ed 100644
}
#endif
}
-@@ -411,65 +411,65 @@ static void
+@@ -405,65 +405,65 @@ static void
smb2_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
{
#ifdef CONFIG_CIFS_STATS
@@ -57178,10 +57185,10 @@ index 757da3e..07bf1ed 100644
}
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
-index 2013234..a720734 100644
+index 787e171..31dcd0a 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
-@@ -2091,8 +2091,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
+@@ -2093,8 +2093,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
default:
cifs_dbg(VFS, "info level %u isn't supported\n",
srch_inf->info_level);
@@ -58492,19 +58499,10 @@ index 6ea7b14..8fa16d9 100644
if (free_clusters >= (nclusters + dirty_clusters +
resv_clusters))
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index ece5556..242c50a 100644
+index d3a534f..242c50a 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
-@@ -771,6 +771,8 @@ do { \
- if (EXT4_FITS_IN_INODE(raw_inode, einode, xtime)) \
- (einode)->xtime.tv_sec = \
- (signed)le32_to_cpu((raw_inode)->xtime); \
-+ else \
-+ (einode)->xtime.tv_sec = 0; \
- if (EXT4_FITS_IN_INODE(raw_inode, einode, xtime ## _extra)) \
- ext4_decode_extra_time(&(einode)->xtime, \
- raw_inode->xtime ## _extra); \
-@@ -1267,19 +1269,19 @@ struct ext4_sb_info {
+@@ -1269,19 +1269,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
/* stats for buddy allocator */
@@ -58534,39 +58532,6 @@ index ece5556..242c50a 100644
atomic_t s_lock_busy;
/* locality groups */
-diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
-index 3384dc4..02dd709 100644
---- a/fs/ext4/extents.c
-+++ b/fs/ext4/extents.c
-@@ -3906,6 +3906,7 @@ ext4_ext_handle_uninitialized_extents(handle_t *handle, struct inode *inode,
- } else
- err = ret;
- map->m_flags |= EXT4_MAP_MAPPED;
-+ map->m_pblk = newblock;
- if (allocated > map->m_len)
- allocated = map->m_len;
- map->m_len = allocated;
-diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
-index 60589b6..4a5fe55 100644
---- a/fs/ext4/ioctl.c
-+++ b/fs/ext4/ioctl.c
-@@ -144,7 +144,7 @@ static long swap_inode_boot_loader(struct super_block *sb,
- handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
- if (IS_ERR(handle)) {
- err = -EINVAL;
-- goto swap_boot_out;
-+ goto journal_err_out;
- }
-
- /* Protect extent tree against block allocations via delalloc */
-@@ -202,6 +202,7 @@ static long swap_inode_boot_loader(struct super_block *sb,
-
- ext4_double_up_write_data_sem(inode, inode_bl);
-
-+journal_err_out:
- ext4_inode_resume_unlocked_dio(inode);
- ext4_inode_resume_unlocked_dio(inode_bl);
-
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index 04a5c75..09894fa 100644
--- a/fs/ext4/mballoc.c
@@ -58697,96 +58662,8 @@ index 04434ad..6404663 100644
__ext4_warning(sb, function, line,
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
-diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
-index c5adbb3..f3b84cd 100644
---- a/fs/ext4/resize.c
-+++ b/fs/ext4/resize.c
-@@ -243,6 +243,7 @@ static int ext4_alloc_group_tables(struct super_block *sb,
- ext4_group_t group;
- ext4_group_t last_group;
- unsigned overhead;
-+ __u16 uninit_mask = (flexbg_size > 1) ? ~EXT4_BG_BLOCK_UNINIT : ~0;
-
- BUG_ON(flex_gd->count == 0 || group_data == NULL);
-
-@@ -266,7 +267,7 @@ next_group:
- src_group++;
- for (; src_group <= last_group; src_group++) {
- overhead = ext4_group_overhead_blocks(sb, src_group);
-- if (overhead != 0)
-+ if (overhead == 0)
- last_blk += group_data[src_group - group].blocks_count;
- else
- break;
-@@ -280,8 +281,7 @@ next_group:
- group = ext4_get_group_number(sb, start_blk - 1);
- group -= group_data[0].group;
- group_data[group].free_blocks_count--;
-- if (flexbg_size > 1)
-- flex_gd->bg_flags[group] &= ~EXT4_BG_BLOCK_UNINIT;
-+ flex_gd->bg_flags[group] &= uninit_mask;
- }
-
- /* Allocate inode bitmaps */
-@@ -292,22 +292,30 @@ next_group:
- group = ext4_get_group_number(sb, start_blk - 1);
- group -= group_data[0].group;
- group_data[group].free_blocks_count--;
-- if (flexbg_size > 1)
-- flex_gd->bg_flags[group] &= ~EXT4_BG_BLOCK_UNINIT;
-+ flex_gd->bg_flags[group] &= uninit_mask;
- }
-
- /* Allocate inode tables */
- for (; it_index < flex_gd->count; it_index++) {
-- if (start_blk + EXT4_SB(sb)->s_itb_per_group > last_blk)
-+ unsigned int itb = EXT4_SB(sb)->s_itb_per_group;
-+ ext4_fsblk_t next_group_start;
-+
-+ if (start_blk + itb > last_blk)
- goto next_group;
- group_data[it_index].inode_table = start_blk;
-- group = ext4_get_group_number(sb, start_blk - 1);
-+ group = ext4_get_group_number(sb, start_blk);
-+ next_group_start = ext4_group_first_block_no(sb, group + 1);
- group -= group_data[0].group;
-- group_data[group].free_blocks_count -=
-- EXT4_SB(sb)->s_itb_per_group;
-- if (flexbg_size > 1)
-- flex_gd->bg_flags[group] &= ~EXT4_BG_BLOCK_UNINIT;
-
-+ if (start_blk + itb > next_group_start) {
-+ flex_gd->bg_flags[group + 1] &= uninit_mask;
-+ overhead = start_blk + itb - next_group_start;
-+ group_data[group + 1].free_blocks_count -= overhead;
-+ itb -= overhead;
-+ }
-+
-+ group_data[group].free_blocks_count -= itb;
-+ flex_gd->bg_flags[group] &= uninit_mask;
- start_blk += EXT4_SB(sb)->s_itb_per_group;
- }
-
-@@ -401,7 +409,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
- start = ext4_group_first_block_no(sb, group);
- group -= flex_gd->groups[0].group;
-
-- count2 = sb->s_blocksize * 8 - (block - start);
-+ count2 = EXT4_BLOCKS_PER_GROUP(sb) - (block - start);
- if (count2 > count)
- count2 = count;
-
-@@ -620,7 +628,7 @@ handle_ib:
- if (err)
- goto out;
- count = group_table_count[j];
-- start = group_data[i].block_bitmap;
-+ start = (&group_data[i].block_bitmap)[j];
- block = start;
- }
-
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 1f7784d..a82e4e8 100644
+index 710fed2..a82e4e8 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data)
@@ -58807,36 +58684,6 @@ index 1f7784d..a82e4e8 100644
static int parse_strtoull(const char *buf,
unsigned long long max, unsigned long long *value)
-@@ -3695,16 +3695,22 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
- for (i = 0; i < 4; i++)
- sbi->s_hash_seed[i] = le32_to_cpu(es->s_hash_seed[i]);
- sbi->s_def_hash_version = es->s_def_hash_version;
-- i = le32_to_cpu(es->s_flags);
-- if (i & EXT2_FLAGS_UNSIGNED_HASH)
-- sbi->s_hash_unsigned = 3;
-- else if ((i & EXT2_FLAGS_SIGNED_HASH) == 0) {
-+ if (EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_DIR_INDEX)) {
-+ i = le32_to_cpu(es->s_flags);
-+ if (i & EXT2_FLAGS_UNSIGNED_HASH)
-+ sbi->s_hash_unsigned = 3;
-+ else if ((i & EXT2_FLAGS_SIGNED_HASH) == 0) {
- #ifdef __CHAR_UNSIGNED__
-- es->s_flags |= cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH);
-- sbi->s_hash_unsigned = 3;
-+ if (!(sb->s_flags & MS_RDONLY))
-+ es->s_flags |=
-+ cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH);
-+ sbi->s_hash_unsigned = 3;
- #else
-- es->s_flags |= cpu_to_le32(EXT2_FLAGS_SIGNED_HASH);
-+ if (!(sb->s_flags & MS_RDONLY))
-+ es->s_flags |=
-+ cpu_to_le32(EXT2_FLAGS_SIGNED_HASH);
- #endif
-+ }
- }
-
- /* Handle clustersize */
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 1423c48..9c0c6dc 100644
--- a/fs/ext4/xattr.c
@@ -60570,26 +60417,6 @@ index 4bcdad3..1883822 100644
res = next - LAST_INO_BATCH;
}
-diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
-index 8360674..60bb365 100644
---- a/fs/jbd2/transaction.c
-+++ b/fs/jbd2/transaction.c
-@@ -514,11 +514,13 @@ int jbd2_journal_start_reserved(handle_t *handle, unsigned int type,
- * similarly constrained call sites
- */
- ret = start_this_handle(journal, handle, GFP_NOFS);
-- if (ret < 0)
-+ if (ret < 0) {
- jbd2_journal_free_reserved(handle);
-+ return ret;
-+ }
- handle->h_type = type;
- handle->h_line_no = line_no;
-- return ret;
-+ return 0;
- }
- EXPORT_SYMBOL(jbd2_journal_start_reserved);
-
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
index 4a6cf28..d3a29d3 100644
--- a/fs/jffs2/erase.c
@@ -61435,10 +61262,10 @@ index f4ccfe6..a5cf064 100644
static struct callback_op callback_ops[];
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index 00ad1c2..2fde15e 100644
+index 5d94c02..630214f 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
-@@ -1146,16 +1146,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
+@@ -1153,16 +1153,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
}
@@ -62398,7 +62225,7 @@ index 1bd2077..2f7cfd5 100644
static struct pid *
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 03c8d74..4efb575 100644
+index 03c8d74..68a79e8 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -113,6 +113,14 @@ struct pid_entry {
@@ -62707,7 +62534,15 @@ index 03c8d74..4efb575 100644
rcu_read_unlock();
} else {
inode->i_uid = GLOBAL_ROOT_UID;
-@@ -2172,6 +2290,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -1819,6 +1937,7 @@ static int proc_map_files_get_link(struct dentry *dentry, struct path *path)
+ if (rc)
+ goto out_mmput;
+
++ rc = -ENOENT;
+ down_read(&mm->mmap_sem);
+ vma = find_exact_vma(mm, vm_start, vm_end);
+ if (vma && vma->vm_file) {
+@@ -2172,6 +2291,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
@@ -62717,7 +62552,7 @@ index 03c8d74..4efb575 100644
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2202,6 +2323,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
+@@ -2202,6 +2324,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
if (!task)
return -ENOENT;
@@ -62727,7 +62562,7 @@ index 03c8d74..4efb575 100644
if (!dir_emit_dots(file, ctx))
goto out;
-@@ -2591,7 +2715,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2591,7 +2716,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -62736,7 +62571,7 @@ index 03c8d74..4efb575 100644
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2616,10 +2740,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2616,10 +2741,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -62749,7 +62584,7 @@ index 03c8d74..4efb575 100644
ONE("stack", S_IRUGO, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2653,6 +2777,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2653,6 +2778,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
@@ -62759,7 +62594,7 @@ index 03c8d74..4efb575 100644
#ifdef CONFIG_USER_NS
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
-@@ -2783,7 +2910,14 @@ static int proc_pid_instantiate(struct inode *dir,
+@@ -2783,7 +2911,14 @@ static int proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
@@ -62774,7 +62609,7 @@ index 03c8d74..4efb575 100644
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2821,7 +2955,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
+@@ -2821,7 +2956,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
if (!task)
goto out;
@@ -62786,7 +62621,7 @@ index 03c8d74..4efb575 100644
put_task_struct(task);
out:
return ERR_PTR(result);
-@@ -2927,7 +3065,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -2927,7 +3066,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -62795,7 +62630,7 @@ index 03c8d74..4efb575 100644
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2954,10 +3092,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -2954,10 +3093,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -78958,7 +78793,7 @@ index 89b7c24..382af74 100644
return res->end - res->start + 1;
}
diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
-index f6c82de..de8619e 100644
+index d6ad91f..f10f279 100644
--- a/include/linux/ipc_namespace.h
+++ b/include/linux/ipc_namespace.h
@@ -70,7 +70,7 @@ struct ipc_namespace {
@@ -79980,7 +79815,7 @@ index 69be3e6..0fb422d 100644
struct iovec;
struct kvec;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index ce2a1f5..cb9bc8c 100644
+index 2177a6b..67fc561 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1129,6 +1129,7 @@ struct net_device_ops {
@@ -81015,7 +80850,7 @@ index 429c199..4d42e38 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 6f69b3f..71ac613 100644
+index 37cb679..dbaebc0 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -643,7 +643,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
@@ -81081,7 +80916,7 @@ index 6f69b3f..71ac613 100644
struct iovec *to, int size);
int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, int hlen,
struct iovec *iov);
-@@ -2617,6 +2617,9 @@ static inline void nf_reset(struct sk_buff *skb)
+@@ -2618,6 +2618,9 @@ static inline void nf_reset(struct sk_buff *skb)
nf_bridge_put(skb->nf_bridge);
skb->nf_bridge = NULL;
#endif
@@ -83873,10 +83708,19 @@ index b0e99de..09f385c 100644
int oldval;
int rc;
diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
-index 383d638..943fdbb 100644
+index 5bb8bfe..a38ec05 100644
--- a/ipc/mq_sysctl.c
+++ b/ipc/mq_sysctl.c
@@ -25,7 +25,7 @@ static void *get_mq(ctl_table *table)
+ static int proc_mq_dointvec(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table mq_table;
++ ctl_table_no_const mq_table;
+ memcpy(&mq_table, table, sizeof(mq_table));
+ mq_table.data = get_mq(table);
+
+@@ -35,7 +35,7 @@ static int proc_mq_dointvec(ctl_table *table, int write,
static int proc_mq_dointvec_minmax(ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -83886,7 +83730,7 @@ index 383d638..943fdbb 100644
mq_table.data = get_mq(table);
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
-index 95827ce..09e6d38 100644
+index b8d4aed..96a4fe8 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -278,6 +278,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
@@ -84262,10 +84106,10 @@ index 4e66bf9..cdccecf 100644
+}
+EXPORT_SYMBOL(inode_capable_nolog);
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index bc1dcab..f3a6b42 100644
+index 271acd8..54b70fe 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
-@@ -5607,7 +5607,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css,
+@@ -5609,7 +5609,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css,
struct css_set *cset = link->cset;
struct task_struct *task;
int count = 0;
@@ -84685,7 +84529,7 @@ index 0b097c8..11dd5c5 100644
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index f574401..11b21f0 100644
+index 6ed1163..f36346e 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -157,8 +157,15 @@ static struct srcu_struct pmus_srcu;
@@ -85557,7 +85401,7 @@ index 9c97016..df438f8 100644
/* Don't allow clients that don't understand the native
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index b086006..655e2aa 100644
+index b086006..b66f630 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
@@ -85685,7 +85529,7 @@ index b086006..655e2aa 100644
EXPORT_SYMBOL(__request_module);
#endif /* CONFIG_MODULES */
-@@ -218,6 +271,19 @@ static int ____call_usermodehelper(void *data)
+@@ -218,6 +271,20 @@ static int ____call_usermodehelper(void *data)
*/
set_user_nice(current, 0);
@@ -85695,7 +85539,8 @@ index b086006..655e2aa 100644
+ on that copy
+ */
+ if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) &&
-+ strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7)) || strstr(sub_info->path, "..")) {
++ strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) &&
++ strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) {
+ printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path);
+ retval = -EPERM;
+ goto fail;
@@ -85705,7 +85550,7 @@ index b086006..655e2aa 100644
retval = -ENOMEM;
new = prepare_kernel_cred(current);
if (!new)
-@@ -240,8 +306,8 @@ static int ____call_usermodehelper(void *data)
+@@ -240,8 +307,8 @@ static int ____call_usermodehelper(void *data)
commit_creds(new);
retval = do_execve(sub_info->path,
@@ -85716,7 +85561,7 @@ index b086006..655e2aa 100644
if (!retval)
return 0;
-@@ -260,6 +326,10 @@ static int call_helper(void *data)
+@@ -260,6 +327,10 @@ static int call_helper(void *data)
static void call_usermodehelper_freeinfo(struct subprocess_info *info)
{
@@ -85727,7 +85572,7 @@ index b086006..655e2aa 100644
if (info->cleanup)
(*info->cleanup)(info);
kfree(info);
-@@ -303,7 +373,7 @@ static int wait_for_helper(void *data)
+@@ -303,7 +374,7 @@ static int wait_for_helper(void *data)
*
* Thus the __user pointer cast is valid here.
*/
@@ -85736,7 +85581,7 @@ index b086006..655e2aa 100644
/*
* If ret is 0, either ____call_usermodehelper failed and the
-@@ -542,7 +612,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
+@@ -542,7 +613,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
goto out;
INIT_WORK(&sub_info->work, __call_usermodehelper);
@@ -85749,7 +85594,7 @@ index b086006..655e2aa 100644
sub_info->argv = argv;
sub_info->envp = envp;
-@@ -650,7 +725,7 @@ EXPORT_SYMBOL(call_usermodehelper);
+@@ -650,7 +726,7 @@ EXPORT_SYMBOL(call_usermodehelper);
static int proc_cap_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -87021,9 +86866,18 @@ index 2abd25d..02c4faa 100644
atomic_set(&pd->refcnt, 0);
pd->pinst = pinst;
diff --git a/kernel/panic.c b/kernel/panic.c
-index c00b4ce..a846117 100644
+index c00b4ce..98c7d1a 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
+@@ -52,7 +52,7 @@ EXPORT_SYMBOL(panic_blink);
+ /*
+ * Stop ourself in panic -- architecture code may override this
+ */
+-void __weak panic_smp_self_stop(void)
++void __weak __noreturn panic_smp_self_stop(void)
+ {
+ while (1)
+ cpu_relax();
@@ -407,7 +407,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
disable_trace_on_warning();
@@ -89922,10 +89776,10 @@ index 4431610..4265616 100644
.thread_should_run = watchdog_should_run,
.thread_fn = watchdog,
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
-index b010eac..e4bda78 100644
+index a8381cf..1ce1331 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
-@@ -4671,7 +4671,7 @@ static void rebind_workers(struct worker_pool *pool)
+@@ -4678,7 +4678,7 @@ static void rebind_workers(struct worker_pool *pool)
WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
worker_flags |= WORKER_REBOUND;
worker_flags &= ~WORKER_UNBOUND;
@@ -90721,6 +90575,72 @@ index ce682f7..1fb54f9 100644
if (err) {
bdi_destroy(bdi);
return err;
+diff --git a/mm/compaction.c b/mm/compaction.c
+index f58bcd0..b74dc61 100644
+--- a/mm/compaction.c
++++ b/mm/compaction.c
+@@ -251,7 +251,6 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
+ {
+ int nr_scanned = 0, total_isolated = 0;
+ struct page *cursor, *valid_page = NULL;
+- unsigned long nr_strict_required = end_pfn - blockpfn;
+ unsigned long flags;
+ bool locked = false;
+
+@@ -264,11 +263,12 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
+
+ nr_scanned++;
+ if (!pfn_valid_within(blockpfn))
+- continue;
++ goto isolate_fail;
++
+ if (!valid_page)
+ valid_page = page;
+ if (!PageBuddy(page))
+- continue;
++ goto isolate_fail;
+
+ /*
+ * The zone lock must be held to isolate freepages.
+@@ -289,12 +289,10 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
+
+ /* Recheck this is a buddy page under lock */
+ if (!PageBuddy(page))
+- continue;
++ goto isolate_fail;
+
+ /* Found a free page, break it into order-0 pages */
+ isolated = split_free_page(page);
+- if (!isolated && strict)
+- break;
+ total_isolated += isolated;
+ for (i = 0; i < isolated; i++) {
+ list_add(&page->lru, freelist);
+@@ -305,7 +303,15 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
+ if (isolated) {
+ blockpfn += isolated - 1;
+ cursor += isolated - 1;
++ continue;
+ }
++
++isolate_fail:
++ if (strict)
++ break;
++ else
++ continue;
++
+ }
+
+ trace_mm_compaction_isolate_freepages(nr_scanned, total_isolated);
+@@ -315,7 +321,7 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
+ * pages requested were isolated. If there were any failures, 0 is
+ * returned and CMA will fail.
+ */
+- if (strict && nr_strict_required > total_isolated)
++ if (strict && blockpfn < end_pfn)
+ total_isolated = 0;
+
+ if (locked)
diff --git a/mm/filemap.c b/mm/filemap.c
index b7749a9..50d1123 100644
--- a/mm/filemap.c
@@ -91225,7 +91145,7 @@ index 90977ac..487ab84 100644
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index 6768ce9..4c41d69 100644
+index dda27b9..c56b9d6 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -402,6 +402,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -91795,10 +91715,10 @@ index 6768ce9..4c41d69 100644
+ }
+#endif
+
- retry:
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
-@@ -3838,6 +4079,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+ if (!pud)
+@@ -3830,6 +4071,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -91822,7 +91742,7 @@ index 6768ce9..4c41d69 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3868,6 +4126,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3860,6 +4118,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -91853,7 +91773,7 @@ index 6768ce9..4c41d69 100644
#endif /* __PAGETABLE_PMD_FOLDED */
#if !defined(__HAVE_ARCH_GATE_AREA)
-@@ -3881,7 +4163,7 @@ static int __init gate_vma_init(void)
+@@ -3873,7 +4155,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -91862,7 +91782,7 @@ index 6768ce9..4c41d69 100644
return 0;
}
-@@ -4015,8 +4297,8 @@ out:
+@@ -4007,8 +4289,8 @@ out:
return ret;
}
@@ -91873,7 +91793,7 @@ index 6768ce9..4c41d69 100644
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -4042,8 +4324,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
+@@ -4034,8 +4316,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
@@ -91884,7 +91804,7 @@ index 6768ce9..4c41d69 100644
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -4051,7 +4333,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4043,7 +4325,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
@@ -91893,7 +91813,7 @@ index 6768ce9..4c41d69 100644
void *maddr;
struct page *page = NULL;
-@@ -4110,8 +4392,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4102,8 +4384,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -91904,7 +91824,7 @@ index 6768ce9..4c41d69 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -4121,11 +4403,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4113,11 +4395,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
@@ -95569,22 +95489,6 @@ index 9321a77..ed2f256 100644
set_fs(oldfs);
if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
-diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
-index 9c5a1aa..3c6c637 100644
---- a/net/9p/trans_virtio.c
-+++ b/net/9p/trans_virtio.c
-@@ -340,7 +340,10 @@ static int p9_get_mapped_pages(struct virtio_chan *chan,
- int count = nr_pages;
- while (nr_pages) {
- s = rest_of_page(data);
-- pages[index++] = kmap_to_page(data);
-+ if (is_vmalloc_addr(data))
-+ pages[index++] = vmalloc_to_page(data);
-+ else
-+ pages[index++] = kmap_to_page(data);
- data += s;
- nr_pages--;
- }
diff --git a/net/atm/atm_misc.c b/net/atm/atm_misc.c
index 876fbe8..8bbea9f 100644
--- a/net/atm/atm_misc.c
@@ -95764,10 +95668,10 @@ index 919a5ce..cc6b444 100644
table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL);
if (!table)
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
-index b9c8a6e..ed0f711 100644
+index f7270b9..cd0d879 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
-@@ -297,7 +297,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
+@@ -307,7 +307,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
/* randomize initial seqno to avoid collision */
get_random_bytes(&random_seqno, sizeof(random_seqno));
@@ -95776,7 +95680,7 @@ index b9c8a6e..ed0f711 100644
hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN;
ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC);
-@@ -884,9 +884,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+@@ -894,9 +894,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
batadv_ogm_packet->tvlv_len = htons(tvlv_len);
/* change sequence number to network order */
@@ -95788,7 +95692,7 @@ index b9c8a6e..ed0f711 100644
batadv_iv_ogm_slide_own_bcast_window(hard_iface);
batadv_iv_ogm_queue_add(bat_priv, hard_iface->bat_iv.ogm_buff,
-@@ -1251,7 +1251,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
+@@ -1261,7 +1261,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
return;
/* could be changed by schedule_own_packet() */
@@ -96072,10 +95976,10 @@ index 0f45522..dab651f 100644
list_del(&p->list);
goto out;
diff --git a/net/can/af_can.c b/net/can/af_can.c
-index d249874..99e197b 100644
+index a27f8aa..67174a3 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
-@@ -862,7 +862,7 @@ static const struct net_proto_family can_family_ops = {
+@@ -863,7 +863,7 @@ static const struct net_proto_family can_family_ops = {
};
/* notifier block for netdevice event */
@@ -96291,7 +96195,7 @@ index a16ed7b..eb44d17 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 0ce469e..dfb53d2 100644
+index 616eccf..31832d38 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1684,14 +1684,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -96311,7 +96215,7 @@ index 0ce469e..dfb53d2 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2434,7 +2434,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2434,7 +2434,7 @@ static int illegal_highdma(const struct net_device *dev, struct sk_buff *skb)
struct dev_gso_cb {
void (*destructor)(struct sk_buff *skb);
@@ -96320,7 +96224,7 @@ index 0ce469e..dfb53d2 100644
#define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
-@@ -3222,7 +3222,7 @@ enqueue:
+@@ -3224,7 +3224,7 @@ enqueue:
local_irq_restore(flags);
@@ -96329,7 +96233,7 @@ index 0ce469e..dfb53d2 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -3294,7 +3294,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -3296,7 +3296,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
@@ -96338,7 +96242,7 @@ index 0ce469e..dfb53d2 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
-@@ -3628,7 +3628,7 @@ ncls:
+@@ -3630,7 +3630,7 @@ ncls:
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
drop:
@@ -96347,7 +96251,7 @@ index 0ce469e..dfb53d2 100644
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -4288,7 +4288,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -4290,7 +4290,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
@@ -96356,7 +96260,7 @@ index 0ce469e..dfb53d2 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -6177,7 +6177,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -6179,7 +6179,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -96560,7 +96464,7 @@ index 81d3a9a..a0bd7a8 100644
return error;
}
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
-index 19fe9c7..b6bb620 100644
+index 81975f2..9ef3531 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
@@ -96661,10 +96565,10 @@ index b442e7e..6f5b5a2 100644
{
struct socket *sock;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index 0b5149c..24e9976 100644
+index deffb37..213db0a 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
-@@ -2004,7 +2004,7 @@ EXPORT_SYMBOL(__skb_checksum);
+@@ -2006,7 +2006,7 @@ EXPORT_SYMBOL(__skb_checksum);
__wsum skb_checksum(const struct sk_buff *skb, int offset,
int len, __wsum csum)
{
@@ -96673,7 +96577,7 @@ index 0b5149c..24e9976 100644
.update = csum_partial_ext,
.combine = csum_block_add_ext,
};
-@@ -3117,13 +3117,15 @@ void __init skb_init(void)
+@@ -3119,13 +3119,15 @@ void __init skb_init(void)
skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
sizeof(struct sk_buff),
0,
@@ -96692,7 +96596,7 @@ index 0b5149c..24e9976 100644
}
diff --git a/net/core/sock.c b/net/core/sock.c
-index 5393b4b..997c88b 100644
+index fbc5cfb..6d7e8c3 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -96779,7 +96683,7 @@ index 5393b4b..997c88b 100644
return -EFAULT;
lenout:
if (put_user(len, optlen))
-@@ -2351,7 +2351,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2353,7 +2353,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
*/
smp_wmb();
atomic_set(&sk->sk_refcnt, 1);
@@ -96788,7 +96692,7 @@ index 5393b4b..997c88b 100644
}
EXPORT_SYMBOL(sock_init_data);
-@@ -2476,6 +2476,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
+@@ -2478,6 +2478,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
int level, int type)
{
@@ -96796,7 +96700,7 @@ index 5393b4b..997c88b 100644
struct sock_exterr_skb *serr;
struct sk_buff *skb, *skb2;
int copied, err;
-@@ -2497,7 +2498,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
+@@ -2499,7 +2500,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
sock_recv_timestamp(msg, sk, skb);
serr = SKB_EXT_ERR(skb);
@@ -97028,10 +96932,10 @@ index 70011e0..454ca6a 100644
}
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index a1b5bcb..62ec5c6 100644
+index f4b34d8..c54a163 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
-@@ -1533,7 +1533,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
+@@ -1534,7 +1534,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
idx = 0;
head = &net->dev_index_head[h];
rcu_read_lock();
@@ -97040,7 +96944,7 @@ index a1b5bcb..62ec5c6 100644
net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
-@@ -1844,7 +1844,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
+@@ -1845,7 +1845,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
idx = 0;
head = &net->dev_index_head[h];
rcu_read_lock();
@@ -97049,7 +96953,7 @@ index a1b5bcb..62ec5c6 100644
net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
-@@ -2069,7 +2069,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
+@@ -2070,7 +2070,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
@@ -97058,7 +96962,7 @@ index a1b5bcb..62ec5c6 100644
struct ctl_table_header *sysctl_header;
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
} devinet_sysctl = {
-@@ -2191,7 +2191,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2192,7 +2192,7 @@ static __net_init int devinet_init_net(struct net *net)
int err;
struct ipv4_devconf *all, *dflt;
#ifdef CONFIG_SYSCTL
@@ -97067,7 +96971,7 @@ index a1b5bcb..62ec5c6 100644
struct ctl_table_header *forw_hdr;
#endif
-@@ -2209,7 +2209,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2210,7 +2210,7 @@ static __net_init int devinet_init_net(struct net *net)
goto err_alloc_dflt;
#ifdef CONFIG_SYSCTL
@@ -97076,7 +96980,7 @@ index a1b5bcb..62ec5c6 100644
if (tbl == NULL)
goto err_alloc_ctl;
-@@ -2229,7 +2229,10 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2230,7 +2230,10 @@ static __net_init int devinet_init_net(struct net *net)
goto err_reg_dflt;
err = -ENOMEM;
@@ -97088,7 +96992,7 @@ index a1b5bcb..62ec5c6 100644
if (forw_hdr == NULL)
goto err_reg_ctl;
net->ipv4.forw_hdr = forw_hdr;
-@@ -2245,8 +2248,7 @@ err_reg_ctl:
+@@ -2246,8 +2249,7 @@ err_reg_ctl:
err_reg_dflt:
__devinet_sysctl_unregister(all);
err_reg_all:
@@ -97666,7 +97570,7 @@ index 23c3e5b..cdb8b36 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index f8da282..133a1c7 100644
+index e611651f..0c17263 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2621,34 +2621,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
@@ -98212,7 +98116,7 @@ index e1a6393..f634ce5 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 4b6b720..272c0c5 100644
+index 9c05d77..9cfa714 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -589,7 +589,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
@@ -98233,7 +98137,7 @@ index 4b6b720..272c0c5 100644
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
-@@ -3962,7 +3962,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
+@@ -3964,7 +3964,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
s_ip_idx = ip_idx = cb->args[2];
rcu_read_lock();
@@ -98242,7 +98146,7 @@ index 4b6b720..272c0c5 100644
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
head = &net->dev_index_head[h];
-@@ -4569,7 +4569,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4571,7 +4571,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
dst_free(&ifp->rt->dst);
break;
}
@@ -98251,7 +98155,7 @@ index 4b6b720..272c0c5 100644
rt_genid_bump_ipv6(net);
}
-@@ -4590,7 +4590,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+@@ -4592,7 +4592,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -98260,7 +98164,7 @@ index 4b6b720..272c0c5 100644
int ret;
/*
-@@ -4675,7 +4675,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+@@ -4677,7 +4677,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -98716,9 +98620,18 @@ index cc85a9b..526a133 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 4b4944c..4580b91 100644
+index 4b4944c..d346b14 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
+@@ -1495,7 +1495,7 @@ int ip6_route_add(struct fib6_config *cfg)
+ if (!table)
+ goto out;
+
+- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table);
++ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table);
+
+ if (!rt) {
+ err = -ENOMEM;
@@ -2954,7 +2954,7 @@ struct ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
@@ -100602,10 +100515,10 @@ index a26065b..af7be05 100644
auth.skb = chunk->auth_chunk;
auth.asoc = chunk->asoc;
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 42b709c..e7d09ac 100644
+index 146b35d..1021a34 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -2153,11 +2153,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
+@@ -2176,11 +2176,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
{
struct sctp_association *asoc;
struct sctp_ulpevent *event;
@@ -100620,7 +100533,7 @@ index 42b709c..e7d09ac 100644
/*
* At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
-@@ -4229,13 +4231,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
+@@ -4252,13 +4254,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
int __user *optlen)
{
@@ -100638,7 +100551,7 @@ index 42b709c..e7d09ac 100644
return -EFAULT;
return 0;
}
-@@ -4253,6 +4258,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
+@@ -4276,6 +4281,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
*/
static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -100647,7 +100560,7 @@ index 42b709c..e7d09ac 100644
/* Applicable to UDP-style socket only */
if (sctp_style(sk, TCP))
return -EOPNOTSUPP;
-@@ -4261,7 +4268,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
+@@ -4284,7 +4291,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
len = sizeof(int);
if (put_user(len, optlen))
return -EFAULT;
@@ -100657,7 +100570,7 @@ index 42b709c..e7d09ac 100644
return -EFAULT;
return 0;
}
-@@ -4633,12 +4641,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
+@@ -4656,12 +4664,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
*/
static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -100674,7 +100587,7 @@ index 42b709c..e7d09ac 100644
return -EFAULT;
return 0;
}
-@@ -4679,6 +4690,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4702,6 +4713,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
if (space_left < addrlen)
return -ENOMEM;
@@ -100724,7 +100637,7 @@ index b0565af..d135e6e 100644
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
diff --git a/net/socket.c b/net/socket.c
-index e83c416..1094d88 100644
+index e83c416..f87df4c 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -100899,7 +100812,18 @@ index e83c416..1094d88 100644
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
unsigned int, flags, struct sockaddr __user *, addr,
int, addr_len)
-@@ -2047,7 +2113,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -1972,6 +2038,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
+ {
+ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
+ return -EFAULT;
++
++ if (kmsg->msg_namelen < 0)
++ return -EINVAL;
++
+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
+ kmsg->msg_namelen = sizeof(struct sockaddr_storage);
+ return 0;
+@@ -2047,7 +2117,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
@@ -100908,7 +100832,7 @@ index e83c416..1094d88 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2227,7 +2293,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2227,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
/* Save the user-mode address (verify_iovec will change the
* kernel msghdr to use the kernel address space)
*/
@@ -100917,7 +100841,7 @@ index e83c416..1094d88 100644
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags)
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
-@@ -2871,7 +2937,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2871,7 +2941,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
ifr = compat_alloc_user_space(buf_size);
rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
@@ -100926,7 +100850,7 @@ index e83c416..1094d88 100644
return -EFAULT;
if (put_user(convert_in ? rxnfc : compat_ptr(data),
-@@ -2985,14 +3051,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2985,14 +3055,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -100943,7 +100867,7 @@ index e83c416..1094d88 100644
return -EFAULT;
if (get_user(data, &ifr32->ifr_ifru.ifru_data))
-@@ -3094,7 +3160,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3094,7 +3164,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -100952,7 +100876,7 @@ index e83c416..1094d88 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3199,7 +3265,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3199,7 +3269,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -100961,7 +100885,7 @@ index e83c416..1094d88 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3425,8 +3491,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3425,8 +3495,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
@@ -100972,7 +100896,7 @@ index e83c416..1094d88 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3446,7 +3512,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3446,7 +3516,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -100982,70 +100906,23 @@ index e83c416..1094d88 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
-index 42fdfc6..1eebf22 100644
+index a642fd616..1eebf22 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
-@@ -108,6 +108,7 @@ struct gss_auth {
- static DEFINE_SPINLOCK(pipe_version_lock);
- static struct rpc_wait_queue pipe_version_rpc_waitqueue;
- static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
-+static void gss_put_auth(struct gss_auth *gss_auth);
-
- static void gss_free_ctx(struct gss_cl_ctx *);
- static const struct rpc_pipe_ops gss_upcall_ops_v0;
-@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
- if (gss_msg->ctx != NULL)
- gss_put_ctx(gss_msg->ctx);
- rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
-+ gss_put_auth(gss_msg->auth);
- kfree(gss_msg);
- }
-
-@@ -498,9 +500,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
+@@ -500,10 +500,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
default:
err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
if (err)
- goto err_free_msg;
+ goto err_put_pipe_version;
};
-+ kref_get(&gss_auth->kref);
+ kref_get(&gss_auth->kref);
return gss_msg;
+err_put_pipe_version:
+ put_pipe_version(gss_auth->net);
err_free_msg:
kfree(gss_msg);
err:
-@@ -1071,6 +1076,12 @@ gss_free_callback(struct kref *kref)
- }
-
- static void
-+gss_put_auth(struct gss_auth *gss_auth)
-+{
-+ kref_put(&gss_auth->kref, gss_free_callback);
-+}
-+
-+static void
- gss_destroy(struct rpc_auth *auth)
- {
- struct gss_auth *gss_auth = container_of(auth,
-@@ -1091,7 +1102,7 @@ gss_destroy(struct rpc_auth *auth)
- gss_auth->gss_pipe[1] = NULL;
- rpcauth_destroy_credcache(auth);
-
-- kref_put(&gss_auth->kref, gss_free_callback);
-+ gss_put_auth(gss_auth);
- }
-
- /*
-@@ -1262,7 +1273,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
- call_rcu(&cred->cr_rcu, gss_free_cred_callback);
- if (ctx)
- gss_put_ctx(ctx);
-- kref_put(&gss_auth->kref, gss_free_callback);
-+ gss_put_auth(gss_auth);
- }
-
- static void
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 1b94a9c..496f7f5 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
@@ -101372,37 +101249,6 @@ index 62e4f9b..dd3f2d7 100644
/* See if we can opportunistically reap SQ WR to make room */
sq_cq_reap(xprt);
-diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
-index dd9d295..cad4a95 100644
---- a/net/sunrpc/xprtsock.c
-+++ b/net/sunrpc/xprtsock.c
-@@ -504,6 +504,7 @@ static int xs_nospace(struct rpc_task *task)
- struct rpc_rqst *req = task->tk_rqstp;
- struct rpc_xprt *xprt = req->rq_xprt;
- struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
-+ struct sock *sk = transport->inet;
- int ret = -EAGAIN;
-
- dprintk("RPC: %5u xmit incomplete (%u left of %u)\n",
-@@ -521,7 +522,7 @@ static int xs_nospace(struct rpc_task *task)
- * window size
- */
- set_bit(SOCK_NOSPACE, &transport->sock->flags);
-- transport->inet->sk_write_pending++;
-+ sk->sk_write_pending++;
- /* ...and wait for more buffer space */
- xprt_wait_for_buffer_space(task, xs_nospace_callback);
- }
-@@ -531,6 +532,9 @@ static int xs_nospace(struct rpc_task *task)
- }
-
- spin_unlock_bh(&xprt->transport_lock);
-+
-+ /* Race breaker in case memory is freed before above code is called */
-+ sk->sk_write_space(sk);
- return ret;
- }
-
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index e7000be..e3b0ba7 100644
--- a/net/sysctl_net.c
@@ -102337,10 +102183,10 @@ index 8fac3fd..32ff38d 100644
unsigned int secindex_strings;
diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..0ebde711 100644
+index e9c6ac7..75578c4 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,959 @@
+@@ -4,6 +4,960 @@
menu "Security options"
@@ -102767,8 +102613,9 @@ index e9c6ac7..0ebde711 100644
+ 3 GB.
+
+config PAX_EMUTRAMP
-+ bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
-+ default y if PARISC
++ bool "Emulate trampolines"
++ default y if PARISC || GRKERNSEC_CONFIG_AUTO
++ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
+ help
+ There are some programs and libraries that for one reason or
+ another attempt to execute special small code snippets from
@@ -103300,7 +103147,7 @@ index e9c6ac7..0ebde711 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1056,7 @@ config INTEL_TXT
+@@ -103,7 +1057,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
diff --git a/3.13.5/4425_grsec_remove_EI_PAX.patch b/3.13.6/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.13.5/4425_grsec_remove_EI_PAX.patch
rename to 3.13.6/4425_grsec_remove_EI_PAX.patch
diff --git a/3.13.5/4427_force_XATTR_PAX_tmpfs.patch b/3.13.6/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.13.5/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.13.6/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.13.5/4430_grsec-remove-localversion-grsec.patch b/3.13.6/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.13.5/4430_grsec-remove-localversion-grsec.patch
rename to 3.13.6/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.13.5/4435_grsec-mute-warnings.patch b/3.13.6/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.13.5/4435_grsec-mute-warnings.patch
rename to 3.13.6/4435_grsec-mute-warnings.patch
diff --git a/3.13.5/4440_grsec-remove-protected-paths.patch b/3.13.6/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.13.5/4440_grsec-remove-protected-paths.patch
rename to 3.13.6/4440_grsec-remove-protected-paths.patch
diff --git a/3.13.5/4450_grsec-kconfig-default-gids.patch b/3.13.6/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.13.5/4450_grsec-kconfig-default-gids.patch
rename to 3.13.6/4450_grsec-kconfig-default-gids.patch
diff --git a/3.13.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.6/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.13.5/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.13.6/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.13.5/4470_disable-compat_vdso.patch b/3.13.6/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.13.5/4470_disable-compat_vdso.patch
rename to 3.13.6/4470_disable-compat_vdso.patch
diff --git a/3.13.5/4475_emutramp_default_on.patch b/3.13.6/4475_emutramp_default_on.patch
similarity index 80%
rename from 3.13.5/4475_emutramp_default_on.patch
rename to 3.13.6/4475_emutramp_default_on.patch
index 30f6978..a453a5b 100644
--- a/3.13.5/4475_emutramp_default_on.patch
+++ b/3.13.6/4475_emutramp_default_on.patch
@@ -13,9 +13,9 @@ diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/secur
@@ -428,7 +428,7 @@
config PAX_EMUTRAMP
- bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
-- default y if PARISC
+ bool "Emulate trampolines"
+- default y if PARISC || GRKERNSEC_CONFIG_AUTO
+ default y
+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
help
There are some programs and libraries that for one reason or
- another attempt to execute special small code snippets from
diff --git a/3.2.55/0000_README b/3.2.55/0000_README
index 6e1b2f5..14a043a 100644
--- a/3.2.55/0000_README
+++ b/3.2.55/0000_README
@@ -138,7 +138,7 @@ Patch: 1054_linux-3.2.55.patch
From: http://www.kernel.org
Desc: Linux 3.2.55
-Patch: 4420_grsecurity-3.0-3.2.55-201403041936.patch
+Patch: 4420_grsecurity-3.0-3.2.55-201403142107.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201403142107.patch
similarity index 99%
rename from 3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch
rename to 3.2.55/4420_grsecurity-3.0-3.2.55-201403142107.patch
index 5a6b289..bfd99a7 100644
--- a/3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch
+++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201403142107.patch
@@ -3720,6 +3720,19 @@ index d46f1da..d72dc10 100644
help
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
+diff --git a/arch/mips/cavium-octeon/dma-octeon.c b/arch/mips/cavium-octeon/dma-octeon.c
+index ea4feba..1960ddd 100644
+--- a/arch/mips/cavium-octeon/dma-octeon.c
++++ b/arch/mips/cavium-octeon/dma-octeon.c
+@@ -189,7 +189,7 @@ static void octeon_dma_free_coherent(struct device *dev, size_t size,
+ if (dma_release_from_coherent(dev, order, vaddr))
+ return;
+
+- swiotlb_free_coherent(dev, size, vaddr, dma_handle);
++ swiotlb_free_coherent(dev, size, vaddr, dma_handle, attrs);
+ }
+
+ static dma_addr_t octeon_unity_phys_to_dma(struct device *dev, phys_addr_t paddr)
diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h
index 1d93f81..67794d0 100644
--- a/arch/mips/include/asm/atomic.h
@@ -3794,6 +3807,19 @@ index 455c0ac..ad65fbe 100644
-#define arch_randomize_brk arch_randomize_brk
-
#endif /* _ASM_ELF_H */
+diff --git a/arch/mips/include/asm/hw_irq.h b/arch/mips/include/asm/hw_irq.h
+index 9e8ef59..1139d6b 100644
+--- a/arch/mips/include/asm/hw_irq.h
++++ b/arch/mips/include/asm/hw_irq.h
+@@ -10,7 +10,7 @@
+
+ #include <linux/atomic.h>
+
+-extern atomic_t irq_err_count;
++extern atomic_unchecked_t irq_err_count;
+
+ /*
+ * interrupt-retrigger: NOP for now. This may not be appropriate for all
diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h
index e59cd1a..8e329d6 100644
--- a/arch/mips/include/asm/page.h
@@ -3905,6 +3931,32 @@ index ff44823..97f8906 100644
#include <asm/processor.h>
/*
+diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c
+index 32b397b..3a5143a 100644
+--- a/arch/mips/kernel/i8259.c
++++ b/arch/mips/kernel/i8259.c
+@@ -205,7 +205,7 @@ spurious_8259A_irq:
+ printk(KERN_DEBUG "spurious 8259A interrupt: IRQ%d.\n", irq);
+ spurious_irq_mask |= irqmask;
+ }
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ /*
+ * Theoretically we do not have to handle this IRQ,
+ * but in Linux this does not cause problems and is
+diff --git a/arch/mips/kernel/irq-gt641xx.c b/arch/mips/kernel/irq-gt641xx.c
+index 883fc6c..28c0acd 100644
+--- a/arch/mips/kernel/irq-gt641xx.c
++++ b/arch/mips/kernel/irq-gt641xx.c
+@@ -110,7 +110,7 @@ void gt641xx_irq_dispatch(void)
+ }
+ }
+
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ }
+
+ void __init gt641xx_irq_init(void)
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
index bf128d7..bc244d6 100644
--- a/arch/mips/kernel/process.c
@@ -3952,6 +4004,38 @@ index 4e6ea1f..0922422 100644
if (!(current->ptrace & PT_PTRACED))
goto out;
+diff --git a/arch/mips/kernel/reset.c b/arch/mips/kernel/reset.c
+index 07fc524..b9d7f28 100644
+--- a/arch/mips/kernel/reset.c
++++ b/arch/mips/kernel/reset.c
+@@ -13,6 +13,7 @@
+ #include <linux/reboot.h>
+
+ #include <asm/reboot.h>
++#include <asm/bug.h>
+
+ /*
+ * Urgs ... Too many MIPS machines to handle this in a generic way.
+@@ -29,16 +30,19 @@ void machine_restart(char *command)
+ {
+ if (_machine_restart)
+ _machine_restart(command);
++ BUG();
+ }
+
+ void machine_halt(void)
+ {
+ if (_machine_halt)
+ _machine_halt();
++ BUG();
+ }
+
+ void machine_power_off(void)
+ {
+ if (pm_power_off)
+ pm_power_off();
++ BUG();
+ }
diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S
index a632bc1..0b77c7c 100644
--- a/arch/mips/kernel/scall32-o32.S
@@ -4033,7 +4117,7 @@ index 937cf33..adb39bb 100644
* This routine handles page faults. It determines the address,
* and the problem, and then passes it off to one of the appropriate
diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
-index 302d779..3845a09 100644
+index 302d779..b8b4e97 100644
--- a/arch/mips/mm/mmap.c
+++ b/arch/mips/mm/mmap.c
@@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
@@ -4062,7 +4146,7 @@ index 302d779..3845a09 100644
vma = find_vma(mm, addr);
- if (TASK_SIZE - len >= addr &&
- (!vma || addr + len <= vma->vm_start))
-+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vmm, &addr, len, offset))
++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, &addr, len, offset))
return addr;
}
@@ -4071,7 +4155,7 @@ index 302d779..3845a09 100644
if (TASK_SIZE - len < addr)
return -ENOMEM;
- if (!vma || addr + len <= vma->vm_start)
-+ if (check_heap_stack_gap(vmm, &addr, len, offset))
++ if (check_heap_stack_gap(vma, &addr, len, offset))
return addr;
addr = vma->vm_end;
if (do_color_align)
@@ -4083,7 +4167,7 @@ index 302d779..3845a09 100644
- if (!vma || addr <= vma->vm_start) {
+ addr -= len;
+ vma = find_vma(mm, addr);
-+ if (check_heap_stack_gap(vmm, &addr, len, offset))
++ if (check_heap_stack_gap(vma, &addr, len, offset)) {
/* cache the address as a hint for next time */
- return mm->free_area_cache = addr - len;
+ return (mm->free_area_cache = addr);
@@ -4107,7 +4191,7 @@ index 302d779..3845a09 100644
*/
vma = find_vma(mm, addr);
- if (likely(!vma || addr + len <= vma->vm_start)) {
-+ if (check_heap_stack_gap(vmm, &addr, len, offset)) {
++ if (check_heap_stack_gap(vma, &addr, len, offset)) {
/* cache the address as a hint for next time */
return mm->free_area_cache = addr;
}
@@ -4186,6 +4270,95 @@ index 302d779..3845a09 100644
-
- return ret;
-}
+diff --git a/arch/mips/pci/pci-octeon.c b/arch/mips/pci/pci-octeon.c
+index ed1c542..88552ac 100644
+--- a/arch/mips/pci/pci-octeon.c
++++ b/arch/mips/pci/pci-octeon.c
+@@ -335,8 +335,8 @@ static int octeon_write_config(struct pci_bus *bus, unsigned int devfn,
+
+
+ static struct pci_ops octeon_pci_ops = {
+- octeon_read_config,
+- octeon_write_config,
++ .read = octeon_read_config,
++ .write = octeon_write_config,
+ };
+
+ static struct resource octeon_pci_mem_resource = {
+diff --git a/arch/mips/pci/pcie-octeon.c b/arch/mips/pci/pcie-octeon.c
+index 0583c463..c07a38e 100644
+--- a/arch/mips/pci/pcie-octeon.c
++++ b/arch/mips/pci/pcie-octeon.c
+@@ -1238,8 +1238,8 @@ static int octeon_pcie1_write_config(struct pci_bus *bus, unsigned int devfn,
+ }
+
+ static struct pci_ops octeon_pcie0_ops = {
+- octeon_pcie0_read_config,
+- octeon_pcie0_write_config,
++ .read = octeon_pcie0_read_config,
++ .write = octeon_pcie0_write_config,
+ };
+
+ static struct resource octeon_pcie0_mem_resource = {
+@@ -1259,8 +1259,8 @@ static struct pci_controller octeon_pcie0_controller = {
+ };
+
+ static struct pci_ops octeon_pcie1_ops = {
+- octeon_pcie1_read_config,
+- octeon_pcie1_write_config,
++ .read = octeon_pcie1_read_config,
++ .write = octeon_pcie1_write_config,
+ };
+
+ static struct resource octeon_pcie1_mem_resource = {
+diff --git a/arch/mips/sni/rm200.c b/arch/mips/sni/rm200.c
+index 3ab5b5d..67145ff 100644
+--- a/arch/mips/sni/rm200.c
++++ b/arch/mips/sni/rm200.c
+@@ -270,7 +270,7 @@ spurious_8259A_irq:
+ "spurious RM200 8259A interrupt: IRQ%d.\n", irq);
+ spurious_irq_mask |= irqmask;
+ }
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ /*
+ * Theoretically we do not have to handle this IRQ,
+ * but in Linux this does not cause problems and is
+diff --git a/arch/mips/vr41xx/common/icu.c b/arch/mips/vr41xx/common/icu.c
+index a39ef32..98c4860 100644
+--- a/arch/mips/vr41xx/common/icu.c
++++ b/arch/mips/vr41xx/common/icu.c
+@@ -653,7 +653,7 @@ static int icu_get_irq(unsigned int irq)
+
+ printk(KERN_ERR "spurious ICU interrupt: %04x,%04x\n", pend1, pend2);
+
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+
+ return -1;
+ }
+diff --git a/arch/mips/vr41xx/common/irq.c b/arch/mips/vr41xx/common/irq.c
+index fad2bef..6499c27 100644
+--- a/arch/mips/vr41xx/common/irq.c
++++ b/arch/mips/vr41xx/common/irq.c
+@@ -65,7 +65,7 @@ static void irq_dispatch(unsigned int irq)
+ irq_cascade_t *cascade;
+
+ if (irq >= NR_IRQS) {
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ return;
+ }
+
+@@ -85,7 +85,7 @@ static void irq_dispatch(unsigned int irq)
+ ret = cascade->get_irq(irq);
+ irq = ret;
+ if (ret < 0)
+- atomic_inc(&irq_err_count);
++ atomic_inc_unchecked(&irq_err_count);
+ else
+ irq_dispatch(irq);
+ if (!irqd_irq_disabled(idata) && chip->irq_unmask)
diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h
index 967d144..db12197 100644
--- a/arch/mn10300/proc-mn103e010/include/proc/cache.h
@@ -29533,7 +29706,7 @@ index 6687022..ceabcfa 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 5a5b6e4..37ccbe3 100644
+index 5a5b6e4..3cbf9b7 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -11,6 +11,7 @@
@@ -29688,7 +29861,7 @@ index 5a5b6e4..37ccbe3 100644
if (!bpf_jit_enable)
return;
-@@ -141,11 +239,19 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -141,11 +239,15 @@ void bpf_jit_compile(struct sk_filter *fp)
if (addrs == NULL)
return;
@@ -29696,10 +29869,6 @@ index 5a5b6e4..37ccbe3 100644
+ if (!fp->work)
+ goto out;
+
-+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN
-+ randkey = get_random_int();
-+#endif
-+
/* Before first pass, make a rough estimation of addrs[]
- * each bpf instruction is translated to less than 64 bytes
+ * each bpf instruction is translated to less than MAX_INSTR_CODE_SIZE bytes
@@ -29710,6 +29879,17 @@ index 5a5b6e4..37ccbe3 100644
addrs[i] = proglen;
}
cleanup_addr = proglen; /* epilogue address */
+@@ -221,6 +323,10 @@ void bpf_jit_compile(struct sk_filter *fp)
+ for (i = 0; i < flen; i++) {
+ unsigned int K = filter[i].k;
+
++#ifdef CONFIG_GRKERNSEC_JIT_HARDEN
++ randkey = prandom_u32();
++#endif
++
+ switch (filter[i].code) {
+ case BPF_S_ALU_ADD_X: /* A += X; */
+ seen |= SEEN_XREG;
@@ -253,10 +359,8 @@ void bpf_jit_compile(struct sk_filter *fp)
case BPF_S_ALU_MUL_K: /* A *= K */
if (is_imm8(K))
@@ -47058,7 +47238,7 @@ index 2cd0de2..0169c04 100644
struct snd_kcontrol_new kctl;
char name[32];
diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c
-index 8b307b4..a97ac91 100644
+index 8b307b4..f999246 100644
--- a/drivers/staging/octeon/ethernet-rx.c
+++ b/drivers/staging/octeon/ethernet-rx.c
@@ -420,11 +420,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget)
@@ -47082,7 +47262,7 @@ index 8b307b4..a97ac91 100644
*/
#ifdef CONFIG_64BIT
- atomic64_add(1, (atomic64_t *)&priv->stats.rx_dropped);
-+ atomic64_unchecked_add(1, (atomic64_unchecked_t *)&priv->stats.rx_dropped);
++ atomic64_add_unchecked(1, (atomic64_unchecked_t *)&priv->stats.rx_dropped);
#else
- atomic_add(1, (atomic_t *)&priv->stats.rx_dropped);
+ atomic_add_unchecked(1, (atomic_unchecked_t *)&priv->stats.rx_dropped);
@@ -81584,10 +81764,35 @@ index e6454b6..cda5eaf 100644
static inline struct page *sk_stream_alloc_page(struct sock *sk)
{
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index fe46019..1422c5a 100644
+index fe46019..b2e8119 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
-@@ -470,7 +470,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
+@@ -433,6 +433,24 @@ extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
+ extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ struct ip_options *opt);
+ #ifdef CONFIG_SYN_COOKIES
++#include <linux/ktime.h>
++
++/* Syncookies use a monotonic timer which increments every 64 seconds.
++ * This counter is used both as a hash input and partially encoded into
++ * the cookie value. A cookie is only validated further if the delta
++ * between the current counter value and the encoded one is less than this,
++ * i.e. a sent cookie is valid only at most for 128 seconds (or less if
++ * the counter advances immediately after a cookie is generated).
++ */
++#define MAX_SYNCOOKIE_AGE 2
++
++static inline u32 tcp_cookie_time(void)
++{
++ struct timespec now;
++ getnstimeofday(&now);
++ return now.tv_sec >> 6; /* 64 seconds granularity */
++}
++
+ extern __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb,
+ __u16 *mss);
+ #else
+@@ -470,7 +488,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
extern void tcp_xmit_retransmit_queue(struct sock *);
extern void tcp_simple_retransmit(struct sock *);
extern int tcp_trim_head(struct sock *, struct sk_buff *, u32);
@@ -81596,7 +81801,7 @@ index fe46019..1422c5a 100644
extern void tcp_send_probe0(struct sock *);
extern void tcp_send_partial(struct sock *);
-@@ -633,8 +633,8 @@ struct tcp_skb_cb {
+@@ -633,8 +651,8 @@ struct tcp_skb_cb {
struct inet6_skb_parm h6;
#endif
} header; /* For incoming frames */
@@ -81607,7 +81812,7 @@ index fe46019..1422c5a 100644
__u32 when; /* used to compute rtt's */
__u8 tcp_flags; /* TCP header flags. (tcp[13]) */
__u8 sacked; /* State flags for SACK/FACK. */
-@@ -647,7 +647,7 @@ struct tcp_skb_cb {
+@@ -647,7 +665,7 @@ struct tcp_skb_cb {
#define TCPCB_EVER_RETRANS 0x80 /* Ever retransmitted frame */
#define TCPCB_RETRANS (TCPCB_SACKED_RETRANS|TCPCB_EVER_RETRANS)
@@ -84665,7 +84870,7 @@ index dc7bc08..4601964 100644
/* Don't allow clients that don't understand the native
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index a16dac1..3227c2c 100644
+index a16dac1..67f7981 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -64,7 +64,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
@@ -84793,7 +84998,7 @@ index a16dac1..3227c2c 100644
EXPORT_SYMBOL(__request_module);
#endif /* CONFIG_MODULES */
-@@ -188,6 +241,19 @@ static int ____call_usermodehelper(void *data)
+@@ -188,6 +241,20 @@ static int ____call_usermodehelper(void *data)
*/
set_user_nice(current, 0);
@@ -84803,7 +85008,8 @@ index a16dac1..3227c2c 100644
+ on that copy
+ */
+ if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) &&
-+ strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7)) || strstr(sub_info->path, "..")) {
++ strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) &&
++ strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) {
+ printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path);
+ retval = -EPERM;
+ goto fail;
@@ -84813,7 +85019,7 @@ index a16dac1..3227c2c 100644
retval = -ENOMEM;
new = prepare_kernel_cred(current);
if (!new)
-@@ -221,6 +287,10 @@ fail:
+@@ -221,6 +288,10 @@ fail:
void call_usermodehelper_freeinfo(struct subprocess_info *info)
{
@@ -84824,7 +85030,7 @@ index a16dac1..3227c2c 100644
if (info->cleanup)
(*info->cleanup)(info);
kfree(info);
-@@ -265,7 +335,7 @@ static int wait_for_helper(void *data)
+@@ -265,7 +336,7 @@ static int wait_for_helper(void *data)
*
* Thus the __user pointer cast is valid here.
*/
@@ -84833,7 +85039,7 @@ index a16dac1..3227c2c 100644
/*
* If ret is 0, either ____call_usermodehelper failed and the
-@@ -413,7 +483,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
+@@ -413,7 +484,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
goto out;
INIT_WORK(&sub_info->work, __call_usermodehelper);
@@ -84846,7 +85052,7 @@ index a16dac1..3227c2c 100644
sub_info->argv = argv;
sub_info->envp = envp;
out:
-@@ -512,7 +587,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec);
+@@ -512,7 +588,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec);
static int proc_cap_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -98663,6 +98869,122 @@ index 6768ce2..c682a62 100644
.init = rt_genid_init,
};
+diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
+index 8a1bed2..d41ac11 100644
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -89,8 +89,7 @@ __u32 cookie_init_timestamp(struct request_sock *req)
+
+
+ static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport,
+- __be16 dport, __u32 sseq, __u32 count,
+- __u32 data)
++ __be16 dport, __u32 sseq, __u32 data)
+ {
+ /*
+ * Compute the secure sequence number.
+@@ -102,7 +101,7 @@ static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport,
+ * As an extra hack, we add a small "data" value that encodes the
+ * MSS into the second hash value.
+ */
+-
++ u32 count = tcp_cookie_time();
+ return (cookie_hash(saddr, daddr, sport, dport, 0, 0) +
+ sseq + (count << COOKIEBITS) +
+ ((cookie_hash(saddr, daddr, sport, dport, count, 1) + data)
+@@ -114,22 +113,21 @@ static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport,
+ * If the syncookie is bad, the data returned will be out of
+ * range. This must be checked by the caller.
+ *
+- * The count value used to generate the cookie must be within
+- * "maxdiff" if the current (passed-in) "count". The return value
+- * is (__u32)-1 if this test fails.
++ * The count value used to generate the cookie must be less than
++ * MAX_SYNCOOKIE_AGE minutes in the past.
++ * The return value (__u32)-1 if this test fails.
+ */
+ static __u32 check_tcp_syn_cookie(__u32 cookie, __be32 saddr, __be32 daddr,
+- __be16 sport, __be16 dport, __u32 sseq,
+- __u32 count, __u32 maxdiff)
++ __be16 sport, __be16 dport, __u32 sseq)
+ {
+- __u32 diff;
++ u32 diff, count = tcp_cookie_time();
+
+ /* Strip away the layers from the cookie */
+ cookie -= cookie_hash(saddr, daddr, sport, dport, 0, 0) + sseq;
+
+ /* Cookie is now reduced to (count * 2^24) ^ (hash % 2^24) */
+ diff = (count - (cookie >> COOKIEBITS)) & ((__u32) - 1 >> COOKIEBITS);
+- if (diff >= maxdiff)
++ if (diff >= MAX_SYNCOOKIE_AGE)
+ return (__u32)-1;
+
+ return (cookie -
+@@ -138,22 +136,22 @@ static __u32 check_tcp_syn_cookie(__u32 cookie, __be32 saddr, __be32 daddr,
+ }
+
+ /*
+- * MSS Values are taken from the 2009 paper
+- * 'Measuring TCP Maximum Segment Size' by S. Alcock and R. Nelson:
+- * - values 1440 to 1460 accounted for 80% of observed mss values
+- * - values outside the 536-1460 range are rare (<0.2%).
++ * MSS Values are chosen based on the 2011 paper
++ * 'An Analysis of TCP Maximum Segement Sizes' by S. Alcock and R. Nelson.
++ * Values ..
++ * .. lower than 536 are rare (< 0.2%)
++ * .. between 537 and 1299 account for less than < 1.5% of observed values
++ * .. in the 1300-1349 range account for about 15 to 20% of observed mss values
++ * .. exceeding 1460 are very rare (< 0.04%)
+ *
+- * Table must be sorted.
++ * 1460 is the single most frequently announced mss value (30 to 46% depending
++ * on monitor location). Table must be sorted.
+ */
+ static __u16 const msstab[] = {
+- 64,
+- 512,
+ 536,
+- 1024,
+- 1440,
++ 1300,
++ 1440, /* 1440, 1452: PPPoE */
+ 1460,
+- 4312,
+- 8960,
+ };
+
+ /*
+@@ -178,17 +176,10 @@ __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
+
+ return secure_tcp_syn_cookie(iph->saddr, iph->daddr,
+ th->source, th->dest, ntohl(th->seq),
+- jiffies / (HZ * 60), mssind);
++ mssind);
+ }
+
+ /*
+- * This (misnamed) value is the age of syncookie which is permitted.
+- * Its ideal value should be dependent on TCP_TIMEOUT_INIT and
+- * sysctl_tcp_retries1. It's a rather complicated formula (exponential
+- * backoff) to compute at runtime so it's currently hardcoded here.
+- */
+-#define COUNTER_TRIES 4
+-/*
+ * Check if a ack sequence number is a valid syncookie.
+ * Return the decoded mss if it is, or 0 if not.
+ */
+@@ -198,9 +189,7 @@ static inline int cookie_check(struct sk_buff *skb, __u32 cookie)
+ const struct tcphdr *th = tcp_hdr(skb);
+ __u32 seq = ntohl(th->seq) - 1;
+ __u32 mssind = check_tcp_syn_cookie(cookie, iph->saddr, iph->daddr,
+- th->source, th->dest, seq,
+- jiffies / (HZ * 60),
+- COUNTER_TRIES);
++ th->source, th->dest, seq);
+
+ return mssind < ARRAY_SIZE(msstab) ? msstab[mssind] : 0;
+ }
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 739b073..7ac6591 100644
--- a/net/ipv4/sysctl_net_ipv4.c
@@ -99508,9 +99830,18 @@ index eba5deb..61e026f 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 9a4f437..d13bf8b 100644
+index 9a4f437..d6b0d59 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
+@@ -1250,7 +1250,7 @@ int ip6_route_add(struct fib6_config *cfg)
+ goto out;
+ }
+
+- rt = ip6_dst_alloc(&net->ipv6.ip6_dst_ops, NULL, DST_NOCOUNT);
++ rt = ip6_dst_alloc(&net->ipv6.ip6_dst_ops, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT);
+
+ if (rt == NULL) {
+ err = -ENOMEM;
@@ -2808,7 +2808,7 @@ ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
@@ -99520,6 +99851,96 @@ index 9a4f437..d13bf8b 100644
table = kmemdup(ipv6_route_table_template,
sizeof(ipv6_route_table_template),
+diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
+index 5a0d664..0177566a 100644
+--- a/net/ipv6/syncookies.c
++++ b/net/ipv6/syncookies.c
+@@ -27,26 +27,21 @@ extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
+ #define COOKIEBITS 24 /* Upper bits store count */
+ #define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)
+
+-/* Table must be sorted. */
++/* RFC 2460, Section 8.3:
++ * [ipv6 tcp] MSS must be computed as the maximum packet size minus 60 [..]
++ *
++ * Due to IPV6_MIN_MTU=1280 the lowest possible MSS is 1220, which allows
++ * using higher values than ipv4 tcp syncookies.
++ * The other values are chosen based on ethernet (1500 and 9k MTU), plus
++ * one that accounts for common encap (PPPoe) overhead. Table must be sorted.
++ */
+ static __u16 const msstab[] = {
+- 64,
+- 512,
+- 536,
+- 1280 - 60,
++ 1280 - 60, /* IPV6_MIN_MTU - 60 */
+ 1480 - 60,
+ 1500 - 60,
+- 4460 - 60,
+ 9000 - 60,
+ };
+
+-/*
+- * This (misnamed) value is the age of syncookie which is permitted.
+- * Its ideal value should be dependent on TCP_TIMEOUT_INIT and
+- * sysctl_tcp_retries1. It's a rather complicated formula (exponential
+- * backoff) to compute at runtime so it's currently hardcoded here.
+- */
+-#define COUNTER_TRIES 4
+-
+ static inline struct sock *get_cookie_sock(struct sock *sk, struct sk_buff *skb,
+ struct request_sock *req,
+ struct dst_entry *dst)
+@@ -89,8 +84,9 @@ static u32 cookie_hash(const struct in6_addr *saddr, const struct in6_addr *dadd
+ static __u32 secure_tcp_syn_cookie(const struct in6_addr *saddr,
+ const struct in6_addr *daddr,
+ __be16 sport, __be16 dport, __u32 sseq,
+- __u32 count, __u32 data)
++ __u32 data)
+ {
++ u32 count = tcp_cookie_time();
+ return (cookie_hash(saddr, daddr, sport, dport, 0, 0) +
+ sseq + (count << COOKIEBITS) +
+ ((cookie_hash(saddr, daddr, sport, dport, count, 1) + data)
+@@ -99,15 +95,14 @@ static __u32 secure_tcp_syn_cookie(const struct in6_addr *saddr,
+
+ static __u32 check_tcp_syn_cookie(__u32 cookie, const struct in6_addr *saddr,
+ const struct in6_addr *daddr, __be16 sport,
+- __be16 dport, __u32 sseq, __u32 count,
+- __u32 maxdiff)
++ __be16 dport, __u32 sseq)
+ {
+- __u32 diff;
++ __u32 diff, count = tcp_cookie_time();
+
+ cookie -= cookie_hash(saddr, daddr, sport, dport, 0, 0) + sseq;
+
+ diff = (count - (cookie >> COOKIEBITS)) & ((__u32) -1 >> COOKIEBITS);
+- if (diff >= maxdiff)
++ if (diff >= MAX_SYNCOOKIE_AGE)
+ return (__u32)-1;
+
+ return (cookie -
+@@ -133,8 +128,7 @@ __u32 cookie_v6_init_sequence(struct sock *sk, const struct sk_buff *skb, __u16
+ NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
+
+ return secure_tcp_syn_cookie(&iph->saddr, &iph->daddr, th->source,
+- th->dest, ntohl(th->seq),
+- jiffies / (HZ * 60), mssind);
++ th->dest, ntohl(th->seq), mssind);
+ }
+
+ static inline int cookie_check(const struct sk_buff *skb, __u32 cookie)
+@@ -143,8 +137,7 @@ static inline int cookie_check(const struct sk_buff *skb, __u32 cookie)
+ const struct tcphdr *th = tcp_hdr(skb);
+ __u32 seq = ntohl(th->seq) - 1;
+ __u32 mssind = check_tcp_syn_cookie(cookie, &iph->saddr, &iph->daddr,
+- th->source, th->dest, seq,
+- jiffies / (HZ * 60), COUNTER_TRIES);
++ th->source, th->dest, seq);
+
+ return mssind < ARRAY_SIZE(msstab) ? msstab[mssind] : 0;
+ }
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 166a57c..dc4e6b8 100644
--- a/net/ipv6/sysctl_net_ipv6.c
@@ -101828,7 +102249,7 @@ index 8da4481..d02565e 100644
+ (rtt >> sctp_rto_alpha);
} else {
diff --git a/net/socket.c b/net/socket.c
-index d4faade..1c51abc 100644
+index d4faade..002025a 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -102003,7 +102424,18 @@ index d4faade..1c51abc 100644
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
unsigned, flags, struct sockaddr __user *, addr,
int, addr_len)
-@@ -1966,7 +2032,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -1884,6 +1950,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
+ {
+ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
+ return -EFAULT;
++
++ if (kmsg->msg_namelen < 0)
++ return -EINVAL;
++
+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
+ kmsg->msg_namelen = sizeof(struct sockaddr_storage);
+ return 0;
+@@ -1966,7 +2036,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
@@ -102012,7 +102444,7 @@ index d4faade..1c51abc 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2148,7 +2214,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2148,7 +2218,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
/* Save the user-mode address (verify_iovec will change the
* kernel msghdr to use the kernel address space)
*/
@@ -102022,7 +102454,7 @@ index d4faade..1c51abc 100644
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags)
err = verify_compat_iovec(msg_sys, iov,
-@@ -2792,9 +2859,9 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2792,9 +2863,9 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
}
ifr = compat_alloc_user_space(buf_size);
@@ -102034,7 +102466,7 @@ index d4faade..1c51abc 100644
return -EFAULT;
if (put_user(convert_in ? rxnfc : compat_ptr(data),
-@@ -2816,12 +2883,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2816,12 +2887,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
offsetof(struct ethtool_rxnfc, fs.ring_cookie));
if (copy_in_user(rxnfc, compat_rxnfc,
@@ -102051,7 +102483,7 @@ index d4faade..1c51abc 100644
copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2833,12 +2900,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2833,12 +2904,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
if (convert_out) {
if (copy_in_user(compat_rxnfc, rxnfc,
@@ -102068,7 +102500,7 @@ index d4faade..1c51abc 100644
copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2908,14 +2975,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2908,14 +2979,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -102085,7 +102517,7 @@ index d4faade..1c51abc 100644
return -EFAULT;
if (get_user(data, &ifr32->ifr_ifru.ifru_data))
-@@ -3017,7 +3084,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3017,7 +3088,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -102094,7 +102526,7 @@ index d4faade..1c51abc 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3122,7 +3189,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3122,7 +3193,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= __get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -102103,7 +102535,7 @@ index d4faade..1c51abc 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3362,8 +3429,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3362,8 +3433,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
@@ -102114,7 +102546,7 @@ index d4faade..1c51abc 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3383,7 +3450,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3383,7 +3454,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -103854,10 +104286,10 @@ index 38f6617..e70b72b 100755
exuberant()
diff --git a/security/Kconfig b/security/Kconfig
-index 51bd5a0..8c5f2ab 100644
+index 51bd5a0..d4191c5 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,954 @@
+@@ -4,6 +4,955 @@
menu "Security options"
@@ -104283,8 +104715,9 @@ index 51bd5a0..8c5f2ab 100644
+ 3 GB.
+
+config PAX_EMUTRAMP
-+ bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
-+ default y if PARISC
++ bool "Emulate trampolines"
++ default y if PARISC || GRKERNSEC_CONFIG_AUTO
++ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
+ help
+ There are some programs and libraries that for one reason or
+ another attempt to execute special small code snippets from
@@ -104812,7 +105245,7 @@ index 51bd5a0..8c5f2ab 100644
config KEYS
bool "Enable access key retention support"
help
-@@ -169,7 +1117,7 @@ config INTEL_TXT
+@@ -169,7 +1118,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
diff --git a/3.2.55/4475_emutramp_default_on.patch b/3.2.55/4475_emutramp_default_on.patch
index cfde6f8..10a2580 100644
--- a/3.2.55/4475_emutramp_default_on.patch
+++ b/3.2.55/4475_emutramp_default_on.patch
@@ -13,9 +13,9 @@ diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/secur
@@ -427,7 +427,7 @@
config PAX_EMUTRAMP
- bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
-- default y if PARISC
+ bool "Emulate trampolines"
+- default y if PARISC || GRKERNSEC_CONFIG_AUTO
+ default y
+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
help
There are some programs and libraries that for one reason or
- another attempt to execute special small code snippets from
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-03-16 23:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-03-16 23:20 [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.55/, 3.13.5/, 3.13.6/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox