From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 0F32C138A1A for ; Sat, 21 Feb 2015 01:36:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 548B3E0893; Sat, 21 Feb 2015 01:36:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 78044E0893 for ; Sat, 21 Feb 2015 01:36:30 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 699EA340903 for ; Sat, 21 Feb 2015 01:36:28 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 08BCE1233F for ; Sat, 21 Feb 2015 01:36:27 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1424482561.92a80a21526d3f13a62bffe3deaf8d528db7d806.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.67/, 3.14.33/, 3.18.7/, 3.18.5/, 3.2.66/, 3.14.31/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 3.14.31/0000_README 3.14.31/4420_grsecurity-3.0-3.14.31-201502052352.patch 3.14.31/4425_grsec_remove_EI_PAX.patch 3.14.31/4427_force_XATTR_PAX_tmpfs.patch 3.14.31/4430_grsec-remove-localversion-grsec.patch 3.14.31/4435_grsec-mute-warnings.patch 3.14.31/4440_grsec-remove-protected-paths.patch 3.14.31/4450_grsec-kconfig-default-gids.patch 3.14.31/4465_selinux-avc_audit-log-curr_ip.patch 3.14.31/4470_disable-compat_vdso.patch 3.14.31/4475_emutramp_default_on.patch 3.14.33/0000_README 3.14.33/4420_grsecurity-3.0-3.14.33-201502200812.patch 3.14.33/4425_grsec_remove_EI_PAX.patch 3.14.33/4427_force_XATTR_PAX_tmpfs.patch 3.14.33/4430_grsec-remove-localversion-grsec.patch 3.14.33/4435_grsec-mute-warnings.patch 3.14.33/4440_grsec-remove-protected-paths.patch 3.14.33/4450_grsec-kconfig-default-gids.patch 3.14.33/4465_selinux-avc_audit-log-curr_ip.patch 3.14.33/4470_disable-compat_vdso.patch 3.14.33/4475_emutramp_default_on.patch 3.18.5/0000_README 3.18.5/4420_grsecurity-3.0-3.18.5- 201502052352.patch 3.18.5/4425_grsec_remove_EI_PAX.patch 3.18.5/4427_force_XATTR_PAX_tmpfs.patch 3.18.5/4430_grsec-remove-localversion-grsec.patch 3.18.5/4435_grsec-mute-warnings.patch 3.18.5/4440_grsec-remove-protected-paths.patch 3.18.5/4450_grsec-kconfig-default-gids.patch 3.18.5/4465_selinux-avc_audit-log-curr_ip.patch 3.18.5/4470_disable-compat_vdso.patch 3.18.5/4475_emutramp_default_on.patch 3.18.7/0000_README 3.18.7/4420_grsecurity-3.0-3.18.7-201502200813.patch 3.18.7/4425_grsec_remove_EI_PAX.patch 3.18.7/4427_force_XATTR_PAX_tmpfs.patch 3.18.7/4430_grsec-remove-localversion-grsec.patch 3.18.7/4435_grsec-mute-warnings.patch 3.18.7/4440_grsec-remove-protected-paths.patch 3.18.7/4450_grsec-kconfig-default-gids.patch 3.18.7/4465_selinux-avc_audit-log-curr_ip.patch 3.18.7/4470_disable-compat_vdso.patch 3.18.7/4475_emutramp_default_on.patch 3.2.66/0000_README 3.2.66/1021_linux-3.2.22.patch 3.2.66/1022_linux-3.2.23.patch 3.2.66/1023_linux-3.2.24.patch 3.2.66/1024_linux-3.2.25.patch 3.2.66/1025_linux-3.2.26.patch 3.2.66/1026_linux-3.2.27.patch 3.2.66/1027_linux-3.2.28.patch 3.2.66/1028_linux-3.2.29.patch 3.2.66/1029_linux-3.2.30.patch 3.2.66/1030_linux-3.2.31.patch 3.2.66/1031_linux-3.2.32.patch 3.2.66/1032_linux-3.2.33.patch 3.2.66/1033_linux-3.2.34.patch 3.2.66/1034_linux-3.2.35.patch 3.2.66/1035_linux-3.2.36.patch 3.2.66/1036_linux-3.2.37.patch 3.2.66/1037_linux-3.2.38.patch 3.2.66/1038_linux-3.2.39.patch 3.2.66/1039_linux-3.2.40.patch 3.2.66/1040_linux-3.2.41.patch 3.2.66/1041_linux-3.2.42.patch 3.2.66/1042_linux-3.2.43.patch 3.2.66/1043_linux-3.2.44.patch 3.2.66/1044_linux-3.2.45.patch 3.2.66/1045_linux-3.2.46.patch 3.2.66/1046_linux-3.2.47.patch 3.2.66/1047_linux-3.2.48.patch 3.2.66/1048_linux-3.2.49.patch 3.2.66/1049_linux-3.2.50.patch 3.2.66/1050_linux-3.2.51.patch 3.2.66/1051_linux-3.2.52.patch 3.2.66/1052_linux-3.2.53.patch 3.2.66/1053_linux-3.2.54.patch 3.2.66/1054_linux-3.2.55.patch 3.2.66/1055_linux-3.2.56.patch 3.2.66/1056_linux-3.2.57.patch 3.2. 66/1057_linux-3.2.58.patch 3.2.66/1058_linux-3.2.59.patch 3.2.66/1059_linux-3.2.60.patch 3.2.66/1060_linux-3.2.61.patch 3.2.66/1061_linux-3.2.62.patch 3.2.66/1062_linux-3.2.63.patch 3.2.66/1063_linux-3.2.64.patch 3.2.66/1064_linux-3.2.65.patch 3.2.66/1065_linux-3.2.66.patch 3.2.66/4420_grsecurity-3.0-3.2.66-201502052350.patch 3.2.66/4425_grsec_remove_EI_PAX.patch 3.2.66/4427_force_XATTR_PAX_tmpfs.patch 3.2.66/4430_grsec-remove-localversion-grsec.patch 3.2.66/4435_grsec-mute-warnings.patch 3.2.66/4440_grsec-remove-protected-paths.patch 3.2.66/4450_grsec-kconfig-default-gids.patch 3.2.66/4465_selinux-avc_audit-log-curr_ip.patch 3.2.66/4470_disable-compat_vdso.patch 3.2.66/4475_emutramp_default_on.patch 3.2.67/0000_README 3.2.67/1021_linux-3.2.22.patch 3.2.67/1022_linux-3.2.23.patch 3.2.67/1023_linux-3.2.24.patch 3.2.67/1024_linux-3.2.25.patch 3.2.67/1025_linux-3.2.26.patch 3.2.67/1026_linux-3.2.27.patch 3.2.67/1027_linux-3.2.28.patch 3.2.67/1028_linux-3.2.29.patch 3.2.67/1029_linux-3. 2.30.patch 3.2.67/1030_linux-3.2.31.patch 3.2.67/1031_linux-3.2.32.patch 3.2.67/1032_linux-3.2.33.patch 3.2.67/1033_linux-3.2.34.patch 3.2.67/1034_linux-3.2.35.patch 3.2.67/1035_linux-3.2.36.patch 3.2.67/1036_linux-3.2.37.patch 3.2.67/1037_linux-3.2.38.patch 3.2.67/1038_linux-3.2.39.patch 3.2.67/1039_linux-3.2.40.patch 3.2.67/1040_linux-3.2.41.patch 3.2.67/1041_linux-3.2.42.patch 3.2.67/1042_linux-3.2.43.patch 3.2.67/1043_linux-3.2.44.patch 3.2.67/1044_linux-3.2.45.patch 3.2.67/1045_linux-3.2.46.patch 3.2.67/1046_linux-3.2.47.patch 3.2.67/1047_linux-3.2.48.patch 3.2.67/1048_linux-3.2.49.patch 3.2.67/1049_linux-3.2.50.patch 3.2.67/1050_linux-3.2.51.patch 3.2.67/1051_linux-3.2.52.patch 3.2.67/1052_linux-3.2.53.patch 3.2.67/1053_linux-3.2.54.patch 3.2.67/1054_linux-3.2.55.patch 3.2.67/1055_linux-3.2.56.patch 3.2.67/1056_linux-3.2.57.patch 3.2.67/1057_linux-3.2.58.patch 3.2.67/1058_linux-3.2.59.patch 3.2.67/1059_linux-3.2.60.patch 3.2.67/1060_linux-3.2.61.patch 3.2.67/1061_linux-3.2.62. patch 3.2.67/1062_linux-3.2.63.patch 3.2.67/1063_linux-3.2.64.patch 3.2.67/1064_linux-3.2.65.patch 3.2.67/1065_linux-3.2.66.patch 3.2.67/1066_linux-3.2.67.patch 3.2.67/4420_grsecurity-3.0-3.2.67-201502200807.patch 3.2.67/4425_grsec_remove_EI_PAX.patch 3.2.67/4427_force_XATTR_PAX_tmpfs.patch 3.2.67/4430_grsec-remove-localversion-grsec.patch 3.2.67/4435_grsec-mute-warnings.patch 3.2.67/4440_grsec-remove-protected-paths.patch 3.2.67/4450_grsec-kconfig-default-gids.patch 3.2.67/4465_selinux-avc_audit-log-curr_ip.patch 3.2.67/4470_disable-compat_vdso.patch 3.2.67/4475_emutramp_default_on.patch X-VCS-Directories: 3.2.66/ 3.18.5/ 3.18.7/ 3.14.31/ 3.14.33/ 3.2.67/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 92a80a21526d3f13a62bffe3deaf8d528db7d806 X-VCS-Branch: master Date: Sat, 21 Feb 2015 01:36:27 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 4e0d8f33-3a90-4283-a95c-95aea0797199 X-Archives-Hash: b63d4ed117558233283daa361d3cb696 commit: 92a80a21526d3f13a62bffe3deaf8d528db7d806 Author: Anthony G. Basile gentoo org> AuthorDate: Sat Feb 21 01:36:01 2015 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Sat Feb 21 01:36:01 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=92a80a21 Grsec/PaX: 3.0-{3.2.67,3.14.33,3.18.7}-201502200807 --- {3.14.31 => 3.14.33}/0000_README | 2 +- .../4420_grsecurity-3.0-3.14.33-201502200812.patch | 651 +- {3.18.5 => 3.14.33}/4425_grsec_remove_EI_PAX.patch | 0 .../4427_force_XATTR_PAX_tmpfs.patch | 0 .../4430_grsec-remove-localversion-grsec.patch | 0 .../4435_grsec-mute-warnings.patch | 0 .../4440_grsec-remove-protected-paths.patch | 0 .../4450_grsec-kconfig-default-gids.patch | 0 .../4465_selinux-avc_audit-log-curr_ip.patch | 0 .../4470_disable-compat_vdso.patch | 0 {3.18.5 => 3.14.33}/4475_emutramp_default_on.patch | 0 {3.18.5 => 3.18.7}/0000_README | 2 +- .../4420_grsecurity-3.0-3.18.7-201502200813.patch | 501 +- {3.14.31 => 3.18.7}/4425_grsec_remove_EI_PAX.patch | 0 .../4427_force_XATTR_PAX_tmpfs.patch | 0 .../4430_grsec-remove-localversion-grsec.patch | 0 {3.18.5 => 3.18.7}/4435_grsec-mute-warnings.patch | 0 .../4440_grsec-remove-protected-paths.patch | 0 .../4450_grsec-kconfig-default-gids.patch | 0 .../4465_selinux-avc_audit-log-curr_ip.patch | 0 {3.18.5 => 3.18.7}/4470_disable-compat_vdso.patch | 0 {3.14.31 => 3.18.7}/4475_emutramp_default_on.patch | 0 {3.2.66 => 3.2.67}/0000_README | 6 +- {3.2.66 => 3.2.67}/1021_linux-3.2.22.patch | 0 {3.2.66 => 3.2.67}/1022_linux-3.2.23.patch | 0 {3.2.66 => 3.2.67}/1023_linux-3.2.24.patch | 0 {3.2.66 => 3.2.67}/1024_linux-3.2.25.patch | 0 {3.2.66 => 3.2.67}/1025_linux-3.2.26.patch | 0 {3.2.66 => 3.2.67}/1026_linux-3.2.27.patch | 0 {3.2.66 => 3.2.67}/1027_linux-3.2.28.patch | 0 {3.2.66 => 3.2.67}/1028_linux-3.2.29.patch | 0 {3.2.66 => 3.2.67}/1029_linux-3.2.30.patch | 0 {3.2.66 => 3.2.67}/1030_linux-3.2.31.patch | 0 {3.2.66 => 3.2.67}/1031_linux-3.2.32.patch | 0 {3.2.66 => 3.2.67}/1032_linux-3.2.33.patch | 0 {3.2.66 => 3.2.67}/1033_linux-3.2.34.patch | 0 {3.2.66 => 3.2.67}/1034_linux-3.2.35.patch | 0 {3.2.66 => 3.2.67}/1035_linux-3.2.36.patch | 0 {3.2.66 => 3.2.67}/1036_linux-3.2.37.patch | 0 {3.2.66 => 3.2.67}/1037_linux-3.2.38.patch | 0 {3.2.66 => 3.2.67}/1038_linux-3.2.39.patch | 0 {3.2.66 => 3.2.67}/1039_linux-3.2.40.patch | 0 {3.2.66 => 3.2.67}/1040_linux-3.2.41.patch | 0 {3.2.66 => 3.2.67}/1041_linux-3.2.42.patch | 0 {3.2.66 => 3.2.67}/1042_linux-3.2.43.patch | 0 {3.2.66 => 3.2.67}/1043_linux-3.2.44.patch | 0 {3.2.66 => 3.2.67}/1044_linux-3.2.45.patch | 0 {3.2.66 => 3.2.67}/1045_linux-3.2.46.patch | 0 {3.2.66 => 3.2.67}/1046_linux-3.2.47.patch | 0 {3.2.66 => 3.2.67}/1047_linux-3.2.48.patch | 0 {3.2.66 => 3.2.67}/1048_linux-3.2.49.patch | 0 {3.2.66 => 3.2.67}/1049_linux-3.2.50.patch | 0 {3.2.66 => 3.2.67}/1050_linux-3.2.51.patch | 0 {3.2.66 => 3.2.67}/1051_linux-3.2.52.patch | 0 {3.2.66 => 3.2.67}/1052_linux-3.2.53.patch | 0 {3.2.66 => 3.2.67}/1053_linux-3.2.54.patch | 0 {3.2.66 => 3.2.67}/1054_linux-3.2.55.patch | 0 {3.2.66 => 3.2.67}/1055_linux-3.2.56.patch | 0 {3.2.66 => 3.2.67}/1056_linux-3.2.57.patch | 0 {3.2.66 => 3.2.67}/1057_linux-3.2.58.patch | 0 {3.2.66 => 3.2.67}/1058_linux-3.2.59.patch | 0 {3.2.66 => 3.2.67}/1059_linux-3.2.60.patch | 0 {3.2.66 => 3.2.67}/1060_linux-3.2.61.patch | 0 {3.2.66 => 3.2.67}/1061_linux-3.2.62.patch | 0 {3.2.66 => 3.2.67}/1062_linux-3.2.63.patch | 0 {3.2.66 => 3.2.67}/1063_linux-3.2.64.patch | 0 {3.2.66 => 3.2.67}/1064_linux-3.2.65.patch | 0 {3.2.66 => 3.2.67}/1065_linux-3.2.66.patch | 0 3.2.67/1066_linux-3.2.67.patch | 6792 ++++++++++++++++++++ .../4420_grsecurity-3.0-3.2.67-201502200807.patch | 1777 +++-- {3.2.66 => 3.2.67}/4425_grsec_remove_EI_PAX.patch | 0 .../4427_force_XATTR_PAX_tmpfs.patch | 0 .../4430_grsec-remove-localversion-grsec.patch | 0 {3.2.66 => 3.2.67}/4435_grsec-mute-warnings.patch | 0 .../4440_grsec-remove-protected-paths.patch | 0 .../4450_grsec-kconfig-default-gids.patch | 0 .../4465_selinux-avc_audit-log-curr_ip.patch | 0 {3.2.66 => 3.2.67}/4470_disable-compat_vdso.patch | 0 {3.2.66 => 3.2.67}/4475_emutramp_default_on.patch | 0 79 files changed, 8383 insertions(+), 1348 deletions(-) diff --git a/3.14.31/0000_README b/3.14.33/0000_README similarity index 96% rename from 3.14.31/0000_README rename to 3.14.33/0000_README index cd1e617..0785237 100644 --- a/3.14.31/0000_README +++ b/3.14.33/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.31-201502052352.patch +Patch: 4420_grsecurity-3.0-3.14.33-201502200812.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.31/4420_grsecurity-3.0-3.14.31-201502052352.patch b/3.14.33/4420_grsecurity-3.0-3.14.33-201502200812.patch similarity index 99% rename from 3.14.31/4420_grsecurity-3.0-3.14.31-201502052352.patch rename to 3.14.33/4420_grsecurity-3.0-3.14.33-201502200812.patch index 62bdff1..6f66607 100644 --- a/3.14.31/4420_grsecurity-3.0-3.14.31-201502052352.patch +++ b/3.14.33/4420_grsecurity-3.0-3.14.33-201502200812.patch @@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 5abf670..9b24a3b 100644 +index b0963ca..76c9099 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3896,7 +3896,7 @@ index 7abde2c..9df495f 100644 static bool of_init = false; diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c -index 6eb97b3..e77848e 100644 +index 4370933..e77848e 100644 --- a/arch/arm/mm/context.c +++ b/arch/arm/mm/context.c @@ -43,7 +43,7 @@ @@ -3908,40 +3908,7 @@ index 6eb97b3..e77848e 100644 static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS); static DEFINE_PER_CPU(atomic64_t, active_asids); -@@ -144,21 +144,17 @@ static void flush_context(unsigned int cpu) - /* Update the list of reserved ASIDs and the ASID bitmap. */ - bitmap_clear(asid_map, 0, NUM_USER_ASIDS); - for_each_possible_cpu(i) { -- if (i == cpu) { -- asid = 0; -- } else { -- asid = atomic64_xchg(&per_cpu(active_asids, i), 0); -- /* -- * If this CPU has already been through a -- * rollover, but hasn't run another task in -- * the meantime, we must preserve its reserved -- * ASID, as this is the only trace we have of -- * the process it is still running. -- */ -- if (asid == 0) -- asid = per_cpu(reserved_asids, i); -- __set_bit(asid & ~ASID_MASK, asid_map); -- } -+ asid = atomic64_xchg(&per_cpu(active_asids, i), 0); -+ /* -+ * If this CPU has already been through a -+ * rollover, but hasn't run another task in -+ * the meantime, we must preserve its reserved -+ * ASID, as this is the only trace we have of -+ * the process it is still running. -+ */ -+ if (asid == 0) -+ asid = per_cpu(reserved_asids, i); -+ __set_bit(asid & ~ASID_MASK, asid_map); - per_cpu(reserved_asids, i) = asid; - } - -@@ -182,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) +@@ -178,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) { static u32 cur_idx = 1; u64 asid = atomic64_read(&mm->context.id); @@ -3950,7 +3917,7 @@ index 6eb97b3..e77848e 100644 if (asid != 0 && is_reserved_asid(asid)) { /* -@@ -203,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) +@@ -199,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) */ asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx); if (asid == NUM_USER_ASIDS) { @@ -3959,7 +3926,7 @@ index 6eb97b3..e77848e 100644 &asid_generation); flush_context(cpu); asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1); -@@ -234,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) +@@ -230,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) cpu_set_reserved_ttbr0(); asid = atomic64_read(&mm->context.id); @@ -12635,7 +12602,7 @@ index 50f8c5e..4f84fff 100644 return diff; } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index b5bb498..74110e8 100644 +index 67e9f5c..2af15db 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y) @@ -28225,7 +28192,7 @@ index e8edcf5..27f9344 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index da6b35a..977e9cf 100644 +index da6b35a..7ef6b87 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -28406,7 +28373,6 @@ index da6b35a..977e9cf 100644 + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) { + VMLINUX_SYMBOL(_sinittext) = .; + INIT_TEXT -+ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(PAGE_SIZE); + } :text.init @@ -28417,6 +28383,7 @@ index da6b35a..977e9cf 100644 + */ + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { + EXIT_TEXT ++ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(16); + } :text.exit + . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text); @@ -28834,18 +28801,10 @@ index 9643eda6..c9cb765 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index de42688..6e3ace5 100644 +index 80c22a3..ec2028e 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -441,6 +441,7 @@ struct vcpu_vmx { - #endif - int gs_ldt_reload_needed; - int fs_reload_needed; -+ unsigned long vmcs_host_cr4; /* May not match real cr4 */ - } host_state; - struct { - int vm86_active; -@@ -1320,12 +1321,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -1321,12 +1321,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -28860,7 +28819,7 @@ index de42688..6e3ace5 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1585,7 +1586,11 @@ static void reload_tss(void) +@@ -1586,7 +1586,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -28872,7 +28831,7 @@ index de42688..6e3ace5 100644 load_TR_desc(); } -@@ -1809,6 +1814,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1810,6 +1814,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -28883,7 +28842,7 @@ index de42688..6e3ace5 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2098,7 +2107,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) +@@ -2099,7 +2107,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) * reads and returns guest's timestamp counter "register" * guest_tsc = host_tsc + tsc_offset -- 21.3 */ @@ -28892,7 +28851,7 @@ index de42688..6e3ace5 100644 { u64 host_tsc, tsc_offset; -@@ -3027,8 +3036,11 @@ static __init int hardware_setup(void) +@@ -3028,8 +3036,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -28906,7 +28865,7 @@ index de42688..6e3ace5 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3039,13 +3051,15 @@ static __init int hardware_setup(void) +@@ -3040,13 +3051,15 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_apicv()) enable_apicv = 0; @@ -28926,26 +28885,18 @@ index de42688..6e3ace5 100644 if (nested) nested_vmx_setup_ctls_msrs(); -@@ -4165,10 +4179,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) - u32 low32, high32; - unsigned long tmpl; - struct desc_ptr dt; -+ unsigned long cr4; +@@ -4169,7 +4182,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) + unsigned long cr4; vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ -- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ ++ +#ifndef CONFIG_PAX_PER_CPU_PGD vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ +#endif -+ -+ /* Save the most likely value for this task's CR4 in the VMCS. */ -+ cr4 = read_cr4(); -+ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ -+ vmx->host_state.vmcs_host_cr4 = cr4; - vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ - #ifdef CONFIG_X86_64 -@@ -4190,7 +4211,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) + /* Save the most likely value for this task's CR4 in the VMCS. */ + cr4 = read_cr4(); +@@ -4196,7 +4212,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ vmx->host_idt_base = dt.address; @@ -28954,29 +28905,7 @@ index de42688..6e3ace5 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -7196,7 +7217,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) - static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) - { - struct vcpu_vmx *vmx = to_vmx(vcpu); -- unsigned long debugctlmsr; -+ unsigned long debugctlmsr, cr4; - - /* Record the guest's net vcpu time for enforced NMI injections. */ - if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) -@@ -7217,6 +7238,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) - if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) - vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); - -+ cr4 = read_cr4(); -+ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) { -+ vmcs_writel(HOST_CR4, cr4); -+ vmx->host_state.vmcs_host_cr4 = cr4; -+ } -+ - /* When single-stepping over STI and MOV SS, we must clear the - * corresponding interruptibility bits in the guest state. Otherwise - * vmentry fails as it then expects bit 14 (BS) in pending debug -@@ -7275,6 +7302,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7287,6 +7303,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -28989,7 +28918,7 @@ index de42688..6e3ace5 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -7327,6 +7360,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7339,6 +7361,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -29001,7 +28930,7 @@ index de42688..6e3ace5 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -7340,7 +7378,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7352,7 +7379,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -29010,7 +28939,7 @@ index de42688..6e3ace5 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -7349,8 +7387,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7361,8 +7388,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -33438,7 +33367,7 @@ index 7b179b49..6bd17777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index 94bd247..7e48391 100644 +index 94bd247..49644a3 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, @@ -33461,17 +33390,29 @@ index 94bd247..7e48391 100644 { struct vm_struct *p, *o; -@@ -322,6 +322,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) - +@@ -317,23 +317,22 @@ EXPORT_SYMBOL(iounmap); + */ + void *xlate_dev_mem_ptr(unsigned long phys) + { +- void *addr; +- unsigned long start = phys & PAGE_MASK; +- /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ - if (page_is_ram(start >> PAGE_SHIFT)) +- if (page_is_ram(start >> PAGE_SHIFT)) ++ if (page_is_ram(phys >> PAGE_SHIFT)) +#ifdef CONFIG_HIGHMEM -+ if ((start >> PAGE_SHIFT) < max_low_pfn) ++ if ((phys >> PAGE_SHIFT) < max_low_pfn) +#endif return __va(phys); - addr = (void __force *)ioremap_cache(start, PAGE_SIZE); -@@ -334,6 +337,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) +- addr = (void __force *)ioremap_cache(start, PAGE_SIZE); +- if (addr) +- addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK)); +- +- return addr; ++ return (void __force *)ioremap_cache(phys, PAGE_SIZE); + } + void unxlate_dev_mem_ptr(unsigned long phys, void *addr) { if (page_is_ram(phys >> PAGE_SHIFT)) @@ -33481,7 +33422,7 @@ index 94bd247..7e48391 100644 return; iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK)); -@@ -351,7 +357,7 @@ static int __init early_ioremap_debug_setup(char *str) +@@ -351,7 +350,7 @@ static int __init early_ioremap_debug_setup(char *str) early_param("early_ioremap_debug", early_ioremap_debug_setup); static __initdata int after_paging_init; @@ -33490,7 +33431,7 @@ index 94bd247..7e48391 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -388,8 +394,7 @@ void __init early_ioremap_init(void) +@@ -388,8 +387,7 @@ void __init early_ioremap_init(void) slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -34391,10 +34332,10 @@ index 0149575..f746de8 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index af2d431..bc63cba 100644 +index af2d431..c405730 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c -@@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) +@@ -50,13 +50,102 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) return ptr + len; } @@ -34422,7 +34363,8 @@ index af2d431..bc63cba 100644 + EMIT2(0x81, 0xf1); \ + EMIT((_key) ^ (_off), 4); \ +} while (0) -+ ++#define SHORT_JMP_LENGTH 2 ++#define NEAR_JMP_LENGTH (5 + 8) +#define EMIT1_off32(b1, _off) \ +do { \ + switch (b1) { \ @@ -34430,13 +34372,21 @@ index af2d431..bc63cba 100644 + case 0x2d: /* sub eax, imm32 */ \ + case 0x25: /* and eax, imm32 */ \ + case 0x0d: /* or eax, imm32 */ \ -+ case 0xb8: /* mov eax, imm32 */ \ + case 0x35: /* xor eax, imm32 */ \ + case 0x3d: /* cmp eax, imm32 */ \ -+ case 0xa9: /* test eax, imm32 */ \ + DILUTE_CONST_SEQUENCE(_off, randkey); \ + EMIT2((b1) - 4, 0xc8); /* convert imm instruction to eax, ecx */\ + break; \ ++ case 0xb8: /* mov eax, imm32 */ \ ++ DILUTE_CONST_SEQUENCE(_off, randkey); \ ++ /* mov eax, ecx */ \ ++ EMIT2(0x89, 0xc8); \ ++ break; \ ++ case 0xa9: /* test eax, imm32 */ \ ++ DILUTE_CONST_SEQUENCE(_off, randkey); \ ++ /* test eax, ecx */ \ ++ EMIT2(0x85, 0xc8); \ ++ break; \ + case 0xbb: /* mov ebx, imm32 */ \ + DILUTE_CONST_SEQUENCE(_off, randkey); \ + /* mov ebx, ecx */ \ @@ -34452,8 +34402,9 @@ index af2d431..bc63cba 100644 + EMIT(_off, 4); \ + break; \ + case 0xe9: /* jmp rel imm32 */ \ ++ BUG_ON((int)(_off) < 0); \ + EMIT1(b1); \ -+ EMIT(_off, 4); \ ++ EMIT(_off + 8, 4); \ + /* prevent fall-through, we're not called if off = 0 */ \ + EMIT(0xcccccccc, 4); \ + EMIT(0xcccccccc, 4); \ @@ -34481,11 +34432,21 @@ index af2d431..bc63cba 100644 +#else #define EMIT1_off32(b1, off) do { EMIT1(b1); EMIT(off, 4);} while (0) +#define EMIT2_off32(b1, b2, off) do { EMIT2(b1, b2); EMIT(off, 4);} while (0) ++#define SHORT_JMP_LENGTH 2 ++#define NEAR_JMP_LENGTH 5 +#endif #define CLEAR_A() EMIT2(0x31, 0xc0) /* xor %eax,%eax */ #define CLEAR_X() EMIT2(0x31, 0xdb) /* xor %ebx,%ebx */ -@@ -91,6 +168,24 @@ do { \ +@@ -73,6 +162,7 @@ static inline bool is_near(int offset) + + #define EMIT_JMP(offset) \ + do { \ ++ BUG_ON((int)(offset) < 0); \ + if (offset) { \ + if (is_near(offset)) \ + EMIT2(0xeb, offset); /* jmp .+off8 */ \ +@@ -91,13 +181,33 @@ do { \ #define X86_JBE 0x76 #define X86_JA 0x77 @@ -34509,16 +34470,18 @@ index af2d431..bc63cba 100644 + #define EMIT_COND_JMP(op, offset) \ do { \ ++ BUG_ON((int)(offset) < 0); \ if (is_near(offset)) \ -@@ -98,6 +193,7 @@ do { \ + EMIT2(op, offset); /* jxx .+off8 */ \ else { \ EMIT2(0x0f, op + 0x10); \ - EMIT(offset, 4); /* jxx .+off32 */ \ +- EMIT(offset, 4); /* jxx .+off32 */ \ ++ EMIT((offset) + 21, 4); /* jxx .+off32 */ \ + APPEND_FLOW_VERIFY(); \ } \ } while (0) -@@ -145,55 +241,54 @@ static int pkt_type_offset(void) +@@ -145,55 +255,54 @@ static int pkt_type_offset(void) return -1; } @@ -34590,7 +34553,7 @@ index af2d431..bc63cba 100644 if (!bpf_jit_enable) return; -@@ -203,10 +298,10 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -203,10 +312,10 @@ void bpf_jit_compile(struct sk_filter *fp) return; /* Before first pass, make a rough estimation of addrs[] @@ -34603,7 +34566,7 @@ index af2d431..bc63cba 100644 addrs[i] = proglen; } cleanup_addr = proglen; /* epilogue address */ -@@ -285,6 +380,10 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -285,6 +394,10 @@ void bpf_jit_compile(struct sk_filter *fp) for (i = 0; i < flen; i++) { unsigned int K = filter[i].k; @@ -34614,7 +34577,7 @@ index af2d431..bc63cba 100644 switch (filter[i].code) { case BPF_S_ALU_ADD_X: /* A += X; */ seen |= SEEN_XREG; -@@ -317,10 +416,8 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -317,10 +430,8 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_ALU_MUL_K: /* A *= K */ if (is_imm8(K)) EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */ @@ -34627,7 +34590,16 @@ index af2d431..bc63cba 100644 break; case BPF_S_ALU_DIV_X: /* A /= X; */ seen |= SEEN_XREG; -@@ -364,7 +461,11 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -333,7 +444,7 @@ void bpf_jit_compile(struct sk_filter *fp) + EMIT_COND_JMP(X86_JE, addrs[pc_ret0 - 1] - + (addrs[i] - 4)); + } else { +- EMIT_COND_JMP(X86_JNE, 2 + 5); ++ EMIT_COND_JMP(X86_JNE, 2 + NEAR_JMP_LENGTH); + CLEAR_A(); + EMIT1_off32(0xe9, cleanup_addr - (addrs[i] - 4)); /* jmp .+off32 */ + } +@@ -364,7 +475,11 @@ void bpf_jit_compile(struct sk_filter *fp) break; } EMIT2(0x31, 0xd2); /* xor %edx,%edx */ @@ -34639,7 +34611,7 @@ index af2d431..bc63cba 100644 EMIT2(0xf7, 0xf1); /* div %ecx */ EMIT2(0x89, 0xd0); /* mov %edx,%eax */ break; -@@ -372,7 +473,11 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -372,7 +487,11 @@ void bpf_jit_compile(struct sk_filter *fp) if (K == 1) break; EMIT2(0x31, 0xd2); /* xor %edx,%edx */ @@ -34651,7 +34623,7 @@ index af2d431..bc63cba 100644 EMIT2(0xf7, 0xf1); /* div %ecx */ break; case BPF_S_ALU_AND_X: -@@ -643,8 +748,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; +@@ -643,8 +762,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; if (is_imm8(K)) { EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */ } else { @@ -34661,7 +34633,16 @@ index af2d431..bc63cba 100644 } } else { EMIT2(0x89,0xde); /* mov %ebx,%esi */ -@@ -734,10 +838,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -717,7 +835,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; + } + if (filter[i].jt != 0) { + if (filter[i].jf && f_offset) +- t_offset += is_near(f_offset) ? 2 : 5; ++ t_offset += is_near(f_offset) ? SHORT_JMP_LENGTH : NEAR_JMP_LENGTH; + EMIT_COND_JMP(t_op, t_offset); + if (filter[i].jf) + EMIT_JMP(f_offset); +@@ -734,10 +852,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; if (unlikely(proglen + ilen > oldproglen)) { pr_err("bpb_jit_compile fatal error\n"); kfree(addrs); @@ -34675,7 +34656,7 @@ index af2d431..bc63cba 100644 } proglen += ilen; addrs[i] = proglen; -@@ -770,7 +876,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -770,7 +890,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; if (image) { bpf_flush_icache(header, image + proglen); @@ -34683,7 +34664,7 @@ index af2d431..bc63cba 100644 fp->bpf_func = (void *)image; } out: -@@ -782,10 +887,8 @@ static void bpf_jit_free_deferred(struct work_struct *work) +@@ -782,10 +901,8 @@ static void bpf_jit_free_deferred(struct work_struct *work) { struct sk_filter *fp = container_of(work, struct sk_filter, work); unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; @@ -50574,10 +50555,10 @@ index 84419af..268ede8 100644 &dev_attr_energy_uj.attr; } diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index afca1bc..86840b8 100644 +index b798404..cd11618 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c -@@ -3366,7 +3366,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3368,7 +3368,7 @@ regulator_register(const struct regulator_desc *regulator_desc, { const struct regulation_constraints *constraints = NULL; const struct regulator_init_data *init_data; @@ -50586,7 +50567,7 @@ index afca1bc..86840b8 100644 struct regulator_dev *rdev; struct device *dev; int ret, i; -@@ -3436,7 +3436,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3438,7 +3438,7 @@ regulator_register(const struct regulator_desc *regulator_desc, rdev->dev.of_node = config->of_node; rdev->dev.parent = dev; dev_set_name(&rdev->dev, "regulator.%d", @@ -52623,7 +52604,7 @@ index 24884ca..26c8220 100644 login->tgt_agt = sbp_target_agent_register(login); if (IS_ERR(login->tgt_agt)) { diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 38b4be2..c68af1c 100644 +index 26ae688..ca12181 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c @@ -1526,7 +1526,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) @@ -60031,37 +60012,10 @@ index 5d12d69..161d0ce 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index d375322..2f1ac75 100644 +index 0218a9b..2f1ac75 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c -@@ -366,6 +366,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - struct cifsLockInfo *li, *tmp; - struct cifs_fid fid; - struct cifs_pending_open open; -+ bool oplock_break_cancelled; - - spin_lock(&cifs_file_list_lock); - if (--cifs_file->count > 0) { -@@ -397,7 +398,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - } - spin_unlock(&cifs_file_list_lock); - -- cancel_work_sync(&cifs_file->oplock_break); -+ oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break); - - if (!tcon->need_reconnect && !cifs_file->invalidHandle) { - struct TCP_Server_Info *server = tcon->ses->server; -@@ -409,6 +410,9 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - _free_xid(xid); - } - -+ if (oplock_break_cancelled) -+ cifs_done_oplock_break(cifsi); -+ - cifs_del_pending_open(&open); - - /* -@@ -1900,10 +1904,14 @@ static int cifs_writepages(struct address_space *mapping, +@@ -1904,10 +1904,14 @@ static int cifs_writepages(struct address_space *mapping, index = mapping->writeback_index; /* Start from prev offset */ end = -1; } else { @@ -60715,7 +60669,7 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index 4366127..581b312 100644 +index 4366127..b8c2cf9 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -250,7 +250,7 @@ static void __d_free(struct rcu_head *head) @@ -60850,7 +60804,17 @@ index 4366127..581b312 100644 dentry->d_flags = 0; spin_lock_init(&dentry->d_lock); seqcount_init(&dentry->d_seq); -@@ -2275,7 +2276,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) +@@ -1521,6 +1522,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) + dentry->d_sb = sb; + dentry->d_op = NULL; + dentry->d_fsdata = NULL; ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ atomic_set(&dentry->chroot_refcnt, 0); ++#endif + INIT_HLIST_BL_NODE(&dentry->d_hash); + INIT_LIST_HEAD(&dentry->d_lru); + INIT_LIST_HEAD(&dentry->d_subdirs); +@@ -2275,7 +2279,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) goto next; } @@ -60859,7 +60823,7 @@ index 4366127..581b312 100644 found = dentry; spin_unlock(&dentry->d_lock); break; -@@ -2374,7 +2375,7 @@ again: +@@ -2374,7 +2378,7 @@ again: spin_lock(&dentry->d_lock); inode = dentry->d_inode; isdir = S_ISDIR(inode->i_mode); @@ -60868,7 +60832,7 @@ index 4366127..581b312 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -3318,7 +3319,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3318,7 +3322,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -60877,7 +60841,7 @@ index 4366127..581b312 100644 } } return D_WALK_CONTINUE; -@@ -3434,7 +3435,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3434,7 +3438,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -62309,7 +62273,7 @@ index 92567d9..fcd8cbf 100644 if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) { diff --git a/fs/fs_struct.c b/fs/fs_struct.c -index 7dca743..543d620 100644 +index 7dca743..2f2786d 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ @@ -62320,15 +62284,27 @@ index 7dca743..543d620 100644 #include "internal.h" /* -@@ -19,6 +20,7 @@ void set_fs_root(struct fs_struct *fs, const struct path *path) +@@ -15,14 +16,18 @@ void set_fs_root(struct fs_struct *fs, const struct path *path) + struct path old_root; + + path_get(path); ++ gr_inc_chroot_refcnts(path->dentry, path->mnt); + spin_lock(&fs->lock); write_seqcount_begin(&fs->seq); old_root = fs->root; fs->root = *path; + gr_set_chroot_entries(current, path); write_seqcount_end(&fs->seq); spin_unlock(&fs->lock); - if (old_root.dentry) -@@ -67,6 +69,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root) +- if (old_root.dentry) ++ if (old_root.dentry) { ++ gr_dec_chroot_refcnts(old_root.dentry, old_root.mnt); + path_put(&old_root); ++ } + } + + /* +@@ -67,6 +72,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root) int hits = 0; spin_lock(&fs->lock); write_seqcount_begin(&fs->seq); @@ -62339,7 +62315,15 @@ index 7dca743..543d620 100644 hits += replace_path(&fs->root, old_root, new_root); hits += replace_path(&fs->pwd, old_root, new_root); write_seqcount_end(&fs->seq); -@@ -99,7 +105,8 @@ void exit_fs(struct task_struct *tsk) +@@ -85,6 +94,7 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root) + + void free_fs_struct(struct fs_struct *fs) + { ++ gr_dec_chroot_refcnts(fs->root.dentry, fs->root.mnt); + path_put(&fs->root); + path_put(&fs->pwd); + kmem_cache_free(fs_cachep, fs); +@@ -99,7 +109,8 @@ void exit_fs(struct task_struct *tsk) task_lock(tsk); spin_lock(&fs->lock); tsk->fs = NULL; @@ -62349,7 +62333,7 @@ index 7dca743..543d620 100644 spin_unlock(&fs->lock); task_unlock(tsk); if (kill) -@@ -112,7 +119,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -112,7 +123,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL); /* We don't need to lock fs - think why ;-) */ if (fs) { @@ -62358,7 +62342,7 @@ index 7dca743..543d620 100644 fs->in_exec = 0; spin_lock_init(&fs->lock); seqcount_init(&fs->seq); -@@ -121,6 +128,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -121,6 +132,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) spin_lock(&old->lock); fs->root = old->root; path_get(&fs->root); @@ -62368,7 +62352,7 @@ index 7dca743..543d620 100644 fs->pwd = old->pwd; path_get(&fs->pwd); spin_unlock(&old->lock); -@@ -139,8 +149,9 @@ int unshare_fs_struct(void) +@@ -139,8 +153,9 @@ int unshare_fs_struct(void) task_lock(current); spin_lock(&fs->lock); @@ -62379,7 +62363,7 @@ index 7dca743..543d620 100644 spin_unlock(&fs->lock); task_unlock(current); -@@ -153,13 +164,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); +@@ -153,13 +168,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); int current_umask(void) { @@ -64185,7 +64169,7 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index 0dd72c8..34dd17d 100644 +index 0dd72c8..b058c6d 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -331,17 +331,34 @@ int generic_permission(struct inode *inode, int mask) @@ -64752,10 +64736,18 @@ index 0dd72c8..34dd17d 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4239,6 +4433,12 @@ retry_deleg: +@@ -4239,6 +4433,20 @@ retry_deleg: if (new_dentry == trap) goto exit5; ++ if (gr_bad_chroot_rename(old_dentry, oldnd.path.mnt, new_dentry, newnd.path.mnt)) { ++ /* use EXDEV error to cause 'mv' to switch to an alternative ++ * method for usability ++ */ ++ error = -EXDEV; ++ goto exit5; ++ } ++ + error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt, + old_dentry, old_dir->d_inode, oldnd.path.mnt, + to); @@ -64765,7 +64757,7 @@ index 0dd72c8..34dd17d 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4246,6 +4446,9 @@ retry_deleg: +@@ -4246,6 +4454,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -64775,7 +64767,7 @@ index 0dd72c8..34dd17d 100644 exit5: dput(new_dentry); exit4: -@@ -4282,6 +4485,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4282,6 +4493,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -64784,7 +64776,7 @@ index 0dd72c8..34dd17d 100644 int len; len = PTR_ERR(link); -@@ -4291,7 +4496,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4291,7 +4504,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -69182,10 +69174,10 @@ index f9bb590..af3c389 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..cdaa3ef +index 0000000..49e1a77 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1168 @@ +@@ -0,0 +1,1184 @@ +# +# grecurity configuration +# @@ -69828,6 +69820,22 @@ index 0000000..cdaa3ef + sysctl option is enabled, a sysctl option with name + "chroot_deny_sysctl" is created. + ++config GRKERNSEC_CHROOT_RENAME ++ bool "Deny bad renames" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on GRKERNSEC_CHROOT ++ help ++ If you say Y here, an attacker in a chroot will not be able to ++ abuse the ability to create double chroots to break out of the ++ chroot by exploiting a race condition between a rename of a directory ++ within a chroot against an open of a symlink with relative path ++ components. This feature will likewise prevent an accomplice outside ++ a chroot from enabling a user inside the chroot to break out and make ++ use of their credentials on the global filesystem. Enabling this ++ feature is essential to prevent root users from breaking out of a ++ chroot. If the sysctl option is enabled, a sysctl option with name ++ "chroot_deny_bad_rename" is created. ++ +config GRKERNSEC_CHROOT_CAPS + bool "Capability restrictions" + default y if GRKERNSEC_CONFIG_AUTO @@ -76941,10 +76949,10 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..baa635c +index 0000000..2a43673 --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,469 @@ +#include +#include +#include @@ -76960,6 +76968,88 @@ index 0000000..baa635c +int gr_init_ran; +#endif + ++void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *tmpd = dentry; ++ ++ read_seqlock_excl(&mount_lock); ++ write_seqlock(&rename_lock); ++ ++ while (tmpd != mnt->mnt_root) { ++ atomic_inc(&tmpd->chroot_refcnt); ++ tmpd = tmpd->d_parent; ++ } ++ atomic_inc(&tmpd->chroot_refcnt); ++ ++ write_sequnlock(&rename_lock); ++ read_sequnlock_excl(&mount_lock); ++#endif ++} ++ ++void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *tmpd = dentry; ++ ++ read_seqlock_excl(&mount_lock); ++ write_seqlock(&rename_lock); ++ ++ while (tmpd != mnt->mnt_root) { ++ atomic_dec(&tmpd->chroot_refcnt); ++ tmpd = tmpd->d_parent; ++ } ++ atomic_dec(&tmpd->chroot_refcnt); ++ ++ write_sequnlock(&rename_lock); ++ read_sequnlock_excl(&mount_lock); ++#endif ++} ++ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++static struct dentry *get_closest_chroot(struct dentry *dentry) ++{ ++ write_seqlock(&rename_lock); ++ do { ++ if (atomic_read(&dentry->chroot_refcnt)) { ++ write_sequnlock(&rename_lock); ++ return dentry; ++ } ++ dentry = dentry->d_parent; ++ } while (!IS_ROOT(dentry)); ++ write_sequnlock(&rename_lock); ++ return NULL; ++} ++#endif ++ ++int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt, ++ struct dentry *newdentry, struct vfsmount *newmnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *chroot; ++ ++ if (unlikely(!grsec_enable_chroot_rename)) ++ return 0; ++ ++ if (likely(!proc_is_chrooted(current) && gr_is_global_root(current_uid()))) ++ return 0; ++ ++ chroot = get_closest_chroot(olddentry); ++ ++ if (chroot == NULL) ++ return 0; ++ ++ if (is_subdir(newdentry, chroot)) ++ return 0; ++ ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_RENAME_MSG, olddentry, oldmnt); ++ ++ return 1; ++#else ++ return 0; ++#endif ++} ++ +void gr_set_chroot_entries(struct task_struct *task, const struct path *path) +{ +#ifdef CONFIG_GRKERNSEC @@ -78032,10 +78122,10 @@ index 0000000..8ca18bf +} diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c new file mode 100644 -index 0000000..b7cb191 +index 0000000..4ed9e7d --- /dev/null +++ b/grsecurity/grsec_init.c -@@ -0,0 +1,286 @@ +@@ -0,0 +1,290 @@ +#include +#include +#include @@ -78078,6 +78168,7 @@ index 0000000..b7cb191 +int grsec_enable_chroot_nice; +int grsec_enable_chroot_execlog; +int grsec_enable_chroot_caps; ++int grsec_enable_chroot_rename; +int grsec_enable_chroot_sysctl; +int grsec_enable_chroot_unix; +int grsec_enable_tpe; @@ -78289,6 +78380,9 @@ index 0000000..b7cb191 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS + grsec_enable_chroot_caps = 1; +#endif ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ grsec_enable_chroot_rename = 1; ++#endif +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL + grsec_enable_chroot_sysctl = 1; +#endif @@ -79519,10 +79613,10 @@ index 0000000..e3650b6 +} diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c new file mode 100644 -index 0000000..8159888 +index 0000000..cce889e --- /dev/null +++ b/grsecurity/grsec_sysctl.c -@@ -0,0 +1,479 @@ +@@ -0,0 +1,488 @@ +#include +#include +#include @@ -79792,6 +79886,15 @@ index 0000000..8159888 + .proc_handler = &proc_dointvec, + }, +#endif ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ { ++ .procname = "chroot_deny_bad_rename", ++ .data = &grsec_enable_chroot_rename, ++ .maxlen = sizeof(int), ++ .mode = 0600, ++ .proc_handler = &proc_dointvec, ++ }, ++#endif +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL + { + .procname = "chroot_deny_sysctl", @@ -81319,6 +81422,39 @@ index 2507fd2..55203f8 100644 /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer +diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h +index cdd1cc2..59dc542 100644 +--- a/include/linux/compiler-gcc5.h ++++ b/include/linux/compiler-gcc5.h +@@ -28,6 +28,28 @@ + # define __compiletime_error(message) __attribute__((error(message))) + #endif /* __CHECKER__ */ + ++#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__))) ++#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) ++#define __bos0(ptr) __bos((ptr), 0) ++#define __bos1(ptr) __bos((ptr), 1) ++ ++#ifdef CONSTIFY_PLUGIN ++#error not yet ++#define __no_const __attribute__((no_const)) ++#define __do_const __attribute__((do_const)) ++#endif ++ ++#ifdef SIZE_OVERFLOW_PLUGIN ++#error not yet ++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__))) ++#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__))) ++#endif ++ ++#ifdef LATENT_ENTROPY_PLUGIN ++#error not yet ++#define __latent_entropy __attribute__((latent_entropy)) ++#endif ++ + /* + * Mark a position in code as unreachable. This can be used to + * suppress control flow warnings after asm blocks that transfer diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 2472740..4857634 100644 --- a/include/linux/compiler.h @@ -81675,10 +81811,20 @@ index 653589e..4ef254a 100644 return c | 0x20; } diff --git a/include/linux/dcache.h b/include/linux/dcache.h -index 3b50cac..71a4cec 100644 +index 3b50cac..a3b0c8a 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h -@@ -133,7 +133,7 @@ struct dentry { +@@ -123,6 +123,9 @@ struct dentry { + unsigned long d_time; /* used by d_revalidate */ + void *d_fsdata; /* fs-specific data */ + ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ atomic_t chroot_refcnt; /* tracks use of directory in chroot */ ++#endif + struct list_head d_lru; /* LRU list */ + /* + * d_child and d_rcu can share memory +@@ -133,7 +136,7 @@ struct dentry { } d_u; struct list_head d_subdirs; /* our children */ struct hlist_node d_alias; /* inode alias list */ @@ -82802,10 +82948,10 @@ index 0000000..be66033 +#endif diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h new file mode 100644 -index 0000000..d25522e +index 0000000..fb1de5d --- /dev/null +++ b/include/linux/grinternal.h -@@ -0,0 +1,229 @@ +@@ -0,0 +1,230 @@ +#ifndef __GRINTERNAL_H +#define __GRINTERNAL_H + @@ -82865,6 +83011,7 @@ index 0000000..d25522e +extern int grsec_enable_chroot_nice; +extern int grsec_enable_chroot_execlog; +extern int grsec_enable_chroot_caps; ++extern int grsec_enable_chroot_rename; +extern int grsec_enable_chroot_sysctl; +extern int grsec_enable_chroot_unix; +extern int grsec_enable_symlinkown; @@ -83037,10 +83184,10 @@ index 0000000..d25522e +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..b02ba9d +index 0000000..26ef560 --- /dev/null +++ b/include/linux/grmsg.h -@@ -0,0 +1,117 @@ +@@ -0,0 +1,118 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -83084,6 +83231,7 @@ index 0000000..b02ba9d +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by " ++#define GR_CHROOT_RENAME_MSG "denied bad rename of %.950s out of a chroot by " +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by " +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " @@ -83160,10 +83308,10 @@ index 0000000..b02ba9d +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..acda855 +index 0000000..40e9e6a --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,254 @@ +@@ -0,0 +1,259 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include @@ -83387,14 +83535,19 @@ index 0000000..acda855 + +#ifdef CONFIG_GRKERNSEC_RESLOG +extern void gr_log_resource(const struct task_struct *task, const int res, -+ const unsigned long wanted, const int gt); ++ const unsigned long wanted, const int gt); +#else +static inline void gr_log_resource(const struct task_struct *task, const int res, -+ const unsigned long wanted, const int gt) ++ const unsigned long wanted, const int gt) +{ +} +#endif + ++void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt); ++void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt); ++int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt, ++ struct dentry *newdentry, struct vfsmount *newmnt); ++ +#ifdef CONFIG_GRKERNSEC +void task_grsec_rbac(struct seq_file *m, struct task_struct *p); +void gr_handle_vm86(void); @@ -93826,10 +93979,10 @@ index 52f881d..1e9f941 100644 set_fs(seg); if (ret >= 0 && uoss_ptr) { diff --git a/kernel/smpboot.c b/kernel/smpboot.c -index eb89e18..a4e6792 100644 +index 60d35ac5..59d289f 100644 --- a/kernel/smpboot.c +++ b/kernel/smpboot.c -@@ -288,7 +288,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) +@@ -289,7 +289,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) } smpboot_unpark_thread(plug_thread, cpu); } @@ -93837,8 +93990,8 @@ index eb89e18..a4e6792 100644 + pax_list_add(&plug_thread->list, &hotplug_threads); out: mutex_unlock(&smpboot_threads_lock); - return ret; -@@ -305,7 +305,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) + put_online_cpus(); +@@ -307,7 +307,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) { get_online_cpus(); mutex_lock(&smpboot_threads_lock); @@ -95205,10 +95358,10 @@ index c9b6f01..37781d9 100644 .thread_should_run = watchdog_should_run, .thread_fn = watchdog, diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index b4defde..f092808 100644 +index f6f31d8..bbe30db 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -4703,7 +4703,7 @@ static void rebind_workers(struct worker_pool *pool) +@@ -4687,7 +4687,7 @@ static void rebind_workers(struct worker_pool *pool) WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); worker_flags |= WORKER_REBOUND; worker_flags &= ~WORKER_UNBOUND; @@ -97576,7 +97729,7 @@ index b1eb536..091d154 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 085bcd8..cb98f9f 100644 +index 085bcd8..916b1d4 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -37,6 +37,7 @@ @@ -97641,6 +97794,24 @@ index 085bcd8..cb98f9f 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. +@@ -129,7 +150,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed); + */ + int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + { +- unsigned long free, allowed, reserve; ++ long free, allowed, reserve; + + vm_acct_memory(pages); + +@@ -193,7 +214,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + */ + if (mm) { + reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); +- allowed -= min(mm->total_vm / 32, reserve); ++ allowed -= min_t(long, mm->total_vm / 32, reserve); + } + + if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -247,6 +268,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; @@ -99169,7 +99340,7 @@ index 05f1180..c3cde48 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 3ee4f74..9f4fdd8 100644 +index 3ee4f74..d79b8e2 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -66,7 +66,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; @@ -99204,6 +99375,24 @@ index 3ee4f74..9f4fdd8 100644 *region = *vma->vm_region; new->vm_region = region; +@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range); + */ + int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + { +- unsigned long free, allowed, reserve; ++ long free, allowed, reserve; + + vm_acct_memory(pages); + +@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + */ + if (mm) { + reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); +- allowed -= min(mm->total_vm / 32, reserve); ++ allowed -= min_t(long, mm->total_vm / 32, reserve); + } + + if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -2001,8 +1992,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -104411,7 +104600,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 3f0ec06..5aad945 100644 +index 3f0ec06..230c2c5 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -170,7 +170,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { @@ -104484,7 +104673,29 @@ index 3f0ec06..5aad945 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4512,6 +4519,21 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token) + return 0; + } + ++static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = { ++ [IFLA_INET6_TOKEN] = { .len = sizeof(struct in6_addr) }, ++}; ++ ++static int inet6_validate_link_af(const struct net_device *dev, ++ const struct nlattr *nla) ++{ ++ struct nlattr *tb[IFLA_INET6_MAX + 1]; ++ ++ if (dev && !__in6_dev_get(dev)) ++ return -EAFNOSUPPORT; ++ ++ return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy); ++} ++ + static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla) + { + int err = -EINVAL; +@@ -4741,11 +4763,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, dev->ifindex, 1); @@ -104498,7 +104709,7 @@ index 3f0ec06..5aad945 100644 } dst_hold(&ifp->rt->dst); -@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4753,7 +4772,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -104507,7 +104718,7 @@ index 3f0ec06..5aad945 100644 rt_genid_bump_ipv6(net); } -@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4774,7 +4793,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -104516,7 +104727,7 @@ index 3f0ec06..5aad945 100644 int ret; /* -@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4859,7 +4878,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -104525,6 +104736,14 @@ index 3f0ec06..5aad945 100644 int ret; /* +@@ -5299,6 +5318,7 @@ static struct rtnl_af_ops inet6_ops = { + .family = AF_INET6, + .fill_link_af = inet6_fill_link_af, + .get_link_af_size = inet6_get_link_af_size, ++ .validate_link_af = inet6_validate_link_af, + .set_link_af = inet6_set_link_af, + }; + diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index d935889..2f64330 100644 --- a/net/ipv6/af_inet6.c @@ -108507,14 +108726,14 @@ index 078fe1d..fbdb363 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..42018ed +index 0000000..822fa9e --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,51 @@ +#!/bin/sh +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) -+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <&1 <= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 CXX @@ -108545,7 +108764,7 @@ index 0000000..42018ed +esac + +# we need a c++ compiler that supports the designated initializer GNU extension -+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <&1 <cons_lock); ++ key_put(key); + kleave(" = %d [prelink]", ret); + return ret; + diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c diff --git a/3.18.5/4425_grsec_remove_EI_PAX.patch b/3.14.33/4425_grsec_remove_EI_PAX.patch similarity index 100% rename from 3.18.5/4425_grsec_remove_EI_PAX.patch rename to 3.14.33/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.31/4427_force_XATTR_PAX_tmpfs.patch b/3.14.33/4427_force_XATTR_PAX_tmpfs.patch similarity index 100% rename from 3.14.31/4427_force_XATTR_PAX_tmpfs.patch rename to 3.14.33/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.2.66/4430_grsec-remove-localversion-grsec.patch b/3.14.33/4430_grsec-remove-localversion-grsec.patch similarity index 100% rename from 3.2.66/4430_grsec-remove-localversion-grsec.patch rename to 3.14.33/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.31/4435_grsec-mute-warnings.patch b/3.14.33/4435_grsec-mute-warnings.patch similarity index 100% rename from 3.14.31/4435_grsec-mute-warnings.patch rename to 3.14.33/4435_grsec-mute-warnings.patch diff --git a/3.2.66/4440_grsec-remove-protected-paths.patch b/3.14.33/4440_grsec-remove-protected-paths.patch similarity index 100% rename from 3.2.66/4440_grsec-remove-protected-paths.patch rename to 3.14.33/4440_grsec-remove-protected-paths.patch diff --git a/3.14.31/4450_grsec-kconfig-default-gids.patch b/3.14.33/4450_grsec-kconfig-default-gids.patch similarity index 100% rename from 3.14.31/4450_grsec-kconfig-default-gids.patch rename to 3.14.33/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.31/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.33/4465_selinux-avc_audit-log-curr_ip.patch similarity index 100% rename from 3.14.31/4465_selinux-avc_audit-log-curr_ip.patch rename to 3.14.33/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.31/4470_disable-compat_vdso.patch b/3.14.33/4470_disable-compat_vdso.patch similarity index 100% rename from 3.14.31/4470_disable-compat_vdso.patch rename to 3.14.33/4470_disable-compat_vdso.patch diff --git a/3.18.5/4475_emutramp_default_on.patch b/3.14.33/4475_emutramp_default_on.patch similarity index 100% rename from 3.18.5/4475_emutramp_default_on.patch rename to 3.14.33/4475_emutramp_default_on.patch diff --git a/3.18.5/0000_README b/3.18.7/0000_README similarity index 96% rename from 3.18.5/0000_README rename to 3.18.7/0000_README index b1f502a..ee63631 100644 --- a/3.18.5/0000_README +++ b/3.18.7/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.18.5-201502052352.patch +Patch: 4420_grsecurity-3.0-3.18.7-201502200813.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.18.5/4420_grsecurity-3.0-3.18.5-201502052352.patch b/3.18.7/4420_grsecurity-3.0-3.18.7-201502200813.patch similarity index 99% rename from 3.18.5/4420_grsecurity-3.0-3.18.5-201502052352.patch rename to 3.18.7/4420_grsecurity-3.0-3.18.7-201502200813.patch index ad22521..544940a 100644 --- a/3.18.5/4420_grsecurity-3.0-3.18.5-201502052352.patch +++ b/3.18.7/4420_grsecurity-3.0-3.18.7-201502200813.patch @@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 6276fca..e21ed81 100644 +index 0efae22..380e711 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -781,7 +781,7 @@ index f9c732e..78fbb0f 100644 return addr; } diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c -index 98838a0..b304fb4 100644 +index 9d0ac09..479a962 100644 --- a/arch/alpha/mm/fault.c +++ b/arch/alpha/mm/fault.c @@ -53,6 +53,124 @@ __load_new_mm_context(struct mm_struct *next_mm) @@ -3525,7 +3525,7 @@ index 7f352de..6dc0929 100644 static int keystone_platform_notifier(struct notifier_block *nb, diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c -index 1163a3e..424adbf 100644 +index 2ffccd4..69ffe115 100644 --- a/arch/arm/mach-mvebu/coherency.c +++ b/arch/arm/mach-mvebu/coherency.c @@ -316,7 +316,7 @@ static void __init armada_370_coherency_init(struct device_node *np) @@ -3894,7 +3894,7 @@ index 5e65ca8..879e7b3 100644 #define CACHE_LINE_SIZE 32 diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c -index 6eb97b3..e77848e 100644 +index 4370933..e77848e 100644 --- a/arch/arm/mm/context.c +++ b/arch/arm/mm/context.c @@ -43,7 +43,7 @@ @@ -3906,40 +3906,7 @@ index 6eb97b3..e77848e 100644 static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS); static DEFINE_PER_CPU(atomic64_t, active_asids); -@@ -144,21 +144,17 @@ static void flush_context(unsigned int cpu) - /* Update the list of reserved ASIDs and the ASID bitmap. */ - bitmap_clear(asid_map, 0, NUM_USER_ASIDS); - for_each_possible_cpu(i) { -- if (i == cpu) { -- asid = 0; -- } else { -- asid = atomic64_xchg(&per_cpu(active_asids, i), 0); -- /* -- * If this CPU has already been through a -- * rollover, but hasn't run another task in -- * the meantime, we must preserve its reserved -- * ASID, as this is the only trace we have of -- * the process it is still running. -- */ -- if (asid == 0) -- asid = per_cpu(reserved_asids, i); -- __set_bit(asid & ~ASID_MASK, asid_map); -- } -+ asid = atomic64_xchg(&per_cpu(active_asids, i), 0); -+ /* -+ * If this CPU has already been through a -+ * rollover, but hasn't run another task in -+ * the meantime, we must preserve its reserved -+ * ASID, as this is the only trace we have of -+ * the process it is still running. -+ */ -+ if (asid == 0) -+ asid = per_cpu(reserved_asids, i); -+ __set_bit(asid & ~ASID_MASK, asid_map); - per_cpu(reserved_asids, i) = asid; - } - -@@ -182,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) +@@ -178,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) { static u32 cur_idx = 1; u64 asid = atomic64_read(&mm->context.id); @@ -3948,7 +3915,7 @@ index 6eb97b3..e77848e 100644 if (asid != 0 && is_reserved_asid(asid)) { /* -@@ -203,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) +@@ -199,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) */ asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx); if (asid == NUM_USER_ASIDS) { @@ -3957,7 +3924,7 @@ index 6eb97b3..e77848e 100644 &asid_generation); flush_context(cpu); asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1); -@@ -234,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) +@@ -230,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) cpu_set_reserved_ttbr0(); asid = atomic64_read(&mm->context.id); @@ -4947,7 +4914,7 @@ index 479330b..53717a8 100644 #endif /* __ASM_AVR32_KMAP_TYPES_H */ diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c -index 0eca933..eb78c7b 100644 +index d223a8b..69c5210 100644 --- a/arch/avr32/mm/fault.c +++ b/arch/avr32/mm/fault.c @@ -41,6 +41,23 @@ static inline int notify_page_fault(struct pt_regs *regs, int trap) @@ -4974,7 +4941,7 @@ index 0eca933..eb78c7b 100644 /* * This routine handles page faults. It determines the address and the * problem, and then passes it off to one of the appropriate routines. -@@ -176,6 +193,16 @@ bad_area: +@@ -178,6 +195,16 @@ bad_area: up_read(&mm->mmap_sem); if (user_mode(regs)) { @@ -5534,7 +5501,7 @@ index 84f8a52..7c76178 100644 * ensure percpu data fits * into percpu page size diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c -index 7225dad..2a7c8256 100644 +index ba5ba7a..36e9d3a 100644 --- a/arch/ia64/mm/fault.c +++ b/arch/ia64/mm/fault.c @@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned long address) @@ -6878,7 +6845,7 @@ index 2242bdd..b284048 100644 } /* Arrange for an interrupt in a short while */ diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c -index 22b19c2..c5cc8c4 100644 +index d255a2a..916271c 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -688,7 +688,18 @@ asmlinkage void do_ov(struct pt_regs *regs) @@ -6915,7 +6882,7 @@ index e3b21e5..ea5ff7c 100644 if (kvm_mips_callbacks) { kvm_err("kvm: module already exists\n"); diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index becc42b..9e43d4b 100644 +index 70ab5d6..62940fe 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -28,6 +28,23 @@ @@ -6942,7 +6909,7 @@ index becc42b..9e43d4b 100644 /* * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate -@@ -199,6 +216,14 @@ bad_area: +@@ -201,6 +218,14 @@ bad_area: bad_area_nosemaphore: /* User mode accesses just cause a SIGSEGV */ if (user_mode(regs)) { @@ -7568,7 +7535,7 @@ index 47ee620..1107387 100644 fault_space = regs->iasq[0]; diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c -index 3ca9c11..d163ef7 100644 +index e5120e6..8ddb5cc 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -15,6 +15,7 @@ @@ -9269,7 +9236,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 08d659a..ab329f4 100644 +index f06b56b..ffb2fb4 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -33,6 +33,10 @@ @@ -9344,7 +9311,7 @@ index 08d659a..ab329f4 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -495,6 +526,23 @@ bad_area: +@@ -497,6 +528,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -11384,7 +11351,7 @@ index 30c3ecc..736f015 100644 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o obj-y += fault_$(BITS).o diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c -index 908e8c1..1524793 100644 +index 70d8171..274c6c0 100644 --- a/arch/sparc/mm/fault_32.c +++ b/arch/sparc/mm/fault_32.c @@ -21,6 +21,9 @@ @@ -11701,7 +11668,7 @@ index 908e8c1..1524793 100644 if (!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c -index 18fcd71..e4fe821 100644 +index 4798232..f76e3aa 100644 --- a/arch/sparc/mm/fault_64.c +++ b/arch/sparc/mm/fault_64.c @@ -22,6 +22,9 @@ @@ -12803,7 +12770,7 @@ index bd49ec6..94c7f58 100644 } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 45abc36..97bea2d 100644 +index 6a1a845..0ad2dae 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y) @@ -20528,7 +20495,7 @@ index e45e4da..44e8572 100644 extern struct x86_init_ops x86_init; extern struct x86_cpuinit_ops x86_cpuinit; diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h -index c949923..c22bfa4 100644 +index f58ef6c..a2abc78 100644 --- a/arch/x86/include/asm/xen/page.h +++ b/arch/x86/include/asm/xen/page.h @@ -63,7 +63,7 @@ extern int m2p_remove_override(struct page *page, @@ -21666,7 +21633,7 @@ index 7dc5564..1273569 100644 wmb(); diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c -index 15c2909..2cef20c 100644 +index 36a8361..e7058c2 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -518,7 +518,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) @@ -21778,7 +21745,7 @@ index 639d128..e92d7e5 100644 while (amd_iommu_v2_event_descs[i].attr.attr.name) diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c -index 944bf01..4a4392f 100644 +index 498b6d9..4126515 100644 --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c @@ -2353,10 +2353,10 @@ __init int intel_pmu_init(void) @@ -21796,7 +21763,7 @@ index 944bf01..4a4392f 100644 intel_ds_init(); diff --git a/arch/x86/kernel/cpu/perf_event_intel_rapl.c b/arch/x86/kernel/cpu/perf_event_intel_rapl.c -index d64f275..26522ff 100644 +index 8c25674..30aa32e 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_rapl.c +++ b/arch/x86/kernel/cpu/perf_event_intel_rapl.c @@ -449,7 +449,7 @@ static struct attribute *rapl_events_hsw_attr[] = { @@ -28204,7 +28171,7 @@ index e8edcf5..27f9344 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 49edf2d..c0d1362 100644 +index 49edf2d..df596b1 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -28385,7 +28352,6 @@ index 49edf2d..c0d1362 100644 + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) { + VMLINUX_SYMBOL(_sinittext) = .; + INIT_TEXT -+ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(PAGE_SIZE); + } :text.init @@ -28396,6 +28362,7 @@ index 49edf2d..c0d1362 100644 + */ + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { + EXIT_TEXT ++ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(16); + } :text.exit + . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text); @@ -31745,7 +31712,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index d973e61..fb868e9 100644 +index 4d8ee82..ffc1011 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,12 +13,19 @@ @@ -32001,7 +31968,7 @@ index d973e61..fb868e9 100644 /* Kernel addresses are always protection faults: */ if (address >= TASK_SIZE) error_code |= PF_PROT; -@@ -867,7 +979,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -864,7 +976,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -32010,7 +31977,7 @@ index d973e61..fb868e9 100644 code = BUS_MCEERR_AR; } #endif -@@ -921,6 +1033,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -916,6 +1028,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -32110,7 +32077,7 @@ index d973e61..fb868e9 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -1006,6 +1211,9 @@ int show_unhandled_signals = 1; +@@ -1001,6 +1206,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -32120,7 +32087,7 @@ index d973e61..fb868e9 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1040,7 +1248,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -1035,7 +1243,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -32129,7 +32096,7 @@ index d973e61..fb868e9 100644 return false; return true; -@@ -1068,6 +1276,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1063,6 +1271,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, tsk = current; mm = tsk->mm; @@ -32152,7 +32119,7 @@ index d973e61..fb868e9 100644 /* * Detect and handle instructions that would cause a page fault for * both a tracked kernel page and a userspace page. -@@ -1145,7 +1369,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1140,7 +1364,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -32161,7 +32128,7 @@ index d973e61..fb868e9 100644 local_irq_enable(); error_code |= PF_USER; flags |= FAULT_FLAG_USER; -@@ -1192,6 +1416,11 @@ retry: +@@ -1187,6 +1411,11 @@ retry: might_sleep(); } @@ -32173,7 +32140,7 @@ index d973e61..fb868e9 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1203,18 +1432,24 @@ retry: +@@ -1198,18 +1427,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -32209,7 +32176,7 @@ index d973e61..fb868e9 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1331,3 +1566,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1327,3 +1562,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) } NOKPROBE_SYMBOL(trace_do_page_fault); #endif /* CONFIG_TRACING */ @@ -33259,7 +33226,7 @@ index 7b179b49..6bd17777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index af78e50..0790b03 100644 +index af78e50..4f1fe56 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, @@ -33282,17 +33249,29 @@ index af78e50..0790b03 100644 { struct vm_struct *p, *o; -@@ -334,6 +334,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) - +@@ -329,30 +329,29 @@ EXPORT_SYMBOL(iounmap); + */ + void *xlate_dev_mem_ptr(unsigned long phys) + { +- void *addr; +- unsigned long start = phys & PAGE_MASK; +- /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ - if (page_is_ram(start >> PAGE_SHIFT)) +- if (page_is_ram(start >> PAGE_SHIFT)) ++ if (page_is_ram(phys >> PAGE_SHIFT)) +#ifdef CONFIG_HIGHMEM -+ if ((start >> PAGE_SHIFT) < max_low_pfn) ++ if ((phys >> PAGE_SHIFT) < max_low_pfn) +#endif return __va(phys); - addr = (void __force *)ioremap_cache(start, PAGE_SIZE); -@@ -346,13 +349,16 @@ void *xlate_dev_mem_ptr(unsigned long phys) +- addr = (void __force *)ioremap_cache(start, PAGE_SIZE); +- if (addr) +- addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK)); +- +- return addr; ++ return (void __force *)ioremap_cache(phys, PAGE_SIZE); + } + void unxlate_dev_mem_ptr(unsigned long phys, void *addr) { if (page_is_ram(phys >> PAGE_SHIFT)) @@ -33310,7 +33289,7 @@ index af78e50..0790b03 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -388,8 +394,7 @@ void __init early_ioremap_init(void) +@@ -388,8 +387,7 @@ void __init early_ioremap_init(void) early_ioremap_setup(); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -38706,7 +38685,7 @@ index 5c4e1f6..0ea58f9 100644 new_smi->interrupt_disabled = true; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 524b707..29d07c1 100644 +index 524b707..62a3d70 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -38754,15 +38733,17 @@ index 524b707..29d07c1 100644 #else static inline int range_is_allowed(unsigned long pfn, unsigned long size) { -@@ -122,6 +136,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -121,7 +135,8 @@ static ssize_t read_mem(struct file *file, char __user *buf, + #endif while (count > 0) { - unsigned long remaining; +- unsigned long remaining; ++ unsigned long remaining = 0; + char *temp; sz = size_inside_page(p, count); -@@ -137,7 +152,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -137,7 +152,24 @@ static ssize_t read_mem(struct file *file, char __user *buf, if (!ptr) return -EFAULT; @@ -38773,12 +38754,13 @@ index 524b707..29d07c1 100644 + unxlate_dev_mem_ptr(p, ptr); + return -ENOMEM; + } -+ memcpy(temp, ptr, sz); ++ remaining = probe_kernel_read(temp, ptr, sz); +#else + temp = ptr; +#endif + -+ remaining = copy_to_user(buf, temp, sz); ++ if (!remaining) ++ remaining = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -38787,7 +38769,7 @@ index 524b707..29d07c1 100644 unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; -@@ -369,9 +400,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -369,9 +401,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { unsigned long p = *ppos; @@ -38798,7 +38780,7 @@ index 524b707..29d07c1 100644 read = 0; if (p < (unsigned long) high_memory) { -@@ -393,6 +423,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -393,6 +424,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } #endif while (low_count > 0) { @@ -38807,7 +38789,7 @@ index 524b707..29d07c1 100644 sz = size_inside_page(p, low_count); /* -@@ -402,7 +434,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -402,7 +435,23 @@ static ssize_t read_kmem(struct file *file, char __user *buf, */ kbuf = xlate_dev_kmem_ptr((char *)p); @@ -38816,12 +38798,13 @@ index 524b707..29d07c1 100644 + temp = kmalloc(sz, GFP_KERNEL|GFP_USERCOPY); + if (!temp) + return -ENOMEM; -+ memcpy(temp, kbuf, sz); ++ err = probe_kernel_read(temp, kbuf, sz); +#else + temp = kbuf; +#endif + -+ err = copy_to_user(buf, temp, sz); ++ if (!err) ++ err = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -38831,7 +38814,7 @@ index 524b707..29d07c1 100644 return -EFAULT; buf += sz; p += sz; -@@ -797,6 +844,9 @@ static const struct memdev { +@@ -797,6 +846,9 @@ static const struct memdev { #ifdef CONFIG_PRINTK [11] = { "kmsg", 0644, &kmsg_fops, NULL }, #endif @@ -38841,7 +38824,7 @@ index 524b707..29d07c1 100644 }; static int memory_open(struct inode *inode, struct file *filp) -@@ -868,7 +918,7 @@ static int __init chr_dev_init(void) +@@ -868,7 +920,7 @@ static int __init chr_dev_init(void) continue; device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), @@ -38936,7 +38919,7 @@ index 0ea9986..e7b07e4 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 04645c0..560e350 100644 +index 04645c0..6416f00 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -289,9 +289,6 @@ @@ -38962,6 +38945,30 @@ index 04645c0..560e350 100644 static struct entropy_store input_pool = { .poolinfo = &poolinfo_table[0], +@@ -569,19 +566,19 @@ static void fast_mix(struct fast_pool *f) + __u32 c = f->pool[2], d = f->pool[3]; + + a += b; c += d; +- b = rol32(a, 6); d = rol32(c, 27); ++ b = rol32(b, 6); d = rol32(d, 27); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 16); d = rol32(c, 14); ++ b = rol32(b, 16); d = rol32(d, 14); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 6); d = rol32(c, 27); ++ b = rol32(b, 6); d = rol32(d, 27); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 16); d = rol32(c, 14); ++ b = rol32(b, 16); d = rol32(d, 14); + d ^= a; b ^= c; + + f->pool[0] = a; f->pool[1] = b; @@ -635,7 +632,7 @@ retry: /* The +2 corresponds to the /4 in the denominator */ @@ -40253,10 +40260,10 @@ index bc3da32..7289357 100644 } mutex_unlock(&drm_global_mutex); diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c -index ef757f7..98f720c 100644 +index e9a2827..5df4716 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c -@@ -741,7 +741,9 @@ int drm_fb_helper_setcmap(struct fb_cmap *cmap, struct fb_info *info) +@@ -771,7 +771,9 @@ int drm_fb_helper_setcmap(struct fb_cmap *cmap, struct fb_info *info) int i, j, rc = 0; int start; @@ -40267,7 +40274,7 @@ index ef757f7..98f720c 100644 if (!drm_fb_helper_is_bound(fb_helper)) { drm_modeset_unlock_all(dev); return -EBUSY; -@@ -915,7 +917,9 @@ int drm_fb_helper_pan_display(struct fb_var_screeninfo *var, +@@ -945,7 +947,9 @@ int drm_fb_helper_pan_display(struct fb_var_screeninfo *var, int ret = 0; int i; @@ -41168,10 +41175,10 @@ index 4a85bb6..aaea819 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 995a8b1..b7cb898 100644 +index bdf263a..0305446 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -1214,7 +1214,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1216,7 +1216,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) * locking inversion with the driver load path. And the access here is * completely racy anyway. So don't bother with locking for now. */ @@ -41652,10 +41659,10 @@ index 1319433..a993b0c 100644 case VIA_IRQ_ABSOLUTE: break; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index 4ee799b..69fc0d1 100644 +index d26a6da..5fa41ed 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -@@ -446,7 +446,7 @@ struct vmw_private { +@@ -447,7 +447,7 @@ struct vmw_private { * Fencing and IRQs. */ @@ -41663,12 +41670,12 @@ index 4ee799b..69fc0d1 100644 + atomic_unchecked_t marker_seq; wait_queue_head_t fence_queue; wait_queue_head_t fifo_queue; - int fence_queue_waiters; /* Protected by hw_mutex */ + spinlock_t waiter_lock; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c -index 09e10ae..cb76c60 100644 +index 39f2b03..d1b0a64 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c -@@ -154,7 +154,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo) +@@ -152,7 +152,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo) (unsigned int) min, (unsigned int) fifo->capabilities); @@ -41677,7 +41684,7 @@ index 09e10ae..cb76c60 100644 iowrite32(dev_priv->last_read_seqno, fifo_mem + SVGA_FIFO_FENCE); vmw_marker_queue_init(&fifo->marker_queue); return vmw_fifo_send_fence(dev_priv, &dummy); -@@ -378,7 +378,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes) +@@ -372,7 +372,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes) if (reserveable) iowrite32(bytes, fifo_mem + SVGA_FIFO_RESERVED); @@ -41686,7 +41693,7 @@ index 09e10ae..cb76c60 100644 } else { need_bounce = true; } -@@ -498,7 +498,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) +@@ -492,7 +492,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) fm = vmw_fifo_reserve(dev_priv, bytes); if (unlikely(fm == NULL)) { @@ -41695,7 +41702,7 @@ index 09e10ae..cb76c60 100644 ret = -ENOMEM; (void)vmw_fallback_wait(dev_priv, false, true, *seqno, false, 3*HZ); -@@ -506,7 +506,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) +@@ -500,7 +500,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) } do { @@ -41724,7 +41731,7 @@ index 170b61b..fec7348 100644 + .debug = vmw_gmrid_man_debug }; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c -index 37881ec..319065d 100644 +index 69c8ce2..cacb0ab 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c @@ -235,7 +235,7 @@ int vmw_present_ioctl(struct drm_device *dev, void *data, @@ -41746,10 +41753,10 @@ index 37881ec..319065d 100644 if (unlikely(num_clips == 0)) return 0; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c -index 0c42376..6febe77 100644 +index 9fe9827..0aa2fc0 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c -@@ -107,7 +107,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv, +@@ -102,7 +102,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv, * emitted. Then the fence is stale and signaled. */ @@ -41758,7 +41765,7 @@ index 0c42376..6febe77 100644 > VMW_FENCE_WRAP); return ret; -@@ -138,7 +138,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv, +@@ -133,7 +133,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv, if (fifo_idle) down_read(&fifo_state->rwsem); @@ -44925,7 +44932,7 @@ index 32e282f..5cec803 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index c1b0d52..07a0a5d 100644 +index b98765f..09e86d5 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1730,6 +1730,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -50765,10 +50772,10 @@ index 302e626..12579af 100644 da->attr.name = info->pin_config[i].name; da->attr.mode = 0644; diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index cd87c0c..715ecbe 100644 +index fc6fb54..b8c794ba 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c -@@ -3567,7 +3567,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3569,7 +3569,7 @@ regulator_register(const struct regulator_desc *regulator_desc, { const struct regulation_constraints *constraints = NULL; const struct regulator_init_data *init_data; @@ -50777,7 +50784,7 @@ index cd87c0c..715ecbe 100644 struct regulator_dev *rdev; struct device *dev; int ret, i; -@@ -3641,7 +3641,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3643,7 +3643,7 @@ regulator_register(const struct regulator_desc *regulator_desc, rdev->dev.class = ®ulator_class; rdev->dev.parent = dev; dev_set_name(&rdev->dev, "regulator.%d", @@ -50823,15 +50830,16 @@ index dbedf17..18ff6b7 100644 if (pdata) { diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 793b662..85f74cd 100644 +index 793b662..01c20fc 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c @@ -584,10 +584,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) mc13xxx_unlock(mc13892); /* update mc13892_vcam ops */ +- memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, + pax_open_kernel(); - memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, ++ memcpy((void *)&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, sizeof(struct regulator_ops)); - mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode, - mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode, @@ -52058,24 +52066,10 @@ index ae45bd9..c32a586 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index cfba74c..4cdf6a1 100644 +index dd8c8d6..4cdf6a1 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2818,9 +2818,11 @@ static int sd_revalidate_disk(struct gendisk *disk) - */ - sd_set_flush_flag(sdkp); - -- max_xfer = min_not_zero(queue_max_hw_sectors(sdkp->disk->queue), -- sdkp->max_xfer_blocks); -+ max_xfer = sdkp->max_xfer_blocks; - max_xfer <<= ilog2(sdp->sector_size) - 9; -+ -+ max_xfer = min_not_zero(queue_max_hw_sectors(sdkp->disk->queue), -+ max_xfer); - blk_queue_max_hw_sectors(sdkp->disk->queue, max_xfer); - set_capacity(disk, sdkp->capacity); - sd_config_write_same(sdkp); -@@ -3022,7 +3024,7 @@ static int sd_probe(struct device *dev) +@@ -3024,7 +3024,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -60073,37 +60067,10 @@ index 02a33e5..3a28b5a 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 3e4d00a..4132187 100644 +index 9a7b6947..4132187 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c -@@ -366,6 +366,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - struct cifsLockInfo *li, *tmp; - struct cifs_fid fid; - struct cifs_pending_open open; -+ bool oplock_break_cancelled; - - spin_lock(&cifs_file_list_lock); - if (--cifs_file->count > 0) { -@@ -397,7 +398,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - } - spin_unlock(&cifs_file_list_lock); - -- cancel_work_sync(&cifs_file->oplock_break); -+ oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break); - - if (!tcon->need_reconnect && !cifs_file->invalidHandle) { - struct TCP_Server_Info *server = tcon->ses->server; -@@ -409,6 +410,9 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - _free_xid(xid); - } - -+ if (oplock_break_cancelled) -+ cifs_done_oplock_break(cifsi); -+ - cifs_del_pending_open(&open); - - /* -@@ -2056,10 +2060,14 @@ static int cifs_writepages(struct address_space *mapping, +@@ -2060,10 +2060,14 @@ static int cifs_writepages(struct address_space *mapping, index = mapping->writeback_index; /* Start from prev offset */ end = -1; } else { @@ -62280,7 +62247,7 @@ index 5797d45..7d7d79a 100644 if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) { diff --git a/fs/fs_struct.c b/fs/fs_struct.c -index 7dca743..f5e007d 100644 +index 7dca743..2f2786d 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ @@ -62305,7 +62272,7 @@ index 7dca743..f5e007d 100644 spin_unlock(&fs->lock); - if (old_root.dentry) + if (old_root.dentry) { -+ gr_inc_chroot_refcnts(old_root.dentry, old_root.mnt); ++ gr_dec_chroot_refcnts(old_root.dentry, old_root.mnt); path_put(&old_root); + } } @@ -80575,6 +80542,39 @@ index d1a5582..4424efa 100644 /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer +diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h +index c8c5659..d09f2ad 100644 +--- a/include/linux/compiler-gcc5.h ++++ b/include/linux/compiler-gcc5.h +@@ -28,6 +28,28 @@ + # define __compiletime_error(message) __attribute__((error(message))) + #endif /* __CHECKER__ */ + ++#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__))) ++#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) ++#define __bos0(ptr) __bos((ptr), 0) ++#define __bos1(ptr) __bos((ptr), 1) ++ ++#ifdef CONSTIFY_PLUGIN ++#error not yet ++#define __no_const __attribute__((no_const)) ++#define __do_const __attribute__((do_const)) ++#endif ++ ++#ifdef SIZE_OVERFLOW_PLUGIN ++#error not yet ++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__))) ++#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__))) ++#endif ++ ++#ifdef LATENT_ENTROPY_PLUGIN ++#error not yet ++#define __latent_entropy __attribute__((latent_entropy)) ++#endif ++ + /* + * Mark a position in code as unreachable. This can be used to + * suppress control flow warnings after asm blocks that transfer diff --git a/include/linux/compiler.h b/include/linux/compiler.h index d5ad7b1..3b74638 100644 --- a/include/linux/compiler.h @@ -83355,7 +83355,7 @@ index 37e4404..26ebbd0 100644 MLX4_MFUNC_EQ_NUM = 4, MLX4_MFUNC_MAX_EQES = 8, diff --git a/include/linux/mm.h b/include/linux/mm.h -index 5ab2da9..5f0b3df 100644 +index 86a977b..8122960 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -128,6 +128,11 @@ extern unsigned int kobjsize(const void *objp); @@ -83389,7 +83389,7 @@ index 5ab2da9..5f0b3df 100644 struct mmu_gather; struct inode; -@@ -1165,8 +1171,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -1167,8 +1173,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -83400,7 +83400,7 @@ index 5ab2da9..5f0b3df 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1206,9 +1212,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1208,9 +1214,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -83413,7 +83413,7 @@ index 5ab2da9..5f0b3df 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1240,34 +1246,6 @@ int set_page_dirty_lock(struct page *page); +@@ -1242,34 +1248,6 @@ int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); int get_cmdline(struct task_struct *task, char *buffer, int buflen); @@ -83448,7 +83448,7 @@ index 5ab2da9..5f0b3df 100644 extern struct task_struct *task_of_stack(struct task_struct *task, struct vm_area_struct *vma, bool in_group); -@@ -1385,8 +1363,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1387,8 +1365,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -83464,7 +83464,7 @@ index 5ab2da9..5f0b3df 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1395,8 +1380,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1397,8 +1382,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -83480,7 +83480,7 @@ index 5ab2da9..5f0b3df 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1414,11 +1406,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1416,11 +1408,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -83504,7 +83504,7 @@ index 5ab2da9..5f0b3df 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTE_PTLOCKS -@@ -1801,12 +1805,23 @@ extern struct vm_area_struct *copy_vma(struct vm_area_struct **, +@@ -1803,12 +1807,23 @@ extern struct vm_area_struct *copy_vma(struct vm_area_struct **, bool *need_rmap_locks); extern void exit_mmap(struct mm_struct *); @@ -83528,7 +83528,7 @@ index 5ab2da9..5f0b3df 100644 if (rlim < RLIM_INFINITY) { if (((new - start) + (end_data - start_data)) > rlim) return -ENOSPC; -@@ -1831,7 +1846,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1833,7 +1848,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -83537,7 +83537,7 @@ index 5ab2da9..5f0b3df 100644 extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); -@@ -1839,6 +1854,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1841,6 +1856,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -83545,7 +83545,7 @@ index 5ab2da9..5f0b3df 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1867,10 +1883,11 @@ struct vm_unmapped_area_info { +@@ -1869,10 +1885,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; @@ -83559,7 +83559,7 @@ index 5ab2da9..5f0b3df 100644 /* * Search for an unmapped address range. -@@ -1882,7 +1899,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); +@@ -1884,7 +1901,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) */ static inline unsigned long @@ -83568,7 +83568,7 @@ index 5ab2da9..5f0b3df 100644 { if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) return unmapped_area(info); -@@ -1944,6 +1961,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1946,6 +1963,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -83579,7 +83579,7 @@ index 5ab2da9..5f0b3df 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1973,10 +1994,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1975,10 +1996,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, } #ifdef CONFIG_MMU @@ -83592,7 +83592,7 @@ index 5ab2da9..5f0b3df 100644 { return __pgprot(0); } -@@ -2038,6 +2059,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -2040,6 +2061,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -83604,7 +83604,7 @@ index 5ab2da9..5f0b3df 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -2126,7 +2152,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -2128,7 +2154,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -83613,7 +83613,7 @@ index 5ab2da9..5f0b3df 100644 extern int soft_offline_page(struct page *page, int flags); #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS) -@@ -2161,5 +2187,11 @@ void __init setup_nr_node_ids(void); +@@ -2163,5 +2189,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -84527,7 +84527,7 @@ index 34a1e10..70f6bde 100644 struct proc_ns { void *ns; diff --git a/include/linux/quota.h b/include/linux/quota.h -index 80d345a..9e89a9a 100644 +index 224fb81..9d85c41 100644 --- a/include/linux/quota.h +++ b/include/linux/quota.h @@ -70,7 +70,7 @@ struct kqid { /* Type in which we store the quota identifier */ @@ -92932,6 +92932,21 @@ index 2df8ef0..aae070f 100644 static inline void put_prev_task(struct rq *rq, struct task_struct *prev) { +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index 4ef9687..4f44028 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -629,7 +629,9 @@ static u32 __seccomp_phase1_filter(int this_syscall, struct seccomp_data *sd) + + switch (action) { + case SECCOMP_RET_ERRNO: +- /* Set the low-order 16-bits as a errno. */ ++ /* Set low-order bits as an errno, capped at MAX_ERRNO. */ ++ if (data > MAX_ERRNO) ++ data = MAX_ERRNO; + syscall_set_return_value(current, task_pt_regs(current), + -data, 0); + goto skip; diff --git a/kernel/signal.c b/kernel/signal.c index 8f0876f..1153a5a 100644 --- a/kernel/signal.c @@ -93071,10 +93086,10 @@ index 8f0876f..1153a5a 100644 set_fs(seg); if (ret >= 0 && uoss_ptr) { diff --git a/kernel/smpboot.c b/kernel/smpboot.c -index eb89e18..a4e6792 100644 +index 60d35ac5..59d289f 100644 --- a/kernel/smpboot.c +++ b/kernel/smpboot.c -@@ -288,7 +288,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) +@@ -289,7 +289,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) } smpboot_unpark_thread(plug_thread, cpu); } @@ -93082,8 +93097,8 @@ index eb89e18..a4e6792 100644 + pax_list_add(&plug_thread->list, &hotplug_threads); out: mutex_unlock(&smpboot_threads_lock); - return ret; -@@ -305,7 +305,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) + put_online_cpus(); +@@ -307,7 +307,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) { get_online_cpus(); mutex_lock(&smpboot_threads_lock); @@ -93617,7 +93632,7 @@ index a7077d3..dd48a49 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c -index 37e50aa..57a9501 100644 +index d8c724c..6b331a4 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -1399,7 +1399,7 @@ void hrtimer_peek_ahead_timers(void) @@ -95568,7 +95583,7 @@ index 72b8fa3..c5b39f1 100644 * Make sure the vma is shared, that it supports prefaulting, * and that the remapped range is valid and fully within diff --git a/mm/gup.c b/mm/gup.c -index cd62c8c..3bb2053 100644 +index a0d57ec..79d469ce 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -274,11 +274,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, @@ -96090,7 +96105,7 @@ index 8639f6b..b623882a 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 7f86cf6..0600e22 100644 +index d442584..0600e22 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -96492,7 +96507,7 @@ index 7f86cf6..0600e22 100644 - - /* Check if we need to add a guard page to the stack */ - if (check_stack_guard_page(vma, address) < 0) -- return VM_FAULT_SIGBUS; +- return VM_FAULT_SIGSEGV; - - /* Use the zero-page for reads */ if (!(flags & FAULT_FLAG_WRITE)) { @@ -96913,7 +96928,7 @@ index 73cf098..ab547c7 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 1620adb..348da48 100644 +index 1620adb..6b35ac8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -41,6 +41,7 @@ @@ -96978,6 +96993,24 @@ index 1620adb..348da48 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. +@@ -152,7 +173,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed); + */ + int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + { +- unsigned long free, allowed, reserve; ++ long free, allowed, reserve; + + VM_WARN_ONCE(percpu_counter_read(&vm_committed_as) < + -(s64)vm_committed_as_batch * num_online_cpus(), +@@ -220,7 +241,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + */ + if (mm) { + reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); +- allowed -= min(mm->total_vm / 32, reserve); ++ allowed -= min_t(long, mm->total_vm / 32, reserve); + } + + if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -274,6 +295,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; @@ -98505,7 +98538,7 @@ index b147f66..98a695ab 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index bd1808e..b63d87c 100644 +index bd1808e..22cbc6a 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -70,7 +70,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; @@ -98540,6 +98573,24 @@ index bd1808e..b63d87c 100644 *region = *vma->vm_region; new->vm_region = region; +@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range); + */ + int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + { +- unsigned long free, allowed, reserve; ++ long free, allowed, reserve; + + vm_acct_memory(pages); + +@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + */ + if (mm) { + reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); +- allowed -= min(mm->total_vm / 32, reserve); ++ allowed -= min_t(long, mm->total_vm / 32, reserve); + } + + if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -2002,8 +1993,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -98876,7 +98927,7 @@ index 3e4c721..a5e3e39 100644 /* diff --git a/mm/shmem.c b/mm/shmem.c -index 185836b..d7255a1 100644 +index 0b4ba55..bcef4ae 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -33,7 +33,7 @@ @@ -103628,7 +103679,7 @@ index 6156f68..d6ab46d 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 0169ccf..50d7b04 100644 +index 0169ccf..6f14338 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -171,7 +171,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { @@ -103701,7 +103752,30 @@ index 0169ccf..50d7b04 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4788,7 +4795,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4536,6 +4543,22 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token) + return 0; + } + ++static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = { ++ [IFLA_INET6_ADDR_GEN_MODE] = { .type = NLA_U8 }, ++ [IFLA_INET6_TOKEN] = { .len = sizeof(struct in6_addr) }, ++}; ++ ++static int inet6_validate_link_af(const struct net_device *dev, ++ const struct nlattr *nla) ++{ ++ struct nlattr *tb[IFLA_INET6_MAX + 1]; ++ ++ if (dev && !__in6_dev_get(dev)) ++ return -EAFNOSUPPORT; ++ ++ return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy); ++} ++ + static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla) + { + int err = -EINVAL; +@@ -4788,7 +4811,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) rt_genid_bump_ipv6(net); break; } @@ -103710,7 +103784,7 @@ index 0169ccf..50d7b04 100644 } static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) -@@ -4808,7 +4815,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4808,7 +4831,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -103719,7 +103793,7 @@ index 0169ccf..50d7b04 100644 int ret; /* -@@ -4893,7 +4900,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4893,7 +4916,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -103728,6 +103802,14 @@ index 0169ccf..50d7b04 100644 int ret; /* +@@ -5351,6 +5374,7 @@ static struct rtnl_af_ops inet6_ops = { + .family = AF_INET6, + .fill_link_af = inet6_fill_link_af, + .get_link_af_size = inet6_get_link_af_size, ++ .validate_link_af = inet6_validate_link_af, + .set_link_af = inet6_set_link_af, + }; + diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index e8c4400..a4cd5da 100644 --- a/net/ipv6/af_inet6.c @@ -104862,7 +104944,7 @@ index 0de7c93..884b2ca 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 4c5192e..04cc0d8 100644 +index 4a95fe3..0bfd713 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c @@ -12,7 +12,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) @@ -104883,7 +104965,7 @@ index 4c5192e..04cc0d8 100644 if (local->wowlan) { int err = drv_suspend(local, wowlan); if (err < 0) { -@@ -125,7 +125,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -126,7 +126,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) WARN_ON(!list_empty(&local->chanctx_list)); /* stop hardware - this must stop RX */ @@ -107731,14 +107813,14 @@ index b304068..462d24e 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..42018ed +index 0000000..822fa9e --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,51 @@ +#!/bin/sh +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) -+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <&1 <= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 CXX @@ -107769,7 +107851,7 @@ index 0000000..42018ed +esac + +# we need a c++ compiler that supports the designated initializer GNU extension -+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <&1 <cons_lock); ++ key_put(key); + kleave(" = %d [prelink]", ret); + return ret; + diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c @@ -110936,10 +111030,10 @@ index 0000000..54461af +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..82bc5a8 +index 0000000..3b5af59 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,557 @@ +@@ -0,0 +1,558 @@ +/* + * Copyright 2011 by Emese Revfy + * Copyright 2011-2014 by PaX Team @@ -111373,7 +111467,8 @@ index 0000000..82bc5a8 +#if BUILDING_GCC_VERSION >= 4008 + .optinfo_flags = OPTGROUP_NONE, +#endif -+#if BUILDING_GCC_VERSION >= 4009 ++#if BUILDING_GCC_VERSION >= 5000 ++#elif BUILDING_GCC_VERSION >= 4009 + .has_gate = false, + .has_execute = true, +#else @@ -111481,8 +111576,8 @@ index 0000000..82bc5a8 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + -+ if (strcmp(lang_hooks.name, "GNU C")) { -+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); ++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { ++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); + constify = false; + } + diff --git a/3.14.31/4425_grsec_remove_EI_PAX.patch b/3.18.7/4425_grsec_remove_EI_PAX.patch similarity index 100% rename from 3.14.31/4425_grsec_remove_EI_PAX.patch rename to 3.18.7/4425_grsec_remove_EI_PAX.patch diff --git a/3.18.5/4427_force_XATTR_PAX_tmpfs.patch b/3.18.7/4427_force_XATTR_PAX_tmpfs.patch similarity index 100% rename from 3.18.5/4427_force_XATTR_PAX_tmpfs.patch rename to 3.18.7/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.18.5/4430_grsec-remove-localversion-grsec.patch b/3.18.7/4430_grsec-remove-localversion-grsec.patch similarity index 100% rename from 3.18.5/4430_grsec-remove-localversion-grsec.patch rename to 3.18.7/4430_grsec-remove-localversion-grsec.patch diff --git a/3.18.5/4435_grsec-mute-warnings.patch b/3.18.7/4435_grsec-mute-warnings.patch similarity index 100% rename from 3.18.5/4435_grsec-mute-warnings.patch rename to 3.18.7/4435_grsec-mute-warnings.patch diff --git a/3.18.5/4440_grsec-remove-protected-paths.patch b/3.18.7/4440_grsec-remove-protected-paths.patch similarity index 100% rename from 3.18.5/4440_grsec-remove-protected-paths.patch rename to 3.18.7/4440_grsec-remove-protected-paths.patch diff --git a/3.18.5/4450_grsec-kconfig-default-gids.patch b/3.18.7/4450_grsec-kconfig-default-gids.patch similarity index 100% rename from 3.18.5/4450_grsec-kconfig-default-gids.patch rename to 3.18.7/4450_grsec-kconfig-default-gids.patch diff --git a/3.18.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.18.7/4465_selinux-avc_audit-log-curr_ip.patch similarity index 100% rename from 3.18.5/4465_selinux-avc_audit-log-curr_ip.patch rename to 3.18.7/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.18.5/4470_disable-compat_vdso.patch b/3.18.7/4470_disable-compat_vdso.patch similarity index 100% rename from 3.18.5/4470_disable-compat_vdso.patch rename to 3.18.7/4470_disable-compat_vdso.patch diff --git a/3.14.31/4475_emutramp_default_on.patch b/3.18.7/4475_emutramp_default_on.patch similarity index 100% rename from 3.14.31/4475_emutramp_default_on.patch rename to 3.18.7/4475_emutramp_default_on.patch diff --git a/3.2.66/0000_README b/3.2.67/0000_README similarity index 97% rename from 3.2.66/0000_README rename to 3.2.67/0000_README index 3806e75..deb8dff 100644 --- a/3.2.66/0000_README +++ b/3.2.67/0000_README @@ -182,7 +182,11 @@ Patch: 1065_linux-3.2.66.patch From: http://www.kernel.org Desc: Linux 3.2.66 -Patch: 4420_grsecurity-3.0-3.2.66-201502052350.patch +Patch: 1066_linux-3.2.67.patch +From: http://www.kernel.org +Desc: Linux 3.2.67 + +Patch: 4420_grsecurity-3.0-3.2.67-201502200807.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.66/1021_linux-3.2.22.patch b/3.2.67/1021_linux-3.2.22.patch similarity index 100% rename from 3.2.66/1021_linux-3.2.22.patch rename to 3.2.67/1021_linux-3.2.22.patch diff --git a/3.2.66/1022_linux-3.2.23.patch b/3.2.67/1022_linux-3.2.23.patch similarity index 100% rename from 3.2.66/1022_linux-3.2.23.patch rename to 3.2.67/1022_linux-3.2.23.patch diff --git a/3.2.66/1023_linux-3.2.24.patch b/3.2.67/1023_linux-3.2.24.patch similarity index 100% rename from 3.2.66/1023_linux-3.2.24.patch rename to 3.2.67/1023_linux-3.2.24.patch diff --git a/3.2.66/1024_linux-3.2.25.patch b/3.2.67/1024_linux-3.2.25.patch similarity index 100% rename from 3.2.66/1024_linux-3.2.25.patch rename to 3.2.67/1024_linux-3.2.25.patch diff --git a/3.2.66/1025_linux-3.2.26.patch b/3.2.67/1025_linux-3.2.26.patch similarity index 100% rename from 3.2.66/1025_linux-3.2.26.patch rename to 3.2.67/1025_linux-3.2.26.patch diff --git a/3.2.66/1026_linux-3.2.27.patch b/3.2.67/1026_linux-3.2.27.patch similarity index 100% rename from 3.2.66/1026_linux-3.2.27.patch rename to 3.2.67/1026_linux-3.2.27.patch diff --git a/3.2.66/1027_linux-3.2.28.patch b/3.2.67/1027_linux-3.2.28.patch similarity index 100% rename from 3.2.66/1027_linux-3.2.28.patch rename to 3.2.67/1027_linux-3.2.28.patch diff --git a/3.2.66/1028_linux-3.2.29.patch b/3.2.67/1028_linux-3.2.29.patch similarity index 100% rename from 3.2.66/1028_linux-3.2.29.patch rename to 3.2.67/1028_linux-3.2.29.patch diff --git a/3.2.66/1029_linux-3.2.30.patch b/3.2.67/1029_linux-3.2.30.patch similarity index 100% rename from 3.2.66/1029_linux-3.2.30.patch rename to 3.2.67/1029_linux-3.2.30.patch diff --git a/3.2.66/1030_linux-3.2.31.patch b/3.2.67/1030_linux-3.2.31.patch similarity index 100% rename from 3.2.66/1030_linux-3.2.31.patch rename to 3.2.67/1030_linux-3.2.31.patch diff --git a/3.2.66/1031_linux-3.2.32.patch b/3.2.67/1031_linux-3.2.32.patch similarity index 100% rename from 3.2.66/1031_linux-3.2.32.patch rename to 3.2.67/1031_linux-3.2.32.patch diff --git a/3.2.66/1032_linux-3.2.33.patch b/3.2.67/1032_linux-3.2.33.patch similarity index 100% rename from 3.2.66/1032_linux-3.2.33.patch rename to 3.2.67/1032_linux-3.2.33.patch diff --git a/3.2.66/1033_linux-3.2.34.patch b/3.2.67/1033_linux-3.2.34.patch similarity index 100% rename from 3.2.66/1033_linux-3.2.34.patch rename to 3.2.67/1033_linux-3.2.34.patch diff --git a/3.2.66/1034_linux-3.2.35.patch b/3.2.67/1034_linux-3.2.35.patch similarity index 100% rename from 3.2.66/1034_linux-3.2.35.patch rename to 3.2.67/1034_linux-3.2.35.patch diff --git a/3.2.66/1035_linux-3.2.36.patch b/3.2.67/1035_linux-3.2.36.patch similarity index 100% rename from 3.2.66/1035_linux-3.2.36.patch rename to 3.2.67/1035_linux-3.2.36.patch diff --git a/3.2.66/1036_linux-3.2.37.patch b/3.2.67/1036_linux-3.2.37.patch similarity index 100% rename from 3.2.66/1036_linux-3.2.37.patch rename to 3.2.67/1036_linux-3.2.37.patch diff --git a/3.2.66/1037_linux-3.2.38.patch b/3.2.67/1037_linux-3.2.38.patch similarity index 100% rename from 3.2.66/1037_linux-3.2.38.patch rename to 3.2.67/1037_linux-3.2.38.patch diff --git a/3.2.66/1038_linux-3.2.39.patch b/3.2.67/1038_linux-3.2.39.patch similarity index 100% rename from 3.2.66/1038_linux-3.2.39.patch rename to 3.2.67/1038_linux-3.2.39.patch diff --git a/3.2.66/1039_linux-3.2.40.patch b/3.2.67/1039_linux-3.2.40.patch similarity index 100% rename from 3.2.66/1039_linux-3.2.40.patch rename to 3.2.67/1039_linux-3.2.40.patch diff --git a/3.2.66/1040_linux-3.2.41.patch b/3.2.67/1040_linux-3.2.41.patch similarity index 100% rename from 3.2.66/1040_linux-3.2.41.patch rename to 3.2.67/1040_linux-3.2.41.patch diff --git a/3.2.66/1041_linux-3.2.42.patch b/3.2.67/1041_linux-3.2.42.patch similarity index 100% rename from 3.2.66/1041_linux-3.2.42.patch rename to 3.2.67/1041_linux-3.2.42.patch diff --git a/3.2.66/1042_linux-3.2.43.patch b/3.2.67/1042_linux-3.2.43.patch similarity index 100% rename from 3.2.66/1042_linux-3.2.43.patch rename to 3.2.67/1042_linux-3.2.43.patch diff --git a/3.2.66/1043_linux-3.2.44.patch b/3.2.67/1043_linux-3.2.44.patch similarity index 100% rename from 3.2.66/1043_linux-3.2.44.patch rename to 3.2.67/1043_linux-3.2.44.patch diff --git a/3.2.66/1044_linux-3.2.45.patch b/3.2.67/1044_linux-3.2.45.patch similarity index 100% rename from 3.2.66/1044_linux-3.2.45.patch rename to 3.2.67/1044_linux-3.2.45.patch diff --git a/3.2.66/1045_linux-3.2.46.patch b/3.2.67/1045_linux-3.2.46.patch similarity index 100% rename from 3.2.66/1045_linux-3.2.46.patch rename to 3.2.67/1045_linux-3.2.46.patch diff --git a/3.2.66/1046_linux-3.2.47.patch b/3.2.67/1046_linux-3.2.47.patch similarity index 100% rename from 3.2.66/1046_linux-3.2.47.patch rename to 3.2.67/1046_linux-3.2.47.patch diff --git a/3.2.66/1047_linux-3.2.48.patch b/3.2.67/1047_linux-3.2.48.patch similarity index 100% rename from 3.2.66/1047_linux-3.2.48.patch rename to 3.2.67/1047_linux-3.2.48.patch diff --git a/3.2.66/1048_linux-3.2.49.patch b/3.2.67/1048_linux-3.2.49.patch similarity index 100% rename from 3.2.66/1048_linux-3.2.49.patch rename to 3.2.67/1048_linux-3.2.49.patch diff --git a/3.2.66/1049_linux-3.2.50.patch b/3.2.67/1049_linux-3.2.50.patch similarity index 100% rename from 3.2.66/1049_linux-3.2.50.patch rename to 3.2.67/1049_linux-3.2.50.patch diff --git a/3.2.66/1050_linux-3.2.51.patch b/3.2.67/1050_linux-3.2.51.patch similarity index 100% rename from 3.2.66/1050_linux-3.2.51.patch rename to 3.2.67/1050_linux-3.2.51.patch diff --git a/3.2.66/1051_linux-3.2.52.patch b/3.2.67/1051_linux-3.2.52.patch similarity index 100% rename from 3.2.66/1051_linux-3.2.52.patch rename to 3.2.67/1051_linux-3.2.52.patch diff --git a/3.2.66/1052_linux-3.2.53.patch b/3.2.67/1052_linux-3.2.53.patch similarity index 100% rename from 3.2.66/1052_linux-3.2.53.patch rename to 3.2.67/1052_linux-3.2.53.patch diff --git a/3.2.66/1053_linux-3.2.54.patch b/3.2.67/1053_linux-3.2.54.patch similarity index 100% rename from 3.2.66/1053_linux-3.2.54.patch rename to 3.2.67/1053_linux-3.2.54.patch diff --git a/3.2.66/1054_linux-3.2.55.patch b/3.2.67/1054_linux-3.2.55.patch similarity index 100% rename from 3.2.66/1054_linux-3.2.55.patch rename to 3.2.67/1054_linux-3.2.55.patch diff --git a/3.2.66/1055_linux-3.2.56.patch b/3.2.67/1055_linux-3.2.56.patch similarity index 100% rename from 3.2.66/1055_linux-3.2.56.patch rename to 3.2.67/1055_linux-3.2.56.patch diff --git a/3.2.66/1056_linux-3.2.57.patch b/3.2.67/1056_linux-3.2.57.patch similarity index 100% rename from 3.2.66/1056_linux-3.2.57.patch rename to 3.2.67/1056_linux-3.2.57.patch diff --git a/3.2.66/1057_linux-3.2.58.patch b/3.2.67/1057_linux-3.2.58.patch similarity index 100% rename from 3.2.66/1057_linux-3.2.58.patch rename to 3.2.67/1057_linux-3.2.58.patch diff --git a/3.2.66/1058_linux-3.2.59.patch b/3.2.67/1058_linux-3.2.59.patch similarity index 100% rename from 3.2.66/1058_linux-3.2.59.patch rename to 3.2.67/1058_linux-3.2.59.patch diff --git a/3.2.66/1059_linux-3.2.60.patch b/3.2.67/1059_linux-3.2.60.patch similarity index 100% rename from 3.2.66/1059_linux-3.2.60.patch rename to 3.2.67/1059_linux-3.2.60.patch diff --git a/3.2.66/1060_linux-3.2.61.patch b/3.2.67/1060_linux-3.2.61.patch similarity index 100% rename from 3.2.66/1060_linux-3.2.61.patch rename to 3.2.67/1060_linux-3.2.61.patch diff --git a/3.2.66/1061_linux-3.2.62.patch b/3.2.67/1061_linux-3.2.62.patch similarity index 100% rename from 3.2.66/1061_linux-3.2.62.patch rename to 3.2.67/1061_linux-3.2.62.patch diff --git a/3.2.66/1062_linux-3.2.63.patch b/3.2.67/1062_linux-3.2.63.patch similarity index 100% rename from 3.2.66/1062_linux-3.2.63.patch rename to 3.2.67/1062_linux-3.2.63.patch diff --git a/3.2.66/1063_linux-3.2.64.patch b/3.2.67/1063_linux-3.2.64.patch similarity index 100% rename from 3.2.66/1063_linux-3.2.64.patch rename to 3.2.67/1063_linux-3.2.64.patch diff --git a/3.2.66/1064_linux-3.2.65.patch b/3.2.67/1064_linux-3.2.65.patch similarity index 100% rename from 3.2.66/1064_linux-3.2.65.patch rename to 3.2.67/1064_linux-3.2.65.patch diff --git a/3.2.66/1065_linux-3.2.66.patch b/3.2.67/1065_linux-3.2.66.patch similarity index 100% rename from 3.2.66/1065_linux-3.2.66.patch rename to 3.2.67/1065_linux-3.2.66.patch diff --git a/3.2.67/1066_linux-3.2.67.patch b/3.2.67/1066_linux-3.2.67.patch new file mode 100644 index 0000000..c0a9278 --- /dev/null +++ b/3.2.67/1066_linux-3.2.67.patch @@ -0,0 +1,6792 @@ +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index 1b196ea..f0001eb 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -940,6 +940,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + i8042.notimeout [HW] Ignore timeout condition signalled by conroller + i8042.reset [HW] Reset the controller during init and cleanup + i8042.unlock [HW] Unlock (ignore) the keylock ++ i8042.kbdreset [HW] Reset device connected to KBD port + + i810= [HW,DRM] + +diff --git a/Makefile b/Makefile +index f08f8bf..70769fb 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 2 +-SUBLEVEL = 66 ++SUBLEVEL = 67 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c +index fadd5f8..e576b91 100644 +--- a/arch/alpha/mm/fault.c ++++ b/arch/alpha/mm/fault.c +@@ -150,6 +150,8 @@ do_page_fault(unsigned long address, unsigned long mmcsr, + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/arm/mach-omap2/omap_l3_noc.c b/arch/arm/mach-omap2/omap_l3_noc.c +index d15225f..5b9631f 100644 +--- a/arch/arm/mach-omap2/omap_l3_noc.c ++++ b/arch/arm/mach-omap2/omap_l3_noc.c +@@ -121,11 +121,15 @@ static irqreturn_t l3_interrupt_handler(int irq, void *_l3) + /* Nothing to be handled here as of now */ + break; + } +- /* Error found so break the for loop */ +- break; ++ /* Error found so break the for loop */ ++ return IRQ_HANDLED; + } + } +- return IRQ_HANDLED; ++ ++ dev_err(l3->dev, "L3 %s IRQ not handled!!\n", ++ inttype ? "debug" : "application"); ++ ++ return IRQ_NONE; + } + + static int __devinit omap4_l3_probe(struct platform_device *pdev) +diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c +index f7040a1..632b649 100644 +--- a/arch/avr32/mm/fault.c ++++ b/arch/avr32/mm/fault.c +@@ -136,6 +136,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/cris/mm/fault.c b/arch/cris/mm/fault.c +index 9dcac8e..280c8ea 100644 +--- a/arch/cris/mm/fault.c ++++ b/arch/cris/mm/fault.c +@@ -166,6 +166,8 @@ do_page_fault(unsigned long address, struct pt_regs *regs, + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/frv/mm/fault.c b/arch/frv/mm/fault.c +index a325d57..46a3c18 100644 +--- a/arch/frv/mm/fault.c ++++ b/arch/frv/mm/fault.c +@@ -167,6 +167,8 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c +index 20b3593..1e362cd 100644 +--- a/arch/ia64/mm/fault.c ++++ b/arch/ia64/mm/fault.c +@@ -163,6 +163,8 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re + */ + if (fault & VM_FAULT_OOM) { + goto out_of_memory; ++ } else if (fault & VM_FAULT_SIGSEGV) { ++ goto bad_area; + } else if (fault & VM_FAULT_SIGBUS) { + signal = SIGBUS; + goto bad_area; +diff --git a/arch/m32r/mm/fault.c b/arch/m32r/mm/fault.c +index 2c9aeb4..beda9cc 100644 +--- a/arch/m32r/mm/fault.c ++++ b/arch/m32r/mm/fault.c +@@ -199,6 +199,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/m68k/mm/fault.c b/arch/m68k/mm/fault.c +index 2db6099..d605b93 100644 +--- a/arch/m68k/mm/fault.c ++++ b/arch/m68k/mm/fault.c +@@ -147,6 +147,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto map_err; + else if (fault & VM_FAULT_SIGBUS) + goto bus_err; + BUG(); +diff --git a/arch/microblaze/mm/fault.c b/arch/microblaze/mm/fault.c +index ae97d2c..31bb381 100644 +--- a/arch/microblaze/mm/fault.c ++++ b/arch/microblaze/mm/fault.c +@@ -215,6 +215,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c +index 937cf33..b8314cfe 100644 +--- a/arch/mips/mm/fault.c ++++ b/arch/mips/mm/fault.c +@@ -149,6 +149,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/mn10300/mm/fault.c b/arch/mn10300/mm/fault.c +index 0945409..fe2ceb7 100644 +--- a/arch/mn10300/mm/fault.c ++++ b/arch/mn10300/mm/fault.c +@@ -256,6 +256,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/openrisc/mm/fault.c b/arch/openrisc/mm/fault.c +index a5dce82..162abfb 100644 +--- a/arch/openrisc/mm/fault.c ++++ b/arch/openrisc/mm/fault.c +@@ -163,6 +163,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c +index 18162ce..a9b765a 100644 +--- a/arch/parisc/mm/fault.c ++++ b/arch/parisc/mm/fault.c +@@ -210,6 +210,8 @@ good_area: + */ + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto bad_area; + BUG(); +diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c +index 5efe8c9..7450843 100644 +--- a/arch/powerpc/mm/fault.c ++++ b/arch/powerpc/mm/fault.c +@@ -312,6 +312,8 @@ good_area: + */ + ret = handle_mm_fault(mm, vma, address, is_write ? FAULT_FLAG_WRITE : 0); + if (unlikely(ret & VM_FAULT_ERROR)) { ++ if (ret & VM_FAULT_SIGSEGV) ++ goto bad_area; + if (ret & VM_FAULT_OOM) + goto out_of_memory; + else if (ret & VM_FAULT_SIGBUS) +diff --git a/arch/powerpc/platforms/cell/spu_fault.c b/arch/powerpc/platforms/cell/spu_fault.c +index 641e727..62f3e4e 100644 +--- a/arch/powerpc/platforms/cell/spu_fault.c ++++ b/arch/powerpc/platforms/cell/spu_fault.c +@@ -75,7 +75,7 @@ int spu_handle_mm_fault(struct mm_struct *mm, unsigned long ea, + if (*flt & VM_FAULT_OOM) { + ret = -ENOMEM; + goto out_unlock; +- } else if (*flt & VM_FAULT_SIGBUS) { ++ } else if (*flt & (VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV)) { + ret = -EFAULT; + goto out_unlock; + } +diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c +index 51fb1ef..05d08c8 100644 +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -972,7 +972,7 @@ static void __exit aes_s390_fini(void) + module_init(aes_s390_init); + module_exit(aes_s390_fini); + +-MODULE_ALIAS("aes-all"); ++MODULE_ALIAS_CRYPTO("aes-all"); + + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); + MODULE_LICENSE("GPL"); +diff --git a/arch/s390/crypto/des_s390.c b/arch/s390/crypto/des_s390.c +index 991fb7d..28e336a 100644 +--- a/arch/s390/crypto/des_s390.c ++++ b/arch/s390/crypto/des_s390.c +@@ -626,8 +626,8 @@ static void __exit des_s390_exit(void) + module_init(des_s390_init); + module_exit(des_s390_exit); + +-MODULE_ALIAS("des"); +-MODULE_ALIAS("des3_ede"); ++MODULE_ALIAS_CRYPTO("des"); ++MODULE_ALIAS_CRYPTO("des3_ede"); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); +diff --git a/arch/s390/crypto/ghash_s390.c b/arch/s390/crypto/ghash_s390.c +index f6373f0..31086ea 100644 +--- a/arch/s390/crypto/ghash_s390.c ++++ b/arch/s390/crypto/ghash_s390.c +@@ -161,7 +161,7 @@ static void __exit ghash_mod_exit(void) + module_init(ghash_mod_init); + module_exit(ghash_mod_exit); + +-MODULE_ALIAS("ghash"); ++MODULE_ALIAS_CRYPTO("ghash"); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation"); +diff --git a/arch/s390/crypto/sha1_s390.c b/arch/s390/crypto/sha1_s390.c +index e9868c6..484c27c 100644 +--- a/arch/s390/crypto/sha1_s390.c ++++ b/arch/s390/crypto/sha1_s390.c +@@ -103,6 +103,6 @@ static void __exit sha1_s390_fini(void) + module_init(sha1_s390_init); + module_exit(sha1_s390_fini); + +-MODULE_ALIAS("sha1"); ++MODULE_ALIAS_CRYPTO("sha1"); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); +diff --git a/arch/s390/crypto/sha256_s390.c b/arch/s390/crypto/sha256_s390.c +index 0317a35..af31018 100644 +--- a/arch/s390/crypto/sha256_s390.c ++++ b/arch/s390/crypto/sha256_s390.c +@@ -143,7 +143,7 @@ static void __exit sha256_s390_fini(void) + module_init(sha256_s390_init); + module_exit(sha256_s390_fini); + +-MODULE_ALIAS("sha256"); +-MODULE_ALIAS("sha224"); ++MODULE_ALIAS_CRYPTO("sha256"); ++MODULE_ALIAS_CRYPTO("sha224"); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA256 and SHA224 Secure Hash Algorithm"); +diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c +index 32a8138..0c36989 100644 +--- a/arch/s390/crypto/sha512_s390.c ++++ b/arch/s390/crypto/sha512_s390.c +@@ -86,7 +86,7 @@ static struct shash_alg sha512_alg = { + } + }; + +-MODULE_ALIAS("sha512"); ++MODULE_ALIAS_CRYPTO("sha512"); + + static int sha384_init(struct shash_desc *desc) + { +@@ -126,7 +126,7 @@ static struct shash_alg sha384_alg = { + } + }; + +-MODULE_ALIAS("sha384"); ++MODULE_ALIAS_CRYPTO("sha384"); + + static int __init init(void) + { +diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c +index a5f6eff..bc486d0 100644 +--- a/arch/s390/kvm/intercept.c ++++ b/arch/s390/kvm/intercept.c +@@ -58,6 +58,7 @@ static int handle_lctlg(struct kvm_vcpu *vcpu) + break; + reg = (reg + 1) % 16; + } while (1); ++ kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu); + return 0; + } + +@@ -97,6 +98,7 @@ static int handle_lctl(struct kvm_vcpu *vcpu) + break; + reg = (reg + 1) % 16; + } while (1); ++ kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu); + return 0; + } + +diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c +index 0fc0a7e..b53339d 100644 +--- a/arch/s390/mm/fault.c ++++ b/arch/s390/mm/fault.c +@@ -249,6 +249,13 @@ static noinline void do_fault_error(struct pt_regs *regs, long int_code, + do_no_context(regs, int_code, trans_exc_code); + else + pagefault_out_of_memory(); ++ } else if (fault & VM_FAULT_SIGSEGV) { ++ /* Kernel mode? Handle exceptions or die */ ++ if (!user_mode(regs)) ++ do_no_context(regs, int_code, trans_exc_code); ++ else ++ do_sigsegv(regs, int_code, SEGV_MAPERR, ++ trans_exc_code); + } else if (fault & VM_FAULT_SIGBUS) { + /* Kernel mode? Handle exceptions or die */ + if (!(regs->psw.mask & PSW_MASK_PSTATE)) +diff --git a/arch/score/mm/fault.c b/arch/score/mm/fault.c +index 47b600e..b3744ca 100644 +--- a/arch/score/mm/fault.c ++++ b/arch/score/mm/fault.c +@@ -110,6 +110,8 @@ survive: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/sh/mm/fault_32.c b/arch/sh/mm/fault_32.c +index 7bebd04..db14482 100644 +--- a/arch/sh/mm/fault_32.c ++++ b/arch/sh/mm/fault_32.c +@@ -206,6 +206,8 @@ good_area: + goto out_of_memory; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + BUG(); + } + if (fault & VM_FAULT_MAJOR) { +diff --git a/arch/sh/mm/tlbflush_64.c b/arch/sh/mm/tlbflush_64.c +index e3430e0..43eef7b 100644 +--- a/arch/sh/mm/tlbflush_64.c ++++ b/arch/sh/mm/tlbflush_64.c +@@ -195,6 +195,8 @@ good_area: + goto out_of_memory; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + BUG(); + } + +diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c +index 8023fd7..802b806 100644 +--- a/arch/sparc/mm/fault_32.c ++++ b/arch/sparc/mm/fault_32.c +@@ -294,6 +294,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c +index 2c0b966..bfd7c02 100644 +--- a/arch/sparc/mm/fault_64.c ++++ b/arch/sparc/mm/fault_64.c +@@ -435,6 +435,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/tile/mm/fault.c b/arch/tile/mm/fault.c +index 25b7b90..c796ce44 100644 +--- a/arch/tile/mm/fault.c ++++ b/arch/tile/mm/fault.c +@@ -424,6 +424,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c +index dafc947..f79ffc9 100644 +--- a/arch/um/kernel/trap.c ++++ b/arch/um/kernel/trap.c +@@ -69,6 +69,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) { + goto out_of_memory; ++ } else if (fault & VM_FAULT_SIGSEGV) { ++ goto out; + } else if (fault & VM_FAULT_SIGBUS) { + err = -EACCES; + goto out; +diff --git a/arch/x86/crypto/aes_glue.c b/arch/x86/crypto/aes_glue.c +index 8efcf42..8950e0c 100644 +--- a/arch/x86/crypto/aes_glue.c ++++ b/arch/x86/crypto/aes_glue.c +@@ -67,5 +67,5 @@ module_exit(aes_fini); + + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, asm optimized"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("aes"); +-MODULE_ALIAS("aes-asm"); ++MODULE_ALIAS_CRYPTO("aes"); ++MODULE_ALIAS_CRYPTO("aes-asm"); +diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c +index 545d0ce..16acf68 100644 +--- a/arch/x86/crypto/aesni-intel_glue.c ++++ b/arch/x86/crypto/aesni-intel_glue.c +@@ -1380,4 +1380,4 @@ module_exit(aesni_exit); + + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, Intel AES-NI instructions optimized"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("aes"); ++MODULE_ALIAS_CRYPTO("aes"); +diff --git a/arch/x86/crypto/blowfish_glue.c b/arch/x86/crypto/blowfish_glue.c +index b05aa16..f8350d2 100644 +--- a/arch/x86/crypto/blowfish_glue.c ++++ b/arch/x86/crypto/blowfish_glue.c +@@ -488,5 +488,5 @@ module_exit(fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Blowfish Cipher Algorithm, asm optimized"); +-MODULE_ALIAS("blowfish"); +-MODULE_ALIAS("blowfish-asm"); ++MODULE_ALIAS_CRYPTO("blowfish"); ++MODULE_ALIAS_CRYPTO("blowfish-asm"); +diff --git a/arch/x86/crypto/crc32c-intel.c b/arch/x86/crypto/crc32c-intel.c +index b9d0026..7dad700 100644 +--- a/arch/x86/crypto/crc32c-intel.c ++++ b/arch/x86/crypto/crc32c-intel.c +@@ -194,5 +194,5 @@ MODULE_AUTHOR("Austin Zhang , Kent Liu + #include + #include ++#include + #include + + struct crypto_fpu_ctx { +@@ -159,3 +160,5 @@ void __exit crypto_fpu_exit(void) + { + crypto_unregister_template(&crypto_fpu_tmpl); + } ++ ++MODULE_ALIAS_CRYPTO("fpu"); +diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c +index 294a264..f781251 100644 +--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c ++++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c +@@ -339,4 +339,4 @@ module_exit(ghash_pclmulqdqni_mod_exit); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("GHASH Message Digest Algorithm, " + "acclerated by PCLMULQDQ-NI"); +-MODULE_ALIAS("ghash"); ++MODULE_ALIAS_CRYPTO("ghash"); +diff --git a/arch/x86/crypto/salsa20_glue.c b/arch/x86/crypto/salsa20_glue.c +index bccb76d..ae1ee37 100644 +--- a/arch/x86/crypto/salsa20_glue.c ++++ b/arch/x86/crypto/salsa20_glue.c +@@ -125,5 +125,5 @@ module_exit(fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm (optimized assembly version)"); +-MODULE_ALIAS("salsa20"); +-MODULE_ALIAS("salsa20-asm"); ++MODULE_ALIAS_CRYPTO("salsa20"); ++MODULE_ALIAS_CRYPTO("salsa20-asm"); +diff --git a/arch/x86/crypto/sha1_ssse3_glue.c b/arch/x86/crypto/sha1_ssse3_glue.c +index f916499..49b112e 100644 +--- a/arch/x86/crypto/sha1_ssse3_glue.c ++++ b/arch/x86/crypto/sha1_ssse3_glue.c +@@ -237,4 +237,4 @@ module_exit(sha1_ssse3_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm, Supplemental SSE3 accelerated"); + +-MODULE_ALIAS("sha1"); ++MODULE_ALIAS_CRYPTO("sha1"); +diff --git a/arch/x86/crypto/twofish_glue.c b/arch/x86/crypto/twofish_glue.c +index dc6b3fb..7ec12d9 100644 +--- a/arch/x86/crypto/twofish_glue.c ++++ b/arch/x86/crypto/twofish_glue.c +@@ -97,5 +97,5 @@ module_exit(fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION ("Twofish Cipher Algorithm, asm optimized"); +-MODULE_ALIAS("twofish"); +-MODULE_ALIAS("twofish-asm"); ++MODULE_ALIAS_CRYPTO("twofish"); ++MODULE_ALIAS_CRYPTO("twofish-asm"); +diff --git a/arch/x86/crypto/twofish_glue_3way.c b/arch/x86/crypto/twofish_glue_3way.c +index 5ede9c4..09ed353 100644 +--- a/arch/x86/crypto/twofish_glue_3way.c ++++ b/arch/x86/crypto/twofish_glue_3way.c +@@ -468,5 +468,5 @@ module_exit(fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Twofish Cipher Algorithm, 3-way parallel asm optimized"); +-MODULE_ALIAS("twofish"); +-MODULE_ALIAS("twofish-asm"); ++MODULE_ALIAS_CRYPTO("twofish"); ++MODULE_ALIAS_CRYPTO("twofish-asm"); +diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h +index 41935fa..3225868 100644 +--- a/arch/x86/include/asm/desc.h ++++ b/arch/x86/include/asm/desc.h +@@ -248,7 +248,8 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) + gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i]; + } + +-#define _LDT_empty(info) \ ++/* This intentionally ignores lm, since 32-bit apps don't have that field. */ ++#define LDT_empty(info) \ + ((info)->base_addr == 0 && \ + (info)->limit == 0 && \ + (info)->contents == 0 && \ +@@ -258,11 +259,18 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) + (info)->seg_not_present == 1 && \ + (info)->useable == 0) + +-#ifdef CONFIG_X86_64 +-#define LDT_empty(info) (_LDT_empty(info) && ((info)->lm == 0)) +-#else +-#define LDT_empty(info) (_LDT_empty(info)) +-#endif ++/* Lots of programs expect an all-zero user_desc to mean "no segment at all". */ ++static inline bool LDT_zero(const struct user_desc *info) ++{ ++ return (info->base_addr == 0 && ++ info->limit == 0 && ++ info->contents == 0 && ++ info->read_exec_only == 0 && ++ info->seg_32bit == 0 && ++ info->limit_in_pages == 0 && ++ info->seg_not_present == 0 && ++ info->useable == 0); ++} + + static inline void clear_LDT(void) + { +diff --git a/arch/x86/include/asm/ldt.h b/arch/x86/include/asm/ldt.h +index 46727eb..6e1aaf7 100644 +--- a/arch/x86/include/asm/ldt.h ++++ b/arch/x86/include/asm/ldt.h +@@ -28,6 +28,13 @@ struct user_desc { + unsigned int seg_not_present:1; + unsigned int useable:1; + #ifdef __x86_64__ ++ /* ++ * Because this bit is not present in 32-bit user code, user ++ * programs can pass uninitialized values here. Therefore, in ++ * any context in which a user_desc comes from a 32-bit program, ++ * the kernel must act as though lm == 0, regardless of the ++ * actual value. ++ */ + unsigned int lm:1; + #endif + }; +diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h +index a6962d9..5538b13 100644 +--- a/arch/x86/include/asm/msr-index.h ++++ b/arch/x86/include/asm/msr-index.h +@@ -123,6 +123,7 @@ + #define MSR_AMD64_PATCH_LOADER 0xc0010020 + #define MSR_AMD64_OSVW_ID_LENGTH 0xc0010140 + #define MSR_AMD64_OSVW_STATUS 0xc0010141 ++#define MSR_AMD64_LS_CFG 0xc0011020 + #define MSR_AMD64_DC_CFG 0xc0011022 + #define MSR_AMD64_IBSFETCHCTL 0xc0011030 + #define MSR_AMD64_IBSFETCHLINAD 0xc0011031 +diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c +index 2d44a28..60d4c33 100644 +--- a/arch/x86/kernel/cpu/amd.c ++++ b/arch/x86/kernel/cpu/amd.c +@@ -408,6 +408,16 @@ static void __cpuinit early_init_amd_mc(struct cpuinfo_x86 *c) + + c->x86_coreid_bits = bits; + #endif ++ ++ /* F16h erratum 793, CVE-2013-6885 */ ++ if (c->x86 == 0x16 && c->x86_model <= 0xf) { ++ u64 val; ++ ++ if (!rdmsrl_amd_safe(MSR_AMD64_LS_CFG, &val) && ++ !(val & BIT(15))) ++ wrmsrl_amd_safe(MSR_AMD64_LS_CFG, val | BIT(15)); ++ } ++ + } + + static void __cpuinit bsp_init_amd(struct cpuinfo_x86 *c) +diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c +index 1a3cf6e..d1582b6 100644 +--- a/arch/x86/kernel/cpu/mshyperv.c ++++ b/arch/x86/kernel/cpu/mshyperv.c +@@ -56,6 +56,7 @@ static struct clocksource hyperv_cs = { + .rating = 400, /* use this when running on Hyperv*/ + .read = read_hv_clock, + .mask = CLOCKSOURCE_MASK(64), ++ .flags = CLOCK_SOURCE_IS_CONTINUOUS, + }; + + static void __init ms_hyperv_init_platform(void) +diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c +index 7da647d..083848f 100644 +--- a/arch/x86/kernel/kprobes.c ++++ b/arch/x86/kernel/kprobes.c +@@ -1058,6 +1058,15 @@ int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs) + regs->flags &= ~X86_EFLAGS_IF; + trace_hardirqs_off(); + regs->ip = (unsigned long)(jp->entry); ++ ++ /* ++ * jprobes use jprobe_return() which skips the normal return ++ * path of the function, and this messes up the accounting of the ++ * function graph tracer to get messed up. ++ * ++ * Pause function graph tracing while performing the jprobe function. ++ */ ++ pause_graph_tracing(); + return 1; + } + +@@ -1083,24 +1092,25 @@ int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs) + struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); + u8 *addr = (u8 *) (regs->ip - 1); + struct jprobe *jp = container_of(p, struct jprobe, kp); ++ void *saved_sp = kcb->jprobe_saved_sp; + + if ((addr > (u8 *) jprobe_return) && + (addr < (u8 *) jprobe_return_end)) { +- if (stack_addr(regs) != kcb->jprobe_saved_sp) { ++ if (stack_addr(regs) != saved_sp) { + struct pt_regs *saved_regs = &kcb->jprobe_saved_regs; + printk(KERN_ERR + "current sp %p does not match saved sp %p\n", +- stack_addr(regs), kcb->jprobe_saved_sp); ++ stack_addr(regs), saved_sp); + printk(KERN_ERR "Saved registers for jprobe %p\n", jp); + show_registers(saved_regs); + printk(KERN_ERR "Current registers\n"); + show_registers(regs); + BUG(); + } ++ /* It's OK to start function graph tracing again */ ++ unpause_graph_tracing(); + *regs = kcb->jprobe_saved_regs; +- memcpy((kprobe_opcode_t *)(kcb->jprobe_saved_sp), +- kcb->jprobes_stack, +- MIN_STACK_SIZE(kcb->jprobe_saved_sp)); ++ memcpy(saved_sp, kcb->jprobes_stack, MIN_STACK_SIZE(saved_sp)); + preempt_enable_no_resched(); + return 1; + } +diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c +index 6a364a6..e361095 100644 +--- a/arch/x86/kernel/process_64.c ++++ b/arch/x86/kernel/process_64.c +@@ -385,24 +385,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) + + fpu = switch_fpu_prepare(prev_p, next_p); + +- /* +- * Reload esp0, LDT and the page table pointer: +- */ ++ /* Reload esp0 and ss1. */ + load_sp0(tss, next); + +- /* +- * Switch DS and ES. +- * This won't pick up thread selector changes, but I guess that is ok. +- */ +- savesegment(es, prev->es); +- if (unlikely(next->es | prev->es)) +- loadsegment(es, next->es); +- +- savesegment(ds, prev->ds); +- if (unlikely(next->ds | prev->ds)) +- loadsegment(ds, next->ds); +- +- + /* We must save %fs and %gs before load_TLS() because + * %fs and %gs may be cleared by load_TLS(). + * +@@ -411,41 +396,101 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) + savesegment(fs, fsindex); + savesegment(gs, gsindex); + ++ /* ++ * Load TLS before restoring any segments so that segment loads ++ * reference the correct GDT entries. ++ */ + load_TLS(next, cpu); + + /* +- * Leave lazy mode, flushing any hypercalls made here. +- * This must be done before restoring TLS segments so +- * the GDT and LDT are properly updated, and must be +- * done before math_state_restore, so the TS bit is up +- * to date. ++ * Leave lazy mode, flushing any hypercalls made here. This ++ * must be done after loading TLS entries in the GDT but before ++ * loading segments that might reference them, and and it must ++ * be done before math_state_restore, so the TS bit is up to ++ * date. + */ + arch_end_context_switch(next_p); + ++ /* Switch DS and ES. ++ * ++ * Reading them only returns the selectors, but writing them (if ++ * nonzero) loads the full descriptor from the GDT or LDT. The ++ * LDT for next is loaded in switch_mm, and the GDT is loaded ++ * above. ++ * ++ * We therefore need to write new values to the segment ++ * registers on every context switch unless both the new and old ++ * values are zero. ++ * ++ * Note that we don't need to do anything for CS and SS, as ++ * those are saved and restored as part of pt_regs. ++ */ ++ savesegment(es, prev->es); ++ if (unlikely(next->es | prev->es)) ++ loadsegment(es, next->es); ++ ++ savesegment(ds, prev->ds); ++ if (unlikely(next->ds | prev->ds)) ++ loadsegment(ds, next->ds); ++ + /* + * Switch FS and GS. + * +- * Segment register != 0 always requires a reload. Also +- * reload when it has changed. When prev process used 64bit +- * base always reload to avoid an information leak. ++ * These are even more complicated than FS and GS: they have ++ * 64-bit bases are that controlled by arch_prctl. Those bases ++ * only differ from the values in the GDT or LDT if the selector ++ * is 0. ++ * ++ * Loading the segment register resets the hidden base part of ++ * the register to 0 or the value from the GDT / LDT. If the ++ * next base address zero, writing 0 to the segment register is ++ * much faster than using wrmsr to explicitly zero the base. ++ * ++ * The thread_struct.fs and thread_struct.gs values are 0 ++ * if the fs and gs bases respectively are not overridden ++ * from the values implied by fsindex and gsindex. They ++ * are nonzero, and store the nonzero base addresses, if ++ * the bases are overridden. ++ * ++ * (fs != 0 && fsindex != 0) || (gs != 0 && gsindex != 0) should ++ * be impossible. ++ * ++ * Therefore we need to reload the segment registers if either ++ * the old or new selector is nonzero, and we need to override ++ * the base address if next thread expects it to be overridden. ++ * ++ * This code is unnecessarily slow in the case where the old and ++ * new indexes are zero and the new base is nonzero -- it will ++ * unnecessarily write 0 to the selector before writing the new ++ * base address. ++ * ++ * Note: This all depends on arch_prctl being the only way that ++ * user code can override the segment base. Once wrfsbase and ++ * wrgsbase are enabled, most of this code will need to change. + */ + if (unlikely(fsindex | next->fsindex | prev->fs)) { + loadsegment(fs, next->fsindex); ++ + /* +- * Check if the user used a selector != 0; if yes +- * clear 64bit base, since overloaded base is always +- * mapped to the Null selector ++ * If user code wrote a nonzero value to FS, then it also ++ * cleared the overridden base address. ++ * ++ * XXX: if user code wrote 0 to FS and cleared the base ++ * address itself, we won't notice and we'll incorrectly ++ * restore the prior base address next time we reschdule ++ * the process. + */ + if (fsindex) + prev->fs = 0; + } +- /* when next process has a 64bit base use it */ + if (next->fs) + wrmsrl(MSR_FS_BASE, next->fs); + prev->fsindex = fsindex; + + if (unlikely(gsindex | next->gsindex | prev->gs)) { + load_gs_index(next->gsindex); ++ ++ /* This works (and fails) the same way as fsindex above. */ + if (gsindex) + prev->gs = 0; + } +diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c +index 7af7338..0c38d06 100644 +--- a/arch/x86/kernel/tls.c ++++ b/arch/x86/kernel/tls.c +@@ -30,7 +30,28 @@ static int get_free_idx(void) + + static bool tls_desc_okay(const struct user_desc *info) + { +- if (LDT_empty(info)) ++ /* ++ * For historical reasons (i.e. no one ever documented how any ++ * of the segmentation APIs work), user programs can and do ++ * assume that a struct user_desc that's all zeros except for ++ * entry_number means "no segment at all". This never actually ++ * worked. In fact, up to Linux 3.19, a struct user_desc like ++ * this would create a 16-bit read-write segment with base and ++ * limit both equal to zero. ++ * ++ * That was close enough to "no segment at all" until we ++ * hardened this function to disallow 16-bit TLS segments. Fix ++ * it up by interpreting these zeroed segments the way that they ++ * were almost certainly intended to be interpreted. ++ * ++ * The correct way to ask for "no segment at all" is to specify ++ * a user_desc that satisfies LDT_empty. To keep everything ++ * working, we accept both. ++ * ++ * Note that there's a similar kludge in modify_ldt -- look at ++ * the distinction between modes 1 and 0x11. ++ */ ++ if (LDT_empty(info) || LDT_zero(info)) + return true; + + /* +@@ -40,6 +61,22 @@ static bool tls_desc_okay(const struct user_desc *info) + if (!info->seg_32bit) + return false; + ++ /* Only allow data segments in the TLS array. */ ++ if (info->contents > 1) ++ return false; ++ ++ /* ++ * Non-present segments with DPL 3 present an interesting attack ++ * surface. The kernel should handle such segments correctly, ++ * but TLS is very difficult to protect in a sandbox, so prevent ++ * such segments from being created. ++ * ++ * If userspace needs to remove a TLS entry, it can still delete ++ * it outright. ++ */ ++ if (info->seg_not_present) ++ return false; ++ + return true; + } + +@@ -56,7 +93,7 @@ static void set_tls_desc(struct task_struct *p, int idx, + cpu = get_cpu(); + + while (n-- > 0) { +- if (LDT_empty(info)) ++ if (LDT_empty(info) || LDT_zero(info)) + desc->a = desc->b = 0; + else + fill_ldt(desc, info); +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c +index f0ac042..bdad489 100644 +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -1952,6 +1952,17 @@ setup_syscalls_segments(struct x86_emulate_ctxt *ctxt, + ss->p = 1; + } + ++static bool vendor_intel(struct x86_emulate_ctxt *ctxt) ++{ ++ u32 eax, ebx, ecx, edx; ++ ++ eax = ecx = 0; ++ return ctxt->ops->get_cpuid(ctxt, &eax, &ebx, &ecx, &edx) ++ && ebx == X86EMUL_CPUID_VENDOR_GenuineIntel_ebx ++ && ecx == X86EMUL_CPUID_VENDOR_GenuineIntel_ecx ++ && edx == X86EMUL_CPUID_VENDOR_GenuineIntel_edx; ++} ++ + static bool em_syscall_is_enabled(struct x86_emulate_ctxt *ctxt) + { + struct x86_emulate_ops *ops = ctxt->ops; +@@ -2068,6 +2079,14 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) + if (ctxt->mode == X86EMUL_MODE_REAL) + return emulate_gp(ctxt, 0); + ++ /* ++ * Not recognized on AMD in compat mode (but is recognized in legacy ++ * mode). ++ */ ++ if ((ctxt->mode != X86EMUL_MODE_PROT64) && (efer & EFER_LMA) ++ && !vendor_intel(ctxt)) ++ return emulate_ud(ctxt); ++ + /* XXX sysenter/sysexit have not been tested in 64bit mode. + * Therefore, we inject an #UD. + */ +@@ -2077,23 +2096,13 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) + setup_syscalls_segments(ctxt, &cs, &ss); + + ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data); +- switch (ctxt->mode) { +- case X86EMUL_MODE_PROT32: +- if ((msr_data & 0xfffc) == 0x0) +- return emulate_gp(ctxt, 0); +- break; +- case X86EMUL_MODE_PROT64: +- if (msr_data == 0x0) +- return emulate_gp(ctxt, 0); +- break; +- } ++ if ((msr_data & 0xfffc) == 0x0) ++ return emulate_gp(ctxt, 0); + + ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF); +- cs_sel = (u16)msr_data; +- cs_sel &= ~SELECTOR_RPL_MASK; ++ cs_sel = (u16)msr_data & ~SELECTOR_RPL_MASK; + ss_sel = cs_sel + 8; +- ss_sel &= ~SELECTOR_RPL_MASK; +- if (ctxt->mode == X86EMUL_MODE_PROT64 || (efer & EFER_LMA)) { ++ if (efer & EFER_LMA) { + cs.d = 0; + cs.l = 1; + } +@@ -2102,10 +2111,11 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) + ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS); + + ops->get_msr(ctxt, MSR_IA32_SYSENTER_EIP, &msr_data); +- ctxt->_eip = msr_data; ++ ctxt->_eip = (efer & EFER_LMA) ? msr_data : (u32)msr_data; + + ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data); +- ctxt->regs[VCPU_REGS_RSP] = msr_data; ++ ctxt->regs[VCPU_REGS_RSP] = (efer & EFER_LMA) ? msr_data : ++ (u32)msr_data; + + return X86EMUL_CONTINUE; + } +diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c +index 53a7b69..8cac088 100644 +--- a/arch/x86/mm/fault.c ++++ b/arch/x86/mm/fault.c +@@ -877,6 +877,8 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code, + if (fault & (VM_FAULT_SIGBUS|VM_FAULT_HWPOISON| + VM_FAULT_HWPOISON_LARGE)) + do_sigbus(regs, error_code, address, fault); ++ else if (fault & VM_FAULT_SIGSEGV) ++ bad_area_nosemaphore(regs, error_code, address); + else + BUG(); + } +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c +index 266f717..44b93da 100644 +--- a/arch/x86/mm/init_64.c ++++ b/arch/x86/mm/init_64.c +@@ -778,7 +778,6 @@ void mark_rodata_ro(void) + unsigned long text_end = PAGE_ALIGN((unsigned long) &__stop___ex_table); + unsigned long rodata_end = PAGE_ALIGN((unsigned long) &__end_rodata); + unsigned long data_start = (unsigned long) &_sdata; +- unsigned long all_end; + + printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", + (end - start) >> 10); +@@ -787,19 +786,10 @@ void mark_rodata_ro(void) + kernel_set_to_readonly = 1; + + /* +- * The rodata/data/bss/brk section (but not the kernel text!) +- * should also be not-executable. +- * +- * We align all_end to PMD_SIZE because the existing mapping +- * is a full PMD. If we would align _brk_end to PAGE_SIZE we +- * split the PMD and the reminder between _brk_end and the end +- * of the PMD will remain mapped executable. +- * +- * Any PMD which was setup after the one which covers _brk_end +- * has been zapped already via cleanup_highmem(). ++ * The rodata section (but not the kernel text!) should also be ++ * not-executable. + */ +- all_end = roundup((unsigned long)_brk_end, PMD_SIZE); +- set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT); ++ set_memory_nx(rodata_start, (end - rodata_start) >> PAGE_SHIFT); + + rodata_test(); + +diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c +index 153407c..0ff8815 100644 +--- a/arch/x86/vdso/vma.c ++++ b/arch/x86/vdso/vma.c +@@ -72,30 +72,43 @@ subsys_initcall(init_vdso); + + struct linux_binprm; + +-/* Put the vdso above the (randomized) stack with another randomized offset. +- This way there is no hole in the middle of address space. +- To save memory make sure it is still in the same PTE as the stack top. +- This doesn't give that many random bits */ ++/* ++ * Put the vdso above the (randomized) stack with another randomized ++ * offset. This way there is no hole in the middle of address space. ++ * To save memory make sure it is still in the same PTE as the stack ++ * top. This doesn't give that many random bits. ++ * ++ * Note that this algorithm is imperfect: the distribution of the vdso ++ * start address within a PMD is biased toward the end. ++ */ + static unsigned long vdso_addr(unsigned long start, unsigned len) + { + unsigned long addr, end; + unsigned offset; +- end = (start + PMD_SIZE - 1) & PMD_MASK; ++ ++ /* ++ * Round up the start address. It can start out unaligned as a result ++ * of stack start randomization. ++ */ ++ start = PAGE_ALIGN(start); ++ ++ /* Round the lowest possible end address up to a PMD boundary. */ ++ end = (start + len + PMD_SIZE - 1) & PMD_MASK; + if (end >= TASK_SIZE_MAX) + end = TASK_SIZE_MAX; + end -= len; +- /* This loses some more bits than a modulo, but is cheaper */ +- offset = get_random_int() & (PTRS_PER_PTE - 1); +- addr = start + (offset << PAGE_SHIFT); +- if (addr >= end) +- addr = end; ++ ++ if (end > start) { ++ offset = get_random_int() % (((end - start) >> PAGE_SHIFT) + 1); ++ addr = start + (offset << PAGE_SHIFT); ++ } else { ++ addr = start; ++ } + + /* +- * page-align it here so that get_unmapped_area doesn't +- * align it wrongfully again to the next page. addr can come in 4K +- * unaligned here as a result of stack start randomization. ++ * Forcibly align the final address in case we have a hardware ++ * issue that requires alignment for performance reasons. + */ +- addr = PAGE_ALIGN(addr); + addr = align_addr(addr, NULL, ALIGN_VDSO); + + return addr; +diff --git a/arch/xtensa/mm/fault.c b/arch/xtensa/mm/fault.c +index e367e30..4439a1d 100644 +--- a/arch/xtensa/mm/fault.c ++++ b/arch/xtensa/mm/fault.c +@@ -109,6 +109,8 @@ good_area: + if (unlikely(fault & VM_FAULT_ERROR)) { + if (fault & VM_FAULT_OOM) + goto out_of_memory; ++ else if (fault & VM_FAULT_SIGSEGV) ++ goto bad_area; + else if (fault & VM_FAULT_SIGBUS) + goto do_sigbus; + BUG(); +diff --git a/block/genhd.c b/block/genhd.c +index 41b0435..424d1fa 100644 +--- a/block/genhd.c ++++ b/block/genhd.c +@@ -1070,9 +1070,16 @@ int disk_expand_part_tbl(struct gendisk *disk, int partno) + struct disk_part_tbl *old_ptbl = disk->part_tbl; + struct disk_part_tbl *new_ptbl; + int len = old_ptbl ? old_ptbl->len : 0; +- int target = partno + 1; ++ int i, target; + size_t size; +- int i; ++ ++ /* ++ * check for int overflow, since we can get here from blkpg_ioctl() ++ * with a user passed 'partno'. ++ */ ++ target = partno + 1; ++ if (target < 0) ++ return -EINVAL; + + /* disk_max_parts() is zero during initialization, ignore if so */ + if (disk_max_parts(disk) && target > disk_max_parts(disk)) +diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c +index a68c73d..bd776be 100644 +--- a/crypto/aes_generic.c ++++ b/crypto/aes_generic.c +@@ -1475,4 +1475,5 @@ module_exit(aes_fini); + + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); + MODULE_LICENSE("Dual BSD/GPL"); +-MODULE_ALIAS("aes"); ++MODULE_ALIAS_CRYPTO("aes"); ++MODULE_ALIAS_CRYPTO("aes-generic"); +diff --git a/crypto/af_alg.c b/crypto/af_alg.c +index bf948e1..6ef6e2a 100644 +--- a/crypto/af_alg.c ++++ b/crypto/af_alg.c +@@ -449,6 +449,9 @@ void af_alg_complete(struct crypto_async_request *req, int err) + { + struct af_alg_completion *completion = req->data; + ++ if (err == -EINPROGRESS) ++ return; ++ + completion->err = err; + complete(&completion->completion); + } +diff --git a/crypto/algapi.c b/crypto/algapi.c +index dc9991f..3b9ef92 100644 +--- a/crypto/algapi.c ++++ b/crypto/algapi.c +@@ -477,8 +477,8 @@ static struct crypto_template *__crypto_lookup_template(const char *name) + + struct crypto_template *crypto_lookup_template(const char *name) + { +- return try_then_request_module(__crypto_lookup_template(name), "%s", +- name); ++ return try_then_request_module(__crypto_lookup_template(name), ++ "crypto-%s", name); + } + EXPORT_SYMBOL_GPL(crypto_lookup_template); + +diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c +index 6056178..f112ca2 100644 +--- a/crypto/ansi_cprng.c ++++ b/crypto/ansi_cprng.c +@@ -485,4 +485,5 @@ module_param(dbg, int, 0); + MODULE_PARM_DESC(dbg, "Boolean to enable debugging (0/1 == off/on)"); + module_init(prng_mod_init); + module_exit(prng_mod_fini); +-MODULE_ALIAS("stdrng"); ++MODULE_ALIAS_CRYPTO("stdrng"); ++MODULE_ALIAS_CRYPTO("ansi_cprng"); +diff --git a/crypto/anubis.c b/crypto/anubis.c +index 77530d5..523ed52 100644 +--- a/crypto/anubis.c ++++ b/crypto/anubis.c +@@ -705,3 +705,4 @@ module_exit(anubis_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Anubis Cryptographic Algorithm"); ++MODULE_ALIAS_CRYPTO("anubis"); +diff --git a/crypto/api.c b/crypto/api.c +index cea3cf6..ac80794 100644 +--- a/crypto/api.c ++++ b/crypto/api.c +@@ -222,11 +222,11 @@ struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask) + + alg = crypto_alg_lookup(name, type, mask); + if (!alg) { +- request_module("%s", name); ++ request_module("crypto-%s", name); + + if (!((type ^ CRYPTO_ALG_NEED_FALLBACK) & mask & + CRYPTO_ALG_NEED_FALLBACK)) +- request_module("%s-all", name); ++ request_module("crypto-%s-all", name); + + alg = crypto_alg_lookup(name, type, mask); + } +diff --git a/crypto/arc4.c b/crypto/arc4.c +index 0d12a96..c404623 100644 +--- a/crypto/arc4.c ++++ b/crypto/arc4.c +@@ -101,3 +101,4 @@ module_exit(arc4_exit); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("ARC4 Cipher Algorithm"); + MODULE_AUTHOR("Jon Oberheide "); ++MODULE_ALIAS_CRYPTO("arc4"); +diff --git a/crypto/authenc.c b/crypto/authenc.c +index d21da2f..112b4e3 100644 +--- a/crypto/authenc.c ++++ b/crypto/authenc.c +@@ -710,3 +710,4 @@ module_exit(crypto_authenc_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec"); ++MODULE_ALIAS_CRYPTO("authenc"); +diff --git a/crypto/authencesn.c b/crypto/authencesn.c +index 136b68b..dd1f303 100644 +--- a/crypto/authencesn.c ++++ b/crypto/authencesn.c +@@ -833,3 +833,4 @@ module_exit(crypto_authenc_esn_module_exit); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Steffen Klassert "); + MODULE_DESCRIPTION("AEAD wrapper for IPsec with extended sequence numbers"); ++MODULE_ALIAS_CRYPTO("authencesn"); +diff --git a/crypto/blowfish_generic.c b/crypto/blowfish_generic.c +index 6f269b5..0938609 100644 +--- a/crypto/blowfish_generic.c ++++ b/crypto/blowfish_generic.c +@@ -139,4 +139,5 @@ module_exit(blowfish_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Blowfish Cipher Algorithm"); +-MODULE_ALIAS("blowfish"); ++MODULE_ALIAS_CRYPTO("blowfish"); ++MODULE_ALIAS_CRYPTO("blowfish-generic"); +diff --git a/crypto/camellia.c b/crypto/camellia.c +index 64cff46..18024da 100644 +--- a/crypto/camellia.c ++++ b/crypto/camellia.c +@@ -1114,3 +1114,4 @@ module_exit(camellia_fini); + + MODULE_DESCRIPTION("Camellia Cipher Algorithm"); + MODULE_LICENSE("GPL"); ++MODULE_ALIAS_CRYPTO("camellia"); +diff --git a/crypto/cast5.c b/crypto/cast5.c +index 4a230dd..b5f7ee5 100644 +--- a/crypto/cast5.c ++++ b/crypto/cast5.c +@@ -806,4 +806,5 @@ module_exit(cast5_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Cast5 Cipher Algorithm"); ++MODULE_ALIAS_CRYPTO("cast5"); + +diff --git a/crypto/cast6.c b/crypto/cast6.c +index e0c15a6..6839587 100644 +--- a/crypto/cast6.c ++++ b/crypto/cast6.c +@@ -545,3 +545,4 @@ module_exit(cast6_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Cast6 Cipher Algorithm"); ++MODULE_ALIAS_CRYPTO("cast6"); +diff --git a/crypto/cbc.c b/crypto/cbc.c +index 61ac42e..780ee27 100644 +--- a/crypto/cbc.c ++++ b/crypto/cbc.c +@@ -289,3 +289,4 @@ module_exit(crypto_cbc_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("CBC block cipher algorithm"); ++MODULE_ALIAS_CRYPTO("cbc"); +diff --git a/crypto/ccm.c b/crypto/ccm.c +index 2002ca7..aa8d4f5 100644 +--- a/crypto/ccm.c ++++ b/crypto/ccm.c +@@ -888,5 +888,6 @@ module_exit(crypto_ccm_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Counter with CBC MAC"); +-MODULE_ALIAS("ccm_base"); +-MODULE_ALIAS("rfc4309"); ++MODULE_ALIAS_CRYPTO("ccm_base"); ++MODULE_ALIAS_CRYPTO("rfc4309"); ++MODULE_ALIAS_CRYPTO("ccm"); +diff --git a/crypto/chainiv.c b/crypto/chainiv.c +index ba200b0..3bf2eb0 100644 +--- a/crypto/chainiv.c ++++ b/crypto/chainiv.c +@@ -360,3 +360,4 @@ module_exit(chainiv_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Chain IV Generator"); ++MODULE_ALIAS_CRYPTO("chainiv"); +diff --git a/crypto/crc32c.c b/crypto/crc32c.c +index 3f9ad28..b2c030b 100644 +--- a/crypto/crc32c.c ++++ b/crypto/crc32c.c +@@ -258,3 +258,4 @@ module_exit(crc32c_mod_fini); + MODULE_AUTHOR("Clay Haapala "); + MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c"); + MODULE_LICENSE("GPL"); ++MODULE_ALIAS_CRYPTO("crc32c"); +diff --git a/crypto/cryptd.c b/crypto/cryptd.c +index 7bdd61b..75c415d 100644 +--- a/crypto/cryptd.c ++++ b/crypto/cryptd.c +@@ -955,3 +955,4 @@ module_exit(cryptd_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Software async crypto daemon"); ++MODULE_ALIAS_CRYPTO("cryptd"); +diff --git a/crypto/crypto_null.c b/crypto/crypto_null.c +index 07a8a96..7a2fbf6 100644 +--- a/crypto/crypto_null.c ++++ b/crypto/crypto_null.c +@@ -156,9 +156,9 @@ static struct crypto_alg skcipher_null = { + .decrypt = skcipher_null_crypt } } + }; + +-MODULE_ALIAS("compress_null"); +-MODULE_ALIAS("digest_null"); +-MODULE_ALIAS("cipher_null"); ++MODULE_ALIAS_CRYPTO("compress_null"); ++MODULE_ALIAS_CRYPTO("digest_null"); ++MODULE_ALIAS_CRYPTO("cipher_null"); + + static int __init crypto_null_mod_init(void) + { +diff --git a/crypto/ctr.c b/crypto/ctr.c +index 4ca7222..ff7b3a3 100644 +--- a/crypto/ctr.c ++++ b/crypto/ctr.c +@@ -421,4 +421,5 @@ module_exit(crypto_ctr_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("CTR Counter block mode"); +-MODULE_ALIAS("rfc3686"); ++MODULE_ALIAS_CRYPTO("rfc3686"); ++MODULE_ALIAS_CRYPTO("ctr"); +diff --git a/crypto/cts.c b/crypto/cts.c +index ccf9c5d..714283d 100644 +--- a/crypto/cts.c ++++ b/crypto/cts.c +@@ -351,3 +351,4 @@ module_exit(crypto_cts_module_exit); + + MODULE_LICENSE("Dual BSD/GPL"); + MODULE_DESCRIPTION("CTS-CBC CipherText Stealing for CBC"); ++MODULE_ALIAS_CRYPTO("cts"); +diff --git a/crypto/deflate.c b/crypto/deflate.c +index b0165ec..467423a 100644 +--- a/crypto/deflate.c ++++ b/crypto/deflate.c +@@ -223,4 +223,4 @@ module_exit(deflate_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Deflate Compression Algorithm for IPCOMP"); + MODULE_AUTHOR("James Morris "); +- ++MODULE_ALIAS_CRYPTO("deflate"); +diff --git a/crypto/des_generic.c b/crypto/des_generic.c +index 873818d..e404201 100644 +--- a/crypto/des_generic.c ++++ b/crypto/des_generic.c +@@ -975,8 +975,6 @@ static struct crypto_alg des3_ede_alg = { + .cia_decrypt = des3_ede_decrypt } } + }; + +-MODULE_ALIAS("des3_ede"); +- + static int __init des_generic_mod_init(void) + { + int ret = 0; +@@ -1004,4 +1002,7 @@ module_exit(des_generic_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); + MODULE_AUTHOR("Dag Arne Osvik "); +-MODULE_ALIAS("des"); ++MODULE_ALIAS_CRYPTO("des"); ++MODULE_ALIAS_CRYPTO("des-generic"); ++MODULE_ALIAS_CRYPTO("des3_ede"); ++MODULE_ALIAS_CRYPTO("des3_ede-generic"); +diff --git a/crypto/ecb.c b/crypto/ecb.c +index 935cfef..12011af 100644 +--- a/crypto/ecb.c ++++ b/crypto/ecb.c +@@ -185,3 +185,4 @@ module_exit(crypto_ecb_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("ECB block cipher algorithm"); ++MODULE_ALIAS_CRYPTO("ecb"); +diff --git a/crypto/eseqiv.c b/crypto/eseqiv.c +index 42ce9f5..388f582 100644 +--- a/crypto/eseqiv.c ++++ b/crypto/eseqiv.c +@@ -267,3 +267,4 @@ module_exit(eseqiv_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Encrypted Sequence Number IV Generator"); ++MODULE_ALIAS_CRYPTO("eseqiv"); +diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c +index c33107e..d99a67d 100644 +--- a/crypto/fcrypt.c ++++ b/crypto/fcrypt.c +@@ -421,3 +421,4 @@ module_exit(fcrypt_mod_fini); + MODULE_LICENSE("Dual BSD/GPL"); + MODULE_DESCRIPTION("FCrypt Cipher Algorithm"); + MODULE_AUTHOR("David Howells "); ++MODULE_ALIAS_CRYPTO("fcrypt"); +diff --git a/crypto/gcm.c b/crypto/gcm.c +index b97b186..1e33561 100644 +--- a/crypto/gcm.c ++++ b/crypto/gcm.c +@@ -1374,6 +1374,7 @@ module_exit(crypto_gcm_module_exit); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Galois/Counter Mode"); + MODULE_AUTHOR("Mikko Herranen "); +-MODULE_ALIAS("gcm_base"); +-MODULE_ALIAS("rfc4106"); +-MODULE_ALIAS("rfc4543"); ++MODULE_ALIAS_CRYPTO("gcm_base"); ++MODULE_ALIAS_CRYPTO("rfc4106"); ++MODULE_ALIAS_CRYPTO("rfc4543"); ++MODULE_ALIAS_CRYPTO("gcm"); +diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c +index 7835b8f..bf5f8d7 100644 +--- a/crypto/ghash-generic.c ++++ b/crypto/ghash-generic.c +@@ -173,4 +173,5 @@ module_exit(ghash_mod_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("GHASH Message Digest Algorithm"); +-MODULE_ALIAS("ghash"); ++MODULE_ALIAS_CRYPTO("ghash"); ++MODULE_ALIAS_CRYPTO("ghash-generic"); +diff --git a/crypto/hmac.c b/crypto/hmac.c +index 8d9544c..ade790b 100644 +--- a/crypto/hmac.c ++++ b/crypto/hmac.c +@@ -271,3 +271,4 @@ module_exit(hmac_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("HMAC hash algorithm"); ++MODULE_ALIAS_CRYPTO("hmac"); +diff --git a/crypto/khazad.c b/crypto/khazad.c +index 527e4e3..ea82051 100644 +--- a/crypto/khazad.c ++++ b/crypto/khazad.c +@@ -881,3 +881,4 @@ module_exit(khazad_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Khazad Cryptographic Algorithm"); ++MODULE_ALIAS_CRYPTO("khazad"); +diff --git a/crypto/krng.c b/crypto/krng.c +index 4328bb3..85418d6 100644 +--- a/crypto/krng.c ++++ b/crypto/krng.c +@@ -63,4 +63,5 @@ module_exit(krng_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Kernel Random Number Generator"); +-MODULE_ALIAS("stdrng"); ++MODULE_ALIAS_CRYPTO("stdrng"); ++MODULE_ALIAS_CRYPTO("krng"); +diff --git a/crypto/lrw.c b/crypto/lrw.c +index 358f80b..567c195 100644 +--- a/crypto/lrw.c ++++ b/crypto/lrw.c +@@ -312,3 +312,4 @@ module_exit(crypto_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("LRW block cipher mode"); ++MODULE_ALIAS_CRYPTO("lrw"); +diff --git a/crypto/lzo.c b/crypto/lzo.c +index b5e7707..6b21152 100644 +--- a/crypto/lzo.c ++++ b/crypto/lzo.c +@@ -104,3 +104,4 @@ module_exit(lzo_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("LZO Compression Algorithm"); ++MODULE_ALIAS_CRYPTO("lzo"); +diff --git a/crypto/md4.c b/crypto/md4.c +index 0477a6a..3515af4 100644 +--- a/crypto/md4.c ++++ b/crypto/md4.c +@@ -255,4 +255,4 @@ module_exit(md4_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("MD4 Message Digest Algorithm"); +- ++MODULE_ALIAS_CRYPTO("md4"); +diff --git a/crypto/md5.c b/crypto/md5.c +index 7febeaa..36f5e5b 100644 +--- a/crypto/md5.c ++++ b/crypto/md5.c +@@ -168,3 +168,4 @@ module_exit(md5_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("MD5 Message Digest Algorithm"); ++MODULE_ALIAS_CRYPTO("md5"); +diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c +index 079b761..46195e0 100644 +--- a/crypto/michael_mic.c ++++ b/crypto/michael_mic.c +@@ -184,3 +184,4 @@ module_exit(michael_mic_exit); + MODULE_LICENSE("GPL v2"); + MODULE_DESCRIPTION("Michael MIC"); + MODULE_AUTHOR("Jouni Malinen "); ++MODULE_ALIAS_CRYPTO("michael_mic"); +diff --git a/crypto/pcbc.c b/crypto/pcbc.c +index d1b8bdf..f654965 100644 +--- a/crypto/pcbc.c ++++ b/crypto/pcbc.c +@@ -295,3 +295,4 @@ module_exit(crypto_pcbc_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("PCBC block cipher algorithm"); ++MODULE_ALIAS_CRYPTO("pcbc"); +diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c +index 29a89da..ba92046 100644 +--- a/crypto/pcrypt.c ++++ b/crypto/pcrypt.c +@@ -565,3 +565,4 @@ module_exit(pcrypt_exit); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Steffen Klassert "); + MODULE_DESCRIPTION("Parallel crypto wrapper"); ++MODULE_ALIAS_CRYPTO("pcrypt"); +diff --git a/crypto/rmd128.c b/crypto/rmd128.c +index 8a0f68b..049486e 100644 +--- a/crypto/rmd128.c ++++ b/crypto/rmd128.c +@@ -327,3 +327,4 @@ module_exit(rmd128_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Adrian-Ken Rueegsegger "); + MODULE_DESCRIPTION("RIPEMD-128 Message Digest"); ++MODULE_ALIAS_CRYPTO("rmd128"); +diff --git a/crypto/rmd160.c b/crypto/rmd160.c +index 525d7bb..de585e5 100644 +--- a/crypto/rmd160.c ++++ b/crypto/rmd160.c +@@ -371,3 +371,4 @@ module_exit(rmd160_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Adrian-Ken Rueegsegger "); + MODULE_DESCRIPTION("RIPEMD-160 Message Digest"); ++MODULE_ALIAS_CRYPTO("rmd160"); +diff --git a/crypto/rmd256.c b/crypto/rmd256.c +index 69293d9..4ec02a7 100644 +--- a/crypto/rmd256.c ++++ b/crypto/rmd256.c +@@ -346,3 +346,4 @@ module_exit(rmd256_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Adrian-Ken Rueegsegger "); + MODULE_DESCRIPTION("RIPEMD-256 Message Digest"); ++MODULE_ALIAS_CRYPTO("rmd256"); +diff --git a/crypto/rmd320.c b/crypto/rmd320.c +index 09f97df..770f2cb 100644 +--- a/crypto/rmd320.c ++++ b/crypto/rmd320.c +@@ -395,3 +395,4 @@ module_exit(rmd320_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Adrian-Ken Rueegsegger "); + MODULE_DESCRIPTION("RIPEMD-320 Message Digest"); ++MODULE_ALIAS_CRYPTO("rmd320"); +diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c +index eac10c1..f5e5a33 100644 +--- a/crypto/salsa20_generic.c ++++ b/crypto/salsa20_generic.c +@@ -249,4 +249,5 @@ module_exit(salsa20_generic_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm"); +-MODULE_ALIAS("salsa20"); ++MODULE_ALIAS_CRYPTO("salsa20"); ++MODULE_ALIAS_CRYPTO("salsa20-generic"); +diff --git a/crypto/seed.c b/crypto/seed.c +index d3e422f..3e40f5f 100644 +--- a/crypto/seed.c ++++ b/crypto/seed.c +@@ -477,3 +477,4 @@ module_exit(seed_fini); + MODULE_DESCRIPTION("SEED Cipher Algorithm"); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Hye-Shik Chang , Kim Hyun "); ++MODULE_ALIAS_CRYPTO("seed"); +diff --git a/crypto/seqiv.c b/crypto/seqiv.c +index 4c44912..385895f 100644 +--- a/crypto/seqiv.c ++++ b/crypto/seqiv.c +@@ -363,3 +363,4 @@ module_exit(seqiv_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Sequence Number IV Generator"); ++MODULE_ALIAS_CRYPTO("seqiv"); +diff --git a/crypto/serpent.c b/crypto/serpent.c +index b651a55..db6beb6 100644 +--- a/crypto/serpent.c ++++ b/crypto/serpent.c +@@ -584,4 +584,5 @@ module_exit(serpent_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Serpent and tnepres (kerneli compatible serpent reversed) Cipher Algorithm"); + MODULE_AUTHOR("Dag Arne Osvik "); +-MODULE_ALIAS("tnepres"); ++MODULE_ALIAS_CRYPTO("tnepres"); ++MODULE_ALIAS_CRYPTO("serpent"); +diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c +index 4279480..fdf7c00 100644 +--- a/crypto/sha1_generic.c ++++ b/crypto/sha1_generic.c +@@ -153,4 +153,5 @@ module_exit(sha1_generic_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); + +-MODULE_ALIAS("sha1"); ++MODULE_ALIAS_CRYPTO("sha1"); ++MODULE_ALIAS_CRYPTO("sha1-generic"); +diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c +index c48459e..dcad5ce 100644 +--- a/crypto/sha256_generic.c ++++ b/crypto/sha256_generic.c +@@ -398,5 +398,7 @@ module_exit(sha256_generic_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm"); + +-MODULE_ALIAS("sha224"); +-MODULE_ALIAS("sha256"); ++MODULE_ALIAS_CRYPTO("sha224"); ++MODULE_ALIAS_CRYPTO("sha224-generic"); ++MODULE_ALIAS_CRYPTO("sha256"); ++MODULE_ALIAS_CRYPTO("sha256-generic"); +diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c +index dd30f40..7a54cb4 100644 +--- a/crypto/sha512_generic.c ++++ b/crypto/sha512_generic.c +@@ -294,5 +294,7 @@ module_exit(sha512_generic_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA-512 and SHA-384 Secure Hash Algorithms"); + +-MODULE_ALIAS("sha384"); +-MODULE_ALIAS("sha512"); ++MODULE_ALIAS_CRYPTO("sha384"); ++MODULE_ALIAS_CRYPTO("sha384-generic"); ++MODULE_ALIAS_CRYPTO("sha512"); ++MODULE_ALIAS_CRYPTO("sha512-generic"); +diff --git a/crypto/tea.c b/crypto/tea.c +index 412bc74..b8f7001 100644 +--- a/crypto/tea.c ++++ b/crypto/tea.c +@@ -299,8 +299,9 @@ static void __exit tea_mod_fini(void) + crypto_unregister_alg(&xeta_alg); + } + +-MODULE_ALIAS("xtea"); +-MODULE_ALIAS("xeta"); ++MODULE_ALIAS_CRYPTO("tea"); ++MODULE_ALIAS_CRYPTO("xtea"); ++MODULE_ALIAS_CRYPTO("xeta"); + + module_init(tea_mod_init); + module_exit(tea_mod_fini); +diff --git a/crypto/tgr192.c b/crypto/tgr192.c +index cbca4f20..35dbd59 100644 +--- a/crypto/tgr192.c ++++ b/crypto/tgr192.c +@@ -702,8 +702,9 @@ static void __exit tgr192_mod_fini(void) + crypto_unregister_shash(&tgr128); + } + +-MODULE_ALIAS("tgr160"); +-MODULE_ALIAS("tgr128"); ++MODULE_ALIAS_CRYPTO("tgr192"); ++MODULE_ALIAS_CRYPTO("tgr160"); ++MODULE_ALIAS_CRYPTO("tgr128"); + + module_init(tgr192_mod_init); + module_exit(tgr192_mod_fini); +diff --git a/crypto/twofish_generic.c b/crypto/twofish_generic.c +index 1f07b84..c8c35c5 100644 +--- a/crypto/twofish_generic.c ++++ b/crypto/twofish_generic.c +@@ -212,4 +212,5 @@ module_exit(twofish_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION ("Twofish Cipher Algorithm"); +-MODULE_ALIAS("twofish"); ++MODULE_ALIAS_CRYPTO("twofish"); ++MODULE_ALIAS_CRYPTO("twofish-generic"); +diff --git a/crypto/vmac.c b/crypto/vmac.c +index 4243905..8979bc8 100644 +--- a/crypto/vmac.c ++++ b/crypto/vmac.c +@@ -673,4 +673,5 @@ module_exit(vmac_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("VMAC hash algorithm"); ++MODULE_ALIAS_CRYPTO("vmac"); + +diff --git a/crypto/wp512.c b/crypto/wp512.c +index 71719a2..1bf7f07 100644 +--- a/crypto/wp512.c ++++ b/crypto/wp512.c +@@ -1194,8 +1194,9 @@ static void __exit wp512_mod_fini(void) + crypto_unregister_shash(&wp256); + } + +-MODULE_ALIAS("wp384"); +-MODULE_ALIAS("wp256"); ++MODULE_ALIAS_CRYPTO("wp512"); ++MODULE_ALIAS_CRYPTO("wp384"); ++MODULE_ALIAS_CRYPTO("wp256"); + + module_init(wp512_mod_init); + module_exit(wp512_mod_fini); +diff --git a/crypto/xcbc.c b/crypto/xcbc.c +index a5fbdf3..df90b33 100644 +--- a/crypto/xcbc.c ++++ b/crypto/xcbc.c +@@ -286,3 +286,4 @@ module_exit(crypto_xcbc_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("XCBC keyed hash algorithm"); ++MODULE_ALIAS_CRYPTO("xcbc"); +diff --git a/crypto/xts.c b/crypto/xts.c +index 8517054..6a09b72 100644 +--- a/crypto/xts.c ++++ b/crypto/xts.c +@@ -289,3 +289,4 @@ module_exit(crypto_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("XTS block cipher mode"); ++MODULE_ALIAS_CRYPTO("xts"); +diff --git a/crypto/zlib.c b/crypto/zlib.c +index 06b62e5..d980788 100644 +--- a/crypto/zlib.c ++++ b/crypto/zlib.c +@@ -378,3 +378,4 @@ module_exit(zlib_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Zlib Compression Algorithm"); + MODULE_AUTHOR("Sony Corporation"); ++MODULE_ALIAS_CRYPTO("zlib"); +diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c +index 05df096..30229af 100644 +--- a/drivers/acpi/ec.c ++++ b/drivers/acpi/ec.c +@@ -129,6 +129,7 @@ static int EC_FLAGS_MSI; /* Out-of-spec MSI controller */ + static int EC_FLAGS_VALIDATE_ECDT; /* ASUStec ECDTs need to be validated */ + static int EC_FLAGS_SKIP_DSDT_SCAN; /* Not all BIOS survive early DSDT scan */ + static int EC_FLAGS_CLEAR_ON_RESUME; /* Needs acpi_ec_clear() on boot/resume */ ++static int EC_FLAGS_QUERY_HANDSHAKE; /* Needs QR_EC issued when SCI_EVT set */ + + /* -------------------------------------------------------------------------- + Transaction Management +@@ -206,13 +207,8 @@ static bool advance_transaction(struct acpi_ec *ec) + } + return wakeup; + } else { +- /* +- * There is firmware refusing to respond QR_EC when SCI_EVT +- * is not set, for which case, we complete the QR_EC +- * without issuing it to the firmware. +- * https://bugzilla.kernel.org/show_bug.cgi?id=86211 +- */ +- if (!(status & ACPI_EC_FLAG_SCI) && ++ if (EC_FLAGS_QUERY_HANDSHAKE && ++ !(status & ACPI_EC_FLAG_SCI) && + (t->command == ACPI_EC_COMMAND_QUERY)) { + t->flags |= ACPI_EC_COMMAND_POLL; + t->rdata[t->ri++] = 0x00; +@@ -987,6 +983,18 @@ static int ec_enlarge_storm_threshold(const struct dmi_system_id *id) + } + + /* ++ * Acer EC firmware refuses to respond QR_EC when SCI_EVT is not set, for ++ * which case, we complete the QR_EC without issuing it to the firmware. ++ * https://bugzilla.kernel.org/show_bug.cgi?id=86211 ++ */ ++static int ec_flag_query_handshake(const struct dmi_system_id *id) ++{ ++ pr_debug("Detected the EC firmware requiring QR_EC issued when SCI_EVT set\n"); ++ EC_FLAGS_QUERY_HANDSHAKE = 1; ++ return 0; ++} ++ ++/* + * On some hardware it is necessary to clear events accumulated by the EC during + * sleep. These ECs stop reporting GPEs until they are manually polled, if too + * many events are accumulated. (e.g. Samsung Series 5/9 notebooks) +@@ -1052,6 +1060,9 @@ static struct dmi_system_id __initdata ec_dmi_table[] = { + { + ec_clear_on_resume, "Samsung hardware", { + DMI_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD.")}, NULL}, ++ { ++ ec_flag_query_handshake, "Acer hardware", { ++ DMI_MATCH(DMI_SYS_VENDOR, "Acer"), }, NULL}, + {}, + }; + +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 2ddf736..5d8fc3d 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -4730,7 +4730,10 @@ static struct ata_queued_cmd *ata_qc_new(struct ata_port *ap) + return NULL; + + for (i = 0, tag = ap->last_tag + 1; i < max_queue; i++, tag++) { +- tag = tag < max_queue ? tag : 0; ++ if (ap->flags & ATA_FLAG_LOWTAG) ++ tag = i; ++ else ++ tag = tag < max_queue ? tag : 0; + + /* the last tag is reserved for internal command. */ + if (tag == ATA_TAG_INTERNAL) +diff --git a/drivers/ata/libata-sff.c b/drivers/ata/libata-sff.c +index 8eae157..22edc92 100644 +--- a/drivers/ata/libata-sff.c ++++ b/drivers/ata/libata-sff.c +@@ -1333,7 +1333,19 @@ void ata_sff_flush_pio_task(struct ata_port *ap) + DPRINTK("ENTER\n"); + + cancel_delayed_work_sync(&ap->sff_pio_task); ++ ++ /* ++ * We wanna reset the HSM state to IDLE. If we do so without ++ * grabbing the port lock, critical sections protected by it which ++ * expect the HSM state to stay stable may get surprised. For ++ * example, we may set IDLE in between the time ++ * __ata_sff_port_intr() checks for HSM_ST_IDLE and before it calls ++ * ata_sff_hsm_move() causing ata_sff_hsm_move() to BUG(). ++ */ ++ spin_lock_irq(ap->lock); + ap->hsm_task_state = HSM_ST_IDLE; ++ spin_unlock_irq(ap->lock); ++ + ap->sff_pio_task_link = NULL; + + if (ata_msg_ctl(ap)) +diff --git a/drivers/ata/sata_dwc_460ex.c b/drivers/ata/sata_dwc_460ex.c +index 5c42374..0bec79e 100644 +--- a/drivers/ata/sata_dwc_460ex.c ++++ b/drivers/ata/sata_dwc_460ex.c +@@ -791,7 +791,7 @@ static int dma_dwc_init(struct sata_dwc_device *hsdev, int irq) + if (err) { + dev_err(host_pvt.dwc_dev, "%s: dma_request_interrupts returns" + " %d\n", __func__, err); +- goto error_out; ++ return err; + } + + /* Enabe DMA */ +@@ -802,11 +802,6 @@ static int dma_dwc_init(struct sata_dwc_device *hsdev, int irq) + sata_dma_regs); + + return 0; +- +-error_out: +- dma_dwc_exit(hsdev); +- +- return err; + } + + static int sata_dwc_scr_read(struct ata_link *link, unsigned int scr, u32 *val) +@@ -1634,7 +1629,7 @@ static int sata_dwc_probe(struct platform_device *ofdev) + char *ver = (char *)&versionr; + u8 *base = NULL; + int err = 0; +- int irq, rc; ++ int irq; + struct ata_host *host; + struct ata_port_info pi = sata_dwc_port_info[0]; + const struct ata_port_info *ppi[] = { &pi, NULL }; +@@ -1688,7 +1683,7 @@ static int sata_dwc_probe(struct platform_device *ofdev) + if (irq == NO_IRQ) { + dev_err(&ofdev->dev, "no SATA DMA irq\n"); + err = -ENODEV; +- goto error_out; ++ goto error_iomap; + } + + /* Get physical SATA DMA register base address */ +@@ -1697,14 +1692,16 @@ static int sata_dwc_probe(struct platform_device *ofdev) + dev_err(&ofdev->dev, "ioremap failed for AHBDMA register" + " address\n"); + err = -ENODEV; +- goto error_out; ++ goto error_iomap; + } + + /* Save dev for later use in dev_xxx() routines */ + host_pvt.dwc_dev = &ofdev->dev; + + /* Initialize AHB DMAC */ +- dma_dwc_init(hsdev, irq); ++ err = dma_dwc_init(hsdev, irq); ++ if (err) ++ goto error_dma_iomap; + + /* Enable SATA Interrupts */ + sata_dwc_enable_interrupts(hsdev); +@@ -1722,9 +1719,8 @@ static int sata_dwc_probe(struct platform_device *ofdev) + * device discovery process, invoking our port_start() handler & + * error_handler() to execute a dummy Softreset EH session + */ +- rc = ata_host_activate(host, irq, sata_dwc_isr, 0, &sata_dwc_sht); +- +- if (rc != 0) ++ err = ata_host_activate(host, irq, sata_dwc_isr, 0, &sata_dwc_sht); ++ if (err) + dev_err(&ofdev->dev, "failed to activate host"); + + dev_set_drvdata(&ofdev->dev, host); +@@ -1733,7 +1729,8 @@ static int sata_dwc_probe(struct platform_device *ofdev) + error_out: + /* Free SATA DMA resources */ + dma_dwc_exit(hsdev); +- ++error_dma_iomap: ++ iounmap((void __iomem *)host_pvt.sata_dma_regs); + error_iomap: + iounmap(base); + error_kmalloc: +@@ -1754,6 +1751,7 @@ static int sata_dwc_remove(struct platform_device *ofdev) + /* Free SATA DMA resources */ + dma_dwc_exit(hsdev); + ++ iounmap((void __iomem *)host_pvt.sata_dma_regs); + iounmap(hsdev->reg_base); + kfree(hsdev); + kfree(host); +diff --git a/drivers/ata/sata_sil24.c b/drivers/ata/sata_sil24.c +index 1e91406..2178022 100644 +--- a/drivers/ata/sata_sil24.c ++++ b/drivers/ata/sata_sil24.c +@@ -246,7 +246,7 @@ enum { + /* host flags */ + SIL24_COMMON_FLAGS = ATA_FLAG_SATA | ATA_FLAG_PIO_DMA | + ATA_FLAG_NCQ | ATA_FLAG_ACPI_SATA | +- ATA_FLAG_AN | ATA_FLAG_PMP, ++ ATA_FLAG_AN | ATA_FLAG_PMP | ATA_FLAG_LOWTAG, + SIL24_FLAG_PCIX_IRQ_WOC = (1 << 24), /* IRQ loss errata on PCI-X */ + + IRQ_STAT_4PORTS = 0xf, +diff --git a/drivers/base/bus.c b/drivers/base/bus.c +index 8b8e8c0..b802cfc 100644 +--- a/drivers/base/bus.c ++++ b/drivers/base/bus.c +@@ -240,13 +240,15 @@ static ssize_t store_drivers_probe(struct bus_type *bus, + const char *buf, size_t count) + { + struct device *dev; ++ int err = -EINVAL; + + dev = bus_find_device_by_name(bus, NULL, buf); + if (!dev) + return -ENODEV; +- if (bus_rescan_devices_helper(dev, NULL) != 0) +- return -EINVAL; +- return count; ++ if (bus_rescan_devices_helper(dev, NULL) == 0) ++ err = count; ++ put_device(dev); ++ return err; + } + #endif + +diff --git a/drivers/base/core.c b/drivers/base/core.c +index 919daa7..81e0e87 100644 +--- a/drivers/base/core.c ++++ b/drivers/base/core.c +@@ -1417,34 +1417,11 @@ static void device_create_release(struct device *dev) + kfree(dev); + } + +-/** +- * device_create_vargs - creates a device and registers it with sysfs +- * @class: pointer to the struct class that this device should be registered to +- * @parent: pointer to the parent struct device of this new device, if any +- * @devt: the dev_t for the char device to be added +- * @drvdata: the data to be added to the device for callbacks +- * @fmt: string for the device's name +- * @args: va_list for the device's name +- * +- * This function can be used by char device classes. A struct device +- * will be created in sysfs, registered to the specified class. +- * +- * A "dev" file will be created, showing the dev_t for the device, if +- * the dev_t is not 0,0. +- * If a pointer to a parent struct device is passed in, the newly created +- * struct device will be a child of that device in sysfs. +- * The pointer to the struct device will be returned from the call. +- * Any further sysfs files that might be required can be created using this +- * pointer. +- * +- * Returns &struct device pointer on success, or ERR_PTR() on error. +- * +- * Note: the struct class passed to this function must have previously +- * been created with a call to class_create(). +- */ +-struct device *device_create_vargs(struct class *class, struct device *parent, +- dev_t devt, void *drvdata, const char *fmt, +- va_list args) ++static struct device * ++device_create_groups_vargs(struct class *class, struct device *parent, ++ dev_t devt, void *drvdata, ++ const struct attribute_group **groups, ++ const char *fmt, va_list args) + { + struct device *dev = NULL; + int retval = -ENODEV; +@@ -1461,6 +1438,7 @@ struct device *device_create_vargs(struct class *class, struct device *parent, + dev->devt = devt; + dev->class = class; + dev->parent = parent; ++ dev->groups = groups; + dev->release = device_create_release; + dev_set_drvdata(dev, drvdata); + +@@ -1478,6 +1456,39 @@ error: + put_device(dev); + return ERR_PTR(retval); + } ++ ++/** ++ * device_create_vargs - creates a device and registers it with sysfs ++ * @class: pointer to the struct class that this device should be registered to ++ * @parent: pointer to the parent struct device of this new device, if any ++ * @devt: the dev_t for the char device to be added ++ * @drvdata: the data to be added to the device for callbacks ++ * @fmt: string for the device's name ++ * @args: va_list for the device's name ++ * ++ * This function can be used by char device classes. A struct device ++ * will be created in sysfs, registered to the specified class. ++ * ++ * A "dev" file will be created, showing the dev_t for the device, if ++ * the dev_t is not 0,0. ++ * If a pointer to a parent struct device is passed in, the newly created ++ * struct device will be a child of that device in sysfs. ++ * The pointer to the struct device will be returned from the call. ++ * Any further sysfs files that might be required can be created using this ++ * pointer. ++ * ++ * Returns &struct device pointer on success, or ERR_PTR() on error. ++ * ++ * Note: the struct class passed to this function must have previously ++ * been created with a call to class_create(). ++ */ ++struct device *device_create_vargs(struct class *class, struct device *parent, ++ dev_t devt, void *drvdata, const char *fmt, ++ va_list args) ++{ ++ return device_create_groups_vargs(class, parent, devt, drvdata, NULL, ++ fmt, args); ++} + EXPORT_SYMBOL_GPL(device_create_vargs); + + /** +@@ -1517,6 +1528,50 @@ struct device *device_create(struct class *class, struct device *parent, + } + EXPORT_SYMBOL_GPL(device_create); + ++/** ++ * device_create_with_groups - creates a device and registers it with sysfs ++ * @class: pointer to the struct class that this device should be registered to ++ * @parent: pointer to the parent struct device of this new device, if any ++ * @devt: the dev_t for the char device to be added ++ * @drvdata: the data to be added to the device for callbacks ++ * @groups: NULL-terminated list of attribute groups to be created ++ * @fmt: string for the device's name ++ * ++ * This function can be used by char device classes. A struct device ++ * will be created in sysfs, registered to the specified class. ++ * Additional attributes specified in the groups parameter will also ++ * be created automatically. ++ * ++ * A "dev" file will be created, showing the dev_t for the device, if ++ * the dev_t is not 0,0. ++ * If a pointer to a parent struct device is passed in, the newly created ++ * struct device will be a child of that device in sysfs. ++ * The pointer to the struct device will be returned from the call. ++ * Any further sysfs files that might be required can be created using this ++ * pointer. ++ * ++ * Returns &struct device pointer on success, or ERR_PTR() on error. ++ * ++ * Note: the struct class passed to this function must have previously ++ * been created with a call to class_create(). ++ */ ++struct device *device_create_with_groups(struct class *class, ++ struct device *parent, dev_t devt, ++ void *drvdata, ++ const struct attribute_group **groups, ++ const char *fmt, ...) ++{ ++ va_list vargs; ++ struct device *dev; ++ ++ va_start(vargs, fmt); ++ dev = device_create_groups_vargs(class, parent, devt, drvdata, groups, ++ fmt, vargs); ++ va_end(vargs); ++ return dev; ++} ++EXPORT_SYMBOL_GPL(device_create_with_groups); ++ + static int __match_devt(struct device *dev, void *data) + { + dev_t *devt = data; +diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c +index be984e0..43da226 100644 +--- a/drivers/block/drbd/drbd_req.c ++++ b/drivers/block/drbd/drbd_req.c +@@ -1184,6 +1184,7 @@ int drbd_merge_bvec(struct request_queue *q, struct bvec_merge_data *bvm, struct + struct request_queue * const b = + mdev->ldev->backing_bdev->bd_disk->queue; + if (b->merge_bvec_fn) { ++ bvm->bi_bdev = mdev->ldev->backing_bdev; + backing_limit = b->merge_bvec_fn(b, bvm, bvec); + limit = min(limit, backing_limit); + } +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c +index 6fe003a..10e442b 100644 +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -61,48 +61,59 @@ static struct usb_device_id ath3k_table[] = { + { USB_DEVICE(0x0CF3, 0x3000) }, + + /* Atheros AR3011 with sflash firmware*/ ++ { USB_DEVICE(0x0489, 0xE027) }, ++ { USB_DEVICE(0x0489, 0xE03D) }, ++ { USB_DEVICE(0x0930, 0x0215) }, + { USB_DEVICE(0x0CF3, 0x3002) }, + { USB_DEVICE(0x0CF3, 0xE019) }, + { USB_DEVICE(0x13d3, 0x3304) }, +- { USB_DEVICE(0x0930, 0x0215) }, +- { USB_DEVICE(0x0489, 0xE03D) }, +- { USB_DEVICE(0x0489, 0xE027) }, + + /* Atheros AR9285 Malbec with sflash firmware */ + { USB_DEVICE(0x03F0, 0x311D) }, + + /* Atheros AR3012 with sflash firmware*/ +- { USB_DEVICE(0x0CF3, 0x0036) }, +- { USB_DEVICE(0x0CF3, 0x3004) }, +- { USB_DEVICE(0x0CF3, 0x3008) }, +- { USB_DEVICE(0x0CF3, 0x311D) }, +- { USB_DEVICE(0x0CF3, 0x817a) }, +- { USB_DEVICE(0x13d3, 0x3375) }, ++ { USB_DEVICE(0x0489, 0xe04d) }, ++ { USB_DEVICE(0x0489, 0xe04e) }, ++ { USB_DEVICE(0x0489, 0xe057) }, ++ { USB_DEVICE(0x0489, 0xe056) }, ++ { USB_DEVICE(0x0489, 0xe05f) }, ++ { USB_DEVICE(0x0489, 0xe078) }, ++ { USB_DEVICE(0x04c5, 0x1330) }, + { USB_DEVICE(0x04CA, 0x3004) }, + { USB_DEVICE(0x04CA, 0x3005) }, + { USB_DEVICE(0x04CA, 0x3006) }, + { USB_DEVICE(0x04CA, 0x3007) }, + { USB_DEVICE(0x04CA, 0x3008) }, +- { USB_DEVICE(0x13d3, 0x3362) }, ++ { USB_DEVICE(0x04CA, 0x300b) }, ++ { USB_DEVICE(0x04CA, 0x3010) }, ++ { USB_DEVICE(0x0930, 0x0219) }, ++ { USB_DEVICE(0x0930, 0x0220) }, ++ { USB_DEVICE(0x0930, 0x0227) }, ++ { USB_DEVICE(0x0b05, 0x17d0) }, ++ { USB_DEVICE(0x0CF3, 0x0036) }, ++ { USB_DEVICE(0x0CF3, 0x3004) }, ++ { USB_DEVICE(0x0CF3, 0x3008) }, ++ { USB_DEVICE(0x0CF3, 0x311D) }, ++ { USB_DEVICE(0x0CF3, 0x311E) }, ++ { USB_DEVICE(0x0CF3, 0x311F) }, ++ { USB_DEVICE(0x0cf3, 0x3121) }, ++ { USB_DEVICE(0x0CF3, 0x817a) }, ++ { USB_DEVICE(0x0cf3, 0xe003) }, + { USB_DEVICE(0x0CF3, 0xE004) }, + { USB_DEVICE(0x0CF3, 0xE005) }, +- { USB_DEVICE(0x0930, 0x0219) }, +- { USB_DEVICE(0x0489, 0xe057) }, ++ { USB_DEVICE(0x13d3, 0x3362) }, ++ { USB_DEVICE(0x13d3, 0x3375) }, + { USB_DEVICE(0x13d3, 0x3393) }, +- { USB_DEVICE(0x0489, 0xe04e) }, +- { USB_DEVICE(0x0489, 0xe056) }, +- { USB_DEVICE(0x0489, 0xe04d) }, +- { USB_DEVICE(0x04c5, 0x1330) }, + { USB_DEVICE(0x13d3, 0x3402) }, +- { USB_DEVICE(0x0cf3, 0x3121) }, +- { USB_DEVICE(0x0cf3, 0xe003) }, ++ { USB_DEVICE(0x13d3, 0x3408) }, ++ { USB_DEVICE(0x13d3, 0x3432) }, + + /* Atheros AR5BBU12 with sflash firmware */ + { USB_DEVICE(0x0489, 0xE02C) }, + + /* Atheros AR5BBU22 with sflash firmware */ +- { USB_DEVICE(0x0489, 0xE03C) }, + { USB_DEVICE(0x0489, 0xE036) }, ++ { USB_DEVICE(0x0489, 0xE03C) }, + + { } /* Terminating entry */ + }; +@@ -115,34 +126,45 @@ MODULE_DEVICE_TABLE(usb, ath3k_table); + static struct usb_device_id ath3k_blist_tbl[] = { + + /* Atheros AR3012 with sflash firmware*/ +- { USB_DEVICE(0x0CF3, 0x0036), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x311D), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0CF3, 0x817a), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0CF3, 0x0036), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x311D), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x311E), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x311F), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0CF3, 0x817a), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, + + /* Atheros AR5BBU22 with sflash firmware */ +- { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 }, + + { } /* Terminating entry */ + }; +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c +index 8750d52..2b479d6 100644 +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -55,6 +55,7 @@ static struct usb_driver btusb_driver; + #define BTUSB_BROKEN_ISOC 0x20 + #define BTUSB_WRONG_SCO_MTU 0x40 + #define BTUSB_ATH3012 0x80 ++#define BTUSB_INTEL_BOOT 0x200 + + static struct usb_device_id btusb_table[] = { + /* Generic Bluetooth USB device */ +@@ -107,18 +108,31 @@ static struct usb_device_id btusb_table[] = { + { USB_DEVICE(0x0c10, 0x0000) }, + + /* Broadcom BCM20702A0 */ ++ { USB_DEVICE(0x0489, 0xe042) }, ++ { USB_DEVICE(0x04ca, 0x2003) }, + { USB_DEVICE(0x0b05, 0x17b5) }, + { USB_DEVICE(0x0b05, 0x17cb) }, +- { USB_DEVICE(0x04ca, 0x2003) }, +- { USB_DEVICE(0x0489, 0xe042) }, + { USB_DEVICE(0x413c, 0x8197) }, + + /* Foxconn - Hon Hai */ + { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) }, + +- /*Broadcom devices with vendor specific id */ ++ /* Broadcom devices with vendor specific id */ + { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) }, + ++ /* ASUSTek Computer - Broadcom based */ ++ { USB_VENDOR_AND_INTERFACE_INFO(0x0b05, 0xff, 0x01, 0x01) }, ++ ++ /* Belkin F8065bf - Broadcom based */ ++ { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, ++ ++ /* IMC Networks - Broadcom based */ ++ { USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) }, ++ ++ /* Intel Bluetooth USB Bootloader (RAM module) */ ++ { USB_DEVICE(0x8087, 0x0a5a), ++ .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, ++ + { } /* Terminating entry */ + }; + +@@ -132,53 +146,64 @@ static struct usb_device_id blacklist_table[] = { + { USB_DEVICE(0x0a5c, 0x2033), .driver_info = BTUSB_IGNORE }, + + /* Atheros 3011 with sflash firmware */ ++ { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, ++ { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, ++ { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, + { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, + { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE }, + { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, +- { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, +- { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, +- { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, + + /* Atheros AR9285 Malbec with sflash firmware */ + { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, + + /* Atheros 3012 with sflash firmware */ +- { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, + + /* Atheros AR5BBU12 with sflash firmware */ + { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, + + /* Atheros AR5BBU12 with sflash firmware */ +- { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0489, 0xe036), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, + + /* Broadcom BCM2035 */ +- { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, +- { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, + { USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 }, ++ { USB_DEVICE(0x0a5c, 0x200a), .driver_info = BTUSB_WRONG_SCO_MTU }, ++ { USB_DEVICE(0x0a5c, 0x2035), .driver_info = BTUSB_WRONG_SCO_MTU }, + + /* Broadcom BCM2045 */ + { USB_DEVICE(0x0a5c, 0x2039), .driver_info = BTUSB_WRONG_SCO_MTU }, +@@ -1058,6 +1083,9 @@ static int btusb_probe(struct usb_interface *intf, + + hdev->owner = THIS_MODULE; + ++ if (id->driver_info & BTUSB_INTEL_BOOT) ++ set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); ++ + /* Interface numbers are hardcoded in the specification */ + data->isoc = usb_ifnum_to_if(data->udev, 1); + +diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c +index 29b9469..87500e6 100644 +--- a/drivers/crypto/padlock-aes.c ++++ b/drivers/crypto/padlock-aes.c +@@ -559,4 +559,4 @@ MODULE_DESCRIPTION("VIA PadLock AES algorithm support"); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Michal Ludvig"); + +-MODULE_ALIAS("aes"); ++MODULE_ALIAS_CRYPTO("aes"); +diff --git a/drivers/crypto/padlock-sha.c b/drivers/crypto/padlock-sha.c +index 06bdb4b..710f3cb 100644 +--- a/drivers/crypto/padlock-sha.c ++++ b/drivers/crypto/padlock-sha.c +@@ -593,7 +593,7 @@ MODULE_DESCRIPTION("VIA PadLock SHA1/SHA256 algorithms support."); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Michal Ludvig"); + +-MODULE_ALIAS("sha1-all"); +-MODULE_ALIAS("sha256-all"); +-MODULE_ALIAS("sha1-padlock"); +-MODULE_ALIAS("sha256-padlock"); ++MODULE_ALIAS_CRYPTO("sha1-all"); ++MODULE_ALIAS_CRYPTO("sha256-all"); ++MODULE_ALIAS_CRYPTO("sha1-padlock"); ++MODULE_ALIAS_CRYPTO("sha256-padlock"); +diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c +index a971e3d..51e5ee8 100644 +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -58,6 +58,7 @@ struct gpio_desc { + #define FLAG_TRIG_FALL 5 /* trigger on falling edge */ + #define FLAG_TRIG_RISE 6 /* trigger on rising edge */ + #define FLAG_ACTIVE_LOW 7 /* sysfs value has active low */ ++#define FLAG_SYSFS_DIR 10 /* show sysfs direction attribute */ + + #define ID_SHIFT 16 /* add new flags before this one */ + +@@ -317,7 +318,7 @@ static ssize_t gpio_value_store(struct device *dev, + return status; + } + +-static const DEVICE_ATTR(value, 0644, ++static DEVICE_ATTR(value, 0644, + gpio_value_show, gpio_value_store); + + static irqreturn_t gpio_sysfs_irq(int irq, void *priv) +@@ -540,17 +541,47 @@ static ssize_t gpio_active_low_store(struct device *dev, + return status ? : size; + } + +-static const DEVICE_ATTR(active_low, 0644, ++static DEVICE_ATTR(active_low, 0644, + gpio_active_low_show, gpio_active_low_store); + +-static const struct attribute *gpio_attrs[] = { ++static mode_t gpio_is_visible(struct kobject *kobj, struct attribute *attr, ++ int n) ++{ ++ struct device *dev = container_of(kobj, struct device, kobj); ++ struct gpio_desc *desc = dev_get_drvdata(dev); ++ unsigned gpio = desc - gpio_desc; ++ mode_t mode = attr->mode; ++ bool show_direction = test_bit(FLAG_SYSFS_DIR, &desc->flags); ++ ++ if (attr == &dev_attr_direction.attr) { ++ if (!show_direction) ++ mode = 0; ++ } else if (attr == &dev_attr_edge.attr) { ++ if (gpio_to_irq(gpio) < 0) ++ mode = 0; ++ if (!show_direction && test_bit(FLAG_IS_OUT, &desc->flags)) ++ mode = 0; ++ } ++ ++ return mode; ++} ++ ++static struct attribute *gpio_attrs[] = { ++ &dev_attr_direction.attr, ++ &dev_attr_edge.attr, + &dev_attr_value.attr, + &dev_attr_active_low.attr, + NULL, + }; + +-static const struct attribute_group gpio_attr_group = { +- .attrs = (struct attribute **) gpio_attrs, ++static const struct attribute_group gpio_group = { ++ .attrs = gpio_attrs, ++ .is_visible = gpio_is_visible, ++}; ++ ++static const struct attribute_group *gpio_groups[] = { ++ &gpio_group, ++ NULL + }; + + /* +@@ -587,16 +618,13 @@ static ssize_t chip_ngpio_show(struct device *dev, + } + static DEVICE_ATTR(ngpio, 0444, chip_ngpio_show, NULL); + +-static const struct attribute *gpiochip_attrs[] = { ++static struct attribute *gpiochip_attrs[] = { + &dev_attr_base.attr, + &dev_attr_label.attr, + &dev_attr_ngpio.attr, + NULL, + }; +- +-static const struct attribute_group gpiochip_attr_group = { +- .attrs = (struct attribute **) gpiochip_attrs, +-}; ++ATTRIBUTE_GROUPS(gpiochip); + + /* + * /sys/class/gpio/export ... write-only +@@ -700,8 +728,9 @@ int gpio_export(unsigned gpio, bool direction_may_change) + { + unsigned long flags; + struct gpio_desc *desc; +- int status = -EINVAL; ++ int status; + const char *ioname = NULL; ++ struct device *dev; + + /* can't export until sysfs is available ... */ + if (!gpio_class.p) { +@@ -709,59 +738,50 @@ int gpio_export(unsigned gpio, bool direction_may_change) + return -ENOENT; + } + +- if (!gpio_is_valid(gpio)) +- goto done; ++ if (!gpio_is_valid(gpio)) { ++ pr_debug("%s: gpio %d is not valid\n", __func__, gpio); ++ return -EINVAL; ++ } + + mutex_lock(&sysfs_lock); + + spin_lock_irqsave(&gpio_lock, flags); + desc = &gpio_desc[gpio]; +- if (test_bit(FLAG_REQUESTED, &desc->flags) +- && !test_bit(FLAG_EXPORT, &desc->flags)) { +- status = 0; +- if (!desc->chip->direction_input +- || !desc->chip->direction_output) +- direction_may_change = false; ++ if (!test_bit(FLAG_REQUESTED, &desc->flags) || ++ test_bit(FLAG_EXPORT, &desc->flags)) { ++ spin_unlock_irqrestore(&gpio_lock, flags); ++ pr_debug("%s: gpio %d unavailable (requested=%d, exported=%d)\n", ++ __func__, gpio, ++ test_bit(FLAG_REQUESTED, &desc->flags), ++ test_bit(FLAG_EXPORT, &desc->flags)); ++ return -EPERM; ++ } ++ ++ if (desc->chip->direction_input && desc->chip->direction_output && ++ direction_may_change) { ++ set_bit(FLAG_SYSFS_DIR, &desc->flags); + } ++ + spin_unlock_irqrestore(&gpio_lock, flags); + + if (desc->chip->names && desc->chip->names[gpio - desc->chip->base]) + ioname = desc->chip->names[gpio - desc->chip->base]; + +- if (status == 0) { +- struct device *dev; +- +- dev = device_create(&gpio_class, desc->chip->dev, MKDEV(0, 0), +- desc, ioname ? ioname : "gpio%u", gpio); +- if (!IS_ERR(dev)) { +- status = sysfs_create_group(&dev->kobj, +- &gpio_attr_group); +- +- if (!status && direction_may_change) +- status = device_create_file(dev, +- &dev_attr_direction); +- +- if (!status && gpio_to_irq(gpio) >= 0 +- && (direction_may_change +- || !test_bit(FLAG_IS_OUT, +- &desc->flags))) +- status = device_create_file(dev, +- &dev_attr_edge); +- +- if (status != 0) +- device_unregister(dev); +- } else +- status = PTR_ERR(dev); +- if (status == 0) +- set_bit(FLAG_EXPORT, &desc->flags); ++ dev = device_create_with_groups(&gpio_class, desc->chip->dev, ++ MKDEV(0, 0), desc, gpio_groups, ++ ioname ? ioname : "gpio%u", gpio); ++ if (IS_ERR(dev)) { ++ status = PTR_ERR(dev); ++ goto fail_unlock; + } + ++ set_bit(FLAG_EXPORT, &desc->flags); + mutex_unlock(&sysfs_lock); ++ return 0; + +-done: +- if (status) +- pr_debug("%s: gpio%d status %d\n", __func__, gpio, status); +- ++fail_unlock: ++ mutex_unlock(&sysfs_lock); ++ pr_debug("%s: gpio%d status %d\n", __func__, gpio, status); + return status; + } + EXPORT_SYMBOL_GPL(gpio_export); +@@ -873,6 +893,7 @@ void gpio_unexport(unsigned gpio) + { + struct gpio_desc *desc; + int status = 0; ++ struct device *dev = NULL; + + if (!gpio_is_valid(gpio)) { + status = -EINVAL; +@@ -884,19 +905,21 @@ void gpio_unexport(unsigned gpio) + desc = &gpio_desc[gpio]; + + if (test_bit(FLAG_EXPORT, &desc->flags)) { +- struct device *dev = NULL; + + dev = class_find_device(&gpio_class, NULL, desc, match_export); + if (dev) { + gpio_setup_irq(desc, dev, 0); ++ clear_bit(FLAG_SYSFS_DIR, &desc->flags); + clear_bit(FLAG_EXPORT, &desc->flags); +- put_device(dev); +- device_unregister(dev); + } else + status = -ENODEV; + } + + mutex_unlock(&sysfs_lock); ++ if (dev) { ++ device_unregister(dev); ++ put_device(dev); ++ } + done: + if (status) + pr_debug("%s: gpio%d status %d\n", __func__, gpio, status); +@@ -918,13 +941,13 @@ static int gpiochip_export(struct gpio_chip *chip) + + /* use chip->base for the ID; it's already known to be unique */ + mutex_lock(&sysfs_lock); +- dev = device_create(&gpio_class, chip->dev, MKDEV(0, 0), chip, +- "gpiochip%d", chip->base); +- if (!IS_ERR(dev)) { +- status = sysfs_create_group(&dev->kobj, +- &gpiochip_attr_group); +- } else ++ dev = device_create_with_groups(&gpio_class, chip->dev, MKDEV(0, 0), ++ chip, gpiochip_groups, ++ "gpiochip%d", chip->base); ++ if (IS_ERR(dev)) + status = PTR_ERR(dev); ++ else ++ status = 0; + chip->exported = (status == 0); + mutex_unlock(&sysfs_lock); + +@@ -1075,9 +1098,9 @@ int gpiochip_add(struct gpio_chip *chip) + ? (1 << FLAG_IS_OUT) + : 0; + } +- } + +- of_gpiochip_add(chip); ++ of_gpiochip_add(chip); ++ } + + unlock: + spin_unlock_irqrestore(&gpio_lock, flags); +@@ -1086,8 +1109,10 @@ unlock: + goto fail; + + status = gpiochip_export(chip); +- if (status) ++ if (status) { ++ of_gpiochip_remove(chip); + goto fail; ++ } + + return 0; + fail: +diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c +index 2865b44..315a49e 100644 +--- a/drivers/gpu/drm/i915/i915_gem.c ++++ b/drivers/gpu/drm/i915/i915_gem.c +@@ -2248,6 +2248,13 @@ static int sandybridge_write_fence_reg(struct drm_i915_gem_object *obj, + int regnum = obj->fence_reg; + uint64_t val; + ++ /* Adjust fence size to match tiled area */ ++ if (obj->tiling_mode != I915_TILING_NONE) { ++ uint32_t row_size = obj->stride * ++ (obj->tiling_mode == I915_TILING_Y ? 32 : 8); ++ size = (size / row_size) * row_size; ++ } ++ + val = (uint64_t)((obj->gtt_offset + size - 4096) & + 0xfffff000) << 32; + val |= obj->gtt_offset & 0xfffff000; +@@ -2285,6 +2292,13 @@ static int i965_write_fence_reg(struct drm_i915_gem_object *obj, + int regnum = obj->fence_reg; + uint64_t val; + ++ /* Adjust fence size to match tiled area */ ++ if (obj->tiling_mode != I915_TILING_NONE) { ++ uint32_t row_size = obj->stride * ++ (obj->tiling_mode == I915_TILING_Y ? 32 : 8); ++ size = (size / row_size) * row_size; ++ } ++ + val = (uint64_t)((obj->gtt_offset + size - 4096) & + 0xfffff000) << 32; + val |= obj->gtt_offset & 0xfffff000; +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +index 15fb260..1ed5a1c 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +@@ -484,14 +484,7 @@ void vmw_fence_obj_flush(struct vmw_fence_obj *fence) + + static void vmw_fence_destroy(struct vmw_fence_obj *fence) + { +- struct vmw_fence_manager *fman = fence->fman; +- + kfree(fence); +- /* +- * Free kernel space accounting. +- */ +- ttm_mem_global_free(vmw_mem_glob(fman->dev_priv), +- fman->fence_size); + } + + int vmw_fence_create(struct vmw_fence_manager *fman, +@@ -499,20 +492,12 @@ int vmw_fence_create(struct vmw_fence_manager *fman, + uint32_t mask, + struct vmw_fence_obj **p_fence) + { +- struct ttm_mem_global *mem_glob = vmw_mem_glob(fman->dev_priv); + struct vmw_fence_obj *fence; + int ret; + +- ret = ttm_mem_global_alloc(mem_glob, fman->fence_size, +- false, false); +- if (unlikely(ret != 0)) +- return ret; +- + fence = kzalloc(sizeof(*fence), GFP_KERNEL); +- if (unlikely(fence == NULL)) { +- ret = -ENOMEM; +- goto out_no_object; +- } ++ if (unlikely(fence == NULL)) ++ return -ENOMEM; + + ret = vmw_fence_obj_init(fman, fence, seqno, mask, + vmw_fence_destroy); +@@ -524,8 +509,6 @@ int vmw_fence_create(struct vmw_fence_manager *fman, + + out_err_init: + kfree(fence); +-out_no_object: +- ttm_mem_global_free(mem_glob, fman->fence_size); + return ret; + } + +diff --git a/drivers/hid/hid-roccat-pyra.c b/drivers/hid/hid-roccat-pyra.c +index df05c1b1..13b40a0 100644 +--- a/drivers/hid/hid-roccat-pyra.c ++++ b/drivers/hid/hid-roccat-pyra.c +@@ -35,6 +35,8 @@ static struct class *pyra_class; + static void profile_activated(struct pyra_device *pyra, + unsigned int new_profile) + { ++ if (new_profile >= ARRAY_SIZE(pyra->profile_settings)) ++ return; + pyra->actual_profile = new_profile; + pyra->actual_cpi = pyra->profile_settings[pyra->actual_profile].y_cpi; + } +@@ -303,6 +305,10 @@ static ssize_t pyra_sysfs_write_settings(struct file *fp, + if (off != 0 || count != sizeof(struct pyra_settings)) + return -EINVAL; + ++ if (((struct pyra_settings const *)buf)->startup_profile >= ++ ARRAY_SIZE(pyra->profile_settings)) ++ return -EINVAL; ++ + mutex_lock(&pyra->pyra_lock); + difference = memcmp(buf, &pyra->settings, sizeof(struct pyra_settings)); + if (difference) { +diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h +index a5c6a8c..858b0e3 100644 +--- a/drivers/input/serio/i8042-x86ia64io.h ++++ b/drivers/input/serio/i8042-x86ia64io.h +@@ -152,6 +152,14 @@ static const struct dmi_system_id __initconst i8042_dmi_noloop_table[] = { + }, + }, + { ++ /* Medion Akoya E7225 */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Medion"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Akoya E7225"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "1.0"), ++ }, ++ }, ++ { + /* Blue FB5601 */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "blue"), +@@ -408,6 +416,13 @@ static const struct dmi_system_id __initconst i8042_dmi_nomux_table[] = { + }, + }, + { ++ /* Acer Aspire 7738 */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Acer"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Aspire 7738"), ++ }, ++ }, ++ { + /* Gericom Bellagio */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Gericom"), +@@ -714,6 +729,35 @@ static const struct dmi_system_id __initconst i8042_dmi_dritek_table[] = { + { } + }; + ++/* ++ * Some laptops need keyboard reset before probing for the trackpad to get ++ * it detected, initialised & finally work. ++ */ ++static const struct dmi_system_id __initconst i8042_dmi_kbdreset_table[] = { ++ { ++ /* Gigabyte P35 v2 - Elantech touchpad */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "GIGABYTE"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "P35V2"), ++ }, ++ }, ++ { ++ /* Aorus branded Gigabyte X3 Plus - Elantech touchpad */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "GIGABYTE"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "X3"), ++ }, ++ }, ++ { ++ /* Gigabyte P34 - Elantech touchpad */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "GIGABYTE"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "P34"), ++ }, ++ }, ++ { } ++}; ++ + #endif /* CONFIG_X86 */ + + #ifdef CONFIG_PNP +@@ -992,6 +1036,9 @@ static int __init i8042_platform_init(void) + if (dmi_check_system(i8042_dmi_dritek_table)) + i8042_dritek = true; + ++ if (dmi_check_system(i8042_dmi_kbdreset_table)) ++ i8042_kbdreset = true; ++ + /* + * A20 was already enabled during early kernel init. But some buggy + * BIOSes (in MSI Laptops) require A20 to be enabled using 8042 to +diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c +index 8656441..178e75d 100644 +--- a/drivers/input/serio/i8042.c ++++ b/drivers/input/serio/i8042.c +@@ -67,6 +67,10 @@ static bool i8042_notimeout; + module_param_named(notimeout, i8042_notimeout, bool, 0); + MODULE_PARM_DESC(notimeout, "Ignore timeouts signalled by i8042"); + ++static bool i8042_kbdreset; ++module_param_named(kbdreset, i8042_kbdreset, bool, 0); ++MODULE_PARM_DESC(kbdreset, "Reset device connected to KBD port"); ++ + #ifdef CONFIG_X86 + static bool i8042_dritek; + module_param_named(dritek, i8042_dritek, bool, 0); +@@ -783,6 +787,16 @@ static int __init i8042_check_aux(void) + return -1; + + /* ++ * Reset keyboard (needed on some laptops to successfully detect ++ * touchpad, e.g., some Gigabyte laptop models with Elantech ++ * touchpads). ++ */ ++ if (i8042_kbdreset) { ++ pr_warn("Attempting to reset device connected to KBD port\n"); ++ i8042_kbd_write(NULL, (unsigned char) 0xff); ++ } ++ ++/* + * Test AUX IRQ delivery to make sure BIOS did not grab the IRQ and + * used it for a PCI card or somethig else. + */ +diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c +index e83aa8e..d3da166 100644 +--- a/drivers/iommu/intel-iommu.c ++++ b/drivers/iommu/intel-iommu.c +@@ -1763,7 +1763,7 @@ static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn, + struct dma_pte *first_pte = NULL, *pte = NULL; + phys_addr_t uninitialized_var(pteval); + int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT; +- unsigned long sg_res; ++ unsigned long sg_res = 0; + unsigned int largepage_lvl = 0; + unsigned long lvl_pages = 0; + +@@ -1774,10 +1774,8 @@ static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn, + + prot &= DMA_PTE_READ | DMA_PTE_WRITE | DMA_PTE_SNP; + +- if (sg) +- sg_res = 0; +- else { +- sg_res = nr_pages + 1; ++ if (!sg) { ++ sg_res = nr_pages; + pteval = ((phys_addr_t)phys_pfn << VTD_PAGE_SHIFT) | prot; + } + +diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c +index e89ae5e..955db34 100644 +--- a/drivers/md/persistent-data/dm-space-map-metadata.c ++++ b/drivers/md/persistent-data/dm-space-map-metadata.c +@@ -419,7 +419,9 @@ static int sm_bootstrap_get_nr_blocks(struct dm_space_map *sm, dm_block_t *count + { + struct sm_metadata *smm = container_of(sm, struct sm_metadata, sm); + +- return smm->ll.nr_blocks; ++ *count = smm->ll.nr_blocks; ++ ++ return 0; + } + + static int sm_bootstrap_get_nr_free(struct dm_space_map *sm, dm_block_t *count) +diff --git a/drivers/media/dvb/dvb-usb/af9005.c b/drivers/media/dvb/dvb-usb/af9005.c +index bd51a76..0b3ef9f 100644 +--- a/drivers/media/dvb/dvb-usb/af9005.c ++++ b/drivers/media/dvb/dvb-usb/af9005.c +@@ -1072,9 +1072,12 @@ static int __init af9005_usb_module_init(void) + err("usb_register failed. (%d)", result); + return result; + } ++#if IS_MODULE(CONFIG_DVB_USB_AF9005) || defined(CONFIG_DVB_USB_AF9005_REMOTE) ++ /* FIXME: convert to todays kernel IR infrastructure */ + rc_decode = symbol_request(af9005_rc_decode); + rc_keys = symbol_request(rc_map_af9005_table); + rc_keys_size = symbol_request(rc_map_af9005_table_size); ++#endif + if (rc_decode == NULL || rc_keys == NULL || rc_keys_size == NULL) { + err("af9005_rc_decode function not found, disabling remote"); + af9005_properties.rc.legacy.rc_query = NULL; +diff --git a/drivers/media/video/au0828/au0828-cards.c b/drivers/media/video/au0828/au0828-cards.c +index 1c6015a..d6adee6 100644 +--- a/drivers/media/video/au0828/au0828-cards.c ++++ b/drivers/media/video/au0828/au0828-cards.c +@@ -36,6 +36,11 @@ void hvr950q_cs5340_audio(void *priv, int enable) + au0828_clear(dev, REG_000, 0x10); + } + ++/* ++ * WARNING: There's a quirks table at sound/usb/quirks-table.h ++ * that should also be updated every time a new device with V4L2 support ++ * is added here. ++ */ + struct au0828_board au0828_boards[] = { + [AU0828_BOARD_UNKNOWN] = { + .name = "Unknown board", +diff --git a/drivers/media/video/uvc/uvc_driver.c b/drivers/media/video/uvc/uvc_driver.c +index 8fd00e8..135e3ca 100644 +--- a/drivers/media/video/uvc/uvc_driver.c ++++ b/drivers/media/video/uvc/uvc_driver.c +@@ -1597,12 +1597,12 @@ static void uvc_delete(struct uvc_device *dev) + { + struct list_head *p, *n; + +- usb_put_intf(dev->intf); +- usb_put_dev(dev->udev); +- + uvc_status_cleanup(dev); + uvc_ctrl_cleanup_device(dev); + ++ usb_put_intf(dev->intf); ++ usb_put_dev(dev->udev); ++ + if (dev->vdev.dev) + v4l2_device_unregister(&dev->vdev); + #ifdef CONFIG_MEDIA_CONTROLLER +diff --git a/drivers/mfd/tc6393xb.c b/drivers/mfd/tc6393xb.c +index 9612264..b69d91b 100644 +--- a/drivers/mfd/tc6393xb.c ++++ b/drivers/mfd/tc6393xb.c +@@ -263,6 +263,17 @@ static int tc6393xb_ohci_disable(struct platform_device *dev) + return 0; + } + ++static int tc6393xb_ohci_suspend(struct platform_device *dev) ++{ ++ struct tc6393xb_platform_data *tcpd = dev_get_platdata(dev->dev.parent); ++ ++ /* We can't properly store/restore OHCI state, so fail here */ ++ if (tcpd->resume_restore) ++ return -EBUSY; ++ ++ return tc6393xb_ohci_disable(dev); ++} ++ + static int tc6393xb_fb_enable(struct platform_device *dev) + { + struct tc6393xb *tc6393xb = dev_get_drvdata(dev->dev.parent); +@@ -403,7 +414,7 @@ static struct mfd_cell __devinitdata tc6393xb_cells[] = { + .num_resources = ARRAY_SIZE(tc6393xb_ohci_resources), + .resources = tc6393xb_ohci_resources, + .enable = tc6393xb_ohci_enable, +- .suspend = tc6393xb_ohci_disable, ++ .suspend = tc6393xb_ohci_suspend, + .resume = tc6393xb_ohci_enable, + .disable = tc6393xb_ohci_disable, + }, +diff --git a/drivers/mtd/ubi/upd.c b/drivers/mtd/ubi/upd.c +index 425bf5a..068a246 100644 +--- a/drivers/mtd/ubi/upd.c ++++ b/drivers/mtd/ubi/upd.c +@@ -135,6 +135,10 @@ int ubi_start_update(struct ubi_device *ubi, struct ubi_volume *vol, + ubi_assert(!vol->updating && !vol->changing_leb); + vol->updating = 1; + ++ vol->upd_buf = vmalloc(ubi->leb_size); ++ if (!vol->upd_buf) ++ return -ENOMEM; ++ + err = set_update_marker(ubi, vol); + if (err) + return err; +@@ -154,14 +158,12 @@ int ubi_start_update(struct ubi_device *ubi, struct ubi_volume *vol, + err = clear_update_marker(ubi, vol, 0); + if (err) + return err; ++ ++ vfree(vol->upd_buf); + vol->updating = 0; + return 0; + } + +- vol->upd_buf = vmalloc(ubi->leb_size); +- if (!vol->upd_buf) +- return -ENOMEM; +- + vol->upd_ebs = div_u64(bytes + vol->usable_leb_size - 1, + vol->usable_leb_size); + vol->upd_bytes = bytes; +diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c +index 1eac27f..a25442e 100644 +--- a/drivers/net/can/dev.c ++++ b/drivers/net/can/dev.c +@@ -605,10 +605,14 @@ static int can_changelink(struct net_device *dev, + if (dev->flags & IFF_UP) + return -EBUSY; + cm = nla_data(data[IFLA_CAN_CTRLMODE]); +- if (cm->flags & ~priv->ctrlmode_supported) ++ ++ /* check whether changed bits are allowed to be modified */ ++ if (cm->mask & ~priv->ctrlmode_supported) + return -EOPNOTSUPP; ++ ++ /* clear bits to be modified and copy the flag values */ + priv->ctrlmode &= ~cm->mask; +- priv->ctrlmode |= cm->flags; ++ priv->ctrlmode |= (cm->flags & cm->mask); + } + + if (data[IFLA_CAN_BITTIMING]) { +diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c +index 2615433..2ec19e7 100644 +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -15647,23 +15647,6 @@ static int __devinit tg3_init_one(struct pci_dev *pdev, + goto err_out_apeunmap; + } + +- /* +- * Reset chip in case UNDI or EFI driver did not shutdown +- * DMA self test will enable WDMAC and we'll see (spurious) +- * pending DMA on the PCI bus at that point. +- */ +- if ((tr32(HOSTCC_MODE) & HOSTCC_MODE_ENABLE) || +- (tr32(WDMAC_MODE) & WDMAC_MODE_ENABLE)) { +- tw32(MEMARB_MODE, MEMARB_MODE_ENABLE); +- tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); +- } +- +- err = tg3_test_dma(tp); +- if (err) { +- dev_err(&pdev->dev, "DMA engine test failed, aborting\n"); +- goto err_out_apeunmap; +- } +- + intmbx = MAILBOX_INTERRUPT_0 + TG3_64BIT_REG_LOW; + rcvmbx = MAILBOX_RCVRET_CON_IDX_0 + TG3_64BIT_REG_LOW; + sndmbx = MAILBOX_SNDHOST_PROD_IDX_0 + TG3_64BIT_REG_LOW; +@@ -15708,6 +15691,23 @@ static int __devinit tg3_init_one(struct pci_dev *pdev, + sndmbx += 0xc; + } + ++ /* ++ * Reset chip in case UNDI or EFI driver did not shutdown ++ * DMA self test will enable WDMAC and we'll see (spurious) ++ * pending DMA on the PCI bus at that point. ++ */ ++ if ((tr32(HOSTCC_MODE) & HOSTCC_MODE_ENABLE) || ++ (tr32(WDMAC_MODE) & WDMAC_MODE_ENABLE)) { ++ tw32(MEMARB_MODE, MEMARB_MODE_ENABLE); ++ tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); ++ } ++ ++ err = tg3_test_dma(tp); ++ if (err) { ++ dev_err(&pdev->dev, "DMA engine test failed, aborting\n"); ++ goto err_out_apeunmap; ++ } ++ + tg3_init_coal(tp); + + pci_set_drvdata(pdev, dev); +diff --git a/drivers/net/ethernet/cisco/enic/enic_main.c b/drivers/net/ethernet/cisco/enic/enic_main.c +index c3786fd..b9dcd0f 100644 +--- a/drivers/net/ethernet/cisco/enic/enic_main.c ++++ b/drivers/net/ethernet/cisco/enic/enic_main.c +@@ -1272,10 +1272,14 @@ static void enic_rq_indicate_buf(struct vnic_rq *rq, + skb_put(skb, bytes_written); + skb->protocol = eth_type_trans(skb, netdev); + +- if ((netdev->features & NETIF_F_RXCSUM) && !csum_not_calc) { +- skb->csum = htons(checksum); +- skb->ip_summed = CHECKSUM_COMPLETE; +- } ++ /* Hardware does not provide whole packet checksum. It only ++ * provides pseudo checksum. Since hw validates the packet ++ * checksum but not provide us the checksum value. use ++ * CHECSUM_UNNECESSARY. ++ */ ++ if ((netdev->features & NETIF_F_RXCSUM) && tcp_udp_csum_ok && ++ ipv4_csum_ok) ++ skb->ip_summed = CHECKSUM_UNNECESSARY; + + skb->dev = netdev; + +diff --git a/drivers/net/wireless/ath/ath5k/qcu.c b/drivers/net/wireless/ath/ath5k/qcu.c +index 7766542..ff3d348 100644 +--- a/drivers/net/wireless/ath/ath5k/qcu.c ++++ b/drivers/net/wireless/ath/ath5k/qcu.c +@@ -167,13 +167,7 @@ int ath5k_hw_setup_tx_queue(struct ath5k_hw *ah, enum ath5k_tx_queue queue_type, + } else { + switch (queue_type) { + case AR5K_TX_QUEUE_DATA: +- for (queue = AR5K_TX_QUEUE_ID_DATA_MIN; +- ah->ah_txq[queue].tqi_type != +- AR5K_TX_QUEUE_INACTIVE; queue++) { +- +- if (queue > AR5K_TX_QUEUE_ID_DATA_MAX) +- return -EINVAL; +- } ++ queue = queue_info->tqi_subtype; + break; + case AR5K_TX_QUEUE_UAPSD: + queue = AR5K_TX_QUEUE_ID_UAPSD; +diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h +index dc774cd..8b1123d 100644 +--- a/drivers/net/wireless/ath/ath9k/hw.h ++++ b/drivers/net/wireless/ath/ath9k/hw.h +@@ -174,8 +174,8 @@ + #define PAPRD_IDEAL_AGC2_PWR_RANGE 0xe0 + + enum ath_hw_txq_subtype { +- ATH_TXQ_AC_BE = 0, +- ATH_TXQ_AC_BK = 1, ++ ATH_TXQ_AC_BK = 0, ++ ATH_TXQ_AC_BE = 1, + ATH_TXQ_AC_VI = 2, + ATH_TXQ_AC_VO = 3, + }; +diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c +index bbcb777..167c7f6 100644 +--- a/drivers/net/wireless/ath/ath9k/mac.c ++++ b/drivers/net/wireless/ath/ath9k/mac.c +@@ -311,14 +311,7 @@ int ath9k_hw_setuptxqueue(struct ath_hw *ah, enum ath9k_tx_queue type, + q = ATH9K_NUM_TX_QUEUES - 3; + break; + case ATH9K_TX_QUEUE_DATA: +- for (q = 0; q < ATH9K_NUM_TX_QUEUES; q++) +- if (ah->txq[q].tqi_type == +- ATH9K_TX_QUEUE_INACTIVE) +- break; +- if (q == ATH9K_NUM_TX_QUEUES) { +- ath_err(common, "No available TX queue\n"); +- return -1; +- } ++ q = qinfo->tqi_subtype; + break; + default: + ath_err(common, "Invalid TX queue type: %u\n", type); +diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c +index 9005380..bc92c47 100644 +--- a/drivers/pci/probe.c ++++ b/drivers/pci/probe.c +@@ -175,14 +175,17 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, + res->flags |= IORESOURCE_SIZEALIGN; + if (res->flags & IORESOURCE_IO) { + l &= PCI_BASE_ADDRESS_IO_MASK; ++ sz &= PCI_BASE_ADDRESS_IO_MASK; + mask = PCI_BASE_ADDRESS_IO_MASK & (u32) IO_SPACE_LIMIT; + } else { + l &= PCI_BASE_ADDRESS_MEM_MASK; ++ sz &= PCI_BASE_ADDRESS_MEM_MASK; + mask = (u32)PCI_BASE_ADDRESS_MEM_MASK; + } + } else { + res->flags |= (l & IORESOURCE_ROM_ENABLE); + l &= PCI_ROM_ADDRESS_MASK; ++ sz &= PCI_ROM_ADDRESS_MASK; + mask = (u32)PCI_ROM_ADDRESS_MASK; + } + +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c +index 9b48d61..127dfe5d 100644 +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -388,19 +388,52 @@ static void __devinit quirk_s3_64M(struct pci_dev *dev) + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_S3, PCI_DEVICE_ID_S3_868, quirk_s3_64M); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_S3, PCI_DEVICE_ID_S3_968, quirk_s3_64M); + ++static void quirk_io(struct pci_dev *dev, int pos, unsigned size, ++ const char *name) ++{ ++ u32 region; ++ struct pci_bus_region bus_region; ++ struct resource *res = dev->resource + pos; ++ ++ pci_read_config_dword(dev, PCI_BASE_ADDRESS_0 + (pos << 2), ®ion); ++ ++ if (!region) ++ return; ++ ++ res->name = pci_name(dev); ++ res->flags = region & ~PCI_BASE_ADDRESS_IO_MASK; ++ res->flags |= ++ (IORESOURCE_IO | IORESOURCE_PCI_FIXED | IORESOURCE_SIZEALIGN); ++ region &= ~(size - 1); ++ ++ /* Convert from PCI bus to resource space */ ++ bus_region.start = region; ++ bus_region.end = region + size - 1; ++ pcibios_bus_to_resource(dev->bus, res, &bus_region); ++ ++ dev_info(&dev->dev, FW_BUG "%s quirk: reg 0x%x: %pR\n", ++ name, PCI_BASE_ADDRESS_0 + (pos << 2), res); ++} ++ + /* + * Some CS5536 BIOSes (for example, the Soekris NET5501 board w/ comBIOS + * ver. 1.33 20070103) don't set the correct ISA PCI region header info. + * BAR0 should be 8 bytes; instead, it may be set to something like 8k + * (which conflicts w/ BAR1's memory range). ++ * ++ * CS553x's ISA PCI BARs may also be read-only (ref: ++ * https://bugzilla.kernel.org/show_bug.cgi?id=85991 - Comment #4 forward). + */ + static void __devinit quirk_cs5536_vsa(struct pci_dev *dev) + { ++ static char *name = "CS5536 ISA bridge"; ++ + if (pci_resource_len(dev, 0) != 8) { +- struct resource *res = &dev->resource[0]; +- res->end = res->start + 8 - 1; +- dev_info(&dev->dev, "CS5536 ISA bridge bug detected " +- "(incorrect header); workaround applied.\n"); ++ quirk_io(dev, 0, 8, name); /* SMB */ ++ quirk_io(dev, 1, 256, name); /* GPIO */ ++ quirk_io(dev, 2, 64, name); /* MFGPT */ ++ dev_info(&dev->dev, "%s bug detected (incorrect header); workaround applied\n", ++ name); + } + } + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CS5536_ISA, quirk_cs5536_vsa); +diff --git a/drivers/platform/x86/hp_accel.c b/drivers/platform/x86/hp_accel.c +index 0076fea..be6b648 100644 +--- a/drivers/platform/x86/hp_accel.c ++++ b/drivers/platform/x86/hp_accel.c +@@ -237,6 +237,7 @@ static struct dmi_system_id lis3lv02d_dmi_ids[] = { + AXIS_DMI_MATCH("HPB64xx", "HP ProBook 64", xy_swap), + AXIS_DMI_MATCH("HPB64xx", "HP EliteBook 84", xy_swap), + AXIS_DMI_MATCH("HPB65xx", "HP ProBook 65", x_inverted), ++ AXIS_DMI_MATCH("HPZBook15", "HP ZBook 15", x_inverted), + { NULL, } + /* Laptop models without axis info (yet): + * "NC6910" "HP Compaq 6910" +diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c +index 6ec610c..adba3d6 100644 +--- a/drivers/regulator/core.c ++++ b/drivers/regulator/core.c +@@ -1314,12 +1314,14 @@ void regulator_put(struct regulator *regulator) + device_remove_file(regulator->dev, ®ulator->dev_attr); + kfree(regulator->dev_attr.attr.name); + } ++ mutex_lock(&rdev->mutex); + kfree(regulator->supply_name); + list_del(®ulator->list); + kfree(regulator); + + rdev->open_count--; + rdev->exclusive = 0; ++ mutex_unlock(&rdev->mutex); + + module_put(rdev->owner); + mutex_unlock(®ulator_list_mutex); +diff --git a/drivers/s390/char/con3215.c b/drivers/s390/char/con3215.c +index 934458a..2c8d79c 100644 +--- a/drivers/s390/char/con3215.c ++++ b/drivers/s390/char/con3215.c +@@ -993,12 +993,26 @@ static int tty3215_write(struct tty_struct * tty, + const unsigned char *buf, int count) + { + struct raw3215_info *raw; ++ int i, written; + + if (!tty) + return 0; + raw = (struct raw3215_info *) tty->driver_data; +- raw3215_write(raw, buf, count); +- return count; ++ written = count; ++ while (count > 0) { ++ for (i = 0; i < count; i++) ++ if (buf[i] == '\t' || buf[i] == '\n') ++ break; ++ raw3215_write(raw, buf, i); ++ count -= i; ++ buf += i; ++ if (count > 0) { ++ raw3215_putchar(raw, *buf); ++ count--; ++ buf++; ++ } ++ } ++ return written; + } + + /* +@@ -1146,7 +1160,7 @@ static int __init tty3215_init(void) + driver->subtype = SYSTEM_TYPE_TTY; + driver->init_termios = tty_std_termios; + driver->init_termios.c_iflag = IGNBRK | IGNPAR; +- driver->init_termios.c_oflag = ONLCR | XTABS; ++ driver->init_termios.c_oflag = ONLCR; + driver->init_termios.c_lflag = ISIG; + driver->flags = TTY_DRIVER_REAL_RAW; + tty_set_operations(driver, &tty3215_ops); +diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c +index 165e4dd86..a57f85a 100644 +--- a/drivers/scsi/NCR5380.c ++++ b/drivers/scsi/NCR5380.c +@@ -2662,14 +2662,14 @@ static void NCR5380_dma_complete(NCR5380_instance * instance) { + * + * Purpose : abort a command + * +- * Inputs : cmd - the Scsi_Cmnd to abort, code - code to set the +- * host byte of the result field to, if zero DID_ABORTED is ++ * Inputs : cmd - the Scsi_Cmnd to abort, code - code to set the ++ * host byte of the result field to, if zero DID_ABORTED is + * used. + * +- * Returns : 0 - success, -1 on failure. ++ * Returns : SUCCESS - success, FAILED on failure. + * +- * XXX - there is no way to abort the command that is currently +- * connected, you have to wait for it to complete. If this is ++ * XXX - there is no way to abort the command that is currently ++ * connected, you have to wait for it to complete. If this is + * a problem, we could implement longjmp() / setjmp(), setjmp() + * called where the loop started in NCR5380_main(). + * +@@ -2719,7 +2719,7 @@ static int NCR5380_abort(Scsi_Cmnd * cmd) { + * aborted flag and get back into our main loop. + */ + +- return 0; ++ return SUCCESS; + } + #endif + +diff --git a/drivers/scsi/aha1740.c b/drivers/scsi/aha1740.c +index 1c10b79..7f7dc2b 100644 +--- a/drivers/scsi/aha1740.c ++++ b/drivers/scsi/aha1740.c +@@ -551,7 +551,7 @@ static int aha1740_eh_abort_handler (Scsi_Cmnd *dummy) + * quiet as possible... + */ + +- return 0; ++ return SUCCESS; + } + + static struct scsi_host_template aha1740_template = { +diff --git a/drivers/scsi/atari_NCR5380.c b/drivers/scsi/atari_NCR5380.c +index 2db79b4..589c2a3 100644 +--- a/drivers/scsi/atari_NCR5380.c ++++ b/drivers/scsi/atari_NCR5380.c +@@ -2638,7 +2638,7 @@ static void NCR5380_reselect(struct Scsi_Host *instance) + * host byte of the result field to, if zero DID_ABORTED is + * used. + * +- * Returns : 0 - success, -1 on failure. ++ * Returns : SUCCESS - success, FAILED on failure. + * + * XXX - there is no way to abort the command that is currently + * connected, you have to wait for it to complete. If this is +diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c +index 5c17764..04240a4 100644 +--- a/drivers/scsi/megaraid.c ++++ b/drivers/scsi/megaraid.c +@@ -1964,7 +1964,7 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) + cmd->device->id, cmd->device->lun); + + if(list_empty(&adapter->pending_list)) +- return FALSE; ++ return FAILED; + + list_for_each_safe(pos, next, &adapter->pending_list) { + +@@ -1987,7 +1987,7 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) + (aor==SCB_ABORT) ? "ABORTING":"RESET", + scb->idx); + +- return FALSE; ++ return FAILED; + } + else { + +@@ -2012,12 +2012,12 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) + list_add_tail(SCSI_LIST(cmd), + &adapter->completed_list); + +- return TRUE; ++ return SUCCESS; + } + } + } + +- return FALSE; ++ return FAILED; + } + + static inline int +diff --git a/drivers/scsi/sun3_NCR5380.c b/drivers/scsi/sun3_NCR5380.c +index 7e12a2e..9aaf084 100644 +--- a/drivers/scsi/sun3_NCR5380.c ++++ b/drivers/scsi/sun3_NCR5380.c +@@ -2624,15 +2624,15 @@ static void NCR5380_reselect (struct Scsi_Host *instance) + * Purpose : abort a command + * + * Inputs : cmd - the struct scsi_cmnd to abort, code - code to set the +- * host byte of the result field to, if zero DID_ABORTED is ++ * host byte of the result field to, if zero DID_ABORTED is + * used. + * +- * Returns : 0 - success, -1 on failure. ++ * Returns : SUCCESS - success, FAILED on failure. + * +- * XXX - there is no way to abort the command that is currently +- * connected, you have to wait for it to complete. If this is ++ * XXX - there is no way to abort the command that is currently ++ * connected, you have to wait for it to complete. If this is + * a problem, we could implement longjmp() / setjmp(), setjmp() +- * called where the loop started in NCR5380_main(). ++ * called where the loop started in NCR5380_main(). + */ + + static int NCR5380_abort(struct scsi_cmnd *cmd) +diff --git a/drivers/spi/spi-dw-mid.c b/drivers/spi/spi-dw-mid.c +index c0ca0ee..e6a1bd3 100644 +--- a/drivers/spi/spi-dw-mid.c ++++ b/drivers/spi/spi-dw-mid.c +@@ -219,7 +219,6 @@ int dw_spi_mid_init(struct dw_spi *dws) + iounmap(clk_reg); + + dws->num_cs = 16; +- dws->fifo_len = 40; /* FIFO has 40 words buffer */ + + #ifdef CONFIG_SPI_DW_MID_DMA + dws->dma_priv = kzalloc(sizeof(struct mid_dma), GFP_KERNEL); +diff --git a/drivers/spi/spi-dw.c b/drivers/spi/spi-dw.c +index 9eddaab..bbdf0cf 100644 +--- a/drivers/spi/spi-dw.c ++++ b/drivers/spi/spi-dw.c +@@ -786,13 +786,13 @@ static void spi_hw_init(struct dw_spi *dws) + */ + if (!dws->fifo_len) { + u32 fifo; +- for (fifo = 2; fifo <= 257; fifo++) { ++ for (fifo = 2; fifo <= 256; fifo++) { + dw_writew(dws, DW_SPI_TXFLTR, fifo); + if (fifo != dw_readw(dws, DW_SPI_TXFLTR)) + break; + } + +- dws->fifo_len = (fifo == 257) ? 0 : fifo; ++ dws->fifo_len = (fifo == 2) ? 0 : fifo - 1; + dw_writew(dws, DW_SPI_TXFLTR, 0); + } + } +diff --git a/drivers/target/iscsi/iscsi_target_util.c b/drivers/target/iscsi/iscsi_target_util.c +index e612722..f0d1c9c 100644 +--- a/drivers/target/iscsi/iscsi_target_util.c ++++ b/drivers/target/iscsi/iscsi_target_util.c +@@ -1483,15 +1483,15 @@ static int iscsit_do_tx_data( + struct iscsi_conn *conn, + struct iscsi_data_count *count) + { +- int data = count->data_length, total_tx = 0, tx_loop = 0, iov_len; ++ int ret, iov_len; + struct kvec *iov_p; + struct msghdr msg; + + if (!conn || !conn->sock || !conn->conn_ops) + return -1; + +- if (data <= 0) { +- pr_err("Data length is: %d\n", data); ++ if (count->data_length <= 0) { ++ pr_err("Data length is: %d\n", count->data_length); + return -1; + } + +@@ -1500,20 +1500,16 @@ static int iscsit_do_tx_data( + iov_p = count->iov; + iov_len = count->iov_count; + +- while (total_tx < data) { +- tx_loop = kernel_sendmsg(conn->sock, &msg, iov_p, iov_len, +- (data - total_tx)); +- if (tx_loop <= 0) { +- pr_debug("tx_loop: %d total_tx %d\n", +- tx_loop, total_tx); +- return tx_loop; +- } +- total_tx += tx_loop; +- pr_debug("tx_loop: %d, total_tx: %d, data: %d\n", +- tx_loop, total_tx, data); ++ ret = kernel_sendmsg(conn->sock, &msg, iov_p, iov_len, ++ count->data_length); ++ if (ret != count->data_length) { ++ pr_err("Unexpected ret: %d send data %d\n", ++ ret, count->data_length); ++ return -EPIPE; + } ++ pr_debug("ret: %d, sent data: %d\n", ret, count->data_length); + +- return total_tx; ++ return ret; + } + + int rx_data( +diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c +index b31f1c3..626e75b 100644 +--- a/drivers/tty/serial/samsung.c ++++ b/drivers/tty/serial/samsung.c +@@ -519,11 +519,15 @@ static void s3c24xx_serial_pm(struct uart_port *port, unsigned int level, + unsigned int old) + { + struct s3c24xx_uart_port *ourport = to_ourport(port); ++ int timeout = 10000; + + ourport->pm_level = level; + + switch (level) { + case 3: ++ while (--timeout && !s3c24xx_serial_txempty_nofifo(port)) ++ udelay(100); ++ + if (!IS_ERR(ourport->baudclk) && ourport->baudclk != NULL) + clk_disable(ourport->baudclk); + +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c +index 6647081..d38d88e 100644 +--- a/drivers/usb/class/cdc-acm.c ++++ b/drivers/usb/class/cdc-acm.c +@@ -1011,10 +1011,11 @@ next_desc: + } else { + control_interface = usb_ifnum_to_if(usb_dev, union_header->bMasterInterface0); + data_interface = usb_ifnum_to_if(usb_dev, (data_interface_num = union_header->bSlaveInterface0)); +- if (!control_interface || !data_interface) { +- dev_dbg(&intf->dev, "no interfaces\n"); +- return -ENODEV; +- } ++ } ++ ++ if (!control_interface || !data_interface) { ++ dev_dbg(&intf->dev, "no interfaces\n"); ++ return -ENODEV; + } + + if (data_interface_num != call_interface_num) +diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c +index 1e3e211..0276db3 100644 +--- a/drivers/usb/core/config.c ++++ b/drivers/usb/core/config.c +@@ -201,6 +201,17 @@ static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, + if (n == 0) + n = 9; /* 32 ms = 2^(9-1) uframes */ + j = 16; ++ ++ /* ++ * Adjust bInterval for quirked devices. ++ * This quirk fixes bIntervals reported in ++ * linear microframes. ++ */ ++ if (to_usb_device(ddev)->quirks & ++ USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) { ++ n = clamp(fls(d->bInterval), i, j); ++ i = j = n; ++ } + break; + default: /* USB_SPEED_FULL or _LOW */ + /* For low-speed, 10 ms is the official minimum. +diff --git a/drivers/usb/core/otg_whitelist.h b/drivers/usb/core/otg_whitelist.h +index e8cdce5..2753cec 100644 +--- a/drivers/usb/core/otg_whitelist.h ++++ b/drivers/usb/core/otg_whitelist.h +@@ -59,6 +59,11 @@ static int is_targeted(struct usb_device *dev) + le16_to_cpu(dev->descriptor.idProduct) == 0xbadd)) + return 0; + ++ /* OTG PET device is always targeted (see OTG 2.0 ECN 6.4.2) */ ++ if ((le16_to_cpu(dev->descriptor.idVendor) == 0x1a0a && ++ le16_to_cpu(dev->descriptor.idProduct) == 0x0200)) ++ return 1; ++ + /* NOTE: can't use usb_match_id() since interface caches + * aren't set up yet. this is cut/paste from that code. + */ +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c +index 3dbb18c..ad4540e 100644 +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -150,6 +150,10 @@ static const struct usb_device_id usb_quirk_list[] = { + /* SKYMEDI USB_DRIVE */ + { USB_DEVICE(0x1516, 0x8628), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* Razer - Razer Blade Keyboard */ ++ { USB_DEVICE(0x1532, 0x0116), .driver_info = ++ USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL }, ++ + /* BUILDWIN Photo Frame */ + { USB_DEVICE(0x1908, 0x1315), .driver_info = + USB_QUIRK_HONOR_BNUMINTERFACES }, +@@ -164,6 +168,10 @@ static const struct usb_device_id usb_quirk_list[] = { + { USB_DEVICE(0x0b05, 0x17e0), .driver_info = + USB_QUIRK_IGNORE_REMOTE_WAKEUP }, + ++ /* Protocol and OTG Electrical Test Device */ ++ { USB_DEVICE(0x1a0a, 0x0200), .driver_info = ++ USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL }, ++ + { } /* terminating entry must be last */ + }; + +diff --git a/drivers/usb/gadget/atmel_usba_udc.c b/drivers/usb/gadget/atmel_usba_udc.c +index b299c32..9ba3114 100644 +--- a/drivers/usb/gadget/atmel_usba_udc.c ++++ b/drivers/usb/gadget/atmel_usba_udc.c +@@ -739,10 +739,10 @@ static int queue_dma(struct usba_udc *udc, struct usba_ep *ep, + + req->ctrl = USBA_BF(DMA_BUF_LEN, req->req.length) + | USBA_DMA_CH_EN | USBA_DMA_END_BUF_IE +- | USBA_DMA_END_TR_EN | USBA_DMA_END_TR_IE; ++ | USBA_DMA_END_BUF_EN; + +- if (ep->is_in) +- req->ctrl |= USBA_DMA_END_BUF_EN; ++ if (!ep->is_in) ++ req->ctrl |= USBA_DMA_END_TR_EN | USBA_DMA_END_TR_IE; + + /* + * Add this request to the queue and submit for DMA if +@@ -850,7 +850,7 @@ static int usba_ep_dequeue(struct usb_ep *_ep, struct usb_request *_req) + { + struct usba_ep *ep = to_usba_ep(_ep); + struct usba_udc *udc = ep->udc; +- struct usba_request *req = to_usba_req(_req); ++ struct usba_request *req; + unsigned long flags; + u32 status; + +@@ -859,6 +859,16 @@ static int usba_ep_dequeue(struct usb_ep *_ep, struct usb_request *_req) + + spin_lock_irqsave(&udc->lock, flags); + ++ list_for_each_entry(req, &ep->queue, queue) { ++ if (&req->req == _req) ++ break; ++ } ++ ++ if (&req->req != _req) { ++ spin_unlock_irqrestore(&udc->lock, flags); ++ return -EINVAL; ++ } ++ + if (req->using_dma) { + /* + * If this request is currently being transferred, +@@ -1597,7 +1607,6 @@ static void usba_ep_irq(struct usba_udc *udc, struct usba_ep *ep) + if ((epstatus & epctrl) & USBA_RX_BK_RDY) { + DBG(DBG_BUS, "%s: RX data ready\n", ep->ep.name); + receive_data(ep); +- usba_ep_writel(ep, CLR_STA, USBA_RX_BK_RDY); + } + } + +diff --git a/drivers/usb/host/pci-quirks.c b/drivers/usb/host/pci-quirks.c +index eae35c1..d5cb148 100644 +--- a/drivers/usb/host/pci-quirks.c ++++ b/drivers/usb/host/pci-quirks.c +@@ -470,7 +470,8 @@ static void __devinit quirk_usb_handoff_ohci(struct pci_dev *pdev) + { + void __iomem *base; + u32 control; +- u32 fminterval; ++ u32 fminterval = 0; ++ bool no_fminterval = false; + int cnt; + + if (!mmio_resource_enabled(pdev, 0)) +@@ -480,6 +481,13 @@ static void __devinit quirk_usb_handoff_ohci(struct pci_dev *pdev) + if (base == NULL) + return; + ++ /* ++ * ULi M5237 OHCI controller locks the whole system when accessing ++ * the OHCI_FMINTERVAL offset. ++ */ ++ if (pdev->vendor == PCI_VENDOR_ID_AL && pdev->device == 0x5237) ++ no_fminterval = true; ++ + control = readl(base + OHCI_CONTROL); + + /* On PA-RISC, PDC can leave IR set incorrectly; ignore it there. */ +@@ -518,7 +526,9 @@ static void __devinit quirk_usb_handoff_ohci(struct pci_dev *pdev) + } + + /* software reset of the controller, preserving HcFmInterval */ +- fminterval = readl(base + OHCI_FMINTERVAL); ++ if (!no_fminterval) ++ fminterval = readl(base + OHCI_FMINTERVAL); ++ + writel(OHCI_HCR, base + OHCI_CMDSTATUS); + + /* reset requires max 10 us delay */ +@@ -527,7 +537,9 @@ static void __devinit quirk_usb_handoff_ohci(struct pci_dev *pdev) + break; + udelay(1); + } +- writel(fminterval, base + OHCI_FMINTERVAL); ++ ++ if (!no_fminterval) ++ writel(fminterval, base + OHCI_FMINTERVAL); + + /* Now the controller is safely in SUSPEND and nothing can wake it up */ + iounmap(base); +diff --git a/drivers/usb/misc/adutux.c b/drivers/usb/misc/adutux.c +index db5128b7e..501ab4f 100644 +--- a/drivers/usb/misc/adutux.c ++++ b/drivers/usb/misc/adutux.c +@@ -865,15 +865,11 @@ static void adu_disconnect(struct usb_interface *interface) + usb_set_intfdata(interface, NULL); + + /* if the device is not opened, then we clean up right now */ +- dbg(2," %s : open count %d", __func__, dev->open_count); + if (!dev->open_count) + adu_delete(dev); + + mutex_unlock(&adutux_mutex); + +- dev_info(&interface->dev, "ADU device adutux%d now disconnected\n", +- (minor - ADU_MINOR_BASE)); +- + dbg(2," %s : leave", __func__); + } + +diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c +index aa0d183..0b1fc07 100644 +--- a/drivers/usb/renesas_usbhs/mod_gadget.c ++++ b/drivers/usb/renesas_usbhs/mod_gadget.c +@@ -514,6 +514,10 @@ static int usbhsg_ep_enable(struct usb_ep *ep, + static int usbhsg_ep_disable(struct usb_ep *ep) + { + struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep); ++ struct usbhs_pipe *pipe = usbhsg_uep_to_pipe(uep); ++ ++ if (!pipe) ++ return -EINVAL; + + return usbhsg_pipe_disable(uep); + } +diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c +index 1ee6b2a..87302dd 100644 +--- a/drivers/usb/serial/console.c ++++ b/drivers/usb/serial/console.c +@@ -47,6 +47,8 @@ static struct console usbcons; + * ------------------------------------------------------------ + */ + ++static const struct tty_operations usb_console_fake_tty_ops = { ++}; + + /* + * The parsing of the command line works exactly like the +@@ -141,14 +143,17 @@ static int usb_console_setup(struct console *co, char *options) + goto reset_open_count; + } + kref_init(&tty->kref); +- tty_port_tty_set(&port->port, tty); + tty->driver = usb_serial_tty_driver; + tty->index = co->index; ++ INIT_LIST_HEAD(&tty->tty_files); ++ kref_get(&tty->driver->kref); ++ tty->ops = &usb_console_fake_tty_ops; + if (tty_init_termios(tty)) { + retval = -ENOMEM; + err("no more memory"); +- goto free_tty; ++ goto put_tty; + } ++ tty_port_tty_set(&port->port, tty); + } + + /* only call the device specific open if this +@@ -170,7 +175,7 @@ static int usb_console_setup(struct console *co, char *options) + serial->type->set_termios(tty, port, &dummy); + + tty_port_tty_set(&port->port, NULL); +- kfree(tty); ++ tty_kref_put(tty); + } + set_bit(ASYNCB_INITIALIZED, &port->port.flags); + } +@@ -186,8 +191,8 @@ static int usb_console_setup(struct console *co, char *options) + + fail: + tty_port_tty_set(&port->port, NULL); +- free_tty: +- kfree(tty); ++ put_tty: ++ tty_kref_put(tty); + reset_open_count: + port->port.count = 0; + usb_autopm_put_interface(serial->interface); +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index da92d2d..e795a4c 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -126,10 +126,12 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x10C4, 0x85F8) }, /* Virtenio Preon32 */ + { USB_DEVICE(0x10C4, 0x8664) }, /* AC-Services CAN-IF */ + { USB_DEVICE(0x10C4, 0x8665) }, /* AC-Services OBD-IF */ +- { USB_DEVICE(0x10C4, 0x8875) }, /* CEL MeshConnect USB Stick */ ++ { USB_DEVICE(0x10C4, 0x8856) }, /* CEL EM357 ZigBee USB Stick - LR */ ++ { USB_DEVICE(0x10C4, 0x8857) }, /* CEL EM357 ZigBee USB Stick */ + { USB_DEVICE(0x10C4, 0x88A4) }, /* MMB Networks ZigBee USB Device */ + { USB_DEVICE(0x10C4, 0x88A5) }, /* Planet Innovation Ingeni ZigBee USB Device */ + { USB_DEVICE(0x10C4, 0x8946) }, /* Ketra N1 Wireless Interface */ ++ { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ + { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs factory default */ + { USB_DEVICE(0x10C4, 0xEA61) }, /* Silicon Labs factory default */ + { USB_DEVICE(0x10C4, 0xEA70) }, /* Silicon Labs factory default */ +diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h +index a6c4c7d..0e2c2de 100644 +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -1956,6 +1956,13 @@ UNUSUAL_DEV( 0x152d, 0x2329, 0x0100, 0x0100, + USB_SC_DEVICE, USB_PR_DEVICE, NULL, + US_FL_IGNORE_RESIDUE | US_FL_SANE_SENSE ), + ++/* Reported by Dmitry Nezhevenko */ ++UNUSUAL_DEV( 0x152d, 0x2566, 0x0114, 0x0114, ++ "JMicron", ++ "USB to ATA/ATAPI Bridge", ++ USB_SC_DEVICE, USB_PR_DEVICE, NULL, ++ US_FL_BROKEN_FUA ), ++ + /* Entrega Technologies U1-SC25 (later Xircom PortGear PGSCSI) + * and Mac USB Dock USB-SCSI */ + UNUSUAL_DEV( 0x1645, 0x0007, 0x0100, 0x0133, +diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c +index c27e153..8a3d51f 100644 +--- a/drivers/video/fb_defio.c ++++ b/drivers/video/fb_defio.c +@@ -83,9 +83,10 @@ int fb_deferred_io_fsync(struct file *file, loff_t start, loff_t end, int datasy + cancel_delayed_work_sync(&info->deferred_work); + + /* Run it immediately */ +- err = schedule_delayed_work(&info->deferred_work, 0); ++ schedule_delayed_work(&info->deferred_work, 0); + mutex_unlock(&inode->i_mutex); +- return err; ++ ++ return 0; + } + EXPORT_SYMBOL_GPL(fb_deferred_io_fsync); + +diff --git a/drivers/video/logo/logo.c b/drivers/video/logo/logo.c +index ea7a8cc..4bbe1b0 100644 +--- a/drivers/video/logo/logo.c ++++ b/drivers/video/logo/logo.c +@@ -25,6 +25,21 @@ static int nologo; + module_param(nologo, bool, 0); + MODULE_PARM_DESC(nologo, "Disables startup logo"); + ++/* ++ * Logos are located in the initdata, and will be freed in kernel_init. ++ * Use late_init to mark the logos as freed to prevent any further use. ++ */ ++ ++static bool logos_freed; ++ ++static int __init fb_logo_late_init(void) ++{ ++ logos_freed = true; ++ return 0; ++} ++ ++late_initcall(fb_logo_late_init); ++ + /* logo's are marked __initdata. Use __init_refok to tell + * modpost that it is intended that this function uses data + * marked __initdata. +@@ -33,7 +48,7 @@ const struct linux_logo * __init_refok fb_find_logo(int depth) + { + const struct linux_logo *logo = NULL; + +- if (nologo) ++ if (nologo || logos_freed) + return NULL; + + if (depth >= 1) { +diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c +index 984c501..cc02a9b 100644 +--- a/drivers/virtio/virtio.c ++++ b/drivers/virtio/virtio.c +@@ -9,33 +9,32 @@ static unsigned int dev_index; + static ssize_t device_show(struct device *_d, + struct device_attribute *attr, char *buf) + { +- struct virtio_device *dev = container_of(_d,struct virtio_device,dev); ++ struct virtio_device *dev = dev_to_virtio(_d); + return sprintf(buf, "0x%04x\n", dev->id.device); + } + static ssize_t vendor_show(struct device *_d, + struct device_attribute *attr, char *buf) + { +- struct virtio_device *dev = container_of(_d,struct virtio_device,dev); ++ struct virtio_device *dev = dev_to_virtio(_d); + return sprintf(buf, "0x%04x\n", dev->id.vendor); + } + static ssize_t status_show(struct device *_d, + struct device_attribute *attr, char *buf) + { +- struct virtio_device *dev = container_of(_d,struct virtio_device,dev); ++ struct virtio_device *dev = dev_to_virtio(_d); + return sprintf(buf, "0x%08x\n", dev->config->get_status(dev)); + } + static ssize_t modalias_show(struct device *_d, + struct device_attribute *attr, char *buf) + { +- struct virtio_device *dev = container_of(_d,struct virtio_device,dev); +- ++ struct virtio_device *dev = dev_to_virtio(_d); + return sprintf(buf, "virtio:d%08Xv%08X\n", + dev->id.device, dev->id.vendor); + } + static ssize_t features_show(struct device *_d, + struct device_attribute *attr, char *buf) + { +- struct virtio_device *dev = container_of(_d, struct virtio_device, dev); ++ struct virtio_device *dev = dev_to_virtio(_d); + unsigned int i; + ssize_t len = 0; + +@@ -70,7 +69,7 @@ static inline int virtio_id_match(const struct virtio_device *dev, + static int virtio_dev_match(struct device *_dv, struct device_driver *_dr) + { + unsigned int i; +- struct virtio_device *dev = container_of(_dv,struct virtio_device,dev); ++ struct virtio_device *dev = dev_to_virtio(_dv); + const struct virtio_device_id *ids; + + ids = container_of(_dr, struct virtio_driver, driver)->id_table; +@@ -82,7 +81,7 @@ static int virtio_dev_match(struct device *_dv, struct device_driver *_dr) + + static int virtio_uevent(struct device *_dv, struct kobj_uevent_env *env) + { +- struct virtio_device *dev = container_of(_dv,struct virtio_device,dev); ++ struct virtio_device *dev = dev_to_virtio(_dv); + + return add_uevent_var(env, "MODALIAS=virtio:d%08Xv%08X", + dev->id.device, dev->id.vendor); +@@ -110,7 +109,7 @@ EXPORT_SYMBOL_GPL(virtio_check_driver_offered_feature); + static int virtio_dev_probe(struct device *_d) + { + int err, i; +- struct virtio_device *dev = container_of(_d,struct virtio_device,dev); ++ struct virtio_device *dev = dev_to_virtio(_d); + struct virtio_driver *drv = container_of(dev->dev.driver, + struct virtio_driver, driver); + u32 device_features; +@@ -148,7 +147,7 @@ static int virtio_dev_probe(struct device *_d) + + static int virtio_dev_remove(struct device *_d) + { +- struct virtio_device *dev = container_of(_d,struct virtio_device,dev); ++ struct virtio_device *dev = dev_to_virtio(_d); + struct virtio_driver *drv = container_of(dev->dev.driver, + struct virtio_driver, driver); + +diff --git a/drivers/virtio/virtio_pci.c b/drivers/virtio/virtio_pci.c +index 03d1984..13f6cd8 100644 +--- a/drivers/virtio/virtio_pci.c ++++ b/drivers/virtio/virtio_pci.c +@@ -612,11 +612,13 @@ static struct virtio_config_ops virtio_pci_config_ops = { + + static void virtio_pci_release_dev(struct device *_d) + { +- /* +- * No need for a release method as we allocate/free +- * all devices together with the pci devices. +- * Provide an empty one to avoid getting a warning from core. +- */ ++ struct virtio_device *vdev = dev_to_virtio(_d); ++ struct virtio_pci_device *vp_dev = to_vp_device(vdev); ++ ++ /* As struct device is a kobject, it's not safe to ++ * free the memory (including the reference counter itself) ++ * until it's release callback. */ ++ kfree(vp_dev); + } + + /* the PCI probing function */ +@@ -704,7 +706,6 @@ static void __devexit virtio_pci_remove(struct pci_dev *pci_dev) + pci_iounmap(pci_dev, vp_dev->ioaddr); + pci_release_regions(pci_dev); + pci_disable_device(pci_dev); +- kfree(vp_dev); + } + + #ifdef CONFIG_PM +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c +index cfdf6fe..b8fc473 100644 +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -3481,12 +3481,6 @@ static int btrfs_destroy_pinned_extent(struct btrfs_root *root, + if (ret) + break; + +- /* opt_discard */ +- if (btrfs_test_opt(root, DISCARD)) +- ret = btrfs_error_discard_extent(root, start, +- end + 1 - start, +- NULL); +- + clear_extent_dirty(unpin, start, end, GFP_NOFS); + btrfs_error_unpin_extent_range(root, start, end); + cond_resched(); +diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c +index f63719a..a694317 100644 +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -4611,7 +4611,8 @@ int btrfs_prepare_extent_commit(struct btrfs_trans_handle *trans, + return 0; + } + +-static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) ++static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end, ++ const bool return_free_space) + { + struct btrfs_fs_info *fs_info = root->fs_info; + struct btrfs_block_group_cache *cache = NULL; +@@ -4631,7 +4632,8 @@ static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) + + if (start < cache->last_byte_to_unpin) { + len = min(len, cache->last_byte_to_unpin - start); +- btrfs_add_free_space(cache, start, len); ++ if (return_free_space) ++ btrfs_add_free_space(cache, start, len); + } + + start += len; +@@ -4676,7 +4678,7 @@ int btrfs_finish_extent_commit(struct btrfs_trans_handle *trans, + end + 1 - start, NULL); + + clear_extent_dirty(unpin, start, end, GFP_NOFS); +- unpin_extent_range(root, start, end); ++ unpin_extent_range(root, start, end, true); + cond_resched(); + } + +@@ -7650,7 +7652,7 @@ out: + + int btrfs_error_unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) + { +- return unpin_extent_range(root, start, end); ++ return unpin_extent_range(root, start, end, false); + } + + int btrfs_error_discard_extent(struct btrfs_root *root, u64 bytenr, +diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c +index e5206fc..d5df940 100644 +--- a/fs/ceph/snap.c ++++ b/fs/ceph/snap.c +@@ -288,6 +288,9 @@ static int cmpu64_rev(const void *a, const void *b) + return 0; + } + ++ ++static struct ceph_snap_context *empty_snapc; ++ + /* + * build the snap context for a given realm. + */ +@@ -329,6 +332,12 @@ static int build_snap_context(struct ceph_snap_realm *realm) + return 0; + } + ++ if (num == 0 && realm->seq == empty_snapc->seq) { ++ ceph_get_snap_context(empty_snapc); ++ snapc = empty_snapc; ++ goto done; ++ } ++ + /* alloc new snap context */ + err = -ENOMEM; + if (num > (SIZE_MAX - sizeof(*snapc)) / sizeof(u64)) +@@ -364,6 +373,7 @@ static int build_snap_context(struct ceph_snap_realm *realm) + dout("build_snap_context %llx %p: %p seq %lld (%d snaps)\n", + realm->ino, realm, snapc, snapc->seq, snapc->num_snaps); + ++done: + if (realm->cached_context) + ceph_put_snap_context(realm->cached_context); + realm->cached_context = snapc; +@@ -465,6 +475,9 @@ void ceph_queue_cap_snap(struct ceph_inode_info *ci) + cap_snap. lucky us. */ + dout("queue_cap_snap %p already pending\n", inode); + kfree(capsnap); ++ } else if (ci->i_snap_realm->cached_context == empty_snapc) { ++ dout("queue_cap_snap %p empty snapc\n", inode); ++ kfree(capsnap); + } else if (dirty & (CEPH_CAP_AUTH_EXCL|CEPH_CAP_XATTR_EXCL| + CEPH_CAP_FILE_EXCL|CEPH_CAP_FILE_WR)) { + struct ceph_snap_context *snapc = ci->i_head_snapc; +@@ -927,5 +940,17 @@ out: + return; + } + ++int __init ceph_snap_init(void) ++{ ++ empty_snapc = kzalloc(sizeof(struct ceph_snap_context), GFP_NOFS); ++ if (!empty_snapc) ++ return -ENOMEM; ++ atomic_set(&empty_snapc->nref, 1); ++ empty_snapc->seq = 1; ++ return 0; ++} + +- ++void ceph_snap_exit(void) ++{ ++ ceph_put_snap_context(empty_snapc); ++} +diff --git a/fs/ceph/super.c b/fs/ceph/super.c +index de268a8..3c981db 100644 +--- a/fs/ceph/super.c ++++ b/fs/ceph/super.c +@@ -911,14 +911,20 @@ static int __init init_ceph(void) + if (ret) + goto out; + +- ret = register_filesystem(&ceph_fs_type); ++ ret = ceph_snap_init(); + if (ret) + goto out_icache; + ++ ret = register_filesystem(&ceph_fs_type); ++ if (ret) ++ goto out_snap; ++ + pr_info("loaded (mds proto %d)\n", CEPH_MDSC_PROTOCOL); + + return 0; + ++out_snap: ++ ceph_snap_exit(); + out_icache: + destroy_caches(); + out: +@@ -929,6 +935,7 @@ static void __exit exit_ceph(void) + { + dout("exit_ceph\n"); + unregister_filesystem(&ceph_fs_type); ++ ceph_snap_exit(); + destroy_caches(); + } + +diff --git a/fs/ceph/super.h b/fs/ceph/super.h +index a097817..242df58 100644 +--- a/fs/ceph/super.h ++++ b/fs/ceph/super.h +@@ -677,6 +677,8 @@ extern void ceph_queue_cap_snap(struct ceph_inode_info *ci); + extern int __ceph_finish_cap_snap(struct ceph_inode_info *ci, + struct ceph_cap_snap *capsnap); + extern void ceph_cleanup_empty_realms(struct ceph_mds_client *mdsc); ++extern int ceph_snap_init(void); ++extern void ceph_snap_exit(void); + + /* + * a cap_snap is "pending" if it is still awaiting an in-progress +diff --git a/fs/dcache.c b/fs/dcache.c +index 3f65742..8bc98af 100644 +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -1035,7 +1035,7 @@ ascend: + return 0; /* No mount points found in tree */ + positive: + if (!locked && read_seqretry(&rename_lock, seq)) +- goto rename_retry; ++ goto rename_retry_unlocked; + if (locked) + write_sequnlock(&rename_lock); + return 1; +@@ -1045,6 +1045,7 @@ rename_retry: + rcu_read_unlock(); + if (locked) + goto again; ++rename_retry_unlocked: + locked = 1; + write_seqlock(&rename_lock); + goto again; +@@ -1109,6 +1110,7 @@ resume: + */ + if (found && need_resched()) { + spin_unlock(&dentry->d_lock); ++ rcu_read_lock(); + goto out; + } + +diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c +index 68b19ab..dceedec 100644 +--- a/fs/ecryptfs/crypto.c ++++ b/fs/ecryptfs/crypto.c +@@ -2038,7 +2038,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, + break; + case 2: + dst[dst_byte_offset++] |= (src_byte); +- dst[dst_byte_offset] = 0; + current_bit_offset = 0; + break; + } +diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c +index 841f24f..80fc876 100644 +--- a/fs/ecryptfs/file.c ++++ b/fs/ecryptfs/file.c +@@ -196,24 +196,12 @@ static int ecryptfs_open(struct inode *inode, struct file *file) + { + int rc = 0; + struct ecryptfs_crypt_stat *crypt_stat = NULL; +- struct ecryptfs_mount_crypt_stat *mount_crypt_stat; + struct dentry *ecryptfs_dentry = file->f_path.dentry; + /* Private value of ecryptfs_dentry allocated in + * ecryptfs_lookup() */ + struct dentry *lower_dentry; + struct ecryptfs_file_info *file_info; + +- mount_crypt_stat = &ecryptfs_superblock_to_private( +- ecryptfs_dentry->d_sb)->mount_crypt_stat; +- if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) +- && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR) +- || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC) +- || (file->f_flags & O_APPEND))) { +- printk(KERN_WARNING "Mount has encrypted view enabled; " +- "files may only be read\n"); +- rc = -EPERM; +- goto out; +- } + /* Released in ecryptfs_release or end of function if failure */ + file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); + ecryptfs_set_file_private(file, file_info); +diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c +index 94afdfd..62b8ddc 100644 +--- a/fs/ecryptfs/main.c ++++ b/fs/ecryptfs/main.c +@@ -494,6 +494,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags + { + struct super_block *s; + struct ecryptfs_sb_info *sbi; ++ struct ecryptfs_mount_crypt_stat *mount_crypt_stat; + struct ecryptfs_dentry_info *root_info; + const char *err = "Getting sb failed"; + struct inode *inode; +@@ -512,6 +513,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags + err = "Error parsing options"; + goto out; + } ++ mount_crypt_stat = &sbi->mount_crypt_stat; + + s = sget(fs_type, NULL, set_anon_super, NULL); + if (IS_ERR(s)) { +@@ -557,11 +559,19 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags + + /** + * Set the POSIX ACL flag based on whether they're enabled in the lower +- * mount. Force a read-only eCryptfs mount if the lower mount is ro. +- * Allow a ro eCryptfs mount even when the lower mount is rw. ++ * mount. + */ + s->s_flags = flags & ~MS_POSIXACL; +- s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL); ++ s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL; ++ ++ /** ++ * Force a read-only eCryptfs mount when: ++ * 1) The lower mount is ro ++ * 2) The ecryptfs_encrypted_view mount option is specified ++ */ ++ if (path.dentry->d_sb->s_flags & MS_RDONLY || ++ mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) ++ s->s_flags |= MS_RDONLY; + + s->s_maxbytes = path.dentry->d_sb->s_maxbytes; + s->s_blocksize = path.dentry->d_sb->s_blocksize; +diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c +index 13bfa07..7286eb4 100644 +--- a/fs/fs-writeback.c ++++ b/fs/fs-writeback.c +@@ -396,7 +396,6 @@ writeback_single_inode(struct inode *inode, struct bdi_writeback *wb, + + /* Set I_SYNC, reset I_DIRTY_PAGES */ + inode->i_state |= I_SYNC; +- inode->i_state &= ~I_DIRTY_PAGES; + spin_unlock(&inode->i_lock); + spin_unlock(&wb->list_lock); + +@@ -419,9 +418,28 @@ writeback_single_inode(struct inode *inode, struct bdi_writeback *wb, + * write_inode() + */ + spin_lock(&inode->i_lock); ++ + dirty = inode->i_state & I_DIRTY; +- inode->i_state &= ~(I_DIRTY_SYNC | I_DIRTY_DATASYNC); ++ inode->i_state &= ~I_DIRTY; ++ ++ /* ++ * Paired with smp_mb() in __mark_inode_dirty(). This allows ++ * __mark_inode_dirty() to test i_state without grabbing i_lock - ++ * either they see the I_DIRTY bits cleared or we see the dirtied ++ * inode. ++ * ++ * I_DIRTY_PAGES is always cleared together above even if @mapping ++ * still has dirty pages. The flag is reinstated after smp_mb() if ++ * necessary. This guarantees that either __mark_inode_dirty() ++ * sees clear I_DIRTY_PAGES or we see PAGECACHE_TAG_DIRTY. ++ */ ++ smp_mb(); ++ ++ if (mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) ++ inode->i_state |= I_DIRTY_PAGES; ++ + spin_unlock(&inode->i_lock); ++ + /* Don't write the inode if only I_DIRTY_PAGES was set */ + if (dirty & (I_DIRTY_SYNC | I_DIRTY_DATASYNC)) { + int err = write_inode(inode, wbc); +@@ -447,7 +465,6 @@ writeback_single_inode(struct inode *inode, struct bdi_writeback *wb, + * We didn't write back all the pages. nfs_writepages() + * sometimes bales out without doing anything. + */ +- inode->i_state |= I_DIRTY_PAGES; + if (wbc->nr_to_write <= 0) { + /* + * slice used up: queue for next turn +@@ -1064,12 +1081,11 @@ void __mark_inode_dirty(struct inode *inode, int flags) + } + + /* +- * make sure that changes are seen by all cpus before we test i_state +- * -- mikulas ++ * Paired with smp_mb() in __writeback_single_inode() for the ++ * following lockless i_state test. See there for details. + */ + smp_mb(); + +- /* avoid the locking if we can */ + if ((inode->i_state & flags) == flags) + return; + +diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c +index ee62cc0..1780949 100644 +--- a/fs/isofs/rock.c ++++ b/fs/isofs/rock.c +@@ -30,6 +30,7 @@ struct rock_state { + int cont_size; + int cont_extent; + int cont_offset; ++ int cont_loops; + struct inode *inode; + }; + +@@ -73,6 +74,9 @@ static void init_rock_state(struct rock_state *rs, struct inode *inode) + rs->inode = inode; + } + ++/* Maximum number of Rock Ridge continuation entries */ ++#define RR_MAX_CE_ENTRIES 32 ++ + /* + * Returns 0 if the caller should continue scanning, 1 if the scan must end + * and -ve on error. +@@ -105,6 +109,8 @@ static int rock_continue(struct rock_state *rs) + goto out; + } + ret = -EIO; ++ if (++rs->cont_loops >= RR_MAX_CE_ENTRIES) ++ goto out; + bh = sb_bread(rs->inode->i_sb, rs->cont_extent); + if (bh) { + memcpy(rs->buffer, bh->b_data + rs->cont_offset, +@@ -356,6 +362,9 @@ repeat: + rs.cont_size = isonum_733(rr->u.CE.size); + break; + case SIG('E', 'R'): ++ /* Invalid length of ER tag id? */ ++ if (rr->u.ER.len_id + offsetof(struct rock_ridge, u.ER.data) > rr->len) ++ goto out; + ISOFS_SB(inode->i_sb)->s_rock = 1; + printk(KERN_DEBUG "ISO 9660 Extensions: "); + { +diff --git a/fs/namei.c b/fs/namei.c +index dea2dab..c8b13a9 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -1567,6 +1567,7 @@ static int path_init(int dfd, const char *name, unsigned int flags, + if (!(nd->flags & LOOKUP_ROOT)) + nd->root.mnt = NULL; + rcu_read_unlock(); ++ br_read_unlock(vfsmount_lock); + return -ECHILD; + + fput_fail: +diff --git a/fs/ncpfs/ioctl.c b/fs/ncpfs/ioctl.c +index 790e92a..ea6f706 100644 +--- a/fs/ncpfs/ioctl.c ++++ b/fs/ncpfs/ioctl.c +@@ -445,7 +445,6 @@ static long __ncp_ioctl(struct inode *inode, unsigned int cmd, unsigned long arg + result = -EIO; + } + } +- result = 0; + } + mutex_unlock(&server->root_setup_lock); + +diff --git a/fs/notify/inode_mark.c b/fs/notify/inode_mark.c +index b13c00a..df6dacc 100644 +--- a/fs/notify/inode_mark.c ++++ b/fs/notify/inode_mark.c +@@ -282,20 +282,25 @@ void fsnotify_unmount_inodes(struct list_head *list) + spin_unlock(&inode->i_lock); + + /* In case the dropping of a reference would nuke next_i. */ +- if ((&next_i->i_sb_list != list) && +- atomic_read(&next_i->i_count)) { ++ while (&next_i->i_sb_list != list) { + spin_lock(&next_i->i_lock); +- if (!(next_i->i_state & (I_FREEING | I_WILL_FREE))) { ++ if (!(next_i->i_state & (I_FREEING | I_WILL_FREE)) && ++ atomic_read(&next_i->i_count)) { + __iget(next_i); + need_iput = next_i; ++ spin_unlock(&next_i->i_lock); ++ break; + } + spin_unlock(&next_i->i_lock); ++ next_i = list_entry(next_i->i_sb_list.next, ++ struct inode, i_sb_list); + } + + /* +- * We can safely drop inode_sb_list_lock here because we hold +- * references on both inode and next_i. Also no new inodes +- * will be added since the umount has begun. ++ * We can safely drop inode_sb_list_lock here because either ++ * we actually hold references on both inode and next_i or ++ * end of list. Also no new inodes will be added since the ++ * umount has begun. + */ + spin_unlock(&inode_sb_list_lock); + +diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c +index 4402b18..16653b2 100644 +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -917,7 +917,7 @@ void ocfs2_unlock_and_free_pages(struct page **pages, int num_pages) + } + } + +-static void ocfs2_free_write_ctxt(struct ocfs2_write_ctxt *wc) ++static void ocfs2_unlock_pages(struct ocfs2_write_ctxt *wc) + { + int i; + +@@ -938,7 +938,11 @@ static void ocfs2_free_write_ctxt(struct ocfs2_write_ctxt *wc) + page_cache_release(wc->w_target_page); + } + ocfs2_unlock_and_free_pages(wc->w_pages, wc->w_num_pages); ++} + ++static void ocfs2_free_write_ctxt(struct ocfs2_write_ctxt *wc) ++{ ++ ocfs2_unlock_pages(wc); + brelse(wc->w_di_bh); + kfree(wc); + } +@@ -2059,11 +2063,19 @@ out_write_size: + di->i_mtime_nsec = di->i_ctime_nsec = cpu_to_le32(inode->i_mtime.tv_nsec); + ocfs2_journal_dirty(handle, wc->w_di_bh); + ++ /* unlock pages before dealloc since it needs acquiring j_trans_barrier ++ * lock, or it will cause a deadlock since journal commit threads holds ++ * this lock and will ask for the page lock when flushing the data. ++ * put it here to preserve the unlock order. ++ */ ++ ocfs2_unlock_pages(wc); ++ + ocfs2_commit_trans(osb, handle); + + ocfs2_run_deallocs(osb, &wc->w_dealloc); + +- ocfs2_free_write_ctxt(wc); ++ brelse(wc->w_di_bh); ++ kfree(wc); + + return copied; + } +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c +index d20d64c..0de24a2 100644 +--- a/fs/ocfs2/file.c ++++ b/fs/ocfs2/file.c +@@ -2468,9 +2468,7 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe, + struct address_space *mapping = out->f_mapping; + struct inode *inode = mapping->host; + struct splice_desc sd = { +- .total_len = len, + .flags = flags, +- .pos = *ppos, + .u.file = out, + }; + +@@ -2480,6 +2478,12 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe, + out->f_path.dentry->d_name.len, + out->f_path.dentry->d_name.name, len); + ++ ret = generic_write_checks(out, ppos, &len, 0); ++ if (ret) ++ return ret; ++ sd.total_len = len; ++ sd.pos = *ppos; ++ + if (pipe->inode) + mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_PARENT); + +diff --git a/fs/proc/stat.c b/fs/proc/stat.c +index 4c9a859..81a48d1 100644 +--- a/fs/proc/stat.c ++++ b/fs/proc/stat.c +@@ -141,7 +141,7 @@ static int show_stat(struct seq_file *p, void *v) + + /* sum again ? it could be updated? */ + for_each_irq_nr(j) +- seq_printf(p, " %u", kstat_irqs(j)); ++ seq_printf(p, " %u", kstat_irqs_usr(j)); + + seq_printf(p, + "\nctxt %llu\n" +diff --git a/fs/splice.c b/fs/splice.c +index 714471d..34c2b2b 100644 +--- a/fs/splice.c ++++ b/fs/splice.c +@@ -1013,13 +1013,17 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, + struct address_space *mapping = out->f_mapping; + struct inode *inode = mapping->host; + struct splice_desc sd = { +- .total_len = len, + .flags = flags, +- .pos = *ppos, + .u.file = out, + }; + ssize_t ret; + ++ ret = generic_write_checks(out, ppos, &len, S_ISBLK(inode->i_mode)); ++ if (ret) ++ return ret; ++ sd.total_len = len; ++ sd.pos = *ppos; ++ + pipe_lock(pipe); + + splice_from_pipe_begin(&sd); +diff --git a/fs/udf/dir.c b/fs/udf/dir.c +index eb8bfe2..56341af 100644 +--- a/fs/udf/dir.c ++++ b/fs/udf/dir.c +@@ -163,7 +163,8 @@ static int do_udf_readdir(struct inode *dir, struct file *filp, + struct kernel_lb_addr tloc = lelb_to_cpu(cfi.icb.extLocation); + + iblock = udf_get_lb_pblock(dir->i_sb, &tloc, 0); +- flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); ++ flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, ++ UDF_NAME_LEN); + dt_type = DT_UNKNOWN; + } + +diff --git a/fs/udf/inode.c b/fs/udf/inode.c +index a0f6ded..2a706bb 100644 +--- a/fs/udf/inode.c ++++ b/fs/udf/inode.c +@@ -1403,6 +1403,24 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) + iinfo->i_lenEAttr; + } + ++ /* Sanity checks for files in ICB so that we don't get confused later */ ++ if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) { ++ /* ++ * For file in ICB data is stored in allocation descriptor ++ * so sizes should match ++ */ ++ if (iinfo->i_lenAlloc != inode->i_size) { ++ make_bad_inode(inode); ++ return; ++ } ++ /* File in ICB has to fit in there... */ ++ if (inode->i_size > inode->i_sb->s_blocksize - ++ udf_file_entry_alloc_offset(inode)) { ++ make_bad_inode(inode); ++ return; ++ } ++ } ++ + switch (fe->icbTag.fileType) { + case ICBTAG_FILE_TYPE_DIRECTORY: + inode->i_op = &udf_dir_inode_operations; +diff --git a/fs/udf/namei.c b/fs/udf/namei.c +index 71c97fb..483d662 100644 +--- a/fs/udf/namei.c ++++ b/fs/udf/namei.c +@@ -235,7 +235,8 @@ static struct fileIdentDesc *udf_find_entry(struct inode *dir, + if (!lfi) + continue; + +- flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); ++ flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, ++ UDF_NAME_LEN); + if (flen && udf_match(flen, fname, child->len, child->name)) + goto out_ok; + } +diff --git a/fs/udf/symlink.c b/fs/udf/symlink.c +index b1d4488..0422b7b 100644 +--- a/fs/udf/symlink.c ++++ b/fs/udf/symlink.c +@@ -30,43 +30,73 @@ + #include + #include "udf_i.h" + +-static void udf_pc_to_char(struct super_block *sb, unsigned char *from, +- int fromlen, unsigned char *to) ++static int udf_pc_to_char(struct super_block *sb, unsigned char *from, ++ int fromlen, unsigned char *to, int tolen) + { + struct pathComponent *pc; + int elen = 0; ++ int comp_len; + unsigned char *p = to; + ++ /* Reserve one byte for terminating \0 */ ++ tolen--; + while (elen < fromlen) { + pc = (struct pathComponent *)(from + elen); ++ elen += sizeof(struct pathComponent); + switch (pc->componentType) { + case 1: +- if (pc->lengthComponentIdent == 0) { +- p = to; +- *p++ = '/'; ++ /* ++ * Symlink points to some place which should be agreed ++ * upon between originator and receiver of the media. Ignore. ++ */ ++ if (pc->lengthComponentIdent > 0) { ++ elen += pc->lengthComponentIdent; ++ break; + } ++ /* Fall through */ ++ case 2: ++ if (tolen == 0) ++ return -ENAMETOOLONG; ++ p = to; ++ *p++ = '/'; ++ tolen--; + break; + case 3: ++ if (tolen < 3) ++ return -ENAMETOOLONG; + memcpy(p, "../", 3); + p += 3; ++ tolen -= 3; + break; + case 4: ++ if (tolen < 2) ++ return -ENAMETOOLONG; + memcpy(p, "./", 2); + p += 2; ++ tolen -= 2; + /* that would be . - just ignore */ + break; + case 5: +- p += udf_get_filename(sb, pc->componentIdent, p, +- pc->lengthComponentIdent); ++ elen += pc->lengthComponentIdent; ++ if (elen > fromlen) ++ return -EIO; ++ comp_len = udf_get_filename(sb, pc->componentIdent, ++ pc->lengthComponentIdent, ++ p, tolen); ++ p += comp_len; ++ tolen -= comp_len; ++ if (tolen == 0) ++ return -ENAMETOOLONG; + *p++ = '/'; ++ tolen--; + break; + } +- elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; + } + if (p > to + 1) + p[-1] = '\0'; + else + p[0] = '\0'; ++ return 0; + } + + static int udf_symlink_filler(struct file *file, struct page *page) +@@ -74,11 +104,17 @@ static int udf_symlink_filler(struct file *file, struct page *page) + struct inode *inode = page->mapping->host; + struct buffer_head *bh = NULL; + unsigned char *symlink; +- int err = -EIO; ++ int err; + unsigned char *p = kmap(page); + struct udf_inode_info *iinfo; + uint32_t pos; + ++ /* We don't support symlinks longer than one block */ ++ if (inode->i_size > inode->i_sb->s_blocksize) { ++ err = -ENAMETOOLONG; ++ goto out_unmap; ++ } ++ + iinfo = UDF_I(inode); + pos = udf_block_map(inode, 0); + +@@ -88,14 +124,18 @@ static int udf_symlink_filler(struct file *file, struct page *page) + } else { + bh = sb_bread(inode->i_sb, pos); + +- if (!bh) +- goto out; ++ if (!bh) { ++ err = -EIO; ++ goto out_unlock_inode; ++ } + + symlink = bh->b_data; + } + +- udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p); ++ err = udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p, PAGE_SIZE); + brelse(bh); ++ if (err) ++ goto out_unlock_inode; + + up_read(&iinfo->i_data_sem); + SetPageUptodate(page); +@@ -103,9 +143,10 @@ static int udf_symlink_filler(struct file *file, struct page *page) + unlock_page(page); + return 0; + +-out: ++out_unlock_inode: + up_read(&iinfo->i_data_sem); + SetPageError(page); ++out_unmap: + kunmap(page); + unlock_page(page); + return err; +diff --git a/fs/udf/udfdecl.h b/fs/udf/udfdecl.h +index f34e6fc..8775ab23 100644 +--- a/fs/udf/udfdecl.h ++++ b/fs/udf/udfdecl.h +@@ -207,7 +207,8 @@ udf_get_lb_pblock(struct super_block *sb, struct kernel_lb_addr *loc, + } + + /* unicode.c */ +-extern int udf_get_filename(struct super_block *, uint8_t *, uint8_t *, int); ++extern int udf_get_filename(struct super_block *, uint8_t *, int, uint8_t *, ++ int); + extern int udf_put_filename(struct super_block *, const uint8_t *, uint8_t *, + int); + extern int udf_build_ustr(struct ustr *, dstring *, int); +diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c +index 44b815e..d29c06f 100644 +--- a/fs/udf/unicode.c ++++ b/fs/udf/unicode.c +@@ -28,7 +28,8 @@ + + #include "udf_sb.h" + +-static int udf_translate_to_linux(uint8_t *, uint8_t *, int, uint8_t *, int); ++static int udf_translate_to_linux(uint8_t *, int, uint8_t *, int, uint8_t *, ++ int); + + static int udf_char_to_ustr(struct ustr *dest, const uint8_t *src, int strlen) + { +@@ -333,8 +334,8 @@ try_again: + return u_len + 1; + } + +-int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, +- int flen) ++int udf_get_filename(struct super_block *sb, uint8_t *sname, int slen, ++ uint8_t *dname, int dlen) + { + struct ustr *filename, *unifilename; + int len = 0; +@@ -347,7 +348,7 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, + if (!unifilename) + goto out1; + +- if (udf_build_ustr_exact(unifilename, sname, flen)) ++ if (udf_build_ustr_exact(unifilename, sname, slen)) + goto out2; + + if (UDF_QUERY_FLAG(sb, UDF_FLAG_UTF8)) { +@@ -366,7 +367,8 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, + } else + goto out2; + +- len = udf_translate_to_linux(dname, filename->u_name, filename->u_len, ++ len = udf_translate_to_linux(dname, dlen, ++ filename->u_name, filename->u_len, + unifilename->u_name, unifilename->u_len); + out2: + kfree(unifilename); +@@ -403,10 +405,12 @@ int udf_put_filename(struct super_block *sb, const uint8_t *sname, + #define EXT_MARK '.' + #define CRC_MARK '#' + #define EXT_SIZE 5 ++/* Number of chars we need to store generated CRC to make filename unique */ ++#define CRC_LEN 5 + +-static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, +- int udfLen, uint8_t *fidName, +- int fidNameLen) ++static int udf_translate_to_linux(uint8_t *newName, int newLen, ++ uint8_t *udfName, int udfLen, ++ uint8_t *fidName, int fidNameLen) + { + int index, newIndex = 0, needsCRC = 0; + int extIndex = 0, newExtIndex = 0, hasExt = 0; +@@ -440,7 +444,7 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, + newExtIndex = newIndex; + } + } +- if (newIndex < 256) ++ if (newIndex < newLen) + newName[newIndex++] = curr; + else + needsCRC = 1; +@@ -468,13 +472,13 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, + } + ext[localExtIndex++] = curr; + } +- maxFilenameLen = 250 - localExtIndex; ++ maxFilenameLen = newLen - CRC_LEN - localExtIndex; + if (newIndex > maxFilenameLen) + newIndex = maxFilenameLen; + else + newIndex = newExtIndex; +- } else if (newIndex > 250) +- newIndex = 250; ++ } else if (newIndex > newLen - CRC_LEN) ++ newIndex = newLen - CRC_LEN; + newName[newIndex++] = CRC_MARK; + valueCRC = crc_itu_t(0, fidName, fidNameLen); + newName[newIndex++] = hexChar[(valueCRC & 0xf000) >> 12]; +diff --git a/include/linux/crypto.h b/include/linux/crypto.h +index 8a94217..ca01ea8 100644 +--- a/include/linux/crypto.h ++++ b/include/linux/crypto.h +@@ -25,6 +25,19 @@ + #include + + /* ++ * Autoloaded crypto modules should only use a prefixed name to avoid allowing ++ * arbitrary modules to be loaded. Loading from userspace may still need the ++ * unprefixed names, so retains those aliases as well. ++ * This uses __MODULE_INFO directly instead of MODULE_ALIAS because pre-4.3 ++ * gcc (e.g. avr32 toolchain) uses __LINE__ for uniqueness, and this macro ++ * expands twice on the same line. Instead, use a separate base name for the ++ * alias. ++ */ ++#define MODULE_ALIAS_CRYPTO(name) \ ++ __MODULE_INFO(alias, alias_userspace, name); \ ++ __MODULE_INFO(alias, alias_crypto, "crypto-" name) ++ ++/* + * Algorithm masks and types. + */ + #define CRYPTO_ALG_TYPE_MASK 0x0000000f +diff --git a/include/linux/device.h b/include/linux/device.h +index 3136ede..a31c5d0 100644 +--- a/include/linux/device.h ++++ b/include/linux/device.h +@@ -767,6 +767,11 @@ extern __printf(5, 6) + struct device *device_create(struct class *cls, struct device *parent, + dev_t devt, void *drvdata, + const char *fmt, ...); ++extern __printf(6, 7) ++struct device *device_create_with_groups(struct class *cls, ++ struct device *parent, dev_t devt, void *drvdata, ++ const struct attribute_group **groups, ++ const char *fmt, ...); + extern void device_destroy(struct class *cls, dev_t devt); + + /* +diff --git a/include/linux/kernel_stat.h b/include/linux/kernel_stat.h +index 0cce2db..3256aee 100644 +--- a/include/linux/kernel_stat.h ++++ b/include/linux/kernel_stat.h +@@ -96,8 +96,13 @@ static inline unsigned int kstat_irqs(unsigned int irq) + + return sum; + } ++static inline unsigned int kstat_irqs_usr(unsigned int irq) ++{ ++ return kstat_irqs(irq); ++} + #else + extern unsigned int kstat_irqs(unsigned int irq); ++extern unsigned int kstat_irqs_usr(unsigned int irq); + #endif + + /* +diff --git a/include/linux/libata.h b/include/linux/libata.h +index d773b21..42ac6ad 100644 +--- a/include/linux/libata.h ++++ b/include/linux/libata.h +@@ -207,6 +207,7 @@ enum { + ATA_FLAG_SW_ACTIVITY = (1 << 22), /* driver supports sw activity + * led */ + ATA_FLAG_NO_DIPM = (1 << 23), /* host not happy with DIPM */ ++ ATA_FLAG_LOWTAG = (1 << 24), /* host wants lowest available tag */ + + /* bits 24:31 of ap->flags are reserved for LLD specific flags */ + +diff --git a/include/linux/mm.h b/include/linux/mm.h +index 7f40120..e5ee683 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -840,6 +840,7 @@ static inline int page_mapped(struct page *page) + #define VM_FAULT_WRITE 0x0008 /* Special case for get_user_pages */ + #define VM_FAULT_HWPOISON 0x0010 /* Hit poisoned small page */ + #define VM_FAULT_HWPOISON_LARGE 0x0020 /* Hit poisoned large page. Index encoded in upper bits */ ++#define VM_FAULT_SIGSEGV 0x0040 + + #define VM_FAULT_NOPAGE 0x0100 /* ->fault installed the pte, not return page */ + #define VM_FAULT_LOCKED 0x0200 /* ->fault locked the returned page */ +@@ -847,8 +848,8 @@ static inline int page_mapped(struct page *page) + + #define VM_FAULT_HWPOISON_LARGE_MASK 0xf000 /* encodes hpage index for large hwpoison */ + +-#define VM_FAULT_ERROR (VM_FAULT_OOM | VM_FAULT_SIGBUS | VM_FAULT_HWPOISON | \ +- VM_FAULT_HWPOISON_LARGE) ++#define VM_FAULT_ERROR (VM_FAULT_OOM | VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV | \ ++ VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE) + + /* Encode hstate index for a hwpoisoned large page */ + #define VM_FAULT_SET_HINDEX(x) ((x) << 12) +@@ -1470,7 +1471,7 @@ extern int expand_downwards(struct vm_area_struct *vma, + #if VM_GROWSUP + extern int expand_upwards(struct vm_area_struct *vma, unsigned long address); + #else +- #define expand_upwards(vma, address) do { } while (0) ++ #define expand_upwards(vma, address) (0) + #endif + + /* Look up the first VMA which satisfies addr < vm_end, NULL if none. */ +diff --git a/include/linux/rmap.h b/include/linux/rmap.h +index 2148b12..b0df05a 100644 +--- a/include/linux/rmap.h ++++ b/include/linux/rmap.h +@@ -37,6 +37,16 @@ struct anon_vma { + atomic_t refcount; + + /* ++ * Count of child anon_vmas and VMAs which points to this anon_vma. ++ * ++ * This counter is used for making decision about reusing anon_vma ++ * instead of forking new one. See comments in function anon_vma_clone. ++ */ ++ unsigned degree; ++ ++ struct anon_vma *parent; /* Parent of this anon_vma */ ++ ++ /* + * NOTE: the LSB of the head.next is set by + * mm_take_all_locks() _after_ taking the above lock. So the + * head must only be read/written after taking the above lock +diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h +index dac0859..2b9cd8d 100644 +--- a/include/linux/sysfs.h ++++ b/include/linux/sysfs.h +@@ -80,6 +80,15 @@ struct attribute_group { + + #define __ATTR_NULL { .attr = { .name = NULL } } + ++#define ATTRIBUTE_GROUPS(name) \ ++static const struct attribute_group name##_group = { \ ++ .attrs = name##_attrs, \ ++}; \ ++static const struct attribute_group *name##_groups[] = { \ ++ &name##_group, \ ++ NULL, \ ++} ++ + #define attr_name(_attr) (_attr).attr.name + + struct file; +diff --git a/include/linux/time.h b/include/linux/time.h +index 8c0216e..a87b440 100644 +--- a/include/linux/time.h ++++ b/include/linux/time.h +@@ -138,6 +138,19 @@ static inline bool timespec_valid_strict(const struct timespec *ts) + return true; + } + ++static inline bool timeval_valid(const struct timeval *tv) ++{ ++ /* Dates before 1970 are bogus */ ++ if (tv->tv_sec < 0) ++ return false; ++ ++ /* Can't have more microseconds then a second */ ++ if (tv->tv_usec < 0 || tv->tv_usec >= USEC_PER_SEC) ++ return false; ++ ++ return true; ++} ++ + extern void read_persistent_clock(struct timespec *ts); + extern void read_boot_clock(struct timespec *ts); + extern int update_persistent_clock(struct timespec now); +diff --git a/include/linux/usb/quirks.h b/include/linux/usb/quirks.h +index 8eeeb87..142252c 100644 +--- a/include/linux/usb/quirks.h ++++ b/include/linux/usb/quirks.h +@@ -30,6 +30,17 @@ + descriptor */ + #define USB_QUIRK_DELAY_INIT 0x00000040 + ++/* ++ * For high speed and super speed interupt endpoints, the USB 2.0 and ++ * USB 3.0 spec require the interval in microframes ++ * (1 microframe = 125 microseconds) to be calculated as ++ * interval = 2 ^ (bInterval-1). ++ * ++ * Devices with this quirk report their bInterval as the result of this ++ * calculation instead of the exponent variable used in the calculation. ++ */ ++#define USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL 0x00000080 ++ + /* device generates spurious wakeup, ignore remote wakeup capability */ + #define USB_QUIRK_IGNORE_REMOTE_WAKEUP 0x00000200 + +diff --git a/include/linux/virtio.h b/include/linux/virtio.h +index 96c7843..e4807af 100644 +--- a/include/linux/virtio.h ++++ b/include/linux/virtio.h +@@ -127,7 +127,11 @@ struct virtio_device { + void *priv; + }; + +-#define dev_to_virtio(dev) container_of(dev, struct virtio_device, dev) ++static inline struct virtio_device *dev_to_virtio(struct device *_dev) ++{ ++ return container_of(_dev, struct virtio_device, dev); ++} ++ + int register_virtio_device(struct virtio_device *dev); + void unregister_virtio_device(struct virtio_device *dev); + +diff --git a/include/linux/writeback.h b/include/linux/writeback.h +index 7e85d45..9f149dd 100644 +--- a/include/linux/writeback.h ++++ b/include/linux/writeback.h +@@ -190,7 +190,6 @@ int write_cache_pages(struct address_space *mapping, + struct writeback_control *wbc, writepage_t writepage, + void *data); + int do_writepages(struct address_space *mapping, struct writeback_control *wbc); +-void set_page_dirty_balance(struct page *page, int page_mkwrite); + void writeback_set_ratelimit(void); + void tag_pages_for_writeback(struct address_space *mapping, + pgoff_t start, pgoff_t end); +diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h +index 2124004..6e4569f 100644 +--- a/include/net/ip_fib.h ++++ b/include/net/ip_fib.h +@@ -175,8 +175,8 @@ extern void fib_free_table(struct fib_table *tb); + + #ifndef CONFIG_IP_MULTIPLE_TABLES + +-#define TABLE_LOCAL_INDEX 0 +-#define TABLE_MAIN_INDEX 1 ++#define TABLE_LOCAL_INDEX (RT_TABLE_LOCAL & (FIB_TABLE_HASHSZ - 1)) ++#define TABLE_MAIN_INDEX (RT_TABLE_MAIN & (FIB_TABLE_HASHSZ - 1)) + + static inline struct fib_table *fib_get_table(struct net *net, u32 id) + { +diff --git a/include/net/sock.h b/include/net/sock.h +index e6454b6..c8dcbb8 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -194,7 +194,6 @@ struct sock_common { + * @sk_route_nocaps: forbidden route capabilities (e.g NETIF_F_GSO_MASK) + * @sk_gso_type: GSO type (e.g. %SKB_GSO_TCPV4) + * @sk_gso_max_size: Maximum GSO segment size to build +- * @sk_gso_max_segs: Maximum number of GSO segments + * @sk_lingertime: %SO_LINGER l_linger setting + * @sk_backlog: always used with the per-socket spinlock held + * @sk_callback_lock: used with the callbacks in the end of this struct +@@ -311,7 +310,6 @@ struct sock { + int sk_route_nocaps; + int sk_gso_type; + unsigned int sk_gso_max_size; +- u16 sk_gso_max_segs; + int sk_rcvlowat; + unsigned long sk_lingertime; + struct sk_buff_head sk_error_queue; +diff --git a/kernel/irq/internals.h b/kernel/irq/internals.h +index e1a8b64..f69e37ce 100644 +--- a/kernel/irq/internals.h ++++ b/kernel/irq/internals.h +@@ -76,6 +76,13 @@ extern void irq_percpu_disable(struct irq_desc *desc, unsigned int cpu); + extern void mask_irq(struct irq_desc *desc); + extern void unmask_irq(struct irq_desc *desc); + ++#ifdef CONFIG_SPARSE_IRQ ++extern void irq_lock_sparse(void); ++extern void irq_unlock_sparse(void); ++#else ++static inline void irq_lock_sparse(void) { } ++static inline void irq_unlock_sparse(void) { } ++#endif + extern void init_kstat_irqs(struct irq_desc *desc, int node, int nr); + + irqreturn_t handle_irq_event_percpu(struct irq_desc *desc, struct irqaction *action); +diff --git a/kernel/irq/irqdesc.c b/kernel/irq/irqdesc.c +index d86e254..f497ff7 100644 +--- a/kernel/irq/irqdesc.c ++++ b/kernel/irq/irqdesc.c +@@ -130,6 +130,16 @@ static void free_masks(struct irq_desc *desc) + static inline void free_masks(struct irq_desc *desc) { } + #endif + ++void irq_lock_sparse(void) ++{ ++ mutex_lock(&sparse_irq_lock); ++} ++ ++void irq_unlock_sparse(void) ++{ ++ mutex_unlock(&sparse_irq_lock); ++} ++ + static struct irq_desc *alloc_desc(int irq, int node, struct module *owner) + { + struct irq_desc *desc; +@@ -166,6 +176,12 @@ static void free_desc(unsigned int irq) + + unregister_irq_proc(irq, desc); + ++ /* ++ * sparse_irq_lock protects also show_interrupts() and ++ * kstat_irq_usr(). Once we deleted the descriptor from the ++ * sparse tree we can free it. Access in proc will fail to ++ * lookup the descriptor. ++ */ + mutex_lock(&sparse_irq_lock); + delete_irq_desc(irq); + mutex_unlock(&sparse_irq_lock); +@@ -487,6 +503,15 @@ void dynamic_irq_cleanup(unsigned int irq) + raw_spin_unlock_irqrestore(&desc->lock, flags); + } + ++/** ++ * kstat_irqs_cpu - Get the statistics for an interrupt on a cpu ++ * @irq: The interrupt number ++ * @cpu: The cpu number ++ * ++ * Returns the sum of interrupt counts on @cpu since boot for ++ * @irq. The caller must ensure that the interrupt is not removed ++ * concurrently. ++ */ + unsigned int kstat_irqs_cpu(unsigned int irq, int cpu) + { + struct irq_desc *desc = irq_to_desc(irq); +@@ -495,6 +520,14 @@ unsigned int kstat_irqs_cpu(unsigned int irq, int cpu) + *per_cpu_ptr(desc->kstat_irqs, cpu) : 0; + } + ++/** ++ * kstat_irqs - Get the statistics for an interrupt ++ * @irq: The interrupt number ++ * ++ * Returns the sum of interrupt counts on all cpus since boot for ++ * @irq. The caller must ensure that the interrupt is not removed ++ * concurrently. ++ */ + unsigned int kstat_irqs(unsigned int irq) + { + struct irq_desc *desc = irq_to_desc(irq); +@@ -507,3 +540,22 @@ unsigned int kstat_irqs(unsigned int irq) + sum += *per_cpu_ptr(desc->kstat_irqs, cpu); + return sum; + } ++ ++/** ++ * kstat_irqs_usr - Get the statistics for an interrupt ++ * @irq: The interrupt number ++ * ++ * Returns the sum of interrupt counts on all cpus since boot for ++ * @irq. Contrary to kstat_irqs() this can be called from any ++ * preemptible context. It's protected against concurrent removal of ++ * an interrupt descriptor when sparse irqs are enabled. ++ */ ++unsigned int kstat_irqs_usr(unsigned int irq) ++{ ++ int sum; ++ ++ irq_lock_sparse(); ++ sum = kstat_irqs(irq); ++ irq_unlock_sparse(); ++ return sum; ++} +diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c +index 4bd4faa..fb655f5f 100644 +--- a/kernel/irq/proc.c ++++ b/kernel/irq/proc.c +@@ -15,6 +15,23 @@ + + #include "internals.h" + ++/* ++ * Access rules: ++ * ++ * procfs protects read/write of /proc/irq/N/ files against a ++ * concurrent free of the interrupt descriptor. remove_proc_entry() ++ * immediately prevents new read/writes to happen and waits for ++ * already running read/write functions to complete. ++ * ++ * We remove the proc entries first and then delete the interrupt ++ * descriptor from the radix tree and free it. So it is guaranteed ++ * that irq_to_desc(N) is valid as long as the read/writes are ++ * permitted by procfs. ++ * ++ * The read from /proc/interrupts is a different problem because there ++ * is no protection. So the lookup and the access to irqdesc ++ * information must be protected by sparse_irq_lock. ++ */ + static struct proc_dir_entry *root_irq_dir; + + #ifdef CONFIG_SMP +@@ -441,9 +458,10 @@ int show_interrupts(struct seq_file *p, void *v) + seq_putc(p, '\n'); + } + ++ irq_lock_sparse(); + desc = irq_to_desc(i); + if (!desc) +- return 0; ++ goto outsparse; + + raw_spin_lock_irqsave(&desc->lock, flags); + for_each_online_cpu(j) +@@ -481,6 +499,8 @@ int show_interrupts(struct seq_file *p, void *v) + seq_putc(p, '\n'); + out: + raw_spin_unlock_irqrestore(&desc->lock, flags); ++outsparse: ++ irq_unlock_sparse(); + return 0; + } + #endif +diff --git a/kernel/time.c b/kernel/time.c +index 060f961..f64e88b 100644 +--- a/kernel/time.c ++++ b/kernel/time.c +@@ -192,6 +192,10 @@ SYSCALL_DEFINE2(settimeofday, struct timeval __user *, tv, + if (tv) { + if (copy_from_user(&user_tv, tv, sizeof(*tv))) + return -EFAULT; ++ ++ if (!timeval_valid(&user_tv)) ++ return -EINVAL; ++ + new_ts.tv_sec = user_tv.tv_sec; + new_ts.tv_nsec = user_tv.tv_usec * NSEC_PER_USEC; + } +diff --git a/lib/decompress_bunzip2.c b/lib/decompress_bunzip2.c +index a7b80c1..6a110e2 100644 +--- a/lib/decompress_bunzip2.c ++++ b/lib/decompress_bunzip2.c +@@ -185,7 +185,7 @@ static int INIT get_next_block(struct bunzip_data *bd) + if (get_bits(bd, 1)) + return RETVAL_OBSOLETE_INPUT; + origPtr = get_bits(bd, 24); +- if (origPtr > dbufSize) ++ if (origPtr >= dbufSize) + return RETVAL_DATA_ERROR; + /* mapping table: if some byte values are never used (encoding things + like ascii text), the compression code removes the gaps to have fewer +diff --git a/mm/ksm.c b/mm/ksm.c +index 310544a..6741c9d 100644 +--- a/mm/ksm.c ++++ b/mm/ksm.c +@@ -342,7 +342,7 @@ static int break_ksm(struct vm_area_struct *vma, unsigned long addr) + else + ret = VM_FAULT_WRITE; + put_page(page); +- } while (!(ret & (VM_FAULT_WRITE | VM_FAULT_SIGBUS | VM_FAULT_OOM))); ++ } while (!(ret & (VM_FAULT_WRITE | VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV | VM_FAULT_OOM))); + /* + * We must loop because handle_mm_fault() may back out if there's + * any difficulty e.g. if pte accessed bit gets updated concurrently. +diff --git a/mm/memory.c b/mm/memory.c +index 628cadc..0a7bb38 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1767,7 +1767,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, + else + return -EFAULT; + } +- if (ret & VM_FAULT_SIGBUS) ++ if (ret & (VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV)) + return i ? i : -EFAULT; + BUG(); + } +@@ -1871,7 +1871,7 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm, + return -ENOMEM; + if (ret & (VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE)) + return -EHWPOISON; +- if (ret & VM_FAULT_SIGBUS) ++ if (ret & (VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV)) + return -EFAULT; + BUG(); + } +@@ -2661,17 +2661,24 @@ reuse: + if (!dirty_page) + return ret; + +- /* +- * Yes, Virginia, this is actually required to prevent a race +- * with clear_page_dirty_for_io() from clearing the page dirty +- * bit after it clear all dirty ptes, but before a racing +- * do_wp_page installs a dirty pte. +- * +- * __do_fault is protected similarly. +- */ + if (!page_mkwrite) { +- wait_on_page_locked(dirty_page); +- set_page_dirty_balance(dirty_page, page_mkwrite); ++ struct address_space *mapping; ++ int dirtied; ++ ++ lock_page(dirty_page); ++ dirtied = set_page_dirty(dirty_page); ++ VM_BUG_ON(PageAnon(dirty_page)); ++ mapping = dirty_page->mapping; ++ unlock_page(dirty_page); ++ ++ if (dirtied && mapping) { ++ /* ++ * Some device drivers do not set page.mapping ++ * but still dirty their pages ++ */ ++ balance_dirty_pages_ratelimited(mapping); ++ } ++ + } + put_page(dirty_page); + if (page_mkwrite) { +@@ -3117,7 +3124,7 @@ static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned lo + if (prev && prev->vm_end == address) + return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM; + +- expand_downwards(vma, address - PAGE_SIZE); ++ return expand_downwards(vma, address - PAGE_SIZE); + } + if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) { + struct vm_area_struct *next = vma->vm_next; +@@ -3126,7 +3133,7 @@ static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned lo + if (next && next->vm_start == address + PAGE_SIZE) + return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM; + +- expand_upwards(vma, address + PAGE_SIZE); ++ return expand_upwards(vma, address + PAGE_SIZE); + } + return 0; + } +@@ -3148,7 +3155,7 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, + + /* Check if we need to add a guard page to the stack */ + if (check_stack_guard_page(vma, address) < 0) +- return VM_FAULT_SIGBUS; ++ return VM_FAULT_SIGSEGV; + + /* Use the zero-page for reads */ + if (!(flags & FAULT_FLAG_WRITE)) { +diff --git a/mm/mmap.c b/mm/mmap.c +index f2badbf..13b5685 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -537,9 +537,14 @@ again: remove_next = 1 + (end > next->vm_end); + * shrinking vma had, to cover any anon pages imported. + */ + if (exporter && exporter->anon_vma && !importer->anon_vma) { +- if (anon_vma_clone(importer, exporter)) +- return -ENOMEM; ++ int error; ++ + importer->anon_vma = exporter->anon_vma; ++ error = anon_vma_clone(importer, exporter); ++ if (error) { ++ importer->anon_vma = NULL; ++ return error; ++ } + } + } + +@@ -1648,14 +1653,17 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns + { + struct mm_struct *mm = vma->vm_mm; + struct rlimit *rlim = current->signal->rlim; +- unsigned long new_start; ++ unsigned long new_start, actual_size; + + /* address space limit tests */ + if (!may_expand_vm(mm, grow)) + return -ENOMEM; + + /* Stack limit test */ +- if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) ++ actual_size = size; ++ if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN))) ++ actual_size -= PAGE_SIZE; ++ if (actual_size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) + return -ENOMEM; + + /* mlock limit tests */ +diff --git a/mm/page-writeback.c b/mm/page-writeback.c +index d2ac057..aad22aa 100644 +--- a/mm/page-writeback.c ++++ b/mm/page-writeback.c +@@ -1202,16 +1202,6 @@ pause: + bdi_start_background_writeback(bdi); + } + +-void set_page_dirty_balance(struct page *page, int page_mkwrite) +-{ +- if (set_page_dirty(page) || page_mkwrite) { +- struct address_space *mapping = page_mapping(page); +- +- if (mapping) +- balance_dirty_pages_ratelimited(mapping); +- } +-} +- + static DEFINE_PER_CPU(int, bdp_ratelimits); + + /** +@@ -1764,32 +1754,25 @@ EXPORT_SYMBOL(account_page_writeback); + * page dirty in that case, but not all the buffers. This is a "bottom-up" + * dirtying, whereas __set_page_dirty_buffers() is a "top-down" dirtying. + * +- * Most callers have locked the page, which pins the address_space in memory. +- * But zap_pte_range() does not lock the page, however in that case the +- * mapping is pinned by the vma's ->vm_file reference. +- * +- * We take care to handle the case where the page was truncated from the +- * mapping by re-checking page_mapping() inside tree_lock. ++ * The caller must ensure this doesn't race with truncation. Most will simply ++ * hold the page lock, but e.g. zap_pte_range() calls with the page mapped and ++ * the pte lock held, which also locks out truncation. + */ + int __set_page_dirty_nobuffers(struct page *page) + { + if (!TestSetPageDirty(page)) { + struct address_space *mapping = page_mapping(page); +- struct address_space *mapping2; + unsigned long flags; + + if (!mapping) + return 1; + + spin_lock_irqsave(&mapping->tree_lock, flags); +- mapping2 = page_mapping(page); +- if (mapping2) { /* Race with truncate? */ +- BUG_ON(mapping2 != mapping); +- WARN_ON_ONCE(!PagePrivate(page) && !PageUptodate(page)); +- account_page_dirtied(page, mapping); +- radix_tree_tag_set(&mapping->page_tree, +- page_index(page), PAGECACHE_TAG_DIRTY); +- } ++ BUG_ON(page_mapping(page) != mapping); ++ WARN_ON_ONCE(!PagePrivate(page) && !PageUptodate(page)); ++ account_page_dirtied(page, mapping); ++ radix_tree_tag_set(&mapping->page_tree, page_index(page), ++ PAGECACHE_TAG_DIRTY); + spin_unlock_irqrestore(&mapping->tree_lock, flags); + if (mapping->host) { + /* !PageAnon && !swapper_space */ +@@ -1946,12 +1929,10 @@ int clear_page_dirty_for_io(struct page *page) + /* + * We carefully synchronise fault handlers against + * installing a dirty pte and marking the page dirty +- * at this point. We do this by having them hold the +- * page lock at some point after installing their +- * pte, but before marking the page dirty. +- * Pages are always locked coming in here, so we get +- * the desired exclusion. See mm/memory.c:do_wp_page() +- * for more comments. ++ * at this point. We do this by having them hold the ++ * page lock while dirtying the page, and pages are ++ * always locked coming in here, so we get the desired ++ * exclusion. + */ + if (TestClearPageDirty(page)) { + dec_zone_page_state(page, NR_FILE_DIRTY); +diff --git a/mm/rmap.c b/mm/rmap.c +index f3f6fd3..2c4ee3e 100644 +--- a/mm/rmap.c ++++ b/mm/rmap.c +@@ -72,6 +72,8 @@ static inline struct anon_vma *anon_vma_alloc(void) + anon_vma = kmem_cache_alloc(anon_vma_cachep, GFP_KERNEL); + if (anon_vma) { + atomic_set(&anon_vma->refcount, 1); ++ anon_vma->degree = 1; /* Reference for first vma */ ++ anon_vma->parent = anon_vma; + /* + * Initialise the anon_vma root to point to itself. If called + * from fork, the root will be reset to the parents anon_vma. +@@ -181,6 +183,8 @@ int anon_vma_prepare(struct vm_area_struct *vma) + avc->vma = vma; + list_add(&avc->same_vma, &vma->anon_vma_chain); + list_add_tail(&avc->same_anon_vma, &anon_vma->head); ++ /* vma reference or self-parent link for new root */ ++ anon_vma->degree++; + allocated = NULL; + avc = NULL; + } +@@ -244,6 +248,14 @@ static void anon_vma_chain_link(struct vm_area_struct *vma, + /* + * Attach the anon_vmas from src to dst. + * Returns 0 on success, -ENOMEM on failure. ++ * ++ * If dst->anon_vma is NULL this function tries to find and reuse existing ++ * anon_vma which has no vmas and only one child anon_vma. This prevents ++ * degradation of anon_vma hierarchy to endless linear chain in case of ++ * constantly forking task. On the other hand, an anon_vma with more than one ++ * child isn't reused even if there was no alive vma, thus rmap walker has a ++ * good chance of avoiding scanning the whole hierarchy when it searches where ++ * page is mapped. + */ + int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) + { +@@ -264,7 +276,21 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) + anon_vma = pavc->anon_vma; + root = lock_anon_vma_root(root, anon_vma); + anon_vma_chain_link(dst, avc, anon_vma); ++ ++ /* ++ * Reuse existing anon_vma if its degree lower than two, ++ * that means it has no vma and only one anon_vma child. ++ * ++ * Do not chose parent anon_vma, otherwise first child ++ * will always reuse it. Root anon_vma is never reused: ++ * it has self-parent reference and at least one child. ++ */ ++ if (!dst->anon_vma && anon_vma != src->anon_vma && ++ anon_vma->degree < 2) ++ dst->anon_vma = anon_vma; + } ++ if (dst->anon_vma) ++ dst->anon_vma->degree++; + unlock_anon_vma_root(root); + return 0; + +@@ -287,6 +313,9 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) + if (!pvma->anon_vma) + return 0; + ++ /* Drop inherited anon_vma, we'll reuse existing or allocate new. */ ++ vma->anon_vma = NULL; ++ + /* + * First, attach the new VMA to the parent VMA's anon_vmas, + * so rmap can find non-COWed pages in child processes. +@@ -294,6 +323,10 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) + if (anon_vma_clone(vma, pvma)) + return -ENOMEM; + ++ /* An existing anon_vma has been reused, all done then. */ ++ if (vma->anon_vma) ++ return 0; ++ + /* Then add our own anon_vma. */ + anon_vma = anon_vma_alloc(); + if (!anon_vma) +@@ -307,6 +340,7 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) + * lock any of the anon_vmas in this anon_vma tree. + */ + anon_vma->root = pvma->anon_vma->root; ++ anon_vma->parent = pvma->anon_vma; + /* + * With refcounts, an anon_vma can stay around longer than the + * process it belongs to. The root anon_vma needs to be pinned until +@@ -317,6 +351,7 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) + vma->anon_vma = anon_vma; + anon_vma_lock(anon_vma); + anon_vma_chain_link(vma, avc, anon_vma); ++ anon_vma->parent->degree++; + anon_vma_unlock(anon_vma); + + return 0; +@@ -347,12 +382,16 @@ void unlink_anon_vmas(struct vm_area_struct *vma) + * Leave empty anon_vmas on the list - we'll need + * to free them outside the lock. + */ +- if (list_empty(&anon_vma->head)) ++ if (list_empty(&anon_vma->head)) { ++ anon_vma->parent->degree--; + continue; ++ } + + list_del(&avc->same_vma); + anon_vma_chain_free(avc); + } ++ if (vma->anon_vma) ++ vma->anon_vma->degree--; + unlock_anon_vma_root(root); + + /* +@@ -363,6 +402,7 @@ void unlink_anon_vmas(struct vm_area_struct *vma) + list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) { + struct anon_vma *anon_vma = avc->anon_vma; + ++ BUG_ON(anon_vma->degree); + put_anon_vma(anon_vma); + + list_del(&avc->same_vma); +diff --git a/net/core/dev.c b/net/core/dev.c +index 854da15..fcb5133 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -1616,6 +1616,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) + skb->tstamp.tv64 = 0; + skb->pkt_type = PACKET_HOST; + skb->protocol = eth_type_trans(skb, dev); ++ skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN); + skb->mark = 0; + secpath_reset(skb); + nf_reset(skb); +@@ -2128,11 +2129,13 @@ u32 netif_skb_features(struct sk_buff *skb) + if (skb_shinfo(skb)->gso_segs > skb->dev->gso_max_segs) + features &= ~NETIF_F_GSO_MASK; + +- if (protocol == htons(ETH_P_8021Q)) { +- struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data; +- protocol = veh->h_vlan_encapsulated_proto; +- } else if (!vlan_tx_tag_present(skb)) { +- return harmonize_features(skb, protocol, features); ++ if (!vlan_tx_tag_present(skb)) { ++ if (unlikely(protocol == htons(ETH_P_8021Q))) { ++ struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data; ++ protocol = veh->h_vlan_encapsulated_proto; ++ } else { ++ return harmonize_features(skb, protocol, features); ++ } + } + + features &= (skb->dev->vlan_features | NETIF_F_HW_VLAN_TX); +diff --git a/net/core/sock.c b/net/core/sock.c +index 8a2c2dd..e093528 100644 +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -1311,7 +1311,6 @@ void sk_setup_caps(struct sock *sk, struct dst_entry *dst) + } else { + sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM; + sk->sk_gso_max_size = dst->dev->gso_max_size; +- sk->sk_gso_max_segs = dst->dev->gso_max_segs; + } + } + } +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index 59a7041..d1f56e1 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -592,16 +592,18 @@ struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip, + struct sk_buff *skb; + struct arphdr *arp; + unsigned char *arp_ptr; ++ int hlen = LL_RESERVED_SPACE(dev); ++ int tlen = dev->needed_tailroom; + + /* + * Allocate a buffer + */ + +- skb = alloc_skb(arp_hdr_len(dev) + LL_ALLOCATED_SPACE(dev), GFP_ATOMIC); ++ skb = alloc_skb(arp_hdr_len(dev) + hlen + tlen, GFP_ATOMIC); + if (skb == NULL) + return NULL; + +- skb_reserve(skb, LL_RESERVED_SPACE(dev)); ++ skb_reserve(skb, hlen); + skb_reset_network_header(skb); + arp = (struct arphdr *) skb_put(skb, arp_hdr_len(dev)); + skb->dev = dev; +diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c +index 7fe66d9..03e9486 100644 +--- a/net/ipv4/igmp.c ++++ b/net/ipv4/igmp.c +@@ -294,9 +294,7 @@ igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) + return scount; + } + +-#define igmp_skb_size(skb) (*(unsigned int *)((skb)->cb)) +- +-static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) ++static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) + { + struct sk_buff *skb; + struct rtable *rt; +@@ -304,9 +302,12 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) + struct igmpv3_report *pig; + struct net *net = dev_net(dev); + struct flowi4 fl4; ++ int hlen = LL_RESERVED_SPACE(dev); ++ int tlen = dev->needed_tailroom; ++ unsigned int size = mtu; + + while (1) { +- skb = alloc_skb(size + LL_ALLOCATED_SPACE(dev), ++ skb = alloc_skb(size + hlen + tlen, + GFP_ATOMIC | __GFP_NOWARN); + if (skb) + break; +@@ -314,7 +315,6 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) + if (size < 256) + return NULL; + } +- igmp_skb_size(skb) = size; + + rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, + 0, 0, +@@ -327,7 +327,9 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) + skb_dst_set(skb, &rt->dst); + skb->dev = dev; + +- skb_reserve(skb, LL_RESERVED_SPACE(dev)); ++ skb->reserved_tailroom = skb_end_offset(skb) - ++ min(mtu, skb_end_offset(skb)); ++ skb_reserve(skb, hlen); + + skb_reset_network_header(skb); + pip = ip_hdr(skb); +@@ -396,8 +398,7 @@ static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, + return skb; + } + +-#define AVAILABLE(skb) ((skb) ? ((skb)->dev ? igmp_skb_size(skb) - (skb)->len : \ +- skb_tailroom(skb)) : 0) ++#define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) + + static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, + int type, int gdeleted, int sdeleted) +@@ -647,6 +648,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, + __be32 group = pmc ? pmc->multiaddr : 0; + struct flowi4 fl4; + __be32 dst; ++ int hlen, tlen; + + if (type == IGMPV3_HOST_MEMBERSHIP_REPORT) + return igmpv3_send_report(in_dev, pmc); +@@ -661,7 +663,9 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, + if (IS_ERR(rt)) + return -1; + +- skb = alloc_skb(IGMP_SIZE+LL_ALLOCATED_SPACE(dev), GFP_ATOMIC); ++ hlen = LL_RESERVED_SPACE(dev); ++ tlen = dev->needed_tailroom; ++ skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC); + if (skb == NULL) { + ip_rt_put(rt); + return -1; +@@ -669,7 +673,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, + + skb_dst_set(skb, &rt->dst); + +- skb_reserve(skb, LL_RESERVED_SPACE(dev)); ++ skb_reserve(skb, hlen); + + skb_reset_network_header(skb); + iph = ip_hdr(skb); +diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c +index 99ec116..efb1ff5 100644 +--- a/net/ipv4/ipconfig.c ++++ b/net/ipv4/ipconfig.c +@@ -767,13 +767,15 @@ static void __init ic_bootp_send_if(struct ic_device *d, unsigned long jiffies_d + struct sk_buff *skb; + struct bootp_pkt *b; + struct iphdr *h; ++ int hlen = LL_RESERVED_SPACE(dev); ++ int tlen = dev->needed_tailroom; + + /* Allocate packet */ +- skb = alloc_skb(sizeof(struct bootp_pkt) + LL_ALLOCATED_SPACE(dev) + 15, ++ skb = alloc_skb(sizeof(struct bootp_pkt) + hlen + tlen + 15, + GFP_KERNEL); + if (!skb) + return; +- skb_reserve(skb, LL_RESERVED_SPACE(dev)); ++ skb_reserve(skb, hlen); + b = (struct bootp_pkt *) skb_put(skb, sizeof(struct bootp_pkt)); + memset(b, 0, sizeof(struct bootp_pkt)); + +diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c +index 75fea1f..063bcd5 100644 +--- a/net/ipv4/raw.c ++++ b/net/ipv4/raw.c +@@ -329,6 +329,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, + unsigned int iphlen; + int err; + struct rtable *rt = *rtp; ++ int hlen, tlen; + + if (length > rt->dst.dev->mtu) { + ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport, +@@ -338,12 +339,14 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, + if (flags&MSG_PROBE) + goto out; + ++ hlen = LL_RESERVED_SPACE(rt->dst.dev); ++ tlen = rt->dst.dev->needed_tailroom; + skb = sock_alloc_send_skb(sk, +- length + LL_ALLOCATED_SPACE(rt->dst.dev) + 15, ++ length + hlen + tlen + 15, + flags & MSG_DONTWAIT, &err); + if (skb == NULL) + goto error; +- skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev)); ++ skb_reserve(skb, hlen); + + skb->priority = sk->sk_priority; + skb->mark = sk->sk_mark; +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c +index 32c9e83..9a7c01e 100644 +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -738,9 +738,7 @@ static unsigned int tcp_xmit_size_goal(struct sock *sk, u32 mss_now, + old_size_goal + mss_now > xmit_size_goal)) { + xmit_size_goal = old_size_goal; + } else { +- tp->xmit_size_goal_segs = +- min_t(u16, xmit_size_goal / mss_now, +- sk->sk_gso_max_segs); ++ tp->xmit_size_goal_segs = xmit_size_goal / mss_now; + xmit_size_goal = tp->xmit_size_goal_segs * mss_now; + } + } +diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c +index 6cebfd2..850c737 100644 +--- a/net/ipv4/tcp_cong.c ++++ b/net/ipv4/tcp_cong.c +@@ -290,8 +290,7 @@ int tcp_is_cwnd_limited(const struct sock *sk, u32 in_flight) + left = tp->snd_cwnd - in_flight; + if (sk_can_gso(sk) && + left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd && +- left * tp->mss_cache < sk->sk_gso_max_size && +- left < sk->sk_gso_max_segs) ++ left * tp->mss_cache < sk->sk_gso_max_size) + return 1; + return left <= tcp_max_burst(tp); + } +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c +index 0d5a118..3a37f54 100644 +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -1320,21 +1320,21 @@ static void tcp_cwnd_validate(struct sock *sk) + * when we would be allowed to send the split-due-to-Nagle skb fully. + */ + static unsigned int tcp_mss_split_point(const struct sock *sk, const struct sk_buff *skb, +- unsigned int mss_now, unsigned int max_segs) ++ unsigned int mss_now, unsigned int cwnd) + { + const struct tcp_sock *tp = tcp_sk(sk); +- u32 needed, window, max_len; ++ u32 needed, window, cwnd_len; + + window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; +- max_len = mss_now * max_segs; ++ cwnd_len = mss_now * cwnd; + +- if (likely(max_len <= window && skb != tcp_write_queue_tail(sk))) +- return max_len; ++ if (likely(cwnd_len <= window && skb != tcp_write_queue_tail(sk))) ++ return cwnd_len; + + needed = min(skb->len, window); + +- if (max_len <= needed) +- return max_len; ++ if (cwnd_len <= needed) ++ return cwnd_len; + + return needed - needed % mss_now; + } +@@ -1562,8 +1562,7 @@ static int tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb) + limit = min(send_win, cong_win); + + /* If a full-sized TSO skb can be sent, do it. */ +- if (limit >= min_t(unsigned int, sk->sk_gso_max_size, +- sk->sk_gso_max_segs * tp->mss_cache)) ++ if (limit >= sk->sk_gso_max_size) + goto send_now; + + /* Middle in queue won't get any more data, full sendable already? */ +@@ -1792,9 +1791,7 @@ static int tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle, + limit = mss_now; + if (tso_segs > 1 && !tcp_urg_mode(tp)) + limit = tcp_mss_split_point(sk, skb, mss_now, +- min_t(unsigned int, +- cwnd_quota, +- sk->sk_gso_max_segs)); ++ cwnd_quota); + + if (skb->len > limit && + unlikely(tso_fragment(sk, skb, limit, mss_now, gfp))) +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index 46fc6a3..2215d6b 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -623,6 +623,7 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) + struct ipv6hdr *tmp_hdr; + struct frag_hdr *fh; + unsigned int mtu, hlen, left, len; ++ int hroom, troom; + __be32 frag_id = 0; + int ptr, offset = 0, err=0; + u8 *prevhdr, nexthdr = 0; +@@ -789,6 +790,8 @@ slow_path: + */ + + *prevhdr = NEXTHDR_FRAGMENT; ++ hroom = LL_RESERVED_SPACE(rt->dst.dev); ++ troom = rt->dst.dev->needed_tailroom; + + /* + * Keep copying data until we run out. +@@ -807,7 +810,8 @@ slow_path: + * Allocate buffer. + */ + +- if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->dst.dev), GFP_ATOMIC)) == NULL) { ++ if ((frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) + ++ hroom + troom, GFP_ATOMIC)) == NULL) { + NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n"); + IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), + IPSTATS_MIB_FRAGFAILS); +@@ -820,7 +824,7 @@ slow_path: + */ + + ip6_copy_metadata(frag, skb); +- skb_reserve(frag, LL_RESERVED_SPACE(rt->dst.dev)); ++ skb_reserve(frag, hroom); + skb_put(frag, len + hlen + sizeof(struct frag_hdr)); + skb_reset_network_header(frag); + fh = (struct frag_hdr *)(skb_network_header(frag) + hlen); +diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c +index 4f12b66..7bb6644 100644 +--- a/net/ipv6/mcast.c ++++ b/net/ipv6/mcast.c +@@ -1334,7 +1334,7 @@ mld_scount(struct ifmcaddr6 *pmc, int type, int gdeleted, int sdeleted) + return scount; + } + +-static struct sk_buff *mld_newpack(struct inet6_dev *idev, int size) ++static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu) + { + struct net_device *dev = idev->dev; + struct net *net = dev_net(dev); +@@ -1343,13 +1343,15 @@ static struct sk_buff *mld_newpack(struct inet6_dev *idev, int size) + struct mld2_report *pmr; + struct in6_addr addr_buf; + const struct in6_addr *saddr; ++ int hlen = LL_RESERVED_SPACE(dev); ++ int tlen = dev->needed_tailroom; ++ unsigned int size = mtu + hlen + tlen; + int err; + u8 ra[8] = { IPPROTO_ICMPV6, 0, + IPV6_TLV_ROUTERALERT, 2, 0, 0, + IPV6_TLV_PADN, 0 }; + + /* we assume size > sizeof(ra) here */ +- size += LL_ALLOCATED_SPACE(dev); + /* limit our allocations to order-0 page */ + size = min_t(int, size, SKB_MAX_ORDER(0, 0)); + skb = sock_alloc_send_skb(sk, size, 1, &err); +@@ -1357,7 +1359,9 @@ static struct sk_buff *mld_newpack(struct inet6_dev *idev, int size) + if (!skb) + return NULL; + +- skb_reserve(skb, LL_RESERVED_SPACE(dev)); ++ skb->reserved_tailroom = skb_end_offset(skb) - ++ min(mtu, skb_end_offset(skb)); ++ skb_reserve(skb, hlen); + + if (__ipv6_get_lladdr(idev, &addr_buf, IFA_F_TENTATIVE)) { + /* : +@@ -1477,8 +1481,7 @@ static struct sk_buff *add_grhead(struct sk_buff *skb, struct ifmcaddr6 *pmc, + return skb; + } + +-#define AVAILABLE(skb) ((skb) ? ((skb)->dev ? (skb)->dev->mtu - (skb)->len : \ +- skb_tailroom(skb)) : 0) ++#define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) + + static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc, + int type, int gdeleted, int sdeleted) +@@ -1725,6 +1728,8 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) + struct mld_msg *hdr; + const struct in6_addr *snd_addr, *saddr; + struct in6_addr addr_buf; ++ int hlen = LL_RESERVED_SPACE(dev); ++ int tlen = dev->needed_tailroom; + int err, len, payload_len, full_len; + u8 ra[8] = { IPPROTO_ICMPV6, 0, + IPV6_TLV_ROUTERALERT, 2, 0, 0, +@@ -1746,7 +1751,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) + IPSTATS_MIB_OUT, full_len); + rcu_read_unlock(); + +- skb = sock_alloc_send_skb(sk, LL_ALLOCATED_SPACE(dev) + full_len, 1, &err); ++ skb = sock_alloc_send_skb(sk, hlen + tlen + full_len, 1, &err); + + if (skb == NULL) { + rcu_read_lock(); +@@ -1756,7 +1761,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) + return; + } + +- skb_reserve(skb, LL_RESERVED_SPACE(dev)); ++ skb_reserve(skb, hlen); + + if (ipv6_get_lladdr(dev, &addr_buf, IFA_F_TENTATIVE)) { + /* : +diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c +index bc55358..62096d8 100644 +--- a/net/ipv6/ndisc.c ++++ b/net/ipv6/ndisc.c +@@ -446,6 +446,8 @@ struct sk_buff *ndisc_build_skb(struct net_device *dev, + struct sock *sk = net->ipv6.ndisc_sk; + struct sk_buff *skb; + struct icmp6hdr *hdr; ++ int hlen = LL_RESERVED_SPACE(dev); ++ int tlen = dev->needed_tailroom; + int len; + u8 *opt; + +@@ -457,7 +459,7 @@ struct sk_buff *ndisc_build_skb(struct net_device *dev, + len += ndisc_opt_addr_space(dev); + + skb = alloc_skb((MAX_HEADER + sizeof(struct ipv6hdr) + +- len + LL_ALLOCATED_SPACE(dev)), GFP_ATOMIC); ++ len + hlen + tlen), GFP_ATOMIC); + if (!skb) { + ND_PRINTK0(KERN_ERR + "ICMPv6 ND: %s() failed to allocate an skb.\n", +@@ -465,7 +467,7 @@ struct sk_buff *ndisc_build_skb(struct net_device *dev, + return NULL; + } + +- skb_reserve(skb, LL_RESERVED_SPACE(dev)); ++ skb_reserve(skb, hlen); + ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); + + skb->transport_header = skb->tail; +@@ -1534,6 +1536,7 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, + struct inet6_dev *idev; + struct flowi6 fl6; + u8 *opt; ++ int hlen, tlen; + int rd_len; + int err; + u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; +@@ -1591,9 +1594,11 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, + rd_len &= ~0x7; + len += rd_len; + ++ hlen = LL_RESERVED_SPACE(dev); ++ tlen = dev->needed_tailroom; + buff = sock_alloc_send_skb(sk, + (MAX_HEADER + sizeof(struct ipv6hdr) + +- len + LL_ALLOCATED_SPACE(dev)), ++ len + hlen + tlen), + 1, &err); + if (buff == NULL) { + ND_PRINTK0(KERN_ERR +@@ -1602,7 +1607,7 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, + goto release; + } + +- skb_reserve(buff, LL_RESERVED_SPACE(dev)); ++ skb_reserve(buff, hlen); + ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, + IPPROTO_ICMPV6, len); + +diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c +index 9ecbc84..9287f3e 100644 +--- a/net/ipv6/raw.c ++++ b/net/ipv6/raw.c +@@ -607,6 +607,8 @@ static int rawv6_send_hdrinc(struct sock *sk, void *from, int length, + struct sk_buff *skb; + int err; + struct rt6_info *rt = (struct rt6_info *)*dstp; ++ int hlen = LL_RESERVED_SPACE(rt->dst.dev); ++ int tlen = rt->dst.dev->needed_tailroom; + + if (length > rt->dst.dev->mtu) { + ipv6_local_error(sk, EMSGSIZE, fl6, rt->dst.dev->mtu); +@@ -616,11 +618,11 @@ static int rawv6_send_hdrinc(struct sock *sk, void *from, int length, + goto out; + + skb = sock_alloc_send_skb(sk, +- length + LL_ALLOCATED_SPACE(rt->dst.dev) + 15, ++ length + hlen + tlen + 15, + flags & MSG_DONTWAIT, &err); + if (skb == NULL) + goto error; +- skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev)); ++ skb_reserve(skb, hlen); + + skb->priority = sk->sk_priority; + skb->mark = sk->sk_mark; +diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c +index 2064612..c0444a0 100644 +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -1470,14 +1470,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) + sc = le16_to_cpu(hdr->seq_ctrl); + frag = sc & IEEE80211_SCTL_FRAG; + +- if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) +- goto out; +- + if (is_multicast_ether_addr(hdr->addr1)) { + rx->local->dot11MulticastReceivedFrameCount++; +- goto out; ++ goto out_no_led; + } + ++ if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) ++ goto out; ++ + I802_DEBUG_INC(rx->local->rx_handlers_fragments); + + if (skb_linearize(rx->skb)) +@@ -1568,9 +1568,10 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) + status->rx_flags |= IEEE80211_RX_FRAGMENTED; + + out: ++ ieee80211_led_rx(rx->local); ++ out_no_led: + if (rx->sta) + rx->sta->rx_packets++; +- ieee80211_led_rx(rx->local); + return RX_CONTINUE; + } + +diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c +index 86137b5..b88dcec 100644 +--- a/net/netfilter/ipset/ip_set_core.c ++++ b/net/netfilter/ipset/ip_set_core.c +@@ -1615,6 +1615,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) + if (*op < IP_SET_OP_VERSION) { + /* Check the version at the beginning of operations */ + struct ip_set_req_version *req_version = data; ++ ++ if (*len < sizeof(struct ip_set_req_version)) { ++ ret = -EINVAL; ++ goto done; ++ } ++ + if (req_version->version != IPSET_PROTOCOL) { + ret = -EPROTO; + goto done; +diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c +index e2091d0..53bf12a 100644 +--- a/net/netfilter/nf_conntrack_proto_generic.c ++++ b/net/netfilter/nf_conntrack_proto_generic.c +@@ -14,6 +14,30 @@ + + static unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ; + ++static bool nf_generic_should_process(u8 proto) ++{ ++ switch (proto) { ++#ifdef CONFIG_NF_CT_PROTO_SCTP_MODULE ++ case IPPROTO_SCTP: ++ return false; ++#endif ++#ifdef CONFIG_NF_CT_PROTO_DCCP_MODULE ++ case IPPROTO_DCCP: ++ return false; ++#endif ++#ifdef CONFIG_NF_CT_PROTO_GRE_MODULE ++ case IPPROTO_GRE: ++ return false; ++#endif ++#ifdef CONFIG_NF_CT_PROTO_UDPLITE_MODULE ++ case IPPROTO_UDPLITE: ++ return false; ++#endif ++ default: ++ return true; ++ } ++} ++ + static bool generic_pkt_to_tuple(const struct sk_buff *skb, + unsigned int dataoff, + struct nf_conntrack_tuple *tuple) +@@ -56,7 +80,7 @@ static int packet(struct nf_conn *ct, + static bool new(struct nf_conn *ct, const struct sk_buff *skb, + unsigned int dataoff) + { +- return true; ++ return nf_generic_should_process(nf_ct_protonum(ct)); + } + + #ifdef CONFIG_SYSCTL +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index 5b2d8e6..d014b05 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -1272,7 +1272,6 @@ void sctp_assoc_update(struct sctp_association *asoc, + asoc->peer.peer_hmacs = new->peer.peer_hmacs; + new->peer.peer_hmacs = NULL; + +- sctp_auth_key_put(asoc->asoc_shared_key); + sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC); + } + +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index c28eb7b..fc63664 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -1611,6 +1611,7 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + sctp_scope_t scope; + long timeo; + __u16 sinfo_flags = 0; ++ bool wait_connect = false; + struct sctp_datamsg *datamsg; + int msg_flags = msg->msg_flags; + +@@ -1929,6 +1930,7 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + err = sctp_primitive_ASSOCIATE(asoc, NULL); + if (err < 0) + goto out_free; ++ wait_connect = true; + SCTP_DEBUG_PRINTK("We associated primitively.\n"); + } + +@@ -1968,6 +1970,11 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + else + err = msg_len; + ++ if (unlikely(wait_connect)) { ++ timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT); ++ sctp_wait_for_connect(asoc, &timeo); ++ } ++ + /* If we are already past ASSOCIATE, the lower + * layers are responsible for association cleanup. + */ +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c +index cdf77a2..cb4168e 100644 +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -1815,6 +1815,9 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) + if (!rdev->ops->get_key) + return -EOPNOTSUPP; + ++ if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) ++ return -ENOENT; ++ + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); + if (!msg) + return -ENOMEM; +@@ -1832,10 +1835,6 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) + if (mac_addr) + NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); + +- if (pairwise && mac_addr && +- !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) +- return -ENOENT; +- + err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise, + mac_addr, &cookie, get_key_callback); + +@@ -2007,7 +2006,7 @@ static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) + wdev_lock(dev->ieee80211_ptr); + err = nl80211_key_allowed(dev->ieee80211_ptr); + +- if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && ++ if (key.type == NL80211_KEYTYPE_GROUP && mac_addr && + !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) + err = -ENOENT; + +diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl +index 858966a..679218b 100755 +--- a/scripts/recordmcount.pl ++++ b/scripts/recordmcount.pl +@@ -262,7 +262,6 @@ if ($arch eq "x86_64") { + # force flags for this arch + $ld .= " -m shlelf_linux"; + $objcopy .= " -O elf32-sh-linux"; +- $cc .= " -m32"; + + } elsif ($arch eq "powerpc") { + $local_regex = "^[0-9a-fA-F]+\\s+t\\s+(\\.?\\S+)"; +diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c +index 41144f7..7c5d1d8 100644 +--- a/security/keys/encrypted-keys/encrypted.c ++++ b/security/keys/encrypted-keys/encrypted.c +@@ -1016,10 +1016,13 @@ static int __init init_encrypted(void) + ret = encrypted_shash_alloc(); + if (ret < 0) + return ret; ++ ret = aes_get_sizes(); ++ if (ret < 0) ++ goto out; + ret = register_key_type(&key_type_encrypted); + if (ret < 0) + goto out; +- return aes_get_sizes(); ++ return 0; + out: + encrypted_shash_release(); + return ret; +diff --git a/security/keys/gc.c b/security/keys/gc.c +index bf4d8da..2e2395d 100644 +--- a/security/keys/gc.c ++++ b/security/keys/gc.c +@@ -186,12 +186,12 @@ static noinline void key_gc_unused_key(struct key *key) + if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) + atomic_dec(&key->user->nikeys); + +- key_user_put(key->user); +- + /* now throw away the key memory */ + if (key->type->destroy) + key->type->destroy(key); + ++ key_user_put(key->user); ++ + kfree(key->description); + + #ifdef KEY_DEBUGGING +diff --git a/sound/core/seq/seq_dummy.c b/sound/core/seq/seq_dummy.c +index b9b2235..5b41e04 100644 +--- a/sound/core/seq/seq_dummy.c ++++ b/sound/core/seq/seq_dummy.c +@@ -82,36 +82,6 @@ struct snd_seq_dummy_port { + static int my_client = -1; + + /* +- * unuse callback - send ALL_SOUNDS_OFF and RESET_CONTROLLERS events +- * to subscribers. +- * Note: this callback is called only after all subscribers are removed. +- */ +-static int +-dummy_unuse(void *private_data, struct snd_seq_port_subscribe *info) +-{ +- struct snd_seq_dummy_port *p; +- int i; +- struct snd_seq_event ev; +- +- p = private_data; +- memset(&ev, 0, sizeof(ev)); +- if (p->duplex) +- ev.source.port = p->connect; +- else +- ev.source.port = p->port; +- ev.dest.client = SNDRV_SEQ_ADDRESS_SUBSCRIBERS; +- ev.type = SNDRV_SEQ_EVENT_CONTROLLER; +- for (i = 0; i < 16; i++) { +- ev.data.control.channel = i; +- ev.data.control.param = MIDI_CTL_ALL_SOUNDS_OFF; +- snd_seq_kernel_client_dispatch(p->client, &ev, 0, 0); +- ev.data.control.param = MIDI_CTL_RESET_CONTROLLERS; +- snd_seq_kernel_client_dispatch(p->client, &ev, 0, 0); +- } +- return 0; +-} +- +-/* + * event input callback - just redirect events to subscribers + */ + static int +@@ -175,7 +145,6 @@ create_port(int idx, int type) + | SNDRV_SEQ_PORT_TYPE_PORT; + memset(&pcb, 0, sizeof(pcb)); + pcb.owner = THIS_MODULE; +- pcb.unuse = dummy_unuse; + pcb.event_input = dummy_input; + pcb.private_free = dummy_free; + pcb.private_data = rec; +diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c +index faabaa5..ee95618 100644 +--- a/sound/pci/hda/hda_codec.c ++++ b/sound/pci/hda/hda_codec.c +@@ -311,8 +311,10 @@ int snd_hda_get_sub_nodes(struct hda_codec *codec, hda_nid_t nid, + unsigned int parm; + + parm = snd_hda_param_read(codec, nid, AC_PAR_NODE_COUNT); +- if (parm == -1) ++ if (parm == -1) { ++ *start_id = 0; + return 0; ++ } + *start_id = (parm >> 16) & 0x7fff; + return (int)(parm & 0x7fff); + } +diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c +index 467a73b..240658b 100644 +--- a/sound/pci/hda/patch_sigmatel.c ++++ b/sound/pci/hda/patch_sigmatel.c +@@ -4309,9 +4309,9 @@ static void stac_store_hints(struct hda_codec *codec) + spec->gpio_mask; + } + if (get_int_hint(codec, "gpio_dir", &spec->gpio_dir)) +- spec->gpio_mask &= spec->gpio_mask; +- if (get_int_hint(codec, "gpio_data", &spec->gpio_data)) + spec->gpio_dir &= spec->gpio_mask; ++ if (get_int_hint(codec, "gpio_data", &spec->gpio_data)) ++ spec->gpio_data &= spec->gpio_mask; + if (get_int_hint(codec, "eapd_mask", &spec->eapd_mask)) + spec->eapd_mask &= spec->gpio_mask; + if (get_int_hint(codec, "gpio_mute", &spec->gpio_mute)) +diff --git a/sound/soc/codecs/wm8960.c b/sound/soc/codecs/wm8960.c +index ef96ca6..3551705 100644 +--- a/sound/soc/codecs/wm8960.c ++++ b/sound/soc/codecs/wm8960.c +@@ -499,7 +499,7 @@ static struct { + { 22050, 2 }, + { 24000, 2 }, + { 16000, 3 }, +- { 11250, 4 }, ++ { 11025, 4 }, + { 12000, 4 }, + { 8000, 5 }, + }; +diff --git a/sound/usb/midi.c b/sound/usb/midi.c +index e5fee18..de86e74 100644 +--- a/sound/usb/midi.c ++++ b/sound/usb/midi.c +@@ -364,6 +364,8 @@ static void snd_usbmidi_error_timer(unsigned long data) + if (in && in->error_resubmit) { + in->error_resubmit = 0; + for (j = 0; j < INPUT_URBS; ++j) { ++ if (atomic_read(&in->urbs[j]->use_count)) ++ continue; + in->urbs[j]->dev = umidi->dev; + snd_usbmidi_submit_urb(in->urbs[j], GFP_ATOMIC); + } +diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c +index 4f7b330..88160b7 100644 +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -834,6 +834,7 @@ static void volume_control_quirks(struct usb_mixer_elem_info *cval, + case USB_ID(0x046d, 0x0807): /* Logitech Webcam C500 */ + case USB_ID(0x046d, 0x0808): + case USB_ID(0x046d, 0x0809): ++ case USB_ID(0x046d, 0x0819): /* Logitech Webcam C210 */ + case USB_ID(0x046d, 0x081b): /* HD Webcam c310 */ + case USB_ID(0x046d, 0x081d): /* HD Webcam c510 */ + case USB_ID(0x046d, 0x0825): /* HD Webcam c270 */ +diff --git a/sound/usb/mixer_maps.c b/sound/usb/mixer_maps.c +index 0e4e909..1e0798f 100644 +--- a/sound/usb/mixer_maps.c ++++ b/sound/usb/mixer_maps.c +@@ -304,8 +304,11 @@ static struct usbmix_name_map hercules_usb51_map[] = { + { 0 } /* terminator */ + }; + +-static const struct usbmix_name_map kef_x300a_map[] = { +- { 10, NULL }, /* firmware locks up (?) when we try to access this FU */ ++/* some (all?) SCMS USB3318 devices are affected by a firmware lock up ++ * when anything attempts to access FU 10 (control) ++ */ ++static const struct usbmix_name_map scms_usb3318_map[] = { ++ { 10, NULL }, + { 0 } + }; + +@@ -377,8 +380,14 @@ static struct usbmix_ctl_map usbmix_ctl_maps[] = { + .ignore_ctl_error = 1, + }, + { ++ /* KEF X300A */ + .id = USB_ID(0x27ac, 0x1000), +- .map = kef_x300a_map, ++ .map = scms_usb3318_map, ++ }, ++ { ++ /* Arcam rPAC */ ++ .id = USB_ID(0x25c4, 0x0003), ++ .map = scms_usb3318_map, + }, + { 0 } /* terminator */ + }; +diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h +index e467a58..2aacb96 100644 +--- a/sound/usb/quirks-table.h ++++ b/sound/usb/quirks-table.h +@@ -2540,133 +2540,45 @@ YAMAHA_DEVICE(0x7010, "UB99"), + } + }, + +-/* Hauppauge HVR-950Q and HVR-850 */ +-{ +- USB_DEVICE_VENDOR_SPEC(0x2040, 0x7200), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-950Q", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, +-{ +- USB_DEVICE_VENDOR_SPEC(0x2040, 0x7240), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-850", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, +-{ +- USB_DEVICE_VENDOR_SPEC(0x2040, 0x7210), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-950Q", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, +-{ +- USB_DEVICE_VENDOR_SPEC(0x2040, 0x7217), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-950Q", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, +-{ +- USB_DEVICE_VENDOR_SPEC(0x2040, 0x721b), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-950Q", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, +-{ +- USB_DEVICE_VENDOR_SPEC(0x2040, 0x721e), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-950Q", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, +-{ +- USB_DEVICE_VENDOR_SPEC(0x2040, 0x721f), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-950Q", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, +-{ +- USB_DEVICE_VENDOR_SPEC(0x2040, 0x7280), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-950Q", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, +-{ +- USB_DEVICE_VENDOR_SPEC(0x0fd9, 0x0008), +- .match_flags = USB_DEVICE_ID_MATCH_DEVICE | +- USB_DEVICE_ID_MATCH_INT_CLASS | +- USB_DEVICE_ID_MATCH_INT_SUBCLASS, +- .bInterfaceClass = USB_CLASS_AUDIO, +- .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, +- .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { +- .vendor_name = "Hauppauge", +- .product_name = "HVR-950Q", +- .ifnum = QUIRK_ANY_INTERFACE, +- .type = QUIRK_AUDIO_ALIGN_TRANSFER, +- } +-}, ++/* ++ * Auvitek au0828 devices with audio interface. ++ * This should be kept in sync with drivers/media/video/au0828/au0828-cards.c ++ * Please notice that some drivers are DVB only, and don't need to be ++ * here. That's the case, for example, of DVICO_FUSIONHDTV7. ++ */ ++ ++#define AU0828_DEVICE(vid, pid, vname, pname) { \ ++ USB_DEVICE_VENDOR_SPEC(vid, pid), \ ++ .match_flags = USB_DEVICE_ID_MATCH_DEVICE | \ ++ USB_DEVICE_ID_MATCH_INT_CLASS | \ ++ USB_DEVICE_ID_MATCH_INT_SUBCLASS, \ ++ .bInterfaceClass = USB_CLASS_AUDIO, \ ++ .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, \ ++ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { \ ++ .vendor_name = vname, \ ++ .product_name = pname, \ ++ .ifnum = QUIRK_ANY_INTERFACE, \ ++ .type = QUIRK_AUDIO_ALIGN_TRANSFER, \ ++ } \ ++} ++ ++AU0828_DEVICE(0x2040, 0x7200, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x7240, "Hauppauge", "HVR-850"), ++AU0828_DEVICE(0x2040, 0x7210, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x7217, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x721b, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x721e, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x721f, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x7280, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x0fd9, 0x0008, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x7201, "Hauppauge", "HVR-950Q-MXL"), ++AU0828_DEVICE(0x2040, 0x7211, "Hauppauge", "HVR-950Q-MXL"), ++AU0828_DEVICE(0x2040, 0x7281, "Hauppauge", "HVR-950Q-MXL"), ++AU0828_DEVICE(0x05e1, 0x0480, "Hauppauge", "Woodbury"), ++AU0828_DEVICE(0x2040, 0x8200, "Hauppauge", "Woodbury"), ++AU0828_DEVICE(0x2040, 0x7260, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x7213, "Hauppauge", "HVR-950Q"), ++AU0828_DEVICE(0x2040, 0x7270, "Hauppauge", "HVR-950Q"), + + /* Digidesign Mbox */ + { diff --git a/3.2.66/4420_grsecurity-3.0-3.2.66-201502052350.patch b/3.2.67/4420_grsecurity-3.0-3.2.67-201502200807.patch similarity index 99% rename from 3.2.66/4420_grsecurity-3.0-3.2.66-201502052350.patch rename to 3.2.67/4420_grsecurity-3.0-3.2.67-201502200807.patch index 520ed1e..880a085 100644 --- a/3.2.66/4420_grsecurity-3.0-3.2.66-201502052350.patch +++ b/3.2.67/4420_grsecurity-3.0-3.2.67-201502200807.patch @@ -203,7 +203,7 @@ index dfa6fc6..ccbfbf3 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 1b196ea..da5220d 100644 +index f0001eb..1727e84 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -859,6 +859,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. @@ -216,7 +216,7 @@ index 1b196ea..da5220d 100644 hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -1962,6 +1965,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1963,6 +1966,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -278,7 +278,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index f08f8bf..f762039 100644 +index 70769fb..720ab16 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -786,7 +786,7 @@ index 01e8715..6a5a03b 100644 return addr; } diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c -index fadd5f8..904e73a 100644 +index e576b91..9b43be9 100644 --- a/arch/alpha/mm/fault.c +++ b/arch/alpha/mm/fault.c @@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *next_mm) @@ -2933,7 +2933,7 @@ index b7f5c68..556135c 100644 #undef D diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c -index f7040a1..db9f300 100644 +index 632b649..043ddd2 100644 --- a/arch/avr32/mm/fault.c +++ b/arch/avr32/mm/fault.c @@ -41,6 +41,23 @@ static inline int notify_page_fault(struct pt_regs *regs, int trap) @@ -2960,7 +2960,7 @@ index f7040a1..db9f300 100644 /* * This routine handles page faults. It determines the address and the * problem, and then passes it off to one of the appropriate routines. -@@ -156,6 +173,16 @@ bad_area: +@@ -158,6 +175,16 @@ bad_area: up_read(&mm->mmap_sem); if (user_mode(regs)) { @@ -3651,7 +3651,7 @@ index 53c0ba0..2accdde 100644 * ensure percpu data fits * into percpu page size diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c -index 20b3593..1ce77f0 100644 +index 1e362cd..3ad6444 100644 --- a/arch/ia64/mm/fault.c +++ b/arch/ia64/mm/fault.c @@ -73,6 +73,23 @@ mapped_kernel_page_is_present (unsigned long address) @@ -4240,7 +4240,7 @@ index 07fc524..b9d7f28 100644 + BUG(); } diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index 937cf33..adb39bb 100644 +index b8314cfe..5bfa31a 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -28,6 +28,23 @@ @@ -5025,7 +5025,7 @@ index cd8b02f..543008b 100644 fault_space = regs->iasq[0]; diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c -index 18162ce..94de376 100644 +index a9b765a..e78ae8e 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -15,6 +15,7 @@ @@ -6161,7 +6161,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 5efe8c9..db9ceef 100644 +index 7450843..9f8cfc7 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -6244,7 +6244,7 @@ index 5efe8c9..db9ceef 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -343,6 +375,23 @@ bad_area: +@@ -345,6 +377,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -9054,7 +9054,7 @@ index 301421c1..e2535d1 100644 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o obj-y += fault_$(BITS).o diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c -index 8023fd7..3a6d569 100644 +index 802b806..483d6e9 100644 --- a/arch/sparc/mm/fault_32.c +++ b/arch/sparc/mm/fault_32.c @@ -21,6 +21,9 @@ @@ -9371,7 +9371,7 @@ index 8023fd7..3a6d569 100644 if(!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c -index 2c0b966..00bf94e 100644 +index bfd7c02..6e941d8 100644 --- a/arch/sparc/mm/fault_64.c +++ b/arch/sparc/mm/fault_64.c @@ -21,6 +21,9 @@ @@ -13556,7 +13556,7 @@ index b8a5fe5..fbbe2c2 100644 "4:\n" ".previous\n" diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index 41935fa..e0fb1f6 100644 +index 3225868..e0fb1f6 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -4,6 +4,7 @@ @@ -13650,7 +13650,7 @@ index 41935fa..e0fb1f6 100644 } static inline void native_load_gdt(const struct desc_ptr *dtr) -@@ -244,11 +255,14 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) +@@ -244,8 +255,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) struct desc_struct *gdt = get_cpu_gdt_table(cpu); unsigned int i; @@ -13660,37 +13660,8 @@ index 41935fa..e0fb1f6 100644 + pax_close_kernel(); } --#define _LDT_empty(info) \ -+/* This intentionally ignores lm, since 32-bit apps don't have that field. */ -+#define LDT_empty(info) \ - ((info)->base_addr == 0 && \ - (info)->limit == 0 && \ - (info)->contents == 0 && \ -@@ -258,11 +272,18 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) - (info)->seg_not_present == 1 && \ - (info)->useable == 0) - --#ifdef CONFIG_X86_64 --#define LDT_empty(info) (_LDT_empty(info) && ((info)->lm == 0)) --#else --#define LDT_empty(info) (_LDT_empty(info)) --#endif -+/* Lots of programs expect an all-zero user_desc to mean "no segment at all". */ -+static inline bool LDT_zero(const struct user_desc *info) -+{ -+ return (info->base_addr == 0 && -+ info->limit == 0 && -+ info->contents == 0 && -+ info->read_exec_only == 0 && -+ info->seg_32bit == 0 && -+ info->limit_in_pages == 0 && -+ info->seg_not_present == 0 && -+ info->useable == 0); -+} - - static inline void clear_LDT(void) - { -@@ -284,7 +305,7 @@ static inline void load_LDT(mm_context_t *pc) + /* This intentionally ignores lm, since 32-bit apps don't have that field. */ +@@ -292,7 +305,7 @@ static inline void load_LDT(mm_context_t *pc) preempt_enable(); } @@ -13699,7 +13670,7 @@ index 41935fa..e0fb1f6 100644 { return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24)); } -@@ -307,7 +328,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) +@@ -315,7 +328,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) desc->limit = (limit >> 16) & 0xf; } @@ -13708,7 +13679,7 @@ index 41935fa..e0fb1f6 100644 unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -326,7 +347,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr, +@@ -334,7 +347,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr, * Pentium F0 0F bugfix can have resulted in the mapped * IDT being write-protected. */ @@ -13717,7 +13688,7 @@ index 41935fa..e0fb1f6 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS); -@@ -356,19 +377,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr) +@@ -364,19 +377,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr) /* * This routine sets up an interrupt gate at directory privilege level 3. */ @@ -13740,7 +13711,7 @@ index 41935fa..e0fb1f6 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -377,19 +398,31 @@ static inline void set_trap_gate(unsigned int n, void *addr) +@@ -385,19 +398,31 @@ static inline void set_trap_gate(unsigned int n, void *addr) static inline void set_task_gate(unsigned int n, unsigned int gdt_entry) { BUG_ON((unsigned)n > 0xFF); @@ -14223,24 +14194,6 @@ index 9171618..fe2b1da 100644 struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES]; /* * Hash table of struct kvm_mmu_page. -diff --git a/arch/x86/include/asm/ldt.h b/arch/x86/include/asm/ldt.h -index 46727eb..6e1aaf7 100644 ---- a/arch/x86/include/asm/ldt.h -+++ b/arch/x86/include/asm/ldt.h -@@ -28,6 +28,13 @@ struct user_desc { - unsigned int seg_not_present:1; - unsigned int useable:1; - #ifdef __x86_64__ -+ /* -+ * Because this bit is not present in 32-bit user code, user -+ * programs can pass uninitialized values here. Therefore, in -+ * any context in which a user_desc comes from a 32-bit program, -+ * the kernel must act as though lm == 0, regardless of the -+ * actual value. -+ */ - unsigned int lm:1; - #endif - }; diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h index 9cdae5d..3534f04 100644 --- a/arch/x86/include/asm/local.h @@ -17910,10 +17863,10 @@ index 25f24dc..4094a7f 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o sched.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 2d44a28..c33f4c8 100644 +index 60d4c33..3f51857 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -701,7 +701,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -711,7 +711,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -22086,7 +22039,7 @@ index 2f45c4c..3f51a0c 100644 } diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index 7da647d..6e9fab5 100644 +index 083848f..69321f0 100644 --- a/arch/x86/kernel/kprobes.c +++ b/arch/x86/kernel/kprobes.c @@ -117,9 +117,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) @@ -22228,7 +22181,7 @@ index 7da647d..6e9fab5 100644 return ret; switch (val) { -@@ -1120,6 +1130,7 @@ static void __kprobes synthesize_relcall(void *from, void *to) +@@ -1130,6 +1140,7 @@ static void __kprobes synthesize_relcall(void *from, void *to) static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val) { @@ -22236,7 +22189,7 @@ index 7da647d..6e9fab5 100644 #ifdef CONFIG_X86_64 *addr++ = 0x48; *addr++ = 0xbf; -@@ -1127,6 +1138,7 @@ static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, +@@ -1137,6 +1148,7 @@ static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, *addr++ = 0xb8; #endif *(unsigned long *)addr = val; @@ -22244,7 +22197,7 @@ index 7da647d..6e9fab5 100644 } static void __used __kprobes kprobes_optinsn_template_holder(void) -@@ -1307,7 +1319,7 @@ static int __kprobes can_optimize(unsigned long paddr) +@@ -1317,7 +1329,7 @@ static int __kprobes can_optimize(unsigned long paddr) ret = recover_probed_instruction(buf, addr); if (ret) return 0; @@ -22253,7 +22206,7 @@ index 7da647d..6e9fab5 100644 } insn_get_length(&insn); /* Recover address */ -@@ -1384,7 +1396,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) +@@ -1394,7 +1406,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) * Verify if the address gap is in 2GB range, because this uses * a relative jump. */ @@ -22262,7 +22215,7 @@ index 7da647d..6e9fab5 100644 if (abs(rel) > 0x7fffffff) return -ERANGE; -@@ -1399,16 +1411,18 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) +@@ -1409,16 +1421,18 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) op->optinsn.size = ret; /* Copy arch-dep-instance from template */ @@ -22284,7 +22237,7 @@ index 7da647d..6e9fab5 100644 (u8 *)op->kp.addr + op->optinsn.size); flush_icache_range((unsigned long) buf, -@@ -1431,7 +1445,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, +@@ -1441,7 +1455,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, ((long)op->kp.addr + RELATIVEJUMP_SIZE)); /* Backup instructions which will be replaced by jump address */ @@ -22293,7 +22246,7 @@ index 7da647d..6e9fab5 100644 RELATIVE_ADDR_SIZE); insn_buf[0] = RELATIVEJUMP_OPCODE; -@@ -1530,7 +1544,7 @@ static int __kprobes setup_detour_execution(struct kprobe *p, +@@ -1540,7 +1554,7 @@ static int __kprobes setup_detour_execution(struct kprobe *p, /* This kprobe is really able to run optimized path. */ op = container_of(p, struct optimized_kprobe, kp); /* Detour through copied instructions */ @@ -23120,7 +23073,7 @@ index 8598296..3fd3443 100644 } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 6a364a6..030f5d6 100644 +index e361095..4882b55 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -89,7 +89,7 @@ static void __exit_idle(void) @@ -23159,7 +23112,7 @@ index 6a364a6..030f5d6 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; -@@ -461,10 +461,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -506,10 +506,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -23172,7 +23125,7 @@ index 6a364a6..030f5d6 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -519,12 +518,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -564,12 +563,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -24398,72 +24351,10 @@ index dd5fbf4..b7f2232 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index 7af7338..79ea0e3 100644 +index 0c38d06..79ea0e3 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c -@@ -30,7 +30,28 @@ static int get_free_idx(void) - - static bool tls_desc_okay(const struct user_desc *info) - { -- if (LDT_empty(info)) -+ /* -+ * For historical reasons (i.e. no one ever documented how any -+ * of the segmentation APIs work), user programs can and do -+ * assume that a struct user_desc that's all zeros except for -+ * entry_number means "no segment at all". This never actually -+ * worked. In fact, up to Linux 3.19, a struct user_desc like -+ * this would create a 16-bit read-write segment with base and -+ * limit both equal to zero. -+ * -+ * That was close enough to "no segment at all" until we -+ * hardened this function to disallow 16-bit TLS segments. Fix -+ * it up by interpreting these zeroed segments the way that they -+ * were almost certainly intended to be interpreted. -+ * -+ * The correct way to ask for "no segment at all" is to specify -+ * a user_desc that satisfies LDT_empty. To keep everything -+ * working, we accept both. -+ * -+ * Note that there's a similar kludge in modify_ldt -- look at -+ * the distinction between modes 1 and 0x11. -+ */ -+ if (LDT_empty(info) || LDT_zero(info)) - return true; - - /* -@@ -40,6 +61,22 @@ static bool tls_desc_okay(const struct user_desc *info) - if (!info->seg_32bit) - return false; - -+ /* Only allow data segments in the TLS array. */ -+ if (info->contents > 1) -+ return false; -+ -+ /* -+ * Non-present segments with DPL 3 present an interesting attack -+ * surface. The kernel should handle such segments correctly, -+ * but TLS is very difficult to protect in a sandbox, so prevent -+ * such segments from being created. -+ * -+ * If userspace needs to remove a TLS entry, it can still delete -+ * it outright. -+ */ -+ if (info->seg_not_present) -+ return false; -+ - return true; - } - -@@ -56,7 +93,7 @@ static void set_tls_desc(struct task_struct *p, int idx, - cpu = get_cpu(); - - while (n-- > 0) { -- if (LDT_empty(info)) -+ if (LDT_empty(info) || LDT_zero(info)) - desc->a = desc->b = 0; - else - fill_ldt(desc, info); -@@ -103,6 +140,11 @@ int do_set_thread_area(struct task_struct *p, int idx, +@@ -140,6 +140,11 @@ int do_set_thread_area(struct task_struct *p, int idx, if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; @@ -24475,7 +24366,7 @@ index 7af7338..79ea0e3 100644 set_tls_desc(p, idx, &info, 1); return 0; -@@ -224,7 +266,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, +@@ -261,7 +266,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, if (kbuf) info = kbuf; @@ -24800,7 +24691,7 @@ index 04b8726..0c35b29 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 0f703f1..cd7e91b 100644 +index 0f703f1..045a8f1 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -24982,7 +24873,6 @@ index 0f703f1..cd7e91b 100644 + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) { + VMLINUX_SYMBOL(_sinittext) = .; + INIT_TEXT -+ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(PAGE_SIZE); + } :text.init @@ -24993,6 +24883,7 @@ index 0f703f1..cd7e91b 100644 + */ + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { + EXIT_TEXT ++ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(16); + } :text.exit + . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text); @@ -25192,7 +25083,7 @@ index 7110911..069da9c 100644 /* * Encountered an error while doing the restore from the diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index f0ac042..39c366e 100644 +index bdad489..43849f4 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -249,6 +249,7 @@ struct gprefix { @@ -25230,49 +25121,7 @@ index f0ac042..39c366e 100644 } while (0) /* instruction has only one source operand, destination is implicit (e.g. mul, div, imul, idiv) */ -@@ -2077,23 +2074,13 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) - setup_syscalls_segments(ctxt, &cs, &ss); - - ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data); -- switch (ctxt->mode) { -- case X86EMUL_MODE_PROT32: -- if ((msr_data & 0xfffc) == 0x0) -- return emulate_gp(ctxt, 0); -- break; -- case X86EMUL_MODE_PROT64: -- if (msr_data == 0x0) -- return emulate_gp(ctxt, 0); -- break; -- } -+ if ((msr_data & 0xfffc) == 0x0) -+ return emulate_gp(ctxt, 0); - - ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF); -- cs_sel = (u16)msr_data; -- cs_sel &= ~SELECTOR_RPL_MASK; -+ cs_sel = (u16)msr_data & ~SELECTOR_RPL_MASK; - ss_sel = cs_sel + 8; -- ss_sel &= ~SELECTOR_RPL_MASK; -- if (ctxt->mode == X86EMUL_MODE_PROT64 || (efer & EFER_LMA)) { -+ if (efer & EFER_LMA) { - cs.d = 0; - cs.l = 1; - } -@@ -2102,10 +2089,11 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) - ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS); - - ops->get_msr(ctxt, MSR_IA32_SYSENTER_EIP, &msr_data); -- ctxt->_eip = msr_data; -+ ctxt->_eip = (efer & EFER_LMA) ? msr_data : (u32)msr_data; - - ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data); -- ctxt->regs[VCPU_REGS_RSP] = msr_data; -+ ctxt->regs[VCPU_REGS_RSP] = (efer & EFER_LMA) ? msr_data : -+ (u32)msr_data; - - return X86EMUL_CONTINUE; - } -@@ -3003,7 +2991,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) +@@ -3013,7 +3010,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) int cr = ctxt->modrm_reg; u64 efer = 0; @@ -25281,7 +25130,7 @@ index f0ac042..39c366e 100644 0xffffffff00000000ULL, 0, 0, 0, /* CR3 checked later */ CR4_RESERVED_BITS, -@@ -3038,7 +3026,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) +@@ -3048,7 +3045,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) ctxt->ops->get_msr(ctxt, MSR_EFER, &efer); if (efer & EFER_LMA) @@ -28404,7 +28253,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 53a7b69..8cc6fea 100644 +index 8cac088..527a9c0 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -28639,7 +28488,7 @@ index 53a7b69..8cc6fea 100644 code = BUS_MCEERR_AR; } #endif -@@ -894,6 +992,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -896,6 +994,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -28739,7 +28588,7 @@ index 53a7b69..8cc6fea 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -966,6 +1157,9 @@ int show_unhandled_signals = 1; +@@ -968,6 +1159,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -28749,7 +28598,7 @@ index 53a7b69..8cc6fea 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -999,18 +1193,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1001,18 +1195,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -28787,7 +28636,7 @@ index 53a7b69..8cc6fea 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1071,7 +1279,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1073,7 +1281,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -28796,7 +28645,7 @@ index 53a7b69..8cc6fea 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1126,6 +1334,11 @@ retry: +@@ -1128,6 +1336,11 @@ retry: might_sleep(); } @@ -28808,7 +28657,7 @@ index 53a7b69..8cc6fea 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1137,18 +1350,24 @@ retry: +@@ -1139,18 +1352,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -28844,7 +28693,7 @@ index 53a7b69..8cc6fea 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1203,3 +1422,292 @@ good_area: +@@ -1205,3 +1424,292 @@ good_area: up_read(&mm->mmap_sem); } @@ -29870,7 +29719,7 @@ index 29f7c6d9..5122941 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 266f717..51ef7c9 100644 +index 44b93da..5a0b3ee 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -30005,7 +29854,7 @@ index 266f717..51ef7c9 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -866,8 +880,8 @@ int kern_addr_valid(unsigned long addr) +@@ -856,8 +870,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -30016,7 +29865,7 @@ index 266f717..51ef7c9 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -901,7 +915,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -891,7 +905,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -30042,7 +29891,7 @@ index 7b179b49..6bd17777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index dec49d3..e2bd3f0 100644 +index dec49d3..1943563 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, @@ -30065,17 +29914,29 @@ index dec49d3..e2bd3f0 100644 { struct vm_struct *p, *o; -@@ -327,6 +327,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) - +@@ -322,23 +322,22 @@ EXPORT_SYMBOL(iounmap); + */ + void *xlate_dev_mem_ptr(unsigned long phys) + { +- void *addr; +- unsigned long start = phys & PAGE_MASK; +- /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ - if (page_is_ram(start >> PAGE_SHIFT)) +- if (page_is_ram(start >> PAGE_SHIFT)) ++ if (page_is_ram(phys >> PAGE_SHIFT)) +#ifdef CONFIG_HIGHMEM -+ if ((start >> PAGE_SHIFT) < max_low_pfn) ++ if ((phys >> PAGE_SHIFT) < max_low_pfn) +#endif return __va(phys); - addr = (void __force *)ioremap_cache(start, PAGE_SIZE); -@@ -339,6 +342,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) +- addr = (void __force *)ioremap_cache(start, PAGE_SIZE); +- if (addr) +- addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK)); +- +- return addr; ++ return (void __force *)ioremap_cache(phys, PAGE_SIZE); + } + void unxlate_dev_mem_ptr(unsigned long phys, void *addr) { if (page_is_ram(phys >> PAGE_SHIFT)) @@ -30085,7 +29946,7 @@ index dec49d3..e2bd3f0 100644 return; iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK)); -@@ -356,7 +362,7 @@ static int __init early_ioremap_debug_setup(char *str) +@@ -356,7 +355,7 @@ static int __init early_ioremap_debug_setup(char *str) early_param("early_ioremap_debug", early_ioremap_debug_setup); static __initdata int after_paging_init; @@ -30094,7 +29955,7 @@ index dec49d3..e2bd3f0 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -393,8 +399,7 @@ void __init early_ioremap_init(void) +@@ -393,8 +392,7 @@ void __init early_ioremap_init(void) slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -30905,7 +30766,7 @@ index 6687022..ceabcfa 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 5a5b6e4..3cbf9b7 100644 +index 5a5b6e4..07b4acb 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -11,6 +11,7 @@ @@ -30916,7 +30777,7 @@ index 5a5b6e4..3cbf9b7 100644 /* * Conventions : -@@ -45,13 +46,84 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) +@@ -45,13 +46,96 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) return ptr + len; } @@ -30944,7 +30805,8 @@ index 5a5b6e4..3cbf9b7 100644 + EMIT2(0x81, 0xf1); \ + EMIT((_key) ^ (_off), 4); \ +} while (0) -+ ++#define SHORT_JMP_LENGTH 2 ++#define NEAR_JMP_LENGTH (5 + 8) +#define EMIT1_off32(b1, _off) \ +do { \ + switch (b1) { \ @@ -30952,12 +30814,20 @@ index 5a5b6e4..3cbf9b7 100644 + case 0x2d: /* sub eax, imm32 */ \ + case 0x25: /* and eax, imm32 */ \ + case 0x0d: /* or eax, imm32 */ \ -+ case 0xb8: /* mov eax, imm32 */ \ + case 0x3d: /* cmp eax, imm32 */ \ -+ case 0xa9: /* test eax, imm32 */ \ + DILUTE_CONST_SEQUENCE(_off, randkey); \ + EMIT2((b1) - 4, 0xc8); /* convert imm instruction to eax, ecx */\ + break; \ ++ case 0xb8: /* mov eax, imm32 */ \ ++ DILUTE_CONST_SEQUENCE(_off, randkey); \ ++ /* mov eax, ecx */ \ ++ EMIT2(0x89, 0xc8); \ ++ break; \ ++ case 0xa9: /* test eax, imm32 */ \ ++ DILUTE_CONST_SEQUENCE(_off, randkey); \ ++ /* test eax, ecx */ \ ++ EMIT2(0x85, 0xc8); \ ++ break; \ + case 0xbb: /* mov ebx, imm32 */ \ + DILUTE_CONST_SEQUENCE(_off, randkey); \ + /* mov ebx, ecx */ \ @@ -30973,8 +30843,9 @@ index 5a5b6e4..3cbf9b7 100644 + EMIT(_off, 4); \ + break; \ + case 0xe9: /* jmp rel imm32 */ \ ++ BUG_ON((int)(_off) < 0); \ + EMIT1(b1); \ -+ EMIT(_off, 4); \ ++ EMIT(_off + 8, 4); \ + /* prevent fall-through, we're not called if off = 0 */ \ + EMIT(0xcccccccc, 4); \ + EMIT(0xcccccccc, 4); \ @@ -30997,11 +30868,21 @@ index 5a5b6e4..3cbf9b7 100644 +#else #define EMIT1_off32(b1, off) do { EMIT1(b1); EMIT(off, 4);} while (0) +#define EMIT2_off32(b1, b2, off) do { EMIT2(b1, b2); EMIT(off, 4);} while (0) ++#define SHORT_JMP_LENGTH 2 ++#define NEAR_JMP_LENGTH 5 +#endif #define CLEAR_A() EMIT2(0x31, 0xc0) /* xor %eax,%eax */ #define CLEAR_X() EMIT2(0x31, 0xdb) /* xor %ebx,%ebx */ -@@ -86,6 +158,24 @@ do { \ +@@ -68,6 +152,7 @@ static inline bool is_near(int offset) + + #define EMIT_JMP(offset) \ + do { \ ++ BUG_ON((int)(offset) < 0); \ + if (offset) { \ + if (is_near(offset)) \ + EMIT2(0xeb, offset); /* jmp .+off8 */ \ +@@ -86,13 +171,33 @@ do { \ #define X86_JBE 0x76 #define X86_JA 0x77 @@ -31025,16 +30906,18 @@ index 5a5b6e4..3cbf9b7 100644 + #define EMIT_COND_JMP(op, offset) \ do { \ ++ BUG_ON((int)(offset) < 0); \ if (is_near(offset)) \ -@@ -93,6 +183,7 @@ do { \ + EMIT2(op, offset); /* jxx .+off8 */ \ else { \ EMIT2(0x0f, op + 0x10); \ - EMIT(offset, 4); /* jxx .+off32 */ \ +- EMIT(offset, 4); /* jxx .+off32 */ \ ++ EMIT((offset) + 21, 4); /* jxx .+off32 */ \ + APPEND_FLOW_VERIFY(); \ } \ } while (0) -@@ -117,10 +208,14 @@ static inline void bpf_flush_icache(void *start, void *end) +@@ -117,10 +222,14 @@ static inline void bpf_flush_icache(void *start, void *end) set_fs(old_fs); } @@ -31050,7 +30933,7 @@ index 5a5b6e4..3cbf9b7 100644 u8 *prog; unsigned int proglen, oldproglen = 0; int ilen, i; -@@ -133,6 +228,9 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -133,6 +242,9 @@ void bpf_jit_compile(struct sk_filter *fp) unsigned int *addrs; const struct sock_filter *filter = fp->insns; int flen = fp->len; @@ -31060,7 +30943,7 @@ index 5a5b6e4..3cbf9b7 100644 if (!bpf_jit_enable) return; -@@ -141,11 +239,15 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -141,11 +253,15 @@ void bpf_jit_compile(struct sk_filter *fp) if (addrs == NULL) return; @@ -31078,7 +30961,7 @@ index 5a5b6e4..3cbf9b7 100644 addrs[i] = proglen; } cleanup_addr = proglen; /* epilogue address */ -@@ -221,6 +323,10 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -221,6 +337,10 @@ void bpf_jit_compile(struct sk_filter *fp) for (i = 0; i < flen; i++) { unsigned int K = filter[i].k; @@ -31089,7 +30972,7 @@ index 5a5b6e4..3cbf9b7 100644 switch (filter[i].code) { case BPF_S_ALU_ADD_X: /* A += X; */ seen |= SEEN_XREG; -@@ -253,10 +359,8 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -253,10 +373,8 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_ALU_MUL_K: /* A *= K */ if (is_imm8(K)) EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */ @@ -31102,7 +30985,15 @@ index 5a5b6e4..3cbf9b7 100644 break; case BPF_S_ALU_DIV_X: /* A /= X; */ seen |= SEEN_XREG; -@@ -276,8 +380,14 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -269,15 +387,21 @@ void bpf_jit_compile(struct sk_filter *fp) + EMIT_COND_JMP(X86_JE, addrs[pc_ret0 - 1] - + (addrs[i] - 4)); + } else { +- EMIT_COND_JMP(X86_JNE, 2 + 5); ++ EMIT_COND_JMP(X86_JNE, 2 + NEAR_JMP_LENGTH); + CLEAR_A(); + EMIT1_off32(0xe9, cleanup_addr - (addrs[i] - 4)); /* jmp .+off32 */ + } EMIT4(0x31, 0xd2, 0xf7, 0xf3); /* xor %edx,%edx; div %ebx */ break; case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */ @@ -31117,7 +31008,7 @@ index 5a5b6e4..3cbf9b7 100644 EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ break; case BPF_S_ALU_AND_X: -@@ -477,7 +587,7 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -477,7 +601,7 @@ void bpf_jit_compile(struct sk_filter *fp) common_load: seen |= SEEN_DATAREF; if ((int)K < 0) { /* Abort the JIT because __load_pointer() is needed. */ @@ -31126,7 +31017,7 @@ index 5a5b6e4..3cbf9b7 100644 } t_offset = func - (image + addrs[i]); EMIT1_off32(0xbe, K); /* mov imm32,%esi */ -@@ -492,7 +602,7 @@ common_load: seen |= SEEN_DATAREF; +@@ -492,7 +616,7 @@ common_load: seen |= SEEN_DATAREF; case BPF_S_LDX_B_MSH: if ((int)K < 0) { /* Abort the JIT because __load_pointer() is needed. */ @@ -31135,7 +31026,16 @@ index 5a5b6e4..3cbf9b7 100644 } seen |= SEEN_DATAREF | SEEN_XREG; t_offset = sk_load_byte_msh - (image + addrs[i]); -@@ -582,17 +692,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -572,7 +696,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; + } + if (filter[i].jt != 0) { + if (filter[i].jf && f_offset) +- t_offset += is_near(f_offset) ? 2 : 5; ++ t_offset += is_near(f_offset) ? SHORT_JMP_LENGTH : NEAR_JMP_LENGTH; + EMIT_COND_JMP(t_op, t_offset); + if (filter[i].jf) + EMIT_JMP(f_offset); +@@ -582,17 +706,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; default: /* hmm, too complex filter, give up with jit compiler */ @@ -31158,7 +31058,7 @@ index 5a5b6e4..3cbf9b7 100644 } proglen += ilen; addrs[i] = proglen; -@@ -613,11 +724,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -613,11 +738,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { @@ -31172,7 +31072,7 @@ index 5a5b6e4..3cbf9b7 100644 } oldproglen = proglen; } -@@ -633,7 +742,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -633,7 +756,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; bpf_flush_icache(image, image + proglen); fp->bpf_func = (void *)image; @@ -31184,7 +31084,7 @@ index 5a5b6e4..3cbf9b7 100644 out: kfree(addrs); return; -@@ -641,18 +753,20 @@ out: +@@ -641,18 +767,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -32393,7 +32293,7 @@ index 468d591..8e80a0a 100644 return NULL; } diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 153407c..611cba9 100644 +index 0ff8815..7abe843 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,8 +16,6 @@ @@ -32405,15 +32305,7 @@ index 153407c..611cba9 100644 extern char vdso_start[], vdso_end[]; extern unsigned short vdso_sync_cpuid; -@@ -96,7 +94,6 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) - * unaligned here as a result of stack start randomization. - */ - addr = PAGE_ALIGN(addr); -- addr = align_addr(addr, NULL, ALIGN_VDSO); - - return addr; - } -@@ -106,40 +103,35 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) +@@ -119,13 +117,15 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { struct mm_struct *mm = current->mm; @@ -32431,10 +32323,9 @@ index 153407c..611cba9 100644 +#endif + addr = vdso_addr(mm->start_stack, vdso_size); -+ addr = align_addr(addr, NULL, ALIGN_VDSO); addr = get_unmapped_area(NULL, addr, vdso_size, 0, 0); if (IS_ERR_VALUE(addr)) { - ret = addr; +@@ -133,26 +133,18 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) goto up_fail; } @@ -32961,7 +32852,7 @@ index 7b72502..3d7b647 100644 err = -EFAULT; goto out; diff --git a/block/genhd.c b/block/genhd.c -index 41b0435..09f9f28 100644 +index 424d1fa..8e99b22 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -472,21 +472,24 @@ static char *bdevt_str(dev_t devt, char *buf) @@ -33057,7 +32948,7 @@ index f124268..e5bfd12 100644 goto error; diff --git a/crypto/api.c b/crypto/api.c -index cea3cf6..86a0f6f 100644 +index ac80794..dd053f8 100644 --- a/crypto/api.c +++ b/crypto/api.c @@ -42,6 +42,8 @@ static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg) @@ -33070,7 +32961,7 @@ index cea3cf6..86a0f6f 100644 { return try_module_get(alg->cra_module) ? crypto_alg_get(alg) : NULL; diff --git a/crypto/cryptd.c b/crypto/cryptd.c -index 7bdd61b..afec999 100644 +index 75c415d..0b21cd8 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx { @@ -33147,7 +33038,7 @@ index 5b63b8d..6f46ba0 100644 exact = 1; diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c -index 29a89da..7e23990 100644 +index ba92046..2d5921a 100644 --- a/crypto/pcrypt.c +++ b/crypto/pcrypt.c @@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name) @@ -33386,10 +33277,10 @@ index de2802c..2260da9 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 2ddf736..e60d263 100644 +index 5d8fc3d..d537f03 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4787,7 +4787,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4790,7 +4790,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -33398,7 +33289,7 @@ index 2ddf736..e60d263 100644 ap = qc->ap; qc->flags = 0; -@@ -4803,7 +4803,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4806,7 +4806,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -33407,7 +33298,7 @@ index 2ddf736..e60d263 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5808,6 +5808,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5811,6 +5811,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -33415,7 +33306,7 @@ index 2ddf736..e60d263 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5821,8 +5822,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5824,8 +5825,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -35683,7 +35574,7 @@ index 1aeaaba..e018570 100644 .part_num = MBCS_PART_NUM, .mfg_num = MBCS_MFG_NUM, diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 1451790..046b083 100644 +index 1451790..a57c233 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -35731,15 +35622,17 @@ index 1451790..046b083 100644 #else static inline int range_is_allowed(unsigned long pfn, unsigned long size) { -@@ -118,6 +132,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -117,7 +131,8 @@ static ssize_t read_mem(struct file *file, char __user *buf, + #endif while (count > 0) { - unsigned long remaining; +- unsigned long remaining; ++ unsigned long remaining = 0; + char *temp; sz = size_inside_page(p, count); -@@ -133,7 +148,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -133,7 +148,24 @@ static ssize_t read_mem(struct file *file, char __user *buf, if (!ptr) return -EFAULT; @@ -35750,12 +35643,13 @@ index 1451790..046b083 100644 + unxlate_dev_mem_ptr(p, ptr); + return -ENOMEM; + } -+ memcpy(temp, ptr, sz); ++ remaining = probe_kernel_read(temp, ptr, sz); +#else + temp = ptr; +#endif + -+ remaining = copy_to_user(buf, temp, sz); ++ if (!remaining) ++ remaining = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -35764,7 +35658,7 @@ index 1451790..046b083 100644 unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; -@@ -376,7 +407,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf, +@@ -376,7 +408,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf, else csize = count; @@ -35773,7 +35667,7 @@ index 1451790..046b083 100644 if (rc < 0) return rc; buf += csize; -@@ -396,9 +427,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -396,9 +428,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { unsigned long p = *ppos; @@ -35784,7 +35678,7 @@ index 1451790..046b083 100644 read = 0; if (p < (unsigned long) high_memory) { -@@ -420,6 +450,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -420,6 +451,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } #endif while (low_count > 0) { @@ -35793,7 +35687,7 @@ index 1451790..046b083 100644 sz = size_inside_page(p, low_count); /* -@@ -429,7 +461,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -429,7 +462,23 @@ static ssize_t read_kmem(struct file *file, char __user *buf, */ kbuf = xlate_dev_kmem_ptr((char *)p); @@ -35802,12 +35696,13 @@ index 1451790..046b083 100644 + temp = kmalloc(sz, GFP_KERNEL|GFP_USERCOPY); + if (!temp) + return -ENOMEM; -+ memcpy(temp, kbuf, sz); ++ err = probe_kernel_read(temp, kbuf, sz); +#else + temp = kbuf; +#endif + -+ err = copy_to_user(buf, temp, sz); ++ if (!err) ++ err = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -35817,7 +35712,7 @@ index 1451790..046b083 100644 return -EFAULT; buf += sz; p += sz; -@@ -815,6 +862,11 @@ static ssize_t kmsg_writev(struct kiocb *iocb, const struct iovec *iv, +@@ -815,6 +864,11 @@ static ssize_t kmsg_writev(struct kiocb *iocb, const struct iovec *iv, ssize_t ret = -EFAULT; size_t len = iov_length(iv, count); @@ -35829,7 +35724,7 @@ index 1451790..046b083 100644 line = kmalloc(len + 1, GFP_KERNEL); if (line == NULL) return -ENOMEM; -@@ -867,6 +919,9 @@ static const struct memdev { +@@ -867,6 +921,9 @@ static const struct memdev { #ifdef CONFIG_CRASH_DUMP [12] = { "oldmem", 0, &oldmem_fops, NULL }, #endif @@ -35839,7 +35734,7 @@ index 1451790..046b083 100644 }; static int memory_open(struct inode *inode, struct file *filp) -@@ -931,7 +986,7 @@ static int __init chr_dev_init(void) +@@ -931,7 +988,7 @@ static int __init chr_dev_init(void) if (!devlist[minor].name) continue; device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), @@ -43910,6 +43805,19 @@ index 16a089f..1661b11 100644 return -EFAULT; return i; } +diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c +index 5991ab6..049f4ac 100644 +--- a/drivers/media/radio/wl128x/fmdrv_common.c ++++ b/drivers/media/radio/wl128x/fmdrv_common.c +@@ -71,7 +71,7 @@ module_param(default_rds_buf, uint, 0444); + MODULE_PARM_DESC(rds_buf, "RDS buffer entries"); + + /* Radio Nr */ +-static u32 radio_nr = -1; ++static int radio_nr = -1; + module_param(radio_nr, int, 0444); + MODULE_PARM_DESC(radio_nr, "Radio Nr"); + diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c index a47ba33..deafb02 100644 --- a/drivers/media/rc/rc-main.c @@ -45159,10 +45067,10 @@ index cf95bd8d..f61f675 100644 /* check to see if we are clearing active */ if (!strlen(ifname) || buf[0] == '\n') { diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c -index 1eac27f..ecd3827 100644 +index a25442e..d1235bc 100644 --- a/drivers/net/can/dev.c +++ b/drivers/net/can/dev.c -@@ -721,7 +721,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, +@@ -725,7 +725,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, return -EOPNOTSUPP; } @@ -45960,6 +45868,28 @@ index 0e6e57e..060e208 100644 .notifier_call = macvtap_device_event, }; +diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c +index 83a5a5a..9a9d0ae 100644 +--- a/drivers/net/phy/phy_device.c ++++ b/drivers/net/phy/phy_device.c +@@ -207,7 +207,7 @@ static struct phy_device* phy_device_create(struct mii_bus *bus, + * Description: Reads the ID registers of the PHY at @addr on the + * @bus, stores it in @phy_id and returns zero on success. + */ +-int get_phy_id(struct mii_bus *bus, int addr, u32 *phy_id) ++int get_phy_id(struct mii_bus *bus, int addr, int *phy_id) + { + int phy_reg; + +@@ -243,7 +243,7 @@ EXPORT_SYMBOL(get_phy_id); + struct phy_device * get_phy_device(struct mii_bus *bus, int addr) + { + struct phy_device *dev = NULL; +- u32 phy_id; ++ int phy_id; + int r; + + r = get_phy_id(bus, addr, &phy_id); diff --git a/drivers/net/ppp/ppp_deflate.c b/drivers/net/ppp/ppp_deflate.c index 1dbdf82..43764cc 100644 --- a/drivers/net/ppp/ppp_deflate.c @@ -46848,7 +46778,7 @@ index f5ae3c67..7936af3 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index dc774cd..fd6efed 100644 +index 8b1123d..20a54e9 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h @@ -607,7 +607,7 @@ struct ath_hw_private_ops { @@ -47626,7 +47556,7 @@ index c73ed00..cc3edec 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 9005380..c497080 100644 +index bc92c47..47e01d7 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -48030,10 +47960,10 @@ index e15d4c9..83cd617 100644 __power_supply_attrs[i] = &power_supply_attrs[i].attr; } diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index 6ec610c..078eaf3 100644 +index adba3d6..7d7a5a6 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c -@@ -2639,7 +2639,7 @@ struct regulator_dev *regulator_register(struct regulator_desc *regulator_desc, +@@ -2641,7 +2641,7 @@ struct regulator_dev *regulator_register(struct regulator_desc *regulator_desc, struct device *dev, const struct regulator_init_data *init_data, void *driver_data) { @@ -48042,7 +47972,7 @@ index 6ec610c..078eaf3 100644 struct regulator_dev *rdev; int ret, i; -@@ -2698,7 +2698,7 @@ struct regulator_dev *regulator_register(struct regulator_desc *regulator_desc, +@@ -2700,7 +2700,7 @@ struct regulator_dev *regulator_register(struct regulator_desc *regulator_desc, rdev->dev.class = ®ulator_class; rdev->dev.parent = dev; dev_set_name(&rdev->dev, "regulator.%d", @@ -51510,7 +51440,7 @@ index 8131e2c..b48928a 100644 if (unlikely(pdev->id < 0 || pdev->id >= UART_NR)) return -ENXIO; diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c -index b31f1c3..1b6b8c4 100644 +index 626e75b..4a87ecc 100644 --- a/drivers/tty/serial/samsung.c +++ b/drivers/tty/serial/samsung.c @@ -440,11 +440,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) @@ -51530,7 +51460,7 @@ index b31f1c3..1b6b8c4 100644 dbg("s3c24xx_serial_startup: port=%p (%08lx,%p)\n", port->mapbase, port->membase); -@@ -1149,10 +1154,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, +@@ -1153,10 +1158,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, port->dev = &platdev->dev; ourport->info = info; @@ -52226,10 +52156,10 @@ index 9f7003e..b1db1b6 100644 props.type = BACKLIGHT_RAW; props.max_brightness = 0xff; diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c -index 1ee6b2a..523c0ae 100644 +index 87302dd..2d0130a 100644 --- a/drivers/usb/serial/console.c +++ b/drivers/usb/serial/console.c -@@ -200,7 +200,7 @@ static int usb_console_setup(struct console *co, char *options) +@@ -205,7 +205,7 @@ static int usb_console_setup(struct console *co, char *options) static void usb_console_write(struct console *co, const char *buf, unsigned count) { @@ -52448,10 +52378,10 @@ index 6b4fb5c..385e560 100644 if (!strncmp(options, "scrollback:", 11)) { options += 11; diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c -index c27e153..5beb687 100644 +index 8a3d51f..f3e2e64 100644 --- a/drivers/video/fb_defio.c +++ b/drivers/video/fb_defio.c -@@ -200,7 +200,9 @@ void fb_deferred_io_init(struct fb_info *info) +@@ -201,7 +201,9 @@ void fb_deferred_io_init(struct fb_info *info) BUG_ON(!fbdefio); mutex_init(&fbdefio->lock); @@ -52462,7 +52392,7 @@ index c27e153..5beb687 100644 INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work); INIT_LIST_HEAD(&fbdefio->pagelist); if (fbdefio->delay == 0) /* set a default of 1 s */ -@@ -231,7 +233,7 @@ void fb_deferred_io_cleanup(struct fb_info *info) +@@ -232,7 +234,7 @@ void fb_deferred_io_cleanup(struct fb_info *info) page->mapping = NULL; } @@ -55859,10 +55789,10 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c -index 984c501..9167bb2 100644 +index cc02a9b..2686ac9 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c -@@ -140,8 +140,11 @@ static int virtio_dev_probe(struct device *_d) +@@ -139,8 +139,11 @@ static int virtio_dev_probe(struct device *_d) err = drv->probe(dev); if (err) add_status(dev, VIRTIO_CONFIG_S_FAILED); @@ -57473,10 +57403,10 @@ index dede441..f2a2507 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c -index f63719a..5f00ed6 100644 +index a694317..dc698a1 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c -@@ -5642,7 +5642,7 @@ again: +@@ -5644,7 +5644,7 @@ again: if (ret == -ENOSPC && num_bytes > min_alloc_size) { num_bytes = num_bytes >> 1; @@ -57748,7 +57678,7 @@ index 7903e62..096162e 100644 } diff --git a/fs/ceph/super.c b/fs/ceph/super.c -index de268a8..2a158be 100644 +index 3c981db..eb87cfb 100644 --- a/fs/ceph/super.c +++ b/fs/ceph/super.c @@ -785,7 +785,7 @@ static int ceph_compare_super(struct super_block *sb, void *data) @@ -58428,7 +58358,7 @@ index 739fb59..5385976 100644 static int __init init_cramfs_fs(void) { diff --git a/fs/dcache.c b/fs/dcache.c -index 3f65742..0972e8b 100644 +index 8bc98af..a49e6f0 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -103,11 +103,11 @@ static unsigned int d_hash_shift __read_mostly; @@ -58447,19 +58377,17 @@ index 3f65742..0972e8b 100644 return dentry_hashtable + (hash & D_HASHMASK); } -@@ -1034,8 +1034,10 @@ ascend: - write_sequnlock(&rename_lock); - return 0; /* No mount points found in tree */ - positive: -- if (!locked && read_seqretry(&rename_lock, seq)) -+ if (!locked && read_seqretry(&rename_lock, seq)) { -+ rcu_read_lock(); - goto rename_retry; -+ } - if (locked) - write_sequnlock(&rename_lock); - return 1; -@@ -3080,7 +3082,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -1235,6 +1235,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) + dentry->d_sb = sb; + dentry->d_op = NULL; + dentry->d_fsdata = NULL; ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ atomic_set(&dentry->chroot_refcnt, 0); ++#endif + INIT_HLIST_BL_NODE(&dentry->d_hash); + INIT_LIST_HEAD(&dentry->d_lru); + INIT_LIST_HEAD(&dentry->d_subdirs); +@@ -3082,7 +3085,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -58548,10 +58476,10 @@ index 5ce56e7..d80e1db 100644 return rc; } diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c -index 94afdfd..bdb8854 100644 +index 62b8ddc..7df8b1c 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c -@@ -629,6 +629,7 @@ static struct file_system_type ecryptfs_fs_type = { +@@ -639,6 +639,7 @@ static struct file_system_type ecryptfs_fs_type = { .kill_sb = ecryptfs_kill_block_super, .fs_flags = 0 }; @@ -60382,7 +60310,7 @@ index 9d1c995..7685971 100644 static int __init vxfs_init(void) diff --git a/fs/fs_struct.c b/fs/fs_struct.c -index 78b519c..0386555 100644 +index 78b519c..b6e3076 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ @@ -60393,15 +60321,28 @@ index 78b519c..0386555 100644 #include "internal.h" static inline void path_get_longterm(struct path *path) -@@ -31,6 +32,7 @@ void set_fs_root(struct fs_struct *fs, struct path *path) +@@ -26,15 +27,19 @@ void set_fs_root(struct fs_struct *fs, struct path *path) + { + struct path old_root; + ++ gr_inc_chroot_refcnts(path->dentry, path->mnt); + spin_lock(&fs->lock); + write_seqcount_begin(&fs->seq); old_root = fs->root; fs->root = *path; path_get_longterm(path); + gr_set_chroot_entries(current, path); write_seqcount_end(&fs->seq); spin_unlock(&fs->lock); - if (old_root.dentry) -@@ -74,6 +76,13 @@ void chroot_fs_refs(struct path *old_root, struct path *new_root) +- if (old_root.dentry) ++ if (old_root.dentry) { ++ gr_dec_chroot_refcnts(old_root.dentry, old_root.mnt); + path_put_longterm(&old_root); ++ } + } + + /* +@@ -74,6 +79,13 @@ void chroot_fs_refs(struct path *old_root, struct path *new_root) && fs->root.mnt == old_root->mnt) { path_get_longterm(new_root); fs->root = *new_root; @@ -60415,7 +60356,15 @@ index 78b519c..0386555 100644 count++; } if (fs->pwd.dentry == old_root->dentry -@@ -109,7 +118,8 @@ void exit_fs(struct task_struct *tsk) +@@ -94,6 +106,7 @@ void chroot_fs_refs(struct path *old_root, struct path *new_root) + + void free_fs_struct(struct fs_struct *fs) + { ++ gr_dec_chroot_refcnts(fs->root.dentry, fs->root.mnt); + path_put_longterm(&fs->root); + path_put_longterm(&fs->pwd); + kmem_cache_free(fs_cachep, fs); +@@ -109,7 +122,8 @@ void exit_fs(struct task_struct *tsk) spin_lock(&fs->lock); write_seqcount_begin(&fs->seq); tsk->fs = NULL; @@ -60425,7 +60374,7 @@ index 78b519c..0386555 100644 write_seqcount_end(&fs->seq); spin_unlock(&fs->lock); task_unlock(tsk); -@@ -123,7 +133,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -123,7 +137,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL); /* We don't need to lock fs - think why ;-) */ if (fs) { @@ -60434,7 +60383,7 @@ index 78b519c..0386555 100644 fs->in_exec = 0; spin_lock_init(&fs->lock); seqcount_init(&fs->seq); -@@ -132,6 +142,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -132,6 +146,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) spin_lock(&old->lock); fs->root = old->root; path_get_longterm(&fs->root); @@ -60444,7 +60393,7 @@ index 78b519c..0386555 100644 fs->pwd = old->pwd; path_get_longterm(&fs->pwd); spin_unlock(&old->lock); -@@ -150,8 +163,9 @@ int unshare_fs_struct(void) +@@ -150,8 +167,9 @@ int unshare_fs_struct(void) task_lock(current); spin_lock(&fs->lock); @@ -60455,7 +60404,7 @@ index 78b519c..0386555 100644 spin_unlock(&fs->lock); task_unlock(current); -@@ -164,13 +178,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); +@@ -164,13 +182,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); int current_umask(void) { @@ -60471,7 +60420,7 @@ index 78b519c..0386555 100644 .lock = __SPIN_LOCK_UNLOCKED(init_fs.lock), .seq = SEQCNT_ZERO, .umask = 0022, -@@ -186,12 +200,13 @@ void daemonize_fs_struct(void) +@@ -186,12 +204,13 @@ void daemonize_fs_struct(void) task_lock(current); spin_lock(&init_fs.lock); @@ -62116,47 +62065,6 @@ index 2f9197f..e2f03bf 100644 MODULE_LICENSE("GPL"); -/* Actual filesystem name is iso9660, as requested in filesystems.c */ -MODULE_ALIAS("iso9660"); -diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c -index ee62cc0..1780949 100644 ---- a/fs/isofs/rock.c -+++ b/fs/isofs/rock.c -@@ -30,6 +30,7 @@ struct rock_state { - int cont_size; - int cont_extent; - int cont_offset; -+ int cont_loops; - struct inode *inode; - }; - -@@ -73,6 +74,9 @@ static void init_rock_state(struct rock_state *rs, struct inode *inode) - rs->inode = inode; - } - -+/* Maximum number of Rock Ridge continuation entries */ -+#define RR_MAX_CE_ENTRIES 32 -+ - /* - * Returns 0 if the caller should continue scanning, 1 if the scan must end - * and -ve on error. -@@ -105,6 +109,8 @@ static int rock_continue(struct rock_state *rs) - goto out; - } - ret = -EIO; -+ if (++rs->cont_loops >= RR_MAX_CE_ENTRIES) -+ goto out; - bh = sb_bread(rs->inode->i_sb, rs->cont_extent); - if (bh) { - memcpy(rs->buffer, bh->b_data + rs->cont_offset, -@@ -356,6 +362,9 @@ repeat: - rs.cont_size = isonum_733(rr->u.CE.size); - break; - case SIG('E', 'R'): -+ /* Invalid length of ER tag id? */ -+ if (rr->u.ER.len_id + offsetof(struct rock_ridge, u.ER.data) > rr->len) -+ goto out; - ISOFS_SB(inode->i_sb)->s_rock = 1; - printk(KERN_DEBUG "ISO 9660 Extensions: "); - { diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index e513f19..2ab1351 100644 --- a/fs/jffs2/erase.c @@ -62327,7 +62235,7 @@ index 4d46a6a..dee1cdf 100644 static int __init init_minix_fs(void) { diff --git a/fs/namei.c b/fs/namei.c -index dea2dab..6452ab2 100644 +index c8b13a9..09cc61e 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask) @@ -62411,7 +62319,7 @@ index dea2dab..6452ab2 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1624,6 +1642,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1625,6 +1643,8 @@ static int path_lookupat(int dfd, const char *name, err = follow_link(&link, nd, &cookie); if (!err) err = lookup_last(nd, &path); @@ -62420,7 +62328,7 @@ index dea2dab..6452ab2 100644 put_link(nd, &link, cookie); } } -@@ -1631,6 +1651,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1632,6 +1652,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -62434,7 +62342,7 @@ index dea2dab..6452ab2 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -1662,6 +1689,12 @@ static int do_path_lookup(int dfd, const char *name, +@@ -1663,6 +1690,12 @@ static int do_path_lookup(int dfd, const char *name, if (nd->path.dentry && nd->inode) audit_inode(name, nd->path.dentry); } @@ -62447,7 +62355,7 @@ index dea2dab..6452ab2 100644 } return retval; } -@@ -1791,7 +1824,13 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) +@@ -1792,7 +1825,13 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) if (!len) return ERR_PTR(-EACCES); @@ -62461,7 +62369,7 @@ index dea2dab..6452ab2 100644 while (len--) { c = *(const unsigned char *)name++; if (c == '/' || c == '\0') -@@ -2055,6 +2094,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2056,6 +2095,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -62475,7 +62383,7 @@ index dea2dab..6452ab2 100644 return 0; } -@@ -2090,7 +2136,7 @@ static inline int open_to_namei_flags(int flag) +@@ -2091,7 +2137,7 @@ static inline int open_to_namei_flags(int flag) /* * Handle the last step of open() */ @@ -62484,7 +62392,7 @@ index dea2dab..6452ab2 100644 const struct open_flags *op, const char *pathname) { struct dentry *dir = nd->path.dentry; -@@ -2116,16 +2162,32 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2117,16 +2163,32 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -62517,7 +62425,7 @@ index dea2dab..6452ab2 100644 audit_inode(pathname, dir); goto ok; } -@@ -2141,18 +2203,31 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2142,18 +2204,31 @@ static struct file *do_last(struct nameidata *nd, struct path *path, !symlink_ok); if (error < 0) return ERR_PTR(error); @@ -62550,7 +62458,7 @@ index dea2dab..6452ab2 100644 audit_inode(pathname, nd->path.dentry); goto ok; } -@@ -2187,6 +2262,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2188,6 +2263,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode) { int mode = op->mode; @@ -62568,7 +62476,7 @@ index dea2dab..6452ab2 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2210,6 +2296,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2211,6 +2297,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = vfs_create(dir->d_inode, dentry, mode, nd); if (error) goto exit_mutex_unlock; @@ -62577,7 +62485,7 @@ index dea2dab..6452ab2 100644 mutex_unlock(&dir->d_inode->i_mutex); dput(nd->path.dentry); nd->path.dentry = dentry; -@@ -2219,6 +2307,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2220,6 +2308,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* * It already exists. */ @@ -62597,7 +62505,7 @@ index dea2dab..6452ab2 100644 mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path->dentry); -@@ -2237,11 +2338,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2238,11 +2339,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path, if (!path->dentry->d_inode) goto exit_dput; @@ -62616,7 +62524,7 @@ index dea2dab..6452ab2 100644 /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ error = complete_walk(nd); if (error) -@@ -2249,6 +2356,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2250,6 +2357,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = -EISDIR; if (S_ISDIR(nd->inode->i_mode)) goto exit; @@ -62629,7 +62537,7 @@ index dea2dab..6452ab2 100644 ok: if (!S_ISREG(nd->inode->i_mode)) will_truncate = 0; -@@ -2321,7 +2434,7 @@ static struct file *path_openat(int dfd, const char *pathname, +@@ -2322,7 +2435,7 @@ static struct file *path_openat(int dfd, const char *pathname, if (unlikely(error)) goto out_filp; @@ -62638,7 +62546,7 @@ index dea2dab..6452ab2 100644 while (unlikely(!filp)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -2336,8 +2449,9 @@ static struct file *path_openat(int dfd, const char *pathname, +@@ -2337,8 +2450,9 @@ static struct file *path_openat(int dfd, const char *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) filp = ERR_PTR(error); @@ -62650,7 +62558,7 @@ index dea2dab..6452ab2 100644 put_link(nd, &link, cookie); } out: -@@ -2431,6 +2545,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path +@@ -2432,6 +2546,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path *path = nd.path; return dentry; eexist: @@ -62662,7 +62570,7 @@ index dea2dab..6452ab2 100644 dput(dentry); dentry = ERR_PTR(-EEXIST); fail: -@@ -2453,6 +2572,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat +@@ -2454,6 +2573,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat } EXPORT_SYMBOL(user_path_create); @@ -62683,7 +62591,7 @@ index dea2dab..6452ab2 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -2520,6 +2653,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2521,6 +2654,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -62701,7 +62609,7 @@ index dea2dab..6452ab2 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out_drop_write; -@@ -2537,6 +2681,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2538,6 +2682,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, } out_drop_write: mnt_drop_write(path.mnt); @@ -62711,7 +62619,7 @@ index dea2dab..6452ab2 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2586,12 +2733,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) +@@ -2587,12 +2734,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -62733,7 +62641,7 @@ index dea2dab..6452ab2 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2671,6 +2827,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2672,6 +2828,8 @@ static long do_rmdir(int dfd, const char __user *pathname) char * name; struct dentry *dentry; struct nameidata nd; @@ -62742,7 +62650,7 @@ index dea2dab..6452ab2 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2699,6 +2857,15 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2700,6 +2858,15 @@ static long do_rmdir(int dfd, const char __user *pathname) error = -ENOENT; goto exit3; } @@ -62758,7 +62666,7 @@ index dea2dab..6452ab2 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit3; -@@ -2706,6 +2873,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2707,6 +2874,8 @@ static long do_rmdir(int dfd, const char __user *pathname) if (error) goto exit4; error = vfs_rmdir(nd.path.dentry->d_inode, dentry); @@ -62767,7 +62675,7 @@ index dea2dab..6452ab2 100644 exit4: mnt_drop_write(nd.path.mnt); exit3: -@@ -2768,6 +2937,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2769,6 +2938,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; @@ -62776,7 +62684,7 @@ index dea2dab..6452ab2 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2790,6 +2961,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2791,6 +2962,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (!inode) goto slashes; ihold(inode); @@ -62793,7 +62701,7 @@ index dea2dab..6452ab2 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit2; -@@ -2797,6 +2978,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2798,6 +2979,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (error) goto exit3; error = vfs_unlink(nd.path.dentry->d_inode, dentry); @@ -62802,7 +62710,7 @@ index dea2dab..6452ab2 100644 exit3: mnt_drop_write(nd.path.mnt); exit2: -@@ -2872,10 +3055,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, +@@ -2873,10 +3056,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -62821,7 +62729,7 @@ index dea2dab..6452ab2 100644 out_drop_write: mnt_drop_write(path.mnt); out_dput: -@@ -2947,6 +3138,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2948,6 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -62829,7 +62737,7 @@ index dea2dab..6452ab2 100644 int how = 0; int error; -@@ -2970,7 +3162,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2971,7 +3163,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, if (error) return error; @@ -62838,7 +62746,7 @@ index dea2dab..6452ab2 100644 error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out; -@@ -2981,13 +3173,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2982,13 +3174,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, error = mnt_want_write(new_path.mnt); if (error) goto out_dput; @@ -62869,10 +62777,18 @@ index dea2dab..6452ab2 100644 dput(new_dentry); mutex_unlock(&new_path.dentry->d_inode->i_mutex); path_put(&new_path); -@@ -3215,6 +3424,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3216,6 +3425,20 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, if (new_dentry == trap) goto exit5; ++ if (gr_bad_chroot_rename(old_dentry, oldnd.path.mnt, new_dentry, newnd.path.mnt)) { ++ /* use EXDEV error to cause 'mv' to switch to an alternative ++ * method for usability ++ */ ++ error = -EXDEV; ++ goto exit5; ++ } ++ + error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt, + old_dentry, old_dir->d_inode, oldnd.path.mnt, + to); @@ -62882,7 +62798,7 @@ index dea2dab..6452ab2 100644 error = mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3224,6 +3439,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3225,6 +3448,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, goto exit6; error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -62892,7 +62808,7 @@ index dea2dab..6452ab2 100644 exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3249,6 +3467,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3250,6 +3476,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -62901,7 +62817,7 @@ index dea2dab..6452ab2 100644 int len; len = PTR_ERR(link); -@@ -3258,7 +3478,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3259,7 +3487,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -65328,7 +65244,7 @@ index 03102d9..4ae347e 100644 } diff --git a/fs/proc/stat.c b/fs/proc/stat.c -index 4c9a859..8c9ebb1 100644 +index 81a48d1..b2275ba 100644 --- a/fs/proc/stat.c +++ b/fs/proc/stat.c @@ -11,6 +11,7 @@ @@ -66163,7 +66079,7 @@ index dba43c3..cb3437c 100644 { const struct seq_operations *op = ((struct seq_file *)file->private_data)->op; diff --git a/fs/splice.c b/fs/splice.c -index 714471d..2ca7fb5 100644 +index 34c2b2b..2f91055 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -195,7 +195,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -66227,7 +66143,7 @@ index 714471d..2ca7fb5 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1209,7 +1209,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1213,7 +1213,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -66236,7 +66152,7 @@ index 714471d..2ca7fb5 100644 current->splice_pipe = pipe; } -@@ -1477,6 +1477,7 @@ static int get_iovec_page_array(const struct iovec __user *iov, +@@ -1481,6 +1481,7 @@ static int get_iovec_page_array(const struct iovec __user *iov, partial[buffers].offset = off; partial[buffers].len = plen; @@ -66244,7 +66160,7 @@ index 714471d..2ca7fb5 100644 off = 0; len -= plen; -@@ -1762,9 +1763,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1766,9 +1767,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -66256,7 +66172,7 @@ index 714471d..2ca7fb5 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1796,7 +1797,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1800,7 +1801,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -66265,7 +66181,7 @@ index 714471d..2ca7fb5 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1809,9 +1810,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1813,9 +1814,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -66277,7 +66193,7 @@ index 714471d..2ca7fb5 100644 } pipe_unlock(pipe); -@@ -1847,14 +1848,14 @@ retry: +@@ -1851,14 +1852,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -66294,7 +66210,7 @@ index 714471d..2ca7fb5 100644 break; /* -@@ -1951,7 +1952,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1955,7 +1956,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -66303,7 +66219,7 @@ index 714471d..2ca7fb5 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1996,7 +1997,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -2000,7 +2001,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -66589,22 +66505,8 @@ index 201bcfc..cee4d16 100644 /* * Inode slab cache constructor. -diff --git a/fs/udf/dir.c b/fs/udf/dir.c -index eb8bfe2..7ab52de 100644 ---- a/fs/udf/dir.c -+++ b/fs/udf/dir.c -@@ -163,7 +163,8 @@ static int do_udf_readdir(struct inode *dir, struct file *filp, - struct kernel_lb_addr tloc = lelb_to_cpu(cfi.icb.extLocation); - - iblock = udf_get_lb_pblock(dir->i_sb, &tloc, 0); -- flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); -+ flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, -+ UDF_NAME_LEN); - dt_type = DT_UNKNOWN; - } - diff --git a/fs/udf/inode.c b/fs/udf/inode.c -index a0f6ded..645d7053 100644 +index 2a706bb..f1e984a 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -50,7 +50,6 @@ MODULE_LICENSE("GPL"); @@ -66816,8 +66718,8 @@ index a0f6ded..645d7053 100644 + goto out; } - switch (fe->icbTag.fileType) { -@@ -1451,8 +1449,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) + /* Sanity checks for files in ICB so that we don't get confused later */ +@@ -1469,8 +1467,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) default: udf_err(inode->i_sb, "(ino %ld) failed unknown file type=%d\n", inode->i_ino, fe->icbTag.fileType); @@ -66827,7 +66729,7 @@ index a0f6ded..645d7053 100644 } if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode)) { struct deviceSpec *dsea = -@@ -1463,8 +1460,12 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) +@@ -1481,8 +1478,12 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) le32_to_cpu(dsea->minorDeviceIdent))); /* Developer ID ??? */ } else @@ -66841,7 +66743,7 @@ index a0f6ded..645d7053 100644 } static int udf_alloc_i_data(struct inode *inode, size_t size) -@@ -1577,7 +1578,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) +@@ -1595,7 +1596,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) FE_PERM_U_DELETE | FE_PERM_U_CHATTR)); fe->permissions = cpu_to_le32(udfperms); @@ -66850,7 +66752,7 @@ index a0f6ded..645d7053 100644 fe->fileLinkCount = cpu_to_le16(inode->i_nlink - 1); else fe->fileLinkCount = cpu_to_le16(inode->i_nlink); -@@ -1738,32 +1739,23 @@ struct inode *udf_iget(struct super_block *sb, struct kernel_lb_addr *ino) +@@ -1756,32 +1757,23 @@ struct inode *udf_iget(struct super_block *sb, struct kernel_lb_addr *ino) { unsigned long block = udf_get_lb_pblock(sb, ino, 0); struct inode *inode = iget_locked(sb, block); @@ -66907,20 +66809,10 @@ index c175b4d..8f36a16 100644 int i; for (i = 0; i < sizeof(struct tag); ++i) diff --git a/fs/udf/namei.c b/fs/udf/namei.c -index 71c97fb..d86a93a 100644 +index 483d662..d86a93a 100644 --- a/fs/udf/namei.c +++ b/fs/udf/namei.c -@@ -235,7 +235,8 @@ static struct fileIdentDesc *udf_find_entry(struct inode *dir, - if (!lfi) - continue; - -- flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); -+ flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, -+ UDF_NAME_LEN); - if (flen && udf_match(flen, fname, child->len, child->name)) - goto out_ok; - } -@@ -272,9 +273,8 @@ static struct dentry *udf_lookup(struct inode *dir, struct dentry *dentry, +@@ -273,9 +273,8 @@ static struct dentry *udf_lookup(struct inode *dir, struct dentry *dentry, NULL, 0), }; inode = udf_iget(dir->i_sb, lb); @@ -66932,7 +66824,7 @@ index 71c97fb..d86a93a 100644 } else #endif /* UDF_RECOVERY */ -@@ -287,9 +287,8 @@ static struct dentry *udf_lookup(struct inode *dir, struct dentry *dentry, +@@ -288,9 +287,8 @@ static struct dentry *udf_lookup(struct inode *dir, struct dentry *dentry, loc = lelb_to_cpu(cfi.icb.extLocation); inode = udf_iget(dir->i_sb, &loc); @@ -66944,7 +66836,7 @@ index 71c97fb..d86a93a 100644 } return d_splice_alias(inode, dentry); -@@ -1211,7 +1210,7 @@ static struct dentry *udf_get_parent(struct dentry *child) +@@ -1212,7 +1210,7 @@ static struct dentry *udf_get_parent(struct dentry *child) struct udf_fileident_bh fibh; if (!udf_find_entry(child->d_inode, &dotdot, &fibh, &cfi)) @@ -66953,7 +66845,7 @@ index 71c97fb..d86a93a 100644 if (fibh.sbh != fibh.ebh) brelse(fibh.ebh); -@@ -1219,12 +1218,10 @@ static struct dentry *udf_get_parent(struct dentry *child) +@@ -1220,12 +1218,10 @@ static struct dentry *udf_get_parent(struct dentry *child) tloc = lelb_to_cpu(cfi.icb.extLocation); inode = udf_iget(child->d_inode->i_sb, &tloc); @@ -66968,7 +66860,7 @@ index 71c97fb..d86a93a 100644 } -@@ -1241,8 +1238,8 @@ static struct dentry *udf_nfs_get_inode(struct super_block *sb, u32 block, +@@ -1242,8 +1238,8 @@ static struct dentry *udf_nfs_get_inode(struct super_block *sb, u32 block, loc.partitionReferenceNum = partref; inode = udf_iget(sb, &loc); @@ -67157,147 +67049,8 @@ index f66439e..247cfef 100644 goto error_out; } -diff --git a/fs/udf/symlink.c b/fs/udf/symlink.c -index b1d4488..0422b7b 100644 ---- a/fs/udf/symlink.c -+++ b/fs/udf/symlink.c -@@ -30,43 +30,73 @@ - #include - #include "udf_i.h" - --static void udf_pc_to_char(struct super_block *sb, unsigned char *from, -- int fromlen, unsigned char *to) -+static int udf_pc_to_char(struct super_block *sb, unsigned char *from, -+ int fromlen, unsigned char *to, int tolen) - { - struct pathComponent *pc; - int elen = 0; -+ int comp_len; - unsigned char *p = to; - -+ /* Reserve one byte for terminating \0 */ -+ tolen--; - while (elen < fromlen) { - pc = (struct pathComponent *)(from + elen); -+ elen += sizeof(struct pathComponent); - switch (pc->componentType) { - case 1: -- if (pc->lengthComponentIdent == 0) { -- p = to; -- *p++ = '/'; -+ /* -+ * Symlink points to some place which should be agreed -+ * upon between originator and receiver of the media. Ignore. -+ */ -+ if (pc->lengthComponentIdent > 0) { -+ elen += pc->lengthComponentIdent; -+ break; - } -+ /* Fall through */ -+ case 2: -+ if (tolen == 0) -+ return -ENAMETOOLONG; -+ p = to; -+ *p++ = '/'; -+ tolen--; - break; - case 3: -+ if (tolen < 3) -+ return -ENAMETOOLONG; - memcpy(p, "../", 3); - p += 3; -+ tolen -= 3; - break; - case 4: -+ if (tolen < 2) -+ return -ENAMETOOLONG; - memcpy(p, "./", 2); - p += 2; -+ tolen -= 2; - /* that would be . - just ignore */ - break; - case 5: -- p += udf_get_filename(sb, pc->componentIdent, p, -- pc->lengthComponentIdent); -+ elen += pc->lengthComponentIdent; -+ if (elen > fromlen) -+ return -EIO; -+ comp_len = udf_get_filename(sb, pc->componentIdent, -+ pc->lengthComponentIdent, -+ p, tolen); -+ p += comp_len; -+ tolen -= comp_len; -+ if (tolen == 0) -+ return -ENAMETOOLONG; - *p++ = '/'; -+ tolen--; - break; - } -- elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; - } - if (p > to + 1) - p[-1] = '\0'; - else - p[0] = '\0'; -+ return 0; - } - - static int udf_symlink_filler(struct file *file, struct page *page) -@@ -74,11 +104,17 @@ static int udf_symlink_filler(struct file *file, struct page *page) - struct inode *inode = page->mapping->host; - struct buffer_head *bh = NULL; - unsigned char *symlink; -- int err = -EIO; -+ int err; - unsigned char *p = kmap(page); - struct udf_inode_info *iinfo; - uint32_t pos; - -+ /* We don't support symlinks longer than one block */ -+ if (inode->i_size > inode->i_sb->s_blocksize) { -+ err = -ENAMETOOLONG; -+ goto out_unmap; -+ } -+ - iinfo = UDF_I(inode); - pos = udf_block_map(inode, 0); - -@@ -88,14 +124,18 @@ static int udf_symlink_filler(struct file *file, struct page *page) - } else { - bh = sb_bread(inode->i_sb, pos); - -- if (!bh) -- goto out; -+ if (!bh) { -+ err = -EIO; -+ goto out_unlock_inode; -+ } - - symlink = bh->b_data; - } - -- udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p); -+ err = udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p, PAGE_SIZE); - brelse(bh); -+ if (err) -+ goto out_unlock_inode; - - up_read(&iinfo->i_data_sem); - SetPageUptodate(page); -@@ -103,9 +143,10 @@ static int udf_symlink_filler(struct file *file, struct page *page) - unlock_page(page); - return 0; - --out: -+out_unlock_inode: - up_read(&iinfo->i_data_sem); - SetPageError(page); -+out_unmap: - kunmap(page); - unlock_page(page); - return err; diff --git a/fs/udf/udfdecl.h b/fs/udf/udfdecl.h -index f34e6fc..3156eb1 100644 +index 8775ab23..3156eb1 100644 --- a/fs/udf/udfdecl.h +++ b/fs/udf/udfdecl.h @@ -149,7 +149,6 @@ extern int udf_expand_file_adinicb(struct inode *); @@ -67308,102 +67061,6 @@ index f34e6fc..3156eb1 100644 extern void udf_evict_inode(struct inode *); extern int udf_write_inode(struct inode *, struct writeback_control *wbc); extern long udf_block_map(struct inode *, sector_t); -@@ -207,7 +206,8 @@ udf_get_lb_pblock(struct super_block *sb, struct kernel_lb_addr *loc, - } - - /* unicode.c */ --extern int udf_get_filename(struct super_block *, uint8_t *, uint8_t *, int); -+extern int udf_get_filename(struct super_block *, uint8_t *, int, uint8_t *, -+ int); - extern int udf_put_filename(struct super_block *, const uint8_t *, uint8_t *, - int); - extern int udf_build_ustr(struct ustr *, dstring *, int); -diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c -index 44b815e..d29c06f 100644 ---- a/fs/udf/unicode.c -+++ b/fs/udf/unicode.c -@@ -28,7 +28,8 @@ - - #include "udf_sb.h" - --static int udf_translate_to_linux(uint8_t *, uint8_t *, int, uint8_t *, int); -+static int udf_translate_to_linux(uint8_t *, int, uint8_t *, int, uint8_t *, -+ int); - - static int udf_char_to_ustr(struct ustr *dest, const uint8_t *src, int strlen) - { -@@ -333,8 +334,8 @@ try_again: - return u_len + 1; - } - --int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, -- int flen) -+int udf_get_filename(struct super_block *sb, uint8_t *sname, int slen, -+ uint8_t *dname, int dlen) - { - struct ustr *filename, *unifilename; - int len = 0; -@@ -347,7 +348,7 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, - if (!unifilename) - goto out1; - -- if (udf_build_ustr_exact(unifilename, sname, flen)) -+ if (udf_build_ustr_exact(unifilename, sname, slen)) - goto out2; - - if (UDF_QUERY_FLAG(sb, UDF_FLAG_UTF8)) { -@@ -366,7 +367,8 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, - } else - goto out2; - -- len = udf_translate_to_linux(dname, filename->u_name, filename->u_len, -+ len = udf_translate_to_linux(dname, dlen, -+ filename->u_name, filename->u_len, - unifilename->u_name, unifilename->u_len); - out2: - kfree(unifilename); -@@ -403,10 +405,12 @@ int udf_put_filename(struct super_block *sb, const uint8_t *sname, - #define EXT_MARK '.' - #define CRC_MARK '#' - #define EXT_SIZE 5 -+/* Number of chars we need to store generated CRC to make filename unique */ -+#define CRC_LEN 5 - --static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, -- int udfLen, uint8_t *fidName, -- int fidNameLen) -+static int udf_translate_to_linux(uint8_t *newName, int newLen, -+ uint8_t *udfName, int udfLen, -+ uint8_t *fidName, int fidNameLen) - { - int index, newIndex = 0, needsCRC = 0; - int extIndex = 0, newExtIndex = 0, hasExt = 0; -@@ -440,7 +444,7 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, - newExtIndex = newIndex; - } - } -- if (newIndex < 256) -+ if (newIndex < newLen) - newName[newIndex++] = curr; - else - needsCRC = 1; -@@ -468,13 +472,13 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, - } - ext[localExtIndex++] = curr; - } -- maxFilenameLen = 250 - localExtIndex; -+ maxFilenameLen = newLen - CRC_LEN - localExtIndex; - if (newIndex > maxFilenameLen) - newIndex = maxFilenameLen; - else - newIndex = newExtIndex; -- } else if (newIndex > 250) -- newIndex = 250; -+ } else if (newIndex > newLen - CRC_LEN) -+ newIndex = newLen - CRC_LEN; - newName[newIndex++] = CRC_MARK; - valueCRC = crc_itu_t(0, fidName, fidNameLen); - newName[newIndex++] = hexChar[(valueCRC & 0xf000) >> 12]; diff --git a/fs/ufs/super.c b/fs/ufs/super.c index 3915ade..00fcbf4 100644 --- a/fs/ufs/super.c @@ -67766,10 +67423,10 @@ index 8a89949..6776861 100644 xfs_init_zones(void) diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..0e0866c +index 0000000..1d38334 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1154 @@ +@@ -0,0 +1,1170 @@ +# +# grecurity configuration +# @@ -68398,6 +68055,22 @@ index 0000000..0e0866c + sysctl option is enabled, a sysctl option with name + "chroot_deny_sysctl" is created. + ++config GRKERNSEC_CHROOT_RENAME ++ bool "Deny bad renames" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on GRKERNSEC_CHROOT ++ help ++ If you say Y here, an attacker in a chroot will not be able to ++ abuse the ability to create double chroots to break out of the ++ chroot by exploiting a race condition between a rename of a directory ++ within a chroot against an open of a symlink with relative path ++ components. This feature will likewise prevent an accomplice outside ++ a chroot from enabling a user inside the chroot to break out and make ++ use of their credentials on the global filesystem. Enabling this ++ feature is essential to prevent root users from breaking out of a ++ chroot. If the sysctl option is enabled, a sysctl option with name ++ "chroot_deny_bad_rename" is created. ++ +config GRKERNSEC_CHROOT_CAPS + bool "Capability restrictions" + default y if GRKERNSEC_CONFIG_AUTO @@ -75645,15 +75318,16 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..60b786f +index 0000000..bf944ab --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,370 @@ +@@ -0,0 +1,455 @@ +#include +#include +#include +#include +#include ++#include +#include +#include +#include @@ -75664,6 +75338,90 @@ index 0000000..60b786f +int gr_init_ran; +#endif + ++DECLARE_BRLOCK(vfsmount_lock); ++ ++void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *tmpd = dentry; ++ ++ br_read_lock(vfsmount_lock); ++ write_seqlock(&rename_lock); ++ ++ while (tmpd != mnt->mnt_root) { ++ atomic_inc(&tmpd->chroot_refcnt); ++ tmpd = tmpd->d_parent; ++ } ++ atomic_inc(&tmpd->chroot_refcnt); ++ ++ write_sequnlock(&rename_lock); ++ br_read_unlock(vfsmount_lock); ++#endif ++} ++ ++void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *tmpd = dentry; ++ ++ br_read_lock(vfsmount_lock); ++ write_seqlock(&rename_lock); ++ ++ while (tmpd != mnt->mnt_root) { ++ atomic_dec(&tmpd->chroot_refcnt); ++ tmpd = tmpd->d_parent; ++ } ++ atomic_dec(&tmpd->chroot_refcnt); ++ ++ write_sequnlock(&rename_lock); ++ br_read_unlock(vfsmount_lock); ++#endif ++} ++ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++static struct dentry *get_closest_chroot(struct dentry *dentry) ++{ ++ write_seqlock(&rename_lock); ++ do { ++ if (atomic_read(&dentry->chroot_refcnt)) { ++ write_sequnlock(&rename_lock); ++ return dentry; ++ } ++ dentry = dentry->d_parent; ++ } while (!IS_ROOT(dentry)); ++ write_sequnlock(&rename_lock); ++ return NULL; ++} ++#endif ++ ++int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt, ++ struct dentry *newdentry, struct vfsmount *newmnt) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ struct dentry *chroot; ++ ++ if (unlikely(!grsec_enable_chroot_rename)) ++ return 0; ++ ++ if (likely(!proc_is_chrooted(current) && !current_uid())) ++ return 0; ++ ++ chroot = get_closest_chroot(olddentry); ++ ++ if (chroot == NULL) ++ return 0; ++ ++ if (is_subdir(newdentry, chroot)) ++ return 0; ++ ++ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_RENAME_MSG, olddentry, oldmnt); ++ ++ return 1; ++#else ++ return 0; ++#endif ++} ++ +void gr_set_chroot_entries(struct task_struct *task, struct path *path) +{ +#ifdef CONFIG_GRKERNSEC @@ -76698,10 +76456,10 @@ index 0000000..8ca18bf +} diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c new file mode 100644 -index 0000000..a5e1b5c +index 0000000..b09101d --- /dev/null +++ b/grsecurity/grsec_init.c -@@ -0,0 +1,286 @@ +@@ -0,0 +1,290 @@ +#include +#include +#include @@ -76744,6 +76502,7 @@ index 0000000..a5e1b5c +int grsec_enable_chroot_nice; +int grsec_enable_chroot_execlog; +int grsec_enable_chroot_caps; ++int grsec_enable_chroot_rename; +int grsec_enable_chroot_sysctl; +int grsec_enable_chroot_unix; +int grsec_enable_tpe; @@ -76955,6 +76714,9 @@ index 0000000..a5e1b5c +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS + grsec_enable_chroot_caps = 1; +#endif ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ grsec_enable_chroot_rename = 1; ++#endif +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL + grsec_enable_chroot_sysctl = 1; +#endif @@ -78190,10 +77952,10 @@ index 0000000..e3650b6 +} diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c new file mode 100644 -index 0000000..0d4723d +index 0000000..a51b175 --- /dev/null +++ b/grsecurity/grsec_sysctl.c -@@ -0,0 +1,477 @@ +@@ -0,0 +1,486 @@ +#include +#include +#include @@ -78461,6 +78223,15 @@ index 0000000..0d4723d + .proc_handler = &proc_dointvec, + }, +#endif ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ { ++ .procname = "chroot_deny_bad_rename", ++ .data = &grsec_enable_chroot_rename, ++ .maxlen = sizeof(int), ++ .mode = 0600, ++ .proc_handler = &proc_dointvec, ++ }, ++#endif +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL + { + .procname = "chroot_deny_sysctl", @@ -80160,6 +79931,39 @@ index e2a360a..1d61efb 100644 #endif #if __GNUC_MINOR__ > 0 +diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h +index cdd1cc2..59dc542 100644 +--- a/include/linux/compiler-gcc5.h ++++ b/include/linux/compiler-gcc5.h +@@ -28,6 +28,28 @@ + # define __compiletime_error(message) __attribute__((error(message))) + #endif /* __CHECKER__ */ + ++#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__))) ++#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) ++#define __bos0(ptr) __bos((ptr), 0) ++#define __bos1(ptr) __bos((ptr), 1) ++ ++#ifdef CONSTIFY_PLUGIN ++#error not yet ++#define __no_const __attribute__((no_const)) ++#define __do_const __attribute__((do_const)) ++#endif ++ ++#ifdef SIZE_OVERFLOW_PLUGIN ++#error not yet ++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__))) ++#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__))) ++#endif ++ ++#ifdef LATENT_ENTROPY_PLUGIN ++#error not yet ++#define __latent_entropy __attribute__((latent_entropy)) ++#endif ++ + /* + * Mark a position in code as unreachable. This can be used to + * suppress control flow warnings after asm blocks that transfer diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 7c7546b..92ea3ae 100644 --- a/include/linux/compiler.h @@ -80497,10 +80301,10 @@ index 4030896..4d2c309 100644 #define current_cred_xxx(xxx) \ ({ \ diff --git a/include/linux/crypto.h b/include/linux/crypto.h -index 8a94217..15d49e3 100644 +index ca01ea8..daaa939 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h -@@ -365,7 +365,7 @@ struct cipher_tfm { +@@ -378,7 +378,7 @@ struct cipher_tfm { const u8 *key, unsigned int keylen); void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); @@ -80509,7 +80313,7 @@ index 8a94217..15d49e3 100644 struct hash_tfm { int (*init)(struct hash_desc *desc); -@@ -386,13 +386,13 @@ struct compress_tfm { +@@ -399,13 +399,13 @@ struct compress_tfm { int (*cot_decompress)(struct crypto_tfm *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int *dlen); @@ -80539,10 +80343,20 @@ index 8acfe31..6ffccd63 100644 return c | 0x20; } diff --git a/include/linux/dcache.h b/include/linux/dcache.h -index 99374de..6388abb 100644 +index 99374de..ac23d39 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h -@@ -142,7 +142,7 @@ struct dentry { +@@ -132,6 +132,9 @@ struct dentry { + unsigned long d_time; /* used by d_revalidate */ + void *d_fsdata; /* fs-specific data */ + ++#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME ++ atomic_t chroot_refcnt; /* tracks use of directory in chroot */ ++#endif + struct list_head d_lru; /* LRU list */ + struct list_head d_child; /* child of parent list */ + struct list_head d_subdirs; /* our children */ +@@ -142,7 +145,7 @@ struct dentry { struct list_head d_alias; /* inode alias list */ struct rcu_head d_rcu; } d_u; @@ -80565,7 +80379,7 @@ index 7925bf0..d5143d2 100644 #define large_malloc(a) vmalloc(a) diff --git a/include/linux/device.h b/include/linux/device.h -index 3136ede..9a589c5 100644 +index a31c5d0..ff3d03b 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -427,7 +427,7 @@ struct device_type { @@ -81740,10 +81554,10 @@ index 0000000..be66033 +#endif diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h new file mode 100644 -index 0000000..7dc4203 +index 0000000..248956b --- /dev/null +++ b/include/linux/grinternal.h -@@ -0,0 +1,237 @@ +@@ -0,0 +1,238 @@ +#ifndef __GRINTERNAL_H +#define __GRINTERNAL_H + @@ -81803,6 +81617,7 @@ index 0000000..7dc4203 +extern int grsec_enable_chroot_nice; +extern int grsec_enable_chroot_execlog; +extern int grsec_enable_chroot_caps; ++extern int grsec_enable_chroot_rename; +extern int grsec_enable_chroot_sysctl; +extern int grsec_enable_chroot_unix; +extern int grsec_enable_symlinkown; @@ -81983,10 +81798,10 @@ index 0000000..7dc4203 +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..b02ba9d +index 0000000..26ef560 --- /dev/null +++ b/include/linux/grmsg.h -@@ -0,0 +1,117 @@ +@@ -0,0 +1,118 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -82030,6 +81845,7 @@ index 0000000..b02ba9d +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by " ++#define GR_CHROOT_RENAME_MSG "denied bad rename of %.950s out of a chroot by " +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by " +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " @@ -82106,10 +81922,10 @@ index 0000000..b02ba9d +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..85351c8 +index 0000000..083dbf1 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,233 @@ +@@ -0,0 +1,238 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include @@ -82320,6 +82136,11 @@ index 0000000..85351c8 + +int gr_ptrace_readexec(struct file *file, int unsafe_flags); + ++void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt); ++void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt); ++int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt, ++ struct dentry *newdentry, struct vfsmount *newmnt); ++ +#ifdef CONFIG_GRKERNSEC +void task_grsec_rbac(struct seq_file *m, struct task_struct *p); +void gr_handle_vm86(void); @@ -82856,10 +82677,10 @@ index f93d8c1..71244f6 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index d773b21..95a0913 100644 +index 42ac6ad..703f223 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -914,7 +914,7 @@ struct ata_port_operations { +@@ -915,7 +915,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -82991,7 +82812,7 @@ index 3797270..7765ede 100644 struct mca_bus { u64 default_dma_mask; diff --git a/include/linux/mm.h b/include/linux/mm.h -index 7f40120..8879e77 100644 +index e5ee683..61d2731 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); @@ -83028,7 +82849,7 @@ index 7f40120..8879e77 100644 struct mmu_gather; struct inode; -@@ -941,8 +949,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -942,8 +950,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -83039,7 +82860,7 @@ index 7f40120..8879e77 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -985,10 +993,10 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -986,10 +994,10 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -83054,7 +82875,7 @@ index 7f40120..8879e77 100644 int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, int len, unsigned int foll_flags, -@@ -1014,34 +1022,6 @@ int set_page_dirty(struct page *page); +@@ -1015,34 +1023,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -83089,7 +82910,7 @@ index 7f40120..8879e77 100644 extern unsigned long move_page_tables(struct vm_area_struct *vma, unsigned long old_addr, struct vm_area_struct *new_vma, unsigned long new_addr, unsigned long len); -@@ -1136,6 +1116,15 @@ static inline void sync_mm_rss(struct task_struct *task, struct mm_struct *mm) +@@ -1137,6 +1117,15 @@ static inline void sync_mm_rss(struct task_struct *task, struct mm_struct *mm) } #endif @@ -83105,7 +82926,7 @@ index 7f40120..8879e77 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1154,8 +1143,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1155,8 +1144,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -83121,7 +82942,7 @@ index 7f40120..8879e77 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1164,8 +1160,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1165,8 +1161,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -83137,7 +82958,7 @@ index 7f40120..8879e77 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1183,11 +1186,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1184,11 +1187,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -83161,7 +82982,7 @@ index 7f40120..8879e77 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTLOCKS -@@ -1398,7 +1413,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1399,7 +1414,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -83170,7 +82991,7 @@ index 7f40120..8879e77 100644 extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, -@@ -1421,6 +1436,7 @@ out: +@@ -1422,6 +1437,7 @@ out: } extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -83178,7 +82999,7 @@ index 7f40120..8879e77 100644 extern unsigned long do_brk(unsigned long, unsigned long); -@@ -1478,6 +1494,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1479,6 +1495,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -83189,7 +83010,7 @@ index 7f40120..8879e77 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1494,15 +1514,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) +@@ -1495,15 +1515,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; } @@ -83205,7 +83026,7 @@ index 7f40120..8879e77 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1538,6 +1549,12 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1539,6 +1550,12 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -83218,7 +83039,7 @@ index 7f40120..8879e77 100644 } #endif /* CONFIG_PROC_FS */ -@@ -1618,7 +1635,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1619,7 +1636,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -83227,7 +83048,7 @@ index 7f40120..8879e77 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1632,5 +1649,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, +@@ -1633,5 +1650,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, unsigned int pages_per_huge_page); #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */ @@ -83783,6 +83604,19 @@ index 45fc162..01a4068 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot +diff --git a/include/linux/percpu.h b/include/linux/percpu.h +index 9ca008f..d82f96a 100644 +--- a/include/linux/percpu.h ++++ b/include/linux/percpu.h +@@ -58,7 +58,7 @@ + * preallocate for this. Keep PERCPU_DYNAMIC_RESERVE equal to or + * larger than PERCPU_DYNAMIC_EARLY_SIZE. + */ +-#define PERCPU_DYNAMIC_EARLY_SLOTS 128 ++#define PERCPU_DYNAMIC_EARLY_SLOTS 256 + #define PERCPU_DYNAMIC_EARLY_SIZE (12 << 10) + + /* diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 8d5b91e..9209ea4 100644 --- a/include/linux/perf_event.h @@ -83867,6 +83701,19 @@ index 8fc7dd1a..c19d89e 100644 MMAP_PAGE_ZERO) /* +diff --git a/include/linux/phy.h b/include/linux/phy.h +index 79f337c..228104f 100644 +--- a/include/linux/phy.h ++++ b/include/linux/phy.h +@@ -471,7 +471,7 @@ static inline int phy_write(struct phy_device *phydev, u32 regnum, u16 val) + return mdiobus_write(phydev->bus, phydev->addr, regnum, val); + } + +-int get_phy_id(struct mii_bus *bus, int addr, u32 *phy_id); ++int get_phy_id(struct mii_bus *bus, int addr, int *phy_id); + struct phy_device* get_phy_device(struct mii_bus *bus, int addr); + int phy_device_register(struct phy_device *phy); + int phy_init_hw(struct phy_device *phydev); diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index 38d1032..d3f6744 100644 --- a/include/linux/pid_namespace.h @@ -84376,10 +84223,10 @@ index 4d50611..c6858a2 100644 #define RIO_RESOURCE_MEM 0x00000100 #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h -index 2148b12..519b820 100644 +index b0df05a..d0803b6 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h -@@ -119,8 +119,8 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma) +@@ -129,8 +129,8 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma) void anon_vma_init(void); /* create anon_vma_cachep */ int anon_vma_prepare(struct vm_area_struct *); void unlink_anon_vmas(struct vm_area_struct *); @@ -85681,7 +85528,7 @@ index 20f63d3..fdd3cbb 100644 #define _SYSDEV_ATTR(_name, _mode, _show, _store) \ { \ diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h -index dac0859..4ea79a9 100644 +index 2b9cd8d..b8a7592 100644 --- a/include/linux/sysfs.h +++ b/include/linux/sysfs.h @@ -30,7 +30,8 @@ struct attribute { @@ -85705,7 +85552,7 @@ index dac0859..4ea79a9 100644 /** -@@ -95,7 +96,8 @@ struct bin_attribute { +@@ -104,7 +105,8 @@ struct bin_attribute { char *, loff_t, size_t); int (*mmap)(struct file *, struct kobject *, struct bin_attribute *attr, struct vm_area_struct *vma); @@ -86085,7 +85932,7 @@ index 45a7698..76e6993 100644 } __attribute__ ((packed)); diff --git a/include/linux/virtio.h b/include/linux/virtio.h -index 96c7843..e518462 100644 +index e4807af..f12924f 100644 --- a/include/linux/virtio.h +++ b/include/linux/virtio.h @@ -90,6 +90,10 @@ static inline int virtqueue_add_buf(struct virtqueue *vq, @@ -86099,7 +85946,7 @@ index 96c7843..e518462 100644 void *virtqueue_get_buf(struct virtqueue *vq, unsigned int *len); void virtqueue_disable_cb(struct virtqueue *vq); -@@ -148,6 +152,7 @@ struct virtio_driver { +@@ -152,6 +156,7 @@ struct virtio_driver { const unsigned int *feature_table; unsigned int feature_table_size; int (*probe)(struct virtio_device *dev); @@ -86592,7 +86439,7 @@ index 1ee535b..91976cb1 100644 { return test_bit(port, sysctl_local_reserved_ports); diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h -index 2124004..3713897 100644 +index 6e4569f..0c8aa25 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -144,7 +144,7 @@ extern __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh); @@ -86994,10 +86841,10 @@ index b1c3d1c..895573a 100644 extern u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, __be16 dport); diff --git a/include/net/sock.h b/include/net/sock.h -index e6454b6..7a6b6bc 100644 +index c8dcbb8..50b02f1 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -278,7 +278,7 @@ struct sock { +@@ -277,7 +277,7 @@ struct sock { #ifdef CONFIG_RPS __u32 sk_rxhash; #endif @@ -87006,7 +86853,7 @@ index e6454b6..7a6b6bc 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -849,7 +849,7 @@ struct proto { +@@ -847,7 +847,7 @@ struct proto { #ifdef SOCK_REFCNT_DEBUG atomic_t socks; #endif @@ -87015,7 +86862,7 @@ index e6454b6..7a6b6bc 100644 extern int proto_register(struct proto *prot, int alloc_slab); extern void proto_unregister(struct proto *prot); -@@ -929,7 +929,7 @@ struct sock_iocb { +@@ -927,7 +927,7 @@ struct sock_iocb { struct scm_cookie *scm; struct msghdr *msg, async_msg; struct kiocb *kiocb; @@ -87024,7 +86871,7 @@ index e6454b6..7a6b6bc 100644 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) { -@@ -1416,7 +1416,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags) +@@ -1414,7 +1414,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -87033,7 +86880,7 @@ index e6454b6..7a6b6bc 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -1678,7 +1678,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -1676,7 +1676,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -94457,7 +94304,7 @@ index e660464..c8b9e67 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index 060f961..fe7a19e 100644 +index f64e88b..9406590 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -163,6 +163,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -97199,7 +97046,7 @@ index 51901b1..79af2f4 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 628cadc..4db2e08 100644 +index 0a7bb38..4efd48c 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -462,8 +462,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -97535,7 +97382,7 @@ index 628cadc..4db2e08 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2726,6 +2923,12 @@ gotten: +@@ -2733,6 +2930,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -97548,7 +97395,7 @@ index 628cadc..4db2e08 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2777,6 +2980,10 @@ gotten: +@@ -2784,6 +2987,10 @@ gotten: page_remove_rmap(old_page); } @@ -97559,7 +97406,7 @@ index 628cadc..4db2e08 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3056,6 +3263,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3063,6 +3270,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -97571,7 +97418,7 @@ index 628cadc..4db2e08 100644 unlock_page(page); if (swapcache) { /* -@@ -3079,6 +3291,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3086,6 +3298,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -97583,7 +97430,7 @@ index 628cadc..4db2e08 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3098,40 +3315,6 @@ out_release: +@@ -3105,40 +3322,6 @@ out_release: } /* @@ -97606,7 +97453,7 @@ index 628cadc..4db2e08 100644 - if (prev && prev->vm_end == address) - return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM; - -- expand_downwards(vma, address - PAGE_SIZE); +- return expand_downwards(vma, address - PAGE_SIZE); - } - if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) { - struct vm_area_struct *next = vma->vm_next; @@ -97615,7 +97462,7 @@ index 628cadc..4db2e08 100644 - if (next && next->vm_start == address + PAGE_SIZE) - return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM; - -- expand_upwards(vma, address + PAGE_SIZE); +- return expand_upwards(vma, address + PAGE_SIZE); - } - return 0; -} @@ -97624,7 +97471,7 @@ index 628cadc..4db2e08 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3140,27 +3323,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3147,27 +3330,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -97637,7 +97484,7 @@ index 628cadc..4db2e08 100644 - - /* Check if we need to add a guard page to the stack */ - if (check_stack_guard_page(vma, address) < 0) -- return VM_FAULT_SIGBUS; +- return VM_FAULT_SIGSEGV; - - /* Use the zero-page for reads */ if (!(flags & FAULT_FLAG_WRITE)) { @@ -97657,7 +97504,7 @@ index 628cadc..4db2e08 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3179,6 +3358,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3186,6 +3365,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -97669,7 +97516,7 @@ index 628cadc..4db2e08 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3186,6 +3370,12 @@ setpte: +@@ -3193,6 +3377,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -97682,7 +97529,7 @@ index 628cadc..4db2e08 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3329,6 +3519,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3336,6 +3526,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -97695,7 +97542,7 @@ index 628cadc..4db2e08 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3348,6 +3544,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3355,6 +3551,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -97710,7 +97557,7 @@ index 628cadc..4db2e08 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3501,6 +3705,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3508,6 +3712,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -97723,7 +97570,7 @@ index 628cadc..4db2e08 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3517,6 +3727,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3524,6 +3734,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -97734,7 +97581,7 @@ index 628cadc..4db2e08 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3528,6 +3742,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3535,6 +3749,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -97769,7 +97616,7 @@ index 628cadc..4db2e08 100644 retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); -@@ -3569,7 +3811,7 @@ retry: +@@ -3576,7 +3818,7 @@ retry: * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -97778,7 +97625,7 @@ index 628cadc..4db2e08 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3606,6 +3848,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3613,6 +3855,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -97802,7 +97649,7 @@ index 628cadc..4db2e08 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3636,11 +3895,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3643,11 +3902,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -97840,7 +97687,7 @@ index 628cadc..4db2e08 100644 struct vm_area_struct * vma; vma = find_vma(current->mm, addr); -@@ -3673,7 +3956,7 @@ static int __init gate_vma_init(void) +@@ -3680,7 +3963,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -97849,7 +97696,7 @@ index 628cadc..4db2e08 100644 /* * Make sure the vDSO gets into every core dump. * Dumping its contents makes post-mortem fully interpretable later -@@ -3813,8 +4096,8 @@ out: +@@ -3820,8 +4103,8 @@ out: return ret; } @@ -97860,7 +97707,7 @@ index 628cadc..4db2e08 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -3839,8 +4122,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, +@@ -3846,8 +4129,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -97871,7 +97718,7 @@ index 628cadc..4db2e08 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -3848,7 +4131,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3855,7 +4138,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -97880,7 +97727,7 @@ index 628cadc..4db2e08 100644 void *maddr; struct page *page = NULL; -@@ -3907,8 +4190,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3914,8 +4197,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -97891,7 +97738,7 @@ index 628cadc..4db2e08 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -3918,11 +4201,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -3925,11 +4208,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -98141,7 +97988,7 @@ index 1ffd97a..ed75674 100644 int mminit_loglevel; diff --git a/mm/mmap.c b/mm/mmap.c -index f2badbf..06d44c2 100644 +index 13b5685..39383bb 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -30,6 +30,7 @@ @@ -98226,7 +98073,7 @@ index f2badbf..06d44c2 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -689,6 +717,12 @@ static int +@@ -694,6 +722,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -98239,7 +98086,7 @@ index f2badbf..06d44c2 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -708,6 +742,12 @@ static int +@@ -713,6 +747,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -98252,7 +98099,7 @@ index f2badbf..06d44c2 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -750,13 +790,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -755,13 +795,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -98274,7 +98121,7 @@ index f2badbf..06d44c2 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -772,6 +819,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -777,6 +824,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -98290,7 +98137,7 @@ index f2badbf..06d44c2 100644 /* * Can it merge with the predecessor? */ -@@ -791,9 +847,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -796,9 +852,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -98316,7 +98163,7 @@ index f2badbf..06d44c2 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev, vm_flags); -@@ -807,12 +878,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -812,12 +883,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -98346,7 +98193,7 @@ index f2badbf..06d44c2 100644 if (err) return NULL; khugepaged_enter_vma_merge(area, vm_flags); -@@ -921,15 +1007,22 @@ none: +@@ -926,15 +1012,22 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -98372,7 +98219,7 @@ index f2badbf..06d44c2 100644 if (flags & (VM_RESERVED|VM_IO)) mm->reserved_vm += pages; } -@@ -955,7 +1048,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -960,7 +1053,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -98381,7 +98228,7 @@ index f2badbf..06d44c2 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -981,7 +1074,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -986,7 +1079,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -98390,7 +98237,7 @@ index f2badbf..06d44c2 100644 if (addr & ~PAGE_MASK) return addr; -@@ -992,6 +1085,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -997,6 +1090,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -98434,7 +98281,7 @@ index f2badbf..06d44c2 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1003,6 +1133,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1008,6 +1138,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -98442,7 +98289,7 @@ index f2badbf..06d44c2 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1073,6 +1204,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1078,6 +1209,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, if (error) return error; @@ -98452,7 +98299,7 @@ index f2badbf..06d44c2 100644 return mmap_region(file, addr, len, flags, vm_flags, pgoff); } EXPORT_SYMBOL(do_mmap_pgoff); -@@ -1153,7 +1287,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1158,7 +1292,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -98461,7 +98308,7 @@ index f2badbf..06d44c2 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1202,17 +1336,32 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1207,17 +1341,32 @@ unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long charged = 0; struct inode *inode = file ? file->f_path.dentry->d_inode : NULL; @@ -98496,7 +98343,7 @@ index f2badbf..06d44c2 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) return -ENOMEM; -@@ -1258,6 +1407,16 @@ munmap_back: +@@ -1263,6 +1412,16 @@ munmap_back: goto unacct_error; } @@ -98513,7 +98360,7 @@ index f2badbf..06d44c2 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1266,8 +1425,9 @@ munmap_back: +@@ -1271,8 +1430,9 @@ munmap_back: vma->vm_pgoff = pgoff; INIT_LIST_HEAD(&vma->anon_vma_chain); @@ -98524,7 +98371,7 @@ index f2badbf..06d44c2 100644 if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP)) goto free_vma; if (vm_flags & VM_DENYWRITE) { -@@ -1281,6 +1441,19 @@ munmap_back: +@@ -1286,6 +1446,19 @@ munmap_back: error = file->f_op->mmap(file, vma); if (error) goto unmap_and_free_vma; @@ -98544,7 +98391,7 @@ index f2badbf..06d44c2 100644 if (vm_flags & VM_EXECUTABLE) added_exe_file_vma(mm); -@@ -1293,6 +1466,8 @@ munmap_back: +@@ -1298,6 +1471,8 @@ munmap_back: pgoff = vma->vm_pgoff; vm_flags = vma->vm_flags; } else if (vm_flags & VM_SHARED) { @@ -98553,7 +98400,7 @@ index f2badbf..06d44c2 100644 error = shmem_zero_setup(vma); if (error) goto free_vma; -@@ -1316,14 +1491,19 @@ munmap_back: +@@ -1321,14 +1496,19 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -98574,7 +98421,7 @@ index f2badbf..06d44c2 100644 if (vm_flags & VM_LOCKED) { if (!mlock_vma_pages_range(vma, addr, addr + len)) mm->locked_vm += (len >> PAGE_SHIFT); -@@ -1341,6 +1521,12 @@ unmap_and_free_vma: +@@ -1346,6 +1526,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -98587,7 +98434,7 @@ index f2badbf..06d44c2 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1348,6 +1534,73 @@ unacct_error: +@@ -1353,6 +1539,73 @@ unacct_error: return error; } @@ -98661,7 +98508,7 @@ index f2badbf..06d44c2 100644 /* Get an address range which is currently unmapped. * For shmat() with addr=0. * -@@ -1367,6 +1620,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1372,6 +1625,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; unsigned long start_addr; @@ -98669,7 +98516,7 @@ index f2badbf..06d44c2 100644 if (len > TASK_SIZE - mmap_min_addr) return -ENOMEM; -@@ -1374,18 +1628,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1379,18 +1633,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -98700,7 +98547,7 @@ index f2badbf..06d44c2 100644 } full_search: -@@ -1396,34 +1655,40 @@ full_search: +@@ -1401,34 +1660,40 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -98752,7 +98599,7 @@ index f2badbf..06d44c2 100644 mm->free_area_cache = addr; mm->cached_hole_size = ~0UL; } -@@ -1441,7 +1706,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1446,7 +1711,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; @@ -98762,7 +98609,7 @@ index f2badbf..06d44c2 100644 unsigned long low_limit = max(PAGE_SIZE, mmap_min_addr); /* requested length too big for entire address space */ -@@ -1451,13 +1717,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1456,13 +1722,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -98785,7 +98632,7 @@ index f2badbf..06d44c2 100644 } /* check if free_area_cache is useful for us */ -@@ -1471,10 +1742,11 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1476,10 +1747,11 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, /* make sure it can fit in the remaining address space */ if (addr >= low_limit + len) { @@ -98800,7 +98647,7 @@ index f2badbf..06d44c2 100644 } if (mm->mmap_base < low_limit + len) -@@ -1489,7 +1761,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1494,7 +1766,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, * return with success: */ vma = find_vma(mm, addr); @@ -98809,7 +98656,7 @@ index f2badbf..06d44c2 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); -@@ -1498,8 +1770,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1503,8 +1775,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, mm->cached_hole_size = vma->vm_start - addr; /* try just below the current vma->vm_start */ @@ -98820,7 +98667,7 @@ index f2badbf..06d44c2 100644 bottomup: /* -@@ -1508,13 +1780,21 @@ bottomup: +@@ -1513,13 +1785,21 @@ bottomup: * can happen with large stack limits and large mmap() * allocations. */ @@ -98844,7 +98691,7 @@ index f2badbf..06d44c2 100644 mm->cached_hole_size = ~0UL; return addr; -@@ -1523,6 +1803,12 @@ bottomup: +@@ -1528,6 +1808,12 @@ bottomup: void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -98857,7 +98704,7 @@ index f2badbf..06d44c2 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1530,8 +1816,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1535,8 +1821,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -98869,7 +98716,7 @@ index f2badbf..06d44c2 100644 } unsigned long -@@ -1604,40 +1892,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -1609,40 +1897,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); @@ -98945,15 +98792,28 @@ index f2badbf..06d44c2 100644 /* * Verify that the stack growth is acceptable and -@@ -1655,6 +1953,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1653,17 +1951,15 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns + { + struct mm_struct *mm = vma->vm_mm; + struct rlimit *rlim = current->signal->rlim; +- unsigned long new_start, actual_size; ++ unsigned long new_start; + + /* address space limit tests */ + if (!may_expand_vm(mm, grow)) return -ENOMEM; /* Stack limit test */ +- actual_size = size; +- if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN))) +- actual_size -= PAGE_SIZE; +- if (actual_size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) + gr_learn_resource(current, RLIMIT_STACK, size, 1); - if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) ++ if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -1665,6 +1964,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns + /* mlock limit tests */ +@@ -1673,6 +1969,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -98961,7 +98821,7 @@ index f2badbf..06d44c2 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1683,7 +1983,6 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1691,7 +1988,6 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Ok, everything looks good - let it rip */ @@ -98969,7 +98829,7 @@ index f2badbf..06d44c2 100644 if (vma->vm_flags & VM_LOCKED) mm->locked_vm += grow; vm_stat_account(mm, vma->vm_flags, vma->vm_file, grow); -@@ -1695,37 +1994,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1703,37 +1999,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -99027,7 +98887,7 @@ index f2badbf..06d44c2 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -1740,6 +2050,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -1748,6 +2055,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -99036,7 +98896,7 @@ index f2badbf..06d44c2 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma, vma->vm_flags); return error; -@@ -1753,6 +2065,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1761,6 +2070,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -99045,7 +98905,7 @@ index f2badbf..06d44c2 100644 /* * We must make sure the anon_vma is allocated -@@ -1766,6 +2080,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1774,6 +2085,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -99061,7 +98921,7 @@ index f2badbf..06d44c2 100644 vma_lock_anon_vma(vma); /* -@@ -1775,9 +2098,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1783,9 +2103,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -99080,7 +98940,7 @@ index f2badbf..06d44c2 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1787,18 +2118,48 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1795,18 +2123,48 @@ int expand_downwards(struct vm_area_struct *vma, if (!error) { vma->vm_start = address; vma->vm_pgoff -= grow; @@ -99129,7 +98989,7 @@ index f2badbf..06d44c2 100644 return expand_upwards(vma, address); } -@@ -1821,6 +2182,14 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) +@@ -1829,6 +2187,14 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) #else int expand_stack(struct vm_area_struct *vma, unsigned long address) { @@ -99144,7 +99004,7 @@ index f2badbf..06d44c2 100644 return expand_downwards(vma, address); } -@@ -1861,7 +2230,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -1869,7 +2235,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -99159,7 +99019,7 @@ index f2badbf..06d44c2 100644 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); vma = remove_vma(vma); } while (vma); -@@ -1906,6 +2281,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1914,6 +2286,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -99176,7 +99036,7 @@ index f2badbf..06d44c2 100644 rb_erase(&vma->vm_rb, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1934,14 +2319,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1942,14 +2324,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -99210,7 +99070,7 @@ index f2badbf..06d44c2 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -1954,6 +2358,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1962,6 +2363,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -99233,7 +99093,7 @@ index f2badbf..06d44c2 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -1979,6 +2399,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1987,6 +2404,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -99276,7 +99136,7 @@ index f2badbf..06d44c2 100644 /* Success. */ if (!err) return 0; -@@ -1991,10 +2447,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1999,10 +2452,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, removed_exe_file_vma(mm); fput(new->vm_file); } @@ -99296,7 +99156,7 @@ index f2badbf..06d44c2 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2007,6 +2471,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2015,6 +2476,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -99312,7 +99172,7 @@ index f2badbf..06d44c2 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2018,11 +2491,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2026,11 +2496,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge */ @@ -99343,7 +99203,7 @@ index f2badbf..06d44c2 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2097,6 +2589,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2105,6 +2594,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -99352,7 +99212,7 @@ index f2badbf..06d44c2 100644 return 0; } -@@ -2109,22 +2603,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2117,22 +2608,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) profile_munmap(addr); @@ -99381,7 +99241,7 @@ index f2badbf..06d44c2 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2138,6 +2628,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2146,6 +2633,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -99389,7 +99249,7 @@ index f2badbf..06d44c2 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2149,16 +2640,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2157,16 +2645,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -99421,7 +99281,7 @@ index f2badbf..06d44c2 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2175,22 +2680,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2183,22 +2685,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -99448,7 +99308,7 @@ index f2badbf..06d44c2 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2204,7 +2709,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2212,7 +2714,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -99457,7 +99317,7 @@ index f2badbf..06d44c2 100644 return -ENOMEM; } -@@ -2218,11 +2723,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2226,11 +2728,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -99472,7 +99332,7 @@ index f2badbf..06d44c2 100644 return addr; } -@@ -2269,8 +2775,10 @@ void exit_mmap(struct mm_struct *mm) +@@ -2277,8 +2780,10 @@ void exit_mmap(struct mm_struct *mm) * Walk the list again, actually closing and freeing it, * with preemption enabled, without holding any MM locks. */ @@ -99484,7 +99344,7 @@ index f2badbf..06d44c2 100644 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); } -@@ -2284,6 +2792,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) +@@ -2292,6 +2797,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) struct vm_area_struct * __vma, * prev; struct rb_node ** rb_link, * rb_parent; @@ -99498,7 +99358,7 @@ index f2badbf..06d44c2 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2306,7 +2821,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) +@@ -2314,7 +2826,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) if ((vma->vm_flags & VM_ACCOUNT) && security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -99521,7 +99381,7 @@ index f2badbf..06d44c2 100644 return 0; } -@@ -2324,6 +2854,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2332,6 +2859,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; struct mempolicy *pol; @@ -99530,7 +99390,7 @@ index f2badbf..06d44c2 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2374,6 +2906,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2382,6 +2911,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -99570,7 +99430,7 @@ index f2badbf..06d44c2 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2385,6 +2950,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2393,6 +2955,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -99578,7 +99438,7 @@ index f2badbf..06d44c2 100644 if (cur + npages > lim) return 0; return 1; -@@ -2455,6 +3021,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2463,6 +3026,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -100072,7 +99932,7 @@ index 1db7971..5dba7b6 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index d2ac057..aa60e8c 100644 +index aad22aa..ad60f09 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -522,7 +522,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty) @@ -100084,7 +99944,7 @@ index d2ac057..aa60e8c 100644 unsigned long thresh, unsigned long bg_thresh, unsigned long dirty, -@@ -1380,7 +1380,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long u, void *v) +@@ -1370,7 +1370,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long u, void *v) return NOTIFY_DONE; } @@ -100290,10 +100150,10 @@ index cbcbb02..dfdc1de 100644 pgoff_t offset, unsigned long max) { diff --git a/mm/rmap.c b/mm/rmap.c -index f3f6fd3..0d91a63 100644 +index 2c4ee3e..8eebe1d 100644 --- a/mm/rmap.c +++ b/mm/rmap.c -@@ -154,6 +154,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -156,6 +156,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) struct anon_vma *anon_vma = vma->anon_vma; struct anon_vma_chain *avc; @@ -100304,7 +100164,7 @@ index f3f6fd3..0d91a63 100644 might_sleep(); if (unlikely(!anon_vma)) { struct mm_struct *mm = vma->vm_mm; -@@ -163,6 +167,12 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -165,6 +169,12 @@ int anon_vma_prepare(struct vm_area_struct *vma) if (!avc) goto out_enomem; @@ -100317,7 +100177,7 @@ index f3f6fd3..0d91a63 100644 anon_vma = find_mergeable_anon_vma(vma); allocated = NULL; if (!anon_vma) { -@@ -176,6 +186,21 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -178,6 +188,21 @@ int anon_vma_prepare(struct vm_area_struct *vma) /* page_table_lock to protect against threads */ spin_lock(&mm->page_table_lock); if (likely(!vma->anon_vma)) { @@ -100339,7 +100199,7 @@ index f3f6fd3..0d91a63 100644 vma->anon_vma = anon_vma; avc->anon_vma = anon_vma; avc->vma = vma; -@@ -189,12 +214,24 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -193,12 +218,24 @@ int anon_vma_prepare(struct vm_area_struct *vma) if (unlikely(allocated)) put_anon_vma(allocated); @@ -100364,16 +100224,16 @@ index f3f6fd3..0d91a63 100644 anon_vma_chain_free(avc); out_enomem: return -ENOMEM; -@@ -245,7 +282,7 @@ static void anon_vma_chain_link(struct vm_area_struct *vma, - * Attach the anon_vmas from src to dst. - * Returns 0 on success, -ENOMEM on failure. +@@ -257,7 +294,7 @@ static void anon_vma_chain_link(struct vm_area_struct *vma, + * good chance of avoiding scanning the whole hierarchy when it searches where + * page is mapped. */ -int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) +int anon_vma_clone(struct vm_area_struct *dst, const struct vm_area_struct *src) { struct anon_vma_chain *avc, *pavc; struct anon_vma *root = NULL; -@@ -278,7 +315,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) +@@ -304,7 +341,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) * the corresponding VMA in the parent process is attached to. * Returns 0 on success, non-zero on failure. */ @@ -100382,7 +100242,7 @@ index f3f6fd3..0d91a63 100644 { struct anon_vma_chain *avc; struct anon_vma *anon_vma; -@@ -382,8 +419,10 @@ static void anon_vma_ctor(void *data) +@@ -422,8 +459,10 @@ static void anon_vma_ctor(void *data) void __init anon_vma_init(void) { anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma), @@ -103238,7 +103098,7 @@ index 68bbf9f..5ef0d12 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 854da15..19d9b66 100644 +index fcb5133..5d5223c 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1142,10 +1142,14 @@ void dev_load(struct net *net, const char *name) @@ -103274,7 +103134,7 @@ index 854da15..19d9b66 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2047,7 +2051,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2048,7 +2052,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -103283,7 +103143,7 @@ index 854da15..19d9b66 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2969,7 +2973,7 @@ enqueue: +@@ -2972,7 +2976,7 @@ enqueue: local_irq_restore(flags); @@ -103292,7 +103152,7 @@ index 854da15..19d9b66 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3043,7 +3047,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3046,7 +3050,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -103301,7 +103161,7 @@ index 854da15..19d9b66 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3342,7 +3346,7 @@ ncls: +@@ -3345,7 +3349,7 @@ ncls: if (pt_prev) { ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { @@ -103310,7 +103170,7 @@ index 854da15..19d9b66 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3908,7 +3912,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3911,7 +3915,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -103319,7 +103179,7 @@ index 854da15..19d9b66 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -4186,7 +4190,13 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev) +@@ -4189,7 +4193,13 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev) struct rtnl_link_stats64 temp; const struct rtnl_link_stats64 *stats = dev_get_stats(dev, &temp); @@ -103334,7 +103194,7 @@ index 854da15..19d9b66 100644 "%8llu %7llu %4llu %4llu %4llu %5llu %7llu %10llu\n", dev->name, stats->rx_bytes, stats->rx_packets, stats->rx_errors, -@@ -4261,7 +4271,7 @@ static int softnet_seq_show(struct seq_file *seq, void *v) +@@ -4264,7 +4274,7 @@ static int softnet_seq_show(struct seq_file *seq, void *v) return 0; } @@ -103343,7 +103203,7 @@ index 854da15..19d9b66 100644 .start = dev_seq_start, .next = dev_seq_next, .stop = dev_seq_stop, -@@ -4291,7 +4301,7 @@ static const struct seq_operations softnet_seq_ops = { +@@ -4294,7 +4304,7 @@ static const struct seq_operations softnet_seq_ops = { static int softnet_seq_open(struct inode *inode, struct file *file) { @@ -103352,7 +103212,7 @@ index 854da15..19d9b66 100644 } static const struct file_operations softnet_seq_fops = { -@@ -4378,8 +4388,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) +@@ -4381,8 +4391,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) else seq_printf(seq, "%04x", ntohs(pt->type)); @@ -103366,7 +103226,7 @@ index 854da15..19d9b66 100644 } return 0; -@@ -4441,7 +4456,7 @@ static void __net_exit dev_proc_net_exit(struct net *net) +@@ -4444,7 +4459,7 @@ static void __net_exit dev_proc_net_exit(struct net *net) proc_net_remove(net, "dev"); } @@ -103375,7 +103235,7 @@ index 854da15..19d9b66 100644 .init = dev_proc_net_init, .exit = dev_proc_net_exit, }; -@@ -5936,7 +5951,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5939,7 +5954,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -103384,7 +103244,7 @@ index 854da15..19d9b66 100644 return storage; } EXPORT_SYMBOL(dev_get_stats); -@@ -6515,7 +6530,7 @@ static void __net_exit netdev_exit(struct net *net) +@@ -6518,7 +6533,7 @@ static void __net_exit netdev_exit(struct net *net) kfree(net->dev_index_head); } @@ -103393,7 +103253,7 @@ index 854da15..19d9b66 100644 .init = netdev_init, .exit = netdev_exit, }; -@@ -6577,7 +6592,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list) +@@ -6580,7 +6595,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list) rtnl_unlock(); } @@ -103830,7 +103690,7 @@ index 7121d9b..d256e3c 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index 8a2c2dd..a264b79 100644 +index e093528..3966d08 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -289,7 +289,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -103943,7 +103803,7 @@ index 8a2c2dd..a264b79 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -1456,6 +1456,8 @@ EXPORT_SYMBOL(sock_kmalloc); +@@ -1455,6 +1455,8 @@ EXPORT_SYMBOL(sock_kmalloc); */ void sock_kfree_s(struct sock *sk, void *mem, int size) { @@ -103952,7 +103812,7 @@ index 8a2c2dd..a264b79 100644 kfree(mem); atomic_sub(size, &sk->sk_omem_alloc); } -@@ -2027,7 +2029,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2026,7 +2028,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -103961,7 +103821,7 @@ index 8a2c2dd..a264b79 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2564,7 +2566,7 @@ static __net_exit void proto_exit_net(struct net *net) +@@ -2563,7 +2565,7 @@ static __net_exit void proto_exit_net(struct net *net) } @@ -104168,10 +104028,10 @@ index 5d228de..91bdee5 100644 } diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c -index 59a7041..060976d 100644 +index d1f56e1..0aee701 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c -@@ -945,24 +945,25 @@ static void parp_redo(struct sk_buff *skb) +@@ -947,24 +947,25 @@ static void parp_redo(struct sk_buff *skb) static int arp_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) { @@ -104637,7 +104497,7 @@ index 542a9c1..9f73775 100644 msg.msg_flags = flags; diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index 99ec116..c5628fe 100644 +index efb1ff5..bc97573 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c @@ -318,7 +318,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) @@ -104833,7 +104693,7 @@ index f7fdbe9..63740b7 100644 .exit = ip_proc_exit_net, }; diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index 75fea1f..a26be5a 100644 +index 063bcd5..2402343 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -305,7 +305,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb) @@ -104845,7 +104705,7 @@ index 75fea1f..a26be5a 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -738,16 +738,20 @@ static int raw_init(struct sock *sk) +@@ -741,16 +741,20 @@ static int raw_init(struct sock *sk) static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen) { @@ -104867,7 +104727,7 @@ index 75fea1f..a26be5a 100644 if (get_user(len, optlen)) goto out; -@@ -757,8 +761,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o +@@ -760,8 +764,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o if (len > sizeof(struct icmp_filter)) len = sizeof(struct icmp_filter); ret = -EFAULT; @@ -104878,7 +104738,7 @@ index 75fea1f..a26be5a 100644 goto out; ret = 0; out: return ret; -@@ -986,7 +990,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -989,7 +993,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) sk_wmem_alloc_get(sp), sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -104893,7 +104753,7 @@ index 75fea1f..a26be5a 100644 } static int raw_seq_show(struct seq_file *seq, void *v) -@@ -1049,7 +1059,7 @@ static __net_exit void raw_exit_net(struct net *net) +@@ -1052,7 +1062,7 @@ static __net_exit void raw_exit_net(struct net *net) proc_net_remove(net, "raw"); } @@ -105510,7 +105370,7 @@ index 00e1530..47b4f16 100644 req->rsk_ops->send_reset(sk, skb); diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c -index 0d5a118..5f6f0e6 100644 +index 3a37f54..109c484 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -1319,7 +1319,7 @@ static void tcp_cwnd_validate(struct sock *sk) @@ -105519,7 +105379,7 @@ index 0d5a118..5f6f0e6 100644 */ -static unsigned int tcp_mss_split_point(const struct sock *sk, const struct sk_buff *skb, +static unsigned int __intentional_overflow(0) tcp_mss_split_point(const struct sock *sk, const struct sk_buff *skb, - unsigned int mss_now, unsigned int max_segs) + unsigned int mss_now, unsigned int cwnd) { const struct tcp_sock *tp = tcp_sk(sk); diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c @@ -105932,7 +105792,7 @@ index 1008ce9..db7ea62 100644 goto proc_dev_snmp6_fail; return 0; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 9ecbc84..7dd6ff7 100644 +index 9287f3ea..136d642 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -109,7 +109,7 @@ found: @@ -105980,7 +105840,7 @@ index 9ecbc84..7dd6ff7 100644 struct flowi6 *fl6, struct dst_entry **dstp, unsigned int flags) { -@@ -906,12 +906,15 @@ do_confirm: +@@ -908,12 +908,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -105997,7 +105857,7 @@ index 9ecbc84..7dd6ff7 100644 return 0; default: return -ENOPROTOOPT; -@@ -924,6 +927,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -926,6 +929,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { int len; @@ -106005,7 +105865,7 @@ index 9ecbc84..7dd6ff7 100644 switch (optname) { case ICMPV6_FILTER: -@@ -935,7 +939,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -937,7 +941,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, len = sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -106015,7 +105875,7 @@ index 9ecbc84..7dd6ff7 100644 return -EFAULT; return 0; default: -@@ -1242,7 +1247,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -1244,7 +1249,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -106957,10 +106817,10 @@ index afca6c7..594a841 100644 panic("cannot create netfilter proc entry"); #endif diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c -index 86137b5..c12e721 100644 +index b88dcec..d817abf27 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c -@@ -1679,7 +1679,7 @@ done: +@@ -1685,7 +1685,7 @@ done: return ret; } @@ -108486,18 +108346,6 @@ index 7635107..4670276 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); -diff --git a/net/sctp/associola.c b/net/sctp/associola.c -index 5b2d8e6..d014b05 100644 ---- a/net/sctp/associola.c -+++ b/net/sctp/associola.c -@@ -1272,7 +1272,6 @@ void sctp_assoc_update(struct sctp_association *asoc, - asoc->peer.peer_hmacs = new->peer.peer_hmacs; - new->peer.peer_hmacs = NULL; - -- sctp_auth_key_put(asoc->asoc_shared_key); - sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC); - } - diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 0b6a391..febcef2 100644 --- a/net/sctp/ipv6.c @@ -108622,38 +108470,10 @@ index 76388b0..a967f68 100644 sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index c28eb7b..832978a 100644 +index fc63664..832978a 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -1611,6 +1611,7 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, - sctp_scope_t scope; - long timeo; - __u16 sinfo_flags = 0; -+ bool wait_connect = false; - struct sctp_datamsg *datamsg; - int msg_flags = msg->msg_flags; - -@@ -1929,6 +1930,7 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, - err = sctp_primitive_ASSOCIATE(asoc, NULL); - if (err < 0) - goto out_free; -+ wait_connect = true; - SCTP_DEBUG_PRINTK("We associated primitively.\n"); - } - -@@ -1968,6 +1970,11 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, - else - err = msg_len; - -+ if (unlikely(wait_connect)) { -+ timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT); -+ sctp_wait_for_connect(asoc, &timeo); -+ } -+ - /* If we are already past ASSOCIATE, the lower - * layers are responsible for association cleanup. - */ -@@ -2183,11 +2190,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, +@@ -2190,11 +2190,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, { struct sctp_association *asoc; struct sctp_ulpevent *event; @@ -108668,7 +108488,7 @@ index c28eb7b..832978a 100644 /* * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, -@@ -4173,13 +4182,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, +@@ -4180,13 +4182,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -108686,7 +108506,7 @@ index c28eb7b..832978a 100644 return -EFAULT; return 0; } -@@ -4197,6 +4209,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, +@@ -4204,6 +4209,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, */ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -108695,7 +108515,7 @@ index c28eb7b..832978a 100644 /* Applicable to UDP-style socket only */ if (sctp_style(sk, TCP)) return -EOPNOTSUPP; -@@ -4205,7 +4219,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv +@@ -4212,7 +4219,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; @@ -108705,7 +108525,7 @@ index c28eb7b..832978a 100644 return -EFAULT; return 0; } -@@ -4569,12 +4584,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, +@@ -4576,12 +4584,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, */ static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -108722,7 +108542,7 @@ index c28eb7b..832978a 100644 return -EFAULT; return 0; } -@@ -4615,6 +4633,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4622,6 +4633,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -110604,14 +110424,14 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..42018ed +index 0000000..822fa9e --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,51 @@ +#!/bin/sh +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) -+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <&1 <= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 CXX @@ -110642,7 +110462,7 @@ index 0000000..42018ed +esac + +# we need a c++ compiler that supports the designated initializer GNU extension -+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <&1 <cons_lock); ++ key_put(key); + kleave(" = %d [prelink]", ret); + return ret; + diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 893af8a..ba9237c 100644 --- a/security/lsm_audit.c @@ -114265,10 +114097,10 @@ index 4c41c90..37f3631 100644 return snd_seq_device_register_driver(SNDRV_SEQ_DEV_ID_EMU10K1_SYNTH, &ops, sizeof(struct snd_emu10k1_synth_arg)); diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c -index faabaa5..9888f8b 100644 +index ee95618..7752241 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c -@@ -850,14 +850,10 @@ find_codec_preset(struct hda_codec *codec) +@@ -852,14 +852,10 @@ find_codec_preset(struct hda_codec *codec) mutex_unlock(&preset_mutex); if (mod_requested < HDA_MODREQ_MAX_COUNT) { @@ -114867,10 +114699,10 @@ index 0000000..54461af +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..82bc5a8 +index 0000000..3b5af59 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,557 @@ +@@ -0,0 +1,558 @@ +/* + * Copyright 2011 by Emese Revfy + * Copyright 2011-2014 by PaX Team @@ -115304,7 +115136,8 @@ index 0000000..82bc5a8 +#if BUILDING_GCC_VERSION >= 4008 + .optinfo_flags = OPTGROUP_NONE, +#endif -+#if BUILDING_GCC_VERSION >= 4009 ++#if BUILDING_GCC_VERSION >= 5000 ++#elif BUILDING_GCC_VERSION >= 4009 + .has_gate = false, + .has_execute = true, +#else @@ -115412,8 +115245,8 @@ index 0000000..82bc5a8 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + -+ if (strcmp(lang_hooks.name, "GNU C")) { -+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); ++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { ++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); + constify = false; + } + @@ -115430,10 +115263,10 @@ index 0000000..82bc5a8 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..e90c205 +index 0000000..9fa1978 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,295 @@ +@@ -0,0 +1,375 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -115470,7 +115303,13 @@ index 0000000..e90c205 +#include "timevar.h" + +#include "params.h" ++ ++#if BUILDING_GCC_VERSION <= 4009 +#include "pointer-set.h" ++#else ++#include "hash-map.h" ++#endif ++ +#include "emit-rtl.h" +//#include "reload.h" +//#include "ira.h" @@ -115485,11 +115324,21 @@ index 0000000..e90c205 +//#include "coverage.h" +//#include "value-prof.h" + ++#if BUILDING_GCC_VERSION == 4005 ++#include ++#endif ++ +#if BUILDING_GCC_VERSION >= 4007 +#include "tree-pretty-print.h" +#include "gimple-pretty-print.h" -+#include "c-tree.h" -+//#include "alloc-pool.h" ++#endif ++ ++#if BUILDING_GCC_VERSION >= 4007 ++//#include "c-tree.h" ++//#include "cp/cp-tree.h" ++#include "c-family/c-common.h" ++#else ++#include "c-common.h" +#endif + +#if BUILDING_GCC_VERSION <= 4008 @@ -115511,6 +115360,7 @@ index 0000000..e90c205 +#include "stor-layout.h" +#include "internal-fn.h" +#include "gimple-expr.h" ++#include "gimple-fold.h" +//#include "diagnostic-color.h" +#include "context.h" +#include "tree-ssa-alias.h" @@ -115533,7 +115383,11 @@ index 0000000..e90c205 +#endif + +//#include "lto/lto.h" ++#if BUILDING_GCC_VERSION >= 4007 +//#include "data-streamer.h" ++#else ++//#include "lto-streamer.h" ++#endif +//#include "lto-compress.h" + +//#include "expr.h" where are you... @@ -115543,6 +115397,15 @@ index 0000000..e90c205 +extern void debug_dominance_info(enum cdi_direction dir); +extern void debug_dominance_tree(enum cdi_direction dir, basic_block root); + ++#ifdef __cplusplus ++static inline void debug_tree(const_tree t) ++{ ++ debug_tree(CONST_CAST_TREE(t)); ++} ++#else ++#define debug_tree(t) debug_tree(CONST_CAST_TREE(t)) ++#endif ++ +#define __unused __attribute__((__unused__)) + +#define DECL_NAME_POINTER(node) IDENTIFIER_POINTER(DECL_NAME(node)) @@ -115550,12 +115413,20 @@ index 0000000..e90c205 +#define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node)) +#define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node)) + ++// should come from c-tree.h if only it were installed for gcc 4.5... ++#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) ++ +#if BUILDING_GCC_VERSION == 4005 -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) ++#define FOR_EACH_VEC_ELT_REVERSE(T,V,I,P) for (I = VEC_length(T, (V)) - 1; VEC_iterate(T, (V), (I), (P)); (I)--) ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) FOR_EACH_VEC_ELT_REVERSE(tree, (FUN)->local_decls, I, D) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) +#define TODO_rebuild_cgraph_edges 0 + ++#ifndef O_BINARY ++#define O_BINARY 0 ++#endif ++ +static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code) +{ + tree fndecl; @@ -115605,25 +115476,45 @@ index 0000000..e90c205 +#if BUILDING_GCC_VERSION <= 4006 +#define ANY_RETURN_P(rtx) (GET_CODE(rtx) == RETURN) +#define C_DECL_REGISTER(EXP) DECL_LANG_FLAG_4(EXP) -+ -+// should come from c-tree.h if only it were installed for gcc 4.5... -+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) ++#define EDGE_PRESERVE 0ULL ++#define HOST_WIDE_INT_PRINT_HEX_PURE "%" HOST_WIDE_INT_PRINT "x" ++#define flag_fat_lto_objects true + +#define get_random_seed(noinit) ({ \ + unsigned HOST_WIDE_INT seed; \ + sscanf(get_random_seed(noinit), "%" HOST_WIDE_INT_PRINT "x", &seed); \ + seed * seed; }) + ++#define int_const_binop(code, arg1, arg2) int_const_binop((code), (arg1), (arg2), 0) ++ +static inline bool gimple_clobber_p(gimple s) +{ + return false; +} + ++static inline bool gimple_asm_clobbers_memory_p(const_gimple stmt) ++{ ++ unsigned i; ++ ++ for (i = 0; i < gimple_asm_nclobbers(stmt); i++) { ++ tree op = gimple_asm_clobber_op(stmt, i); ++ if (!strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "memory")) ++ return true; ++ } ++ ++ return false; ++} ++ +static inline tree builtin_decl_implicit(enum built_in_function fncode) +{ + return implicit_built_in_decls[fncode]; +} + ++static inline int ipa_reverse_postorder(struct cgraph_node **order) ++{ ++ return cgraph_postorder(order); ++} ++ +static inline struct cgraph_node *cgraph_get_create_node(tree decl) +{ + struct cgraph_node *node = cgraph_get_node(decl); @@ -115669,8 +115560,11 @@ index 0000000..e90c205 +#endif + +#if BUILDING_GCC_VERSION <= 4007 ++#define FOR_EACH_FUNCTION(node) for (node = cgraph_nodes; node; node = node->next) +#define FOR_EACH_VARIABLE(node) for (node = varpool_nodes; node; node = node->next) +#define PROP_loops 0 ++#define NODE_SYMBOL(node) (node) ++#define NODE_DECL(node) (node)->decl + +static inline int bb_loop_depth(const_basic_block bb) +{ @@ -115700,6 +115594,8 @@ index 0000000..e90c205 +#define last_basic_block_for_fn(FN) ((FN)->cfg->x_last_basic_block) +#define label_to_block_map_for_fn(FN) ((FN)->cfg->x_label_to_block_map) +#define profile_status_for_fn(FN) ((FN)->cfg->x_profile_status) ++#define BASIC_BLOCK_FOR_FN(FN, N) BASIC_BLOCK_FOR_FUNCTION((FN), (N)) ++#define NODE_IMPLICIT_ALIAS(node) (node)->same_body_alias + +static inline const char *get_tree_code_name(enum tree_code code) +{ @@ -115711,9 +115607,8 @@ index 0000000..e90c205 +#endif + +#if BUILDING_GCC_VERSION == 4008 -+#define NODE_DECL(node) node->symbol.decl -+#else -+#define NODE_DECL(node) node->decl ++#define NODE_SYMBOL(node) (&(node)->symbol) ++#define NODE_DECL(node) (node)->symbol.decl +#endif + +#if BUILDING_GCC_VERSION >= 4008 @@ -115724,8 +115619,26 @@ index 0000000..e90c205 +#define TODO_dump_cgraph 0 +#endif + ++#if BUILDING_GCC_VERSION <= 4009 ++#define TODO_verify_il 0 ++#endif ++ +#if BUILDING_GCC_VERSION >= 4009 +#define TODO_ggc_collect 0 ++#define NODE_SYMBOL(node) (node) ++#define NODE_DECL(node) (node)->decl ++#define cgraph_node_name(node) (node)->name() ++#define NODE_IMPLICIT_ALIAS(node) (node)->cpp_implicit_alias ++#endif ++ ++#if BUILDING_GCC_VERSION >= 5000 ++#define TODO_verify_ssa TODO_verify_il ++#define TODO_verify_flow TODO_verify_il ++#define TODO_verify_stmts TODO_verify_il ++#define TODO_verify_rtl_sharing TODO_verify_il ++ ++#define debug_cgraph_node(node) (node)->debug() ++#define cgraph_get_node(decl) cgraph_node::get(decl) +#endif + +#endif diff --git a/3.2.66/4425_grsec_remove_EI_PAX.patch b/3.2.67/4425_grsec_remove_EI_PAX.patch similarity index 100% rename from 3.2.66/4425_grsec_remove_EI_PAX.patch rename to 3.2.67/4425_grsec_remove_EI_PAX.patch diff --git a/3.2.66/4427_force_XATTR_PAX_tmpfs.patch b/3.2.67/4427_force_XATTR_PAX_tmpfs.patch similarity index 100% rename from 3.2.66/4427_force_XATTR_PAX_tmpfs.patch rename to 3.2.67/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.31/4430_grsec-remove-localversion-grsec.patch b/3.2.67/4430_grsec-remove-localversion-grsec.patch similarity index 100% rename from 3.14.31/4430_grsec-remove-localversion-grsec.patch rename to 3.2.67/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.66/4435_grsec-mute-warnings.patch b/3.2.67/4435_grsec-mute-warnings.patch similarity index 100% rename from 3.2.66/4435_grsec-mute-warnings.patch rename to 3.2.67/4435_grsec-mute-warnings.patch diff --git a/3.14.31/4440_grsec-remove-protected-paths.patch b/3.2.67/4440_grsec-remove-protected-paths.patch similarity index 100% rename from 3.14.31/4440_grsec-remove-protected-paths.patch rename to 3.2.67/4440_grsec-remove-protected-paths.patch diff --git a/3.2.66/4450_grsec-kconfig-default-gids.patch b/3.2.67/4450_grsec-kconfig-default-gids.patch similarity index 100% rename from 3.2.66/4450_grsec-kconfig-default-gids.patch rename to 3.2.67/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.66/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.67/4465_selinux-avc_audit-log-curr_ip.patch similarity index 100% rename from 3.2.66/4465_selinux-avc_audit-log-curr_ip.patch rename to 3.2.67/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.66/4470_disable-compat_vdso.patch b/3.2.67/4470_disable-compat_vdso.patch similarity index 100% rename from 3.2.66/4470_disable-compat_vdso.patch rename to 3.2.67/4470_disable-compat_vdso.patch diff --git a/3.2.66/4475_emutramp_default_on.patch b/3.2.67/4475_emutramp_default_on.patch similarity index 100% rename from 3.2.66/4475_emutramp_default_on.patch rename to 3.2.67/4475_emutramp_default_on.patch